NWC | Review | Network + Systems Management | Warding off WAN Gridlock |


				HOT PICKS • U.S. IT Salary Survey 2008 • Rolling Review: SOA Appliances • XKL Brings New Life To Dark Fiber

IMMERSE YOURSELF:

Storage & Servers

R E V I E W

Warding off WAN Gridlock

November 15, 2002
By Mike DeMaria

>> continued from previous page

Don't Say We Didn't Warn You

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Flame the author

	In this article
	Introduction
	Don't Say We Didn't Warn You
	Packeteer PacketShaper 4500
	Products Reviewed
	Executive Summary
	Politics, Law and the Traffic-Shaping Admin
	How We Tested
	SIDBAR: Make Your Case
	Report Card

Bandwidth-management capabilities refer to the various methods of implementing QoS. There are several ways to control bandwidth, including TCP rate shaping and queuing. Packeteer and Sitara use TCP rate shaping, which entails intercepting and manipulating TCP window sizes. The other entries we tested use queuing. For a primer on queuing types and other shaping schemes see "Traffic Management Techniques."

Take the number of signatures a product claims to support with a grain of salt. Some of what is called a signature really means, "We know the default port it uses." And some protocols may support more than one signature--Packeteer counts Kazaa as one application signature but can identify and set granular policies on Kazaa uploads, downloads and searches independently. So while Kazaa is just one protocol, it has three data payload signatures. We tested this capability by running the Hotline Internet bulletin board system on Port 80 rather than on Port 5500, where it normally runs. All the products except Packeteer initially identified Hotline traffic as HTTP. When we added a rule called "http-authenticated," Allot's NetEnforcer performed deeper inspection of Port 80 and identified Hotline as non-HTTP traffic, while Sitara's QoSWorks QWX-10000 pegged the traffic as "other-content-type." Lightspeed and Radware couldn't perform deeper identity checks.

Why a Dedicated Device?

Lately it seems like everything but the kitchen sink is getting QoS capabilities. Firewalls, VPNs, routers, switches, and even some consumer and small-office products, such as the FortiNet FortiGate (see "FortiGate Fortifies Your Traffic Security") claim to have some form of QoS. However, sometimes the "jack-of-all-trades, master-of-none" syndrome applies--if you plan to use an add-on QoS capability, here are a few things to check:

Glossary

CBQA: technique that combines classification and queuing of data packets based on rules defined by an administrator. Packets are divided into a hierarchy of classes based on any combination of IP address, protocol and application type. Each class is assigned a set of bandwidth priorities. Find more on queuing types here.

• Does the device offer Layer 7 inspection?

• Can you set policies per connection and per protocol?

• Is reporting available for the most active protocols and users?

Also, remember that performing traffic shaping costs CPU time, and your firewall may be overloaded before performing QoS.

Dedicated traffic shapers, on the other hand, move the overhead of QoS to a separate box and can offer granular control of bandwidth use. The QoS devices we tested support a wide range of speeds, and dedicated systems also have a higher limit on the number of policies you can set. This lets your traffic shaper grow with your WAN. Of course, there are benefits to integrated solutions, aside from price; for example, you're using a single management interface and want to have one less piece of infrastructure to take care of.

In the final tally, Packeteer and Allot ended up in first and second place, respectively, with the PacketShaper 4500 earning our Editor's Choice award. Sitara's solution also performed well but had a confusing interface. Lightspeed's Total Traffic Control has decent reporting capabilities, but its bandwidth control and management interface didn't measure up to those of its rivals. Radware's product is an add-on to its application switch and isn't as feature-rich as the other products we reviewed. However, if you own Radware switches, you can't beat the price.