How to Survive High Contention Ratios and Prevent Network Congestion


image1-2

Is there a way to raise contention ratios without creating network congestion, thus allowing your network to service more users?

Yes there is.

First a little background on the terminology.

Congestion occurs when a shared network attempts to deliver more bandwidth to its users than is available. We typically think of an oversold/contended network with respect to ISPs and residential customers; but this condition also occurs within businesses, schools and any organization where more users are vying for bandwidth than is available.

 The term, contention ratio, is used in the industry as a way of determining just how oversold your network is.  A contention ratio is simply the size of an Internet trunk divided by the number of users. We normally think of Internet trunks in units of megabits. For example, 10 users sharing a one megabit trunk would have a 10-to- 1 contention ratio.
 A decade ago, a 10-to-1 contention ratio was common. Today, bandwidth is much less expensive and the average contention ratios have come down.  Unfortunately, as bandwidth costs have dropped, pressure on trunks has risen, as today’s applications require increasing amounts of bandwidth. The most common congestion symptom is  slow network response times.
Now back to our original question…
Is there a way to raise contention ratios without creating congestion, thus allowing your network to service more users?
This is where a smart bandwidth controller can help.  Back in the “old” days before encryption was king, most solutions involved classifying types of traffic, and restricting less important traffic based on customer preferences.   Classifying by type went away with encryption, which prevents traffic classifiers from seeing the specifics of what is traversing a network.  A modern bandwidth controller uses dynamic rules to restrict  traffic based on aberrant behavior.  Although this might seem less intuitive than specifically restricting traffic by type, it turns out to be just as reliable, not to mention simpler and more cost-effective to implement.
We have seen results where a customer can increase their user base by as much as 50 percent and still have decent response times for interactive  cloud applications.
To learn more, contact us, our engineering team is more than happy to go over your specific situation, to see if we can help you.
You also might be interested in this VPN product  https://www.cloudwards.net/safervpn-review/

Three Myths About QoS and Your Internet Speed


Myth #1:  A QoS device will somehow make your traffic go faster across the Internet.

The Internet does not care about your local QoS device.  In fact, QoS means nothing to the Internet.  The only way your traffic can get special treatment across the Internet would be for you to buy a private dedicated link – which is really not practical for general Internet usage, as it would only be a point-to-point link.

Myth #2:  QoS will enhance the speed of your internal network.

The speed of your local internal links are a fixed rate, they always run at maximum speed.  The only way applying QoS can make something “appear” to go faster is by restricting some traffic in favor of other traffic.  I constantly get asked by our customers  if we can make important traffic get through faster, and my follow on questions are always the same.

  1. Do you have a congestion problem now?
    If not, than there is no need for any form of QoS, because your data already moving as fast as possible.
  2. If you do have congestion, what traffic do you want me to degrade so that other traffic can run without congestion?

Myth #3:  There is nothing you can do to give priority to incoming traffic on your Internet.  

Wrong! Okay, so this sounds like it may be a contradiction to Myth #1, but there is a difference in how you ask this question.   Yes, it is true that the Internet does not care about your QoS desires and will never give preferential treatment to your traffic.  But, the sending service DOES care about whether the data being transmitting is being sent at the appropriate speed for the link you get, and you can take advantage of this.

All senders of data into your network are constantly monitoring the speed at which that traffic is getting to you.  Now, if you recall the very definition of QoS is restricting one type of traffic over another.  Let’s say for example that you have a very congested Internet link with many incoming downloads.  Let’s say one download is a iOS update, and the other one is your favorite streaming Netflix movie.  By delaying the iOS update packets at the edge of your network, the sender will sense this delay, and back off on the download. The result is that there is more bandwidth left over for your favorite Netflix , and hence you have attained a higher quality of service for your Netflix over the iOS download.  How this delay is implemented is another story.

If you are interested in learning more, please feel free to contact us.

NetEqualizer News: March 2017


We hope you enjoy this month’s NetEqualizer Newsletter. Highlights include an overview of more 8.5 Release features, a preview of our new website, and more!

 

  March 2017

 

8.5 Release – More Features!
Greetings! Enjoy another issue of NetEqualizer News.

Our 8.5 Release development is almost complete! This month we preview some of the new features for you, and also show
some of the new screens that our development team has been willing to share. Look for 8.5 to be available in early summer 2017!

Our wireless Internet Provider customers may be interested in our newly released Hidden Node White Paper. And we are experimenting with a new website design. We would love your feedback!

We continue to work with you to solve some of your most pressing network problems – so if you have one that you would like to discuss with us, please call or email me anytime at 303.997.1300 x103 or art@apconnections.net.

And remember we are now on Twitter. You can follow us @NetEqualizer.

– Art Reisman (CTO)

In this Issue:

:: 8.5 Release – Features Preview

:: NetEqualizer is a Hidden Node Solution

:: Under Construction – New Website?

:: Best of Blog: The Best Monitoring Tool for Your Network – May Not Be What You Think

8.5 Release – Features Preview

8.5 Release Additions – Continued from February…

In February, we talked about adding Real-Time Penalties to the RTR Dashboard, and adding Host Name from NSLookup to RTR Reports. This month we introduce several more features planned for 8.5:

1) Configuration Validation for Traffic Limits & P2P Limits

In order to make it easier for you to setup and configure your NetEqualizer, in 8.5 we are adding automated configuration validation to our toolset. In the first offering, we will automate the rules around defining traffic limits and P2P limits. As part of the installation process, when you send your diagnostic to Support, we will then run our configuration validation on your rule set. This will be particularly useful for customers that set up hundreds of traffic limiting rules.

2) Add Units to Active Connections Report

You can now select the units that you wish to see on the Active Connections Report. We currently show Active Connections in bytes/second (Bps), as this was aligned with how we used to show units in the configuration. However, in 8.5 we added the ability to select Configuration Units – the traditional Bytes per Second (Bps), or Megabits per second (Mbps), or Kilobits per second (Kbps). Now we are aligning Active Connections with those changes, by expanding our units selection to include Active Connections. See below for screenshots of this new feature.

In this example, as Megabits per second (Mbps) are selected, you can see that both Wavg (column 4) and Avg (column 5) are now shown in Mbps. Hopefully this will make it easier for you, as you can see your reports in Units that are meaningful to you:

As always, the 8.5 Release will be free to our customers with valid NetEqualizer Software and Support (NSS) plans.

NetEqualizer is a Hidden Node Solution

 Read our Hidden Node White Paper

If you are an Wireless Internet Provider, and are challenged with Hidden Nodes in your network infrastructure, you may want to read our newly released Hidden Node White Paper, to see how the NetEqualizer resolves this issue.Of the numerous growing pains that can accompany the expansion of a wireless network, the issue of hidden nodes is one of the most difficult problems to solve. Despite best efforts, the communication breakdown between nodes can wreak havoc on a network, often leading to sub par performance and unhappy users. Many times, the cost of potential solutions appears to outweigh the benefits of expansion, which in some cases may not be a choice, but a necessity. Yet, hidden nodes are a problem that must be addressed and ultimately solved if a wireless network is to achieve successful growth and development.

To continue reading, view the full white paper here. Check it out!

Under Construction – New Website?

Website Design Alternative – Tell Us What You Think!

We are working with a design agency to put together new web pages. Our initial set of pages are ready. We picked a dark background, and aimed for an interface that aligned with today’s mobile platforms, as it is more scrollable, and trend towards less text/more pictures.

Before we switch over to use these pages across our entire platform (we are using for our Google Adwords leads now), we would love to get your feedback.

Please take a minute to look at the new pages, and then click on the feedback button to email us your thoughts. 
Click the above picture or this link to view the new design: http://netequalizer.com/fast/
What do you like? Dislike? Any recommendations for what we should change? And the big question – should we keep our current website or move to this?
Best Of Blog

The Best Monitoring Tool for Your Network – May Not Be What You Think

By Art Reisman

A common assumption in the IT world is that the starting point for any network congestion solution begins with a monitoring tool.  “We must first figure out what specific type of traffic is dominating our network, and then we’ll decide on the solution”.  This is a reasonable and rational approach for a one time problem. However, the source of network congestion can change daily, and it can be a different type of traffic or different user dominating your bandwidth each day…

Photo of the Month
Pipeline Swallowtail

This is a picture of a Pipevine Swallowtail butterfly taken in Arizona in the high desert grasslands area over a recent spring break getaway. This butterfly can be found in a variety of habitats, but is most commonly found in forests.

APconnections, home of the NetEqualizer | (303) 997-1300 | Email | Website 

How to Create and Send an Encrypted File With No NSA Backdoor


Hackers101

 

Below is a little routine I wrote to encrypt and decrypt a file.

This script is meant for encrypting text files and sending them privately through e-mail as an attachment.

Note: The author makes no claims about whether this encryption technique can be broken. It would not be easy.

Here is what you need to use this program.

  1. Mac or other computer that can run a perl script from the command line
  2. very basic knowledge of how to create and edit a file from the command line

Step One , cut and paste the code below into a file in your  (MAC) computer

You’ll also need this same program on any receiving computer where  you expect to be able to decrypt the file.

Create the text file you want to encrypt. I used the following and saved it off.

Dear  Mom,

I really hate my boss he is a real jerk, and I even think he reads my private out going e-mails by intercepting them. So I am using this encryption device to send you this message.

Dave the Paranoid

Here is how the process to encrypt and decrypt looks from my command line

I saved off my text to a file aptly named “file” into my working directory

I saved off the perl code below and put it  into an executable file called “test”

I then ran the encryption program.

MacBook-Air:~ root# ./test ./file ./n encrypt “you live in a tree”

./test is the perl program

./file is the input file with the text I want to encrypt

./n is the output file for the encrypted message, I could send this text file as an attachment to an e-mail , and the receiving users would need the same perl program and “key” to encrypt

encrypt is the directive to  the program to encrypt, the other option is decrypt to reverse the process

“you live in a tree”  

is my key. You can make it any text string of characters you want as long as you include it in quotes, the more random and the longer,  the harder it will be for somebody to break

I then reversed the process to decrypt the file ./n and store the results in file “x”

MacBook-Air:~ root# ./test ./n x decrypt “you live in a tree”

the cat command below prints the contents of the newly decrypted file x
MacBook-Air:~ root# cat x
Dear Mom,

I really hate my boss he is a real jerk, and I even think he reads my private out going e-mails, by intercepting them. So I am using this encryption device to send you this message.

Dave the Paranoid
MacBook-Air:~ root#

————–code starts below this line do not include this line————–

#! /usr/bin/perl
# encryption tool ARG1 input file name, ARG2 key,ARG3 output file name
$key=$ARGV[3];
if ( ! defined $ARGV[3] )
{
print ” encode infile outfile [encrypt|descrypt] key\n”;
exit 1;
}
open (INFILE, $ARGV[0] ) || die “open whitelist file $ARGV[0]”;
open( OUTFILE, ‘>’, $ARGV[1]) or die “Could not open file ‘$ARGV[1]”;
while ($string= )
{
chomp($string);
if ($ARGV[2] eq “encrypt”)
{
my @chars = split(“”, $string);
my @keychars=split(“”,$key);
$charsize= @chars;
$keysize=@keychars;
$n=0;
for ($i=0; $i < $charsize; $i++) { $num1=ord($chars[$i]); $num2 = ord ($keychars[$n]); $chars[$i] = ord($chars[$i]) + $num2; print OUTFILE “$chars[$i],”; $n=$n+1; if ( $n > ( $keysize -1) )
{
$n=0;
}
}
my ($str) = join “”,@chars;
print OUTFILE “\n”;
}
if ( $ARGV[2] eq “decrypt”)
{
#decrypt
$n=0;
my @chars = split(“,”, $string);
my @keychars=split(“”,$key);
$charsize= @chars;
$keysize=@keychars;
for ($i=0; $i < $charsize; $i++) { $num1=$chars[$i]; $num2=ord($keychars[$n]); $num3 = ($num1 – $num2); $chars[$i] = chr($num3); $n=$n+1; if ( $n > ( $keysize -1) )
{
$n=0;
}
}
my ($str) = join “”,@chars;
print OUTFILE “$str\n” ;
} # end decrypt

} # end while input line

NetEqualizer News: February 2017


We hope you enjoy this month’s NetEqualizer Newsletter. Highlights include 8.5 Release feature previews, a customer case study, an introduction to our 20 Gbps NetEqualizer unit, and more!

 

  February 2017

 

8.5 Release – Your Additions!
Greetings! Enjoy another issue of NetEqualizer News.

It is not quite spring here in Colorado. We are enjoying our typical mix of snowy days, followed by days of warmth (55-60 degrees) and sun. I must admit I am ready for warmer weather, and the spring bird migration (birding is a favorite hobby of mine). It seems like all of the U.S. is having unusual weather right now, especially California with their seemingly constant rain & flooding.

While we await for the arrival of spring, we are huddled down focused on building out the 8.5 Release. I am happy to say that our 8.5 development is now well underway. This month, we discuss additional features that we have planned for the 8.5 Release, including some that have come directly from customer input! We really do listen to your ideas, and appreciate all suggestions. We always are happy to hear from our long-time customers. This month, we share a Case Study on Hobart and William Smith Colleges, as they mark their 10 year anniversary with the NetEqualizer.

We continue to work with you to solve some of your most pressing network problems – so if you have one that you would like to discuss with us, please call or email me anytime at 303.997.1300 x103 or art@apconnections.net.

And remember we are now on Twitter. You can follow us @NetEqualizer.

– Art Reisman (CTO)

In this Issue:

:: 8.5 Release – Your Additions

:: 8.5 Release – Features Preview

:: Featured Case Study

:: 20 Gbps NetEqualizer

:: Best of Blog: Five Things to Know About Wireless Networks

8.5 Release – Your Additions

Here is what we added into the 8.5 Release – based on your feedback

We asked for input into our 8.5 Release and you responded with some great ideas – thank you!Here is what we selected for the 8.5 Release, based on three criteria:

1) popularity – how many customers recommended the feature,

2) impact – what we thought would provide the most value to all customers, and

3) alignment – what fit well with the code areas that we planned to work on for 8.5

These two features fit our criteria, and will be discussed in our Features Preview (below)

Active Connections Enhancements
&
DNS Name on RTR Reports

As you can see, your voice does count! So, please keep your suggestions coming. While we cannot guarantee that your specific feature will be built, we always incorporate them into our Features Request database, and then assess for each release.

8.5 Release – Features Preview

 8.5 Release Additions (continued from January)

In January, we talked about Pool-specific RATIO and HOGMIN, and retaining RTR State upon reboot. This month we introduce several more features planned for 8.5:

1) Active Connections Enhancements

Beginning with the 8.5 Release, the Active Connections page in RTR will show you which active connections are currently being equalized. This way, you can see in real-time which IPs are getting penalized on your network. We’ll highlight these connections in the table and allow you to sort based on them.

This suggestion came from one of our university customers!

2) Domain Name System Name (DNS) on RTR Reports

Beginning with the 8.5 Release, certain RTR reports will have a hostname mode that allows you to see the DNS name (hostname from nslookup), along with the IP address. If you have an internal naming system for your organization, this can be extremely valuable in identifying problem users or connections!

This suggestion came from our K-12, university, and business customers!

As always, the 8.5 Release will be free to our customers with valid NetEqualizer Software and Support (NSS) plans.

Featured Case Study

Hobart and William Smith Colleges

Longtime customer Hobart and William Smith Colleges (HWS) recently celebrated 10 years of solid service with the NetEqualizer to help manage their Internet connectivity.

We thought it would be great to share their experience in a Case Study. Derek Lustig, Director of Network and Systems Infrastructure, and his staff, graciously agreed to help put this together with us. Thank you Derek, Christopher, and Christina for sharing your insights!

Here are some excerpts from the Case Study…

…HWS implemented the NetEqualizer solution based on its stellar reputation in the education space as well as its value, which is difficult to match in competing products….

…The NetEqualizer has been a great solution because it is extremely easy to maintain, and – when needed – it just works, says Derek Lustig of HWS.

You can click on the PDF picture to read the full Case Study, or click here to see all our Higher Education testimonials.

20 Gbps NetEqualizer

Our new high-bandwidth unit…

We are currently testing a high-end NetEqualizer with 20Gbps optics, and we have some good news! Our results have shown that we can push close to 15 Gbps with a full load (provided by our shaping simulator courtesy of Candela Technologies). If you plan to be pushing beyond 10 Gpbs in 2017 or 2018, let us know. We would love to talk to you!

If you would like to participate in a trial, let us know that as well.

We will be looking to trial our latest creation under real world conditions later this year.

contact_us_box

Best Of Blog

Five Things to Know About Wireless Networks

By Art Reisman

Over the last year or so, when the work day is done, I often find myself talking shop with several peers of mine who run wireless networking companies. These are the guys in the trenches. They spend their days installing wireless infrastructure in apartment buildings, hotels, and professional sports arenas to name just a few. Below I share a few tidbits intended to provide a high level picture for anybody thinking about building their own wireless network…

Photo of the Month
Saguaro Cactus

The Saguaro is an amazing cactus that can only be found in a very specific climate found in Arizona, California, and Mexico. The cactuses can live to be 150 years old, and are protected by governments that oversee this land. If you are ever in the area, they are worth checking out! The one in this picture has seen better days.

APconnections, home of the NetEqualizer | (303) 997-1300 | Email | Website 

Pros and Cons of Using a Reseller for Networking Equipment


There are various advantages  for using a reseller when purchasing networking equipment.  There are also benefits to buying direct from the Manufacturer. Below we detail those trade-offs with some intelligent introspection.

 

Reseller: Logistics, the reseller holds local stock, and takes care of taxes, tariffs, currency fluctuation in your region.

Within the US and Canada  and other common trading partners, there may be no logistical advantage for ordering from a reseller over  a direct purchase; however if you are in a remote country where most products must be imported it is almost  a necessity. Some countries have less than above-board customs,  and taxation rules, dare I say bribes. In these cases,  a  local reseller who specializes in local corruption etiquette is a necessity .

Reseller: Local Support, easy to reach technical support in your time zone, training, returns, and trials.

A well-trained reseller who  exclusively  handles the product you are purchasing is essentially an extension of the Manufacturer. Think of Automobiles. This complex and expensive product to support, could not exist without a large dealer network. In the world of Networking equipment , some things are becoming  more of a  commodity , routers  ,firewalls, and thus, diminishing the need for a reseller. Buying through a channel and the associated mark up may not be worth the added value ,especially if the manufacturer  offers good direct support , and an overnight replacement policy.

Reseller: Pre Sale Product Knowledge, a good reseller will educate and explain options for the products they represent.

The potential downside here is that often the Reseller is motivated by the Equipment they give them better OEM incentives to sell, hence if they are selling more than one product line, they may actually downplay one over the other.

Reseller: Representation to the manufacturer , for new features, re-calls

The reseller often times can carry clout to represent you back to the Manufacturer since they represent many sales , they can be very  beneficial if you have a problem that needs to be resolved by the manufacturer .

Reseller:  Requirements for competitive bid, or government contract dictating approved venders

Companies that provide this type service are generally puppets set up by a government agency , often out of political need to create jobs.  If you work for a government agency that forces you to buy through an approved reseller , you are likely well aware of the game.

Reseller and Manufacturer: Personal Relationships

Having  a trusting relationship with the person you purchase equipment from is the tried and true way of doing business in many industries, and often these relationships trump all other factors.  I personally try not buy based on relationships because I feel it is a disservice to my employer, hence I keep them at arm’s length.

Manufacturer: Price Price Price

Buying direct from the Manufacturer should give a major price break. Any product purchased through a reseller channel is going to add a minimum 35 percent to the direct price and often even double or even  triple, depending upon the product and number of hops in the channel. OEMs and channels partners have had a love hate relationship since perhaps biblical times. As mentioned above, personal relationships are the key to most sales in many industries,  and for this  reason  manufacturers must rely on a local sales partner. On top of that, there are also agreements that manufactures sign so as not to undercut the local reseller price, hence the end customer has no choice but to purchase through a reseller. For many traditional products. However new companies  coming on the market are often going direct to get a pricing advantage, after you talk to your reseller for a product  be sure and do some research on your own and look for similar products sold direct, the price difference could be significant.

Manufacturer:Support

Why is it that Cisco’s best customers  are provided with direct engineering support?  The answer is simple, because it is better.  If you can get direct support take it.  I’ll leave it at that.

For Profit Wired Home Internet, is it Coming to an End?


mob

Low resolution ghost mode is where your video quality drops down to save bandwidth.  The resulting effect transforms once proud basketball players into a slurry of mush, as their video molecules are systematically destroyed.”

Last night, I was trying to watch a basketball game on my Hulu through my Business class Comcast line, which promises 20 meg down and 4 meg up.  Not only was my Hulu feed breaking up periodically, but my Drop Cam was going up and down constantly, and sending me emails that it was offline.  I checked my bandwidth through my NetEqualizer to find that I was not even pulling 6 megabits, less than 1/3 my contracted rate.   When  Hulu was not locking up completely, it was dropping down into low resolution ghost mode.  I have documented my Comcast findings before through various experiments. Clearly, Comcast has upstream congestion issues or is shaping selected video traffic. Either way I am at their mercy when trying to watch video on the Internet.

What options does one have for alternative Internet service in the Denver Metro area, or for that matter other Metro Areas around the country?

Option #1 Get Closer to the Source

Beam Internet directly via Microwave Link from a hot building. A friend of mine runs an ISP that does essentially this.  He buys large bulk bandwidth and from a point of presence rooftop downtown, he can beam internet via  point-to-point circuit, directly to your residence or building.  I called him out of desperation but I am not in line of sight for any of his services.

Option #2  Century Link

They constantly run commercials touting they are better than Comcast. I call them perhaps once a year or so, only to find out that my neighborhood is not wired for their high speed service.

Option #3  Use my unlimited T-Mobile as a Hot Spot 

Believe it or not, I actually did this for a while,  and the video service was a bit better than Comcast. The problem with this solution is that T-Mobile will drop your speeds down once you have consumed 24 Gigabytes in a month, and it will become useless for anything other than email.    (24 Gigabytes would be approximately 4 full length movies).

Option #4 Move

The city just to the North of me , Longmont, put in it’s own fiber ring to the curb. Early reports are that it works great, and that the residents love it. Since it is essentially a public utility,  there are no shaping games destroying your Hulu.  If you contract for 20 megabits, you get 20 megabits. And now the city of Boulder is considering doing the same.

With two nearby cities essentially kicking out their entrenched providers within a few miles of my home, I can see other municipalities quickly following suit.  Having good quality, affordable municipal Internet service is not just a luxury for a city, it is essential for economic development.  As I can attest, it will be a factor in where I choose to live the next time I move. I will not put myself at the mercy of Comcast again.

By Art Reisman

 

 

NetEqualizer News: January 2017


We hope you enjoy this month’s NetEqualizer Newsletter. Highlights include a preview of more 8.5 Release features, an announcement of our 8.4 User Guide, our planned 2017 Road Trips, and more!

 

  January 2017

 

8.5 Release Planning is Underway!
Greetings! Enjoy another issue of NetEqualizer News.

As we kick off the new year, I am excited to begin development on our 8.5 Release, currently planned for late spring/early summer. This month, we continue to discuss the features planned for 8.5.img_2686I also like to get out in the field to meet with our customers, and those interested in the NetEqualizer. Check out my 2017 Road Trip plans in this month’s newsletter.

And finally, we have the 8.4 User Guide available, for those of you who like to delve into our features in detail – enjoy!

We continue to work with you to solve some of your most pressing network problems – so if you have one that you would like to discuss with us, please call or email me anytime at 303.997.1300 x103 or art@apconnections.net.

And remember we are now on Twitter. You can follow us @NetEqualizer.

– Art Reisman (CTO)

In this Issue:

:: 8.5 Release Features Preview

:: 8.5 Feedback Received – Thank You!

:: The 8.4 User Guide is Now Available!

:: 2017 Road Trips

:: Time for a Tech Refresh?

:: Best of Blog: Top 5 Reasons Confirming Employers Don’t Like Their IT Guy

8.5 Release Features Preview

We are staring to develop our 8.5 Release!

Continued from November 2016

In November we talked about Cloud Reporting, Read-Only Login, and NetEqualizer Logout.

This month we introduce several more features planned for 8.5:

1) Pool-specific RATIO and HOGMIN

2) Retain RTR State Upon Reboot

Pool-specific RATIO and HOGMIN

Ever since we first started making NetEqualizers, there has been one RATIO and one HOGMIN setting that applied to all traffic going through the device. Beginning with Release 8.5, however, we’ve enhanced our software to allow for Pool-specific RATIO and HOGMIN settings. This means that each Pool can have it’s own unique configuration with regard to these values. These changes help administrators have more fine-tuned control over when Equalizing occurs and what the minimum requirements for Equalizing will be on a Pool level rather than a network level.

Retain RTR State Upon Reboot

This has been one of the most requested features ever since we introduced RTR, and we are happy to say it will be part of Release 8.5. With this release, RTR will start upon reboot and maintain all your reporting settings so that you don’t need to go back into the device and start the service manually. This is useful in case the device is affected by a power outage or another type of unplanned activity.

Stay tuned to our newsletter for further updates on Release 8.5. We are currently underway in the development process and are still shooting for a late spring/early summer release. As always, the release is free to those with valid NetEqualizer Software and Support (NSS) plans. Contact us today with questions!

contact_us_box

8.5 Feedback Received – Thank You!

 We Appreciated Your Suggestions!

We asked for input to our 8.5 Release and you responded with some great ideas – thank you!fancy thank-you

Here are the features that you asked us to consider for 8.5. We will let you know what makes it over the course of future newsletters…

– Quota Enhancements: Email Customer on Exceed Quota, Summary Email before Reset, Quota in the Cloud, Web Portal

– Add sophisticated SNMP logic

– Protocol Tracking Reports

– Traffic by Source IP Report

– Bandwidth Test for Troubleshooting

– Build out Automated Alerts

– Add Real-Time Penalties to RTR Dashboard

– Add Name capability to HL, Masks, VLANs, P2P, and Priority

– Add Visibility to Penalty against what Rule

– Add Host Name from NSLookup to RTR Reports

If any of the above suggestions would also be useful to you and your organization, please let us know!

unnamed-3

The 8.4 User Guide is Now Available!

Dive into the details on NetEqualizer’s features…

We are excited to announce the User Guide has been updated to reflect Software Update 8.4, in several key areas.screenshot-at-feb-08-23-53-34

We have focused on updating the configuration sections, describing our new Batch Entry Screens for setting up Bandwidth Limits, limiting P2P Traffic, setting Bandwidth Priorities, and restricting Bandwidth Usage.

We also have added a new section to the User Guide, which walks through our Perform Quick Edits capability.  Quick Edits is useful when you want to add or delete one or a small number of rules.  We offer Quick Edits for seven (7) types of rules, including Pools, Hard Limits, and P2P Traffic Limits.

You can view the updated User Guide by clicking here or on the picture at right.

Note that the Appendices and Monitoring & Reporting sections are not yet updated to 8.4.

We plan to update the remaining sections of the User Guide to 8.4 soon. Look for an update in an upcoming newsletter!

2017 Road Trips

We’re hitting the road…

Our CTO, Art Reisman, is planning to make a swing up the East coast this spring. Most likely he will be in the Boston and New England area the week of Feb 20th – with some room for flexibility in the timeframe. If you are on the East coast and would like to host a formal on-site Tech Refresh, let us know and we will try to get it scheduled!

contact_us_box

Time for a Tech Refresh?

Re-familiarize yourself with NetEqualizer!

Now that Release 8.4 has been out for 6 months, and many customers have moved to it, you may have questions! Release 8.4 had a lot of changes associated with it that may be slightly confusing if you are used to older GUI versions.

Don’t worry though, we are here to help! If you are current on your NetEqualizer Software and Support (NSS) plan, we’d like to offer you a FREE 30 minute Tech Refresh to go over any questions or issues you might have with your NetEqualizer. Contact us today to schedule a time slot with an engineer!

contact_us_box-1

Best Of Blog

Top 5 Reasons Confirming Employers Don’t Like Their IT Guy

By Art Reisman

ca3b912d-b4a8-40d4-a2a8-320abe66658e

1) The IT room is the dregs

Whenever I travel to visit with my IT customers, it is always a challenge to find their office.  Even if I find the right building on the Business/College Campus, finding their actual location within the building is anything but certain. Usually it ends up being in some unmarked room behind a loading dock, accessible only by secret passage designed to relieve the building of cafeteria waste near the trash bins. Many times, their offices are one and the same thing as the old server computer room, with the raised floor, screaming fans, and air cooled to a Scottish winter…

Photo of the Month
a4b5df23-0e88-48dc-a3c3-82e7b0d74d94
TEDx Aruba

This past fall, a staff member and his wife, Andrea, visited the island of Aruba in the south Caribbean Sea. The official slogan for the country is “One Happy Island,” and this held true the entire trip – all of the people were extremely friendly and welcoming. The purpose of the trip was to present at TEDx Aruba on the topic of sustainability – specifically how our trash plays a role in the most pressing environmental issues of our time. Andrea runs a non-profit based in Boulder, CO that helps educate people on how to reduce their trash and plastic footprint as well as live more simple, meaningful lives. Check out her website and follow her on Instagram if you are so inclined!

APconnections, home of the NetEqualizer | (303) 997-1300 | Email | Website 

Five Things to Know About Wireless Networks


By Art Reisman
CTO, APconnections

overwhelmed

Over the last year or so, when the work day is done, I often find myself talking shop with several peers of mine who run wireless networking companies.  These are the guys in he trenches. They spend their days installing wireless infrastructure in apartment buildings , hotels, professional sports arenas to name just a few.  Below I share a few tidbits intended to provide a high level picture for anybody thinking about building their own wireless network.

There are no experts.

Why? Competition between wireless manufacturers is intense. Yes the competition is great for innovation, and  certainly wireless technology has come a long way in the last 10 years; however these fast paced  improvements come with a cost.  New learning curves for IT partners, numerous patches, combined with  differing approaches,   make it hard for any one person to become an expert.    Anybody that works in this industry usually settles in with one manufacturer perhaps 2, it is moving too fast .

The higher (faster) the frequency  the higher the cost of the network.

 Why ? As the industry moves to standards that transmit data at higher data rates, they must use higher frequencies to achieve the faster speeds.  It just so happens that these higher frequencies tend to be less effective at penetrating   through buildings , walls, and windows.   The increase in cost comes with the need to place more and more access points in a building to achieve coverage.

Putting more access points in your building does not always mean  better service. 

Why?  Computers have a bad habit of connecting to one access point and then not letting go, even when the signal gets weak.    For example when you connect up to a wireless network with your lap top in the lobby of a hotel, and then move across the room, you can end up in a bad spot with respect to original access point connection. In theory, the right thing to do would be to release your current connection and connect to a different access point. Problem is most of the installed base of wireless networks , do not have any intelligence built in  to get you routed to the best access point,hence even a building with plenty of coverage can have maddening service.

Electro Magnetic Radiation Cannot Be Seen

So What?  The issue here is that there are all kinds of scenarios where the wireless signals bouncing around the environment can destroy service. Think of a highway full of invisible cars traveling in any direction they wanted.  When a wireless network is installed the contractor in charge does what is called a site survey. This is involves special equipment that can measure the electro magnetic waves in an area, and helps them plan how many and where to install wireless access points ;  but once installed, anything can happen. Private personal hotspots , devices with electric motors, a change in metal furniture configuration are all things that  can destabilize  an area, and thus service can degrade for reasons that nobody can detect.

The more people Connected the Slower their Speed

Why?  Wireless  access points use  a technique called TDM ( Time Division Multiplexing) Basically available bandwidth is carved up into little time slots. When there is only one user connected to access point, that user gets all the bandwidth, when there are two users connected they each get half the time slots. So that access point that advertised 100 megabit speeds , can only deliver at best 10 megabits when 10 people are connected to it.

Related Article

Wireless is nice but wired networks are here to stay

Seven Tips To Improve Performance of your Wireless Lan

Top 5 Reasons Confirming Employers Do Not Like Their IT Guy


it guy

  • The IT room is the dregs
    Whenever I travel to visit with my IT customers, it is always a challenge to find their office.   Even if I find the right building on the Business/College Campus, finding their actual location within the building is anything but certain.  Usually it ends up being in some unmarked room behind a loading dock, accessible only by secret passage designed to relieve the building of cafeteria waste near the trash bins.   Many times, their offices are one and the same thing as the old server computer room, with the raised floor, screaming fans, and air-cooled to a Scottish winter.
  • Nobody knows you are in the building.  Often times I enter the building on the upper floors, the floors with windows and young well-dressed professionals trying to move up the ladder.  Asking these people if they know where the IT room is usually brings on blank stares of confusion and embarrassment.  To them, the IT guy is that person they only see when their computer fails with a virus.  Where he emanates from nobody knows, perhaps a trap door opens in the floor. I am not making this up.  The usually way I am instructed to meet the IT guy is tht they send me an e-mail instructing me to meet at some well-known landmark out front, like a fountain or statue with a rendezvous time.
  • You are expected to be an expert in Wireless technology. Let’s face it, the companies that make wireless controllers are sending out patches almost hourly. Why? Because they have no idea what works in the real world, and so you are part of the experiment.  The real fact is nobody is an expert in real-world wireless technology. As the IT guy, you can never admit to any holes in your wireless knowledge. If you are not willing to lie, there are plenty of people with no experience willing to make that claim with a straight face.  You just can’t be honest about this – because your boss has already told his boss you are an expert.  Here is the last paragraph of a recent article on Verizon’s trial with the latest 5G wireless….

Of course, 5G wireless has never been truly tested at scale in true market scenarios. There’s talk of gigabit capable speeds, but how would a single tower supporting fixed wireless 5G at scale compare to fiber and HFC based networks connected all the way to homes and businesses? No one really knows – yet.

Setting up a new wireless network with the latest technology is like a taking a physics test in wave propagation before you have taken the class, and expecting to pass.

  • You will never get rewarded if things work without issues.  I like to compare a good IT tech to a good umpire or a ref in a soccer game.  At best, if they do a perfect job, nobody notices them.   If I ran a big company, I would hand out bonuses to my IT staff for the days I did not need them, but I do not have an MBA. (see next paragraph)
  • Any time a  company hires a brilliant MBA from some business school, the first thing they do is explore outsourcing the IT staff.  Why ? Because nobody teaches them anything about IT in business school. They live in a fantasy world where some unknown third party with a slick brochure, and an unrealistic low-ball estimate, is going to care more about IT needs than the 4 poor schlubs in the basement who have been loyal for years. You and the in-house staff have always been on call, missing many weekends over the years, just to insure the IT infrastructure stays up, and yet the Harvard guy will shoot himself in the foot with outsourcing every time.

Proving The Identity of The DNC Hacker Not Likely


Screen Shot 2016-04-05 at 10.07.59 AM.png

By Art Reisman

CTO, APconnections

Inspired by the recent accusations regarding  the alleged Russian Hacking of the DNC e-mail servers, I ask the question, is it really possible for our intelligence  agencies to say with confidence exactly who hacked those servers?  I honestly don’t think so. To back up  my opinion, I have decided to  take our faithful blog readers through the mind and actions of  a professional hacker,  intent on breaking into a  corporate e-mail server, without leaving a trace. From there you can draw your own conclusions.

My  hacking scenario below is based  on actual techniques that our own ethical hackers use to test security at corporations. These companies  contract with us to deliberately  break into their It systems, and yes sometimes we do break in.

First we will follow our hacker through the process of a typical deliberate illegal break in, and then we will  analyze the daunting task of a forensic expert must deal with after the fact.

 

Here we go….

Phase I

  • First I need a platform for the first phase  of my attack. I want to find a computer with no formal ties to my identity. Just like  the public telephone booth of the 70’s and 80’s were used for calling in bomb threats,  the computers in your   public  libraries can easily conceal my identity.
  • To further cover my trail, I bring my own  flash memory with me to the library, it contains a software program commonly referred to  as  “BOT”. This allows me to move data programs onto the library computer without doing something like logging into my personal e-mail , which would leave a record of me being there.  In this case my BOT  specializes in crawling the Internet looking for consumer grade desktop computers to break into.
  • My BOT  searches the Internet at random looking for computers which are un-protected.  It will hit several thousand computers an hour for as long as I let it run
  • I don’t want to go to long with my BOT running from the Library,  because all the outbound activity it generates, may be detected as a virus by an Upstream ISP. The good news in my favor is that  BOTs both friendly and malicious are very common. At any time of the day there are millions of them  running all over the world.

Note, running a bot in itself is not a crime, it is just bad etiquette and annoying.  It is extremely unlikely that anybody would actually be able to see that I am trying to hack into computers (yes this is a crime)  with my BOT , because that would take very specialized equipment , and since I chose my Library at random the chances of drawing attention at this stage are minuscule. Typically a law enforcement agency must attain a warrant to set up their detection equipment.  all the upstream provider would sense is an unusual high rate of traffic coming out of the library.

  •  Once my bot has found some unprotected home computers and I have their  login credentials, I am ready for phase 2 . I save off their IP addresses and credentials, and delete the bot from the computer in the Library and leave never to return.

You might be wondering how does a BOT get access to home computers?  Many are still out there running very old versions of Windows or Linux and have generic passwords like “password”. The BOT attempts to login   through a well  known service such as SSH ( remote Login) and guesses the password. The BOT may run into 1,000 dead ends or more before cracking a single computer. Just like a mindless robot should,  it works tirelessly without complaint 

Phase II

  •  I again go to the Library and set up shop. Only this time instead of a BOT I come armed with phishing scam e-mail on my Flash.  From a computer in the library I   remotely login into one of the home computers whose credentials I attained in Phase 1 and set up shop.
  • I set up a program that will send e-mails from the home computer to people who work at the DNC with my  trojan horse content.

If I am smart, I do a little research on their back ground(s) of the poeple I sending to so as to make the e-mails as authentic as possible. Most consumers have seen the obvious scams where you get some ridiculous out of context e-mail with a link to open some file  you never asked for, that works for mass e-mailing to the public, hopeing to find  a few old ladies, or the computer illiterate, but I would assume that people who work at the DNC , would just think it is a spam e-mail and delete it.  Hence, they get something a little more personalized.   

How do I find the targeted employ e-mails at the DNC ?  That is a bit easier , many times they are published on a Web site, or  I simply guess at employee e-mails addresses , such as hclinton@dnc.com.

  • If any of the targeted e-mails I have sent to a DNC employee are opened they will, unbeknowest to them, be  installing  a keystroke logger that captures everything they type. In this way when they login into the DNC e-mail server I also get a login and access to all their e-mails

 How do I insure my victim does not suspect they have been hacked ? Stealth , Stealth , Stealth.  All of my hacking my tools such as my keystroke logger have very small inconspicuous footprints. I am not trying to crash or detroy anything at the DNC.  The person or persons who systems I gaing entry through most likely will never know.  Also I will only be using them for a very short period of time, and I will delete them on my way out.

  • Getting e-mail access. Once the keystroke logger is in place I have it report back to another one of my hacked personal computers. In this way the information I am collecting will sit on a home computer with no ties to back to me. WHen I go to collet this information , I again go to a Library with my flash card and download key stroke information, eventually I directly load up al the e-mails I can get onto my flash drive while in the Library.  I then take them to the Kremlin ( or whoever I work for and hand over the flash drives containing 10’s of thousands of e-mails for off line analysis.

 

Debunking the Russian Hacking Theory

The FBI purports to have found a  “Russian Signature file ” on the DNC server?

  •  It’s not like the hacking community has dialects associated with their hacking tools.  Although  If I was a Chinese hacker I might make sure I left a path pointing back at Russia  , why  not ? . If you recall I deleted my hacking tools on the way out, and yes I know how to scrub them so there is no latent foot print on the disk drive
  • As you can infer from my hacking example , I can hack pretty much autonomously from anywhere in the US or the world for that matter, using a series of intermediaries and without ever residing at permanent location.
  • Even if the FBI follows logs of where historical access into the DNC  has come from, the trail is going to lead to some Grandma’s computer at some random location. Remember all my contacts directly into the DNC were from my Hijacked Grandma computers. Perhaps that is enough to draw a conclusion so the FBI can  blame some poor Russian Grandma.  As the  real hacker all the better for me, let Grandma take the diversion, somebody else is going to get the blame.
  • Now let’s suppose the FBI is really on the ball and somehow figures that Grandma’s computer was just a shill hijacked by me. So they get a warrant and raid Grandma’s computer and they find a trail .  This  path is going to lead them back to the Library where I sat perhaps 3 months ago.
  • We can go another step farther, suppose the library had video surveillance and they caught me coming and going , then just perhaps they could make an ID match

By now you get the idea, assuming the hacker was a foreign sponsored professional and was not caught in the act, the trail is going to be impossible to make any definite conclusions from.

To see another detailed account of what it takes to hack into a server please  visit our 2011 article “Confessions of a hacker

Economics of the Internet Cloud Part 1


Screen Shot 2016-04-05 at 10.07.59 AM.png

By Art Reisman

CTO, APconnections

Why is it that you need to load up all of your applications and carry them around with you on your personal computing device ?   From  I-bird Pro, to your favorite weather application, the standard operating model  assumes you purchase these things , and then  affix them to your medium of preference.

Essentially you are tethered to your personal device.

Yes there are business reasons why a company like Apple would prefer this model.   They own the hardware and they control the applications, and thus it is in their interest to keep you walled off and loyal  to your investment in Apple products.

But there is another more insidious economic restriction that forces this model upon us. And that is a lag in speed and availability of wireless bandwidth.  If you had a wireless connection to the cloud that was low-cost and offered a minimum of 300 megabits  access without restriction, you could instantly fire up any application in existence without ever pre-downloading it.  Your personal computing device would not store anything.   This is the world of the future that I referenced in my previous article , Will Cloud Computing Obsolete Your Personal Device?

The X factor in my prediction is when will we have 300 megabit wireless  bandwidth speeds across the globe without restrictions ?  The assumption is that bandwidth speed and prices will follow a similar kind of curve similar to improvements in  computing speeds, a Moore’s law for bandwidth if you will.

It will happen but the question is how fast, 10 years , 20 years 50 years?  And when it does vendors and consumers will quickly learn it is much more convenient to keep everything in the cloud.  No more apps tied to your device.  People  will own some some very cheap cloud space for all their  “stuff”,  and the  device on which it runs will become  less  and less important.

Bandwidth speed increases in wireless are running against some pretty severe headwinds which I will cover in my next article stay tuned.

Will Cloud Computing Obsolete Your Personal Device?


Screen Shot 2016-04-05 at 10.07.59 AM.png

By Art Reisman

CTO, APconnections

Twenty two years ago, all the Buzz  amongst the engineers in the AT&T Bell  labs offices,  was a technology called “thin client”.     The term “cloud” had not yet been coined yet,  but the seeds had been sowed.  We went to our project managment as we always did when we had a good idea, and as usual, being the dinosaurs that they were, they could not even grasp the concept , their brains were three sizes tooo small, and so the idea was tabled.

And then came  the Googles,  and the  Apples of the world,  the disrupters.  As bell labs reached old age , and wallowed in its death throws, I watched from afar as cloud computing took shape.

Today cloud computing is changing the face of the computer and networking world.   From my early 90’s excitement, it took over 10 agonizing years for the first cotyledons to appear above the soil. And even today,  20 years later, cloud computing is in its adolescence, the plants are essentially teenagers.

Historians probably won’t even take note of those 10 lost years. It will be footnoted as if that transition  time was instantaneous.  For those of us who waited in anticipation during  that incubation period , the time was real, it lasted over  1/4 of our professional working  lives.

Today, cloud computing is having a ripple effect on other technologies that  were  once assumed sacred. For example, customer premise networks and all the associated hardware are getting flushed down the toilet.    Businesses are simplifying their on premise networks and will continue to do so.  This is not good news for Cisco, or the desktop PC manufactures , chip makers and on down the line.

What to expect 20 years from now.   Okay here goes, I predict that the  “personal” computing devices that we know and love, might fall into decline in the next 25 years. Say goodbye to “your” IPAD or “your” iPhone.

That’s not to say you won’t have a device at your disposal for personal use, but it will only be tied to you for the time period for which you are using it.   You walk into the store , along with the shopping carts  there are  stack of computing devices, you pick one up , touch your thumb to it, and instantly it has all your data.

Imagine if  personal computing devices were so ubiquitous in society that you did not have to own one.  How freeing would that  be ?  You would not have to worry about forgetting it, or taking it through security . Where ever happened to be , in a  hotel, library, you could just grab one of the many complimentary devices stacked at the door, touch your thumb to the screen , and you are ready to go, e-mail, pictures , games all your personal settings ready to go.

Yes  you would  pay for the content and the services , through the nose most likely, but the hardware would be an irrelevant commodity.

Still skeptical ?  I’ll cover the the economics of how this transition will happen in my next post , stay tuned.

NetEqualizer News: November 2016


We hope you enjoy this month’s NetEqualizer Newsletter. Highlights include a 8.5 Release feature preview, customer testimonials, and more!

 

  November 2016

 

8.5 Release Planning is Underway!
Greetings! Enjoy another issue of NetEqualizer News.

As we start into the holiday season here in the U.S., I am thankful for many things. First, I want to THANK YOU, our customers, for making this all worthwhile.

fancy thank-you

In my conversations with customers & prospects, I hear over & over how much our behavior-based shaping (aka equalizing) saves you time, money, and headaches. Thank you for validating all our efforts here at APconnections!

I am also thankful that the Presidential Election is over in the U.S., as I am tired of seeing political TV advertisements, which seem to be on every 10 minutes.

We continue to work with you to solve some of your most pressing network problems – so if you have one that you would like to discuss with us, please call or email me anytime at 303.997.1300 x103 or art@apconnections.net.

And remember we are now on Twitter. You can follow us @NetEqualizer.

– Art Reisman (CTO)

In this Issue:

:: 8.5 Release Features Preview

:: We Want Your Suggestions for the 8.5 Release!

:: Is Anyone Out There Still Suffering From DDoS Attacks?

:: Featured Customer Testimonials

:: Best of Blog: Using NetEqualizer to Ensure Clean, Clear QoS for VOIP Calls

8.5 Release Features Preview

We are staring to plan our 8.5 Release!

We have started putting together initial plans for our late spring software update – 8.5 Release. We have some exciting features in mind! Here is a preview of several features that will be included:

Cloud Reporting

Have you ever wanted to access reporting data for longer than 4 weeks? The reason for the current NetEqualizer limit is that we can only store so much data on the device itself.unnamed-2

Our new Cloud Reporting offering will allow you to store historical NetEqualizer data for an extended period of time. You’ll be able to seamlessly pull this data from the Cloud and display the results on your NetEqualizer, or use it for other reporting and archiving purposes.

Read-only Login Account (customer feature request)

The NetEqualizer has always used basic HTTP authentication for it’s one account, but that is about to change! The next release will have a more standard login page with two roles – the current administrator role as well as a NEW read-only account role. The read-only account will let non-technical staff log in and view reports as well as a few other features.fsdf

NetEqualizer Logout (customer feature request)

We will support web application sessions with both log in & log out. Today we offer login but in 8.5 users will also be able to securely log their session out once they are finished using the GUI.

We are very excited about enhancing our recent 8.4 Release user interface with these changes. Stay tuned to the newsletter for updates on 8.5 features, release dates, and more!

We Want Your Suggestions for the 8.5 Release!

 We want your help! Last call for suggestions for our 8.5 Release.

Now is your last chance for 8.5 Release feature requests!

Many of our best features come from customer requests. For example, for all of you that wanted to have a read-only account for NetEqualizer administration, you’ll be happy to know that we have included it in our upcoming 8.5 Release. Our NetEqualizer Logout is also based on a customer suggestion.

For those suggested features that don’t make the cut, it is not because we did not like them (we like all the suggestions), but we have to filter on features that apply to a large set of our customers. We also keep track of all feature requests, so if yours does not make it into 8.5, it may be scheduled in a future release.

We only know what features you are interested in if you speak up! We have no way of knowing if a feature is popular or not unless we hear from you. So please, think deep and tell us what features would make the NetEqualizer tool more valuable to you!

Here are some questions you can ask yourself or your IT team to come up with ideas:

  1. What feature could I use to help us troubleshoot network problems, perhaps something you need to see in our reports?
  2. What feature would further help optimize our bandwidth resource, perhaps your wireless network has unique challenges?
  3. What security concerns do you have? Anything in the DDoS arena?
  4. What feature could be added to make setup and maintenance more efficient?

unnamed-3

Is Anyone Out There Still Suffering from DDoS Attacks?

What have your experiences been?

Perhaps the Russians have given up on hacking? We are not sure, but we certainly have seen a big drop off in DDoS help requests to our support team – so much so that we have put our DDoS firewall enhancement plans on hold.

We were working on a feature request to block foreign IP’s by connection count as one of our DDoS triggers. It would work something like this:

A NetEqualizer customer sets a white list for public IP’s to let through (not blocked). Any other public IP hitting the network with more than X active connections would trigger an alert or possibly a block based on your preference.

We need to know if such a feature, or another DDoS approach would be better, based on your experience.

Let us know what you have been seeing as far as DDoS attacks on your network!

unnamed-4

Featured Testimonials

What our customers are saying…

We take great pride in ensuring our customers are happy with their NetEqualizer! You can find all of our customer testimonials on our website under the “Customers” menu.

Here are just a few testimonials that we’ve received in 2016:

Reed Collegeunnamed-6

“We’ve had NetEqualizers on campus at Reed for several years and continue to be very happy with the product. We have a very small staff and don’t have time to “tune” a device like a Packetshaper. Instead the NetEqualizer is protocol agnostic in the way it shapes traffic for most users but also allows us to quickly prioritize some traffic if necessary.

Over the years the NetEqualizer has saved us countless hours of staff time. We did lose some visibility into what is happening on our border network but our IDS/IPS replaced that functionality. NetEqualizer is an excellent product.”Gary Schlickeiser – Director of Technology Infrastructure Services

Thanks Gary for your kind words!

Edmonton Regional Airport Authorityunnamed-7

“We presently use two NE3000 units for Internet traffic control and monitoring in a redundant setup. At present we have a maximum of 600 Mbps Internet throughput, with over 300 IP addresses in use in some 120+ address Pools.

The NetEqualizer is a very useful tool for us for monitoring and setting speeds for our many users. Most of the feeds come straight off our Campus network, which is spread over a seven kilometer distance from one end of the airdrome to the other. We also feed a number of circuits to customers using ADSL equipment in the older areas where fiber is not yet available. Everything runs though the “live” NE3000!

Controllability and monitoring is key for our customers, as they pay for the speed they are asking for. With the RTR Dashboard, we continually monitor overall usage peaks to make sure we provide enough bandwidth but, more importantly, to our individual customers. Many customers are not sure of how much bandwidth they need, so using the Neteq we can simply change their speed and watch the individual IP and/or Pool usage to monitor. This becomes especially useful now as many customers, including ourselves, use IP telephony to remote sites; so we need to maintain critical bandwidth availability for this purpose. That way when they or we have conference calls for example, no one is getting choppy conversations. All easily monitored and adjusted with the Dashboard and Traffic Management features.

We also have used the Neteq firewall feature to stop certain attack threats and customer infected pcs or servers from spewing email or other reported outbound attacks, not a fun thing but it happens.

Overall a very critical tool for our success in providing internet to users and it has worked very well for the past 8 or more years!”Willy Damgaard – Network and Telecom Analyst

Thanks Willy! We are happy to help.

Cooperative Light & Powerunnamed-8

“Our company is an electric utility and we have a subsidiary WISP with about 1,000 unlicensed fixed wireless customers. We purchased our first NetEqualizer about a year ago to replace our fair access policy server from another company. The server we replaced allowed burst then sustained bandwidth so we weren’t sure if “equalizing” would work, but it works extremely well as advertised.

The NetEqualizer is stable and actually requires very little maintenance after initial configuration. In our case, we wanted to limit the upper end of what a customer could use (max burst). We were able to set that parameter in our wireless CPE’s. Then we set the equalizing pools for the size of our APs. The NetEqualizer can do a burst then sustained then burst at equal intervals, but to our surprise we actually didn’t need to use it.

We also purchased the DDoS Firewall and that is working nicely as well for quick identification of attacks. Perhaps the most important thing to note is the support is excellent. From sales to engineering the team is very responsive and knowledgeable. We were so impressed that we actually purchased a second NetEqualizer to handle the rest of our network. This company is A+.”Kevin Olson – Communication Manager

Thanks Kevin!

It is wonderful to hear such glowing feedback from one of our newer customers! If you would like to share your feedback on the NetEqualizer, to be highlighted in a future NetEqualizer News, click here to send us an email.

unnamed-5

Best Of Blog

Using NetEqualizer to Ensure Clean, Clear QoS for VoIP Calls

By Art Reisman
 
Last week I talked to several ISP’s (Note: these were blind calls, not from our customers) that were having issues with end customers calling and complaining that their web browsing and VOIP calls were suffering. The funny thing is that the congestion was not the fault of the ISP, but the fault of the local connection being saturated with video. For example, if the ISP delivers a 10 meg circuit, and the customer starts two Netflix sessions, they would clog their own circuit.
Those conversations reminded me of an article I wrote back in 2010 that explains how the NetEqualizer can alleviate this type of congestion for VoIP. Here it is…

Photo of the Month
img_2686
Hiking Near Caribou Ranch
It’s been unseasonably warm in Colorado this fall. We’ve been taking advantage of this by hiking in the mountains amidst the changing leaf colors. 
APconnections, home of the NetEqualizer | (303) 997-1300 | Email | Website 

Crossing a Chasm, Transitioning From Packet Shaping to the Next Generation Bandwidth Shaping Technology


Screen Shot 2016-04-05 at 10.07.59 AM.png

By Art Reisman

CTO, APconnections

Even though I would self identify as an early adopter of new technology, when I look at my real life behavior, I tend to resist change and hang on to   technology that I am comfortable with.   Suffice it to say, I  usually need an event or a gentle push to get over my resistance.

Given that technology change is uncomfortable,  what follows is a gentle push, or perhaps a mild shove, to help anybody who is looking to pull the trigger on moving away from Packet Shaping into a more sustainable, cost-effective alternative.

First off, lets look at why packet shaping (layer 7 deep packet inspection) technologies are popular.

“A good layer 7 based tool creates the perception of complete control over your network. You can see what applications are running, how much bandwidth they are using, and make adjustments to flows to meet your business objectives.”

Although the above statement appears idyllic, the reality of implementing packet shaping, even at its prime, was at best only 60 percent accurate.  The remaining 40 percent of traffic could never be classified, and thus had to shaped based on guess work or faith.

Today, the accuracy of packet classification continues to slip. Security concerns are forcing most content providers to adopt encryption. Encrypted traffic cannot be classified.

In an effort to stay relevant, companies have moved away from deep packet inspection to classifying traffic by the source and destination (source IP’s are never encrypted and thus always visible).

If your packet shaping device knows the address range of a content provider, it can safely assume a traffic type by examining the source IP address.  For example, Youtube traffic emanates from a source address owned by Google.  The draw-back with this method is that savvy users can easily hide their sources by using any one of the publicly available VPN utilities out there.  The personal VPN world is exploding as individual users are moving to VPN tunneling services for all their home browsing.

The combination of VPN tunnels and encrypted content is slowly transforming the best application classifiers into paper weights.

So, what are the alternatives?   Is  there something better?

Yes, if you can let go of concept of controlling specific traffic by type,  you can find viable alternatives.  As per our title, you must “cross the chasm”, and surrender to a new way of bandwidth shaping, where decisions are based on usage heuristics, and not absolute identification.

What is a heuristic-based shaper ? 

Our heuristic-based bandwidth shapers borrow from the world of computer science and a CPU scheduling technique called shortest job first (SJF).  In today’s world,  a “job” is synonymous with an application.  You have likely unknowingly experienced the benefits of a shortest job first scheduler when you use a linux-based laptop, such as a MAC or Ubuntu.  Unlike the older Windows operating systems where one application can lock up your computer, such lock ups are rare on Linux .  Linux uses a scheduler that allows preemption to let other applications in during peak times, so they are not starved for service.     Simply put,  a computer with many applications using SJF will pick the application it thinks is going to use the least amount of time and run it first. Or preempt a hog to let another application in.

In the world of bandwidth shaping we do not have the issue of contended CPU resources, but we do have an overload of Internet applications that vie for bandwidth resources on a shared link.   The NetEqualizer uses SJF-type techniques to preempt users who are dominating a bandwidth link with large downloads and other hogs. Although the NetEqualizer does not specifically classify these hogging applications by type , it does not matter. The hogging applications, such as large downloads and high resolution video, by their large foot print alone, are given lower priority.  Thus the business critical interactive applications with smaller bandwidth resource consumption get serviced first.

Summary

The issue we often see with switching to heuristic-shaping technology is that it goes against the absolute control-oriented solution offered by Packet Shaping.  The alternative of sticking with deep packet inspection and expecting to get control over your network is becoming impossible, hence something must change.

The new heuristic model of bandwidth shaping accomplishes priority for interactive cloud applications, and the implementation is simple and clean.

%d bloggers like this: