Educause Security Discussion mailing list archives
Re: Bandwith management, traffic shaping
From: "Doty, Timothy T." <tdoty () MST EDU>
Date: Wed, 6 Oct 2010 11:21:57 -0500
We use a Cisco Service Control Engine (SCE). While ours only does 1Gb my understanding is that there are newer models that can handle 10G. I don’t believe I can say much about some of your features, but the SCE has worked very well for us. It *is* a complex beast with considerable capability so expect some time to come to grips with it. It allows *very* elaborate control of traffic based on source, destination, protocol, what have you. Or you can keep it simple. The latency is absurdly low due to two factors: effective hardware acceleration and a default to pass. For example, the first packet that hits it for a flow may not have enough context to determine whether it should be passed or dropped. In such a case it passes the packet, and continues to analyze. One consequence is that, especially for very aggressive UDP-based protocols, some leakage of traffic may occur. We appreciate this design choice – for one it helps to avoid the “new device is causing my network problem” issues. The java interface is alright and allows for creation of a variety of reports. To be honest, we don’t use those features though we looked into it initially. It has an API that can be used to extend it in practically arbitrary ways. We use this for our P2P Request application (block by default, allow by exception) and populating subscribers (for example, based on DHCP). We recently did further extension creating a web application that better fits our business processes. In my opinion it is worth looking at. Tim Doty From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dexter Caldwell Sent: Wednesday, October 06, 2010 10:27 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Bandwith management, traffic shaping Hi All, Request for help. I know some of this has come up in past discussions. We are considering replacing our current bandwidth management platform with another due to the fact that we are beginning to see some challenges with it. We are in the planning stages for a replacement technology. We currently use a Blue Coat/Packeeter product which has served us fine in previous years, but we are now sort of outgrowing it. Any recommendations? What other bandwith management technologies do you any of you use that you're happy with? Some features of interest to us are: -accuracy of detection - a strong platform in terms of throughput (10G capable) -strong flexibility in managing traffic (all the normal stuff, plus possibly schedules) -support for multiple Internet links or (BGP or other gateway protocols) -high number of protocols/signatures (more than just p2p) -scalable platform with central management -any DMCA management features -ease of management (learning curve is okay if platform is worth it, but we are a small team wearing many hats) -typical features that we all use or appreciate having such as granular bandwidth management, dynamic allocations, etc. -good reporting and dashboard overviews. -any other features you think are useful If you have a platform recommendation that is worth looking at regardless of the features above please respond with product and your general experience. We will do the homework. (I saw Procera's Packetlogic sugested recently, but we are looking into others as well.)
Attachment:
smime.p7s
Description:
Current thread:
- Bandwith management, traffic shaping Dexter Caldwell (Oct 06)
- Re: Bandwith management, traffic shaping Kenneth G. Arnold (Oct 06)
- Re: Bandwith management, traffic shaping Ammar Abdulahad (Oct 06)
- Re: Bandwith management, traffic shaping Kenneth G. Arnold (Oct 06)
- Re: Bandwith management, traffic shaping Ammar Abdulahad (Oct 06)
- Re: Bandwith management, traffic shaping Doty, Timothy T. (Oct 06)
- Re: Bandwith management, traffic shaping Leo Song (Oct 07)
- Re: Bandwith management, traffic shaping Kenneth G. Arnold (Oct 06)