Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Balance and protect your network
——ADC SolutionsOCT 2016
داده پردازی اوان خاورمیانه
86085194021و 8: تلفنwww.o-1.co: سایت
[email protected]: ایمیل
Agenda
• Requirement analysis of ISP
• ADC solution
• Product value
• Product lineup and model selection
• Case study
• Competition analysis
Requirement analysis of ISP
Link
Optimization
Security and
Acceleration
Extension of
Service
PerformanceKEY
Ensure
Critical
Service
Availability
Ensure Critical Service Availability
Internet 100%
Venusense ADC
20%
40%
40%
×50%
50%
Client Server
Extension of Service Performance
Internet
Venusense ADC
Client Server
Link Optimization:Comprehensive load balancing(LB) policy
Link1LInk2
Link3
Data CenterIntranet users
Public servers Public users Professional link load balancing product:
LB:Distribute traffic to each link based on LB
algorithms;
Congestion control: Avoid congested links
automatically, distribute traffic to available
links;
Health monitor: Assure connectivity of each
link accurately;
Support various health monitoring policies;
Switch to healthy link immediately when
current link get fault.
网通
电信
教育
intern
et
网通
电信
教育
intern
et
IS
P
1
IS
P
3
IS
P2
intern
et
www.baidu.comIMWEB service
Link Optimization: Application Routing
Routing based on domain names,
applications and services
• Establish multiple load balancing
strategies according to client
demands
• Allocate enterprise’s key
business to the links with high
bandwidth and short delay, and
ensure access speed and the
quality of user experience
L4 Security protection
Provide firewall security functions and features!
Professional L7 Security protection
Multiple date center
Applicationsystem
Cloud datacenter
Desk virtualization
Internet
ServerClient
L7 access control•Based on cookie, browser type, URL, HTTP Header
L7 Anti-DDoS•Recognize CC attack according to intelligent dynamic cookie script•HTTP request rate control
Web Application Security•Protect XSS, SQL injection attacks•HTTP Protocol Compliance•Sensitive information erasure
Application optimization and acceleration
Application System optimization and acceleration
Storage
Database
WEB Server APP Server
Data Center
Generated time of pageTransmission time of internet
Network acceleration① HTTP compression② TCP protocol stack③ Access via the best link
(Intelligent DNS)④ Access the best site
(Global LB)
Server offload① Static page cache② Dynamic page cache
(Unique feature)① SSL offload② TCP connection offload
Terminal optimization① Intelligent terminal
acceleration② Intelligent Cache③ Support SPDY
protocol② HTTP download
acceleration
IPv4/IPv6 Dual Stack Technology
IPv6 Server
IPv6 Network
IPv4network
IPv4 Server
IPv4-IPv6 outbound NAT IPv6-IPv4 Inbound NAT IPv6-IPv6 address mapping
IPv6: 9900::1 <->2000::30.30.30.30 IPv4: 20.20.20.20<->30.30.30.30
Product Value
Guarantee
Business Continuity
Link Load balancing
L7 link monitor
Close fault link
automatically
Achieve
L7 traffic control
Application routing
Application
bandwidth Mgmt
Dynamic proximity
Optimize
User experience
Link unilateral
acceleration
Smart terminal
acceleration
Cache/Compression
Reduce
User Expense
High performance
Firewall
Denial of service
attacks
Web Application FW
Ipv6 evolution
• 'All-in-One' Software Licensing,
without needing separate licensing
• Extensible hardware interface
modules for satisfying different
scenario demands
Venusense ADC product series
Venusense
2000 ADC
1 GbpsMiddle and small
enterprises/
affiliated
companies
access
Venusense
4000 ADC
6 GbpsEnterprises
application
delivery&
access
Venusense
6000 ADC
15 GbpsLarge
enterprise data
center
application
delivery &
connection
Venusense
8000 ADC
40 GbpsChina
Telecom data
center
application
delivery
120G-1.2T
Venusense V
series ADC
Functions of Venusense ADC
SecurityLoad balancing
VirtualizationTraffic
Management
Optimization and Acceleration
DNS
DNS
• L4-L7 server LB• LLB• Global LB• 30+ LB algorithms• 20+ session persistence algorithms• Health monitors based on application• Intelligent routing
• SSL offload• TCP offload• Cache/Compression• SPDY• TCP unilateral acceleration• WAN bilateral acceleration• Smart APP acceleration• HTTP pipelining
• Linkage with VMware etc.• Hardware virtralizaion based on
Hypervision• vADC with complete
isolation/resoure• VDI
• L4-L7 FW• L2-L7 Denial of service attacks• CC attack protection• Web Application FW• NAT46/NAT64• SSL encryption• Sensitive info erasure/rewrite• IPSec VPN
• Intelligent DNS• DNS proxy• DNS server• DNS transfer• DNS Load balancing
• Application recognition• 500+ online app• Traffic management and
distribution• Rate control based on
five-element rule• Critical business bandwidth
guarantee
Case study-BIAS System of Beijing Unicom
Requirement:Product upgrading for original BIAS system and expand its overall performance
Venustech solution:Application LB according to RADIUS
protocol
Session persistence
HA:A-S,Switching time<300ms
Surge protection
Effects:Guarantee the servers availability
by health monitoring. Ensure the
operation continuity by HA policy.
By ADC expansion capability, both
new and old servers can play a role,
to achieve flexible extension of
operational capability.
Cascade in front of the servers, VS address of ADC device
is a private IP address,and all traffics go through the
Venusense ADC device.
Case study-CN of Sun Yat-Sen University , Replace F5
Requirements:LB performance:15Gbps now, 40Gbps in the future
Routing and traffic management based on ISP
Routing and traffic management based on application features
Venusense12000-VHigh performance :up to 240Gbps
ISP routing, increase speed of network connecting
Application routing
Mr. He, the manager of SYSU IT Center said: “The outbound traffic of
SYSU is very high, we used the
industry‘s top brands such as F5, Allot all
the time before, Venusense is the first
Chinese ADC we used in such a critical
network, and it results much better than
our expectation. It has played an
excellent model for SYSU network construction.
HA
Cascade on the Internet outlet
Vlink: public IP address
All traffics go through the Venusense ADC device
Features F5 Sangfor Array A10 Radware Venusense
Server Loadbalancing
L4 LB and algorithms √ √ √ √ √ √
L7 LB √(realize by iRule) √ √ √ √ √
Content exchange √(realize by iRule)partial fun
ction√ √ √
√
Customized health monitor √ √ √ √ × √
Programmable √ × √ √ × √
Link loadBalancing
Dynamic proximity X √ X √ √ √
ISP routing √(realize by iRule) √ √ √ √ √
URL Access Traction √ √ √ × √ √
DNS proxy × √ × × × √
Application routing × × × × × √
Application optimization
Static Cache √(Requires separate purchase)
√ √ √ √ √
Dynamic Cache√(Requires separate purchase)
× × √ √ √
Compression√(Requires separate purchase)
√ √ √ √ √
TCP unilateral acceleration √ √ √ × √ √
TCP connection reuse √ √ √ √ √ √
HTTP pipelining √ × × √ √ √
Rewrite √ × √ × √ √
Competition analysis
Competition analysis
Features F5 Sangfor Array A10 Radware Venusense
Applicationsecurity
L7 DDos √(realize by iRule, badperformance)
× √ √ √ √
L7 firewall √ × × √ √ √
WEB firewall√(realize by iRule, bad performance)
× × √ × √
URL access rate control √ × × √ × √
Sensitive info erasure √ × √ × √ √
Anti SQL injection √ × × × × √
Anti XSS attack √ × × × × √
Routing online test tools √ × × × √ √
WEB application security√(Requires separate purchase)
× × √ × √
Deployment
Dynamic route√(Requires separate purchase)
× × √ × √
Device cluster (two or more) √ × × √ √ √
VRRP × × × √ √ √
IPv4-IPv6 hybrid deployment √ √ √ √ × √
Linkage with VMware √ √ × √ × √
SPDY √ × × × × √
Smart terminal acceleration √ √ × × × √
Virtualization √ × √ √ × √