At the University of Missouri, we have been experiencing explosive growth in
Internet usage by our students using file-sharing applications like Napster
(implicit servers). Sometimes our Napster usage was preventing
mission-critical academic tasks like when one engineering professor who
could never obtain the necessary bandwidth to run a video streaming server.
Since we are concerned with limiting student access, we are blocking all
uploads of MP3 files from machines within the University of Missouri
networks, but allowing downloads. By using PacketHound to block uploads, no
one on the University's networks can share their files, therefore the
University is not liable for hosting Napster servers. We are also able to
log information about the various other protocols on our network and have
found PacketHound to be a valuable management tool for our network.
The current PacketHound installed on our Internet pipe (actually, a mirror
of that pipe) has been capable of handling the 6.0 million packet-per-second
data flows with only about 2.5% packet loss. That may seem like a lot of
loss, but keep in mind that we're talking about a *full* 100Mbps data flow,
and the 2.5% of loss doesn't seem to have any effect on the effectiveness of
the PacketHound. The vast majority of Napster uploads are stopped cold.
Also, keep in mind that the PacketHound in our situation is being asked to
police an entire class B sized IP network. Any packet with a 128.206.*.*
address must be scanned. We have noticed that when we reduce the scope of
the PacketHound's rules to a particular subnet - say, 128.206.92.0/22 - the
amount of loss drops, since the PacketHound has to process fewer packets.
All in all, we've been very happy with the PacketHound. It's certainly not
the end-all and be-all of bandwidth management - in fact, we're deploying
the PacketHound in conjunction with the AppSwitch from Top Layer, because
the two products compliment each other. But we do consider the PacketHound
to be an indispensable piece of the puzzle.
Anyway, I'd be happy to describe the details of how we fit the PacketHound
into our Gb/100Mb Ethernet if anybody is interested. We managed to do it
without actually putting the box inline on a half duplex link with our
Internet connection. Works like a charm.
Justin McNutt,
University of Missouri - Columbia
-----Original Message-----
From: Peer-to-Peer [mailto:[log in to unmask]]On Behalf Of Helena
Poist
Sent: Thursday, February 01, 2001 2:51 PM
To: [log in to unmask]
Subject: Re: [P2P] Bandwidth Patrol: Who Has It, Who Controls It,Who
Shapes It? (fwd)
Packethound does not have the capability of handling a 1Gbps pipe with
their current box. However, multiple PacketHounds appliances could be
installed on separate 100Mbps segments.
PacketHound does not block by ports but by signature of the protocol,
preventing enterprising students from avoiding throttling by changing to
different ports. A new feature in PacketHound is the ability to allow
downloads but block uploads of Napster, which solves issues of liability
and security for universities and corporations.
PacketHound's new release will include several new protocols and
customized protocols can be added as necessary.
PacketHound can be used to manage network usage and provides great
analysis abilities through its reporting system.
-----Original Message-----
From: Peer-to-Peer [mailto:[log in to unmask]]On Behalf Of jpstreck
Sent: Thursday, February 01, 2001 7:55 AM
To: [log in to unmask]
Subject: Re: [P2P] Bandwidth Patrol: Who Has It, Who Controls It,Who
Shapes It? (fwd)
Hi Ana,
I looked at Packeteer years ago and at that time they were leading the
pack in
their ability to do QOS filtering. They were one of the top candidates I
had
asked
to come to the QCon but due to a trial in Japan at the time could not come.
With regard to Packethound, this is being tried here in RTP and it looks
ok but
has some limitations. As long as one is aware of those limitations then the
product
is ok (case of if a tool is not used for what it was designed one must be
careful of
the results). My quick view ov Packethound is that it must be inline with
the
main
pipe into campus. For us that is a problem since PH only goes to 100Mbits
and
we
are at 1Gig coming in. Second the tool works on predefined apps (ports)
which
you
can choose from but does not coordinate the top talkers with bandwidth used.
just some thoughts,
john
Ana Preston wrote:
> [an article on different bandwidth management control products] Could
> anybody share with the list their university's experience if you are using
> any one of these mentioned products? are there others out there that are
> not mentioned? According to the article, these products range from $2,500
> US all the way up to $24,000 US. Who is using these? Packeteer claims
> that over 110 universities are deploying PacketShaper. Would love to hear
> your take on this. If you prefer, reply to me and if there is enough
> interest, I will summarize for the list.
> --ana
>
> From ZDNet Interactive IWeek [original article posted on 01/30/01;
> http://www.zdnet.com/intweek/stories/news/0,4164,2680081,00.html]
>
> "Bandwidth Patrol: Who Has It, Who Controls It, Who Shapes It?
> No matter where you stand on the Napster question - whether you
> lean toward the one-big-happy-file-sharing-village notion or the
> credo, 'Thou shalt not steal music' - last year's Napster dust-up
> certainly left one lasting legacy. The controversy alerted many
> companies and universities to the need to monitor, protect and
> control their own bandwidth - before the peer-to-peer legal kinks
> are worked out and the market is flooded with even more hungry
> file-sharers and network neighbors."
>
> The article then looks at a number of bandwidth management products.
>
> - QoSWorks, QoSDirector and QoSArray (from Sitara) "a hollistic
> perspective on bandwidth management"
>
> - PacketShaper from Packeteer "over 110 universities have deployed the
> solution since September" [really? is this true?]
>
> - PacketHound from Pallisade Systems "a network guard dog" "before
> bringing in the hound, however, concerned network administrators can
> download a little canine sniffer to find out which packets are already
> sneaking through the door" PacketPup: "the big pooch comes to the rescue!"
>
> - NetReality "goes beyond bandwidth shaping by monitoring all traffic"
>
> - Floodgate-1 from Checkpoint Software Technologies "we are good news to
> Napster users. The knee-jerk reaction is to use firewalls or a router to
> shut down Napster. That doesn't make Napster people very happy. let's
> figure out what is important, give it priority and let Napster use the
> unusued bandwidth in between. Most Napster users don't really care if it
> takes an extra 10 seconds to download anyway."
|