Main Nav

We have traditionally been a Packetshaper shop for a very long time.  I’ve grown a bit dis-satisfied with a number of things over the years, and it looks like we will need to make some fairly expensive upgrades in the not too distant future to one of my shapers. 

 

Plus, my confidence in the deep packet inspection abilities of the shaper is not as high as it once was. 

 

I’m also looking at a next generation firewall and my confidence is much higher in the dpi capabilities of that device for denying stuff like p2p.

 

 

So, that all said, I’ve been looking at a product to equalize my bandwidth more than shape it.  I have seen people on this list mention the NetEqualizer quite often, and would be interested in your experiences with the product. 

 

Please let me know how long you’ve had the appliance.

How much bandwidth you are equalizing over.

How many students you are equalizing bandwidth for. 

Your experience with the support.   How easy to reach, replacement hardware, etc.

Do you miss the automatic bypass of the shaper (if you had one)?

 

And just your overall satisfaction with the unit and APConnection.

 

Many thanks.

Chris Davis

CIS Security Manager

The Principia

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from r_harris@culinary.edu

We moved from packetshaper to exinda ans are very happy, great company, lots of former PS engineers who left after blue coat took over. I highly recommend getting a demo. >>> Chris Davis 04/06/12 14:42 PM >>> We have traditionally been a Packetshaper shop for a very long time. I've grown a bit dis-satisfied with a number of things over the years, and it looks like we will need to make some fairly expensive upgrades in the not too distant future to one of my shapers. Plus, my confidence in the deep packet inspection abilities of the shaper is not as high as it once was. I'm also looking at a next generation firewall and my confidence is much higher in the dpi capabilities of that device for denying stuff like p2p. So, that all said, I've been looking at a product to equalize my bandwidth more than shape it. I have seen people on this list mention the NetEqualizer quite often, and would be interested in your experiences with the product. Please let me know how long you've had the appliance. How much bandwidth you are equalizing over. How many students you are equalizing bandwidth for. Your experience with the support. How easy to reach, replacement hardware, etc. Do you miss the automatic bypass of the shaper (if you had one)? And just your overall satisfaction with the unit and APConnection. Many thanks. Chris Davis CIS Security Manager The Principia ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Depending upon the Next Generation firewall you are looking at, it may also have Bandwidth Shaping.  Our Palo Alto failover clust does, and we've moved to using it from an aged Packetshaper.

On 4/6/2012 2:32 PM, Chris Davis wrote:

We have traditionally been a Packetshaper shop for a very long time.  I’ve grown a bit dis-satisfied with a number of things over the years, and it looks like we will need to make some fairly expensive upgrades in the not too distant future to one of my shapers. 

 

Plus, my confidence in the deep packet inspection abilities of the shaper is not as high as it once was. 

 

I’m also looking at a next generation firewall and my confidence is much higher in the dpi capabilities of that device for denying stuff like p2p.

 

 

So, that all said, I’ve been looking at a product to equalize my bandwidth more than shape it.  I have seen people on this list mention the NetEqualizer quite often, and would be interested in your experiences with the product. 

 

Please let me know how long you’ve had the appliance.

How much bandwidth you are equalizing over.

How many students you are equalizing bandwidth for. 

Your experience with the support.   How easy to reach, replacement hardware, etc.

Do you miss the automatic bypass of the shaper (if you had one)?

 

And just your overall satisfaction with the unit and APConnection.

 

Many thanks.

Chris Davis

CIS Security Manager

The Principia

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

We also had been a PS shop until last fall. PS/Bluecoat has lost the plot, their product standing still while the world continues to move on.

Even staying current with code updates, the percentage of unclassified/misclassified traffic was growing every month.

 

We switched to a PacketLogic from Procera in December and have never looked back.

Have heard good things about Exinda as well.

 

 

Ron Kozsan
Director, Infrastructure Services, University Systems
University of Victoria
Victoria, BC   CANADA
rkozsan@uvic.ca
250.472.4825

 

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Please let me know how long you’ve had the appliance. Almost three years. How much bandwidth you are equalizing over. 300Mb How many students you are equalizing bandwidth for. ~2400 Your experience with the support. How easy to reach, replacement hardware, etc. Their support is excellent and very responsive. This is coming from someone who asks a lot of questions and expects a lot from support. Do you miss the automatic bypass of the shaper (if you had one)? Haven't had a reason to yet; granted that doesn't mean we won't at some point. We cap every device's upload and download to 10Mb with the NetEq. We also use their YouTube caching feature which is Squid running as a transparent proxy. We've had a couple issues with the YouTube caching, but they have been minor. There is more of a balancing act with the NetEq between the equalizing and having an appropriately sized pipe as you cannot really limit specific types of traffic. We switched from PS to a NetEq simply because of cost three years ago. -Brian ________________________________
Good morning Chris and list - 

We purchased a NetEqualizer to balance our Resnet bandwidth, and just recently moved it to our Internet core.

Please let me know how long you’ve had the appliance. - Since 2008


How much bandwidth you are equalizing over. - 150M


How many students you are equalizing bandwidth for. - 12,000 FTE and 750 Staff.  14 sites across Michigan


Your experience with the support.   How easy to reach, replacement hardware, etc. - Small company, University-focus.  Very easy to work with.  We have also been a beta test site for them.  This is great, as we get to give direct input into the direction of the product.


Do you miss the automatic bypass of the shaper (if you had one)? - You can set up priority networks and devices, so you still do have some ability to do "automatic bypass", in a sense.  We do set some specific systems (internet based applications) to priority.

 

And just your overall satisfaction with the unit and APConnection.

The NetworkEqualizer made our problems providing a limited bandwidth network to our resnet go away.  It's providing the same benefit at our internet edge.  Great stuff.


We still have our old PacketShapers in line as well, but we really just use them for traffic analysis.


I hope this helps!



-
Pete Hoffswell - Network Manager
pete.hoffswell@davenport.edu
http://www.davenport.edu
616-732-1101


Good Monday Morning,

For several years we have used the packeteer's dynamic subpartition to cap each student's bandwidth (3mb/s is what we have been using) to prevent a handful of students from using all the bandwidth.  My impression from reading this thread and previous threads is that netequalizer starts shaping only when the maximum bandwidth is reached.  Does it (or any other of the products) have the capability to limit bandwidth on a per user (I.e. inside ip) basis?
Dennis Bohn
Manager of Network and Systems
Adelphi University
bohn@adelphi.edu
5168773327


Message from jim.dixon@vistaone.com

Here's a quick summary of how the three appliances mentioned in this thread -- Exinda, Procera and Palo Alto -- equalize bandwidth or handle host fairness shaping strategies.

The Exinda traffic shaping device has a similar function to PacketShaper's dynamic sub-partitions, called dynamic virtual circuits. You can either do simple host fairness, share all available bandwidth in the virtual circuit (partition) equally among hosts or you can set either a throughput guarantee and/or cap or maximum per host. You can also specify the maximum number of hosts that can populate the virtual circuit. In addition, Exinda has a feature called Adaptive Response that allows bandwidth quotas per day, week or month. What happens when a user exceed that quota depends on how you write the policy. Typically a lower throughput rate would be in effect for the remainder of the quota interval.

Procera's Packlogic traffic shaping device also has a "host fairness" feature that will evenly divide bandwidth among hosts. It can enforce per host, even per client, per server or per connection throughput limits as well as total connection limits per host. Procera also has a quota or volume based shaping mechanism that can designate several throughput levels, depending on the level of total bandwidth used over any time interval desired.

The Palo Alto Networks firewall doesn't have any host fairness or equalizing shaping strategies, but it does allow you to define 8 distinct quality of service levels and write as many QoS policies as you'd like to match traffic to those 8 traffic classes. Like Exinda and Procera, the Palo Alto Firewall is a DPI device that gives excellent application visibility with relatively little unidentified traffic. So, NetEqualizer could be a good compliment to Palo Alto when a host equal share shaping strategy is the main goal, with Palo Alto providing application visibility and also aggregate traffic class shaping options, neither of which are available with NetEqualizer.

Hope this information is useful.

Jim

Jim Dixon | Sr. Systems Engineer |
VistaOne Corporation
540.525.3782 (cell)


It’s probably no secret that I’m a big Palo Alto fan, but it’s rate-shaping capabilities are basic.  If you want to rate-shape large blocks, or specific individuals, it’s good.  But if you want to globally control the bandwidth at the user-level, it isn’t a good solution.  We purchased the NetEqualizer appliance last year, and will be implementing it over the next month or so.. just in time for the Summer bandwidth crunch ;)

 

-Brian

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jim Dixon
Sent: Monday, April 09, 2012 8:51 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Here's a quick summary of how the three appliances mentioned in this thread -- Exinda, Procera and Palo Alto -- equalize bandwidth or handle host fairness shaping strategies.

The Exinda traffic shaping device has a similar function to PacketShaper's dynamic sub-partitions, called dynamic virtual circuits. You can either do simple host fairness, share all available bandwidth in the virtual circuit (partition) equally among hosts or you can set either a throughput guarantee and/or cap or maximum per host. You can also specify the maximum number of hosts that can populate the virtual circuit. In addition, Exinda has a feature called Adaptive Response that allows bandwidth quotas per day, week or month. What happens when a user exceed that quota depends on how you write the policy. Typically a lower throughput rate would be in effect for the remainder of the quota interval.

Procera's Packlogic traffic shaping device also has a "host fairness" feature that will evenly divide bandwidth among hosts. It can enforce per host, even per client, per server or per connection throughput limits as well as total connection limits per host. Procera also has a quota or volume based shaping mechanism that can designate several throughput levels, depending on the level of total bandwidth used over any time interval desired.

The Palo Alto Networks firewall doesn't have any host fairness or equalizing shaping strategies, but it does allow you to define 8 distinct quality of service levels and write as many QoS policies as you'd like to match traffic to those 8 traffic classes. Like Exinda and Procera, the Palo Alto Firewall is a DPI device that gives excellent application visibility with relatively little unidentified traffic. So, NetEqualizer could be a good compliment to Palo Alto when a host equal share shaping strategy is the main goal, with Palo Alto providing application visibility and also aggregate traffic class shaping options, neither of which are available with NetEqualizer.

Hope this information is useful.

Jim

Jim Dixon | Sr. Systems Engineer |
VistaOne Corporation
540.525.3782 (cell)

Jim,

 

Thank you for the summary. I would add a couple of points. One is that Cisco’s 6500’s can do per IP address rate limiting in hardware if you have the right supervisor.

I would also add that doing rate limiting by QOS level may serve your needs, but it has limitations. For example, you  can rate limit peer to peer, but we have found that these types of devices often leave a significant amount of traffic as uncategorized. Then you are left with the dilemma of rate limiting the uncategorized and possibly limiting (or stopping if you are trying to stop P2P) something that you don’t’ want to limit or leaving it alone and possibly allowing what you really don’t want to allow. At least that has been our experience with Packeteer, Allot and Palo Alto.

 

Pete Morrissey

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jim Dixon
Sent: Monday, April 09, 2012 8:51 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Here's a quick summary of how the three appliances mentioned in this thread -- Exinda, Procera and Palo Alto -- equalize bandwidth or handle host fairness shaping strategies.

The Exinda traffic shaping device has a similar function to PacketShaper's dynamic sub-partitions, called dynamic virtual circuits. You can either do simple host fairness, share all available bandwidth in the virtual circuit (partition) equally among hosts or you can set either a throughput guarantee and/or cap or maximum per host. You can also specify the maximum number of hosts that can populate the virtual circuit. In addition, Exinda has a feature called Adaptive Response that allows bandwidth quotas per day, week or month. What happens when a user exceed that quota depends on how you write the policy. Typically a lower throughput rate would be in effect for the remainder of the quota interval.

Procera's Packlogic traffic shaping device also has a "host fairness" feature that will evenly divide bandwidth among hosts. It can enforce per host, even per client, per server or per connection throughput limits as well as total connection limits per host. Procera also has a quota or volume based shaping mechanism that can designate several throughput levels, depending on the level of total bandwidth used over any time interval desired.

The Palo Alto Networks firewall doesn't have any host fairness or equalizing shaping strategies, but it does allow you to define 8 distinct quality of service levels and write as many QoS policies as you'd like to match traffic to those 8 traffic classes. Like Exinda and Procera, the Palo Alto Firewall is a DPI device that gives excellent application visibility with relatively little unidentified traffic. So, NetEqualizer could be a good compliment to Palo Alto when a host equal share shaping strategy is the main goal, with Palo Alto providing application visibility and also aggregate traffic class shaping options, neither of which are available with NetEqualizer.

Hope this information is useful.

Jim

Jim Dixon | Sr. Systems Engineer |
VistaOne Corporation
540.525.3782 (cell)

We currently have a Palo Alto and we have/had a Procera that is currently a paperweight. Like several other people have stated the Palo Alto isn’t exactly designed to be a traffic shaper even though it can do some other that. It is designed to be a firewall and that is where it excels. For us the decision came down to money, we had to replace our firewall anyway and the Palo Alto could do that plus a lot more so we saved the cost of not replacing the traffic shaper and we got an IPS which we didn’t have before.

 

Ben Parker

Network Support Technician

University of Mount Union

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Monday, April 09, 2012 11:21 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

It’s probably no secret that I’m a big Palo Alto fan, but it’s rate-shaping capabilities are basic.  If you want to rate-shape large blocks, or specific individuals, it’s good.  But if you want to globally control the bandwidth at the user-level, it isn’t a good solution.  We purchased the NetEqualizer appliance last year, and will be implementing it over the next month or so.. just in time for the Summer bandwidth crunch ;)

 

-Brian

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jim Dixon
Sent: Monday, April 09, 2012 8:51 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Here's a quick summary of how the three appliances mentioned in this thread -- Exinda, Procera and Palo Alto -- equalize bandwidth or handle host fairness shaping strategies.

The Exinda traffic shaping device has a similar function to PacketShaper's dynamic sub-partitions, called dynamic virtual circuits. You can either do simple host fairness, share all available bandwidth in the virtual circuit (partition) equally among hosts or you can set either a throughput guarantee and/or cap or maximum per host. You can also specify the maximum number of hosts that can populate the virtual circuit. In addition, Exinda has a feature called Adaptive Response that allows bandwidth quotas per day, week or month. What happens when a user exceed that quota depends on how you write the policy. Typically a lower throughput rate would be in effect for the remainder of the quota interval.

Procera's Packlogic traffic shaping device also has a "host fairness" feature that will evenly divide bandwidth among hosts. It can enforce per host, even per client, per server or per connection throughput limits as well as total connection limits per host. Procera also has a quota or volume based shaping mechanism that can designate several throughput levels, depending on the level of total bandwidth used over any time interval desired.

The Palo Alto Networks firewall doesn't have any host fairness or equalizing shaping strategies, but it does allow you to define 8 distinct quality of service levels and write as many QoS policies as you'd like to match traffic to those 8 traffic classes. Like Exinda and Procera, the Palo Alto Firewall is a DPI device that gives excellent application visibility with relatively little unidentified traffic. So, NetEqualizer could be a good compliment to Palo Alto when a host equal share shaping strategy is the main goal, with Palo Alto providing application visibility and also aggregate traffic class shaping options, neither of which are available with NetEqualizer.

Hope this information is useful.

Jim

Jim Dixon | Sr. Systems Engineer |
VistaOne Corporation
540.525.3782 (cell)

Oh, I think it’s a great box (I have an HA pair as well) and I am doing basic rate-control with it to ensure we don’t continually burst over our contracted rate.  It’s just not designed to replace a NetEqualizer – where you may want to rate-shape large numbers of users on an individual basis (e.g setting everyone, individually, to no more than 10Mbs).  You can do that, but it has to be done by individual rules for each IP address .. or else the pooled IP’s SHARE the bandwidth cap.

 

-Brian

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Parker, Ben C
Sent: Monday, April 09, 2012 1:40 PM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

We currently have a Palo Alto and we have/had a Procera that is currently a paperweight. Like several other people have stated the Palo Alto isn’t exactly designed to be a traffic shaper even though it can do some other that. It is designed to be a firewall and that is where it excels. For us the decision came down to money, we had to replace our firewall anyway and the Palo Alto could do that plus a lot more so we saved the cost of not replacing the traffic shaper and we got an IPS which we didn’t have before.

 

Ben Parker

Network Support Technician

University of Mount Union

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Monday, April 09, 2012 11:21 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

It’s probably no secret that I’m a big Palo Alto fan, but it’s rate-shaping capabilities are basic.  If you want to rate-shape large blocks, or specific individuals, it’s good.  But if you want to globally control the bandwidth at the user-level, it isn’t a good solution.  We purchased the NetEqualizer appliance last year, and will be implementing it over the next month or so.. just in time for the Summer bandwidth crunch ;)

 

-Brian

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jim Dixon
Sent: Monday, April 09, 2012 8:51 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Here's a quick summary of how the three appliances mentioned in this thread -- Exinda, Procera and Palo Alto -- equalize bandwidth or handle host fairness shaping strategies.

The Exinda traffic shaping device has a similar function to PacketShaper's dynamic sub-partitions, called dynamic virtual circuits. You can either do simple host fairness, share all available bandwidth in the virtual circuit (partition) equally among hosts or you can set either a throughput guarantee and/or cap or maximum per host. You can also specify the maximum number of hosts that can populate the virtual circuit. In addition, Exinda has a feature called Adaptive Response that allows bandwidth quotas per day, week or month. What happens when a user exceed that quota depends on how you write the policy. Typically a lower throughput rate would be in effect for the remainder of the quota interval.

Procera's Packlogic traffic shaping device also has a "host fairness" feature that will evenly divide bandwidth among hosts. It can enforce per host, even per client, per server or per connection throughput limits as well as total connection limits per host. Procera also has a quota or volume based shaping mechanism that can designate several throughput levels, depending on the level of total bandwidth used over any time interval desired.

The Palo Alto Networks firewall doesn't have any host fairness or equalizing shaping strategies, but it does allow you to define 8 distinct quality of service levels and write as many QoS policies as you'd like to match traffic to those 8 traffic classes. Like Exinda and Procera, the Palo Alto Firewall is a DPI device that gives excellent application visibility with relatively little unidentified traffic. So, NetEqualizer could be a good compliment to Palo Alto when a host equal share shaping strategy is the main goal, with Palo Alto providing application visibility and also aggregate traffic class shaping options, neither of which are available with NetEqualizer.

Hope this information is useful.

Jim

Jim Dixon | Sr. Systems Engineer |
VistaOne Corporation
540.525.3782 (cell)

Hello Brian,

Just of curiosity, why not use Cisco QoS at the port level on the switch to set the bandwidth cap of 10Mbs (in example below) instead of using the NetEqualizer? Question is open to everyone else as well.

We are looking at NetEqualizer mainly to cap each individual IP to 5 megs and comparing it to do just doing QoS on the Cisco switch to cap each port.


On 4/9/2012 2:35 PM, Brian Helman wrote:

Oh, I think it’s a great box (I have an HA pair as well) and I am doing basic rate-control with it to ensure we don’t continually burst over our contracted rate.  It’s just not designed to replace a NetEqualizer – where you may want to rate-shape large numbers of users on an individual basis (e.g setting everyone, individually, to no more than 10Mbs).  You can do that, but it has to be done by individual rules for each IP address .. or else the pooled IP’s SHARE the bandwidth cap.

 

-Brian

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Parker, Ben C
Sent: Monday, April 09, 2012 1:40 PM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

We currently have a Palo Alto and we have/had a Procera that is currently a paperweight. Like several other people have stated the Palo Alto isn’t exactly designed to be a traffic shaper even though it can do some other that. It is designed to be a firewall and that is where it excels. For us the decision came down to money, we had to replace our firewall anyway and the Palo Alto could do that plus a lot more so we saved the cost of not replacing the traffic shaper and we got an IPS which we didn’t have before.

 

Ben Parker

Network Support Technician

University of Mount Union

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Monday, April 09, 2012 11:21 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

It’s probably no secret that I’m a big Palo Alto fan, but it’s rate-shaping capabilities are basic.  If you want to rate-shape large blocks, or specific individuals, it’s good.  But if you want to globally control the bandwidth at the user-level, it isn’t a good solution.  We purchased the NetEqualizer appliance last year, and will be implementing it over the next month or so.. just in time for the Summer bandwidth crunch ;)

 

-Brian

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jim Dixon
Sent: Monday, April 09, 2012 8:51 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Here's a quick summary of how the three appliances mentioned in this thread -- Exinda, Procera and Palo Alto -- equalize bandwidth or handle host fairness shaping strategies.

The Exinda traffic shaping device has a similar function to PacketShaper's dynamic sub-partitions, called dynamic virtual circuits. You can either do simple host fairness, share all available bandwidth in the virtual circuit (partition) equally among hosts or you can set either a throughput guarantee and/or cap or maximum per host. You can also specify the maximum number of hosts that can populate the virtual circuit. In addition, Exinda has a feature called Adaptive Response that allows bandwidth quotas per day, week or month. What happens when a user exceed that quota depends on how you write the policy. Typically a lower throughput rate would be in effect for the remainder of the quota interval.

Procera's Packlogic traffic shaping device also has a "host fairness" feature that will evenly divide bandwidth among hosts. It can enforce per host, even per client, per server or per connection throughput limits as well as total connection limits per host. Procera also has a quota or volume based shaping mechanism that can designate several throughput levels, depending on the level of total bandwidth used over any time interval desired.

The Palo Alto Networks firewall doesn't have any host fairness or equalizing shaping strategies, but it does allow you to define 8 distinct quality of service levels and write as many QoS policies as you'd like to match traffic to those 8 traffic classes. Like Exinda and Procera, the Palo Alto Firewall is a DPI device that gives excellent application visibility with relatively little unidentified traffic. So, NetEqualizer could be a good compliment to Palo Alto when a host equal share shaping strategy is the main goal, with Palo Alto providing application visibility and also aggregate traffic class shaping options, neither of which are available with NetEqualizer.

Hope this information is useful.

Jim

Jim Dixon | Sr. Systems Engineer |
VistaOne Corporation
540.525.3782 (cell)

One downside to doing it at the local port level that I can think of is that it would also limit bandwidth to internal network resources.

Pete M.

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski
Sent: Tuesday, April 10, 2012 11:52 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Hello Brian,

Just of curiosity, why not use Cisco QoS at the port level on the switch to set the bandwidth cap of 10Mbs (in example below) instead of using the NetEqualizer? Question is open to everyone else as well.

We are looking at NetEqualizer mainly to cap each individual IP to 5 megs and comparing it to do just doing QoS on the Cisco switch to cap each port.


On 4/9/2012 2:35 PM, Brian Helman wrote:

Oh, I think it’s a great box (I have an HA pair as well) and I am doing basic rate-control with it to ensure we don’t continually burst over our contracted rate.  It’s just not designed to replace a NetEqualizer – where you may want to rate-shape large numbers of users on an individual basis (e.g setting everyone, individually, to no more than 10Mbs).  You can do that, but it has to be done by individual rules for each IP address .. or else the pooled IP’s SHARE the bandwidth cap.

 

-Brian

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Parker, Ben C
Sent: Monday, April 09, 2012 1:40 PM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

We currently have a Palo Alto and we have/had a Procera that is currently a paperweight. Like several other people have stated the Palo Alto isn’t exactly designed to be a traffic shaper even though it can do some other that. It is designed to be a firewall and that is where it excels. For us the decision came down to money, we had to replace our firewall anyway and the Palo Alto could do that plus a lot more so we saved the cost of not replacing the traffic shaper and we got an IPS which we didn’t have before.

 

Ben Parker

Network Support Technician

University of Mount Union

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Monday, April 09, 2012 11:21 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

It’s probably no secret that I’m a big Palo Alto fan, but it’s rate-shaping capabilities are basic.  If you want to rate-shape large blocks, or specific individuals, it’s good.  But if you want to globally control the bandwidth at the user-level, it isn’t a good solution.  We purchased the NetEqualizer appliance last year, and will be implementing it over the next month or so.. just in time for the Summer bandwidth crunch ;)

 

-Brian

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jim Dixon
Sent: Monday, April 09, 2012 8:51 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Here's a quick summary of how the three appliances mentioned in this thread -- Exinda, Procera and Palo Alto -- equalize bandwidth or handle host fairness shaping strategies.

The Exinda traffic shaping device has a similar function to PacketShaper's dynamic sub-partitions, called dynamic virtual circuits. You can either do simple host fairness, share all available bandwidth in the virtual circuit (partition) equally among hosts or you can set either a throughput guarantee and/or cap or maximum per host. You can also specify the maximum number of hosts that can populate the virtual circuit. In addition, Exinda has a feature called Adaptive Response that allows bandwidth quotas per day, week or month. What happens when a user exceed that quota depends on how you write the policy. Typically a lower throughput rate would be in effect for the remainder of the quota interval.

Procera's Packlogic traffic shaping device also has a "host fairness" feature that will evenly divide bandwidth among hosts. It can enforce per host, even per client, per server or per connection throughput limits as well as total connection limits per host. Procera also has a quota or volume based shaping mechanism that can designate several throughput levels, depending on the level of total bandwidth used over any time interval desired.

The Palo Alto Networks firewall doesn't have any host fairness or equalizing shaping strategies, but it does allow you to define 8 distinct quality of service levels and write as many QoS policies as you'd like to match traffic to those 8 traffic classes. Like Exinda and Procera, the Palo Alto Firewall is a DPI device that gives excellent application visibility with relatively little unidentified traffic. So, NetEqualizer could be a good compliment to Palo Alto when a host equal share shaping strategy is the main goal, with Palo Alto providing application visibility and also aggregate traffic class shaping options, neither of which are available with NetEqualizer.

Hope this information is useful.

Jim

Jim Dixon | Sr. Systems Engineer |
VistaOne Corporation
540.525.3782 (cell)

Forgive me as it’s been a while since I’ve done policing and other associated QoS in IOS; once its setup I rarely touch it again.

 

But one advantage I believe is that the NetEQ does not kick in until a configured percentage of the bandwidth is used.  Thereby allowing someone to use more bandwidth if the bandwidth is there to be used.  Can’t remember if this can be done in IOS and too busy to look it up at the moment.

 

Brian

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski
Sent: Tuesday, April 10, 2012 11:52 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Hello Brian,

Just of curiosity, why not use Cisco QoS at the port level on the switch to set the bandwidth cap of 10Mbs (in example below) instead of using the NetEqualizer? Question is open to everyone else as well.

We are looking at NetEqualizer mainly to cap each individual IP to 5 megs and comparing it to do just doing QoS on the Cisco switch to cap each port.


On 4/9/2012 2:35 PM, Brian Helman wrote:

Oh, I think it’s a great box (I have an HA pair as well) and I am doing basic rate-control with it to ensure we don’t continually burst over our contracted rate.  It’s just not designed to replace a NetEqualizer – where you may want to rate-shape large numbers of users on an individual basis (e.g setting everyone, individually, to no more than 10Mbs).  You can do that, but it has to be done by individual rules for each IP address .. or else the pooled IP’s SHARE the bandwidth cap.

 

-Brian

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Parker, Ben C
Sent: Monday, April 09, 2012 1:40 PM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

We currently have a Palo Alto and we have/had a Procera that is currently a paperweight. Like several other people have stated the Palo Alto isn’t exactly designed to be a traffic shaper even though it can do some other that. It is designed to be a firewall and that is where it excels. For us the decision came down to money, we had to replace our firewall anyway and the Palo Alto could do that plus a lot more so we saved the cost of not replacing the traffic shaper and we got an IPS which we didn’t have before.

 

Ben Parker

Network Support Technician

University of Mount Union

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Monday, April 09, 2012 11:21 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

It’s probably no secret that I’m a big Palo Alto fan, but it’s rate-shaping capabilities are basic.  If you want to rate-shape large blocks, or specific individuals, it’s good.  But if you want to globally control the bandwidth at the user-level, it isn’t a good solution.  We purchased the NetEqualizer appliance last year, and will be implementing it over the next month or so.. just in time for the Summer bandwidth crunch ;)

 

-Brian

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jim Dixon
Sent: Monday, April 09, 2012 8:51 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Here's a quick summary of how the three appliances mentioned in this thread -- Exinda, Procera and Palo Alto -- equalize bandwidth or handle host fairness shaping strategies.

The Exinda traffic shaping device has a similar function to PacketShaper's dynamic sub-partitions, called dynamic virtual circuits. You can either do simple host fairness, share all available bandwidth in the virtual circuit (partition) equally among hosts or you can set either a throughput guarantee and/or cap or maximum per host. You can also specify the maximum number of hosts that can populate the virtual circuit. In addition, Exinda has a feature called Adaptive Response that allows bandwidth quotas per day, week or month. What happens when a user exceed that quota depends on how you write the policy. Typically a lower throughput rate would be in effect for the remainder of the quota interval.

Procera's Packlogic traffic shaping device also has a "host fairness" feature that will evenly divide bandwidth among hosts. It can enforce per host, even per client, per server or per connection throughput limits as well as total connection limits per host. Procera also has a quota or volume based shaping mechanism that can designate several throughput levels, depending on the level of total bandwidth used over any time interval desired.

The Palo Alto Networks firewall doesn't have any host fairness or equalizing shaping strategies, but it does allow you to define 8 distinct quality of service levels and write as many QoS policies as you'd like to match traffic to those 8 traffic classes. Like Exinda and Procera, the Palo Alto Firewall is a DPI device that gives excellent application visibility with relatively little unidentified traffic. So, NetEqualizer could be a good compliment to Palo Alto when a host equal share shaping strategy is the main goal, with Palo Alto providing application visibility and also aggregate traffic class shaping options, neither of which are available with NetEqualizer.

Hope this information is useful.

Jim

Jim Dixon | Sr. Systems Engineer |
VistaOne Corporation
540.525.3782 (cell)

I was thinking about this is as well. In our particular environment, a very small amount of traffic goes from the dorms to academic network when compared to Internet traffic. I don't think we ever go over 50 Mbps total and don't have any applications such as video that would require more than 10Mbps .

The biggest drawback in our case is that we allow students to bring in their own access points. In that case, we would be giving the AP 10 Mbps instead of the each individual user 10Mbps.

On 4/10/2012 11:57 AM, Peter P Morrissey wrote:

One downside to doing it at the local port level that I can think of is that it would also limit bandwidth to internal network resources.

Pete M.

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Vlade Ristevski
Sent: Tuesday, April 10, 2012 11:52 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Hello Brian,

Just of curiosity, why not use Cisco QoS at the port level on the switch to set the bandwidth cap of 10Mbs (in example below) instead of using the NetEqualizer? Question is open to everyone else as well.

We are looking at NetEqualizer mainly to cap each individual IP to 5 megs and comparing it to do just doing QoS on the Cisco switch to cap each port.


On 4/9/2012 2:35 PM, Brian Helman wrote:

Oh, I think it’s a great box (I have an HA pair as well) and I am doing basic rate-control with it to ensure we don’t continually burst over our contracted rate.  It’s just not designed to replace a NetEqualizer – where you may want to rate-shape large numbers of users on an individual basis (e.g setting everyone, individually, to no more than 10Mbs).  You can do that, but it has to be done by individual rules for each IP address .. or else the pooled IP’s SHARE the bandwidth cap.

 

-Brian

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Parker, Ben C
Sent: Monday, April 09, 2012 1:40 PM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

We currently have a Palo Alto and we have/had a Procera that is currently a paperweight. Like several other people have stated the Palo Alto isn’t exactly designed to be a traffic shaper even though it can do some other that. It is designed to be a firewall and that is where it excels. For us the decision came down to money, we had to replace our firewall anyway and the Palo Alto could do that plus a lot more so we saved the cost of not replacing the traffic shaper and we got an IPS which we didn’t have before.

 

Ben Parker

Network Support Technician

University of Mount Union

 

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Brian Helman
Sent: Monday, April 09, 2012 11:21 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

It’s probably no secret that I’m a big Palo Alto fan, but it’s rate-shaping capabilities are basic.  If you want to rate-shape large blocks, or specific individuals, it’s good.  But if you want to globally control the bandwidth at the user-level, it isn’t a good solution.  We purchased the NetEqualizer appliance last year, and will be implementing it over the next month or so.. just in time for the Summer bandwidth crunch ;)

 

-Brian

 

From: The EDUCAUSE Network Management Constituent Group Listserv [mailto:NETMAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jim Dixon
Sent: Monday, April 09, 2012 8:51 AM
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [NETMAN] Managing Bandwidth

 

Here's a quick summary of how the three appliances mentioned in this thread -- Exinda, Procera and Palo Alto -- equalize bandwidth or handle host fairness shaping strategies.

The Exinda traffic shaping device has a similar function to PacketShaper's dynamic sub-partitions, called dynamic virtual circuits. You can either do simple host fairness, share all available bandwidth in the virtual circuit (partition) equally among hosts or you can set either a throughput guarantee and/or cap or maximum per host. You can also specify the maximum number of hosts that can populate the virtual circuit. In addition, Exinda has a feature called Adaptive Response that allows bandwidth quotas per day, week or month. What happens when a user exceed that quota depends on how you write the policy. Typically a lower throughput rate would be in effect for the remainder of the quota interval.

Procera's Packlogic traffic shaping device also has a "host fairness" feature that will evenly divide bandwidth among hosts. It can enforce per host, even per client, per server or per connection throughput limits as well as total connection limits per host. Procera also has a quota or volume based shaping mechanism that can designate several throughput levels, depending on the level of total bandwidth used over any time interval desired.

The Palo Alto Networks firewall doesn't have any host fairness or equalizing shaping strategies, but it does allow you to define 8 distinct quality of service levels and write as many QoS policies as you'd like to match traffic to those 8 traffic classes. Like Exinda and Procera, the Palo Alto Firewall is a DPI device that gives excellent application visibility with relatively little unidentified traffic. So, NetEqualizer could be a good compliment to Palo Alto when a host equal share shaping strategy is the main goal, with Palo Alto providing application visibility and also aggregate traffic class shaping options, neither of which are available with NetEqualizer.

Hope this information is useful.

Jim

Jim Dixon | Sr. Systems Engineer |
VistaOne Corporation
540.525.3782 (cell)

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.