Hey all, Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what. I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot. So I wanted to see what the current popular equipment out there is. ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve experts360: https://expert360.com/profile/d54a9 twitter.com/theispguy ; blog: www.theispguy.com The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
On Oct 20, 2014, at 11:56 AM, Skeeve Stevens < skeeve+nanog@eintellegonetworks.com> wrote: I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot. Is QoS in the network infrastructure coupled with strictly-enforced quotas insufficient to needs? These permanently-inline boxes and blades that dork around with general Internet traffic to/from eyeball networks can be a support/troubleshooting headache . . . ----------------------------------- Roland Dobbins <rdobbins@arbor.net>
On 20/10/2014 11:12, Roland Dobbins wrote:
Is QoS in the network infrastructure coupled with strictly-enforced quotas insufficient to needs?
for satellite, no.
These permanently-inline boxes and blades that dork around with general Internet traffic to/from eyeball networks can be a support/troubleshooting headache . . .
s/headache/nightmare/ The high latency and bandwidth costs on satellite connections are a world of pain. It should show how awful things are when you can actually improve things by installing inline bandwidth accelerators and traffic shapers. Nick
I know and feel the same way Roland. Just trying to figure out the best way to get these users with a scare resource under control. ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve experts360: https://expert360.com/profile/d54a9 twitter.com/theispguy ; blog: www.theispguy.com The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering On 20 October 2014 21:12, Roland Dobbins <rdobbins@arbor.net> wrote:
On Oct 20, 2014, at 11:56 AM, Skeeve Stevens < skeeve+nanog@eintellegonetworks.com> wrote:
I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot.
Is QoS in the network infrastructure coupled with strictly-enforced quotas insufficient to needs?
These permanently-inline boxes and blades that dork around with general Internet traffic to/from eyeball networks can be a support/troubleshooting headache . . .
----------------------------------- Roland Dobbins <rdobbins@arbor.net>
Used following two product to shape traffic on packet level (L3). Had no issue with several thousand customer. Allot http://www.allot.com/netenforcer.html ET http://www.etinc.com/ Found "Allot" is very popular for satellite based Internet specially in south pacific island countries. -R On 20/10/14 2:55 PM, "Skeeve Stevens" <skeeve+nanog@eintellegonetworks.com> wrote:
Hey all,
Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what.
I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot.
So I wanted to see what the current popular equipment out there is.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
Hey all,
Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what.
I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot.
So I wanted to see what the current popular equipment out there is.
I get pretty good results out of Fortinet Fortigate firewalls (100D/800C/1500D). I use them for both web filtering and P2P rate control. They also do WAN optimisation and some caching but I have not used that. They scale up to 20+gig (FG3700D). When looking at the scaling you need to use the IPS throughput rating if you are turning on DPI for P2P control. Cost wise they are pretty good against other DPI boxes.
What I'd really love is a vAppliance. Some of these hardware solutions are VERY expensive for offering only an average solution. I'd also rather not rely on their hardware, but servers with VMware (or whatever) that we can design our own redundancy. Does anyone know if Allot does a Virtual Appliance? I've also heard that pfSense is an interesting option... That could easily be virtualised I would assume. ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve experts360: https://expert360.com/profile/d54a9 twitter.com/theispguy ; blog: www.theispguy.com The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering On 20 October 2014 22:31, Nurul Islam Roman <nurul@apnic.net> wrote:
Used following two product to shape traffic on packet level (L3). Had no issue with several thousand customer.
Allot http://www.allot.com/netenforcer.html
Found "Allot" is very popular for satellite based Internet specially in south pacific island countries.
-R
On 20/10/14 2:55 PM, "Skeeve Stevens" <skeeve+nanog@eintellegonetworks.com> wrote:
Hey all,
Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what.
I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot.
So I wanted to see what the current popular equipment out there is.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
Yes, pfSense can be virtualized. I did it once with VMWare to create a site2site tunnel, although I used Workstation 10 on Windows7 rather than the bare metal ESXi, but I wouldn't expect any changes. On Mon, Oct 20, 2014 at 4:34 PM, Skeeve Stevens < skeeve+nanog@eintellegonetworks.com> wrote:
What I'd really love is a vAppliance. Some of these hardware solutions are VERY expensive for offering only an average solution. I'd also rather not rely on their hardware, but servers with VMware (or whatever) that we can design our own redundancy.
Does anyone know if Allot does a Virtual Appliance?
I've also heard that pfSense is an interesting option... That could easily be virtualised I would assume.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
On 20 October 2014 22:31, Nurul Islam Roman <nurul@apnic.net> wrote:
Used following two product to shape traffic on packet level (L3). Had no issue with several thousand customer.
Allot http://www.allot.com/netenforcer.html
Found "Allot" is very popular for satellite based Internet specially in south pacific island countries.
-R
On 20/10/14 2:55 PM, "Skeeve Stevens" <skeeve+nanog@eintellegonetworks.com> wrote:
Hey all,
Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what.
I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot.
So I wanted to see what the current popular equipment out there is.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
Em segunda-feira, 20 de outubro de 2014, Rafael Possamai <rafael@gav.ufsc.br> escreveu:
Yes, pfSense can be virtualized. I did it once with VMWare to create a site2site tunnel, although I used Workstation 10 on Windows7 rather than the bare metal ESXi, but I wouldn't expect any changes.
What you think about BSDRP? It's another FreeBSD with ipfw and dummynet, very ease to use for shaping. -- Eduardo Schoedler -- Eduardo Schoedler
Hello, I never used it. I always get a fresh install of FreeBSD and configure it from scratch so that it doesn't have all of the overhead from pfSense... Downside is that you have to configure it all by hand, but when all you need is one or two features, I prefer to do that instead. I usually go with pfSense for OpenVPN tunnels since it's just quicker with the GUI. On Mon, Oct 20, 2014 at 10:49 PM, Eduardo Schoedler <listas@esds.com.br> wrote:
Em segunda-feira, 20 de outubro de 2014, Rafael Possamai < rafael@gav.ufsc.br> escreveu:
Yes, pfSense can be virtualized. I did it once with VMWare to create a site2site tunnel, although I used Workstation 10 on Windows7 rather than the bare metal ESXi, but I wouldn't expect any changes.
What you think about BSDRP? It's another FreeBSD with ipfw and dummynet, very ease to use for shaping.
-- Eduardo Schoedler
-- Eduardo Schoedler
Hi Skeeve, Have you heard of Saisei (www.saisei.com)? They have a very good product that allows you to do this and much more in a virtualised environment. The software solution allows for very small to very large scale deployments and has a RESTful API for easy integration with your applications. They are getting a lot of traction with some of the major players in the industry around the globe. I can get you in touch with the right people if you like? Cheers, Ankit. On 21 Oct 2014, at 8:34 am, Skeeve Stevens <skeeve+nanog@eintellegonetworks.com> wrote:
What I'd really love is a vAppliance. Some of these hardware solutions are VERY expensive for offering only an average solution. I'd also rather not rely on their hardware, but servers with VMware (or whatever) that we can design our own redundancy.
Does anyone know if Allot does a Virtual Appliance?
I've also heard that pfSense is an interesting option... That could easily be virtualised I would assume.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
On 20 October 2014 22:31, Nurul Islam Roman <nurul@apnic.net> wrote:
Used following two product to shape traffic on packet level (L3). Had no issue with several thousand customer.
Allot http://www.allot.com/netenforcer.html
Found "Allot" is very popular for satellite based Internet specially in south pacific island countries.
-R
On 20/10/14 2:55 PM, "Skeeve Stevens" <skeeve+nanog@eintellegonetworks.com> wrote:
Hey all,
Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what.
I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot.
So I wanted to see what the current popular equipment out there is.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
I haven't heard of a Virtual Appliance for Allot. We have used the appliance for quite some time already but I am looking forward in replacing it (as soon as possible) due to the poor support in our region. -nathan On 10/21/2014 5:34 AM, Skeeve Stevens wrote:
What I'd really love is a vAppliance. Some of these hardware solutions are VERY expensive for offering only an average solution. I'd also rather not rely on their hardware, but servers with VMware (or whatever) that we can design our own redundancy.
Does anyone know if Allot does a Virtual Appliance?
I've also heard that pfSense is an interesting option... That could easily be virtualised I would assume.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
On 20 October 2014 22:31, Nurul Islam Roman <nurul@apnic.net> wrote:
Used following two product to shape traffic on packet level (L3). Had no issue with several thousand customer.
Allot http://www.allot.com/netenforcer.html
Found "Allot" is very popular for satellite based Internet specially in south pacific island countries.
-R
On 20/10/14 2:55 PM, "Skeeve Stevens" <skeeve+nanog@eintellegonetworks.com> wrote:
Hey all,
Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what.
I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot.
So I wanted to see what the current popular equipment out there is.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
The platforms I¹ve seen used for large scale dpi is procera I¹ve heard rave reviews, but also comes with the price tag. http://www.proceranetworks.com Carlos Alcantar Race Communications / Race Team Member 1325 Howard Ave. #604, Burlingame, CA. 94010 Phone: +1 415 376 3314 / carlos@race.com / http://www.race.com <http://www.race.com/> On 10/19/14, 9:55 PM, "Skeeve Stevens" <skeeve+nanog@eintellegonetworks.com> wrote:
Hey all,
Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what.
I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot.
So I wanted to see what the current popular equipment out there is.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
Procera is probably the best product for real DPI. The key is the signatures. It matches everything so granular it's simply fantastic. Right down to what update you're grabbing for your iPhone. As was said, you'll be paying for it. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Oct 21, 2014 1:00 AM, "Carlos Alcantar" <carlos@race.com> wrote:
The platforms I¹ve seen used for large scale dpi is procera I¹ve heard rave reviews, but also comes with the price tag.
http://www.proceranetworks.com
Carlos Alcantar Race Communications / Race Team Member 1325 Howard Ave. #604, Burlingame, CA. 94010 Phone: +1 415 376 3314 / carlos@race.com / http://www.race.com <http://www.race.com/>
On 10/19/14, 9:55 PM, "Skeeve Stevens" <skeeve+nanog@eintellegonetworks.com> wrote:
Hey all,
Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what.
I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot.
So I wanted to see what the current popular equipment out there is.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
We've used a few over the years. We had Packeteer Packetshapers originally but they became way too expensive once Bluecoat acquired them. $50,000 for an appliance to shape a 1 gig pipe. IIRC,$10,000 per year on maintenance at the time. These prices are after discount.We looked at the following to replace them. NetEqualizer Procera Exinda We went with Exinda and I like the solution. These days, I rely on it more for reporting and traffic/protocol analysis than for shaping, but the shaping does work as advertised. Keep in mind, these solutions can't shape on asymmetric traffic since they need to see the entire flow. If you have a pair of links, you'll need to cluster a pair of shapers so they can share flow information. I also have tested out the traffic shaping on PFSense VMs and it works. I never pushed production traffic through them but my home firewall is a PFSense VM and the shaping works there. Not sure how it would handle a large number of clients though. On 10/20/2014 12:55 AM, Skeeve Stevens wrote:
Hey all,
Just wondering what/if people are using any shaping hardware/appliances these days, and if so, what.
I have a client which has thousands of customers on Satellite and needs to restrict some users who are doing a lot.
So I wanted to see what the current popular equipment out there is.
...Skeeve
*Skeeve Stevens - *eintellego Networks Pty Ltd skeeve@eintellegonetworks.com ; www.eintellegonetworks.com
Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
facebook.com/eintellegonetworks ; <http://twitter.com/networkceoau> linkedin.com/in/skeeve
experts360: https://expert360.com/profile/d54a9
twitter.com/theispguy ; blog: www.theispguy.com
The Experts Who The Experts Call Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
participants (12)
-
Ankit Agrawal
-
Carlos Alcantar
-
Eduardo Schoedler
-
Josh Luthman
-
Nathanael C. Cariaga
-
Nick Hilliard
-
Nurul Islam Roman
-
Rafael Possamai
-
Roland Dobbins
-
Skeeve Stevens
-
Tony Wicks
-
Vlade Ristevski