ENT-02 Allot Enterprise Platforms

Module 2: Allot Enterprise Platforms
Allot Enterprise
Platforms
ACTE Training (Enterprise Track)
ACTE (Enterprise Track) 1

• Introducing Allot Enterprise Platform
• Allot Enterprise Platform Series Overview
• Centralized Management
In this module, we will introduce you to the Allot Enterprise Platform. By the end of
this module, you will:
▪ Be familiar with the main functions of the platform
▪ Know how to differentiate between the different models and how to decide which
model is suitable for you
▪ Understand the factors to take into consideration when deciding where in a
network to place the products
▪ Be familiar with the Management Modules installed on the Allot Gateway
Manager

What Is Service Gateway?
• A scalable carrier grade platform for:

• Bandwidth Optimization
• Service Deployment
• Collects network statistics

• Shapes network traffic
• Steers traffic/subscribers to integrated or external:
• Network Services
• Subscriber Services
What is the Service Gateway? Based on Allot's DART engine, the Service Gateway
platform is used for enhanced service optimization and service deployment. It
collects network and users statistics and shapes traffic in accordance to the policies
defined by the IT Manager via the NetXplorer central management system.
Application and user information within the Service Gateway are identified for each
traffic flow and the flows are subsequently dispatched to an array of additional
services and actions using a single process. The Service Gateway is a powerful
solution to provide digital services and digital experience to customers, reduce
network downtime and quickly and easily maintain new services and infrastructure
changes.
ACTE (CSP Track) 3

SG and NX Platforms
The traffic from the Enterprise Network flows via the Service Gateway. The SG
identifies the traffic and enforces the related actions to it. SG is managed by the
NetXplorer which sends it the policy that should be enforced. In distributed and
multi-platform solutions NX is installed within the Allot Gateway Manager. For single
product solutions, both SG and NX are installed on a single HW server.
ACTE (CSP Track) 4

Physical Links
• SG may have 1 or more physical link

• Each physical link is comprised of Physical Links
• External interface
• Internal interface Internal
• Classification of traffic is independent of External
physical link, unless specified

• Same management for all physical links
Before we examine each product series, let’s review some basic terminology.
Each physical link on the Service Gateway is represented by two ports, one labeled
internal and the other, external. You will see that the different models of the Service
Gateways support different number of physical links.
The Service Gateway can view all the traffic passing through it as one entity,
irrespective of the number of physical links on the unit and irrespective of the specific
port through which the network traffic enters and leaves the unit.
If required, the Service Gateway can classify traffic by one or more physical interfaces.
In every model, a single management link serves for the management of all the traffic
flowing through the Service Gateway.
ACTE (CSP Track) 5


• ACG Series
• SSG Series
• SG Series
In this section we will see the Allot portfolio for Enterprise market.

Allot Enterprise Platforms Portfolio

# Ports
SG-9700
8 X 100GE
40 X 1/10GE
4 X 100GE SG-9500
24 X 1/10GE
For Large Enterprises

SSG-500 SSG-600 SG-9100
16 X 1/10GE
SSG-200 SSG-400
For Medium and Large Enterprises
8 X 1GE
ACG-500 ACG-2000
4 X 1/10GE For Small/Medium Businesses (SMB),
and Small/Medium Enterprises (SME)
Coming New
Soon
500M 1G 2G 8G 40G 50G 140G 250G Speed

7
The slide presents the Allot Enterprise Platforms Portfolio, from the smallest platform
ACG-500 till the largest SG-9700. You can see the how the throughput and a number
of ports increase through the platforms.
ACG (Application Control Gateway) series is designed specially for Small and Medium
customers.
SSG (Secured Service Gateway) series is designed for medium and large Enterprises
and can reach up till 35Gbps
SG (Service Gateway) series is the biggest one and can reach up till 250Gbps.
The main difference between ACG and other platform, is the Management platforms
which are embedded into the ACG Server, while SSG and SG series include inline
server with DART capabilities and additional Management unit is required.

ACG/SSG Appliances
ACG SSG
ACG-500 ACG-2000 SSG-200 SSG-400 SSG-500 SSG-600
0.5Gbps 2 Gbps 1 Gbps 8 Gbps 8 Gbps 40 Gbps

2M/4M 2.25M/4.5M 12M/24M
512/5K/15K
10.5K/40K/80K 10.5K/250K/500K 10.5K/1M/2M
1K 2K 60K 60K 90K 180K
4 x 1GE 4 x 1GE/10GE 8 x 1GE 16x1GE/10GE

Copper Copper/SFP+ Copper Copper/SFP+
* Actual throughput and performance metrics depend on enabled features, policy configuration, traffic mix, and other deployment characteristics
• 1GE – Copper(RJ45) or Fiber (SFP+ 1GBASE-LX/SX)

8
• 10GE – Fiber (SFP+ 10GBASE-SR/LR)
The Allot ACG series come with speed ranging between 50Mbps (the entry level of
bandwidth control for an ACG-500) up to 2Gbps (the maximum bandwidth control of
an ACG-2000) designed to serve the needs of Small/Medium Businesses (SMB) and
Enterprises (SME).
The devices in the series support up to 2,000,000 connections, 512 lines, 5,000 Pipes
and 15,000 VCs for static policy table configuration and 10,512 lines, 40,000 Pipes
and 80,000 Active VCs when using policy table templates.
• The ACG-500 has 4 network ports, which can be 1G copper only.
• The ACG-2000 has 4 network ports, which can be 1G fiber or copper or 10G fiber.
The Allot SSG Series come with speed ranging between 100Mbps (the entry level of
bandwidth control for an SSG200) up to 35Gbps (the maximum bandwidth control of
an SSG800) to handle the changing needs of any enterprise.
The SSG-800 can support up to 20,000,000 connections, 512 lines, 5,000 Pipes and
15,000 VCs for static policy table configuration and 10,512 lines, 150,000 Pipes and
600,000 Active VCs when using policy table templates .
The SSG500 and SSG600 can support up to 12,000,000 connections, 512 lines, 5,000
Pipes and 15,000 VCs for static policy table configuration and 10,512 lines, 1,000,000
Pipes and 2,000,000 Active VCs when using policy table templates .

The SSG200 and SSG400 can support up to 2,250,000 connections, 512 lines, 5,000
Pipes and 15,000 VCs for static policy table configuration and 10,512 lines, 250,000
Pipes and 500,000 Active VCs when using policy table templates .
Note: bandwidth values in this table are for both internal and external traffic.

SG-9000 Series Appliances
SG
SG-9100 SG-9500 SG-9700
50 Gbps 140 Gbps 250 Gbps

12M/24M 36M/72M 80M/160M
1.5M 4.5M 10M
512/5K/15K
10.5K/1M/2M 10.5K/2.4M/4.8M 10.5K/4.8M/9.6M
16x1/10GE A: 24x1/10GE A: 40x10GE (10x40GE)

B: 4x100GE + 8x1/10GE B: 8x100GE + 8x1/10GE
C: 4x100GE + 24x1/10GE
• 1GE – SFP+ (1GBASE-LX/SX) / Copper(RJ45)

• 10GE – SFP+ (10GBASE-SR/LR) /8QSFP+ for SG-9700 conf. A only
• 100GE – QSFP28 (100GBASE-SR4/LR4) 9
Allot Service Gateway 9000 Series is a scalable family of DPI-based multiservice

platforms which are very powerful and designed for the Large Enterprises. The
smallest SG-9100 with 50Gbps and the largest SG-9700 can reach 250Gbps
throughput.
ACTE (CSP Track) 9


• ACG Series
• SSG Series
• SG Series
10
Now let’s view each platform in details.

We will start with the ACG series.

ACG Series Comparison
Dell HPE
4 x 1GE 4 x 1GE/10GE
Copper Copper/SFP+
Up to 500Mbps 2 Gbps
50/100/200/500Mbps 500M/1G/2Gbps
Single 1+1
NetXplorer
DM
NetXplorer
SMP
DM DDoS Secure
ClearSee
11
ACG family includes 2 platforms: ACG-500 and ACG-2000.

ACG-500 is the smallest platform that reaches 500Mbps. It includes single power
supply and two management modules: NX and DM.
ACG-2000 is a stronger server, that reach up to 2Gbps. It has two power supplies for
redundancy (1+1) and also SMP, DDoS Secure and ClearSee management modules on
top of the ones of AC-500.
Both ACG-500 and 2000 have 4 ethernet interfaces, but while ACG-500 supports only
copper option, for ACG-2000 also fiber option is available.

ACG-500 Features
Internal Modules Throughput

Dell PowerEdge R240
SG-VE NX DM 500Mbps (iDRAC 9)
Interfaces License options

4 x 1GE 1U 19" Rack Mount
(Copper Only) 50/100/200/500Mbps
12
Allot ACG-500 platform provides a high-performance service delivery platform based

on Dell PowerEdge R240 server with 1U 19" Rack Mount. It allows small enterprises
and businesses to leverage Allot with a low TCO. This powerful platform unifies
advanced management, ML & AI analytics capabilities, and network control
capabilities based on Allot Dynamic Actionable Recognition Technology (DART).
ACTE (CSP Track) 12

Module 2: Introducing Service Gateway
ACG-500 Front View

System Health and Power Button
System ID button Hard Drive and Led
and indicator
• System Health and System ID indicator codes

• Solid blue - Indicates that the system is turned on, system is healthy, and system ID mode is not active.
• Blinking blue - Indicates that the system ID mode is active.
Press the system health and system ID button to switch to system health mode.
• Solid amber - Indicates that the system is in fail-safe mode.
• Blinking amber - Indicates that the system is experiencing a fault.
• Off = Deactivated
13
Here we have a front view of the ACG-500

• Power Button is located on the right side of the panel and is used to Power ON and
OFF the server.
• The System Health and System ID button and indicator is located on the left side of
the panel. It is used for system health identification, and for identification of the
system in a rack.
• There are no connectors on the front panel of the ACG-500.
ACTE (CSP Track) 13

Module 2: Introducing SSG
ACG-500 Rear Panel
Management Ports Network Ports

2x1G (redundancy) 4x1G
M1 M2
L1 L2 L3 L4
Int1 Ext1 Int2 Ext2
iDRAC
Monitor Port Bypass Power Supply
14
Here we see the rear view of the ACG-500, where we will connect links to the
network as well as management links.
On the left, we have a monitor connector for initial configuration. Next you see the
iDRAC port, used to connect the iDRAC Remote Management system to the network.
The USB ports are used to connect the ACG-500 to the bypass unit. Use the dedicated
bypass cable you received with the ACG platform.
M1 and M2 management ports located above the USB ports.
ACG-500 is connected to network by PCIe card (P1) with 4 Ethernet network
interfaces.
Both management and network interfaces are 1GbE copper NICs.
ACG-500 server contains one built in power supply module which is located on the
right side of the server.

ACG-2000 Features
Internal Modules Throughput

HPE ProLiant Gen10
SG-VE DM NX CS SMP DSC 2Gbps DL360 (iLO 5)
Interfaces License options

4 x 1/10GE 1U 19" Rack Mount
0.5/1/2Gbps
Copper/SFP+
15
Allot ACG-2000 platform provides a high-performance service delivery platform with

rich functionality in an efficient, small-footprint appliance. Based on HPE ProLiant
Gen10 DL360 server with 1U 19" Rack Mount, it allows enterprises, cloud data
centers and ISP networks to satisfy the ever-growing demand for Internet bandwidth
and network-based services in cost-efficient manner. It is a powerful platform that
unifies advanced management, ML & AI analytics capabilities, and network control
capabilities based on Allot Dynamic Actionable Recognition Technology (DART).
ACTE (CSP Track) 15

ACG-2000 Front View
Power Button and

LED
System Health LED
Network Status
LED
System ID Button
and LED
16
Allot Gateway Managers Front Panel includes Buttons and LEDs.

• Power ON Standby button is used to Power ON and OFF the server and System
Power LED indicates the status of the server. When the server is powering up – it
would blink in Flashing green, and then turn to solid green. Solid amber will
indicate that the system is in standby.
• System Health LED will be solid green if the system is working normally. Flashing
green will indicate that iLO is rebutting. Flashing amber means that the system is
degraded or has high ratio of errors in the network traffic. Flashing red alerts that
the system is critical.
• Network Status LED will be flashing green if the network is active.
• The System Identification button is used with the iLO system to identify the
system in a rack. UID LED will light in solid blue when the unit is activated, and
Flashing blue when unit is rebooting or upgrade in progress

ACG-2000 Rear Panel
Network Ports Management Ports

4x1/10G 2x1G (redundancy)
L1 L2 L3 L4
Int1 Ext1 Int2 Ext2 M1 M2
Bypass iLO Monitor Port Power Supplies
17
Here we see the rear view of the ACG-2000, where we will connect links to the
On the left, there is only one PCIe card (P1) with 4 Ethernet network interfaces used
for Network connection. This could be 1GbE Copper or 1/10GbE Fiber NICs.
Below we can see the USB ports, used to connect the ACG-2000 to the bypass unit.
Use the dedicated bypass cable you received with the ACG-2000.
Skip over to the right, and you see the iLO port, used to connect the iLO Remote
Management system to the network.
M1 and M2 management ports which are 1G copper. From these management ports
the administrator can connect and manage the SG-VE and all Management platforms
that are installed on this server.
Skip over to the right, and we have a monitor connector for initial configuration and
troubleshooting. (optional).
ACG-2000 server contains two built in power supply modules and a dual line feed for
redundancy purposes.


• ACG Series
• SSG Series
• SG Series
18
Next, we will examine the SSG series.

SSG-200/400 Features
Throughput:
Interfaces:
SSG-200 1Gbps
8 x 1GE
SSG-400 8Gbps
HPE ProLiant Gen10

1U 19" Rack Mount
DL360 (iLO 5)
19
Allot SSG200/400 platform provides a high-performance service delivery platform

with rich functionality in an efficient, small-footprint appliance. Based on HPE
ProLiant Gen10 DL360 server with 1U 19" Rack Mount, it allows enterprises, cloud
data centers and ISP networks to satisfy the ever-growing demand for Internet
bandwidth and network-based services in cost-efficient manner.
ACTE (CSP Track) 19

SSG-200/400 Front View (Panel Removed)
SSD Drives Power System Health

Button/LED LED
NIC Status LED UID

Button/LED
Power ON Button & LED Health LED NIC Status LED UID button/LED
• Solid green - System ON • Solid green – System is normal • Solid green - Link to network • Solid blue - Activated
• Flashing green - iLO is rebooting • Flashing green - Network active • Off - Deactivated
• Flashing green - Powering Up
• Flashing amber - System degraded • Off - No network activity
• Solid Amber - System in • Flashing red - System critical
Standby
• OFF - No Power
• USB ports – not in use 20
The SSG-200/400 front panel is the same for all configuration types. There are two
LEDs that are also act as buttons (Power Button/LED and UID Button/LED) and two
indication LEDs (Health LED and NIC status LED. The USB Connectors on the front
panel of the SSG-200/400 currently are not in use.
ACTE (CSP Track) 20

SSG-200/400 Rear Panel

Network Ports (8)
1G
(Network traffic, steering or Asymmetry)
P1
P2
M1&M2
Management Ports
(1G Copper)
Bypass iLO Monitor Port Power Supply
21
Here we see the rear view of the SSG200/400, where we will connect links to the
On the left, there are 4 x 1G Ethernet network interfaces on each of the 2 PCIe cards
(P1 and P2) used for Network connection via RJ45 Copper interfaces.
Below the P1 NIC cards, we can see the USB ports, used to connect the SSG200/400
to the bypass unit. Use the dedicated bypass cable you received with the
SSG200/400.
Skip over to the right, and you see the iLO port, used to connect the iLO system to the
network.
Next we have M1 and M2, the default management ports. They are 1G ports. Skip
over to the right, and we have a monitor connector for initial configuration and
troubleshooting. (optional).
At the right side of the server we can see the power supply.
ACTE (CSP Track) 21

SSG-500/600 Features
Throughput:
Interfaces:
SSG-500 8Gbps
16 x 1GE / 10GE
SSG-600 40Gbps
Lenovo
2U 19" Rack Mount
ThinkSystem SR550
22
Allot SSG-500/600 platforms provide a high-performance service delivery platform

with rich functionality in an efficient, small-footprint appliance. Based on Lenovo
ThinkSystem SR550 server with 2U 19" Rack Mount. 40Gbps of throughput for SSG-
600 and 8Gbps for SSG-500 platforms allows enterprises, cloud data centers and ISP
networks to satisfy the ever-growing demand for Internet bandwidth and network-
based services in cost-efficient manner.
ACTE (CSP Track) 22

SSG-500/600 Front View

USB Ports Power Button System ID
SSD Drives not in use and LED Button
• Power ON Button & LED • UID button/LED (Visually locate the server)
• Solid green – System ON • Each time you press the system ID button or use the Lenovo XClarity
• Blinking – System Initializing Controller remote management program, the LED would be lighted
• OFF – No Power in BLUE to assist in visually locating the server among other servers.
23
Here we have a front view of the SSG-500/600.

• Power Button is used to Power ON and OFF the server, and when is ON – the
Power LED will show solid green light.
• The System ID Button is used with the XCC remote management system to identify
the system in a rack.
• USB ports on the front panel should not be used.
• There are no connectors on the front panel of the SSG-500/600.
ACTE (CSP Track) 23

SSG-500/600 Rear Panel

Network Ports (16)
1G/10G
P1
P2 P4
P3
XCC M1&M2 Bypass

Management Ports Monitor Connectors Power
Port Port Supplies
(1G Copper) (USB)
• USB Port are for BYPASS ONLY.

• Do NOT connect keyboard or mouse to them! 24
Here we see the rear view of the SSG-500/600, where we will connect links to the
At the left side of the server we can see XCC port, is used to connect the XCC remote
management system to the Network. Next to the XCC port there are two
management 1G ports M1 and M2. M2 acts as a redundant port for M1. You can
connect monitor to the Monitor port if needed. To the right of the monitor port we
can see the USB Ports, used to connect the SSG-500/600 to the Bypass unit. Use the
dedicated bypass cable you received with the SSG-500/600. At the right side of the
server we can see the 2 power supplies.
On the upper side of the server we see 4 PCIe cards with 4 network ports on each
card, giving totally 16 network ports for the device. You can connect 10GE links as
well as 1GE links. Each PCIe card has two paired internal and external ports. We will
review NIC configuration when we discuss connecting SSG-500/600 to the network.
ACTE (CSP Track) 24


• ACG Series
• SSG Series
• SG Series
25
Finally, we will describe the SG series.

SG-9100 Features
Throughput: Interfaces:
50Gbps 16 x 1GE / 10GE
Lenovo
2U 19" Rack Mount
ThinkSystem SR550
26
Allot SG-9100 platform provides a high-performance service delivery platform with

rich functionality in an efficient, small-footprint appliance. Based on Lenovo
ThinkSystem SR550 server with 2U 19" Rack Mount. 50Gbps of throughput allows
enterprises, cloud data centers and ISP networks to satisfy the ever-growing demand
for Internet bandwidth and network-based services in cost-efficient manner.
ACTE (CSP Track) 26

SG-9100 Front View

USB Ports Power Button System ID
SSD Drives not in use and LED Button
• Power ON Button & LED • UID button/LED (Visually locate the server)
• Solid green – System ON • Each time you press the system ID button or use the Lenovo XClarity
• Blinking – System Initializing Controller remote management program, the LED would be lighted
• OFF – No Power in BLUE to assist in visually locating the server among other servers.
27
Here we have a front view of the SG-9100.

• Power Button is used to Power ON and OFF the server, and when is ON – the
Power LED will show solid green light.
• The System ID Button is used with the XCC remote management system to identify
the system in a rack.
• USB ports on the front panel should not be used.
• There are no connectors on the front panel of the SG-9100.
ACTE (CSP Track) 27

SG-9100 Rear Panel

Network Ports (16)
1G/10G
P1
USB Port are for BYPASS ONLY.
P2 P4
Do NOT connect keyboard or
P3 mouse to them!
XCC M1&M2 Bypass

Management Ports Monitor Connectors Power
Port Port Supplies
(1G Copper) (USB)
28
Here we see the rear view of the SG-9100, where we will connect links to the
At the left side of the server we can see XCC port, is used to connect the XCC remote
management system to the Network. Next to the XCC port there are two
management 1G ports M1 and M2. M2 acts as a redundant port for M1. You can
connect monitor to the Monitor port if needed. To the right of the monitor port we
can see the USB Ports, used to connect the SG-9100 to the Bypass unit. Use the
dedicated bypass cable you received with the SG-9100. At the right side of the server
we can see the 2 power supplies.
On the upper side of the server we see 4 PCIe cards with 4 network ports on each
card, giving totally 16 network ports for the device. You can connect 10GE links as
well as 1GE links. Each PCIe card has two paired internal and external ports. We will
review NIC configuration when we discuss connecting SG-9100 to the network.
ACTE (CSP Track) 28

SG-9500 Features
Throughput: Interfaces:
4 x 100GE
140Gbps 8 x 1GE / 10GE
HPE ProLiant DL380 Gen10

2U 19" Rack Mount
and later servers (iLO 5)
29
Allot Service Gateway 9500 (SG-9500) provides a high-performance service delivery

platform with rich functionality in an efficient, small-footprint appliance. It is based
on HPE DL380 Gen10 (and later servers) with 2U 19" Rack Mount. High-density of 100
and 10 Gigabit Ethernet connectivity and 140 Gbps of throughput, the platform
allows enterprises, cloud data centers and ISP networks to satisfy the ever-growing
demand for Internet bandwidth and network-based services in cost-efficient manner.
ACTE (CSP Track) 29

SG-9500 Front View (Panel Removed)
Dual Fan Intakes SSD Drives
Power
Button/LED
Health
LED
NIC Status
LED
UID
Button/LED
• Solid green - System ON • Solid green – System is normal • Solid green - Link to network • Flashing blue:
• Flashing green - iLO is rebooting • Flashing green - Network active • 1 Hz - remote management or
• Flashing green - System firmware upgrade in progress
performing power on • Flashing amber - System degraded • Off - No network activity
• 4 Hz - iLO manual reboot
• Solid Amber - System in • Flashing red - System critical initiated
Standby • 8 Hz - iLO manual reboot in
progress
• OFF - No Power
• Off - Deactivated 30
Here we have a front view of the SG-9500. SG-9500 comes with a covering panel. We
have removed it here to be able to have a clear front view of the server.
At the left part of the server we can see the dual fan intakes. Next to that we have
two 120GB SSD drives.
On the right we see system LEDs. There are 4 LEDs to indicate on (From top to
bottom): power, system status, links activity and UID status (remote connectivity to
the server). LEDs can be seen with or without the cover.
The USB Connectors on the front panel of the SG-9500 currently are not in use.
ACTE (CSP Track) 30

SG-9500
Configuration A: 24 x 1/10GE
Network Ports (24)
1G/10G
P1 P4
P2 P5
P3 P6
M3&M4 Bypass M1&M2

Management Ports Connectors Management Ports Monitor Power
(Secondary, 10G SFP+) (USB) (Default, 1G Copper) Port Supplies
UID LED iLO Port
One pair at a time 31
All other bottom ports are used for management connections:

M1 and M2 are the default management ports. They are 1G copper ports.
Alternatively, you can connect to M3 and M4, which are 10G fiber ports.
Next to M1 you can find the iLO port. The iLO system is a standard component of the
SG-9500 that simplifies initial server setup, server health monitoring, power and
thermal optimization, and remote server administration.
USB ports are used to connect the SG-9500 to the bypass unit. Use the dedicated
bypass cable you received with the SG-9500.
At the right side of the server we can see the 2 power supplies. Next to them, to the
right, we have a monitor connector for initial configuration and troubleshooting.
10G/1G NETWORK/STEERING LINKS There are 4 x 1G/10G Ethernet network
interfaces on each of the six PCIe cards (P1 – P6) which can support 1G/10G SFP+
fiber or 1G RJ45 Copper interfaces.
ACTE (CSP Track) 31

SG-9500
Configuration B: 4 x 100GE + 8 x 1/10GE Ports
Network Ports (4) Network Ports (8)
100G 1G/10G
(Network traffic only - not available (Network traffic, steering
for steering or Asymmetry) or Asymmetry)
P1 P4
P2 P5
P3: NOT IN USE P6: NOT IN USE
M3&M4 Bypass M1&M2

UID LED iLO Port
NETWORK & STEERING LINKS (P1 – P6): There are 4 x 100G Ethernet network
interfaces, 2 on each PCIe cards installed in slots P2 and P5 used for Network traffic
only (not available for steering or Asymmetry), which can support 100G QSFP28 fiber
interfaces. In addition there are 8 x 1G/10G Ethernet network interfaces, 4 on each
PCIe cards installed in slots P1 and P4 that can be used for Network traffic Steering,
Network Traffic or Asymmetry traffic and which support 1/10G SFP+ fiber interfaces
or 1G RJ45 Copper interfaces.
Different kinds of transceivers (Copper, 1G Fiber and 10G Fiber) may be mixed on a
single 1G/10G NIC card.
NOTE: It is possible for the 100G interfaces of Configuration B to be installed with

PSM-4 Transceivers (MTP-MTP, SM Only). This requires an HD 4 PSM-4 Bypass unit as
well.
NOTE: 1G Copper interfaces may only use the 8 Port Bypass Unit is available, limiting
the number of ports which may be used on the SG-9500.
ACTE (CSP Track) 32

SG-9700 Features
Interfaces:
Throughput: 40 x 10GE
250Gbps 8 x 100GE + 8 x 1/10GE
4 x 100GE + 24 x 1/10GE
HP ProLiant DL380 Gen10

2U 19" Rack Mount
and later servers (iLO 5)
33
One of the members of the Service Gateway 9000 Series is an Intel-based appliance,
the SG-9700, which provides high throughput and a high density. The SG-9700 is
available in three different configurations. Configuration A features 40 x 1/10G ports,
Configuration B features 8 x 100G ports and 8 x 1/10G ports while Configuration C
features 4 x 100G ports and 24 x 1/10G ports. It based on HP DL380 Gen10 server
with 2U 19" Rack Mount.
ACTE (CSP Track) 33

SG-9700 Front View (Panel Removed)
Dual Fan Intakes SSD Drives
Power
Button/LED
Health
LED
NIC Status
LED
UID
Button/LED
• Solid green - System ON • Solid green – System is normal • Solid green - Link to network • Flashing blue:
• Flashing green - iLO is rebooting • Flashing green - Network active • 1 Hz - remote management or
• Flashing green - System firmware upgrade in progress
performing power on • Flashing amber - System degraded • Off - No network activity
• 4 Hz - iLO manual reboot
• Solid Amber - System in • Flashing red - System critical initiated
Standby • 8 Hz - iLO manual reboot in
progress
• OFF - No Power
• Off - Deactivated 34
Here we have a front view of the SG-9500. SG-9500 comes with a covering panel. We
have removed it here to be able to have a clear front view of the server.
At the left part of the server we can see the dual fan intakes. Next to that we have
two 120GB SSD drives.
On the right we see system LEDs. There are 4 LEDs to indicate on (From top to
bottom): power, system status, links activity and UID status (remote connectivity to
the server). LEDs can be seen with or without the cover.
The USB Connectors on the front panel of the SG-9500 currently are not in use.
ACTE (CSP Track) 34

SG-9700
Configuration A: 40 x 10GE
Network Ports:
2x40G QSFP+ on each PCIe card
P1 P4 P7
P2 P5 P8: NOT IN USE
M3&M4 Bypass M1&M2

UID LED iLO Port
Here we see the rear view of the SG-9700 Configuration A. Here we will connect links
to the network as well as management links.
All other bottom ports are used for management connections:
M1 and M2 are the default management ports. They are 1G copper ports.
Alternatively, you can connect to M3 and M4, which are 10G fiber ports.
Next to M1 you can find the iLO port. The iLO system is a standard component of the
SG-9700 that simplifies initial server setup, server health monitoring, power and
thermal optimization, and remote server administration.
USB ports are used to connect the SG-9700 to the bypass unit. Use the dedicated
bypass cable you received with the SG-9700.
At the right side of the server we can see the 2 power supplies. Next to them, to the
right, we have a monitor connector for initial configuration and troubleshooting.
10G NETWORK LINKS (P1 – P8): There are 2 40G QSFP+ Ethernet network interfaces
on each of 6 PCIe cards used for Network traffic, steering or Asymmetry. These are
then split into 4 x 10G interfaces each using fan-out cables. Thus P1, P2, P4, P5 and
P7 – each carries 8 x 10G interfaces.
ACTE (CSP Track) 35

SG-9700
Configuration B: 8x100GE + 8x1/10GE
100G 1G/10G
(Network traffic only - not available (Network traffic, steering or
for steering or Asymmetry) Asymmetry)
P1 P4 P7
P2 P5 P8
M3&M4 Bypass M1&M2

UID LED iLO Port
There are 2 x 100G Ethernet network interfaces on each of the 4 PCIe cards (P1, P2,
P4 and P5, Slots 3 and 6 are not in use) used for Network traffic only (not available for
steering or Asymmetry), which can support 100G QSFP28 fiber interfaces.
The 1G/10G interfaces can support 1G/10G SFP+ fiber or 1G RJ45 Copper interfaces
and may be used for Steering, Network Traffic or Asymmetry traffic.
ACTE (CSP Track) 36

SG-9700
Configuration C: 4 x 100GE + 24 x 1/10GE
100G 1G/10G
(Network traffic only - not available (Network traffic, steering
for steering or Asymmetry) or Asymmetry)
P1 P4 P7
P2 P5 P8
P3 P6
M3&M4 Bypass M1&M2

UID LED iLO Port
NETWORK & STEERING LINKS (P1 – P8): There are 4 x 100G Ethernet network
interfaces, 2 on each PCIe cards installed in slots P2 and P5 used for Network traffic
only (not available for steering or Asymmetry), which can support 100G QSFP28 fiber
interfaces. In addition there are 24 x 1G/10G Ethernet network interfaces, 4 on each
PCIe cards installed in slots P1, P3, P4, P6, P7 and P8 used for Network traffic
Steering, Network Traffic or Asymmetry traffic and which support 1/10G SFP+ fiber
interfaces.
It is possible for the 100G interfaces of Configuration C to be installed with PSM-4
Transceivers (MTP-MTP, SM Only). This requires an HD 4 PSM-4 Bypass unit as well.
For more information, contact Allot Customer Support.
ACTE (CSP Track) 37

38
In this module, we will introduce you to the Allot Enterprise Platform. By the end of
this module, you will:
▪ Be familiar with the main functions of the platform
▪ Know how to differentiate between the different models and how to decide which
model is suitable for you
▪ Understand the factors to take into consideration when deciding where in a
network to place the products
▪ Be familiar with the Management Modules installed on the Allot Gateway
Manager

Allot Gateway Manager
Allot Compulsory Allot Optional

Management Modules: Management Modules: HPE ProLiant Gen9
DL360 (iLO 5)
NX DM CS SMP DSC
Support up to Max number of users

1U 19" Rack Mount
4 SG Units 20K
39
• Allot Centralized Management is a stand alone server that is hosting Allot Virtual
Management Modules, such as: NetXplorer, Data Mediator, ClearSee, DDoS
Secure, WebSafe Personal Central Manager and SMP. Some of the modules are
mandatory and some of them are optional.
• The modules come preloaded, and the user needs to configure the network
connection to them. Some features require additional license.
• The server is HP DL360 and it is 1U high chassis
• The Allot Gateway Manager supports up to 20,000 users and up to 4 Service
Gateways.
• In order to see detailed information regarding the Hardware, Bios, operating
system, AOS version and much more, use the “getinfo” command from the “root”.
• Allot Gateway Manager is offered to Enterprise Customers only!
ACTE (CSP Track) 39

AGM Modules
AGM
Host
Mandatory Module
NX DM CS DSC SMP
Optional Module
40
Centralized Management Platform hosts Allot Management modules as Virtual

Machines inside the server. Some modules are mandatory: NX (NetXplorer), DM
(Data Mediator) and CS (ClearSee), and some modules are optional: DSC (DDoS
Secure Controller) and SMP (Subscriber Management Platform).

AGM Front View
Power Button and

LED
System Health LED
Network Status
LED
System ID Button
and LED
41
Allot Gateway Managers Front Panel includes Buttons and LEDs.

• Power ON Standby button is used to Power ON and OFF the server and System
Power LED indicates the status of the server. When the server is powering up – it
would blink in Flashing green, and then turn to solid green. Solid amber will
indicate that the system is in standby.
• System Health LED will be solid green if the system is working normally. Flashing
green will indicate that iLO is rebutting. Flashing amber means that the system is
degraded or has high ratio of errors in the network traffic. Flashing red alerts that
the system is critical.
• Network Status LED will be flashing green if the network is active.
• The System Identification button is used with the iLO system to identify the
system in a rack. UID LED will light in solid blue when the unit is activated, and
Flashing blue when unit is rebooting or upgrade in progress

AGM Rear Panel
M1 M2
iLO 2 Management Ports Power Supplies

(1G Copper)
• Other ports are not in use 42
• Allot Gateway Manager has no connections for traffic, so the ports of the rear
panel is mostly used for the management of the unit.
• iLO Port is used to connect the iLO system to the Network.
• Management Ports are used for system monitoring and maintenance. M2 acts as a
redundant port for M1.
• The Gateway Manager contains two built in power supply modules and a dual line
feed for Redundancy purposes.
• All other ports are not in use.

NetXplorer
(NX)
• Policy Creation
• Hierarchical Rule-Based policy
• Classification by service, host, time,
encapsulation, interface etc.
• Actions such as Access Control, QoS,
Steering, ToS marking etc.
• Configuration & Management

• Configuration & control of multiple
solution elements
• Operational parameters
• Alarms
Implemented as a build-in module within ACG Platform 43
Allot NetXplorer provides control over all the aspects of the SG, providing centralized
visibility that is accessible to multiple clients and designed to manage a globally
dispersed network infrastructure. One GUI provides centralized control of key Allot
solution elements, including the SG itself, the User Management Platform (SMP), the
Data Mediator and ClearSee.

Data Mediator and ClearSee

(DM and CS)
• Data Mediator
• Performs ETL (Extract, Transform, Load)
functions
• Can be used in isolation for export of
streaming data records
• ClearSee
• Data Warehouse based on Vertica DWH
• Cutting BI Front End based on
Microstrategy BI
• Comes with “Network Metrics” license
for all basic canned reports
Data Mediator is a mediation element that collects data records from the SG and
prepares them for upload to the ClearSee, which is the reporting and analytics heart
of the SG.
Allot ClearSee collects raw data from the SG appliances as well as control plane
elements from the SMP (Subscriber/User Management Platform) and employs a
cutting-edge data warehouse designed for fast look-up, processing, and export. The
data warehouse features a columnar structure and uses massive parallel processing
(MPP) to handle big data with extreme efficiency.
ClearSee Network Metrics provides real-time network monitoring as well as long

term dashboards that allows drill down and filtering for in depth analysis. ClearSee
Network Analytics (additional license required) provides a full complement of web-
based tools for manipulating and analyzing large varieties and volumes of data with
extreme ease and efficiency, as well as the ability to create self-service reports.

DDoS Secure Controller (DSC)
• Anti-DDoS
• Identify and mitigate network anomalies
• Ensures Network stability
• Protect against computing resources misuse
• Anti-Abuse (Botnet)
• Identify and isolate abusive User behavior
• Dynamic internal blacklist
• Protect IP reputation / avoid DNS
blacklisting
More details in
CDSA Course
Allot’s DDoS Secure Controller integrates protection against bots infiltrating client
devices and DDoS attacks into one package. The DSC works round-the-clock to
protect the network and notify the administrator of any malicious activities.

Subscriber Management Platform

(SMP)
User Login Top Users report • SMP

Usage per User report
IP address • Ensures full visibility and control per user
• Identifies the enterprise user associated
with each traffic flow
• Seamless interface to Active Directory
systems
• Transparent IP mapping
Allot’s Enterprise solution utilizes user awareness and user-based policy management
provided by Allot SMP.
SMP works with an Active Directory Adaptor to integrate with the Enterprise Active
Directory system. This gives the SSG/SG user-level awareness by enabling it to map
each user to their allocated IP in the enterprise network. In addition, SMP gives the
system visibility of the user group or groups defined for each employee in the
enterprise active directory. You can then configure different control policies based on
different enterprise user groups.

Alternative: Deploy on Your Own Hardware

Application
• Deploy virtual management

modules required
• Over customer’s own hardware
Hypervisor
and Hypervisor
• Pay careful attention to minimum
requirements and specs
Physical Srv
x86 IBM
DELL
HP
CISCO
47
If you opt not to utilize the Allot Gateway Manager, the Virtual Management Modules
may be downloaded and installed on your own hardware over either a KVM or
VMware virtual environment.

AGM HW Requirements
VDISK (GB)
- Disk 1: for OS(system) and DB VCPU RAM (GB)
- Disk 2: for Application
NX 120+350 8 16
DM 120+200 8 16
CS 120+400 10 32
DSC 120+100 8 16
SMP 120+100 8 16
48
For Software-Only installations please make sure that your hardware comply with
requirements regarding operating system, networking and hard drive settings for
each module you want to be installed on your Gateway Manager server.

Review Question
What are the specifications for the listed platforms?
ACG-2000 SSG-400 SG-9500
Maximum Number
of Connections ?
2M ?
2.25M ?
80M
Number of Ports ?4 ?8 ?
24
Maximum 2 8 140
Throughput ?
Gbps ?
Gbps ?
Gbps
49
So is everything clear so far? Let's find out with a little quiz.
What are the specifications for each of the listed platforms?
ACTE (CSP Track) 49

Review Question
What is unique about ACG Family among all other

Allot Platforms?
This Platform includes only Management units but

X not the DART engine
This Platform includes both the DART engine and

√ Management units in a single server
This platform is the only one which includes Remote

X Management option such as iLO and iDRAC
50
What is unique about ACG family among all other Allot Platforms?
ACTE (CSP Track) 50

51

ENT-02 Allot Enterprise Platforms

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ENT-02 Allot Enterprise Platforms

Uploaded by

Copyright:

Available Formats

Module 2: Allot Enterprise Platforms

ACTE (Enterprise Track) 1

• Introducing Allot Enterprise Platform

• Allot Enterprise Platform Series Overview

ACTE (Enterprise Track) 2

What Is Service Gateway?

• A scalable carrier grade platform for:

• Collects network statistics

ACTE (CSP Track) 3

ACTE (CSP Track) 4

• SG may have 1 or more physical link

• Classification of traffic is independent of External

physical link, unless specified

ACTE (CSP Track) 5

• Introducing Allot Enterprise Platform

ACTE (Enterprise Track) 6

Allot Enterprise Platforms Portfolio

For Large Enterprises

500M 1G 2G 8G 40G 50G 140G 250G Speed

ACTE (Enterprise Track) 7

0.5Gbps 2 Gbps 1 Gbps 8 Gbps 8 Gbps 40 Gbps

4 x 1GE 4 x 1GE/10GE 8 x 1GE 16x1GE/10GE

• 1GE – Copper(RJ45) or Fiber (SFP+ 1GBASE-LX/SX)

ACTE (Enterprise Track) 8

ACTE (Enterprise Track) 8

SG-9000 Series Appliances

50 Gbps 140 Gbps 250 Gbps

16x1/10GE A: 24x1/10GE A: 40x10GE (10x40GE)

• 1GE – SFP+ (1GBASE-LX/SX) / Copper(RJ45)

Allot Service Gateway 9000 Series is a scalable family of DPI-based multiservice

ACTE (CSP Track) 9

• Introducing Allot Enterprise Platform

Now let’s view each platform in details.

ACTE (Enterprise Track) 10

ACG Series Comparison

ACG family includes 2 platforms: ACG-500 and ACG-2000.

ACTE (Enterprise Track) 11

Internal Modules Throughput

Interfaces License options

Allot ACG-500 platform provides a high-performance service delivery platform based

ACTE (CSP Track) 12

ACG-500 Front View

• System Health and System ID indicator codes

Here we have a front view of the ACG-500

ACTE (CSP Track) 13

ACG-500 Rear Panel

Management Ports Network Ports

Monitor Port Bypass Power Supply

ACTE (Enterprise Track) 14

Internal Modules Throughput

Interfaces License options

Allot ACG-2000 platform provides a high-performance service delivery platform with

ACTE (CSP Track) 15

ACG-2000 Front View

Power Button and

System Health LED

Allot Gateway Managers Front Panel includes Buttons and LEDs.

ACTE (Enterprise Track) 16

ACG-2000 Rear Panel

Network Ports Management Ports

Bypass iLO Monitor Port Power Supplies

ACTE (Enterprise Track) 17

• Introducing Allot Enterprise Platform