Maximizing Bandwidth, QoS, Packet Shaping, Bandwidth Management and Network MonitoringEdit


(Messages below retrieved from From ISED-L List, CC3 license, 11/11/07, 7/8/08, 10/31/08, 3/22/09 )

There's definitely no one-size-fits-all solution when it comes to sizing and managing an internet pipe. We have been using what we felt we could afford, which amounted to 4 T-1s to serve a population of about 450 boarding and day students and faculty/staff. Until recently we'd been using a Packetshaper to partition bandwidth between the student network and everything else and adjusting our partitioning by time-of-day. The Packetshaper also gave us the ability to prioritize certain applications and to throttle those that were causing major bottlenecks and had no educational value. I have found application-based controls to be less effective than they once had been and so we now use a product called NetEqualizer to maintain fair access to the bandwidth we have regardless of application. Even with traffic management tools in place, we have found our bandwidth to be inadequate to serve our community and have recently purchased significantly more bandwidth to keep up with demand.

We re-evaluated our systems after realizing that even with the BlueCoat PacketShaper in place, we'd need to increase the amount of bandwidth that we offer the community. First of all, the new Packetshaper hardware we'd need was going to cost $18,000. Second, over the 5 years that we've had the Packetshaper, we've seen its effectiveness decrease with the increased availability and academic usage of real-time streaming apps and the increasing amount of traffic that is classified as either pure web browsing traffic (whether it is or not) or "default", the traffic class that catches all the other traffic that the Packetshaper can't specifically identify. Furthermore, the Packetshaper can tend to be a pretty admin-intensive system to keep working effectively. The NetEqualizer really only deals with end-user behavior in that it looks at the bandwidth that a given user is trying to utilize relative to what's available and throttles "bad" users in order to try to maintain fair access to the bandwidth. It also throttles "bad" applications like P2P that open many connections to and from a given user. The box is nearly configuration and maintenance-free and costs a fraction of what the Packetshaper does. If you want to get application-layer visibility and control, there are other options that may work better for you and be more cost-effective than Packetshaper depending on your needs.

First thing you need to do is manage your bandwidth. If you had a 50MB connection, the students could use it all up so bumping up the bandwidth alone would not fix your problem. I use a NetEnforcer and they are the exact same thing as the packeteer. This will allow you to apply QoS to your connection to the internet, virtually eliminating P2P and any other bandwidth hogs. You can even throttle bandwidth so it is still usable by the students, but it doesn't eat up your entire internet connection just to download a few songs from itunes. New fireless like the Cisco ASA also have QoS options. The difference from the packeteer and netenforcer is basically who has the better deal at the moment. Both companies will send you a 30 day demo box and I suggest you try it out. I have had mine for 3-4 years now and love it. These days a single T-1 is pretty slow for "a generation that lives and breathes technology." I would atleast bump it up to a bonded T-1 or get a secondary DSL service and keep the servers on the T-1 and the students on the DSL line. The DSL will be atleast twice as fast as the T-1. A metro fiber/ethernet connection is starting to gain a lot of popularity recently and might be another option for you guys. One last thing you might want to look at is some sort of web cache engine. Some of these not only cache web pages but also videos. I have a cisco cache/content engines and I get around a 35% savings on web traffic. Focus on making your bandwidth as efficient as possible. Once you have that in place, then bump up the speeds if it is still needed. -Justin Dover

Subject: Network Monitoring Tools. You asked for some free/inexpensive network monitoring tools. I have used GFI LanGuard network monitoring tool which does a great job. You can down load a free test version at their site. We use SonicWall pro 3060 as our firewall and it monitor the network as well. Like you, I have a network monitor provided by my ISP. When I notice the Internet slowing down, I check the ISP monitor. Next, the Sonicwall logs all network traffic so I can see by IP address who is using the bandwidth. Once I have an IP number, I use Netscan, a free tool that scans the network and reports netbios names along with an IP number. Using these two tools together I can find who or what is using the bandwidth. -Mike Logan

I use a Watchguard X1250e with the Single-Sign-On authentication. This translates the users IP address to their login so I can see bandwidth, sites, ports etc. by any user. Additionally, it uses their Organizational Unit in Active Directory to apply their filtering policy. Therefore, students have less access to sites than teachers and staff. Their policy restricts them from downloading music, videos, executables, accessing internet email. Blogs, whatever. If wireless is where the bandwidth is being used: What wireless management application are you using? Does it require user authentication with AD? You should be able to have a default policy without AD authentication(for guests outside your domain) that will disallow this behavior. Then you can configure your Group Policies (for those who do authenticate by either WEP, Passphrase, etc.) to restrict access to streaming media, and downloads of that sort for different groups by their group policy in active directory. This saved me over 50% of my bandwidth by creating separate policies. That was over a year ago and I still haven’t heard any complaints.

On the QoS side we've replaced our Packeteer with a much less expensive product called the "NetEqualizer" and are very happy with it. Not only is the NetEqualizer a lot cheaper, the complete manual is 25 pages or so! If your main purpose is to provide the best experience for your users with your available bandwidth the product is great and can easily be setup, learned, and configured in 1/2 day. Note that the NetEqualizer is primarily a QoS tool, not a network monitoring tool. However, it does include NTOP[1] which provides some nice info but is also lacking in some areas.

If the only thing your interested in is making the most of your bandwidth to provide the best connection for the most users I think the NetEqualizer is worth a look. When faced with a major bill for upgrading our Packeteer we decided to give the much less expensive NetEqualizer a try. In a nutshell, this box takes a protocol agnostic approach to managing traffic by progressively slowing down the top users once your traffic hits a percentage of you connection's bandwidth (ours kicks in at 85%). What's cool is that low bandwidth users or users with short bursty traffic (e.g. most HTTP traffic) are completely unaffected no matter what the load. We've used it since September and we see a much fairer distribution of bandwidth among users (rarely is anyone over 2% of the total bandwidth) and higher utilization on our connection so we are using all the bandwidth we pay for. Because of it's simplicity setting it up and learning how to configure it is a 4 hour job. The box does contain ability to prioritize individual hosts (e.g. servers, video conferencing hardware, etc.) as well as the ability to set hard bandwidth caps on specific hosts or vlans.

I installed a Cymphonix box 4 years ago and used it for a full school year. At the time it was one of the few affordable solutions competing with Packeteer, and their one-price model was more appealing and affordable than SonicWall's. It was a very good experience and I would recommend looking at them, however after 3 years I am sure the competition is stiffer.

Pros: --Detailed reporting and logging. I could maintain logs on all network activity for a full year (320 students and 100 faculty) and go back through the history of individual machines. It also has good high level reporting that can help you understand your traffic better and make good shaping decisions. --Pretty charts and graphs. It shouldn't make a difference but it does. The crisp, professional looking data made an impression on non-technical people, especially parents. It also made it easy to show my browsing history to students at the beginning of the year to help them understand the information that was being collected or could be collected on any network. --AD integration was solid as was filtering. --Individual machines are IDed by MAC address, AD, DNS or a custom name you assign. This was especially helpful with our students laptops.

Cons: --The interface mostly worked with Safari, but every so often you needed IE. --iBooks and macs were only picked up by MAC address and I had to manually label them for ID purposes. --The built in firewall was anemic, especially the VPN (Hopefully this has changed over 3 years) --The options for setting times for traffic shaping were somewhat limited. Example you could not set multiple times per day to allow students expanded bandwidth to IM (i.e. before and after school). These have likely improved as well.

You can demo a packet shaper product. They can be pricey, but as an appliance they are almost a necessity in today’s network. Almost all vendors are willing to come out and set one up for 30 days or so and then go over in detail what all is happening. Look at several as they all have slightly different strengths and weaknesses. Here are a few more, not mentioned above:

  • Cymphonix Network Composer
  • DeepNines is another alternative
  • Exinda – probably the best user interface
  • Opteq -Covers all areas of bandwidth management, wan optimisation & Security.
  • The Cisco 6500/7600 router series with Sup720s can do the traffic shaping in hardware very efficiently and not give you a CPU hit. You'll probably want to do it out at the edge though since it's your T1s that are getting saturated rather than your Internet connection(s).

Caching Engines or AppliancesEdit

Caching web content can provide a significant increase to users' perception of web speed by storing commonly viewed websites -- especially in the case of where a class of students is viewing a website. Create a vlan that includes your router (port 1 to ISP, port 2 to vlan), cache engine (on vlan), and firewall (port 1 in vlan, port 2 in LAN.)

  • Squid
  • ipCop
  • pfesense
  • moonwall
  • BlueCoat SG Proxy
  • Stratacache (ISP level)
  • Barracuda
  • Opteq iQ (ISP & Enterprise)
  • ApplianSys (CACHEBOX)

Open Source and Freeware Network Monitoring & Analysis ToolsEdit

  • Snort
  • MRTG Multi-Router Traffic Grapher will monitor switchports on wan connections. The same could be done for the switchports that PCs are connected to. It runs by itself, collects snmp statistics off switches, PCs, ... and puts them into nice graphs. It has been very valuable for monitoring our internet bandwidth consumption. What it will do: It will monitor amount of bytes or packets in/out of the switch port or any other snmp statistic it can from any host (cpu utilization, ram utilization, free disk space - from any server, switch, PC.) What it will not do: Because it operates at low layers, it cannot tell you much about the data beyond some layer 2 type statistics (ie it can monitor discards, crc errors, but cannot monitor udp statistics or tcp statistics). So, it is good for monitoring the amount of bytes passed through a switch port, but bad for giving any detailed look into what types of data is being passed. It takes snmp feeds and can be used for a range of things. e.g. you can monitor printers daily usage. Besides bandwidth, a few things I use MRTG to graph are: # of open files on the file server, # of nat translations on the router, Server room temperature (via apc monitoring box), ping response time from google. If the data you want to graph isn't accessible via SNMP, you can even write a little perl script that will grab the data and pass it to MRTG in the correct format. Peter Lindberg. Collegiate School. Retrieved from EDTECH list-serv and ISED-L list-serv 11/1/08, CC3.0 a, s-a, nc license
  • Cacti Graphical system for monitoring servers & switches, particularly bandwidth usage.
  • Nagios - If you have an in-house Linux box and a Linux capable admin, it is a great open source tool. It was previously known as Netsaint. Nagios' got plug-ins that will automatically draw out your network, whether it's a LAN or WAN, can do very sophisticated network management and Splunk (another open source tool) is great for going through logs from several different servers / systems / switches / routers in real time and at once.
  • NetStumbler identifies wireless access point with various statistics.
  • We use Untangle - which is largely free - for our content management, and it allows for protocol control and firewall, but it does not allow for sophisticated traffic monitoring. That said, it does report violations of our protocol/firewall/web filtration rules by IP address and machine name, and we've found that to be helpful in tracking down problems.
  • There's also Zenoss with both free and commercial versions of their software. And, if all you are looking for is graphing of traffic, there is Cacti ( which is a nice web-based front end for RRDTool and MRTG. And, if you like Nagios, there is Groundwork Open Source ( which is a very nice wrapper for Nagios and a few other tools; like Zenoss, it comes with both free and commercial versions.
  • Wireshark and a mirror (or "monitor") port on a switch were recommended as a way to view real-time data about how much traffic is flowing to clients on a network. You could configure a laptop with wireshark (and connect it to the mirror port) and remote into it to monitor the traffic the sniffer is capturing. Solarwinds also has a free tool that allows you to monitor traffic if your routers can export NETFLOW data. Solarwinds has a lot of youtube videos too
  • Solarwinds IpMonitor - if you are just starting out with monitoring and just need a basic monitoring program, IpMonitor is great - they also have more advanced/full featured products like Orion but the price goes up as well.
  • Intermapper offers a free version to monitor up to 10 devices. The product comes with 100s of probes for various equipment types and vendors built in to the product, and you can also make your own or use probes created by other users. Probes help you monitor multiple items per devices, so 10 free device licenses goes a long way. It's a great option if you just have a couple core devices you want to monitor, or if you already have a network management/monitoring tool but want to take advantage of Intermapper's unique graphical representation of your network.

Commercial Software for Network MonitoringEdit

  • AggreGate Network Manager
  • Intermapper
  • PTRG
  • LanSurveyor
  • NetEqualizer
  • Bandwidth Arbitrator
  • Procera
  • Mastershaper
  • Mikrotik
  • M0n0wall
  • NetAdminTools

Commercial Network Diagnosis ToolsEdit

outils commerciaux de diagnostic de seauEdit

    • data-rte-instance="343-17109457894e720822dd13e" données rte instance = "343-17109457894e720822dd13e" class="external text" rel="nofollow">Fluke Etherscope - Fluke networks Etherscope2 is a portable device for analyzing wired and wireless Ethernet traffic. class = "texte externe" rel = "nofollow"> Fluke Etherscope - Fluke Networks Etherscope2 est un appareil portatif pour l'analyse des filaires et sans fil Ethernet trafic. It costs about 12,000 bucks. Il en coûte environ 12.000 dollars.

Internal Links - Other Articles on This WikiEdit

Bandwidth Calculations - managed vs. unmanaged networks and bandwidth per cpuEdit

Wireless Networking & Security - issues affecting bandwidth and throughputEdit

Internet Connection Options - combining internet connections for robust redundant connectivityEdit


Internet FilteringEdit

Spam FilteringEdit

External LinksEdit

  • The DSL Reports site discusses various options listed above for shaping or throttling

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.