|
QoS is the ability to provide consistent,
predictable data service delivery to satisfy customer application
requirements. Several characteristics qualify QoS, including the
capability to minimize delivery delay, reduce delay variations,
and provide consistent data throughput capacity.
SysMaster uses IP QoS together with
TCP and UDP level filtering to implement Ingress/Egress Bandwidth
Management, Denial of Service Prevention, Traffic Discovery and
Prioritization.
  |
SysMaster Bandwidth Management |
 |
|
|
Incoming (ingress) and outgoing (egress) traffic
is filtered utilizing specified sets of filter parameters for refined
bandwidth utilization. The QoS module supports the DiffServ
protocol provisioning for the proper treatment of the DiffServ marked
IP packets throughout the core network of the Internet.
Bandwidth Allocation and Traffic Packet Shaping
The QoS module includes functionality to dynamically
implement egress bandwidth allocation for the most bandwidth-demanding
applications, as well as for mission critical application traffic.
Using the comprehensive filtering and queuing mechanisms of the
SysMaster QoS module, egress traffic can be classified and scheduled
using different traffic policies. In addition, all egress traffic
can be re-marked on IP level according to the DiffServ standard
to assure proper treatment of the packets when traversing DiffServ-compatible
routers deployed across the Internet. The SysMaster QoS provides
egress filtering using:
- IP protocol - TCP, UDP, ICMP and more;
- Source IP address;
- Destination IP address;
- Source TCP/UDP port;
- Destination TCP/UDP port;
- DSCP/TOS DiffServ markings;
- ICMP type.
Using these filters, web sites can opt to allocate
adequate bandwidth to different geographic regions according to
the marketing priorities of their enterprise. For instance, a US
based company with Internet presence would like to provide the highest
level of QoS to its US web visitors while providing a basic level
of QoS to all non-US web visitors. With SysMaster QoS module, this
type of bandwidth allocation is implemented using selective source
IP filtering allowing source authentication to be performed.
Traffic Prioritization
The SysMaster QoS module includes an advanced scheduler
for prioritizing egress traffic based on assigned priority values
on classified traffic. For example, a company would like to conduct
video conference calls using Internet/Extranet medium. In this case,
a certain bandwidth must be allocated along with a guarantee that
low packet loss and low packet latency deviation (jitter) will be
provisioned. The SysMaster QoS module provides this using its advanced
scheduling mechanisms together with policing and DiffServ marking
of the egress traffic.
Traffic Policing
The SysMaster QoS can 'police' incoming traffic
by filtering it using specified sets of inbound filter parameters
for refined bandwidth utilization and restriction policies. SysMaster
QoS supports the following filtering parameters:
- IP protocol - TCP, UDP, ICMP and more;
- Source IP address;
- Destination IP address;
- Source TCP/UDP port;
- Destination TCP/UDP port;
- DSCP/TOS DiffServ markings;
- ICMP type.
|
Denial of Service Prevention |
|
|
|
The SysMaster QoS module provides extended capabilities
for filtering out any malicious attacks based on TCP, UDP, IP, ICMP
or other Layer 3 or Layer 4 protocols. This greatly improves the
security of your bandwidth, and guarantees that such attacks will
not disrupt the normal operation of your systems. This functionality
is accomplished with no performance penalty drop on the part of
SysMaster. While filtering out detected malicious traffic, your
network will be able to operate normally. For the web businesses,
this module delivers high availability resulting in reduced losses
incurred due to web site downtime.
The SysMaster QoS module prevents the following
attacks:
- Mail-bomb Attack
- Teardrop Attack
- Smurf Attack
- Fraggle Attack
- Trinoo Attack
- Tribe Flood Network
- TFN
- TFN2K
- Stacheldraht
- Shaft
- Mstream
- Teardrop Attack
- Land Attack
- Advanced SYN Flood
- Advanced UDP Flood
- Distributed DoS (DDoS)
- ICMP Ping Flood
- Network Isolation and Traffic Restriction
- Geo-Managed Traffic Control
- Unauthorized Traffic Isolation and Restriction
- Class/Filter Based Packet Processing
|
