Apconnections Netequalizer User manual

User Guide

NetEqualizer

User Guide

No part of this publication including text, examples, diagrams or illustrations may be reproduced,

transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical

or otherwise, for any purpose, without prior written permission of APconnections, Inc.

User Guide

Table of Contents

Where to Install NetEqualizer ................................................................................. 5

Setting up the NetEqualizer.................................................................................... 6

Factory Default IP Settings ............................................................................................... 6

Accessing the NetEqualizer via the Web GUI IP ....................................................................... 6

Cabling the NetEqualizer into your Network .......................................................................... 6

Configuring the NetEqualizer............................................................................................. 8

The NetEqualizer Dashboard................................................................................... 9

Equalizing Defined ............................................................................................ 11

Configuring Equalizing Parameters.......................................................................... 14

Using the RATIO Parameter to Influence Equalizing.................................................................14

Setting your Trunk Size ...................................................................................................15

Parameters to Adjust Equalizing Sensitivity ..........................................................................16

Parameters to Size Internal Tables .....................................................................................18

Viewing your Equalizing Parameter Settings..........................................................................19

Controlling P2P Traffic........................................................................................ 20

Setting Connection Limits................................................................................................20

Dynamic Hogmin: Creating Smart Connection Limits ...............................................................22

Setting Bandwidth Limits..................................................................................... 25

Setting Hard Limits by IP.................................................................................................25

Adding Bursting to Hard Limits.................................................................................................26

Setting up Bandwidth Pools..............................................................................................28

Setting Hard Limits by VLAN.............................................................................................31

Setting Hard Limits by MAC address....................................................................................31

Consider Setting Bandwidth Priority ........................................................................ 33

Defining Priority Traffic ..................................................................................................33

Masking Off Traffic ........................................................................................................34

Restricting Bandwidth Usage................................................................................. 36

Establishing User Quotas (Professional Quota API) ..................................................................36

MAC Redirection ...........................................................................................................42

Distributed Denial of Service Attack (DDoS) Tools ........................................................ 44

DDoS Monitor ...............................................................................................................44

DDoS Firewall ..............................................................................................................46

Monitoring and Reporting..................................................................................... 47

Dynamic Real-Time Reporting (RTR) ...................................................................................50

RTR Dashboard .................................................................................................................... 50

Real-time Traffic Graph ......................................................................................................... 51

RTR Active Connections.......................................................................................................... 51

IP Reports..........................................................................................................................55

Traffic History..................................................................................................................... 58

View NetEqualizer Log........................................................................................................... 62

Configuration ..................................................................................................................... 64

Running Processes ................................................................................................................ 65

RTR Preferences .................................................................................................................. 65

Continued on next page…

User Guide

Export Data to a Reporting Data Warehouse .................................................................................65

Start/Stop RTR.................................................................................................................... 66

Autostart RTR .....................................................................................................................66

View Current Activity .....................................................................................................67

View P2P Report ..................................................................................................................67

View Instantaneous Bandwidth Usage .........................................................................................67

Email Notifications ........................................................................................................69

Configure Email...................................................................................................................69

Configure Alerts ..................................................................................................................70

Redundancy and Failover..................................................................................... 71

Setting up Full Redundancy..............................................................................................71

Failover......................................................................................................................72

Maintenance Tasks............................................................................................. 73

Powering Off the NetEqualizer..........................................................................................73

Backing Up Your Configuration Settings ...............................................................................73

Getting Software Updates for the NetEqualizer .....................................................................73

Troubleshooting................................................................................................ 76

Frequently Asked Questions (FAQs) ......................................................................... 79

Appendix 1 - Equalizing Parameters, Units, & Defaults.................................................. 83

Appendix 2 - Setting/Forcing LAN Speeds and Duplex ................................................... 84

Appendix 3 - Packet Capturing for taps such as CALEA .................................................. 86

Appendix 4 - NetEqualizer Caching Option (NCO) ........................................................ 88

Appendix 5 - Tuning Parameters for a Large Number of subnet-ranged Limits, Pools, & Masks.... 89

Appendix 6 - Syncing NetEqualizer Date/Time............................................................ 90

Appendix 7 - Firewalling the NetEqualizer ................................................................ 92

Appendix 8 –NetEqualizer Directory Integration (NDI) .................................................. 93

User Guide

Thank you for purchasing a NetEqualizer. You are now on your way to achieving "Faster

Networks, with Zero Maintenance, at the Best Prices". Using NetEqualizer in default factory

mode will take care of almost all network congestion and priority traffic flow requirements,

and is the recommended operational mode for most customers. However, NetEqualizer also

offers a wide range of bandwidth control options, while at the same time allowing you to

keep it simple.

NetEqualizer Quick Start Guide

To perform your initial installation, you should reference the NetEqualizer Quick Start Guide.

This contains the basic setup details and minimal settings required to get you up and

running. A hard copy is included in your shipping box. We also email a PDF copy with your

shipping confirmation email.

Note: The NetEqualizer Quick Start Guide is a step-by-step instruction manual.

NetEqualizer User Guide

The NetEqualizer User Guide is intended to walk through NetEqualizer features in more

detail than our NetEqualizer Quick Start Guide. It also includes appendices describing our

add-on modules. Once up and running, it is a good idea to review this entire NetEqualizer

User Guide, to become familiar with all of the advanced features available to you.

Note: The NetEqualizer User Guide is not a step-by-step instruction manual. Select the

feature you are interested in from the Table of Contents and go directly to that section.

For Additional Help

Should you need further assistance setting up your NetEqualizer, please call our Support

Team at 303.997.1300 x102 or email support@apconnections.net. If you purchased

through an authorized distributor or reseller, check with them first to determine if they

support you directly.

Key to Reading the User Guide

Entity

Format

Example

GUI Parameter

Name

(SYSTEM PARAMETER

NAME)

Shown in bolded blue. Sometimes

followed by system variable name in

CAPITAL LETTERS.

Bandwidth Up

(TRUNK_UP)

SYSTEM PARAMETER

NAME

System variable names (if shown) are

in CAPITAL LETTERS.

TRUNK_UP

Notes

Notes are shown in blue italics

preceded by "Note:".

Note: For a detailed list of the steps

necessary to get up and running, please

see the NetEqualizer Quick Start Guide.

Type in: values to be

entered

Values that you need to type in are

shown in orange italics preceded by

"Type in:".

Type in: /bridge/bridge-

utils/brctl/brctl rembrain my 99999

Click on ->Menu

name

Menus are shown in bold orange

italics preceded by "Click on->" or "-

>".

Click on -> Manage Equalizing ->

Configure Parameters.

Click on ->

[button_name]

Buttons are shown in bold orange

italics surrounded by square brackets

preceded by "Click on ->" or "->".

Click on -> [Start/Stop Equalizing] ->

[Start Equalizing].

User Guide

Where to Install NetEqualizer

NetEqualizer can be installed on any link whose traffic you would like to shape. For

maximum effectiveness, most users should install NetEqualizer between the network users

and the Internet trunk. Traffic running between your network and the Internet is generally

a constriction point in traffic flow where many users compete for this limited resource. By

placing your NetEqualizer at this junction you will automatically optimize your Internet

speed.

The NetEqualizer operates as a Transparent Bridge on your network. There is typically no

need to change anything in your network configuration to install the appliance. Simply

install the NetEqualizer between your Router and Network Switch, or anywhere you can see

the individual IP addresses you wish to shape. Set-up using the Quick Start Guide to

modify any factory default settings, and then access it via a Web Graphical User Interface.

User Guide

Setting up the NetEqualizer

For a detailed list of the steps necessary to get up and running, please see the NetEqualizer

Quick Start Guide. If you do not have a copy of the Quick Start Guide, please request one

by calling our Support Team at 303.997.1300 x102 or emailing support@apconnections.net.

We mention some of the key functions performed during set-up here. However, you will

need to reference the Quick Start Guide to complete your set-up.

Factory Default IP Settings

The IP settings to access the NetEqualizer web Graphical User Interface (web GUI) have

been set to:

IP Setting

Parameter Name

Factory Default

Web GUI IP

BRIDGEIP

192.168.1.143

Web GUI Netmask

BRIDGENETMASK

255.255.255.0

Web GUI Gateway

BRIDGEROUTE

192.168.1.1

Note: The IP address for the NetEqualizer is used to access the web GUI (for management

purposes only). All factory default settings can be changed from the web GUI, the

command line, or the API.

Accessing the NetEqualizer via the Web GUI IP

To access the NetEqualizer via the Web GUI IP, plug a laptop/PC into your Switch, and then

set to the 192.168.1.x range (x not 143) to access the NetEqualizer. Once you cable the

NetEqualizer into your network, you should be able to get to the NetEqualizer Web GUI IP.

Note: If you need to manage the NetEqualizer from a VLAN tagged interface other than the

default VLAN, you will need to set-up an untagged Management Port for administration.

This can be done using a 3rd port on your system. Please call Support at 303.997.1300

x102 or send an email to support@apconnections.net to get help with setting up a

Management Port.

Cabling the NetEqualizer into your Network

NetEqualizer models have either 3 (NE4000) or 4 ports (NE3000), two of which are used for

Ethernet interfaces. If there are 4 ports, we always use the BOTTOM two ports. The easiest

way to figure out the Ethernet ports is that if you are facing the back of the unit,

the LAN port is on your right and the WAN port is on your left.The ports are not

labeled on the 3000/4000 Series. For further clarification, please see the "Where to Install

the NetEqualizer" diagram below.

First, make sure that you power on the

NetEqualizer. Do this by pressing the red power

button to the right of the LED panel.

Notes:

Once you have the NetEqualizer configured, you can change the Default Web GUI IP address. See

Appendix #2C.

To secure the management port, you can also make it accessible via https (SSH). See Appendix #2D.

If you are on a VLAN, you will need to set-up a Management Port.

User Guide

WAN Connection

Plug a crossover cable into the

port labeled Eth0 (WAN) on the

diagram at right and connect it

to the Firewall/Router. Eth0 is the

port on your LEFT as you face

the back of the machine, closest

to the power supply. If you have

an auto-sensing Firewall/Router,

you can use a straight cable or a

crossover cable.

LAN Connection

Plug a straight cable into the port

labeled Eth1 (LAN) on the

diagram and connect it to your

Network Switch. Eth1 is the port

on your RIGHT as you face the back of the machine, furthest from the power supply. If

whatever you are plugging into does not have a built-in switch, then you should use a

crossover cable.

Once your machine is on & connected, you should see green lights in the Power LED, Eth0,

and Eth1 LEDs, as in the above picture of the LED panel.

Note: We recommend that you install your NetEqualizer on a UPS, to protect from power

surges and outages.

(optional): Access Point Configuration in a Wireless Network

Put your radios in bridging mode and set your Firewall/Router at your headend to do DHCP

and NAT, instead of doing DHCP and NAT at your Access Points.

(optional): Setting LAN Port Speed and Duplex

Occasionally, customers need to manually set LAN Port Speed and Duplex as some

Firewall/Routers do not auto-negotiate correctly with the NetEqualizer. If this is happening

in your environment, you will see a large number of collisions and dropped packets as well

as reduced network throughput. Although dropped packets are not a good thing, if you are

seeing less than 1/10 of a percent (< 0.1%) of the total packets transmitted it will have no

adverse effect on your network. If it starts to approach 1 percent (1%), you should follow

Appendix #2 to set this in your environment.

(optional): Firewalling off the NetEqualizer

If you do not install the NetEqualizer behind a firewall, you should use the Manage Firewall

Settings to firewall off the NetEqualizer. See Appendix #7 for detailed instructions.

User Guide

Configuring the NetEqualizer

Once the NetEqualizer is powered on and plugged in to your network, you need to access

the web GUI to configure it. The web GUI is accessible out-of-the-box via the factory default

IP address: http://192.168.1.143.If you have not already, please follow the instructions

under Accessing the NetEqualizer via the Web GUI IP.

Once you login to the NetEqualizer, your next steps in setting up the NetEqualizer will be to

configure your IP settings, set your passwords, install your license key, and set the

date/time and time zone for your NetEqualizer. All these functions are found under the

Manage NetEqualizer menu command and are described in detail in the Quick Start

Guide.

To get started configuring your

NetEqualizer, Click on -> Setup and

Configuration -> Manage

NetEqualizer. The screen at right

should come up.

Note that the functions are all available

by clicking on buttons, which bring up

pop-up configuration windows. This

paradigm is repeated throughout the

GUI.

Please see the Quick Start

Guide, Step #2: "Configuring

the NetEqualizer" to complete

Manage NetEqualizer set-up

and configuration.

User Guide

The NetEqualizer Dashboard

At the heart of the NetEqualizer system is the Dashboard. The NetEqualizer Dashboard

provides an intuitive visual display of the status on critical data and settings within

NetEqualizer. Think of the Dashboard as your command and control center for managing

your NetEqualizer. On the picture below, the key elements that make up the Dashboard are

labeled: Status Indicators, Navigation Menu, Common Tasks, and NetEqualizer Menus.

The Dashboard contains Status Indicators, visually displaying on/off status on key

functions: Equalizing, ntop (deprecated 8.1), Quotas, Packet Capture, and Caching. It also

contains statistics about traffic levels running through your NetEqualizer. You can look at

traffic for the entire network (Pool 0), as well as levels for Bandwidth Up and Bandwidth

Down, and determine whether Ratio is being exceeded.

The Navigation Menu helps you to quickly and easily get back to the Dashboard from

anywhere in the system. You can also reference material from our website (Our Home), our

blog (Our Blog) or access online help (Help).

Common Tasks have been added to the Dashboard. Think of these as shortcuts to areas

within the system that you use frequently. From here you can Run Diagnostics, View

Current Activity, View the NetEqualizer Log File, Show the Current Configuration,

Stop/Restart Equalizing, or run Dynamic Real-Time Reporting.

The four (4) NetEqualizer Menus available are: 1) Setup and Configuration, 2)

Management and Reporting, 3) Troubleshooting and Support, and 4) Maintenance and

Reference. We will discuss the features available via these menus in this User Guide.

User Guide

To help keep you up-to-date on if you need to upgrade, we display the version that you are

running. To make sure you know what date/time and time zone you have set, we display

that as well. The Dashboard can be set to Auto Refresh (On/Off), at available intervals of

5, 10, or 30 seconds, which should work for most users.

Note: The NetEqualizer Dashboard is available in Software Update 6.0 and above.

Note: If you want to create a custom Auto Refresh time for the dashboard, turn Auto

Refresh ON with an interval of 30 seconds, find the parameter "rate" in the URL (i.e.

/index.cgi?poolnum=0&refresh=true&rate=30#dash), and change the number, in seconds,

to your desired rate. For example, if you wanted the dashboard to refresh once per day,

change rate to 86400 (60x60x24).

User Guide

Equalizing Defined

Equalizing is a simple concept. It is the art form of looking at the usage patterns (aka

traffic “behaviors”) on the network, and then when things get congested, robbing from the

rich to give to the poor.

Rather than writing hundreds of rules to specify allocations to specific traffic as in traditional

application shaping, you can simply assume that large downloads are bad, short quick traffic

is good, and be done with it.

This behavior-based approach usually mirrors what you would end up doing if you could

see and identify all of the traffic on your network, but doesn’t require the labor and cost of

classifying everything. Applications such as VoIP, web surfing, instant messaging (IM),

short downloads, and web-based applications (SaaS, cloud applications, etc.) all naturally

receive higher priority, while large downloads and large videos receive lower priority. This

behavior-based shaping also does not need to be updated constantly as applications

change.

Once equalizing is in place, it automatically shapes your network when it is congested, using

algorithms to implement "fairness". The concept of “fairness” enables your network to

continue providing quick response times to the majority of your users while restricting the

network hogs. Low bandwidth users do not have to share the pain of a slow, congested

network with the network-hogging applications.

Equalizing does this by using our proprietary algorithms to implement fairness. First,

equalizing tracks how much bandwidth is being used. If bandwidth used is over a

predefined level, the network is considered congested. Once the network is considered

congested, equalizing looks at every connection (IP address pair) and puts a PENALTY on

those that are over a predefined level. This process continues until network congestion

eases.

NetEqualizer is the only tool on the market to offer bandwidth shaping in these 3 modes:

 Equalizing only (simplest)

Equalizing Rules = on. Custom Rules have not been defined.

Balances your traffic all the time giving priority to short, bursty-type traffic such as

web surfing, chat sessions, VoIP, web applications, and e-mail.

 Equalizing & Custom Rules (most customized)

Equalizing Rules = on. Custom rules have been defined.

A combination of custom rules, such as hard limits by VLAN, Pools, IP address,

subnet, or MAC address, with the safety valve of Equalizing on in the background.

 Custom Rules only (not recommended)

Equalizing Rules = off. Custom Rules have been defined.

Equalizing is not used in this mode, as the Equalizing Rules are off. Traffic is not

being shaped using fairness-based algorithms. Control is by custom rules only, such

as hard limits by VLAN, Pools, IP address, subnet, or MAC address.

NetEqualizer comes configured to automatically start up with Equalizing turned on

(Equalizing Rules = on and Equalizing Process started). Equalizing enables the network to

User Guide

deliver traffic shaping for the most common situations, without the need for expertise in

defining complex traffic shaping rules.

For Equalizing to be considering ON, you need to have the Equalizing Rules on and the

Equalizing Process running. You can check both as follows:

Equalizing Rules On

From the Setup and Configuration menu, Click on -> Manage Equalizing -> Configure

Parameters.The Modify Equalizing Parameters window appears. Scroll down until you see

Equalizing Rules. Make sure that Equalizing Rules = on. This means that the equalizing

parameters are being applied.

Equalizing Process Started

Now, go to the Dashboard. The Equalizing Process is running if the Equalizing button is ON

(GREEN). If the Equalizing Process is OFF (red), Click on -> [Start/Stop Equalizing] ->

[Start Equalizing].

Equalizing in Action

Once NetEqualizer is installed and running, a review of the NetEqualizer Log File will allow

you to monitor and analyze how NetEqualizer is responding to your network’s traffic.

To see the last 25 lines of the log, from the Dashboard, Click on -> [View the Log].

To view a larger portion of the NetEqualizer Log, Click on -> Management and Reporting

-> View Current Activity -> [View NetEqualizer Log]

Applying Penalties

When your network is experiencing moderate to heavy use, you will see entries

containing the word PENALTY followed by two IP addresses in the log.

PENALTY indicates that NetEqualizer’s built-in fairness rules have determined that the

communication link between these two IP addresses (a connection) is using too much

bandwidth, so NetEqualizer has issued a penalty against this connection. The penalty

causes all data on that connection to slow down. At periodic intervals, if NetEqualizer

determines that this connection is still using too much bandwidth, it will increase the

delay on the connection. The PENALTY will be removed in a few seconds should the

congestion on your Network subside. Log entries are discussed in more detail in the

NetEqualizer Log section.

NetEqualizer bases its decision to issue penalties based on built-in fairness rules:

The persistence of the user's connections. We look at the length of time the

connections have been live. The longer the time, the more likely a penalty.

The amount of bandwidth used relative to the total size of the trunk.

The number of users on the trunk. The more users active on the trunk, the less

bandwidth NetEqualizer will allow per user before issuing a penalty.

Is the overall trunk saturated? A trunk is saturated when it reaches the percentage

defined by the RATIO parameter (default RATIO = 85%).

Equalizing and Peer-to-Peer Traffic

In addition to our fairness rules, NetEqualizer offers Connection Limits as a way to handle

peer-to-peer (P2P) traffic. As P2P traffic may be short, bursty-type traffic, another

mechanism is needed to control it adequately.

User Guide

Connection Limits enable you to define how many connections each user on your network

can open. This will cut down P2P, which tries to open 100's to 1000's of connections on

your network. By their very nature, Connection Limits will stop both encrypted and

unencrypted P2P traffic. We believe this mechanism to be superior to managing policy files

of known P2P traffic types (which will not help with encrypted P2P in any case). This is

described in more detail in Setting Connection Limits.

We also offer dynamic, fairness-based connection limiting, which we call Smart Connection

Limits. Smart Connection Limits work separately from Connection Limits, and can be used

in addition to them. With Smart Connection Limits, as a user's connections increase over a

defined number of allowable connections, limiting is enhanced to slowly starve the P2P

connections for bandwidth.

User Guide

Configuring Equalizing Parameters

Each Equalizing Parameter is discussed in detail below. For a summary of all

Equalizing parameters, please see Appendix 1, which contains a one-page cheat

sheet with the default settings and recommendations.

It is important to ensure that the Equalizing Process is "on", in order for the Equalizing

parameters to be applied to your network congestion. NetEqualizer comes configured to

automatically start up with the Equalizing Process turned on.

For Equalizing to be considering ON, you need to have the Equalizing Rules on and the

Equalizing Process running. You can check both as follows:

Equalizing Rules On

From the Setup and Configuration menu, Click on -> Manage Equalizing -> Configure

Parameters.The Modify Equalizing Parameters window appears (below). Scroll down until

you see Equalizing Rules. Make sure that Equalizing Rules = on. This means that the

equalizing parameters are being applied.

Equalizing Process Started

Now, go to the Dashboard. The

Equalizing Process is running if the

Equalizing button is ON (GREEN).

If the Equalizing Process is OFF

(red), Click on -> [Start/Stop

Equalizing] -> [Start

Equalizing].

Now you can configure

Equalizing Parameters. After

you change these settings, scroll

to the bottom of the window, and

then Click on -> [Modify]to save

or Click on -> [Reset] to discard.

Using the RATIO Parameter to Influence Equalizing

Ratio (RATIO) (units are percent, Default = 85)

NetEqualizer's Ratio parameter enables you to influence when equalizing is applied. The

RATIO parameter refers to the network utilization on a percentage basis. RATIO can be set

from 1 to 100. A value of 100 tells NetEqualizer not to have the default rules kick in until

the trunk is 100 percent utilized; a value of 85 would have the rules kick in at 85 percent

utilized.

To change the Ratio (RATIO) Parameter:

From the Setup and Configuration menu, Click on -> Manage Equalizing -> Configure

Parameters.The Modify Equalizing Parameters window appears (see window above).

In the table displayed on the screen, you can set RATIO to a value from 1 to 100.

User Guide

RATIO determines when Equalizing kicks in on your network trunk. This supplements any

custom rules that you have set-up. When you lower RATIO, Equalizing will kick-in sooner

(making equalizing more sensitive). When you raise RATIO, Equalizing kicks in later

(making equalizing less sensitive).

Why RATIO is Helpful

Sometimes the sheer volume of users on the network cannot be controlled by the custom

rules you have implemented. For example, setting a per-user limit of 512kbs will prevent a

user from going over the 512kbs prescribed level; but if 20 of your users get on at one time

with large downloads, a T1 trunk, for example, is quickly overwhelmed (to set custom rules,

such as per-user limits, please see Setting Bandwidth Limits).

The Equalizing Rules that kick in at 85 percent trunk utilization, or the value you have set

RATIO to, provide a unique safety valve for busy hours when your trunk gets full.

Note: The RATIO parameter is applied to the Equalizing Rules and also to any Bandwidth

Pools or VLAN Limits that you have established. It also works in conjunction with Smart

Connection Limits.

Setting your Trunk Size

Bandwidth Up (TRUNK_UP) and Bandwidth Down (TRUNK_DOWN)

(units are bytes/per second, Default = T1)

Set these parameters to the size of your network pipe for outbound traffic (Bandwidth Up)

and inbound traffic (Bandwidth Down). NetEqualizer allows for different speeds for

outbound and inbound links, as equalizing shapes bi-directionally. These parameters are set

in bytes/per second, and are used by the NetEqualizer so it can react and take action

when your trunk is nearing capacity.

Bandwidth Up and Bandwidth Down typically match your network capacity. We use these

parameters to determine when to start Equalizing. Making either of these parameters larger

than your actual trunk size will make the shaping rules less restrictive. Making them

smaller than your actual trunk size will make them more restrictive. Alternatively, you can

reduce RATIO to make shaping rules more restrictive.

Go to the Maintenance and Reference

Menu, and Click on -> Bytes/Bits

Conversion Calculator to determine

the proper values for your trunk in

bytes/second. The example at right is

for 100Mbps.

From the Setup and Configuration Menu,

Click on -> Manage Equalizing ->

[Configure Parameters]. The Modify

Equalizing Parameters window opens

(see window above). You should see the

parameters Bandwidth Up (TRUNK_UP) and Bandwidth Down (TRUNK_DOWN).

Type in: values in bytes/per second for Bandwidth Up and Bandwidth Down.

User Guide

Note: Bandwidth Up and Bandwidth Down do not enforce the link speed from your provider.

We assume your provider has already enforced your contracted speed.

Whenever you change your Trunk Size, you will need to stop and restart the NetEqualizer

Process for changes to take effect.

When you save your changes, you

will see the screen to the right.

Click on -> [Maintenance].

Click on -> [Start/Stop

Equalizing]-> [Stop

Equalizing]. Then restart

equalizing by Clicking on ->

[Start/Stop Equalizing ->

[Start Equalizing].

Parameters to Adjust Equalizing Sensitivity

In some instances, NetEqualizer’s defaults may need to be custom tuned for sensitivity. For

example, if streaming music feeds break midstream at times when the total usage on the

trunk is light, it might be because NetEqualizer is tuned to be too sensitive.

From the Setup and Configuration menu, Click on -> Manage Equalizing -> Configure

Parameters.The Modify Equalizing Parameters window appears. In the table displayed on

the screen, you can modify the following parameters to adjust equalizing sensitivity:

Penalty Unit (PENALTY_UNIT) (units are 100ths of seconds, Default = 2)

PENALTY_UNIT is the unit of time that NetEqualizer will start with when delaying a packet of

Internet data. It iteratively increases penalties by this value should a “hog” not respond to

the initial penalty. By increasing the size of this parameter, the NetEqualizer will scale back

hogs more quickly. Note that the higher your network speed, the more sensitive it is to

PENALTY_UNIT. The default value of 2 will work fine on any network, but if you see the

NetEqualizer slowing streams too severely, you may want to reduce this value.

Here are the recommended settings for PENALTY_UNIT, based on network size:

Network Size

PENALTY_UNIT

>= 10Mbps to < 50Mbps

2 or 3

* >= 50Mbps

* Networks much larger than 50 megabits may require a PENALTY UNIT resolution smaller

than 100ths of seconds. In the NetEqualizer Web GUI, the smallest penalty that can be

applied to an IP Packet is 1/100 of a second. If you are finding that a default PENALTY of 1

is putting too much latency on your connections then you can adjust the PENALTY unit to

1/1000 of second with the following command:

From the Maintenance and Reference menu, Click on ->Maintenance-> [Run a

Command]

Type in: /bridge/bridge-utils/brctl/brctl rembrain my 99999

User Guide

Maximum Penalty (MAX_PENALTY) (units are 100ths of seconds, Default = 140)

This parameter is rarely changed from the Default. If it is changed, it needs to be set to a

value that is greater than Penalty Unit.

This is the maximum delay that NetEqualizer will allow. NetEqualizer increments a delay by

the value of PENALTY_UNIT every few seconds in the event a connection continues to use

excessive bandwidth, until MAX_PENALTY is reached. A MAX_PENALTY of 200 (2 seconds)

usually kills the connection altogether, as most servers on the Internet give up

communicating when communications lag for more than two seconds.

Hog Minimum (HOGMIN) (units are bytes per second, Default = 12,000)

HOGMIN defines the minimum traffic level for which connections will not be penalized. In

other words, a connection using less bandwidth in bytes per second than this number will

never get penalized. The default value of 12,000 bytes per second (96kbs) will ensure that

most VoIP traffic is never accidentally throttled back when NetEqualizer reaches a

congestion threshold, as VOIP will be below HOGMIN.

With larger network pipes, you may want to raise HOGMIN to allow more traffic types to

pass without being penalized. Here are some recommended settings for HOGMIN, based on

network size:

Network Size

HOGMIN

< 50Mbps

20,000

>= 50Mbps to < 100Mbps

30,000

>= 100Mbps to < 1Gbps

60,000

>= 1Gbps

100,000

HOGMAX

Legacy variable, no longer visible on the NetEqualizer Web GUI) and no longer used.

Note: If you manually edit the NetEqualizer configuration file, you will see HOGMAX in the

configuration.

Moving Average (MOVING_AVG) (units are seconds, Default = 8)

MOVING_AVG keeps NetEqualizer from penalizing short bursts of activity. For example, if

this variable is set to 8 and the network is hit with a burst of 8000 bytes over a second from

an IP address, the moving average for the second would be 8000/8 or 1000 bytes. If the

burst persisted for four seconds, the average would be 32000/8 or 4000 bytes. The larger

this number, the longer a burst can be before it gets penalized. Note that if this parameter is

set too high, nothing will ever get penalized.

The preset value for MOVING_AVG from our factory-delivered NetEqualizer is designed to

handle any size network and need not be changed.

ANCIENT (units are seconds, Default = 20)

Ancient is no longer visible on the NetEqualizer GUI. The Ancient parameter is how long to

keep a penalty in effect, in seconds. The preset value for ANCIENT from our factory-

delivered NetEqualizer is designed to handle any size network and need not be changed.

User Guide

Note: If you manually edit the NetEqualizer configuration file, you will see ANCIENT in the

configuration. Please keep it set to its default value of 20.

Parameters to Size Internal Tables

From the Setup and Configuration menu, Click on -> Manage Equalizing -> Configure

Parameters.The Modify Equalizing Parameters window appears. In the table displayed on

the screen, you can modify the following parameters to size internal tables:

Connection Tracking Table Size (BRAIN_SIZE)

(# of connections to track in 1 second, Default=10,000)

Connection Tracking Table Size determines how many connections (IP pairs) the

NetEqualizer watches at one time during any given second. NetEqualizer keeps a mini-

history of the activity of all users on a trunk. It uses this database to make decisions on

who is using too much bandwidth.

Here are some recommended settings for Connection Tracking Table Size, based on network

size:

Network Size

Connection Tracking Table Size

(BRAIN_SIZE)

< 100Mbps

20,000

>= 100Mbps to < 1Gbps

30,000

>= 1Gbps

40,000

Note: NetEqualizer can handle up 2 million or more connections every minute. We point this

out as many customers compare our connection ability with that of their Router, which uses

a timeframe of minutes.

To see the contents of the Connection Table:

From the Management and Reporting Menu, Click on -> View Current Activity

-> [View Active Connections].

BUFFERS (no longer on Web GUI)

Legacy variable (no longer visible on the latest NetEqualizer Web GUI). BUFFERS control

the number of connections that can simultaneously be penalized (slowed down). When

NetEqualizer sets a penalty on a connection, it assigns a “delay” buffer to this connection to

slow it down. NetEqualizer reserves a finite number of “delay” buffers when it powers up.

The preset value for BUFFERS from our factory-delivered NetEqualizer is designed to handle

any size network and need not be changed.

Note: If you manually edit the NetEqualizer configuration file, you will see BUFFERS in the

configuration. Do not change this value; changes will be ignored.

Inactive Tics (INACTIVE_TICS) (units are hundredths of seconds, Default = 200)

This is how long an entry in the Connection Tracking Table will live before being removed if

no activity is detected. Generally, we are not interested in connections that are idle. For

User Guide

example, a value of 200 for this parameter instructs the NetEqualizer to “cancel” tracking a

connection after 2 seconds.

Viewing your Equalizing Parameter Settings

Once you have set all your parameters, make sure to scroll to the bottom of the

window, and then Click on -> [Modify]to save or Click on -> [Reset] to

discard.

To view your current parameter settings:

From the Setup and Configuration Menu,

Click on ->Manage Equalizing -> [View

Parameters].Current parameter

settings are listed on the screen in the All

Parameters "[PARAM all]" section, as in

the window at right.

User Guide

Controlling P2P Traffic

Peer-to-Peer (P2P) Traffic attempts to create hundreds, or possibly thousands, of

simultaneous connections to absorb a lot of your available network bandwidth. Setting

Connection Limits effectively blocks or reduces both encrypted and unencrypted P2P by not

allowing users to create connections over the limits you specify.

NetEqualizer enables you to limit the amount of bandwidth a specific IP address or set of IP

addresses can use. There are two ways to configure this in the NetEqualizer, to best meet

your needs. We will go through each in detail below:

1. Connection Limits - Standard control of P2P traffic.

2. Smart Connection Limits - Dynamic, fairness-based control of P2P traffic

using the Dynamic Hogmin parameter. Also

know as Smarter P2P Blocking.

Setting Connection Limits

(back)

Connection Limits control the number of inbound and outbound data streams (IP

pairs or "connections") that each user on your network can create. Connection

Limits are bi-directional; any limit you set is divided in two and applied. For example, a

Connection Limit of sixty (60) would be turned into two connection limits: thirty (30)

inbound and thirty (30) outbound connections.

There are more reasons for system administrators to limit connections to a server than we

can possibly include in this discussion. The APconnections’ design team developed this

feature within NetEqualizer to lessen the effects of Peer-to-Peer traffic (P2P) and Denial of

Service (DoS) attacks, which we will discuss here.

Peer-to-Peer traffic attempts to create hundreds, or possibly thousands, of simultaneous

connections to absorb a lot of your network bandwidth. Setting Connection Limits effectively

blocks or reduces both encrypted and unencrypted P2P by not allowing connections over the

limit you specify.

In a DoS attack, storms of incoming connections are generated by hackers with the

intention of overwhelming a server or servers. An attacker will spoof requests, sending

storms of erroneously addressed connection requests to your server. These request storms

create overwhelming administrative overhead, crippling the server and requiring a reboot by

IT staff. While there are techniques that attempt to validate the incoming requests by

sending queries back to the sending IP address for verification, these approaches create

more traffic on the network. Instead of this approach, we chose to address the issue by

setting DoS protection via Connection Limits.

NetEqualizer Connection Limits keep a total count of active connections (of any type) per IP

address. Additional connections cannot be created once the Connection Limit is reached for

that IP address.

Connection Limits can be set per individual IP or for an entire subnet at one time. If you set

Other manuals for NetEqualizer

Table of contents

Other APconnections Network Hardware manuals

APconnections

APconnections NetEqualizer User manual

Popular Network Hardware manuals by other brands

Barracuda

Barracuda Secure Connector quick start guide

Tandberg Data

Tandberg Data SUPERLOADER DLT - quick start guide

Ceragon

Ceragon FibeAir IP-20C installation guide

Idis

Idis Direct IP DR-8364 quick guide

Lenovo

Lenovo 7X58 quick start

Toshiba

Toshiba RTM20 Brochure & specs

Vivotek

Vivotek ND8301 Quick installation guide

Luxon Video

Luxon Video NVR-32P-6TB user manual

Avocent

Avocent Cyclades ACS 6000 Installation & administrators guide

Intel

Intel 82543GC Specification update

MB Connect Line

MB Connect Line mbNET MDH 810 Technical data

Cisco

Cisco Firepower 1100 Series Hardware installation guide

NEC

NEC N8151-50 user guide

ADC

ADC Release 3.1 user manual

TPA

TPA S5-TimeServer Operation Quick Start Guide

Broadcast Tools

Broadcast Tools WebSwitch Installation and operation manual

Avocent

Avocent MergePoint 5240 brochure

Buffalo

Buffalo LinkStation 500 user manual