It has become more affordable to acquire lots of bandwidth, but there are many places not so blessed. Often times substantial bandwidth increases don’t yield the expected performance improvements because “bad” traffic grabs a lot of the new capacity. Traffic shaping technology that can make whatever bandwidth you have work much better, assuring mission critical applications perform reliably and predictably, consistently yielding better results than the ongoing costs of higher bandwidth.
Many better firewalls provide some level of what they call traffic shaping, but the capabilities are pretty meager compared to a dedicated traffic shaper with deep packet inspection (DPI). For one, they typically don’t look any further than the port number of the traffic, and assume if traffic is running on some standard, recognizable port (ie. 80 for HTTP) that is indeed that protocol. Because of this, many types of traffic that employers may commonly wish to restrict disguises itself on commonly used ports to slip by many firewall policies, known as port hopping. This can be really bad traffic, like malware or other security threats, P2P apps, or simply those of a more recreational nature that employers normally wouldn’t want employees doing on the job, or at least not impacting business use. Firewalls doing shaping often adds latency, to the detriment of audio and video. This is because most perform inspection in software.
How about something that drills down into the packets, and using a combination of many techniques correctly identifies the traffic, even if it is not on the normal port for that application or protocol. How about identifying with great accuracy even encrypted protocols?
You see, if you haven’t accurately identified traffic to begin with, then subsequent rules for prioritization and traffic rates can actually help unwanted traffic. Getting it all correctly identified is a critical first step.
Once identified correctly, a good traffic shaper can shape flows much more flexibly and dynamically than a firewall. A firewall, working with inaccurate information to begin with, typically cannot effectively allocate bandwidth. You may cap FTP at 5Mbps, for instance, but not be able to allow it to go faster if there’s unused bandwidth. Prioritization partially addresses that, but not very granularly. Also, the queuing mechanisms in firewalls and routers tend to be inferior and can cause problems when throttling apps, often playing games with TCP/IP windowing.
Sophisticated traffic shapers offer many benefits for high performance networks. The good ones are out of the reach of smaller users, but many schools, universities, and enterprises use traffic shaping and bandwidth management to effectively manage the huge flows they generate. Every bandwidth upgrade they can avoid or postpone saves huge in all the associated equipment upgrades plus ongoing bandwidth costs. Traffic shaping is also coming on strong in the data center.
Some also use shapers as security devices in environments where outbound traffic needs to be scrutinized. By correct identification of traffic regardless of port can stop many exploits that can otherwise sneak traffic out past corporate firewalls, whether from compromised systems or rogue employees. It’s very tough to control outbound traffic on a firewall without really onerous rules.
Most commonly shaping is performed on Internet links, but private WANs can benefit as well, depending on the architecture and flow requirements. We have devices that can handle both Internet links and internal WAN links in the same box to reduce costs. Let us discuss your situation and expand upon the possibilities. We can even provide evaluation gear to see what you are not now seeing.