RE: Re[2]: Internet Cafe

["Paul Stewart" <pauls () nexicom net>]

You can also use etinc.com's products which work well.... Can get a
Linux version for a reasonable cost or buy one of their appliances..;)

ET/BWMGR vs Packeteer

The major difference between the technologies described from a
functional standpoint is capacity. The PacketShaper 4000isp, for
example, can only manage 1000 "partitions" (500 bi-directional), which
means that you can only limit 500 hosts. But in order to limit 500
hosts, you can't limit other types of traffic. In effect, you can only
limit 375 hosts and still use the box's shaping capabilities on other
streams. The ET/BWMGR can support THOUSANDs of limits of any type, so
you can set a limit for each and every web site and/or customer
individually. The folks at Packeteer will tell you to "cascade" their
very expensive boxes to get more capacity, but for a LOT LESS the
ET/BWMGR can do what you'd need multiple PacketShapers to do. In terms
of total capacity, a 700Mhz ET/BWMGR can handle multiple 100Mb/s wires,
and is rated at 125Mb/s total throughput, while the Packeteer is rated
at less than half of that.

A major reason for the difference in capacity is that PacketShaper's
rate limiting algorithm chokes its resources. For example, to limit a
busy web server using the ET/BWMGR requires the management of 1 logical
stream. For the PacketShaper, a stream is required for each connection.
So if you have 300 users on the web site, Packeteer's product must
manage each of those connections individually. Ultimately, there is no
difference in the resulting performance, as the ET/BWMGR also withholds
ACKs (by slowing the original data to the host and by generally
controlling the TCP window) so ACKs are paced naturally without having
to physically manipulate them, and without the associated overhead. When
the numbers get really big, the differences become more significant.
With 500 hosts (the PacketShaper 4000isp capacity), you may have 50,000
(or more) connections for the PacketShaper to manage, while ET/BWMGR has
only 500.

Paul Stewart
Nexicom Inc.


-----Original Message-----
From: Mark Kelsay [mailto:mkelsay () Switchboard com] 
Sent: Friday, January 17, 2003 4:05 PM
To: 'Marc Cuypers'; security-basics () securityfocus com
Subject: RE: Re[2]: Internet Cafe


This will do it, but I am not sure of the price.


http://www.packeteer.com/products/packetshaper/




-----Original Message-----
From: Marc Cuypers [mailto:m.cuypers () pandora be]
Sent: Thursday, January 16, 2003 3:32 PM
To: security-basics () securityfocus com; Terry Peterson
Subject: Re[2]: Internet Cafe


On Wed, 15 Jan 2003 12:31:56 -0800 Terry Peterson <tpeterson () snocom org>
wrote:

> I currently own an internet cafe.  Instead of applying strict policies

> we have decided to image the hard drives often.  We have found that we

> had to lock down the boxes to tight that they became difficult for our
> customers to
> use.  So far, we have not had anyone attempting to compromise the
> systems or
> use our center to source attacks.  Out biggest problem is figuring out
a
> way
> to limit bandwidth usage.  Is anyone aware of anyway to limit download
> bandwidth on a per machine basis?
>
> Terry Peterson
Bandwith management can be done with linux (advanced routing). With
advanced routing it is possible to shape the IP-traffice.  So you need a
linux-box as a router with 'advanced routing' enabled. Notice the word
'advanced', it will take a little effort to grasp and configure.

Marc Cuypers