Anagran is developing Flow State Aware (“FSA”) Routers.
The Anagran FSA router can replace any conventional single (IPv4) or dual stack (IPv4 & IPv6) router with the same interfaces. As a conventional router replacement its primary advantage is reduced cost. FSA routing has an inherent cost advantage since it only requires one routing decision per flow. There are also applications where FSA routing has additional advantages. These include TCP over high delay or high error rate paths, guaranteed rate flow support (high quality voice and video), overlay networks with QOS features, Peer-to-Peer (P2P) traffic control and collection of statistics.
“Anagran is developing Flow State Aware (“FSA”) Routers”
TCP Over High Delay or High Error Rate Paths
This application requires the QoS Signaling. Figure below illustrates a TCP/IP over secure satellite link application. Conventional IPv4 capable satellite base stations compensate for the high error rate and long delay of a satellite connection by spoofing TCP acknowledgements. This requires access to the TCP header. With IPv6 the TCP header is completely concealed by the encryption and another technique is required.
For any high delay path (cross U.S. or trans-ocean) the round trip delay reduces TCP throughput considerably. High error rate paths such as wireless links also cause TCP to lose throughput. With an error rate of 20% TCP throughput nears zero. The QoS signaling protocol improves the TCP block delivery time and throughput in both cases by separating the network congestion issue from the link errors and allowing the available end-to-end network rate to be communicated back to the sender. Figure below shows the impact on TCP delivery time for a 1 MB page using the QoS Signaling and receiving approval for 32 Mbps.
Overlay Networks with QOS Features
Anagran FSA routers can be used to construct an overlay network for applications requiring QoS, such as video and voice services, including streaming video.
The QoS signaling can be used either end-to-end (client to server) or added by the Anagran FSA Routers. All best efforts traffic can be passed to the conventional IP network using QoS policy routing.
Peer to Peer (P2P) Traffic Control
P2P traffic control is needed in any network where a small number of clients running P2P applications such as music or video sharing of interactive gaming can consume the available network bandwidth (any network with broadband access).
The Anagran FSA Router can recognize P2P traffic based on the flow statistics (traffic rate, average packet size, bytes transferred, and the duration of the flow) as well as the addresses, protocol and ports used. The QOS parameters assigned to a flow can be changed based on this recognition process. A practical example of this is separation of Kaza and Skype traffic. Both use long-lived connections on the same ports but Skype consumes a small amount of bandwidth and needs a small delay variance for voice quality. When a flow is initially setup it can be configured as a Skype connection. If the bandwidth exceeds that required by a Skype call the flow QoS can be “re-computed” as a Kaza call and its rate changed to provide fair access to all the users.
FSA routers provide detailed statistics not available in a conventional router. Statistics are reported in Cflowd packets that can be processed using off the shelf (Linux based) reporting software.
Port & Flow Class statistics addresses NMS requirements for usage data address questions like:
- How much of my bandwidth is used by P2P?
- How heavily loaded is my trunk to the corporate data center?
Port and class statistics are reported periodically in Load Updates messages within router used to adjust QOS parameters. The Anagran FSA Router can also be programmed to generate cflowd updates for Port & Flow classes.
Statistics can be collected for individual flows and reported to a statistics processing system as Flow Detail Records (FDRs). Flow Detail Records are generated at the end of a flow. The Anagran FSA router provides the ability to configure which classes of flows create FDRs. FDRs are used to report length and size of flow for applications like VOIP. A secondary mechanism for statistics collection is provided for collection of complex statistics aggregations. These are statistics that are collected at the end of flows or at a low (periodic rate).
Combined with the Anagran FSA Routers client authentication and recognition features the statistics collection features can be used to collect Port & Flow Class statistics, aggregated client statistics e.g. voice, video, and data usage per client, and FDRs for a specific application e.g. FDRs equivalent to call detail records for VOIP.
Protection against DDOS
Anagran routers are designed to resist DOS attacks directed at them and reduce the effectiveness of DOS attacks propagated through them. Most DOS attacks rely on a hacker controlling a number of “Zombie” machines that will be the active participants in an attack. In the basic DOS architecture DOS zombies will typically spoof the source address of IP packets it sends as part of an attack (they will simply lie about who they are by replacing the Source Address in the IP packet with a different address). More advanced DOS attacks rely on a pool of servers or routers to “reflect” packets at the DOS victim.
There two main types of attacks-one that is causing overflow of the network by creating a lot of Internet traffic and another that’s causing network overload by creating a lot of start packets. Since Anagran’s routers keep state information of each flow, they will immediately react to the attack by first reducing the rate, thus not letting network to get overloaded and secondly by determining the bad traffic type and discarding it. The Anagran router also collects flow statistics and if flow records are kept, the actual hacker could be identified.