4655 Great America Parkway
Santa Clara, CA 95054
Phone 1-800-4Nortel
9f61ba9b51e79b896802261c Alteon Intelligent Traffic Management Release 3.1.2
User’s Guide
part number: 216392-B, January 2005
2
Copyright ? 2005 Nortel Networks, 4655 Great America Parkway, Santa Clara, California, 95054,
USA. All rights reserved. Part Number: 216392-B.
This document is protected by copyright and distributed under licenses restricting its use, copying,
distribution, and decompilation. No part of this document may be reproduced in any form by any
means without prior written authorization of Nortel Networks, Inc. Documentation is provided “as is”
without warranty of any kind, either express or implied, including any kind of implied or express
warranty of non-infringement or the implied warranties of merchantability or fitness for a particular
purpose.
U.S. Government End Users: This document is provided with a “commercial item” as defined by FAR
2.101 (Oct. 1995) and contains “commercial technical data” and “commercial software
documentation” as those terms are used in FAR 12.211-12.212 (Oct. 1995). Government End Users
are authorized to use this documentation only in accordance with those rights and restrictions set forth herein, consistent with FAR 12.211- 12.212 (Oct. 1995), DFARS 227.7202 (JUN 1995) and DFARS
252.227-7015 (Nov. 1995).
Nortel Networks, Inc. reserves the right to change any products described herein at any time, and
without notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of
products described herein, except as expressly agreed to in writing by Nortel Networks, Inc. The use
and purchase of this product does not convey a license under any patent rights, trademark rights, or
any other intellectual property rights of Nortel Networks, Inc.
Alteon, Alteon Application Switch, Alteon Intelligent Traffic Management are trademarks of Nortel
Networks, Inc. in the United States and certain other countries.
Red Hat and all Red Hat-based trademarks and logos are trademarks or registered trademarks of Red
Hat, Inc. in the United States and other countries.
Linux is a registered trademark of Linus Torvalds.
Any other trademarks appearing in this manual are owned by their respective companies.
Originated in the USA.
Export
This product, software and related technology is subject to U.S. export control and may be subject to
export or import regulations in other countries. Purchaser must strictly comply with all such laws and regulations. A license to export or reexport may be required by the U.S. Department of Commerce. 216392-B
3 Contents
Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Tables. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Related Technical Manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Before Y ou Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
How to Get Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16 Chapter1: Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
What is Alteon Intelligent Traffic Management? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Performance Enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18 Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Deploying Alteon ITM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Basic Elements of Traffic Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23 Static Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Grouping Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 Traffic Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Time Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Bulk Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Alteon ITM Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Alteon EMS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Alteon EMS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31 Before Y ou Start Managing Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Traffic Flow in ITM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Application Signature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Alteon Intelligent Traffic Management User’s Guide
4Contents
Chapter2: Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Before Y ou Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 Starting the Alteon ITM Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 Launching Alteon EMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
Selecting the Physical Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Configuring ITM to Prevent DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Validating SMTP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Checking for New Signature File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
Selecting Applications to Classify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44 Notifying Updated Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
Conflicting Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Prioritizing Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48 Configuring Bandwidth Management Contracts . . . . . . . . . . . . . . . . . . . . . . . . . .49
Defining Traffic Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Creating Contract Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Configuring Time Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Applying and Saving Y our Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Deploying ITM Configuration to Multiple Switches . . . . . . . . . . . . . . . . . . . . . . . .58 Checking Current Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Deleting Existing Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Configuring from a Remote Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61 Determining How to Prioritize Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61
Chapter3: Viewing Switch Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Viewing Denial of Service Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64 Viewing Layer 4 Filter Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65 Viewing Pattern Group Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67 Viewing Real Time Bandwidth Management Statistics . . . . . . . . . . . . . . . . . . . . . . . .68
Chapter4: Monitoring Switch Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Monitoring the Forwarding Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70 Monitoring Session Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72 Monitoring MP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74 Monitoring SP-Specific Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
216392-B
Contents5 Monitoring SP Statistics by Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76 Chapter5: Advanced Database Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Database Administration Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80
Backing Up the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81
Purging the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82
Removing Obsolete Contract Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83
Manually Adding Data to the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Advanced SQL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85 Connecting to the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Listing Available Databases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Listing T ables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86
Viewing Table Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Updating a Contract Name in the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87
Manual Data Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88 Current Record Count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88
All Data in a Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Specific Data in a Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89 Chapter6: Generating Traffic Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
The Reporting Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92
Starting the Reporting Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93 Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95
Graphing Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Customizing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .99 Understanding the Graph Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Sample Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102
Generating Reports Across Multiple Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Sample Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105 Sample 1: Selecting Inpidual Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . .106 Graph Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
CSV Format Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Table Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108 Sample 2: Selecting T raffic Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Sample 3: Aggregating Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Alteon Intelligent Traffic Management User’s Guide
6Contents
216392-B Sample 4: Selecting Multiple Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112 Sample 5: Summarizing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113 Sample 6: Displaying Data Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115 Sample 7: Percent of Inbound T raffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 Sample 8: Graphing Discarded Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 Sample 9: Stacking Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118 Sample 10: Measuring Discarded Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121 Sample 11: Selecting Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123 Sample 12: Selecting Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124 Sample 13: Generating a Typical Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125 Sample 14: Generating User Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
Chapter7: Working with Signature Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
What is a Signature File? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132 Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Types of Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Pattern Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Application Masquerading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135 Nortel Signature File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136 How the Alteon ITM Wizard Reads the XML Files . . . . . . . . . . . . . . . . . . . . . . . . . . .137 Checking Date of Signature File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138 Updating the Signature File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139 Modifying Application Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140 Creating Custom Application Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141 Before Creating Custom Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142
Generic Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143 Sample Custom Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144 Basic Layer 3 Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Basic Layer 4 Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146
Basic Layer 7 Rule (matching a single hex pattern) . . . . . . . . . . . . . . . . . . . . . .148
Basic Layer 7 Rule (matching multiple hex patterns) . . . . . . . . . . . . . . . . . . . . . .149
Basic Layer 7 Rule (matching optional hex patterns) . . . . . . . . . . . . . . . . . . . . .151
Basic Hybrid Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Contents7 Chapter8: Troubleshooting Alteon ITM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Before Y ou Start Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
Not Receiving User Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .161
Cannot Receive SYSLOG Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Traffic Management Wizard Option Missing . . . . . . . . . . . . . . . . . . . . . . . . .163
BWM Statistics are not Generated in Real-time . . . . . . . . . . . . . . . . . . . . . .164
Cannot Connect to the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .165
Generating Only Default BWM Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Generating Only “Other” BWM Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . .167
Cannot Generate Traffic Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .168
Excessive Discards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171
Statistics not Imported into Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Traffic Reports Display Discards When Rate Limit is not Configured . . . . . .174
SMTP Field Missing in Alteon EMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175
Graphs Display Straight Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
Error on Port Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177
Security Menu Missing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
Rate Limit Policy not Working . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179
Overall Upload Traffic Exceeds Download Traffic . . . . . . . . . . . . . . . . . . . . .180
Timeout Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
Reporting Server Cannot Receive Statistics . . . . . . . . . . . . . . . . . . . . . . . . .182
Error Message When Installing the Reporting Server . . . . . . . . . . . . . . . . . .183 Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Alteon Intelligent Traffic Management User’s Guide
8Contents 216392-B
9 Figures
Figure 1Alteon Intelligent T raffic Management Solution . . . . . . . . . . . . . . . . . . . . .29
Figure 2Selecting the Physical Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
Figure 3Specify SMTP Host and Username . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Figure 4Selecting Applications to Classify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Figure 5Pre-defined Bandwidth Management Contracts and Policies . . . . . . . . . .49
Figure 6Creating a New Contract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50
Figure 7Customizing Rate Limit Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Figure 8Customizing T raffic Shaping Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52
Figure 9Customizing User Rate Limit Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Figure 10Configuring Time Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Figure 11Configuring Action for Time Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56
Figure 12Bulk Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58
Figure 13Monitoring DoS Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64
Figure 14Viewing Filter Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65
Figure 15Pattern Match Group Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67
Figure 16Clearing Bandwidth Management Statistics . . . . . . . . . . . . . . . . . . . . . . .68
Figure 17Forwarding Database Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70
Figure 18Monitoring Session Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73
Figure 19Switch Processor Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Figure 20SP Maintenance Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Figure 21Reporting Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
Figure 22Understanding the Graph Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Figure 23Selecting Multiple Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Figure 24Graphing Across Multiple Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Figure 25Sample Report in Standard Graph Format . . . . . . . . . . . . . . . . . . . . . . .107
Figure 26Top 5 Inbound Traffic Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Figure 27All Inbound T raffic Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Figure 28Traffic Aggregates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111
Figure 29Selecting Multiple Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112
Figure 30Before Averaging the Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Alteon Intelligent Traffic Management User’s Guide
10Figures
Figure 31After Averaging the Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114 Figure 32Data Points on Inbound Traffic for Application 3 . . . . . . . . . . . . . . . . . . .115 Figure 33Relative Graph . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116 Figure 34Discarded Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 Figure 35Applications Not Stacked . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118 Figure 36Stacking by Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119 Figure 37Stacking Applications with Discards . . . . . . . . . . . . . . . . . . . . . . . . . . . .120 Figure 38Measuring Discards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121 Figure 39Selecting Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123 Figure 40Selecting Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124 Figure 41 A Typical Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126 Figure 42Top User Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128 Figure 43Configuring a User Report for a Specific User . . . . . . . . . . . . . . . . . . . .129 Figure 44All Inbound Applications for User XYZ . . . . . . . . . . . . . . . . . . . . . . . . . .130 Figure 45Working with the XML Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137 Figure 46Signature File Dates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138 Figure 47Default Contract Gets All the Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . .166 Figure 48Default Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171 Figure 49Sum of Reserve Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172 Figure 50Alteon EMS Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181
216392-B
11 Tables
Table 1Traffic Management Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Table 2Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Table 3References to Install Hardware and Software Components . . . . . . . . . . .22
Table 4Traffic Management Policies and Description . . . . . . . . . . . . . . . . . . . . . .26
Table 5Alteon ITM Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Table 6DOS Attacks Supported on the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Table 7Information on the Displayed Applications . . . . . . . . . . . . . . . . . . . . . . . .45
Table 8Defining Policies for BWM Contracts . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Table 9Inbound and Outbound Action for Time Policies . . . . . . . . . . . . . . . . . . . .56
Table 10Monitoring Alteon ITM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
Table 11Session Capacity for Application Switches . . . . . . . . . . . . . . . . . . . . . . . .72
Table 12Reporting Menu Descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94
Table 13Graphing Menu Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .97
Table 14Graph Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100
Table 15Sample Report in T able Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Table 16Elements of a Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132
Table 17Rule T ypes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Table 18Generic Syntax Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Table 19Forcing Switch to Mail Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Alteon Intelligent Traffic Management User’s Guide
12 216392-B
13 Preface
This User’s Guide describes how to use the Alteon Intelligent Traffic
Management (ITM) solution to control traffic traversing the Alteon Application
Switches.
This document describes the features and components of the Alteon ITM solution,
how to configure bandwidth management contracts and policies using the Alteon
Element Management System (EMS) graphical user interface, and monitor traffic
by generating reports.
Alteon Intelligent Traffic Management User’s Guide
14Preface
Related Technical Manuals
You can print selected technical manuals and release notes free, directly from the
Internet. Go to the 9f61ba9b51e79b896802261c/documentation URL. Find the
product for which you need documentation. Then locate the specific category and
model or version for your hardware or software product. Use Adobe Acrobat
Reader to open the manuals and release notes, search for the sections you need,
and print them on most standard printers. Go to Adobe Systems at the
9f61ba9b51e79b896802261c URL to download a free copy of the Adobe Acrobat Reader.
Related publications for this manual are listed below:
?Alteon Intelligent Traffic Management Installation Guide (part number
216391-B)
?Alteon EMS 3.1.2 Online Help (part number 216514-C)
?Using Alteon EMS 3.1.2 (part number 216515-C)
?Alteon Application Switch 22.0.2 Hardware Installation Guide (part number 315396-E)
?Alteon Application Switch 22.0.2 Application Guide (part number 315394-J)
?Alteon Application Switch 22.0.2 Command Reference (part number
315393-J)
216392-B
Preface15 Before You Begin
This guide is intended for network administrators with the following background:
?Basic knowledge of networks, Ethernet bridging, and IP routing
?Familiarity with networking concepts and terminology
?Experience with windows and graphical user interfaces
?Basic knowledge of network topologies
Before using this guide, you must complete the following:
1Install the application switch (see the installation guide that came with your switch).
2Connect the switch to the network.
3Refer to the Alteon ITM Installation Guide and install the Alteon ITM
software.
4Refer to this guide to configure and use Alteon ITM software.
Alteon Intelligent Traffic Management User’s Guide
16Preface
How to Get Help
If you purchased a service contract for your Nortel Networks product from a
distributor or authorized reseller, contact the technical support staff for that
distributor or reseller for assistance.
If you purchased a Nortel Networks service program, contact one of the following
Nortel Networks Technical Solutions Centers:
Technical Solutions Center Telephone
Europe, Middle East, and Africa00800 8008 9009
or
+44 (0) 870 907 9009
North America(800) 4NORTEL or (800) 466-7835
Asia Pacific(61) (2) 9927-8800
China(800) 810-5000
Additional information about the Nortel Networks Technical Solutions Centers is
available from the 9f61ba9b51e79b896802261c/help/contact/global URL.
An Express Routing Code (ERC) is available for many Nortel Networks products
and services. When you use an ERC, your call is routed to a technical support
person who specializes in supporting that product or service. To locate an ERC for
your product or service, go to the 9f61ba9b51e79b896802261c/help/contact/
erc/index URL.
216392-B
17 Chapter1
Overview
This section explains the features and components of the Alteon Intelligent Traffic
Management solution.
Select a T opic
?“What is Alteon Intelligent Traffic Management?” on page18
?“Features” on page19
?“Deploying Alteon ITM” on page20
?“Hardware and Software Requirements” on page22
?“Basic Elements of Traffic Management” on page23
?“Before You Start Managing Traffic” on page32
?“Alteon ITM Components” on page29
?“Traffic Flow in ITM” on page33
?“Application Signature” on page34
Alteon Intelligent Traffic Management User’s Guide
18Chapter1: Overview
What is Alteon Intelligent Traffic Management?
Alteon Intelligent Traffic Management (ITM) is a solution to help you control
network traffic traversing the Alteon Application Switch. The Alteon Intelligent
Traffic Manager is a very robust, reliable and flexible traffic manager that
inspects IP traffic at all layers and accurately identifies traffic enabling you to
implement policies on the classified traffic.
Alteon ITM does much more than allow or deny application traffic. It can detect,
rate limit, deny, or shape all application traffic including peer-to-peer applications
as well as network-based worms and viruses. Alteon ITM uses the following
resources to manage application traffic:
?Flexible deep packet inspection
Looking for simple or complex pattern or groups of patterns in variable
locations in an IP packet.
?Tracking sessions
?Inspecting traffic based on flow
?Collecting data and generating reports
True synergy for Intelligent Traffic Management is achieved by combining the
following attributes—IP flow based inspection, pattern-based recognition, policy
enforcement, and reporting into a cohesive system.
Performance Enhancement
This release of Alteon ITM provides significant improvement in performance
because only one side of the communication needs to be processed as opposed to
the earlier method where both directions were processed. The larger the filter list,
the larger the impact on performance. To avoid inspecting traffic in both
directions, this feature allows the switch to arbitrarily create the session entry in
the opposite direction the traffic was classified on.
In this implementation, a “Reverse Contract” association is supplied and the
returning traffic is classified into a different contract than configured on the
ingress filter, so you can exercise granular control over the application, such as
applying different policies for ingress and egress traffic.
216392-B
Chapter1: Overview19 Features
Alteon Intelligent Traffic Management provides flexibility and choice for
managing all types of traffic:
?Allow traffic
?Deny traffic
?Rate limit traffic
?Shape traffic
?Redirect traffic
?Generate detailed traffic reports and trends
?Change Differentiated Services Code Point (DSCP) value
?Classify non-IP traffic
For example, ITM can combine and enforce the following basic functions,
regardless of the layer 4 port the application is running on:
?Automatic Signature updates
?Allow HTTP
?Deny peer-to-peer uploads
?Rate limit peer-to-peer downloads
?User rate limit traffic (based on source or destination IP address)
?Share bandwidth among contracts
?Configure time policies for contracts
?Allow Instant Messaging chat
?Deny Instant Messaging file transfers
?Guarantee V oice over Internet Protocol (V oIP) traffic
Alteon Intelligent Traffic Management User’s Guide
20Chapter 1: Overview
216392-B Deploying Alteon ITM
The following identifies the capabilities of Alteon ITM and how it can be
deployed in your network:
?
Combat high-profile network worms and viruses. Alteon ITM has the ability to stop the worms without stopping valid application traffic.?
Identify and deny dynamic, port-hopping peer-to-peer applications used in the Enterprise network, or rate limit these applications in provider networks.?
Prevent Spyware applications from sending critical corporate data back to its recipient.?
Specify different enforcement policies based on time of day.?
Create a contract group and share bandwidth among contracts.?
Shape and prioritize critical business application traffic, so that it is not impacted when a new worm attacks the network.?
Deploy Alteon ITM configuration to multiple switches simultaneously.?Monitor all applications and network traffic to facilitate network and
application planning initiatives.
Table 1 shows that Alteon ITM is more than just a peer-to-peer traffic manager.Table 1 Traffic Management Features Features
Description Rate Limiting Limits bandwidth for a specific traffic class. Rate limiting performs a
hard discard of the traffic as soon as the limit is reached. Rate
limiting is efficient if you have 25% or less discards in your traffic.
T raffic Shaping Shapes (smooth) traffic for a given traffic class. T raffic shaping
should be used when you have more than 25% discards or you have
an application that does not respond well to discards.
User Rate Limit Limits bandwidth for specific users. Y ou can define user rate limit
based on source or destination IP address.
Data Capture and Analysis Generate traffic reports and analyze the captured data.
Packet Remarking Change the priority of the packet.
DoS Mitigation
Allows you to reduce load from firewalls by providing policies for well
known DoS attacks (Land, Smurf, Fraggle, Jolt, Blat, and so on)
Chapter 1: Overview
21Alteon Intelligent Traffic Management User’s Guide Emergency Virus
Response
Deny CODE RED, NIMBDA, MSBlast, and other high profile viruses in real-time.Custom Policy Support
Allows you to configure policy attributes such as buffer limits (hard, soft, and reserved limit) or enable TCP Window Resizing.Custom Application
Support Allows you to add or remove any detectable application. Not limited to Nortel or industry-defined applications.Table 1 Traffic Management Features
Features
Description