Solutions Overview Contents
Ixia Solutions Overview...... 4
Broadband Access and Services Testing...... 7 Router and Switch Testing...... 31
Carrier Ethernet Testing ...... 9 Software-Defined Networking...... 34
Data Center / Cloud Testing ...... 11 Router and Switch Testing...... 36
Higher-Speed Ethernet Solutions...... 14 Industrial Ethernet Testing...... 38
IoT Testing...... 16 Chip Design Performance Testing...... 39
IP Network Assessment and Diagnostics...... 18 Network Interface Card Testing...... 40
IP V6 Testing...... 20 Video Testing...... 42
MPLS Testing...... 22 Virtualization Testing...... 44
Multiplay Network Testing...... 24 Voice Testing...... 46
Network Emulation...... 27 Wi-Fi Testing...... 48
Protocol Conformance Testing...... 29 Wireless Network Testing...... 50
Inline Security...... 55 Threat Detection...... 63
Decryption...... 58 Network Security Resilience...... 65
Security Testing...... 60
Find us at www.ixiacom.com Page 2 Network Visibility Architecture...... 68 Hybrid IT Visibility...... 80
Network Visibility Feature Stacks...... 72 Cloud Visibility...... 82
Network Taps and Access...... 74 Visibility for Edge Computing...... 84
Inline Network Visibility...... 76 Active Network Monitoring and Assessment...86
Out-of-band Network Visibility...... 78
Ixia Global Support...... 89
Ixia Professional Services...... 90
Acronyms...... 92
Find us at www.ixiacom.com Page 3 Ixia Solutions Overview
An always-on, always-available internet Ixia was founded in 1997 as an individual experience has fundamentally changed the way company and then acquired by Keysight we do business. Networks are no longer simply Technologies in 2018. We use our vast expertise connected machines providing bits and bytes of in working with our customers to help them uncomplicated data. They are now vast multi- meet their networking goals: technological powerhouses with global reach • Ixia test solutions provide an end-to-end that provide media of all types. We rely on these approach for organizations to test devices networks to reach other people, other places, and systems prior to deployment and and other businesses. assess the performance of cloud and on- Ixia solutions accelerate innovation to connect premises networks and data centers after upgrades or changes. To verify new service and secure the digital world. Our test, visibility, implementation, new device insertion, and security solutions strengthen physical, or network expansion, Ixia test solutions virtual, and cloud networks. Our solutions help organizations perform extensive pre- emulate realistic media-rich traffic and network deployment testing to ensure current conditions so that customers can optimize and network functions are not compromised. validate the design, performance, and security of This testing must be high capacity and their pre-deployment and production networks. must simulate network and application Ixia’s solutions are used across all network types oversubscription to stress network upgrades and designs, from enterprises and government to their limits. agencies to service providers and network • Ixia security solutions allow organizations to equipment manufacturers (NEMs). assess network security and resilience by testing and validating network and security Ixia’s customers benefit from faster time to devices with real-world application traffic and market, optimized application performance, and attacks. higher-quality deployments, ensuring that their networks run stronger. • Organizations can perform assessments before production deployment and in live networks to establish ongoing best practices that harden security by assessing individual devices, networks, and data centers. In operation, Ixia solutions monitor traffic—clear text and encrypted—to keep malware out, enable security tools to be more efficient by filtering out known bad traffic, and ensure security is resilient and highly available.
Find us at www.ixiacom.com Page 4 • Ixia visibility solutions are uniquely positioned • Ixia’s cellular and Wi-Fi test solutions to help organizations manage and monitor address the complex challenges mobile change in their cloud and on-premises operators and their network vendors face networks. Ixia provides 100% access in rolling out high-quality, differentiated without dropping packets, as well as visibility services. Mobile network operators use intelligence, load balancing at line rates, and Ixia’s award-winning LTE, 5G, and Wi-Fi test context knowledge to serve the right data systems and services to subject devices to the right tool. Ixia has the most complete and configurations to high-stress, high- visibility portfolio on the market, allowing our scale conditions and a wide mix of voice, customers to build a visibility architecture video, and data applications. Operators that best fits their network needs today and can evaluate the subscriber experience in in the future. the face of mobility, system overload, and even device failure on a large-city scale. And with the Wi-Fi internet of things (IoT) test solutions, device manufacturers can ensure that their Wi-Fi implementations are robust, cause no interference, and operate as specified. Join our ever-growing customer base of successful service providers, enterprises, NEMs, government agencies, data center operators, and cloud providers. We have offices to serve you all over the world.
To contact us or to get any additional information: TOLL FREE NORTH AMERICA OUTSIDE NORTH AMERICA EMAIL +1.877.367.4942 +1.818.871.1800 [email protected]
Find us at www.ixiacom.com Page 5 CHAPTER 1 Test Solutions
Broadband Access and Services Testing...... 7 Router and Switch Testing...... 31
Carrier Ethernet Testing ...... 9 Software-Defined Networking...... 34
Data Center / Cloud Testing ...... 11 Router and Switch Testing...... 36
Higher-Speed Ethernet Solutions...... 14 Industrial Ethernet Testing...... 38
IoT Testing...... 16 Chip Design Performance Testing...... 39
IP Network Assessment and Diagnostics....18 Network Interface Card Testing...... 40
IP V6 Testing...... 20 Video Testing...... 42
MPLS Testing...... 22 Virtualization Testing...... 44
Multiplay Network Testing...... 24 Voice Testing...... 46
Network Emulation...... 27 Wi-Fi Testing...... 48
Protocol Conformance Testing...... 29 Wireless Network Testing...... 50
CloudStorm 100GE 2-Port Load Module
Find us at www.ixiacom.com Page 6 Broadband Access and Services Testing
SCENARIO
“Broadband” describes high-speed internet Testing services over broadband access is a access for end customers via wireless, cable, critical factor in providing excellent quality of or digital subscriber line (DSL). Broadband experience (QoE) to end users, whether they requires numerous protocols and devices to are enterprises, service providers, or individual work together seamlessly to provide reliable customers. Coupled with this, networks need customer internet access, especially when to support both internet protocol version 4 rolling out new services that consume larger (IPv4) and internet protocol version 6 (IPv6) amounts of bandwidth. Without sufficient testing seamlessly to mitigate the transition risks as of broadband network protocols, equipment, more customers consider the shift to IPv6. and network topologies, business suffers due to unreliable customer access.
Content IP/MPLS servers core Edge/access Home access
Encoder
VoD server
Content Core router Edge BNG/B-RAS Aggregation Access node Residential router system access router (L2) switch (DSLAM or PON OLT) gateway Internet
Internet Internet VoD server SoftSwitch
Find us at www.ixiacom.com Page 7 IXIA SOLUTIONS
Ixia specializes in testing network components SUGGESTED APPLICATIONS and topologies, helping to ensure broadband Full subscriber protocol emulation with wire-rate reliability. Ixia’s platform emulates network traffic generation and applications over subscriber: IxNetwork®/ PPPv4/v6/Dual-Stack PPP (PPPoE, PPPoEoA, protocols and simulates network devices to help IxNetwork VE PPPoA), L2TPv2, ANCP, DHCPv4/v6, SLAAC, IGMP/ MLD/IPTV, 802.1x, Cisco and HP Web-Auth, Cisco answer critical questions, such as: NAC, AppLibrary
Protocol conformance testing with: PPP, L2TP, DH IxANVL™ • Does my broadband implementation conform CPv4/v6, 802.1x L4–7 services testing over broadband access: to industry standards? IxLoad®/ PPPv4/v6, L2TPv2, DHCPv4/v6, SLAAC, 802.1x, IxLoad VE • Does my ANCP implementation allow full Web-Auth, AppLibrary monitoring of my network topology and Precision test instrument for 100GE, 10GE, 1GE, and 100MbE Ethernet impairment to accurately Network Emulation state? emulate network conditions that occur over live production LAN/WAN networks • Can my BRAS, LAC, or LNS scale and still SUGGESTED HARDWARE meet QoS objectives? Testing of 100/50/40/25/10GE over copper multi- Novus™ 100GE mode and single-mode; designed for large-port- • Can I test and verify SLAs? count testbeds • Can my network handle subscriber session L2–7 network and application testing in a portable appliance with up to 16 dual-PHY ports per fixed flapping? Novus ONE PLUS chassis, 3-Speed (10GE/1GE/100M) or 5-Speed (10GE/5GE/2.5GE/1GE/100M) over copper and fiber • Can my network support IPv4/IPv6 media subscribers and services while maintaining High-density, dual-PHY five-speed Novus 10/1GE (10G/5G/2.5G/1G/100M) and three-speed SLAs? Multi-Speed (10G/1G/100M) solutions for ultra-high-scale and performance testing Novus 10/1GE Ultra-high-density, 10G/1G/100M solution for ultra- Ixia helps NEMs and service providers meet 32-Port SFP+ high-scale and performance testing the challenges of broadband deployment and High-density dual-PHY 10G/1G/100M solution for Novus-NP maintenance with award-winning solutions ultra-high-scale and performance testing Highly-scalable 40/10GE and 10/1GE platform to that ensure performance, conformance, and PerfectStorm™ validate application delivery performance and QoE scalability. over access networks Enterprise-ready portable appliance for 40/10GE PerfectStorm and 10/1GE real-world, stress testing with up to ONE™ 80Gbps of application traffic Cloud-scale, multi-terabit 100GE, 50GE, 25GE, and CloudStorm™ 40/10GE platform to validate application delivery and network security Reduces space requirements and simplifies XGS12™ Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU
XGS2™ Chassis Two-slot ultra–high–performance 3RU Chassis
Find us at www.ixiacom.com Page 8 Carrier Ethernet Testing
SCENARIO
Carrier Ethernet services are growing rapidly, The Metro Ethernet Forum (MEF) has defined driven by next-generation virtual private network technical specifications to advance the (VPN) services and mobile backhaul. A suite development and deployment of Carrier Ethernet of protocols is required to achieve carrier- services. grade scale, reliability, and management. • MEF 9 outlines conformance-oriented service Carrier Ethernet requires the use of Ethernet testing and is the basis for performance tests at the user-to-network interface (UNI) and can • MEF 14 defines testing of performance be delivered via a variety of metro and core service attributes, including QoS functional technologies, including an IP/multiprotocol label requirements switching (MPLS) core. • MEF 21, 24, and 25 constitute a test suite for UNI type 2, including link OAM, E-LMI, service OAM, protection, enhanced UNI attributes, and L2CP handling
IXIA PORTS CFM IXIA PORTS OAM OAM
E-line services Residential access
E-LAN services
Business access
Metro Core Metro network network network
ALEXANDRE RAYMOND Senior VP of Product Development, Orthogone Technologies We’ve teamed with the best in the industry to help us validate and measure the performance of our Ethernet MAC and PCS IP cores.
Find us at www.ixiacom.com Page 9 As the demand for Carrier Ethernet private SUGGESTED APPLICATIONS line (E-Line) and Ethernet transparent local Full L2/3 testing with wire-rate traffic generation and protocol emulation: area network (E-LAN) services continues to • MPLS, VPLS, BFD (bidirectional forwarding grow, so does the need for fault management. detection) • VLAN (802.1Q), QinQ (802.1ad), PBB-TE Ethernet operation, administration, and IxNetwork/ (802.1Qay), PBB/MAC-in-MAC (802.1ah), maintenance (OAM) covers Ethernet link IxNetwork VE RSTP/MSTP, LACP, MVRP/MMRP • Link OAM (802.3ah), Service OAM (IEEE monitoring and diagnosis. Ethernet connectivity 802.1ag/ITU-T Y.1731), E-LMI (MEF 16), ITU-T Y.1564 fault management (CFM) defines protocols that • 1588v2 (IEEE), ESMC for Synchronous monitor end-to-end services. Ethernet (ITU-T), CES (MEF18) Protocol conformance testing, with: • MEF9, MEF21, MEF24, and MEF25 IxANVL conformance suites • PBB, 802.1Q, and MVRP/MMRP conformance IXIA SOLUTIONS suites Stress infrastructure using peak application user BreakingPoint® / load from hundreds of applications Ixia’s MEF conformance tests verify both BreakingPoint VE to configure virtualized environments for optimal Carrier Ethernet conformance requirements and performance and capacity Precision test instrument for 100GE, 10GE, 1GE, network performance. and 100MbE Ethernet impairment to accurately Network Emulation emulate network conditions that occur over live IxANVL has the widest coverage of Carrier production LAN/WAN network Ethernet and MEF conformance in the industry. SUGGESTED HARDWARE Testing of 100/50/40/25/10GE over copper multi- Ixia emulation functionality tests common Novus 100GE mode and single-mode; designed for large-port- Carrier Ethernet routing protocols, including count testbeds L2–7 network and application testing in a MPLS, Layer 2 (L2) switching, and provider portable appliance with up to 16 dual-PHY ports Novus ONE PLUS per fixed chassis, 3-Speed (10GE/1GE/100M) backbone bridge traffic engineering (PBB-TE). or 5-Speed (10GE/5GE/2.5GE/1GE/100M) over Ixia’s solutions include support for Institute copper and fiber media High-density, dual-PHY five-speed of Electrical and Electronics Engineers (IEEE) Novus 10/1GE (10G/5G/2.5G/1G/100M) and three-speed 802.3ah, IEEE 802.1ag, and International Multi-Speed (10G/1G/100M) solutions for ultra-high-scale and performance testing Telecommunication Union Telecommunications Ultra-high-density, three-speed (10G/1G/100M) Novus 10/1GE 32- solution for ultra-high-scale and performance (ITU-T) Standard Y.1731. Port SFP+ testing Highly-scalable 40/10GE and 10/1GE platform PerfectStorm to validate application delivery performance and QoE over access networks Enterprise-ready portable appliance for 40/10GE PerfectStorm ONE and 10/1GE real-world, high-stress testing up to 80Gbps of application traffic Cloud-scale, multi-terabit 100GE, 50GE, 25GE, CloudStorm and 40/10GE platform to validate application delivery and network security Reduces space requirements and simplifies XGS12 Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU
XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis
Find us at www.ixiacom.com Page 10 Data Center / Cloud Testing
SCENARIO
The adoption of cloud computing is being driven Each area has specialized testing requirements: by the proliferation of rich internet applications, • Virtualization – Assessing data center anywhere broadband access, and infrastructure virtual infrastructure elasticity and capacity elasticity enabled by virtualization. As consumers requires tools that can test in the context of and enterprises become more dependent on an end-to-end environment, measuring the services and applications running in the cloud, performance of virtual switches, firewalls, and network performance becomes a key metric to servers, in addition to generating a diverse ensuring end-user QoE and key service level set of client–server, server–server, and server– agreement (SLA) requirements are met. storage application traffic originating from both within and outside of VMs Proper handling of Ethernet traffic categorized • IP CLOS fabric and ECMP – IP CLOS fabric as north–south traffic or east–west traffic is with ECMP is critical to provide agility, critical to data center performance—requiring flexibility, and high availability data center a variety of testing and techniques. Individual networks—fabric forwarding and failover must components, sub-systems, and the data be tested thoroughly under scale center, as a whole, must be tested to ensure dependable capacity, flexible performance, and high security.
Internet
Virtualized servers
Classic Ethernet
FCoE switch
Storage area network Lossless Ethernet
Find us at www.ixiacom.com Page 11 • Unified physical and virtual infrastructure IxLoad supports an extensive library of multi- for compute and storage – As data and play protocols, realistic subscriber modeling applications are migrated to the cloud and capabilities, and the industry’s highest leverage virtualized server infrastructures, application scale for assessing device under it is essential to measure application test/system under test (DUT/SUT) performance performance through all stages—on- and end-user QoE. premises physical servers, VMs, and a fully- hosted cloud BreakingPoint addresses application controller, • End-to-end service delivery – Measurement application delivery, and deep packet inspection of end-to-end transactional latencies (DPI) requirements and key differentiators and application throughput across voice, through the emulation of hundreds of video, and data applications is essential to applications, live malware, and user behavior. ascertaining the collective impact that data center storage, network, and computer Ixia Virtualized Testing infrastructures have on end-user QoE Ixia’s virtualization testing solution offers a user- • Security – The increasing use of virtualized friendly interface for virtual ports management, cloud infrastructures in enterprise and which supports asset discovery through service provider data centers introduces integration with popular virtualization platforms. unforeseen security issues that require comprehensive and continuous testing to Ixia’s virtualized testing solution tests: detect and overcome • Virtualized server capacity • Higher-speed, more bandwidth – Rapid • Service scalability and elasticity expansion of intra– and inter-data center Ethernet traffic means that 40, 100, and • Virtualized switching and firewall even 400GE interfaces will need to be tested performance • Virtual desktop infrastructure • Virtual or physical devices with a realistic IXIA SOLUTIONS mixture of application and data storage traffic using stateful L4-7 traffic generation Ixia’s solutions address the testing challenges of • IP functionality and convergence in virtual application-aware devices and service-delivery environments, including QoS, VM migration, infrastructures. IxNetwork validates data center VLAN leakage, and IGMP group join/leave underlay and overlay network infrastructure with latencies using L2-3 protocol emulation and rich protocol emulations from BGP, VXLAN, traffic and FCoE to various technology innovations for • I/O storage for CNA manufacturers software-defined data center networks. • L2MP • NFV • Underlay and overlay network
Find us at www.ixiacom.com Page 12 IXIA VE SOLUTIONS
Ixia’s Virtual Editions (VEs) of IxNetwork, IxLoad, SUGGESTED APPLICATIONS and BreakingPoint validate the performance of Emulate Leaf/Spine switch, server/VM, and east-west/north-south traffic to validate the virtual and physical data center infrastructures. performance and robustness of underlay and overlay network infrastructures. VE provides a software-based version of Ixia’s • Virtualization overlay VXLAN/NVGRE/ traditional hardware ports and enables cost- IxNetwork GENEVE /IxNetwork VE • Overlay provision with EVPN and OVSDB effective functional testing. These ports are easy • Underlay with BGP/ISIS/OSPF and to deploy in a virtual environment and allow for Segment Routing • Data Center Ethernet with L2MP and quick scaling and test configuration changes. DCBX/FCoE Delivers comprehensive functional and They also facilitate scaling of the test software to performance testing to validate user QoE in physical and virtual networks. IxLoad VE earlier in the development process, during which emulates Web, video, voice, storage, VPN, IxLoad/IxLoad VE wireless, infrastructure, and encapsulation/ performance loading (which requires hardware) security protocols to create realistic scenarios is not needed. to measure the QoE of services delivered over virtual and physical infrastructures. Stress data center/cloud infrastructures using BreakingPoint/ peak application user load from hundreds of BreakingPoint VE applications to configure virtualized environments for optimal performance and capacity Precision test instrument for 100GE, 10GE, 1GE, and 100MbE Ethernet impairment to accurately Network Emulation IxNetwork IxLoad BreakingPoint emulate network conditions that occur over live production LAN/WAN network SUGGESTED HARDWARE
Testing of 100/50/40/25/10GE over copper Novus 100GE multi-mode and single-mode; designed for large-port-count testbeds Network Novus 100GE L2–7 network and application testing in a Novus ONE Emulator II QSFP28 portable appliance with up to 16 dual-PHY ports Novus ONE PLUS per fixed chassis, 3-Speed (10GE/1GE/100M) or 5-Speed (10GE/5GE/2.5GE/1GE/100M) over copper and fiber media High-density, dual-PHY five-speed Novus 10/1GE Multi- (10G/5G/2.5G/1G/100M) and three-speed Novus 10/1GE Novus 10/1GE Speed (10G/1G/100M) solutions for ultra-high-scale PerfectStorm Multi-Speed 32-Port SFP+ and performance testing Ultra-high-density, three-speed (10G/1G/100M) Novus 10/1GE 32-Port solution for ultra-high-scale and performance SFP+ testing Highly-scalable 40/10GE and 10/1GE platform PerfectStorm to validate application delivery performance and PerfectStorm ONE CloudStorm QoE over access networks Enterprise-ready portable appliance for 40/10GE XGS12 PerfectStorm ONE and 10/1GE real-world, high-stress testing with up to 80Gbps of application traffic Cloud-scale, multi-terabit 100GE, 50GE, 25GE, CloudStorm and 40/10GE platform to validate application delivery and network security Reduces space requirements and simplifies XGS2 XGS12 Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU
XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis
Find us at www.ixiacom.com Page 13 Higher-Speed Ethernet Solutions
HSE TESTING
Ixia is the leading provider of test solutions CloudStorm is Ixia’s industry-first 2.4 terabit for higher-speed Ethernet (HSE) components, application and security test solution that meets networks, devices, and systems. Our today’s needs and that of the future. CloudStorm application-focused family of load modules delivers more than 33% better application and offers you the industry’s most scalable solution secure sockets layer (SSL) emulation scale over for testing switches and routers, converged any other test system. Each CloudStorm load multi-play services, application delivery module supports two native QSFP28 100GE platforms, and network security for both wired interfaces with an innovative architecture and wireless networks. that allows concurrent emulation of complex applications, unprecedented SSL encrypted AresONE and K400 are the world’s first 400Gbps applications, and a large volume of distributed HSE test solutions to meet the growing denial of service (DDoS) traffic to validate that bandwidth requirements of ever-evolving data your network infrastructure is high performing networks. Leading the way to a new testing and secure. paradigm, Ixia’s solutions help NEMs shorten development and test time—accelerating the development of 400GE networking hardware, chips, and transceivers.
Find us at www.ixiacom.com Page 14 SUGGESTED HSE LOAD MODULES
400GE and 100GE/50GE/25GE
• AresONE high-density 400GE • K400 400GE • A400GE-QDD 400GE • CloudStorm 100/50/25GE • Novus, Novus-M, Novus-R 100/50/40/25/10GE • Xcellon-Multis 100/50/25GE
100GE/40GE
• Xcellon-Multis Enhanced 100GE • Xcellon-Lava Dual-Speed 100/40GE
40GE/10GE
• CloudStorm 40/10GE • PerfectStorm 40/10GE • PerfectStorm ONE 40/10GE • Xcellon-Multis 40/10GE • Xcellon-Flex 40GE
AresONE 400GE K400 400GE A400GE-QDD BER Tester CloudStorm 100/20/25/40/10GE
Novus 100GE QSFP28 Xcellon-Multis QSFP28 Enhanced Xcellon-Multis Xcellon-Lava Dual-Speed CFP4 Enhanced
PerfectStorm 40/10GE PerfectStorm ONE 40GE Xcellon-Multis QSFP Xcellon-Flex Combo
Find us at www.ixiacom.com Page 15 IoT Testing
SCENARIO
Wi-Fi is now running mission-critical applications Customers will be able to better assess their in homes, offices, hospitals, and many other wireless IoT implementations by being able to do places. Mission-critical applications require the following: high-performing Wi-Fi devices to maximize • Build robust, high-performance client devices uptime and improve user experience. However, using fully configurable simulators and an most Wi-Fi IoT devices are still only qualified exhaustive built-in test library with basic throughput test cases. This woefully • Simplify testbeds with an integrated product inadequate test strategy exposes companies that also drastically cuts costs and time to the risk of business applications failing in the associated with setting up and maintaining field. testbeds IXIA SOLUTIONS • Easily achieve network scale with built-in golden AP and client simulation to build To meet user expectations better ecosystem client devices for anywhere, anytime • Reduce debugging cycles with real-time access to mission-critical L1–7 statistics and KPIs applications, Wi-Fi IoT • Improve release cycles with an automated device vendors need a testbed comprehensive test strategy. Ixia IoT enables users Ixia’s IoT test solution introduces a staged test to characterize IoT device performance over approach for comprehensively characterizing IoT distance, channel models, roaming, ecosystems, device performance before release. and interference, while validating interoperability, stability, and functionality. We have designed Ixia STAGE 1 STAGE 2 IoT to validate Wi-Fi devices with a staged test approach that addresses the needs of teams involved in the early stages of the product life cycle (design/development), as well as the later stages of the product life cycle (pre-deployment/ GOLDEN AP integration/support). R & D teams • Fully configurable AP • Limit variables INTEROP TESTING Capabilities • Repeatability and predictability Integration & support teams • Baseline performance • Real APs • Validate functionality • Real traffic – telemetry, etc. Capabilities • Replicate support issues • Certify field readiness • Get the field perspective in lab
Find us at www.ixiacom.com Page 16 The first stage, design and development, SUGGESTED APPLICATIONS involves a golden access point (AP) model, Comprehensive test and assessment for Ixia IoT where the entire network (the AP and the IoT devices distribution network) and test conditions are SUGGESTED HARDWARE Golden AP Simulation Load WBX5, WBL5, RFX5, WBI5 simulated. Ixia’s custom-designed hardware Modules drives much of this simulation, making it a highly Golden Client Load Module WBX5, WBL5, RFX5, WBI5 reliable and precise testbed. This model gives WLAN Interference a high degree of repeatability and predictability WBX5, WBL5, RFX5, WBI5 Simulation Load Module to the tester, and it is ideal for baselining and Nine-slot or two-slot chassis for golden benchmarking the performance of devices under IxVeriWave™ Chassis AP, Golden Client, and WLAN Interference Simulation load modules various conditions.
Ixia IoT provides:
• Fully configurable golden AP with support for 4x4 MIMO and full line-rate throughput • Real APs, applications, and traffic for interoperability testing • Built-in tests for characterizing performance over distance, roams, ecosystems, interference, and data plane traffic • Channel modeling based on TGn specifications • Real-time L1–7 statistics and KPIs
Find us at www.ixiacom.com Page 17 IP Network Assessment and Diagnostics
SCENARIO
As networks and applications grow in size and When problems are reported, tests are run from complexity, maintaining network performance central management points, such as the network becomes mission critical. New applications operations center, and results are analyzed introduce potential network bottlenecks that to identify network bottlenecks and degraded must be quickly identified and corrected. With services. the frequency of network changes, the flexibility IxChariot tests devices or wide area network and availability of network assessment tools is (WAN) links to verify key metrics, such essential. as latency, failover time, packet loss, and IXIA SOLUTIONS throughput. IxChariot works with any size network/device and is capable of simulating With IxChariot™, Ixia provides high-precision hundreds of supplied protocols across analysis and troubleshooting of application thousands of network endpoints. Using performance across network backbones. Thin sophisticated traffic patterns with optional endpoint clients, called Performance Endpoints, quality of service (QoS) variations, IxChariot run on most computer operating systems and measures throughput, jitter, packet loss, end- are deployed at key nodes within a network. A to-end delay, mean opinion score (MOS), and mixture of real-world traffic profiles, including medium dependent interface (MDI). multiplay services, is used to characterize network behavior.
Find us at www.ixiacom.com Page 18 The IxChariot console is available in two editions. SAMPLE OF IXCHARIOT-SUPPORTED PROTOCOLS
The IxChariot Server Edition is hosted on a Linux Topic Supported Protocols server and is accessed through a web interface. Management Citrix and Microsoft Remote Desktop The IxChariot Desktop Edition is installed as a Database Oracle, SAP, and SQL Server heavy client on Windows personal computers E-mail Microsoft Exchange, POP, and Lotus Notes (PCs) or servers. Both editions share the same P2P Kazaa, BitTorrent RealMedia, NetMeeting, AIM, ICQ, MSN IM, Online meeting licensing and are compatible with the same Messenger, Yahoo Messenger endpoints, so each user can select the best Data HTTP, FTP, DNS, NNTP, POP, Telnet option for their use case. SUGGESTED APPLICATIONS AND PLATFORMS
Network assessment software with test scripts for more than 170 protocols, available in: • Server Edition -installed on server or in the IxChariot cloud, users access with a Web browser • Desktop Edition -installed as a Windows application
Works with IxChariot to provide: • Active network and application assessment and monitoring • Advanced routing support XR2000 and XRPi • Active traffic generation supporting 150+ Hardware Endpoint applications • Up to line-rate generation • Endpoint-to-endpoint tests: UDP, TCP traffic, voice, video, and traffic mixes
Supplied software endpoints for a wide variety of operating systems, including: • Microsoft Windows • Windows CE/Mobile Test Endpoints • Linux, including Embedded Linux • Unix • Mac OS, IOS • Android • Virtual machines in hypervisors or cloud
Find us at www.ixiacom.com Page 19 IP V6 Testing
IPv6 tunnel
IPv6 CE IPv4/IPv6 network CE network IPv6/IPv4 tunnel
CE CE CE P P PE PE
IPv6/GRE tunnel WIRELESS BROADBAND PE P P PE CE CE CE IPv4/IPv6 IP/MPLS CORE IPv4/IPv6 wireless broadband access access CE CE
SCENARIO IXIA SOLUTIONS
IPv4 addresses are exhausted, and Ixia equips NEMs and service providers with test organizations are shifting to IPv6. Given the plans and tools to fully evaluate the readiness extent to which IPv4 addresses are embedded of each device, system, or end-to-end network. in networks and applications, IPv4 and IPv6 Testing will answer critical questions such as: addresses will coexist for decades. Upgraded • Can my system correctly assign and scale network architectures need to support IPv4 and IPv4 and IPv6 addresses for internet access? IPv6 technologies and associated transition/ translation mechanisms and must scale to • Is my system capable of ensuring QoS for both IPv4 and IPv6 traffic for increasing accommodate a significant increase in clients subscribers and load? and services. • Are my tunneling and translation IPv6 testing requires emulating the full range implementations robust? of protocols used in today’s IPv4, IPv6, and • What is my NAT table capacity and transitional dual-stack networks, as well as forwarding performance? fully stressing the data plane and associated • How is application responsiveness and tunneling/translation implementations of each performance impacted when transition or device. translation mechanisms are pushed to their limits? • Is my dual-stack core network capable of supporting the increased load of mixed IPv4/ IPv6 routing?
Find us at www.ixiacom.com Page 20 SUGGESTED APPLICATIONS
Full L2–3 switch and router testing, with optional traffic generation and protocols: • Routing/MPLS – BGP4/BGP4+, OSPFv2/ OSPFv3, ISISv4/ISISv6, RIP/RIPng, PIM-SM/SSMv4, PIM-SM/ IxNetwork/ SSMv6, LDPv4/v6, RSVP-TE, Segment Routing v6 IxNetwork VE • Broadband access – PPPv4/v6/ dual-stack PPP, DHCPv4 client/server, DHCPv6 client/ server, PPPv4/ PPPv6/dual-stack PPP over L2TPv2 LAC and LNS, IGMP/MLD, IPv6 stateless auto-configuration (SLAAC) Protocol conformance testing, with: • Routing – RIP, RIPng, OSPFv2/v3, ISISv4/v6, BGP-4, BGP4+ • MPLS – RSVP-TE, RSVP-TE P2MP, LDP, VPWS/PWE3, VPLS-LDP, VPLS-BGP, L3 MPLS VPN, 6VPE IxANVL • IP multicast – IGMPv1/v2/v3, MLDv1/v2, PIM-SM/ SSMv4/v6, PIM-BSR • Switching – STP/RSTP, MSTP, link aggregation (LACP) • Broadband – PPPoX, DHCPv4 client/server, DHCPv6 client/server, L2TPv2
Comprehensive and scalable support for IPv6 service IxLoad/ emulations and transition technologies, such as 6RD/ IxLoad VE DSLite, SLAAC, and PPTP
Stress data center/cloud infrastructures using peak BreakingPoint/ application user load from hundreds of applications to BreakingPoint VE configure virtualized environments for optimal performance and capacity
SUGGESTED HARDWARE 400/200/100/50GE Ethernet QSFP-DD and OSFP FEC, AresONE FEC symbol error injection, and L1 BERT testing and the broadest L2/3 protocol coverage Testing of 100/50/40/25/10GE over copper multi-mode and Novus 100GE single-mode; designed for large-port-count testbeds L2–7 network and application testing in a portable appliance with up to 16 dual-PHY ports per fixed chassis, 3-Speed Novus ONE PLUS (10GE/1GE/ 100M) or 5-Speed (10GE/5GE/2.5GE/1GE/ 100M) over copper and fiber media High-density, dual-PHY five-speed (10G/5G/2.5G/1G/100M) Novus 10/1GE Multi- and three-speed (10G/1G/100M) solutions for ultra-high- Speed scale and performance testing Novus 10/1GE 32- Ultra-high-density, three-speed (10G/1G/100M) solution for Port SFP+ ultra-high-scale and performance testing High-density dual-PHY 10G/1G/100M tri-speed solution for Novus-NP ultra-high-scale and performance testing Highly-scalable 40/10GE and 10/1GE platform to validate PerfectStorm application delivery performance and QoE over access networks Enterprise-ready portable appliance for 40/10GE and PerfectStorm ONE 10/1GE real-world, high-stress testing with up to 80Gbps of application traffic Cloud-scale, multi-terabit 100GE, 50GE, 25GE, and CloudStorm 40/10GE platform to validate application delivery and network security Reduces space requirements and simplifies management XGS12 Chassis for high-port-density 400/100/50/40/25/10/1GE testing in 11RU
XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis
Find us at www.ixiacom.com Page 21 MPLS Testing
Mobile backhaul
Edge router Cell site BNG gateway Edge router BRAS Core router Home DSLAM gateway MSAN CPE Edge Ethernet router aggregation switch Core Content servers Broadband access aggregation
Business access CPE
MPLS
SCENARIO
Driven by massive growth in data traffic, service As MPLS-based technologies and services providers are moving toward a single packet continue to evolve, deploy, and increase in network infrastructure that supports multiple scale, the test challenges become increasingly services at lower operational costs. complex. The adoption of SDN also provides technology innovation to enhance MPLS Success and familiarity with MPLS in the core network for better traffic engineering with is driving service providers to deploy it with optimization, efficiency, and agility. non-core network services, such as access, aggregation, and backhaul networks supporting Ixia continues to provide the most broadband, business, and mobility services. comprehensive test capability for validating the MPLS infrastructure and the services it supports. Additionally, MPLS-transport profile (MPLS-TP) enables connection-oriented packet transport to meet the growing demand. MPLS is under active development, with new mechanisms and applications emerging from the standards bodies, continually increasing its popularity.
Find us at www.ixiacom.com Page 22 IXIA SOLUTIONS
Ixia helps answer critical MPLS questions, SUGGESTED APPLICATIONS such as: Full L2–3 switch and router testing, with protocol emulations and integrated traffic generation, including: • Can my device or network reliably deliver • Routing and switching • MPLS signaling multiple MPLS-based VPN services—L2, L3 • IP multicast (unicast, multicast)—simultaneously? IxNetwork/ • L2VPN (VPLS and VPWS), L3VPN, Ethernet VPN, IxNetwork VE Multicast VPN • Does my device maintain thousands of MPLS • Segment Routing, PCEP, BGP-LS, , BGP SR-TE tunnels and pseudo-wires with the required Policy • MPLS-TP and LISP level of forwarding performance? • High availability and convergence • Are MPLS-TP features working properly? • IPv4/IPv6 traffic generation Protocol conformance testing, with: • RIP/NG, OSPFv2/v3, BGP4/4+, ISISv4/v6, VRRP • Can I interoperate with other vendors? IxANVL • LDP, RSVP-TE, MPLS, PWE3, L2 VPN, L3 VPN, • Does my device conform to the latest MPLS- VPLS, LSP-Ping, VCCV, mLDP related standards? Precision test instrument for 100GE, 10GE, 1GE, and Network 100MbE Ethernet impairment to accurately emulate • Does MPLS traffic engineering provide sub- Emulator network conditions that occur over live production LAN/ WAN networks 50ms recovery? SUGGESTED HARDWARE 400/200/100/50GE Ethernet QSFP-DD and OSFP AresONE FEC, FEC symbol error injection, and L1 BERT testing and the broadest L2/3 protocol coverage Testing of 100/50/40/25/10GE over copper multi- Novus 100GE mode and single-mode; designed for large-port-count testbeds L2–7 network and application testing in a portable appliance with up to 16 dual-PHY ports per fixed Novus ONE chassis, 3-Speed (10GE/1GE/100M) or 5-Speed PLUS (10GE/5GE/2.5GE/1GE/100M) over copper and fiber media High-density, dual-PHY five-speed Novus 10/1GE (10G/5G/2.5G/1G/100M) and three-speed Multi-Speed (10G/1G/100M) solutions for ultra-high-scale and performance testing Novus 10/1GE Ultra-high-density, three-speed (10G/1G/100M) solution 32-Port SFP+ for ultra-high-scale and performance testing Reduces space requirements and simplifies XGS12 Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU
XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis
Find us at www.ixiacom.com Page 23 Multiplay Network Testing
SCENARIO
Media convergence is fueling the growth and Equipment vendors need a comprehensive test complexity of today’s IP networks. To effectively solution for validating the functional capabilities, compete, service providers must deliver performance, and scalability of their next- differentiated multiplay services, including voice generation hardware platforms. Enterprises and over IP (VoIP), peer-to-peer (P2P) gaming, IP service providers face similar challenges as they television (IPTV), streaming media, high-speed attempt to ensure that their networks can deliver internet, and mobile services over converged on performance and availability requirements, networks. There are numerous challenges while maintaining proper QoS for all mission- associated with the delivery of multiplay services critical data, voice, and video traffic. due to the different characteristics of voice, PROTOCOL OPTIONS video, and data traffic: HTTP/2, HTTP (1.0/1.1), SSLv2, SSLv3, TLSv1.1, TLS Data 1.2, TCP, FTP, TFTP, SMTP, POP3, IMAP, Database, • Voice traffic consumes fairly low bandwidth SMB, NFS, iSCSI, DNS, DHCP, LDAP and RADIUS but is highly sensitive to network jitter IGMPv2/3, MLDv1/2, RTSP, RTP/UDP, Adobe Flash • Video services require a steady stream of Video Player, Microsoft Silverlight Player, Apple HLS Player, high-bandwidth traffic and are severely Adobe HDS, and MPEG DASH impacted by packet reordering and loss SIP, WebRTC, MGCP, H.323, H.248 (Megaco), Cisco SCCP (Skinny), RTP and SRTP, Audio, Conversational Voice • Data services, such as Web browsing, file Video, File Transfer (MSRP)—only with SIP and Fax over IP (T.38) (only with SIP) transfer, and other end user interactive AppReplay – Replays stateful and stateless captures to applications, have varying requirements Replay Traffic simulate emerging and proprietary internet traffic Proper QoS provisioning, performance analysis, AppLibrary – A continually expanding and updated library Application of pre-defined application flows and application mixes of and capacity planning are key requirements Mixes the most current internet applications for ensuring a successful service rollout and sustained growth.
Today’s data center networks support a complex application delivery infrastructure that must recognize, prioritize, and manage application traffic with differentiated classes of service. The emergence of integrated service routers (ISRs), application-aware firewalls, server load balancers, WAN accelerators, and devices that use DPI enable service providers to deliver superior application performance and security while improving user QoE.
Find us at www.ixiacom.com Page 24 IXIA SOLUTIONS
The requirements for testing application-aware IxLoad emulates subscribers with a complete devices are complex and resource-intensive. mix of multiplay traffic, measures the scalability You need to exercise devices beyond their limits of the converged service delivery infrastructure, to ensure optimal functionality, performance, validates the impact of P2P on revenue- availability, and reliability. generating services, such as IPTV and VoIP, and ensures QoE on a per-subscriber and/or per- Ixia’s IxLoad is the industry’s most scalable service basis. and integrated solution for converged multiplay service delivery testing. IxLoad enables application performance testing using: It is an ideal solution for assessing the performance of application-aware DPI-capable • Realistic stateful emulation of application devices. services • Application replay to record and replay IxLoad delivers multiplay service emulation in a stateful transactions to test devices that single testbed, including IPTV/video on demand handle emerging and proprietary protocols (VoD), VoIP, P2P, Web, file transfer protocol (FTP), streaming, and e-mail. Ixia’s platform • QoE detective for granular instant insight into per-user, per-IP, and per-VLAN issues delivers ultra–high performance that scales to millions of subscribers. Subscriber modeling BreakingPoint and IxNetwork solutions also accomplishes true traffic testing by emulating complement IxLoad’s functionality. dynamic user community behavior. IxLoad generates per-subscriber QoE analysis on key IxNetwork provides wire-rate traffic generation metrics, including video and audio quality, with service modeling that builds realistic, channel change times, application latency, and dynamically controllable data plane traffic. It response times. also offers the industry’s best test solution for functional and performance testing by using IxLoad supports authentication, authorization, comprehensive emulation for routing, switching, and accounting (AAA)/remote authentication MPLS, IP multicast, broadband, authentication, dial-in user service (RADIUS) services, domain Carrier Ethernet, and data center bridging (DCB) name system (DNS), dynamic host configuration protocols. protocol (DHCP), and lightweight directory access protocol (LDAP) to assess critical BreakingPoint enables the creation of real- infrastructure components. It uses DDoS and world legitimate traffic with full control of the vulnerability attack traffic generation to validate load capacity and detailed per-simulated host the impact of malicious traffic on multiplay reporting. And it offers robust common internet services. file system (CIFS) and web application testing capabilities for WAN acceleration.
Find us at www.ixiacom.com Page 25 SUGGESTED APPLICATIONS
Delivers comprehensive performance testing for validating user QoE of multiplay services. IxLoad IxLoad/ works by emulating Web, video, voice, storage, IxLoad VE VPN, wireless, infrastructure, and encapsulation/ security protocols to create realistic scenarios. IxLoad IxNetwork Full L2–3 switch and router testing, with optional protocols: • Routing protocols IxNetwork/ • Integrated broadband access protocol IxNetwork VE emulation with service traffic generation testing • Application traffic over routes Stress data center/cloud infrastructures using BreakingPoint/ peak application user load from hundreds of BreakingPoint Network Emulator II BreakingPoint VE applications to configure virtualized environments for optimal performance and capacity Precision test instrument for 100GE, 10GE, 1GE, and 100MbE Ethernet impairment to accurately Network Emulation emulate network conditions that occur over live production LAN/WAN networks SUGGESTED HARDWARE PerfectStorm PerfectStorm ONE
Highly-scalable 40/10GE and 10/1GE platform PerfectStorm to validate application delivery performance and QoE over access networks Enterprise-ready portable appliance for 40/10GE PerfectStorm ONE and 10/1GE real-world, high-stress testing with up to 80Gbps of application traffic CloudStorm XGS2 Cloud-scale, multi-terabit 100GE, 50GE, 25GE, CloudStorm and 40/10GE platform to validate application delivery and network security L2–7 network and application testing in a portable appliance with up to 16 dual-PHY ports Novus ONE PLUS per fixed chassis, 3-Speed (10GE/1GE/100M) or 5-Speed (10GE/5GE/2.5GE/1GE/100M) over copper and fiber media Novus ONE XGS12 High-density dual-PHY 10G/1G/100M tri-speed Novus-NP solution for high-scale and performance testing Reduces space requirements and simplifies XGS12 Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU
XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis Novus-NP 10G/1G/100M
Find us at www.ixiacom.com Page 26 Network Emulation
SCENARIO IXIA SOLUTIONS
As customers develop or deploy new products, Ixia’s Network Emulator II is a precision test they need assurance that those products will instrument for 10GE, 1GE, and 100MbE function properly in real network conditions impairment. The device allows users to that occur in live-production local area network accurately emulate the real network conditions (LAN)/WAN networks. In live networks, the that occur over live-production LAN/WAN network or the application may experience networks. By emulating realistic and worst-case delays, and the effects of those delays should network conditions in the lab, users can validate be simulated in a controlled testing environment. and test the performance of new hardware, The reaction of products and applications to protocols, and applications to prevent failures worst-case network conditions is an important in production networks. The emulator function consideration as you bring new products and is also available in a 100/50/40/25GE Hybrid applications into the network. Network Emulator configuration.
Emulate real-world networks in the lab:
• Create a real-world testing environment by reproducing realistic network conditions and behavior • Test validation, performance, and interoperability • Test products and applications to characterize end-user experience under real- world conditions • Precisely reproduce and quickly resolve issues occurring in the field
Find us at www.ixiacom.com Page 27 The Network Emulator II offers a rich feature set to allow testing in a controlled lab environment with repeatable and predictable impairments. Network Emulator II enables you to:
• Test the effect of delay on the network and application performance • Determine how applications will perform when distributed across data centers • Test data center backup in a real-life environment • Cause outage and degrade scenarios to trigger and validate fail-over protection • Combine with IxNetwork, IxLoad, and BreakingPoint test systems to create a complete test environment that includes real- world impairments
SUGGESTED PLATFORM
Precision test instrument for 10GE, 1GE, and 100MbE Ethernet impairment to accurately Network Emulator II emulate network conditions that occur over live production LAN/WAN networks
Precision test solution for 100/50/40/25GE 100/50/40/25GE Hybrid impairment solution that enables emulation Network Emulator of network conditions that occur over live production networks
Network Emulator II
Find us at www.ixiacom.com Page 28 Protocol Conformance Testing
SCENARIO IXIA SOLUTIONS
Today’s communications protocols are complex. Ixia’s IxANVL is the industry standard and leader Every day, new protocol specifications, requests for automated network protocol validation. for comment (RFCs), and enhancements IxANVL’s tests are used to determine whether are published by standards organizations. a device’s protocol implementation meets Service providers must make sure the devices specifications, how well a device handles traffic they deploy perform correctly. NEMs seek to from non-compliant network components, and ensure that their products conform to industry the effect of new features on existing software standards and interoperate successfully with through regression testing. other vendors’ products.
SUGGESTED APPLICATIONS Early conformance testing ensures higher product quality. This quality has a significant IxANVL Comprehensive protocol conformance testing payoff—problems found after deployment SUGGESTED HARDWARE Testing of 100/50/40/25/10GE over copper can cost 100 times more to fix than those Novus 100GE multi-mode and single-mode; designed for found in the lab. Security loopholes and large-port-count testbeds L2–7 network and application testing in a vulnerabilities resulting from erroneous protocol portable appliance with up to 16 dual-PHY ports implementations can damage a company’s Novus ONE PLUS per fixed chassis, 3-Speed (10GE/1GE/ 100M) or 5-Speed (10GE/5GE/2.5GE/1GE/ 100M) over reputation and incur legal liability. copper and fiber media High-density, dual-PHY five-speed Novus 10/1GE Multi- (10G/5G/2.5G/1G/100M) and three-speed Speed (10G/1G/100M) solutions for ultra-high-scale and performance testing Reduces space requirements and simplifies XGS12-SD Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU
XGS2-SD Chassis Two-slot ultra–high–performance 3RU Chassis
Find us at www.ixiacom.com Page 29 FAMILY CONFORMANCE TESTS
Routing RIP/NG, OSPFv2/v3, BGP4/4+, ISISv4/v6, VRRP
LDP, RSVP-TE, MPLS, PWE3, L2 VPN, L3 VPN, MPLS VPLS, LSP-Ping, VCCV, mLDP IGMPv2/v3, MLDv1/v2, PIM-SMv4/v6, PIM-DM, Multicast DVMRP, IGMP/MLD snooping MEF9, Ethernet CFM/OAM, service OAM, PBB Carrier Ethernet MEF OAM/ELMI/service OAM, G8031
High Availability BFD, OSPF-GR
IPv4, DHCPv4/v6, ICMP, IPv6, IPv6CP, ICMPv6, IP NDP, AutoConfig, PMTU, GRE, GPT, IPv6ov4
TCP TCP core, TCP advanced, TCP high performance
Data Center FIP, FCoE, FCF, DCBX
STP, RSTP, MSTP, VLAN, GRE, QinQ Bridging EAPOL(802.1x), PPP, MLPPP, IPCP, LACP, 802.1ad, LLDP
L4–7 HTTP, telnet
Security L2TPsec, IPsecv4/v6, IKEv1/v2
Voice SIP
Storage iSCSI
Mobile IP Home agent, correspondent node, mobile node
Broadband PPP, PPTP, L2TP, ANCP, PPPoX, LACP IxANVL
Find us at www.ixiacom.com Page 30 Router and Switch Testing
SCENARIO IXIA SOLUTIONS
Networks and network devices are becoming Ixia’s solutions comprehensively test the increasingly complex. Enterprise expansion, interoperability, performance, and scale of data center convergence, and new service networking devices. Ixia’s IxNetwork offers deployments require diversified networking the industry’s most complete test solution for technologies and devices to operate together functional and performance testing by emulating seamlessly. routing, switching, MPLS, IP multicast, broadband, and authentication protocols. As multiple special-purpose networks converge into a single network carrying voice, video, Ixia test ports accurately emulate an internet- data, and wireless traffic, it is critical that device scale networking environment containing manufacturers verify the scalability, stability, and thousands of routers and switches and millions performance of their switches and routers. of routes and reachable hosts. Millions of traffic flows can be easily customized to stress and Service providers must carry multiplay services track data plane performance. on a single IP network to offer increasingly popular applications, such as YouTube, Subscriber modeling simulates user Facebook, and P2P exchange. The demand for communities that match the behavior of city-size a larger capacity and more services increases groups using multiplay services, such as web, the complexity and scale of modern networks e-mail, FTP, P2P, VoIP, and video. Ixia’s testing and devices. Providers must validate service capabilities scale to stress the largest and most differentiation based on configured QoS policies powerful networking devices. and SLAs, in addition to determining the service Ixia load modules, consisting of multiple test impact on existing network structures from new ports, provide network interfaces of all types. applications. Our mainstay Ethernet interfaces operate over Within the data center, LAN and storage area the full range from 10Mbps through 100Gbps network (SAN) traffic have traditionally used speeds and newly evolving needs for 400Gbps. separate Ethernet and fiber channel networks. Line-rate traffic is generated to characterize the Cost-effective 10GE networks have provided the performance and reliability of data forwarding. economic incentive to combine these networks using a new generation of DCB components, including fiber channel over ethernet (FCoE) switches and SANs.
Find us at www.ixiacom.com Page 31 To test complex scenarios, Ixia’s solutions: IxNetwork is perfect for both interactive test development and automated execution. Easy-to- • Model millions of services with deterministic use GUIs and wizards help you create complex traffic profiles emulations and traffic. Aggregated, per-user, • Define different rate-controllable traffic per-virtual local area network (VLAN), and per- profiles on a per-service basis VPN statistics quickly identify any failure or • Validate SLAs through the dynamic diminished service. The Test Composer provides modification of traffic profiles powerful GUI-based automation, and its • Produce service- and subscriber-level ScriptGen tool offers an easy, one-click GUI-to- statistics script automation solution. QuickTests provide standards-based test methodologies. IxNetwork Use the IxNetwork graphical user interface supplies full-featured application programming (GUI) to easily configure complex L2–3 VPN interfaces (APIs) for automated testing. topology simulations. Tests scale to stress the performance of the most powerful border gateway protocol (BGP)—and MPLS–capable ROUTING AND SWITCHING PROTOCOL EMULATION routers. Each central processing unit (CPU)— Technology Protocols RIP, RIPng, OSPFv2/v3, ISISv4/v6, EIGRP, equipped test port advertises hundreds of Routing EIGRPv6, BGP4+, BGP+, GRE, BGP FlowSpec label distribution protocol (LDP) sessions and RSVP-TE P2P/P2MP, LDP/MLDP, MPLS-OAM, thousands of forwarding equivalence classes MPLS/VPN Segment Routing, L2VPN (PWE/VPWS, VPLS), L3VPN/6VPE, 6PE, Ethernet VPN (FECs), as well as hundreds of VPN sessions High Availability BFD and thousands of VPN routes. Wire-speed traffic can be generated over the VPN topology to IP Multicast IGMP/MLD, PIM-SM/SSM, PIM BSR, Multicast VPN simultaneously test data and control planes. Switching STP/RSTP/MSTP, PVST+, RPVST+, LACP
ANCP, PPPoX, DHCPv4/v6, client/server, L2TPv2, Broadband RADIUS Attributes for L2TP
Authentication 802.1x, WebAuth, Cisco NAC
Ethernet, IPv4, IPv6, VLAN, MPLS multi-label, Traffic L2/L3 MPLS, VPN, VPLS, 6VPE, Multicast, Multicast VPN
Find us at www.ixiacom.com Page 32 SUGGESTED APPLICATION
Full L2–3 switch and router testing, with protocol emulations and wire-rate traffic generation: • Routing/switch protocols IxNetwork/ • MPLS and VPNs IxNetwork VE • Multicast • Broadband testing • Application traffic over routes
Precision test instrument for 100GE, 10GE, 1GE, and 100MbE Ethernet impairment to accurately emulate Network Emulation network conditions that occur over live production LAN/WAN networks
SUGGESTED HARDWARE
400/200/100/50GE Ethernet QSFP-DD and OSFP AresONE FEC, FEC symbol error injection, and L1 BERT testing and the broadest L2/3 protocol coverage Testing of 100/50/40/25/10GE over copper multi- Novus 100GE mode and single-mode; designed for large-port-count testbeds L2–7 network and application testing in a portable appliance with up to 16 dual-PHY ports per fixed Novus ONE PLUS chassis, 3-Speed (10GE/1GE/100M) or 5-Speed (10GE/5GE/2.5GE/1GE/100M) over copper and fiber media High-density, dual-PHY five-speed Novus 10/1GE (10G/5G/2.5G/1G/100M) and three-speed Multi-Speed (10G/1G/100M) solutions for ultra-high-scale and performance testing Novus 10/1GE 32- Ultra-high-density, three-speed (10G/1G/100M) Port SFP+ solution for ultra-high-scale and performance testing Reduces space requirements and simplifies XGS12 Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU
XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis IxNetwork
Find us at www.ixiacom.com Page 33 Software-Defined Networking
BGP-LS RR WAN controller Other SR domain PCE
PCEP
BGP-LS PCC speaker
OSPF/ISIS SEGMENT ROUTING
SCENARIO networks, and services before deployment. With increased server virtualization and the Validation at every step along the migration path explosion of mobile data and cloud computing, not only speeds adoption by discovering and network architectures must respond by removing blind spots, it also minimizes the risk becoming easier to deploy and manage. of deployment failure. This requirement has prompted a transition from traditional networking to SDN. The main SD-WAN has become one of the most-widely concept of SDN is to separate control and adopted applications of software defined forwarding functions, centralize control, and networking in enterprise networks. The concept use well-defined interfaces to achieve network of using internet for low-cost bandwidth, programmability. SDN promises efficiency, the popularity of SDN provisioning, and the agility, and flexibility in operating and scaling proliferation of cloud-based applications made modern networks, along with simplified service SD-WAN the magic wand for every enterprise. provisioning and reduced capital and operational expenditure (Capex/Opex).
This paradigm shift brings a lot of unknowns and requires extensive testing and validation to ensure that it can deliver the promised benefits. With multiple emerging and competing technologies addressing different deployment scenarios, it is critical that equipment makers, service providers, and enterprises have the ability to quickly and thoroughly qualify devices,
Find us at www.ixiacom.com Page 34 IXIA SOLUTIONS
Ixia provides a rich portfolio of validation and SUGGESTED APPLICATIONS monitoring solutions for SDN networks. Ixia test Emulate SDN protocols with wire-rate traffic generation: Segment Routing (MPLS and IPv6), BGP Link State IxNetwork/ solutions help to validate SDN use cases and (BGP-LS), PCEP, BGP SR TE Policy, BGP FlowSpec, IxNetwork VE deployment scenarios in carrier, data center, NETCONF, VXLAN, EVPN VXLAN, OVSDB, GENEVE, OpenFlow and enterprise networks at every stage of IxANVL OpenFlow Switch conformance test suite network life cycle—from vendor selection and Network assessment software to access SDN network IxChariot network design to live deployment. IxNetwork performance before and after SDN rollout Application-layer test solution delivering comprehensive IxLoad/ and IxNetwork VE emulate carrier-scale, multi- performance validation for user QoE in real-world IxLoad VE service, and complex SDN topologies with conditions thousands of devices to stress DUTs or the SUGGESTED HARDWARE 400/200/100/50GE Ethernet QSFP-DD and OSFP FEC, end-to-end networks under dynamic conditions. AresONE FEC symbol error injection, and L1 BERT testing and the IxChariot provides SDN network assessment to broadest L2/3 protocol coverage Testing of 100/50/25GE over copper multi-mode and Novus 100GE ensure that the same or better performance and single-mode; designed for large-port-count testbeds scale are achieved, before and after SDN rollout. L2–7 network and application testing in a portable appliance with up to 16 dual-PHY ports per fixed Novus ONE chassis, 3-Speed (10GE/1GE/100M) or 5-Speed PLUS (10GE/5GE/2.5GE/1GE/100M) over copper and fiber media High-density, dual-PHY five-speed Novus 10/1GE (10G/5G/2.5G/1G/100M) and three-speed Multi-Speed (10G/1G/100M) solutions for ultra-high-scale and performance testing Novus 10/1GE Ultra-high-density, three-speed (10G/1G/100M) solution 32-Port SFP+ for ultra-high-scale and performance testing Reduces space requirements and simplifies management XGS12 Chassis for high-port-density 400/100/50/40/25/10/1GE testing in 11RU
XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis
Find us at www.ixiacom.com Page 35 Router and Switch Testing
SCENARIO IXIA SOLUTIONS
Automotive technology has changed over time Ixia products enable real-world validation to a moving combination of integrated computer of in-vehicle fixed, wireless, and security systems—advanced driver assistance systems technologies, empowering the automotive (ADAS), adaptive cruise control, hybrid engines, industry to build best-in-class in-vehicle internet access, and Bluetooth connection. infotainment and always-on networking. To ensure the optimal design, functionality, • Automotive Conformance Testing: Quickly performance, safety, security, and interoperability validate the interoperability and standards of these connected cars, automakers and their compliance of the vehicle, technology that suppliers need comprehensive test solutions links autos and mobile devices to each other to validate devices, systems, applications, and and transportation infrastructure with Ixia’s even the entire in-vehicle network. conformance test solution. Automotive manufacturers have relied on • Automotive Wireless Testing: Ensure an complex and custom solutions to perform always-on user experience by validating testing as they develop and integrate new connectivity within the vehicle to onboard technologies. The use of an Ethernet backbone systems, sensors, and user devices and beyond the vehicle to mobile data services now requires open, standard solutions that and security. deliver testing across the whole automotive ecosystem. • Automotive Applications Testing: Validate that multimedia applications perform Ixia’s unique automotive Ethernet test solutions optimally over any device and network by include conformance, wireless, application, and understanding how your applications and security validation. services will perform under real-world in-car conditions, attacks, and impairments. • Automotive Security Testing: Ensure the safety and security of connected cars by testing the systems designed to protect the in-vehicle network from cyberattacks. Ixia security solutions validate security capabilities using line-rate application traffic and real-world security attacks.
Find us at www.ixiacom.com Page 36 SUGGESTED APPLICATIONS SUGGESTED HARDWARE
Validate AVB/TSN system functionality, scale, and High-density, dual-PHY five-speed conformance Novus 10/1GE (10G/5G/2.5G/1G/100M) and three-speed • IEEE 802.1BA, 802.1Qav (CBS) Multi-Speed (10G/1G/100M) solutions for ultra-high-scale and performance testing • IEEE 802.1Qat (MSRP, MVRP) • IEEE 802.1AS (gPTP) L2–7 network and application testing in a portable appliance with up to 16 dual-PHY ports per fixed • IEEE 802.1Qbv (time aware shaper) Novus ONE chassis, 3-Speed (10GE/1GE/100M) or 5-Speed • IEEE 802.1Qbu (frame preemption) PLUS (10GE/5GE/2.5GE/1GE/100M) over copper and fiber • IEEE 802.1AS-Rev (enhancements to gPTP) media IxNetwork • IEEE 802.1CB (redundancy) Metronome Time-synchronized test platform • IEEE 802.1Qci (filtering & policing) Timing System • Line-rate data traffic (1722 encapsulation) Xcellon-AVB L2–7 multi-speed 40/10GE support to test both time- • Measure bandwidth, latency, QoS guarantees, and 40/10GE sensitive/AVB and best-effort Ethernet networks scheduling accuracies Testing of 100/50/40/25/10GE over copper multi-mode • Avnu conformance tests for automotive devices Novus 100GE and single-mode; designed for large-port-count testbeds • Supports BroadRReach, 100BaseT1, and 1000Base Application traffic and security attacks at 960Gbps with T1 interfaces Novus 10/1GE the load of 720 million concurrent wired and wireless • Enables negative testing Multi-Speed users from a single 11U chassis • Validate protocol standards conformance Highly-scalable 40/10GE and 10/1GE platform to validate • Validate latest test specifications from AUTOSAR PerfectStorm application delivery performance and QoE over access and Open Alliance – TCP, UDP, IP, ARP, ICMP, DHCP, networks IxANVL SOME/IP • Support for both IPv4 and IPv6 stack conformance Cloud-scale, multi-terabit 100GE, 50GE, 25GE, and CloudStorm 40/10GE platform to validate application delivery and • Validate conformance on BroadRReach Interfaces, network security 100BaseT1, and 1000Base T1 Reduces space requirements and simplifies management • Layer 4-7 traffic generation capability XGS12 Chassis for high-port-density 400/100/50/40/25/10/1GE testing IxLoad • Simulate real application traffic at large scale (TCP, in 11RU UDP, HTTP, etc.) to test underlying Ethernet network XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis Validate with real-world application traffic and security BreakingPoint attacks to ensure the autonomous vehicle and V2X networks are resilient and secure
Find us at www.ixiacom.com Page 37 Industrial Ethernet Testing
SCENARIO IXIA SOLUTIONS
The use of control systems, such as computers Ixia products enable validation of industrial or robots, and information technologies is switches and networks with respect to time- expected to bring a revolution in the way sensitive traffic and accurate measurement of machines and processes are handled in an time synchronization capabilities of TSN devices. industrial environment. To take advantage of We empower the industrial sector to build best- the improvements in efficiency, uptime, and in-class Ethernet networks. functionality that industrial automation can deliver, the underlying networks must provide reliable and SUGGESTED APPLICATIONS deterministic interconnections of machines and Validate the functionality and scale of TSN systems • Emulate TSN Talker with IEEE 802.1Qbv schedule control systems. To solve these challenges, the • Analyze IEEE 802.1Qbv traffic in gPTP time base Institute of Electrical and Electronics Engineers • Emulate IEEE 802.1AS-rev Master and Slave devices (IEEE) created the time-sensitive networking IxNetwork • Emulate multiple gPTP domains on same port • Emulate out-of-domain interfering traffic (TSN) suite of standards, a successor of IEEE • Measure clock synchronization accuracy audio video bridging (AVB) that enables minimum • Stress test with line-rate Ethernet traffic • TSN Conformance test package for industrial devices. latency over Ethernet, seamless redundancy, SUGGESTED HARDWARE and centralized configuration and control. With High-density, dual-PHY five-speed TSN, industries can use standard Ethernet to Novus 10/1GE (10G/5G/2.5G/1G/100M) and three-speed Multi-Speed (10G/1G/100M) solutions for ultra-high-scale and implement a more cost-effective network that performance testing enables a converged information technology (IT)/ L2–7 network and application testing in a portable appliance with up to 16 dual-PHY ports per fixed Novus ONE chassis, 3-Speed (10GE/1GE/100M) or 5-Speed operational technology (OT) network that shares PLUS (10GE/5GE/2.5GE/1GE/100M) over copper and fiber the same wire for critical time-sensitive traffic and media Metronome regular traffic. Time-synchronized test platform Timing System
TSN listener end points
Listener and gPTP slave Cycle time
TSN Time Talker and ready-4 gPTP GM Slot 1 Slot 2 Slot 3 Slot 4 T1 T2 T3 T4 T5 TSN TSN TSN ready-1 ready-2 ready-3
TSN talker SUT TSN end points ready-5 TSN listener end points Traffic scheduling error (ns)
Non-TSN Non-TSN peer device peer device
Find us at www.ixiacom.com Page 38 Chip Design Performance Testing
SCENARIO access (EDA) market by offering virtualized test solutions that work in conjunction with Trends, such as cloud computing and network the leading EDA systems, including Mentor functions virtualization (NFV) are pushing the Graphics, Synopsys, and Cadence Design boundaries of network capacity. To support this Systems, to leverage virtualization to reduce demand, NEMs and chip manufacturers need to costs and offer increased flexibility. keep up by delivering ultra-high-density devices powered by state-of-the-art system-on-a-chip IxVerify extends Ixia’s intellectual property and (SoC) solutions. test expertise into the EDA space. It enables new and improved test methodologies to Producing an SoC, each capable of handling simplify pre-silicon testing and shifts testing terabits of traffic across hundreds of ports at further into the development cycle. speeds of up to 100Gbps, is a lengthy process. But with increased time-to-market pressures, IxVerify provides hundreds of predefined packet all major chip manufacturers are looking to templates for testing Ethernet and transport accelerate their development cycles. The cost control protocol (TCP)/IP protocols and is associated with fixing bugs after chip “tape out” capable of generating high volumes of traffic. is substantial and can cost millions of dollars. To With its ability to run hundreds of virtualized de-risk schedules, testing needs to happen early test ports at once, it offers the unique ability to and often—pre-silicon. dynamically shape traffic to ensure zero packet loss at maximum emulation speeds. IXIA SOLUTIONS IxVerify is the perfect solution for de- Ixia’s IxVerify™ is the industry’s only test solution risking complex networking chip design and purpose-built for “pre-silicon” validation. With development and ensures faster time to market this solution, Ixia and its partners are leading for the next generation of networking devices. the way in transforming the electronic document
Find us at www.ixiacom.com Page 39 Network Interface Card Testing
SCENARIO
Smart network interface cards (SmartNICs) are Adapting SmartNICs in existing and newer data becoming a tool of choice to achieve offload and centers is a huge effort that must go through acceleration—to deliver maximum performance several rounds of qualifications. For that to that supports efficient, scalable, programmable, happen, customers first need to be assured that and highly secure software-defined networking the SmartNICs are delivering significant value- (SDN) and network functions virtualization (NFV) add over regular NICs in terms of offloading solutions. server/host functions and improving overall efficacy of the servers. They also need to be assured that while deployed, SmartNICs are not breaking any existing functions or functionalities of legacy NICs. Testing SmartNICs will ensure customers get both these assurances based on empirical test data and will help to speed SmartNIC adoption.
Host Test client or server server running within SmartNIC
SmartNIC VMs or OS running on host
Test client or server running in host VEs
OS or processes Processor and memory within SmartNIC within SmartNIC
Find us at www.ixiacom.com Page 40 IXIA SOLUTIONS
Ixia’s BreakingPoint enables testing with • Data Sheet Comparisons: As SmartNIC real-world application traffic and malicious solutions come to market, vendors use threat vectors to answer the questions you various proprietary methodologies to validate should be asking: what is the best use of performance numbers and publish them on SmartNIC technology in my network? Is my their data sheets. But independent testing based on industry recognized solutions implementation as high-performing as it should helps both vendors and consumers of be? How will its use impact other applications? SmartNICs perform realistic comparisons Am I opening a security loophole that exposes and ROI calculations. new vulnerabilities?
• Measure Efficacy and Efficiency: SUGGESTED APPLICATIONS Runs as software on bare metal, inside a VM (Linux, Organizations deploying SmartNICs will want IxChariot Windows) or inside containers to validate NIC to validate the quantifiable performance performance Broader coverage of L2-3 protocols including VXLAN, difference that happens with the introduction IxNetwork / NVGRE, GRE, broadband access, routing, and SDN IxNetwork VE of SmartNIC functionalities. The average to validate data center deployments improvement of efficiency is a key driver for Validate the built-in application and encryption BreakingPoint/ acceleration capabilities and security mitigation SmartNIC adaption. BreakingPoint VE techniques with BreakingPoint’s breath of application and threat emulations at scale • Validate Specific Features and SUGGESTED HARDWARE Functionalities: It’s important to test the High-density, dual-PHY five-speed (10G/5G/2.5G/1G/100M) and three-speed capabilities in specific domains for which the Novus NP (10G/1G/100M) solutions for ultra-high-scale and SmartNIC is being adapted. For example, if performance testing the SmartNIC is doing SSL offload, then you Highly-scalable 40/10GE and 10/1GE platform need to ensure it is capable of terminating PerfectStorm to validate application delivery performance and QoE over access networks and reinitiating SSL connections over Cloud-scale, multi-terabit 100GE, 50GE, 25GE, and different ciphers and key sizes, along with CloudStorm 40/10GE platform to validate application delivery and network security performance measurements of public key Reduces space requirements and simplifies exchange and bulk encryption. XGS12 Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU • DevTest and QA Environments: Any XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis adapting technologies will accompany agile developments, quick fixes, changes in design and architecture, etc. Every new change will need validation to ensure the functionality works as expected and no new bugs are introduced.
Find us at www.ixiacom.com Page 41 Video Testing
SCENARIO
As more content is offered in high definition IXLOAD IPTV/VOD CLIENTS VIDEO QUALITY METRICS (HD) and service providers charge a premium Per-frame quality Video MOS for it, subscribers are likely to churn faster when analysis Audio MOS Audio-video MOS dissatisfied. Degradation in audio/visual QoE leads today’s consumer to competitor solutions Frame type detection I/B/P metrics and content analysis content descriptors that offer a better end-user experience. With content alerts traffic levels high and expected to grow for the foreseeable future, service providers are RTP/MPEG/H.264/H.265 challenged to assess video quality with real- transport analysis world traffic loads in pre-deployment testing.
Customers need to be able to: Playout buffer emulator
• Measure the ability of a transport network to carry video data IP video stream • Determine the optimal user session limits of edge and origin media servers, content proxies, etc. Digital MPEG-2 transport stream MPEG2, MPEG4, H.264 • Stress-test middleware devices, such as encoder systems and DRM • Measure the perceived quality of the video delivered to the end user • Determine the total number of streams a CDN can handle • Test the performance of key IPTV infrastructure service
Find us at www.ixiacom.com Page 42 IXIA SOLUTIONS
Ixia provides a comprehensive test solution for SUGGESTED APPLICATION video delivery platforms with IxLoad. IxLoad Delivers the industry’s most scalable and flexible solution for realistic load testing of OTT, VoD, IPTV delivers the industry’s most scalable and IxLoad/ media, and cache platforms to validate end-to-end flexible solution for realistic load testing of over IxLoad VE video delivery architectures; emulate thousands of interactive on-demand and live streaming user the top (OTT), VoD, IPTV media, and cache sessions and measure real-time video quality platforms to validate end-to-end video delivery SUGGESTED HARDWARE architectures. Emulate thousands of interactive Highly-scalable 40/10GE and 10/1GE platform to PerfectStorm validate application delivery performance and QoE on-demand and live streaming user sessions over access networks and measure real-time video quality. Enterprise-ready portable appliance for 40/10GE PerfectStorm ONE and 10/1GE real-world, high-stress testing with up to 80Gbps of application traffic This Ixia solution enables customers to: Cloud-scale, multi-terabit 100GE, 50GE, 25GE, CloudStorm and 40/10GE platform to validate application • Emulate adaptive streaming behavior that delivery and network security dynamically up shifts or down shifts the L2–7 network and application testing in a portable appliance with up to 16 dual-PHY ports per fixed media stream to deterministically play back Novus ONE PLUS chassis, 3-Speed (10GE/1GE/ 100M) or 5-Speed (10GE/5GE/2.5GE/1GE/ 100M) over copper and streams of different quality fiber media High-density dual-PHY 10G/1G/100M tri-speed • Create static profiles of user behavior Novus-NP solution for high-scale and performance testing that are fixed on different playback levels Reduces space requirements and simplifies to deterministically play back streams of XGS12 Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU different quality with no network heuristic at XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis play • Define subscribers’ activities and flexible channel viewing sequence with scenario Adaptive playback Playout buffer bitrate reporting reporting (fill levels, MOS video editor (shifts, levels) empty durations) MOS audio • Validate video streaming delivery systems Video buffer and interoperability with real video sharing services by exercising OTT video protocols OTT IxLoad Audio video stream video Perceptual quality over TCP and QUIC sessions procesor demux metrics calculation • Support data, voice, and video protocols Audio buffer simultaneously to emulate a multiplay Playback latency subscriber environment with an intelligent, (time to start, duration) real-time issue isolation mechanism TCP video quality assessment using IxLoad
Find us at www.ixiacom.com Page 43 Virtualization Testing
SCENARIO SUGGESTED APPLICATIONS Benchmark the performance of virtualized network Cloud computing and network functions infrastructures-by deploying real workloads on Cloud Peak top of the NFVi SUT, the application provides key virtualization (NFV) are creating a new insights into the capability of the NFVi to sustain paradigm of user experience. Users expect the required VNF workloads L2–3 performance testing of virtual network immediate access to a wide range of media- infrastructure and devices. IxNetwork/ • L2–3 Network Testing rich applications and services instantly from IxNetwork VE • Test NFV Infrastructure (NFVI) any location. Integrating virtualization across • Test VNFs servers within a data center is key to creating L4–7 performance testing of virtualized applications and elements. an adaptable cloud network. IxLoad/IxLoad VE • L4–7 Application Testing • Test Application Performance Service providers are looking to accelerate the • Test Service Function Chaining (SFC) deployment of these new services, including L2–7 virtualized security resilience testing for enterprise-wide networks. 5G, while reducing capital and operating BreakingPoint/ • L2–7 Security Testing BreakingPoint VE • Test Virtual Security Infrastructure expenses and integrating NFV into their • Test Against Threats and Attacks network. These new services require thorough Instant performance assessment for complex testing to ensure functionality, performance, network topologies. IxChariot • L2–7 Performance Assessment security, and reliability of applications and • Test Pre-Deployment and Post-Deployment devices, as well as the new infrastructure, to • Test the Guest OS TCP/IP Stack ensure it can deliver the touted advantages. SUGGESTED VIRTUAL PLATFORMS All-in-one virtual machine (VM) used by IxNetwork Ixia Virtual Test VE and IxLoad VE for L2–7 protocol emulation and Appliance traffic generation High performance VM used for L2–7 protocol Ixia Virtual Load emulation and traffic generation in large-scale Module deployments Management VM used to control large-scale test Ixia Virtual Chassis environments composed of multiple Virtual Load Modules SUGGESTED HARDWARE
Testing of 100/50/40/25/10GE over copper Novus 100GE multimode and single-mode; designed for large- port-count testbeds High-density, dual-PHY five-speed Novus 10/1GE Multi- (10G/5G/2.5G/1G/100M) and three-speed Speed (10G/1G/100M) solutions for ultra-high-scale and performance testing Highly-scalable 40/10GE and 10/1GE platform to PerfectStorm validate application delivery performance and QoE over access networks Cloud-scale, multi-terabit 100GE, 50GE, 25GE, CloudStorm and 40/10GE platform to validate application delivery and network security Reduces space requirements and simplifies XGS12 Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU
Find us at www.ixiacom.com Page 44 IXIA SOLUTIONS
Ixia gives you tools for end-to-end validation In addition to VFNs, NFVi must be dimensioned of virtualization migrations to dramatically and configured correctly, and thoroughly accelerate time from lab to live. With our validated to ensure the performance of the solutions, you can test and monitor how packets VNFs running on top of it. Complicating matters, transmit and receive data, see how resources the NFVi will be running diverse simultaneous perform, and watch for bottlenecks. workloads that interact with each other, leading to massive and costly over-provisioning. Ixia brings versatility, scale, and realism to its test tools and regularly updates the applications Since virtualized environments are very dynamic, the tools emulate. You can replay production with VMs deployed almost instantaneously, you traffic in the lab while simulating millions of can quickly deploy test endpoints throughout subscribers using hundreds of applications your live network. This enables you to validate to validate private, hybrid, and public cloud a test scenario in the lab and then perform the infrastructures at scale under different traffic same test directly in the production network. loads. This validation lets you accelerate the When the test objective is to validate the entire rollout of new services with confidence. physical and virtual environment from an end-to- Ixia virtual test solutions act as virtual network end perspective, you can also use Ixia hardware functions (VNFs) and are located inside the test solutions. With configuration files shared virtualized environment itself. This enables between the virtual and hardware platforms, new test methodologies and better isolation of you can easily switch between virtualized and various NFV subcomponents. hardware-based test solutions.
Find us at www.ixiacom.com Page 45 Voice Testing
Application layer gateway MGCP Call manager RESIDENTIAL Session border controller EXTERNAL NETWORKS SIP Application Media gateway servers
CORE NETWORK
BUSINESS
SCENARIO IXIA SOLUTIONS
VoIP is a major component of service The IxANVL Session Initiation Protocol (SIP) providers’ consumer and business offerings. suite tests the conformance of devices to SIP. Modern deployments now call for millions of Ixia supports video and data protocols, in simultaneous VoIP endpoints. addition to VoIP—making it perfect for testing a Although VoIP connections have a low wide variety of components, including: bandwidth requirement, they are very sensitive • SIP proxies and registrars to latency and jitter. Care must be taken to enforce appropriate QoS policies for voice • MGCP and H.248 media gateways and traffic, balanced with the QoS requirements media gateway controllers associated with video and data services. • Call agents and call managers • SBCs and ALGs • Multiplay delivery networks • VoIP services in NGN and IMS architectures
Find us at www.ixiacom.com Page 46 IxLoad includes features essential to full VoIP SUGGESTED APPLICATIONS protocol testing: Most scalable and flexible solution for realistic load testing of VoIP platforms to validate end-to-end • Very large-scale operation emulating more IxLoad/ IxLoad VE voice delivery architectures; emulates thousands of user sessions with dynamic call flows and measures than 1 million subscribers per chassis real-time voice quality • Realistic, complex call flows IxChariot Live network testing with SIP call emulation Control global threat intelligence at internet-scale to • Flexible test case creation through state BreakingPoint/ create massive high-fidelity simulation and testing BreakingPoint VE conditions for battle testing infrastructures, devices, machine and content control applications, and people Protocol conformance testing with SIP • Broad audio codec support: AMR, AMR-WB, IxANVL conformance suite OPUS, G.711 A-Law, G.711 µ-Law, G.729 Precision test instrument for 100GE, 10GE, 1GE, and 100MbE Ethernet impairment to accurately A/B, G.726, G.723.1, and iLBC Network Emulation emulate network conditions that occur over live • Support for H.264, H.265, VP8 codec media: production LAN/WAN networks video-conferencing SUGGESTED HARDWARE Highly-scalable 40/10GE and 10/1GE platform to • Full user authentication and registration PerfectStorm validate application delivery performance and QoE parameters over access networks Enterprise-ready portable appliance for 40/10GE • Link layer and security protocols: SIP, PerfectStorm ONE and 10/1GE real-world, high-stress testing with up to 80Gbps of application traffic WebRTC, DTLS, SRTP Cloud-scale, multi-terabit 100GE, 50GE, 25GE, and • Library of prebuilt test cases CloudStorm 40/10GE platform to validate application delivery and network security • Capture/replay that can be used to test L2–7 network and application testing in a portable appliance with up to 16 dual-PHY ports per fixed other protocols Novus ONE PLUS chassis, 3-Speed (10GE/1GE/100M) or 5-Speed (10GE/5GE/2.5GE/1GE/100M) over copper and fiber media High-density dual-PHY 10G/1G/100M tri-speed Novus-NP solution for high-scale and performance testing Reduces space requirements and simplifies XGS12 Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis
Find us at www.ixiacom.com Page 47 Wi-Fi Testing
WI-FI NETWORK LIFECYCLE Select infrastructure equipment Plan for network upgrade/new Select client services devices
Lab Tools Verify new client Determine Lab Tools devices interoperability
Create Verify SW updates service-level from vendor goals
Respond to user Plan and deploy issues - remediate the network IxVeriWave Field Tools Verify deployed network - tweak SCENARIO
Once used mainly for low-priority data, today’s Each critical component of the dynamic WLAN Wi-Fi networks carry real-time, multimedia ecosystem must be tested, assessed, and traffic in consumer, service provider, industrial, optimized throughout the product or service hospital, and enterprise network environments lifecycle: worldwide. Mobile clients continue to grow in • Enterprise and service provider APs number and complexity of application usage. • WLAN controllers With Wi-Fi evolving from “nice to have” to a • Wi-Fi-enabled client devices (laptops, primary network medium, poor performance smartphones, printers, scanners, healthcare now places brand reputation, profitability monitors, etc.) models, customer satisfaction, and even lives • Live deployed WLANs and future upgrades at risk. Today’s wireless LANs (WLANs), Wi- Fi-enabled devices, and mobile applications Assessments should begin by obtaining baseline must deliver unprecedented quality, reliability, performance measurements and then progress and security—without fail—to mitigate these to load testing to simulate realistic live network risks and fully leverage mobility. Wi-Fi needs to environments. The quality of the user experience become “carrier grade.” should be measured in metrics relevant to each individual application—voice, data, video, etc.—in the presence of diverse client and traffic mixes.
Find us at www.ixiacom.com Page 48 IXIA SOLUTION
The industry’s premier Wi-Fi test solution, SUGGESTED APPLICATION
Ixia’s IxVeriWave represents the gold standard Test and validate Wi-Fi performance of WLAN IxVeriWave in evaluating Wi-Fi performance and site networks by recreating real-world scenarios readiness. The world’s leading WLAN SUGGESTED HARDWARE infrastructure and mobile device manufacturers, IxVeriWave Chassis Nine-slot or two-slot chassis
Golden Client Load service providers, system integrators, and WBX5, WBL5, RFX5 Modules enterprises use IxVeriWave to measure and SISO Simulation WBX5, WBL5, RFX5, WaveTest 6 optimize performance, reliability, and scalability Load Modules throughout the product/service lifecycle. DFS and Interference Simulation Load WBX5, WBL5 Modules Employing a client-centric, user-focused model, IxVeriWave delivers:
• Proactive problem resolution by using integrated capture and extensions to rapidly identify and isolate issues • Automation that enables the creation of thousands of test cases while speeding test cycles and reducing cost • World-leading L1-7 Wi-Fi testing backed by Ixia’s 15 years of experience in Wi-Fi test and measurement • Ability to generate thousands of clients and traffic flows used to test specific features, such as QoS, power save, and roaming • Test-grade repeatability, so you get the same result each time you run the test by eliminating the variability due to clients and environment • Testing with hundreds of clients without the need for hundreds of laptops using IxVeriWave’s support for 500 clients per port • High performance of 3.6 Gbps per port, so clients can achieve full theoretical rate
Find us at www.ixiacom.com Page 49 Wireless Network Testing
NSSF AUSF N13 UDM
N22 N12 N8 N10
AMF N11 SMF N7 PCF N5 AF
N14 N15
N1 N2 N4
UE (R)AN N3 UPF N6 DN
N9
SCENARIO
5G, the fifth generation of mobile wireless Faced with rampant change, mobile service and network technology, is more than an evolution; it equipment providers must be fully confident in is a revolution. The vision and design of 5G has the performance, scalability, security, mobility, put the network’s key performance indicators, and interoperability of their products and including data rate, network capacity, latency, services. Most failures occur at high scale or mobility, and energy efficiency, an order of under extreme conditions, and the risks of rolling magnitude beyond those of 4G. While 5G is out devices, networks, and services without positioned to co-exist with 4G, it is expected conducting comprehensive testing beforehand to eventually eclipse the legacy mobile wireless are tremendous. technologies -GSM, CDMA, UMTS, HSPA, Vendors and network operators need an efficient and, ultimately even LTE. 5G is at an inflection means of prototyping live networks in the lab point, moving from design and development to on a metro/city scale to validate performance commercialization, and will continue to evolve under load. End-to-end, pre-deployment service for the next decade, and reshape the future of validation should closely model the services industry and society. the live network will carry using real application traffic and measure user QoE.
Find us at www.ixiacom.com Page 50 Proactively stressing networks and components in the lab prior to live deployment ensures the optimal user experience:
• Increased capacity requirements in both the access (base stations) and core networks • Improved performance requirements— throughput, lower latency, etc.—for increasing video traffic and data-hungry applications • Higher QoE expectations among customers—voice quality and video quality • New business models and tiered rate plans that maximize revenue • Security threats increasing in number and complexity
With many networks involving equipment from multiple vendors, specific configurations and traffic mixes must be modeled to benchmark scalability, avoid bottlenecks, and ensure security. Lifecycle testing is required to:
• Evaluate the scalability and breaking points of individual devices and configurations • Optimize network design and system test in the lab • Debug problems occurring on the deployed network • Streamline change as new devices, firmware upgrades, and other changes are introduced
Find us at www.ixiacom.com Page 51 IXIA SOLUTIONS
Ixia provides the industry’s most comprehensive Ixia’s wireless solutions are best of breed for: wireless test portfolio, encompassing deep • Complete end-to-end testing from the functional testing, high-scale capacity wireless edge to the internet core testing, and performance testing across multiple technology generations. Equipment • Traffic and subscriber scalability and capacity planning manufacturers and mobile operators rely on Ixia’s solutions to comprehensively fulfill their • Real-world subscriber modeling wireless testing needs. Our industry-leading test • QoE measurements capabilities cover wireless access and wireless • Multi-UE emulation core, including the 5G Core and RAN, 4G Core • VoLTE testing and RAN, and IMS/VoLTE.
Taking advantage of cloud-ready architecture via a container-based architecture, Ixia’s 5G Core Test Engine can simulate millions of sessions across multiple coordinated interfaces. Deployed on almost any infrastructure, as a Docker container on bare metal or under Kubernetes or as a traditional VM, the engine can be part of CI/CD environments on both public and private clouds. Being able to deploy either as entire or reduced topology, the test tool can validate PDU sessions, uplink and downlink flows, and validate QoS enforcement. Web-based user interfaces are specifically designed for 5G Core use cases, immediately allowing test engineers to visualize DUTs and required topology.
Find us at www.ixiacom.com Page 52 IXIA DEVICE EMULATIONS SUGGESTED APPLICATIONS
DUT Emulated Nodes From end-to-end to node isolation, simultaneously simulate multiple nodes and interfaces, perfect for 5GC Test Engine eNodeB UE, MME, SGW recreating entire networks in your lab by using a topology-based user interface (UI) eNodeB, gNodeB UE, MME, SGW (5G NSA) Test end-to-end performance of wireless LTE IxLoad/ IxLoad VE networks and components with emulation of gNodeB (5G SA) UE, AMF, UPF multiplay services UPF gNodeB, SMF, DN Control global threat intelligence at internet- AMF + SMF gNodeB, AUSF, UDM, PCF, UPF, NRF, DN BreakingPoint/ scale to create massive high-fidelity simulation BreakingPoint VE and testing conditions for battle testing AUSF + UDM AMF + SMF infrastructures, devices, applications, and people
PCF AMF + SMF SUGGESTED HARDWARE
MME HSS, eNodeB, SGW, MME Highly-scalable 100GE, 40/10GE, and 10/1GE PerfectStorm platform to validate application delivery SGW MME, eNodeB, PDN-GW performance and QoE over access networks
PGW SGW, PCRF, SGW, IP Core Enterprise-ready portable appliance for 40/10GE PerfectStorm ONE and 10/1GE real-world, high-stress testing with up MME (S6a), PGW (Gx), AF (Rx), HSS (S6a, Cx, Sh), 4G Diameter nodes to 80Gbps of application traffic PCRF (Gx, Rx) Cloud-scale, multi-terabit 100GE, 50GE, 25GE, Network UE, IP Core CloudStorm and 40/10GE platform to validate application delivery and packet core scaling Industry’s highest UE density and feature-rich XAir2/XAir3 testing platform, providing unparalleled LTE performance in the smallest footprint Reduces space requirements and simplifies XGS12 Chassis management for high-port-density 400/100/50/40/25/10/1GE testing in 11RU XGS2 Chassis Two-slot ultra–high–performance 3RU chassis
PerfectStorm PerfectStorm ONE IxLoad XGS12
XAir2 XGS12 XGS2 CloudStorm
XAir3
Find us at www.ixiacom.com Page 53 CHAPTER 2 Security Solutions
Inline Security...... 55
Decryption...... 58
Security Testing...... 60
Threat Detection...... 63
Network Security Resilience...... 65
Find us at www.ixiacom.com Page 54 Inline Security
SCENARIO
Cybersecurity Ventures estimates that by 2021, IXIA INLINE SECURITY SOLUTIONS cybercrime is likely to cost the world $6 trillion Ixia’s inline security solution ensures every annually, more than the combined GDP of the security tool is online and operating at peak UK and France. Protecting your network means performance. Ixia offers the widest range of fail- more than just adding the latest security tools. safe bypass switches and attack surface filters How you implement those defenses makes a and the Vision portfolio of intelligent network huge difference in their performance and uptime. packet brokers (NPBs) to deliver the best Deployment of any inline tool in the network security solutions. carries the risk of the tool becoming a point of failure. Should the inline tool become Internet unavailable, it can bring the network link down, making a critical segment of the network unavailable and affecting uptime. To avoid this Router Router risk, customers need a fail-safe solution that can protect the network from tool failures while Bypass Bypass allowing inline tools to protect the network from switch switch incoming threats. NPB NPB Security protection starts at the foundation of the network, with robust bypass switches and the intelligent distribution of packets to inline WAF WAF security tools. IPS/ IPS/ NGFW NGFW
Switch Switch
Corporate LAN
Security architecture with maximum strength HA
Find us at www.ixiacom.com Page 55 Improved Network Availability High Availability
A simple alternative to reduce the risk of planned To reduce downtime even further and maximize and unplanned downtime is to deploy a high- survivability, you can deploy your security speed bypass switch in front of every firewall architecture with high availability (HA) using and other security appliance—a switch with the redundant modular bypass switches and NPBs. ability to continually monitor all inline devices If you use an NPB capable of being deployed and make sure they are ready to receive traffic. in redundant active-active mode, you will have If any device goes down unexpectedly (or during automatic and instantaneous recovery of any planned maintenance), the bypass steers traffic device in your security architecture. around it until the device is returned to a ready In the maximum-strength security architecture, state. This eliminates the risk of a single device dual the security architecture. The bypass failure causing a network outage. switches deployed in active-standby mode The bypass ensures network traffic can still monitor the health of all devices, including the be inspected by all other functioning security NPBs, and reroute traffic from one to another, appliances and keeps the overall network should an outage be detected. up and running. The best bypass switches The NPBs configured for HA with complete operate at line-rate and have no impact on synchronization in active-active mode provide network availability. In addition, once a bypass load balancing during normal conditions and switch is installed, planned maintenance, are configured for full protection of all traffic such as configuration changes, deployment of if one inline security tool goes down. Again, new appliances, or device upgrades, can be users experience no downtime, and security performed without impact to the network, as the monitoring is completely unaffected. bypass will route traffic around the offline device. Since 70–90% of all downtime is associated with maintenance, this simple change can dramatically increase application uptime.
While extremely useful for reducing downtime, the bypass makes a trade-off between availability and security inspection, since traffic is simply routed around any security device that is unable to respond. Fortunately, there is an even better, more efficient security solution.
Find us at www.ixiacom.com Page 56 The benefits of an Ixia solution include: SUGGESTED PLATFORMS
• HA by eliminating downtime from security iBypass™ Fiber, 40G, SR, 50μm, QSFP+ Cages
tool maintenance, upgrades, or failures High-density 12-segment 10Gbps intelligent iBypass VHD bypass switch • optimal performance by filtering and load- balancing traffic to and from multiple tools iBypass 100G Single segment 100Gbps intelligent bypass switch
• operational efficiency by reducing security iBypass DUO Double the capacity of the iBypass
alerts 8 Segment 10/100/1000Mbps HA Intelligent iBypass HD Bypass Switch • significant ROI by making more efficient use 10/100/1Gb Copper Copper Ethernet interfaces up to 1G of security tool capacities Bypass Switch 40GE all-in-one turnkey tool for lossless visibility Vision ONE™ for both inline and out-of-band tools with an easy- With Ixia’s inline security solution, creating a to-use web-interface. self-healing, highly available security architecture Vision X™ Scalable visibility ranging from 10 to 100GE has never been easier. Vision xStream™ 40 40GE visibility for fiber network monitoring tools
Vision E40™ Vision 40GE and 100GE platforms for scalable, rack-level E100 visibility
Find us at www.ixiacom.com Page 57 Decryption IPS
Other inline tools IDS
Out-of-band tools
SSL decrypt DLP
Network packet broker
Encrypted traffic Firewall Bypass switch Switch Servers
SCENARIO IXIA SOLUTIONS
Decryption is an important capability that many Ixia offers two types of functionality to solve enterprises have deployed or intend to deploy these issues. The first is the ability to perform in the near future. However, any organization SSL/TLS decryption natively within a packet that is currently using SSL or Transport Layer broker. Security (TLS) for passive SSL decryption The Vision ONE NPB with the SecureStack will need to change their architecture or lose application offers full support for SSL and TLS the ability for DPI, threat hunting, data loss 1.3 decryption. This allows the NPB to perform prevention (DLP), and the use of intrusion these functions: detection systems (IDS). • Offload SSL decryption from security Adoption of TLS 1.3 will introduce significant appliances – this increases efficiency and changes for many IT teams. Here are four reduces cost common architecture changes necessary to • Perform passive and active SSL/TLS implement TLS1.3 successfully: encryption – this applies to inline and out-of- • The use of ephemeral keys band architectures • Adoption of a man-in-the-middle (MITM) • Generate internal reporting – real-time architecture onscreen analytics that includes details on • Elimination of passive SSL decryption throughput, sessions and crypto data • Reconfiguration of equipment for different • Support all leading ciphers for TLS 1.1, 1.2 key exchange mechanisms and a reduced and 1.3 and built-in policy management cipher list
Find us at www.ixiacom.com Page 58 The second set of capabilities revolve around SUGGESTED PLATFORMS the ability to test the strength of SSL/TLS 40GE all-in-one turnkey tool for lossless visibility Vision ONE for both inline and out-of-band tools with an easy- encryption across the network. to-use web-interface.
Security focused intelligence that gives you better SecureStack As you move forward to deploy TLS 1.3 across visibility to SSL/TLS encrypted traffic your network, you need to validate your TLS Validate the impact on the TLS traffic on your BreakingPoint/ network and ensure your security and visibility upgrade implementation. BreakingPointVE solutions are optimized for the increasing TLS ATI Subscription traffic in networks. A test tool, such as Ixia’s BreakingPoint, is required to investigate the decryption level of various network components. This type of test system is a combined traffic and malware generator. It creates simulated traffic to mimic the type and amount of load on a network, as well as create encrypted malware. It is possible to retest these points prior to the TLS 1.3 upgrade (as a baseline) and then after.
The following tests can be performed:
• Application throughput with encryption – Check the performance loss on your network when encryption is activated. • Performance variance with different ciphers – Test the impact of using different TLS ciphers. • Efficacy of encrypted malware – Create encrypted malware and then send that traffic into your security infrastructure to test your equipment. • Strength of decryption capabilities – Look at the key length of the bulk cipher, not the handshake keys, to determine if the system is using strong or weak keys.
Find us at www.ixiacom.com Page 59 Security Testing
Target initiated attack
Classic Ethernet
External network internet
Attacker initiated attack MALWARE, VULNERABILITIES, AND EXPLOITS PROTECTED NETWORKS
SCENARIO
Network security is a top concern of every In addition to user education, enterprises use enterprise. Each node with access to the a variety of network security devices to protect internet or offering a service to the internet must their sites and services. These include: be protected from security threats. • Firewalls – Filter access to a network based Malware security attacks take many forms: on IP addresses and protocols. Next- viruses, worms, trojans, rootkits, spyware, generation firewalls use DPI to filter based on malicious adware, scareware, and lately, internal protocols and content. ransomware. These attacks often succeed with • VPN gateways – Provide secure access the cooperation of computer users—through to remote employees and partners. These e-mail, web pages, FTP transfers, instant devices use IPsec encryption to protect messaging, P2P file sharing, online games, and traffic from trusted sites. careless software installation. Other attacks • IDS/IPS systems – Protect against hacking. happen just by virtue of being connected to the These sophisticated devices recognize internet: DDoS attacks against company sites; a wide range of unusual network usage, attacks against web, e-mail, FTP, and other looking for indications of misuse. services; and password-login attacks. IDS systems notify administrators of possible breaches, whereas IPS systems block access, often by programming the firewall. • URL filtering – Prevent access to suspect websites. These devices watch all Web, FTP, and other access points and prevent access to sites on a vendor-supplied list.
Find us at www.ixiacom.com Page 60 • Anti-malware, anti-spam gateways – Prevent • Known vulnerabilities – Over 37,000 known malware from entering the enterprise. These security vulnerabilities, organized by type, similar functions look at the content of are available. Attacks are updated frequently e-mail, web, FTP, and other data entering the to stay current with hacker activity. enterprise. This type of prevention is often • Attack evasions – Attacks are frequently also present on individual computer systems. through the use of packet fragmentation and • Threat sandbox gateways – Verify data other sophisticated techniques. Ixia applies or files do not contain malware by either evasions to known vulnerabilities to increase executing or inspecting them in a sandbox effectiveness testing. before letting them enter the network. • Massive DDoS attacks – Simulate DDoS • DLP gateways – Prevent valuable data and botnet attacks to measure cyber from leaving the enterprise. This appliance infrastructure resiliency. Ixia uses its own test inspects traffic exiting the enterprise, looking ports’ customized logic and scale to mount for proprietary or improper data sent by large-scale DDoS attacks. deliberate user action or as a result of • Encryption – IPsec encryption is used in malware attacks. two ways. Encryption with “good” traffic serves to measure VPN gateway throughput. IXIA SOLUTIONS Encryption with “attack” traffic tests security effectiveness and accuracy for attacks Ixia offers a complete network test and delivered over secure connections. assessment product that measures security: • Multiplay traffic – Sends real-world, stateful • Effectiveness – The ability to detect and traffic to measure security appliance prevent all forms of attacks. performance. This means that the true, • Accuracy – The ability to accurately perform realistic performance, including QoE, of its function, without significant “false- security mechanisms can be measured—not positive” results. just raw throughput. • Performance – The ability to enforce security mechanisms while maintaining acceptable FEATURES OPTIONS network performance. Security enforcement • Tens of thousands of known vulnerabilities • Over 400 simulated applications mechanisms must continue to pass good Known vulnerabilities • Bi-directional application traffic even under the most aggressive • Evasion techniques attacks. • 30+ attack types DDoS • Virtually unlimited scale • IPsec The Ixia BreakingPoint Application and Threat Encryption • SSL/TLS Intelligence (ATI) service provides comprehensive • Data intelligence for optimizing and hardening the • Voice resiliency of IT infrastructures, including product Multiplay traffic • Video • City-scale subscribers updates, authentic application protocols, real- • QoE measurements world security attacks, and responsive support:
Find us at www.ixiacom.com Page 61 In conjunction with Ixia’s hardware and other SUGGESTED APPLICATIONS test applications, Ixia offers a complete test BreakingPoint/ Continuous real-time data feeds to ensure current BreakingPoint VE application and threat intelligence at all times solution for network devices that provides ATI Subscription functions other than security. Highly scalable SSL and IPsec encryption to IxLoad/IxLoad VE validate the performance and scale of security Ixia’s IxLoad–IPsec is designed to measure the infrastructure Uses the production network insight captured performance of VPN gateways that are used in AppStack metadata to bolster BreakingPoint TrafficREWINDTM traffic realism, improving fault analysis and device/ to connect organizations’ multiple sites and to architecture validation before deployment connect remote users to corporate networks. SUGGESTED HARDWARE IPsec is also used in wireless networks to Highly-scalable 40/10GE and 10/1GE platform to PerfectStorm validate application delivery performance and QoE protect communications between handsets and over access networks internal wireless gateways. Enterprise-ready portable appliance for 40/10GE PerfectStorm ONE and 10/1GE real-world, high-stress testing with up IxLoad-IPsec tests the performance of VPN to 80Gbps of application traffic Cloud-scale, multi-terabit 100GE, 50GE, 25GE, gateways of all types in several ways: CloudStorm and 40/10GE platform to validate application delivery and network security • Connections – How many site-to-site and Reduces space requirements and simplifies XGS12 Chassis management for high-port-density user connections can be concurrently 400/100/50/40/25/10/1GE testing in 11RU supported? XGS2 Chassis Two-slot ultra–high–performance 3RU Chassis • Connection rate – How rapidly can new connections be established? • Throughput – What is the maximum data rate that a gateway can sustain? • Interoperability – Can the gateway support
the numerous encryption and authentication BreakingPoint IxLoad protocols in use today?
XGS12 XGS2
PerfectStorm PerfectStorm ONE
CloudStorm
Find us at www.ixiacom.com Page 62 Threat Detection
SCENARIO
Cybersecurity is a top priority for almost every large organization in the world today. With security breaches on the rise and the threat posed to companies large and small, network and security administrators are on the alert and must keep systems safe from the twin threats of intruders and malware. The good news is there are a growing number of tools to address these risks. JON OLTSIK However, as traffic continues to grow, much of ESG Sr Principal Analyst and Founder ESG’s Cybersecurity Service it comes from known bad IP address sites and What’s killing security is not technology, it’s operations. Companies are looking for ways to reduce their overall locations that never need to hit your security operations requirements and need easy-to-use, high- tools. Plus, IT now spends an increasing amount performance solutions, like ThreatARMOR, to help them of time—and money—analyzing traffic logs and do that. flagging false positives.
Find us at www.ixiacom.com Page 63 IXIA SOLUTIONS
Ixia ThreatARMOR™ packs a powerful one-two punch by protecting networks against malicious IP addresses while alleviating the burden on time-strapped IT security teams. To enhance the security performance of enterprise networks, ThreatARMOR automatically eliminates traffic from known bad IP addresses and unwanted locations.
This enables network firewalls and IPSs to more efficiently focus on blocking malware and identify threats from all other IP addresses. Additionally, ThreatARMOR’s geo-blocking capabilities scrub traffic from foreign countries off networks, thereby preventing attacks from affecting network availability.
SUGGESTED PLATFORM
1U security appliance with inline blocking, inline ThreatARMOR monitor-only, and out-of-band monitor-only modes; always-on ATI cloud security service
INLINE SECURITY Threat intelligence TOOL FARM gateway
Out-of-band Network packet brokers (HA) sandboxing
Switch Bypass switch Switch Server
Switch Bypass switch Switch Server
Monitored tool links via heartbeat packets
Find us at www.ixiacom.com Page 64 Network Security Resilience
IDS
SSL decrypt (SecureStack) Traffic requiring decryption DLP
Threat intelligence gateway Other tools (ThreatARMOR)
• IP address identification BreakingPoint (with TrafficRewind) • Traffic dropped based upon IP address security-related metadata analyzed
Application filtering removes Application uninteresting traffic (e.g. intelligence allows only Facebook traffic (AppStack) Traffic not requiring to pass) Inspection is dropped Network packet broker (Vision ONE)
Network traffic Firewall Network tap Switch Servers SCENARIO
News broadcasts for the last several years A security resilience approach is about deploying have shown that most enterprise networks will functionality to: be hacked at some point. It is not a question • strengthen your capabilities to defend of if, but when. In addition, it usually takes against attacks IT departments about 191 days to detect an intrusion, according to the 2017 Ponemon • maximize your ability to rebound from an attack Institute Cost of Cyber Crime Study. This gives hackers plenty of time to find what they want • minimize the severity and cost of security and exfiltrate that information. breaches
What if there was a better way? By adopting a resilient security architecture approach, the time to observance and time to remediation can be reduced. Resilience is the ability of a system to return to its original form, position, etc., after being bent, compressed, or stretched. Extrapolating this concept to a security architecture, security resilience is the ability of your architecture to recover and return to a normal state after an attack and/or breach.
Find us at www.ixiacom.com Page 65 IXIA SOLUTIONS
An average of 191 days before discovery and • Use BreakingPoint with Traffic Rewind to remediation is far too long to be acceptable. Ixia insert a security attack replay capability to offers various component to make your network capture security data, and view it in the lab resilient. Here are some ways to potentially to acquire a tactical analysis of how the reduce that time: breach took place • Use BreakingPoint for threat simulation in • Use the Vision ONE NPB with the AppStack your security lab to understand better how application intelligence solution to find the threat behaves and validate that your fix indicators of compromise stops future attacks • Deploy the ThreatARMOR threat intelligence • Capture and filter monitoring data with gateways to prevent the exfiltration of data to the Vision ONE NPB then send that data known bad IP addresses to a purpose-built device to look at traffic • Decrypt SSL-based monitoring data once patterns using the Vision ONE NPB with SecureStack, • Install the Vision ONE NPB inline to support and distribute to forensic tools for faster fast architectural updates and reactions to analysis security threats • Implement adaptive monitoring using the
automation capabilities of the Vision ONE SUGGESTED PLATFORMS
NPB to respond to SIEM instructions, and 40GE all-in-one turnkey tool for lossless visibility pass suspect monitoring data to DLP tools Vision ONE for both inline and out-of-band tools with an easy- to-use web-interface. for analysis in near real time Signature-based application layer filtering, geolocation, RegEx-based filtering, NetFlow using AppStack • Conduct cyber range training on an ongoing enhanced metadata, data masking, and packet basis to recognize threats faster and practice capture features. Security focused intelligence that gives you better responding to them properly SecureStack visibility to SSL/TLS encrypted traffic 1U security appliance with inline blocking, inline ThreatARMOR monitor-only, and out-of-band monitor-only modes; BreakingPoint/ Continuous real-time data feeds to ensure current BreakingPoint VE ATI application and threat intelligence at all times Subscription Uses the production network insight captured in AppStack metadata to bolster BreakingPoint TrafficREWIND traffic realism, improving fault analysis and device/ architecture validation before deployment The Ixia professional services team offer various Cyber Range Training options for delivering a one-time or repeat cyber Service security training services
Find us at www.ixiacom.com Page 66 CHAPTER 3 HeaderVisibility 1 Solutions SAMPLE TABLE Header 2 SAMPLE TABLE
Body
Network Visibility Architecture...... 68 Hybrid IT Visibility...... 80
Network Visibility Feature Stacks...... 72 Cloud Visibility...... 82
Network Taps and Access...... 74 Visibility for Edge Computing...... 84
Inline Network Visibility...... 76 Active Network Monitoring and Assessment...86
Out-of-band Network Visibility...... 78
Find us at www.ixiacom.com Page 67 Network Visibility Architecture
IXIA VISIBILITY ARCHITECTURE A fast, reliable, and secure infrastructure
Access Network packet Monitoring broker tools
Eliminate visibility Scalability Reliability Performance and security blind spots SCENARIO
Today’s networks are growing in both size and systems make it hard, if not impossible, to keep complexity, presenting new challenges for IT and up with traffic and filter data “noise” at a rate that network administrators. More mobile devices are they were not designed to handle. connecting to more data from more sources— Network blind spots have become a costly and much of that is due to virtualization. and risk-filled challenge for network operators. IT challenges are further complicated by Further, unseen inter-VM and cross-blade data increasingly high customer expectations for center traffic leaves the network vulnerable to always-on access and immediate application threats, noncompliance, loss of availability, and response. This complexity creates network impaired performance. Today, up to 80% of data “blind spots” where latent errors germinate and center traffic can travel between servers, making pre-attack activity lurks. end-to-end visibility a real challenge. Blind spots are commonly caused by the The answer to these challenges is a highly following issues: poor use of Switch Port scalable visibility architecture that helps Analyzer (SPAN) ports and lack of tap ports, eliminate blind spots, while providing resilience limiting tool access to data; dropped and and control without complexity. Ixia’s Visibility duplicated packets, which suppress or delay Architecture delivers intelligent, resilient, and actionable information; SSL-encrypted traffic that proactive network visibility. may hide malware; and monitoring plans that are behind migration cycles. Stressed out monitoring
Find us at www.ixiacom.com Page 68 IXIA’S VISIBILITY SOLUTIONS IMPROVED PERFORMANCE WITH IXIA’S VISIBILITY ARCHITECTURE The Ixia Visibility Architecture is founded on a comprehensive product portfolio of high- Ixia’s Visibility Architecture improves architecture performance taps, bypass switches, NPBs, a performance by providing: cloud visibility platform, and an active monitoring • Full network visibility – Consistently send all solution, all of which can be easily deployed and the right data to the right tools by matching managed. The Ixia Visibility Architecture helps multiple filter criteria, eliminating dropped speed application delivery and enables effective packets due to overlapping filter conflicts. troubleshooting and monitoring for network • Automated response technology – Instantly security, application performance, and SLA re-route traffic to monitoring tools based on fulfillment—and allows IT to meet compliance suspicious activity so that you can reduce mandates. the time and cost of human intervention to It provides a solution to support both out-of- remediate network problems. band and inline monitoring in network and • Load balancing – Distribute monitoring cloud environments. The NPB, a key pillar of traffic to several analysis tools so that you the Ixia Visibility Architecture, enables fail-safe can fully use network bandwidth and boost deployment of multiple inline and out-of-band the efficiency of your monitoring tools, security enforcement and performance tools, even if their bandwidth is less than the such as IPSs, NGFWs, Application Performance network bandwidth. Monitoring (APMs), Network Performance • Sophisticated filtering and de-duplication Monitoring (NPMs), etc. – Increase monitoring tool performance by eliminating unnecessary data before it reaches a tool so that you can more easily adhere to compliance standards and generate more accurate tool statistics. • Zero packet loss – Deliver 100% of packets without dropping or losing them due to load. • Easy-to-use – Ixia’s NPBs are powered by a user-friendly drag-and-drop interface that allows you to easily connect monitoring tools to appropriate SPAN and tap ports with the simple click of a mouse.
Find us at www.ixiacom.com Page 69 SIMPLIFIED MANAGEMENT
• Create network connections and filters by using the intuitive Web-interface (GUI) so that you can aggregate, filter, and distribute network traffic to monitoring tools with a few clicks of the mouse and virtually eliminate the NTO 7300 need to rewire equipment. • Restrict access to specific filters, ports, Vision ONE or monitoring tools by delivering improved access control management to meet compliance and regulatory requirements. Vision 5288 Vision Edge 100 • From within any Vision NPB, monitor key Simple Network Management Protocol (SNMP) statistics from any network Vision Edge 40 Vision X management system so that you can view and report on key information, such as the amount of traffic each tool receives and Vision xStream 40 TradeVision instant notification of oversubscribed tools. • Accommodate your organization’s increasing need for more IP addresses by easily accessing any vision NPB using IPv4 or IPv6 addresses. Taps, Link Aggregators, Tap Bypass Switches Aggregators
Find us at www.ixiacom.com Page 70 SUGGESTED PLATFORMS All-in-one turnkey tool for lossless visibility for both inline and out-of-band tools with an easy-to- use Web interface Includes built-in availability of Ixia’s NetStack, Vision ONE PacketStack, SecureStack and AppStack capabilities, such as SSL decryption, data masking plus, and IxFlow® Forty eight 10GE/1GE SFP+ ports and four 40GE QSFP+ or 16-port 10GE Highest density NPB with up to 72 ports of 100GE each and the most advanced packet processing Vision 7300™ throughput at 2.4Tbps (and NEBS compliant 7303) Chassis Modules available to enable visibility intelligence including PacketStack, SecureStack, and AppStack features High-density 40G Up to sixty-four 10GE ports Vision 5288™ Offers an efficient and scalable solution to monitor 1, 10, and 40GE Inline and OOB capable packet broker with Vision Edge 100™ NetStack features. Multi-speed capable and (E100) massive density with (128) 10G ports in 1U size Inline and OOB capable packet broker with Vision Edge 40 NetStack features. Compatible with IFC; max 48 (E40) ports of 1/10GE; max six ports of 40GE Highly resilient, active-active inline and out-of- band capabilities that processes up to 2 Tbps Vision X per chassis 60 multispeed ports ranging from 10 to 100G per chassis 1 RU that supports 6 ports for 1G and 4 ports for 1/10G network packet broker use Vision E1S™ Supports NetStack, PacketStack, and AppStack. Hawkeye active network monitoring features built in NPB with four 40GE and forty-eight 10GE interfaces
TradeVision™ Supports FinTech features: multicast gap detection, feed and channel health, high-resolution traffic statistics, micro-burst alerting, and simplified feed management Manage your visibility through a single interface Ixia Fabric Controller™ with centralized management with Ixia’s SDV (IFC) controller for the Ixia Visibility Architecture Fail-safe inline security network packet broker Vision xStream 40 with aggregation, filtering, and load balancing for 10GE/40GE Networks A unique NPB with Ixia’s MobileStack features, to GTP Session provide specialized, subscriber-aware visibility to Controller™ (GSC) mobile operators
Find us at www.ixiacom.com Page 71 Network Visibility Feature Stacks
SCENARIO
Organizations are dealing with greater data VISIBILITY INTELLIGENCE volume and at greater speeds. They require Robust L2–4 filtering, aggregation, replication, load-balancing and source port labeling—the Ixia capabilities to manage the security and NetStack gold standard baseline for visibility intelligence monitoring of the information that traverses their features for all platforms networks. Organizations need more intelligent Intelligent packet filtering and manipulation ways to deal with data ranging from the ability including deduplication, header stripping, packet trimming, timestamping, data masking, PacketStack to manipulate packets in out-of-band monitoring GRE tunneling, burst protection, and NetFlow generation. Available for Vision 5288, Vision ONE to more sophisticated levels of filtering of L2–4 and Vision 7300, as well as CloudLens Self-Hosted traffic. Optimized handling for secure traffic with Ixia’s SSL Decryption feature is available for Vision NPBs. Moreover, one of the biggest challenges SecureStack A threat intelligence feed also helps recognize malware, botnet, exploits, hijacked IPs and phishing facing network administrators today is activity on your network. complete network visibility that extends past Context-aware, signature-based application layer L4 information. Many applications run over filtering; includes application filtering, geolocation and tagging for threat intelligence, optional RegEx- Hypertext Transfer Protocol (HTTP) within your AppStack based filtering, IxFlow NetFlow enhancement using metadata, data masking plus, and packet capture network or cloud infrastructure and, thus, can features. Available for Vision ONE, Vision 7300 and be obscured. SSL encryption can also hide CloudLens Private. data needed for monitoring, as well as security Visibility intelligence tailored for the mobile operator evolved packet core; includes GTP correlation, GTP threats, like malware. MobileStack load-balancing, location, device, and subscriber- based filtering, as well as subscriber sampling; available for GSC and CloudLens Private Access to real-time application data for monitoring tools empowers IT professionals to make better decisions with better data. Application intelligence provides rich data on the behavior and location of users and applications. This allows IT teams to identify unknown network applications, mitigate network security threats from suspicious applications and locations, and spot trends in application usage to predict and forestall congestion.
Find us at www.ixiacom.com Page 72 IXIA’S VISIBILITY INTELLIGENCE SOLUTIONS
To address these needs, Ixia has a full visibility Additionally, Ixia has SecureStack and AppStack intelligence portfolio. Beginning at NetStack, capabilities to address the need for filtering there is foundational L2–4 based filtering plus beyond L4 and to address encrypted traffic. aggregation, replication, and load-balancing. SecureStack and AppStack include: Even these are offered with a dynamic filter • dynamic and signature-based application compiler to automatically resolve overlapping detection, filtering, and monitoring rules, so setting up and managing rules is simple. But, Ixia goes beyond that to offer to • SSL decryption capability with stateful decrypted output offer additional filtering capabilities. • enables application tracking by bandwidth, Ixia’s PacketStack allows organizations to filter, session, and geography manipulate, and transport data. Some highlights • includes IxFlow (Ixia’s proprietary value- of these capabilities include: add extensions to NetFlow) and other • The ability to de-duplicate data to reduce information like device, browser, OS, bandwidth to security and monitoring tools. and more • Strip headers, trim packets, and more to • data masking plus with pre-defined credit ensure the packet size, content, and format card formats to help with PCI-DSS, HIPAA, aligns to the security and monitoring tools and other regulatory compliance items receiving the information. • hitless upgrades • Support generation of NetFlow v9 and v10 (IPFIX) and up to 10 NetFlow. Moreover, SecureStack and AppStack can be used in addition to NetStack and PacketStack. They can also be used for inline deployments.
CAM BEASLEY Chief Information Security Officer, University of Texas Ixia’s solutions outperformed the competitors we reviewed, offering an industry-leading GUI, dynamic filtering, and improved network responsiveness.
Find us at www.ixiacom.com Page 73 Network Taps and Access
SCENARIO
Proper network access starts with a tap. Taps Any monitoring device connected to a network provide non-intrusive access to data flowing device receives the same traffic as if it were across the network and enable the monitoring inline, including all errors. This is achieved as of network links. Taps are primarily used to the tap duplicates all traffic on the link and optimize passive monitoring of a network link. forwards it to the monitoring ports. Taps do not They are normally placed between any two introduce delay nor alter the content or structure network devices, including switches, routers, of the data. Fiber taps are usually passive and and firewalls, to provide network and security do not require power. Copper taps and other personnel a connection for monitoring devices. powered fiber taps have relays and battery Taps are used for troubleshooting and offer backups to allow traffic to continue to flow even continuous, non-disruptive network access. when power is removed.
Protocol analyzers, Remote Network Monitoring (RMON) probes, intrusion detection systems (IDSs) and IPSs, and other monitoring tools can now be easily connected to and removed from the network when needed. By using a tap, you also eliminate the need to schedule downtime to run cabling directly to the monitoring device from network devices, thus saving time and eliminating possible cabling issues.
Network tap deployment Network taps use passive splitting or regeneration technology HOW IT WORKS to transmit inline to an attached management or security device without data stream interference
The passive tap creates a permanent, inline access port 1. to monitor full-duplex traffic.
Internet Firewall Router Firewall Switch
The network signal is either The monitoring device sees split or regenerated so that the same traffic as if it the monitoring device has full were also inline, including access to the signal physical-layer errors. 2. Monitoring 3. device
Find us at www.ixiacom.com Page 74 IXIA SOLUTIONS
The Ixia family of taps provides 100% visibility SUGGESTED PLATFORMS 1/10/40/100G fiber interfaces and highly modular; and permanent passive access points into your Flex tap support the most split ratios network. When a monitoring tool is needed, Measure traffic loads on networks that carry VoIP, Slim tap simply connect the device to the tap instead videoconferencing, and security applications of taking down the link and interrupting traffic. Highest density tap in the market that lets you fit Flex tap VHD 36 Taps in 1U, for scalability, while being space Taps pass all network traffic—including L1 and efficient. L2 errors—without introducing bottlenecks Prevent light from accidentally getting injected Flex tap secure plus back into your monitored link; designed for lawful or points of failure. Regardless of interface intercept applications or location in the network, we provide a tap Industry’s only 10/100/1000BaseT tap with Gig zero delay tap true zero-delay operation to prevent network solution, supporting copper, multimode, and disruptions for maximum network reliability single-mode fiber at speeds of up to 100Gbps 10/100/1Gb Visibility for 10/100/1Gb network monitoring and copper tap security devices with media conversion models available. Fiber Flex Tap module designed for use in Cisco BiDi tap 40G BiDi networks, specifically ACI Single mode tap that supports 100G up to PSM4 400G speeds For use in patch panels and fiber distribution frames. Single mode fiber speeds of 1G, 10G, Patch tap 25G, 40G, 50G and 100G and multimode fiber speeds of 1G, 10G and 25G vTap capability provides visibility into traffic CloudLens between VMs; support VMware ESXi and NSX, self-hosted Openstack KVM, and Microsoft Hyper-V Enables multiple tools to monitor the same Regeneration tap network traffic while adding the flexibility of modular SFP-based monitor ports A link aggregation tap combines network Link aggregation tap traffic copies from multiple links onto a single monitoring port Provide access to a single network segment; Port aggregation tap enables you to view full duplex traffic with a single NIC per device, instead of two Fail-safe devices to ensure uptime and high Bypass switches availability of monitoring and security deployments up to 40GE Fail-safe device to ensure uptime and high iBypass 100G availability of monitoring and security deployments up to 100GE High-density configuration of Ixia’s iBypass switch iBypass DUO that includes two management ports
Find us at www.ixiacom.com Page 75 Inline Network Visibility
SCENARIO
Along with increased security threats and tighter Specialized packet brokers can then take this regulatory compliance requirements, today’s inline traffic and filter it at line rate to groom networks are delivering more services and the data quickly and efficiently for the specific carrying greater amounts of multi-protocol traffic inline tools being deployed (IDS, IPS, threat at higher data rates. Monitoring and security prevention, etc.). tools need to be deployed inline to inspect Key benefits of packets brokers used in this every packet and block incoming threats before scenario include: they affect the network and potentially disrupt business. • provides highly available active-active inline security Deployment of any inline tool in the network • tool-sharing reduces costs by allowing carries the risk of the tool becoming a point multiple departments in an organization to of failure. Should the inline tool become use the same monitoring tool to monitor unavailable, it can bring the network link down, multiple links throughout the organization making a critical segment of the network unavailable and affecting uptime. To avoid this • filtering increases efficiency and maximizes tool use by sending each tool only the traffic risk, customers need a fail-safe solution that it needs can protect the network from tool failures while allowing inline tools to protect the network from Bypass switch incoming threats.
A bypass switch is a specialized network device that provides fail-safe inline tool protection Network packet broker for security and monitoring devices. It uses a heartbeat packet to protect the network link from application, link, or power failure on the attached monitoring device.
Find us at www.ixiacom.com Page 76 IXIA SOLUTIONS
Ixia offers many solutions for inline security as Vision ONE, Vision E100, Vision E40, and Vision part of an inline security architecture, including X are NPBs used for monitoring high-speed both bypass switches and packet brokers. For network traffic, letting you share the network’s bypass switches, this includes a combination rapidly increasing traffic load among multiple of copper or optical interfaces and a range of tools. The need to record and inspect all traffic different network speeds. on high-volume 10G and 40G networks puts pressure on organizations to invest heavily in The iBypass switch continuously checks the new 10G and 40G tools or risk oversubscribing responsiveness of the inline tool by sending it their current tools. These solutions enable the heartbeat packets, expecting to receive those deployment of multiple tools in parallel, with packets back. It augments network monitoring traffic balanced between them that allows you capability through the use of microsecond to use inline tools more efficiently. The solution resolution heartbeat packets, SNMP traps, also offers a comprehensive set of HA features field-upgradeable software, and an easy-to- that are critical for fail-safe inline security tool use Web-based user interface. If the iBypass deployment. switch detects that the tool is not responding, it will bypass the inline tool, allowing network SUGGESTED PLATFORMS traffic to flow without interruption. Should that happen, the iBypass switch issues an alert iBypass Fiber, 40G, SR, 50μm, QSFP+ Cages High-density 12-segment 10Gbps Intelligent to indicate that the tool became unavailable, iBypass VHD Bypass Switch allowing network or security personnel to take iBypass 100G Single Segment 100Gbps Intelligent Bypass Switch appropriate actions.
iBypass DUO Double the capacity of the iBypass The iBypass switch continues to send heartbeat 8 Segment 10/100/1000Mbps HA Intelligent iBypass HD packets to the inline tool even after the tool Bypass Switch 10/100/1Gb Copper stopped responding. As soon as the tool Copper Ethernet interfaces up to 1G Bypass Switch becomes operational again, the iBypass re- 40GE all-in-one turnkey tool for lossless visibility routes traffic back through the tool to ensure Vision ONE for both inline and out-of-band tools with an easy- to-use web-interface. that the tool is continuing to monitor and protect the network. Vision X Scalable visibility ranging from 10 to 100GE Vision E40 Vision 40GE and 100GE platforms for scalable, rack-level E100 visibility
Find us at www.ixiacom.com Page 77 Out-of-band Network Visibility
SCENARIO IXIA SOLUTIONS
Taps serve as a starting point for creating a Ixia’s NPBs, as part of the Ixia architecture, visibility architecture. However, a problem arises help speed application delivery and enable if you try to connect monitoring tools directly effective troubleshooting and monitoring for to a tap. Those tools become flooded with too network security, application performance, and much data, which overloads them, causing SLA fulfillment—allowing IT to meet compliance packet loss and CPU overload. mandates. Ixia’s out-of-band network visibility solutions are comprised of a comprehensive This is where an NPB is useful. These devices product portfolio of high-performance taps, filter the data to send only the right data to the virtual taps, and NPBs, all easily deployed and right tool. Packets are filtered at L2–4; Ixia can managed. also uniquely provide up to L7 based filtering. Duplicate packets can also be removed, and The Vision portfolio of NPBs are powered by sensitive content stripped before the data is sent a user-friendly drag-and-drop interface that to the monitoring tools, if that is required, as allows you to easily connect monitoring tools to well. This provides a better solution to improve appropriate SPAN and tap ports with the simple the efficiency and utility of your monitoring tools. click of a mouse.
Packet brokers provide the following typical benefits:
• filtering of monitoring data that sends multiple streams of data to the different tools on your network • aggregating data from multiple sources • load balancing filtered data to multiple tools • deduplicating packet data • packet manipulation (header stripping, packet trimming, data masking, etc.)
Find us at www.ixiacom.com Page 78 Ixia NPBs offer simplified, intuitive management SUGGESTED PLATFORMS that is key to keeping total cost of ownership All-in-one turnkey tool for lossless visibility for both inline and out-of-band tools with an easy- low. They enable you to: to-use Web interface Includes built-in availability of Ixia’s NetStack, • Create network connections and filters by Vision ONE PacketStack, SecureStack and AppStack capabilities, such as SSL decryption, data using the intuitive GUI to aggregate, filter, masking plus, and IxFlow®. and distribute network traffic to monitoring Forty eight 10GE/1GE SFP+ ports and four tools with a few clicks of the mouse 40GE QSFP+ or 16-port 10GE Highest density NPB with up to 72 ports of 100GE and virtually eliminate the need to rewire each and the most advanced packet processing Vision 7300 (and throughput at 2.4Tbps equipment. NEBS compliant 7303) Chassis Modules available to enable visibility intelligence • Restrict access to specific filters, ports, including PacketStack, SecureStack, and AppStack features or monitoring tools by delivering improved High-density 40G access control management to meet Up to sixty-four 10GE ports Vision 5288 compliance and regulatory requirements. Offers an efficient and scalable solution to monitor 1, 10, and 40GE • Vision NPBs monitor key SNMP statistics Inline and OOB capable packet broker with Vision Edge 100 NetStack features. Multi-speed capable and from any network management system (E100) massive density with (128) 10G ports in 1U size so that you can view and report on key Inline and OOB capable packet broker with information, such as the amount of Vision Edge 40 (E40) NetStack features. Compatible with IFC; max 48 ports of 1/10GE; max six ports of 40GE traffic each tool receives, and get instant Highly resilient, active-active inline and out-of- notification of oversubscribed tools. band capabilities that processes up to 2 Tbps per Vision X chassis • Accommodate your organization’s increasing 60 multispeed ports ranging from 10 to 100G per need for more IP addresses by easily chassis 1 RU that supports 6 ports for 1G and 4 ports for accessing the NPB using IPv4 or IPv6 1/10G network packet broker use Vision E1S addresses. Supports NetStack, PacketStack, and AppStack Hawkeye active network monitoring features built in NPB with four 40GE and forty-eight 10GE interfaces
TradeVision Supports FinTech features: multicast gap detection, feed and channel health, high-resolution traffic statistics, micro-burst alerting, and simplified feed management Manage your visibility through a single interface with Ixia Fabric Controller centralized management with Ixia’s SDV controller (IFC) for the Ixia Visibility Architecture A unique NPB with Ixia’s MobileStack features, to GTP Session provide specialized, subscriber-aware visibility to Controller (GSC) mobile operators Taps, Link Copies and sends traffic of interest to the tools that Aggregators, Tap are monitoring your physical network Aggregators
Find us at www.ixiacom.com Page 79 Hybrid IT Visibility
SCENARIO IXIA HYBRID VISIBILITY SOLUTIONS
Organizations of all sizes have begun migrating Ixia’s entire portfolio of visibility solutions at least some of their workloads to the public are optimized for a hybrid environment. cloud (while keeping some workloads on- CloudLens™, Ixia’s platform for public and premises) to create a hybrid IT environment. private cloud visibility addresses the challenges However, many have experienced, or continue of granular data access in the cloud. The to experience, problems with their migration. platform provides a framework with which According to research from Dimensional tapping and filtering abilities are scaled on- Data, half or more of the companies surveyed demand to meet the needs of cloud customers. experienced application performance problems. Scalability, automation, and agility are what Additionally, 88% of companies surveyed users expect in a multi-tenant, self-service experienced some sort of issue with their model. cloud environment due to a lack of visibility CloudLens SaaS™, Ixia’s public cloud solution, into what is, and is not, happening within that is the first network-level solution that provides environment. These issues include performance Visibility-as-a-Service (VaaS) through a problems, service outages, missed security Software-as-a-Service (SaaS) model. Designed threats, and more. from the ground up to retain the elastic scale, The root of the problem is the use an “all or flexibility, and agility benefits of the cloud, nothing” approach to cloud migration. Some CloudLens SaaS uses sensors that are installed activities are better suited for the cloud (like into Docker containers. Monitoring data is being able to spin new applications up and captured and can then be sent to a location(s) down) and others are better suited for physical that is part of the cloud instance or within the on-premises (high performance and highly physical data center. secure architectures with inline IPS appliances). The CloudLens platform enables you to Use of a hybrid environment allows you to dynamically scale your cloud visibility as you safely and securely monitor your network scale your public cloud resources without infrastructure, whether it is virtual-based or creating an extra automation and infrastructure physical on-premises equipment based. management burden or any configuration changes.
Find us at www.ixiacom.com Page 80 Network packet brokers (NPBs), such as Vision SEAMLESS VISIBILITY INTO PHYSICAL AND CLOUD NETWORKS ONE, are another core component of a hybrid solution. NPBs capture, filter, deduplicate, and aggregate monitoring data before that data is sent to purpose-built tools for analysis. By using an NPB, your monitoring data is efficiently optimized. This reduces the cost and improves the efficiency of your monitoring appliances. Visibility services Visibility services Visibility services Ixia NPBs support an interface to CloudLens that allows for cloud and physical on-premises data sharing. By backhauling key pieces of Public cloud Physical network Private cloud monitoring data, a single, complete view of the network can be created to optimize trouble shooting, security, performance, and compliance SUGGESTED PLATFORMS activities. This reduces MTTR, improves network Tap, aggregate, filter, process, and manipulate security, and provides a coherent data set for traffic in virtual environments CloudLens SaaS Elastically scales on demand compliance tools. Cloud-native platform that allows for data export to on-premises NPBs Ixia’s Hawkeye™ solution allows you to further All-in-one turnkey tool for lossless visibility for both inline and out-of-band tools with an easy-to-use optimize environments by using proactive Web interface monitoring in both physical and virtual Vision ONE Aggregate, filter, process, and manipulate traffic in on-premises environments environments. Latent network performance Aggregate virtual and on-premises data to create metrics can be captured to measure the one holistic view of monitoring data Proactive monitoring solution that can be used in performance and health of both environments. physical on-premises, public cloud, and virtual A synthetic traffic generator allows you to create data center environments Hawkeye Synthetic traffic generator creates realistic traffic the exact mix of traffic on your network and mixes to load test any environment load test different configurations to determine Test cloud performance before (and as) you move applications to the cloud to reduce problems the best performance and also catch software and configuration rollout errors before a network upgrade is initiated. The impact of software application migrations from on-premises to cloud can also be captured before the configuration changes are made, eliminating future problems.
A hybrid cloud solution provides the maximum flexibility and Ixia provides complete flexibility in monitoring options.
Find us at www.ixiacom.com Page 81 Cloud Visibility
SCENARIO IXIA CLOUD VISIBILITY SOLUTIONS
While the benefits of cloud deployments are CloudLens, Ixia’s platform for public, private, many, including increased flexibility, agility and hybrid cloud visibility addresses the and most importantly, scale, accessing and challenges of granular data access in the cloud. monitoring virtual traffic is a challenge. Without The platform provides a framework with which granular access to virtual traffic, you may tapping and filtering abilities are scaled on suffer from blind spots in your network that demand to meet the needs of cloud customers. compromise application performance or security. Scalability, automation, and agility are what users expect in a multi-tenant, self-service For public clouds, service providers’ hyperscale model. With CloudLens, achieving cloud visibility deployments are characterized by continuous takes minutes, not hours or days. configuration changes based on demand. While resource pooling and elastic scale are part of the CloudLens SaaS, the arm that supports public cloud value proposition, the ability to monitor cloud platforms, is the first network-level virtual traffic flows at the same scale has been solution that provides Visibility-as-a-Service limited. (VaaS) through a Software-as-a-Service (SaaS). Designed from the ground up to retain the Private clouds, on the other hand, use a variety elastic scale, flexibility, and agility benefits of the of hypervisors in their build-out. As a result, cloud, CloudLens SaaS provides intelligent and access to private cloud data means that each automated cloud VaaS that scales with public hypervisor needs to be taken into account to cloud infrastructures. The embedded automation access inter- and intra-VM traffic. allows visibility and security and monitoring tool instances to shift in response to change in demands or failures without the need for operator in-the-loop actions. With CloudLens, you can easily use cloud-based tools without having to route data to on-premises solutions. This provides a significant bandwidth-saving option to customers.
Find us at www.ixiacom.com Page 82 The CloudLens platform enables you to COMPLETE VISIBILITY INTO CLOUD NETWORKS dynamically scale your cloud visibility as you scale your public cloud resources without creating an extra automation and infrastructure management burden or any configuration changes.
CloudLens Self-Hosted™, the arm that supports private cloud technologies, is able to tap, filter, Visibility services Visibility services aggregate, process, and manipulate traffic all in a cloud environment. CloudLens offers organizations the visibility they need, while Public cloud Private cloud keeping aligned to all cloud, hybrid cloud, multi-cloud, or any cloud strategy. CloudLens supports intelligent monitoring for OpenStack SUGGESTED PLATFORMS KVM, VMWare ESXi and NSX, and Microsoft The first network-level solution that provides VaaS through a SaaS for public and private cloud CloudLens SaaS Hyper-V. Moreover, CloudLens is also vSwitch/ Elastically scales on demand Router Agnostic (VSS, vDS). It combines the Cloud-native platform Addresses the challenges of granular data access power of its virtual tapping (vTap) capability in the private cloud and SDDC with NetStack, PacketStack, and AppStack Ability to tap (vTap) east-west inter-VM traffic Tap, aggregate, filter, process, and manipulate capabilities all in the cloud. It facilitates NetFlow, traffic in a virtual environment with advanced application identification and CloudLens Self- Support of VMware, Microsoft Hyper-V, KVM, and Hosted OpenStack environments geographic location, and deduplication to Available with NetStack, PacketStack, and provide unprecedented insight into network AppStack capabilities Available with MobileStack to provide subscriber traffic in both physical and virtualized aware visibility for virtualized and hybrid environments. Its tunneling options include deployments of the mobile carrier EPC generic routing encapsulation (GRE), VLAN, and encapsulated remote SPAN (ERSPAN) for maximum coverage across private cloud deployments.
Moreover, with more clouds available, multi- cloud and hybrid cloud visibility is required. Hybrid clouds give the maximum flexibility, and Ixia provides complete flexibility in monitoring options.
Find us at www.ixiacom.com Page 83 Visibility for Edge Computing
SCENARIO
While technologies come and go, one constant SD-WAN services can then be layered on top driving force is operational technology. A of Ethernet links to guarantee performance as fundamental shift currently happening in internet-based services can introduce latency operational technology is the movement from and packet loss to the network. Cloud services core computing to edge computing. Network can also be deployed to the edge of the architects are moving as much of the core network. compute resources as they can to the edge of Security remains an important concern as the the network. network extends further out. Inline security A substantial contributor to this edge computing appliances and SSL decryption are necessary to shift is the expense of MPLS circuits, especially protect against the introduction of malware into for the last mile to interconnect with remote the corporate network. offices. By contrast, internet-based network transport links can reduce remote office interconnect costs while also increasing data bandwidth with 100 MB and Gigabit Ethernet links that are readily available through ISPs.
INTERNET + PUBLIC CLOUDS + SAAS
REMOTE/BRANCHES
Wi-Fi
IoT internet
Tap Network packet broker Edge compute MPLS Network packet broker Tap
HUB SITE - HQ / DATA CENTER
Find us at www.ixiacom.com Page 84 IXIA EDGE VISIBILITY SOLUTIONS
Ixia delivers the foundation of edge visibility with Hawkeye makes measurement simple with the solutions that reduce cost, support security and largest application library in the industry; this optimize network performance. Ixia belongs at allows users to generate many kinds of synthetic the heart of every edge solution. traffic to proactively monitor their live networks.
Ixia taps allow remote devices on your network Ixia’s IxProbeTM solution combines an Ethernet to interface with Ethernet-based links. This is tap with a Hawkeye capable end point to the conversion point to IP. Next, NPBs take the simplify the edge solution even further. This incoming data from taps and aggregate it. Data one device gives you complete data and filtration can also be implemented to reduce performance access at the edge of your network, storage and compute needs. network.
At this point, Vision NPBs can be deployed The AppStack feature set in the Vision series directly path of the data allowing for inspection NPBs also allows you to extend network of data by security appliances like NGFWs and intelligence capabilities to the edge of your IPSs. The Ixia packet broker can also perform network. This includes signature-based data SSL decryption to inspect for malware. filtering, spotting application bandwidth overload by application type, geolocation information, Vision NPBs can also be used to ensure network device and browser type information, and using performance and service level agreements are application information to help spot indicators of maintained. This is accomplished by using the compromise and improve troubleshooting. Hawkeye proactive monitoring solution as a standalone application or by using an integrated SUGGESTED PLATFORMS version in the Vision E1S solution. This Provides up to 48 ports of 1/10GE connectivity Vision Edge 10S with Layer 2 GRE origination and termination along solution monitoring solution quickly and easily with NetStack and PacketStack features determines latency, loss, and jitter. Inline and OOB capable packet broker with Vision Edge 40 (E40) NetStack features. Compatible with IFC; max 48 ports of 1/10GE; max six ports of 40GE 1 RU that supports 6 ports for 1G and 4 ports for 1/10G network packet broker use Vision E1S Supports NetStack, PacketStack, and AppStack Hawkeye active network monitoring features built in Manage your visibility through a single interface Ixia Fabric Controller with centralized management with Ixia’s SDV (IFC) controller One 10GE interface with Hawkeye active IxProbe monitoring endpoint built-in
Find us at www.ixiacom.com Page 85 Active Network Monitoring and Assessment
SCENARIO IXIA SOLUTION
Network performance and user experience are Hawkeye is an active monitoring platform for critical aspects of your business. It is vital to live networks and field use. Its core capability understand customers’ perception of network, is synthetic traffic generation. Hawkeye is website, application, and Wi-Fi services. based on an open framework for integration New applications introduce potential network with operation support system (OSS)/element bottlenecks that must be quickly identified and management system (EMS) and IT environments. corrected. Not knowing impacts your revenue It can be used in physical on-premises, public stream. Hawkeye provides you with the insight cloud, and virtual data center environments. you need to manage your network, web, Hawkeye offers a single Web-based interface, application, and Wi-Fi performance. which scales to monitor hundreds of endpoints anywhere in the world. Endpoints sit at remote sites (e.g., branch office or home) and at a data center, headquarter, or private or public cloud. Endpoints are available in both hardware and software formats and are easy to install. They generate synthetic traffic to inject into and receive from the live network, reproducing real users traffic patterns. The synthetic traffic is processed for objective quality metrics and
Site-to-Site Application Data Center Cloud
HAWKEYE ENDPOINTS
XRPi XR2000 XR2000VM Android iOS Windows Linux Mac
CORE CAPABILITIES
Network Monitoring ü ü ü ü ü ü ü ü Application & Web Monitoring ü ü ü Wi-Fi Monitoring ü
SPECIFICATION DETAIL
Hardware ü ü
Software ü* OVA, ü ü ü ü ü ü AWS, AMI 1*FE, 1 Wi-Fi 2GE active Ethernet, Interfaces 2,4Ghz, 5Ghz, by default (up Ethernet, Wi-Fi, Virtual, Mobile, Wireless Virtual AC to six)
Find us at www.ixiacom.com Page 86 use for insights. Hawkeye continually measures network performance and service status.
Hawkeye makes measurement simple with the largest application library in the industry; this allows users to generate many kinds of synthetic traffic to proactively monitor their live networks. With the application library, you can:
• Ensure the QoE for your users. Emulate voice and video traffic, covering services like standard VoIP, unified communications (e.g., Skype for Business), or other video conferencing. • Make sure your users can access business- critical applications, such as Office 365, YouTube, Dropbox, and more. • Qualify and maintain network SLAs with diagnostic tools for IP Transport testing, and assess L3 network performance indicators (loss, jitter, delay). • Diagnose network routing and resolution: verify DNS server access and response time, discover routes between endpoint locations and fast track trouble shooting. • Qualify the real capacity of your circuits; test TCP and UDP traffic throughput over wired or wireless connections.
If there is an issue, Hawkeye helps you identify it, quantify it, and ultimately resolve it—before your customers experience it.
Find us at www.ixiacom.com Page 87 CHAPTER 4 HeaderSupport 1 Header 2 Header 2
Body Body
Ixia Global Support...... 89
Ixia Professional Services...... 90
Find us at www.ixiacom.com Page 88 Ixia Global Support
We understand that you must deliver higher- • maximizing the return on your Ixia solutions quality, higher-performing products and investment through access to the latest services to market faster than ever before. Ixia’s software releases with all new features, global support team is committed to helping enhancements, and patches you successfully achieve these increasingly • online accessing of full support materials at demanding business requirements. any time to find answers and solutions from our extensive knowledge base Key benefits and services we provide as part of • download the latest software releases, your active Ixia product support include: manage licensing, and access the latest • getting best-practice advice and quick product documentation and release notes resolution of product issues by accessing • upgrading to higher levels of support with our technology and product experts in global our premium support service, which offers support centers strategically located across many additional benefits that include APAC, EMEA, and North America through expedited hardware repair, increased access whatever method best suits your team—via and proactive support, customized support phone, e-mail, or online plans, and quarterly reporting • gaining direct hands-on assistance and local-language support through field support The global support team is your advocate within teams in many regions Ixia and is key to getting the most from your • obtaining proactive assistance with your Ixia investment. Support team members work team’s ramp up on new Ixia products and seamlessly with your Ixia field sales managers, features system engineers, and all other Ixia teams to • maximizing the capability and productivity of ensure that you get what you need when you your Ixia products to test new scenarios need it to be successful. • reducing risk to your critical projects and time to market through fast, expert support and managed escalation processes to ensure responsive issue resolution • accessing expert automation advice and script debugging assistance for your engineers • protecting your Ixia test system investment and minimizing downtime with full-service hardware repair (RMA) and rapid on-site interchange of field-replaceable hardware modules
Find us at www.ixiacom.com Page 89 Ixia Professional Services
ENRICHING YOUR TEST-SOLUTION COMPREHENSIVE INTEGRATED TEST EXPERIENCE SOLUTIONS
Service providers and enterprises frequently • Project management – An experienced require additional expertise to properly evaluate Ixia project manager manages your test the performance and interoperability of the effort from start to finish. All aspects of a multi-vendor devices and systems that make up proper QA process—test plan development, their networks. personnel and equipment allocation, test development, automation, regression, Although critical to successful launches, testing and reporting—are actively monitored and is often downplayed and frequently back-ended documented. in project plans. Even when testing needs are • Test process optimization – Solutions accommodated, sufficient priority is often not targeted to your specific test needs help you given to test automation and full integration of get the most out of your Ixia test equipment testing into the service delivery lifecycle process. and applications. We help you focus on When proper testing is overlooked, performance what, when, and where to test and include and QoS suffer. Test automation and integration trend analysis. into a service delivery lifecycle is key to ensuring • Test automation – Enables you to perform quality, performance, and efficient time to cost-effective, efficient, and repeatable market. lifecycle testing that enables you to deliver top-quality products. Automation speeds The Ixia professional services team of highly testing from days to hours. Automation experienced testing experts is here to help you also helps you meet shipping and achieve the optimal testing solution for your deployment deadlines. unique requirements. We understand that fast results will drive project success. From project ing Magic ach Te management, best-practice recommendations, S u p e r and training to full testing and automation h e r o services, we have a robust set of service options s t o l n u
s d that you can combine or use independently. e u
R t
y
e
t
a
i Customer d
e Success m
m I
n o i t u l o Q v e u i R c y k it er v , S ti m uc oo d the Pro r, Better
Find us at www.ixiacom.com Page 90 INDUSTRY-LEADING TESTING EXPERTISE
• Testing solution experts – With your Ixia TaaS assessments help ensure the success of: resources at a premium, Ixia can provide • network infrastructure upgrades you with critical access to trained experts to assist on urgent and late product • unified communication (UC) rollouts development testing, customer PoCs, • virtualization deployments real-world solution demonstrations, and • firewall and complementary security device test lab setup, development, and ongoing testing and evaluation maturation. • provides efficient, robust, and cost-effective • Instructor-led training – For comprehensive testing services to your organization instruction and hands-on lab experience. Options for instructor-led training include: • packages industry standard test plans, reports, and methodologies that can – Training at Keysight facilities located be applied to various aspects of an worldwide. A variety of classes are offered infrastructures’ lifecycle to aid in achieving various skill levels and • addresses the needs of QA labs and IT certifications. departments, as well as pre- and post- – On-site training at customer locations production networks and systems for service offering the ultimate in convenience, providers, enterprises, and NEMs personalized training and service. Classes • test modules bundle solutions (hardware, are scheduled upon request on a first- software, and services) to leverage our testing come, first-serve basis, preferably for a expertise along with our best-of-market minimum of four students. testing products
TEST AS A SERVICE (TaaS) CYBER RANGE TRAINING Ixia’s Professional Services Organization (PSO) Ixia delivers structured Cyber Range training and works with leading equipment manufacturers, war-gaming exercises to prepare cyber warriors system integrators, and enterprises worldwide. at both public and private organizations to defend Drawing on the world’s largest, most trusted their critical infrastructures, enterprises, and arsenal of test systems, methodologies, and communications networks. With a comprehensive expertise, Ixia TaaS assessments deliver data cyber-warrior curriculum, government officials, vital to making decisions, demonstrating value, CIOs and SOC managers, can educate and train and meeting customer expectations. their personnel through a wide range of exercises at increasing levels of difficulty. Our services include both pre-built and customized war-game scenarios to ensure the highest security for your particular network.
Find us at www.ixiacom.com Page 91 CHAPTER 5 Acronyms
ACRONYM DEFINITION ACRONYM DEFINITION ACRONYM DEFINITION
Authentication, Authorization, CXP Copper connector for higher- Ethernet Virtual Private Line AAA and Accounting speed Ethernet EVPL (data service) DCB Data Center Bridging ACI Application Centric Infrastructure FC Fibre Channel DCBX Data Center Bridging Capability Advanced Driver Assistance Exchange Protocol FCF Fibre Channel Forwarder ADAS Systems (Ethernet switch) DDoS Distributed Denial of Service FCoE Fibre Channel over Ethernet AFM Advanced Feature Module DHCP Dynamic Host Configuration Protocol Forward Error Correction/ ALG Application Layer Gateway FEC forwarding equivalency classes DHCPv4 Dynamic Host Configuration ANCP Access Node Control Protocol Protocol version 4 FIP Fibre Channel over Ethernet DLP Data Loss Prevention (FCOE) Initialization Protocol AP Access Point DNS Domain Name System FTP File Transfer Protocol APAC Asia Pacific DoS Denial of Service Gbps Gigabits per second API Application Program Interface DPI Deep Packet Inspection GE Gigabit Ethernet APM Application Performance Monitor DRM Digital Rights Management Application and Threat GGSN Gateway GPRS (General Packet ATI Intelligence Radio Service) Service Node DS Disc Storage ATIP Application and Threat GPT General Purpose Timer Intelligence Processor DSL Digital Subscriber Line ATM Asynchronous Transfer Mode GRE Generic Routing Encapsulation DSLAM Digital Subscriber Line Access BaseT Baseband Twisted Pair Multiplexer GUI Graphical User Interface
BERT Bit Error Rate Testing DS Lite Dual-Stack Lite HA High Availability Bidirectional Forwarding DUT Device Under Test HD High Definition BFD Detection European Basic Multiplex Rate HSE Higher Speed Ethernet BGP Border Gateway Protocol E1 (30 voice channels; 2.048 Mbps) HSS High-Speed Serial BNG Broadband Network Gateway Extensible Authentication EAPOL Protocol Over Local Area Broadband Remote Access HTTP Hypertext Transfer Protocol BRAS Server Network (World Wide Web protocol) BSC Base Station Controller EDA Electronic Document Access I/O Input/Output
BTS Base Transceiver Station Ethernet transparent local area ICMP Internet Control Message E-LAN network Protocol CAPEX Capital Expenditure IDS Intrusion Detection System E-Line Ethernet private line CDN Content Delivery Network IEEE Institute of Electrical and Ethernet Local Management Electronics Engineers E-LMI Interface CE Customer Edge Internet Gateway Message IGMP Protocol CFM Connectivity Fault Management EMEA Europe Middle East Africa IKE Internet Key Exchange CFP Complementary Feedback Pair EMS Element Management System IMS IP Multimedia Subsystem CIFS Common Internet File System eNodeB Evolved Node B IOS Internet Operating System CLI Command Line Interface EP Extended Protocol IoT Internet of Things CNAs Converged Network Adapters EPC Evolved Packet Core IP Internet Protocol CPE Customer Premises Equipment EPL Ethernet Private Line IPS Intrusion Prevention System CPU Central Processing Unit ERSPAN Encapsulated Remote SPAN IPsec Internet Security Protocol ESXi VMware hypervisor
Find us at www.ixiacom.com Page 92 ACRONYM DEFINITION ACRONYM DEFINITION ACRONYM DEFINITION
IPTV Internet Protocol Television Multiple Multicast Registration PON OLT Passive Optical Network Optical MMRP Protocol Line Termination IPv4 Internet Protocol version 4 POP Point of Presence MOS Mean Opinion Score IPv6 Internet Protocol version 6 POS Packet over SONET MPLS Multi-Protocol Label Switching IPv6ov4 Internet Protocol version 6 over version 4 Multiprotocol Label Switching- PPP Point-to-Point Protocol MPLS-TP transport profile Internet Small Computer PPPoA Point-to-Point Protocol over ATM iSCSI Systems Interface MSTP Multiple Spanning Tree Protocol Integrated Services Digital PPPoE Point-to-Point Protocol over ISDN Network Multicast VLAN Registration Ethernet MVRP Protocol Intelligent Small-Form-Factor PPPoEoA Point-to-Point Protocol over ISFP-GR Pluggable Module NAC Network Access Control Ethernet over ATM
NAT Network Address Translation Point-to-Point Protocol over X ISRs Integrated Service Routers PPPoX (anything) NDP Neighbor Discovery Protocol ISIS Intermediate System to PPPv4 Point-to-Point Protocol version 4 Intermediate System Network Equipment NEM Manufacturer Public Switched Telephone IT Information Technology PSTN Network International Telecommunication NFV Network Functions Virtualization ITU-T Union Telecommunications Pseudo-Wire Emulation Edge Test Network Functions PWE3 to Edge Standard NFVI Virtualization Infrastructure Japanese System at 1.54 NGFW Next-Generation Firewall QA Quality Assurance J1 Megabits/second (24 channels) QinQ Queue in Queue KVM Kernel Virtual Machine NGN Next-Generation Network QoE Quality of Experience NNTP Network News Transfer Protocol L Layer (RFC 977) QoS Quality of Service L2CP Layer 2 Control Protocol NOC Network Operation Centers Quad Small Form-Factor L2MP Layer 2 Multilink Protocol NPB Network Packet Broker QSFP Pluggable
L2TPv2 Layer 2 Tunneling Protocol v2 NPM Network Performance Monitor Remote Authentication Dial-In RADIUS User Service LAC L2TP Access Concentrator NSX VMware's network virtualization platform REST Representational State Transfer LACP Link Aggregation Control Protocol NTO Net Tool Optimizer RFC Request for Comment Operations Administration and LAN Local Area Network OAM Maintenance (Ethernet protocol) RIP Routing Information Protocol OPEX Operational Expenditure LDAP Lightweight Directory Access Routing Information Protocol Protocol RIP/NG Next Generation OSPF Open Shortest Path First LDP Label Distribution Protocol RIPng Routing Information Protocol OSS Operation Support System Next Generation LNS L2TP Network Server OTT Over the Top RMA Random Multiple Access LSP Label Switched Path P Provider RMON Remote Network Monitoring LSP-Ping Label Switched Path Ping RNC Radio Network Controller MAC Media Access Control P2P Peer-to-Peer RSTP Rapid Spanning Tree Protocol PBB Provider Backbone Bridge MbE Multi-Bit Error or Multi-byte Extension Resource Reservation Protocol- PBB-TE Provider Backbone Bridge Traffic RSVP Engineering Traffic Engineering MDI Medium Dependent Interface PC Personal Computer RSVP-TE Resource Reservation Protocol- MEF Metro Ethernet Forum Traffic Engineering PCM Pulse Code Modulation MGCP Media Gateway Control Protocol RTCP Real-Time Control Protocol PCRF Policy and Charging Rules MHz Mega Hertz Function Real-Time Transport Protocol RTP (digital switched telephony) MIMO Multiple Input Multiple Output PDN-GW Public Data Network Gateway RU Rack Unit PE Provider Edge MLD Multicast Listener Discovery Protocol SAN Storage Area Network PIM Protocol Independent Multicast mLDP Multicast Label Distribution SAP Session Announcement Protocol Protocol PIM-BSR Protocol Independent Multicast Base Station Repeater SBC Session Border Controller MLPPP Multi-Link Point-To-Point Protocol PMTU Path Maximum Transmission Unit SCCP Skinny Client Control Protocol Mobility Management Entity MME PoC Proof of Concept (3GPP) SD Standard Definition
Find us at www.ixiacom.com Page 93 ACRONYM DEFINITION ACRONYM DEFINITION
SDN Software Defined Networking VoIP Voice over Internet Protocol
Small Form-factor Pluggable vPB Virtual Packet Broker SFP (optical transceiver module) VPLS Virtual Private LAN Segment SGSN Serving GPRS (General Packet Radio Service) Service Node VPN Virtual Private Network Virtual Router Redundancy Signaling Gateway or Security VRRP SGW Gateway (IPSec) Protocol
SIGTRAN Signaling Transport WAN Wide Area Network SIP Session Initiation Protocol WLAN Wireless Local Area Network SLA Service Level Agreement WM Windows Mobile Simple Network Management SNMP Protocol
SoC Security Operations Centers
SOC Or security operations center
SONET Synchronous Optical Networking
SPAN Switch Port Analyzer
SQL Search and Query Language
SR Send and Receive
Secure Real-Time Transport SRTP Protocol
SS7 Signaling System 7
SSL Secure Socket Layer
SSM Security Services Module
STP Spanning Tree Protocol
SUT System Under Test
T-carrier 1 (digital transmission T1 line, 1.544 Mbps, 24 voice channels)
TAAS S/B Test as a Service
TCP Transport Control Protocol
TLS Transport Layer Security
Unit of measurement for U rackmount equipment (U is 1.75in or 4.44cm)
UC Unified Communications
UDP User Datagram Protocol
UE User Experience
UI User Interface
UNI User Network Interface
UTM Unified Threat Management
Virtual Circuit Connectivity VCCV Verification
VE Virtual Edition
VLAN Virtual Local Area Network
VM Virtual Machine
VNF Virtualized Network Function
VoD Video on Demand
Find us at www.ixiacom.com Page 94 This information is subject to change without notice. © Keysight Technologies, 2019, Published in USA, December 5, 2019, 7119-1213EN