Documente Academic
Documente Profesional
Documente Cultură
Peakflow SP Solution ®
Internet service providers, cloud providers and enterprises face the common challenge
of meeting increasing user demand for more services and higher availability. Operations
staff, engineering and management need the network intelligence and tools to deal in
real time with events that impact availability. They also need to make the right network
engineering and capacity planning decisions to ensure smooth, efficient operations
in the future as they meet growing demand for services. The Peakflow SP solution
(“Peakflow SP”) is the defacto standard for network intelligence and infrastructure
availability. Peakflow SP protects service availability for more Internet service providers,
more cloud providers and more enterprises than all other solutions combined.
Maintain Performance • Secure Your Infrastructure: Real-time detection and mitigation of security
Gain visibility into key application events enable you to prevent adverse impact on your network, your data
performance metrics such as jitter, centers, your services and your customers.
latency, round-trip time, delay and
packet loss. Spot problems and take • Grow Your Business: Leverage the same Peakflow SP platform used for
action before users notice. network visibility and security to deliver differentiated, profitable, in-cloud
distributed denial of service (DDoS) managed services.
Optimize Resources
Use traffic visibility and comprehensive
reports for better traffic engineering and
faster, more effective troubleshooting. Peering/Transit Edge Backbone Regional Mitigation Center
Reduce transit costs, improve utilization
and intelligently plan for growth.
Peakflow SP Peakflow SP Peakflow SP Threat Management
Collector Platform (CP) 5500 Collector Platform (CP) 5500 System (TMS) 1200/2500/3x00/4x00
Launch Managed Services
Leverage the same Peakflow SP Customer/Hosting Edge
platform used for network visibility
and security to easily provision, deliver Peakflow SP Peakflow SP Peakflow SP Threat Management
and maintain differentiated, profitable, Business Intelligence (BI) Portal Interface (PI) System (TMS) 1200/2500
Central Console for Visibility Peakflow SP Flow Sensor (FS) Managed Service Customers
and Threat Management
Peakflow SP architecture
Consists of five types of appliances: 1) Peakflow SP Collector Platform (CP) appliances in the peering edge or backbone;
2) Peakflow SP Flow Sensor (FS) appliances in the customer aggregation edge; 3) Peakflow SP Business Intelligence (BI)
appliances to increase scalability and add redundancy for managing critical business objects; 4) Peakflow SP Portal Interface (PI)
appliances to increase the scale, redundancy and profitability of Arbor-based managed services; and 5) Peakflow SP Threat
Management System (“Peakflow SP TMS”) appliances deployed in any part of the network to surgically mitigate network threats.
Real-Time Global Threat Peakflow SP tells network operators:
Analysis, From One Console
• Where traffic on their network is coming from and going to.
The Arbor Security Engineering and
Response Team (ASERT) leverages • What routes the traffic takes.
Arbor’s trusted relationships with a • What interfaces and devices are most heavily used.
majority of the world’s Internet service
• Who are the top talkers on the network.
providers to gain unique insight into
global threat activity. ASERT delivers • What are the short- and long-term trends.
multiple benefits to the industry and • What is the traffic forecast.
Arbor customers under an initiative
called the Active Threat Level This reporting is extremely valuable to network operators. It enables efficient and cost-
Analysis System (ATLAS). These effective network engineering that allows operators to make better decisions concerning
benefits include: peering and transit agreements, identify overused or underused devices and circuits, and
ATLAS® Security Portal gain insight into customer usage trends and requirements. Peakflow SP appliances are
The ATLAS security portal (located non-intrusive on the network. They leverage network telemetry provided by routers and
at atlas.arbor.net) provides a real-time switches to deliver key intelligence without relying on inline probes or taps.
view into global threat activity. This
information is easily accessible from
within the Peakflow SP console, Anomaly Detection
allowing service providers to see A core value of Peakflow SP is its ability to generate alerts to anomalies on the network.
how worldwide threat activity may
These anomalies can be indicative of malicious traffic (DDoS), device failures, unusual
be impacting their network.
demand spikes or misconfigurations. These alerts enable operators to spot problems
ATF and AIF quickly, rapidly identify the root cause and take corrective action.
Using ATLAS global monitoring,
Arbor researchers discover emerging
network layer and application layer Denial of Service Protection
attacks and develop appropriate The Peakflow SP Threat Management System (“Peakflow SP TMS”) mitigates DDoS
defenses. These defenses are
attacks by surgically removing attack traffic while allowing legitimate traffic to pass
automatically uploaded to Peakflow
systems via the Atlas Threat Feed normally. It can be deployed inline for “always on” protection. However, unlike other
and the Atlas Intelligence Feed. products, it does not have to be deployed inline.
The distributed nature of DDoS attacks Peakflow SP TMS supports a mitigation architecture called “diversion/reinjection.”
often requires ISPs to work with each In this mode, traffic is redirected to Peakflow SP TMS via routing updates issued by
other to stop these events. To facilitate the Peakflow SP Collector Platform (CP) appliance. Peakflow SP TMS then removes
this collaboration, Arbor created the only the attack traffic from the packet stream and forwards legitimate traffic to its
Fingerprint Sharing Alliance (FSA).
intended destination.
FSA allows service providers to easily
share locally developed defenses This is highly advantageous for service providers, large enterprises and large hosting/
(fingerprints) among their Peakflow
cloud providers. It enables a single Peakflow SP TMS to protect multiple data centers
SP deployments.
from a central location and allows a much more efficient use of mitigation capacity.
Cloud Signaling Technology
SM
Inline devices must inspect all traffic all the time on every monitored link. Peakflow SP
Arbor’s latest advance in DDoS TMS only needs to inspect traffic that is redirected to it—a small subset of the overall
defense provides automated and traffic flowing through larger networks.
coordinated response to attacks
that threaten to both overwhelm
network bandwidth capacity and
data center services.
Attack Traffic
Legitimate Traffic
Peakflow SP Customer
Collector Platform (CP)
Peakflow SP
Threat Management System (TMS)
Internet Service Wireline ISPs use Peakflow SP for network visibility and anti-DDoS functionality Control flash crowds and misbe-
Providers to improve network engineering; better manage peering and transit relationships; having hosts. Peakflow SP provides
(ISPs, MSOs) keep bad or unwanted traffic from consuming network capacity; provide MPLS the tools to detect and manage
visibility to customers; and prevent DDoS attacks from affecting end customers.
demand spikes in order to ensure
continuous service availability.
Mobile Providers Mobile providers use Peakflow SP to protect core infrastructure (GGSNs) and
core services (AAA, DNS) from DDoS and resource-exhausting attacks from the
Internet and from subscribers.
Hosting and Cloud Hosting and cloud providers use Peakflow SP to improve traffic engineering; keep
Providers unwanted traffic from affecting overall service levels; and protect core and customer
operations from DDoS attacks.
Enterprises Enterprises use Peakflow SP to defend online operations against DDoS attacks—
protecting online retail, SaaS, gaming, media and entertainment—and financial services.
Peakflow SP Collector Platform (CP),
Managed Security Pure-play MSSPs, hosting providers and ISPs all use Peakflow SP to provide DDoS Flow Sensor (FS), Business Intelligence
Services Providers protection as a managed service. (BI) and Portal Interface (PI). Each utilizes
the depicted enclosure.
“We’ve been growing Peakflow SP Appliances
with the Peakflow product Summary Description Statistics
set since the beginning Peakflow SP Collector Platform (CP): CP 5500-5, CP 5500-2
when we were a small • Provides central management, reporting and alerting for a • CP 5500-5 collects 50k flows/sec
ISP to now as a global Peakflow SP deployment. from 5 routers.
• Can be used as just a flow data collector or as both a flow • CP 5500-2 collects 50k flows/sec
service provider. Working collector and management platform in a Peakflow SP deployment from 2 routers.
with Arbor has been an
Peakflow SP Flow Sensor (FS): FS 5500
absolute pleasure over the
• Performs collection/analysis functions of the CP appliance except • FS 5500 collects 25k flows/sec
last five years. I would not for BGP peering analysis. from 15 routers.
hesitate recommending
Peakflow SP Portal Interface (PI): PI 5500
the product to anyone who
• Dedicated management platform for Peakflow SP deployments. • Required for Peakflow SP deployments
runs an IP network—either • Offloads management and reporting from the CP appliance. with 5 or more CP appliances.
on a local or global scale.” • Designed for managed services by supporting customer portals, • PI leader device supports up to 125
portal API and more concurrent users. concurrent users.
Christiaan Keet, Network Services • PI supports up to 200 Pravail®
Director, Easynet Global Services appliances for Cloud Signaling.SM
• Dedicated management platform for creating monitored and • Each BI 5500 adds up to 500
protected managed objects (customers, networks, resources). managed objects.
• Increases the scale of a Peakflow SP deployment without having • Up to 20 BI appliances can be added
to add CP appliances. to a Peakflow SP deployment for a
total of 10,000 managed objects.
• Family of DDoS mitigation appliances or embedded in Alcatel • TMS 4000 for up to 40 Gbps mitigation
Lucent 7750 SR or Cisco CRS routers. • TMS 3110 for up to 10 Gbps
• Provides deep packet inspection (DPI), application intelligence • TMS 3050 for up to 5 Gbps
and surgical mitigation of attacks. • TMS 2500 for up to 2.5 Gbps
• TMS 1200 for up to 1.5 Gbps
Features Description
Regulatory RoHS, IEC 60950-1 1st ed., FCC Part 2, FCC Part 15 Subpart B Class A, EN 55022
© 2012 Arbor Networks, Inc. All rights Compliance Class A, EN 55024, EN 61000-3-2, EN 61000-3-3, ETSI EN
reserved. Arbor Networks, the Arbor Networks
logo, Peakflow, ArbOS, How Networks Grow,
Pravail, Arbor Optima, Cloud Signaling, ATLAS
and Arbor Networks. Smart. Available. Secure.
are all trademarks of Arbor Networks, Inc.
All other brands may be the trademarks of
their respective owners.
DS/SP58/EN/1112