Продажа недвижимости Аренда недвижимости

ADM S1 traffic analysis system

ADM S1 traffic analysis system is a full-featured Deep Packet Inspection (DPI) system and is designed for service provider traffic management, monitoring and analysis. Among the tasks of the DPI system there are service quality management (QoS), generation of statistical reports on traffic structure in the context of protocols and applications, additional value added services, traffic filtering for the Parental Controls service (Internet for children) and compliance. ADM S1 was created with advanced technology of high-speed packet processing that provides the capacity of up to 80 Gbit/s on a 1U device with a possibility of horizontal scaling.

Characteristics
Number of connections
New streams per second* 300 000
Capacity 14 Gbit/s
Subscribers on-line 524 000
Interfaces 1000Base-T
Number of ports 14х1G
Bypass Only external
Power 2 sources of 220VAC or -48VDC, 750 W
Size H: 44mm; W: 440mm; D: 550mm (1U)
  * when using functions of filtering, statistics and QoS management
Characteristics
Number of connections
New streams per second* 300 000
Capacity 80 Gbit/s
Subscribers on-line 524 000
Interfaces 10GBase-SR, 10GBase-LR
Number of ports 32x10G
Bypass Only external
Power 2 sources of 220VAC or -48VDC, 750 W
Size H: 44mm; W: 438mm; D: 525mm (1U)
  * when using functions of filtering, statistics and QoS management
Characteristics
Number of connections
New streams per second* 300 000
Capacity 80 Gbit/s
Subscribers on-line 524 000
Interfaces 1000Base-T, 10GBase-SR, 10GBase-LR, 40GBASE-SR4, 40GBASE-LR4, 100GBase-SR4, 100GBase-LR4, 100GBase-CR4
Number of ports 8x1G, 8x10G, 4x40G, 4x100G
Bypass Built-in or external
Power 2 sources of 220VAC or -48VDC, 750 W
Size H: 43mm; W: 434mm; D: 699mm (1U)
  * when using functions of filtering, statistics and QoS management
Architecture

ADM S1 operates in operator's network between BNG (BRAS) and the external router that gets optional NAT functions. Switching is performed before the installation of the network address translation system in order to ensure the visibility of subscriber IP addresses in ADM S1 for the correct application of the policy and statistics of subscribers.

ADM S1 processes packets in a transparent mode. The system is identified in the data network neither at the link layer nor at the network layer, thus BNG and external router configuration does not require changes after the installation of the S1 system between them.

System capabilities
Service policy
management (QoS)
• speed limit
• priority control
• ToS/DSCP stamping
• blocking
• HTTP request redirecting
• traffic transfer to the external devices on L2, L3 and L4 levels in the copy mode and in the bump in the wire mode with a capability of VLAN tags adding and load sharing - traffic transfer to the external devices on L2, L3 and L4 levels in the copy mode and in the bump in the wire mode with a capability of VLAN tags adding and load sharing
Service policy
management (QoS) depending on
traffic affiliation
• subscriber
• subscriber affiliation with a service plan
• protocol
• application
• service
• traffic priority
• traffic affiliation with a subscriber - legal entity
• traffic affiliation with a subscriber - legal entity subdivision
• time interval with a possibility of division into week and weekend days
Traffic classification
• more than 2000 protocols and applications
• more than 4000 parameters of protocols and applications
• possibility to apply the rules based on logical expressions
• correct processing of L2 and L3 headers, such as VLAN, MPLS, Q-in-Q
Subscriber identification
• retrieving of subscriber IP address and his/her account via RADIUS protocol
• definition of the subscriber account by the static IP address with a possibility of setting a single IP address, sequence, range, subnet mask and their combinations
• bulk creation of static subscribers via API and in a solitary mode via WEB interface
• graphical indication of subscriber's location
• management of at least 10000 subdivisions from a single managing server with a possibility of personal policy indication for each subdivision
Traffic filtering
• by black lists
• by white lists
• by black category lists
• by white category lists
• lists of exception rules
• filtering against IP address or several IP addresses
• source blocking, redirecting via 302 Moved and 200OK response with the undefined content return as a reaction to the filter response
• https, http2, quic traffic filtering
• possibility of check via WEB interface of any source for blocking/access status taking into account a subscriber or a subdivision that requests this source
Reports and statistics
• IPDR for each TCP session for http protocol
• IPDR for use of protocols and applications
• отчеты
• graphic representation of reports as pie and bar charts, graphs, tables
• upload of data of any report in xls format
• result filtering
• automatic transitions between reports by clicking on table and diagram points
• possibility to save reports as templates for future reference
• pooling of resources in arbitrary category with a possibility of further use of this category as a tool for statistic filtering
Logging of user actions
with indication of:
• date and time of the operation
• user name
• action performed by the user
• result of the action, the value of the variable parameter before and after changes
User rights management
• access control of all sections of the system WEB interface with a possibility to divide the rights to view and change parameters
• control of access to subdivisions and legal entities with a possibility to specify the subdivision data as criteria for the statistical report view
External system integration
• RFC 2865, 2866, 5176 (RADIUS, RADIUS Accounting, RADIUS CoA)
• DHCP
• SNMP trap, (s)FTP, SSH
• CDR (IPDR):CSV, .xls
• SQL, HTTP Provisioning API
• T_Proxy external traffic processing
Extra capabilities
• external intelligent Bypass modules that track the state of the complex and switch off the traffic supply to the platform in case of service degradation
• working in architectures with an asymmetric traffic flow without classification quality degradation and with maintenance of all functional capabilities
• integration with monitoring systems via SNMP protocol with a possibility of fault traps generation
• sequential traffic diversion to external devices
• update of signature lists at least once per month
• scaling while maintaining a single management interface and view of network statistics with geographically distributed switch on points