Saisei and Intel Maximizing WAN Bandwidth

Similar documents
Saisei FlowCommand FLOW COMMAND IN ACTION. No Flow Left Behind. No other networking vendor can make this claim

Intel Network Builders: Lanner and Intel Building the Best Network Security Platforms

Securing the Intelligent Network

DELIVERING APPLICATION ANALYTICS FOR AN APPLICATION FLUENT NETWORK

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

Different NFV/SDN Solutions for Telecoms and Enterprise Cloud

Next-Generation Firewalls: Critical to SMB Network Security

PRODUCTS & TECHNOLOGY

Using SDN-OpenFlow for High-level Services

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

VNF & Performance: A practical approach

Testing Challenges for Modern Networks Built Using SDN and OpenFlow

Delivering Managed Services Using Next Generation Branch Architectures

Visualization, Management, and Control for Cisco IWAN

Cisco IOS Flexible NetFlow Technology

STEELHEAD HYBRID NETWORKING

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Use Cases for the NPS the Revolutionary C-Programmable 7-Layer Network Processor. Sandeep Shah Director, Systems Architecture EZchip

Enhancing Cisco Networks with Gigamon // White Paper

Secure Cloud-Ready Data Centers Juniper Networks

Consolidating Multiple Network Appliances

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks

Getting More Performance and Efficiency in the Application Delivery Network

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Developing High-Performance, Flexible SDN & NFV Solutions with Intel Open Network Platform Server Reference Architecture

SDN and NFV in the WAN

Mesh VPN Link Sharing (MVLS) Solutions

Site2Site VPN Optimization Solutions

Per-Flow Queuing Allot's Approach to Bandwidth Management

IBM Security Network Protection

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

OKTOBER 2010 CONSOLIDATING MULTIPLE NETWORK APPLIANCES

White Paper. BTI Intelligent Cloud Connect. Unblocking the Cloud Connectivity Bottleneck. btisystems.com

Open Source in Government: Delivering Network Security, Flexibility and Interoperability

APPLICATION NOTE 209 QUALITY OF SERVICE: KEY CONCEPTS AND TESTING NEEDS. Quality of Service Drivers. Why Test Quality of Service?

Intel Network Builders Solution Brief. Intel and ASTRI* Help Mobile Network Operators Support Small Cell Networks

Enabling Solutions in Cloud Infrastructure and for Network Functions Virtualization

An Oracle Technical White Paper November Oracle Solaris 11 Network Virtualization and Network Resource Management

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

Serro Solutions Enables Managed Security Service Providers to Optimize Networking Performance and Cost

Leveraging SDN and NFV in the WAN

Internet Services. Amcom. Support & Troubleshooting Guide

Pervasive Security Enabled by Next Generation Monitoring Fabric

Ensuring end-user quality in NFV-based infrastructures

Corente Cloud Services Exchange

MPLS and NetEnforcer Synergy. Enhancing the control of MPLS-based, enterprise managed services with Allot's NetEnforcer

IBM Security Intrusion Prevention Solutions

WHITE PAPER. How To Compare Virtual Devices (NFV) vs Hardware Devices: Testing VNF Performance

Edge Configuration Series Reporting Overview

LiveAction Visualization, Management, and Control for Cisco IWAN Overview

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Content-ID. Content-ID URLS THREATS DATA

Application Visibility and Monitoring >

Network Performance + Security Monitoring

Traffic Management Solutions for Social Innovation Business

ONOS [Open Source SDN Network Operating System for Service Provider networks]

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Presented by Philippe Bogaerts Senior Field Systems Engineer Securing application delivery in the cloud

Silver Peak s Virtual Acceleration Open Architecture (VXOA)

The Purview Solution Integration With Splunk

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Network Security Platform 7.5

mesdn: Mobile Extension of SDN Mostafa Uddin Advisor: Dr. Tamer Nadeem Old Dominion University

When SDN meets Mobility

Evaluation and Characterization of NFV Infrastructure Solutions on HP Server Platforms

Virtualized Security: The Next Generation of Consolidation

TEST METHODOLOGY. Hypervisors For x86 Virtualization. v1.0

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Flexible SDN Transport Networks With Optical Circuit Switching

The Advantages of Cloud Services

Private Cloud Solutions Virtual Onsite Data Center

Software Defined Network (SDN)

NFV Reference Platform in Telefónica: Bringing Lab Experience to Real Deployments

TIME TO RETHINK SDN AND NFV

Enhancing Hypervisor and Cloud Solutions Using Embedded Linux Iisko Lappalainen MontaVista

How To Create A Qos

Smart Network. Smart Business. Application Delivery Solution Brochure

Solving Monitoring Challenges in the Data Center

Cisco Integrated Services Routers Performance Overview

Extreme Security Threat Protection G2 - Intrusion Prevention Integrated security, visibility, and control for next- generation network protection

Monitoring, Managing, and Securing SDN Deployments // White Paper

Telecom - The technology behind

The need for bandwidth management and QoS control when using public or shared networks for disaster relief work

Optimizing Data Center Networks for Cloud Computing

PLUMgrid Toolbox: Tools to Install, Operate and Monitor Your Virtual Network Infrastructure

Virtualization, SDN and NFV

SOFTWARE-DEFINED NETWORKING AND OPENFLOW

The Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology

Network Function Virtualization Using Data Plane Developer s Kit

Performance Evaluation of VMXNET3 Virtual Network Device VMware vsphere 4 build

Red Hat Network Satellite Management and automation of your Red Hat Enterprise Linux environment

Open Networking User Group SD-WAN Requirements Demonstration Talari Test Results

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

Rethinking the WAN for the Cloud Computing Era: How SDN Technology Brings Lower WAN Costs While Improving Performance

Monitoring Service Delivery in an MPLS Environment

Transcription:

Intel Network Builders Saisei Solution Brief Intel Xeon Processors Saisei and Intel Maximizing WAN Bandwidth Introduction Despite the increased capacity available on WAN links1, service providers and enterprises often find bandwidth in short supply. This occurs even though most links average only 30%-40% utilization, and at best 50%-70% when specialized equipment is used. Today s best practice is to reserve significant capacity, often half of the total link capacity, to ensure a constant data flow during traffic surges and bandwidth-hogging application sessions, such as peer-to-peer downloads. This unfortunate situation is due to the chaotic and random nature of TCP/IP best effort delivery. In a best-effort network all users obtain unspecified variable bit rate and delivery time, depending on the current traffic load. When used with quality of service (QoS) and other priority controls, best effort has worked moderately well for many years. The physical size and extent of the Internet and new traffic patterns, however, have made it less and less effective. Saisei uses a patented technology that empowers WAN link utilization at 95% or better, without loss of connections, delay in traffic flow, queuing, or buffering. Under policy control, every user gets a fair and equitable share of the bandwidth, with high quality of experience (QoE). Saisei s products FlowCommand, FlowEnforcer, and FlowVision run on Intel x86 platforms, either as virtual machines (VM) under a hypervisor or on bare metal.

Challenge Carriers and cloud service providers must ensure that applications hosted at their facilities deliver high QoE without service interruptions. Enterprise IT organizations must guarantee reserved bandwidth for communications with business-critical, cloud-based infrastructure components. At the same time, misbehaving applications and users must be prevented from degrading overall network performance. Multiple devices are used today to optimize bandwidth, including WAN optimizers, packet shapers, application delivery controllers (ADC), load balancers, advanced routers, and next-generation firewalls. There are also a number of application performance monitoring (APM) and network performance monitoring (NPM) tools that are used to maintain networks. These devices are expensive to purchase, configure, and maintain and in some cases their functions may interfere with each other. Even with existing technologies and optimization devices, service providers and enterprises must pay for overcapacity in order to handle surges and highbandwidth applications and users. This is still only a partial solution; companies are rife with angry users who are disappointed with the service they receive. Solution Saisei is an early leader in a new field of network optimization called Network Performance Enforcement (NPE). NPE represents a class of solutions that combine real-time, in-line visibility, control, and security of application flows in a unified, scalable architecture designed for the modern, federated world of mobile, cloud, and Internet of things (IoT) data. Saisei s FlowCommand 2 offers a means of unifying network traffic and security monitoring, visibility, and control. Using FlowCommand, service providers and enterprises can achieve high utilization on their WAN links without delaying traffic flow or introducing queuing or buffering. FlowCommand is engineered to ensure that no user session will ever crash or time out. FlowCommand implements policy-based rate protection, not limitation, enforcing bandwidth based on a number of criteria: Per-user. Users can all receive the same rate with net neutrality or can be assigned preferred rates. Per-host. All traffic from a host can be aggregated and controlled. Per-application. Different applications have different rate requirements. A library of more than 10,000 applications is maintained by FlowCommand. Deep packet inspection (DPI) is used to identify applications with new apps automatically added to the list as they are recognized. Critical applications can be guaranteed bandwidth while non-critical or undesirable applications can be limited, diverted, or blocked. By geography. Using geolocation techniques and custom fields, FlowCommand attempts to locate the destination for traffic flows. Per MPLS label. The overall bandwidth of MPLS tunnels is controlled as well as the traffic within the tunnels. For custom groups, using any combination of characteristics described above. For example, a custom group could identify all countries with a company s offices. That group could be used to limit database access from only those countries to normal business hours. The result is predictable and equitable performance for all users. Figure 1 shows how FlowCommand s net neutrality equalization changes the chaotic real-time rates (upper graph) to an assignment in which all users receive the same rate (lower graph). 2

Figure 2 illustrates how FlowCommand allows specific users to receive differentiated service. Each slice represents the percentage of total bandwidth for each user. How FlowCommand Works FlowCommand is placed in-line with traffic flow from a WAN link, so that all traffic for that link is monitored and/or controlled. It may be used on one or both ends of a WAN link. Saisei has verified each instance of FlowCommand can control 5 million flows at up to 10 Gbps. Traffic is analyzed 20 times per second using 40 fine-grained metrics. An independent process and sophisticated GUI is used to visualize traffic and to manage policies. FlowCommand implements flow control based on three patents: slight delays are introduced into flows by inserting microsecond resolution pauses and/or by FIGURE 1 - SAISEI FLOWCOMMAND S NET NEUTRALITY Real-Time Monitoring FIGURE 2 - NET NEUTRALITY WITH DIFFERENTIATED SERVICE FlowVision provides a high resolution, real-time view of network traffic using 40 metrics performing many of the functions of classical APM/NPMs. Network administrators view usage by user, application, host, or geolocation. They can display rates, throughput, protocols, and flow control information. Flow data can be exported via the industry-standard IPFIX protocol for integration with other tools. FlowVision is particularly valuable for realtime troubleshooting since it allows rapid drill down to user, application, and server. dropping selected packets. FlowCommand is designed to have a minimal impact on traffic delay, typically introducing only 5-6 microseconds of delay, which is a significant improvement of the delay associated with the average best next-gen firewalls 3. Policy management may be performed with Saisei s own GUI, or may be controlled through its RESTful API. The API allows FlowCommand and its subsets to be integrated into a SDN network or with other NFV components. Security FlowCommand is used to augment existing security measures at the edge of a network, principally through real-time mitigation of attacks. For example, it can be used to effectively defend against 3

botnet and DDoS attacks through policies that limit the number of active sessions for a given protocol or port. Policies that identify foreign sites and hours of permitted access allow FlowCommand to control when enterprise applications may be used, limiting data exfiltration. Flows can be selectively redirected to other security processors, such as intrusion detection or prevention systems (IDS/IPS), as necessary. Intel Technology Intel processors and allied technologies are key enablers of Saisei s products. Saisei recommends the latest Intel Xeon Processor E5 v3 and Intel Atom Processor C200 Family. Only six cores are required to implement FlowCommand s 10Gbps control over 5M flows. FlowCommand extensively uses the Data Plane Development Kit (DPDK), a publicdomain software library that routes network packets around the Linux OS kernel. Coupled with network drivers and an optimized run-time environment, Saisei claims a thousand-fold improvement over non-dpdk traffic flow. Intel s roadmap is well aligned with Saisei s requirements for line-speed traffic control. Key Features Increased bandwidth utilization. Increased bandwidth without delaying traffic or causing loss of connections. Bandwidth rate protection. Policybased control of rate on a per-user, per-application, per-host, per-location basis. Advanced policy management. GUI- or API-based policy rules dictate which users and applications receive bandwidth. Real-time monitoring and visualization. Updated 20 times per second for each of 5M flows. May be used for troubleshooting and tuning. Augmented security. Real-time monitoring allows FlowCommand to fend off attacks and to prevent unauthorized access. Hosted on virtualized server or bare-metal. Scalable. Start small with a single VM instance for 1Gbps links and grow as needed to handle all WAN interfaces. Inexpensive. Less than the maintenance cost of a comparable WAN optimization system. Benefits Service providers instantly reclaim WAN link bandwidth with FlowCommand. This bandwidth can be used to host new customers, to offer better SLAs, or to offer differentiated services. FlowCommand s RESTful API makes it easy to integrate with other network control systems, including SDN. Enterprises will find that they can run more traffic on their existing links. Full traffic visibility allows IT departments to see exactly where their bandwidth is going, so that they can create fair policies and plan for the future. Increased traffic means that CapEx can be reduced, who can commission a smaller WAN link or monetize existing bandwidth. Those who stay with their existing connections will find that they can delay network upgrades. FlowCommand can also obviate the need for stand-alone components, such as WAN optimizers and packet shapers. Users are happy, except for the hackers and bandwidth hogs. Users get their fair share of bandwidth based on policy and application, with guaranteed QoE. IT departments are likewise happy, since most service tickets deal with poor application response. Where real problems persist, FlowCommand s per-flow visibility allows quick troubleshooting. Since FlowCommand replaces multiple optimization devices, the IT staff saves time in configuring and coordinating multiple network devices. Security is enhanced in ways that are difficult, time consuming, or impossible to achieve with next-gen firewalls. 4

Conclusion Internet traffic patterns have changed due to the evolving nature of Internet applications and mobile devices. Even with classic network optimization techniques, average link utilization hasn t progressed significantly beyond the 50% mark. Saisei s Network Performance Enforcement products, FlowCommand, FlowEnforcer, and FlowVision, offer a new way of looking at optimization. Their software-only solution running on Intel-powered servers enables high WAN link optimization while enforcing fair and equitable bandwidth to all users and applications. 1 Up to 10, 40 and 100Gbps. 2 FlowEnforcer and FlowVision products offer reduced features designed for SMB customers and monitoring. 3 The NSS Labs 2013 Firewall Comparative Analysis of Performance found UDP latency that varied from 5 to 1,185 microseconds depending on packet size, with an average of roughly 50 microseconds. 5

For more information about offerings from Saisei, visit www.saisei.com. Solution Provided By: Disclamers Intel technologies features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://saisei.com/. Intel, the Intel logo, and Xeon are trademarks of Intel Corporation in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others. 2015 Intel Corporation 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information