Congestion Control

Managing the WAN infrastructure has become a top priority
for any enterprise today. There are two reasons for this. One is the
ever-growing thirst for more bandwidth on the WAN links. No matter how much
bandwidth you add, it quickly gets consumed, and users start screaming for more.
Since you can't afford to keep adding more bandwidth indefinitely, you need to
manage what you already have, by monitoring and controlling its usage. The other
reason is the pressure being put on the WAN links by emerging requirements.

Server consolidation for instance, is a hot trend nowadays,
with many organizations finding it more cost effective to consolidate their IT
infrastructures, thereby allowing branch offices to connect remotely to the data
center. Before doing so, you need to evaluate whether your WAN infrastructure
can handle connectivity from remote branches.

Most organizations today have remote backup and recovery
solutions implemented, which also require ample bandwidth. Likewise, online
collaboration applications have started gaining importance amongst
organizations, and so have VPN connectivity, web applications and services
deployments, all of which are bandwidth hungry. Add to these the fact that the
same links are used for both voice as well as data traffic. If you are using any
one or more of these applications in your enterprise, then you would definitely
need some amount of bandwidth monitoring and management.

Here, in the SonicWall report you can see the top ten users' nodes who are hogging the maximum bandwidth	Netlimiter Pro shows live bandwidth utilization of each and every application. You can also configure it to limit bandwidth

Most of these applications require priority and therefore
can't afford any latency. You wouldn't want your remote branch office users
getting frequently disconnected while accessing your centralized ERP
application. The same thing goes for other applications we just mentioned. In
all of them, adding more bandwidth isn't the only solution. You also need to
create a robust strategy and a comprehensive solution for effective monitoring
and management of your bandwidth.

Implementing bandwidth monitoring and management is not a
one-time job, but rather a continuous process. You need to constantly track
what's happening to the bandwidth, how it's being used, and ensure that
it's distributed across your users and applications according to requirements.
In this story, we've explained it in an easy way that involves four steps.

The first two steps are for monitoring your existing
bandwidth, while the latter two are for choosing and deploying the right
solution. In monitoring, the first thing to do is of course analyze whether the
bandwidth you've been promised by your ISP is indeed what you're getting.
The next step is to go deeper and analyze the bandwidth usage patterns by
applications and users in your organization. Only after this can you move to the
last two steps. One is to choose the right bandwidth management solution,
followed by deploying the same.

The SonicWall report shows the ten most frequently visited sites by the users in the network

The buck of course, doesn't stop after these four steps.
The cycle has to be continuously repeated, so that the bandwidth is also tuned
to your requirements, and your users' productivity doesn't get hampered.
Here, we've explained these four steps in detail and have used a few tools for
the job. This doesn't of course mean that you have to use only these tools for
the job. There are many others available, both commercial as well as free, which
you can choose depending upon the nature of your requirement, enterprise size,
etc.

Step 1: Analyze bandwidth
usage  

Before deploying any bandwidth management solution, you first need to understand
the bandwidth usage patterns in your organization. For this, you must run a
bandwidth monitoring tool continuously for several days. This monitoring can be
done for two things. One is to check whether you're actually getting the
bandwidth you purchased from your ISP. So if you've got a 2 Mbps connection,
are you actually getting 2 Mbps or not? Next is to monitor the actual traffic
flowing across your WAN links to determine the bandwidth hoggers.

All monitoring is done at your Internet or leased line
routers, and in several ways. You could either capture all packets flowing to
the routers and decode them or you could poll the routers through SNMP. Most
routers these days support SNMP.

There are several solutions available for bandwidth
monitoring, both commercial and free, software as well as appliance based. We
used a software called PRTG or the Paessler Router Traffic Grapher for the job,
and even an appliance from Sonic Wall.

The results for both were pretty interesting. They were
interesting because some of them were as we had expected, while others were
completely contrary to our presumptions. So be ready to get surprised or even
shocked when you run it on your network, because some of the reports could be
eye openers.

The first thing you need to do after running such a tool is
to weed out all unwanted traffic. Only then will you get a true picture of your
bandwidth usage. For instance, one of the things we found was that a huge amount
of ICMP traffic was passing through our router and choking up the bandwidth.

On closer examination, we found the source to be malware
programs sitting on a few machines on the network. PRTG also gave us detailed
reports on the HTTP, SMTP, and FTP traffic on the network.

A number of things need to be checked in these reports. For
instance, is the HTTP usage primarily for Web browsing, or is it also being used
for downloads? We found that 2 GB of HTTP downloads were happening on our
network per day. Likewise, SMTP traffic only constituted 300 MB per day.

Once you have this data, you can examine whether it's
legitimate or not. Are the http downloads valid or are users simply downloading
MP3s and streaming music on the network? Likewise, using this, you'll know
when is the mail usage the highest during the day.

In our case, it was between
9 to 11 AM
, immediately after lunch and just before Minute="0" Hour="17">
5 PM
. This is understandable, because people usually check their emails when they
come to office, after coming back from lunch, and just before calling it a day.

How PRTG works: PRTG is available on both Linux and
Windows. We used the latter for our tests. You can download a demo copy from http://www.paessler.com/prtg.
The software basically works on the concept of sensors. It has three of them for
SNMP, packet sniffing, and Netflow. Use the SNMP sensor if you just need to get
details about how much raw bandwidth is being consumed.

This is useful to determine whether you're actually
getting the bandwidth provided by your ISP. Simply configure PRTG to poll your
router through SNMP. To get a drill down into the type of traffic flowing
through the router, the top connections and top talkers, you need to use the
packet-sniffing sensor. Lastly, if you have a Cisco router, you can use the
Netflow sensor.

In the packet-sniffing mode, you should configure PRTG to
monitor all network traffic (Internet/LAN). Also choose any specific protocols
that you would want to monitor. Ideally, if you're assessing the overall
bandwidth usage of the network, then you should choose all the protocols first.
After you've got an overview of their usage, you can monitor a specific
protocol. In order to get a true picture of your network usage, you need to keep
it running continuously for a whole day at least.

Just ensure you have plenty of hard drive space to store
all the captured data. This would enable the retention of captured data for
future use.

See the pattern of mail usage. In the morning, it is the highest between 9 and 10 when users come to office, and then there are peaks between 5 to 7 pm

Step 2: Measuring bandwidth

Besides monitoring traffic traveling out over your WAN links, you also need
to measure the traffic generated by specific applications. For instance, if
you've custom developed a business application for your enterprise, which can
be accessed across your LAN and WAN, then you definitely need to determine how
much bandwidth does it consume, so that you can optimize your WAN links for it.

That's where an application bandwidth-monitoring tool
comes in.

To measure application specific bandwidth consumption, we
used a tool called NETlimiter 2 Pro. It's meant to be used by network
managers, and can be installed on Windows 2000, XP, and 2003 versions. You can
download its evaluation copy from www.netlimiter.com. The tool is fairly
interesting in nature. It lists all applications that are communicating over the
network along with their transfer rates. It can monitor and control traffic
separately on three predefined zones-My Computer, Local Network and Internet.
Installing it is simple, and you can configure filters on it, where you can
define groups of connections or applications and then apply rules to them. For
this all you need to do is choose the application name and provide the IP
address range for which you want to create the filter. Another useful feature of
the package is the Rules Editor, which lets you create rules for limiting or
granting an application a particular amount of bandwidth. These rules can also
be applied to the filters created through a Filter Editor.

CyberMedia Labs bandwidth report

For analyzing the bandwidth usage  over different applications we used Netlimiter Pro. We monitored the bandwidth usage of some of these applications for a few days and based on that we have given the minimum bandwidth required by these applications. While monitoring we noticed some interesting patterns. For example, while testing Kazaa, we found there was no fixed pattern and the bandwidth consumption fluctuated from low to high. When Skype was tested on the same network, it was also able to detect the other Skype Messenger installed in the same network and routed voice traffic through the local network, thus avoiding the usage of Internet. You can also manage the bandwidth of enterprise applications, but for this you need to have a real world scenario with plenty of servers. Moreover, you need to do it in peak hours when bandwidth utilization is high. You need to monitor each application for a few days to understand its behavior.

There's also a Stats module intended for long-term
measurement of Internet traffic. It also has plug-ins like Traffic Chart and
Stats, which shows the real time activity of applications or connections. These
stats can be exported as reports in XML format. Its Stats plug-in is capable of
giving you hourly, daily, monthly and yearly Stats for a particular application.

Step 3: Implementation
scenarios



After knowing the bandwidth requirements of your organization, you need to
deploy a bandwidth management solution. The question is where to deploy it
without disturbing your existing network setup? Here, we've taken three
possible scenarios that can be used, right from a basic setup to an advanced
setup for a larger enterprise with many branch offices.

Cyberroam bandwidth management appliance showing total bandwidth used in an enterprise during a week

Step 4: The right solution

The last step to bandwidth management is putting in the right solution.
There are a wide variety of these available, and the choice depends upon your
requirements. If you're only using your WAN links for Internet access, then
start off with a basic traffic monitoring and content filtering system.

These solutions won't do any bandwidth management as
such, but they will help you eliminate unwanted traffic so that the bandwidth is
free for legitimate use. This will at least delay your next bandwidth upgrade.

 Content filtering solutions' claim to fame is their
huge, neatly categorized database of websites that can be blacklisted. Bear in
mind that while implementing such a system, you would seldom use the default
blacklist. So after implementing such a system, interact with your users to
determine whether they're facing problems due to this black listing.

Often you'll come across users who have a genuine need to
visit a website that's been blocked by the content filtering system. To take
our own example, in order to write articles, we end up doing research on a wide
variety of topics ranging from MP3s to alcohol and what not. By default the
content filtering system would block access to these sites. Such instances are
common in most organizations, so you would need to keep close watch of them,
thereby ensuring that valid requests are not rejected by the content filtering
system.

Scenario 1: Basic bandwidth management

This is a simple network scenario, where you have an Internet connection and users are using a proxy server or gateway to connect to the Internet. In this scenario, your bandwidth management solution will sit between your LAN and ISP's router. Depending upon the type of bandwidth solution you choose, you can get functionality ranging from bandwidth management to a proxy server, firewall, cache, mail server, DNS and even content filtering, all in one box.

The next level is doing bandwidth management for business
critical applications. Most organizations today are implementing web-enabled
applications. These are distributed in nature, so that users from various
locations can use them.

Scenario 2: Bandwidth management for DMZ servers

You have a DMZ that's hosting your organization's web, mail, middleware or other servers. In this case, you need to manage users coming from both Internet and your internal network. Bandwidth has to be distributed in such a way that both internal and external users can access hosted services. Bandwidth management solution would be deployed in parallel to the firewall.

Being critical to your business, you can't afford to have
these apps underperform or fail. So the entire burden of ensuring that this
doesn't happen falls on your WAN infrastructure. That's where a traffic
shaping solution comes in.

Today, this is a highly fragmented market with a wide
variety of tools available for the job, each one wearing the garb of some fancy
jargon. Some of the terms you'll hear include WAN optimizers, application
accelerators, SSL accelerators, traffic shapers, etc.

Scenario 3: Connecting multiple branch offices

You'd like multiple branch offices to connect to your central office. It could be an ERP application running at your data center, which is remotely accessible by your branch offices. You need to give priority to this application over others. For this, you would have one bandwidth management solution at the data center and similar bandwidth managers at each of the branch offices.

The key objective of these tools is to ensure that you can
give priority to your business critical applications across your WAN links. Most
of them come as appliances and claim to 'fit' into your network
effortlessly. They would usually sit between your WAN router and the rest of
your network. How these tools achieve this is what needs to be examined when
you're choosing one. Look at the set of features that they support and whether
you need them or not.

Some useful tools

SolarWinds Engr Ed 8.2  This toolset has over 45 network discovery, monitoring and management tools. Inventory your entire network with SONAR, use the performance monitor to measure bandwidth traffic, % utilization, CPU load, disk space & memory. Perform fault management with alerting & e-mail notification. Internet Access Monitor Internet Access Monitor for WinGate is an easy-to-use software which allows monitoring of users in an enterprise. It creates log files of Internet Access and can quickly and easily generate reports. The program will also show what activities the employee engaged. Bandwidth Mgmt and Firewall  Bandwidth Management and Firewall allows to limit bandwidth for some computer or group of computers comunicating from/to Internet or to limit bandwidth for some network service. It also lets you monitor and log bandwidth utilization in your network. SoftPerfect Bandwidth Mgr 2.5 SoftPerfect Bandwidth Manager is a full-featured traffic management tool for Windows NT/2000/XP/2003 that offers cost-effective bandwidth control and quality of service based on built-in prioritized rules. With this software you can apply speed-throttling rules to specified IP addresses and ports. Bandwidth Controller Ent. 1.07 Bandwidth management and traffic shaping software for Windows 2000 and XP. Take control of your network traffic by limiting the rate of upload and download data flowing through your server. No client software needed. It offers customized settings for IP classes, MAC addresses or address groups.

For instance, some provide you a firewall, proxy, content
filtering and DNS capabilities, besides the core bandwidth management
capability. Do you really need all these features? Chances are that you already
have most of these elements on your network. How does it do bandwidth
management? Does it use QoS (Quality of Service) techniques or does it do
compression for application acceleration? The latter type is a recent
phenomenon, which has caught on like wild fire, and many vendors have jumped
into the bandwagon.

Application acceleration appliances go beyond the basic
bandwidth management and offer various features like non web-based traffic
compression, load balancing, and even layer 4-7 switching. While others sit on
both sides of a WAN link and optimize network traffic flow using compression
techniques. QoS devices of course are meant to keep an eye on applications and
their sensitivity to delay, jitter, and packet loss.

While we couldn't get our hands on an application
accelerator, we did manage to check out a bandwidth management appliance called
CyberRoam. This manages the bandwidth per user based on an IP address or
username. It can pull out the users database from an Active Directory if
you're on a Windows domain. Alternately, you can create and manage users from
the box itself.

Lastly, bandwidth management and control is a continuous
process. So though we've reached the end of this story, it's only the
beginning for you. It's a continuous process remember!

Anil Chopra, Sanjay Majumder and Swapnil Arora