A better and more elegant solution is to reserve some bandwidth for the apps that really need it and to decrease the overall traffic on the network. To do that, of course, it’s necessary to analyze what you’re carrying on your network, and then decide what traffic you really want and what you want to restrict. “Most people are aware they have a problem, but they don’t know what it is until they take the time to find out at the application layer,” says Roger Hockaday, a marketing director at Packeteer.
The surprising thing is that solutions for traffic identification and shaping aren’t really that expensive. Packeteer’s PacketSeeker only costs a thousand dollars or so, yet it can automatically discover traffic from hundreds of applications and provide a clear picture of what’s really causing problems on a network. And the revelations are often disturbing. When you do find what’s on your network, it’s not uncommon to discover that most of the problems are being caused by a handful of P2P users.
The good news is that once you know what you’re facing, it’s not that hard to make changes and get the network in better shape. To do this you’ll need a policy-based network management tool like Packeteer’s PacketShaper, Israel-based Allot Communications’s NetReality, or any of the other products from vendors competing in this space.
How Policy-based Management Tools Can Help
How can policy-based management tools actually help? By enabling network admins to set up policies dictating which applications are mission critical and how much bandwidth they need to run properly, which applications (like Web browsers) are important and should have a certain amount of bandwidth available to them, and which traffic is unwelcome (possibly streamed media, probably P2P traffic) and therefore to be discouraged.
For example, with Packeteer’s PacketShaper it’s possible to set policies such as:
Mission-critical apps typically don’t need huge amounts of bandwidth — SAP, for example, only needs 16 Kbps per user — so it’s fairly simple math if you have 10 SAP users to set a policy that makes a reserved virtual link for SAP traffic of 160 Kbps at all times.
While you might like to get rid of “leisure” traffic like P2P traffic completely, you're probably better off tolerating and containing it rather than trying to eliminate it altogether, according to Hockaday. “If you try to prohibit P2P, the apps look for ways through the firewall. If you contain them, they won’t port hop. In educational establishments, some of them find that a huge amount of bandwidth, like 90 percent, is outbound P2P. We suggest they don’t prohibit it, but only allow inbound traffic.”
Page 3: Added Security via Network Traffic Management