Shape up your WAN traffic

Packeteer and 8e6 traffic managers offer choice between luxury and thrift

Traffic across WAN connections always seems to grow faster than available bandwidth. Tools to help optimize application usage of available bandwidth continue to increase in capability and sophistication. Both 8e6 Technologies' TurboPipe NP T100 and Packeteer's PacketShaper 9500 appliances offer traffic monitoring and control, using a sophisticated variety of possible criteria for shaping traffic. They can control traffic based on source, destination, type of application, and more, giving the administrator plenty of flexibility in prioritizing the most important traffic and restricting unwanted traffic such as peer-to-peer file sharing or network gaming.

The TurboPipe NP T100 will handle as much as 10Mbps of traffic, at a price of $11,995 with one management console. The PacketShaper 9500 offers a capacity of as much as 500Mbps, and compressed traffic rates of as fast as 45Mbps, with prices starting at $34,000. Both companies offer other models to accommodate varying speeds. The PacketShaper's higher score in this review is not due so much to bandwidth capacity -- because it is also priced much higher -- it is due to easier setup and administration, better documentation, and additional features such as compression and centralized administration of multiple units.

Each product can function with a single appliance at the main office, but both can offer additional features if there are appliances at each branch office as well. These additional capabilities range from compression to routing non-IP protocols such as IPX.

Some organizations might find these devices worthwhile simply for their reporting and analysis capabilities. They can identify network traffic by the type of application creating the traffic, showing the end-user, the application, the amount of traffic generated, and many more details. Although network analysis programs can duplicate this, the ease with which these appliances collect and display traffic statistics is outstanding.

Both products support a wide variety of network applications, from protocols such as H.323 for videoconferencing and IP telephony to specific streams used by Oracle, PeopleSoft, and other enterprise applications. They provide a considerable step up in ease of use from previous products that required defining network behavior at the packet level before bandwidth could be controlled.

Either product will enable the administrator to exercise great control of which WAN traffic gets through first, last, or not at all. Whether the TurboPipe or the PacketShaper will be a better fit for your organization will depend on your network topology and other factors such as your compression requirements.

TurboPipe NP T100 Version 3.1

The TurboPipe solution consists of two parts: the appliance itself, which 8e6 calls the TurboPipe NP Engine, and the management software, dubbed the TurboPipe NP Console. The Console can be installed on any Windows PC. The Engine and Console are licensed separately; additional Console licenses are $500 each. I also found that running the Console -- on both Windows XP systems I tried -- made running any other networked application very difficult.

Initial installation of the TurboPipe NP T100 can be done by plugging keyboard, mouse, and monitor directly into the unit, or via serial terminal. After basic network information is entered, the rest of the configuration is done via the Console software.

The TurboPipe Engine expects to be positioned between the LAN and the WAN router, where it provides monitoring and shaping tools (preconfigured) for a wide array of WAN traffic including many popular network applications, such as AOL Instant Messenger and Doom, that administrators might want to limit on the WAN.

8e6 defines three types of traffic between sites: links, which represent physical connections; channels, which are tunnels of traffic with specific rules applied; and conduits, which are sets of multiple channels. Conduits might represent IPSec tunnels through the Internet to remote sites, for example, each defining limitations for a particular type of traffic such as ERP applications, streaming video, or file replication. Pass-throughs can be created to exclude the TurboPipe from monitoring traffic not intended for the WAN, such as traffic going directly to the Internet, such as Web browsing. A separate interface is even available for pass-through traffic, so that traffic going to the Web won’t be filtered at all.

Each link, channel, and conduit is defined with a minimum and maximum bandwidth. Conduits and channels are also associated with an SLA so that the overall connection, the connection to a specific site, and the application traffic to the specific site can be assigned different service levels. This hierarchy offers a simple way to ensure that links between sites are not accidentally oversubscribed.

The TurboPipe can measure bandwidth utilization across all links, conduits, and channels, with very specific statistics down to the round-trip time required for specific types of traffic. However, round-trip time collection requires a lot of processing overhead, so it should be used sparingly.

Top-10 probes can show the source addresses, source ports, destination addresses, and ports and protocols generating the most traffic. A similar report shows the top 10 conduits in terms of traffic generated.

The TurboPipe also provides a nice tool to notify you when you attempt to create a filter that conflicts with an existing filter. If you do so, it can either resolve the conflict or allow you to decide which filter will look at the traffic first.

The TurboPipe line seems to be oriented more toward ISPs than enterprises. With the emphasis on SLAs and the capability of handling multiple links, conduits, and channels, it offers sophisticated capabilities for monitoring and shaping WAN traffic -- although it does so without the enterprise features of PacketShaper, such as overall administration of a group of devices and site-to-site compression. With prices starting at $4,995 for the 2Mbps T20, the TurboPipe offers a lower point of entry than does the PacketShaper, but the extra cost for multiple consoles and software maintenance could soon eat up the difference.

PacketShaper 9500 Version 7.0

Packeteer's PacketShaper 9500 is a highly capable 2U appliance that's easy to install and configure. It also supports plenty of bandwidth -- as much as 500Mbps -- and hundreds of thousands of separate traffic flows. On the other hand, PacketShaper models start at $34,000 (more than twice the cost of TurboPipe), and getting full use of the system may require additional units at some or all remote sites.

The PacketShaper can push as much as 45Mbps of compressed traffic separated into as many as 300 channels. With the optional PolicyCenter software, the main office can control hundreds of PacketShapers, monitoring and controlling all WAN traffic across the enterprise from one console. PolicyShaper also integrates with management software such as BMC Patrol, Concord eHealth, Hewlett-Packard OpenView, IBM Tivoli, InfoVista, and Micromuse Netcool. 

Monitoring capability is extensive. The TurboPipe can deliver a wide variety of statistics on network traffic, from utilization of various WAN links to identifying the sender and received pairs for streams of traffic used by network applications, with full data on each stream, including IP addresses and ports, amount of traffic sent or redirected, round-trip time and packet delay, MPLS (Multiprotocol Label Switching) service type, and more. It can even identify suspicious traffic, such as non-HTTP traffic going through port 80.

The PacketShaper can operate in two modes -- enterprise and ISP. In enterprise mode, it operates as fast as 500Mbps and supports 175,000 new traffic flows per second. In ISP mode, it operates as fast as 400Mbps, but supports as many as 600,000 new traffic flows per second. It supports optional additional Gigabit Ethernet interfaces and redundant power supplies.

Initial installation is by serial console. When that is complete, the rest of the setup is accomplished via a browser. Monitoring traffic and creating filtering sets between sites is simple, with support for MPLS and Diffserv not provided by 8e6's TurboPipe.

Channels can be site-to-site, between specific users, or within specific types of traffic. Controls are extensive, including not only prioritization but also compression and scaling, which allows for the connection of clients to a specified Web server depending on connection speed, and adaptive response, which can update policies and rules depending on changing network conditions.

With a full enterprise feature set including centralized management, compression and scaling, and the ability to script reactions to changing conditions, many network administrators will find the PacketShaper worth the higher initial price. With PacketShapers at either end of a connection, they can even prioritize IPX traffic as well as TCP/IP.

Administrators who are using separate compression technology, or who have no need for centralized management of multiple sites, will find 8e6's TurboPipe capable of monitoring and controlling network traffic very effectively. For those who need more, and who are willing to pay for it, Packeteer's PacketShaper offers enterprise-class extras including compression between sites, centralized multibox management, and adaptive response to changing conditions -- although at a substantially higher price.

InfoWorld Scorecard
Value (10.0%)
Scalability (20.0%)
Management (25.0%)
Setup (25.0%)
Application support (20.0%)
Overall Score (100%)
8e6 TurboPipe NP T100 8.0 8.0 8.0 7.0 9.0 8.0
Packeteer PacketShaper 9500 9.0 8.0 9.0 9.0 9.0 8.8
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies