Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
jtomasello

Where did all the bandwidth go?

by Juniper Employee on ‎10-19-2011 11:43 PM

In today’s world of rich multi-media content driven applications, more is always better. Or is it? Even with unlimited bandwidth there will always be a bottleneck somewhere. The trick is knowing how to manage the available bandwidth in different parts of your network so that the business critical applications can perform as they need to while still allowing other applications to coexist. The network has become a massively shared medium which we depend on daily. Everything from our favorite music to a missed TV episode, to the supply chain and customer relations data that runs mission critical business needs, is delivered over the same physical network. And while there are many service options internet providers can offer for wide area network connectivity, ultimately it’s up to the IT staff how to make effective use of it the available bandwidth . The well practiced myth is that it’s easier to throw more bandwidth at a network performance problem than do traffic engineering. While often true, it can fall short of solving the problem when all applications look alike to a network device.

 

Traffic engineering for packet based networks, at best is best-effort since (unlike circuit switching), you don’t typically own the entire path end-to-end. This makes bandwidth guarantees difficult to setup and impossible to obtain. But what if you could simply catalog the applications that are on the network, determine their usage and then make intelligent decisions about how your perimeter security device should treat them?  The AppSecure software suite does just that. It leverages built-in technology in the SRX services gateways to deliver application traffic control for better capacity planning. Application Tracking (AppTrack) and Application QoS (AppQoS) are two key features within the AppSecure software suite that address this challenge. Both are based on integrated application identification detection methods that look deep into the packets to classify applications, to different levels, for each session. Through a combination of pattern-based and Heuristics processing, a detailed identification of the applications can be made, including the identification of tunneled traffic. This is an important aspect to keep in mind. While many devices today can make coarse decisions on how to handle traffic with respect to CoS treatment of applications, few do so at the granularity needed in today’s “webafied” world. AppQoS is not intended to replace a customer’s network QoS/CoS deployments, but rather offers a complimentary tool to deal with the application layer traffic.

 

AppQos simplifies the use of application traffic control by taking a global perspective of the application traffic. Through the creation of AppQoS policies, the admin can assign any number of actions per application and application groups. Diff-serve Control Point (DSCP), Loss-Priority and Rate-Limiting values can be applied. For example, you may want to allow video traffic such as Hulu and YouTube, but limit them to a fixed amount of the available bandwidth regardless of who is accessing them. In other cases, certain applications like Facebook could be prioritized lower so that the system can allow them so long as links are not congested. DSCP marking is also available for managing traffic beyond the SRX. Directionality is also important when deciding to rate limit applications. In most cases, the server-to-client traffic will have a higher traffic volume, but in other cases limiting the client-to-server direction yields better results. AppQoS supports bi-directional control for added flexibility. An additional advantage of AppQos is Hardware based policing on all 1Gbe and 10Gbe interfaces. For extensive Class of Service handling, AppQoS can be combined with Junos CoS, through the assignment of Forwarding Classes.

 

Not all applications on your network are business critical. In fact, chances are you’d prefer to drop many of them altogether rather than have to keep adding more bandwidth. While over-provisioning can certainly help (in the short-term), better capacity planning by leveraging built-in intelligence from your infrastructure yields smarter long-lasting results.  Juniper’s SRX services gateways with AppSecure offers a right combination to today’s ever-growing traffic challenges; service scaling and intelligent traffic control.

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Paul Bristow
Senior Director
Product Management

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Henrik Davidsson
Director
Security Sales

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Steve Hanna
Distinguished Engineer

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.