Vous êtes sur la page 1sur 8


2010 2009 2008 2007

Allot Bandwidth Management Quick Guide
This is a short guide that introduces the Allot NetEnforcer and NetXplorer components and how
they all come together to offer superior Bandwidth Management and Quality of Service for
Enterprise customer networks or large Service Providers.

Although there are several other components and add-ons, Allot consists of 3 main systems:
NetEnforcer  NetXplorer Server  NetXplorer GUI client

NetEnforcer – Physical Appliance

A NetEnforcer is the actual hardware that is physically deployed into the customer’s network that
monitors and enforces bandwidth management across the network. They are typcially deployed in-
line so as to harness the full capabilities of the appliance.

NetEnforcer Capabilities:

 Inspects and Identifies network traffic

 Collects network usage statistics
 Can enforce Quality of Service based on administrator configured Policies
 Can fail-open should there be a hardware failure so traffic is not interrupted

These appliances have different models (a few shown below) based primarily on:

 Throughput – which is the amount of traffic that the appliance can handle in a network
 Number of Interfaces – the number of ports for direct network connections

NetEnforcer Hardware Facts:

 Dedicated Managemement Interface - physical Network Interface (NIC) which is

configured with an IP address and network information for management only.

 Central Management - NetEnforcers are managed using NetXplorer Server and GUI which
is Management software and client respectively which can be installed on Windows.

 Physical Interfaces for External (leading to the Internet) and Internal (leading into the
trusted or priavte network) connections.
 Console connection for command line (CLI) access.

 Hardware Bypass – this provides the ability for traffic to pass through the NetEnforcer
(also known as fail-open) should there be a hardware failure with the unit.

 Hardware Bypass Unit – dedicated appliance that connects to the NetExplorer and offers
hardware bypass (fail-open) for the NetEnforcer models with multiple interfaces like the
NetEnforcer 3000 series models and above. Below is an example of a Bypass Unit and the
various connections.

Bypass Unit – Connections shown for Network and then to NetEnforcer

NetXplorer Server – Management Software
NetXplorer Server is the Management Software that is used to manage an Allot NetEnforcer
appliance. The NetXplorer can be installed a Windows or Linux (Red Hat) system and is built on
Java (so requires an installation of Java Runtime Environment - JRE). A NetXplorer management
software with the appropriate license can centrally manage several NetEnforcer appliances across
different locations and also provides Real-Time (Short-Term) and Historic (Long Term) Reporting
capabilities for Quality of Service (QoS).

The NetXplorer GUI is used to connect to the NetXplorer Server for administrator management.

For larger deployments, the NetXplorer server can also be purchased as pre-built Hardware for
High Availability or redundant configurations.

NetXplorer GUI – Client
The GUI client is the component used for connections from an administrator computer to the
Network Explorer Server. Policy configurations, Report Views, Alarms etc are done from the client.

NetXplorer Server & GUI Main Facts:

 Scalable Central Policy Management for NetEnforcer appliances

 Granular QoS Policy configuration for various types of traffic
 Traffic identification with Protocol Pack updates – P2P, VoIP, Web applications etc
 Real-Time and Long Term Reporting
 Alarms and Events Notification for administrators
 Automatic remediation for certain traffic violations

Below is are typical Real-Time and Long Term Reports that can be generated on the NetXplorer
server. These can be generated for various conditions and periods and can also be scheduled.

QoS Policy & Traffic Classification

To effectively control the Network Traffic, Allot uses a simple but effective 3-Tier classification
method. These are Lines, Pipes and Virtual Channels (VCs).

 Line: this represents the Internet Line for the organisation. E.g. 100Mbps BT Internet. All
traffic flows through the line.

 Pipe: the line is then sub-divided into pipes similar to a main water line from a provider
divided into several pipes that connect to various households. Pipes are chunks of
bandwidth derived from you overall Line. E.g. you can have 3 pipes: a 20Mbps, pipe, a
10Mbps and another 30Mbps pipe from your original Line from BT which is a 100Mbps
Internet Line.

 Virtual Channel (VC): through the pipes flow the various applications and protocols that
are used over that network by users and network devices. E.g. VCs may be P2P, VoIP,
HTTP, Email, Video, Audio etc.

An administrator can then define a rule that can be applied to a Pipe or Virtual Channel (VC).

A rule is basically a Condition + an Action.

Below is an example of NetXplorer Policy for various types of traffic using the NetXplorer GUI client
interface? Traffic can be controlled based on Hosts, Networks, Protocols/Ports, VLANs etc.

Licensing – Basic NetEnforcer Licensed Features
A typical Enterprise NetEnforcer appliance can be licensed for the following features:

 QoS

 Reporting – Real-Time (Short-Term) and Long Term Reports

 Number of Lines

 Protocol Updates

 Put Together by Wick Hill Technical (M.A.)
 Allot NetEnforcer - http://www.allot.com/netenforcer.html
 Allot NetXplorer - http://www.allot.com/NetXplorer.html
 Allot Network Intelligence Presetation - http://slideplayer.us/slide/2572/
 Bypass Unit schematic -
 Long Term Report Example- http://ngw.ntt-at.co.jp/product/allot/products/netxplorer.html