Application Service Testing Enabling scalable delivery of layer 4-7 services
|
|
- Edgar Lucas
- 8 years ago
- Views:
Transcription
1 WHITE PAPER Application Service Testing Enabling scalable delivery of layer 4-7 services Rev. C January 2013
2 2
3 Table of Contents Introduction... 4 Industry Drivers... 4 Multiplay Services... 4 Application Layer Forwarding... 5 Security Threats... 6 Peer to Peer... 7 Putting it all together... 7 Testing Challenges... 8 Measuring application performance... 8 How can Ixia help?... 9 Real-world traffic modeling...10 Subscriber behavior DoS attacks Ease of Use...12 IxLoad Features...13 Conclusion
4 Introduction Demand for multiplay services, each with its own bandwidth and delivery requirements, is driving the emergence of application-aware networking devices. This is due to the fact that legacy approaches to quality of service (QoS) enforcement are no longer sufficient to properly differentiate service types. Application-aware switches, routers, and load balancers need to perform deep packet inspection (DPI) to properly classify traffic in order to implement appropriate QoS policies. Testing the accuracy and performance of such content inspection devices poses unique challenges. Some of the testing challenges and Ixia s answer to them are discussed in this white paper. Industry Drivers Multiplay Services Testing the accuracy and performance of such content inspection devices poses unique challenges. Service providers are increasingly looking to deliver multiplay services to businesses and digital homes over their IP networks revenue for services delivered by service providers is expected to top $1.54 trillion, with $264 billion in CAPEX purchases 1. This is primarily driven by competition, especially in cases where service providers are moving into new markets or expanding their services. For example, many telcos are rushing to compete with cable operators in the delivery of video, while cable operators are rushing to provide VoIP options to compete with the telcos. All of this is ultimately driven by consumers looking to simplify their digital life. Service providers recognize this opportunity and are looking to increase their average return per user (ARPU) by offering bundles that consolidate their voice, TV, wireless and Internet services into a single bill. The breadth of services delivered to the digital home and office are shown in Figure 1. Figure 1. Multiplay service requirements 1 Service Provider Capex, Opex, ARPU & Subscribers Market Size & Forecasts, November 2006, Infonetics Research. 4
5 Office and home subscribers use the full mix of rich interactive services including business applications, online gaming, video on demand, and instant messaging. This is against a background of high-bandwidth applications that include peer-to-peer, FTP, and broadcast video. Each of these applications has its own performance requirements. The three most common measurements are: Bandwidth the average amount of data transferred Latency the delay between request and response Jitter the disruption from a constant delivery rate The sum of these and other factors is referred to as the quality of experience (QoE) and is a reflection of how satisfied end-users are with the services they receive. Note how each type of service comes with its own requirements. Voice over IP (VoIP) has a very low bandwidth requirement, but requires low latency and jitter. IPTV uses high bandwidth, but is tolerant of moderate jitter. P2P, on the other hand has very high bandwidth requirements and can sustain high latency and jitter. Service providers must ensure that the QoE of their services feels right. VoIP calls must sound as good as land-line service, IPTV must be absent of blockiness, blurring, or frozen frames and high-speed Internet services must appear responsive. Subscribers, especially home users, have a very low tolerance for these types of defects; they ll quickly switch back to prior services or move on to competitors. In addition, business customers often demand specific performance in their service level agreements (SLAs). Hence, all of their services must be prioritized ahead of home users. Application Layer Forwarding To accommodate multiplay service delivery, service providers need to offer tiered or differentiated pricing models based on services and service guarantees. As detailed in Figures 2 and 3, traditional means of packet switching and routing cannot provide the necessary specificity to effectively support QoS for multiplay traffic. To accommodate multiplay service delivery, service providers need to offer tiered or differentiated pricing models based on services and service guarantees. A different approach, involving deep packet inspection, is necessary. DPI allows the application of QoS schemes based on service, customer or both. This last technique, where both the service being provided and the customer to which they are provided determine QoS policy, is called hierarchical QoS. This need to deliver differentiated services has given rise to a new family of applicationaware devices that thoroughly analyze the packets and make forwarding decisions based on content and policies. The growing list of application-aware devices includes: Routers and switches Firewalls Session border controllers (SBCs) Content delivery systems Inspection of the application data within a packet makes available the information necessary to determine the true usage of the traffic: interactive content, video, web page contents, file sharing, etc. It also makes it possible to detect viruses, spam, and proprietary information within data packets. For example, Windows Messenger uses HTTP, with a special setting in the User-Agent field of a message. In order to apply the appropriate QoS policy for instant messaging, the HTTP message must parsed for this value. 5
6 Figure 2. Traditional packet inspection Traditional stateful packet inspection looks at the IP and TCP/UDP headers (and occasionally the Ethernet header) to decide where and how packets are forwarded. Losses due to security breaches that result in theft, downtime and brand damage now stretch into the tens of millions of dollars per year for large enterprises, according to Infonetics Research. The essential information found there includes the source and destination IP address, TCP/ UDP port number and type of service (TOS). The TCP/UDP port numbers have well-known associations; for example 21 is associated with FTP, 80 with HTTP, 25 with SMTP and 110 with POP3. This 5-tuple of information from layers 3 and 4 is the classic means by which firewalls, routers and other switching devices decide on whether to and where to forward packets and with what priority. This information is increasingly insufficient to satisfy the requirements for multiplay services in a mixed customer environment. Additional elements of each packet must be inspected. Figure 3. Deep packet inspection The application layer (Layer 7) of the packet holds information specific to a protocol. All bits and bytes are now available for deep packet inspection, allowing network devices to finely classify traffic type and source. For example not only can you identify the traffic as using SMTP, you can now identify the source application as Microsoft Outlook by examining the application signature. The information can be used to provide: Subscriber and service based QoS policing Peer-to-peer bandwidth management Denial of service (DoS) and virus attack prevention Intrusion detection and prevention Web and content filtering Security Threats Losses due to security breaches that result in theft, downtime and brand damage now stretch into the tens of millions of dollars per year for large enterprises, according to Infonetics Research 2. Attacks and failures are seen at every level from online applications, to networks, to mobile and core infrastructures. 2 The Costs of Network Security Attacks: North America 2007, February 2007, Infonetics Research. 6
7 Conventional security software and appliances, such as anti-virus protection and firewalls, have increasingly reduced the number of attacks, but the total losses continue to grow. The 2007 CSI Computer Crime and Security Survey 3 reported that in 2006 the average loss per survey respondent more than doubled when compared to the year before. Security issues have pushed defenses into network devices and have spawned a number of auxiliary security enforcement devices. These functions include: Intrusion detection systems (IDSs) Intrusion prevention systems (IPSs) Unified threat management systems Antivirus filters Antispam filters Increasingly, application-aware devices are performing security functions largely because the information they need is now available through deep packet inspection. Peer to Peer Peer-to-peer traffic is estimated to account for 60% of all Internet traffic, with an expected 135 million P2P users by The amount of traffic seems to have been unaffected by the adoption of antitheft mechanisms such as digital rights management (DRM), shifting somewhat to legitimate P2P services. Moreover, there are strong indications that increased IP video content will drive the use of P2P even higher. Clever software and devices will use P2P to distribute content, obviating the need for providers to host large video content infrastructures and making services quick and inexpensive to deploy and sell. Joost, for example, uses home computers to send and receive TV and other content. Joost and Vudu use P2P to make thousands of pay-perview movies available to users worldwide. Putting it all together The preceding discussion serves to highlight that application layer forwarding is a very complex and resource-intensive task. Every bit of traffic traversing a device needs to be inspected and matched against signature libraries containing patterns that match standard Internet protocols, such as P2P, as well as virus, spam, and hacker intrusion. Every bit of traffic traversing a device needs to be inspected and matched against signature libraries containing patterns that match standard Internet protocols, such as P2P, as well as virus, spam, and hacker intrusion. Figure 4. Application layer forwarding 3 CSI Survey The 12th Annual Computer Crime and Security Survey 7
8 Some of the signatures are split across multiple packets and sometimes even across multiple TCP connections, making the process more complex and resource intensive. Hackers often use such techniques to mask their activity. Once a session has been classified, the QoS policies that apply to that session need to be applied to ensure that the traffic is placed in the appropriate priority queue a resource intensive task, especially for multi-gigabit per second devices. Some application-aware devices take advantage of their ability to probe deeply into packet contents to implement other services. For example: Since the deep packet inspection that these devices perform recognizes complete sessions and keys off protocol interchange messages, they need to be tested with stateful application traffic that follows protocol rules. Application load balancing Long-term traffic analysis to detect intrusion detection Security access control Billing These tasks of course make application-aware packet forwarding an even more complex task. Testing Challenges Such complex devices pose significant problems for network equipment manufacturers (NEMs) and service providers. They must validate their devices in terms of accuracy, performance and robustness of their QoS strategy implementation. NEMs must validate their devices performance in forwarding application-layer traffic in order to compete with other vendors and to ensure customer satisfaction. Forwarding needs to be verified for a resource-intensive mix of services and applications. The delivery of services, based on QoS, must be tested to assure proper prioritization of voice and video traffic over data traffic as well as prioritization of business over consumer traffic. QoS can only be tested when an overload of traffic is applied with line-rate traffic on all the device s interfaces. Finally, NEMs must ensure that attacks are identified and thwarted so that overall device performance is not affected. Insecure devices can be responsible for financial and brand damage. Service providers face similar challenges, but with a larger, changing scope. To keep their customers happy and to maximize their capital investments, they must ensure that their core network, consisting of many traditional and application-aware devices, maintains proper QoS for all voice, video and data traffic. Service providers must be particularly sensitive to their customers perception of QoE. Service providers must always be ready to come to market with new, advanced services in order to quickly capitalize on market demand with minimal risk. Because service providers are continually upgrading their networks, either with additional devices or with new devices, network testing must be frequently repeated. Measuring application performance The requirements for testing application-aware devices are as complex, if not more complex, than those associated with application forwarding itself. Since the deep packet inspection that these devices perform recognizes complete sessions and keys off protocol interchange messages, they need to be tested with stateful application traffic that follows protocol rules. 8
9 Devices need to be exercised at their limits and beyond to ensure that they will function at optimum levels and properly apply QoS policies. This type of testing involves the use of a wide range of multiplay traffic: Data, including HTTP, P2P, FTP, SMTP, POP3 Video, including IGMP, MLD, RTSP/RTP Voice, including SIP, MGCP Modern, large-scale devices and networks can handle hundreds of thousands of sessions at a time and must be tested under this type of load. A wide variety of measurements must be made to ensure performance and QoE. These include: HTTP/web response time for loading web pages and content VoIP call setup time and voice quality Consistent and reliable video delivery and quality Video channel change time Peer-to-peer (P2P) throughput Negative tests must also be applied to ensure that attack traffic is correctly classified and that it does not affect normal traffic performance. Of particular importance is the testing of devices and networks under the influence of distributed denial of services (DDoS). Scalability testing is of particular importance for capacity planning. NEMs must publish limits that service providers will use and service providers must anticipate future needs. The number of users, calls, and sessions must be established along with traffic throughput. How can Ixia help? Ixia s IxLoad solution is specifically designed to minimize test development time, while maximizing test thoroughness, allowing its customers to get to market faster, with higher quality, faster performing products. IxLoad thoroughly tests application-aware devices, measuring performance of all types. A highly-refined GUI makes test development and result analysis quick, and easy reducing product and network certification time. Here are the key benefits related to application-aware device testing: Negative tests must also be applied to ensure that attack traffic is correctly classified and that it does not affect normal traffic performance. Real-world application traffic mix guarantees that devices and networks have been tested with the same suite of services that will be used in deployment. IxLoad emulates the broadest range of application clients and servers in a manner that carefully models real-world conditions. Subscriber behavior ensures that fielded services will match performance guarantees. The manner in which subscribers use multiple services is modeled at a city-level scale. Denial of service attack tests reduce the risk of security failures. High-volume denial of service attacks are emulated at the same time as real-world application traffic. Ease of use minimizes test development, revisions and retest ensuring that test time is minimized for initial product development, product updates and expansion. IxLoad s GUI contributes to a highly efficient tool for developing, perfecting, running, analyzing and reporting application performance tests. 9
10 Real-world traffic modeling The Ixia test platform consists of a family of table-top and rack-mounted chassis that utilize load module interface cards, each of which has a number of individual test ports. IxLoad utilizes Ixia load modules that support 1 Gbps and 10 Gbps Ethernet, with fiber and copper interfaces. Each Ixia load module port contains its own CPU with substantial processing power and memory. As shown in Figure 5, IxLoad tests devices and networks by emulating clients and servers surrounding the device or system under test (DUT or SUT). Ixia test ports are connected on either side of the DUT/SUT and are used to initiate and/or terminate sessions and send/receive stateful application traffic. Ixia test ports are connected on either side of the DUT/ SUT and are used to initiate and/or terminate sessions and send/receive stateful application traffic. Figure 5. IxLoad test scenario Real-world, stateful traffic is essential for characterization of devices and networks. Tests must carefully mimic complete sessions in order to invoke the application-aware components of the devices they test. Without stateful traffic, there is no guarantee that devices behave correctly or efficiently. The processing power of Ixia s ports is used to emulate protocol clients and servers with complete stateful sessions. Using large numbers of client and server emulations, IxLoad can emulate a realistic mix of traffic, using real voice, video and data applications simultaneously. Tests allow verification that QoS schemes are delivering expected QoS and QoE for each of the services under the influence of arbitrary mixes of other services. Tests may involve as few as two or hundreds of test ports to achieve any scale desired. Both the number of emulated clients/servers and the traffic volume scale with the number of test ports. 10
11 Subscriber behavior Real-world traffic involves more than just protocol coverage. Many services cannot be completely tested without simulating a wide audience of distinct users. It s important that end-user emulation reflect patterns of usage. This includes: Multiservice emulation to depict the various application services that are common in today s digital home Subscribers service usage patterns, including mixed call duration, channel surfing pattern or Internet use. User-specific behavior including user login for social networking sites or financial sites. Ixia provides an elegant mechanism to model subscriber profiles and uses an advanced timeline to model differing service usage patterns shown in Figure 6. Ixia provides an elegant mechanism to model subscriber profiles and uses an advanced timeline to model differing service usage patterns. Figure 6. Subscriber Usage Profile With real-world traffic and subscriber behavior modeling, NEMs can tune and test their product properly so that they can properly compete and characterize their products for their customers. They can rest assured that there will be no surprises downstream when their customers deploy their products. Service providers can likewise feel comfortable that their networks will satisfy their customers QoE demands. DoS attacks Denial of service attacks are a critical test that must precede any deployment; failure to do so can result in network failure, monetary loss and brand damage. DoS attacks are used to gauge DUT/SUT sensitivity to large amounts of malicious traffic, as shown in Figure 7. 11
12 The IxLoad GUI is the ultimate in ease of use and power, allowing test engineers to quickly develop and run tests minimizing test-related time to market delays.. Figure 7. Use of DoS attacks In this example, baseline tests are run to determine VoIP throughput, latency and jitter for large numbers of sessions. DoS attacks are then run to ensure that the same performance characteristics are observed for VoIP traffic. Ease of Use The IxLoad GUI is the ultimate in ease of use and power, allowing test engineers to quickly develop and run tests minimizing test-related time to market delays. The key component of an IxLoad test, the traffic model, is supported by a visual drag-and-drop interface shown in Figure 8 Figure 8. IxLoad traffic model GUI 12
13 Traffic flow editor to quickly create and manage complex scenarios Resource manager saves test elements for frequent reuse to increase productivity One-click automation enables test scenarios to be automated for regression IxLoad also provides a graphical display of real-time statistics along with tabular results for offline analysis. As shown in Figure 9, the overall run results are visually displayed side-by-side with the details of the small numbers of errors that occurred. Figure 9. IxLoad side-by-side statistics display IxLoad Features Highly scalable, integrated test solution Highest traffic rate 1 Gbps and 10 Gbps line-rate traffic Up to 12 Gbps per chassis Realistic traffic modeling Emulates multiplay clients and servers Visual subscriber traffic profile creation Complete Quality of Experience metrics Jitter, latency, MOS, PESQ, MDI, TVQM, PEVQ Widest protocol coverage Full range of voice, video, data, security and infrastructure protocols Both IPv4 and IPv6 supported across the board Quarterly additions of protocols and protocol updates All-in-one application testing Triple-play protocols Infrastructure components 13
14 IPSec/SSL security Integrated with router testing in IxNetwork Other Ixia conformance and performance test applications run on the same platform Integration with the Ixia Test Conductor regression framework Ease of use Highly visual GUI Quickly move from small-scale setup to large-scale testing Graphic preparation of user traffic and usage profiles o Easy to drill-down to errors Support for modern voice and video technology: SIP, MGCP H.264, MPEG-4, MPEG-2, IGMP, MLD, RTSP/RTP Tests critical infrastructure components: Authentication: AAA, LDAP and RADIUS services IP addressing: DHCP and DNS Security: SSL and IPSec Generates malicious and DDoS traffic for security testing Realistic network modeling with impairment and complete TCP parameter control Full data for analysis Customizable real-time statistics Raw data in CSV files for offline analysis 14
15 Conclusion Multiplay services and security threats mandate application layer intelligence. Application awareness requires intensive packet processing for deep packet inspection and complex QoS implementation. Ixia s IxLoad is the industry-leading product for layer 4-7 testing of application-aware devices. It offers: A highly scalable, integrated test solution. Realistic traffic modeling with emulation of multiplay clients and servers. Highest traffic rate the only solution with 10 Gbps line-rate traffic. Comprehensive application testing covering all device testing needs, with triple-play, infrastructure, security, and router components. Widest protocol coverage with the full range of voice, video, data, security and infrastructure protocols. Ease of use IxLoad s sophisticated GUI is the ultimate in productivity, quickly moving from small-scale setup to large-scale testing. Ixia offers everything on a single, shared platform. Ixia test applications cover the full gamut of tools for IP network performance testing. Ixia applications also offer the fastest path to automation, generating automation scripts with the push of a button that may be coordinated by the Test Conductor regression tool to create and run complete regression suites. Ixia platforms have forward and backward compatibility, guaranteeing the longterm benefits of your investments. 15
16 WHITE PAPER Rev. C, January 2014
IxLoad: Testing Microsoft IPTV
IxLoad: Testing Microsoft IPTV IxLoad provides a comprehensive solution for validating service delivery networks utilizing Microsoft IPTV. IxLoad offers a complete solution that simulates core systems
More informationEnabling a Converged World. Testing Multiplay Networks
Enabling a Converged World Testing Multiplay Networks 915-1743-01 Rev A July 2011 Testing Multiplay Networks P/N 915-1743-01 Rev A April, 2008 Contents Testing Multiplay Networks... 2 Ixia s Approach
More informationIxLoad-Attack: Network Security Testing
IxLoad-Attack: Network Security Testing IxLoad-Attack tests network security appliances determining that they effectively and accurately block attacks while delivering high end-user quality of experience
More informationApplication Delivery Testing at 100Gbps and Beyond
Application Delivery Testing at 100Gbps and Beyond The Need for Speed 10 Gigabit Ethernet (GE) rapidly became the technology of choice for high speed connections to servers and network devices. Advancements
More informationAPPLICATION DELIVERY. Black Book. Edition 10. Application Delivery. http://www.ixiacom.com/blackbook June 2014. PN 915-2610-01 Rev H June 2014 i
APPLICATION DELIVERY Black Book Edition 10 Application Delivery http://www.ixiacom.com/blackbook June 2014 PN 915-2610-01 Rev H June 2014 i APPLICATION DELIVERY Your feedback is welcome Our goal in the
More informationIxVeriWave BYOD (Bring Your Own Device) Testing
IxVeriWave BYOD (Bring Your Own Device) Testing Highlights High-scale controller load testing with a single test involving tens of thousands of clients and hundreds of APs Real-world deployment tests scale
More informationIxLoad - Layer 4-7 Performance Testing of Content Aware Devices and Networks
IxLoad - Layer 4-7 Performance Testing of Content Aware Devices and Networks IxLoad is a highly scalable solution for accurately assessing the performance of content-aware devices and networks. IxLoad
More informationThe Cisco ASA 5500 as a Superior Firewall Solution
The Cisco ASA 5500 as a Superior Firewall Solution The Cisco ASA 5500 Series Adaptive Security Appliance provides leading-edge firewall capabilities and expands to support other security services. Firewalls
More informationIxLoad TM Adobe HDS Player Emulation
IxLoad TM Adobe HDS Player Emulation HTTP Dynamic Streaming (HDS) is a solution developed by Adobe Systems to playback high quality live and on-demand content. The playback uses HTTP for streaming fragmented
More informationWHITE PAPER. Security Testing For Financial Institutions
WHITE PAPER Security Testing For Financial Institutions www.ixiacom.com 915-1784-01 Rev. C, January 2014 2 Table of Contents Introduction... 4 The Need for Security Testing... 6 Security Threats... 6 Client
More informationCisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
More informationNext Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6?
Next Generation IPv6 Network Security a Practical Approach Is Your Firewall Ready for Voice over IPv6? - and many other vital questions to ask your firewall vendor Zlata Trhulj Agilent Technologies zlata_trhulj@agilent.com
More informationWhitepaper. 10 Metrics to Monitor in the LTE Network. www.sevone.com blog.sevone.com info@sevone.com
10 Metrics to Monitor in the LTE Network The deployment of LTE increases dependency on the underlying network, which must be closely monitored in order to avert serviceimpacting events. In addition, the
More informationUnified Threat Management Throughput Performance
Unified Threat Management Throughput Performance Desktop Device Comparison DR150818C October 2015 Miercom www.miercom.com Contents Executive Summary... 3 Introduction... 4 Products Tested... 6 How We Did
More informationIxLoad VoIP SIP, MGCP Features
IxLoad VoIP SIP, MGCP Features Aptixia IxLoad can test the performance of VoIP networks and devices by emulating SIP and MGCP user agents. IxLoad can be used to: Test the scalability and performance of
More informationVoice Over IP Performance Assurance
Voice Over IP Performance Assurance Transforming the WAN into a voice-friendly using Exinda WAN OP 2.0 Integrated Performance Assurance Platform Document version 2.0 Voice over IP Performance Assurance
More informationCisco ACE 4710 Application Control Engine
Data Sheet Cisco ACE 4710 Application Control Engine Product Overview The Cisco ACE 4710 Application Control Engine (Figure 1) belongs to the Cisco ACE family of application switches, used to increase
More informationdiversifeye Application Note
diversifeye Application Note Test Performance of IGMP based Multicast Services with emulated IPTV STBs Shenick Network Systems Test Performance of IGMP based Multicast Services with emulated IPTV STBs
More information10 METRICS TO MONITOR IN THE LTE NETWORK. [ WhitePaper ]
[ WhitePaper ] 10 10 METRICS TO MONITOR IN THE LTE NETWORK. Abstract: The deployment of LTE increases dependency on the underlying network, which must be closely monitored in order to avert service-impacting
More informationEvaluating Wireless Broadband Gateways for Deployment by Service Provider Customers
Evaluating Wireless Broadband Gateways for Deployment by Service Provider Customers Overview A leading provider of voice, video, and data services to the residential and businesses communities designed
More informationCreating Business-Class VoIP: Ensuring End-to-End Service Quality and Performance in a Multi-Vendor Environment. A Stratecast Whitepaper
: Ensuring End-to-End Service Quality and Performance in a Multi-Vendor Environment A Executive Summary Creating Business-Class VoIP Traditional voice services have always been reliable, available, and
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationTesting Packet Switched Network Performance of Mobile Wireless Networks IxChariot
TEST PLAN Testing Packet Switched Network Performance of Mobile Wireless Networks IxChariot www.ixiacom.com 915-6649-01, 2006 Contents Testing Packet Switched Network Performance of Mobile Wireless Networks...3
More informationSonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
More informationPerformance of Cisco IPS 4500 and 4300 Series Sensors
White Paper Performance of Cisco IPS 4500 and 4300 Series Sensors White Paper September 2012 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of
More informationNetwork Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000
Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business
More informationS-Series SBC Interconnect Solutions. A GENBAND Application Note May 2009
S-Series SBC Interconnect Solutions A GENBAND Application Note May 2009 Business Requirements A ubiquitous global voice service offering is the challenge among today s large service providers. The need
More informationIxLoad: Advanced VoIP
IxLoad: Advanced VoIP IxLoad in a typical configuration simulating SIP endpoints Aptixia IxLoad VoIP is the perfect tool for functional, performance, and stability testing of SIPbased voice over IP (VoIP)
More informationServer Load Balancing (SLB) Testing IxLoad
TEST PLAN Server Load Balancing (SLB) Testing IxLoad www.ixiacom.com 915-6653-01, 2006 Copyright 2006 by Ixia All rights reserved Ixia 26601 West Agoura Road, Calabasas, CA 91302 (877) FOR-IXIA This Test
More informationReducing Downtime Costs with Network-Based IPS
Reducing Downtime Costs with Network-Based IPS April 2007 900 East Hamilton Avenue Suite 230 San Jose California 95008 t 408.583.0011 f 408.583.0031 www.infonetics.com Silicon Valley, CA Boston, MA London,
More informationSolution Brief. Secure and Assured Networking for Financial Services
Solution Brief Secure and Assured Networking for Financial Services Financial Services Solutions Page Introduction To increase competitiveness, financial institutions rely heavily on their networks to
More informationIxLoad TM : Data HTTP, SSL, and FTP
IxLoad TM : Data HTTP, SSL, and FTP IxLoad tests the scalability and performance of content-aware networks and devices by emulating HTTP(S), SSL, and FTP clients and servers. IxLoad can be used to: Test
More informationGaining Operational Efficiencies with the Enterasys S-Series
Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction
More informationCT505-30 LANforge-FIRE VoIP Call Generator
1 of 11 Network Testing and Emulation Solutions http://www.candelatech.com sales@candelatech.com +1 360 380 1618 [PST, GMT -8] CT505-30 LANforge-FIRE VoIP Call Generator The CT505-30 supports SIP VOIP
More informationLucent VPN Firewall Security in 802.11x Wireless Networks
Lucent VPN Firewall Security in 802.11x Wireless Networks Corporate Wireless Deployment is Increasing, But Security is a Major Concern The Lucent Security Products can Secure Your Networks This white paper
More informationThe Truth About Router Performance
The Truth About Router Performance Multiservice Routers versus Integrated Service Routers (Gen. 2) Frank Ohlhorst Lab Director/Product Analyst The Truth About Router Performance 2 Router performance has
More informationTriple Play Test Suite
Triple Play Test Suite Triple Play is a general term referring to the delivery of Voice, Video, and Data services to an end-user as a unified service. From the end-user's perspective, triple play services
More informationThe Broadband Service Optimization Handbook Chapter 3
Gaining detailed information about the traffic on your network and the behavior of your subscribers is crucial to achieving success in the highly competitive service provider market. The latest breed of
More informationDeploying Firewalls Throughout Your Organization
Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense
More informationServer Load Balancer Testing
Server Load Balancer Testing 26601 W. Agoura Rd. Calabasas, CA 91302 (Toll Free US) 1.877.FOR.IXIA (Int'l) +1.818.871.1800 (Fax) 818.871.1805 www.ixiacom.com Test Plan Copyright 2006 by Ixia All rights
More informationWHITE PAPER. Extending Network Monitoring Tool Performance
WHITE PAPER Extending Network Monitoring Tool Performance www.ixiacom.com 915-6915-01 Rev. A, July 2014 2 Table of Contents Benefits... 4 Abstract... 4 Introduction... 4 Understanding Monitoring Tools...
More informationLeader in Converged IP Testing. Security Testing For Financial Institutions
Leader in Converged IP Testing Security Testing For Financial Institutions 915-1784-01 Rev B July 2012 2 Contents Introduction...4 Security Threats...6 The Payoff...11 Introduction Major security breaches
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationIxChariot Pro Active Network Assessment and Monitoring Platform
IxChariot Pro Active Network Assessment and Monitoring Platform Network performance and user experience are critical aspects of your business. It is vital to understand customers perception of your website,
More informationVoIP Conformance Labs
VoIP acceptance, VoIP connectivity, VoIP conformance, VoIP Approval, SIP acceptance, SIP connectivity, SIP conformance, SIP Approval, IMS acceptance, IMS connectivity, IMS conformance, IMS Approval, VoIP
More informationAvailability Digest. www.availabilitydigest.com. Prolexic a DDoS Mitigation Service Provider April 2013
the Availability Digest Prolexic a DDoS Mitigation Service Provider April 2013 Prolexic (www.prolexic.com) is a firm that focuses solely on mitigating Distributed Denial of Service (DDoS) attacks. Headquartered
More informationFirewall Testing Methodology W H I T E P A P E R
Firewall ing W H I T E P A P E R Introduction With the deployment of application-aware firewalls, UTMs, and DPI engines, the network is becoming more intelligent at the application level With this awareness
More informationBusiness case for VoIP Readiness Network Assessment
Business case for VoIP Readiness Network Assessment Table of contents Overview... 2 Different approaches to pre-deployment assessment:.......... 2 Other considerations for VoIP pre-deployment... 3 The
More informationEvaluating IPv6 Firewalls & Verifying Firewall Security Performance
Next Generation IPv6 Network Security IPv6 Summit Bonn 30 th June 2004 Evaluating IPv6 Firewalls & Verifying Firewall Security Performance [ Vital questions to ask your firewall vendor ] Yvon Rouault Agilent
More informationWAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO
WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO The number of branch-office work sites is increasing, so network administrators need tools to
More informationNetwork Simulation Traffic, Paths and Impairment
Network Simulation Traffic, Paths and Impairment Summary Network simulation software and hardware appliances can emulate networks and network hardware. Wide Area Network (WAN) emulation, by simulating
More informationSaisei and Intel Maximizing WAN Bandwidth
Intel Network Builders Saisei Solution Brief Intel Xeon Processors Saisei and Intel Maximizing WAN Bandwidth Introduction Despite the increased capacity available on WAN links1, service providers and enterprises
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationTesting L7 Traffic Shaping Policies with IxChariot IxChariot
TEST PLAN Testing L7 Traffic Shaping Policies with IxChariot IxChariot www.ixiacom.com 915-6658-01, 2005 Contents 1. Introduction 1 2. Overview of L7 Layer Payload Definition Options in IxChariot 1 2.1
More informationEndpoint Based Policy Management: The Road Ahead
Endpoint Based Policy Management: The Road Ahead Introduction In a rapidly growing and crowded security solutions market, organizations need to deploy the most effective technologies taking into consideration
More informationApplication Visibility and Monitoring >
White Paper Application Visibility and Monitoring > An integrated approach to application delivery Application performance drives business performance Every business today depends on secure, reliable information
More informationHamilton County Communications, Inc. NETWORK POLICY AND PRACTICE FOR ISP. Table of Contents
Hamilton County Communications, Inc. NETWORK POLICY AND PRACTICE FOR ISP Table of Contents Section Page Definitions 2 Terms of Service and Network Management Practices 2 Devices & Software that may be
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More informationImproving Quality of Service
Improving Quality of Service Using Dell PowerConnect 6024/6024F Switches Quality of service (QoS) mechanisms classify and prioritize network traffic to improve throughput. This article explains the basic
More informationUNIFIED PERFORMANCE MANAGEMENT
UNIFIED PERFORMANCE MANAGEMENT VISIBILITY CONTROL OPTIMIZATION COMPLETE WAN OPTIMIZATION Increase the speed and efficiency of your wide area network. Exinda s Unified Performance Management (UPM) solution
More informationObserver Analysis Advantages
In-Depth Analysis for Gigabit and 10 Gb Networks For enterprise management, gigabit and 10 Gb Ethernet networks mean high-speed communication, on-demand systems, and improved business functions. For enterprise
More informationValidate the performance and security of IPS/IDS, Firewall and Proxy - January 2009
Validate the performance and security of IPS/IDS, Firewall and Proxy - January 2009 Gregory Fresnais gfresnais@bpointsys.com +33672510922 Director of International Business Development BreakingPoint Systems
More informationArchitecture de Réseaux et Dimensionnement du Trafic
Architecture de Réseaux et Dimensionnement du Trafic Isocore Europe Paris, France Téléphone : 33 (0) 1 72 81 34 09 www.isocore.com Bijan Jabbari, PhD bjabbari@isocore.com Sommaire/Outline Architecture
More information5. DEPLOYMENT ISSUES Having described the fundamentals of VoIP and underlying IP infrastructure, let s address deployment issues.
5. DEPLOYMENT ISSUES Having described the fundamentals of VoIP and underlying IP infrastructure, let s address deployment issues. 5.1 LEGACY INTEGRATION In most cases, enterprises own legacy PBX systems,
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationMPLS Networking. Create a Secure Private Network for Cloud Computing. www.megapath.com. Learn More: Call us at 877.634.2728.
Create a Secure Private Network for Cloud Computing Learn More: Call us at 877.634.2728. www.megapath.com MegaPath s Secure Private Cloud for Networking Your business may be considering a move to the cloud
More informationMail Gateway Testing. Test Plan. 26601 W. Agoura Rd. Calabasas, CA 91302 (Toll Free US) 1.877.FOR.IXIA (Int'l) +1.818.871.1800 (Fax) 818.871.
Mail Gateway Testing 26601 W. Agoura Rd. Calabasas, CA 91302 (Toll Free US) 1.877.FOR.IXIA (Int'l) +1.818.871.1800 (Fax) 818.871.1805 www.ixiacom.com Test Plan Copyright 2006 by Ixia All rights reserved
More informationBusiness Case for a DDoS Consolidated Solution
Business Case for a DDoS Consolidated Solution Executive Summary Distributed denial-of-service (DDoS) attacks are becoming more serious and sophisticated. Attack motivations are increasingly financial
More informationIxLoad Voice SIP Key Features
IxLoad Voice SIP Key Features IxLoad Voice SIP is the perfect tool for functional, performance, and stability testing of SIP-based voice over IP (VoIP) network components. Because IxLoad supports SIP,
More informationDelivering Network Performance and Capacity. The most important thing we build is trust
Delivering Network Performance and Capacity The most important thing we build is trust The Ultimate in Real-life Network Perfomance Testing 1 The TM500 Family the most comprehensive 3GPP performance and
More informationProduct Announcement BreezeACCESS-TM
Product Announcement BreezeACCESS-TM Document publication date: December 2, 2002. Page 1 of 8 Introduction Service provider s profitability hinges on the ability to increase revenue from existing resources
More informationAPPLICATION NOTE 209 QUALITY OF SERVICE: KEY CONCEPTS AND TESTING NEEDS. Quality of Service Drivers. Why Test Quality of Service?
QUALITY OF SERVICE: KEY CONCEPTS AND TESTING NEEDS By Thierno Diallo, Product Specialist With the increasing demand for advanced voice and video services, the traditional best-effort delivery model is
More informationHuawei Eudemon1000E-X series Firewall. Eudemon 1000E-X Series Firewall. Huawei Technologies Co., Ltd.
Eudemon 1000E-X Series Firewall Huawei Technologies Co., Ltd. Product Overview With the dramatic increase in threats to networks, users are become ever more concerned by application- and service-based
More informationIxia xstream TM 10. Aggregation, Filtering, and Load Balancing for qgbe/10gbe Networks. Aggregation and Filtering DATA SHEET
Ixia xstream TM 10 Aggregation, Filtering, and Load Balancing for qgbe/10gbe Networks The Ixia xstream 10 is a network packet broker for monitoring high-speed network traffic, letting you share the network
More informationSecuring data centres: How we are positioned as your ISP provider to prevent online attacks.
Securing data centres: How we are positioned as your ISP provider to prevent online attacks. Executive Summary In today s technologically-demanding world, an organisation that experiences any internet
More informationaxs-200/650 IP TRIPLE-PLAY TEST SET
axs-200/650 IP TRIPLE-PLAY TEST SET 2011 GLOBAL xdsl TEST EQUIPMENT GROWTH LEADERSHIP AWARD as part of the SharpTeSTer access line, the axs-200/650 Triple-play Test Set delivers ip-based data, Voip and
More informationAXS-200/650 IP TRIPLE-PLAY TEST SET. part of the SharpTESTER Access Line. www.exfo.com Telecom Test and Measurement
IP TRIPLE-PLAY TEST SET AXS-200/650 part of the SharpTESTER Access Line NETWORK TESTING ACCESS Ensuring optimal delivery of triple-play services Optimized for FTTH IP triple-play service commissioning
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationPer-Flow Queuing Allot's Approach to Bandwidth Management
White Paper Per-Flow Queuing Allot's Approach to Bandwidth Management Allot Communications, July 2006. All Rights Reserved. Table of Contents Executive Overview... 3 Understanding TCP/IP... 4 What is Bandwidth
More informationCisco ASA 5500 Series Firewall Edition for the Enterprise
Solution Overview Cisco ASA 5500 Series Firewall Edition for the Enterprise Threats to today s networks continue to grow, with attacks coming from both outside and within corporate networks. These threats
More informationProviding Secure IT Management & Partnering Solution for Bendigo South East College
Providing Secure IT Management & Partnering Solution for Bendigo South East College Why did Bendigo South East College engage alltasksit & DELL? BSEC is in the midst of school population growth in 2015,
More informationIxLoad Data Mail (SMTP, POP3, IMAP) Features
IxLoad Data Mail (SMTP, POP3, IMAP) Features Aptixia IxLoad can test the performance of email delivery systems and devices by emulating various email clients, servers and associated protocols. SMTP, POP3
More informationitvsense Probe M-301/M-304
implementing next generation IT and communications solutions Service Assurance for Digital Video and IP-based Multiplay Networks itvsense Probe M-301/M-304 telecommunication networks it networks research
More informationEthernet Switch Evaluation For Streaming Media Multicast Applications
Ethernet Switch Evaluation For Streaming Media Multicast Applications Introduction In addition to many criteria relating to standards compliance, packet forwarding performance, layer 3 and 4 route discovery
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationCisco Prime Virtual Network Analysis Module
Data Sheet Cisco Prime Virtual Network Analysis Module Virtualization and cloud create exciting business-transformation opportunities, innovative services-delivery models, and improved economics. At the
More information4 Delivers over 20,000 SSL connections per second (cps), which
April 21 Commissioned by Radware, Ltd Radware AppDirector x8 and x16 Application Switches Performance Evaluation versus F5 Networks BIG-IP 16 and 36 Premise & Introduction Test Highlights 1 Next-generation
More informationCMA5000 SPECIFICATIONS. 5710 Gigabit Ethernet Module
CMA5000 5710 Gigabit Ethernet Module SPECIFICATIONS General Description The CMA5710 Gigabit Ethernet application is a single slot module that can be used in any CMA 5000. The Gigabit Ethernet test module
More informationAstaro Gateway Software Applications
Astaro Overview Astaro Products - Astaro Security Gateway - Astaro Web Gateway - Astaro Mail Gateway - Astaro Command Center - Astaro Report Manager Astaro Gateway Software Applications - Network Security
More informationKick starting science...
Computer ing (TDDD63): Part 1 Kick starting science... Niklas Carlsson, Associate Professor http://www.ida.liu.se/~nikca/ What do you have in the future? What do you have in the future? How does it keep
More informationExtreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF
Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF TECHNOLOGY STRATEGY BRIEF Extreme Networks CoreFlow2 Technology Benefits INCREASED VISIBILITY Detailed monitoring of applications, their
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More informationRanch Networks for Hosted Data Centers
Ranch Networks for Hosted Data Centers Internet Zone RN20 Server Farm DNS Zone DNS Server Farm FTP Zone FTP Server Farm Customer 1 Customer 2 L2 Switch Customer 3 Customer 4 Customer 5 Customer 6 Ranch
More informationCT522-128 LANforge WiFIRE Chromebook 802.11a/b/g/n WiFi Traffic Generator with 128 Virtual STA Interfaces
1 of 8 Network Testing and Emulation Solutions http://www.candelatech.com sales@candelatech.com +1 360 380 1618 [PST, GMT -8] CT522-128 LANforge WiFIRE Chromebook 802.11a/b/g/n WiFi Traffic Generator with
More informationCisco ASA 5500 Series Firewall Edition for the Enterprise
Взято с сайта www.wit.ru Solution Overview Cisco ASA 5500 Series Firewall Edition for the Enterprise Threats to today s networks continue to grow, with attacks coming from both outside and within corporate
More informationWHITE PAPER: Broadband Bonding for VoIP & UC Applications. In Brief. mushroomnetworks.com. Applications. Challenge. Solution. Benefits.
In Brief Applications UC & VoIP Challenge Cut telecom cost by finding an alternative to costly MPLS Improve Internet connectivity speeds Fortify business continuity Solution Mushroom Networks Truffle Internet
More informationJUST FOR THOSE WHO CAN T TOLERATE DOWNTIME WE ARE NOT FOR EVERYONE
WE ARE NOT FOR EVERYONE JUST FOR THOSE WHO CAN T TOLERATE DOWNTIME Don t let a DDoS attack bring your online business to a halt we can protect any server in any location DON T GET STUCK ON THE ROAD OF
More informationApplications that Benefit from IPv6
Applications that Benefit from IPv6 Lawrence E. Hughes Chairman and CTO InfoWeapons, Inc. Relevant Characteristics of IPv6 Larger address space, flat address space restored Integrated support for Multicast,
More information