By Art Reisman
Even though I would self identify as an early adopter of new technology, when I look at my real life behavior, I tend to resist change and hang on to technology that I am comfortable with. Suffice it to say, I usually need an event or a gentle push to get over my resistance.
Given that technology change is uncomfortable, what follows is a gentle push, or perhaps a mild shove, to help anybody who is looking to pull the trigger on moving away from Packet Shaping into a more sustainable, cost-effective alternative.
First off, lets look at why packet shaping (layer 7 deep packet inspection) technologies are popular.
“A good layer 7 based tool creates the perception of complete control over your network. You can see what applications are running, how much bandwidth they are using, and make adjustments to flows to meet your business objectives.”
Although the above statement appears idyllic, the reality of implementing packet shaping, even at its prime, was at best only 60 percent accurate. The remaining 40 percent of traffic could never be classified, and thus had to shaped based on guess work or faith.
Today, the accuracy of packet classification continues to slip. Security concerns are forcing most content providers to adopt encryption. Encrypted traffic cannot be classified.
In an effort to stay relevant, companies have moved away from deep packet inspection to classifying traffic by the source and destination (source IP’s are never encrypted and thus always visible).
If your packet shaping device knows the address range of a content provider, it can safely assume a traffic type by examining the source IP address. For example, Youtube traffic emanates from a source address owned by Google. The draw-back with this method is that savvy users can easily hide their sources by using any one of the publicly available VPN utilities out there. The personal VPN world is exploding as individual users are moving to VPN tunneling services for all their home browsing.
The combination of VPN tunnels and encrypted content is slowly transforming the best application classifiers into paper weights.
So, what are the alternatives? Is there something better?
Yes, if you can let go of concept of controlling specific traffic by type, you can find viable alternatives. As per our title, you must “cross the chasm”, and surrender to a new way of bandwidth shaping, where decisions are based on usage heuristics, and not absolute identification.
What is a heuristic-based shaper ?
Our heuristic-based bandwidth shapers borrow from the world of computer science and a CPU scheduling technique called shortest job first (SJF). In today’s world, a “job” is synonymous with an application. You have likely unknowingly experienced the benefits of a shortest job first scheduler when you use a linux-based laptop, such as a MAC or Ubuntu. Unlike the older Windows operating systems where one application can lock up your computer, such lock ups are rare on Linux . Linux uses a scheduler that allows preemption to let other applications in during peak times, so they are not starved for service. Simply put, a computer with many applications using SJF will pick the application it thinks is going to use the least amount of time and run it first. Or preempt a hog to let another application in.
In the world of bandwidth shaping we do not have the issue of contended CPU resources, but we do have an overload of Internet applications that vie for bandwidth resources on a shared link. The NetEqualizer uses SJF-type techniques to preempt users who are dominating a bandwidth link with large downloads and other hogs. Although the NetEqualizer does not specifically classify these hogging applications by type , it does not matter. The hogging applications, such as large downloads and high resolution video, by their large foot print alone, are given lower priority. Thus the business critical interactive applications with smaller bandwidth resource consumption get serviced first.
The issue we often see with switching to heuristic-shaping technology is that it goes against the absolute control-oriented solution offered by Packet Shaping. The alternative of sticking with deep packet inspection and expecting to get control over your network is becoming impossible, hence something must change.
The new heuristic model of bandwidth shaping accomplishes priority for interactive cloud applications, and the implementation is simple and clean.
Leave a Reply