I'm trying to gauge what operators are doing to handle per-subscriber Internet access PIR bandwidth in Active E FTTx networks.
I presume operators would want to limit the each subscriber to a certain PIR, but within that limit, do things like perform preferential treatment of interactive services like steaming video or Skype, etc., ahead of non-interactive services like FTP.
My impression is that a subscriber's physical access in these networks is exponentially larger than their allocated amount of Internet access. This would leave ample room on the physical access access for other services like Voice and IPTV that might run on separate VLANs than the Internet access VLAN. That said, I doubt there's really that much of a concern about allocating PIR on these other service VLANs.
So in terms of PIR for Internet access, is there some magic box that sits between the various subscriber aggregation points and the core, which takes care of shaping the subscriber's Internet access PIR, while making sure that the any preferential treatment of interactive services is performed.
Is that a lot to ask for one box? The ridiculously deep buffers required in order to shape to PIR vs. police to it (because policing to a PIR is just plain ugly) and the requirements to perform any sort of preferential packet treatment above and beyond that seem like quite a lot to ask of one box. Am I wrong?
Who might make a box like this, if it exists? And if not, what are folks using the achieve these results?
I've seen a few deployments using Packeteer's (now BlueCoat) PacketShaper for this purpose; the only downside I've heard with that platform is cost. Sandvine and Fortinet are a couple other options that have different approaches, but have a lot of this functionality rolled in alongside their broader security services.
For shaping flexibility and real DPI, Procera PacketLogic is an order of
magnitude (and throughput) beyond Packeteer (speaking as a current user
of the former and a former user of the latter). I know their higher-ed
distribution is substantial (for those that shape by policy). There are
other "fair game" shaping appliances (NetEqualizer) if you just want to
give everyone equal access to whatever bandwidth remains. But for real
application inspection, the traditional players (Packeteer, Allot, etc)
today just tell you that yes, 80-90% of your traffic is HTTP protocol,
now what?
Many CPE platforms have the rate limit built in. Some (eg: Zhone) do this in 1mbps increments. Ideally there would be some greater level of granularity but it seems to work. You can obviously police on the other end as well if required.
On the downstream end the limiting is usually done on the subscriber aggregation equipment. Router vendors sell linecards with large amounts of queue capability for this reason. This is where you would introduce some kind of QoS to deal with video or voice as well. Upstream could be done the same way if they have true direct connections to the gear or be done on a CPE.
As far as differentiating traffic within an Internet pipe that is a slippery legal slope. Others have mentioned the bigger players like Procera and Sandvine.