The presentation is dedicated to the main products of NUVX Technologies, which will be of interest to Telco companies, ISP providers, as well as integrators.
Our key products are: NUVX.DPI, NUVX.NAT and NUVX.QoE
Feel free to contact us in case of any questions: http://nuvx.com/contacts
2. Product Application Areas2
Performance Security
Telco State
Power MetallurgyOil & Gas
Mechanical
engineering
Transport
Uniformed services
& Army
Banks Insurance Social insurance fund
Cloud solutions IoT Smart city
2
3. Products / Customers / Competitors
Product
Name
NUVX.NAT NUVX.FILTER NUVX.BRAS NUVX.DPI NUVX.QoE NUVX.Router NUVX.Balancer NUVX.SDNSW
Platform x86 x86 x86 ASIC+x86 ASIC+x86 x86 ASIC ASIC
Product Type CG-NAT URL-filtering
Service
gateway
DPI
Quality
of experience
IP/MPLS
router
L3/L4 load
balancer/active
TAP
SDN switch
Customers
Fixed and
mobile ISP
Fixed and
mobile ISP,
Corporate
Fixed ISP ISP, Corporate
ISP,
Corporate
Fixed and
mobile ISP,
Corporate
Fixed and
mobile ISP, CDN
Fixed and mobile
ISP, CDN,
Corporate
Competitors
Cisco
Juniper
Huawei
Nokia
A10
F5
Checkpoint
Fortinet
Palo Alto
Ericsson
Juniper
Cisco
Huawei
Nokia
Brocade
Allot
Sandvine
Empirix
Comarch
Juniper
Brocade
Cisco
Huawei
Gigamon
Bigswitch
Arista
Naviflow
pica8
3
5. NUVX Universal Platform Platform –
Model Types
Model 2020
Model 2040
Model 4080
Model 4120
Model 4160
5
6. NUVX Universal Platform Solution Based
on 4 Platforms
• NUVX Universal Platform uses all functionality supported by the 4 platform simultaneously;
• NUVX Universal Platform provides all the basic functionality of the medium broadband
access provider on one physical platform.
NUVX.BRAS
License
NUVX.NAT
License
NUVX.Filter
License
NUVX.QoE
License
6
7. CG-NAT Solution Based on NUVX
Universal Platform
In comparison with foreign analogues*
* According to the results of testing in an independent laboratory in 2015. 7
8. URL-filtration Solution Based on NUVX
Universal Platform
• Direct network packet content analysis instead of the IP addresses in the header;
• 100% prohibited content filtering and blocking;
• Up to 160 Gbit /s (In + Out) all traffic performance when connected in-line;
• Up to 16 filter lists, up to 30 million entries in the “black list“ support;
• Custom list processing support;
• Blocking break-in counteraction.
8
9. NUVX.QoE Solution Features Based on
NUVX Universal Platform Platform
• Quality of Experience (QoE) monitoring;
• Websites visited by ISP subscribers tracking;
• Possible Botnet, Virus Crypto-mining activity detection;
• Service upsaling;
• Network faults behind subscriber’s CPE, NAT and Wi-Fi detection;
• No additional probes or software installation required on the subscriber's side;
• No diagnostic packets required to be sent;
• DPI can monitor the mirrored traffic, in-line installation is not required;
• Generalized mechanism: any access technology and service model support;
• QoE functionality can be combined with other useful DPI functions in one device.
9
10. Dec 13 08:29:01 10.10.10.3 010.012.057.225: 65376 091.231.235.128:00080 1513182549 nuvxnat GET
/depot/228986/chunk/7d3ece044d4115fa7bae974acbd0873b305d6fb3? HTTP/1.1#015#012Host: steam.ru.qtlglb.com#015#012Accept:
text/html,*/*;q=0.9#015#012Accept-Encoding: gzip,identity,*;q=0#015#012Accept-Charset: ISO-8859-1,utf-8,*;q=0.7#015#012User-Agent:
Valve/Steam HTTP Client 1.0#015#012#015
Dec 13 08:29:01 10.10.10.3 010.254.017.186: 36449 095.163.068.052:00080 1513182549 nuvxnat GET /perviy/1/15131/1513171716.00-
1513171722.00.ts?account=2487e54f5cc6f78e&client=0d8d9390e47ad0a7&expires=1513260000&profile=17e3ecbacbe1d0a8&provider_id=5703bd2480
a8a010014872c3®ion=&token=AoFK0UGWN8bgkRt0UNEqwg&user=a26ddbe35cbfb913&shift=0 HTTP/1.1#015#012Host:
streams.b612.tightvideo.com#015#012Connection: close#015#012Cookie: #015#012User-Agent: Mozilla/5.0 (Web0S; Linux/SmartTV)
AppleWebKit/537.41 (KHTML, like Gecko) Large Screen WebAppManager Safari/537.41#015#012#015
Dec 13 08:29:01 10.10.10.3 010.254.019.150: 35351 095.163.068.058:00080 1513182549 nuvxnat GET
/mult/1/index.m3u8?account=491b7356de6aa38f&client=42df8d73114169a4&expires=1513260000&profile=c5514e0e4037bd5a&provider_id=5703bd2
480a8a010014872c3®ion=&token=HU9uSU_0fRnDODt0m1pTgQ&user=9a3326b0dc398880 HTTP/1.1#015#012Host:
streams.b612.tightvideo.com#015#012User-Agent: stagefright/1.2 (Linux;Android 4.2.2)#015#012Range: bytes=0-#015#012Connection:
close#015#012#015
Clickstream statistics data collected by NUVX Universal Platform can be used for drawing conclusions
about the resources visited by subscribers, devices they use, operating systems, Internet browsers, etc.
Collection of Clickstream Statistics Based
on NUVX Universal Platform Platform
If necessary, the information from HTTP GET requests can be enriched on the external to EcoFilter server with
information from billing and converted to the desired format (for example .CSV file.) 10
11. The NUVX Universal Platform platform analyzes the traffic passing through it and
collects statistics to assess the quality of subscribers' work in the network (number of
packets transmitted, number of re-sent packets, delay, etc.)
Having QoE statistics, the operator can proactively identify potential problems of
subscribers and fix them before they occur.
Collection of Quality of Experience Statistics
on the NUVX Universal Platform Platform
By comparing current QoE
metrics with historical ones, you
can determine the impact of any
changes to network settings on
the quality of network
performance.
11
12. Collection of Quality of Experience Statistics
on the NUVX Universal Platform Platform
Identify problems with the quality of communication behind CPE, including up to subscriber equipment:
• Boost LTV (LifeTimeValue);
• Clickstream analytics - ability to track visited sites, including competitors' sites;
• Find out how many virtual IP addresses are behind the real IP address;
• Determine what services / equipment subscribers use (SIP, OTT, smart house, smart tv, network
equipment);
• For each subscriber, prioritize traffic and restrict certain L7 based protocols.
12
14. NUVX.DPI Brief Description
NUVX.DPI is the hard & software complex
designed for traffic inspection and deep traffic
analysis. The DPI (deep packet inspection)
system operates at several levels of the OSI
model (from the data-link layer to the
application layer) by protocols, applications,
services, including multicast and network
control protocols. This gives extensive
opportunities for providers for traffic
management.
The complex is to be installed “in-line” of
existing internal or external links through
NUVX.DPI Bypass.
This device switches the system to bypass mode
(transparent traffic passing) in case of any abnormal
situations.
The main complex component which processes traffic
can be clustered to scale complex’s bandwidth. The traffic
balancing subsystem distributes the incoming and
aggregates the outgoing traffic processed.
NUVX.DPI Teracluster is the first Russian fault-tolerant
multi-terabit DPI cluster, scalable up to 40 Tbit/s.
14
15. NUVX.DPI
Security (AntiDDoS,
IDS/IPS)
Content Filtering
Filtering for Lawful
Intercept
Traffic Monitoring and
Management
Encrypted Traffic
Decoding and Analysis
DLP – Data Loss
Prevention
Application Based
Routing
Smart Load Balancing
Targeted Advertising,
Customer notification
QoE, VaS, and Other
Services
DPI in Provider Network
15
16. NUVX.DPI Features and Benefits (1)
• Traffic analysis by applications with an updated
signature database (more than 3200 applications,
all the most known at the moment);
• Flexible management of subscriber policies,
including options for quoting, parental control, etc;
• Versatile management (policing / marking / drop
etc.) of downloading certain applications;
• SLA ensuring at the application level;
• Traffic analysis in AS, AS-PATH sections, traffic
volumes, applications, subscribers;
• Traffic redirecting corresponding to certain regular
expressions for further processing by third-party
systems (service chaining for VAS);
• High-performance URL filtering http / https, URL
logging, policing the traffic of individual URLs;
• Support for 10/40/100 Gb/s interfaces with
various encapsulation options: MPLS, IPinIP,
QinQ, GRE, PPTP, L2TP, including embedded
encapsulation;
• Keeping of all metadata for further analysis:
trends, forecasts, analytics, user profiles, etc.
(BigData);
• Single point of monitoring and control of the
entire system;
• Switching the system to bypass mode in case of
any abnormal situations.
16
17. NUVX.DPI Features and Benefits (2)
• Real-time blocking of specific applications;
• Traffic prioritizing, analysis and classification;
• 100G port feature;
• Load balancing, linear scaling;
• Cluster solution, multi-terabit performance;
• Discovery communication problems behind CPE
including user equipment (QoE);
• Common bandwidth management and
distribution for subscribers (QoS);
• 10/40/100 Gbit/s interface support with MPLS
encapsulation;
• Optional feature of BRAS/CG-NAT/Routing;
• Innovative DPI Engine extensible by new
signatures;
• Maximum bandwidth, Gbit/s: 100 per DPI Unit;
• Maximum number of sessions, million: 240;
• Maximum number of sessions per second,
thousands: 800;
• Maximum number of subscribers, million: 31,5;
• Number of protocols recognized: 3200+;
• Number of URLs in library, million: 150;
• Network interfaces: 4X100GbE per DPI Unit.
17
18. Hardware Platforms. NUVX.DPI Bypass
However, in case of abnormal situations in the system, this should not affect the operator's network
functionality. In order to provide protection against failures, the NUVX.DPI Teracluster is connected
to the operator's network through the NUVX.DPI Bypass devices. The device is installed in the gap
between two routers of the operator's network and redirects traffic flows to the DPI complex for
further processing. In case of any failure or maintenance the NUVX.DPI Bypass immediately
switches the complex to bypass mode (transparent traffic passing).
As the traffic inspection and analysis system should be able to control traffic in the
provider’s network directly, it is installed “in-line” of existing lines.
18
19. Hardware Platforms. NUVX.DPI Balancer
NUVX.DPI Balancer Main Functionality:
• Providing different interface types for internal and external
systems: 10G, 40G, 100G;
• Traffic distribution between DPI devices;
• Traffic balancing between CPU cores inside single DPI device;
• Asymmetric traffic flow aggregation;
• N+X redundancy;
• Traffic redirection to the external systems for further storage
and analysis;
• Transparent passing mode with mirroring to NUVX.DPI Unit;
• Offloading mode for specific traffic flows – without analyzing in
NUVX.DPI Unit (transparent transit traffic passing, including
encrypted one).
To gradually scale DPI complex
bandwidth the main traffic processing
element (NUVX.DPI Unit) can be
clustered. In this case after the
NUVX.DPI Bypass traffic is transferred
to the balancing subsystem which
consists of one or several NUVX.DPI
Balancer devices.
This subsystem distributes incoming
traffic inside the NUVX.DPI Units farm
and aggregates the processed traffic.
19
20. Hardware Platforms. NUVX.DPI Unit
The one of the functions of the NUVX.DPI Unit is the traffic management
according to the policies specified. Policies can be based on protocols
(systemwide polices), which allows to:
• Restrict (rate limiting or drop) the traffic of a certain application,
protocol, networks, ports, etc.;
• Restrict the traffic of specified protocols with the specified meta-data;
• Restrict the traffic for certain Web resources;
• Apply QoS policies;
• Mark the traffic of certain applications.
Using policies the traffic of a single subscriber can be limited (subsciber-
based policies). By such policies the following scenarios can be
implemented:
• Restriction of the traffic of certain subscriber;
• Quoting;
• Application of policies to subscriber's services based on applications,
networks, ports and other;
• Grouping subscribers by various criteria.
The main subsystem of the complex is
the one or multiple devices for deep
traffic analysis NUVX.DPI Unit. The
device analyzes packets on L2-L7 levels
of the OSI model. In addition, NUVX.DPI
Unit recognizes traffic of more than
3200 various applications. The traffic
statistics collected during the analysis
are transmitted via a proprietary
protocol to NUVX.DPI Collector, which is
a part of the complex.
20
21. Hardware Platforms. NUVX.DPI cEMS
The NUVX.DPI cEMS tasks include the following:
• Auto install (Auto Provisioning, Zero Touch
Provisioning, ZTP) of cluster elements;
• Cluster element’s firmware updating;
• Cluster element’s health check;
• Configuration management of each cluster
element;
• Single point for claster management and
monitoring by external OSS/BSS systems.
All complex subsystems and elements are
managed by a central control system. It is
a separate device named NUVX.DPI cEMS.
All complex elements are managed from
NUVX.DPI cEMS by using command line
interface (CLI) or graphical user web
interface.
21
22. NUVX.DPI Collector Software
The complex also includes a subsystem for collecting and analyzing connection logs (NUVX.DPI
Collector), which provides single access to the logs and statistics on them.
The system accumulates statistical information about traffic flows (CDR), converts it for further
processing and can be sent to external data storage system (EDSS) for long-term storage and
subsequent analysis by other systems.
To view the statistics, a Web-based interface was implemented, where not only detailed information on
protocols, applications and subscribers is presented, but also graphs that demonstrate the use of
network capacities and resources of the complex.
Since the complex is divided into several separate devices according to their functional characteristics, it
easily scales and adjusts to the tasks of a specific operator. For example, if the volume of the processed
traffic does not exceed 100 Gbit / s, the complex may consist of only four components.
At the moment, the maximum performance of the complex can be achieved using a scheme with three
NUVX.DPI Unit farms with 20 devices in each farm. One device handles up to 100 Gbit / s traffic.
Consequently, the overall performance of the complex will be 6 Tbps/s (NUVX.DPI Teracluster).
22
23. NUVX Technologies
Techno Hub B3, Office G-022,
Dubai Silicon Oasis, Dubai, UAE
www.nuvx.com / sales@nuvx.com / 00971 125 1262
Thank you for your attention!