Продажа недвижимости Аренда недвижимости

ADM S1 traffic analysis system

ADM S1 traffic analysis system is a full-featured Deep Packet Inspection (DPI) system and is designed for service provider traffic management, monitoring and analysis. Among the tasks of the DPI system there are service quality management (QoS), generation of statistical reports on traffic structure in the context of protocols and applications, additional value added services, traffic filtering for the Parental Controls service (Internet for children) and compliance. ADM S1 was created with advanced technology of high-speed packet processing that provides the capacity of up to 80 Gbit/s on a 1U device with a possibility of horizontal scaling.

Characteristics
Number of connections
New streams per second* 300 000
Capacity 14 Gbit/s
Subscribers on-line 524 000
Interfaces 1000Base-T
Number of ports 14х1G
Bypass Only external
Power 2 sources of 220VAC or -48VDC, 750 W
Size H: 44mm; W: 440mm; D: 550mm (1U)
  * when using functions of filtering, statistics and QoS management
Characteristics
Number of connections
New streams per second* 300 000
Capacity 80 Gbit/s
Subscribers on-line 524 000
Interfaces 10GBase-SR, 10GBase-LR
Number of ports 32x10G
Bypass Only external
Power 2 sources of 220VAC or -48VDC, 750 W
Size H: 44mm; W: 438mm; D: 525mm (1U)
  * when using functions of filtering, statistics and QoS management
Characteristics
Number of connections
New streams per second* 300 000
Capacity 80 Gbit/s
Subscribers on-line 524 000
Interfaces 1000Base-T, 10GBase-SR, 10GBase-LR, 40GBASE-SR4, 40GBASE-LR4, 100GBase-SR4, 100GBase-LR4, 100GBase-CR4
Number of ports 8x1G, 8x10G, 4x40G, 4x100G
Bypass Built-in or external
Power 2 sources of 220VAC or -48VDC, 750 W
Size H: 43mm; W: 434mm; D: 699mm (1U)
  * when using functions of filtering, statistics and QoS management
Architecture

ADM S1 operates in operator's network between BNG (BRAS) and the external router that gets optional NAT functions. Switching is performed before the installation of the network address translation system in order to ensure the visibility of subscriber IP addresses in ADM S1 for the correct application of the policy and statistics of subscribers.

ADM S1 processes packets in a transparent mode. The system is identified in the data network neither at the link layer nor at the network layer, thus BNG and external router configuration does not require changes after the installation of the S1 system between them.

System capabilities
Service policy
management (QoS)
• speed limit
• priority control
• ToS/DSCP stamping
• blocking
• HTTP request redirecting
• traffic transfer to the external devices on L2, L3 and L4 levels in the copy mode and in the bump in the wire mode with a capability of VLAN tags adding and load sharing - traffic transfer to the external devices on L2, L3 and L4 levels in the copy mode and in the bump in the wire mode with a capability of VLAN tags adding and load sharing
Service policy
management (QoS) depending on
traffic affiliation
• subscriber
• subscriber affiliation with a service plan
• protocol
• application
• service
• traffic priority
• traffic affiliation with a subscriber - legal entity
• traffic affiliation with a subscriber - legal entity subdivision
• time interval with a possibility of division into week and weekend days
Traffic classification
• more than 2000 protocols and applications
• more than 4000 parameters of protocols and applications
• possibility to apply the rules based on logical expressions
• correct processing of L2 and L3 headers, such as VLAN, MPLS, Q-in-Q
Corporate control
(SecAAS)
• providing of control over Internet connection for corporate subscribers
• WEB-interface access to service controls (operator's cloud service)
• corporate subscribers identification via IP pools DHCP parameters and RADIUS integration
• bandwidth control
• applicaions access control
• traffic filtering agains 77 categories (social networks, HR-resources, videohosting etc.)
• Internet access control at headquarters level and at the levels of its subsidiaries
• statistical report for every subsidiary with separated access for users of WEB interface
• DoS/DDoS personal settings for every corporate subscriber
• traffic filtering using intrusion detection and prevention (IDPS) module
Traffic filtering
• by black lists
• by white lists
• by black category lists
• by white category lists
• lists of exception rules
• filtering against IP address or several IP addresses
• source blocking, redirecting via 302 Moved and 200OK response with the undefined content return as a reaction to the filter response
• https, http2, quic traffic filtering
• possibility of check via WEB interface of any source for blocking/access status taking into account a subscriber or a subdivision that requests this source
Reports and statistics
• IPDR for each TCP session for http protocol
• IPDR for use of protocols and applications
• отчеты
• graphic representation of reports as pie and bar charts, graphs, tables
• upload of data of any report in xls format
• result filtering
• automatic transitions between reports by clicking on table and diagram points
• possibility to save reports as templates for future reference
• pooling of resources in arbitrary category with a possibility of further use of this category as a tool for statistic filtering
Parental control
• traffic filtering against 77 categories (entertainment, education, Sports etc.)
• personal allowed categories for every subscriber
• safe search enforcement for Google, Yahoo, Bing and other searching engines
• content filtering against key words
• content filtering inside https
• historical and statistics data of WEB resource visits for every subscriber
User rights management
• access control of all sections of the system WEB interface with a possibility to divide the rights to view and change parameters
• control of access to subdivisions and legal entities with a possibility to specify the subdivision data as criteria for the statistical report view
External system integration
• RFC 2865, 2866, 5176 (RADIUS, RADIUS Accounting, RADIUS CoA)
• DHCP
• SNMP trap, (s)FTP, SSH
• CDR (IPDR):CSV, .xls
• SQL, HTTP Provisioning API
• T_Proxy external traffic processing
Extra capabilities
• external intelligent Bypass modules that track the state of the complex and switch off the traffic supply to the platform in case of service degradation
• working in architectures with an asymmetric traffic flow without classification quality degradation and with maintenance of all functional capabilities
• integration with monitoring systems via SNMP protocol with a possibility of fault traps generation
• sequential traffic diversion to external devices
• update of signature lists at least once per month
• scaling while maintaining a single management interface and view of network statistics with geographically distributed switch on points