FAQ on product selection of Traffic Management System)

Q1: Which customers need a traffic management system? What problems does it solve? What is the goal?
A: customers with more than 300 users, such as campus networks, residential broadband networks, enterprise networks, and carrier networks, need a traffic management system. It can solve Intranet users' demand for bandwidth and conflict between limited access bandwidth, prevent extensive spread of Network viruses, Trojans, and worms, and prevent SYN flood and DDoS attacks, prevent users from private IP address changes, private proxy fee evasion, and mitigate the adverse effects of applications such as BT, P2P, thunder, and p2sp on network operation. The application traffic management system should be able to make reasonable use of bandwidth and ensure key applications.

Q2: How do I determine if the network needs to deploy a traffic control system immediately?
A: You can check the 24-hour bandwidth trend chart of outbound traffic (see q16 for details). If the bandwidth usage of more than 40% of the time is 100%, you need to deploy the traffic control system immediately, otherwise, the bandwidth is sufficient, so you do not need to deploy the traffic control system immediately. On the contrary, if 100% of the time bandwidth usage is lower than 50%, you should consider reducing the rental egress bandwidth to save costs. Before deploying a traffic control system, you must upgrade the access bandwidth at least once. For enterprises and institutions, you should first consider upgrading the access bandwidth. If you have bought a traffic control device, in the future, it will be difficult to apply for upgrade of the access bandwidth, or the performance of the traffic control device will not be able to keep up with the upgrade of the access bandwidth. In order to access more users with limited access bandwidth, ISP will give priority to traffic control over enterprises.

Q3: Which devices are used by the traffic management system? What technologies are included?
A: The traffic management system consists of a traffic control gateway and a traffic analysis workstation. It mainly includes two core technologies: Traffic Control and traffic monitoring. The traffic control technologies include: bandwidth control, session control, total traffic control, and application control. Traffic monitoring technologies include bandwidth monitoring, session monitoring, total traffic statistics, SNMP traffic monitoring, NetFlow traffic monitoring, and device status monitoring, other technologies include traffic cleaning and traffic replication.

Q4: where should the traffic control gateway be deployed? Will the existing network topology be changed? Does it affect performance?
A: The Traffic Control Gateway can be deployed at the exit of any subnet in the network. The specific locations are as follows:
1) connect them to the egress router, firewall, and core switch;
2) connect to the egress router or firewall in tandem;
3) connect to the mirror port of the core switch.
The intensity is 1), 2), and 3) in sequence. Generally, the existing network topology is not changed.
As long as the performance indicators (throughput, latency, and number of sessions) of the Traffic Control Gateway are better than those of the network status parameters (bandwidth, number of users, etc) it will not have a negative impact on the Network (packet loss, latency, etc ). The performance and stability of specific equipment must be tested on site.

Q5: How do I determine the relationship between the Traffic Control Gateway and the NAT device?
A: The traffic control gateway should be deployed after the NAT device. If a Traffic Control Gateway is deployed on a NAT device, the source IP address it controls is only one or several public IP addresses after Nat translation, rather than many Intranet IP addresses. Therefore, it can only implement egress application control, instead of Intranet user control, audit logs do not include Intranet IP addresses. In fact, this approach is to spend your own money on Traffic Control for the ISP, which is extremely cost-effective, the correct method should be to place the Traffic Control Gateway after the NAT device, so as to manage intranet users and maximize the role of the Traffic Control Gateway.

Q6: Can traffic blocking of Bt, P2P, illegal websites, chats, stock trading, games, and online TVs ensure key applications?
A: Not necessarily. Blocking these traffic alone is not enough to ensure the bandwidth of key applications, because other normal traffic and unknown traffic can occupy the bandwidth of key applications, and this method is not applicable to the management of paid networks, this will lead to complaints from paying users. It should be noted that this technology should be called intrusion blocking (IPS) or online behavior management rather than traffic management (Traffic Management). The former focuses on interception of illegal traffic, the latter focuses on hierarchical management of legal traffic.

Q7: Can the total bandwidth limit of P2P Traffic be a fixed value to ensure key applications?
A: Not necessarily. Other normal traffic and unknown traffic can also occupy the bandwidth of key applications. This approach put the cart before the horse, which lacks efficiency and accuracy. In addition, whether P2P signatures can be continuously obtained and upgraded after many years is also an uncertain factor.

Q8: Can I set the total bandwidth of key application traffic to a fixed value to ensure the security of key applications?
A: Not necessarily. This approach does not ensure that everyone can use key applications at the same time. For example, a user can occupy a large amount of bandwidth for key applications at the same time, which may cause other users to fail to use the key applications normally. This method is a low-level control method.

Q9: Can a fixed bandwidth (for example, kb/s) be set for each source IP address to achieve traffic control?
A: Not necessarily. P2P Traffic and unknown traffic can occupy all allocated bandwidth without your knowledge, so that you cannot use key applications or other applications (such as PING ), this leads to user complaints. On the other hand, when there are few simultaneous online users and ample bandwidth, a fixed personal bandwidth will make full use of the total bandwidth. Another case is that, although the user occupies a small amount of bandwidth, many connections (for example, over 10000) are sent in a short time, which also causes network congestion. It is best to set a fixed bandwidth for each source IP address on the access switch instead of the gateway to avoid performance bottlenecks.

Q10: Can a fixed number of sessions (for example, 200) be set for each source IP address to achieve traffic control?
A: Not necessarily. P2P Traffic and unknown traffic can fill up all allocated sessions without your knowledge, so that you cannot use key applications or other applications (such as PING ), this leads to user complaints. On the other hand, even if each user has a small number of sessions, but each session has a large bandwidth, the network egress bandwidth can also be fully occupied, leading to traffic control failure.

Q11: Can I set a fixed bandwidth and number of sessions for each source IP address to achieve traffic control?
A: Not necessarily. P2P Traffic and unknown traffic can fill in the quota of all allocated bandwidth and sessions without your knowledge, so that you cannot use key applications or other applications (such as PING ), this leads to user complaints.

Q12: if the maximum TCP/UDP session speed is set (for example, 100 per second), the IP address exceeding this standard will be blocked. Can this method achieve traffic control?
A: No. This method is applicable to all TCP and UDP applications and cannot distinguish between normal and abnormal applications. Therefore, normal applications are blocked. On the other hand, even if the session speed of an abnormal application is lower than the set value, a large number of concurrent sessions (for example, more than 10000) will be accumulated, which will eventually cause network congestion.

Q13: Is the P2P Control Technology Based on the application layer the most effective P2P control technology?
A: Not necessarily. P2P communication protocols have gone through three stages of development: 1) fixed port phase, 2) random port phase, 3) encrypted traffic phase, the P2P Control Technology Based on the application layer can well control P2P software in the first and second stages. However, as P2P software (such as the new BT) encrypts communication protocols, this technology will become ineffective.

Q14: Is the bandwidth Analysis and Control Technology Based on the application layer the most effective analysis and control technology?
A: Not necessarily. First, because it works in the same way as anti-virus, its advantage is precision. Its disadvantage is: 1) There are always some (10 ~ 30%) unidentifiable traffic, such as IP fragmentation and encrypted traffic; 2) performance will continue to decline. When there are more and more signatures, the performance will get lower and lower, to a certain extent, this trend will make the flow control device a new performance bottleneck in the network; 3) due to frequent updates to the pattern, it is difficult to maintain the device in the future, and the overall cost of ownership is high; 2. High reliance on manufacturers. Force majeure factors such as shutdown and collapse of manufacturers make purchasing their products a *** behavior. Second, we need to differentiate the bandwidth analysis and control technologies based on the application layer, and determine the existence of unknown traffic is an indirect result for the layer-7 bandwidth analysis technology, however, the bandwidth control technology based on it is a real nightmare, because it must first identify and control, so this part of the traffic will never be effectively controlled, when an unknown traffic suddenly increases in a short period of time, the traffic control measures will immediately expire. For example, the rapid popularization of the new version of thunder in has led to the failure of many traffic control devices, especially for foreign devices.

Q15: must the traffic control feature database be upgraded to ensure the effectiveness of traffic control, and is there a traffic control system that does not rely on the traffic control feature database?
A: The traffic control effect cannot be guaranteed only when the traffic control feature database is upgraded. Of course, there is a traffic control system that does not rely on the traffic control feature database, not all network environments are applicable to traffic control systems that depend on the traffic control feature database. The flow control system is generally divided into two categories: the exit application control and the source user control. The flow control system that relies on the flow control feature database is suitable for the exit application control.

Q16: How can I view the network egress bandwidth of my unit?
A: You can view the 24-hour traffic trend chart of the WAN port of the Traffic Management device, that is, view the usage of the download bandwidth (that is, the sending and receiving traffic) over a period of time. A Real-time test on the website can verify the outbound bandwidth value, but it cannot be used as formal evidence. In addition, to improve efficiency and facilitate management, ISP generally only limits the download bandwidth, and the upload bandwidth may not be limited. The download bandwidth of pppoe dial-up users is large and the upload bandwidth is small. If the download bandwidth is not full but the upload bandwidth is full, network congestion may occur because the user's requests cannot be transmitted in time.

Q17: In the traffic distribution chart at the egress gateway, what is the cause of heavy traffic?
A: The sending (transmit) traffic is the traffic that the client actively sends to the server, including P2P upload traffic and user-sent URL requests. In general, the user sends less traffic than the received traffic. However, when a large number of P2P, p2sp users, viruses, Trojans, and worms exist in the network, this will generate a large amount of search and upload traffic, and the user is not aware of the background traffic.

Q18: after the traffic control device is used, the traffic distribution chart shows that the BT traffic decreases and the HTTP traffic increases. Does this mean that the traffic control is successful?
A: Not necessarily. First, check whether the unknown traffic has also increased. If so, it means there are still unknown and uncontrollable P2P and p2sp traffic. Second, even if the unknown traffic has not increased, there may also be HTTP download traffic generated by non-Browsers (such as Xunlei and Dudu), which will occupy the bandwidth of the user's Webpage Browsing, resulting in the common user's feeling that it is slow to open the webpage.

Q19: does it mean that traffic control fails if the download speed of Bt and thunder is fast?
A: Not necessarily. If the speed at which key applications or users browse the Web page is not affected while downloading Bt and thunder, it indicates that the traffic control policy is effective. It does not matter whether to block BT and thunder, because they do not affect the overall performance of the network.

Q20: how can we determine the effectiveness of traffic control?
Answer: both internal and external considerations. It depends on the traffic distribution chart at the egress gateway, whether there is any uncontrolled traffic, and the traffic distribution chart of the user's network segment and IP address, check whether the bandwidth occupied by different applications of each controlled network segment and IP address exceeds the set value.

Q21: How do customers select a traffic analysis device?
A: First, check the Monitoring Protocol. A good device must have at least two Protocols: SNMP and NetFlow. Second, check whether the application-layer traffic analysis function is available. Third, check the monitoring object, good devices can monitor the traffic at the egress gateway and the traffic distribution of the source network. Fourth, they can monitor the traffic data storage and processing methods, A good device can output traffic data to a dedicated traffic analysis workstation to separate the traffic storage, analysis, statistics, query, and traffic capture functions, this ensures the operational efficiency of the traffic analysis device and the sustainability of the traffic data storage.

Q22: How do customers choose traffic control devices?
A: First, you need to understand the customer's network environment:
1) Is it a paid network or a free network?
For a pay-as-you-go network, you can only control the bandwidth and number of sessions.
2) Is it a carrier network or a user access network?
The former only controls the traffic of the egress application, regardless of the Flow Control of the Intranet user, the latter must control the flow of the Intranet user, so the function requirements of the flow control device is higher than the former.
3) What is the access bandwidth?
The throughput of the Traffic Control Gateway should be at least 30% of the access bandwidth to ensure 3 ~ There will be no performance bottleneck within five years.
4) Is there any dual-line or multi-line access?
Multi-line access requires the traffic control gateway to have multiple traffic control bridges at the same time, which determines whether the scalability of the Traffic Control Gateway is sufficient.
Second, compare the traffic control policies:
1) Comprehensive Traffic Control Policies
Normal devices only control P2P applications. Good devices control the bandwidth, session count, total traffic, and applications of all traffic. Due to the diversity of traffic, one or two policies alone cannot be managed well. Therefore, a comprehensive traffic control policy must be implemented to achieve traffic management.
2) granularity of traffic control policies
The control precision of a common device can only reach the IP or gateway level. A good device can control the bandwidth and the number of sessions for different applications of each source IP, in addition, only in this way can the service quality of key applications and other applications be guaranteed, and the consistency of the Internet experience of users of the same level can be ensured.
3) universality and long-term effectiveness of traffic control policies
Some control P2P Traffic control policies by using application-layer signatures. If the pattern cannot be updated in time or become unknown, the traffic control may fail. A recent example: the change of Bt communication protocol encryption and thunder communication protocol leads to the failure of dedicated P2P Traffic control equipment. A good traffic control device does not rely on application signatures, so it can withstand the test of time and application software protocol changes.

Q23: What are the differences between Flow Control over Internet cafes, enterprises, and ISPs?
A: Internet cafes can control the client by 100%. Therefore, they can achieve universality and long-term effectiveness without the need for throttling based on application feature values at the gateway. Enterprises and institutions can determine key applications by 100%. Therefore, they can achieve universality and long-term effectiveness without the need to perform Flow Control Based on application feature values at the gateway. ISP networks cannot control clients or determine key applications. They can only determine applications with low priority (such as P2P). Therefore, traffic control based on application feature values must be performed at the gateway.
In fact, the traffic control system based on the application feature value should be called the "Exit traffic identification and control system", which is not applicable to the traffic control requirements of Internet cafes, enterprises and institutions.

Q24: how to allocate bandwidth based on dynamic users?
A: Taking schools as an example, teachers and students are dynamically distributed in the network. In addition to desktops, laptops, mobile phones, tablets, and other mobile Internet access devices, fixed IP addresses cannot be used as the identification criteria, therefore, user authentication must be used for Dynamic Identification. Specifically, the following features are required: 1) the traffic control policy must include user group options to treat different users differently, the user authentication function is not associated with the traffic control policy, so users cannot be treated differently. 2) the traffic statistics function must be provided to automatically exit idle users after login, to prevent others from occupying this IP address; 3) provide a self-service portal for users to log on, exit, modify passwords, and view logs. users of mobile phones and tablets can also use this IP address. 4) user management and user authentication logs must be provided.

This article is from the "hust888" blog, please be sure to keep this source http://70365.blog.51cto.com/60365/1569600

FAQ on product selection of Traffic Management System)