A Novel Idea on How to Cache Data Completely Transparently

By Art Reisman

Recently I got a call from a customer claiming our Squid proxy was not retrieving videos from cache when expected.

This prompted me to set up a test in our lab where I watched  four videos over and over. With each iteration, I noticed that the proxy would  sometimes go out and fetch a new copy of a video, even though the video was already in the local cache, thus confirming the customer’s observation.

Why does this happen?

I have not delved down into the specific Squid code yet, but I think It has to do with the dynamic redirection performed by YouTube in the cloud, and the way the Squid proxy interprets the URL.  If you look closely at YouTube URLs, there is a CGI component in the name, the word “what” followed by a question mark “?”.  The URLs  are not static. Even though I may be watching the same YouTube on successive tries, the cloud is getting the actual video from a different place each time, and so the Squid proxy thinks it is new.

Since caching old copies of data is a big no-no, my Squid proxy, when in doubt, errors on the side of caution and fetches a new copy.

The other hassle with using a proxy caching server  is the complexity of  setting up port re-direction (special routing rules). By definition the Proxy must fake out the client making the request for the video. Getting this re-direction to work requires some intimate network knowledge and good troubleshooting techniques.

My solution for the above issues is to just toss the traditional Squid proxy altogether and invent something easier to use.

Note: I have run the following idea  by the naysayers  (all of my friends who think I am nuts), and yes, there are still  some holes in this idea. I’ll represent their points after I present my case.

My caching idea

To get my thought process started, I tossed all that traditional tomfoolery with re-direction and URL name caching out the window.

My caching idea is to cache streams of data without regard to URL or filename.  Basically, this would require a device to save off streams of characters as they happen.  I am already very familiar with implementing this technology; we do it with our CALEA probe.  We have already built technology that can capture raw streams of data, store, and then index them, so this does not need to be solved.

Figuring out if a subsequent stream matched a stored stream would be a bit more difficult but not impossible.

The benefits of this stream-based caching scheme as I see them:

1) No routing or redirection needed, the device could plugged into any network link by any weekend warrior.

2) No URL confusion.  Even if a stream (video) was kicked off from a different URL, the proxy device would recognize the character stream coming across the wire to be the same as a stored stream in the cache, and then switch over to the cached stream when appropriate, thus saving the time and energy of fetching the rest of the data from across the Internet.

The pure beauty of this solution is that just about any consumer could plug it in without any networking or routing knowledge.

How this could be built

Some rough details on how this would be implemented…

The proxy would cache the most recent 10,000 streams.

1) A stream would be defined as occurring when continuous data was transferred in one direction from an IP and port to another IP and port.

2) The stream would terminate and be stored when the port changed.

3) The server would compare the beginning parts of new streams to streams already in cache, perhaps the first several thousand characters.  If there was a match, it would fake out the sender and receiver and step in the middle and continue sending the data.

What could go wrong

Now for the major flaws in this technology that must be overcome.

1) Since there is no title on the stream from the sender, there would always be the chance that the match was a coincidence.  For example, an advertisement appended to multiple YouTube videos might fool the caching server. The initial sequence of bytes would match the advertisement and not the following video.

2) Since we would be interrupting a client-server transaction mid-stream, the server would have to be cut-off in the middle of the stream when the proxy took over.  That might get ugly as the server tries to keep sending. Faking an ACK back to the sending server would also not be viable, as the sending server would continue to send data, which is what we are trying to prevent with the cache.

Next step, (after I fix our traditional URL matching problem for the customer) is to build an experimental version of stream-based caching.

Stay tuned to see if I can get this idea to work!

NetEqualizer News: May 2013

May 2013


Enjoy another issue of NetEqualizer News! This month, we preview our upcoming integration of our Microsoft Excel Dynamic Real-Time Reporting Tool into NetEqualizer, discuss our new Hotel Management System Integration Offering, and feature a story from a happy NetEqualizer Customer. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

art_smallIn May, my thoughts turn to the BolderBoulder, a large 10K running race that I compete in each year. The race has 50,000+ participants, and is split into two, a “people’s race” and  a “professionals race” (International Team Challenge). I compete first and then watch the professionals race, which is usually won by someone from Ethiopia or Kenya, as professionals fly in from all over the world for this race. By May my goal is always to train hard, so that I am at my peak performance on Memorial Day for the run. I work hard to get ready, and plan to run a personal best this year!

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

New! Our Hotel Management System Integration Offering

APconnections is excited to announce our Hotel Management System Integrated Offering (HMSIO). We have partnered with Global Gossip, LLC, a leader in the lodging managed network services industry, to offer an end-to-end network managed services solution for our hotel & lodging customers.
We are combining strengths to offer NetEqualizer, the best in bandwidth shaping, with Global Gossip’s world class managed network services offering. We now can offer our hotel and lodging customers a full suite of capabilities to manage your wireless network, such as authentication, 24/7/365 support, cloud-based monitoring access, and network design services.

Hotel Management System Integrated Offering has grown organically from Global Gossip’s own use of NetEqualizers in its wireless services solutions in remote places all over the world, including many U.S. National Parks.For more details, check out our HMSIO Data Sheet, or contact us at:



toll-free U.S. (888-287-2492),

worldwide (303) 997-1300 x. 103

NetEqualizer Featured Customer

Every so often, NetEqualizer News features a customer who has benefited greatly from our technology and has told us about it!

This month, we feature Gordon College, and Russ Leathe, Director of Network and Computing Services.Here is what Russ had to say about his experience with NetEqualizer:

“We had an incident over the weekend I wanted to tell you about:
gordon_collegeOne of our web servers got hit with a ‘zero-day’ malware. We noticed our bandwidth was completely pegged even though our student population was on, or leaving for Spring-Break (so our bandwidth consumption should have been trending downwards, not upwards). We maintain over 100 servers, 95% of which are in a VM environment. Needless to say, finding the exposed culprit would be like finding the proverbial “needle in a haystack”.Alas, NetEQ to the rescue.
We used NTOP to discover our ‘Top Talkers’.  The Inbound bandwidth was saturated, which was unusual and we pinpointed it to one machine. We quickly wrote a bandwidth rule for that web-server and things returned to normal.
We found the malware and inoculated the server…all within an hour’s time. Normally, this could have taken hours or a few days.

Thanks again… for creating such a great solution for Higher ED!!”

Thanks Russ!

Coming Soon: Microsoft Excel Dynamic Real-Time Reporting Integration

One of our most popular unpublished tools that we release to customers who request it is our Dynamic Real-Time Reporting tool which sends data from your NetEqualizer to Excel so that you can monitor usage from your local PC.

The next generation of this software has arrived.

Coming soon, we will be releasing our built in version of this tool so that you can get the same benefits of its reporting features right on your NetEqualizer. It will require no setup and will be completely web based.

Here is a quick screenshot preview:


You’ll be able to view active connections, connections which are bandwidth hogs, IP to country translation, and more!

This tool is free to customers with valid NetEqualizer Software and Support. If you are not current with NSS, contact us today!



toll-free U.S. (888-287-2492),

worldwide (303) 997-1300 x. 103

Best Of The Blog

You Heard it Here First, Our Prediction on How Video Will Evolve to Conserve Bandwidth

By Art Reisman – CTO – APconnections

Editors Note:

I suspect somebody out there has already thought of this, but in my quick Internet search I could not find any references to this specific idea, so I am taking journalistic first claim and unofficial first rights to this idea.

The best example I think of to exemplify efficiency in video, are the old style cartoons,  such as the parody of South Park. If you ever watch South Park animation, the production quality is done deliberately cheesy – very few moving parts with fixed backgrounds. In the South Park case, the intention was obviously not to save production costs. The cheap animation is part of the comedy. That was not always the case, the evolution of this sort of stop animation cartoon was from the early days before computer animation took over the work of human artists working frame by frame. The fewer moving parts in a scene, the less work for the animator. They could re-use existing drawings of a figure and just change the orientation of the mouth in perhaps three positions to animate talking.

Modern video compression tries to take advantage of some of the inherit static data from image to image , such that, each new frame is transmitted with less information.  At best, this is a hit or miss proposition.  There are likely many frivolous moving parts in a back ground that perhaps on the small screen of hand held device are not necessary.

My prediction is we will soon see a collaboration between production of video and Internet transport providers that allows for the average small device video production to have a much smaller footprint in transit.

Some of the basics of this technique would involve…

Photo Of The Month

This picture of downtown Helsinki, Finland was taken on a recent visit to a customer site by one of our staff members.

APconnections and Global Gossip Announce Joint Network Solution Offering for Lodging Industry

Editor’s Note:  This release went out on May 16, 2013 11:05 AM Mountain Daylight Time.

LAFAYETTE, Colo.–(BUSINESS WIRE)–APconnections, an innovation-driven technology company that delivers best-in-class network traffic management appliances, and Global Gossip, a leader in network managed services for the lodging industry, today announced the joint Hotel Management System Integrated Offering (HMSIO).

“Working with APconnections on this joint solution offers tremendous potential. Since the integration of NetEqualizer into our head-end stack we have been able to offer a much improved end user Wi-Fi experience and overall greater customer satisfaction.”
Sam Beskur
Director of U.S. Operations
Global Gossip


The joint offering combines the strengths of the NetEqualizer behavior-based bandwidth shaping appliance, with Global Gossip’s world-class managed network services offering. HMSIO will offer hotel and lodging customers a full suite of capabilities to manage their wireless networks, including customized authentication, behavior-based bandwidth shaping, 24/7/365 support, a cloud-based monitoring portal, and network design services. With HMSIO, hospitality and lodging customers can provide a “low noise”, high-quality, wireless Internet experience to guests along with unmatched excellence in customer support. Learn more in our HMSIO Data Sheet.

Global Gossip’s Director of U.S. Operations, Sam Beskur, says, “Working with APconnections on this joint solution offers tremendous potential. Since the integration of NetEqualizer into our head-end stack we have been able to offer a much improved end user Wi-Fi experience and overall greater customer satisfaction.”

APconnections’ CEO, Art Reisman, stated, “We have been looking for the right partner to offer an end-to-end network solution to our lodging industry customers. With their worldwide footprint and excellent technical support, Global Gossip’s network services are a great complement to our NetEqualizer bandwidth shaping products.”

About Global Gossip

Global Gossip (http://hsia.globalgossip.com) has been developing network and communication solutions since 1999 and currently manages and maintains over three hundred wired and wireless access networks globally. Our service locations span seven countries and include locations as remote and bandwidth challenged as the central Australian desert to high throughput networks in downtown London, England. Global Gossip has offices in Denver, Colorado; Sydney, Australia; and London, England.

About APconnections

APconnections is a privately held company founded in 2003 and is based in Lafayette, Colorado, USA (http://netequalizer.com). Our flexible and scalable network traffic management solutions can be found at thousands of customer sites in public and private organizations of all sizes across the globe, including: Fortune 500 companies, major universities, K-12 schools, Internet providers, libraries, and government agencies on six continents.


APconnections, Inc.
Sandy McGregor, 303-997-1300 x.104
Global Gossip LLC
Stephanie Dickens, 720-378-5087

Is the Reseller Channel for Network Equipment Declining?

Back in 2008, TMCnet posed an interesting question about traditional PBX vendors. Has VOIP outgrown traditional business service channels? And that got me wondering, what is going on in the traditional network equipment channel? Is it starting to erode in favor of direct sales?

We are seeing a split in buying patterns.

1) Companies that do not have an in house staff generally make their equipment purchases based on the advice of their Network Consultants, VARs or local reseller.

The line between Network Consultants and VARs has always been a bit muddy.  Most network consultants tend to dabble in reselling.  Hence this relationship behaves like the traditional channel where consultants and VARs represent specific manufactures, and  mark up equipment to make margins. Customers benefit because the true cost of the consulting, to design and deploy their  networks, is subsidized by the margins the VARs make on their equipment sales.

2) On the other hand, companies and institutions with  in house IT staffs are starting to get away from the traditional equipment reseller.  They are more likely to do their research on line, and are more than willing to buy outside of a traditional channel.  This creates a strange double edged sword for OEMs,  as they are heavily dependent on the relationships of their channel partners to move equipment. For the same reason that those factory outlet stores are located outside of town, OEMs do not want to shoot themselves in the foot by selling direct and competing with their resellers.

Even though there is some degradation in the traditional channel, I don’t think we will see its demise any time soon for a couple of reasons.

1) Network solutions remain labor intensive, and expertise will always be at a minimum. Even with cloud based computing there is still a good bit of infrastructure required at the enterprise and this bodes well for the VARs and reseller who offer their expertise while acting as the conduit to move equipment with mark-up from the OEMs

2) Network equipment itself resists becoming a commodity. Yes home routers and such have gone that route, but with advanced features such as bandwidth optimization and security driving the market , network equipment remains complex enough to justify the value added channel.

What are you seeing?

Related Article:  Us channel sales flat for third straight year.

NetEqualizer News: December 2012

December 2012


Enjoy another issue of NetEqualizer News! This month, we preview feature additions to NetEqualizer coming in 2013, offer a special deal on web application security testing for the Holidays, and remind NetEqualizer customers to upgrade to Software Update 6.0. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

artdaughterThis month’s picture is from Parent’s Night for my daughter’s volleyball team. In December, as I get ready for the Holidays, I often think about what is important to me – like family, friends, my health, and how I help to run this business. While pondering these thoughts, I came up with some quotes that have meaning to me, which I am sharing here. I hope you enjoy them, or that they at least get you thinking about what is important to you!

“Technology is not what has already been done.”
“Following too closely ruins the journey.”
“Innovation is not a democratic endeavor.”
“Time is not linear, it just appears that way most of the time.”

What are your favorite quotes? We love it when we hear back from you – so if you have a quote or a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

NetEqualizer: Coming in 2013

We are always looking to improve our NetEqualizer product line such that our customers are getting maximum value from their purchase. Part of this process is brainstorming changes and additional features to adapt and help meet that need.

Here are a couple of ideas for changes to NetEqualizer that will arrive in 2013. Stay tuned to NetEqualizer News and our blog for updates on these features!

1) NetEqualizer in Mesh Networks and Cloud Computing

As the use of NAT distributed across mesh networks becomes more widespread, and the bundling of services across cloud computing becomes more prevalent, our stream-based behavior shaping will need to evolve.

This is due to the fact that we base our decision of whether or not to shape on a pair of IP addresses talking to each other without considering port numbers. Sometimes, in cloud or mesh networks, services are trunked across a tunnel using the same IP address. As they cross the trunk, the streams are broken out appropriately based on port number.

So, for example, say you have a video server as part of a cloud computing environment. Without any NAT, on a wide-open network, we would be able to give that video server priority simply by knowing its IP address. However, in a meshed network, the IP connection might be the same as other streams, and we’d have no way to differentiate it. It turns out, though, that services within a tunnel may share IP addresses, but the differentiating factor will be the port number.

Thus, in 2013 we will no longer shape just on IP to IP, but will evolve to offer shaping on IP(Port) to IP(Port). The result will be quality of service improvements even in heavily NAT’d environments.

2) 10 Gbps Line Speeds without Degradation

Some of our advantages over the years have been our price point, the techniques we use on standard hardware, and the line speeds we can maintain.

Right now, our NE3000 and above products all have true multi-core processors, and we want to take advantage of that to enhance our packet analysis. While our analysis is very quick and efficient today (sustained speeds of 1 Gbps up and down), in very high-speed networks, multi-core processing will amp up our throughput even more. In order to get to 10 Gbps on our Intel-based architecture, we must do some parallel analysis on IP packets in the Linux kernel.

The good news is that we’ve already developed this technology in our NetGladiator product (check out this blog article here).

Coming in 2013, we’ll port this technology to NetEqualizer. The result will be low-cost bandwidth shapers that can handle extremely high line speeds without degradation. This is important because in a world where bandwidth keeps getting cheaper, the only reason to invest in an optimizer is if it makes good business sense.

We have prided ourselves on smart, efficient, optimization techniques for years – and we will continue to do that for our customers!

Secure Your Web Applications for the Holidays!

We want YOU to be proactive about security. If your business has external-facing web applications, don’t wait for an attack to happen – protect yourself now! It only takes a few hours of our in-house security experts’ time to determine if your site might have issues, so, for the Holidays, we are offering a $500 upfront security assessment for customers with web applications that need testing!

If it is determined that our NetGladiator product can help shore up your issues, that $500 will be applied toward your first year of NetGladiator Software & Support (GSS). We also offer further consulting based on that assessment on an as-needed basis.

To learn more about NetGladiator, check out our video here.

Or, contact us at:



303-997-1300 x123

Don’t Forget to Upgrade to 6.0!: With a brief tutorial on User Quotas

If you have not already upgraded your NetEqualizer to Software Update 6.0, now is the perfect time!

We have discussed the new upgrade in depth in previous newsletters and blog posts, so this month we thought we’d show you how to take advantage of one of the new features – User Quotas.

User quotas are great if you need to track bandwidth usage over time per IP address or subnet. You can also send alerts to notify you if a quota has been surpassed.

To begin, you’ll want to navigate to the Manage User Quotas menu on the left. You’ll then want to start the Quota System using the third interface from the top, Start/Stop Quota System.

Now that the Quota System is turned on, we’ll add a new quota. Click on Configure User Quotas and take a look at the first window:


Here are the settings associated with setting up a new quota rule:

Host IP: Enter in the Host IP or Subnet that you want to give a quota rule to.

Quota Amount: Enter in the number of total bytes for this quota to allow.

Duration: Enter in the number of minutes you want the quota to be tracked for before it is reset (1 day, 1 week, etc.).

Hard Limit Restriction: Enter in the number of bytes/sec to allow the user once the quota is surpassed.  

Contact: Enter in a contact email for the person to notify when the quota is passed.

After you populate the form, click Add Rule. Congratulations! You’ve just set up your first quota rule!

From here, you can view reports on your quota users and more.

Remember, the new GUI and all the new features of Software Update 6.0 are available for free to customers with valid NetEqualizer Software & Support (NSS).

If you don’t have the new GUI or are not current with NSS, contact us today!



toll-free U.S. (888-287-2492),

worldwide (303) 997-1300 x. 103

Best Of The Blog

Internet User’s Bill of Rights

By Art Reisman – CTO – APconnections

This is the second article in our series. Our first was a Bill of Rights dictating the etiquette of software updates. We continue with a proposed Bill of Rights for consumers with respect to their Internet service.

1) Providers must divulge the contention ratio of their service. 

At the core of all Internet service is a balancing act between the number of people that are sharing a resource and how much of that resource is available.

For example, a typical provider starts out with a big pipe of Internet access that is shared via exchange points with other large providers. They then subdivide this access out to their customers in ever smaller chunks – perhaps starting with a gigabit exchange point and then narrowing down to a 10 megabit local pipe that is shared with customers across a subdivision or area of town.

The speed you, the customer, can attain is limited to how many people might be sharing that 10 megabit local pipe at any one time. If you are promised one megabit service, it is likely that your provider would have you share your trunk with more than 10 subscribers and take advantage of the natural usage behavior, which assumes that not all users are active at one time.

The exact contention ratio will vary widely from area to area, but from experience, your provider will want to maximize the number of subscribers who can share the pipe, while minimizing service complaints due to a slow network. In some cases, I have seen as many as 1,000 subscribers sharing 10 megabits. This is a bit extreme, but even with a ratio as high as this, subscribers will average much faster speeds when compared to dial up…

Photo Of The Month


Kansas Clouds

The wide-open ranch lands in middle America provide a nice retreat from the bustle of city life. When he can find time, one of our staff members visits his property in Kansas with his family. The Internet connection out there is shaky, but it is a welcome change from routine.

NetEqualizer News: June 2012

June 2012


Enjoy another issue of NetEqualizer News! This month, we announce the release of our NetGladiator Demo Video, highlight our NetEqualizer YouTube Channel, and discuss our new NetEqualizer Lite product. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Sandy…
Sandy McGregor, Director of Marketing

Just attended a June wedding! There is nothing like June (warm weather, beautiful flowers, sunshine) to celebrate a marriage! It is lovely to witness two people starting their lives together. This made me think about how we are starting to “marry” our different product lines. You will see more of NetGladiator tied into our NetEqualizer website, our blog, etc. Although the products serve very different purposes, both are capable of providing immense value to your organization.

We will continue to look for opportunities to leverage our technology to create products that help our customers run efficient, secure networks.

We want to know what challenges you face on a recurring basis! If you have a moment, please fill out our short, four-question survey. Submissions will be entered into a drawing for a $100 Amazon Gift Card!

NetGladiator Demo Video
Throughout 2012, we’ve been discussing best-practice security quite a bit. Our new intrusion prevention system, NetGladiator, is the result of expert security research, rock-solid pattern inspection, and common sense.

NetGladiator cuts through the hype that other products rely on, and provides a real, effective security solution that will fit naturally into your existing security layers to protect your web applications.

We recently released a demonstration video that showcases the NetGladiator interface,  demonstrates its configuration, and discusses its attack blocking abilities.

Take a look at the video here via our YouTube channel!


If you have additional questions about NetGladiator, visit our website or contact us at:


NetEqualizer on YouTube
If you haven’t already, take a look at our NetEqualizer YouTube Channel!

Here you can find all of our Tech Seminars, demonstrations, and other videos. Start by watching our featured video, Equalizing Explained.

NetEqualizer Lite

Do you need bandwidth control without the price or large throughput? Our new NetEqualizer Lite product is just for you.

Starting at just $999, the new NetEqualizer Lite offers compelling value at a low price. We have upgraded our base technology for the NetEqualizer Lite, our entry-level bandwidth-shaping appliance.

Our new Lite still retains a small form-factor, which sets it apart, and makes it ideal for implementation in the field, but now has enhanced CPU and memory. This enables us to include robust graphical reporting like in our other product lines, and also to support additional bandwidth license levels.

NetEqualizer Lite is perfect for small SSIPs, hotels, offices, libraries, coffee shops, and more!

For more information on NetEqualizer Lite, visit our website, check out our blog, or contact us at:

toll-free U.S. (888-287-2492),

Best Of The Blog

Case Study: A Simple Solution to Relieve Congestion on Your MPLS Network

By Art Reisman – CTO – APconnections

Summary: In the last few months, we have set up several NetEqualizer systems on spoke and hub MPLS networks. Our solution is very cost effective because it differs from many TOS/Compression-based WAN optimization products that require multiple pieces of hardware. Normally, for WAN optimization, a device is placed at the HUB and a partner device is placed at each remote location. With the NetEqualizer technology, we have been able to simply and elegantly solve contention issues with a single device at the central hub.

The problem:

A customer has a spoke and hub MPLS network where remote sites get their public Internet and corporate data by coming in on a spoke to a central site. Although the network at the host site has plenty of bandwidth, the spokes have a fixed allocation over the MPLS and are experiencing contention issues (e.g. slow response times to corporate sales data, etc.)…

Photo Of The Month

Photo by James Dougherty

Colorado Summer Storms

Every local knows the adage, “If you don’t like the weather in Colorado, wait five minutes.” Each season brings its own meteorological challenges to the region, and in summer, those are tornadoes and hail. Recently, a portent storm hit the Denver Metro area, causing funneled clouds and abrupt hailstones. After the chaos subsided, however, the sky was painted with gorgeous colors and textures.

Web Security Breaches and Accountability

By Zack Sanders – Security Expert – APconnections

If this recent story about a breach of medical information in Utah is any indication of how organizations will now handle security breaches, technology managers everywhere should be shaking in their boots. After a breach that exposed personal information of 780,000 people, the Utah state technology director was relieved of his position by the governor, and several others are under investigation.

Details of the actual attack are scarce, but it appears as though a medicaid server (possibly hosted in the cloud) was vulnerable to a security misconfiguration at the password authentication level. This could mean a few different things – including SQL injection issues, exposed configuration files, or that content was accessible without actually logging in. Regardless of how it really occurred, it certainly could have been prevented with proper proactive assessments.

The larger issue at hand that the article touches on is accountability in data security. Personally, I think you are going to have a hard time finding organizations that will guarantee their solutions are totally secure. It’s just not realistic. You can never be 100% protected against an attack, and because software solutions often rely on other technologies and people, the amount of ways in are many and proving exactly how someone got in and who is to blame will be difficult considering that vulnerabilities are often leveraged against each other. For example, say you have a server that has a third party web application, a back-end database, and blog software installed. The web application itself is secure, but the blog software is not. It is breached by an attacker, and the database for the web application is stolen. User data in the database was not encrypted, and wide-spread fraud occurs. Who is to blame? The blog maker? The web application developer? The system administrator?

In truth, the answer is everyone – to varying degrees. The system administrator should not have these two software packages running on the same system. The blog developers should have built a better solution. The web application programmer should have encrypted data at rest. Blame can even shift further up the chain. The IT director should have budgeted more money for security. The board members should have demanded proactive actions be taken.

So, it is likely the firings in the Utah Medicaid breach were mostly political in that someone has to fall on the sword, but in truth, the blame should fall on many individuals and companies.

One thing is clear, if you are a technology director or manager, you don’t want this to happen to you – but there are actions you can take. The most important thing is to BE PROACTIVE about security. How many breaches do you have to read about every day before you take charge in your own environment. If you’ve never been hacked, ask someone who has. It is a very painful process and costs reputation, money, and time. Start taking steps today to better your chances against attack. Some options to consider:

– Have quarterly security assessments conducted.

– If major changes to the application or server are made, have those changes reviewed for security.

– Discuss your security controls with an expert.

– Audit your existing infrastructure and start making changes now. Even though this will take time and resources, it does not compare to the time and resources required if a breach occurs.

NetEqualizer News: February 2012

February 2012


Enjoy another issue of NetEqualizer News! This month, we discuss our newly developed Intrusion Prevention System: NetGladiator – a tool that will effectively protect your websites without hampering network performance! As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…

Coming into the new year, we are currently investing in technology that will allow our entire product line to do more parallel processing. This is good news. Parallel processing is what large computing powers do to make intelligent systems like the computer that plays Jeopardy! The key for us is to do it seamlessly without raising prices – so don’t expect to see anything except better, higher-end systems and the same low price points.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly here. I would love to hear from you!

NetGladiator – The NEW Intrusion Prevention System

APconnections – makers of the NetEqualizer – is excited to announce the release of the next great Intrusion Prevention System – the NetGladiator!

The NetGladiator is unlike any other Intrusion Prevention System on the market. Tested against some of the worlds best hackers, NetGladiator uses proven Deep Packet Inspection technology to identify an attack not based on predefined signatures, but on behavior-based anomalies that occur in your network.

The idea behind the NetGladiator technology is that the way a potential hacker interacts with your web infrastructure is vastly different from how a normal user interacts with your sites. NetGladiator identifies these anomalies and blocks the attackers before they’ve begun

Because NetGladiator comes to you from APconnections, a name you know and trust in the bandwidth arbitration space, your network will experience zero latency effects. It also will prove to be the simplest and easiest-to-install product on the market with a very fair price point that provides great value.

Here are just some of the common attacks that NetGladiator protects against:
– SQL Injection
– Brute Force Directory Traversal
– Cross-Site Scripting
– Reflected URL Redirects
– Remote Administrative Brute Forcing
– Remote Shell Execution
– And many more…

Engineers at APconnections have cut through the hype surrounding intrusion prevention products with this simple, yet effective product.

For more information on the NetGladiator IPS, take a look at our website.

You can also visit our blog or contact us at:

ips@apconnections.net -or-

worldwide: (303) 997-1300 x. 123 -or-

toll-free U.S.: 888-287-2492

NetEqualizer 5.6 Release Advised

The 5.6 Software Release for NetEqualizer is advised for all customers who are on 5.x that utilize pools, VLANs, and connection limits.

For More information on the Software Release, take a look at our Software Update Notes for 5.6. You can also visit our blog or contact us:

sales@apconnections.net -or-

worldwide (303) 997-1300 x103. -or-

toll-free U.S. (888) 287-2492

Best Of The Blog

Cloud Computing – Do You Have Enough Bandwidth? And a Few Other Things to Consider.

By Art Reisman – CTO – NetEqualizer

The following is a list of things to consider when using a cloud-computing model.

Bandwidth: Is your link fast enough to support cloud computing?

We get asked this question all the time: What is the best-practice standard for bandwidth allocation?

Well, the answer depends on what you are computing.

First, there is the application itself. Is your application dynamically loading up modules every time you click on a new screen? If the application is designed correctly, it will be lightweight and come up quickly in your browser. Flash video screens certainly spruce up the experience, but I hate waiting for them. Make sure when you go to a cloud model that your application is adapted for limited bandwidth.

Second, what type of transactions are you running? Are you running videos and large graphics or just data? Are you doing photo processing from Kodak? If so, you are not typical, and moving images up and down your link will be your constraining factor.

Third, are you sharing general Internet access with your cloud link? In other words, is that guy on his lunch break watching a replay of royal wedding bloopers on YouTube interfering with your salesforce.com access?

The good news is (assuming you will be running a transactional cloud-computing environment – e.g. accounting, sales database, basic email, attendance, medical records – without video clips or large data files), you most likely will NOT need additional Internet bandwidth. Obviously, we assume your business has reasonable Internet response times prior to transitioning to a cloud application…

Photo Of The Month

Longing for Warmer Weather

Colorado weather is a fascinating phenomenon. It can be a glorious 70 degrees in the morning, and be 32 degrees and freezing by nightfall. While there are spotty days of warmth in January and February, we are still in the dead of winter. Pictures like this make us yearn for spring and summer! This photo was taken by one of our staff at a farm in Kansas in August.

NetEqualizer Provides Unique Low-Cost Way to Send Priority Traffic over the Internet

Quality of service, or QoS as it’s commonly known, is one of those overused buzz words in the networking industry. In general, it refers to the overall quality of online activities such as video or VoIP calls, which, for example, might be judged by call clarity. For providers of Internet services, promises of high QoS are a selling point to consumers. And, of course, there are plenty of third-party products that claim to make quality of service that much better.

A year ago on our blog, we broke down the costs and benefits of certain QoS methods in our article QoS Is a Matter of Sacrifice. Since then, and in part to address some of the drawbacks and shortcomings we discussed, we’ve developed a new NetEqualizer release offering a very unique and novel way to provide QoS over your Internet link using a type of service (ToS) bit. In the article that follows, we’ll show that the NetEqualizer methodology is the only optimization device that can provide QoS in both directions of a voice or video call over an Internet link.

This is worth repeating: The NetEqualizer is the only device that can provide QoS in both directions for a voice or video call on an open Internet link. Traditional router-based solutions can only provide QoS in both directions of a call when both ends of a link are controlled within the enterprise. As a result, QoS is often reduced and limited. With the NetEqualizer, this limitation can now be largely overcome.

First, let’s step back and discuss why typical routers using ToS bits cannot ensure QoS for an incoming stream over the Internet. Consider a typical scenario with a VoIP call that relies on ToS bits to ensure quality within the enterprise. In this instance, both sending and receiving routers will make sure there is enough bandwidth on the WAN link to ensure the voice data gets across without interruption. But when there is a VoIP conversation going on between a phone within your enterprise and a user out on the cloud, the router can only ensure the data going out.

When communicating enterprise-to-cloud, the router at the edge of your network can see all of the traffic leaving your network and has the ability to queue up (slow down) less important traffic and put the ToS-tagged traffic ahead of everybody else leaving your network. The problem arises on the other side of the conversation. The incoming VoIP traffic is hitting your network and may also have a ToS bit set, but your router cannot control the rate at which other random data traffic arrives.

The general rule with using ToS bits to ensure priority is that you must control both the sending and receiving sides of every stream.

With data traffic originating from an uncontrolled source, such as with a Microsoft update, the Microsoft server is going to send data as fast as it can. The ToS mechanisms on your edge router have no way to control the data coming in from the Microsoft server, and thus the incoming data will crowd out the incoming voice call.

Under these circumstances, you’re likely to get customer complaints about the quality of VoIP calls. For example, a customer on a conference call may begin to notice that although others can hear him or her fine, those on the other end of the line break up every so often.

So it would seem that by the time incoming traffic hits your edge router it’s too late to honor priority. Or is it?

When we tell customers we’ve solved this problem with a single device on the link, and that we can provide priority for VoIP and video, we get looks as if we just proved the Earth isn’t flat for the first time.

But here’s how we do it.

First, you must think of QoS as the science of taking away bandwidth from the low-priority user rather than giving special treatment to a high-priority user. We’ve shown that if you create a slow virtual circuit for a non-priority connection, it will slow down naturally and thus return bandwidth to the circuit.

By only slowing down the larger low-priority connections, you can essentially guarantee more bandwidth for everybody else. The trick to providing priority to an incoming stream (voice call or video) is to restrict the flows from the other non-essential streams on the link. It turns out that if you create a low virtual circuit for these lower-priority streams, the sender will naturally back off. You don’t need to be in control of the router on the sending side.

For example, let’s say Microsoft is sending an update to your enterprise and it’s wiping out all available bandwidth on your inbound link. Your VPN users cannot get in, cannot connect via VoIP, etc. When sitting at your edge, the NetEqualizer will detect the ToS bits on your VPN and VoIP call. It will then see the lack of ToS bits on the Microsoft update. In doing so, it will automatically start queuing the incoming Microsoft data. Ninety-nine out of one hundred times this technique will cause the sending Microsoft server to sense the slower circuit and back off, and your VPN/VoIP call will receive ample bandwidth to continue without interruption.

For some reason the typical router is not designed to work this way. As a result, it’s at a loss as to how to provide QoS on an incoming link. This is something we’ve been doing for years based on behavior, and in our upcoming release, we’ve improved on our technology to honor ToS bits. Prior to this release, our customers were required to identify priority users by IP address. Going forward, the standard ToS bits (which remain in the IP packet even through the cloud) will be honored, and thus we have a very solid viable solution for providing QoS on an incoming Internet link.

Related article QOS over the Internet is it possible?

Related Example: Below is an excerpt from a user that could have benefited from a NetEqualizer. In this comment below, taken from an Astaro forum, the user is lamenting on the fact that despite setting QoS bits he can’t get his network to give priority to his VoIP traffic:

“Obviously, I can’t get this problem resolved by using QoS functionality of Astaro. Phone system still shows lost packets when there is a significant concurring traffic. Astaro does not shrink the bandwidth of irrelevant traffic to the favor of VoIP definitions, I don’t know where the problem is and obviously nobody can clear this up.

Astaro Support Engineer said “Get a dedicated digital line,” so I ordered one it will be installed shortly.

The only way to survive until the new line is installed was to throttle all local subnets, except for IPOfficeInternal, to ensure the latter will have enough bandwidth at any given time, but this is not a very smart way of doing this.

NetEqualizer YouTube Caching FAQ

Editor’s Note: This week, we announced the availability of the NetEqualizer YouTube caching feature we first introduced in October. Over the past month, interest and inquiries have been high, so we’ve created the following Q&A to address many of the common questions we’ve received.

This may seem like a silly question, but why is caching advantageous?

The bottleneck most networks deal with is that they have a limited pipe leading out to the larger public Internet cloud. When a user visits a website or accesses content online, data must be transferred to and from the user through this limited pipe, which is usually meant for only average loads (increasing its size can be quite expensive). During busy times, when multiple users are accessing material from the Internet at once, the pipe can become clogged and service slowed. However, if an ISP can keep a cached copy of certain bandwidth-intensive content, such as a popular video, on a server in their local office, this bottleneck can be avoided. The pipe remains open and unclogged and customers are assured their video will always play faster and more smoothly than if they had to go out and re-fetch a copy from the YouTube server on the Internet.

What is the ROI benefit of caching YouTube? How much bandwidth can a provider conserve?

At the time of this writing, we are still in the early stages of our data collection on this subject. What we do know is that YouTube can account for up to 15 percent of Internet traffic. We expect to be able to cache at least the most popular 300 YouTube videos with this initial release and perhaps more when we release the mass-storage version of our caching server in the future. Considering this, realistic estimates put the savings in terms of bandwidth overhead somewhere between 5 and 15 percent. But this is only the instant benefits in terms bandwidth savings. The long-term customer-satisfaction benefit is that many more YouTube videos will play without interruption on a crowded network (busy hour) than before. Therefore, ROI shouldn’t be measured in bandwidth savings alone.

Why is it just the YouTube caching feature? Why not cache everything?

There are a couple of good reasons not to cache everything.

First, there are quite a few Web pages that are dynamically generated or change quite often, and a caching mechanism relies on content being relatively static. This allows it to grab content from the Internet and store it locally for future use without the content changing. As mentioned, when users/clients visit the specific Web pages that have been stored, they are directed to the locally saved content rather than over the Internet and to the original website. Therefore, caching obviously wouldn’t be possible for pages that are constantly changing. Caching dynamic content can cause all kinds of issues — especially with merchant and secure sites where each page is custom-generated for the client.

Second, a caching server can realistically only store a subset of data that it accesses. Yes, data storage is getting less expensive every year, but a local store is finite in size and will eventually fill up. So, when making a decision on what to cache and what not to cache, YouTube, being both popular and bandwidth intensive, was the logical choice.

Will the NetEqualizer ever cache content beyond YouTube? Such as other videos?

At this time, the NetEqualizer is caching files that traverse port 80 and correspond to video files from 30 seconds to 10 minutes. It is possible that some other port 80 file will fall into this category, but the bulk of it will be YouTube.

Is there anything else about YouTube that makes it a good candidate to cache?

Yes, YouTube content meets the level of stability discussed above that’s needed for effective caching. Once posted, most YouTube videos are not edited or changed. Hence, the copy in the local cache will stay current and be good indefinitely.

When I download large distributions, the download utility often gives me a choice of mirrored sites around the world. Is this the same as caching?

By definition this is also caching, but the difference is that there is a manual step to choosing one of these distribution sites. Some of the large-content open source distributions have been delivered this way for many years. The caching feature on the NetEqualizer is what is called “transparent,” meaning users do not have to do anything to get a cached copy.

If users are getting a file from cache without their knowledge, could this be construed as a violation of net neutrality?

We addressed the tenets of net neutrality in another article and to our knowledge caching has not been controversial in any way.

What about copyright violations? Is it legal to store someone’s content on an intermediate server?

This is a very complex question and anything is possible, but with respect to intent and the NetEqualizer caching mechanism, the Internet provider is only caching what is already freely available. There is no masking or redirection of the actual YouTube administrative wrappings that a user sees (this would be where advertising and promotions appear). Hence, there is no loss of potential of revenue for YouTube. In fact, it would be considered more of a benefit for them as it helps more people use their service where connections might otherwise be too slow.

Final Editor’s Note: While we’re confident this Q&A will answer many of the questions that arise about the NetEqualizer YouTube caching feature, please don’t hesitate to contact us with further inquiries. We can be reached at 1-888-287-2492 or sales@apconnections.net.

The Inside Scoop on Where the Market for Bandwidth Control Is Going

Editor’s Note: The modern traffic shaper appeared in the market in the late 1990s. Since then market dynamics have changed significantly. Below we discuss these changes with industry pioneer and APconnections CTO Art Reisman.

Editor: Tell us how you got started in the bandwidth control business?

Back in 2002, after starting up a small ISP, my partners and I were looking for a tool that we could plug-in and take care of the resource contention without spending too much time on it. At the time, we had a T1 to share among about 100 residential users and it was costing us $1200 per month, so we had to do something.

Editor: So what did you come up with?

I consulted with my friends at Cisco on what they had. Quite a few of my peers from Bell Labs had migrated to Cisco on the coat tails of Kevin Kennedy, who was also from Bell Labs. After consulting with them and confirming there was nothing exactly turnkey at Cisco, we built the Linux Bandwidth Arbitrator (LBA) for ourselves.

How was the Linux Bandwidth Arbitrator distributed and what was the industry response?

We put out an early version for download on a site called Freshmeat. Most of the popular stuff on that site are home-user based utilities and tools for Linux. Given that the LBA was not really a consumer tool, it rose like a rocket on that site. We were getting thousands of downloads a month, and about 10 percent of those were installing it someplace.

What did you learn from the LBA project?

We eventually bundled layer 7 shaping into the LBA. At the time that was the biggest request for a feature. We loosely partnered with the Layer 7 project and a group at the Computer Science Department at the University of Colorado to perfect our layer 7 patterns and filter. Myself and some of the other engineers soon realized that layer 7 filtering, although cool and cutting edge, was a losing game with respect to time spent and costs. It was not impossible but in reality it was akin to trying to conquer all software viruses and only getting half of them. The viruses that remain will multiply and take over because they are the ones running loose. At the same time we were doing layer 7, the core idea of Equalizing,  the way we did fairness allocation on the LBA, was s getting rave reviews.

What did you do next ?

We bundled the LBA into a CD for install and put a fledgling GUI interface on it. Many of the commercial users were happy to pay for the convenience, and from there we started catering to the commercial market and now here we are with modern version of the NetEqualizer.

How do you perceive the layer 7 market going forward?

Customers will always want layer 7 filtering. It is the first thing they think of from the CIO on down. It appeals almost instinctively to people. The ability to choose traffic  by type of application and then prioritize it by type is quite appealing. It is as natural as ordering from a restaurant menu.

We are not the only ones declaring a decline in Deep packet inspection we found this opinion on another popular blog regarding bandwidth control:

The end is that while Deep Packet Inspection presentations include nifty graphs and seemingly exciting possibilities; it is only effective in streamlining tiny, very predictable networks. The basic concept is fundamentally flawed. The problem with generous networks is not that bandwidth wants to be shifted from “terrible” protocols to “excellent” protocols. The problem is volume. Volume must be managed in a way that maintains the strategic goals of the arrangement administration. Nearly always this can be achieved with a macro approach of allocating an honest share to each entity that uses the arrangement. Any attempt to micro-manage generous networks ordinarily makes them of poorer quality; or at least simply results in shifting bottlenecks from one business to another.

So why did you get away from layer 7 support in the NetEqualizer back in 2007?

When trying to contain an open Internet connection it does not work very well. The costs to implement were going up and up. The final straw was when encrypted p2p hit the cloud. Encrypted p2p cannot be specifically classified. It essentially tunnels through $50,000 investments in layer 7 shapers, rendering them impotent. Just because you can easily sell a technology does not make it right.

We are here for the long haul to educate customers. Most of our NetEqualizers stay in service as originally intended for years without licensing upgrades. Most expensive layer 7 shapers are mothballed after about 12 months are just scaled back to do simple reporting. Most products are driven by channel sales and the channel does not like to work very hard to educate customers with alternative technology. They (the channel) are interested in margins just as a bank likes to collect fees to increase profit. We, on the other hand, sell for the long haul on value and not just what we can turn quickly to customers because customers like what they see at first glance.

Are you seeing a drop off in layer 7 bandwidth shapers in the marketplace?

In the early stages of the Internet up until the early 2000s, the application signatures were not that complex and they were fairly easy to classify. Plus the cost of bandwidth was in some cases 10 times more expensive than 2010 prices. These two factors made the layer 7 solution a cost-effective idea. But over time, as bandwidth costs dropped, speeds got faster and the hardware and processing power in the layer 7 shapers actually rose. So, now in 2010 with much cheaper bandwidth, the layer 7 shaper market is less effective and more expensive. IT people still like the idea, but slowly over time price and performance is winning out. I don’t think the idea of a layer 7 shaper will ever go away because there are always new IT people coming into the market and they go through the same learning curve. There are also many WAN type installations that combine layer 7 with compression for an effective boost in throughput. But, even the business ROI for those installations is losing some luster as bandwidth costs drop.

So, how is the NetEqualizer doing in this tight market where bandwidth costs are dropping? Are customers just opting to toss their NetEqualizer in favor of adding more bandwidth?

There are some that do not need shaping at all, but then there are many customers that are moving from $50,000 solutions to our $10,000 solution as they add more bandwidth. At the lower price points, bandwidth shapers still make sense with respect to ROI.  Even with lower bandwidth costs, users will almost always clog the network with new more aggressive applications. You still need a way to gracefully stop them from consuming everything, and the NetEqualizer at our price point is a much more attractive solution.

Behind the Scenes on the latest Comcast Ruling on Net Neutrality

Yesterday the FCC ruled in favor of Comcast regarding their rights to manipulate consumer traffic . As usual, the news coverage was a bit oversimplified and generic. Below we present a breakdown of the players involved, and our educated opinion as to their motivations.

1) The Large Service Providers for Internet Service: Comcast, Time Warner, Quest

From the perspective of Large Service Providers, these companies all want to get a return on their investment, charging the most money the market will tolerate. They will also try to increase market share by consolidating provider choices in local markets. Since they are directly visible to the public, they will also be trying to serve the public’s interest at heart; for without popular support, they will get regulated into oblivion. Case in point, the original Comcast problems stemmed from angry consumers after learning their p2p downloads were being redirected and/or  blocked.

Any and all government regulation will be opposed at every turn, as it is generally not good for private business. In the face of a strong headwind, don’t be surprised if Large Service Providers might try to reach a compromise quickly to alleviate any uncertainty.  Uncertainty can be more costly than regulation.

To be fair, Large Service Providers are staffed top to bottom with honest, hard-working people but, their decision-making as an entity will ultimately be based on profit.  To be the most profitable they will want to prevent third-party Traditional Content Providers from flooding  their networks with videos.  That was the original reason why Comcast thwarted bittorrent traffic. All of the Large Service Providers are currently, or plotting  to be, content providers, and hence they have two motives to restrict unwanted traffic. Motive one, is to keep their capacities in line with their capabilities for all generic traffic. Motive two, would be to thwart other content providers, thus making their content more attractive. For example who’s movie service are you going to subscribe with?  A generic cloud provider such as Netflix whose movies run choppy or your local provider with better quality by design?

2) The Traditional Content Providers:  Google, YouTube, Netflix etc.

They have a vested interest in expanding their reach by providing expanded video content.  Google, with nowhere to go for new revenue in the search engine and advertising business, will be attempting  an end-run around Large Service Providers to take market share.   The only thing standing in their way is the shortcomings in the delivery mechanism. They have even gone so far as to build out an extensive, heavily subsidized, fiber test network of their own.  Much of the hubbub about Net Neutrality is  based on a market play to force Large Service Providers to shoulder the Traditional Content Providers’ delivery costs.  An analogy from the bird world would be the brown-headed cowbird, where the mother lays her eggs in another bird’s nest, and then lets her chicks be raised by an unknowing other species.  Without their own delivery mechanism direct-to-the-consumer, the Traditional Content Providers  must keep pounding at the FCC  for rulings in their favor.  Part of the strategy is to rile consumers against the Large Service Providers, with the Net Neutrality cry.

3) The FCC

The FCC is a government organization trying to take their existing powers, which were granted for airwaves, and extend them to the Internet. As with any regulatory body, things start out well-intentioned, protection of consumers etc., but then quickly they become self-absorbed with their mission.  The original reason for the FCC was that the public airways for television and radio have limited frequencies for broadcasts. You can’t make a bigger pipe than what frequencies will allow, and hence it made sense to have a regulatory body oversee this vital  resource. In  the early stages of commercial radio, there was a real issue of competing entities  broadcasting  over each other in an arms race for the most powerful signal.  Along those lines, the regulatory entity (FCC) has forever expanded their mission.  For example, the government deciding what words can be uttered on primetime is an extension of this power.

Now with Internet, the FCC’s goal will be to regulate whatever they can, slowly creating rules for the “good of the people”. Will these rules be for the better?  Most likely the net effect is no; left alone the Internet was fine, but agencies will be agencies.

4) The Administration and current Congress

The current Administration has touted their support of Net Neutrality, and perhaps have been so overburdened with the battle on health care and other pressing matters that there has not been any regulation passed.  In the face of the aftermath of the FCC getting slapped down in court to limit their current powers, I would not be surprised to see a round of legislation on this issue to regulate Large Service Providers in the near future.  The Administraton will be painted as consumer protection against big greedy companies that need to be reigned in, as we have seen with banks, insurance companies, etc…. I hope that we do not end up with an Internet Czar, but some regulation is inevitable, if nothing else for a revenue stream to tap into.

5) The Public

The Public will be the dupes in all of this, ignorant voting blocks lobbied by various scare tactics.   The big demographic difference on swaying this opinion will be much different from the health care lobby.  People concerned for and against Internet Regulation will be in income brackets that have a higher education and employment rate than the typical entitlement lobbies that support regulation.  It is certainly not going to be the AARP or a Union Lobbyist leading the charge to regulate the Internet; hence legislation may be a bit delayed.

6) Al Gore

Not sure if he has a dog in this fight; we just threw him in here for fun.

7) NetEqualizer

Honestly, bandwidth control will always be needed, as long as there is more demand for bandwidth than there is bandwidth available.  We will not be lobbying for or against Net Neutrality.

8) The Courts

This is an area where I am a bit weak in understanding how a Court will follow legal precedent.  However, it seems to me that almost any court can rule from the bench, by finding the precedent they want and ignoring others if they so choose?  Ultimately, Congress can pass new laws to regulate just about anything with impunity.  There is no constitutional protection regarding Internet access.  Most likely the FCC will be the agency carrying out enforcement once the laws are in place.

Equalizing Compared to Application Shaping (Traditional Layer-7 “Deep Packet Inspection” Products)

Editor’s Note: (Updated with new material March 2012)  Since we first wrote this article, many customers have implemented the NetEqualizer not only to shape their Internet traffic, but also to shape their company WAN.  Additionally, concerns about DPI and loss of privacy have bubbled up. (Updated with new material September 2010)  Since we first published this article, “deep packet inspection”, also known as Application Shaping, has taken some serious industry hits with respect to US-based ISPs.   

Author’s Note: We often get asked how NetEqualizer compares to Packeteer (Bluecoat), NetEnforcer (Allot), Network Composer (Cymphonix), Exinda, and a plethora of other well-known companies that do Application Shaping (aka “packet shaping”, “deep packet inspection”, or “Layer-7” shaping).   After several years of these questions, and discussing different aspects with former and current application shaping with IT administrators, we’ve developed a response that should clarify the differences between NetEqualizer’s behavior- based approach and the rest of the pack.
We thought of putting our response into a short, bullet-by-bullet table format, but then decided that since this decision often involves tens of thousands of dollars, 15 minutes of education on the subject with content to support the bullet chart was in order.  If you want to skip the details, see our Summary Table at the end of this article

However, if you’re looking to really understand the differences, and to have the question answered as objectively as possible, please take a few minutes to read on…

How NetEqualizer compares to Bluecoat, Allot, Cymphonix, & Exinda

In the following sections, we will cover specifically when and where Application Shaping is used, how it can be used to your advantage, and also when it may not be a good option for what you are trying to accomplish.  We will also discuss how Equalizing, NetEqualizer’s behavior-based shaping, fits into the landscape of application shaping, and how in many cases Equalizing is a much better alternative.

Download the full article (PDF)  Equalizing Compared To Application Shaping White Paper

Read the rest of this entry »

What Users Are Saying

Editor’s Note: As NetEqualizer’s popularity has grown, more and more users have been sharing their experiences on message boards and listservs across the Internet. Just to give you an idea of what they’re saying, here a few of the reviews and discussion excerpts that have been posted online or emailed to us…


Very happy with this appliance so far.  Keep up the good work!


Yes, going well, thanks. The NetEqualizers are doing a remarkable job and have reduced our guest complaints over the last year.


Thank you very much – we still absolutely love our NetEq. We went 1:1 with Chromebooks for our students this year and the NetEq has been amazing.

hws_logoDerek Lustig, Director, Network & Systems Infrastructure, Hobart and William Smith Colleges, New York, USA

…HWS implemented the NetEqualizer solution based on its stellar reputation in the education space as well as its value, which is difficult to match in competing products….

…The NetEqualizer has been a great solution because it is extremely easy to maintain, and – when needed – it just works, says Derek Lustig of HWS.

Out of the box, the configuration is very straightforward, and our staff only really ever “manages” the system when there are periodic firmware upgrades. Support has always been swift and eager to assist in whatever ways possible. …

“If only all the systems we managed were so easy!”

Kevin Olson, Communication Manager, Cooperative Light & Power, Minnesota, USA

Our company is an electric utility and we have a subsidiary WISP with about 1,000 unlicensed fixed wireless customers. We purchased our first NetEqualizer about a year ago to replace our fair access policy server from another company. The server we replaced allowed burst then sustained bandwidth so we weren’t sure if “equalizing” would work, but it works extremely well as advertised.

The NetEqualizer is stable and actually requires very little maintenance after initial configuration. In our case, we wanted to limit the upper end of what a customer could use (max burst). We were able to set that parameter in our wireless CPE’s. Then we set the equalizing pools for the size of our APs. The NetEqualizer can do a burst then sustained then burst at equal intervals, but to our surprise we actually didn’t need to use it.

We also purchased the DDoS Firewall and that is working nicely as well for quick identification of attacks. Perhaps the most important thing to note is the support is excellent. From sales to engineering the team is very responsive and knowledgeable. We were so impressed that we actually purchased a second NetEqualizer to handle the rest of our network.  This company is A+.

Willy Damgaard, Network and Telecom Analyst, Edmonton Regional Airport Authority, IT Department, Alberta, Canada

We presently use two NE3000 units for Internet traffic control and monitoring in a redundant setup. At present we have a maximum of 600 Mbps Internet throughput, with over 300 IP addresses in use in some 120+ address Pools. The NetEqualizer is a very useful tool for us for monitoring and setting speeds for our many users. Most of the feeds come straight off our Campus network, which is spread over a seven kilometer distance from one end of the airdrome to the other. We also feed a number of circuits to customers using ADSL equipment in the older areas where fiber is not yet available. Everything runs though the “live” NE3000!

Controllability and monitoring is key for our customers, as they pay for the speed they are asking for. With the RTR Dashboard, we continually monitor overall usage peaks to make sure we provide enough bandwidth but, more importantly, to our individual customers. Many customers are not sure of how much bandwidth they need, so using the Neteq we can simply change their speed and watch the individual IP and/or Pool usage to monitor. This becomes especially useful now as many customers, including ourselves, use IP telephony to remote sites; so we need to maintain critical bandwidth availability for this purpose. That way when they or we have conference calls for example, no one is getting choppy conversations. All easily monitored and adjusted with the Dashboard and Traffic Management features.

We also have used the Neteq firewall feature to stop certain attack threats and customer infected pcs or servers from spewing email or other reported outbound attacks, not a fun thing but it happens.

Overall a very critical tool for our success in providing internet to users and it has worked very well for the past 8 or more years!

Gary Schlickeiser, Director of Technology Infrastructure Services, Reed College, Oregon, USA

We’ve had NetEqualizers on campus at Reed for several years and continue to be very happy with the product . We have a very small staff and don’t have time to “tune” a device like a Packetshaper. Instead the NetEqualizer is protocol agnostic in the way it shapes traffic for most users but also allows us to quickly prioritize some traffic if necessary. Over the years the NetEqualizer has saved us countless hours of staff time. We did lose some visibility into what is happening on our border network but our IDS/IPS replaced that functionality. NetEqualizer is an excellent product.

youngharriscollegeHollis Townsend, Director of Technology Support and Operations, Young Harris College, Georgia, USA

At Young Harris College, our network supports 47 buildings and residences for our 1,200 students. Prior to 2007, we had a Packeteer in place to shape our networks, and found that we were having to tweak it on a regular basis, sometimes weekly, in order to keep our policies working as needed. Like many others, when we were told that our equipment was “end of life”, I decided it was time to look at other options. My goal was to find a shaping solution that required less management.

I found that in the NetEqualizer. Once I had the NetEqualizer set-up and configured, I have spent very little time managing it – it just works! This product is great! And I love that our students are not even aware that they are being shaped – I just don’t get any complaints about bandwidth. The NetEqualizer ensures that network hogs do not take over my network during peak periods.

I also like how the NetEqualizer has grown with us. We started in 2007 with an NE2000-10, and traded that in for an NE3000-50 in 2011. In 2012, I upgraded our license to 1Gbps, which is what I am running today.

And the future? We are planning for off-site campus locations, to expand YHC’s offerings, as well as the communities we can serve. I am working with the folks at APconnections to map out NetEqualizers to support several of our new locations, as I know that I need to guarantee a quality online experience Day 1.

drew_universityChris Stave, Network Administrator, Drew University, New Jersey, USA
(from a RESNET LISTSERV discussion, January 2016)

It’s been a long time since I’ve used anything but a NetEqualizer, but having previously used the Allot NetEnforcer and the Packeteer Packetshaper (which hasn’t been “Packeteer” since 2008), the thing I like about the NetEqualizer is that you basically set it up one time and then it is working. No determining that “Web Games” will for now and all time be dedicated 7% of your bandwidth, no needing to rapidly update application signatures because people realized that FileShare4000+ isn’t blocked, so everyone quickly shifts to using that.

Before we upgraded our connection, the NetEqualizer really was astounding in its effectiveness, we have one on the primary firewall and if we switched to the secondary firewall the network was nearly unusable.

So with the note that it’s been a long time since we’ve used anything else (they have to have gotten better, right?), definitely “what they said” about the NetEqualizer. It isn’t bells and whistles, but is quite effective when (and only when!) it needs to be.

monmouthMichael McGuire, Network Systems Administrator, Monmouth University, New Jersey, USA
(from a RESNET LISTSERV discussion, January 2016)

We have had a similar experience with our NetEqualizer.  About 4 years ago we made the switch from our PacketShaper to a NetEqualizer when looking at a bandwidth upgrade.  The total cost of the NetEq was less than a year of maintenance on the PacketShaper so we figured we’d give it a try – and we’ve never looked back.

The NetEq is really something you put in place and it just works!  We have upgraded once to go along with a bandwidth increase, other than that there is not really much to do with it.  When initially looking at the products we had our doubts and questioned the pricing discrepancy from the PacketShaper, and wondered if it could really do what it claimed.  Since we’ve had it in production we see it performs as advertised.

Really the only issue we’ve had was with our IPv6 implementation.  Working with support they were able to get this resolved fairly quickly and everything is going along nicely.

One of the features we really like about the NetEq is that when traffic is below the set threshold, in our case 90% of total capacity the appliance just passes traffic.  Only when the ratio is crossed does it step in to manage traffic.  Once the traffic drops again it goes back to just monitoring.

Chris Beaver, Naitauba Adidam, Naitauba Island, Fiji

(from an email to Support Team June 2015)

Very happy with our NetEq…

Stephen Gale, Director of Technology, West Grand School District, Colorado, USA

The NetEqualizer is working well for us.  As our device count increases, it is helping to keep a handle on would-be bandwidth hogs. Setup was simple, and since it looks at the packet size, not the content, there is no need for any certificates to limit encrypted traffic.
As our student-facing devices increase in number, I anticipate that the NetEqualizer will continue to save us money, by allowing us to effectively utilize the bandwidth we have rather than purchasing more.

athenianMatt Binder, Director of Information Systems, The Athenian School, California, USA

NetEqualizer is one of very few products that lives up to its promise. After initial configuration it simply does manage traffic in defined pools/objects. There is no complex application based rules or management required. It is a fantastic product that makes the life of a school network manager easier.

lawrencevilleMark Costello, Network Engineer, The Lawrenceville School, New Jersey, USA

We’ve been a NetEqualizer customer for several years and I want you to know how pleased we are with it. Unlike our previous bandwidth management product which required constant tending and updates, the NetEqualizer works exactly as advertised: plug it in and forget it. Our Internet connections run smoothly regardless of the kind or amount of traffic thrown at it.  Thanks again!

Julie Wyatt, Technology Librarian, Bedford Public Library System, Virginia, USABedford Public Library System

Background: Bedford Public Library System is the oldest publicly-supported, continuously operating public library in any of the communities surrounding Bedford County, and is one of the oldest public libraries in Virginia. Bedford Public Library System has six (6) locations. They use one NetEqualizer for Internet traffic and the other to support traffic between locations. After implementing their NetEqualizers, they were able to move three (3) libraries onto a centralized, shared catalog, housed at one library.

Julie Wyatt, Technology Librarian, describes BPLS’ experience with the NetEqualizer as follows…

“The two (2) NetEqualizers that we purchased last year have really helped us keep all of our locations running smoothly. We’ve been able to prioritize staff operations and VoIP phones, then allocate remaining bandwidth to public and wireless systems efficiently. Our network has been more stable, even though we now have 2 other library systems pulling from a shared circulation and catalog system housed at our location.”

Matt Pocock, Director of Technology, Miss Hall’s School, Massachusetts, USAmisshalls

We have been extremely happy with our NetEqualizer. Gone are the bottlenecks that used to occur when all of our students were on the Internet at the same time. The NetEqualizer handles all of the bandwidth management, keeping our users happy, and has been completely hassle-free for our admins.

Charles R. Watts III, Network Manager, Information & Technology Services,
Washington & Jefferson College, Pennsylvania, USA

(from an email to Support Team July 2015)

The NetEqualizer works so well, I rarely have to do any administration on it!

lutheran_healthJason Whiteaker, Senior Network Engineer, Lutheran Health Network, Indiana, USA
(Excerpt from Case Study, January, 2015)

Background: Lutheran Health Network (LHN) is a regional healthcare provider network that consists of multiple hospital campuses and dozens of urgent care and physician practice locations, serving 23 counties in northeastern Indiana and northwestern Ohio. Every year, LHN cares for more than 50,000 inpatients, treat hundreds of thousands of outpatients, and touches the lives of their families and friends. To learn more about Lutheran Health Network, go to http://www.lutheranhealth.net/.

Jason Whiteaker is a Senior Network Engineer at LHN. He is part of a network engineering team that supports a diverse mix of traffic, including: traditional Email, Internet SaaS/ASP, patient EMR, VoIP (unicast and multicast), medical imaging, teleworker, and telemedicine (unicast, multicast, and video) applications.

LHN utilizes a mix of enterprise (wired and 802.11 wireless) and carrier (TDM and Metro Ethernet) transport services to provide these application services to their clients.

The Solution: LHN purchased two NE4000 1Gpbs units in May 2014, and then installed them as an active/passive pair to ensure traffic limiting full redundancy in case of an outage.

LHN looks to the NetEqualizer approach of traffic management as a way to augment their traffic processing needs. Because the NetEqualizer actively manages TCP connections and UDP flow states, they can apply a coarse interface traffic policy on the metro ring, yet fine tune and manage the mobile phone user checking their medical record portal or watching a YouTube video.

The Results: LHN loves the user-friendliness of the NetEqualizer appliance. Their environment is large enough that they can dig as deep as they care to into the esoteric QoS/traffic management tools of the infrastructure. However, being able to perform an initial configuration and let the appliance do its thing without a huge amount of babysitting is a big time saver.

The NetEqualizer appliances allow Lutheran Health Network to optimize the network infrastructure in which they have already invested. Management can feel more confident that when the time comes for bandwidth upgrades, those purchases will be effective and beneficial. As a bonus, applications that aren’t bandwidth constrained enjoy better “goodput” and the overall user experience is smoother – a technical and political win-win for the network engineering team.

monmouth_univMichael McGuire, Network Systems Administrator, Monmouth University, New Jersey, USA  (In response to a question on Bandwidth Management posted on LISTSERV RESNET September, 2014)

We have had a similar experience with our NetEqualizer.  Two and a half years ago we made the switch from our PacketShaper to a NetEqualizer when looking at a bandwidth upgrade.  The total cost of the NetEq was less than a year of maintenance on the PacketShaper so we figured we’d give it a try – and we’ve never looked back.  The NetEq is really something you put and place and it just works!  After the initial install, even before the planned bandwidth upgrade, the complaints from users dropped off dramatically.  We went from have to constantly monitor and tweak the PacketShaper to actually having to lookup the password since we hadn’t logged onto it for a while.

When initially looking at the products we had our doubts and questioned the pricing discrepancy from the PacketShaper, and questioned if it could really do what it was advertising.  Now that we have it in production we see it performs as advertised.

Jan Hatherell, Network Administrator, Tenacre – A Ministry of Christian Scientists,
New Jersey, USA
(testimonial submitted April 2014)

Similar to a college situation, we provide internet service for both offices and residences on a single campus. In the past, a couple of users would bring the internet service for others to a crawl and it was clear that we needed a good bandwidth management device. Since putting in the NetEqualizer in 2008, we haven’t had to think about it again. Using the default equalizing out of the box and making a few tweaks as the result of helpful support calls, bandwidth management is a non-issue now. We upgraded the NetEqualizer when we increased our pipe and it continues to do an efficient job. This is an excellent product and we recommend it without hesitation.

George Brady, Director of Technology,South Orangetown Central School District, New York, USA

(From an email, April 2014)south_orangetown_motto

The units are working well – definitely see a performance increase in our bandwidth optimization. Love the “KISS” (“keep it simple, stupid”) principle of bandwidth shaping.

johnson_city_schoolKevin Jacks, Technology Coordinator, Johnson City Independent School District, Texas, USA

(From an email, April 2014.)

Best investment we have made in the last five years. The NetEqualizer is a lifesaver!

paloverde_collegeDan Spechtenhauser, Network and Systems Security Specialist, Palo Verde College, California, USA

(Original quote from September 2011. Updated November 2013.)

NetEqualizer is truly is a set it and forget type of appliance. I used another vendor’s product years ago and I was always working on it, frequently digging around to find heavy use users and products; it was a never-ending process. Sometimes I would spend up to 20 plus hours a week on QoS. With NetEq, I have spent maybe 3 or less hours doing administrative tasks over the last 6 years. With the purple product company’s device, I would usually spend 3 hours daily before lunch. NetEq is Rock Solid and ROCKS!

Linfield College logoAndrew Wolf, Telecommunications Manager, Linfield College, Oregon, USA
(In response to a question on Internet Bandwidth for Students posted on LISTSERV RESNET November, 2013)

Don’t really have a base level; On our Net Equalizer, our students can use whatever is available up to the max of their “Pool” (currently 275 mbps) – when the pool is saturated, the really heavy users get delayed until they back off, and everybody gets “equalized” as required. It’s pretty cool…. At this point, no firm plans to add – currently 300 mbps/~4500 devices….

principiaChris Davis, The Principia, Missouri, USA
(In response to a question on Internet Bandwidth for Students posted on LISTSERV RESNET November, 2013)

We have 2 campuses and don’t really distinguish between resnet and non-resnet. One a K-12 and one a 4 year College. About 850 faculty/staff/students/guests per campus. We have 100Mbps at the K-12 and 150Mbps at the college. We used to use a BlueCoat packet shaper for bandwidth management but changed to an APConnections NetEqualizer almost 2 years ago. The use of such devices do seem to help extensively. I did some surveying of sites a couple of years ago, and it seemed that the sweetest spot for student to bandwidth ratio was about 4:1 (I had folks report good response between 4 and 18 to 1). We do pretty well on 9:1 and 6:1. Our college site is beginning to outgrow that ratio and we’re considering moving from 150 to 200 or 250 (cost dependent). 200 would be 4:1 and 250 would be 3:1….

NAT ConsultingMatias Pagola, CEO, NAT Consulting Inc., New York, USA

(From an email to NetEqualizer Sales, November, 2013)

I’ve had an experience I’d like to share with you… Since last week, the WiFi vendor at 3 of my client’s locations was insisting that the NetEqualizer was preventing users from having good Internet connections. They wanted the NetEqualizers to be disconnected.

Knowing that they were looking for a scapegoat, and picked the thing they knew very little about (NetEqualizer), I agreed to disconnect them, just to show them how the network would react… and it was day and night! As I knew would happen, complaints flooded the call center, people reported slow or no connections, delays, etc.

This was a very good way of showing them how effective NetEqualizers are. Their networks were in complete chaos without them! Needless to say, now they understand the value of NetEqualizer! The NetEqualizers are back online, and we are now taking steps to also add bandwidth at the 3 sites….”

pluGreg Briggs, Network Manager, Pacific Lutheran University, Washington, USA
(In response to the following question posted on LISTSERV RESNET October 2013)

Question: For those of you doing traffic shaping: what percentage of your Internet pipe do you allow streaming media to use (if you differentiate between faculty/staff I’m looking specifically at students)? If you’re capping do you also provide a minimum reserved % for streaming?

Answer: We use the NetEqualizer. We have no caps for users or applications. We have sane connection limits only to prevent problems. As we approach saturation, the NetEqualizer does its job and adds a bit of delay to the sessions that are hogs. This approach is user and protocol agnostic. The result is that when we approach saturation, protocols that are burstie, and in general can handle the latency have their peaks put into the valleys and the perception of quality continues further into saturation. It has been a while since we have needed the NetEqualizer, but we are glad it is there. I highly recommend this approach as it accomplishes the ultimate goal of “traffic shaping” in a way that makes the most people happy. It is very hands off, and very inexpensive relative to other offerings. So to sum up and answer your question, we allow as much as the user wants while we can, and then fairly distributed after that.

Linfield College logoAndrew Wolf, Telecommunications Manager, Linfield College, Oregon, USA
(In response to the following question posted on LISTSERV RESNET October 2013)

Question: For those of you doing traffic shaping: what percentage of your Internet pipe do you allow streaming media to use (if you differentiate between faculty/staff I’m looking specifically at students)? If you’re capping do you also provide a minimum reserved % for streaming?
Answer: We have bandwidth caps for the students, total simultaneous connection limits, and keep all the students in an overall bandwidth pool; because we are shaping behavior using a NetEqualizer, not controlling specific applications or doing any DPI, all the streaming media seems to pass through without any issues. Most streaming content is buffered to some extent, so small delays that might imposed by our NetEqualizer don’t seem to be noticed. I have a connection at home that is a wireless link to the colleges network, so I appear in the student network segment. I stream Netflix at my house often during the peak hours for students and only once have I noticed an issue; it turns out it was a Netflix issue, not our network. We’ve got ~2500 residential students; about 6.5k of devices, and 300 meg overall of which 275 meg is carved out for the student bandwidth pool. Anyone using over 2 meg sustained is considered a HOG and will be slowed down in increments if the pool saturates above 85%. Anyone under that is basically ignored.

gordon_collegeDirector of Networking and Computer Services, Network Systems Group, Gordon College, Massachusetts, USA
(In response to the following question posted on LISTSERV RESNET October 2013)

Question: For those of you doing traffic shaping: what percentage of your Internet pipe do you allow streaming media to use (if you differentiate between faculty/staff I’m looking specifically at students)? If you’re capping do you also provide a minimum reserved % for streaming?

Answer: We did an audit recently. The top apps include:
All other Combined (Facebook, Tumblr, Instagram..)

We use a Netequalizer to distribute our bw evenly to our students. We make minor adjustments yearly. We increased our pipe because the demand was high and rising, Ustream is in place for one to many streams like sports, Chapel and Special Events.

The Neteq has served us well. We have the ability to prioritize traffic. For example, Ustream special events.

bethanyMichael Gaspard, IT Director, Bethany World Prayer Center, Louisiana, USA

(From an email to NetEqualizer Sales, September, 2013)

The NetEqualizer unit we have is amazing. One feature I love, and we use quite frequently, is P2P monitoring and throttling. In one click of a button, the system will check all connections and tell me the probability of someone torrenting files. We can then check this against our IP tables and instantly identify the source and shut it down from either the NetEqualizer or the person’s computer. This feature saves us a major headache when it comes time for auditing!

bethel_college_kansasTim Buller, Information & Media Services, Bethel College, Kansas, USA

(testimonial to APconnections, August 2013 )

I’ve been very happy with the NE2000, it’s a solid box and has never given us any grief. I also appreciate its content-agnostic approach to bandwidth shaping. Many of my peers spend a lot of time tuning their traffic control devices to catch/except various L7 protocols, and I am glad not to have to play that game. Many of them are also paying a lot more to purchase their appliances, with very high annual SnS (software and support) costs.
Again, I really appreciate your product and excellent service. I am also impressed with the pace of upgrades and added features over the past couple years. Keep up the good work!

Mark Kadzie, Network Manager, Skokie Public Library, Illinois, USAskokie_library
(testimonial to APconnections, August 2013 )

Skokie Public Library, located in Skokie, IL, is an award-winning public library that serves a diverse community of sixty five thousand residents just north of Chicago. In addition to a robust wireless network, which frequently accommodates more than 100 simultaneous devices during peak use, the Library also provides more than sixty computers and laptops for public use.

As far as the Internet is concerned, the Library is part of a metropolitan area network (MAN) consortium where Internet access is shared among five local school districts and other Village institutions.  In 2004, when the Skokie I-Net was formed, the large, shared Internet pipe was more than enough to accommodate everyone.  It has been only in the last few years, as bandwidth needs have continually increased for all, that the I-Net began to slow down under the strain of network congestion.

Particularly acute during the day while schools are in session, the network congestion was becoming problematic, and a significant portion of that daily load was generated by the Library.  As a responsible consortium member, it was the Library’s obligation to figure out a way to lower its overall Internet use, especially during the day, without adversely affecting our user experience.

We were aware of NetEqualizer but did our due diligence anyway in researching all our options.  In the end we decided that NetEqualizer was our best option. Installation was quick and easy.  The configuration was minimal.  By defining smaller Bandwidth Up/Down parameters during the day, the “equalizing” kicks in sooner and lowers our overall bandwidth use. During nights and weekends, when there is virtually no Internet contention, we raise these parameters to let our Internet access fly. In addition to lowering our Internet bandwidth use during the day, our users also benefit from the ability to receive equitable network access. The heavy multimedia-streamers no longer monopolize the network like they had in the past.

Looking back, purchasing a NetEqualizer was a “no-brainer”.  I just don’t know why we didn’t purchase one sooner.

Christopher Stave, Computing and Network Services, Drew University, New Jersey, USA

(Email to APconnections, updated August 2013.  Originally from August, 2011.)

At Drew our NetEqualizer continues to work very well, so thanks for making an excellent product that just works and does what it says it will very well. It is usually one of the things I mention to people as a “best thing we’ve bought” type device, as it really is SO easy to use and configure and really does keep everything usable. Thanks for making an excellent product!

great_falls_collegeJohn Frisbee, Network & Telecom Analyst, Great Falls College Montana State University, Montana, USA

(Excerpt from an email to our Support Team, August 2013)

By the way… I really like the new GUI

Rick Jex, Director of Information Technology, Riverdale JointRiverdale Joint Unified School District Logo Unified School District, California, USA
(Excerpt from “NetEqualizer Helps Prioritize Network Traffic” article in DataBusOnline, June 4, 2013)

As K-12 schools in California begin shifting to a new model of learning that is heavily reliant upon the Internet, this places pressures on IT directors to develop methods that ensure equal Internet access for all. By properly designing a network utilizing traditional VLANs (virtual local area network), and QOS (quality of service) as well as with smart networking tools like NetEqualizer from AP Connections, a school district can prioritize their network traffic based on a plethora of policies.  read more

John Bailey, Assistant Director, Student Technology Services, Washington University in St. Louis, Missouri, USA
Washington University in St Louis(In response to a question on P2P traffic posted on LISTSERV RESNET April, 2013)

Here at Washington University of St. Louis, we got out of the business of sniffing and blocking certain types of traffic, and we have been much better off since.  We moved to a simple NetEqualizer appliance that ensures each student gets a fair slice of the available bandwidth and throttles down devices that have a huge number of connections (likely bit torrent-style traffic.)

Of course, we still have a swift and robust tracking and response system for dealing with copyright infringement complaints, so the students have a healthy fear of using any P2P file sharing apps while on campus.  We have not seen any notable increase in copyright violation notices since we moved away from targeting and blocking specific types of traffic.  This change has gotten us almost completely away from the various instances like you are describing below where a legitimate bit of traffic was getting hung up because of P2P management tools.

gordon_collegeRuss Leathe, Director of Networking and Computer Services, Network Systems Group, Gordon College, Massachusetts, USA
(In response to a question on P2P traffic posted on EDUCAUSE Security Constituent Group Listserv, May, 2013)

Great product and support!!

We have used Netequalizer for about 6 years.  Very pleased with the results as it uses the  ‘fairness’ principle. That is, total bw divide by # of users equals bw per user.  Pretty brilliant idea.   We noticed a change right away – within the first hour –with response and speed.  We were a packeteer shop but quickly switch to netequalizer from day one.  The students stopped complaining. J

We were literally spending about 2-3 (or more) hours per day managing the packeteer….now with the netequalizer its maybe 2-3 hours a year.  The time we do spend on it is  for reports and upgrades.  When we need reports, it readily available.

Set it and  forget it! With limited staff, I recouped those hours!

We manage 200MB and will be increasing to 350MB – more devices per student.  The nice thing about it is we can dedicate bw to a particular app/client if needed (like streaming media or video conferencing).  Great to have that flexibility.

We give low bw to all p2p programs so basically it worthless to run one.  Haven’t had a notice in 6 years.

HEOC speaks well here.

Anco van Bergeijk, Mission Protestante CMA, Hospital, Mali

(Email to APconnections , May, 2013)

Thanks for your great software still running on old hardware.

You might like our story… In 2005 I bought two NE1000 1U servers. One of them is still 24/7 running at our hospital in Mali, Koutiala. I saw on the netequalizer globe map that we are not on it, we should be added… The other unit I still use as measuring unit and is sometimes borrowed for a few weeks so that a school or little network can be monitored. We are still running software version 2.28N. The one unit at the hospital is nicely airconditioned in a small room. The other NE1000, I modified a bit as it was chrashing to often due to temperatures in non airconditioned places. See attached photo’s. For example daytime in shadow is now around 100 degrees F…

Dapuget_soundve Hamwey, Network Manager, University of Puget Sound, Washington, USA

(Email to APconnections Support Team, May, 2013)

…Thank you.  I really appreciate the great support we get with your products.
They have proved to be invaluable in our environment.

Mark Fowler, RT21.NET, Ohio & West Virginia, USArt21.net
(May, 2013)

RT21.NET is a mostly rural WISP offering secure, reliable, high-speed wireless to business and residential customers in Jackson County, West Virginia and Meigs County, Ohio. RT21.NET has over twenty wireless access points, and several mesh networks. The operations center has fiber optic and redundant cable connections to the Internet.

Mark Fowler, owner of RT21.NET, has been a NetEqualizer customer since October 2008, when he purchased an NE2000-10Mbps unit. In 2010 he upgraded his NE2000 to a 20Mbps license. We talked to Mark earlier this year while working with him to configure his box with separate configurations based on “time of day”. During our discussion, Mark told us “I can’t imagine being in the WISP business without the NetEqualizer”. While we love glowing statements, we asked for specific reasons behind his statement, so that we could share his experience with you.

In a nutshell, there are three things that Mark loves about his NetEqualizer: 1) first and foremost, interactive activity (browsing web pages, gaming, chat, etc.) is no longer degraded by the heavy use of a few customers, 2) that he has invested very little ongoing effort over the 4 ½ years he has had his NetEqualizer in place, and 3) finally, the fact that there is the ability to customize the configuration when needed (like setting up multiple configurations that switch based on the time of day, individual bandwidth limits, and priority users).

Mark also told us that APconnections really understands the needs of Internet Providers. He runs his WISP business in as streamlined a fashion as possible, and NetEqualizer’s simple set-up and maintenance support this goal. He also appreciates that functionality within the NetEqualizer is well-aligned with WISPs. In particular, the use of Bandwidth Pools to set up “virtual NetEqualizers” works really well on his wireless network. He uses bandwidth pools to ensure that any group of customers off a particular access point (AP) can be given maximum bandwidth without the possibility of saturating the AP’s wireless backhaul link.

I guess now we know why Mark cannot imagine running his business without the NetEqualizer. Thanks Mark, we are happy to help!

Kevin Melson, Eagleone Wireless Internet, Mississippi, USA  eagleone wireless
(May 2013)

Company Background
Eagleone Wireless, LLC is an industry-leading, privately held, Internet Service Provider based in Corinth, MS. In 1997, Eagle One Wireless, Inc., began construction of an innovative network optimized for data traffic and launched service in two initial markets. That same year, major telecommunication companies announced for the first time ever that global networks carried more data traffic than voice traffic. Eagle One was perfectly positioned to step into this growing market.

In 2010 Eagleone Wireless, LLC was formed, through the acquisition of the existing Internet service provider network. The new owners, also owners of other local Corinth companies, immediately started updating the existing network for the future. This new organization has put in place several things to carry Eagleone Wireless and its customers in to the future. Today we are one of the largest carriers of data traffic in North East MS, providing businesses and homes with a reliable data network and outstanding service.

Eagleone’s experience with NetEqualizer
I tell every other WISP that I speak to about the NetEqualizer. Most have never heard of it.

We would certainly hate to be without it, because we feel the NetEqualizer is far ahead of all other bandwidth shaping devices. It is not like simple rate limiting devices; it intelligently shares bandwidth across all users, using equalizing to penalize network hogs when the network is congested. When the network is not congested, users can have as much bandwidth as they need, without being artificially limited.

We bought an existing WISP that had been in business about 10 years and was failing badly. In 2005 we purchased our first NetEqualizer (a NE1000-10Mbps). We traded that for an NE2000-45 in 2009, and have since upgraded to our current 100Mbps license.

The NetEqualizer is affordable. It helped us to spread our dollars further on limited bandwidth while we spent our money on all the backhaul link upgrades that we needed to do. Now that most of our backhaul links are upgraded, it is time to finally upgrade bandwidth, and the NetEqualizer has been great about scaling with us as we grow.

Thank you for a great product. We feel that our NetEqualizer will last us many, many years to come…

Scott Dean, Network Manager,  Augustana College, Illinois, USAaugustana_college

(Email to APconnections regarding a Support request, Apr, 2013)

Ok, everything is back up and running with our config and key.  We’ll keep an eye on it for a few days or a couple of weeks to see if we resolved the issue.  I think we have.

I’ll keep you posted and many, many thanks for the quick responses.  I wish other companies had support half as quick and proficient as you folks.

Russ Leathe, Director of Networking and Computer Services, Network Systems Group, Gordon College, Massachusetts, USAgordon_college

(Email to APconnections, Mar, 2013)

We had an incident over the weekend I wanted to tell you about:

One of our webservers got hit with a ‘zero-day’ malware.  We noticed our bw was completely pegged even though our student population was on, or leaving for Spring-Break (so our bw consumption should have been trending downwards, not upwards).  We maintain over 100 servers, 95% of which are in a VM environment.  Needless to say, finding the exposed culprit would be like finding the proverbial “needle in a haystack”.  Alas, NetEQ to the rescue.

We used NTOP to discover our ‘Top Talkers’.  The Inbound bw was saturated, which was unusual and we pinpointed it to one machine.  We quickly wrote a bw rule for that web-server and things returned to normal.

We found the malware and inoculated the server…all within an hour’s time.  Normally, this could have taken hours or a few days.

Thanks again… for creating such a great solution for Higher ED!!

john_tyler_ccMichael Smith, Network and Systems Administrator, Information Technology Services Center, John Tyler Community College, Virginia, USA
(Email testimonial to APconnections, Mar, 2013)

In discussing a recent software update to 6.0:

“…You guys have done a lot of work and the new interface looks good and works well.”

alila_jakartaBen Whitaker, Principal at Jetset Networks, Hotel Alila Jakarta, Greater Jakarta Area, Indonesia
(Email testimonial to APconnections, Feb, 2013)

Just an update about the results we got on our latest install…

“We just finished a project with the 262-room Hotel Alila Jakarta, installing our aggregation gear and also the NetEqualizer. At the hotel we were able to double the bandwidth to 15Mbit and provide failover. But the Active Bandwidth Control with the NetEqualizer was the most impressive.

The hotel was using a primitive system called Rate Caps on Microtik equipment to limit each accesspoint to 3/4 megabit. So nobody ever got speeds over 3/4 megabit. The entire Ballroom for example, had to fight over 3/4 megabit. Really inefficient.

We put in our gear and now guests are getting 3.5 megabit even if the line is full. It instantly “makes room” for important traffic and guests can get peak speeds all the way up to 15Mbit if the line isn’t full.

When we set it up, by chance their Global CEO was in town that day. He suddenly got 7Mbit, which is 9 times the speed he usually gets at the hotel – and told the GM about it. The hotel’s Financial Controller shook my hand the next day and thanked me. Internet is nine times faster? That’s major. Just by fixing the traffic control system.

Available speeds to guests are now 5x to 10x what they were because we got rid of the primitive Rate Cap system…”

Darren Muloin, Manager, AirSpeed Wireless, British Columbia, Canadaairspeed
(email testimonial to APconnections, Feb, 2013)

“AirSpeed Wireless runs a fairly extensive wireless network and we use the NetEqualizer to keep traffic flowing smoothly even at peak times and under heavy load. The NetEq’s give our wireless backhaul links as much as 50% more capacity without noticeably affecting customer service. This gives our equipment a longer lifespan and keeps bandwidth costs down, which is good for the bottom line.”

Chris Davis, CIS Security Director, The Principia, Missouri, United Statesprincipia
(In response to a question on bandwidth shaping posted on LISTSERV RESNET Dec, 2012)

“…I was in the same place you were last spring.  Due to increasing bandwidth I was looking at significant licensing and hardware replacement of our shapers.  I was also beginning to see the end of the tunnel in terms of deep packet inspection with regard to prioritization of traffic.  We had been changing what we wanted out of our shaper from prioritization to equalization.  While we wanted to prioritize by application on some things, what we really wanted was to share the bandwidth equally between our users, resnet and other.  While I couldn’t do everything I wanted with the NetEq, I found that those things I wanted to do, I really didn’t need to do.  We have been up on ours for about 7 months now, and we have had nothing but a terrific experience.

In the midst of this I also took some data on user population to bandwidth (Mbit/second) and found that with any kind of packet shaping, the sweet spot of user/bandwidth ratio was 4:1.  I also heard from many that were higher than that, 6:1, 8:1, 10:1 even as high as 20:1.  We run at 6:1 and 9:1 on our two campuses.  There have been no significant complaints.

The one problem I have with the NetEq is that the network interfaces aren’t pass through by default.  I got very used to that with our shaper.  You either have to set up your own switches to bypass it in the event of a failure, or buy a solution from them that does basically the same thing.  Other than that small complaint, I have had no problems and more importantly almost no bandwidth help desk calls!   That’s the big plus.  Plus it is very easy to manage.  I hardly ever touch mine.  I just monitor them with the new Dashboard interface. …”

Linfield College logoAndrew Wolf, Telecommunications Manager, Linfield College, Oregon, United States
(In response to a question on bandwidth shaping posted on LISTSERV RESNET Dec, 2012)

“… I think you’ll find rate limiting with the core equipment problematic at best. You want your core network gear to move packets as quickly as possible; not spend time calculating if a user is exceeding their bandwidth. My advice would be to simply place a behavior- based shaper at the choke point towards the internet.   Talk to the folks that have installed behavior based shaping  – I use NetEqualizer and would be happy show you what we do with it.  I know there are several other folks on this listserv who also use them – it’s an terrific product – set and forget for the most part.  If you check the ROI you can probably pay for the Neteq for what the upgrade would cost you.  AND you would get a real tool to control the resident population’s behavior fairly, so everyone gets better performance. ..”

Thierry Le Prettre, IT Analyst, Soleica, Incorporated, Kuujjuaq, Quebec, Canadasoleica
(from email to APconnections regarding our new GUI, Oct, 2012)

“… The interface is much more friendly, and it’s easier to configure the device with it. Good job. …”

quinsamTravis Renney, Quinsam Radio Communications, Campbell River, British Columbia, Canada
(from email to APconnections regarding our new GUI, Oct, 2012)

“… Wow, simply amazing.  Thanks guys, nice job.. …”

Josiah Erikson, Network Engineer, Hampshire College, Massachusetts, United Stateshampshire_college
(from email to APconnections, Oct, 2012)

“…you guys also answered me outside of stated support hours. Thanks! You guys consistently provide the highest level of support I have ever received from any company, bar none. Also your product is fabulous. I have recommended it to all other four colleges in the Pioneer Valley…”

Otto, Network Maintenance, Letaba Wireless Internet, Greater Tzaneen, South Africaletaba
(from email to members of the Wireless Access Providers Association of South Africa (wapa), Apr, 2012)

We’ve been contemplating buying a NetEqualizer for the last 2 or 3 years now.  We recently took the plunge and purchased a NE3000-150 unit and I must say we are EXTREMELY happy with what it’s doing for our network. If you have the capital to purchase this piece of equipment YOU WILL NOT be disappointed.

Stephanie Dickens, Vice President of US Operations, Global Gossip, Colorado, USA
(from joint press release http://www.businesswire.com/news/home/20120302005149/en/NetEqualizer-Selected-Global-Gossip-Support-High-Speed-Internet Mar, 2012)Circle Logo

Global Gossip’s Vice President of US Operations, Stephanie Dickens, says “The use of the NetEqualizer greatly diminishes the need for hands-on bandwidth management. Our customers are located in areas where bandwidth is not easy to come by, and the NetEqualizer helps control that bandwidth so that one single user is not monopolizing it. We are thoroughly satisfied with the NetEqualizer’s remote management capabilities and its ease-of-use. We currently have NetEqualizers deployed at the Furnace Creek Resort in Death Valley National Park, throughout guest and employee accommodations in Yellowstone National Park, Grand Canyon, Mount Rushmore, and five Ohio State Parks. The NetEqualizer will be deployed with the Global Gossip system in several more US locations before the end of 2012.”

Global Gossip currently manages and maintains over three hundred wireless networks and kiosk internet sites around the world. Their wireless installations include some of the most remote and challenging locations on Earth, from central Australia, New Zealand, Vanuatu, Fiji, to Yellowstone, Wyoming, the UK and Spain. Global Gossip’s unique HSIA product integrates seamlessly with NetEqualizer technologies to provide a highly structured internet access gateway, cloud based management tools, and 24/7 technical support. Global Gossip has offices in Sydney, Australia, Denver, Colorado, and London, England. Global Gossip can be found online at http://hsia.globalgossip.com.

Karl Childress, Information Technology Manager , Powell River School District 47, British Columbia, Canadapowell_river_sd
(from Educational Technology Management Association (ETMA) listserv, Feb, 2012

We've started using these (NetEqualizer) too.  So far everything is working 
great.  (Haven't tried the cache function yet though.)

Geoff Wilson, Manager of Information Technology , Campbell River School District 72, British Columbia, Canadacampbell_river_sd
(from Educational Technology Management Association (ETMA) listserv, Feb, 2012)

We are using Layer 7 bandwidth arbitrators http://www.netequalizer.com/index.htm. They can also run a caching proxy server with the latest OS.  They are very affordable, simple to use, and a powerful tool on our network.

Dan Spechtenhauser, Network Technician, Palo Verde College, California, USA
(comment, YouTube NetEq Online Demo, Oct 2011)paloverde_college

This truly is a set it and forget type appliance. I used another vendors product years ago and I was always in there working on it, finding heavy use users and products, and tweaking and geeking out on it. With Neteq, I have spent maybe 2 or less hours doing administrative task over the last 4 or more years.  I would spend 2 hours per day before noon most of the time when using the purple companies product. NETEQ ROCKS!

Peter Spencer Deskspace.biz, United Kingdom, Europe

In the UK there is an advertising slogan for paint that says:  “It does exactly what it says on the tin”. Well the NetEqualizer does exactly what they claim on their website: we took it out of the box, plugged it in to our network, and 10 minutes later, all our bandwidth problems disappeared. No more dropped VoIP calls, and no more complaints about slow internet access or stuck emails. We did get a couple of unhappy users – but those were the folks who were downloading movies on peer-to-peer or running unauthorised web-servers on our network – and they had caused all the trouble for everyone! NetEqualizer was automatically throttling back their bandwidth usage. Easy. We have 100 tenants in our serviced office, and the internet just HAS to work 24/7 – NetEqualizer has made them, and us, happy!

Thanks, Peter

George, unknown (Ubiquiti Forum, Nov 12th, 2010)

… We have the 45Mbit NetEqualizer model. Works simply awesome, just like black magic.

bethel_college_kansasTim Buller, Bethel College, Kansas, USA
(From email to APconnections, Nov, 2010)

… Thanks again for such a great, easy to use product.

macalester_collegeTim Payne, Network Administrator, Macalester College, Minnesota, USA
(From EDUCAUSE Network Management (NETMAN) Listserv, Mar, 2010)

… We just bought a new NetEQ unit here as well when we upgraded our internet pipe to 130Mbps.  It has worked perfectly for us, as did our old one….

Nathan P. Hay, Network Engineer — Computer Services, Cedarville University, Ohio, USAcedarville_university
(From EDUCAUSE Network Management (NETMAN) Listserv, Mar, 2010)

… We have the NE3000-350 on a 150 Mbps pipe.  We bought it the same time we had a large increase in our pipe, so I am just recently starting to see the graphs plateau at 120 Mbps (80% of 150, the point where neteq kicks in).   It took our users a while to catch up to our larger pipe size, so I think the Neteq didn’t do anything for about a year because we never hit 80% usage.

So it is working well for us.  I barely touch it as far as management goes.

It lives up to the sales pitch for us and the price easily convinced us when we outgrew the PacketShaper we had.

Vince Stoffer, Reed College, Oregon ,USAreed_college
(From Educause SECURITY list, Jan 19th-20th, 2010)

… We’ve had the NetEqualizer in place at Reed since the beginning of this year.  So far, so good.  It’s lived up to the promise of being a set it and forget it type of appliance.  It was replacing a Packetshaper and while we do miss the increased visibility into the traffic (including better monitoring and reporting) of the Packetshaper, the Netequalizer has been trouble-free at doing its job of equalizing traffic in a protocol-agnostic fashion.  It requires very time little beyond the initial setup and bit of fine tuning.  The unit will also allow us to continue upgrading our bandwidth without needing to upgrade the hardware (the reason our Packetshaper had to go). …


Jason Lavoie, Bowdoin College, Maine, USA

(From EDUCAUSE Small College Constituent Group Listserv)

…Bowdoin was in a similar position this summer. We were happy with our Packetshapers, but were not able to renew the service/software contract on our pair of 9500’s. I believe the Bluecoat acquisition was to blame for them pushing out the slightly-old hardware. The “special” upgrade pricing was excessive, so we looked into alternatives. After some testing with on site demo units, we selected the NetEqualizer. We’ve been using them since mid-August, and have had no issues since the initial installation.

Years ago, I had made the determination that playing whack-a-mole with Packeteer DPI and chasing down the latest classification plugin or software upgrade was more operational overhead than the gains warranted. Our attempt at using Dynamic Partitions failed — the box couldn’t keep up with our bandwidth/session demands. We had been running our Packetshapers in a dumbed-down configuration that had High/Medium/Default/Low priority class trees. Administration time was relatively low, but we weren’t using much of the DPI functionality we were paying for. Netequalizer fits our needs almost perfectly for the right price.

The other major factor that led to the decision were how cooperative and helpful they were with pre-sales support. We were able to augment their standard option with optical interfaces for essentially the price of the cards. All of our questions were answered promptly and with technical understanding of the product. In pre-production testing, the few problems we ran into were quickly and thoroughly addressed whether they were our implementation problems or a NetEqualizer issue (there was one with an incorrect license key). …

Dave Barker, BroadLinc Communications, Kentucky, USAbroadlinc

I just wanted to let you guys at Netequalizer know how much I depend on my NE2000. I am a small ISP with about 360 customers and I would be lost without the Netequalizer. The people there are always very friendly and quick to respond. Keep up the great work.

Kevin Kershner, CS&T Inc, Wyoming, USAcs&t

I admin several NetEqualizers in hospital and county couthouse networks and the clients love them.  They let employees have freedom from whitelists and yet keep data lines open for legit traffic, makes for happier employees.

Damien McNabb, Ronald Communications, Manitoba, Canada (ronaldcom.ca)

We provide IT support and services for a large hotel and conference center here in Russell Manitoba. Since installing the NetEqualizer our Internet Congestion  during peak usage has disappeared. I was so impressed with the NetEqualizer that we are now  installing two more NetEqualizer units at  other  smaller resort properties here in town.

Craig Mackay, Director, Mascon Cable Systems, AirSpeed Wireless Inc, British Columbia, Canadamascon

We just returned from the cable operators convention here in Canada. We were surprised to learn that similar operators without the benefit on a NetEqualizer often needed as much as 250 megabits sustained bandwidth to keep 650 users running. We on the other hand run about 4000 on 60 megabits made possible by the unique abilities of our NetEqualizer to distribute out the load over time more efficiently. That translates to the NetEqualizer investment paying for itself many times over…

Mike Ferguson, Chapman University, California, USA chapman_university

I’d also recommend you look at the NetEqualizer. We evaluated it this summer along with several other packet-shaping solutions. We also needed to upgrade our NetEnforcer to handle more than 100M for our ResHalls, but we weren’t impressed with its P2P classification. As a matter of fact, we haven’t had much success using L7 packet inspection of P2P traffic with other solutions: either using our Fortigate firewalls, the Packeteer box we used before, or the NetEnforcer we just retired. We don’t block P2P, but we do want to throttle it. You can be diligent about updating your policies from the manufacturer as soon as they’re released; however, we found a significant amout of P2P traffic still bypassed the filters right after an update because it wasn’t identified properly.

Our work-around with the NetEnforcer was to throttle the number of connections per second and limit the total amount of bandwidth per IP. But we always felt we were constraining our available resources, particularly by reducing bandwidth per IP, as we were limiting a person’s bandwidth to DSL/Cable-like levels just because of lack of L7 capabilities.

With the NetEqualizer, we’re still limiting the number of connections per second, but we’re using the “behavior” algorithms to dynamically adjust bandwidth per IP so all users are given a fair amount of bandwidth. But at the same time, we’re still able to throttle P2P traffic just as effectively without it affecting quality video streaming or anything else non-P2P related.

Last, the cost is 1/4th to 1/7th less than a comparable L7 solution. We were able to buy 2 NetEqualizer units and hook them to both our public core boxes for redundancy. The total price was astoundling less than any other solution we looked at, except one which didn’t meet our requirements. For the other solutions, the price you’re paying is to invest in their R&D efforts to classify L7 traffic accurately and manage it effectively. But our experience using the NetEqualizer for the last 2 months has been that it manages bandwidth just as well, if not better.

In our case, we have just less than 2000 residents, but we also have wireless clients on the Academic side that go through the same NetEqualizer (NE3000). Our second unit is strictly for failover. I’ve seen up to 4500 active users, which at night we give 150M of bandwidth. Even at peak (100%) utilization of the allotted bandwidth, the NetEqualizer gives great results.

Adam Forsythe, Luther College, Iowa, USALuther-Logo-Horizontal

You might want to look into a NetEqualizer.  We switched to one 2 summers ago and have been very happy with it.  Like you, I needed to upgrade our NetEnforcer because we were expanding our internet connection beyond what the NetEnforcer was licensed for.  I decided to look into what other options were available because I was coming to the conclusion that prioritizing traffic based on being able to classify it 100% accurately is only great as long as you can classify the traffic accurately 100% of the time.  Since we were finding that a lot of the encrypted P2P traffic looked like https to NetEqualizer, I was having a hard time keeping the P2P under control without having negative affects on https traffic to web pages.

NetEqualizer doesn’t prioritize traffic based on identifying traffic type, it takes a different approach.  It simply tries to make everyone share the internet connection fairly.  It does this by limiting the total number of simultaneous network connections that any one ip address can make, and by introducing small delays into the sessions of users that are deemed to be using more than their fair share of bandwidth.  This approach means that it took a little bit of work up front to figure out what settings would work best for our users, but after that it takes very little ongoing work to keep it running.  As a bonus it was much less expensive than any of the other options I considered.

Steve Hess, Wheaton College, Illinois, USA wheaton_college

We don’t have a big gamer population but no complaints on our end. Our gaming complaints pretty much disappeared when I replaced our PacketShaper with a NetEqualizer last year. No classification = no classification headaches.

Wade LeBeau, The Daily Journal Network Operations Manager, Illinois, USAthe_daily_journal
(“Leveling Your Business Network” article, page 26)

NetEqualizer is one of the most cost-effective management units on the market, and we found the unit easy to install—right out of the box. We made three setting changes to match our network using the web (browser) interface, connected the unit, and right away traffic shaping started, about 10minutes total setup time. The unit has two Ethernet ports…one port toward your user network, the other ports toward your broadband connection/server if applicable. A couple of simple clicks and you can see reporting live as it happens. In testing, we ran our unit for 30-days and saw our broadband reports stabilize and our users receiving the same slices of broadband access. With the NetEqualizer, there is no burden of extensive policies to manage….The NetEqualizer is a nice tool to add to any network of any size. Businesses can see how important the Internet is and how hungry users can be for information.

DSL Reports, April 2009dsl_reports

The Netequalizer has resulted in dramatically improved service to our customers. Most of the time, our customers are seeing their full bandwidth. The only time they don’t see it now is when they’re downloading big files. And, when they don’t see full performance, its only for the brief period that the AP is approaching saturation. The available bandwidth is re-evaluated every 2 seconds, so the throttling periods are often brief.

Bottom line to this is that we can deliver significantly more data through the same AP. The customers hitting web pages, checking e-mail, etc. virtually always see full bandwidth, and the hogs don’t impact these customers. Even the hogs see better performance (although that wasn’t one of my priorities).

Loyola University — Chicago, Illinois, USAloyola_univ_of_chicago

At Loyola University Chicago, we are on our 2nd iteration of the NetEqualizer. We used the product happily for a number of years when we had a T3. We upgraded our internet pipe to 100MB and after about 6 months we noticed 100% saturation and students complaining of slow internet for various applications. We knew then that we needed another NetEqualizer. Once we plugged the box in it started managing the bandwidth, our pipe has not been saturated since, and more importantly the complaints have ceased.

Alan Leech, Orlean Invest West Africa Limited, January 24, 2009, Africa


We purchased 3 of your devices last year and I have to say we are very impressed by them.

They have matched our requirement perfectly and allow us to provide fair usage to our clients whilst reducing our overall OPEX.

You can be sure we will be purchasing in the future.

Alan Leech

Illinois Wesleyan Replaces Packeteer with NetEqualizer as Part of Bandwidth Upgrade, Illinois, USA
(By Trey Short, January 19, 2009illinois_wesleyan_university)

Network Services has completed the Network Upgrade Project.  The Internet bandwidth available to the Campus was doubled from 45MBs (DS3) to 90MBs in December.  Along with the additional bandwidth, a new bandwidth sharing device call a NetEqualizer replaced the existing Packeteer.  The NetEqualizer uses bandwidth sharing fairness rules based on network usage to share bandwidth and balance the available bandwidth between all users.  The project made a dramatic improvement to Internet access for the campus community.

Chris Chamberlain, Oakland University, Michigan, USAoakland_university


Because Netequalizer simply makes things fair, i.e. gives everyone on the link the same percentage of the bandwidth “pie” the netequalizer can handle any type of traffic, because it isn’t classifying anything.

Chris Chamberlain

Oakland University

>On Apr 30, 2008, at 4:42 PM, Green, Doug wrote:

>We are considering Netequalizer. They are claiming to be able to manage  encrypted BitTorrent. Can anyone verify this?

>Thank you,

>Doug Green

>Manager, Network Services & Security

>University of New Hampshire

>50 College Rd

Charlie Prothero, CIO, Keystone College, Pennsylvania, USAkeystone_college

I have written on a couple of Educause lists about our experience with the Netequalizer, which has been invariably positive.  It’s a snap to set up and doesn’t require anywhere near the tuning effort that a Packeteer does.  For general Internet circuit coverage, I’m very pleased with it.

Ben Schworm, The Independent School Educators’ List, ISED-L

We just re-evaluated our systems after realizing that even with the Packetshaper in place, we’d need to increase the amount of bandwidth that we offer the community. First of all, the new Packetshaper hardware we’d need was going to cost $18,000. Second, over the 5 years that we’ve had the Packetshaper, we’ve seen its effectiveness decrease with the increased availability and academic usage of real-time streaming apps and the increasing amount of traffic that is classified as either pure web browsing traffic (whether it is or not) or “default”, the traffic class that catches all the other traffic that the Packetshaper can’t specifically identify. Furthermore, the Packetshaper can tend to be a pretty admin-intensive system to keep working effectively.

The NetEqualizer really only deals with end-user behavior in that it looks at the bandwidth that a given user is trying to utilize relative to what’s available and throttles “bad” users in order to try to maintain fair access to the bandwidth. It also throttles “bad” applications like P2P that open many connections to and from a given user. The box is nearly configuration and maintenance-free and costs a fraction of what the Packetshaper does.


I was asked to tell our experience with NetEqualizer. We purchased the box about 3 weeks into first semester when our old bandwidth control server died and support was not forthcoming from the company.

We put NetEqualizer in place and fired it up with little to no problem. For the first 5-6 hours it worked as we were told it would with NO configuration. After the first day we noticed problems with students exceeding the connection limits we set. We called the company and within 24 hours we had the configuration modified to the specific needs of our network and our bandwidth was under our control again.

In the last 4 months I have not had to make any additional changes to the configuration. In fact we have not even had the need to restart the box. The NetEqualizer box has some very good algorithms to have controlled our heavy bandwidth users with not adding significant network overhead to the rest of our low bandwidth users. Our students have seen an increase in bandwidth when they need it. The gamers are happy because the latency we used to have under our old bandwidth system has disappeared.

Douglas Hedges, EDUCAUSE Small College Constituent Group Listserveducause logo

We’ve dumped our Packeteer device about 18 mos. ago for a NetEqualizer. It has worked as advertised and has required virtually no maintenance after initial setup (which took just a few minutes as well). There are some good technical papers on their site (http://www.netequalizer.com) describing its operation and comparing it to other products. I believe they’re worth a read if you want to see if it’s a good fit for your campus. It sure was for ours.

Russ Leathe, EDUCAUSE Security Constituent Group Listserveducause logo

Gordon College switched from Packeteer to netEQ a while ago. It works flawlessly and our daily management of bandwidth decreased significantly.

They also have a CALEA probe.

Superdog, DSLReports.comdsl_reports

When you plug in the Neteq box, it doesn’t care about IP’s or what range it is on. You set the bandwidth maximum limit for whatever your pipe size is and then plug it inline between your core router and your first main switch and you are done…

…I love this unit and I can not say enough about it. With M0n0wall and Packetteer, you have to manually setup all of the rules in order for the units to be effective. After you spend a few hours getting them setup, it only takes the user/program 10 seconds to switch ports on you and that rule is then invalid and you need to go back and redo it.

This type of setup requires you to monitor your box constantly, creating even more work. The Neteq unit doesn’t need to know all of this. It just counts connections per user (A limit you set) and the amount of bandwidth each user consumes. If the bandwidth is there and no one else is using it, that person gets it. If they are running Limewire at full throttle and another user logs in and starts to surf the net?, that user gets full priority and their pages will load quickly while the Limewire download has delay added to their packets.

IMHO, using this unit is a no-brainer for any ISP. It is a hands off setup that really works.

Josh Heller, Sr. Network Analyst — IT, Kutztown University, Pennsylvania, USAkutztown_university

Our University started with PacketShapers, but also made an investment in NetEqualizer when we found the PacketShaper wasn’t completely doing the job. Today we use both products.

We have been pleased with NetEqualizer  as it does what it advertises – it makes a noticeable difference in congested network.

Nathan P. Hay, Network Engineer — Computer Services, Cedarville University, Ohio, USAcedarville_university

We switched from PacketShaper to NetEqualizer this summer.
NetEq is much simpler to manage and much cheaper.

George Flowers, Southern Crescent Technical College (formerly Flint River Tech), Georgia, USAsouthern_crescent_tech_college

We currently have the NE2000, and it works great!
No other product can do what the NetEqualizer does at a great price!

Constantinos Tsakonas, General Manager, Twin Island Communications, British Columbia, Canadatwin_comm

I would like to order another NETEQ-POE.
I have 2 of these units segmenting my wireless network and they work like a dream!

educause logo

NetEqualizer has also received mention as an Educause HEOA role model.

Created by APconnections, the NetEqualizer is a plug-and-play bandwidth control and WAN/Internet optimization appliance that is flexible and scalable. When the network is congested, NetEqualizer’s unique “behavior shaping” technology dynamically and automatically gives priority to latency sensitive applications, such as VoIP and email. Click here to request our price list.

Posted in . 5 Comments »

Optimizing Your WAN Is Not The Same As Optimizing Your Internet Link — Here’s Why…

WAN optimization is a catch-all phrase for making a network more efficient. However, few products distinguish between optimizing a WAN link and optimizing an Internet link. Yet, the methods used for the latter do not necessarily overlap with WAN optimization. In this article, we’ll break down the differences and similarities between the two practices and explain why WAN optimization tends to be the more common, yet not necessarily most effective, of the two techniques when it comes to overall network optimization.

Some Basic Definitions

A WAN link is always a point-to-point link where an institution/business controls both ends of the link. However, a WAN link does not provide Internet access.

On the other hand, an Internet link is one where one end terminates in a business/home/institution and the other end terminates in the Internet cloud, thus providing the former with Internet access.

A VPN link is a special case of a WAN link where the link traverses across the public Internet to get to another location within an organization.  This is not an Internet link by our definition mentioned above.

Whether dealing with a small business, a home user, or public entities such as libraries, schools etc., there are far more Internet links out there than WAN links. Each of these entities will most certainly have a dedicated Internet link while many will not have a WAN link.

Some Common Questions

If Internet links far outnumber WAN links, why are there so many commercial products dedicated to optimizing WAN links and so few specifically dedicated to Internet optimization?

There are a few reasons for this:

  1. WAN optimization is fairly easy to measure and quantify, so a WAN optimization vendor can easily demonstrate their value by showing before and after results.
  2. Many WAN-based applications — Citrix, SQL queries, etc. — are inherently inefficient and in need of optimization.
  3. The market is flooded with vendors and analysts (such as Gartner) which all tend  to promote and sustain the WAN optimization market.
  4. WAN optimization tools also double as reporting and monitoring tools, which administrators gravitate toward.
  5. A large number of commercial Internet connection are located at Small or medium sized business and and the ROI on an optimization device for their Internet Link is either not that compelling or not understood.

Why is a WAN optimizing tool not the best tool to optimize an Internet link? Don’t the methodologies overlap?

Most of the methods used by a WAN optimizing appliance make use of two principles:

  1. The organization owns both ends of the link and will use two optimizing devices — one at each end. For example, compression techniques require that you own both ends of the link. As mentioned earlier, you cannot control both ends of an Internet link.
  2. The types of traffic running over a WAN Link are consistent and well defined. Organizations tend to do the same thing over and over again on their internal link. Yet, on an Internet link, the traffic varies from minute to minute and cannot be easily quantified.

So, how does one optimize unbounded traffic coming into an Internet link?

You need an appliance such as a NetEqualizer that dynamically manages over all flows for more information you can read. But,  don’t take it from us, you can also check in on what existing NetEqualizer users are saying.

How does a company quantify the cost of using a device to optimize their Internet link?

Admittedly, the results may be a bit subjective. The good news is that optimization companies will normally allow you to try an appliance before you buy. On the other hand, most Internet providers will require you to purchase a fixed length contract.

The fact of the matter is that an Internet link can be rendered useless by  a small number of users during peak times. If you blindly upgrade your contract to accommodate this problem, it is akin to buying gourmet lunches for some employees while feeding everybody else microwave popcorn. In the end, the majority will be unhappy.

While the appropriate network optimization technique will vary from situation to situaiton, Internet optimization appliances tend to work well under most circumstances and are worth implementing. Or, at the very least, they’re worth exploring before signing on to a long-term bandwidth increase with your ISP.

See: Related Discussion on Internet Congestion and predictability.

%d bloggers like this: