岛与幕歌distributor or authorized reseller, contact the technical support staff for that
distributor or reseller for assistance.
If you purchased a Nortel Networks service program, contact one of the following
Nortel Networks Technical Solutions Centers:
Technical Solutions Center Telephone
Europe, Middle East, and Africa00800 8008 9009
or
+44 (0) 870 907 9009
North America(800) 4NORTEL or (800) 466-7835
Asia Pacific(61) (2) 9927-8800
China(800) 810-5000
Additional information about the Nortel Networks Technical Solutions Centers is
available from the 9f61ba9b51e79b896802261c/help/contact/global URL.
An Express Routing Code (ERC) is available for many Nortel Networks products
and services. When you use an ERC, your call is routed to a technical support
person who specializes in supporting that product or service. To locate an ERC for
your product or service, go to the 9f61ba9b51e79b896802261c/help/contact/
erc/index URL.
216392-B
17 Chapter1
Overview
This section explains the features and components of the Alteon Intelligent Traffic
Management solution.
Select a T opic
?“What is Alteon Intelligent Traffic Management?” on page18
?“Features” on page19
?“Deploying Alteon ITM” on page20
?“Hardware and Software Requirements” on page22
?“Basic Elements of Traffic Management” on page23
?“Before You Start Managing Traffic” on page32
?“Alteon ITM Components” on page29
?“Traffic Flow in ITM” on page33
?“Application Signature” on page34
Alteon Intelligent Traffic Management User’s Guide
18Chapter1: Overview
What is Alteon Intelligent Traffic Management?
Alteon Intelligent Traffic Management (ITM) is a solution to help you control
network traffic traversing the Alteon Application Switch. The Alteon Intelligent
Traffic Manager is a very robust, reliable and flexible traffic manager that
inspects IP traffic at all layers and accurately identifies traffic enabling you to
implement policies on the classified traffic.
Alteon ITM does much more than allow or deny application traffic. It can detect,
rate limit, deny, or shape all application traffic including peer-to-peer applications
as well as network-based worms and viruses. Alteon ITM uses the following
resources to manage application traffic:
?Flexible deep packet inspection
Looking for simple or complex pattern or groups of patterns in variable
locations in an IP packet.
?Tracking sessions
?Inspecting traffic based on flow
?Collecting data and generating reports
True synergy for Intelligent Traffic Management is achieved by combining the
following attributes—IP flow based inspection, pattern-based recognition, policy
enforcement, and reporting into a cohesive system.
Performance Enhancement
This release of Alteon ITM provides significant improvement in performance
because only one side of the communication needs to be processed as opposed to
the earlier method where both directions were processed. The larger the filter list,
the larger the impact on performance. To avoid inspecting traffic in both
directions, this feature allows the switch to arbitrarily create the session entry in
the opposite direction the traffic was classified on.
In this implementation, a “Reverse Contract” association is supplied and the
returning traffic is classified into a different contract than configured on the
ingress filter, so you can exercise granular control over the application, such as
applying different policies for ingress and egress traffic.
216392-B
Chapter1: Overview19 Features
Alteon Intelligent Traffic Management provides flexibility and choice for
managing all types of traffic:
?Allow traffic
?Deny traffic
?Rate limit traffic
?Shape traffic
?Redirect traffic
?Generate detailed traffic reports and trends
?Change Differentiated Services Code Point (DSCP) value
?Classify non-IP traffic
For example, ITM can combine and enforce the following basic functions,
regardless of the layer 4 port the application is running on:
?Automatic Signature updates
?Allow HTTP
?Deny peer-to-peer uploads
?Rate limit peer-to-peer downloads
?User rate limit traffic (based on source or destination IP address)
?Share bandwidth among contracts
?Configure time policies for contracts
?Allow Instant Messaging chat
?Deny Instant Messaging file transfers
?Guarantee V oice over Internet Protocol (V oIP) traffic
Alteon Intelligent Traffic Management User’s Guide
20Chapter 1: Overview
216392-B Deploying Alteon ITM
The following identifies the capabilities of Alteon ITM and how it can be
deployed in your network:
?
Combat high-profile network worms and viruses. Alteon ITM has the ability to stop the worms without stopping valid application traffic.?
Identify and deny dynamic, port-hopping peer-to-peer applications used in the Enterprise network, or rate limit these applications in provider networks.?
Prevent Spyware applications from sending critical corporate data back to its recipient.?
Specify different enforcement policies based on time of day.?
Create a contract group and share bandwidth among contracts.?
Shape and prioritize critical business application traffic, so that it is not impacted when a new worm attacks the network.?
Deploy Alteon ITM configuration to multiple switches simultaneously.?Monitor all applications and network traffic to facilitate network and
application planning initiatives.
Table 1 shows that Alteon ITM is more than just a peer-to-peer traffic manager.Table 1 Traffic Management Features Features
Description Rate Limiting Limits bandwidth for a specific traffic class. Rate limiting performs a
hard discard of the traffic as soon as the limit is reached. Rate
limiting is efficient if you have 25% or less discards in your traffic.
T raffic Shaping Shapes (smooth) traffic for a given traffic class. T raffic shaping
should be used when you have more than 25% discards or you have
an application that does not respond well to discards.
User Rate Limit Limits bandwidth for specific users. Y ou can define user rate limit
based on source or destination IP address.
Data Capture and Analysis Generate traffic reports and analyze the captured data.
Packet Remarking Change the priority of the packet.
DoS Mitigation
Allows you to reduce load from firewalls by providing policies for well
known DoS attacks (Land, Smurf, Fraggle, Jolt, Blat, and so on)
Chapter 1: Overview
21Alteon Intelligent Traffic Management User’s Guide Emergency Virus
Response
Deny CODE RED, NIMBDA, MSBlast, and other high profile viruses in real-time.Custom Policy Support
Allows you to configure policy attributes such as buffer limits (hard, soft, and reserved limit) or enable TCP Window Resizing.Custom Application
Support Allows you to add or remove any detectable application. Not limited to Nortel or industry-defined applications.Table 1 Traffic Management Features
Features
Description
