Functional Specifications
 

Data Granularity

  • Support 5-minute granularity of traffic monitor
  • Support 1-minute granularity of anomaly detection

Data Source

  • NetFlow(v1,v5,v7,v9), sFlow(v4,v5), NetStream
  • SNMP v1,v2c get/trap

Web-based Management Console

  • Multi-language support
  • English / Chinese(Traditional/Simplified) / Japanese

System Administration

  • Access to Web-based console: HTTP / HTTPS
  • Access to CLI console: Telnet / SSH
  • User authentication: Local / RADIUS / TACACS+
  • Role-based security: Provides different privileges such as Administrator, Supervisor, View-only, or Sub-Network
  • Alarm notification method: Email to difference users or user groups by scope, severity and resource importance; SNMP trap or Syslog export to third-party management stations.
  • Centralized configuration management
  • Storage options: internal HD(Controller) / NFS
  • Auto-maintenance on disk usage, report data, and log

Report Format of Traffic Analysis

  • Unit: bps / pps / fps
  • Period: Daily / Weekly / Monthly / Quarterly / Yearly
  • Type: Line / Stacked / Pie / Bar chart & Trend report
  • Presentation: HTML / CSV / PDF / XML

Capability of Network Modeling
According to information of network model, all pre-defined reports will be automatically generated without inextricable configuration for every single report.

  • Home network: defined by CIDR
  • Internet: defined by Circular cut or Segment cut
  • Backbone network: defined by link(interface)
  • Sub-network: defined by CIDR and boundary

Pre-defined Traffic Analysis

  • Bi-directional(in, out) traffic monitoring
  • Individual and group-aggregated statistics; for instance, router, and sub-network grouping.
  • Attribute analysis with Top-N statistics, including Application, Protocol, Protocol+Port, TOS value, and Packet Size & with outputs of Stacked, Bar, and Pie charts.
  • Top talkers of a sub-network / interface
  • Cross analysis between Sub-Networks.
  • Router performance analysis for CPU load, memory usage, and interface traffic.
  • Interface analysis on traffic-by-flow / traffic-by-SNMP / CRC Error / Discard / Multicast & Broadcast
 

Rule-based Traffic Analysis

  • Applied on different scopes as Any, Home, or Sub-Network.
  • Filtering rules defined by IP block, application, protocol/port, router, interface, TOS, TCP flag, next hop, or packet size
  • Custom Top-N report ranked by IP, interface, sub-network, router, TOS, TCP flag, application, protocol/port, next hop, or packet size.
  • Able to rebuild rule-based traffic report from historical raw flows.

Multiple Authorities for Multi-users Support
Provide services for the specific sub-network users, including

  • Traffic analysis report for the specific sub-network, such as attribute analysis with Top-N statistics, top talkers, and rule-based traffic analysis.
  • Offline Report (Daily / Weekly / Monthly) via e-mail delivery
  • Anomaly traffic analysis for the specific sub-network
  • Anomaly console and alarm notification
  • Snapshot tool for instant Top-N and drill-downs

Traffic Snapshot

  • Applied on different scopes as Any, Home, Sub-Network, or defined Filters.
  • Data Source: Real-time(cache) / Raw Data
  • Criteria: IP, protocol/port, interface, TOS, next hop, TCP Flag, Anomaly
  • Real-time Top-N report ranked by IP, protocol/port, interface, TCP Flag, TOS value, or next hop.
  • Report type: Pie Chart / Top-N table
  • Target suspicious flows through drill-downs
  • Inspect up to 100 raw flows per request for any user-defined criteria and time duration.
  • Generate Cisco compatible ACL according to result of snapshoot drill-downs

Anomaly Traffic Detection

  • Detection Scopes: Sub-network-base, Prefix-base, Device-base
  • Report for Possible Affected Resources: Sub-Network, Router
  • Baselines applicable to network traffic within detection scope.
  • Baseline mechanism: static, dynamic learning
  • Allow to view and reset historical traffic baseline.
  • Trigger Top-N analysis for each anomaly event when : yellow alarm arises / red alarm arises / peak / latest
  • Anomaly detected by traffic anomaly, protocol-misuse, and flow-based signature matching(app anomaly)
  • Built-in protocol-misuse anomaly detections: Land Attack, ICMP Misuse, UDP Fragment, TCP Fragment, TCP Flag Null or Misuse, IP Protocol Null, TCP SYN Flooding.
  • Built-in worm/DDoS attacking signatures: Dark IP, MS Blaster, Sasser, Code Red, SQL Slammer.
  • Able to configure signatures' characteristics including Packet / Byte count per Flow, Byte count per Packet, TCP Flag, TOS Value, Protocol, Port, and Dark IP.
  • Alarm severity: red, yellow

Anomaly Console

  • Summarize anomaly events and logs at a glance.
  • System status checking for GenieATM itself (CPU, memory, DB Disk, number of flows, and packet drops)
  • Anomaly event and anomaly detail report querying
  • Alert log querying
  • Anomaly statistics: Ongoing / In last 24 hours

 

etFlow™ is a trademark of Cisco Systems, Inc.
NetStreamâ„¢ is a trademark of Huawei-3Com Technology Co., Ltd.
sFlow ® is registered as a trademark of InMon Corp.

Products Overview
GenieATM 6200
  Overview
  Functional Specifications
  Appliance Specifications
 
Downloads
GenieATM6200 Brochure
 
     

Copyright ©2008 Genie Network Resource Management Inc. All rights reserved.