Congestion Control

Managing the WAN infrastructure has become a top priority

for any enterprise today. There are two reasons for this. One is the

ever-growing thirst for more bandwidth on the WAN links. No matter how much

bandwidth you add, it quickly gets consumed, and users start screaming for more.

Since you can't afford to keep adding more bandwidth indefinitely, you need to

manage what you already have, by monitoring and controlling its usage. The other

reason is the pressure being put on the WAN links by emerging requirements.

Server consolidation for instance, is a hot trend nowadays,

with many organizations finding it more cost effective to consolidate their IT

infrastructures, thereby allowing branch offices to connect remotely to the data

center. Before doing so, you need to evaluate whether your WAN infrastructure

can handle connectivity from remote branches.

Most organizations today have remote backup and recovery

solutions implemented, which also require ample bandwidth. Likewise, online

collaboration applications have started gaining importance amongst

organizations, and so have VPN connectivity, web applications and services

deployments, all of which are bandwidth hungry. Add to these the fact that the

same links are used for both voice as well as data traffic. If you are using any

one or more of these applications in your enterprise, then you would definitely

need some amount of bandwidth monitoring and management.

Here, in the SonicWall report you can see the top ten users' nodes who are hogging the maximum bandwidth	Netlimiter Pro shows live bandwidth utilization of each and every application. You can also configure it to limit bandwidth

Most of these applications require priority and therefore

can't afford any latency. You wouldn't want your remote branch office users

getting frequently disconnected while accessing your centralized ERP

application. The same thing goes for other applications we just mentioned. In

all of them, adding more bandwidth isn't the only solution. You also need to

create a robust strategy and a comprehensive solution for effective monitoring

and management of your bandwidth.

Implementing bandwidth monitoring and management is not a

one-time job, but rather a continuous process. You need to constantly track

what's happening to the bandwidth, how it's being used, and ensure that

it's distributed across your users and applications according to requirements.

In this story, we've explained it in an easy way that involves four steps.

The first two steps are for monitoring your existing

bandwidth, while the latter two are for choosing and deploying the right

solution. In monitoring, the first thing to do is of course analyze whether the

bandwidth you've been promised by your ISP is indeed what you're getting.

The next step is to go deeper and analyze the bandwidth usage patterns by

applications and users in your organization. Only after this can you move to the

last two steps. One is to choose the right bandwidth management solution,

followed by deploying the same.

The SonicWall report shows the ten most frequently visited sites by the users in the network

The buck of course, doesn't stop after these four steps.

The cycle has to be continuously repeated, so that the bandwidth is also tuned

to your requirements, and your users' productivity doesn't get hampered.

Here, we've explained these four steps in detail and have used a few tools for

the job. This doesn't of course mean that you have to use only these tools for

the job. There are many others available, both commercial as well as free, which

you can choose depending upon the nature of your requirement, enterprise size,

etc.

Step 1: Analyze bandwidth

usage  



Before deploying any bandwidth management solution, you first need to understand
the bandwidth usage patterns in your organization. For this, you must run a

bandwidth monitoring tool continuously for several days. This monitoring can be

done for two things. One is to check whether you're actually getting the

bandwidth you purchased from your ISP. So if you've got a 2 Mbps connection,

are you actually getting 2 Mbps or not? Next is to monitor the actual traffic

flowing across your WAN links to determine the bandwidth hoggers.

All monitoring is done at your Internet or leased line

routers, and in several ways. You could either capture all packets flowing to

the routers and decode them or you could poll the routers through SNMP. Most

routers these days support SNMP.

There are several solutions available for bandwidth

monitoring, both commercial and free, software as well as appliance based. We

used a software called PRTG or the Paessler Router Traffic Grapher for the job,

and even an appliance from Sonic Wall.

The results for both were pretty interesting. They were

interesting because some of them were as we had expected, while others were

completely contrary to our presumptions. So be ready to get surprised or even

shocked when you run it on your network, because some of the reports could be

eye openers.

The first thing you need to do after running such a tool is

to weed out all unwanted traffic. Only then will you get a true picture of your

bandwidth usage. For instance, one of the things we found was that a huge amount

of ICMP traffic was passing through our router and choking up the bandwidth.

On closer examination, we found the source to be malware

programs sitting on a few machines on the network. PRTG also gave us detailed

reports on the HTTP, SMTP, and FTP traffic on the network.

A number of things need to be checked in these reports. For

instance, is the HTTP usage primarily for Web browsing, or is it also being used

for downloads? We found that 2 GB of HTTP downloads were happening on our

network per day. Likewise, SMTP traffic only constituted 300 MB per day.

Once you have this data, you can examine whether it's

legitimate or not. Are the http downloads valid or are users simply downloading

MP3s and streaming music on the network? Likewise, using this, you'll know

when is the mail usage the highest during the day.

In our case, it was between

9 to 11 AM

, immediately after lunch and just before Minute="0" Hour="17">

5 PM

. This is understandable, because people usually check their emails when they

come to office, after coming back from lunch, and just before calling it a day.

How PRTG works: PRTG is available on both Linux and

Windows. We used the latter for our tests. You can download a demo copy from http://www.paessler.com/prtg.

The software basically works on the concept of sensors. It has three of them for

SNMP, packet sniffing, and Netflow. Use the SNMP sensor if you just need to get

details about how much raw bandwidth is being consumed.

This is useful to determine whether you're actually

getting the bandwidth provided by your ISP. Simply configure PRTG to poll your

router through SNMP. To get a drill down into the type of traffic flowing

through the router, the top connections and top talkers, you need to use the

packet-sniffing sensor. Lastly, if you have a Cisco router, you can use the

Netflow sensor.

In the packet-sniffing mode, you should configure PRTG to

monitor all network traffic (Internet/LAN). Also choose any specific protocols

that you would want to monitor. Ideally, if you're assessing the overall

bandwidth usage of the network, then you should choose all the protocols first.

After you've got an overview of their usage, you can monitor a specific

protocol. In order to get a true picture of your network usage, you need to keep

it running continuously for a whole day at least.

Just ensure you have plenty of hard drive space to store

all the captured data. This would enable the retention of captured data for

future use.

See the pattern of mail usage. In the morning, it is the highest between 9 and 10 when users come to office, and then there are peaks between 5 to 7 pm

Step 2: Measuring bandwidth



Besides monitoring traffic traveling out over your WAN links, you also need

to measure the traffic generated by specific applications. For instance, if

you've custom developed a business application for your enterprise, which can

be accessed across your LAN and WAN, then you definitely need to determine how

much bandwidth does it consume, so that you can optimize your WAN links for it.

That's where an application bandwidth-monitoring tool

comes in.

To measure application specific bandwidth consumption, we

used a tool called NETlimiter 2 Pro. It's meant to be used by network

managers, and can be installed on Windows 2000, XP, and 2003 versions. You can

download its evaluation copy from www.netlimiter.com. The tool is fairly

interesting in nature. It lists all applications that are communicating over the

network along with their transfer rates. It can monitor and control traffic

separately on three predefined zones-My Computer, Local Network and Internet.

Installing it is simple, and you can configure filters on it, where you can

define groups of connections or applications and then apply rules to them. For

this all you need to do is choose the application name and provide the IP

address range for which you want to create the filter. Another useful feature of

the package is the Rules Editor, which lets you create rules for limiting or

granting an application a particular amount of bandwidth. These rules can also

be applied to the filters created through a Filter Editor.

CyberMedia Labs bandwidth report

For analyzing the bandwidth usage  over different applications we used Netlimiter Pro. We monitored the bandwidth usage of some of these applications for a few days and based on that we have given the minimum bandwidth required by these applications. While monitoring we noticed some interesting patterns. For example, while testing Kazaa, we found there was no fixed pattern and the bandwidth consumption fluctuated from low to high. When Skype was tested on the same network, it was also able to detect the other Skype Messenger installed in the same network and routed voice traffic through the local network, thus avoiding the usage of Internet. You can also manage the bandwidth of enterprise applications, but for this you need to have a real world scenario with plenty of servers. Moreover, you need to do it in peak hours when bandwidth utilization is high. You need to monitor each application for a few days to understand its behavior.

There's also a Stats module intended for long-term

measurement of Internet traffic. It also has plug-ins like Traffic Chart and

Stats, which shows the real time activity of applications or connections. These

stats can be exported as reports in XML format. Its Stats plug-in is capable of

giving you hourly, daily, monthly and yearly Stats for a particular application.

Step 3: Implementation

scenarios







After knowing the bandwidth requirements of your organization, you need to

deploy a bandwidth management solution. The question is where to deploy it

without disturbing your existing network setup? Here, we've taken three

possible scenarios that can be used, right from a basic setup to an advanced

setup for a larger enterprise with many branch offices.

Cyberroam bandwidth management appliance showing total bandwidth used in an enterprise during a week

Step 4: The right solution



The last step to bandwidth management is putting in the right solution.

There are a wide variety of these available, and the choice depends upon your

requirements. If you're only using your WAN links for Internet access, then

start off with a basic traffic monitoring and content filtering system.

These solutions won't do any bandwidth management as

such, but they will help you eliminate unwanted traffic so that the bandwidth is

free for legitimate use. This will at least delay your next bandwidth upgrade.

 Content filtering solutions' claim to fame is their

huge, neatly categorized database of websites that can be blacklisted. Bear in

mind that while implementing such a system, you would seldom use the default

blacklist. So after implementing such a system, interact with your users to

determine whether they're facing problems due to this black listing.

Often you'll come across users who have a genuine need to

visit a website that's been blocked by the content filtering system. To take

our own example, in order to write articles, we end up doing research on a wide

variety of topics ranging from MP3s to alcohol and what not. By default the

content filtering system would block access to these sites. Such instances are

common in most organizations, so you would need to keep close watch of them,

thereby ensuring that valid requests are not rejected by the content filtering

system.

Scenario 1: Basic bandwidth management

This is a simple network scenario, where you have an Internet connection and users are using a proxy server or gateway to connect to the Internet. In this scenario, your bandwidth management solution will sit between your LAN and ISP's router. Depending upon the type of bandwidth solution you choose, you can get functionality ranging from bandwidth management to a proxy server, firewall, cache, mail server, DNS and even content filtering, all in one box.

The next level is doing bandwidth management for business

critical applications. Most organizations today are implementing web-enabled

applications. These are distributed in nature, so that users from various

locations can use them.

Scenario 2: Bandwidth management for DMZ servers

You have a DMZ that's hosting your organization's web, mail, middleware or other servers. In this case, you need to manage users coming from both Internet and your internal network. Bandwidth has to be distributed in such a way that both internal and external users can access hosted services. Bandwidth management solution would be deployed in parallel to the firewall.

Being critical to your business, you can't afford to have

these apps underperform or fail. So the entire burden of ensuring that this

doesn't happen falls on your WAN infrastructure. That's where a traffic

shaping solution comes in.

Today, this is a highly fragmented market with a wide

variety of tools available for the job, each one wearing the garb of some fancy

jargon. Some of the terms you'll hear include WAN optimizers, application

accelerators, SSL accelerators, traffic shapers, etc.

Scenario 3: Connecting multiple branch offices

You'd like multiple branch offices to connect to your central office. It could be an ERP application running at your data center, which is remotely accessible by your branch offices. You need to give priority to this application over others. For this, you would have one bandwidth management solution at the data center and similar bandwidth managers at each of the branch offices.

The key objective of these tools is to ensure that you can

give priority to your business critical applications across your WAN links. Most

of them come as appliances and claim to 'fit' into your network

effortlessly. They would usually sit between your WAN router and the rest of

your network. How these tools achieve this is what needs to be examined when

you're choosing one. Look at the set of features that they support and whether

you need them or not.

Some useful tools

SolarWinds Engr Ed 8.2  This toolset has over 45 network discovery, monitoring and management tools. Inventory your entire network with SONAR, use the performance monitor to measure bandwidth traffic, % utilization, CPU load, disk space & memory. Perform fault management with alerting & e-mail notification. Internet Access Monitor Internet Access Monitor for WinGate is an easy-to-use software which allows monitoring of users in an enterprise. It creates log files of Internet Access and can quickly and easily generate reports. The program will also show what activities the employee engaged. Bandwidth Mgmt and Firewall  Bandwidth Management and Firewall allows to limit bandwidth for some computer or group of computers comunicating from/to Internet or to limit bandwidth for some network service. It also lets you monitor and log bandwidth utilization in your network. SoftPerfect Bandwidth Mgr 2.5 SoftPerfect Bandwidth Manager is a full-featured traffic management tool for Windows NT/2000/XP/2003 that offers cost-effective bandwidth control and quality of service based on built-in prioritized rules. With this software you can apply speed-throttling rules to specified IP addresses and ports. Bandwidth Controller Ent. 1.07 Bandwidth management and traffic shaping software for Windows 2000 and XP. Take control of your network traffic by limiting the rate of upload and download data flowing through your server. No client software needed. It offers customized settings for IP classes, MAC addresses or address groups.

For instance, some provide you a firewall, proxy, content

filtering and DNS capabilities, besides the core bandwidth management

capability. Do you really need all these features? Chances are that you already

have most of these elements on your network. How does it do bandwidth

management? Does it use QoS (Quality of Service) techniques or does it do

compression for application acceleration? The latter type is a recent

phenomenon, which has caught on like wild fire, and many vendors have jumped

into the bandwagon.

Application acceleration appliances go beyond the basic

bandwidth management and offer various features like non web-based traffic

compression, load balancing, and even layer 4-7 switching. While others sit on

both sides of a WAN link and optimize network traffic flow using compression

techniques. QoS devices of course are meant to keep an eye on applications and

their sensitivity to delay, jitter, and packet loss.

While we couldn't get our hands on an application

accelerator, we did manage to check out a bandwidth management appliance called

CyberRoam. This manages the bandwidth per user based on an IP address or

username. It can pull out the users database from an Active Directory if

you're on a Windows domain. Alternately, you can create and manage users from

the box itself.

Lastly, bandwidth management and control is a continuous

process. So though we've reached the end of this story, it's only the

beginning for you. It's a continuous process remember!

Anil Chopra, Sanjay Majumder and Swapnil Arora