What is QoS

QoS is the ability to provide consistent, predictable data service delivery to satisfy customer application requirements. Several characteristics qualify QoS, including the capability to minimize delivery delay, reduce delay variations, and provide consistent data throughput capacity.

SysMaster uses IP QoS together with TCP and UDP level filtering to implement Ingress/Egress Bandwidth Management, Denial of Service Prevention, Traffic Discovery and Prioritization.

SysMaster Bandwidth Management

Incoming (ingress) and outgoing (egress) traffic is filtered utilizing specified sets of filter parameters for refined bandwidth utilization. The QoS module supports the DiffServ protocol provisioning for the proper treatment of the DiffServ marked IP packets throughout the core network of the Internet.

Bandwidth Allocation and Traffic Packet Shaping

The QoS module includes functionality to dynamically implement egress bandwidth allocation for the most bandwidth-demanding applications, as well as for mission critical application traffic. Using the comprehensive filtering and queuing mechanisms of the SysMaster QoS module, egress traffic can be classified and scheduled using different traffic policies. In addition, all egress traffic can be re-marked on IP level according to the DiffServ standard to assure proper treatment of the packets when traversing DiffServ-compatible routers deployed across the Internet. The SysMaster QoS provides egress filtering using:

  • IP protocol - TCP, UDP, ICMP and more;
  • Source IP address;
  • Destination IP address;
  • Source TCP/UDP port;
  • Destination TCP/UDP port;
  • DSCP/TOS DiffServ markings;
  • ICMP type.

Using these filters, web sites can opt to allocate adequate bandwidth to different geographic regions according to the marketing priorities of their enterprise. For instance, a US based company with Internet presence would like to provide the highest level of QoS to its US web visitors while providing a basic level of QoS to all non-US web visitors. With SysMaster QoS module, this type of bandwidth allocation is implemented using selective source IP filtering allowing source authentication to be performed.

 


Traffic Prioritization

The SysMaster QoS module includes an advanced scheduler for prioritizing egress traffic based on assigned priority values on classified traffic. For example, a company would like to conduct video conference calls using Internet/Extranet medium. In this case, a certain bandwidth must be allocated along with a guarantee that low packet loss and low packet latency deviation (jitter) will be provisioned. The SysMaster QoS module provides this using its advanced scheduling mechanisms together with policing and DiffServ marking of the egress traffic.
 

Traffic Policing

The SysMaster QoS can 'police' incoming traffic by filtering it using specified sets of inbound filter parameters for refined bandwidth utilization and restriction policies. SysMaster QoS supports the following filtering parameters:

  • IP protocol - TCP, UDP, ICMP and more;
  • Source IP address;
  • Destination IP address;
  • Source TCP/UDP port;
  • Destination TCP/UDP port;
  • DSCP/TOS DiffServ markings;
  • ICMP type.

Denial of Service Prevention

The SysMaster QoS module provides extended capabilities for filtering out any malicious attacks based on TCP, UDP, IP, ICMP or other Layer 3 or Layer 4 protocols. This greatly improves the security of your bandwidth, and guarantees that such attacks will not disrupt the normal operation of your systems. This functionality is accomplished with no performance penalty drop on the part of SysMaster. While filtering out detected malicious traffic, your network will be able to operate normally. For the web businesses, this module delivers high availability resulting in reduced losses incurred due to web site downtime.
 

The SysMaster QoS module prevents the following attacks:

  • Mail-bomb Attack
  • Teardrop Attack
  • Smurf Attack
  • Fraggle Attack
  • Trinoo Attack
  • Tribe Flood Network
  • TFN
  • TFN2K
  • Stacheldraht
  • Shaft
  • Mstream
  • Teardrop Attack
  • Land Attack
  • Advanced SYN Flood
  • Advanced UDP Flood
  • Distributed DoS (DDoS)
  • ICMP Ping Flood
  • Network Isolation and Traffic Restriction
  • Geo-Managed Traffic Control
  • Unauthorized Traffic Isolation and Restriction
  • Class/Filter Based Packet Processing

 

top of page
 
 
©2004 SysMaster Corporation. All rights reserved.