How to Block Frostwire, utorrent and Other P2P Protocols

July 18, 2012 — netequalizer

By Art Reisman, CTO, http://www.netequalizer.com

Disclaimer: It is considered controversial and by some definitions illegal for a US-based ISP to use deep packet inspection on the public Internet.

At APconnections, we subscribe to the philosophy that there is more to be gained by explaining your technology secrets than by obfuscating them with marketing babble. Read on to learn how I hunt down aggressive P2P traffic.

In order to create a successful tool for blocking a P2P application, you must first figure out how to identify P2P traffic. I do this by looking at the output data dump from a P2P session.

To see what is inside the data packets I use a custom sniffer that we developed. Then to create a traffic load, I use a basic Windows computer loaded up with the latest utorrent client.

Editors Note: The last time I used a P2P engine on a Windows computer, I ended up reloading my Windows OS once a week. Downloading random P2P files is sure to bring in the latest viruses, and unimaginable filth will populate your computer.

The custom sniffer is built into our NetGladiator device, and it does several things:

1) It detects and dumps the data inside packets as they cross the wire to a file that I can look at later.

2) It maps non printable ASCII characters to printable ASCII characters. In this way, when I dump the contents of an IP packet to a file, I don’t get all kinds of special characters embedded in the file. Since P2P data is encoded random music files and video, you can’t view data without this filter. If you try, you’ll get all kinds of garbled scrolling on the screen when you look at the raw data with a text editor.

So what does the raw data output dump of a P2P client look like ?

Here is a snippet of some of the utorrent raw data I was looking at just this morning. The sniffer has converted the non printable characters to “x”.
You can clearly see some repeating data patterns forming below. That is the key to identifying anything with layer 7. Sometimes it is obvious, while sometimes you really have work to find a pattern.

Packet 1 exx_0ixx`12fb*!s[`|#l0fwxkf)d1:ad2:id20:c;&h45h”2x#5wg;|l{j{e1:q4:ping1:t4:ka 31:v4:utk21:y1:qe
Packet 2 exx_0jxx`1kmb*!su,fsl0’_xk<)d1:ad2:id20:c;&h45h”2x#5wg;|l{j{e1:q4:ping1:t4:xv4^1:v4:utk21:y1:qe
Packet 3 exx_0kxx`1exb*!sz{)8l0|!xkvid1:ad2:id20:c;&h45h”2x#5wg;|l{j{e1:q4:ping1:t4:09hd1:v4:utk21:y1:qe
Packet 4 exx_0lxx`19-b*!sq%^:l0tpxk-ld1:ad2:id20:c;&h45h”2x#5wg;|l{j{e1:q4:ping1:t4:=x{j1:v4:utk21:y1:qe

The next step is to develop a layer 7 regular expression to identify the patterns in the data. In the output you’ll notice the string “exx” appears in line, and that is what you look for. A repeating pattern is a good place to start.

The regular expression I decided to use looks something like:

exx.0.xx.*qe

This translates to: match any string starting with “exx” followed, by any character “.” followed by “0”, followed by “xx”, followed by any sequence of characters ending with “qe”.

Note: When I tested this regular expression it turns out to only catch a fraction of the Utorrent, but it is a start. What you don’t want to do is make your regular expression so simple that you get false positives. A layer 7 product that creates a high degree of false positives is pretty useless.

The next thing I do with my new regular expression is a test for accuracy of target detection and false positives.

Accuracy of detection is done by clearing your test network of everything except the p2p target you are trying to catch, and then running your layer 7 device with your new regular expression and see how well it does.

Below is an example from my NetGladiator in a new sniffer mode. In this mode I have the layer 7 detection on, and I can analyze the detection accuracy. In the output below, the sniffer puts a tag on every connection that matches my utorrent regular expression. In this case, my tag is indicated by the word “dad” at the end of the row. Notice how every connection is tagged. This means I am getting 100 percent hit rate for utorrent. Obviously I doctored the output for this post :)

ndex SRCP DSTP Wavg Avg IP1 IP2 Ptcl Port Pool TOS
0 0 0 17 53 255.255.255.255 95.85.150.34 — 2 99 dad
1 0 0 16 48 255.255.255.255 95.82.250.60 — 2 99 dad
2 0 0 16 48 255.255.255.255 95.147.1.179 — 2 99 dad
3 0 0 18 52 255.255.255.255 95.252.60.94 — 2 99 dad
4 0 0 12 24 255.255.255.255 201.250.236.194 — 2 99 dad
5 0 0 18 52 255.255.255.255 2.3.200.165 — 2 99 dad
6 0 0 10 0 255.255.255.255 99.251.180.164 — 2 99 dad
7 0 0 88 732 255.255.255.255 95.146.136.13 — 2 99 dad
8 0 0 12 0 255.255.255.255 189.202.6.133 — 2 99 dad
9 0 0 12 24 255.255.255.255 79.180.76.172 — 2 99 dad
10 0 0 16 48 255.255.255.255 95.96.179.38 — 2 99 dad
11 0 0 11 16 255.255.255.255 189.111.5.238 — 2 99 dad
12 0 0 17 52 255.255.255.255 201.160.220.251 — 2 99 dad
13 0 0 27 54 255.255.255.255 95.73.104.105 — 2 99 dad
14 0 0 10 0 255.255.255.255 95.83.176.3 — 2 99 dad
15 0 0 14 28 255.255.255.255 123.193.132.219 — 2 99 dad
16 0 0 14 32 255.255.255.255 188.191.192.157 — 2 99 dad
17 0 0 10 0 255.255.255.255 95.83.132.169 — 2 99 dad
18 0 0 24 33 255.255.255.255 99.244.128.223 — 2 99 dad
19 0 0 17 53 255.255.255.255 97.90.124.181 — 2 99 dad

A bit more on reading this sniffer output…

Notice columns 4 and 5, which indicate data transfer rates in bytes per second. These columns contain numbers that are less than 100 bytes per second – Very small data transfers. This is mostly because as soon as that connection is identified as utorrent, the NetGladiator drops all future packets on the connection and it never really gets going. One thing I did notice is that the modern utorrent protocol hops around very quickly from connection to connection. It attempts not to show it’s cards. Why do I mention this? Because in layer 7 shaping of P2P, speed of detection is everything. If you wait a few milliseconds too long to analyze and detect a torrent, it is already too late because the torrent has transferred enough data to keep it going. It’s just a conjecture, but I suspect this is one of the main reasons why this utorrent is so popular. By hopping from source to source, it is very hard for an ISP to block this one without the latest equipment. I recently wrote a companion article regarding the speed of the technology behind a good layer 7 device.

The last part of testing a regular expression involves looking for false positives. For this we use a commercial grade simulator. Our simulator uses a series of pre-programmed web crawlers that visit tens of thousands of web pages an hour at our test facility. We then take our layer 7 device with our new regular expression and make sure that none of the web crawlers accidentally get blocked while reading thousands of web pages. If this test passes we are good to go with our new regular expression.

Editors Note: Our primary bandwidth shaping product manages P2P without using deep packet inspection.
The following layer 7 techniques can be run on our NetGladiator Intrusion Prevention System. We also advise that public ISPs check their country regulations before deploying a deep packet inspection device on a public network.

Posted in Bandwidth Management, Educational Articles, Net Neutrality, Research, Security, White Papers. Tags: bandwidth shaper, block p2p, layer 7, p2p, protocol detection. Leave a Comment »

White Paper: A Simple Guide to Network Capacity Planning

June 9, 2010 — netequalizer

After many years of consulting and supporting the networking world with WAN optimization devices, we have sensed a lingering fear among Network Administrators who wonder if their capacity is within the normal range.

So the question remains:

How much bandwidth can you survive with before you impact morale or productivity?

The formal term we use to describe the number of users sharing a network link to the Internet is contention ratio. This term is defined as the size of an Internet trunk divided by the number of users. We normally think of Internet trunks in units of megabits. For example, 10 users sharing a one megabit trunk would have a 10-to- 1 contention ratio. If sharing the bandwidth on the trunk equally and simultaneously, each user could sustain a constant feed of 100kbs, which is exactly 1/10 of the overall bandwidth.

So what is an acceptable contention ratio?

From a business standpoint, it is whatever a customer will put up with and pay for without canceling their service. This definition may seem ethically suspect, but whether in the bygone days of telecommunications phone service or contemporary Internet bandwidth business, there are long-standing precedents for overselling. What do you think a circuit busy signal is caused by? Or a dropped cell phone call?

So, without pulling any punches, what exactly will a customer tolerate before pulling the plug?

Here are some basic observations about consumers and acceptable contention ratios:

Rural customers in the US and Canada: Contention ratios of 50 to 1 are common
International customers in remote areas of the world: Contention ratios of 80 to 1 are common
Internet providers in urban areas: Contention ratios of 15 to 1 are to be expected
Generic Business ratio 50 to 1 , and sometimes higher

Update Jan 2015, quite a bit has happened since these original numbers were published. Internet prices have plummeted, here is my updated observation.

Rural customers in the US and Canada: Contention ratios of 10 to 1 are common
International customers in remote areas of the world: Contention ratios of 20 to 1 are common
Internet providers in urban areas: Contention ratios of 2 to 1 are to be expected
Generic Business ratio 5 to 1 , and sometimes higher

As a rule Businesses can general get away with slightly higher contention ratios. Most business use does not create the same load as recreational use, such as YouTube and File Sharing. Obviously, many businesses will suffer the effects of recreational use and perhaps haphazardly turn their heads on enforcement of such use. The above ratio of 50 to 1 is a general guideline of what a business should be able to work with, assuming they are willing to police their network usage and enforce policy.

The numbers above are a good, rough starting point, but things are not as simple as they look. There is a statistical twist as bandwidth amounts get higher.

Contention ratios can actually increase as the overall Internet trunk size gets larger. For example, if 50 people can share one megabit without mutiny, it should follow that 100 people can share two megabits without mutiny as the ratio has not changed. It is still 50 to 1.

However, from observations of hundreds of ISPs, we can easily conclude that perhaps 110 people can share two megabits with the same tolerance as 50 people sharing one megabit. What this means is that the larger the ISP, the more bandwidth at a fixed cost per megabit, and thus the larger the contention ratios you can get away with.

Is this really true? And if so, what are its implications for your business?

This is simply an empirical observation, backed up by talking to literally thousands of ISPs over the course of four years and noticing how their oversubscription ratios increase with the size of their trunk.

A conservative estimate is that, starting with the baseline ratio listed above, you can safely add 10 percent more subscribers above and beyond the original contention ratio for each megabit of trunk they share.

Thus, to provide an illustration, 50 people sharing one megabit can safely be increased to 110 people sharing two megabits, and at four megabits you can easily handle 280 customers. With this understanding, getting more from your bandwidth becomes that much easier.

I also ran across this thread in a discussion group for Resnet Adminstrators around the country.

From Resnet Listserv

Brandon Enright at University of California San Diego breaks it down as follows:
Right now we’re at .2 Mbps per student. We could go as low as .1 right
now without much of any impact. Things would start to get really ugly
for us at .05 Mpbs / student.

So at 10k students I think our lower-bound is 500 Mbps.

I can’t disclose what we’re paying for bandwidth but even if we fully
saturated 2Gbps for the 95% percentile calculation it would come out to
be less than $5 per student per month. Those seem like reasonable
enough costs to let the students run wild.
Brandon

Editors note: I am not sure why a public institution can’t exactly disclose what they are paying for bandwidth ( Brian does give a good hint), as this would be useful to the world for comparison; however many Universities get lower than commercial rates through state infrastructure not available to private operators.

Equalizing Compared to Application Shaping (Traditional Layer-7 “Deep Packet Inspection” Products)

March 31, 2010 — netequalizer

Editor’s Note: (Updated with new material March 2012) Since we first wrote this article, many customers have implemented the NetEqualizer not only to shape their Internet traffic, but also to shape their company WAN. Additionally, concerns about DPI and loss of privacy have bubbled up. (Updated with new material September 2010) Since we first published this article, “deep packet inspection”, also known as Application Shaping, has taken some serious industry hits with respect to US-based ISPs.

==============================================================================================
Author’s Note: We often get asked how NetEqualizer compares to Packeteer (Bluecoat), NetEnforcer (Allot), Network Composer (Cymphonix), Exinda, and a plethora of other well-known companies that do Application Shaping (aka “packet shaping”, “deep packet inspection”, or “Layer-7” shaping). After several years of these questions, and discussing different aspects with former and current application shaping with IT administrators, we’ve developed a response that should clarify the differences between NetEqualizer’s behavior- based approach and the rest of the pack.
We thought of putting our response into a short, bullet-by-bullet table format, but then decided that since this decision often involves tens of thousands of dollars, 15 minutes of education on the subject with content to support the bullet chart was in order. If you want to skip the details, see our Summary Table at the end of this article…

However, if you’re looking to really understand the differences, and to have the question answered as objectively as possible, please take a few minutes to read on…
==============================================================================================

How NetEqualizer compares to Bluecoat, Allot, Cymphonix, & Exinda

In the following sections, we will cover specifically when and where Application Shaping is used, how it can be used to your advantage, and also when it may not be a good option for what you are trying to accomplish. We will also discuss how Equalizing, NetEqualizer’s behavior-based shaping, fits into the landscape of application shaping, and how in many cases Equalizing is a much better alternative.

Download the full article (PDF) Equalizing Compared To Application Shaping White Paper

Read the rest of this entry »

NetEqualizer Bandwidth Shaping Solution: Hotels & Resorts

February 11, 2010 — netequalizer

In working with some of the world’s leading hotels and resorts, we’ve repeatedly heard the same issues and challenges facing network administrators. Here are just a few:

Download Hotels White Paper

We need to do more with less bandwidth.
We need a solution that’s low cost, low maintenance, and easy to set up.
We need to meet the expectations of our tech-savvy customers and prevent Internet congestion during times of peak usage.
We need a solution that can meet the demands of a constantly changing clientele. We need to offer tiered internet access for our hotel guests, and provide managed access for conference attendees.

In this article, we’ll talk about how the NetEqualizer has been used to solve these issues for many Hotels and Resorts around the world.

Download article (PDF) Hotels & Resorts White Paper

Read full article …

Posted in NAC, White Papers. Tags: bandwidth control, Bandwidth Shaping, hotel, internet congestion, Internet optimization, Network Access Control, resort. 1 Comment »

NetEqualizer Bandwidth Shaping Solution: Business Centers

February 10, 2010 — netequalizer

In working with numerous Business Center network administrators, we have heard the same issues and challenges repeatedly. Here are just a few:

Download Business Centers White Paper

We need to do more with less bandwidth.
We need a solution that’s low cost, low maintenance, and easy to set up.
We need to support selling fixed bandwidth to our customers, by office and/or user.
We need to be able to report on subscriber usage.
We need to increase user satisfaction and reduce network troubleshooting calls

In this article, we’ll talk about how the NetEqualizer has been used to solve these issues for many Business Centers around the world.

Download article (PDF) Business Centers White Paper

Read full article …

Posted in White Papers. Tags: bandwidth control, Bandwidth Management, Bandwidth Shaping, business centers, internet subscribers, Netequalizer, network congestion. Leave a Comment »

NetEqualizer Bandwidth Shaping Solution: Telecom, Satellite Systems, Cable, and Wired and Wireless ISPs

February 5, 2010 — netequalizer

In working with Internet providers around the world, we’ve repeatedly heard the same issues and challenges facing network administrators. Here are just a few:

Download ISP White Paper

We need to support selling fixed bandwidth to our customers.
We need to be able to report on subscriber usage.
We need the ability to increase subscriber ratio, or not have a subscriber cutback, before having to buy more bandwidth.
We need to meet the varying needs of all of our users.
We need to manage P2P traffic.
We need to give VoIP traffic priority.
We need to make exemptions for customers routing all of their traffic through VPN tunnels.
We need a solution that’s low cost, low maintenance, and easy to set up.
We need a solution that will grow with our network.
We need a solution that will meet CALEA requirements.

In this article, we will talk about how the NetEqualizer has been used to solve these issues for Internet providers worldwide.

Download article (PDF) ISP White Paper

Read full article …

Posted in CALEA, White Papers. Tags: bandwidth control, Bandwidth Management, Bandwidth Shaping, cable internet provider, Internet provider, ISP, wireless isp, WISP. Leave a Comment »

NetEqualizer Bandwidth Shaping Solution: Libraries

February 4, 2010 — netequalizer

In working with libraries across the country, we have heard the same issues and challenges repeatedly from network administrators. Here are just a few:

Download Library White Paper

We need to meet the varying needs of all of our patrons while keeping the network truly open to the public.
We need to ensure access to our online resources for remote users (online catalogs, databases, etc.).
We need to do more with less bandwidth.
We need a solution that’s low cost, low maintenance, and easy to set up.
We need a solution that will grow with our network.

In this article, we’ll talk about how the NetEqualizer has been used to solve these issues for many libraries around the world.

Download article (PDF) Library White Paper

Read full article …

Posted in White Papers. Tags: bandwidth control, Bandwidth Management, Bandwidth Shaping, libraries, library. Leave a Comment »

NetEqualizer Bandwidth Shaping Solution: K-12 Schools

January 28, 2010 — netequalizer

Download K-12 Schools White Paper

In working with network administrators at public and private K-12 schools over the years, we’ve repeatedly heard the same issues and challenges facing them. Here are just a few:

We need a solution that’s low cost, low maintenance, and easy to set up.
We need a solution that will prioritize classroom videos and other online educational tools (e.g. blackboard.com).
We need to improve the overall Web-user experience for students.
We need a solution that doesn’t require “per-user” licensing.

In this article, we’ll talk about how the NetEqualizer has been used to solve these issues for many public and private K-12 schools around the world.

Download article (PDF) K-12 Schools White Paper

Read full article …

Posted in White Papers. Tags: bandwidth control, bandwidth prioritization, Bandwidth Shaping, k12 schools, Netequalizer, school, school district. Leave a Comment »

NetEqualizer Bandwidth Shaping Solution: Colleges, Universities, Boarding Schools, and University Housing

December 15, 2009 — netequalizer

In working with information technology leaders at universities, colleges, boarding schools, and university housing over the years, we’ve repeatedly heard the same issues and challenges facing network administrators. Here are just a few:

Download College & University White Paper

We need to provide 24/7 access to the web in the dormitories.
We need to support multiple campuses (and WAN connections between campuses).
We have thousands of students, and hundreds of administrators and professors, all sharing the same pipe.
We need to give priority to classroom videos used for educational purposes.
Our students want to play games and watch videos (e.g. YouTube).
We get calls if instant messaging & email are not responding instantaneously.
We need to manage P2P traffic.

In this article, we’ll talk about how the NetEqualizer has been used to solve these issues for many private and public colleges, universities, boarding schools, and in university housing facilities around the world.

Download article (PDF) College & University White Paper

Read full article …

Posted in White Papers. Tags: bandwidth control, Bandwidth Management, Bandwidth Shaping, college bandwidth, Netequalizer, Traffic Shaping, university bandwidth, youtube bandwidth. Leave a Comment »

Using NetEqualizer Lite to prevent the 802.11 Hidden Terminal problem

September 30, 2009 — netequalizer

Introduction

Of the numerous growing pains that can accompany the expansion of a wireless network, the hidden terminal problems is one of the most difficult problems to solve. Despite your best efforts, the communication breakdown between nodes can wreak havoc on a network, often leading to sub par performance and unhappy users.

What is a hidden terminal and why is it a problem for wireless networks?

For example, say node A and node B are wireless laptops in an office building with one access point. Node A starts sending data to the access point at the same moment as node B. By design, node A is smart enough to listen at the exact moment it is sending data in order to ensure that it has the airwaves free and clear. If it hears some other talker at the same time, it may back off, or, in other cases, node B may be the one to back off. The exact mechanism used to determine the back off order is similar to right of way rules at a four-way stop. These rules of etiquette are followed to prevent a crash and allow each node to send its data unimpeded.

This technology worked fine until directional antennas were invented and attached to remote nodes, which allowed users to be farther away from an access point and still send and receive transmissions. This technology is widely available and fairly inexpensive, so it was adopted by many wireless service providers to extend Internet service across a community.

Since it’s not practical to have each node point a directional antenna at all of the other nodes, the result is that the nodes don’t acknowledge one another and subsequently don’t back off to let others in. When nodes compete to reach the access point at the same time, typically those with the strongest signals, which are generally closest to the AP, win out, leaving the weaker-signaled nodes helpless and unable to communicate with the access point (see image below).

Your browser may not support display of this image.

The degradation of the hidden node problem varies with time of day, as well as with who is talking at any moment. As a result, the problem is not in one place for long, so it is not easily remedied by a quick mechanical fix. But, fortunately, there is a solution.

How does a NetEqualizer solve the hidden node issue?

The NetEqualizer solution, which is completely compatible with 802.11, works by taking advantage of the natural inclination of Internet connections to back off when artificially restrained. We’ll get back to this key point in a moment.

Understanding the true throughput upper limit of your access point is key to the NetEqualizer’s efficiency, since the advertised throughput of an AP and its actual ceiling often vary, with most AP’s not reaching their full potential.

Once you have determined the peak capacity of the access point (done empirically through busy hour observation), you then place a NetEqualizer (normally the lower end NetEqualizer POE device) between the access point and it’s connection to the Internet. You then set the NetEqualizer to the effective throughput of the AP . This tells the NetEqualizer to kick into gear when that upper limit is reached.

Once configured, the NetEqualizer constantly (every second) measures the total aggregate bandwidth throughput traversing the AP. If it senses the upper limit is being reached, NetEqualizer will then isolate the dominating flows and encourage them to back off.

Each connection between a user on your network and the Internet constitutes a traffic flow. Flows vary widely from short dynamic bursts, which occur, for example, when searching a small Web site, to large persistent flows, as when performing peer-to-peer file sharing or downloading a large file.

By keeping track of every flow going through the AP, the NetEqualizer can make a determination of which ones are getting an unequal share of bandwidth and thus crowding out flows from weaker nodes.

NetEqualizer determines detrimental flows from normal ones by taking the following questions into consideration:

Once the answers to these questions are known, NetEqualizer will adjust offending flows by adding latency, forcing them to back off and allow potentially hidden nodes to establish communications – thus eliminating any disruption. Nodes with stronger signals that are closer to the access point will no longer have the advantage over users based farther away. This is done automatically by the NetEqualizer, without requiring any additional programming by administrators.

The key to making this happen over 802.11 relies on the fact that if you slow a stream to the Internet down, the application at the root cause will back off and also slow down. This can be done by the NetEqualizer without any changes to the 802.11 protocol since the throttling is actually done independent of the radio. The throttling of heavy streams happens between the AP and the connection to the Internet.

Questions and Answers

How do you know congestion is caused by a heavy stream?

We have years of experience optimizing networks with this technology. It is safe to say that on any congested network roughly 5 percent of users are responsible for 80 percent of Internet traffic. This seems to be a law of Internet usage.²

Can certain applications be given priority?

NetEqualizer can give priority by IP address, for video streams, and in its default mode it naturally gives priority to Voice over IP (VoIP), thus addressing a common need for commercial operators.

How many users can the NetEqualizer POE support?

The NetEqualizer Lite can support approximately 100 users.

What happens to voice traffic over a wireless transmission? Will it be improved or impaired?

We have mostly seen improvements to voice quality using our techniques. Voice calls are usually fairly low runners when it comes to the amount of bandwidth consumed. Congestion is usually caused by higher running activities, and thus we are able to tune the NetEqualizer to favor voice.

How can I find out more about the NetEqualizer?

Additional information about the NetEqualizer can be found at our Web site.

How can I purchase an NetEqualizer for trial?

Customers in the U.S. can contact APconnections directly at 1-800-918-2763 or via e-mail at admin@APconnections.net. International customers outside of Europe can contact APconnections at +1 303-997-1300, extension 103 or at the e-mail listed above.

About APconnections

APconnections is a privately held company founded in July 2003 and based in Lafayette, CO. We develop cost-effective and easy-to-install and manage traffic shaping appliances. Our NetEqualizer product family optimizes critical network bandwidth resources for any organization that purchases bandwidth in bulk and then redistributes or resells that bandwidth to disparate users with competing needs.

Our goal is to provide fully featured traffic shaping products that are simple to install and easy to use and manage. We released our first commercial offering in July 2003, and since then over 1000 unique customers around the world have put our products into service. Our flexible and scalable solutions can be found at ISPs, WISPs, major universities, Fortune 500 companies, SOHOs and small businesses on six continents.

Competing demands for network resources and congestion are problems shared by network administrators and operators across the globe. Low priority applications such as a large file download should never be allowed to congest and slowdown your VoIP, CRM, ERP or other high priority business applications. Until the development of APconnections’ NetEqualizer product family, network administrators and operators who wanted to cost-effectively manage network congestion and quality of service were forced to cobble together custom solutions. This process turned a simple task into a labor intensive exercise in custom software development. Now, with the NetEqualizer product family from APconnections, network staff can purchase and quickly install cost-effective turnkey traffic shaping solutions.

University of Limerick published an independent study validating Equalizing as solution to the hidden node problem.

¹ Nodes are defined as any computer or device that is within a network. In this white paper, the term “user” will refer to the individual or group utilizing these computers or devices and could effectively be interchanged with the term “node”. In addition, the term “talker” will at times be used to refer to nodes that are sending data.

Posted in White Papers. Tags: hidden node problem, hidden node solution, hidden terminal, hidden terminal 802.11, Netequalizer. Leave a Comment »

Hitchhiker’s Guide To Network And WAN Optimization Technology

July 27, 2009 — netequalizer

Manufacturers make all sorts of claims about speeding up your network with special technologies, in the following pages we’ll take a look at the different types of technologies explaining them in such a way that you the Consumer can make an informed decision on what is right for you.

Compression – Relies on data patterns that can be represented more efficiently. Best suited for point to point leased lines.
Caching – Relies on human behavior , accessing the same data over and over. Best suited for point to point leased lines, but also viable for Internet Connections and VPN tunnels.
Protocol Spoofing – Best suited for Point to Point WAN links.
Application Shaping – Controls data usage based on spotting specific patterns in the data. Best suited for both point to point leased lines and Internet connections. Very expensive to maintain in both initial cost, ongoing costs and labor.
Equalizing – Makes assumptions on what needs immediate priority based on the data usage. Excellent choice for Internet connections and clogged VPN tunnels.
Connection Limits – Prevents access gridlock in routers and access points. Best suited for Internet access where p2p usage is clogging your network.
Simple Rate Limits – Prevents one user from getting more than a fixed amount of data. Best suited as a stop gap first effort for a remedying a congested Internet connection with a limited budget.

Compression

At first glance, the term compression seems intuitively obvious. Most people have at one time or another extracted a compressed Zip windows file. Examining the file sizes pre and post extraction reveals there is more data on the hard drive after the extraction. WAN compression products use some of the same principles only they compress the data on the WAN link and decompress it automatically once delivered, thus saving space on the link, making the network more efficient. Even though you likely understand compression on a Windows file conceptually, it would be wise to understand what is really going on under the hood during compression before making an investment to reduce network costs. Some questions to consider: How does compression really work? Are there situations where it may not work at all?

How it Works

A good, easy to visualize analogy to data compression is the use of short hand when taking dictation. By using a single symbol for common words a scribe can take written dictation much faster than if he were to spell out each entire word. Thus the basic principle behind compression techniques is to use shortcuts to represent common data. Commercial compression algorithms, although similar in principle, vary widely in practice. Each company offering a solution typically has their own trade secrets that they closely guard for a competitive advantage.

There are a few general rules common to all strategies. One technique is to encode a repeated character within a data file. For a simple example let’s suppose we were compressing this very document and as a format separator we had a row with a solid dash.

The data for this solid dash line is comprised of approximately 160 times the ASCII character â€œ-â€�. When transporting the document across a WAN link without compression this line of document would require 80bytes of data, but with clever compression we can encode this using a special notation â€œ-â€� X 160.

The compression device at the front end would read the 160 character line and realize: “Duh, this is stupid. Why send the same character 160 times in a row?” so it would incorporate a special code to depict the data more efficiently.

Perhaps that was obvious, but it is important know a little bit about compression techniques to understand the limits of their effectiveness. There are many types of data that cannot be efficiently compressed.

For example: many image and voice recordings are already optimized and there is very little improvement in data size that can be accomplished with compression techniques. The companies that sell compression based solutions should be able to provide you with profiles on what to expect based on the type of data sent on your WAN link.

Caching

Suppose you are the administrator for a network, and you have a group of a 1000 users that wake up promptly at 7:00 am each morning and immediately go to MSNBC.com to retrieve the latest news from Wall Street. This synchronized behavior would create 1000 simultaneous requests for the same remote page on the Internet.

Or, in the corporate world, suppose the CEO of a multinational 10,000 employee business, right before the holidays put out an all points 20 page PDF file on the corporate site describing the new bonus plan? As you can imagine all the remote WAN links might get bogged down for hours while each and every employee tried to download this file.

Well it does not take a rocket scientist to figure out that if somehow the MSNBC home page could be stored locally on an internal server that would alleviate quite a bit of pressure on your WAN link.

And in the case of the CEO memo, if a single copy of the PDF file was placed locally at each remote office it would alleviate the rush of data.

Caching does just that.

Offered by various vendors Caching can be very effective in many situations, and vendors can legitimately make claims of tremendous WAN speed improvement in some situations. Caching servers have built in intelligence to store the most recently and most frequently requested information, thus preventing future requests from traversing the WAN link unnecessarily .

You may know that most desktop browsers do their own form caching already. Many web servers keep a time stamp of their last update to data , and browsers such as the popular Internet Explorer will use a cached copy of a remote page after checking the time stamp.

So what is the downside of caching?

There are two main issues that can arise with caching:

Keeping the cache current. If you access a cache page that is not current then you are at risk of getting old and incorrect information. Some things you may never want to be cached, for example the results of a transactional database query. It’s not that these problems are insurmountable, but there is always the risk that the data in cache will not be synchronized with changes.
Volume. There are some 60 million web sites out on the Internet alone. Each site contains upwards of several megabytes of public information. The amount of data is staggering and even the smartest caching scheme cannot account for the variation in usage patterns among users and the likely hood they will hit an un-cached page.

Protocol Spoofing

Historically, there are client server applications that were developed for an internal LAN. Many of these applications are considered chatty. For example, to complete a transaction between a client and server, 10’s of messages may be transmitted, when perhaps one or two would suffice. Everything was fine until companies-for logistical and other reasons extended their LANs across the globe using WAN links to tie different locations together.

To get a better visual on what goes on in a chatty application perhaps an analogy will help with getting a picture in your mind. Suppose you were sending a letter to family members with your summer vacation pictures, and, for some insane reason, you decided to put each picture in a separate envelope and mail them individually on the same mail run. Obviously, this would be extremely inefficient.

What protocol spoofing accomplishes is to fake out the client or server side of the transaction and then send a more compact version of the transaction over the Internet, i.e. put all the pictures in one envelope and send it on your behalf thus saving you postage…

You might ask why not improve the inefficiencies in these chatty applications rather than write software to deal with the problem?

Good question, but that would be the subject of a totally different white paper on how IT organizations must evolve with legacy technology. It’s just beyond the scope of our white paper.

Application Shaping

One of the most popular and intuitive forms of optimizing bandwidth is a method called “application shaping” with aliases of “traffic shaping”, “bandwidth control”, and perhaps a few others thrown in for good measure. For the IT manager that is held accountable for everything that can and will go wrong on a network, or the CIO that needs to manage network usage policies, this is a dream come true. If you can divvy up portions of your WAN link to various applications then you can take control of your network and insure that important traffic has sufficient bandwidth.

At the center of application shaping is the ability to identify traffic by type. Is this Citrix traffic, streaming Audio, Kazaa peer to peer or something else?

The Fallacy of Internet Ports and Application Shaping

Many applications are expected to use Internet ports when communicating across the Internet. An Internet port is part of an Internet address, and many firewall products can easily identify ports and block or limit them. For example, the “FTP” application commonly used for downloading files uses the well know “port 21”. The fallacy with this scheme, as many operators soon find out, is that there are many applications that do not consistently use a fixed port for communication. Many application writers have no desire to be easily classified. In fact, they don’t want IT personnel to block them at all, so they deliberately design applications to not conform to any formal port assignment scheme. For this reason, any product that purports to block or alter application flows, by port, should be avoided if your primary mission is to control applications by type.

So, if standard firewalls are inadequate at blocking applications by port what can help?

As you are likely aware, all traffic on the Internet travels around in what is called an IP packet. An IP packet can very simply be thought of as a string of characters moving from Computer A to Computer B. The string of characters is called the “payload,” much like the freight inside a railroad car. On the outside of this payload, or data, is the address where it is being sent. These two elements, the address and the payload, comprise the complete IP packet. In the case of different applications on the Internet we would expect to see different kinds of payloads. For example, let’s take the example of a skyscraper being transported from New York to Los Angeles. How could this be done using a freight train? Common sense suggests that one would disassemble the office tower, stuff it into as many freight cars as it takes to transport it, and then when the train arrived in Los Angeles hopefully the workers on the other end would have the instructions on how to reassemble the tower.

Well, this analogy works with almost anything that is sent across the Internet, only the payload is some form of data, not a physical hunk of bricks, metal and wires. If we were sending a Word document as an e-mail attachment, guess what? The contents of the document would be disassembled into a bunch of IP packets and sent to the receiving e-mail client where it would be re-assembled. If I looked at the payload of each Internet packet in transit I could actually see snippets of the document in each packet and could quite easily read the words as they went by.

At the heart of all current application shaping products is special software that examines the content of Internet packets, and through various pattern matching techniques determines what type of application a particular flow is.

Once a flow is determined then the application shaping tool can enforce the operators policies on that flow. Here are some examples:

Limit AIM messenger traffic to 100kbs
Reserve 500kbs for Shoretell voice traffic

The list of rules you can apply to traffic types and flow is unlimited.

The Downside to Application Shaping

Application shaping does work and is a very well thought out logical way to set up a network. After all, complete control over all types of traffic should allow an operator to run a clean ship, right? But as with any euphoric ideal there are drawbacks to the reality that you should be aware of.

The number of applications on the Internet is a moving target. The best application shaping tools do a very good job of identifying several thousand of them, and yet there will always be some traffic that is unknown (estimated at ten percent by experts from the leading manufactures). The unknown traffic is lumped into the unknown classification and an operator must make a blanket decision on how to shape this class. Is it important? Is it not? Suppose the important traffic was streaming audio for a web cast and is not classified. Well, you get the picture. Although theory behind application shaping by type is a noble one, the cost for a company to keep current is large and there are cracks.
Even if the application spectrum could be completely classified, the spectrum of applications constantly changes. You must keep licenses current to insure you have the latest in detection capabilities. And even then it can be quite a task to constantly analyze and change the mix of policies on your network. As bandwidth costs lessen, how much human time should be spent divvying up and creating ever more complex policies to optimize your WAN traffic?

Equalizing

Take a minute to think about what is really going on in your network to make you want to control it in the first place.

We can only think of a few legitimate reasons to do anything at all to your WAN: “The network is slow”, or “My VoIP call got dropped”.

If such words were never uttered than life would be grand.

So you really only have to solve these issues to be successful. Who cares about the actual speed of the WAN link or the number and types of applications running on your network or what port they are using, if you never hear these two complaints?

Equalizing goes at the heart of congestion using the basic principal of time. The reason why a network is slow or a voice call breaks up is that the network is stupid. The network grants immediate access to anybody who wants to use it, no matter what their need is. That works great much of the day when networks have plenty of bandwidth to handle all traffic demands, but it is the peak usage demands that play havoc.

Take the above statement with some simple human behavior factors. People notice slowness when real time activities break down. Accessing a web page, or sending an e-mail , chat session, voice call. All these activities will generate instant complaints if response times degrade from the “norm”.

The other fact of human network behavior is that there are bandwidth intensive applications, peer to peer, large e-mail attachments, data base back ups. These bandwidth intensive activities are attributed to a very small number of active users at any one time which makes it all the more insidious as they can consume well over ninety percent of a network’s resources at any time. Also, most of these bandwidth intensive applications can be spread out over time without notice from the user.

That data base back up for example: does it really need to be completed in three minutes at 5:30 on a Friday, or can it be done over six minutes and complete at 5:33? That would give your network perhaps fifty percent more bandwidth at no additional cost and nobody would notice. It is unlikely the user backing up their local disk drive is waiting for it to complete with stop watch in hand.

It is these unchanging human factor interactions that allow equalizing to work today, tomorrow and well into the future without need for upgrading. It looks at the behavior of the applications and usage patterns. By adhering to some simple rules of behavior the real time applications can be identified from the heavy non real time activities and thus be granted priority on the fly without any specific policies set by the IT Manager.

How Equalizing Technology Balances Traffic

Each connection on your network constitutes a traffic flow. Flows vary widely from short dynamic bursts, for example, when searching a small website, to large persistent flows, as when performing peer-to-peer file sharing.

Equalizing is determined from the answers to these questions:

How persistent is the flow?
How many active flows are there?
How long has the flow been active?
How much total congestion is currently on the trunk?
How much bandwidth is the flow using relative to the link size?

Once these answers are known then Equalizing makes adjustments to flow by adding latency to low-priority tasks so high-priority tasks receive sufficient bandwidth. Nothing more needs to be said and nothing more needs to be administered to make it happen, once set up it need not be revisited.

Exempting Priority Traffic

Many people often point out that although equalizing technology sounds promising that it may be prone to mistakes with such a generic approach to traffic shaping. What if a user has a high priority bandwidth intensive video stream that must get through, wouldn’t this be the target of a miss-applied rule to slow it down?

The answer is yes, but what we have found is that high bandwidth priority streams are usually few in number and known by the administrator; they rarely if ever pop up spontaneously, so it is quite easy to exempt such flows since they are the rare exception. This is much easier than trying to classify every flow on your network at all times.

Connection Limits

Often overlooked as a source of network congestion is the number of connections a user generates. A connection can be defined as a single user communicating with a single Internet site. Take accessing the Yahoo home page for example. When you access the Yahoo home page your browser goes out to Yahoo and starts following various links on the Yahoo page to retrieve all the data. This data is typically not all at the same Internet address, so your browser may access several different public Internet locations to load the Yahoo home page, perhaps as many as ten connections over a short period of time. Routers and access points on your local network must keep track of these “connections” to insure that the data gets routed back to the correct browser. Although ten connections to the Yahoo home page is not excessive over a few seconds there are very poorly behaved applications, (most notably Gnutella, Bear Share, and Bittorrent), which are notorious for opening up 100’s or even 1000’s of connections in a short period of time. This type of activity is just as detrimental to your network as other bandwidth eating applications and can bring your network to a grinding halt. The solution is to make sure any traffic management solution deployed incorporates some form of connection limiting features.

Simple Rate Limits

The most common and widely used form of bandwidth control is the simple rate limit. This involves putting a fixed rate cap on a single IP address as per often is the case with rate plans promised by ISPs to their user community. “2 meg up and 1 meg down” is a common battle cry, but what happens in reality with such rate plans?

Although setting simple rates limits is far superior to running a network wide open we often call this “set, forget, and pray”!

Take for example six users sharing a T1 if each of these six users gets a rate of 256kbs up and 256kbs down. Then these six users each using their full share of 256 kilo bits per second is the maximum amount a T1 can handle. Although it is unlikely that you will hit gridlock with just six users, when the number of users reaches thirty, gridlock becomes likely, and with forty or fifty users, it becomes a certainty to happen quite often. It is not uncommon for schools, wireless ISPs, and executive suites to have sixty users to as many as 200 users sharing a single T1 with simple fixed user rate limits as the only control mechanism.

Yes, simple fixed user rate limiting does resolve the trivial case where one or two users, left unchecked, can use all available bandwidth; however unless your network is not oversold there is never any guarantee that busy-hour conditions will not result in gridlock.

Conclusion

The common thread to all WAN optimization techniques is they all must make intelligent assumptions about data patterns or human behavior to be effective. After all, in the end, the speed of the link is just that, a fixed speed that cannot be exceeded. All of these techniques have their merits and drawbacks, the trick is finding a solution best for your network needs. Hopefully the background information contained in this document will give you information so you the consumer can make an informed decision.

Posted in Bandwidth Management, White Papers. Tags: application shaping, bandwidth compression, bandwidth control, network optimization, packet shaping, Wan Optimization. 5 Comments »

NetEqualizer White Paper Comparison with Traditional Layer-7 (Deep Packet Inspection Products)

May 4, 2009 — netequalizer

Updated with new reference material May 4th 2009

How NetEqualizer compares to Packeteer, Allot, Cymphonics, Exinda

We often get asked how NetEqualizer compares to Packeteer, Allot, Cymphonics, Exinda and a plethora of other well-known companies that do layer 7 application shaping (packet shaping). After several years of these questions, and discussing different aspects with former and current application shaping IT administrators, we’ve developed a response that should clarify the differences between NetEqualizers behavior based approach and the rest of the pack.

We thought of putting our response into a short, bullet-by-bullet table format, but then decided that since this decision often involves tens of thousands of dollars, 15 minutes of education on the subject with content to support the bullet chart was in order. If you want to see just the bullet chart, you can skip to the end now, but if you’re looking to have the question answered as objectively as possible, please take a few minutes to read on

In the following sections, we will cover specifically when and where application shaping (deep packet inspection) is used, how it can be used to your advantage, and also when it may not be a good option for what you are trying to accomplish. We will also discuss how the NetEqualizer and its behavior-based shaping fits into the landscape of application shaping, and how in some cases the NetEqualizer is a much better alternative.

First off, let’s discuss the accuracy of application shaping. To do this, we need to review the basic mechanics of how it works.

Application shaping is defined as the ability to identify traffic on your network by type and then set customized policies to control the flow rates for each particular type. For example, Citrix, AIM, Youtube, and BearShare are all applications that can be uniquely identified.

As you are likely aware, all traffic on the Internet travels around in what is called an IP packet. An IP packet can very simply be thought of as a string of characters moving from computer A to computer B. The string of characters is called the “payload,” much like the freight inside a railroad car. On the outside of this payload is the address where it is being sent. On the inside is the data/payload that is being transmitted. These two elements, the address and the payload, comprise the complete IP packet. In the case of different applications on the Internet, we would expect to see different kinds of payloads.

At the heart of all current application shaping products is special software that examines the content of Internet packets as they pass through the packet shaper. Through various pattern matching techniques, the packet shaper determines in real time what type of application a particular flow is. It then proceeds to take action to possibly restrict or allow the data based on a rule set designed by the system administrator.

For example, the popular peer-to-peer application Kazaa actually has the ASCII characters “Kazaa” appear in the payload, and hence a packet shaper can use this keyword to identify a Kazaa application. Seems simple enough, but suppose that somebody was downloading a Word document discussing the virtues of peer-to-peer and the title had the character string “Kazaa” in it. Well, it is very likely that this download would be identified as Kazaa and hence misclassified. After all, downloading a Word document from a Web server is not the same thing as the file sharing application Kazaa.

The other issue that constantly brings the accuracy of application shaping under fire is that some application writers find it in their best interest not be classified. In a mini arms race that plays out everyday across the world, some application developers are constantly changing their signature and some have gone as far as to encrypt their data entirely.

Yes, it is possible for the makers of application shapers to counter each move, and that is exactly what the top companies do, but it can take a heroic effort to keep pace. The constant engineering and upgrading required has an escalating cost factor. In the case of encrypted applications, the amount of CPU power required for decryption is quite intensive and impractical and other methods will be needed to identify encrypted p2p.

But, this is not to say that application shaping doesn’t work in all cases or provide some value. So, let’s break down where it has potential and where it may bring false promises. First off, the realities of what really happens when you deploy and depend on this technology need to be discussed.

Accuracy and False Positives

As of early 2003, we had a top engineer and executive join APConnections direct from a company that offered application shaping as one of their many value-added technologies. He had first hand knowledge from working with hundreds of customers who were big supporters of application shaping:

The application shaper his company offered could identify 90 percent of the spectrum of applications, which means they left 10 percent as unclassified. So, right off the bat, 10 percent of the traffic is unknown by the traffic shaper. Is this traffic important? Is it garbage that you can ignore? Well, there is no way to know with out any intelligence, so you are forced to let it go by without any restriction. Or, you could put one general rule over all of the traffic – perhaps limiting it to 1 megabit per second max, for example. Essentially, if your intention was 100-percent understanding and control of your network traffic, right out the gate you must compromise this standard.

In fairness, this 90-percent identification actually is an amazing number with regard to accuracy when you understand how daunting application shaping is. Regardless, there is still room for improvement.

So, that covers the admitted problem of unclassifiable traffic, but how accurate can a packet shaper be with the traffic it does claim to classify? Does it make mistakes? There really isn’t any reliable data on how often an application shaper will misidentify an application. To our knowledge, there is no independent consumer reporting company that has ever created a lab capable of generating several thousand different applications types with a mix of random traffic, and then took this mix and identified how often traffic was misclassified. Yes, there are trivial tests done one application at a time, but misclassification becomes more likely with real-world complex and diverse application mixes.

From our own testing of application technology freely available on the Internet, we discovered false positives can occur up to 25 percent of the time. A random FTP file download can be classified as something more specific. Obviously commercial packet shapers do not rely on the free technology in open source and they actually may improve on it. So, if we had to estimate based on our experience, perhaps 5 percent of Internet traffic will likely get misclassified. This brings our overall accuracy down to 85 percent (combining the traffic they don’t claim to classify with an estimated error rate for the traffic they do classify).

Constantly Evolving Traffic

Our sources say (mentioned above) that 70 percent of their customers that purchased application shaping equipment were using the equipment primarily as a reporting tool after one year. This means that they had stopped keeping up with shaping policies altogether and were just looking at the reports to understand their network (nothing proactive to change the traffic).

This is an interesting fact. From what we have seen, many people are just unable, or unwilling, to put in the time necessary to continuously update and change their application rules to keep up with the evolving traffic. The reason for the constant changing of rules is that with traditional application shaping you are dealing with a cunning and wise foe. For example, if you notice that there is a large contingent of users using Bittorrent and you put a rule in to quash that traffic, within perhaps days, those users will have moved on to something new: perhaps a new application or encrypted p2p. If you do not go back and reanalyze and reprogram your rule set, your packet shaper slowly becomes ineffective.

And finally lest we not forget that application shaping is considered by some to be a a violation of Net Neutrality.

When is application shaping the right solution?

There is a large set of businesses that use application shaping quite successfully along with other technologies. This area is WAN optimization. Thus far, we have discussed the issues with using an application shaper on the wide open Internet where the types and variations of traffic are unbounded. However, in a corporate environment with a finite set and type of traffic between offices, an application shaper can be set up and used with fantastic results.

There is also the political side to application shaping. It is human nature to want to see and control what takes place in your environment. Finding the best tool available to actually show what is on your network, and the ability to contain it, plays well with just about any CIO or IT director on the planet. An industry leading packet shaper brings visibility to your network and a pie chart showing 300 different kinds of traffic. Whether or not the tool is practical or accurate over time isn’t often brought into the buying decision. The decision to buy can usually be “intuitively” justified. By intuitively, we mean that it is easier to get approval for a tool that is simple to conceptually understand by a busy executive looking for a quick-fix solution.

As the cost of bandwidth continues to fall, the question becomes how much a CIO should spend to analyze a network. This is especially true when you consider that as the Internet expands, the complexity of shaping applications grows. As bandwidth prices drop, the cost of implementing such a product is either flat or increasing. In cases such as this, it often does not make sense to purchase a $15,000 bandwidth shaper to stave off a bandwidth upgrade that might cost an additional $200 a month.

What about the reporting aspects of an application shaper? Even if it can only accurately report 90 percent of the actual traffic, isn’t this useful data in itself?

Yes and no. Obviously analyzing 90 percent of the data on your network might be useful, but if you really look at what is going on, it is hard to feel like you have control or understanding of something that is so dynamic and changing. By the time you get a handle on what is happening, the system has likely changed. Unless you can take action in real time, the network usage trends (on a wide open Internet trunk) will vary from day to day.¹ It turns out that the most useful information you can determine regarding your network is an overall usage patter for each individual. The goof-off employee/user will stick out like a sore thumb when you look at a simple usage report since the amount of data transferred can be 10-times the average for everybody else. The behavior is the indicator here, but the specific data types and applications will change from day to day and week to week

How does the NetEqualizer differ and what are its advantages and weaknesses?

First, we’ll summarize equalizing and behavior-based shaping. Overall, it is a simple concept. Equalizing is the art form of looking at the usage patterns on the network, and then when things get congested, robbing from the rich to give to the poor. Rather than writing hundreds of rules to specify allocations to specific traffic as in traditional application shaping, you can simply assume that large downloads are bad, short quick traffic is good, and be done with it.

This behavior-based approach usually mirrors what you would end up doing if you could see and identify all of the traffic on your network, but doesn’t require the labor and cost of classifying everything. Applications such as Web surfing, IM, short downloads, and voice all naturally receive higher priority while large downloads and p2p receive lower priority. This behavior-based shaping does not need to be updated constantly as applications change.

Trusting a heuristic solution such as NetEqualizer is not always an easy step. Oftentimes, customers are concerned with accidentally throttling important traffic that might not fit the NetEqualizer model, such as video. Although there are exceptions, it is rare for the network operator not to know about these potential issues in advance, and there are generally relatively few to consider. In fact, the only exception that we run into is video, and the NetEqualizer has a low level routine that easily allows you to give overriding priority to a specific server on your network, hence solving the problem.

Another key element in behavior-based shaping is connections. Equalizing takes care of instances of congestion caused by single-source bandwidth hogs. However, the other main cause of Internet gridlock (as well as bringing down routers and access points) is p2p and its propensity to open hundreds or perhaps thousands of connections to different sources on the Internet. Over the years, the NetEqualizer engineers have developed very specific algorithms to spot connection abuse and avert its side effects.

This overview, along with the summary table below, should give you a good idea of where the NetEqualizer stands in relation to packet shaping.

Summary Table

Application based shaping

good for static links where traffic patterns are constant
good for intuitive presentations makes sense and easy to explain to non technical people
detailed reporting by application type
not the best fit for wide open Internet trunks
- costly to maintain in terms of licensing
- high initial cost
- constant labor to tune with changing application spectrum
- expect approximately 15 percent of traffic to be unclassified
only a static snapshot of a changing spectrum may not be useful
false positives may show data incorrectly no easy way to confirm accuracy
violates Net Neutrality

Equalizing

not the best for dedicated WAN trunks
the most cost effective for shared Internet trunks
little or no recurring cost or labor
low entry cost
conceptual takes some getting used to
basic reporting by behavior used to stop abuse
handles encrypted p2p without modifications or upgrades
Supports Net Neutrality

1 The exception is a corporate WAN link with relatively static usage patterns.

Note: Since we first published this article, deep packet inspection also known as layer 7 shaping has taken some serious industry hits with respect to US based ISPs

Related articles:

Why is NetEqualizer the low price leader in bandwidth control

When is deep packet inspection a good thing?

NetEqualizer offers deep packet inspection comprimise.

Internet users attempt to thwart Deep Packet Inspection using encryption.

Why the controversy over deep Packet inspection?

World wide web founder denounces deep packet inspection

ROI calculator for Bandwidth Controllers

January 22, 2009 — netequalizer

Is your commercial Internet link getting full ? Are you evaluating whether to increase the size of your existing internet pipe and trying to do a cost trade off on investing in an optimization solution? If you answered yes to either of these questions then you’ll find the rest of this post useful.

To get started, we assume you are somewhat familiar with the NetEqualizer’s automated fairness and behavior based shaping.

To learn more about NetEqualizer behavior based shaping we suggest our NetEqualizer FAQ.

Below are the criteria we used for our cost analysis.

1) It was based on feedback from numerous customers (different verticals) over the previous six years.

2) In keeping with our policies we used average and not best case scenarios of savings.
3) Our Scenario is applicable to any private business or public operator that administers a shared Internet Link with 50 or more users

4) For our example we will assume a 10 megabit trunk at a cost of $1500 per month.

ROI savings #1 Extending the number of users you can support.

NetEqualizer Equalizing and fairness typically extends the number of users that can share a trunk by making better use of the available bandwidth in a time period. Bandwidth can be stretched from 10 to 30 percent:

savings $150 to $450 per month

ROI savings #2 Reducing support calls caused by peak period brownouts.

We conservatively assume a brownout once a month caused by general network overload. With a transient brownout scenario you will likely spend debug time trying to find the root cause. For example, a bad DNS server could the problem, or your upstream provider may have an issue. A brownout may be caused by simple congestion . Assuming you dispatch staff time to trouble shoot a congestion problem once a month and at an overhead from 1 to 3 hours. Savings would be $300 per month in staff hours.

ROI savings #3 No recurring costs with your NetEqualizer.

Since the NetEqualizer uses behavior based shaping your license is essentially good for the life of the unit. Layer 7 based protocol shapers must be updated at least once a year. Savings $100 to $500 per month

The total

The cost of a NetEqualizer unit for a 10 meg circuit runs around $3000, the low estimate for savings per month is around $500 per month.

In our scenario the ROI is very conservatively 6 months.

Note: Commercial Internet links supported by NetEqualizer include T1,E1,DS3,OC3,T3, Fiber, 1 gig and more

Posted in Bandwidth Management, ROI, White Papers. Tags: bandwidth controller, ds3, e1, fiber, gig internet, internet congestion, Internet optimization, oc3, RO bandwidth controller, ROI network equipment, t1, t3, Wan Optimization. Leave a Comment »

AirEqualizer and Hidden Nodes: A Real Solution to a Virtual Problem

August 9, 2007 — netequalizer

Below is our recently released white paper that explores the hidden node problem and how the AirEqualizer is a solution. More information about the AirEqualizer can be found at: http://www.netequalizer.com/apeq.htm.

AirEqualizer and Hidden Nodes: A Real Solution to a Virtual Problem

Contents

Introduction

Of the numerous growing pains that can accompany the expansion of a wireless network, the issue of hidden nodes is one of the most difficult problems to solve. Despite your best efforts, the communication breakdown between nodes can wreak havoc on a network, often leading to sub par performance and unhappy users.¹ Many times, the cost of potential solutions appears to outweigh the benefits of expansion, which in some cases may not be a choice, but a necessity. Yet, hidden nodes are a problem that must be addressed and ultimately solved if a wireless network is to achieve successful growth and development.

What is a hidden node and why is it a problem for wireless networks?

An 802.11 wireless network in a normal, simple configuration consists of a central access point (AP) and one or more remote users – which are the individuals utilizing the computers and devices that constitute a node. Wireless transmission technology is such that if more than one remote user transmits data back to the AP at the same time, it is difficult for the AP to distinguish between the two talkers.

When the forefathers of 802.11 first designed the protocols for how a wireless network should prevent this problem, they assumed that all users and nodes would be in close proximity to the access point and could actually hear each other’s transmissions.For example, say node A and node B are wireless laptops in an office building with one access point. Node A starts sending data to the access point at the same moment as node B. By design, node A is smart enough to listen at the exact moment it is sending data in order to ensure that it has the airwaves free and clear. If it hears some other talker at the same time, it may back off, or, in other cases, node B may be the one to back off. The exact mechanism used to determine the back off order is similar to right of way rules at a four-way stop. These rules of etiquette are followed to prevent a crash and allow each node to send its data unimpeded.

Thus, 802.11 is designed with a set of courtesies such that if one node hears another node talking, it backs off, going silent as to reduce the chaos of multiple transmissions at the same time. This should be true for every node in the network. This technology worked fine until directional antennas were invented and attached to remote nodes, which allowed users to be farther away from an access point and still send and receive transmissions. This technology is widely available and fairly inexpensive, so it was adapted by many wireless service providers to extend Internet service across a community.

The impact of these directional antennas, and the longer distances it allows users to be from access points, is that individual nodes are often unable to hear each other. Since their antennas are directed back to a central location, as the individual nodes get farther away from the central AP, they also become farther apart from each other. This made it more difficult for the nodes to communicate. Think of a group of people talking while they stand around in an ever-expanding circle. As the circle expands away from the center, people get farther apart, making it harder for them to communicate. Since it’s not practical to have each node point a directional antenna at all of the other nodes, the result is that the nodes don’t acknowledge one another and subsequently don’t back off to let others in. When nodes compete to reach the access point at the same time, typically those with the strongest signals, which are generally closest to the AP, win out, leaving the weaker-signaled nodes helpless and unable to communicate with the access point (see image below).
Your browser may not support display of this image.

When a network with hidden nodes reaches capacity, it is usually due to circumstances such as this, where nodes with stronger signals steal the airwaves and crowd out nodes with weaker signals. If the nodes with the stronger signals continue to talk constantly, the weaker nodes can be locked out indefinitely, leaving certain users without access to the network.The degradation of the hidden node problem varies with time of day, as well as with who is talking at any moment. As a result, the problem is not in one place for long, so it is not easily remedied by a quick mechanical fix. But, fortunately, there is a solution.

How does AirEqualizer solve the hidden node issue?

The AirEqualizer solution, which is completely compatible with 802.11, works by taking advantage of the natural inclination of Internet connections to back off when artificially restrained. We’ll get back to this key point in a moment.

Understanding the true throughput upper limit of your access point is key to the AirEqualizer’s efficiency, since the advertised throughput of an AP and its actual ceiling often vary, with most AP’s not reaching their full potential. Once you have determined the peak capacity of the access point (done empirically through busy hour observation), you then set the AirEqualizer effective trunk size to that value. This tells the AirEqualizer to kick into gear when that upper limit is reached.Once configured, the AirEqualizer constantly (every second) measures the total aggregate bandwidth throughput traversing the AP. If it senses the upper limit is being reached, AirEqualizer will then isolate the dominating flows and encourage them to back off.Each connection between a user on your network and the Internet constitutes a traffic flow. Flows vary widely from short dynamic bursts, which occur, for example, when searching a small Web site, to large persistent flows, as when performing peer-to-peer file sharing or downloading a large file. By keeping track of every flow going through the AP, the AirEqualizer can make a determination of which ones are getting an unequal share of bandwidth and thus crowding out flows from weaker nodes.

AirEqualizer determines detrimental flows from normal ones by taking the following questions into consideration:

1) How persistent is the flow?
2) How many active flows are there?
3) How long has the flow been active?
4) How much total congestion is currently on the trunk?
5) How much bandwidth is the flow using relative to the link size?

Once the answers to these questions are known, AirEqualizer will adjust offending flows by adding latency, forcing them to back off and allow potentially hidden nodes to establish communications – thus eliminating any disruption. Nodes with stronger signals that are closer to the access point will no longer have the advantage over users based farther away. This is done automatically by the AirEqualizer, without requiring any additional programming by administrators. The key to making this happen over 802.11 relies on the fact that if you slow a stream to the Internet down, the application at the root cause will back off and also slow down. This can be done by the AirEqualizer without any changes to the 802.11 protocol since the throttling is actually done independent of the radio. The throttling of heavy streams happens between the AP and the connection to the Internet.

Questions and Answers

How do you know congestion is caused by a heavy stream?

Can certain applications be given priority?

Air Equalizer can give priority by IP address, for video streams, and in its default mode it naturally gives priority to Voice over IP (VoIP), thus addressing a common need for commercial operators.

How many users can the AirEqualizer support?

The AirEqualizer can support approximately 100 users.

Why hasn’t another radio manufacturer used your methodology already?

Radio manufacturers are not aware of the human factors of Internet behavior, so they try to solve the hidden node issue with different schemes in the RF spectrum. This usually involves a proprietary polling or time share algorithm. This is not to say that it can’t be done this way, but we believe the AirEqualizer method is the only way to solve the problem using the ingrained 802.11 technology as it stands.

What happens to voice traffic over a wireless transmission? Will it be improved or impaired?

How can I find out more about the AirEqualizer?

Additional information about the AirEqualizer can be found at our Web site: http://www.netequalizer.com/apeq.htm.

How can I purchase an AirEqualizer for trial?

Customers in Europe can contact Aibridges at ++353 (0) 65 684 8768 or via e-mail at sales@aibridges.ie.

²Randy Barrett, “Putting the Squeeze on Internet Hogs: How Operators Deal with Their Greediest Users.” Multichannel News. 7 Mar. 2007. Retrieved 1 Aug. 2007 http://www.multichannel.com/article/CA6439454.html

Posted in White Papers. 2 Comments »

APconnections Details Hidden Node 802.11 Solution in AirEqualizer White Paper

August 8, 2007 — netequalizer

APconnections, maker of the popular bandwidth control solution NetEqualizer, today announced the publication of a detailed white paper describing how their new access point technology, AirEqualizer, solves the hidden node problem widely found in wireless networks.

“The AirEqualizer has proven itself to be a rock solid access point which completely eliminates congestion and slowness associated with hidden nodes,” said Art Reisman, CEO of APconnections.

Entitled, “AirEqualizer and Hidden Nodes: A Real Solution to a Virtual Problem,” the white paper breaks down the hidden node issue and the complications it can cause for wireless networks. The paper goes on to document the technology behind the AirEqualizer solution, which uses latency to prevent more dominant nodes from blocking out those with weaker signals.

The white paper in its entirety can be found at http://www.netequalizer.com/Hidden_Node_White_Paper.php.

The AirEqualizer technology was first developed out of open source projects that APconnections started in 2004. Like the company’s NetEqualizer line, the AirEqualizer is designed to fit easily into any network with minimal setup time. In addition, the technology doesn’t require users to purchase products from any single equipment supplier, like many other hidden nodes solutions.

When asked why APconnections openly explains and details their technology in a white paper, Reisman responded: “We found that customers don’t like getting locked into proprietary solutions where they’re forced to buy certain types of equipment, and we use that to our advantage. Anybody already using 802.11 technology can retrofit our AP’s right in without any re-design. We offer a value add by supporting and bundling the technology in an AP.”

Also announced today is the availability of the AirEqualizer in Western Europe exclusively through APconnections’ distribution partner Ai Bridges (http://www.Aibridges.ie).

Posted in Press Releases, White Papers. Tags: hidden node, hidden node problem, hidden node solution. Leave a Comment »

NetEqualizer News Blog

Follow NetEq Blog

Categories

Keyword Search

Pages

Recent Posts

How to Block Frostwire, utorrent and Other P2P Protocols

White Paper: A Simple Guide to Network Capacity Planning

Equalizing Compared to Application Shaping (Traditional Layer-7 “Deep Packet Inspection” Products)

How NetEqualizer compares to Bluecoat, Allot, Cymphonix, & Exinda

NetEqualizer Bandwidth Shaping Solution: Hotels & Resorts

NetEqualizer Bandwidth Shaping Solution: Business Centers

NetEqualizer Bandwidth Shaping Solution: Telecom, Satellite Systems, Cable, and Wired and Wireless ISPs

NetEqualizer Bandwidth Shaping Solution: Libraries

NetEqualizer Bandwidth Shaping Solution: K-12 Schools

NetEqualizer Bandwidth Shaping Solution: Colleges, Universities, Boarding Schools, and University Housing

Using NetEqualizer Lite to prevent the 802.11 Hidden Terminal problem

Hitchhiker’s Guide To Network And WAN Optimization Technology

Table of Contents

Compression

Caching

Protocol Spoofing

Application Shaping

Equalizing

Connection Limits

Simple Rate Limits

Conclusion

NetEqualizer White Paper Comparison with Traditional Layer-7 (Deep Packet Inspection Products)

How NetEqualizer compares to Packeteer, Allot, Cymphonics, Exinda

ROI calculator for Bandwidth Controllers

AirEqualizer and Hidden Nodes: A Real Solution to a Virtual Problem

AirEqualizer and Hidden Nodes: A Real Solution to a Virtual Problem

APconnections Details Hidden Node 802.11 Solution in AirEqualizer White Paper

See for yourself.

If you like our articles, you can talk to our authors!

Archives

Top Posts

Follow NetEq Blog

Categories

Keyword Search

Pages

Recent Posts

Share this:

Like this:

Share this:

Like this:

How NetEqualizer compares to Bluecoat, Allot, Cymphonix, & Exinda

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Share this:

Like this:

Table of Contents

Compression

Caching

Protocol Spoofing

Application Shaping

Equalizing

Connection Limits

Simple Rate Limits

Conclusion

Share this:

Like this:

How NetEqualizer compares to Packeteer, Allot, Cymphonics, Exinda

Share this:

Like this:

Share this:

Like this:

AirEqualizer and Hidden Nodes: A Real Solution to a Virtual Problem

Share this:

Like this:

Share this:

Like this:

See for yourself.

If you like our articles, you can talk to our authors!

Archives

Top Posts