University of British Columbia IT department chimes in on Layer 7 shaping and its fallacy

Editors notes: The following excerpt was pulled from the Resnet User Group Mailing list Oct 17 , 2009

Most subscribers to this user group are IT directors or adminstrators for large residence networks at various  universities. Many manage upwards of tens of thousands of Internet users.   If you are an ISP I would suggest you subscribe to  this list and monitor  for ideas.  Please note vendor solicitation is frowned upon on the Resnet list

As for the post below The first part of the post is Dennis’s recommendation for a good bandwidth shaper, he uses a carrier grade Cisco product.

The second part is a commentary on the fallacy of layer 7 shaping. No we do not know Dennis nor does he use our products , he just happens to agree with our philosophy after trying many other products.

Dennis OReilly <
reply-to Resnet Forum <> to date Sat, Oct 17, 2009 at 12:35 AM subject Re: Packet Shaping Appliance unsubscribe Unsubscribe from this sender

At 9:22 AM -0400 10/16/09, Brandon Burleigh wrote:

We are researching packet shaping appliance options as our current model is
end-of-life.  It is also at its maximum for bandwidth and we need to increase
our bandwidth with our Internet service provider.  We are interested in
knowing what hardware others are using on their Internet service for packet
shaping.  Thank you.

At the University of British Columbia we own and still use four PS10000’s.   A year ago we purchased a Cisco SCE 2020 which has 4 x 1G interfaces.  The SCE 2020 is approx the same price point as the PS10000.  There is also an SCE 8000 model which has 4 x 10G interfaces, also at a decent price point.

Oregon State brought the SCE product line to our attention at Resnet Symposium 2007.  A number of other Canadian universities recently purchased this product.

The SCE is based on P-Cube technology which Cisco acquired in 2004.

In a nutshell comparing the SCE to the PS10000:
– PS10000 reporting is much superior
– PS10000 and SCE are approx equal at ability to accurately classify P2P
– SCE is essentially a wire speed device
– SCE is a scalable, carrier-grade platform
– Installation of SCE is more complicated than PS10000
– SCE has some capability to identify and mitigate DoS and DDos attacks
– SCE handles asymmetric routing
– SCE has fine grained capabilities to control bandwidth

It is becoming more and more difficult over time for any packet shaping device like a Packetshaper, or a Procera, or an SCE to accurately classify P2P traffic. These days the only way to classify encrypted streams is through behaviorial analysis.  In the long run this is a losing proposition.  Thus, approaches like the NetEqualizer or script-based ‘penalty box’ approaches are better.   However, boxes like the SCE which have excellent capabilities to control bandwidth on a per user basis are also viable.  Otherwise the carriers wouldn’t be using these products.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: