Universities
Vince Stoffer, Reed University (From Educause SECURITY list, Jan 19th-20th, 2010)
Jason Lavoie, Bowdoin College (From EDUCAUSE Small College Constituent Group Listserv)
We've been using your NetEqualizer 350Mbit unit since the Spring. I
had been looking for a dynamic equal-bandwith policy based unit for
quite some time, and had been unsuccessful. The NetEqualizer was a
fraction of the cost of other solutions, took me all of five minutes
to configure, and works wonderfully. I have had many students come to
my office for the express purpose of thanking me for buying more
bandwidth, which I didn't - I just replaced our Packeteer with a
NetEqualizer. Their engineers convinced me that I didn't need to put in any
exceptions or special policies for specific areas of campus or
servers, and he was right - the almost-default configuration works
great. On top of all of this, at the core it's just a 1U debian box
with a flash drive. There's nothing I like better than
standards-based, open-source-based networking solutions that I already
know how to work with. Good job guys!
Chris Gilles I want you to know how pleased I am with our NetEqualizer. Unlike our
previous bandwidth management product which required constant tending
and updates, the NetEqualizer works exactly as advertised: plug it
in and forget it. Our Internet connection has run smoothly all year
regardless of the kind of traffic thrown at it. Simply put this is one
of the best products I've ever put into production. Thanks again.
"NetEqualizer is great! We've really had no issues at all. We
literally dropped it in line and experienced the difference over
Packeteer right away. Complaints from students dropped as well -- MMOG
worked again and we have no more AIM dropouts. It's the best decision
I've made this year." Macalester College is a private undergraduate liberal arts college located in St. Paul, Minnesota. Ted Fines is the Assistant Director of Network Services. Ted’s problems started when Napster came out and they continued because it took time to find the right solution. They put in a packet shaper, but it wasn’t the right solution for their network.” It took a lot of time to manage it, no matter what we did with the configuration, stuff still fell through the cracks. I just saw no end in sight.” After a particularly bad week they took out the packet shaper and replaced it with the NetEqualizer. “Right away the internet access speed is more consistent and predictable. If you go to a website, it just goes. The latency problems like streaming and games that we always had the most trouble with just went away. The latency is lower than it’s ever been.” Ted is happiest that it just does what it was promised to do. At Loyola University Chicago, we are on our 2nd iteration of the
NetEqualizer. We used the product happily for a number of years when
we had a T3. We upgraded our internet pipe to 100MB and after about 6
months we noticed 100% saturation and students complaining of slow
internet for various applications. We knew then that we needed
another NetEqualizer. Once we plugged the box in it started managing
the bandwidth, our pipe has not been saturated since, and more
importantly the complaints have ceased Stetson University is located in DeLand, Florida. LEWIS UNIVERSITY FINDS QoS=LESS WORK Located 30 minutes southwest of Chicago, Lewis University offers over
70 undergraduate programs, 20 graduate programs and accelerated
programs for working adults to 5,200 students enrolled on five campuses. Derrick D’Gama is the Information Security Officer/Director of
Information Services. “We have 6,000 connections.” Over a 10 Gig line
internally and a 20 Meg external line going out to the internet. Though they had QoS equipment installed, D’Gama was not satisfied. “I
wanted something where I wasn’t all the time doing traffic adjustments.” After an intensive research period he found only positive reviews for D’Gama says: “Unlike the other QOS appliances (that would take much of
my time due to manual intervention in tuning specific data streams),
the Netequalizer instead is happily processing these streams
automatically. Consequently, I have some more time to focus on other
projects due to this installation.” Found on Adams EDU (11/14/2006): In May 2006 we switched bandwidth management products. We moved from traditional layer 7 traffic shaping to bandwidth arbitration. We looked at upgrading our current product and 3 other solutions. I am convinced protocol and layer 7 based filtering is dead. I expect P2P products to use SSL or TLS bypassing layer 7 filters. Ethically layer 7 filtering smells like content filtering, big brother, evil. Bandwidth arbitration keeps things simple. When the Internet connection reaches a tuneable level of utilization the arbitrator slows down longer lived higher usage data transfers based on the number of connections and their utilization. Per host connection limiting keeps P2P playing nicely. The chosen product? Net Equalizer. Based on the open source Bandwidth Arbitrator, it is easy to configure and highly customizable. Support has been excellent. With the netequalizer link size at ~20% below our average utilization our pipe remained completely usable. Interactive applications responded well while large transfers continued to function. The connection limits appear to keep bittorrent and gnutella functional and in control. Downloads are faster, latency is at pre layer 7 filtering levels (9ms vs 300ms), P2P protocols are usable again, and we no longer police content, we manage bandwidth. Support has been excellent with technicians responding directly to my emails with all technical levels of questions answered, good, silly, and questions about the inner workings of the appliance. I was instructed on cautions to take withe any attempt at customization, and given the go ahead for some minor custom configuration without voiding the warranty. We have run the Netequalizer for 6 months. Results are phenomenal compared with our last product. Our Netequalizer box has been up for 116 days with no configuration changes from the start of the semester. I look at my Cacti graphs and the custom CGI reports for solace, as if I'm disappointed the appliance doesn't need more care and feeding. For our 21Mb link, we set 3 basic parameters: The ratio is the amount of of our pipe in use before any shaping (arbitration) takes place. The brain_size is the number of connections for the equalizer to track and act upon, I have seen this number reached only once on our system. The connection limit means we allow 20 incoming and 20 outgoing connections maximum for every host on our network. We had to set every one or our servers as an exception to this rule, allowing 50,000 incoming and outgoing connections for those. We also had to specify our link size. That's it end of configuration. We did very simple things to appease ourselves of the performance of the box. First, we placed an SNMP daemon on it. I used a stock snmpd from a Mandriva 2006 server, from net-snmp 5.2.1.2. I was going to static compile one, but it turned out the dynamic libraries were all in place, here is the ldd output: I put the daemon in /usr/local/snmp/sbin/ and the mibs and snmpd.conf in /usr/local/snmp/share/snmp/. We created 2 custom CGI scripts. One script shows the complete current logfile on demand rather than the last however many lines the web interface shows. The other script shows total current connections, followed by a list of hosts with more than 3 connections, sorted by total outgoing and incoming connections. I modified some of the scripts provided in the /art directory to produce those results. Someone with more familiarity with the Linux bridge utilities could probably do better. Here is the showlog.cgi script I placed in the /var/www/cgi-bin/arbi directory: Here are some lines from the showlog output, catching the arbitrator slowing someone down with .05 second delays (the DELAY portion): Here is some output from our connections script with the top 5 out and in hosts: Notice the hosts with more than 20 connections. Some of these are exempt servers, but others are workstations. Our firewall disallows non related incoming connections campus workstations, Netequalizer is in front of the firewall. I have examined some of these cases and many are P2P connection attempts that never truly connect to transfer data or are very short lived. We typically see about 20 to 30 hosts at or above the connection limit and about 100 hosts with more than 3 incmoing or outgoing connections, including all of our Internet servers. We have an out of band PC using Ntop to track what hosts on the network are doing. I have verified the output of the Netequalizer against our Ntop machine many times in the last few months. I have also on occasion initiated a large download from a fast Internet site when I notice one or two folks getting high data rates. At those times I have observed Netequalizer start to arbitrate, creating head room on the pipe to keep bursty interactive traffic responsive.
"We are very pleased with the NetEqualizer. It's been rock solid for the
school year and we have received positive feedback from the students in our
residences." We had a Packeteer® here at Keystone College, but outgrew it when we upgraded our bandwidth. Someone on this list (Educause) suggested looking at a NetEqualizer box (http://netequalizer.com/). I did, bought it, love it. No maintenance, no updates, no headaches. It just sits there and works… - Charlie ...
... We've had the NetEqualizer in place at Reed since the beginning of this year. So far, so good. It's lived up to the promise of being a set it and forget it type of appliance. It was replacing a Packetshaper and while we do miss the increased visibility into the traffic (including better monitoring and reporting) of the Packetshaper, the Netequalizer has been trouble-free at doing its job of equalizing traffic in a protocol-agnostic fashion. It requires very time little beyond the initial setup and bit of fine tuning. The unit will also allow us to continue upgrading our bandwidth without needing to upgrade the hardware (the reason our Packetshaper had to go). ...
...Bowdoin was in a similar position this summer. We were happy with our Packetshapers, but were not able to renew the service/software contract on our pair of 9500's. I believe the Bluecoat acquisition was to blame for them pushing out the slightly-old hardware. The "special" upgrade pricing was excessive, so we looked into alternatives. After some testing with on site demo units, we selected the NetEqualizer. We've been using them since mid-August, and have had no issues since the initial installation.
Years ago, I had made the determination that playing whack-a-mole with Packeteer DPI and chasing down the latest classification plugin or software upgrade was more operational overhead than the gains warranted. Our attempt at using Dynamic Partitions failed -- the box couldn't keep up with our bandwidth/session demands. We had been running our Packetshapers in a dumbed-down configuration that had High/Medium/Default/Low priority class trees. Administration time was relatively low, but we weren't using much of the DPI functionality we were paying for. Netequalizer fits our needs almost perfectly for the right price.
The other major factor that led to the decision were how cooperative and helpful they were with pre-sales support. We were able to augment their standard option with optical interfaces for essentially the price of the cards. All of our questions were answered promptly and with technical understanding of the product. In pre-production testing, the few problems we ran into were quickly and thoroughly addressed whether they were our implementation problems or a NetEqualizer issue (there was one with an incorrect license key). ...
-Josiah
hampshire.edu
I've had my neteq in about 2 weeks now...it's running great!. I
really never want to hear, "why is the internet so slow?" ever
again.....I used to hear it at least 20 times a day....now, i hear it
never......thanks guys.....(of course, I only hear, "wow, the internet
is so fast" about twice a day....but it will do.....still after months
of being harrassed.....it's nice not to have that "stress" of hearing
it all day......
Heartwoodinstitute.com
Best
Douglas Hedges
Dean, ITS
Atlantic Cape Community College
Russ Leathe
Director of IT
Gordon College
Over the decades they
have spread to four campuses including DeLand,
Stetson University Center near
Orlando, the Tampa Law Center and the College of Law
in St. Petersburg/Gulfport.
The Gulfport campus needs to keep closely in touch
with the Tampa campus and
they did a lot of that through a point-to-point six
Meg connection.
They also had approximately 1500 students and 300
faculty and staff accessing
the Internet.
“We couldn't track where the bandwidth was
going,” said William Delgado,
Senior Network Engineer. He knew sometimes it was
getting hogged.
Delgado considered buying the big-name bandwidth
shaper “but at the time the
price was out of the question.”
Delgado decided on APConnections NetEqualizer. He
bought three. He placed
one NE1000 on the Tampa side and one on the DeLand
side to control their
point to point connection, and then he placed
another, higher end NetEqualizer for
their 10 Meg Internet connection.
Delgado called APConnections and the engineers
walked him through the
configuration. Specifically, he set the unit so it
would not throttle the data from
the video conferencing units.
Since then they have been running smoothly. Delgado
especially likes the
updated reporting tools.
“It made life easier because when it's up and
running I don't have to worry
about who's hogging the bandwidth. If there's only
three people, there's no
problem. If there's someone hogging, it throttles
them back so all the users
are at the same speed,” said Delgado.
NetEqualizer and chose that as his solution.
RATIO 75
BRAIN_SIZE 2500
CONNECTION LIMIT 40
ldd /usr/local/snmp/sbin/snmpd
linux-gate.so.1 => (0xffffe000)
libdl.so.2 => /lib/tls/libdl.so.2 (0x4001b000)
libz.so.1 => /usr/lib/libz.so.1 (0x4001f000)
libm.so.6 => /lib/tls/libm.so.6 (0x40031000)
libc.so.6 => /lib/tls/libc.so.6 (0x40057000)
/lib/ld-linux.so.2 (0x40000000)
#!/bin/perl
print "Content-type: text/html\n\n";
print "<html><head></head><body><pre>";
system("cat /tmp/arblog.bak");
system("cat /tmp/arblog");
print "</pre></body></html>";
11/06/06 08:39:32 PENALTY IP : 147.124.8.230 192.156.134.2 POOL: 0 WAVG: 133212 BUFF: 102 DELAY: 5
11/06/06 08:39:32 INCREASE PENALTY IP: 147.124.8.230 192.156.134.2 POOL: 0 BUFF: 102 DELAY: 10
11/06/06 08:39:44 Traffic up: 575430 Traffic down: 962330 POOL 0
PENALTY THRESHOLD pool 0 up 2688000 down 2688000
11/06/06 08:39:47 PENALTY DECREASE: 147.124.8.230 192.156.134.2 to 5 POOL: 0
11/06/06 08:39:51 PENALTY REMOVE: 147.124.8.230 192.156.134.2 POOL: 0
Total Connections: 2074
More than 3 Outgoing Connections:
192.156.134.15 76
192.156.134.2 61
72.166.201.218 58
192.156.134.16 36
72.166.205.159 21
More than 3 Incoming Connections:
72.166.205.159 88
192.156.134.15 76
72.166.201.110 57
192.156.134.2 56
72.166.201.218 51
The user interface is spartan, strictly functional
Ntop is not really usable on the appliance
An SNMP daemon should be included
More logging should be available
Performance is as advertised, if not better
Minimal configuration is required
Maintenance is minimal
User manual has some typos
User manual requires a full read
User manual is only 36 pages, reflects minimal configuration required
Some level of customization is allowed without voiding the warranty
Support is excellent
The price is fair, the best value in the product space
(last edited November 6, 2006)
Martin Laferriere
Network & Operations Analyst
Laurentian University Computer & Telecommunications Services