Traffic shaping

Cooky · Jun 10, 2007

Many of our remote sites have been complaining about slow Internet performance.
We're in process of adding more T1's, but I don't think adding bandwidth alone can resolve this issue.

I think we also need to implement traffic shaping (or policing), and I'd like to know how everyone's doing it.
Do you guys get an appliance, such as Packeteer's PacketShaper, or do you manually set it up in your routers?

What do you think is the appropriate bandwidth if I want to rate limit external http traffic?
Would 120Kbps suffice?

spidey07 · Jun 10, 2007

I use packeteers extensively. The ability to manage everything as an entire system and it's deep L7 capabilities make it rock. Disallowing them from watching/listening to streaming media will save you big dollars.

nweaver · Jun 10, 2007

Cheap (free), easy, monowall

Goosemaster · Jun 10, 2007

Originally posted by: nweaver
Cheap (free), easy, monowall

I have an old tutorial online if you want to use it. I deals with a different type of environment though, but at least it will give you some idea of its capabilities

http://m0n0.wisetyro.com

For something bigger, go with what spidey said. They provide a more robust method of traffic shaping, allowing for more dynamic allocation of resources vs m0n0wall and pfsense's rather static configs.

nweaver · Jun 11, 2007

Originally posted by: Goosemaster

Originally posted by: nweaver
Cheap (free), easy, monowall

Click to expand...

I have an old tutorial online if you want to use it. I deals with a different type of environment though, but at least it will give you some idea of its capabilities

http://m0n0.wisetyro.com

For something bigger, go with what spidey said. They provide a more robust method of traffic shaping, allowing for more dynamic allocation of resources vs m0n0wall and pfsense's rather static configs.

The big thing is this: if it's critical to your business, get a supported solution. The forums for monowall don't count. If you can't have lots of downtime because of something strange, get a good supported solution.

Anyone have any idea what the price of the Packeteer stuff is?

dphantom · Jun 11, 2007

Originally posted by: nweaver

Originally posted by: Goosemaster

Originally posted by: nweaver
Cheap (free), easy, monowall

Click to expand...

I have an old tutorial online if you want to use it. I deals with a different type of environment though, but at least it will give you some idea of its capabilities

http://m0n0.wisetyro.com

For something bigger, go with what spidey said. They provide a more robust method of traffic shaping, allowing for more dynamic allocation of resources vs m0n0wall and pfsense's rather static configs.

Click to expand...

The big thing is this: if it's critical to your business, get a supported solution. The forums for monowall don't count. If you can't have lots of downtime because of something strange, get a good supported solution.

Anyone have any idea what the price of the Packeteer stuff is?

Depends on the size of the WAN pipe. From a couple thousand at each end to six figures and up with big networks. Most ROI is done using the increased cost of the WAN link being more expensive than something like a Packeteer.

Cooky · Jun 11, 2007

Most ROI is done using the increased cost of the WAN link being more expensive than something like a Packeteer.

This is very useful.
thanks.

cmetz · Jun 11, 2007

Cooky, assuming your sites with T1s use Cisco routers, get the right IOS feature set and there's traffic shaping built-in. Please note that enabling traffic shaping and different queues basically halves the box's top performance, so if you have boxes that are marginally able to drive a T1 today, you could create a new performance problem. 2600 and up should be fine though.

This is typically the best cheap way to traffic shape.

That said: get more bandwidth. Really. Bandwidth isn't *that* expensive and traffic shaping is often just a band-aid. If you have enough bandwidth to go around, you don't need to shape.

acaeti · Jun 11, 2007

what kind of service are you running? Business with multiple locations? Residential Internet? What?

That may determine what is best for you.

spidey07 · Jun 11, 2007

Originally posted by: cmetz
Cooky, assuming your sites with T1s use Cisco routers, get the right IOS feature set and there's traffic shaping built-in. Please note that enabling traffic shaping and different queues basically halves the box's top performance, so if you have boxes that are marginally able to drive a T1 today, you could create a new performance problem. 2600 and up should be fine though.

This is typically the best cheap way to traffic shape.

That said: get more bandwidth. Really. Bandwidth isn't *that* expensive and traffic shaping is often just a band-aid. If you have enough bandwidth to go around, you don't need to shape.

So true.

I'm getting complaints on "Please propose a solution to transfer 2 gigabyte autocad files across the globe, 15 minutes max."

Sure, I'll get right on that.

dphantom · Jun 12, 2007

Originally posted by: cmetz
Cooky, assuming your sites with T1s use Cisco routers, get the right IOS feature set and there's traffic shaping built-in. Please note that enabling traffic shaping and different queues basically halves the box's top performance, so if you have boxes that are marginally able to drive a T1 today, you could create a new performance problem. 2600 and up should be fine though.

This is typically the best cheap way to traffic shape.

That said: get more bandwidth. Really. Bandwidth isn't *that* expensive and traffic shaping is often just a band-aid. If you have enough bandwidth to go around, you don't need to shape.

While I agree routers can do much for you, bandwidth can be expensive or even non-existent depending upon your location.

For example, my users wanted to move very large files FAST over WAN connections. All I had to work with were T-1s. Fiber was not available and out of our budget to put in ourselves. And multiple T-1s were not practical either. So I was about to order and install traffic shaping appliances when SBC comes along and announces an MPLS network for our area. So I redid the cost analysis, and while bandwidth was marginally more expensive, it gave me a better backbone on which to build the future of the business.

So I moved to MPLS, had to wait an extra 6 months for SBC to get the stuff in place. I have no problem with users wanting to move extremly large files fast. They are my customer and often are the drivers of the business. So I need to look for the best solution that adds real value to the bottom line.

Long story short, there are no right answers except the one that meets your business needs.

Goosemaster · Jun 12, 2007

Originally posted by: spidey07

Originally posted by: cmetz
Cooky, assuming your sites with T1s use Cisco routers, get the right IOS feature set and there's traffic shaping built-in. Please note that enabling traffic shaping and different queues basically halves the box's top performance, so if you have boxes that are marginally able to drive a T1 today, you could create a new performance problem. 2600 and up should be fine though.

This is typically the best cheap way to traffic shape.

That said: get more bandwidth. Really. Bandwidth isn't *that* expensive and traffic shaping is often just a band-aid. If you have enough bandwidth to go around, you don't need to shape.

Click to expand...

So true.

I'm getting complaints on "Please propose a solution to transfer 2 gigabyte autocad files across the globe, 15 minutes max."

Sure, I'll get right on that.

Show them that Fed-ex GB/sec article

spidey07 · Jun 12, 2007

Originally posted by: Goosemaster
Show them that Fed-ex GB/sec article

Probably going to be doing wan cachers/accelerators/file appliances.

p0lar · Jun 12, 2007

Originally posted by: spidey07
I'm getting complaints on "Please propose a solution to transfer 2 gigabyte autocad files across the globe, 15 minutes max."

Sure, I'll get right on that.

Wha? C'mon, that's only a 20mbit/s PtP fiber -- no sweat, right?

Tell them their diatostic discaboobulator is malfunctioning, solar flares, monitor bearings, <insert_excuse_here>..

Or, plug in an etherkiller and let them think about their complaints in a smoke-filled cubicle, BOFH style.

Disclaimer: To others reading, acting on this advice may jeopardize the status of your employment.

m1ldslide1 · Jun 12, 2007

If you don't have the cash to spend on the appliances, you could do a combination of classification/policing and compression depending on what your router platforms support.

You'll have to look up compression - there's TCP header compression and a few others - MPCC and stacker I think. It doesn't make a huge difference with most file types, but if you're looking to squeeze every last bit it could be worth looking into. Note that compression doesn't play too nice with VOIP.

As for classification and policing, find out what types of traffic remote users are generating and figure out what aspects you could classify. In other words, src/dest IP address, TCP ports, and so on, and then you could use policing to guarantee higher percentages of bandwidth during congestion. Or conversely assign lower percentages of bandwidth to bandwidth-intensive applications that nobody will notice slower performance. This is a pretty intensive project - not really one that you can take on lightly. In my experience this is for senior-level engineering (or your local Cisco SE).

randal · Jun 12, 2007

Wha? C'mon, that's only a 20mbit/s PtP fiber -- no sweat, right?

... more like a dedicated OC-3. And I'm not sure even an oc3 could get that kind of throughput with extra-international distances due to rtt.

Good luck spidey

spidey07 · Jun 12, 2007

Originally posted by: m1ldslide1
If you don't have the cash to spend on the appliances, you could do a combination of classification/policing and compression depending on what your router platforms support.

You'll have to look up compression - there's TCP header compression and a few others - MPCC and stacker I think. It doesn't make a huge difference with most file types, but if you're looking to squeeze every last bit it could be worth looking into. Note that compression doesn't play too nice with VOIP.

As for classification and policing, find out what types of traffic remote users are generating and figure out what aspects you could classify. In other words, src/dest IP address, TCP ports, and so on, and then you could use policing to guarantee higher percentages of bandwidth during congestion. Or conversely assign lower percentages of bandwidth to bandwidth-intensive applications that nobody will notice slower performance. This is a pretty intensive project - not really one that you can take on lightly. In my experience this is for senior-level engineering (or your local Cisco SE).

I avoid compression like the plauge.

Goosemaster · Jun 13, 2007

Originally posted by: spidey07

Originally posted by: Goosemaster
Show them that Fed-ex GB/sec article

Click to expand...

Probably going to be doing wan cachers/accelerators/file appliances.

dear lord man...2GB?!

god have mercy on your soul. Unless the acceleratrors/cachers can disect an autocad file and provide you with the ability for simple file-differentiation transfers, you are going to ahve one hell of a time

realEZE · Jun 13, 2007

I like the idea of a stand-alone L4-7 device. But depending on your needs, Cisco IOS QoS might do the trick.

That is assuming you're using Cisco routers and not some third-rate vendor.

Cooky · Jun 13, 2007

Thanks for everyone's input.

We mostly use Cisco throughout our Network, and the routers have advanced ip services feature set so they support traffic shaping (I didn't know there are versions that don't support it)
The routers are doing VPN so overhead is a concern if we want to implement more features.

We're already doing WFQ and TCP header compression, but they don't seem to help much.
As someone has pointed out that we'll probably need to do a deep analysis w/ our NetFlow data to see exactly what's traversing through the Internet circuits, and then come up w/ the best solution.

Thing is, we're constantly swamped, and I need something quick and dirty NOW. We don't have time to do the traffic analysis on 50 - 70 sites.
Was hoping if doing rate limiting on http traffic would be a simple temporary solution until we can introduce Packeteer or something similar into the network.
Any suggestions?

spidey07 · Jun 13, 2007

Get packetshapers. They will pay for themselves in manhours and wan savings.

Just do it.

realEZE · Jun 14, 2007

First thing, you need to be sure the bottleneck is your Internet connection.
How fast are your WAN connections out to the remote sites (FR, ATM or Ethernet)?

WFQ and TCP header compression aren't really going to help here, since slow internet is what people are complaining about...
But I don't see how rate-limiting HTTP will help, since this is probably what people are complaining about... slow internet ~ slow HTTP.

Does your FW block common streaming music /video, p2p traffic etc ports? Maybe that's a solution too...

If your problem is slow web browsing (ie slow Internet): add more capacity & maybe netcache will help, depending on your traffic dist...

Hope it helps.

Traffic shaping

Golden Member

No Lifer

Diamond Member

Lifer

Diamond Member

Diamond Member

Golden Member

Platinum Member

Member

No Lifer

Diamond Member

Lifer

No Lifer

Senior member

Platinum Member

Golden Member

No Lifer

Lifer

Member

Golden Member

No Lifer

Member