[unisog] Packeteer PacketShaper

Ed Gibson egibson at uwo.ca
Thu Oct 10 15:39:51 GMT 2002

Chris Gundersen wrote:

> All,
> We are currently evaluating the PacketShaper product from Packeteer for
> use on our dorm network. We've had problems with incredible amounts of
> saturation of our VERY substantial pipes, so much so that Kazaa traffic
> chokes out simple HTTP requests for people trying to fire up web
> browsers. Even with a limit of 100K on each port, we're still chewing up
> 100MB of bandwidth.
> I wanted to solicit some comment about this product from anybody who may
> have some helpful info. A few of our most common questions are:
> 1. Pros and cons? Has it been your saving grace? Have you encountered
> any problems with it? If so, what where they and have they been
> resolved?

We have found the unit to be beneficial.... With no formal training we were
able to fire the unit up and start limiting the bullish applications like

> 2. We are currently evaluating the 100MB model, but have considered the
> Gig version even though it can only handle around 200MB throughput. Has
> anybody found that PacketShaper can't keep up with a big pipe (as we
> have here)?

Our unit is a 6500 with 100 Meg feeds. This configuration is not a issue
currently for us as the bottleneck is the Internet access which is less than

> 3. What procedures have been implemented to determine how bandwidth
> should be shaped? It is our consensus that bandwidth shaping is as much
> of an art as it is a science - we need to utilize the bandwidth we pay
> for now as efficiently as possible without hindering our students trying
> to do worthwile things on the internet.

We have taken a very simplistic approach so far, in that we have essentially
created a social "partition" that is capped at a prescribed value. We then
have bound "classes" (packet works application/port identifiers) to this
partition. The net effect has been that the Kazaa type applications are only
allowed to consume bandwidth to the cap value. Our mtrg graphs are rather
interesting in that the graphed values pretty much maintain a flat line at
the size of the social partition. I will caveat this configuration with the
statement that we have not attended formal training sessions on the product
and were looking for a simple solution too the problem. We have been happy
with this configuration to date.

Essentially the only ongoing administration is monitoring our mrtg graphs
for unusual increases in the baseline. These increases usually correlate to
a new application which has not been classed and subsequently assigned to
the social partition.

My only complaint associated with the product would be the limits associated
with the number of classes (1024), while the unit has an auto discovery
feature the number of detected classes quickly max's out this value if left
turned on for any length of time. Once this max point has been reached a
class re-organization (i.e. reduce the number of classes) is required in
order to discover new classes or create new classes.

I also find they like to point out that they can detect to layer 7, while
this statement is true, you are limited to the upper layer definitions that
they provide you with. The ability to define full packet filters (like a
sniffer) would be a nice addition.

I also found it interesting that the support staff seems to go through a
mental shift when they determine that you are using the packetshaper in a
residence network. Don't get me wrong this is not necessarily a bad
thing..... It just means that they seem to approach the configuration from a
different perspective!
Go figure?

So in summary we have been pleased with the unit..... In fact coincidentally
management has opted to send me on a three day training session later this
month. I guess so I can make the configuration more complicated :-)

Ed Gibson
University of Western Ontario
London, Ontario

> 4. If you feel that PacketShaper isn't the best way to go, could you
> propose some alternatives?
> If anybody has any input it would be greatly appreciated. Also, and this
> is completely voluntary and please feel free to say no, is anybody out
> there willing to offer advice as to how they've configured classes and
> policies for their institutions?
> Please feel free to contact me either by the list or privately as well.
> Much thanks,
> -Chris Gundersen
> University of Tennessee
> |--------------------------|
> | Chris Gundersen, MCP, A+ |
> | gunny at utk.edu            |
> |                          |
> |  "I'll probably never    |
> |   get the props I feel I |
> |   ever deserve."         |
> |            -Eminem       |
> |--------------------------|

More information about the unisog mailing list