While LANs are getting faster with more bandwidth to keep up with demand (i.e., Gigabit Ethernet) WAN links are still lumbering along at frame relay or T1 speeds that are typically 1.544Mbps or less. Thus, when high-speed LAN traffic has to funnel through a small WAN link, you end up with traffic congestion and user frustration. A good analogy is to imagine an hourglass where the wide top part of the hourglass represents the first LAN, the tight middle space represents the WAN link, the bottom represents the second LAN and the sand of course represents network traffic. Unfortunately, important network traffic must often wait for less important traffic to pass through the WAN link. While equality is a noble notion in most cases, not all network traffic is created equal and some packets are indeed more important that others. So how to solve this problem? The solution is to install a bandwidth management or �packet shaping� product.
Such devices act as gatekeepers between LANs and WANs, controlling the
flow of network traffic and offering guaranteed bandwidth to certain network
applications, depending on the policies you define. For example you can set
a policy to grant more priority to time-sensitive applications such as
Oracle and SAP or even Telnet, which requires immediate keyboard respond
with no latency. More importantly, as VoIP becomes increasingly deployed in
the enterprise, using a packet-shaping product becomes even more critical to
ensure minimal latency and guaranteed bandwidth for VoIP streams.
We examined Packeteer�s PacketShaper 8500, which can automatically
classify network traffic into categories based on application, protocol,
subnet, URL, and
other criteria. The PacketShaper supports Layer-7 classification and can
automatically pinpoint and classify hundreds of applications, including
Citrix, Oracle, Microsoft Exchange (DCOM), and even bandwidth-hogging P2P
applications such as Gnutella, Napster, and KaZaA. In fact, one of the
biggest beneficiaries of Packeteer�s products have been universities where
in the past P2P applications have caused havoc by consuming all of the
available network bandwidth.
PacketShaper�s TCP Rate Control technology proactively prevents
congestion on both inbound and outbound flows, eliminating unnecessary
packet discards and retransmissions caused by queuing. In addition to TCP,
Packeteer indirectly manages connectionless UDP flows. By directly
controlling other flows, such as TCP, Packetshaper makes bandwidth available
for UDP flows such as streaming audio and more importantly VoIP flows. For
example, by controlling and assigning rate policies of TCP traffic such as
HTTP, FTP, and SMTP, you can keep this traffic from encroaching on the
bandwidth needed for UDP flows, such as VoIP. PacketShaper also lets you
manage non-IP protocols IPX, AppleTalk, SNA, DECnet, and NetBIOS.
INSTALLATION/DOCUMENTATION
Installing the PacketShaper was a breeze. First we connected a PC directly
to the PacketShaper�s Ethernet port labeled �Inside� so we could
configure the IP settings on the device. We simply opened the PC�s
browser, typed �unconfigured.packetshaper.com� and we were redirected to
PacketShaper�s administration screen. After setting the various IP
settings, we disconnected the PC from the PacketShaper and instead plugged
the PacketShaper directly onto our LAN so we could have the device monitor
and control real live network traffic. Thus, we had PacketShaper�s �Inside�
port connected to the LAN and we had PacketShaper�s �Outside� port
connected to our WAN router � a T1 leased data line to another building.
Once we had performed these simple steps, all that remained was configuring
the unit to control various applications on our network, (see Operational
Testing).
It�s rare for TMC Labs to get too excited over a product�s
documentation. Besides, who reads the manual anyway? Well, that may be the
case, but it�s our job to examine a product�s documentation. When we
decided to look at the PacketShaper documentation, we expected a lengthy
manual due to the complexity of the product, but were pleasantly surprised
at its brevity. But short documentation doesn�t necessarily mean good
documentation, so we inspected the documentation further and we still liked
what we saw. It was broken into organized sections that were placed in
logical chronological order � explaining installation and concepts first
before delving into more complex features. Several descriptive 3D drawings
explained how to connect the device in various network topologies, and
screenshots were also plentiful. Hmmm, documentation that is short and sweet
and doesn�t �skimp� on important details? Now that is something to get
excited about!
OPERATIONAL TESTING
PacketShaper features policy-based enforcement of application priorities and
bandwidth allocation with capacities of up to 200 MB. Administrators can
control bandwidth allocation by application, server, or user to proactively
prevent congestion related application performance problems. One of the
nicest features of the PacketShaper is �Automatic Traffic Discovery,�
which utilizes PacketShaper�s layer 7 classification capabilities to
automatically identify applications running across the network. Since it
classifies on the basis of layer-7 information of the OSI networking model,
it can pinpoint applications such as SAP, Gnutella, Citrix, Oracle, TN3270,
Napster, and other applications.
Once the classes were auto-discovered, we were able to define various
service levels for the classes, including defining the minimum guaranteed
bandwidth and the maximum burstable bandwidth. Thus, we could for instance
define a guaranteed minimum bandwidth of 23kbps per H.323 stream to ensure
good voice quality. Similarly, we could prioritize Telnet traffic where
immediate keyboard response is essential.
What is unique about PacketShaper is that it doesn�t just do simple �port�
mapping to determine the traffic type. For example, it is well known that
TCP port 80 is for HTTP (Web) traffic. However, not all traffic uses static
ports. For instance, H.323 uses dynamically allocated ports that are random.
PacketShaper is able to analyze the network traffic and determine the H.323
traffic even though it doesn�t use a predefined static port. In fact, it
can detect several VoIP applications, including Clarent, CuSeeMe, DialPad,
I-Phone, MCK Communications, Micom VIP, H.323, RTP, RTCP, T.120, and
VDOPhone.
Another problem is that some network applications can use the common TCP
port 80. Examples include Yahoo! Messenger, RealAudio, Microsoft Media
Player, and P2P clients such as Napster. Administrators can�t simply block
port 80 on the firewall to prevent these applications, since that would
block Web traffic as well. Fortunately, PacketShaper�s ability to analyze
and determine network traffic by other means allows an administrator to
allow or disallow specific applications, such as Napster, RealAudio, etc.
PacketShaper has an extensive list of traffic class definitions and you
can create custom criteria for measuring and controlling the traffic. For
instance, you can classify traffic by application, protocol, address,
subnet, port number, URL or wildcard, host name, LDAP host lists, Diffserv
setting, 802.1p/q, MPLS, ISL, IP precedence bits, IP or Mac address,
direction (inbound/outbound), source, destination, host speed range, Mime
type, Web browser, Oracle database, Citrix Published Application, VLAN.
PacketShaper supports real-time traffic monitoring and will track traffic
network utilization (peak and current rates) for the link and by application
(SMTP, HTTP, Telnet, and so on). You can also monitor network efficiency to
determine how much bandwidth is wasted from retransmissions and monitor
response time for each application. An administrator can be notified via
e-mail or SNMP trap when a certain metric threshold has been reached. While
many routers and other network equipment support QoS, such as by
prioritizing traffic based on the ToS (Type of Service) byte in a packet
header, you still need a device to �set� the ToS byte within the
packets. Routers merely route packets based on the ToS byte, but they don�t
actually �set� the byte. Well, Packeteer has this covered as it supports
traffic marking and includes support for QoS standards such as DiffServ, ISL,
802.1p/q, or MPLS-enabled networks.
PacketShapers allows you to create partitions where you can place various
network applications and break up the bandwidth pie into chunks, but
PacketShapers are not just for the enterprise. ISPs can utilize PacketShaper�s
partitions feature to enforce maximum bandwidth usage limits by customer or
even offer a guaranteed minimum bandwidth with no maximum bandwidth
utilization limit. This is pretty useful to prevent your neighbors from
hogging all the bandwidth on your shared cable modem network!
PacketShaper has extensive reporting capabilities including reports,
graphs, statistics, and SNMP MIBs. PacketShaper provides detailed analysis
of application performance and network efficiency, displaying peak and
average bandwidth utilization, response times divided into network and
server delays, top Web pages, top users, top applications, and more. A
useful Top Ten screen displays the top ten traffic users by average rate,
peak rate, total bytes, and more. You can also predefine minimum performance
standards, compare actual performance with service-level goals, and generate
reports on SLA compliance � yet another useful feature for ISPs.
For redundancy, PacketShaper supports a hot spare standby unit and dual
hot-swappable power supplies. In addition, if the PacketShaper is reset or
loses power, a bypass switch connects the Outside and Inside Ethernet ports
together so network traffic is not interrupted.
ROOM FOR IMPROVEMENT
The browser interface is fairly complex, but once we figured out the various
nuances, it was fairly easy to navigate and use. One usability complaint is
that it didn�t have an �Undo� feature. We tested the �Easy Configure�
option, which automatically assigns various priorities and settings to
common network applications. When we tried to go back to the way we had it
by turning off �Easy Configure�, the applied settings remained and we
had to manually edit each network application to change it back to the way
we had it before. Thus, we�d like to see an �Undo� feature. The unit
is a bit pricey, which all but prices this out of the range of most small
businesses, but certainly medium to large corporations can afford it.
One final complaint (albeit a minor one) is that you have to open the
unit and remove nine jumpers if you want to set one unit as a �hot spare�
or standby unit. We�d like to see a means of changing this setting via the
browser interface, but probably most installations won�t have a hot spare,
so this point may be moot.
CONCLUSION
PacketShaper is a perfect solution anywhere there is a bottleneck or where
bandwidth traffic shaping is required. Besides typical frame relay or T1
connections, PacketShaper is a great solution for the popular WiFi (802.11b)
networks due to their limited bandwidth. As more and more users hop onto the
WiFi network, controlling, managing, and throttling bandwidth to corporate
wireless users will become more of an issue. In fact, a great example is the
New York Stock Exchange where wireless LANs are used by brokers with
handheld terminals, and they must ensure that the bandwidth is allocated
equally and fairly among all the traders. They deployed Packeteer�s
solution to ensure equitable network access.
Also, as mentioned earlier, PacketShaper is being deployed in
universities quite extensively to prevent P2P clients from bringing campus
networks to a crawl. We have seen several universities start to deploy VoIP
solutions from Cisco, Shoreline, and other IP-PBX vendors. By deploying
PacketShaper, universities can ensure that heavy data access does not
impinge on the voice quality. TMC Labs sees a bright future for bandwidth
management products and we certainly see Packeteer with their PacketShaper
product line leading the way.
[ Return
To The March 2002 Table Of Contents ]
|