Necessary Control for Today’s Networks

Lessons Learned from Universities and Colleges

Slide 2

Napster today, then what next?

#1 - Napster is the tip of a larger problem

#2 – No institution has unlimited financial resources or bandwidth

#3 – Institutions shutting down Napster will likely find other misuse of institutional resources

#4 – Network capacity strains will continue to increase

- September 2000

Slide 3

What Happened Next…

Bearshare

•Furi

•Gnotella

•Gnucleus

•Limeware

•Newtella

•ToadNode

•Gnut

•Hagelsag

•MacStart

•Aimster

•BeNapster

•TekNap

•Crapster

•Gnap

•Gnapster

•Gnome-napster

•Hackster

•iNapster

•Lopster

and so on…..

•iMesh

•KaZaA (Netherlands)

•MusicCity

•WinMX (Ontario)

•Riscster

•Shuhan

•Webnap

•XMNap

•Jnapster

•Mactella

Slide 4

In K-12…

Equal access for schools in all districts is threatened by:

Aimster, Gnutella Class disruptions Passing notes in class…the new way:

AOL Instant Chat, Yahoo Messaging, MSN Messenger, IRC (Internet Relay Chat), ICQ (now part of AOL)

Greeting cards

Slide 5

At the Heart of the Problem

eMaileMail

File TransfersFile Transfers

AudioGalaxy,AudioGalaxy,GnutellaGnutella

Web SurfingWeb Surfing

Peoplesoft, SCTPeoplesoft, SCTOracle,Oracle,Citrix,Citrix,etc...etc...

VoIPVoIP

Real Jukebox,Tribes,Battle.net,

etc.

TCP / IPTCP / IPApplication-Application-

NeutralNeutral

TCP / IPTCP / IPApplication-Application-

NeutralNeutral

++

--

--

Mission-Mission-CriticalCritical

Time-SensitiveTime-Sensitive ++

All traffic is not created equal

Slide 6

Applications Drive Today’s Business

Applications are network-centric, but they run over IP networks that are application-neutralIP networks:

Treat all traffic alikeLack predictability and controlAre disconnected from business goals and priorities

Slide 7

Application Performance Is Critical

Web-based learningE-learningAdministrationEmailResearchLibrary accessMultiple-campus projectsFacilities managementAnd more

Slide 8

Business Suffers

Bursty, Unpredictable,Bursty, Unpredictable,Uncontrollable TrafficUncontrollable Traffic

Critical ApplicationCritical ApplicationPerformance SuffersPerformance Suffers

Oracle, SAP, PeopleSoft, etc.

Oracle, SAP, PeopleSoft, etc.

Mission-Critical AppsMission-Critical Apps

Unsanctioned AppsUnsanctioned Apps

Surfing, MP3, Napster, Shopping

Surfing, MP3, Napster, Shopping

Bandwidth-Intensive Apps

Bandwidth-Intensive Apps

Image Transfers, Streaming MediaImage Transfers, Streaming Media

SCT, Research,

PeopleSoft,

e-learning

SCT, Research,

PeopleSoft,

e-learning

Critical AppsCritical Apps

Unsanctioned AppsUnsanctioned Apps

Surfing, MP3, Blubster, Gnutella

Surfing, MP3, Blubster, Gnutella

Bandwidth-Intensive Apps

Bandwidth-Intensive Apps

Image Transfers, Streaming Media

Image Transfers, Streaming Media

Slide 10

What hasn’t worked

RoutersQueuing – reacting to congestionBlocking applications by port Controlling outbound traffic only

Firewalls Blocking applications by port

Adding more bandwidth

Slide 11

Router and Firewalls

6346

8888 8056

5656146785075 6666

243

7891678223435649999 621

62510540

490 561567 1200 53 498 1326

?

Slide 12

Routers – Manage Outbound traffic only

What you could be missing

Slide 13

More Bandwidth

“Throwing bandwidth at the problem makes your network more attractive.”

Hap Wheeler, Plattsburgh University

Slide 14

What Does Work

Solution that can automatically identify application trafficSolution that provides information on real-time application performanceSolution that proactively controls inbound and outbound application trafficSolution that provides ongoing reports Solution that co-exists with your existing network without changes and is not a single point of failure

Slide 15

PacketShaper

PacketShaper: Provides the application infrastructure that protects critical applications and contains non-critical applications across wide area networks and the internet

Measures and enforces service levels of your critical applications across wide area networks and the internet

Provides the controls needed to:Ensure performance of mission-critical applications Allocate bandwidth based on prioritiesImprove the return on investment (ROI) for the network and applications

Slide 16

PacketShaper’s Four Step Process

Slide 17

Step 1: Classify – You can only control what you can see

Physical

Network

Data Link

Transport

Session

Presentation

Application

Pac

ketS

hap

er

Ro

ute

rsS

wit

ches

Fir

ewal

ls1

7

6

5

4

3

2

PacketShaper automatically discovers and classifies >340different traffic types

Precise Classification by:• Application• Port/Range• URL/index/wildcard• Mime type• Protocol• IP Address/Range• LDAP Host List• MAC Address (non-IP)• IP CoS/ToS,DSCP• MPLS Label• VLAN ID

Aduio Galaxy, Aduio Galaxy, Napster, Gnutella, Napster, Gnutella, imesh, Scour, etc.imesh, Scour, etc.

Slide 18

Step 1: Classify -- What’s Running on My Network?

Traffic types that PacketShaper has detected are shown in the PolicyConsole

Slide 19

Classification Reports

Inbound Inbound andand Outbound Outbound

TrafficTraffic

Slide 20

Classify Traffic By …

Location Service Both

Slide 21

In addition to Traffic Discovery, you can Create your own traffic classes based on a combination of:

Inbound or Outbound directionProtocol (IP, IPX, SNA, NetBEUI, Appletalk, etc.)IP address space (host, range, network, host list)IP CoS/ToS,DSCP,MPLS Label, VLAN IDTCP/UDP port numbers,port range, source destination pairPredefined service types (e.g., http)URL Strings (e.g., web pages, file types)Citrix Types (published application, client name)H.323 calls - VoIP (dynamic port negotiation)Traffic Tree can be hierarchical (e.g., under the Citrix traffic class is a subclass for each Published Application)

Step 1: Classify -- What’s Running on My Network?

Slide 22

Step 2: Analyze -- How Is It Performing Today?

Extensive monitoring and evaluation toolsAbility to establish baseline application performance so you can quickly see deviations

Slide 23

Example: Link Utilization

If peak rate is drastically higher than average rate you can increase your overall average utilization!

Slide 24

Example: Network Efficiency

Network Efficiency: Designed to expose the hidden cost of retransmissions

Slide 25

Example: Transaction Delay

Is my network causing problems? Or is it one of my servers?

Slide 26

Step 2: Analyze -- How Is It Performing Today?

What’s competing for the bandwidth?Top Talkers & Listeners

Traffic Distribution

Slide 27

Step 3: Control -- How Do I Control Performance?

You can set rules to control performancePer-application minimum/maximum bandwidth partitionsPer-user minimum/maximum bandwidth policiesPriority-based policiesAnd many more

PacketShaper implements TCP Rate ControlControl the rate at which end-systems communicate

– Using industry-standard TCP/IP– Manage traffic flows and aggregate classes with bits-per-second

accuracyNo queuing-induced latency; reduced packet lossInbound and outbound controlProactive

“The key to successful policy lies in the ability of the institution to make all parties aware of the policy and have some means to ensure compliance.”

Gartner Group, Sept 2000

Slide 28

TCP/IP Flow Control

Normal IP flow control (no PacketShaper)Large file transfer started (e.g., ftp from internet)Receiver negotiates speed of connection, using window size and ACK Unaware of bottleneck or competing trafficOpens large window and floods link Mission critical traffic impacted (e.g., Oracle)

ReceiverSender

Window 16kACK 10000

Data transmission floods link

Slide 29

Rate Control

Since PacketShaper sits at a strategic access point, it sees competing flows, knows available b/w, realtime demand, desired QoSPacketShaper can make intelligent decisions on how to set flow-control parameters (appropriate window size, metered ACK)PacketShaper Rate Control throttles back on lower priority traffic, leaves room for delay-sensitive mission-critical trafficTraffic sent from host at specified rate, end-to-end

ReceiverSender

Window 16k

ACK 10000Window 2kACK 8000ACK 9000ACK 10000

Data transmission @ desired rate

Slide 30

Slide 31

Slide 32

With ControlWith Control

Without ControlWithout Control

Impact of Control

Slide 33

Impact of Control

With ControlWith Control

Without ControlWithout Control

Slide 34

Typically Bandwidth

Usage before control

Typically Bandwidth Usage after

control

Before and After Control

Slide 35

PacketShaper’s Rate Control

Because rate control is end-to-end, PacketShaper enables management of both inbound and outbound traffic

Rate control avoids congestion caused by hosts flooding router queues

Reduces transaction delay

Since individual IP flows are being controlled, you can set per session QoS

Supported for TCP and UDP traffic (modified for UDP)

Slide 36

Step 4: Report -- How Do I Show Results?

PacketShaper lets you:Track service level agreements Determine whether you’re meeting user expectationsPlan for the future of your network

Slide 37

PacketShaper Success Stories

Pacific University – Forest Grove, OR 

“PacketShaper helps us immensely by automatically classifying most of the traffic types seen on campus, and allowing us to set policies to control each of those types of traffic. It also allows us to see the most frequent users and set policies just for them. Using PacketShaper helps us ensure that everyone, from the University Faculty to the registrar to the freshmen in the dorms, gets the bandwidth they need.” -- Ted Krupicka

Slide 38

Plattsburgh State University – Plattsburgh, NY

"When Napster started becoming popular with our students, we almost immediately saw the impact on our dormitory network connecting all the students. Due to the elusive nature of most of these entertainment-based applications, firewalls simply can't prevent them from entering the network. Through this solution’s [PacketShaper’s] application discovery and analysis capabilities we are now able to see when Napster and other similar applications try to take over our network.“

from New Media Music, June 6, 2000

PacketShaper Success Stories

Slide 39

PacketShaper Success Stories

“We were seeing a trend toward the increasing use of peer-to-peer applications like Napster on the campus network and knew that it could become a significant problem for us. We considered a variety of possible remedies. We knew that just adding bandwidth wouldn’t solve it, because peer-to-peer applications take anything they can get. By installing PacketShaper on our network, we could set policies to limit their use to a relatively small portion of the pipe. This is a much better use of our resources.”

Jim Bourn, Director of Data Communications

Slide 40

Sample Campus NetworkSample Campus Network

Internet

Engineering

Distance Learning

AdministrationLibrary & Research

Dorms

Computer Science

Slide 41

Lessons Learned

Know what’s on your networkGuarantee bandwidth for teaching / learning applicationsImproved performance for administration applicationsCap recreational web surfingGet visibility into and control over bandwidth usageMake intelligent decisions about capacity planningAnd more

Slide 42

PacketShaper Product Line

49,000

3,000

128k 512k 2M 10M 45M 100M 200M

1500 Series

2500 Series

4500 Series 6500 Series

8500 Series

Slide 43

About Packeteer

Founded in 1996, pioneer of bandwidth management and application performance solutionsIPO in July 1999, NASDAQ: PKTRHeadquarters in Cupertino, CA, with offices worldwide

US Offices: New Jersey, Chicago, Atlanta, Dallas, Washington D.C., San DiegoOffices Abroad: Netherlands, Hong Kong, Japan, Australia, England, France, Germany

Employees: 200Customer proven

PacketShaper shipping since February 1997>20,000 PacketShapers shipped worldwide5th generation of software, 2nd generation hardware

Slide 44

Higher Education Institutions

St. John Fisher CollegeOver 500!!!

Slide 45

K-12 Institutions

Slide 46

Problems Addressed by PacketShaper

In Higher EducationNapster, Gnutella, iMeshe-LearningResearchAdministration

In K-12Equal and fair access for all schools in districtBandwidth hogs can’t impact students’ or teachers’ ability to quickly access key administrative and learning sitesNapster, Gnutella, iMeshNote passing Greeting cards

Slide 47

Lessons Learned - Summary

PacketetShaper enables educational institutions to: enables educational institutions to:

Know what’s on their networkReserve bandwidth for teaching, learning, and other mission-critical applicationsGuarantee performance for administration applicationsCap recreational web surfing and P2PGet visibility into and control over bandwidth usageMake intelligent decisions about capacity planningProtect smaller satellite campusesAlign WAN resources with organizational prioritiesMaximize the return on existing network infrastructureAnd much more

Slide 48

Stanford Listserv

Working with Stanford University there is now available a mailing list for Packeteer higher education customers. The primary purpose of the list is to let customers talk to each other to discuss organizational or technical issues related to deploying Packeteer products.

Customers can get registration info at:http://www.packeteer.com/solutions/industries/education/stanford_listserv.cfm

Slide 49

Necessary Control for Today’s Networks

ReportReport

ClassifyClassify AnalyzeAnalyze

ControlControl

ApplicationsApplications