NetEqualizer News: December 2014


December 2014

Greetings!

Enjoy another issue of NetEqualizer News! This month, we discuss our recent K-12 Schools award, introduce IPv6 shaping for NetEqualizer, and remind everyone of 2015 pricing changes. As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

As we close out 2014, I smile as I think of what this year has taught me, both professionally and art_smallpersonally. Professionally, I now know that IPv6 really will be a reality in 2015, as you will read more about below. I have also learned that sometimes surprises are good – as we share with you that we received an unanticipated (but very welcome!) award from District Administration (a K-12 Schools publication) this month.

And personally, I learned that at my age I need to make sure to hydrate before a long run!

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

We Are Honored! NetEqualizer is a K-12 School Top 100 Product in 2014

We have always known that the NetEqualizer is great (you have too!), but it is wonderful when it is validated by an independent publication. Recently we learned that we were honored in the December 2014 edition of District Administration, a publication geared to K-12 School leadership.

NetEqualizer made the 2014 list of Top 100 Products for K-12 Schools! DA_top100_2014v2

The December 2014 Cover Story is the annual Top 100 Products, viewable in the District Administration online edition. According to the article, there were 2,400 unique nominations for the Top 100 this year, up from 1,800 in 2013. Winners were selected by the editorial board based on quality and quantity of the testimonials submitted from readers.

So, a big THANK YOU to the readers that submitted us for inclusion in the Top 100! We would not have received this honor without you. We truly appreciate you taking the time to say nice things about us, especially as we rely heavily on word of mouth to get our story out to our customers. If you would like to see our listing, we are on the bottom of page 52.

As we have not advertised in this publication in the past, and did not solicit inclusion for this award in any way, this took us completely (and happily) by surprise.

As Lauren Williams of District Administration mentions in her introduction to the winners, “This annual award alerts superintendents and other senior school leaders to the best products their colleagues around the country are using to help their districts excel.”

If you have not seen the winners, take a look, you might find a product that is a good fit for your K-12 School.


2015 Pricing Coming Soon

As we close out 2014, just a reminder that we are still writing quotes using our 2014 pricing, and the quotes are good for 90 days. If you are thinking of trading-in your current NetEqualizer, upgrading your license level, or getting another NetEqualizer, now is a good time to get a quote from us.

We will be using 2014 pricing through January, and all current quotes using the pricing will be honored for 90 days from the date the quote was originally given.

Look for a preview of our 2015 Pricing in our January Newsletter. Our 2015 Pricing will be effective February 1st, 2015.


Ready or Not, Here Comes IPv6!

Just this past month, we have seen several customers begin to see 10% or more IPV6 traffic on their networks when they turned on their IPv4/IPv6 dual stack.

As you may know, today IPv6 traffic is viewable under the Management & Reporting menus. To see any IPv6 traffic that you have on your network, select View Current Activity -> View Active Connections -> Active IPv6 Connections.

However, as IPv6 has historically been a small percentage of overall network traffic, we have not focused our engineering resources to-date on adding IPv6 shaping.

That is about to change! To address the increase in IPv6 traffic, we plan on putting out a winter release with a dual stack of our own. Our goal is to have code ready for an initial beta test in early February.

Our engineering team has come up with a cool way to handle dual address schemes. The NetEqualizer dual stack will map IPv6 addresses into unused IPv4 addresses – so that you will be able to track, shape, and equalize IPv6 on a standard NetEqualizer.

If you are interested in hearing more, please contact us:

sales@apconnections.net
-or-
303-997-1300


Best Of The Blog

Case Study: A Simple Solution to Relieve Congestion on Your MPLS Network

By Art Reisman – CTO – APconnections

We recently installed a NetEqualizer for a national healthcare company connecting hundreds of hospitals and clinics to a central location. We were able to solve all their congestion issues on their MPLS network, while saving them tens of thousands of dollars over other solutions. The centralized NetEqualizer solution is so elegant and simple that large IT departments, who are often wined and dined by vendors with expensive WAN optimization solutions, have hard time believing that we can solve their WAN issues at a fraction of the cost. In the coming weeks, we will release a detailed case study featuring this customer.

For now, here is the original blog article that explains our spoke and hub technology…

The problem:
A customer has a hub and spoke MPLS network where remote sites get their public Internet and corporate data by coming in on a spoke to a central site. Although the network at the host site has plenty of bandwidth, the spokes have a fixed allocation over the MPLS and are experiencing contention issues (e.g. slow response times to corporate sales data, etc.)…

Photo Of The Month
235
Landon Donovan
Landon Donovan is widely considered to be the best soccer player to ever come out of the United States. He has played for multiple national and international clubs. On August 7, 2014, Donovan announced that he would be retiring at the end of the 2014 Major League Soccer season; the season ended with the Galaxy winning their fourth MLS Cup of the Donovan era on Sunday December 7, 2014. This photo was taken by one of our staff members at a game last summer.

NetEqualizer News: June 2013


June 2013

Greetings!

Enjoy another issue of NetEqualizer News! This month, we preview our new Dynamic Real-Time Reporting Tool, announce our quarterly FlyAway Contest winner, celebrate our 10th Anniversary, and discuss our upcoming Technical Seminar! As always, feel free to pass this along to others who might be interested in NetEqualizer News.

A message from Art…
Art Reisman, CTO – APconnections

Ten years ago this summer I was feverishly developing the original DPI version of the NetEqualizer, and gettingNetEQ_story_icon ready to release it to customers. It is both humbling and gratifying to be a part of growing my big idea into the company that we are today. If you want to see into the mind of an entrepreneur during start up, you can read all about my journey and how the technology was developed in “The Story of NetEqualizer”, available as a PDF or eBook.

We love it when we hear back from you – so if you have a story you would like to share with us of how we have helped you, let us know. Email me directly at art@apconnections.net. I would love to hear from you!

Software Update 7.1: Dynamic Real-Time Reporting is Here!

We are excited to announce that our built-in version of the Dynamic Real-Time Reporting (RTR) tool is ready for release to all customers on Software Update 7.0+!

One of the things that differentiates the NetEqualizer from other monitoring and shaping tools is that we have the actual data for every user accurately updated by the second.

The reporting tools on most other devices tend to slog along and show you aggregate usage of 5 minute averages. Even the charge back mechanisms that ISPs use to figure out if you are over your allotted bandwidth do 95th percentile sampling – meaning they estimate your usage from sporadic sampling.

One thing we have not been good at, until now, is making this wealth of real data available to the end user in a nice organized usable presentation.

As of this week that is going to change.

In our 7.1 Software Update we have upgraded to a more robust Apache Web server shipping with every system. This has allowed us to take some of real time data and offer the administrator some nicer tools. For example, you can:

– View active connections running through your NetEqualizer and search or sort them however you like.
– Figure out the country associated with a specific IP address.
– View the top 10 flows running through your network – those that are using the most bandwidth.

top10

– View the state of all currently penalized flows. See which flows are newly penalized, which have had their penalties increased, and which have had their penalties decreased.

flows

– View, search and sort all running processes to easily spot problems with your device.

Stay tuned to NetEqualizer News for updates on new features!

The RTR tool is free to customers with valid NetEqualizer Software and Support who are running version 7.0+. If you are not current with NSS, contact us today!

sales@apconnections.net

-or-

toll-free U.S. (888-287-2492),

worldwide (303) 997-1300 x. 103


Fall Technical Seminar

We are starting to plan for our next Technical Seminar!

This popular seminar brings our CTO, Art Reisman, directly to you. In this half day event, Art explores the NetEqualizer technology in detail, and answers your technical questions. We will also be discussing and answering questions about our NetGladiator security appliance! Lunch will be provided to all attendees.

In this Technical Seminar, you will experience the following:neteq seminar logo with border
  • Deep dive on NetEqualizer bandwidth shaping
  • Learn how NetEqualizer Caching Option works
  • See the new Software Update (7.1)
  • Walk through a NetEqualizer Live Demo
  • Get your technical questions answered
  • Participate in a brainstorming session on future direction of bandwidth control
  • Learn more about the NetGladiator web application security appliance

Please note that this is NOT a marketing presentation – it is run by & created for techies!

Whether you are an existing customer or just starting to think about bandwidth shaping, come learn more about the NetEqualizer technology and share your experiences with other customers.

We are also currently looking for a location to host the seminar sometime around October of this year. If you or your organization is interested, please contact us at:

sales@apconnections.net


And the FlyAway Contest Winner Is…

Every few months, we have a drawing to give  away two round-trip domestic airline tickets from Frontier Airlines to one lucky person who’s recently tried out our online NetEqualizer demo.

The time has come to announce this round’s winner.

And the winner is…40

Terrence Shipclark of Humber College.

Congratulations, Terrence!

Please contact us within 30 days (by July 17, 2013) at:

admin@apconnections.net
-or-
303-997-1300

to claim your prize!


10 Year Anniversary Celebration – All Summer Long!

We are celebrating 10 years in business this summer, thanks to you, our loyal customers! Our first NetEqualizer sale was a CD version, way back on July 13th, 2003. We have come a long way since then. We have rolled out NetEqualizer appliances to offer a consistent, standard, supportable framework to make it easy for you to own and operate your NetEqualizer.APconnections 10 Year Celebration

We have built out our core technology, equalizing behavior-based shaping, and added tons of features along the way – such as our Professional Quota API, CALEA, the NetEqualizer Caching Option (NCO), NetEqualizer Directory Integration (NDI), and a new GUI – just to name a few.

And we have leaped into the web application security world, introducing our NetGladiator IPS appliances last year.

Thousands of installations later, NetEqualizers are deployed across six (6) continents in small and large businesses, universities, schools, libraries, and internet providers.

So, as part of our 10 Year Celebration, we will be donating $25 to one of four charities of the buyer’s choice for each unit sold from now until August 31, 2013. The charities are:

1) United States Fund for UNICEF

(http://www.unicefusa.org)

2) Habitat for Humanity

(http://www.habitat.org)

3) Doctors Without Borders

(http://www.doctorswithoutborders.org)

4) Global Hunger Project

(http://www.thp.org)

Contact us today at:

sales@apconnections.net

-or-

toll-free U.S. (800-918-2763),

worldwide (303) 997-1300 x. 103


Best Of The Blog

CALEA: A Look Back and Forward

By Art Reisman – CTO – APconnections

It has been 4 years since the most recent round of CALEA laws took effect. At the time, our phones rang off the hook for several days with calls from various small ISPs worrying that they were going to be shut down if they did not invest in a large expensive CALEA compliant device.

Implementation of the law was open to interpretation.

Confusion over what CALEA was, stemmed from the fact that the CALEA laws themselves do not contain a technical specification. In essence, they are just laws. Suppose the Harvard Law school became the front end design team for all projects in Harvard’s engineering school. Lawyers write laws,  not engineering specifications. And so it was with CALEA, congress wrote a well intended law, but the implementation and enforcement part had to be interpreted. The FBI took the lead and wrote an extremely detailed specification as to what they wanted. The specification covered every scenario possible and thus the scope was costly to implement. Vendors willingly took the complex FBI specification to heart as part of the actual law, and built out high dollar CALEA certified devices. As vendors will do, their sales teams ran with it as gospel and spread fear in order to sell expensive equipment with large margins. Fortunately calmness prevailed at some point, and the FBI consultants worked with us and some of the smaller ISPs on a reasonable scaled down version of their CALEA requirements.

Ironically, even the current law has now become problematic for the FBI and they are requesting additional requirements.

The complexity of implementing the new CALEA laws are a reflection of the way we communicate with the Internet.

Prior to the Internet, the wire tap precedent for old phone systems was much simpler to implement. And, I suspect this simplicity played a role in the surprise confusion implementing an updated law. Historically a wire tap was just a matter of arriving at the central office with a search warrant and a tapping device, a wire splice, then listening in on a customer phone call. The transition of the law to implementation was fairly obvious…

Photo Of The Month

photo(12)
World Series of Poker – Las Vegas, Nevada
Each summer, thousands of poker players from all over the world descend on the desert oasis of Las Vegas, Nevada for the World Series of Poker. The WSOP consists of over 50 bracelet events and culminates in a Main Event that annually turns out to be the biggest tournament of the year. This picture was taken recently by a staff member who is staying in Vegas for
the summer and participating in some of the events.

APconnections 10 Year Anniversary Celebration – All Summer Long!


We are celebrating 10 years in business this summer, thanks to you, our loyal  customers!  Our first NetEqualizer sale was a CD version, way back on July 13th, 2003.  As part of APconnections’ 10 Year Celebration, we will be donating $25 to one of four charities of the buyer’s choice for each NetEqualizer or NetGladiator sold from now until August 31, 2013.

We selected charities that are all rated B+ or above by CharityWatcAPconnections 10 Year Celebrationh.  The charities are operate on a global basis (like us!) and focus on one of the following: International Relief & Development, Homelessness & Housing, or Hunger. While we may not have picked your favorite charity, we hope that you agree that these are all worthy causes!

When you place a purchase order between now and August 31st, 2013, you will be asked to pick the charity of your choice for each unit purchased.

The charities, along with descriptions of their mission/vision from their websites are as follows.  You can visit their websites by clicking on their logos or the displayed link:

1) United States Fund for UNICEF   http://www.unicefusa.org
UNICEFThe United Nations Children’s Fund (UNICEF) works in more than 190 countries and territories to save and improve children’s lives, providing health care and immunizations, clean water and sanitation, nutrition, education, emergency relief and more. The U.S. Fund for UNICEF supports UNICEF’s work through fundraising, advocacy and education in the United States. Together, we are working toward the day when ZERO children die from preventable causes and every child has a safe and healthy childhood.

2) Habitat for Humanity    http://www.habitat.orgHabitat for Humanity
Habitat for Humanity believes that every man, woman and child should have a decent, safe and affordable place to live. We build and repair houses all over the world using volunteer labor and donations. Our partner families purchase these houses through no-profit, no-interest mortgage loans or innovative financing methods.

Doctors without Borders3) Doctors Without Borders   http://www.doctorswithoutborders.org
Doctors Without Borders/Médecins Sans Frontières (MSF) works in nearly 70 countries providing medical aid to those most in need regardless of their race, religion, or political affiliation.

The Hunger Project4) Global Hunger Project    http://www.thp.org
The Hunger Project (THP) is a global, non-profit, strategic organization committed to the sustainable end of world hunger. In Africa, South Asia and Latin America, THP seeks to end hunger and poverty by empowering people to lead lives of self-reliance, meet their own basic needs and build better futures for their children.

Thank you for all your support over our first 10 years, we truly appreciate your business! 

We look forward to working with all of you for many more years. 

APconnections Enhances NetEqualizer with Directory Integration Capability


LAFAYETTE, Colo.–(BUSINESS WIRE)–APconnections, an innovation-driven technology company that delivers best-in-class network traffic management solutions, is excited to announce NetEqualizer Directory Integration (NDI), as part of our 7.0 Release for the NetEqualizer product line.

NetEqualizer Directory Integration provides enhanced reporting for our customers. Our customers can identify the actual users consuming their valuable network bandwidth, so that they can react accordingly. I envision username identification to be incorporated into many areas in the future.
Art Reisman
NetEqualizer Co-Founder and CTO

NetEqualizer Directory Integration marks the advent of username reporting within the NetEqualizer. With the capabilities offered by NDI, customers can now report on network activity in even more meaningful ways, tracking usage based on known usernames. In the 7.0 Release, we have added username to real-time activity data and quota usage. Our Internet Provider customers will be excited to learn that we have extended this capability to Named Quotas, capturing username on network bandwidth usage over defined time periods. For more details on the 7.0 Release, see our Software Updates.

The NetEqualizer is affordably priced and is available in license levels from 20Mbps ($3,400) to 5Gbps ($13,100) on networks up to 40,000 users. See our NetEqualizer Price List for complete details. One year renewable NetEqualizer Software & Support (NSS) and NetEqualizer Hardware Warranties (NHW) are offered.

NetEqualizer bandwidth shapers utilize our unique behavior-based “equalizing” technology, which implement fairness algorithms to automatically provide bandwidth shaping and traffic control to your network. Immediately you will see higher QoS and optimal network performance, all while reducing maintenance and customer complaints. Equalizing gives priority to latency-sensitive applications, such as VoIP, web browsing, chat and e-mail over large file downloads and video that can clog your Internet pipe.

About APconnections: APconnections is based in Lafayette, Colorado, USA. We released our first commercial offering in July 2003. Today, our flexible, scalable, and affordable solutions can be found in over 4,000 installations in many types of public and private organizations of all sizes across the globe, including: Fortune 500 companies, major universities, K-12 schools, and Internet providers on six (6) continents. Learn more at www.netequalizer.com or contact us at sales@apconnections.net.

Contacts

APconnections, Inc.
Sandy McGregor, 303-997-1300
Director, Marketing
sandy@apconnections.net

Five Tips to Control Encrypted Traffic on Your Network


Editors Note:

Our intent with our tips is to exemplify some of the impracticalities involved with “brute force” shaping of encrypted traffic, and to offer some alternatives.

1) Insert Pre-Encryption software at each end node on your network.

This technique requires a special a custom APP that would need to be installed on Iphones, Ipads, and the laptops of end users. The app is designed  to relay all data to a centralized shaping device in an un-encrypted format.

  •   assumes that the a centralized  IT department has the authority to require special software on all devices using the network. It would not be feasible for environments where end users freely use their own equipment.

ssltraffic

2) Use a sniffer traffic shaper that can decrypt the traffic on the fly.

  • The older 40 bit encryption codes could be hacked by a computer in about a one week, the newer 128 bit encryption codes would require the computer to run longer than the age of the Universe.

3) Just drop encrypted traffic, don’t allow it, forcing users to turn off SSL on their browsers.   Note: A traffic shaper, can spot encrypted traffic, it  just can’t tell you specifically what it is by content.

  • Seems rather draconian to block secure private transmissions, however the need to encrypt traffic over the Internet is vastly overblown. It is actually extremely unlikely for a personal information or credit card to get stolen in transit , but that is another subject
  • Really not practical where you have autonomous or public users, it will cause confusion at best, a revolt at worst.

4) Perhaps re-think what you are trying to accomplish.   There are more heuristic approaches to managing traffic which are immune to encryption.  Please feel free to contact us for more details on a heuristic approach to shaping encrypted traffic.

5) Charge a premium for encrypted traffic.  This would be more practical than blocking encrypted traffic, and would perhaps offset some of the costs for associate with the  overuse of p2p encrypted traffic.

Does your ISP restrict you from the public Internet?


By Art Reisman

The term, walled off Garden, is the practice of a  service provider  locking  you into their  local content.   A classic  example of the walled off garden  was exemplified by the early years of AOL. Originally when using their dial-up service,  AOL provided all the content you could want.  Access to the actual internet was  granted  by AOL only after other dial-up Internet providers started to compete with their closed offerings.  Today, using much more subtle techniques, Internet providers try to keep you on their networks.  The reason is simple, it costs them money to transfer you across a boundary to another network, and thus,  it is in their economic interest to keep you within their network.

So how do Internet service providers keep you on their network?

1) Sometimes with monetary incentives , for example, with large commercial accounts they just tell you it is going to cost more. My experience with this practice are first hand. I have heard testimonial from many of our customers running   ISPs, mostly outside the US , where they are  sold a chunk of bulk  bandwidth with conditions. The Terms are often something on the order of:

  • – you have a 1  gigabit connection
  • – if you access data outside  the country you can only use 300 megabits.
  • – If you go over 300 megabits outside the country there will hefty additional fees.

obviously there is going to be a trickle down effect where the regional ISP is going to try to discourage usage outside of the local country under such terms.

2) Then there are more passive techniques such as blatantly looking at your private traffic and just not letting off their network. This technique was used in the US,  implemented by large service providers back in the mid 2000’s.  Basically they targeted peer-to-peer requests and made sure you did not leave their network. Essentially you would only find content from other users within your providers network, even though it would appear as though you were searching the entire Internet.  Special equipment was used to intercept your requests and only allow to you probe other users within your providers network thus saving them money by avoiding Internet Exchange fees.

3) Another way your provider will try  to keep you on their network is offer local mirrored content. Basically they keep a copy of common files at a central location . In most cases this  actually causes the user no harm as they still get the same content. But it can cause problems if not done correctly, they risk sending out old data or obsolete news stories that have been updates.

4) Lastly some governments just outright block content, but this is for mostly political reasons.

Editors Note: There are also political reasons to control where you go on the Internet Practiced in China and Iran

Related Article Aol folds original content operations

Related Article: Why Caching alone won’t speed up your Internet

CALEA: A Look Back and Forward


By Art Reisman – CTO – www.netequalizer.com

Art Reisman CTO www.netequalizer.com

It has been 4 years since the most recent round of CALEA laws took effect. At the time, our phones rang off the hook for several days with calls from various small ISPs worrying that they were going to be shut down if they did not invest in a large expensive CALEA compliant device.

Implementation of the law was open to interpretation.

Confusion over what CALEA was, stemmed from the fact that the CALEA laws themselves do not contain a technical specification. In essence, they are just laws. Suppose the Harvard Law school became the front end design team for all projects in Harvard’s engineering school. Lawyers write laws,  not engineering specifications. And so it was with CALEA, congress wrote a well intended law, but the implementation and enforcement part had to be interpreted. The FBI took the lead and wrote an extremely detailed specification as to what they wanted. The specification covered every scenario possible and thus the scope was costly to implement. Vendors willingly took the complex FBI specification to heart as part of the actual law, and built out high dollar CALEA certified devices. As vendors will do, their sales teams ran with it as gospel and spread fear in order to sell expensive equipment with large margins. Fortunately calmness prevailed at some point, and the FBI consultants worked with us and some of the smaller ISPs on a reasonable scaled down version of their CALEA requirements.

Ironically, even the current law has now become problematic for the FBI and they are requesting additional requirements.

The complexity of implementing the new CALEA laws are a reflection of the way we communicate with the Internet.

Prior to the Internet, the wire tap precedent for old phone systems was  much simpler to implement. And, I suspect this simplicity played a role in the surprise confusion implementing an updated  law. Historically a wire tap  was just a matter of arriving at the central office with a search warrant and a tapping device, a wire splice, then listening in on a customer phone call. The transition of  the law to implementation was fairly obvious.

Today there are many more things to consider when tracking end users:

  • users with bad intentions can  move from location to location (library to Internet cafe), data taps must be immediate, law enforcement
    cannot always wait a day for search Warrant to be effective
  • users often send and receive encrypted data that cannot easily be tapped into
  • Addressing schemes are dynamically allocated and do  not always allow a provider to identify a particular user
  • there are intermediate web sites that can hide a users identity

We expect the CALEA debate and what it entails to continue for quite some time.

%d bloggers like this: