BMAS Home | About BMAS | Bandwidth Management | Technology Papers and Guidance | Product Evaluations | Calls for Participation | Enquiries
Packeteer PacketShaperOverview |
||
| Packeteer is a US based company that offers a wide variety of products for bandwidth management. One of their most popular products is the PacketShaper . This appliance is available at a variety of levels depending on the speed of the network links it will manage. The lowest entry level box is for a 128k line with the high-end box being able to monitor and manage a 1 Gigabit link.
The PacketShaper is also available as a monitoring-only box called PacketSeeker which has all the functionality of the PacketShaper's traffic recognition but is not able to do any type of traffic control. |
 |
The PacketShaper used for testing in our lab was a 2U rack mounted box.
(Click image to enlarge)
It is advisable to do some initial configuration before putting the PacketShaper in place by connecting up to the serial interface on the front of the box and following the step-by-step instructions. These settings are pretty basic and cover such things as passwords, IP addresses and connection speeds etc. Initial physical installation is extremely easy, and consists of connecting the usual 9v power connection to the back of the box and then placing it in-line with an 'in' and an 'out' Ethernet connection as near to your network bottleneck as possible. Note that the PacketShaper box is also available with optical network connections and can be expanded to hold extra network interfaces.
Once the PacketShaper is on the network it is accessed through a web browser and can be configured either by a normal http connection or a secure http connection. The secure connection method is a little slower, but not by any amount that would impair the administrators use of the PacketShaper.
Once the administrator has gained access to the PacketShaper through their web browser, they will be taken to a general information screen showing the status of the box and its interfaces. At the top of the page are a selection of tabs that give access to each of the major functions of the PacketShaper. The sections are 'Top Ten', 'Monitor', 'Manage', 'Report', 'Setup', 'Info' (the box's start page), 'Feedback' and 'PacketGuide'. Each of these sections is covered below.
Below is the 'Top ten' page for the PacketShaper. It gives a quick view of the most used inbound and outbound protocols (in bandwidth) on the network in a given time frame. The time frame can be adjusted anywhere from 1 minute average to a 7 day average. The page also shows what percentage of traffic each protocol counts towards. You may notice one traffic type is referred to as 'Default': this traffic is data that the Packeteer has been unable to classify either due to the PacketShaper reaching its limits or there simply not being enough traffic of that type to determine the protocol being used.
(Click image to enlarge)
The view below is probably one of the most used pages on the PacketShaper. It provides a tree based view of all the traffic classes, their details such as bandwidth usage and also any rules that have been placed on those classes. At the top of the tree are the inbound and outbound traffic directions: this is then followed by all the protocols that the PacketShaper has detected running on the network. The different protocols can be grouped together and placed in folders for easier management, and rules can either be applied to single protocols or groups.
The protocols recognised by the PacketShaper can also be refined further by the administrator to improve the granularity of the rules. Such refinements can include blocking or redirection from certain websites/domains, blocking of running servers on the network and using wildcard rules on FTP transfers such as blocking all *.mp3 files.
(Click image to enlarge)
The rules discussed above are applied using the page shown below. This is accessed by clicking on the appropriate traffic type in the 'Manage' tab. Here the traffic type can be renamed, commented, have top talkers/listeners analysis added to it and modifications to the rules that define that protocol can be made.
The top talkers/listeners analysis tool can be very useful for identifying certain users who some may call 'bandwidth hogs'. By enabling top talkers/listeners you can see who both inside and outside of your LAN is transferring the most bandwidth in/out of your network. Appropriate steps can then be taken to either analyse the traffic further or apply rules to limit the users bandwidth.
(Click image to enlarge)
Another useful feature of the PacketShaper is its graphing abilities. Though the graphs are not as dynamic as the NetEnforcer's Java based interface, it is easier to get hold of older data from the 'straight out of the box' system. The graphs presented are very clear and are a mix of basic line graphs and pie charts. The data used for the graphs can be easily presented in raw data too, for easy exporting to a program such as Excel. The latest version of the PacketShaper software now also supports Cisco's NetFlow and can export its reporting data to a NetFlow data collector.
(Click image to enlarge)
Below is a page that is used to access all of the administration sections of the Packeteer, such as setting IPs, enabling traffic shaping and changing many system variables.
(Click image to enlarge)
The Info page shows just general information such as system status, IP address and serial number. The Feedback page takes you to the Packeteer website to give feedback on the product. Finally, the PacketGuide link again takes you to the Packeteer website and offers you a online user manual and advice area for using the Packeteer to its best abilities.
As is usual with these type of appliances, they can also be administered via a CLI. One interesting feature of the PacketShaper is that the CLI commands are also available through the web interface. Below is a screenshot showing the web interface:
(Click image to enlarge)
This web interface is great for those users that want to use some of the more advanced features only available via the CLI even though they don't have any experience with a program such as Telnet or Putty.
The web interface also means that all the box administration can be done entirely through the web interface, which is definitely a nice and simple way of doing things. Using this interface also means that with the use of drop down boxes it is easy to see what commands are available rather than type question marks after each command in the standard CLI manner.
As mentioned before, many more options are available via the CLI than through the standard web interface. For users wanting a quick fix on their network there is probably no reason to use the CLI other than for if/when they contact Packeteer support. If the administrator does want to take things a bit further though, there are quite a few interesting features that can really help in narrowing down the granularity of the controls the PacketShaper uses.
One such extra level of control available through the CLI is the ability to use the LoadShedding commands. These have been used at the University of Manchester to help in the fight against virus infections on the student halls network segments. The LoadShedding command is able to limit the number of connections a single IP can make per minute. Most viruses will try and make many hundreds of connections each minute in order to help it propagate. This number of connections can easily bog down a network infrastructure and cause many headaches for administrators. A LoadShedding command such as:
sys set loadSheddingClientFPM 500
will limit each IP on your network to 500 flows per minute. There are additional command if you wish to only apply the shedding to TCP or UDP flows. Once applied, the command:
host info -sf -n 20
can be run in order to see the top 20 IPs with the most connections being made. This information can be quite useful for finding virus infected network nodes.
Another useful feature only accessable through the CLI is the PacketShaper's ability to capture packets in a chosen flow which can then be exported to a packet analysis program such as Ethereal . The command used for packetcapture would look like:
packetcapture add Outbound/FTP/LocalServers
packetcapture limit packets 100
packetcapture on
The above commands would then capture packets that are outbound from local FTP servers with 100 packets being stored per flow until the following command is issued:
packetcapture off
Once the capture is over you can then log in to the web interface, download the .dmp file and open it to carry out your investigation.
From experience of using a PacketShaper on a live network it is advisable to install the box and leave it to gather data for roughly a week before applying any rules (unless it's absolutely essential to apply rules immediately). This will give the box time to get a good picture of what protocols are traversing your network and you can group similar protocols together in folders so they can be managed as one (such as peer-to-peer). Once you have a well constructed tree of protocols, you can put together a plan of where the problem areas are and what possible solutions the PacketShaper can offer. The PacketShaper is backed up with a very knowledgeable group of support staff, available either through a personal support contact or the PacketShaper public forum .
The Packeteer PacketShaper is a very well thought out and executed bandwidth management device. It provides a clean and useable interface that is appealing to low-end users and experts alike, and with minimal setup, can become a vital tool in both bandwidth management and network security in general. An appliance such as this should always be 'test driven' first along side another appliance such as the Allot NetEnforcer, as although they carry out very similar tasks, their implementation and interfaces are very different and it is always advisable to get hands-on experience to find which solution fits your personal needs the most.
If you are interested in the PacketShaper and would like more information or to request a trial of a Packeteer product, either contact BMAS or follow one of these links:
Packeteer - http://www.packeteer.com
PacketShaper - http://www.packeteer.com/prod-sol/products/packetshaper.cfm
PacketShaper flash demo - http://www.packeteer.com/program/demoroom/presentps.html
PacketShaper Data Sheet (pdf) - http://www.packeteer.com/resources/prod-sol/PSDS.pdf
CyberProtect (reseller) - http://www.cyberprotect.co.uk
