I have a client which has thousands of customers on Satellite and needs to
restrict some users who are doing a lot.
Is QoS in the network infrastructure coupled with strictly-enforced quotas
insufficient to needs?
These permanently-inline boxes and blades that dork around with general
Internet traffic to/from eyeball networks can be a support/troubleshooting
headache . . .
Is QoS in the network infrastructure coupled with strictly-enforced quotas
insufficient to needs?
for satellite, no.
These permanently-inline boxes and blades that dork around with general
Internet traffic to/from eyeball networks can be a support/troubleshooting
headache . . .
s/headache/nightmare/
The high latency and bandwidth costs on satellite connections are a world
of pain. It should show how awful things are when you can actually improve
things by installing inline bandwidth accelerators and traffic shapers.
Just wondering what/if people are using any shaping hardware/appliances
these days, and if so, what.
I have a client which has thousands of customers on Satellite and needs to
restrict some users who are doing a lot.
So I wanted to see what the current popular equipment out there is.
I get pretty good results out of Fortinet Fortigate firewalls
(100D/800C/1500D). I use them for both web filtering and P2P rate control.
They also do WAN optimisation and some caching but I have not used that.
They scale up to 20+gig (FG3700D). When looking at the scaling you need to
use the IPS throughput rating if you are turning on DPI for P2P control.
Cost wise they are pretty good against other DPI boxes.
What I'd really love is a vAppliance. Some of these hardware solutions are
VERY expensive for offering only an average solution. I'd also rather not
rely on their hardware, but servers with VMware (or whatever) that we can
design our own redundancy.
Does anyone know if Allot does a Virtual Appliance?
I've also heard that pfSense is an interesting option... That could easily
be virtualised I would assume.
Yes, pfSense can be virtualized. I did it once with VMWare to create a
site2site tunnel, although I used Workstation 10 on Windows7 rather than
the bare metal ESXi, but I wouldn't expect any changes.
They have a very good product that allows you to do this and much more in a virtualised environment.
The software solution allows for very small to very large scale deployments and has a RESTful API for easy integration with your applications.
They are getting a lot of traction with some of the major players in the industry around the globe.
I can get you in touch with the right people if you like?
What I'd really love is a vAppliance. Some of these hardware solutions are
VERY expensive for offering only an average solution. I'd also rather not
rely on their hardware, but servers with VMware (or whatever) that we can
design our own redundancy.
Does anyone know if Allot does a Virtual Appliance?
I've also heard that pfSense is an interesting option... That could easily
be virtualised I would assume.
Found "Allot" is very popular for satellite based Internet specially in
south pacific island countries.
-R
>Hey all,
>
>Just wondering what/if people are using any shaping hardware/appliances
>these days, and if so, what.
>
>I have a client which has thousands of customers on Satellite and needs
Hello Guys.
What about DPI solutions? We use Cisco SCE8000 for traffic policing and
billing purposes. Also, as we in MNO market we use PCRF tools too.
Regards.
I never used it. I always get a fresh install of FreeBSD and configure it
from scratch so that it doesn't have all of the overhead from pfSense...
Downside is that you have to configure it all by hand, but when all you
need is one or two features, I prefer to do that instead. I usually go with
pfSense for OpenVPN tunnels since it's just quicker with the GUI.
They have a very good product that allows you to do this and much more in a virtualised environment.
The software solution allows for very small to very large scale deployments and has a RESTful API for easy integration with your applications.
They are getting a lot of traction with some of the major players in the industry around the globe.
I can get you in touch with the right people if you like?
Procera is probably the best product for real DPI. The key is the
signatures. It matches everything so granular it's simply fantastic.
Right down to what update you're grabbing for your iPhone.
As was said, you'll be paying for it.
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
We've used a few over the years. We had Packeteer Packetshapers originally but they became way too expensive once Bluecoat acquired them. $50,000 for an appliance to shape a 1 gig pipe. IIRC,$10,000 per year on maintenance at the time. These prices are after discount.We looked at the following to replace them.
NetEqualizer
Procera
Exinda
We went with Exinda and I like the solution. These days, I rely on it more for reporting and traffic/protocol analysis than for shaping, but the shaping does work as advertised. Keep in mind, these solutions can't shape on asymmetric traffic since they need to see the entire flow. If you have a pair of links, you'll need to cluster a pair of shapers so they can share flow information.
I also have tested out the traffic shaping on PFSense VMs and it works. I never pushed production traffic through them but my home firewall is a PFSense VM and the shaping works there. Not sure how it would handle a large number of clients though.
I haven't heard of a Virtual Appliance for Allot. We have used the appliance for quite some time already but I am looking forward in replacing it (as soon as possible) due to the poor support in our region.