Agenda
– Production Platform
– Analytics Solution
• Live View
• Stats Viewer
– Actionable Intelligence
– Use Case
• 校園網路管控系統解決方案
Network &
Subscriber
Intelligence Traffic, Subscriber,
Score, RAN, Routing,
Topology, and Content
Network & Subscriber
Analytics Role-Based analytics for
Customer Care and
Engineering teams
Intelligent Policy Enforcement Network-Based policy enforcement
including Congestion Management,
Steering, Mitigation, and Charging
Visualize
the Data Collect
Intelligence
Enforce
Policies
Procera Networks What We Do
Procera Networks How We Do It
PRE Real-time enforcement and analytics engine sitting on
the subscriber data plane for broadband infrastructures
PacketLogic™ Real-time Enforcement System Functions: + Subscriber/Service/Network QoE Measurement
+ Congestion Management & Mitigation of poor QoE
+ Policy & Charging Control (PCC) PCEF
PSM
PacketLogic™ Subscriber Manager
Policy, Charging and Subscriber integration in the
control plane with APs, WLCs, 3GPP PCC, BSS,
and OSS
Integration Points:
+ RADIUS/DHCP/DIAMETER
+ SNMP Traps/Pollers
+ Gx/Gy/Sd (PCRF/OCS)
+ Custom Integrations with OSS/BSS
PIC
PacketLogic™ Intelligence Center
Intelligence and Analytics storage and presentation
of PacketLogic data for role-based users
Data Visualization Options:
+ PacketLogic Client
+ Insights (Engineering, Customer Care, Scorecard)
+ IPFIX, ODBC & Raw Data Export
Highest performance and scalability up to 600
Gbps with millions of subscribers and flows NFV-based performance and scalability for
COTS sever or Cloud-based deployments
Appliance-based PacketLogic Virtual PacketLogic
Procera Networks Technology agnostic
PRE
CABLE
DSL
WiFi
LTE
2G/3G
CMTS
PSM
PIC
Internet
BRAS
E-Node B PGW
AC
GGSN
PGW
SGSN
SGW
RNC
Router
DHCP AAA/RADIUS
• Datastream Recognition Definition Language (DRDL) is the traffic identification engine developed exclusively as PacketLogic
• PacketLogic utilizes a finite state-machine to minimize false positives and minimize signature guessing
– Multipath signature analysis to adapt to polymorphic applications (e.g. Skype)
– DRDL database searching is optimized to minimize time to detect common applications
– DRDL database size is only limited by available system memory
PacketLogic Traffic Inspection, Signatures (a.k.a DPI)
• Signature database is ~2500 signatures
today (does not include URLs)
– Separate, in-memory URL database
storing 50+ million entries
– Weekly updates are released by
Procera signature development
Traffic Detection by Method
Visibility Architecture Insights dashboards Interactive drill down and analytics of
statistics data
LiveView Real-time view of network
(all subscribers, all IP flows)
with 5 second granularity
Statistics viewer Historical statistics available
following write interval.
• Stores and displays all statistics
• Drill down into any time period
up to last hour
• Statistics are granular to the
capture interval Raw data export IPFIX, SQL, CSV and more
Reports Custom and canned reports for
processing statistics data. i.e.: Report
on per user/URL statistics
LiveView
• Customizable
• Real-Time
• Drill down to
single session
• Contextual
subscriber
association
ANALYTICS SOLUTIONS
LiveView
Real-time visualization of all
traffic call “LiveView”
View data by configured
hierarchy
Example: PSM -> Wireless Net
Work -> All Account
Drill down into subscriber
LiveView
Example:
Quickly sort and view top services
running the network now and then
drill down into connection details
Overview of statistics viewer • Historical Statistics is key for understanding user bandwidth usage and peak/low usage
trends, regular abusive users or services, etc.
– This can help identify trends in user application usage and peak times, and allow for
the creation of specific rules to curb abuse and provide a fairer service for all users
and systems.
– Or combine our statistics with our Quality of Experience analysis, and you have an
insight into what the actual user experience might be on your network for each user
accessing any website, using any application.
• Stat Viewer allows to:
– Stores and displays all statistics (bar charts, pie charts, line graphs, stacked charts)
– Drill down into any time period up to last hour
– Statistics are granular to the capture interval (typically 5 minutes or less)
Statistics viewer
Example:
Line chart comparing streaming
media and file sharing traffic
(throughput)
PacketLogic • Traffic Management, Filtering
• PacketLogic Filtering uses the powerful IP stack of the PacketLogic system, thus has the ability to filter packets and
connections based on information extracted by PacketLogic. Based on this information it is easier to configure
filtering policies.
• PacketLogic Filtering is a transparent “firewall” that filters packets and connections. Once a connection is accepted,
all packets are checked for conformance.
• Filtering allows operators to performs one of the following actions:
– Accept: Accepts the connection as is based on predefined criteria.
– Reject: Terminates the flow and sends a TCP RST packet or a ICMP unreachable packet to the peers.
– Drop: Silently drops the packet and discards the flow.
– Inject: Sends a faked server response to the client based on the rule's inject data. E.g.: HTTP traffic Inject (302)
– Divert: See separate section.
– Rewrite: Rewrites certain packet fields to those specified in the rule's RewriteObject. RewriteObjects can rewrite
a connections VLAN, DSCP or do full source and destination NAT.
– Enrich: Allows for enrichment objects to be added to an HTML header.
– Shunting: allows to selectively ignoring parts of traffic
PacketLogic • Traffic Management, Shaping
• Fairness is probably the most powerful of all the aspects when it comes to increasing quality of experience (QoE)
– For ISPs fairness means that one subscriber can’t affect the QoE of another subscriber, regardless of network
conditions
– Without fairness a few heavy subscribers can impact on other subscribers
• However, networks by themselves are not fair
– More bandwidth is typically given to users with more connections (and widely exploited by Torrents)
– Fairness can also be affected by dual-stack implementation and/or multiple IPs per subscribers
• AQM (Advanced Queuing Methods) Algorithms
– For all queuing techniques, the goal is to keep the queues short (i.e. low
latency) and efficiency high (i.e. maximize goodput)
• Policing versus Policing with Shapers
‒ With policing only, when the traffic rate reaches the configured maximum rate, the excess traffic is simply dropped resulting in an output that appears saw toothed
‒ With policing plus shaping, any excess packets are held in a queue and then scheduled for later transmission resulting in a smoothed output
PacketLogic • Traffic Management, Shaping
• Key Concepts
– Parallel Queuing: One packet can be limited by any number of queues at the same time (e.g. cell, backhaul, core, per-
subscriber, per-transit link, etc)
– Borrowing: Allow shapers to exceed limit if excess bandwidth exists elsewhere
– Split By: Replication of the shapers at various contextual levels
• Host Fairness
– A stochastic, fair queuing mechanism where each subscriber is hashed into a shared bucket and gets a subset of the queue
space to queue a finite set of packets
– This can achieve some level of isolation, but intelligent applications may still be able to get a larger piece than is fair
• Fair Split
– Every active subscriber is allocated (but not guaranteed) a piece of the available bandwidth and when any subscriber is
idle, their allocation is forfeited and will be shared among the other active subscribers
• Fair Factor
– Similar to Fair Split, but the share allocations can be based on subscriber Tiers (e.g. Gold gets 4x as Bronze)
• Fair Factor Plus
– A separate queue within Fair Factor for real-time applications while conforming to the overall allocation
Packetlogic • Traffic Management, Shaping Options
• Allows for combination of multiple rules and/or criteria
• Subscriber shaping
• Application shaping
• Subscriber quota shaping (monthly, daily, hourly, etc.)
• Subscriber application quota
• Packet tagging shaping (DSCP on App, Sub, or combination)
• FairSplit (split bandwidth equally in real time between subs)
• FairFactor (split bandwidth un-equally in real time between subs)
• Different Weight Fair Queue schemes (applications, tiers, combos)
• FairSplit/FairFactor per application type (Download, Interactive, Voice/Gaming)
Packet Logic • What if all my subscribers are not alike?
• Fair Split Shaping has a built in factor mechanism
– The available queue space can be “unfairly” divided based on a factor
– This is called Fair Factor
– Fair Factor helps implementing service plans
– If User 1 (Gold) has a Fair Factor of 2 he gets twice as much as User 3 (Silver) with Fair Factor 1
Traffic Management, Fair Factor
Silver
User 4
Silver
User 3 Gold User 2 Gold User 1
9 Mbps Shaping Queue
3 Mbps 3 Mbps 1.5 Mbps 1.5 Mbps
PacketLogic • Traffic Management, Fair-Split Ensures Fairness
During congestion, Fair-Split allocates available bandwidth fairly
amongst active subscribers
Fair Split User 1
Fair Split User 2
Fair Split User 3
Capacity Bit Torrent Bit Torrent
User 1
User 2
User 3
PacketLogic • Traffic Management, Proportional Fairness With Fair-Factor
• Fair-Factor is built on top of
Fair-Split concept
• During congestion, Fair-
Factor divides available
bandwidth into queue
classes of different
weightings
• Each queue is “Fairly-Split”
amongst active subscribers
within that class
Data
Data Data
Data Data Data
Gold
Silver
Bronze
Fair Split Gold
Fair Split Silver
Fair Split Bronze
Use Case 校園網路控管實例
•控管需求 : 針對校內宿舍IP進行流量使用控管
– 宿舍IP 使用量 (Quota) : 6GB
– 限頻 : 10/1 Mbps
– 宿舍IP 使用量 (Quota) : 10GB
– 限頻 : 2M/512Kbps
• 兩階段式掐頻,未超過6GB不限制,6-10GB 限頻10/1 Mbps,超過10GB限頻2M/512Kbps
Use Case 校園網路控管實例
• http://140.112.2.212/quotaquery.html
• 無須帳密
• 查詢平台資料係透過後臺程式向subscriber system 取得資料
Use Case 校園網路控管實例
宿舍IP查詢使用範例,使用Statistic Report 及Query Web System
• 範例IP : 140.112.214.183
• 使用查詢系統檢視該IP States
Under : Quota < 6GB,bandwidth unlimited
above : Quota > 6GB, <10GB,bandwidth 10Mbps/1Mbps
Wayabove : Quota > 10GB,bandwidth 2Mbps/512Kbps
Use Case 校園網路控管實例
•控管需求 : 針對校園網路P2P 服務進行Low bitrate限制
– Service : P2P File Sharing (BitTorrent, Thunder, eDonkey)
– 限頻 : 128/128 Kbps
Use Case 校園網路控管實例
• 主要功能簡介:
• 色情賭博網站控管
• 所有嘗試色情賭博類型網站為不合法行為,則將用戶導入Top-Up Server
頻寬管理器
Switch
Core Router
Captive Portal
Top-Up Server
色情網站資料庫
Use Case 校園網路控管實例
ICD IFD IWF
Number of DB Entries ~65M ~125M ~2.5K
Incremental DB Updates Hourly 3 x Day 2 x Day
Categories 107 188 + 106 BotNet Specific 1
Languages Supported 28 >200 N/A
Malware Categories 6 Primary 12 Primary N/A
Phishing N/A Would require APWG APWG and other sources
“Gmail, Microsoft365, other
email providers.
N/A
Multiple Categories per URL Yes Yes N/A
Online URL Query Site Yes Yes No
3rd Party URL Databases
ContentLogic