Packetshaper: A Lifesaver in the Peer-to-Peer Storms
The University of California-Irvine, houses about 6,700 residents, spread across
four undergraduate, two graduate/family, and two visiting professor housing
complexes. The housing department is responsible for the complete network that
provides services to all residents, including the high-speed gigabit-speed backbone,
servers that manage the network, and almost 500 pieces of Cisco network equipment.
The first notable Peer-to-Peer program to rear its head across the Internet
was Napster, which was quickly followed by an onslaught of dozens of more advanced
and aggressive file sharing programs. As these programs began to proliferate,
networks of all kinds (business, government, and educational) began to suffer
dramatically.
In the university environment, file-sharing programs were taking over all
available bandwidth and educational uses of the network were suffering. Research,
data transfers, Web surfing, e-mail, and management systems were performing
dismally. P-to-P programs were using up every bit of bandwidth that we had available.
We would increase the bandwidth, then P-to-P would gobble it up. Regardless
of how much bandwidth we bought, it became evident that it would never be enough.
We needed to find a solution that would balance the traditional open environment
of educational uses of the Internet, and the recreational demands of the students.
After evaluating several methods of managing our bandwidth, we settled on two
network management systems, PacketShapers; the 8500/ISP models—currently
evaluating the latest 9500/ISP model. This product, manufactured by Packeteer
of Cupertino, California, has proven to be the best solution for meeting our
needs.
PacketShapers now allow us to fully manage our bandwidth. We now know what
applications are flowing across the network, when before we were unsure. Once
we installed PacketShaper and let it “discover” what was on the
network, we were aghast to find out that 60 percent to 70 percent of the Internet
traffic we were paying for was P-to-P. Files were streaming into and out of
the university at an incredible rate: music, the latest release of full-length
movies, videos, television shows and series, pirated software, and the list
g'es on. By using PacketShaper to actually classify and identify what was on
our network, we were then able to begin controlling it.
Now we use features of PacketShaper to prioritize applications. Residents
need fast Web browsing, so we are able to give it a high priority. Files and
connections that come from or are destined for the academic sides of the campus
are also given high priority. A high priority is also given to online gaming,
as it d'es not consume much bandwidth but requires fast response. And finally,
we are able to identify most P-to-P applications and limit total bandwidth so
the aggressive programs do not adversely affect the performance of the network.
The PacketShapers is an excellent addition to our suite of management tools.
The graphic interface is clean and easy to use. Further incorporated into the
equipment are superb reporting functions. Data can be extracted and displayed
as graphs. We can select time or date ranges, top users, percentages of use,
and do this down to each application, user, or function.
Furthermore, we are able to switch over to the less friendly “command
line interface,” and drill down through the data to an incredibly detailed
degree. We do this quite often as we classify viruses, worms, and Trojan Horses
such as the MSBlaster or Nachi outbreak. We are also able to get extremely granular
with the analysis of each user’s traffic flow and to identify infections
and take remedial action.
PacketShaper, although being a lifesaver for us, is not without its drawbacks.
There are sometimes problems with the Web page interface loading slowly. This
can be frustrating at times when trying to diagnose problems on the network.
Further, the Command Line Interface tends to be a bit cumbersome at times, and
finding the correct syntax for commands needs to be improved. However, as with
any equipment that uses Command Lines, the more one uses it, the easier it becomes.
We also find that online gamers tend to experience the dreaded “lag”—or
periodic slowdowns of response times.
However, it should be noted that our experience working with Packeteer’s
engineers and developers is another feature of the product that has been superb.
The working relationships we have developed with Packeteer enhance our use of
their equipment. Should an unknown application develop, degrading the performance
of the network, the developers and engineers are always eager to help identify
the problem so it can be managed.
It should be remembered that a Packet-Shaper is not, nor was it designed to
be, a full-featured firewall. We look at the PacketShaper as complementary to
all other network management tools. By having a PacketShaper in our “tool
box,” our network can be kept up and operating at peak performance full
time. Without it, the educational uses of our network would be dismal.