Re: Bandwith management, traffic shaping

["Doty, Timothy T." <tdoty () MST EDU>]

We use a Cisco Service Control Engine (SCE). While ours only does 1Gb my understanding is that there are newer models 
that can handle 10G. I don’t believe I can say much about some of your features, but the SCE has worked very well for 
us. It *is* a complex beast with considerable capability so expect some time to come to grips with it. It allows *very* 
elaborate control of traffic based on source, destination, protocol, what have you. Or you can keep it simple.

The latency is absurdly low due to two factors: effective hardware acceleration and a default to pass. For example, the 
first packet that hits it for a flow may not have enough context to determine whether it should be passed or dropped. 
In such a case it passes the packet, and continues to analyze. One consequence is that, especially for very aggressive 
UDP-based protocols, some leakage of traffic may occur. We appreciate this design choice – for one it helps to avoid 
the “new device is causing my network problem” issues.

The java interface is alright and allows for creation of a variety of reports. To be honest, we don’t use those 
features though we looked into it initially.

It has an API that can be used to extend it in practically arbitrary ways. We use this for our P2P Request application 
(block by default, allow by exception) and populating subscribers (for example, based on DHCP). We recently did further 
extension creating a web application that better fits our business processes.

In my opinion it is worth looking at.

Tim Doty

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dexter 
Caldwell
Sent: Wednesday, October 06, 2010 10:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Bandwith management, traffic shaping

 

Hi All,

        Request for help.  I know some of this has come up in past discussions.   We are considering replacing our 
current bandwidth management platform with another due to the fact that we are beginning to see some challenges with 
it.  We are in the  planning stages for a replacement technology.  We currently use a Blue Coat/Packeeter product which 
has served us fine in previous years, but we are now sort of outgrowing it. Any recommendations?  

 

What other bandwith management technologies do you any of you use that you're happy with?

 

Some features of interest to us are:

-accuracy of detection

- a strong platform in terms of throughput (10G capable)

-strong flexibility in managing traffic (all the normal stuff, plus possibly schedules)

-support for multiple Internet links or (BGP or other gateway protocols)

-high number of protocols/signatures (more than just p2p)

-scalable platform with central management

-any DMCA management features

-ease of management (learning curve is okay if platform is worth it, but we are a small team wearing many hats)

-typical features that we all use or appreciate having such as granular bandwidth management, dynamic allocations, etc.

-good reporting and dashboard overviews.

-any other features you think are useful

 

If you have a platform recommendation that is worth looking at regardless of the features above please respond with 
product and your general experience.  We will do the homework.  (I saw Procera's Packetlogic sugested recently, but we 
are looking into others as well.)

Attachment: smime.p7s
Description: