We've had the NetEqualizer in place at Reed since the beginning of this year. So far, so good. It's lived up to the promise of being a "set it and forget it" type of appliance. Vince Stoffer, January 2010College & University Testimonials
Overheard in a discussion about Internet bandwidth capacity... We installed a behavior-based shaping device (NetEqualizer) that controls the amount of total simultaneous connections an IP address can make, in addition to controlling bandwidth hogs. P2P is held to a minimum because P2P activity, in general, creates many connection simultaneously; normal web traffic does not - so limiting connection is a very effective P2P controller without actually stopping legitimate use. The power of the unit is both connection limits and shaping large bandwidth streams; everyone gets a piece of the inbound/outbound pie, and if the trunk is not saturated, they also get max performance. When many students are in contention for the internet, and the trunk is saturated; large streams get slowed by the NetEqualizer (fractions of a second) until they back down to a reasonable level. It slows the hogs in small increasing increments, and everyone gets through. Small streams (Skype, Voip, simple web browsing, etc)….are unaffected and no one really notices that they are being controlled. During the nighttime hours, the campus population hammers our internet connection mercilessly for hours on end, but the NetEqualizer smoothly controls all inbound/outbound traffic so everyone gets better performance than they used to with our previous device. And those outside of our network can still reach our web servers; prior to the Netequalizer, when the internet links were saturated, getting web traffic to and from our servers sometimes posed big issues. The best part is we don’t have to device-sit – the NetEq has made management of traffic a no-brainer these days; we used to spend a great deal of time managing the old packeteer, but no more. I love this machine ! (and RIAA notices are virtually nil...and no student complaints about slow internet!) Did I mention that I love this machine? The device has a great return on investment; had we put it in prior to increasing our bandwidth, we could have probably kept our old ISP contract size for another year or so before increasing. I would urge anyone who manages bandwidth for any reason to give Netequalizer a chance to show how easy and cost effective a solution it can be. At Drew our NetEqualizer continues to work very well, so thanks for making an excellent product that just works and does what it says it will very well. It is usually one of the things I mention to people as a "best thing we've bought" type device, as it really is SO easy to use and configure and really does keep everything usable. Thanks for making an excellent product! The NetEqualizer employs a limit on the total number of connections a single client can make. In addition to that, it employs techniques to add small delays to certain large persistant connections based on a few simple parameters you set up. The connection limiting keeps P2P under control and keeps it from overwhelming the network. With previous traffic shaping appliances that we've used in the past, I had come to the conclusion that I was fighting a losing battle because though it classified a lot of the traffic correctly, it got it wrong plenty often. If the classification was wrong then my rules didn't work as intended. Particularly at that time and on that appliance it was that encrypted P2P would get classified as https and then according to my rules be given a high priority rather than a low one. We've had our NetEqualizer for about 3 years now, and I've been very happy with the fact that it both seems to make our users happy, and requires very little time be spent managing it. This truly is a set it and forget type appliance. I used another vendors product years ago and I was always in there working on it, finding heavy use users and products, and tweaking and geeking out on it. With Neteq, I have spent maybe 2 or less hours doing administrative task over the last 4 or more years. I would spend 2 hours per day before noon most of the time when using the purple companies product. NETEQ ROCKS! Thanks again for such a great, easy to use product. We just bought a new NetEQ unit here as well when we upgraded our internet pipe to 130Mbps. It has worked perfectly for us, as did our old one... Macalester College is a private undergraduate liberal arts college located in St. Paul, Minnesota. Their Assistant Director of Network Services came to us to resolve their network congestion issues. Their problems started when Napster came out and they continued because it took time to find the right solution. They put in a packet shaper, but it wasn’t the right solution for their network. ”It took a lot of time to manage it, no matter what we did with the configuration, stuff still fell through the cracks. We just saw no end in sight.” After a particularly bad week they took out the packet shaper and replaced it with the NetEqualizer. “Right away the internet access speed is more consistent and predictable. If you go to a website, it just goes. The latency problems like streaming and games that we always had the most trouble with just went away. The latency is lower than it’s ever been. We are very happy that it just does what it was promised to do." We've had the NetEqualizer in place at Reed since the beginning of this year. So far, so good. It's lived up to the promise of being a set it and forget it type of appliance. It was replacing a Packetshaper and while we do miss the increased visibility into the traffic (including better monitoring and reporting) of the Packetshaper, the Netequalizer has been trouble-free at doing its job of equalizing traffic in a protocol-agnostic fashion. It requires very time little beyond the initial setup and bit of fine tuning. The unit will also allow us to continue upgrading our bandwidth without needing to upgrade the hardware (the reason our Packetshaper had to go). We moved to NetEqualizers when our other vendor required a costly upgrade with no gain in features or service. We removed the old equipment and replaced them with a redundant pair of NE boxes. We run all our Internet connectivity through these. Unlike the equipment they replaced, we no longer have any needs for regular tuning, and there have been no performance complaints from any of our users. APconnections was very cooperative in working with us to specify and configure the correct device for our needs. Thanks! Bowdoin was in a similar position this summer. We were happy with our Packetshapers, but were not able to renew the service/software contract on our pair of 9500's. I believe the Bluecoat acquisition was to blame for them pushing out the slightly-old hardware. The "special" upgrade pricing was excessive, so we looked into alternatives. After some testing with on site demo units, we selected the NetEqualizer. We've been using them since mid-August, and have had no issues since the initial installation. "...you guys also answered me outside of stated support hours. Thanks! You guys consistently provide the highest level of support I have ever received from any company, bar none. Also your product is fabulous. I have recommended it to all other four colleges in the Pioneer Valley..."
We've been using your NetEqualizer 350Mbit unit since the Spring. I've had my neteq in about 2 weeks now...it's running great!. I really never want to hear, "why is the internet so slow?" ever again.....I used to hear it at least 20 times a day....now, i hear it never......thanks guys.....(of course, I only hear, "wow, the internet is so fast" about twice a day....but it will do.....still after months of being harrassed.....it's nice not to have that "stress" of hearing it all day...... I want you to know how pleased I am with our NetEqualizer. Unlike our previous bandwidth management product which required constant tending and updates, the NetEqualizer works exactly as advertised: plug it in and forget it. Our Internet connection has run smoothly all year regardless of the kind of traffic thrown at it. Simply put this is one of the best products I've ever put into production. Thanks again. NetEqualizer is great! We've really had no issues at all. We literally dropped it in line and experienced the difference over Packeteer right away. Complaints from students dropped as well -- MMOG worked again and we have no more AIM dropouts. It's the best decision I've made this year. At Loyola University Chicago, we are on our 2nd iteration of the NetEqualizer. We used the product happily for a number of years when we had a T3. We upgraded our internet pipe to 100MB and after about 6 months we noticed 100% saturation and students complaining of slow internet for various applications. We knew then that we needed another NetEqualizer. Once we plugged the box in it started managing the bandwidth, our pipe has not been saturated since, and more importantly the complaints have ceased. LEWIS UNIVERSITY FINDS QoS=LESS WORK Located 30 minutes southwest of Chicago, Lewis University offers over 70 undergraduate programs, 20 graduate programs and accelerated programs for working adults to 5,200 students enrolled on five campuses. Derrick D’Gama is the Information Security Officer/Director of Information Services. “We have 6,000 connections.” Over a 10 Gig line internally and a 20 Meg external line going out to the internet. Though they had QoS equipment installed, D’Gama was not satisfied. “I wanted something where I wasn’t all the time doing traffic adjustments.” After an intensive research period he found only positive reviews for NetEqualizer and chose that as his solution. D’Gama says: “Unlike the other QOS appliances (that would take much of my time due to manual intervention in tuning specific data streams), the Netequalizer instead is happily processing these streams automatically. Consequently, I have some more time to focus on other projects due to this installation.” I am convinced protocol and layer 7 based filtering is dead. I expect P2P products to use SSL or TLS bypassing layer 7 filters. Ethically layer 7 filtering smells like content filtering, big brother, evil. Bandwidth arbitration keeps things simple. When the Internet connection reaches a tuneable level of utilization the arbitrator slows down longer lived higher usage data transfers based on the number of connections and their utilization. Per host connection limiting keeps P2P playing nicely. The chosen product? Net Equalizer. Based on the open source Bandwidth Arbitrator, it is easy to configure and highly customizable. Support has been excellent. Initial Tests With the netequalizer link size at ~20% below our average utilization our pipe remained completely usable. Interactive applications responded well while large transfers continued to function. The connection limits appear to keep bittorrent and gnutella functional and in control. Qualitative Results 2006-06-23 Downloads are faster, latency is at pre layer 7 filtering levels (9ms vs 300ms), P2P protocols are usable again, and we no longer police content, we manage bandwidth. Support has been excellent with technicians responding directly to my emails with all technical levels of questions answered, good, silly, and questions about the inner workings of the appliance. I was instructed on cautions to take with any attempt at customization, and given the go ahead for some minor custom configuration without voiding the warranty. Update 2006-11-06 We have run the Netequalizer for 6 months. Results are phenomenal compared with our last product. Our Netequalizer box has been up for 116 days with no configuration changes from the start of the semester. I look at my Cacti graphs and the custom CGI reports for solace, as if I'm disappointed the appliance doesn't need more care and feeding. Our Configuration For our 21Mb link, we set 3 basic parameters: The ratio is the amount of of our pipe in use before any shaping (arbitration) takes place. The brain_size is the number of connections for the equalizer to track and act upon, I have seen this number reached only once on our system. The connection limit means we allow 20 incoming and 20 outgoing connections maximum for every host on our network. We had to set every one or our servers as an exception to this rule, allowing 50,000 incoming and outgoing connections for those. We also had to specify our link size. That's it end of configuration. Custom Modifications We did very simple things to appease ourselves of the performance of the box. First, we placed an SNMP daemon on it. I used a stock snmpd from a Mandriva 2006 server, from net-snmp 5.2.1.2. I was going to static compile one, but it turned out the dynamic libraries were all in place, here is the ldd output: I put the daemon in /usr/local/snmp/sbin/ and the mibs and snmpd.conf in /usr/local/snmp/share/snmp/. We created 2 custom CGI scripts. One script shows the complete current logfile on demand rather than the last however many lines the web interface shows. The other script shows total current connections, followed by a list of hosts with more than 3 connections, sorted by total outgoing and incoming connections. I modified some of the scripts provided in the /art directory to produce those results. Someone with more familiarity with the Linux bridge utilities could probably do better. Here is the showlog.cgi script I placed in the /var/www/cgi-bin/arbi directory: Here are some lines from the showlog output, catching the arbitrator slowing someone down with .05 second delays (the DELAY portion): Here is some output from our connections script with the top 5 out and in hosts: Notice the hosts with more than 20 connections. Some of these are exempt servers, but others are workstations. Our firewall disallows non related incoming connections campus workstations, Netequalizer is in front of the firewall. I have examined some of these cases and many are P2P connection attempts that never truly connect to transfer data or are very short lived. We typically see about 20 to 30 hosts at or above the connection limit and about 100 hosts with more than 3 incmoing or outgoing connections, including all of our Internet servers. Verification, Tests We have an out of band PC using Ntop to track what hosts on the network are doing. I have verified the output of the Netequalizer against our Ntop machine many times in the last few months. I have also on occasion initiated a large download from a fast Internet site when I notice one or two folks getting high data rates. At those times I have observed Netequalizer start to arbitrate, creating head room on the pipe to keep bursty interactive traffic responsive. Criticism, Pros, Cons (last edited November 6, 2006) We are very pleased with the NetEqualizer. It's been rock solid for the school year and we have received positive feedback from the students in our residences. We had a Packeteer® here at Keystone College, but outgrew it when we upgraded our bandwidth. Someone on this list (Educause) suggested looking at a NetEqualizer box (http://netequalizer.com/). I did, bought it, love it. No maintenance, no updates, no headaches. It just sits there and works…
David Hamwey, Network Manager,
University of Puget Sound, April 2012
"Normally we have to increase our bandwidth every couple of years, and I can anticipate and budget for an increase ahead of time. Since we installed the NetEqualizer I really can't tell if our peak usage demand is rising or not, as the NetEqualizer is keeping our Internet pipe traffic running so smoothly by managing peak congestion. In order to compare apples-to-apples, I actually have to turn the NetEqualizer OFF to see what our utilization will spike to, and from that we can make an estimate of future bandwidth needs. NetEqualizer's bandwidth shaping has unclogged our congestion during peak loads."
Andrew Wolf, Telecommunications Manager,
Linfield College, March 2012
Christopher Stave, Computing and Network Services,
Drew University, December 2011
Adam Forsyth, Director of Network and Systems,
Luther College, September 2011
Dan Spechtenhauser, Network Technician,
Palo Verde College, September 2011
Tim Buller, Information & Media Services, Bethel College, November 2010
(back to top)
Nathan Hay, Network Engineer, Cedarville University (From EDUCAUSE Network Management (NETMAN)
Listserv, March 2010)
We have the NE3000-350 on a 150 Mbps pipe. We bought it the same time we had a large increase in our pipe, so I am just recently starting to see the graphs plateau at 120 Mbps (80% of 150, the point where neteq kicks in). It took our users a while to catch up to our larger pipe size, so I think the Neteq didn't do anything for about a year because we never hit 80% usage. So it is working well for us. I barely touch it as far as management goes. It lives up to the sales pitch for us and the price easily convinced us when we outgrew the PacketShaper we had.
Alan Nord, Network Administrator, Macalester College
From EDUCAUSE Network Management (NETMAN) Listserv, Mar, 2010)
Feedback to us after buying their first NetEQ...
Vince Stoffer, Reed College (From Educause SECURITY list, January 2010)
Jason Lavoie, Manager of Networking, Bowdoin College email testimonial September 2010
Jason Lavoie, Bowdoin College (From EDUCAUSE Small College Constituent Group Listserv)
Years ago, I had made the determination that playing whack-a-mole with Packeteer DPI and chasing down the latest classification plugin or software upgrade was more operational overhead than the gains warranted. Our attempt at using Dynamic Partitions failed -- the box couldn't keep up with our bandwidth/session demands. We had been running our Packetshapers in a dumbed-down configuration that had High/Medium/Default/Low priority class trees. Administration time was relatively low, but we weren't using much of the DPI functionality we were paying for. Netequalizer fits our needs almost perfectly for the right price.
The other major factor that led to the decision were how cooperative and helpful they were with pre-sales support. We were able to augment their standard option with optical interfaces for essentially the price of the cards. All of our questions were answered promptly and with technical understanding of the product. In pre-production testing, the few problems we ran into were quickly and thoroughly addressed whether they were our implementation problems or a NetEqualizer issue (there was one with an incorrect license key). ...
Josiah Erikson, Network Engineer, Hampshire College, October 2012 email to APconnections
Josiah Erikson, Network Engineer, Hampshire College, December 2009 email to APconnections
I had been looking for a dynamic equal-bandwidth policy based unit for quite some time, and had been unsuccessful. The NetEqualizer was a fraction of the cost of other solutions, took me all of five minutes to configure, and works wonderfully. I have had many students come to my office for the express purpose of thanking me for buying more bandwidth, which I didn't - I just replaced our Packeteer with a NetEqualizer. Their engineers convinced me that I didn't need to put in any exceptions or special policies for specific areas of campus or servers, and he was right - the almost-default configuration works great. On top of all of this, at the core it's just a 1U debian box with a flash drive. There's nothing I like better than standards-based, open-source-based networking solutions that I already know how to work with. Good job guys!
Chris Gilles, Heartwoodinstitute.com
Douglas Hedges, Dean, ITS, Atlantic Cape Community College
Russ Leathe, Director of IT, Gordon College
David Wieczorek, Loyola University of Chicago
Derrick D'Gama, Director of Information Services, Lewis University
Adams State University, (found on Adams EDU 11/14/2006):
In May 2006 we switched bandwidth management products. We moved from traditional layer 7 traffic shaping to bandwidth arbitration. We looked at upgrading our current product and 3 other solutions.
RATIO 75
BRAIN_SIZE 2500
CONNECTION LIMIT 40
11/06/06 08:39:32 PENALTY IP : 147.124.8.230 192.156.134.2 POOL: 0 WAVG: 133212 BUFF: 102 DELAY: 5
11/06/06 08:39:32 INCREASE PENALTY IP: 147.124.8.230 192.156.134.2 POOL: 0 BUFF: 102 DELAY: 10
11/06/06 08:39:44 Traffic up: 575430 Traffic down: 962330 POOL 0
PENALTY THRESHOLD pool 0 up 2688000 down 2688000
11/06/06 08:39:47 PENALTY DECREASE: 147.124.8.230 192.156.134.2 to 5 POOL: 0
11/06/06 08:39:51 PENALTY REMOVE: 147.124.8.230 192.156.134.2 POOL: 0
Total Connections: 2074
More than 3 Outgoing Connections:
192.156.134.15 76
192.156.134.2 61
72.166.201.218 58
192.156.134.16 36
72.166.205.159 21
More than 3 Incoming Connections:
72.166.205.159 88
192.156.134.15 76
72.166.201.110 57
192.156.134.2 56
72.166.201.218 51
(back to top)
Martin Laferriere, Network & Operations Analyst, Computer & Telecommunications Services, Laurentian University
Charlie Prothero, Chief Information Officer, Keystone College
