Editors note: This customer wrote this from the heart he has never received any perk or compensation from APconnections.
“We’ve been having problems with encrypted BitTorrent running on Port 80. uTorrent, Azureus, BitComet clients in particular were impossible to track down automatically, so finding them by hand and putting them in jail was starting to take more and more admin time.
We had a pretty good connection aging rule set in MikroTik, but lost bandwidth by having to define a pipe size first, then setting queues within that defined pipe. Doesn’t work particularly well for wireless where the pipe size tends to change a bit with changing RF conditions during the day. Also had to put too many rules in too many routers so it was getting pretty difficult to maintain.
I saw a mention or two of NetEqualizer on a couple of forums, and pretty much brushed it off as more BS. We already had an Etinc bandwidth manager gathering dust and didn’t want the same thing happening again.
Well, about two weeks ago we got fed up enough to give NetEqualizer a call. Had a couple of interesting chats, decent tech sales conversations, very little push from them, careful to set reasonable expectations etc. They said it works, its completely transparent, holds traffic levels within 10-15% of what you want, prioritizes interactive stuff including VoIP and requires very little setup and even less maintenance. It manages traffic patterns only and doesn’t try to sniff packets to detect PtP.
They were also very clear that “less is more”. Don’t put in a bunch of rules to micromanage, just let it do its thang.
So we bought one last Friday. The 45Mbit version, cost about $3500 or so including some basic support and maintenance. Nice 1U case, but quite a noisy fan. Showed up Tuesday morning, which is pretty good shipping time considering it went through customs to get here.
Plugged it in around lunchtime Tuesday into a managed switch where we could easily cut it in and out of our main feed trunk. Left if out of the traffic stream while we read through the quickstart guide, then took about 5 mins to give it an IP address and put in the basic three rules. Made a few entries to exempt various servers from connection limits, gave three or four customer IPs “priority host” exemptions and left it alone for a while to make sure that the magic smoke wasn’t going to suddenly escape.
Flipped switch ports to put the NetEq into the traffic stream about 5pm Tuesday. Still had a bunch of MT routers running rule sets, including the main gateway with a global daytime PtP ban.
WELL! It settled in very gracefully within a few minutes, and we could see the connection count to the Internet gradually dropping off, while bandwidth utilization started to smooth out to about 2 Mbit less than the 21 Mbit we had set. You could watch IP pair delay “penalties” being applied, increased, decreased and removed in the log. Bursts were still allowed to bring the peak just over 22 Mbit, and the upload side settled at about 1 Mbit less than the 6 Mbits we set. Again, bursts were allowed to around 7 Mbits. The Internet felt great!!
Over the next few hours we disable all the existing MT rule sets, including the global gateway rules for PtP. Bandwidth utilization still looked relatively smooth, cruising around the Net felt great, VoIP worked fine, everything was peachy.
The next day we figured out that a couple of big customers running over VPN tunnels needed priority exemptions, as tunnels look like one big lump of abuse from a NetEqualizer viewpoint.
We also set some priorities with bandwidth caps for big clients running server farms.
And waited for the shoe to drop…. And waited, and waited. Calls to our tech support dropped off, nobody was complaining about throughput, and we waited some more. Even PtP worked great during the day as it was allowed to use any unused bandwidth that “real-time” applications didn’t need.
And we’re still waiting four days later.
This device is about the closest thing to black magic we’ve seen in years. It just plain works. I’ve removed about half of the few config rules I put in to start, we simply don’t need them. The only thing you have to watch is connection limits on servers, and make exemptions for big customers routing all their traffic through tunnels. That’s it.
To put this in context, we’re handling just under 30 Mbits total flow, and sit at about 2400 pps each way during the day, dropping off out of business hours. We have an evening residential burst to about 70% of our daytime max. We’re seeing about 1300 concurrent IP connection pairs during the day down to around 800 in the evening. That’s with roughly 750 customers representing 5000+ total seats. 900 MHz customers normally get 3 Mbit or so, and pretty much everyone else gets 5+, so they get grumpy fast if bandwidth drops off.
It only took 10-15 customers running encrypted PtP on Port 80 to ruin our lives, and the trend they represented was horrifying. Over the last six months, our bandwidth utilization has gone up at least 50% higher than can be accounted for by customer growth.
Obviously we have no connection with NetEqualizer beyond being a very happy customer. Their FAQ here »www.netequalizer.com/tsfaq.htm pretty much says it all.”