Educational Articles | NetEqualizer News Blog

What to Consider When Deploying Your Network Access Control

May 15, 2009 — netequalizer

The decision to deploy a Network Access Control (NAC) or Network Management system may seem simple at first, but many questions remain beyond realizing that initial need. There are a number of factors you should consider when determining what type of NAC is right for you and how it might be deployed, as some tradeoffs exist that will affect your business model depending on what you are trying to accomplish. The following tips, although technical in nature, break down the trade-offs with easy-to-understand explanations.

1) Identifying your users as fixed or mobile – With fixed users, apartment buildings and offices can usually rely on what is called a MAC address to identify which users have access to the network. The MAC address is the unique address that comes with every networking card and wireless card on a computer.

However, the downside of using MAC address authentication is that many users like to be able to change computers or allow guests to login from their own machines. The only practical way for an ISP to deploy a MAC authentication system is when the ISP is able to install customer premise equipment such as a cable modem. The modem and its MAC address act as a gateway to the apartment or office and can be authenticated or shut off if a customer does not pay their bill.

Another issue to consider is that many installations need to be more dynamic, since people like to take their laptops out of their office or apartment and into a common area. The same is true for hotels and similar environments. Although every user on your network has an IP address, they are not unique to that user and can easily be spoofed. So, this essentially leaves you with only one option: Login-based authentication.

2) Login-based authentication – Login-based authentication lasts for the duration of the session when a user is logged in. It is controlled by username and password and the user is given a temporary IP address for their session, making it unlikely, but not impossible, that a hacker can steal the session.

Yet, there are some things that must be considered with a login based user session. Here are a few other key considerations when using a login-based authentication:

3) Automatic log out? – You can’t expect users to always log out or tell you when they are finished accessing the network, so you must log them out after a period of inactivity. This is especially true when users are paying for a limited amount of access time, or when a user may be utilizing multiple computers. The easiest way to do this is to program the NAC to log users out after a set amount of time of inactivity.

4) How to bill – You must decide if a user account gets billed by the calendar regardless of whether they use it, or simply by login time. If you’re likely to have a steady stream of multiple users who will want to log on for short amounts of time – like in an airport or coffee shop – it may make more sense to charge by the hour rather than by the month.

5) Do you want to offer different levels of service? – Many providers offer users a few different options with varying speeds. So, for example, you may want to tier your service with bronze, gold, and platinum levels, with users paying more in order to get faster speeds. This allows users who may just want to check their e-mail to do so at a lower cost than the users who are looking to stream videos or update their podcasts.

6) Can an account have more than one simultaneous login? – For example, you could sell access under a single account to a group of people for a sales meeting or convention, which would allow multiple users to access the Internet at the same time from their individual computers. Supply and demand really come into play here, so you need to make sure to allocate enough bandwidth for the multiple users, but also not run the risk of impacting others on your network.

7) Making the most of your space – You may also want to sell marketing space on your login page, which you are able to customize. Say, if you’re a hotel, I’m sure the local pizza place would love to place an ad – especially if they take orders online. This gives you the option of supplementing your existing income from network subscribers with a steady stream of advertising revenue.

8) How much support do you provide? – Do you have a support center available to give refunds for people who miss a charge or can’t get service after purchasing? The ease with which this can be done often depends on the setup that you’re running. For example, in a hotel, support can simply be provided at the front desk. This is a decision that will obviously also be based on your past experience with your network access controller. If problems don’t usually come up, then having around-the-clock support most likely won’t be necessary.

9) Easy instant billing? – Again, this will likely depend on your individual setup and what your customers will want. If you wish to use credit card processing on the fly for a login, you’ll need a merchant account with a bank that supports online authentication. The vendor who you purchase your system from will also need to know how to work with this account. But, if you’re just providing access to groups that have planned access with you ahead of time, the instant online billing probably isn’t needed.

While you’re likely to come across additional questions once you’ve got your network access controller in place, these considerations simply illustrate a sampling of what issues you may want to take into account. As mentioned throughout, in most cases, a final decision will ultimately depend on how and why your NAC is being used. Of course, for many, this may change on a regular basis. Therefore, you don’t necessarily need to have exact plans set in stone before implementing your NAC, but rather simply choose an option that will allow some flexibility. What’s important is that you remain in control.

Posted in Educational Articles, NAC. Tags: control internet access, Internet Access, ISP, login authentication, mac authentication, mac redirection, network access, Network Access Control, network gateway, network login, network management system. 1 Comment »

Speeding up Your T1, DS3, or Cable Internet Connection with an Optimizing Appliance

April 30, 2009 — netequalizer

By Art Reisman, CTO, APconnections (www.netequalizer.com)

Whether you are a home user or a large multinational corporation, you likely want to get the most out of your Internet connection. In previous articles, we have briefly covered using Equalizing (Fairness) as a tool to speed up your connection without purchasing additional bandwidth. In the following sections, we’ll break down exactly how this is accomplished in layman’s terms.

First , what is an optimizing appliance?

An optimizing appliance is a piece of networking equipment that has one Ethernet input and one Ethernet output. It is normally located between the router that terminates your Internet connection and the users on your network. From this location, all Internet traffic must pass through the device. When activated, the optimizing appliance can rearrange traffic loads for optimal service, thus preventing the need for costly new bandwidth upgrades.

Next, we’ll summarize equalizing and behavior-based shaping.

Overall, equalizing is a simple concept. It is the art form of looking at the usage patterns on the network, and when things get congested, robbing from the rich to give to the poor. In other words, heavy users are limited in the amount of badwidth to which they have access in order to ensure that ALL users on the network can utilize the network effectively. Rather than writing hundreds of rules to specify allocations to specific traffic as in traditional application shaping, you can simply assume that large downloads are bad, short quick traffic is good, and be done with it.

How is Fairness implemented?

If you have multiple users sharing your Internet trunk and somebody mentions “fairness,” it probably conjures up the image of each user waiting in line for their turn. And while a device that enforces fairness in this way would certainly be better than doing nothing, Equalizing goes a few steps further than this.

We don’t just divide the bandwidth equally like a “brain dead” controller. Equalizing is a system of dynamic priorities that reward smaller users at the expense of heavy users. It is very very dynamic, and there is no pre-set limit on any user. In fact, the NetEqualizer does not keep track of users at all. Instead, we monitor user streams. So, a user may be getting one stream (FTP Download) slowed down while at the same time having another stream untouched(e-mail).

Another key element in behavior-based shaping is connections. Equalizing takes care of instances of congestion caused by single-source bandwidth hogs. However, the other main cause of Internet gridlock (as well as bringing down routers and access points) is p2p and its propensity to open hundreds or perhaps thousands of connections to different sources on the Internet. Over the years, the NetEqualizer engineers have developed very specific algorithms to spot connection abuse and avert its side effects.

What is the result?

The end result is that applications such as Web surfing, IM, short downloads, and voice all naturally receive higher priority, while large downloads and p2p receive lower priority. Also, situations where we cut back large streams is generally for a short duration. As an added advantage, this behavior-based shaping does not need to be updated constantly as applications change.

Trusting a heuristic solution such as NetEqualizer is not always an easy step. Oftentimes, customers are concerned with accidentally throttling important traffic that might not fit the NetEqualizer model, such as video. Although there are exceptions, it is rare for the network operator not to know about these potential issues in advance, and there are generally relatively few to consider. In fact, the only exception that we run into is video, and the NetEqualizer has a low level routine that easily allows you to give overriding priority to a specific server on your network, hence solving the problem. The NetEqualizer also has a special feature whereby you can exempt and give priority to any IP address specifically in the event that a large stream such as video must be given priority.

Through the implementation of Equalizing technology, network administrators are able to get the most out of their network. Users of the NetEqualizer are often surprised to find that their network problems were not a result of a lack of bandwidth, but rather a lack of bandwidth control.

See who else is using this technology.

Created by APconnections, the NetEqualizer is a plug-and-play bandwidth control and WAN/Internet optimization appliance that is flexible and scalable. When the network is congested, NetEqualizer’s unique “behavior shaping” technology dynamically and automatically gives priority to latency sensitive applications, such as VoIP and email. Click here for a full price list.

Posted in Bandwidth Management, Educational Articles, Network Speed. Tags: application shaping, bandwidth controller, Bandwidth Shaping, d33, ds3, Internet optimization, Internet speed, Netequalizer, p2p, packet shaping, t1, Traffic Shaping, VoIP. 2 Comments »

5 Tips to speed up your business T1/DS3 to the Internet

March 30, 2009 — netequalizer

By Art Reisman

In tight times expanding your corporate Internet pipe is a hard pill to swallow, especially when your instincts tell you the core business should be able to live within the current allotment.

Here are some tips and hard facts that you you may want to consider to help stretch your business Internet pipe

1) Layer 7 application shaping.

The market place is crawling with solutions that allow you to set policies on bandwidth based on type of application. Application shaping allows an administrator to restrict lower priority activities, while allowing mission critical Apps favorable consideration. This methodology is very seductive , but from our experience it can send your IT department into a nanny state, constantly trying to figure out what to allow and what to restrict. Also the cost of an Internet link expansion is dropping, while many of the application shaping solutions start around $10,000 and go up from there.

The up side is Layer 7 application shaping does work well when it comes to internal WAN links that do not carry Internet traffic. An administrator can get a handle on the fixed traffic running privately within their network quite easily.

2) Using your router to restrict specific IP and ports

If your core business utilization can be isolated to a single server or group of servers a few simple rules to allocate a large chunk of the pipe to these resources (by IP address) may be a good fit.

In an environment where business priorities change and are not isolated to a fixed server or two, this solution can backfire, but if your resource allocation requirements are stable doing something on your router to restrict one particular subnet over another can be useful in stretching your bandwidth.

One thing to be careful is that it often takes a skilled technician to set up specialty rules on your router. You can easilyu rack up $$ to your IT consultants if your set up is not static.

3) Behavior based shaping

Editors note: We are the makers of the NetEqualizer which specializes in this technology; however our intent in this article is to be objective.

Behavior based shaping works well and affordably in most situations. Most business related applications will get priority as they tend to use small amounts of data or web pages. Occasionally there are exceptions that need to override the basic behavior based shaping such as video. Video can easily be excluded from the generic policies. Implementing a few exclusions is far less cumbersome than trying to classify all traffic all the time such as with application shaping.

4) Add more bandwidth and by pass your local loop carrier

T1’s and T3’s from your local telco may not be the only options for bandwidth in your area. Many of our customers get creative by purchasing bandwidth directly from a tier one provider (such as Level 3) and then using a Microwave back haul the bandwidth to their location. The Telco’s make a killing with what they call a loop charge (before they put any bandwidth on your line) With Microwave backhaul technology you can by-pass this charge for significant savings.

5) Clean up the laptops and computers on your network. Many robots and viruses run in the background on your windows machines and can generate a cacophony of back ground traffic. A business wide license for good virus protection may be worth the investment. Stay away from the free ware versions of virus protection they tend to miss quite a bit.

Seventeen Unique Ideas to Speed up Your Internet

March 7, 2009 — netequalizer

By Eli Riles
Eli Riles is a retired insurance agent from New York. He is a self-taught expert in network infrastructure. He spends half the year traveling and visiting remote corners of the earth. The other half of the year you’ll find him in his computer labs testing and tinkering with the latest network technology. For questions or comments please contact him at admin@netequalizer.com

Updated 11/30/2015 – We are now up to sixteen (17) tips!
————————————————————————————————————————————————

Although there is no way to actually make your true Internet speed faster, here are some tips for home and corporate users that can make better use of the bandwidth you have, thus providing the illusion of a faster pipe.

1) Use A VPN tunnel to get to blocked content.

One of the little know secrets your provider does not want you to know is that they will slow video or software updates if the content is not hosted on their network. Here is an article with details on how you can get around this restriction.

2) Time of day does make a difference

During peak internet Usage times, 5 PM to Midnight local time, your upstream provider is also most likely congested. If you have a bandwidth intensive task to do, such as downloading an update for your IPAD, you can likely get a much faster download by doing your download earlier in the day. I have even noticed that the more obscure YouTube’s and videos, have problems running at peak traffic times. My upstream provider does a good job with Netflix and popular videos during peak hours ( these can be found in their cache), but if I get something that is not likely stored in a local copy on their servers the video will lag during peak times. (see our article on caching)

3) Turn off Java Script

There are some trade offs with doing this , but it does make a big difference on how fast pages will load. Here is an article where cover all the relevant details.

Note: Prior to 2010 setting your browser to text only mode was a viable option, but today most sites are full of graphics and virtually unreadable in text only mode.

If you are stuck with a dial-up or slower broadband connection, your browser likely has an option to load text-only. If you are a power user that’s gaming or watching YouTube, text-only will obviously have no effect on these activities, but it will speed up general browsing and e-mail. Most web pages are loaded with graphics which take up the bulk of the load time, so switching to text-only will eliminate the graphics and save you quite a bit of time.

4) Install a bandwidth controller to make sure no single connection dominates your bandwidth

Everything you do on the Internet creates a connection from inside your network to the Internet, and all of these connections compete for the limited amount of bandwidth your ISP provides.

Your router (cable modem) connection to the Internet provides first come/first serve service to all the applications trying to access the Internet. To make matters worse, the heavier users, the ones with the larger persistent downloads, tend to get more than their fair share of router cycles. Large downloads are like the school yard bully, they tend to butt in line, and not play fair.

Read the full article.

5) Turn off the other computers in the house

Many times, even during the day when the kids are off to school, I’ll be using my Skype phone and the connection will break up. I have no idea what exactly the kids’ computers are doing, but if I log them off the Internet, things get better with the Skype call every time. In a sense, it’s a competition for limited bandwidth resources, so, decreasing the competition will usually boost your computer’s performance.

6) Kill background tasks on your computer

You should also try to turn off any BitTorrent or background tasks on your computer if you are having trouble while trying to watch a video or make a VoIP call. Use your task bar to see what applications are running and kill the ones you don’t want. Although this is a bit drastic, you may just find that it makes a difference. You’d be surprised what’s running on your computer without you even knowing it (or wanting it).

For you gamers out there, this also means turning off the audio component on your games if you do not need it for collaboration.

7) Test your Internet speed

One of the most common issues with slow internet service is that your provider is not giving you the speed/bandwidth that they have advertised. Here is a link to our article on testing your Internet speed, which is a good place to start.

Note: Comcast has adopted a 15 minute Penalty box in some markets. Your initial speed tests will likely show no degradation, but if you persist at watching high-definition video for more than 15 minutes, you may get put into their Penalty box. This practice helps preserve a limited resource in some crowded markets. We note it here because we have heard reports of people happily watching YouTube videos only to have service degrade.

Related Article: The real meaning of Comcast generosity.

8) Make sure you are not accidentally connected to a weak access point signal

There are several ways an access point can slow down your connection a bit. If the signal between you and the access point is weak, the access point will automatically downgrade its service to a slower speed. This happens to me all the time. My access point goes on the blink (needs to be re-booted) and my computer connects to the neighbor’s with a weaker signal. The speed of my connection on the weaker signaled AP is quite variable. So, if you are on wireless in a densely populated area, check to make sure what signal you are connected to.

9) Caching — How does it work and is it a good idea?

Offered by various vendors and built into Internet Explorer, caching can be very effective in many situations. Caching servers have built-in intelligence to store the most recently and most frequently requested information, thus preventing future requests from traversing a WAN/Internet link unnecessarily.

Many web servers keep a time stamp of their last update to data, and browsers such as the popular Internet Explorer will check the time stamp on the host server. If the page time stamp has not changed since the last time you accessed the page, IE will grab it and present a local stored copy of the Web page (from the last time you accessed the page), saving the time it would take to load the page from across the Internet.

So what is the downside of caching?

There are two main issues that can arise with caching:

a) Keeping the cache current. If you access a cached page that is not current, then you are at risk of getting old and incorrect information. Some things you may never want to be cached, for example the results of a transactional database query. It’s not that these problems are insurmountable, but there is always the risk that the data in cache will not be synchronized with changes. I personally have been misled by old data from my cache on several occasions.

b) Volume. There are some 100 million Web sites out on the Internet. Each site contains upwards of several megabytes of public information. The amount of data is staggering and even the smartest caching scheme cannot account for the variation in usage patterns among users and the likelihood they will hit an uncached page.

Recommended: Related article on how ISPs use caching to speed up NetFlix and Youtube Videos.

For information on turning off caching, click here.

10) Kill your virus protection software

With the recent outbreak of the H1N1 virus, it reminded me of how sometimes the symptoms and carnage from a vaccine are worse than the disease it purports to cure. Well, the same holds true for your virus protection software. Yes, viruses are real and can take down your computer, but so can a disk crash, which is also inevitable. You must back up your critical data regularly. However, that virus software seems to dominate more resources on my desktop than anything else. I no longer use anything and could not be happier. But be sure to use a reliable back-up (as you will need to rebuild your computer now and then, which I find a better alternative than running a slow computer all of the time).

11) Set a TOS bit to provide priority

A TOS bit is a special bit within an IP packet that directs routers to give preferential treatment to selected packets. This sounds great, just set a bit and move to the front of the line for faster service. As always, there are limitations.

– How does one set a TOS bit?
It seems that only very special enterprise applications, like a VoIP PBX, actually set and make use of TOS bits. Setting the actual bit is not all that difficult if you have an application that deals with the network layer, but most commercial applications just send their data on to the host computer’s clearing house for data, which in turn puts it into IP packets without a TOS bit set. After searching around for a while, I just don’t see any literature on being able to set a TOS bit at the application level. For example, there are a couple of forums where people mention setting the TOS bit in Skype but nothing definitive on how to do it.

– Who enforces the priority for TOS packets?
This is a function of routers at the edge of your network, and all routers along the path to wherever the IP packet is going. Generally, this limits the effectiveness of using a TOS bit to networks that you control end-to-end. In other words, a consumer using a public Internet connection cannot rely on their provider to give any precedence to TOS bits, hence this feature is relegated to enterprise networks within a business or institution.

– Incoming traffic generally cannot be controlled.
The subject of when you can and cannot control a TOS bit does get a bit more involved. We have gone over this in more detail in a separate article.

12) Avoid Quota Penalties

Some providers are implementing Quotas where they slow you down if you use too much data over a period of time. If you know that you have a large set of downloads to do, for example synching your device with iTunes Cloud, go to a library and use their free service. Or, if you are truly without morals, logon to your neighbor’s wireless network and do your synch.

13) Consider Application Shaping?

Note: Application shaping is an appropriate topic for corporate IT administrators and is generally not a practical solution for a home user. Makers of application shapers include Blue Coat (Packeteer) and Allot (NetEnforcer), products that are typically out of the price range for many smaller networks and home users.

One of the most popular and intuitive forms of optimizing bandwidth is a method called “application shaping”, with aliases of “deep packet inspection”, “layer 7 shaping”, and perhaps a few others thrown in for good measure. For the IT manager that is held accountable for everything that can and will go wrong on a network, or the CIO that needs to manage network usage policies, this at first glance may seem like a dream come true. If you can divvy up portions of your WAN/Internet link to various applications, then you can take control of your network and ensure that important traffic has sufficient bandwidth, right? Well, you be the judge…

At the center of application shaping is the ability to identify traffic by type. For example, identifying between Citrix traffic, streaming audio, Kazaa peer-to-peer, or something else. However, this approach is not without its drawbacks.

Drawback #1: Applications can purposely use non-standard ports
Many applications are expected to use Internet ports when communicating across the Web. An Internet port is part of an Internet address, and many firewall products can easily identify ports and block or limit them. For example, the “FTP” application commonly used for downloading files uses as standard the well-known “port 21”. The fallacy with this scheme, as many operators soon find out, is that there are many applications that do not consistently use a standard fixed port for communication. Many application writers have no desire to be easily classified. In fact, they don’t want IT personnel to block them at all, so they deliberately design applications to not conform to any formal port assignment scheme. For this reason, any product that aims to block or alter application flows by port should be avoided if your primary mission is to control applications by type.

So, if standard firewalls are inadequate at blocking applications by port, what can help?

As you are likely aware, all traffic on the Internet travels around in what is called an IP packet. An IP packet can very simply be thought of as a string of characters moving from Computer A to Computer B. The string of characters is called the “payload,” much like the freight inside a railroad car. On the outside of this payload, or data, is the address where it is being sent. These two elements, the address and the payload, comprise the complete IP packet.

In the case of different applications on the Internet, we would expect to see different kinds of payloads. For example, let’s take the example of a skyscraper being transported from New York to Los Angeles. How could this be done using a freight train? Common sense suggests that one would disassemble the office tower, stuff it into as many freight cars as it takes to transport it, and then when the train arrived in Los Angeles, hopefully the workers on the other end would have the instructions on how to reassemble the tower.

Well, this analogy works with almost anything that is sent across the Internet, only the payload is some form of data, not a physical hunk of bricks, metal and wires. If we were sending a Word document as an e-mail attachment, guess what, the contents of the document would be disassembled into a bunch of IP packets and sent to the receiving e-mail client where it would be re-assembled. If I looked at the payload of each Internet packet in transit, I could actually see snippets of the document in each packet and could quite easily read the words as they went by.

At the heart of all current application shaping products is special software that examines the content of Internet packets (aka “deep packet inspection”), and through various pattern matching techniques, determines what type of application a particular flow is. Once a flow is determined, then the application shaping tool can enforce the operator’s policies on that flow. Some examples of policy are:

Limit AIM messenger traffic to 100kbs
Reserve 500kbs for Shoretell voice traffic

The list of rules you can apply to traffic types and flow is unlimited.

Drawback #2: The number of applications on the Internet is a moving target.
The best application shaping tools do a very good job of identifying several thousand of them, and yet there will always be some traffic that is unknown (estimated at 10 percent by experts from the leading manufacturers). The unknown traffic is lumped into the unknown classification and an operator must make a blanket decision on how to shape this class. Is it important? Is it not? Suppose the important traffic was streaming audio for a webcast and is not classified. Well, you get the picture. Although theory behind application shaping by type is a noble one, the cost for a company to stay up-to-date is large and there are cracks.

Drawback #3: The spectrum of application types is not static
Even if the application spectrum could be completely classified, the spectrum of applications constantly changes. You must keep licenses current to ensure you have the latest in detection capabilities. And even then it can be quite a task to constantly analyze and change the mix of policies on your network. As bandwidth costs lessen, how much human time should be spent divvying up and creating ever more complex policies to optimize your WAN traffic?

Drawback #4: Net neutrality is comprised by application shaping.
Techniques used in application shaping have become controversial on public networks, with privacy issues often conflicting with attempts to ensure network quality.

Based on these drawbacks, we believe that application shaping is not the dream come true that it may seem at first glance. Once CIOs and IT Managers are educated on the drawbacks, they tend to agree.

14) Bypass that local consumer reseller

This option might be a little bit out of the price range of the average consumer, and it may not be practical logistically – but if you like to do things out-of-the-box, you don’t have to buy Internet service from your local cable operator or phone company, especially if you are in a metro area. Many customers we know have actually gone directly to a Tier 1 point of presence (backbone provider) and put in a radio backhaul direct to the source. There are numerous companies that can set you up with a 40-to-60 megabit link with no gimmicks.

15) Speeding up your iPhone

Ever been in a highly populated area with 3 or 4 bars and still your iPhone access slows to crawl ?

The most likely reason for this problem is congestion on the provider line. 3g and 4g networks all have a limited sized pipe from the nearest tower back to the Internet. It really does not matter what your theoretical data speed is, when there are more people using the tower than the back-haul pipe can handle, you can temporarily lose service, even when your phone is showing three or four bars.

Unfortunately, you only have a couple of options in this situation. If you are in a stadium with a large crowd, your best bet is to text during the action. If you wait for a timeout or end of the game, you’ll find this corresponds to the times when the network slows to a crawl, so try to finish your access before the last out of the game or the end of the quarter. Pick a time when you know the majority of people are not trying to send data.

Get away from the area of congestion. I have experienced complete lockout of up to 30 minutes, when trying to text, as a sold out stadium emptied out. In this situation my only chance was to walk about 1/2 mile or so from the venue to get a text out. Once away from the main stadium, my iPhone connected to a tower with a different back haul away from the congested stadium towers.

Shameless plug: If you happen to be a provider or know somebody that works for a provider please tell them to call us and we’d be glad to explain the simplicity of equalizing and how it can restore sanity to a congested wireless backhaul.

16) Turn off HTTPS and other Encryption

Although this may sound a bit controversial , there are some providers that, for sake of survival assume that encrypted traffic is bad traffic. For example p2p is considered bad traffic, they usee be able to use special equipment to throw it into a lower priority pool so that it gets sent out at a slower speed. Many applications are starting to encrypt p2p , face book etc…. The provider may assume that all this is “bad”traffic because they don’t know what it is, and hence give it a lower priority.

17) Protocol Spoofing

Note: This method is applied to Legacy Database servers doing operations over a WAN. Skip this tip if you are a home user.

Historically, there are client-server applications that were developed for an internal LAN. Many of these applications are considered chatty. For example, to complete a transaction between a client and server, tens of messages may be transmitted when perhaps one or two would suffice. Everything was fine until companies, for logistical and other reasons, extended their LANs across the globe using WAN links to tie different locations together.

To get a better visual on what goes on in a chatty application, perhaps an analogy will help. It’s like sending family members your summer vacation pictures, and, for some insane reason, putting each picture in a separate envelope and mailing them individually on the same mail run. Obviously, this would be extremely inefficient, as chatty applications can be.

What protocol spoofing accomplishes is to fake out the client or server-side of the transaction and then send a more compact version of the transaction over the Internet, i.e. put all the pictures in one envelope and send it on your behalf, thus saving you postage.

You might ask why not just improve the inefficiencies in these chatty applications rather than write software to deal with the problem? Good question, but that would be the subject of a totally different article on how IT organizations must evolve with legacy technology, which is beyond the scale of the present article.

In Conclusion

Again, while there is no way to increase your true Internet speed without upgrading your service, these tips can improve performance, and help you to get better results from the bandwidth that you already have. You’re paying for it, so you might as well make sure it’s being used as effectively as possible. : )

A great article from the tech guy regarding tips on dealing with your ISP

Other Articles on Speeding up Your Internet

Five tips and tricks to speed up your Internet

How to speed up your Internet Connection Without any Software

Tips on how to speed up your Internet

About APconnections

Posted in Educational Articles, Network Speed. Tags: application shaping, bandwidth controller, faster internet, internet caching, Internet optimization, iphone slow, protocol spoofing, speed up Internet, time of day congestion, weak access point signal. 16 Comments »

How to set up a computer for network monitoring – for free!

February 14, 2009 — netequalizer

By Art Reisman, CTO, http://www.netequalizer.com

Art Reisman

Editors note:

We often get asked where to find a simple network monitoring tool. Well, you can get more economical than this! All you need is some elbow grease and perseverance. Note: We are not the original authors of this idea and have adopted it to our blog, unfortunately I was unable to trace back to the original to give credit.

How to set up a computer for network monitoring – All for free!

This is not as hard as it looks, once you have done it a time or two you can be up and running in less than 5 minutes, assuming you have high-speed access to the Internet.

Do you have a computer with the following?

2 network cards installed or two on-board LAN ports
1 CDRom drive
256 to 1,024 or more Meg of RAM
monitor
keyboard
mouse (optional — it is necessary if you boot into the graphics mode, though)

If so, you can be minutes away from having a network monitoring machine up and running that you can insert in your network and see what is going on. If you follow these instructions it will act as a transparent bridge so no other machines or routers will know the difference.

The Knoppix CD is a live CD distribution which does not need a floppy or hard drive to run. It is all self contained on the CD. It uses your RAM as a read/writeable area so you can still install a few programs if need be and edit most of the configuration files.

You can get the Knoppix iso image from http://knopper.net/knoppix/ or the English version at http://knopper.net/knoppix/index-en.html

The download page for English reading when this article was written is at http://knopper.net/knoppix-mirrors/index-en.html

Download a CD image of 4.02 or better. A typical file name will be:

KNOPPIX_V4.0.2CD-2005-09-23-EN.iso

The filename ends in -EN and if you speak english then get that one. If you speak German, then get the -DE one.

Now burn that .iso file to a CD using your program of choice (burning the CD image to make a bootable CDRom is not covered here).

You should insert your machine into the network so it is between the Router and the switch, assuming you want to monitor traffic going from or to your network and the Internet. You may have to use a crossover cable from one of your machines LAN ports to the router and a standard network cable from the other LAN port on your machine and the switch.

Internet or Router or ???
_________
| |
| | eth0
_____| |_______________________
| Monitoring Unit |
|_____________________________|
||
eth1 ||
_______________________||______
| Internal Network Switch |
|_______________________________|
|| || || || || || || || || || ||
Your internal network users or whatever you want to monitor

Once that is done you can run Knoppix by placing it into your machine and booting up. If you have a limited video card or an old monitor then you can hit the appropriate key when Knoppix boots up and find the option to boot into text mode only. You may also want to do this if you have limited RAM.

Once you are booted up and running Knoppix you can do the following:

If you booted to an XWindows look then click on the little computer screen icon next to the house on the bottom tool bar. If you booted into text mode you do not have to do that.

Now gain root access by typing the following and then Enter:

Now that you are root you can run the following commands to start up your transparent bridge and get traffic flowing through the machine from one lan port to the other. The IP 192.168.1.153 below was use as an example along with the default gateway being 192.168.1.1 so change those if your network is on a different IP range. You will want to give it an IP so that you can get into the machine from another machine on the network. In some cases you might want to be able to get to it from the Internet so in that case you would have to give it an IP that can be reached from the Internet and not a 10.x.x.x or 192.168.x.x number.

ifconfig br0 down
brctl delbr br0
ifconfig eth1 down
ifconfig eth0 down
ifconfig eth0 promisc 0.0.0.0 up
ifconfig eth1 promisc 0.0.0.0 up
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ifconfig br0 192.168.1.153 netmask 255.255.255.0 up
route add default gw 192.168.1.1

It may take a half a minute for traffic to start flowing through the transparent bridge br0.

Once you can do something like:

ping http://www.yahoo.com

and it comes back with ping times then you are ready to continue. BTW: hit CTRL C to stop ping.

apt-get update
apt-get install ntop

Say Y or hit enter to install ntop. When it is all done do the following:

mkdir /var/log/ntop/rrd
chmod -R 777 /var/lib/ntop
chmod -R 777 /var/log/ntop

warning: the chmod commands above allow anyone to read/write to those directories that can get to the machine so keep your machine safe with firewalls or passwords accordingly.

You can now run ntop. You need to run ntop from the console or via SSH first by just running the command:

ntop

It will ask you for an admin password and then again to,verify it. This is for the admin interface in ntop.

Once ntop is up and running in a window you can leave that up and just go to your web browser and put in the URL of:

http://192.168.1.153:3000/

The :3000 is the special port that the ntop web server runs on.

If you choose the menu item Summary and then Network Load you should see a graph of your traffic. Not all ntop menu items are used on every system. Most of the time you will only be using the items under Summary or All Protocols.

You now have a running bandwidth monitoring system. ntop is the only application mentioned here but there are others installed on the default Knoppix CD already too.

The systems I have installed this routine on vary from a system with a Celeron to one with a P4 CPU Running on 10/100 Realtek chipsets to 10/100/1000 Intel chipsets. From 256 Meg of RAM to 2 GIG. Knoppix runs very well on a variety of hardware but your mileage may differ.

Posted in Bandwidth Monitoring, Educational Articles. Tags: bandwidth control, monitor network, Netequalizer, netmon, network monitor, network monitoring tool. 1 Comment »

Tips on Evaluating Routers, Bandwidth Shapers, Wirelss Access Points and Other Networking Equipment

January 20, 2009 — netequalizer

By Art Reisman

Editor’s note: Art Reisman is the CTO of APconnections. APconnections designs and manufactures the popular NetEqualizer bandwidth shaper. APconnections removed all Deep Packet Inspection technology from their NetEqualizer product over two years ago.

As many IT managers may already know, it is very hard to find unbiased information regarding networking equipment. Publications and analysts always seem to have some bias or motivation, as you never know who pays their fees. Even your peers that swear by a new technology have a vested interest in the commercial success of their chosen technology. And, most IT managers are not going to second guess and critique a technology decision, where big money was spent, as long it provides some value, even if it’s not exactly what they’d hoped for.

Obviously you should continue to use analysts and peers as sources of advice and information, but there are also other ways to find unbiased data prior to making a technology decision.

Here are some ideas that have worked over the years for both myself as a buyer as well as for our customers:

1) When evaluating technology, request to talk to the engineering or test team at the company you are buying from. This may not be possible, but is worth a try. Companies (sales teams) hate it when you talk directly to their engineers. Why? Because they are more likely to tell the truth about every little problem.

2) If you can’t find an engineer that currently works at the company, then find one that formerly worked there. This is easier than you might think. Techies with loads of experience and insight spend time in tech forums, and a simple post asking for inside knowledge may yield some good sources.

3) This may sound silly, but try Googling (productname)sucks.com. You’ll be surprised by what you might find. Many of the companies that are too large for you to get in touch with their engineering staffs will have ad-hoc consumer complaint sites. However, keep in mind that all companies and products will have unhappy customers, so don’t discount a large company in favor of a smaller one just because you find complaints about the market leader. The smaller company just may not yet have the critical mass to draw organized negative attention. And, no matter how good a product is, there will likely always be an unhappy customer.

4) Nothing beats a live trial of a product. But, don’t limit your decision to the vendors slobbering to give you free trials. Giving away free trials is a marketing strategy to move a product and ultimately adds to the final cost in one way or another. Smaller vendors with great products may not be offering free trials, so you may miss out on some valuable technology if you only look for the complimentary test runs. Plus, all vendors should have a return policy if they are confident in their product, so, even without a free trial, it shouldn’t be all or nothing.

While there is no guarantee that these tips will always lead to the perfect product, they have certainly bettered our hit-to-miss ratio over the past several years. If you’re asking the right people and looking in the right places, a little research can go a long way.

Choosing an IM security Product

A call for revolutions against beta culture

Posted in Educational Articles. Tags: advice, apconnections, bandwidth control, Bandwidth Shapers, Netequalizer, Networking Equipment, QoS, reviews, Routers, Traffic Shaping, Wirelss Access Points. 1 Comment »

Virtual PBX revisited

January 15, 2009 — netequalizer

Editors Note:

This article written for VOIP magazine back in 2004 is worth revisiting.

Back in 2004 when I first wrote this article for the most part there was nothing commercially available now, Jan 2009, the market is crowded with offers claiming to be virtual PBX’s . At APconnections, we currently use an offering from Aptela.com. A true virtual PBX. Make sure you look under the hood at anything you evaluate. All the 800 service numbers call themselves virtual PBX’s; however, in our opinion, simply having a call answer service in the sky is not a PBX. Read on for a detailed definition.

Before reposting we searched for the original but were unable to find it online.

—————————————————————————————————-

By Art Reisman, CTO, APconnections makers of NetEqualizer Internet Optimization Equipment

Outsourcing Communications with a Virtual PBX

CTO http://www.apconnections.net http://www.netequalizer.com

A new breed of applications emerging from the intersection of VoIP and broadband may soon make the traditional premise-based PBX a thing of the past. Virtual PBX, hosted and delivered by today’s telcos and cable operators, is quickly becoming an option for businesses looking to outsource portions of their communications network. Rather than purchase and maintain an expensive piece of equipment, you can now sign up for a pay-as-you-go service with all of the functionality of an on-site PBX but with none of the expense.

To some, this idea may sound like a return to the past and, in a sense, it is. AT&T began delivering PBX functionality through its Centrex services in the 1970s. However, upon closer investigation, it is clear that the functionality delivered and the economics of the two approaches are very different.

The Private Branch Exchange: A Brief Primer

A PBX or private branch exchange allows an organization to maintain a small number of outside lines when compared to the number of actual telephones and users within an organization. Users of the PBX share these outside lines for making telephone calls outside the organization (external to the PBX).

Onsite PBX became popular and matured in the 1980s when the cost of remote connectivity was extremely high and the customer control of hosted PBX-like services of the time (Centrex) was limited, if it was even offered. In 1980, providing advanced, remote PBX services to a building with 100 employees would have required AT&T to run 100 individual copper lines from the local exchange to each telephone at the site.

As more and more businesses opted to install a PBX onsite, competition for customer dollars drove ever more extensive “business-class” features into these devices, further differentiating the premise-based PBX from the hosted products offered by telephone companies. Over time, PBX offerings gradually standardized into the product set that today we have come to expect when we pick up any business phone: voice-mail, auto attendant, call queuing, conferencing, call transfer, and more.

Flash forward from 1980 to 2005. Today, 100 direct phone lines can be transported from one location to another over many miles with no more than one wire. Remote access to control a PBX outside of your building is also trivial to implement with a simple Web portal. Technological advances coupled with feature stability and the broad appeal of PBX “applications” makes them a prime candidate for hosting.

A business starting today can have a full-featured hosted PBX with a single high-speed Internet connection. These virtualized services would require no additional equipment to purchase or maintain.

Defining Virtual PBX

Businesses looking to purchase such a service today can expect to find significant differences in the features and functionality available among offerings being marketed under the, often interchangeable, terms hosted or virtual PBX. To alleviate confusion and provide a starting point in your quest to outsource your communications network, the perfect, hosted PBX service would have the following features:

Auto-detectionThe PBX must dynamically detect remote stations from any place in the world and provide dial tone (As opposed to having a user dial in to obtain service. See the sidebar, Start with a Dial Tone).
Start with a Dial Tone
There are products on the market that remotely host a set of PBX services and require the user to dial in with a standard phone so the PBX can identify the caller. This is a viable approach to providing a hosted PBX with established stability. However, it does have a few restrictions not applicable to a pure hosted PBX.

When using the PBX services, the caller ties up a local phone line and blocks calls directly made to that line.

Obtaining a dial tone for an outbound call can only be done by first connecting to the PBX, or as a final alternative just using the standard phone line to dial out without going through the PBX, which takes away all of the cost and convenience benefits of the PBX.

A truly hosted PBX solution must provide a dial tone without first dialing in.

Service Provisioning New service provisioning must be self-service with no expensive customer premise equipment required. For example, a customer with a credit card and access to a provider’s Web page should be able to initiate worldwide service in a matter of minutes.

Standards Support Off-the-shelf SIP phones must be supported by the hosted service. A virtual PBX should not lock customers into using specific equipment or proprietary protocols.

Affordable Start-up costs should be minimal and usage-based, allowing a small business to seamlessly grow and add stations as needed, without ever needing a disruptive upgrade or requiring a large capital investment.

Level Rates Outbound and inbound toll rates should be provided at wholesale prices globally by the service provider. The customer can be assured of one published competitive price for outgoing calls and incoming calls.

Administration Each business using the service should have access to a private portal allowing them to administer features and options. The organization’s account and services should be secure and accessible to a designated administrator 24/7.

Bundled Applications The service must offer a minimum set of applications common to an onsite PBX. The most common of which include: transfer, conference, forward, find me, follow me, voice mail, auto attendant, basic call reporting, and inbound and outbound caller ID.

Technology Considerations

While the benefits to a hosted PBX solution are immediately obvious–elimination of equipment hard costs and the specialized knowledge required to keep it up and running–there are drawbacks to consider when adopting an emerging technology.

The first point to consider is that the technology behind hosted PBX services has not yet developed to the point of large-scale enterprise deployments. Currently, the organizations that will see the most benefit from a hosted solution are small- to medium-sized businesses.

Quality of service, the shadow that follows every voice over IP application, is the overriding technology hurdle that consumers need to be aware of when considering a hosted PBX solution. Latency can also be an issue; the different routes that IP data takes across the Internet can cause speech breaks and dropped calls.

QoS and latency are key considerations when discussing bandwidth requirements and network architecture with potential vendors. Being undersold on bandwidth when moving to an IP communications network can create problems above and beyond being oversold.

Selecting a Vendor

The low barrier to entry for vendors looking to offer hosted PBX services has created a number of options for consumers and driven down costs, but customers need to be aware that not all service providers are equal.

Existing Infrastructure Deploying a world-wide hosted PBX service as outlined above requires a significant infrastructure investment to handle the centralized switching needed to move millions of simultaneous call around the world. When investigating service providers, look for a vendor that has the knowledge to grow not only with your business but also with the broad adoption of the technology as a whole. Having a tested, existing infrastructure in place for business-class communications is key.

Service Provider Network One method of alleviating IP voice quality issues on a regional basis is by staying within a large service provider network. For example, if an organization uses a Qwest T3 trunk service at its headquarters and an employee travels to neighboring cities with Qwest DSL service in their hotels, it is unlikely that quality problems will be experienced at the carrier level. Choosing a vendor that understands how your organization will use the service should be an important part of your selection process.

Conclusion

While adoption is not yet widespread, hosted services are here and will only get better with time. As companies continue to seek the benefits of outsourcing the elements of their enterprise–from business processes to core technologies—adoption will continue to grow, making hosted PBX is a technology to keep your eye on in 2005.

Note the author uses a solution from Aptela and has found their support to be top notch and was the main reason for switching about 4 years ago.

Posted in Educational Articles. Tags: apconnections, aptela, Internet optimization, Netequalizer, virtual pbx, VoIP. 5 Comments »

The True Cost of Bandwidth Monitoring

December 15, 2008 — netequalizer

By Art Reisman

For most IT administrators, bandwidth monitoring of some sort is an essential part of keeping track of, as well as justifying, network expenses. Without visibility into a network load, an administrator’s job would degrade into a quagmire of random guesswork. Or would it?

The traditional way of looking at monitoring your Internet has two parts: the fixed cost of the monitoring tool used to identify traffic, and the labor associated with devising a remedy. In an ironic inverse correlation, we assert that costs increase with the complexity of the monitoring tool. Obviously, the more detailed the reporting tool, the more expensive its initial price tag. The kicker comes with part two. The more expensive the tool, the more detail it will provide, and the more time an administrator is likely to spend adjusting and mucking, looking for optimal performance.

But, is it a fair to assume higher labor costs with more advanced monitoring and information?

Well, obviously it would not make sense to pay more for an advanced tool if there was no intention of doing anything with the detailed information it provides. Why have the reporting tool in the first place if the only output was to stare at reports and do nothing? Typically, the more information an admin has about a network, the more inclined he might be to spend time making adjustments.

On a similar note, an oversight often made with labor costs is the belief that when the work needed to adjust the network comes to fruition, the associated adjustments can remain statically in place. However, in reality, network traffic changes constantly, and thus the tuning so meticulously performed on Monday may be obsolete by Friday.

Does this mean that the overall productivity of using a bandwidth tool is a loss? Not at all. Bandwidth monitoring and network mucking can certainly result in a cost-effective solution. But, where is the tipping point? When does a monitoring solution create more costs than it saves?

A review of recent history reveals that technologies with a path similar to bandwidth monitoring have become commodities and shunned the overhead of most human intervention. For example, computer operators disappeared off the face of the earth with the invention of cheaper computing in the late 1980’s. The function of a computer operator did not disappear completely, it just got automated and rolled into the computer itself. The point is, anytime the cost of a resource is falling, the attention and costs used to manage it should be revisited.

An effective compromise with many of our customers is that they are stepping down from expensive complex reporting tools to a simpler approach. Instead of trying to determine every type of traffic on a network by type, time of day, etc., an admin can spot trouble by simply checking overall usage numbers once a week or so. With a basic bandwidth control solution in place (such as a NetEqualizer), the acute problems of a network locking up will go away, leaving what we would call only “chronic” problems, which may need to be addressed eventually, but do not require immediate action.

For example, with a simple reporting tool you can plot network usage by user. Such a report, although limited in detail, will often reveal a very distinct bell curve of usage behavior. Most users will be near the mean, and then there are perhaps one or two percent of users that will be well above the mean. You don’t need a fancy tool to see what they are doing; abuse becomes obvious just looking at the usage (a simple report).

However, there is also the personal control factor, which often does not follow clear lines of ROI (return on investment).

What we have experienced when proposing a more hands-off model to network management is that a customer’s comfort depends on their bias for needing to know, which is an unquantifiable personal preference. Even in a world where bandwidth is free, it is still human nature to want to know specifically what bandwidth is being used for, with detailed information regarding the type of traffic. There is nothing wrong with this desire, but we wonder how strong it might be if the savings obtained from using simpler monitoring tools were converted into a trip to Hawaii.

In our next article, we’ll put some real world numbers to the test for actual break downs, so stay tuned. In the mean time, here are some other articles on bandwidth monitoring that we recommend. And, don’t forget to take our poll.

Planetmy
Linux Tips
How to set up a monitor for free

Posted in Bandwidth Monitoring, Educational Articles, ROI. Tags: bandwidth monitor, bandwidth monitoring, bandwidth tool, monitoring tools, Netequalizer, network monitor, Traffic Shaping. 3 Comments »

Five Questions You Should Ask about Internet Speed and Bursting

December 1, 2008 — netequalizer

By Art Reisman, CTO, APconnections

Editor’s Note: With consumers up in arms about net neutrality, they should also be asking their ISPs for some truth in advertising when it comes their Internet speed and the specifics concerning how and when bursting occurs.

With all the talk of net neutrality and deep packet inspection, we thought it was time to revisit the illusion created by providers offering “burstable” Internet speeds.

What is a burstable Internet speed? Well, it’s a common trick used by providers that lets you temporarily enjoy their highest speed, but then after a certain time period or after a bandwidth quota is reached, you automatically get knocked down to a slower speed.

Generally, your provider leaves the specifics of when this bursting takes place out of their standard literature. Instead, they will likely cite a best-case number when marketing their service. When bursting is mentioned, if ever, it is likely done in the fine print.

But, this doesn’t mean that there aren’t ways to hold your ISP accountable. Below are some questions that you should ask your Internet service provider to find out exactly what you are paying for.

Is the speed advertised in their marketing literature available all the time, or is that a best-case speed (or burst) that you may or may not achieve on a regular basis?
Do you get charged, penalized, or black-listed for using this higher speed?
How long can you burst for? For example, is a burst one second, 10 seconds, or 10 hours at a time?
Can you get exactly how this bursting feature works in writing?
Can you trade in the bursting feature for a guaranteed sustained top speed that is always on and not considered bursting?

While we can’t promise that these questions will always elicit an upfront, honest and informed response, they’re a step in the right direction. For a more in depth article on the subject and business behind “bursting” you should also check out Bursting Is for the Birds.

Posted in Educational Articles, Network Speed. Tags: bandwidth quota, burst speed, burstable speed, internet quota, Internet speed, Net Neutrality, Netequalizer, what is internet burst. 4 Comments »

Open Source Linux Bandwidth Arbitrator vs. NetEqualizer Bandwidth Shaping

November 22, 2008 — netequalizer

As many of you know, the commercial NetEqualizer bandwidth shaper is based on the Linux Bandwidth Arbitrator. From old customers and new, we often get asked what the differences are between the two solutions. Here are a few key points to consider…

1) Time and expertise

Most entities using open source have an experienced technology team with time to burn. Typically, users are university graduate students or eastern European start ups. If you have time and Linux expertise, then building and supporting the open source Linux Bandwidth Arbitrator is an excellent option.

2) Full featured GUI

The GUI and many advanced integrated features are not available with the Bandwidth Arbitrator.

3) Support

You are on your own should there be a problem with the open source technology.

4) Advanced features not in open source

Many of the features in the NetEqualizer are not part of the GPL source code. For example, priority host, bandwidth pools, and VLAN support are not available with the Bandwidth Arbitrator.

We’re sure longtime users of both products can add to the list, but this is a start. For more information about the Bandwidth Arbitrator and NetEqualizer, visit www.bandwidtharbitrator.com and www.netequalizer.com.

Posted in Bandwidth Management, Educational Articles. Tags: bandwidth control, linux bandwidth arbitrator, Netequalizer, packet shaping. 2 Comments »

Tips for testing your internet speed

November 9, 2008 — netequalizer

Five tips to look for when testing your network speed

By Eli Riles

Eli Riles is a retired Insurance Agent from New York. He is a self taught expert in network infrastructure. He spends half the year traveling and visiting remote corners of the earth. The other half of the year you’ll find him in his computer labs testing and tinkering with the latest network technology. For questions or comments please contact him at eliriles@yahoo.com.

In the United States, there are no rules governing truth in bandwidth claims, at least none that we are aware of. Just imagine if every time you went to a gas station, the meters were adjusted to exaggerate the amount of fuel pumped, or the gas contained inert additives. Most consumers count on the fact that state and federal regulators monitor your local gas station to insure that a gallon is a gallon and the fuel is not a mixture of water and rubbing alcohol.

Unfortunately in the Internet service provider world, there is no regulation at this time. So it is up to you the consumer to ensure you are getting what you are paying for.

Network operators deploy an array of strategies to make their service seem faster than others. The most common technique is to simply oversell the amount of bandwidth they can actually handle and hope that not all users are active at one time.

It is up to the consumer, who often has a choice of service providers, Satellite, Cable, Phone company, wireless operator etc, to insure that they are getting what they are paying for.

We at Network Optimization news want to help you level the playing field so here are some tips to use when testing your network speed.

1)Use a speed test site that transfers at least 10 megabits of data with each test.

Some providers will start slowing your speed after a certain amount of data is passed in a short period, the larger the file in the test the better

2)Repeat your tests with at least three different speed test sites.

Different speed test sites use different methods for passing data and results will vary.

3)Try not to use speed test sites recommended by your provider.

Or at least augment their recommended sites with other sites.

Enough said.

4)Run your tests during busy hours typically between 5 and 9 p.m. in the evening, try running them at different times.

Often times providers have trouble providing their top advertised speeds during busy hours.

5)Make sure you test your speed in both directions.

The test you use should upload as well as download information.

To find the latest speed test sites on the network, we suggest you use a Google search with the terms:

“test my network speed”

Dig down deep in the list of results for more obscure sites.

Lastly, remember the grass is not always greener. If you find your speeds are not always up to their advertised rates don’t be alarmed – the industry is not regulated in the US and speeds can vary for a variety of reasons. Your provider is likely doing the best job it can while trying to stay profitable.

Good Luck!

Eli Riles

Posted in Educational Articles, Network Speed. Tags: internet service provider, Internet speed, ISP, Netequalizer, Network Speed, test internet speed, test network speed. 4 Comments »

Equalizing Technology: NetEqualizer Offers A New Approach To Application Shaping

January 17, 2008 — netequalizer

Below is a recent editorial featured on Processor.com…

Equalizing Technology
NetEqualizer Offers A New Approach To Application Shaping
by Julie Sartain

Current application shaping products examine the content of Internet packets as they pass through the packet shaper. Using pattern-matching techniques, the packet shaper determines, in real time, the application type of each packet and then proceeds to restrict or allow the data based on a set of rules established by the system administrators.

Administrators can use these programs and define rules to restrict or allow any application that exists, but it takes an incredible amount of effort to keep pace. There is one product, however, that’s trying a new approach called equalizing technology. This product is NetEqualizer (800/918-2763; www.netequalizer.com) from a Colorado-based company called APconnections.

The Problems

According to Art Reisman, CEO at APconnections, pattern-matching techniques work on most classified packets, but what if the rules are set to restrict all packets containing ASCII characters or words such as Rhapsody, Napster, or bit torrent? One of these packets might contain a company-wide memo explaining the corporate policies regarding the usage of these programs on company computers. Pattern-matching rules would restrict this memo attachment.

In addition, many companies intentionally refuse to classify their communications, so their packets slip past the application-shaping products. Seems like a small issue, unless hundreds of these junk mail packets are slipping through onto thousands of desktops in your company nationwide on a daily basis. Then it becomes a huge problem, as the bandwidth is usurped to process this unwanted garbage.

Even if an application-shaping product can identify 90% of the spectrum of apps (and that’s a lot), notes Reisman, 10% is still unclassified. Your options are to either monitor and manually classify that 10%, which is very time-consuming and costly, or allow those packets to pass without restrictions.

Solutions

“Our products can, generally, extend the capacity of your Internet from 25 to 50%,” says Reisman. “This means you can have that many more people using the Internet without adding more bandwidth.”

There is always the potential for a few users to overwhelm the Internet connection, he notes. But when applied to many verticals such as ISPs, libraries, schools, colleges, and businesses with 50 or more employees, the NetEqualizer prevents this from happening.

“NetEqualizer appliances automatically shape traffic based on built-in fairness rules,” notes Reisman. “This method allows network administrators/operators to quickly and easily bring network traffic into balance without having to build and manage extensive policy libraries and all without changes to their existing network infrastructure.”

How It Works

Reisman explains that APconnections looked at how systems keep one process from locking up the whole computer. For example, Microsoft Windows (www.microsoft.com) does not handle this well; however, Linux and Unix, as well as some of the other server equipment that’s available, do. The premise of these products is that no single computer program is allowed to dominate the CPU, so everything that’s running gets a turn. “We then applied this tried-and-true methodology to an Internet link,” says Reisman. “The result is NetEqualizer.”

NetEqualizer uses behavior-based shaping, adds Reisman. It looks at the behavior of abuse on an Internet link and then takes action based on that. When the network is congested, the fairness algorithm favors business-class applications, such as VoIP, Web browsing, chat, and email, at the expense of large file downloads.

The other available products (that is, the competition) try to classify specific varieties of traffic by type. Intuitively, the classification by type is easy for customers to understand, but implementing that process is very time-consuming, and the cost of trying to identify every type of traffic on the Internet is overwhelming and nearly impossible. NetEqualizer, on the other hand, always gets the bad guys because bad behavior is not a function of application type. And, as an added bonus, customers do not have to relicense the technology every month; it just works.

In addition, says Reisman, all the settings can be changed in real time, with no effect on network service quality. And, NetEqualizer allows priority to traffic for hosts that are not supposed to be shaped. Also (for organizations that require 100% network uptime), the NetEqualizer architecture allows customers to build a redundant system by configuring two NetEqualizer products running in parallel.

R&D History

“We started with no backing money, so we built a simple open-source version of the concept and begged people to try it,” says Reisman. The product excelled and then rose to one of the top 100 open-source projects in the world. (That’s considered extremely high when most top open-source projects are targeted to the general consumer.) Then, the company commercialized and enhanced it and contracted with a hardware manufacturer to produce it. There are now more than 1 million end users on six continents behind the NetEqualizer equipment.

“We had many setbacks in the early going,” says Reisman. “Mostly just trying to get the product stable and keep it running on a reasonably priced piece of hardware.”

Most of APconnections’ market is customers who desperately need something but don’t want to pay $50,000 to optimize their $500-a-month Internet trunk. Getting the product stable in heavy use required the company to purchase sophisticated simulation equipment to troubleshoot the last few hard-to-find bugs. (That was more than three years ago.) Since then, APconnections has had reports of its servers in continuous, heavy use for years at a time without rebooting. “We are very proud of that,” says Reisman.

What’s New?

According to Reisman, the company has recently adopted this technology into an AP (access point) and, quite by accident, have solved a common problem called the hidden node issue, which has plagued 802.11 operators for years. There are other options for this problem, but these choices lock customers into proprietary solutions. APconnections’ solution is completely compatible with existing 802.11 wireless technologies, so customers can mix and match its AP without replacing everything.

Posted in Bandwidth Management, Educational Articles, News. Leave a Comment »

APconnections Field Guide to Contention Ratios

November 26, 2007 — netequalizer

In a recent article titled “The White Lies ISPs Tell about Broadband Speeds,” we discussed some of the methods ISPs use when overselling their bandwidth in order to put on their best face for their customers. To recap a bit, oversold bandwidth is a condition that occurs when an ISP promises more bandwidth to its users than it can actually deliver. Since the act of “overselling” is a relative term, with some ISPs pushing the limit to greater extremes than others, we thought it a good idea to do a quick follow-up and define some parameters for measuring the oversold condition.

For this purpose we use the term contention ratio. A contention ratio is simply the size of an Internet trunk divided by the number of users. We normally think of Internet trunks in units of megabits. For example, 10 users sharing a one megabit trunk would have a 10-to- 1 contention ratio. If sharing the bandwidth on the trunk equally and simultaneously, each user could sustain a constant feed of 100kbs, which is exactly 1/10 of the overall bandwidth.

So what is an acceptable contention ratio?

From a business standpoint, it is whatever a customer will put up with and pay for without canceling their service. This definition may seem ethically suspect, but whether in the bygone days of telecommunications phone service or contemporary Internet bandwidth business, there are long-standing precedents for overselling. What do you think a circuit busy signal is caused by? Or a dropped cell phone call? It’s best to leave the moral debate to a university assignment or a Sunday sermon.

So, without pulling any punches, what exactly will a customer tolerate before pulling the plug?

Here are some basic observations:

Rural customers in the US and Canada: Contention ratios of 50 to 1 are common

International customers in remote areas of the world: Contention ratios of 80 to 1 are common

Internet providers in urban areas: Contention ratios of 20 to 1 are to be expected

The numbers above are a good, rough starting point, but things are not as simple as they look. There is a statistical twist as bandwidth amounts get higher.

Contention ratios can actually increase as the overall Internet trunk size gets larger. For example, if 50 people can share one megabit without mutiny, it should follow that 100 people can share two megabits without mutiny as the ratio has not changed. It is still 50 to 1.

However, from observations of hundreds of ISPs, we can easily conclude that perhaps 110 people can share two megabits with the same tolerance as 50 people sharing one megabit. What this means is that the larger the ISP, the more bandwidth at a fixed cost per megabit, and thus the larger the contention ratios you can get away with.

Is this really true? And if so, what are its implications for your business?

This is simply an empirical observation, backed up by talking to literally thousands of ISPs over the course of four years and noticing how their oversubscription ratios increase with the size of their trunk.

A conservative estimate is that, starting with the baseline ratio listed above, you can safely add 10 percent more subscribers above and beyond the original contention ratio for each megabit of trunk they share.

Thus, to provide an illustration, 50 people sharing one megabit can safely be increased to 110 people sharing two megabits, and at four megabits you can easily handle 280 customers. With this understanding, getting more from your bandwidth becomes that much easier.

Posted in Bandwidth Management, Bandwidth Monitoring, Educational Articles, Network Capacity. 12 Comments »

NetEqualizer and CALEA: A Short Q&A

March 15, 2007 — netequalizer

What is CALEA?

CALEA, or the Communications Assistance for Law Enforcement Act, is the law that oversees telecommunication security which has now been expanded to Internet security. The FBI has been working to specify what is expected of wired and wireless ISPs, which has yet to be released in final form. There are some fairly harsh federal penalties for noncompliance that become effective in May 2007 (the stick). In the spirit of protecting our nation, the mission is not to make life miserable and expensive for operators and thwart communications, but rather to give the FBI and homeland security tools to wire tap (if I can borrow the term) Internet conversation on a moment’s notice. I suspect it would be a rare occurrence for a small WISP to receive a warrant to comply, but it would be potentially devastating to security should the means to monitor conversation not be available. In the words of a consultant working for CALEA and the FBI, here is the verbatim minimal requirement as we obtained via e-mail in order to determine our obligations as a Network Tool supplier.

Norm wrote:

“Basically, an interception warrant would need to isolate and capture all communications to or from the subject of the warrant. The warrant could specify that only header information is to be provided (i.e., a Pen Register/Trap and Tracee) or that header information and communications content should both be provided. “The Packet Technologies and Services Committee (PTSC) has developed standard ATIS-1000013.2007 for CALEA compliance for landline ISPs (including WiFi and WiMAX). Unfortunately, ATIS has not yet posted the standard on its web site (www.atis.org).”

Our promise to our customers will be to provide a minimal compliance utility on our NetEqualizer Platform and support these utilities without adding additional cost to the product, if possible.

Below is a Q&A regarding our plans.

When will the NetEqualizer CALEA compliance module be available?

We will have a “best effort” unit available for trial as of May 1. We caveat this as best effort because there may be some lag time to comply exactly with the requirement once the requirement is finalized and posted. However, there is enough information right now to get close to compliance, which is what we plan to do.

Will there be any additional cost?

At this time all customers with current NSS (software upgrade licenses) will not be charged. The NSS license for one year runs approximately 10 percent of the purchase cost of a new unit. Typically this would be in the $200 to $300 range.

Will the CALEA module ship with newly purchased units?

Yes, in fact any units purchased after March 20 will be eligible to receive the upgrade at no extra cost.

Will the upgrade cost for the CALEA module always remain the same?

We cannot promise a fixed price for future upgrades. If the complexity of this feature gets “out of hand,” we may have to label a “nonstandard” upgrade and charge, essentially making it a new product rather than an upgrade and charge accordingly.At this time our plans are to keep it as a standard upgrade.

Will the standard NetEqualizer feature and the CALEA utility run on the same hardware at the same time?

Due to the sensitive nature of the information should a warrant be requested for a tap, we have decided it would be best to focus on getting the stream to the federal agency. For this reason, the NetEqualizer will fall back to standard bridge mode. Obviously this may slow or degrade service to all customers, however this will be a rare event if ever and we’d rather do it this way than force customers to purchase an all new standalone appliance.

Additional Questions… If you have any questions please, contact us at support@apconnections.net or 1-888-287-2492. For additional information on CALEA, visit www.askcalea.net.

Posted in Bandwidth Monitoring, CALEA, Educational Articles, New Features. Tags: calea, Netequalizer. Leave a Comment »

Newer posts »

Follow NetEq Blog

Categories

Keyword Search

Pages

Recent Posts

Share this:

Share this:

Share this:

1) Use A VPN tunnel to get to blocked content.

2) Time of day does make a difference

3) Turn off Java Script

4) Install a bandwidth controller to make sure no single connection dominates your bandwidth

5) Turn off the other computers in the house

6) Kill background tasks on your computer

7) Test your Internet speed

8) Make sure you are not accidentally connected to a weak access point signal

9) Caching — How does it work and is it a good idea?

10) Kill your virus protection software

11) Set a TOS bit to provide priority

12) Avoid Quota Penalties

13) Consider Application Shaping?

14) Bypass that local consumer reseller

15) Speeding up your iPhone

17) Protocol Spoofing

In Conclusion

About APconnections

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

See for yourself.

If you like our articles, you can talk to our authors!

Archives

Top Posts