How to Survive High Contention Ratios and Prevent Network Congestion


image1-2

Is there a way to raise contention ratios without creating network congestion, thus allowing your network to service more users?

Yes there is.

First a little background on the terminology.

Congestion occurs when a shared network attempts to deliver more bandwidth to its users than is available. We typically think of an oversold/contended network with respect to ISPs and residential customers; but this condition also occurs within businesses, schools and any organization where more users are vying for bandwidth than is available.

 The term, contention ratio, is used in the industry as a way of determining just how oversold your network is.  A contention ratio is simply the size of an Internet trunk divided by the number of users. We normally think of Internet trunks in units of megabits. For example, 10 users sharing a one megabit trunk would have a 10-to- 1 contention ratio.
 A decade ago, a 10-to-1 contention ratio was common. Today, bandwidth is much less expensive and the average contention ratios have come down.  Unfortunately, as bandwidth costs have dropped, pressure on trunks has risen, as today’s applications require increasing amounts of bandwidth. The most common congestion symptom is  slow network response times.
Now back to our original question…
Is there a way to raise contention ratios without creating congestion, thus allowing your network to service more users?
This is where a smart bandwidth controller can help.  Back in the “old” days before encryption was king, most solutions involved classifying types of traffic, and restricting less important traffic based on customer preferences.   Classifying by type went away with encryption, which prevents traffic classifiers from seeing the specifics of what is traversing a network.  A modern bandwidth controller uses dynamic rules to restrict  traffic based on aberrant behavior.  Although this might seem less intuitive than specifically restricting traffic by type, it turns out to be just as reliable, not to mention simpler and more cost-effective to implement.
We have seen results where a customer can increase their user base by as much as 50 percent and still have decent response times for interactive  cloud applications.
To learn more, contact us, our engineering team is more than happy to go over your specific situation, to see if we can help you.
You also might be interested in this VPN product  https://www.cloudwards.net/safervpn-review/

NetEqualizer News: January 2017


We hope you enjoy this month’s NetEqualizer Newsletter. Highlights include a preview of more 8.5 Release features, an announcement of our 8.4 User Guide, our planned 2017 Road Trips, and more!

 

  January 2017

 

8.5 Release Planning is Underway!
Greetings! Enjoy another issue of NetEqualizer News.

As we kick off the new year, I am excited to begin development on our 8.5 Release, currently planned for late spring/early summer. This month, we continue to discuss the features planned for 8.5.img_2686I also like to get out in the field to meet with our customers, and those interested in the NetEqualizer. Check out my 2017 Road Trip plans in this month’s newsletter.

And finally, we have the 8.4 User Guide available, for those of you who like to delve into our features in detail – enjoy!

We continue to work with you to solve some of your most pressing network problems – so if you have one that you would like to discuss with us, please call or email me anytime at 303.997.1300 x103 or art@apconnections.net.

And remember we are now on Twitter. You can follow us @NetEqualizer.

– Art Reisman (CTO)

In this Issue:

:: 8.5 Release Features Preview

:: 8.5 Feedback Received – Thank You!

:: The 8.4 User Guide is Now Available!

:: 2017 Road Trips

:: Time for a Tech Refresh?

:: Best of Blog: Top 5 Reasons Confirming Employers Don’t Like Their IT Guy

8.5 Release Features Preview

We are staring to develop our 8.5 Release!

Continued from November 2016

In November we talked about Cloud Reporting, Read-Only Login, and NetEqualizer Logout.

This month we introduce several more features planned for 8.5:

1) Pool-specific RATIO and HOGMIN

2) Retain RTR State Upon Reboot

Pool-specific RATIO and HOGMIN

Ever since we first started making NetEqualizers, there has been one RATIO and one HOGMIN setting that applied to all traffic going through the device. Beginning with Release 8.5, however, we’ve enhanced our software to allow for Pool-specific RATIO and HOGMIN settings. This means that each Pool can have it’s own unique configuration with regard to these values. These changes help administrators have more fine-tuned control over when Equalizing occurs and what the minimum requirements for Equalizing will be on a Pool level rather than a network level.

Retain RTR State Upon Reboot

This has been one of the most requested features ever since we introduced RTR, and we are happy to say it will be part of Release 8.5. With this release, RTR will start upon reboot and maintain all your reporting settings so that you don’t need to go back into the device and start the service manually. This is useful in case the device is affected by a power outage or another type of unplanned activity.

Stay tuned to our newsletter for further updates on Release 8.5. We are currently underway in the development process and are still shooting for a late spring/early summer release. As always, the release is free to those with valid NetEqualizer Software and Support (NSS) plans. Contact us today with questions!

contact_us_box

8.5 Feedback Received – Thank You!

 We Appreciated Your Suggestions!

We asked for input to our 8.5 Release and you responded with some great ideas – thank you!fancy thank-you

Here are the features that you asked us to consider for 8.5. We will let you know what makes it over the course of future newsletters…

– Quota Enhancements: Email Customer on Exceed Quota, Summary Email before Reset, Quota in the Cloud, Web Portal

– Add sophisticated SNMP logic

– Protocol Tracking Reports

– Traffic by Source IP Report

– Bandwidth Test for Troubleshooting

– Build out Automated Alerts

– Add Real-Time Penalties to RTR Dashboard

– Add Name capability to HL, Masks, VLANs, P2P, and Priority

– Add Visibility to Penalty against what Rule

– Add Host Name from NSLookup to RTR Reports

If any of the above suggestions would also be useful to you and your organization, please let us know!

unnamed-3

The 8.4 User Guide is Now Available!

Dive into the details on NetEqualizer’s features…

We are excited to announce the User Guide has been updated to reflect Software Update 8.4, in several key areas.screenshot-at-feb-08-23-53-34

We have focused on updating the configuration sections, describing our new Batch Entry Screens for setting up Bandwidth Limits, limiting P2P Traffic, setting Bandwidth Priorities, and restricting Bandwidth Usage.

We also have added a new section to the User Guide, which walks through our Perform Quick Edits capability.  Quick Edits is useful when you want to add or delete one or a small number of rules.  We offer Quick Edits for seven (7) types of rules, including Pools, Hard Limits, and P2P Traffic Limits.

You can view the updated User Guide by clicking here or on the picture at right.

Note that the Appendices and Monitoring & Reporting sections are not yet updated to 8.4.

We plan to update the remaining sections of the User Guide to 8.4 soon. Look for an update in an upcoming newsletter!

2017 Road Trips

We’re hitting the road…

Our CTO, Art Reisman, is planning to make a swing up the East coast this spring. Most likely he will be in the Boston and New England area the week of Feb 20th – with some room for flexibility in the timeframe. If you are on the East coast and would like to host a formal on-site Tech Refresh, let us know and we will try to get it scheduled!

contact_us_box

Time for a Tech Refresh?

Re-familiarize yourself with NetEqualizer!

Now that Release 8.4 has been out for 6 months, and many customers have moved to it, you may have questions! Release 8.4 had a lot of changes associated with it that may be slightly confusing if you are used to older GUI versions.

Don’t worry though, we are here to help! If you are current on your NetEqualizer Software and Support (NSS) plan, we’d like to offer you a FREE 30 minute Tech Refresh to go over any questions or issues you might have with your NetEqualizer. Contact us today to schedule a time slot with an engineer!

contact_us_box-1

Best Of Blog

Top 5 Reasons Confirming Employers Don’t Like Their IT Guy

By Art Reisman

ca3b912d-b4a8-40d4-a2a8-320abe66658e

1) The IT room is the dregs

Whenever I travel to visit with my IT customers, it is always a challenge to find their office.  Even if I find the right building on the Business/College Campus, finding their actual location within the building is anything but certain. Usually it ends up being in some unmarked room behind a loading dock, accessible only by secret passage designed to relieve the building of cafeteria waste near the trash bins. Many times, their offices are one and the same thing as the old server computer room, with the raised floor, screaming fans, and air cooled to a Scottish winter…

Photo of the Month
a4b5df23-0e88-48dc-a3c3-82e7b0d74d94
TEDx Aruba

This past fall, a staff member and his wife, Andrea, visited the island of Aruba in the south Caribbean Sea. The official slogan for the country is “One Happy Island,” and this held true the entire trip – all of the people were extremely friendly and welcoming. The purpose of the trip was to present at TEDx Aruba on the topic of sustainability – specifically how our trash plays a role in the most pressing environmental issues of our time. Andrea runs a non-profit based in Boulder, CO that helps educate people on how to reduce their trash and plastic footprint as well as live more simple, meaningful lives. Check out her website and follow her on Instagram if you are so inclined!

APconnections, home of the NetEqualizer | (303) 997-1300 | Email | Website 

NetEqualizer News: November 2016


We hope you enjoy this month’s NetEqualizer Newsletter. Highlights include a 8.5 Release feature preview, customer testimonials, and more!

 

  November 2016

 

8.5 Release Planning is Underway!
Greetings! Enjoy another issue of NetEqualizer News.

As we start into the holiday season here in the U.S., I am thankful for many things. First, I want to THANK YOU, our customers, for making this all worthwhile.

fancy thank-you

In my conversations with customers & prospects, I hear over & over how much our behavior-based shaping (aka equalizing) saves you time, money, and headaches. Thank you for validating all our efforts here at APconnections!

I am also thankful that the Presidential Election is over in the U.S., as I am tired of seeing political TV advertisements, which seem to be on every 10 minutes.

We continue to work with you to solve some of your most pressing network problems – so if you have one that you would like to discuss with us, please call or email me anytime at 303.997.1300 x103 or art@apconnections.net.

And remember we are now on Twitter. You can follow us @NetEqualizer.

– Art Reisman (CTO)

In this Issue:

:: 8.5 Release Features Preview

:: We Want Your Suggestions for the 8.5 Release!

:: Is Anyone Out There Still Suffering From DDoS Attacks?

:: Featured Customer Testimonials

:: Best of Blog: Using NetEqualizer to Ensure Clean, Clear QoS for VOIP Calls

8.5 Release Features Preview

We are staring to plan our 8.5 Release!

We have started putting together initial plans for our late spring software update – 8.5 Release. We have some exciting features in mind! Here is a preview of several features that will be included:

Cloud Reporting

Have you ever wanted to access reporting data for longer than 4 weeks? The reason for the current NetEqualizer limit is that we can only store so much data on the device itself.unnamed-2

Our new Cloud Reporting offering will allow you to store historical NetEqualizer data for an extended period of time. You’ll be able to seamlessly pull this data from the Cloud and display the results on your NetEqualizer, or use it for other reporting and archiving purposes.

Read-only Login Account (customer feature request)

The NetEqualizer has always used basic HTTP authentication for it’s one account, but that is about to change! The next release will have a more standard login page with two roles – the current administrator role as well as a NEW read-only account role. The read-only account will let non-technical staff log in and view reports as well as a few other features.fsdf

NetEqualizer Logout (customer feature request)

We will support web application sessions with both log in & log out. Today we offer login but in 8.5 users will also be able to securely log their session out once they are finished using the GUI.

We are very excited about enhancing our recent 8.4 Release user interface with these changes. Stay tuned to the newsletter for updates on 8.5 features, release dates, and more!

We Want Your Suggestions for the 8.5 Release!

 We want your help! Last call for suggestions for our 8.5 Release.

Now is your last chance for 8.5 Release feature requests!

Many of our best features come from customer requests. For example, for all of you that wanted to have a read-only account for NetEqualizer administration, you’ll be happy to know that we have included it in our upcoming 8.5 Release. Our NetEqualizer Logout is also based on a customer suggestion.

For those suggested features that don’t make the cut, it is not because we did not like them (we like all the suggestions), but we have to filter on features that apply to a large set of our customers. We also keep track of all feature requests, so if yours does not make it into 8.5, it may be scheduled in a future release.

We only know what features you are interested in if you speak up! We have no way of knowing if a feature is popular or not unless we hear from you. So please, think deep and tell us what features would make the NetEqualizer tool more valuable to you!

Here are some questions you can ask yourself or your IT team to come up with ideas:

  1. What feature could I use to help us troubleshoot network problems, perhaps something you need to see in our reports?
  2. What feature would further help optimize our bandwidth resource, perhaps your wireless network has unique challenges?
  3. What security concerns do you have? Anything in the DDoS arena?
  4. What feature could be added to make setup and maintenance more efficient?

unnamed-3

Is Anyone Out There Still Suffering from DDoS Attacks?

What have your experiences been?

Perhaps the Russians have given up on hacking? We are not sure, but we certainly have seen a big drop off in DDoS help requests to our support team – so much so that we have put our DDoS firewall enhancement plans on hold.

We were working on a feature request to block foreign IP’s by connection count as one of our DDoS triggers. It would work something like this:

A NetEqualizer customer sets a white list for public IP’s to let through (not blocked). Any other public IP hitting the network with more than X active connections would trigger an alert or possibly a block based on your preference.

We need to know if such a feature, or another DDoS approach would be better, based on your experience.

Let us know what you have been seeing as far as DDoS attacks on your network!

unnamed-4

Featured Testimonials

What our customers are saying…

We take great pride in ensuring our customers are happy with their NetEqualizer! You can find all of our customer testimonials on our website under the “Customers” menu.

Here are just a few testimonials that we’ve received in 2016:

Reed Collegeunnamed-6

“We’ve had NetEqualizers on campus at Reed for several years and continue to be very happy with the product. We have a very small staff and don’t have time to “tune” a device like a Packetshaper. Instead the NetEqualizer is protocol agnostic in the way it shapes traffic for most users but also allows us to quickly prioritize some traffic if necessary.

Over the years the NetEqualizer has saved us countless hours of staff time. We did lose some visibility into what is happening on our border network but our IDS/IPS replaced that functionality. NetEqualizer is an excellent product.”Gary Schlickeiser – Director of Technology Infrastructure Services

Thanks Gary for your kind words!

Edmonton Regional Airport Authorityunnamed-7

“We presently use two NE3000 units for Internet traffic control and monitoring in a redundant setup. At present we have a maximum of 600 Mbps Internet throughput, with over 300 IP addresses in use in some 120+ address Pools.

The NetEqualizer is a very useful tool for us for monitoring and setting speeds for our many users. Most of the feeds come straight off our Campus network, which is spread over a seven kilometer distance from one end of the airdrome to the other. We also feed a number of circuits to customers using ADSL equipment in the older areas where fiber is not yet available. Everything runs though the “live” NE3000!

Controllability and monitoring is key for our customers, as they pay for the speed they are asking for. With the RTR Dashboard, we continually monitor overall usage peaks to make sure we provide enough bandwidth but, more importantly, to our individual customers. Many customers are not sure of how much bandwidth they need, so using the Neteq we can simply change their speed and watch the individual IP and/or Pool usage to monitor. This becomes especially useful now as many customers, including ourselves, use IP telephony to remote sites; so we need to maintain critical bandwidth availability for this purpose. That way when they or we have conference calls for example, no one is getting choppy conversations. All easily monitored and adjusted with the Dashboard and Traffic Management features.

We also have used the Neteq firewall feature to stop certain attack threats and customer infected pcs or servers from spewing email or other reported outbound attacks, not a fun thing but it happens.

Overall a very critical tool for our success in providing internet to users and it has worked very well for the past 8 or more years!”Willy Damgaard – Network and Telecom Analyst

Thanks Willy! We are happy to help.

Cooperative Light & Powerunnamed-8

“Our company is an electric utility and we have a subsidiary WISP with about 1,000 unlicensed fixed wireless customers. We purchased our first NetEqualizer about a year ago to replace our fair access policy server from another company. The server we replaced allowed burst then sustained bandwidth so we weren’t sure if “equalizing” would work, but it works extremely well as advertised.

The NetEqualizer is stable and actually requires very little maintenance after initial configuration. In our case, we wanted to limit the upper end of what a customer could use (max burst). We were able to set that parameter in our wireless CPE’s. Then we set the equalizing pools for the size of our APs. The NetEqualizer can do a burst then sustained then burst at equal intervals, but to our surprise we actually didn’t need to use it.

We also purchased the DDoS Firewall and that is working nicely as well for quick identification of attacks. Perhaps the most important thing to note is the support is excellent. From sales to engineering the team is very responsive and knowledgeable. We were so impressed that we actually purchased a second NetEqualizer to handle the rest of our network. This company is A+.”Kevin Olson – Communication Manager

Thanks Kevin!

It is wonderful to hear such glowing feedback from one of our newer customers! If you would like to share your feedback on the NetEqualizer, to be highlighted in a future NetEqualizer News, click here to send us an email.

unnamed-5

Best Of Blog

Using NetEqualizer to Ensure Clean, Clear QoS for VoIP Calls

By Art Reisman
 
Last week I talked to several ISP’s (Note: these were blind calls, not from our customers) that were having issues with end customers calling and complaining that their web browsing and VOIP calls were suffering. The funny thing is that the congestion was not the fault of the ISP, but the fault of the local connection being saturated with video. For example, if the ISP delivers a 10 meg circuit, and the customer starts two Netflix sessions, they would clog their own circuit.
Those conversations reminded me of an article I wrote back in 2010 that explains how the NetEqualizer can alleviate this type of congestion for VoIP. Here it is…

Photo of the Month
img_2686
Hiking Near Caribou Ranch
It’s been unseasonably warm in Colorado this fall. We’ve been taking advantage of this by hiking in the mountains amidst the changing leaf colors. 
APconnections, home of the NetEqualizer | (303) 997-1300 | Email | Website 

Crossing a Chasm, Transitioning From Packet Shaping to the Next Generation Bandwidth Shaping Technology


Screen Shot 2016-04-05 at 10.07.59 AM.png

By Art Reisman

CTO, APconnections

Even though I would self identify as an early adopter of new technology, when I look at my real life behavior, I tend to resist change and hang on to   technology that I am comfortable with.   Suffice it to say, I  usually need an event or a gentle push to get over my resistance.

Given that technology change is uncomfortable,  what follows is a gentle push, or perhaps a mild shove, to help anybody who is looking to pull the trigger on moving away from Packet Shaping into a more sustainable, cost-effective alternative.

First off, lets look at why packet shaping (layer 7 deep packet inspection) technologies are popular.

“A good layer 7 based tool creates the perception of complete control over your network. You can see what applications are running, how much bandwidth they are using, and make adjustments to flows to meet your business objectives.”

Although the above statement appears idyllic, the reality of implementing packet shaping, even at its prime, was at best only 60 percent accurate.  The remaining 40 percent of traffic could never be classified, and thus had to shaped based on guess work or faith.

Today, the accuracy of packet classification continues to slip. Security concerns are forcing most content providers to adopt encryption. Encrypted traffic cannot be classified.

In an effort to stay relevant, companies have moved away from deep packet inspection to classifying traffic by the source and destination (source IP’s are never encrypted and thus always visible).

If your packet shaping device knows the address range of a content provider, it can safely assume a traffic type by examining the source IP address.  For example, Youtube traffic emanates from a source address owned by Google.  The draw-back with this method is that savvy users can easily hide their sources by using any one of the publicly available VPN utilities out there.  The personal VPN world is exploding as individual users are moving to VPN tunneling services for all their home browsing.

The combination of VPN tunnels and encrypted content is slowly transforming the best application classifiers into paper weights.

So, what are the alternatives?   Is  there something better?

Yes, if you can let go of concept of controlling specific traffic by type,  you can find viable alternatives.  As per our title, you must “cross the chasm”, and surrender to a new way of bandwidth shaping, where decisions are based on usage heuristics, and not absolute identification.

What is a heuristic-based shaper ? 

Our heuristic-based bandwidth shapers borrow from the world of computer science and a CPU scheduling technique called shortest job first (SJF).  In today’s world,  a “job” is synonymous with an application.  You have likely unknowingly experienced the benefits of a shortest job first scheduler when you use a linux-based laptop, such as a MAC or Ubuntu.  Unlike the older Windows operating systems where one application can lock up your computer, such lock ups are rare on Linux .  Linux uses a scheduler that allows preemption to let other applications in during peak times, so they are not starved for service.     Simply put,  a computer with many applications using SJF will pick the application it thinks is going to use the least amount of time and run it first. Or preempt a hog to let another application in.

In the world of bandwidth shaping we do not have the issue of contended CPU resources, but we do have an overload of Internet applications that vie for bandwidth resources on a shared link.   The NetEqualizer uses SJF-type techniques to preempt users who are dominating a bandwidth link with large downloads and other hogs. Although the NetEqualizer does not specifically classify these hogging applications by type , it does not matter. The hogging applications, such as large downloads and high resolution video, by their large foot print alone, are given lower priority.  Thus the business critical interactive applications with smaller bandwidth resource consumption get serviced first.

Summary

The issue we often see with switching to heuristic-shaping technology is that it goes against the absolute control-oriented solution offered by Packet Shaping.  The alternative of sticking with deep packet inspection and expecting to get control over your network is becoming impossible, hence something must change.

The new heuristic model of bandwidth shaping accomplishes priority for interactive cloud applications, and the implementation is simple and clean.

Bandwidth Shaping Shake Up, Your Packet Shaper May be Obsolete?


If you went to sleep in 2005 and woke up 10 years later you would likely be surprised by some dramatic changes in technology.

  • Smart cars that drive themselves are almost a reality
  • The desktop PC is no longer a consumer product
  • Wind farms  now line the highways of rural America
  • Layer 7 shaping technology is now clinging to life, crashing the financials of a several  companies that bet the house on it.

What happened to layer 7 and Packet Shaping?

In the early 2000’s all the rave in traffic classification was the ability to put different types of bandwidth traffic into labeled buckets and assign a priority to them. Akin to rating your food choices  on a tapas menu ,network administrators  enjoyed an extensive  list of various traffic. Youtube, Citrix,  news feeds, the list was only limited by the price and quality of the bandwidth shaper. The more expensive the traffic shaper , the more choices you had.

Starting in 2005 and continuing to this day,  several forces started to work against the layer 7 paradigm.

  • The price of bulk bandwidth went into a free fall, much faster than the relatively fixed cost of a bandwidth shaper.  The business proposition of buying a bandwidth shaper to conserve bandwidth utilization became much tighter. Some companies that were riding high saw their stock prices collapse.
  • Internet traffic became invisible and impossible to identify with the advent of encryption techniques. A traffic classifier using Layer 7,  cannot see inside HTTPS or a VPN tunnel, and thus it is essentially becomes a big expensive albatross with little value as the rate of encrypted traffic increases.
  • The FCC ruling toward Net Neutrality further put a damper on a portion of the Layer 7 market. For years ISPs had been using Layer 7 technology to give preferential treatment to different types of traffic.
  • Cloud based services are using less complex  architectures. Companies  can consolidate on one simplified central bandwidth shaper, where as before they might have had several on all their various WAN links and Network segments

So where does this leave the bandwidth shaping market?

There is still some demand for layer 7 type shapers, particular in countries like China, where they attempt to control   everything.  However in Europe and in the US , the trend is to more basic controls that do not violate the FCC rule, cost less, and use some form intelligent based fairness rules such as:

  • Quota’s ,  your cell phone data plan.
  • Fairness based heuristics is gaining momentum, lower price point, prevents congestion without violating FCC ruling  (  Equalizing).
  • Basic Rate limits,  your wired ISP 20 megabit plan, often implemented on a basic router and not a specialized shaping device.
  • No Shaping at all,  pipes are so large there is no need to ration bandwidth.

Will Shaping be around in 10 years?

Yes, consumers and businesses will always find ways to use all their bandwidth and more.

Will price points for bandwidth continue to drop ?

I am going to go against the grain here, and say bandwidth prices will flatten out in the near future.  Prices  over the last decade slid for several reasons which are no longer in play.

The biggest driver in price drops was the wide acceptance of wave division muliplexing on carrier lines in the 2005- present time frame. There was already a good bit of fiber in the ground but the WDM innovation caused a huge jump in capacity, with very little additional cost to providers.

The other factor was a major world-wide recession, where businesses where demand was slack.

Lastly there are no new large carriers coming on line. Competition and price wars will ease up as suppliers try to increase profits.

 

 

Top Ten Article Teasers for May 2016


Screen Shot 2016-04-05 at 10.07.59 AM

By Art Reisman
CTO http://www.netequalizer.com

I was wound up and ready to write an interesting blog article today.  Problem was , I had a serious issue getting started.  I spent an hour or so with so many angles and things on my mind, that I just could not narrow it down and get started.  Then I had an out of the box idea.   I decided  to use my freedom as one of the Editors of this blog to make my article the list of headlines and associated teasers of all the article ideas in my head.  Who does that ?

Sorry if any of these leave you hanging.

Why do so many companies take technology advice from Gartner ? If their information was really that good, they would not need to be selling it.

The TSA is now talking about 3 hour lines at airports this summer. My instinct tells me this organization has realized a new-found political power. They control the airports and you must pay up if you want to fly.

Deep packet inspection. Is it dead ? A simple VPN tunnel renders it useless.

A competitor of ours, ETINC, has a really great explanation on why DPI does not work when trying to eliminate P2P . The case against Deep Packet Inspection.

Umpires and IT people nobody really likes them.

Do you hire two plumbers when one is sufficient to fix your sink ? No of course not . Your employer is no different they don’t want you on their pay-roll.

Mega Mansions and Bandwidth how much do we really need? I am expecting a tiny bandwidth movement where millennials compete on how small their bandwidth foot print is.

Does anybody pay for good content anymore ? I stopped reading Back Packer Magazine when their content every month became a list of product reviews .

How many people are moving to Colorado because weed is legal ?

The Home PC will be completely dead in 10 years.  Replaced by the PC in  Virtual Cloud.

 

 

Let us know if you want any of these expanded on for next week.

 

 

 

NetEqualizer News: March 2016


We hope you enjoy this month’s NetEqualizer Newsletter. Highlights include features from Release 8.4, our 2016 Leasing Program, and a presentation highlighting the NetEqualizer at the 2016 ASCUE Conference.

March 2016
Release 8.4 is almost here!
Greetings! Enjoy another issue of NetEqualizer News.

I write this today in the midst of a spring blizzard in Colorado. So far it appears that I have at least 15 inches of snow and drifts up to three feet outside my house, while it continues to blow more snow in at 35 miles an hour. Just another typical March day in Colorado! I was hoping to talk about spring in this newsletter, but now it seems far away.0fad184f-5ea1-44c3-ad71-1093fd99f808

This month we are talking about our upcoming release, slated for May, which features a lot of cool Usability Enhancements. Read below to learn more. We also continue our discussion on how the NetEqualizer is Cloud-Ready, as all things Cloud continues to be top-of-mind for all of us.

We are excited to announce that we will be represented at the ASCUE Conference in June. Join Young Harris College at their talk featuring the NetEqualizer.

And finally, we share more news about our 2016 Leasing Program, and how we are keeping bandwidth shaping affordable.
twitter

And remember we are now on Twitter! You can now follow us @NetEqualizer.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

– Art Reisman (CTO)

In this issue:

:: NetEqualizer Release 8.4 – Enhanced Usability – Is Almost Ready!
:: Keeping Bandwidth Shaping Affordable
:: Join a Presentation on NetEqualizer at ASCUE in June 2016
:: Six Ways to Save with Cloud Computing

NetEqualizer Release 8.4 – Enhanced Usability – Is Almost Ready!
A Complete GUI Redesign!

We recently had the chance to kick the tires on our new 8.4 Release interface. It really has some significant wow factor type features. In hindsight, perhaps we should have called this NetEqualizer 9.0 and not just lowly 8.4. We have been talking about this release as a GUI Redesign & Pool Enhancements, but I really think 8.4 is a release full of Usability Enhancements, that will make it easier to manage and configure your NetEqualizer.
The biggest changes center on the the regular NetEqualizer GUI. We have transitioned everything to share the same look and feel as RTR. Here are some of the pages and features we are most excited about!1) Edit traffic limits on the fly without having to add/remove them one at a time! The screenshot below shows the Pool/VLAN shared limit interface. You can see the Pools, their names, and their associated members.mpxGG3D2) We added a cool new dashboard that serves as the homepage for NetEqualizer management (license key information blocked out in grey):dash3) The new GUI also has an easy way to set the time and pick a timezone – no more logging in to the NetEqualizer terminal!date4) You can now choose your units for the entire interface! This includes units for the configuration and RTR.unitesCheck back next month for an update on more exciting changes planned for 8.4!Our time frame for General Acceptance of this release is May of 2016.As with all software releases, the 8.4 Release will be free to all customers with valid NetEqualizer Software and Support (NSS).
contact_us_box-1
Keeping Bandwidth Shaping Affordable
NetEqualizer Leasing Program

At APconnections, we are proud of our reputation for offering affordable bandwidth shaping solutions. In the summer of 2013, we decided that we could help our customers that need to better align costs with recurring revenue, by offering a Leasing Program.lease

We are happy to announce that we have enhanced our lease offerings in 2016. Our “Standard” lease now comes with a 1Gbps license, and leases for $500 per month. Adding 1Gbps fiber at any of our lease levels just bumps up the price by $100 per month. And for those needing maximum performance, we now also give you access to an Enterprise-class NE4000 with our 5Gbps license and 10Gbps fiber.

If leasing is of interest to you, and you would like to learn more, you can view our Leasing Program agreement here.

Please note that the NetEqualizer Leasing Program is generally available to customers in the United States and Canada. If you are outside of these countries, contact us to see if leasing is available in your area.

contact_us_box-1

Join a Presentation on NetEqualizer at ASCUE in June 2016
Association Supporting Computer Users in Education

We are excited to announce that one of our long-time customers, Hollis Townsend, Director of Technology Support and Operations at Young Harris College, will be talking about his experience with the NetEqualizer in his talk at ASCUE, June 12-16, 2016 in Myrtle Beach, South Carolina.yhc

Young Harris has been using NetEqualizer to solve their network congestion issues since July, 2007. They have upgraded their NetEQ as their network has grown over the years, and currently run an NE3000 with a 1Gbps license.

We are also happy to announce that APconnections, home of the NetEqualizer, will be a Silver Sponsor at the ASCUE Conference. We will be giving away a great door prize – a Fitbit fitness watch!ascue

If you use technology in higher education, you may want to consider attending ASCUE this June. And if you have ever wanted to talk to a colleague about their experience with the NetEqualizer, please join Hollis’ presentation. His presentation is tentatively titled “Shaping Bandwidth – Learning to Love Netflix on Campus”.

ASCUE is the Association Supporting Computer Users in Education and they have been around since 1968. Members hail from all over North America. ASCUE’s mission is to provide opportunities for resource-sharing, networking, and collaboration within an environment that fosters creativity and innovation in the use of technology within higher education.

Click here to learn more about ASCUE or register for the June conference.

contact_us_box-1

Six Ways to Save with Cloud Computing
NetEqualizer Looks to the Clouds

We are continuing our focus on the cloud for NetEqualizer. The NetEqualizer is now cloud ready – as we’ve written about in previous newsletters. There are a lot of benefits to using the cloud in general. Here are just a few:

1) Fully utilized hardware
2) Lower power costs
3) Lower people costs
4) Zero capital costs
5) Resilience without redundancy
6) Lower network costs

The last one, lower network costs, is interesting. Since your business services are in the cloud, you can ditch all of those expensive MPLS links that you use to privately tie your offices to your back-end systems, and replace them with lower-cost commercial Internet links. You do not really need more bandwidth, just better bandwidth performance. The commodity Internet links are likely good enough, but when you move to the Cloud, you will need a smart bandwidth shaper.

Your link to the Internet becomes even more critical when you go the Cloud. But that does not mean bigger and more expensive pipes. Cloud applications are very lean and you do not need a big pipe to support them. You just need to make sure recreational traffic does not cut into your business application traffic.

The NetEqualizer fits perfectly as the bandwidth shaping product in the above infrastructure. Let us know if you have any questions about the cloud-ready NetEqualizer!

contact_us_box-1

Best Of Blog
How to Build Your Own Speed Test Tool

By Art Reisman – CTO – APconnections

Editor’s Note: We often get asked to “prove” the NetEqualizer is making a difference regarding end user experience. The tool description and method outlined in our blog post, can be used to objectively justify the NetEqualizer value. Let us know if you need any help setting it up.

Most speed test sites measure the download speed of a large file from a server to your computer. There are two potential problems with using this metric.

1) ISPs can design their networks so these tests show best case results.
2) Humans are much more sensitive to the load time of interactive sites.

A better test of your perceived speed is how long it takes to load up a new web page…

Photo Of The Month
IMG_1966
Balloon
Have you ever wondered what happens to balloons when they are released into the sky? The remnants of this balloon landed right in front of a staff member on a clear day while hiking Black Star Canyon in Orange County, CA. Balloons like this are actually an environmental disaster as they often end up in oceans and are eaten by sea and wildlife.

Seven Must Know Network Troubleshooting Tips


Screen Shot 2016-04-05 at 10.07.59 AM.png

By Art Reisman

CTO, APconnections
www.netequalizer.com

To get started you’ll need to get ahold of two key software tools: 1) Ping Tool and 2) a Network Scan Tool, both which I describe in more detail below.  And for advanced analysis (experts only), I will then show you how you can use a bandwidth shaper/sniffer if needed.

Ping Tool

Ping is a great tool to determine what your network responsiveness is (in milliseconds), identified by trying to get a response from a typical website. If you do not already know how to use Ping on your device there are hundreds of references to Ping and how to use it.  Simply google “how to use ping ” on  your favorite device or computer to learn how to use it.

For example, I found these instructions for my MAC; and there are similar instructions for Windows, iPhone, Linux, Android, etc.

  1. Open Network Utility (located inside Applications > Utilities).
  2. Click Ping.
  3. Fill out the “Enter the network that you want to ping” field. You can enter the IP address or a web URL. For example, enter http://www.bbc.co.uk/iplayer to test the ping with that website.
  4. Click Ping.

Network Scan Tool

There are a variety of network SCAN tools/apps available for just about any consumer device or computer.  The decent ones will cost a few dollars, but I have never regretted purchasing one.  I use mine often for very common home and business network issues as I will detail in the tips below. Be sure and use the term “network scan tool” when searching, so you do not get confusing results about unrelated document scanning tools.

Once you get your scan tool installed, test it out by selecting Network Scan. Here is the output from my MAC scan tool.  I will be referencing this output later in the article.

Network Scan Output
Screen Shot 2016-04-05 at 5.33.19 AM

 

Tip #1: Using Ping to see if you are really connected to your Network

I like to open a window on my laptop and keep Ping going all day, it looks like this:

yahoo.com Ping  Output

Screen Shot 2016-04-05 at 8.25.10 AM

Amazingly, seemingly on cue, I lost connectivity to my Internet while I was running the tool for the screen capture above, and no, it was not planned or contrived.  I kicked off my ping by contacting http://www.yahoo.com (type in “ping http://www.yahoo.com”), a public website. And you can see that my round-trip time was around 40 milliseconds before it went dead. Any ping results under 100 milliseconds are normal.

 

Tip #2: How to Deal with Slow Ping Times

In the case above, my Internet Connection just went dead; it came back a minute or so later, and was most likely not related to anything local on my network.

If you start to see missed pings or slow Ping Times above 100 milliseconds, it is most likely due to congestion on your network.  To improve your response times, try turning off other devices/applications and see if that helps.  Even your TV video can suck down a good chunk of bandwidth.

Note: Always test two public websites with a ping before jumping to any conclusions. It is not likely but occasionally a big site like Yahoo will have sporadic response times.

Note: If you have a satellite link, slow and missed pings are normal just a fact-of-life.

 

Tip #3: If you can’t ping a public site, try pinging your local Wireless Router

To ping your local router all you need to find is the IP address of your router. And on almost all networks you can guess it quite easily by looking up the IP address of your computer, and then replacing the last number with a 1.

For example, on my computer I click on my little apple icon, then System Preferences, and then Networking, and I get this screen.  You can see in the Status are it tells me that my IP address is 192.168.1.131.

Finding my IP address output

Screen Shot 2016-04-05 at 10.52.14 AM

The trick to finding your router’s IP address is to replace the last number of any IP address on your network with a 1.  So in my case, I start with my IP address of 192.168.1.131, and I swap the 131 with 1.  I then ping using 192.168.1.1 as my argument, by typing in “ping 192.168.1.1”. A  ping to my router looks like this:

Router Ping  Output

Screen Shot 2016-04-05 at 10.56.30 AM

In the case above I was able to ping my local router and get a response. So what does this tell me?  If I can ping my local wireless router but I can’t ping Yahoo or any other public site, most likely the problem is with my Internet Provider.  To rule out problems with your wireless router or cables, I recommend that you re-boot your wireless router and check the cables coming into it as a next step.

In one case of failure, I actually saw a tree limb on the cable coming from the utility pole to the house. When I called my Internet Provider, I was able to relay this information, which saved a good bit of time in resolving issue.

 

Tip  #4: Look for IP loops

Last week I was getting an error message when I powered up my laptop, saying that some other device had my IP address, and I determined that I was unable to attach to the wireless router. WHAT a strange message!  Fortunately, with my scan tool I can see all the other devices on my network. And although I do not know exactly how I got into this situation, I was quickly able to find the device with the duplicate IP address and powercycle it. This resolved the problem in this case.

 

Tip #5: Look for Rogue Devices

If you never give out the security code to your wireless router, you should not have any unwanted visitors on your network.  To be certain, I again turn to the scan tool.  From my scan output, in the image above (titled “Network Scan Output” near the top of this post), you can see that there are about 15 devices attached to my network. I can account for all of them so for now I have no intruders.

 

Tip #6: Maybe it is just Mischief

There was a time when I left my wireless router wide open as I live in a fairly rural neighborhood and was just being complacent. I was surprised to see that one of my neighbors was on my access point, but which one?

I did some profiling.  Neighbor to my west is a judge with his own network, probably not him.  Across the street, a retired librarian, so probably not her.  That left the Neighbor to my Southwest, kitty corner, a house with all kinds of extended family coming and going, and no network router of their own, at least that I could detect. I had my suspect. And I could also assume they never suspected I was aware of them.

The proper thing to do would have been to block them and lock my wireless router. But since I wanted to have a little fun, I plugged in my bandwidth controller and set their bandwidth down to a fraction of a Megabit.  This had the effect of making their connection painfully dreadfully slow, almost unusable but with a ray of hope.  After a week, he went away and then I completely blocked him (just in case he decided to come back!).

 

Tip #7: Advanced Analysis with a Bandwidth Shaper/Sniffer

If the Ping tool and the Scan tool don’t shed any light on an issue, the next step is to use a more advanced Packet Sniffer. Usually this requires a separate piece of equipment that you insert into your network between your router and network users. I use my NetEqualizer because I have several of them laying around the house.

Often times the problem with your network is some rogue application consuming all of the resources. This can be in the form of consuming total bandwidth, or it could also be seen as overwhelming your wireless router with packets (there are many viruses designed to do just this).

The image below is from a live snapshot depicting bandwidth utilization on a business network. Screen Shot 2016-01-27 at 12.26.49 PM

That top number, circled in red, is a YouTube video, and it is consuming about 3 megabits of bandwidth. Directly underneath that are a couple of cloud service applications from Amazon, and they are consuming 1/10 of what the YouTube video demolishes. On some lower cost Internet links one YouTube can make the service unusable to other applications.

With my sniffer I can also see total packets consumed by a device, which can be a problem on many networks if somebody opens an email with a virus. Without a sniffer it is very hard to track down the culprit.

I hope these tips help you to troubleshoot your network.  Please let us know if you have any questions or tips that you would like to contribute.

NetEqualizer News: February 2016


We hope you enjoy this month’s NetEqualizer Newsletter. Highlights include discussions on Cloud Computing, the new VM release, and updates on Software Release 8.4.

February 2016
NetEqualizer-VM is Ready, QoS for your Cloud!
Greetings! Enjoy another issue of NetEqualizer News.

February is off to a snowy start in Colorado this year, with a major snowstorm on February 1st dumping 16+ inches of snow in Boulder! While we were snowed in, I had time to reflect and think about where bandwidth shaping is headed, and how we are well-positioned for the industry transition to Cloud Computing. In this month’s newsletter you can read how the NetEqualizer is “Cloud Ready”.0fad184f-5ea1-44c3-ad71-1093fd99f808

We are now ready with our first VM release (NetEqualizer-VM); you can read all about it below. And finally, we share more news about our 8.4 Release – Enhanced Pools & Other GUI Features.
twitter

And remember we are now on Twitter! You can now follow us @NetEqualizer.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

– Art Reisman (CTO)

NetEqualizer-VM is Ready!
NetEqualizer-VM Release Ready for Networks <= 100 Mbps
970ca704-540e-45c1-8c3e-78cb17114e61
We are excited to announce that our VM release is now ready! If you are already running virtual machines in your data center, this may be a good fit for you.

The first release is certified for VM systems for up to 100 megabits of throughput.

Base pricing will run at $3,500 USD per year. However, for a limited time, we are running a special pre-order price of $2,500 USD per year.

Please note: The first year is due prior to delivery of the software. We offer a 30 day trial with a $500 USD non-refundable support charge.

Your VM server will need to meet a minimum specification to run the NetEqualizer shaping solution. We have detailed specifications for any VM system – contact us for details!
contact_us_box-1

Release 8.4 Update
Enhanced Pools + GUI Redesign

In previous months’ newsletters we talked about changes coming to the regular NetEqualizer GUI. Over the next couple of months, we’ll highlight those changes here.

One of the changes we are very excited about is the ability to manage Pools on the fly, and also the ability to name them! See the screenshot below:

mpxGG3D

One of the best parts of this screen is that you can manage all Pools and all Pool Members at once. For example, see Pool 1 expanded to show the two Pool Members. You can also change the limits for the Pool, add new Pools, and delete Pools that you no longer need.

We are also enhancing the new user interface with four primary menu options:

406caab4-d245-4bda-bb82-4770594bf969

This will help guide first-time users through the process of using NetEqualizer, and will also help separate the functionality out into to main usage categories.

Check back next month for an update on more exciting changes planned for 8.4!

Our time frame for General Acceptance of this release is April/May of 2016.

As with all software releases, the 8.4 Release will be free to all customers with valid NetEqualizer Software and Support (NSS).

contact_us_box-1

Next Generation Bandwidth Control
NetEqualizer is Cloud Ready

We received a call today from one of the Largest Tier 1 providers in the world. The salesperson on the other end was lamenting about his inability to sell cloud services to his customers. His service offerings were hot, but the customers’ Internet connections were not. Until his customers resolve their congestion problems, they were in a holding pattern for new cloud services.

As a brief aside, here is a list of what a Next Generation Bandwidth Controller can do:
1. Next Generation Bandwidth Controllers must be able to mitigate traffic flows originating from the Internet such that important Cloud Applications get priority.
2. Next Generation Bandwidth Controllers must NOT rely on Layer 7 DPI technology to identify traffic (too much encryption and tunneling today for this to be viable).
3. Next Generation Bandwidth Controllers must hit a price range of $5k to $10k USD for medium to large businesses.
4. Next Generation Bandwidth Controllers must not require babysitting and adjustments from the IT staff to remain effective.
5. Next Generation Bandwidth Controller should adopt a Heuristics-based decision model (like the one used in the NetEqualizer).

As for those businesses mentioned by the sales representative, when they moved to the cloud, many of them had run into bottlenecks. The bottlenecks were due to their iOS updates and recreational “crap” killing the cloud application traffic on their shared Internet trunk.

Their original assumption was they could use the QoS on their routers to mitigate traffic. After all, that worked great when all they had between them and their remote business logic was a nailed-up MPLS network. Because it was a private corporate link, they had QoS devices on both ends of the link and no problems with recreational congestion.

Moving to the Cloud was a wake up call! Think about it, when you go to the cloud you only control one end of the link. This means that your router-based QoS is no longer effective, and incoming traffic will crush you if you do not do something different.BT_logo

The happy ending is that we were able to help our friend at BT telecom, by mitigating his customers’ bottlenecks. Contact us if you are interested in more details.

contact_us_box-1

Best Of Blog

Capacity Planning for Cloud Applications
By Art Reisman – CTO – APconnections

The main factors to consider when capacity planning your Internet Link for cloud applications are:

1) How much bandwidth do your cloud applications actually need?

Typical cloud applications require about 1/2 of a megabit or less. There are exceptions to this rule, but for the most part a good cloud application design does not involve large transfers of data. QuickBooks, Salesforce, Gmail, and just about any cloud-based data base will be under the 1/2 megabit guideline. The chart below really brings to light the difference between your typical, interactive Cloud Application and the types of applications that will really eat up your data link.

Photo Of The Month
grasshopper
Grasshopper
This closeup of a local grasshopper was taken by a staff member while in Kansas, a state in the central United States. We hope this picture doesn’t bug you.

Caching Your iOS Updates Made Easy


If you have talked to us about caching in recent months, you probably know that we are now lukewarm on open ended third party caching servers . The simple un-encrypted content of the Internet circa 2010 has been replaced by dynamically generated pages along with increased content encryption.  It’s not that the caching servers don’t work, it’s just that if they follow rules of good practice, the amount of data that a caching server can cache has diminished greatly over the last few years.

The good news is that Apple has realized the strain they are putting on Business and ISP networks when their updates come out. They have recently released an easy to implement low-cost caching solution specifically for Apple content.  In fact, one of our customers noted in a recent discussion group that they are using an old MAC mini to cache iOS updates for an entire College Campus.

Other notes on Caching Options

Akamai offers a cloud solution. Usually hosted at larger providers, but if you are buying bandwidth in bulk sometimes you can often piggyback on their savings and get a discount on cached traffic.

There is also a service offered by Netflix for larger providers.  However, last I checked you must be using 10 gigabits sustained Netflix traffic to qualify.

Why Are DDoS attacks so hard to block?


I started off this post thinking about whether or not moving your infrastructure to a cloud would give organizations better protection against DDoS attackers, and the short answer is: not really.

The issue with a coordinated DDoS attack is that it is usually orchestrated from a wide range of attacking computers, which are typically hijacked, and retrofitted with undetected scripts that can be turned on to send out a flood of data at target when directed by the hijacker.

When the attack is commenced all these disparate computers start sending data to your organization in unison. In order to stop  just one  of these attacking computers from flooding your network you have to cut it off upstream at the source.

Blocking the attackers incoming IP  at your local firewall doesn’t do any good because the  main pipe  coming from your upstream provider is still flooded with garbage, and most likely unusable.   So you have to follow the trail of attacking computer farther upstream. Your provider should be able to help if you can work with them, but that may or may not be effective, because the DDOS attack, if large enough can also torment your provider.   And even if you do manage to work upstream and block the IP’s where the attack is coming from , some DDOS attackers can just keep coming at you from new wave of  IP addresses.  One person acting alone can Hi-jack millions of computers from around the world and use them in waves of recurring attacks, with little effort.

How does a hijacker have the time to take over a million computers?

I’ll cover that in my next post.

As for the cloud offering protection, a cloud hosted IT infrastructure cannot provide any immunity, the cloud can be attacked; however the cloud providres might have the resources to detect and more easily block an attacker farther upstream  and a bit more quickly so there is some benefit.

 

See also

Regulate DDOS like pollution

DD4BC Group Targets Companies with Ransom-Driven DDoS Attacks

 

 

 

Do We Really Need a Home Security Network Device ?


A friend of mine sent me a note this morning, asking if our bandwidth shaping device could provide the same type of service as this new DoJo application. Their niche is basically that you cannot trust third-party devices in your home network from being hijacked. For example, the software engineers writing the code that allows you to remote control your dishwasher from your iPhone, are likely not security experts. It is a reasonable assertion that a hacker might exploit a security hole in their software.  The Dojo will detect any smart device breaches and take action, a good idea for sure.

I spent about 20 minutes reading  and thinking about their specification and what value that provides to the home user.  And then it hit me, there is a more obvious precaution to  secure your home network that you might be overlooking.

IN 2016 and going forward THERE SHOULD BE NO REASON TO STORE ANY PERSONAL DATA ON  YOUR HOME NETWORK.

  • Gmail in the cloud
  • Quick books in the cloud
  • Banking in the cloud
  • Facebook in the cloud
  • Google Docs in the cloud
  • Stock Trading in the Cloud

No, nothing is ever completely  secure, and certainly anything you put in the cloud can be hacked, but in my opinion, the level of security afforded by the cloud is far better than anything you can rig together on your home network.

Think about it…

Your bank spends hundreds of millions on staying ahead of hackers. You have secret pictures, secret questions that  challenge you about your second cousin’s favorite hobby.  They know when you coming from new or different IP address.

Gmail now tells you when there is a login from a non standard computer.

These modern cloud applications are about as secure as a consumer could hope for. For the same reason you should not keep wads of cash in a safe in your house, you should not keep any personal information on storage devices in your house. Let your dishwasher go hog wild, who cares. I catch hackers on my network all the time, they have hijacked a few servers to send spam and attack other consumers (my bad), but there is really nothing of interest laying around on any of my devices other than some geezer MP3 music, and my vacation photos on my iPad that nobody else wants to look at anyway.

But if you must secure important data in your home network yes go ahead and invest in a device like the Dojo, it can’t hurt, but before you do that change your habits and use the cloud whenever possible.

Art Reisman

CTO http://www.netequalizer.com

Dear Comcast, Please Stop Slowing my iOS Update


Last week I was forced to re-load my iPad from scratch. So I fired it up and went through the routine that wipes it clean and re-loads the entire OS from the Apple cloud.  As I watched the progress moniker it slowly climbed from 1 hour, then 2 hours, then all the way up to 23 hours –  and then it just stayed there. Now I know the iOS, or whatever they call it on the iPad, is big, but 23 hours big?  I double-checked the download throughput on my NetEqualizer status screen, and sure enough, it was only running at about 60 to 100kbs, no where near my advertised Business Class 20 megabits. So I did a little experiment. I turned on my VPN tunnel, unplugged my iPad for a minute, and then took some steps to hide my DNS (so Comcast had no way to see my DNS requests).  I then restarted my update and sure enough it sped up to about 10 megabits.

To make sure I was not imagining anything I repeated the test.

Without VPN  (slow)

With VPN (fast)

So what is going here, does the VPN make things go faster?   No not really, but it does prevent Comcast from recognizing my iOS update from Apple and singling it out for slower bandwidth.

Why does Comcast (allegedly) shape my download from Apple?

The long story behind this basically boils down to this: it is likely that Comcast really does not have a big enough switch going out to the Internet to support the deluge of bandwidth needed when a group of subscribers all try to update their devices at once.  Especially during peak hours!  Therefor, in order to keep basic services from becoming slow, they single out a few big hitters such as iOS updates.

NetEqualizer News: July 2015


July 2015

Greetings!

Enjoy another issue of NetEqualizer News! This month, we highlight exciting 8.3 Release features, talk about our experience at edAccess’s Vendor Day, encourage you to sign up for a Tech Refresh, spotlight our Hotel & Resorts offering, and update you on the NetEqualizer DDoS monitoring and prevention tool. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

Now that summer arthas officially arrived, we are ready for the heat in Colorado. It has been unusually rainy and cloudy here in July so far, and I would like more sunshine please!

Speaking of heat, this month we turn the heat up on several of our new features in 8.3, which are spotlighted below. 8.3 has been G/A since early June, in case you missed it. We also want you to take a Summer Course, no tests involved, and update you on Art’s latest visit back to school, namely the edAccess Conference. And finally, if you need relief from the heat of potential DDoS attacks, you have come to the right place. Our DDoS Monitor and Firewall can help! Read more below.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

Spotlight: 8.3 Release Hot New Features

8.3 has been G/A since early June, and we have been receiving a lot of positive feedback on the new RTR reports. If you have not yet requested 8.3, what are you waiting for? Click here to request an upgrade to 8.3 from our support team.

This month, we are highlighting two features available in 8.3 – Historical and Active Penalty Tracking. We also talk our activated Management Port, a feature available on all new NetEqualizers!

One of the best features in the 8.3 release is increased visibility into how your NetEqualizer is penalizing traffic. We’ve added interfaces to the 8.3 release that allow you to see both the number of penalties enforced on your network historically, as well as all of the current connections that are being penalized.

Historical Penalty Tracking

The General Penalty Reports page under the Traffic History menu shows the number of penalties enforced on your network at a given point in time. This allows you to see when connections on your network were being Equalized.

penalties

Active Penalty Tracking

The View Active Penalties page under the Active Connections menu shows which connections are currently being Equalized along with their current state (New, Increased, or Decreased). This allows you to diagnose any performance issues and also gives you a real time look at how the penalties are being enforced and who they are being enforced on.

activepenalties

Management Port Enabled by Default on all NEW NetEqualizers

We strive to make setting up the NetEqualizer as simple as possible. In this spirit, last year we moved all new NetEqualizers to a four port model, and started using colored port plugs to help our customers identify the ports. Two ports (eth0 and eth1) are used for network traffic, a 3rd port (eth2) is used as a management port, and the 4th port is a spare. We use four colors: 1) blue (WAN), 2) orange (LAN), 3) clear (Management Port) and 4) black (unused).

Prior to 8.3, only a subset of our customers used the Management Port, typically those on VLANs. As of 8.3, we standardized everything so that our NetEqualizer code automatically enables the Management Port, and ALL customers will use this to configure new NetEqualizers. While not a huge change, we think this will make setup just a little bit easier for everyone.

Please note that this feature is only available on new NetEqualizers.

You can read more about all of the features of the 8.3 Release here in the 8.3 Software Update. If you would like to upgrade to 8.3, just click on the button below to send a request to Support.

contact_us_box-1

These features are free to all customers with valid NetEqualizer Software and Support. If you are not current with NSS, contact us today!


We Had a Blast at edAccess!

Art recently joined the edAccess Conference in Mercersberg, PA on June 24th for Vendor Day. It was a great event and was well-attended by small schools and colleges (members come from schools with an FTE of under 1,000 students).edaccess

Art got to visit with quite a few current NetEqualizer customers, as you can see in the picture below:

SubstandardFullSizeRender

Art is on the left of the picture and is shown along with representatives from Williston Northampton School, Choate Rosemary Hall, Blair Academy, Mt. St. Mary Academy, Merceyhurst University, Peddie School, and Groton School.

Art would like to personally thank everyone for a great event…

I’d like to thank John Johnson from Williston Northampton School, Rainelle Dixon from Mercersberg Academy and the entire edAccess steering committee for being such wonderful hosts to the vendors. Mercersburg is such a lovely campus and my drive through central Pennsylvania was also relaxing and fun, I took some time on my return stopping at the various waysides, and even took in a game, featuring the Single A Crosscutters of Williamsport.

Thanks Again!

To learn more about NetEqualizer and how we help educational institutions of all sizes, click below.

contact_us_box-1


Take a Summer Course! Sign Up for a Tech Refresh

Remember those days? If you ever took a summer course, you know that the key was to keep it short, so that you could get back outside. Our NetEqualizer Technical Refresh is short! – only a 30 minute discussion with you and your fellow team members to help get caught up on new NetEqualizer functionality or answer any other questions you have.

The Tech Refresh is great for both new and longtime customers because we are constantly enhancing our product to give you the most value in managing and shaping bandwidth.

To schedule your Tech Refresh, contact us today!

contact_us_box-1

Tech Refreshes are free to all customers with valid NetEqualizer Software and Support. If you are not current with NSS, contact us today!


Spotlight: GX2 – NetEqualizer Hotel & Resort Industry Wi-Fi Partner

NetEqualizer’s Wi-Fi management partner for the hotel and resort industry, GX2 (formerly Global Gossip), recently attended the HITEC 2015 Conference in Austin, Texas, and brought along the NetEqualizer. According to their website, HITEC is the world’s largest hospitality conference.hmsio

Visitors to GX2’s booth and luncheon were able to review the NetEqualizer offering, and also walk away with some trade show bling (a foam NetEqualizer soccer ball!).

Here is a screenshot of the GX2 application used in the managed Wi-Fi service offering:

gx2_screen

As we have reported here in the past, GX2 utilizes the NetEqualizer as part of their Wi-Fi offering supporting our National Parks. So, if you have a summer vacation planned at Yellowstone, Mammoth, Mount Rushmore, Zion, Crater Lake, or the Grand Canyon, to name a few, chances are you are experiencing the benefits of NetEqualizer’s traffic shaping.

If you are already on our technology, you have part of the solution already in place. If you have ever wanted to learn more about a managed service Wi-Fi solution for the Hotel & Resort industry, you can read about our joint offering (HMSIO).

contact_us_box-1


NetEqualizer DDoS Tool Gaining Momentum

We keep getting reports of ongoing Distributed Denial of Service (DDoS) attacks from our customers, and are glad to hear the NetEqualizer is helping in many cases. If you are interested in chatting about using the NetEqualizer as a DDoS prevention tool please contact us to set up a time to chat.

Note: We do have a consulting charge for custom activation of firewall rules, but the initial consult is free.

The 8.3 Release includes our DDoS Monitor at no extra charge! In addition, our new DDoS Firewall tool (DFW) can be purchased as an add-on module for an additional fee.

ddos

The new DDoS Monitor shows you some basic metrics on the outside intrusion hit rate into your network. It can be used to spot anomalies which would indicate a likely DDoS attack in progress. The DDoS Firewall tools helps to actually thwart the attack.

contact_us_box-1


Best Of The Blog

Is Your Bandwidth Controller Obsolete Technology?

By Art Reisman – CTO – APconnections

Although not free yet, bandwidth contracts have been dropping in cost faster than a bad stock during a recession. With cheaper bandwidth costs, the question often arises on whether or not an enterprise can do without their trusty bandwidth controller.

Below, we have compiled a list of factors that will determine whether or not Bandwidth Controllers stick around for a while, or go the route of the analog modem, a relic of when people received their Internet from AOL and dial up…

Photo Of The Month
IMG_2407
Cinque Terre, Italy
This picture was taken by one of our staff while walking the trail that connects the five towns of the Cinque Terre on the coast of Italy. These towns are built into the sides of the tall hills that meet the sea. The trek between each town is a manageable 2 miles and provides picturesque views of the water and surrounding forests.

Behind The Scenes, How Many Users Can an Access Point Handle ?


Assume you are teaching a class with thirty students, and every one of them needs help with their homework, what would you do? You’d probably schedule a time slot for each student to come in and talk to you one on one (assuming they all had different problems and there was no overlap in your tutoring).

Fast forward to your wireless access point.  You have perhaps heard all the rhetoric about 3.5 gigaherts, or 5.3 megahertz ?

Unfortunately, the word frequency is tossed around in tech buzzword circles the same way car companies and their marketing arms talk about engine sizes. I have no idea what 2.5 Liter Engine is,  it might sound cool and it might be better than a 2 liter engine, but in reality I don’t know how to compare the two numbers. So to answer our original question, we first need a little background on frequencies to get beyond the marketing speak.

A good example of a frequency, that is also easy to visualize, are ripples on pond. When you drop a rock in the water, ripples propagate out in all directions. Now imagine if  you stood in the water, thigh deep across the pond,  and the ripples hit your leg once each second.  The frequency of the ripples in the water would be 1 hertz, or one peak per second. With access points, there are similar ripples that we call radio waves. Although you can’t see them, like the ripples on the water, they are essentially the same thing. Little peaks and values of electromagnetic waves going up and down and hitting the antenna of the wireless device in your computer or Iphone. So when a marketing person tells you their AP is 2.4 Gigahertz, that means those little ripples coming out of  it are hitting your head, and everything else around them, 2.4 billion times each second. That is quite a few ripples per second.

Now in order to transmit a bit of data, the AP actually stops and starts transmitting ripples. One moment it is sending out 2.4 billion ripples pdf second the next moment it is not.  Now this is where it gets a bit weird, at least for me. The 2.4 billion ripples a second really have no meaning as far as data transmission by themselves; what the AP does is set up a schedule of time slots, let’s say 10 million time slots a second, where it is either transmitting ripples, or it turns the ripple generator off. Everybody that is in communication with the AP is aware of the schedule and all the 10 million time slots.  Think of these time slots as dates on your Calendar, and if you have a sunny day, call that a one, while if you have a cloudy day call that a 0.  Cloudy days are a binary 1 and clear day a binary 0. After we string together 8 days we have a sequence of 1’s and 0’s and a full byte. Now 8 days is a long time to transmit a byte, that is why the AP does not use 24 hours for a time slot, but it could , if we were some laid back hippie society where time did not matter.

So let’s go back over what we have learned and plug in some realistic parameters.
Let’s start with a frequency of 2.4 gigahertz. The fastest an AP can realistically turn this ripple generator off and on is about 1/4 the frequency or about 600 time slots/bits per second. This assumes a perfect world and all the bits get out without any interference from other things generating ripples (like your microwave) or something. So in reality the effective rate might be more on the order of 100 million bits a second.
Now let’s say there are 20 users in the room, sharing the available bits equally. They would all be able to run 5 megabits each. But again, there is over head switching between these users (sometimes they talk at the same time and have to constantly back off and re-synch)  Realistically with 20 users all competing for talk time,  1 to 2 megabits per user is more likely.

Other factors that can affect the number of users.
As you can imagine the radio AP manufacturers do all sorts of things to get better numbers. The latest AP’s have multiple antennas and run in two frequencies (two ripple generators) for more bits.

There are also often interference problems with multiple AP’s in the area , all making ripples . The transmission of  ripples for one AP do not stop at a fixed boundary, and this complexity will cause the data rates to slow down while the AP’s sort themselves out.

For related readings on Users and Access Points:

How Many Users Can a Wireless Access Point Handle?

How to Build Your Own Linux Access Points

How to use Access Points to set up and In-Home Music System

%d bloggers like this: