Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
Four crazy tech ideas from Google's Solve for X project
Obama 2012 campaign playlist revealed courtesy of Spotify
Oracle buying Taleo for US$1.9 billion in direct hit at SAP
Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
Pre-rendered pages highlight latest Google Chrome release
Microsoft exec: Lync-Skype integration a 'compelling opportunity'
The future of hypervisors
/

Reviews /

Packeteer is best at helping you get priorities straight

Today's breaking news
Send to a friendFeedback

PacketShaper 2000 tops pack of four products that give you control over LAN-to-WAN traffic flows.

By Joel Snyder
Network World, 4/6/98

LAN speeds are heading higher. WAN speeds are still poking along. So what happens when you connect a 100M bit/sec LAN to a 1.5M bit/sec T-1 line? Contention, congestion and frustration.

Enter bandwidth management products. These devices, sometimes called packet shapers, generally look like Ethernet bridges to a network manager. They have two Ethernet ports and act as gatekeepers between LANs and WANs, throttling network traffic to match the policies you establish. Bandwidth managers work almost exclusively on TCP/IP traffic; non-IP traffic is dropped or passed through unchanged. If the bandwidth manager does its job correctly, applications don't even know it's there, and routing and monitoring don't have to change.

We looked at four products designed to help manage the funnel between a high-speed LAN and a low-speed WAN. Packeteer, Inc.'s Packet-Shaper 2000 came out the clear winner on al-most all fronts. With high performance, extreme flexibility and support for a broad range of traffic types and protocols, the PacketShaper can only be faulted for an overly complex user interface and a high price tag.

For those who don't need all the traffic characterization flexibility of the Packeteer box, Struc-tured Internetworks, Inc.'s IPath/10M may be the answer. IPath's overall score was lower than PacketShaper's because IPath doesn't have as many packet prioritization options - but its performance was as good as PacketShaper's and its price is lower.

The other two products trailed in performance. Aponet, Inc.'s Aponet Bandwidth-Manager lacked the classification and bandwidth management features of the protocol-knowledgeable hardware from Packeteer and Structured Internetworks. SunSoft, Inc.'s Sun Bandwidth Allocator doesn't know protocols either, and the added complication of a Solaris platform drives up cost and installation complexity.

Performance and traffic management

Traffic-shaping is designed to improve network efficiency, so in order for these devices to do their job properly, they can't add overhead. Two of the four we looked at excel at their intended task.

PacketShaper and IPath know about the internal structure of the TCP protocol. They dig into packets to restrict traffic for each TCP connection without causing unnecessary retransmissions. We saw very little latency introduced by either device. The IPath passed all packets it saw, even those not destined for the router on the other side. This means that for the best performance you should put IPath on a switch port next to the router, so it sees only the packets already destined to go to the router.

For the simple network we built, Sun Bandwidth Allocator performed well, but it and Aponet Bandwidth-Manager don't know anything about the protocols they're managing. By simply dropping packets when congestion occurs, they bring out the worst in TCP. Senders must retransmit packets, wasting LAN, WAN and CPU resources. Receivers must retransmit acknowledgments, wasting resources in the other direction.

As an example of the problem, in a single-stream case, Aponet Bandwidth-Manager wasted 7.5% of WAN traffic by causing clients to retransmit TCP data packets, while servers sent 100 times the normal level of duplicate acknowledgment packets. In all, we saw lost WAN capacity between 6% and 18%, depending on the test configuration.

After performance, the most important features to look for in a bandwidth management product are robust traffic-shaping features. Packeteer offers the most sophisticated set of traffic classification and control features we've seen. Packeteer lets you prioritize IP traffic by the common classifications of IP address, subnet and TCP or User Datagram Protocol (UDP) application. It also lets you manage non-IP protocols IPX, AppleTalk, SNA, DECnet and NetBIOS. On top of that, you can set characteristics for traffic by URL (for example, you can treat GIF files differently from HTML files), by estimated speed of the client, by direction and by options in the IP packet header.

Once you've classified your traffic, Packeteer again offers a veritable feast of options. You can guarantee minimum bandwidth with a maximum burst capacity, choose a priority-based approach or simply discard packets. For incoming HTTP traffic, you can handle clients running at various bandwidths differently, such as redirecting traffic streams that are above or below a given speed to a different server. And you can decide what to do when a new connection comes in that cannot be guaranteed its minimum bandwidth: reject it or try to squeeze it in.

IPath is primarily aimed at IP traffic, specifically TCP/IP traffic, and has limited support for controlling bandwidth of non-IP traffic. Never-theless, IPath has a strong and flexible traffic classification and management system. Traffic is divided into groups, which may contain individual IP-based hosts or entire IP subnets. Within each group, traffic may be further subdivided and controlled based on protocol-specific information, including TCP or UDP port number, protocol type and direction of traffic (in, out or both). Thus, it's fairly easy to limit HTTP traffic on one host and File Transfer Protocol traffic on another, yet reserve enough headroom on the network to let Domain Name System traffic get as much bandwidth as it needs.

Once you classify and sort your traffic, IPath offers you the option of specifying minimum bandwidth reservation (primarily useful during network congestion) as well as maximum bandwidth limits (useful when there is no congestion). The IPath also has a spot for "everything else,'' and you can set the minimum bandwidth available to these services under congestion (minima) and the maximum bandwidth available in the absence of congestion (maxima).

Sun's traffic classification tools are simple. Sun Bandwidth Allocator can explicitly manage only TCP and UDP traffic; other IP packets fall into a default group. Packets are classified by source and destination address (including a subnet mask, if appropriate), source and destination TCP/UDP application port number, and protocol (TCP, UDP or any).

That's the simple part; next, you've got to figure out what to do with the packets. Sun Bandwidth Allocator doesn't make this easy. Sun uses a hierarchy of classes; each class has a minimum and maximum bandwidth as well as a priority.

The hierarchy is important to Sun Bandwidth Allocator because it defines how classes are allowed to borrow and lend bandwidth amongst themselves - an important, but confusing issue when combined with the priority scheme. We tried to get fancy and use a combination of minima, maxima and priorities when doing our tests, but there were too many variables and the results were too unpredictable. We ended up setting all traffic to the same priority in order to make sure we knew what throughput we were going to get. It's not clear that Sun knows how to handle hierarchies either: We went through a tutorial of a hypothetical network linking London, Paris and Bonn, Germany, a half-dozen times, and we never did figure out what the exact results were going to be.

Configuring Aponet Bandwidth-Manager is simple: network traffic is classified by IP address, or range of IP addresses, period. Anything Aponet Bandwidth-Manager doesn't recognize, such as non-IP traffic, it simply passes through. Once a traffic class is created, you assign input and output bandwidth limits, and that's it. You've done your management; you can go home now. However, this simplicity means Aponet Bandwidth-Manager lacks the flexibility of products such as PacketShaper and IPath.

Monitoring and reporting

Most of the vendors provide tools for checking on their products' performance. PacketShaper's PolicyConsole has a monitoring and graphing interface, but we found it difficult to get a quick overview of the network that way. You can easily fetch specific graphs for a particular traffic class, but you can't see the whole status of the network at a glance. And when you do look at usage data, PolicyConsole makes you beg for it, one little graph at a time.

IPath's weakest point is the monitoring software: it's not available yet, at least on Windows NT. Although Structured Internetworks' documentation and product information discuss a graphing analysis tool based on Tobias Oetiker's excellent freeware Multi Router Traffic Grapher (MRTG), the version we evaluated had the IPath Profiler grayed out.

IPath does include a real-time monitoring tool in the configuration utility that shows instantaneous packet counts and traffic levels, but the documentation never explains (and we never figured out) what some of the counts mean.

Sun Bandwidth Allocator lacks comprehensive real-time monitoring, although statistics can be retrieved using SNMP.Aponet Bandwidth-Manager hardware is constantly queried by the ABM System Administration application for throughput information. Every 5 minutes, the System Administration tool builds a new set of throughput graphs using the same MRTG software as the IPath, breaking down traffic by class and showing bandwidth consumed across various time spans.

Installation and configuration

Packeteer's PacketShaper, Structured Internetworks' IPath, and Aponet Bandwidth-Manager are all two-port bandwidth managers you install between the LAN and the Internet access router. The PacketShaper comes in three flavors: PacketShaper 2000 (our test unit) for T-1 connections; PacketShaper 4000 for T-3 lines; and PacketShaper 1000 for 384K bit/sec connections. The IPath product line includes a 100M bit/sec version as well as four-channel models. We tested Aponet Bandwidth-Manager Model 100; a 10M bit/sec model is also available.

Sun Bandwidth Allocator is a software application that runs on the Solaris operating system on either SPARC or Intel Corp. hardware. We tested on a Sun Ultra 1/170e. Installing and configuring Sun Bandwidth Allocator is easy for a Solaris-literate network manager; if you're not familiar with Solaris, however, you probably won't want to tackle it. You can also configure Sun Bandwidth Allocator to look more like a traditional router, with IP addresses on both LAN interfaces.

While PacketShaper and IPath have a command-line interface, and Sun lets you edit text files to change configuration, we used each vendor's graphical management applications to configure the devices: Packeteer's PolicyConsole, which runs under Netscape Commu-nications Corp.'s Navigator; Structured Internetworks' IPath Manager, which runs under Windows or Solaris; Sun's Solaris-based tool; and Aponet's ABM System Administration, which runs on either Linux or Windows NT.

PacketShaper gives you more knobs, buttons and sliders than all the other products put together, and all those controls are confusing. The manual is 263 pages long. PacketShaper was the only product for which we needed technical support to configure properly. At the other end of the documentation spectrum is Aponet, which provides only online documentation - no hard copy manuals are included.

Last words

In the final analysis, one product stood out for its powerful capabilities and efficient performance. PacketShaper is for the network manager who needs to micromanage packet flow. Its multiple levels of traffic classification, IP and non-IP support, and traffic management policies and actions, go further than any other product in the market.

Assuming that Structured Internet-works gets its act together on the monitoring side, the IPath is a good, solid product. The company has an innovative pricing strategy, with prices tiered based on factors including bandwidth passing through the IPath and the total number of IP addresses and subnets. At a reasonable price point, it combines the elegance of protocol-specific bandwidth management with a simple interface and no-questions-asked performance. IPath isn't fancy, but it works great.

While the Sun product is solid, it will be of primary interest to existing Solaris sites. Unless you've got excess Sun servers littering your computer room, dedicated hardware is a better choice. Aponet's simplicity in configuration may be appropriate for some networks, but the performance loss caused by TCP's retransmission algorithms is a limiting factor.

RELATED LINKS

How to make bandwidth managers work efficiently for you

How we did it
Scorecard and Net Results

Balancing Network Services
Web Server Online, 3/3/98.

Xedia joins bandwidth mgmt. fracas
A look at its bandwidth management technology. Network World, 11/17/97.

Shaping Traffic Behavior
Packeteer paper.

Snyder is a senior partner at Opus One, in Tucson, Ariz., where he specializes in networks and communication systems. He can be reached at jms@ opus.com.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.