 |
|
|
Universities Art: "NetEqualizer is great! We've really had no issues at all. We
literally dropped it in line and experienced the difference over
Packeteer right away. Complaints from students dropped as well -- MMOG
worked again and we have no more AIM dropouts. It's the best decision
I've made this year." Macalester College is a private undergraduate liberal arts college located in St. Paul, Minnesota. Ted Fines is the Assistant Director of Network Services. Ted’s problems started when Napster came out and they continued because it took time to find the right solution. They put in a packet shaper, but it wasn’t the right solution for their network.” It took a lot of time to manage it, no matter what we did with the configuration, stuff still fell through the cracks. I just saw no end in sight.” After a particularly bad week they took out the packet shaper and replaced it with the NetEqualizer. “Right away the internet access speed is more consistent and predictable. If you go to a website, it just goes. The latency problems like streaming and games that we always had the most trouble with just went away. The latency is lower than it’s ever been.” Ted is happiest that it just does what it was promised to do. The case of Loyola University proves two things: Kids will be kids, and the more expensive solution isn’t always the best. The network was jamming with worms from the outside and hogs from the inside. A big name product wasn’t helping clear the residence hall networks at Loyola University. Sometimes it made them worse by choking back all traffic to 2Mbps. “We were changing our policies to meet the device,” says Ben Galliart. Then they found NetEqualizer. “NetEqualizer allowed us to have the device meet our policies. It definitely has freed up a lot of man hours not to have to babysit it like we used to on the other unit.” Stetson University is located in DeLand, Florida. LEWIS UNIVERSITY FINDS QoS=LESS WORK Located 30 minutes southwest of Chicago, Lewis University offers over 70 undergraduate programs, 20 graduate programs and accelerated programs for working adults to 5,200 students enrolled on five campuses. Derrick D’Gama is the Information Security Officer/Director of Information Services. “We have 6,000 connections.” Over a 10 Gig line internally and a 20 Meg external line going out to the internet. Though they had QoS equipment installed, D’Gama was not satisfied. “I wanted something where I wasn’t all the time doing traffic adjustments.” After an intensive research period he found only positive reviews for D’Gama says: “Unlike the other QOS appliances (that would take much of my time due to manual intervention in tuning specific data streams), the Netequalizer instead is happily processing these streams automatically. Consequently, I have some more time to focus on other projects due to this installation.” Found on Adams EDU (11/14/2006): In May 2006 we switched bandwidth management products. We moved from traditional layer 7 traffic shaping to bandwidth arbitration. We looked at upgrading our current product and 3 other solutions. I am convinced protocol and layer 7 based filtering is dead. I expect P2P products to use SSL or TLS bypassing layer 7 filters. Ethically layer 7 filtering smells like content filtering, big brother, evil. Bandwidth arbitration keeps things simple. When the Internet connection reaches a tuneable level of utilization the arbitrator slows down longer lived higher usage data transfers based on the number of connections and their utilization. Per host connection limiting keeps P2P playing nicely. The chosen product? Net Equalizer. Based on the open source Bandwidth Arbitrator, it is easy to configure and highly customizable. Support has been excellent.
With the netequalizer link size at ~20% below our average utilization our pipe remained completely usable. Interactive applications responded well while large transfers continued to function. The connection limits appear to keep bittorrent and gnutella functional and in control.
Downloads are faster, latency is at pre layer 7 filtering levels (9ms vs 300ms), P2P protocols are usable again, and we no longer police content, we manage bandwidth. Support has been excellent with technicians responding directly to my emails with all technical levels of questions answered, good, silly, and questions about the inner workings of the appliance. I was instructed on cautions to take withe any attempt at customization, and given the go ahead for some minor custom configuration without voiding the warranty.
We have run the Netequalizer for 6 months. Results are phenomenal compared with our last product. Our Netequalizer box has been up for 116 days with no configuration changes from the start of the semester. I look at my Cacti graphs and the custom CGI reports for solace, as if I'm disappointed the appliance doesn't need more care and feeding.
For our 21Mb link, we set 3 basic parameters: RATIO 75
BRAIN_SIZE 2500
CONNECTION LIMIT 40
The ratio is the amount of of our pipe in use before any shaping (arbitration) takes place. The brain_size is the number of connections for the equalizer to track and act upon, I have seen this number reached only once on our system. The connection limit means we allow 20 incoming and 20 outgoing connections maximum for every host on our network. We had to set every one or our servers as an exception to this rule, allowing 50,000 incoming and outgoing connections for those. We also had to specify our link size. That's it end of configuration.
We did very simple things to appease ourselves of the performance of the box. First, we placed an SNMP daemon on it. I used a stock snmpd from a Mandriva 2006 server, from net-snmp 5.2.1.2. I was going to static compile one, but it turned out the dynamic libraries were all in place, here is the ldd output: ldd /usr/local/snmp/sbin/snmpd
linux-gate.so.1 => (0xffffe000)
libdl.so.2 => /lib/tls/libdl.so.2 (0x4001b000)
libz.so.1 => /usr/lib/libz.so.1 (0x4001f000)
libm.so.6 => /lib/tls/libm.so.6 (0x40031000)
libc.so.6 => /lib/tls/libc.so.6 (0x40057000)
/lib/ld-linux.so.2 (0x40000000)
I put the daemon in /usr/local/snmp/sbin/ and the mibs and snmpd.conf in /usr/local/snmp/share/snmp/. We created 2 custom CGI scripts. One script shows the complete current logfile on demand rather than the last however many lines the web interface shows. The other script shows total current connections, followed by a list of hosts with more than 3 connections, sorted by total outgoing and incoming connections. I modified some of the scripts provided in the /art directory to produce those results. Someone with more familiarity with the Linux bridge utilities could probably do better. Here is the showlog.cgi script I placed in the /var/www/cgi-bin/arbi directory: #!/bin/perl
print "Content-type: text/html\n\n";
print "<html><head></head><body><pre>";
system("cat /tmp/arblog.bak");
system("cat /tmp/arblog");
print "</pre></body></html>";
Here are some lines from the showlog output, catching the arbitrator slowing someone down with .05 second delays (the DELAY portion): 11/06/06 08:39:32 PENALTY IP : 147.124.8.230 192.156.134.2 POOL: 0 WAVG: 133212 BUFF: 102 DELAY: 5
11/06/06 08:39:32 INCREASE PENALTY IP: 147.124.8.230 192.156.134.2 POOL: 0 BUFF: 102 DELAY: 10
11/06/06 08:39:44 Traffic up: 575430 Traffic down: 962330 POOL 0
PENALTY THRESHOLD pool 0 up 2688000 down 2688000
11/06/06 08:39:47 PENALTY DECREASE: 147.124.8.230 192.156.134.2 to 5 POOL: 0
11/06/06 08:39:51 PENALTY REMOVE: 147.124.8.230 192.156.134.2 POOL: 0
Here is some output from our connections script with the top 5 out and in hosts: Total Connections: 2074
More than 3 Outgoing Connections:
192.156.134.15 76
192.156.134.2 61
72.166.201.218 58
192.156.134.16 36
72.166.205.159 21
More than 3 Incoming Connections:
72.166.205.159 88
192.156.134.15 76
72.166.201.110 57
192.156.134.2 56
72.166.201.218 51
Notice the hosts with more than 20 connections. Some of these are exempt servers, but others are workstations. Our firewall disallows non related incoming connections campus workstations, Netequalizer is in front of the firewall. I have examined some of these cases and many are P2P connection attempts that never truly connect to transfer data or are very short lived. We typically see about 20 to 30 hosts at or above the connection limit and about 100 hosts with more than 3 incmoing or outgoing connections, including all of our Internet servers.
We have an out of band PC using Ntop to track what hosts on the network are doing. I have verified the output of the Netequalizer against our Ntop machine many times in the last few months. I have also on occasion initiated a large download from a fast Internet site when I notice one or two folks getting high data rates. At those times I have observed Netequalizer start to arbitrate, creating head room on the pipe to keep bursty interactive traffic responsive.
The user interface is spartan, strictly functional
Ntop is not really usable on the appliance
An SNMP daemon should be included
More logging should be available
Performance is as advertised, if not better
Minimal configuration is required
Maintenance is minimal
User manual has some typos
User manual requires a full read
User manual is only 36 pages, reflects minimal configuration required
Some level of customization is allowed without voiding the warranty
Support is excellent
The price is fair, the best value in the product space
(last edited November 6, 2006)
"We are very pleased with the NetEqualizer. It's been rock solid for the
school year and we have received positive feedback from the students in our
residences." We had a Packeteer® here at Keystone College, but outgrew it when we upgraded our bandwidth. Someone on this list (Educause) suggested looking at a NetEqualizer box (http://netequalizer.com/). I did, bought it, love it. No maintenance, no updates, no headaches. It just sits there and works… - Charlie ... |