In today’s world of rich multi-media content driven applications, more is always better. Or is it? Even with unlimited bandwidth there will always be a bottleneck somewhere. The trick is knowing how to manage the available bandwidth in different parts of your network so that the business critical applications can perform as they need to while still allowing other applications to coexist. The network has become a massively shared medium which we depend on daily. Everything from our favorite music to a missed TV episode, to the supply chain and customer relations data that runs mission critical business needs, is delivered over the same physical network. And while there are many service options internet providers can offer for wide area network connectivity, ultimately it’s up to the IT staff how to make effective use of it the available bandwidth . The well practiced myth is that it’s easier to throw more bandwidth at a network performance problem than do traffic engineering. While often true, it can fall short of solving the problem when all applications look alike to a network device.
Traffic engineering for packet based networks, at best is best-effort since (unlike circuit switching), you don’t typically own the entire path end-to-end. This makes bandwidth guarantees difficult to setup and impossible to obtain. But what if you could simply catalog the applications that are on the network, determine their usage and then make intelligent decisions about how your perimeter security device should treat them? The AppSecure software suite does just that. It leverages built-in technology in the SRX services gateways to deliver application traffic control for better capacity planning. Application Tracking (AppTrack) and Application QoS (AppQoS) are two key features within the AppSecure software suite that address this challenge. Both are based on integrated application identification detection methods that look deep into the packets to classify applications, to different levels, for each session. Through a combination of pattern-based and Heuristics processing, a detailed identification of the applications can be made, including the identification of tunneled traffic. This is an important aspect to keep in mind. While many devices today can make coarse decisions on how to handle traffic with respect to CoS treatment of applications, few do so at the granularity needed in today’s “webafied” world. AppQoS is not intended to replace a customer’s network QoS/CoS deployments, but rather offers a complimentary tool to deal with the application layer traffic.
AppQos simplifies the use of application traffic control by taking a global perspective of the application traffic. Through the creation of AppQoS policies, the admin can assign any number of actions per application and application groups. Diff-serve Control Point (DSCP), Loss-Priority and Rate-Limiting values can be applied. For example, you may want to allow video traffic such as Hulu and YouTube, but limit them to a fixed amount of the available bandwidth regardless of who is accessing them. In other cases, certain applications like Facebook could be prioritized lower so that the system can allow them so long as links are not congested. DSCP marking is also available for managing traffic beyond the SRX. Directionality is also important when deciding to rate limit applications. In most cases, the server-to-client traffic will have a higher traffic volume, but in other cases limiting the client-to-server direction yields better results. AppQoS supports bi-directional control for added flexibility. An additional advantage of AppQos is Hardware based policing on all 1Gbe and 10Gbe interfaces. For extensive Class of Service handling, AppQoS can be combined with Junos CoS, through the assignment of Forwarding Classes.
Not all applications on your network are business critical. In fact, chances are you’d prefer to drop many of them altogether rather than have to keep adding more bandwidth. While over-provisioning can certainly help (in the short-term), better capacity planning by leveraging built-in intelligence from your infrastructure yields smarter long-lasting results. Juniper’s SRX services gateways with AppSecure offers a right combination to today’s ever-growing traffic challenges; service scaling and intelligent traffic control.
Discussing a wide range of topics impacting enterprises and
data center security.