升計畫 100g骨幹設備採購案 - noc.tanet.edu.tw
TRANSCRIPT
教育學術研究骨幹網路頻寬效能提升計畫—100G骨幹設備採購案
DPI頻寬管理教育訓練
Agenda
2
Procera 產品模組簡介: PacketLogic Overview
Procera PRE 功能說明: System Manager 、LiveView、Tools …
Object 功能與Ruleset 建立方式說明: Objects、Filtering Rule、Shapping Rule 、 Statistics
PacketLogic Component Overview
3
Router
Internet
Subscribers
Router
Aggregation
Subscriber data
Statistics data
4
PL20014 – 14RU ATCAMulti 10 Gig
Up to 36 x 10GE and 4x40GE or 4 x 100GE and
8 x 10GEchannels600Gbps throughput
240,000,000 Connections
PL7810 – 1RUSinge or dual Gig11x1GE channels5Gbps throughput
2,000,000 Connections
PL7340 – 1RUSub 100 Meg
2x1GE channels400,000 Connections
There are five different hardware options to meet different performance requirements,
from the 1RU PL7340 up to the 14RU PL20014.
PL8820 – 2RUMulti Gig or 10 Gig
8x10GE, 16x1GE channels30Gbps throughput
10,000,000 Connections
Throughput and connections
PL8960 – 2RUMulti Gig or 10 Gig
12x10GE, 24x1GE channels70Gbps throughput
20,000,000 Connections
Edge
Core
Access
We give you the tools to make the network run more efficient, and improve user experience. The key words for the PacketLogic suite are Awareness, Analysis, and Control.
You gain network traffic awareness via sophisticated DPI (Deep Packet Inspection). You can get information about the network on these levels:
Traffic – identification, classification and properties
User – correlate subscriber and IP address
Service – correlate subscriber and service plan
Location – associate subscriber with network, network segment, access point or channel
Device – associate subscriber with the platform used to access the network
You can analyze the traffic in real-time as well as statistics. Based on the analysis you can control the network by applying bandwidth management, prioritization, and filtering to applications or groups of applications. Our reporting tool enables flexibility in report generation.
PRE – Real-Time Enforcement
5
Some examples of what you can do with PacketLogic:
Identify and classify applications in IP traffic. The traffic is visible in real-time, and you can easily take control by managing the traffic
Manage bandwidth based on flexible criteria (subnets, subscribers, applications, VLANs, BGP routes, and many others)
Block and redirect unwanted and improper traffic
Filter based on detailed variables like direction, filename, chat channel, and more
Analyze historical statistics of bandwidth usage and many other metrics
Integrate towards subscriber database via the Subscriber Manager
Integrate towards external systems via a comprehensive API
Examples of Functions
6
7
PacketLogic Function Overview
PacketLogic Client GUI
System Overview, LiveView, Statistics, Configuration Editor
User configuration, System Configuration, Backup Manager
Resource Manager, File Manager and Log Viewer
Channel Stats and System Diagnostics (more later)
Download the latest version PacketLogic Client from
http://download.proceranetworks.com
Uses port 42000-42001
42000 for PLDB (Ruleset and configuration)
42001 for PLD (LiveView and other real-time data)
PacketLogic Client Interface
8
Contains multiple configuration optionsNetwork Configuration, NTP configuration, SNMP configuration
System Administration
License Management
Updates
• PacketLogic Firmware
• PacketLogic Signature bundles
Connect viaSSH
• Username = pladmin
• Password = pldemo00
• Use port 42002 (SSH) to connect
Serial Console
• RJ45 (Cisco style)
Command Line Interface
9
The System Manager shows a list of available PacketLogic systems and can be used to do the following:
Manage a number of PacketLogic systems and arrange them in separate folders.
Synchronize data from more than one PacketLogic system in a single client view.
Connect to PacketLogic systems in limited bandwidth environments by using the “Use Compression” feature.
Store PacketLogic IPs, user IDs, and passwords for easy access.
Select which PacketLogic system to connect to on startup.
Managing the System from the System Manager Screen
10
System Manager
11
The System Manager interface
The System Overview view of the main application is a handy tool to get a quick overview of your system. A few examples of its features:
Allows you to selectively display a view of graphs containing the last 24 hours of data. The graphs are not lost even after a reboot which may be good for troubleshooting purposes.
Useful for tracking the number of hosts, connections, CPS, interface throughput, etc.
Clearly shows the last 24 hours trend and allows you to correlate the traffic and performance trends between various operational aspects (hosts vs. connections vs. CPS, for instance).
Shows numerical values for minimum, maximum, and average for each defined graph.
You can add graphs by going to LiveView and select the metric you wish to graph from system diagnostics, and then right click and select “Add to System Overview”.
Displays basic information such as System Name, Firmware version, DRDL revision, and System ID.
Getting an Overview of the System with System Overview
12
13
System Overview
The System Overview interface with some of the system diagnostics diagrams shown
PacketLogic GUI
Live View with real-
time view of hosts
The Statistics view
System Overview interface with
some of the System Diagnostics
diagrams shown
14
Overview dashboard shows bitrate, connections information, and link quality grouped by APN, GGSN, RNC, Regions, and MSISDNs. Other groupings can be enabled (for example, cell site)
Real-time drill-down into individual MSISDN and IP addresses for instant network visibility
Real-time Monitor
15
In one easy glance, Network Administrator can easily determine the composition of applications running over the network, each application’s bitrate, connections, and quality.
Double-clicking on an application will show all clients currently running that application (next slide)
Live Summary of Applications Running Over the Network
16
LiveView is used to see what is happening in the system at a glance in real-time through a number of
different views. The most commonly used views are:
Local Host: Aggregated, with per host (IP) view of in/out bandwidth, in/out CPS,
established/unestablished connections, and in/out quality of experience. It is also possible to see all
services and connections for a host.
Service Object: This view displays Services (applications) grouped in categories (service objects). The
available data contains in/out bandwidth, in/out utilization percentage, in/out CPS, and total
connections. It is also possible to see all active hosts for a Service.
Services: Just like the Service Object view, but as a flat list of the active Services.
System Diagnostics: This view is used to monitor the system performance and contains values like
CPU usage, memory usage, concurrent hosts, disk utilizations etc. These values are also available via
SNMP for monitoring purpose.
Channel Statistics: This view is used to monitor the physical network channels and provides link
status, RX/TX speed and packet counters.
Seeing Active Hosts and Connections with LiveView
17
LiveView
18
The LiveView view, showing the different hosts organized in the NetObjects tree that are sending data
By double-clicking on an IP address in LiveView, the host view is displayed, showing the currently active connections, grouped by client and server, and in/out bandwidth per connection. You can also see real-time usage graphs by right-clicking and select Monitor Item.
Expanding a service and double-clicking on a connection shows the connection view:
See the IP properties of the connection, such as VLAN, DSCP, MPLS, BGP AS path, start time, behavior, matching rules, etc.
Also see the extracted service properties, such as URL, user agent, file name, user name, client ID, and more.
Use the above properties to know how to configure the trafficrule-set.
Seeing Active Hosts and Connections with LiveView
19
Connection view with all connections for a host
Properties view of a connection (the content of the connection)
LiveView - Connection details
20
Seeing which Applications are Running
in the Network with LiveView
21
The Service Objects view show a real-time list of the running Services (applications and application protocols), grouped by service object. All Services are by default categorized by application type into the “Procera Networks Categories” category. The service view enables you to do the following:
See performance metrics per service, such as in/out bandwidth, in/out utilization percentage, in/out CPS, and in/out quality of experience.
Double-click on a service to see all the matching connections.
Sort active services by client or server host or server port.
See real-time usage graphs by right-clicking and select monitor item.
Create your own custom categories by grouping services in the rule-set, or use the default Procera Networks categories provided via the DRDL signature classification.
Service signatures are updated via the CLI interface, and are released every two weeks.
ServiceObject View
22
Live View - Service Object
23
Service Objects view in LiveView, showing the Total percentage of traffic, according to the Procera Network Categories categorization
The Services view shows the same type of active applications as the Service
Objects view, but as a flat list without any grouping. In the services view you
can do the following:
See the currently active applications in an ungrouped view.
See all services that has been used in the network since the system was
started.
See the same parameters that are available from the service object view.
Easy drill-down into per host view or connection view.
Services View
24
25
Live View - Services
The Services view in Liveview, showing an uncategorized view of all applications running in the network since the system was started
The features of the Statistics view include the following:
Used for displaying historical statistics based on the criteria specified by you.
View pre-defined history of traffic usage.
Graphs can be generated on a daily, weekly, monthly, yearly, or custom time basis.
View statistical data on top hosts, top services, and URL connectivity.
Various types of graphs presents historical reports, for example connections, bandwidth, and
quality of experience.
Use drag and drop of graphs to create reports.
You can bookmark often viewed statistical data.
Seeing Historical Data with the Statistics View
26
Statistics View
27
The Statistics view, showing
data transfer as bars for each
subcontainer in the PSM
NetObject tree
The Statistics view, showing data
transfer as graphs for the PSM
NetObject tree
Monitoring the System
Components with LiveView
28
The System Diagnostics view of LiveView provides the following:
An interface to see real-time status of the PacketLogic system.
An overview of system value performance, such as:
Connections
Uptime
Active hosts
Total CPU load or per blade CPU utilization
Rule-set size and changes
Statistics data usage and statistics write time
An interface to configure alarm limits that are visible in the GUI or sent as SNMP
traps.
Monitoring the System Components with LiveView
29
The status of PacketLogic may be monitored by viewing the monitoring values in the System Diagnostics, part of the Liveview in the PacketLogic GUI client:
General Monitoring tabs
Connection Tab
System Tab
Packet Processing
30
System Diagnostics in LiveView
System Diagnostics showing the Connection tab with the current
number
System Diagnostics
31
Displays information on the the physical channels in the system
Link State
Rx and Tx Packets
Rx and Tx speed
Rx and Tx Errors, drops
Connectivity: Channel Statistics – Connectivity Checks
32
System Tools
33
There are a number of editors and utilities, of which we have previously mentioned the Log Viewer. Here is a list of all of them including short descriptions and references to more information.
Other Built-in Editors and Utilities
34
Name Description
Backup ManagerThe backup manager is a tool to create, restore, download, and otherwise manage backups in the PacketLogic client. Backups are made in an XML format
Channel EditorThe Channel Editor contains a list of the channels in the system, and allows enabling/disabling of channels as well as duplex and auto-negotiation settings
Connection SearchConnection search is where a search for all connections matching given criteria can be made. Connection search is enabled on a per Statistics Rule basis.
File ManagerThe file manager is the tool where files stored on the PacketLogic are managed, such as the Product Guide, triggers, snoopers, license files, and the PacketLogic SNMP MIB
HelpThe Help menu contains system information, a direct link to request support over the web, as well as an interactive support client (via IRC)
Host Triggers The Host Trigger Editor is where host triggers are added and their parameters configured.
Log Viewer The Log Viewer is where the logs kept by PacketLogic can be viewed and downloaded.
Resource Manager The Resource Manager controls where configuration for different resources is stored.
System Configuration The System Configuration Editor contains the system settings
User Editor The User Editor is where users are added and their access permissions configured.
GUI
Backup manager used to backup / restore / download / upload / rulesets
Automatically given names in the form of date and time
E.G 20100419-1218.plb
Backups only take resources stored locally
Backups
35
If your network uses built-in components like FW update, or other locally modified files, please make sure that those are uploaded to the correct folder in the File Manger before the system is deployed:
File Manager
Transfer of files on and off PacketLogicChoose: tools ➔ File Manager
License, Signatures, Firmware updates
PRE: Optional Components (File Manager)
36
User Editor
PacketLogic Client connected to the PRE
Edit ➔ Users
Add users, username, password, change password
Stats user added for Statistics
See slide notes for details
Set the User in the User Editor
37
38
PacketLogic Object & RuleSet
Before the PRE system is used it is common to configure some default rules. This is done in the Object & Rules Editor. The rules should be configured according to your local conditions.
Object & Rules Editor
Edit ➔ Object and rules
Objects, Filtering rules, Shaping rules and Statistics rules are defined here
PRE: Rule creation before deployment
39
Creating Rules
40
Rules are used for managing network traffic, or to choose how and what
to store for traffic statistics. Each rule has a set of conditions that is
selected from the objects in the rule-set. All criteria need to match if the
rule is to be used. The order of each condition in the list is irrelevant.
The main PacketLogic rule-set building block is the Object. An object
is referred to from a rule, which means that the object needs to exist
before the rule is created. An Item is a property from a Service, such
as IP address, VLAN, time range, behavior, URL, port, etc., and an item
always need an Object to live in. An object can contain other objects,
or items.
Using the Object and Rule-set Editor in LiveView
41
The Object and Rules editor displaying the different object types available for editing
Object and Rules editor
42
Creating Rules
The object and rule-set editor provides the following:
• Main configuration interface for all PacketLogic rules and policies.
• A place to create objects, with unlimited object nesting and items.
• A place to create rules that uses the above objects as conditional criteria for matching.
• Flexible. You can use include and exclude condition to create ranges of items in objects.
• Provides three different rule categories:
• Filtering: Apply an action (accept, deny, redirect, rewrite) to traffic. Can also be used to capture
selected traffic (PCAPs).
• Shaping: Apply policies (ShapingObjects) to control traffic via bandwidth or connections
• Statistics: Apply policies (StatisticsObjects) to selective record statistics for specific traffic
43
NetObject IP addresses and networks
PortObject Layer 4 port numbers
ProtocolObject Network protocols
ServiceObject Applications generating traffic
TimeObject Time and date range
VLANObject ID number of VLAN
DSCPObject Quality of services number
ChannelObject Physical network channel
PropertyObject Properties of a connection
FlagObject Connection behavior
MPLSObject ID number of MPLS
ASPathObject ID of AS, hop, origin, or anywhere (for BGP routing)
44
Creating rules: Standard object types
RewriteObject Target IP, MAC address, or DSCP ID for filtering rewrite
ShapingObjectTraffic limits for shaping. To facilitate defining ShapingObjects for many instances of a rule, a ShapingObject can be set to be split, using the "Split by" parameter.
StatisticsObject Defines how and what to store of traffic statistics
45
Creating rules: Traffic management object types
Filtering Rules
46
Filtering rules are used to filter packets and connections based on
information extracted by PacketLogic. Filtering also supports other
functionality such as monitor (create PCAPs) and rewrite traffic
parameters (such as destination IP, MAC address, or DSCP number
Create the rule.
Set the action of the rule:
• Accept - Pass traffic.
• Reject - Send ICMP unreachable back to the client.
• Drop - Silently drop the traffic.
• Rewrite - Will rewrite traffic based on the selected RewriteObject.
• Inject - Inject a HTTP 307 message (only for use with the HTTP Service).
Creating a Filtering Rule
47
Editing the conditions of
a Filtering rule
Changing the order of Filtering rules is done
by selecting a rule and press the up/down
arrows
48
Shaping Rules
49
First you need to create a Shaping Object which is used to set the limits
for the traffic that is being matched by a Shaping Rule.
Create a shaping object with the limit that should be enforced in the
rules:
Limits can be set on bandwidth or connections for in/out or bi-
directional
Set the “Split by” option if needed, here are the most common:
By None - All matching hosts will share the shaping object (this is the default value)
By Local host - Each IP address will get a copy of the shaping object
By Connection- Each connection gets a virtual instance of the Shaping object.
Shaping Rule: Creating a Shaping Object
50
51
Editing the bandwidth
levels of a Shaping
Object
Selecting the ShapingObject that should
apply to the Shaping Rule
Shaping Rules are used to control traffic flowing in the network by
enforcing limit from the Shaping Object and setting priorities on traffic.
1. Create the shaping rule.
2. Expand the shaping rule, select the corresponding shaping object (created
in the previous section) which will enforce the limits.
3. Add condition(s) from the Objects folder to select which traffic the rule
should apply to.
4. Set the priority of the rule. Default priority is 5. Lower number means
higher priority. Priority can be set between 1-9.
Shaping Rule: Creating a Shaping Rule
52
Shaping Rule editor
53
Editing conditions of a Shaping Rule
Statistics Rules
54
Statistics Objects are used to decide the layout and data format of the
historical statistics that is selected by the Statistics Rule.
Values
Since statistics data consists of values, select the values that should be stored in the “total
values” section.
If a graph/trend line should be used, select the necessary graph values.
Distribution and storage layout
Statistics data is stored in a tree.
Select the necessary tree objects according to the desired distribution by adding them to
the distribution.
If needed, set the depth and/or object root (see section 6.1.3.1 of the Product Guide)
Set the minimum amount of data needed for the value to be stored (default 100k in either
direction).
Statistics Rule: Creating a Statistics Object
55
56
57
Selecting which fields/graphs
that should store data in the
StatisticsObject
Configuring the distribution and layout of how
statistics should be stored in the StatisticsObject
Statistics Rules are used to select the historical traffic data that should be
stored, based on the layout and format of the Statistics Object (see
previous section).
1. Create the statistics rule.
2. In the statistics rule, select the corresponding statistics object to enable the values to be
stored according to the distribution.
3. Add condition(s) from the Objects folder to select which traffic the rule should apply to.
Statistics Rule: Creating a Statistics Rule
58
Editing conditions of a Statistics Rule
Statistics Rule Screenshot
59
Thank You!!中偉科技股份有限公司
Thanks