• No results found

Saisei FlowCommand FLOW COMMAND IN ACTION. No Flow Left Behind. No other networking vendor can make this claim

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Saisei FlowCommand FLOW COMMAND IN ACTION. No Flow Left Behind. No other networking vendor can make this claim"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Saisei FlowCommand™

The Saisei FlowCommand™ family of network performance enforcement (NPE) solutions offers a new paradigm for real-time user- and

application-policy enforcement and visibility made possible by its unique ability to change the way that chaotic routed IP networks behave.

FlowCommand software handles all the

anomalies associated with today’s highly utilized and over-subscribed IP networks that are being overwhelmed by the influx of traffic from mobile, cloud and IoT deployments. FlowCommand instills order on the chaos of TCP/IP by creating predictable and equitable performance for all users while concurrently guaranteeing that no user session will ever crash or time out again.

No other networking vendor can make this claim

FlowCommand collects in-depth real-time, fine- grained statistics about all traffic flowing on critical network links – up to 5 million

simultaneous flows on a 10G network. While monitoring these flows 20 times per second, it can control each and every flow according to powerful, flexible user-defined policies based on over 40 metrics included with the solution.

FlowCommand software is distributed either as a virtual machine image to run on a hypervisor, or can be packaged on a bare-metal x86 hardware system suitable for real-time monitoring and policy enforcement across links up to 10G.

FLOW COMMAND IN ACTION

No Flow Left Behind™

When FlowCommand receives a data packet — generally TCP or UDP — the first thing it does is associate it to a flow, defined as the sequence of packets sharing the same IP addresses and TCP/UDP ports.

FlowCommand then keeps extensive state for each flow – including the transmission rate, duration, round-trip time, and a quality metric – which is updated with every packet it receives. Every flow is associated with the:

• Application it is serving (for example, a specific website or business app, or a protocol such as VoIP)

• Geographic location it is serving (generally, a country or city)

• Hosts (internal and external) it is connecting

• Users it is serving (via an address-to- user database such as Microsoft Active Directory or OpenLDAP)

• Custom Groups — applications, geographic locations, hosts and users can be combined into groups (for example, a group could consist of all countries where a company has business partners, or all applications whose

network usage is to be tightly controlled)

(2)

FlowCommand Functional Diagram

   

     

Figure 1: FlowCommand Functional Diagram

Eliminating Network Congestion

FlowCommand constantly evaluates the traffic flow against the available bandwidth. Twenty times every second, each individual flow receives an immediate bandwidth allocation. The allocation is chosen so that the collective bandwidth usage in the system fulfills the specified policy and meets external constraints.

Intelligent interaction with standardized congestion control schemes, such as the TCP Reno, Cubic and Compound mechanisms (RFC 6582), allows FlowCommand to achieve accurate control with no queueing.

This avoids queuing delay issues that plague existing routed IP networks and results in smoother traffic flow, increasing the end user's quality of experience while making more efficient use of existing bandwidth.

This is in stark contrast to other quality-of-service (QoS) systems that use a combination of queuing and random packet discard, generating delay and random disruption to the user experience.

Open APIs for Multivendor Integration and a Clear Path to SDN and NFV

All configuration and monitoring information about FlowCommand is exposed through a simple, intuitive RESTful API, which is used by the FlowCommand’s own management tools, such as the GUI and CLI. (A

 

GUI  

Packets  

Applications   Users   Hosts   Locations  

Flow   Plane  

Data   Plane  

 

Flow  Stats  

 

Historical   Database  

(3)

CLI interface is provided for IT users more comfortable with that practice.) FlowCommand is designed from the ground up for easy integration into a variety of third-party systems, such as orchestration tools for Software-defined Networking (SDN) and Network Functions Virtualization (NFV).

How to Use FlowCommand

Here we examine some general use cases for Network Performance Enforcement:

Raise Network Utilization from 50% to Over 95% and Eliminate 99% of Service Complaints FlowCommand's patented traffic management algorithms allow a link to be operated at 95%+ capacity without creating delay or harming the traffic flow. Conventionally, links are not typically operated above 50- 60% of their capacity because existing devices create large and random delays and network designers have to allow for peak traffic under random conditions. As network bandwidth is generally the highest single cost of operating a network, Increasing utilization from 50% to 95% can result in a substantial cost savings – lower cost per bit -- and removes the operational overhead of chasing down rogue users or applications.

With FlowCommand, traffic management is a smooth, gentle and predictable process. The effect is to reduce the apparent randomness of response time as seen by the user. Even with constant bandwidth, with Saisei in control the user's quality of experience improves as their sessions will never drop.

True Real-time Monitoring – Sub-Second Visibility and Analytics

The FlowCommand dashboard provides continuous visibility on how the network is being used based on information collected and analyzed in less than a second. This new Best Practice eliminates the 10- minute response delay of traditional DPI and visibility appliances by removing the requirement for

background analysis. For example, a chart showing the top 10 applications can be clicked to drill down to the users of each application, or to specific locations, allowing instant analysis of which users are

responsible for traffic to each location.

The real-time information is seamlessly integrated with historical data, allowing visualization and comparison of usage over any defined time period. This data processing is performed in-line with a powerful flow pre-processor engine that gives 100% visibility to the information flows on the network without requiring the use of external data or NetFlow collectors.

(4)

Figure 2: Saisei FlowCommand Dashboard

Protect Key Business, VoIP and Video Applications While and Controlling Non-Critical Applications

FlowCommand’s granular real-time policy enforcement allows critical and vulnerable applications to be both protected and prioritized, and non-critical or undesirable applications to be limited, diverted, or blocked altogether.

Voice (VoIP) traffic is especially vulnerable to network problems, since even low levels of packet loss make voice impossible to understand. FlowCommand allows all voice traffic to be placed into a protected class where packets will never be dropped. The same can be done for video.

Some applications are clearly more important to a business than others. These can be assigned

guaranteed bandwidth so that lower priority background traffic will not interfere with them. For example, a business may want to limit the bandwidth available to social networking sites so that it doesn’t interfere with higher priority accounting, ERP or mobile applications.

Detect and Prevent Security Risks in Real Time

FlowCommand’s real-time flow analysis also allows security risks to be identified in real time, and allows various forms of risk-mitigation controls to be established instantly in response. A significant component

(5)

of Network Performance Enforcement is to enhance the flow-based security posture of network operators by augmenting the capabilities of existing legacy and Next-Gen firewalls with faster and more granular flow manipulation. (FlowCommand’s impact on network overhead is about 25% of a typical Next-Gen firewall.)

For example, excessive traffic to a country outside of normal business operations may indicate a data exfiltration attempt. A low-bandwidth limit policy to such countries will make it hard to mount such an attack, while an instant response to a detected attack can shut down the traffic and block the attacking host. Known malware sites can also be blocked, and incoming suspicious traffic can be detected, blocked and reported on in real time, not after off-line retrospective analysis.

Net Neutrality Arrives with Guaranteed Fair Usage

Some users make disproportionate demands on network resources. Peer-to-peer applications, such as BitTorrent, can also be damaging in this regard. In typical networks, more than 80% of bandwidth is consumed by just 20% of users. Also, large file transfers or back-ups can devastate a network if inadvertently done at the wrong time of day.

FlowCommand’s unique Net Neutrality feature – technically Host Equalization -- allows bandwidth to be shared equally among all users in real time, regardless of the applications they are running or how many users are attempting to use a link. Thus abusive users will get the same share of the network as anyone else, even though they may using 1000 flows for their purposes. There will always be users who are not using all the bandwidth available to them, and FlowCommand distributes their share among the other users, so all of the bandwidth is always being efficiently utilized.

Granular Service Level Differentiation Paired with Enforcement

Often, different users need to receive different service levels. For a service provider, some users pay a higher price for premium service. In an enterprise, certain functions may have priority because of their importance to business success.

FlowCommand allows different users, or groups of users, to receive different services. High-priority users can be given assured bandwidth levels, or can use Saisei’s unique Rate Multiplier feature to be given a higher proportion of network bandwidth without regard to absolute levels. Low-priority users can then be limited in the bandwidth they can use, or can be given lower Rate Multipliers. The options are limitless.

Differentiation can also be applied based on many of the attributes available through Saisei’s 40-metrics palette, such as the application in use or flow characteristics like duration and total data. For example, so called “elephant” flows of large amounts of data can be put into a specially protected class where they can be assured a defined share of network bandwidth.

Scalable Software Architecture Designed for the Mobile, Cloud and IoT Data Loads

Unlike existing networking solutions that were initially built to meet the relatively static demands of private

(6)

networks, Saisei’s FlowCommand has been built for the Big Data demands of today’s mobile, cloud and Internet-of-Things (IoT) deployments.

For example, each instance of FlowCommand today can concurrently monitor up to 5 million flows on a 10G network link 20 times per second, and enforce any combination of policy decisions on any

combination of flows in under one second. Architecturally, FlowCommand is scalable to 40G and 100G links as well. Additionally, the very first release of the software supports the management and control of up to 1B external hosts.

The FlowCommand Advantage

FlowCommand is the first Network Performance Enforcement solution on the market, offering a blend of next-generation flow-based policy creation and control; 40-metrics analytics and visibility; and the next generation of Next-Gen firewall security enhancements that allow you to:

Immediately return all of your currently idle reserved bandwidth to productive use

Crush OpEx by eliminating the cause of 99% of service tickets stemming from network congestion

Minimize CapEx with a device-agnostic software running on off-the-shelf x86 servers and processors that replaces many expensive, standalone networking technologies – WAN Ops, Packet Shapers, ADC and more. – that are forced to operate within the constraints of today’s TCP/IP behavior

Take back control of your IT estate with granular, real-time, flow-based policy enforcement and reporting

Allocate bandwidth to guarantee the performance of critical applications

Prevent and act on security risks in real time

Guarantee Net Neutrality fair network usage – all users receive level of service they are entitled to

Deliver and enforce granular service level differentiation

Build in the flexibility for rapid implementation and scaling of networks, and a growth path to SDN and NFV

To find out more about how FlowCommand can benefit your network, please contact a member of our team at [email protected] and/or visit our website – www.saisei.com.

About Saisei

Saise is the world’s leading provider of Network Performance Enforcement software that provides integrated real-time bandwidth and security policy control combined with comprehensive 40-metrics visibility and analytics for virtual, physical, SDN and NFV

710 Lakeway Drive, Suite 290 Sunnyvale, CA 94085 USA Tel: +1 669.224.4392

References

Download now ( PDF - 6 Page - 1.08 MB )

Related documents

PROTECTION AND SYSTEM MAINTENANCE COMPUTER AND COMUNICATION SYSTEM OF EXECUTIVE COUNCIL OF AUTONOMOUS PROVINCE OF VOJVODINA.

Set up video surveillance with cameras (250 cameras, 20 servers, software for surveillance, management and control...) For security and load flow data, complete network

The Venerable Frame 5 Gas Turbine

• Compressor: Scaled up directly from the GE10 gas turbine with more than 100 units installed worldwide; 11 stages; 17:1 pressure ratio; IGVs and first- and second-stage stator

Beyond Monitoring Root-Cause Analysis

In Network Monitoring for Analysis the same flow-based statistics are available for real-time network performance monitoring as in flow-based solutions, but detailed network data

The No Child Left Behind Act

Any teacher assigned to serve students with disabilities shall possess an appropriate credential or other authorization that specifically authorizes him/her to teach students

US A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2002/ A1 STRANDBERG (43) Pub. Date: Oct.

A method for providing a telephone call back to a telephone line that is being used to access a computer netWork, Wherein said call back is made based upon a

On behalf of Ozarks Electric Cooperative Corporation, I respectfully submit the following documents for electronic filing in this matter:

Ozarks Electric Cooperative Corporation is seeking approval to change the Pre Pay Electric Service Program Tariff Sheet by removing the administration fee of $6.50 per month..

An Iterative Approach for the Correction of Iterative Errors

Hie John Hop1ins University Applied Physics Laboratory Attn: Document Librarian 8621 Georgia Avenue Silver Spring, Maryland 20910 Raytheon Company Attn; Librarian

Lesson Plans Network+

This section examines facts about connecting network devices. Students will become familiar with cable types to use in various connection scenarios:.  Straight-through cable 