Preventing bursty traffic like FTP from filling a pipe ensures that latency-sensitive traffic, such as VoIP or streaming media, is provided a constant bit-rate delivery.
To the Cold North They Came
We pinged bandwidth management vendors Check Point Software Technologies, Lightspeed Systems, Packeteer and Sitara Networks, inviting them to come up to our partner lab at Schneider National Inc. in Green Bay, WI, and show us their stuff. Packeteer declined, citing its concern over our test plan and the results of such a test on its stock prices. Our test plan was designed to determine how well each product performed under a fully saturated pipe. We wanted to determine the accuracy and capabilities of each product under controlled conditions and therefore did not introduce WAN impairments into the test. Allot Communications, NetGuard and NetReality were also invited but never replied to our queries. Cisco was eager to participate, but our tight timeframe and late invitation caused them to decline.
Given the diversity of products submitted, we split the review into two categories -- one for products supporting E1 speeds and below, and another for those supporting 10 megabits per second and above. Competing in the E1-and-below space were Check Point's Floodgate-1 and Lightspeed Systems QoS Control for e-Business.
Vying for the top spot in our 10-megabits-per-second-and-higher category were Alteon WebSystems AceDirector 4, Lightspeed Systems QoS Control for e-Business and Sitara Networks QoSWorks 10000. Check Point offers a product in the 10-megabits-per second-and-higher category and had planned on participating in that category, but circumstances beyond the company's control forced it to submit only the E1-and-below product.
In the extremely competitive worldwide business environment, Internet connectivity has become increasingly important to the corporate communication system. Support of mission-critical applications, distribution of information, marketing initiatives and sales rely more heavily on Internet and extranet connectivity than ever before. Unfortunately, due to the nature of IP traffic, many corporations have realized that network congestion goes hand in hand with the successful use of this connectivity.
The LAN has, for many years, been considered a resource and managed as such. It is of growing importance to recognize that, like the corporate LAN, Internet and extranet bandwidth is a resource and should be managed accordingly. When congestion occurs, administrators often simply add more bandwidth, but the underlying problem is not alleviated with this solution, since no control over the bandwidth is gained. Bandwidth management products provide the ability to allocate and manage bandwidth to ensure effective use of that bandwidth, thereby protecting mission-critical traffic from starvation.
In our lab we put these products to the test, examining them from several perspectives. During setup and configuration, we checked out each product for usability from a management perspective, and evaluated how much, if any, network reconfiguration was required to insert the product into the network. During our performance testing, we looked at the product's ability to stick to bandwidth limits as well as the effects of management on streaming media. We also looked for degradation of response times for interactive traffic such as HTTP.
Get in Queue
With a rich feature set, excellent performance, and deep control over queuing parameters, Lightspeed Systems QoS Control for e-Business took the top spot in our 10-megabits-and-above category. While its user interface was initially confusing -- the documentation for this product needs some serious revamping if it's to be useful for administrators -- once we were comfortable with the product, we found it to be an excellent graphical management system. Only the QosWorks 10000 (also known as QWX 10000) has a more intuitive method of configuration. QoS Control for e-Business was more difficult to insert into the network than QosWorks 10000 or AceDirector 4 (AD4) -- requiring modifications to the network configuration. From a performance perspective, QoS Control for e-Business proved to be more effective than the competition at managing bandwidth and offered extensive real-time statistics that were more thorough and informative than those of the QWX 10000 or the AD4.
Coming in a close second, Sitara Networks QoSWorks 10000 didn't match the performance of Lightspeed's QoS Control for e-Business, though its configuration and management is one of the most intuitive and easy to use we've seen. One change we'd like to see is the ability to configure this product using megabits per second rather than the kilobits per second that forced us to perform mathematical computations. Both of QWX 10000's competitors provide this feature; it makes life easier when dealing with Ethernet and higher speeds. The QWX 10000 gained an edge over AD4 by providing some additional features such as time-based deployment of policies, tight control over maximum queue delays, and statistical reporting.
Alteon WebSystems AceDirector 4 followed up third in the 10-megabits-and-above category. It offers absolute control of bandwidth, which is better suited to the service provider market than its competitors, but it left us feeling a bit nervous about our ability to effectively utilize all our bandwidth in a corporate-class deployment scenario.
The AD4 provides hard limits on bandwidth provisioning and enforces this policy better than the QWX 10000, but it needs some additional work on configuration and management. One feature we'd like to see is the ability to clear the traffic statistics. Currently there is no mechanism in place for this, and while testing we had to disable and then re-enable the traffic management features in order to clear AD4's traffic statistics. AD4 inserts into your network without the work of the QoS Control for e-Business, and you can customize queue lengths for increased performance to your heart's content. Not so with QWX 10000.
In the E1-and-below category, Check Point's Floodgate-1 takes home the prize. Floodgate was easier to configure and manage than its competition, Lightspeed Systems QoS Control for e-Business, and offered a better value for its price. Additionally, Floodgate-1 is the only product in our tests that could correctly classify secure VPN traffic - a definite plus for WAN and remote site bandwidth management.
The initial setup of Floodgate-1 was more convoluted. It required an additional machine for licensing as well as one for configuration, though its integration with other Check Point products and centralized management makes for an excellent point solution. The fact that it required an additional machine strictly for licensing is annoying, and we'd like to see a better solution for managing licenses.
Check Point also came out ahead in its pricing, which was slightly better than Lightspeed Systems'. The only caveat here is that Check Point's $2,995 price tag provides for management of only 25 IP addresses. The configuration of bandwidth management policies was also more straightforward with Floodgate-1 than with Lightspeed Systems' product. Some of the same traffic management configurations available in Floodgate-1 could be created using QoS Control for e-Business, but administrators may find it a more tedious process than necessary.
TCP Rate -- Shaping vs. Queuing
Historically there have been two staunchly disparate camps regarding which method of controlling bandwidth is best - TCP rate-shaping or queuing. TCP window-sizing proponents, who claim window-sizing is proactive and therefore more effective, often use packet-dropping to denigrate queuing as a method for managing traffic, though not all queuing algorithms rely on packet-dropping to manage TCP traffic. Queuing advocates are just as quick to point out that not only do window-sizing products use TCP in a way that is not specified by the IETF, but, in addition, transmission control protocol (TCP) rate-shaping products do nothing to control traffic of other types, such as streaming media and VoIP, commonly transported via user datagram protocol (UDP).
TCP rate-shaping is the process of intervening in the TCP traffic flows between two end points and modifying the handshaking between them such that the end-to-end communication occurs at a desired rate. Flows are rate-shaped by slowing down the return of acknowledgement packets and adjusting advertised window sizes, so that the end-to-end communication slows down toward the guaranteed rate. Generally, TCP rate-shaping aids in avoiding congestion.
Within the queuing camp there exist a plethora of algorithms available - from class-based queuing (CBQ) to weighted fair queuing (WFQ) to priority queuing. Traffic is classified by type or priority, queued appropriately, and then sent out at a rate consistent with the output port speed. Most queuing-based products incorporate a packet-dropping algorithm that is designed to force TCP to slow its rate before congestion occurs.
Techniques such as weighted random early discard (WRED) and random early discard (RED) are often used to force TCP to slow its rate by providing intelligent early packet discarding. The intelligence is seen by the product's ability to discard packets before the network is congested. RED and WRED slow TCP traffic and minimize the risk of larger numbers of packets being delivered to already full queues and subsequently dropped.