I'm sure the list would appreciate some distillation of that feedback. Once the weekend is over of course :-) Cheers Jamie On 9/03/2012, at 4:44 PM, Jodi wrote:

Thanks to all who sent advice and recommendations. Time for some ‘light’ reading over the weekend

Hope you all enjoy yours J

Kind Regards Jodi

From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Jodi Sent: Thursday, 8 March 2012 4:38 p.m. To: nznog(a)list.waikato.ac.nz Subject: [nznog] traffic shaping

Hi All

Currently we’re running a couple of Packeteers (one for each of our upstreams) to give users a fair slice of the pie. However they’re starting to wilt under the increased load and it’s time to look at replacing.

I’ve been looking around at some of the more popular appliances that I am aware of (Packeteer, Exinda, Netequalizer), however I don’t want to buy a lemon.

The other thought was to shape directly on the routers – have a couple of Cisco 2821’s at our borders. I’m familiar with the shaping process but have never attempted on Cisco kit before so don’t want to start down that path if it’s the wrong way to go (especially as I would be the only one who could manage it and I like the occasional day off).

My main focus to is to shape at the border by IP for different classes based on our plans e.g. burst to 4meg, 2meg dedicated, 2.5 burst to 10, etc Secondary to that is reporting and 3rdly QoS

Any and all advice welcome, on and off list

Cheers Jodi

-- Jodi Thomson Network & Systems Engineer Ph +64-6-8355800 Fax +64-6-8355811 Mob +64-21-903712 E-Mail jodi(a)team.waspnet.co.nz www.waspnet.co.nz

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Instead of J2300 look at SRX perhaps. Cheap, fast, good. Pick three. On 13/03/2012, at 10:34 AM, Jodi wrote:

Hello Again

I’ve had a few options given to me – a mixture of router based solutions vs separate appliances

On the router front the options given are: Cisco ASR1k/1001s Cisco SCE (Service Control Engines) Juniper J2320 Mikrotik

And I’ve been informed that policing rather than shaping is the way to go using this type of solution

On the appliance front we have: Allot NetEnforcers Allot Sigma http://www.allot.com/Products_Overview.html A few people recommended these – however I did have one reply stating that the GUI is Java based and horrible

Sandvine DPI boxes http://www.sandvine.com/products/traffic_management.asp

Exinda http://www1.exinda.com/

PacketShaper http://www.packeteer.com/

And there was one recommendation for software http://www.dmasoftlab.com/cont/home

I’m currently leaning towards router based policing using J2320’s which should be more than enough for our needs for the foreseeable future. It’ll mean a slightly higher learning curve as I’ve only done basic JUNOS configuration before. My reasoning however is as follows 1) Having a single box handling the routing/policing means one less box to troubleshoot if any issues arise 2) JUNOS has a fairly logical layout, which while it takes a bit of getting used to is easier to read than ios – oh and the commit/rollback feature is also nice 3) The JUNOS web interface – while I prefer to work at the cli (I don’t trust GUIs) the web interface is good for a quick glance to check for potential problems by those who don’t have the cli skills 4) I need new routers anyway and have plans to redeploy my Cisco 2821s 5) $Price$ – easier to convince the boss to sign the cheque

While not a contributing factor I am keen to improve my JUNOS skills, and in turn my overall routing knowledge

Cheers again for all those who replied

Kind Regards Jodi

From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Jodi Sent: Friday, 9 March 2012 4:44 p.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] traffic shaping

Thanks to all who sent advice and recommendations. Time for some ‘light’ reading over the weekend

Hope you all enjoy yours J

Kind Regards Jodi

From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Jodi Sent: Thursday, 8 March 2012 4:38 p.m. To: nznog(a)list.waikato.ac.nz Subject: [nznog] traffic shaping

Hi All

Currently we’re running a couple of Packeteers (one for each of our upstreams) to give users a fair slice of the pie. However they’re starting to wilt under the increased load and it’s time to look at replacing.

I’ve been looking around at some of the more popular appliances that I am aware of (Packeteer, Exinda, Netequalizer), however I don’t want to buy a lemon.

The other thought was to shape directly on the routers – have a couple of Cisco 2821’s at our borders. I’m familiar with the shaping process but have never attempted on Cisco kit before so don’t want to start down that path if it’s the wrong way to go (especially as I would be the only one who could manage it and I like the occasional day off).

My main focus to is to shape at the border by IP for different classes based on our plans e.g. burst to 4meg, 2meg dedicated, 2.5 burst to 10, etc Secondary to that is reporting and 3rdly QoS

Any and all advice welcome, on and off list

Cheers Jodi

-- Jodi Thomson Network & Systems Engineer Ph +64-6-8355800 Fax +64-6-8355811 Mob +64-21-903712 E-Mail jodi(a)team.waspnet.co.nz www.waspnet.co.nz

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

Put in packet mode, works fine for me -----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Jodi Sent: Tuesday, 13 March 2012 10:52 a.m. To: nznog List Subject: Re: [nznog] traffic shaping

-----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog- bounces(a)list.waikato.ac.nz] On Behalf Of Nathan Ward Sent: Tuesday, 13 March 2012 10:43 a.m. To: nznog List Subject: Re: [nznog] traffic shaping

Instead of J2300 look at SRX perhaps. Cheap, fast, good. Pick three.

The SRX seems to me to be more a firewall than a router. I've got Netscreen's handling access to services (reasonably proficient at ScreenOS). I don't need firewall/IDP at the border just routing and policing/shaping Cheers _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

...

The SRX seems to me to be more a firewall than a router. I've got Netscreen's handling access to services (reasonably proficient at ScreenOS). I don't need firewall/IDP at the border just routing and policing/shaping

The J2320 is slower and about 2.5 times the price of the SRX220H (looking at RRP at a local distributor).

The J2320 holds more BGP routes - but only 400k which is less than the global table right now so it's kind of a moot point. J2320 can also do 32 BGP peers while the SRX can only do 16. Other than that, for a small scale router the SRX is great.

I run BGP signaled VPLS and L3VPNs with RSVP and IS-IS on the SRX just fine - there are no routing features sacrificed in favour of firewall features. It all runs JunOS.

--

Cool I shall take a closer looksee :) Cheers JT

J2320 will handle 2 international routing tables & APE & Domestic just fine with 2gb of ram, plus you can do policy based routing & firewall policys to restrict bandwidth.I started off on them before moving to m7i and then a pair of mx80's. Problem with using JunOs, I dont believe there is an easy way to do CIR / PIR policys. i.e. lets say I had a pool of 50mb of international, I want pool A to get priority over pool B (but when pool A is not using it, let pool B burst and use it), or Gold user to get better priority over Brass user; these are all functions of the cisco SCE. When I did research some time back I recall seeing a license feature for junos. Cheers Barry On Tue, 13 Mar 2012 11:17:36 +1300, Nathan Ward wrote:

The J2320 holds more BGP routes - but only 400k which is less than the global table right now so it's kind of a moot point. J2320 can also do 32 BGP peers while the SRX can only do 16. Other than that, for a small scale router the SRX is great.

Not sure of the licensing for JunOS rate-limiting, but we have it going between our MX80s in Auckland and Sydney - three classes each with guaranteed rates that add up to the 1Gb/s, and they burst into each other's spaces fine On Tue, Mar 13, 2012 at 2:40 PM, Jonathan Brewer wrote:

I found the 2320s ran out of CPU pretty fast when faced with a few tens of megabits per second of mixed small packet traffic. Unless they've changed in the last three years, I'd pass. You can buy smartphones these days with faster CPUs.

On Tue, Mar 13, 2012 at 12:12 PM, Barry Murphy wrote:

...

J2320 will handle 2 international routing tables & APE & Domestic just fine with 2gb of ram, plus you can do policy based routing & firewall policys to restrict bandwidth.I started off on them before moving to m7i and then a pair of mx80's. Problem with using JunOs, I dont believe there is an easy way to do CIR / PIR policys.

i.e. lets say I had a pool of 50mb of international, I want pool A to get priority over pool B (but when pool A is not using it, let pool B burst and use it), or Gold user to get better priority over Brass user; these are all functions of the cisco SCE. When I did research some time back I recall seeing a license feature for junos.

Cheers Barry

On Tue, 13 Mar 2012 11:17:36 +1300, Nathan Ward wrote:

...

The J2320 holds more BGP routes - but only 400k which is less than the global table right now so it's kind of a moot point. J2320 can also do 32 BGP peers while the SRX can only do 16. Other than that, for a small scale router the SRX is great.

______________________________**_________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/**mailman/listinfo/nznoghttp://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

-- Sam Russell Network Operations Research & Education Advanced Network NZ Ltd ddi: +64 4 913 6365 mob: +64 21 750 819 fax: +64 4 916 0064 http://www.karen.net.nz

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oh and I have a slot in P4 2.8 CPU replacement for the Celeron 2.4 that ships standard with the J2320, if anyone has a spare unit and wants to see if they can make the magic smoke come out, let me know :) On 13/03/2012 3:31 p.m., Andrew Thrift wrote:

+1

SRX is much more powerful than the J series. Just make sure to use them in packet mode.

On 13/03/2012 10:43 a.m., Nathan Ward wrote:

...

Instead of J2300 look at SRX perhaps. Cheap, fast, good. Pick three.

On 13/03/2012, at 10:34 AM, Jodi wrote:

...

Hello Again

I’ve had a few options given to me – a mixture of router based solutions vs separate appliances

On the router front the options given are: Cisco ASR1k/1001s Cisco SCE (Service Control Engines) Juniper J2320 Mikrotik

And I’ve been informed that policing rather than shaping is the way to go using this type of solution

On the appliance front we have: Allot NetEnforcers Allot Sigma http://www.allot.com/Products_Overview.html A few people recommended these – however I did have one reply stating that the GUI is Java based and horrible

Sandvine DPI boxes http://www.sandvine.com/products/traffic_management.asp

Exinda http://www1.exinda.com/

PacketShaper http://www.packeteer.com/

And there was one recommendation for software http://www.dmasoftlab.com/cont/home

I’m currently leaning towards router based policing using J2320’s which should be more than enough for our needs for the foreseeable future. It’ll mean a slightly higher learning curve as I’ve only done basic JUNOS configuration before. My reasoning however is as follows 1) Having a single box handling the routing/policing means one less box to troubleshoot if any issues arise 2) JUNOS has a fairly logical layout, which while it takes a bit of getting used to is easier to read than ios – oh and the commit/rollback feature is also nice 3) The JUNOS web interface – while I prefer to work at the cli (I don’t trust GUIs) the web interface is good for a quick glance to check for potential problems by those who don’t have the cli skills 4) I need new routers anyway and have plans to redeploy my Cisco 2821s 5) $Price$ – easier to convince the boss to sign the cheque

While not a contributing factor I am keen to improve my JUNOS skills, and in turn my overall routing knowledge

Cheers again for all those who replied

Kind Regards Jodi

From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Jodi Sent: Friday, 9 March 2012 4:44 p.m. To: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] traffic shaping

Thanks to all who sent advice and recommendations. Time for some ‘light’ reading over the weekend

Hope you all enjoy yours J

Kind Regards Jodi

From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Jodi Sent: Thursday, 8 March 2012 4:38 p.m. To: nznog(a)list.waikato.ac.nz Subject: [nznog] traffic shaping

Hi All

Currently we’re running a couple of Packeteers (one for each of our upstreams) to give users a fair slice of the pie. However they’re starting to wilt under the increased load and it’s time to look at replacing.

I’ve been looking around at some of the more popular appliances that I am aware of (Packeteer, Exinda, Netequalizer), however I don’t want to buy a lemon.

The other thought was to shape directly on the routers – have a couple of Cisco 2821’s at our borders. I’m familiar with the shaping process but have never attempted on Cisco kit before so don’t want to start down that path if it’s the wrong way to go (especially as I would be the only one who could manage it and I like the occasional day off).

My main focus to is to shape at the border by IP for different classes based on our plans e.g. burst to 4meg, 2meg dedicated, 2.5 burst to 10, etc Secondary to that is reporting and 3rdly QoS

Any and all advice welcome, on and off list

Cheers Jodi

-- Jodi Thomson Network& Systems Engineer Ph +64-6-8355800 Fax +64-6-8355811 Mob +64-21-903712 E-Mail jodi(a)team.waspnet.co.nz www.waspnet.co.nz

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

- -- Liam Farr skype: nz_liam mobile: +64-22-6107884 mobile: +64-27-5222624 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPXrZ1AAoJEDIB8XDlmaeB0S0IAJMTCgaXaNHfmP8ITTejUF1v k6JD9RH7dcRofMX4voR58shCN1X8cpXQqCuV6YMtANPGTyJrKOqJKVMJCJ5spiID 4MHQ1JCUZpLw/BxfNE7VxECQy00TjP37Y6AK44DeuevdX+VQx54oh1azF0IIAMsa +fcDVoR6ysNnpm9uCRoT02ZnUcgo7owM6k5E0pxisDWxIwYGjwd13S186OprBEaq AaqvSKC5zD2s1LHmwHsWSLEsKz+ZrKbHuQdJuiFqmh6zUncrrx06NSDvUVTWnxgk qHG1MHl7V+A5v2wAbrPG0H/i0dvLFfcw5SPWBxtCAtw+vmhblr5s4yuuN+5cK+I= =3Zog -----END PGP SIGNATURE-----

You do burn through a bit of cpu if you run 1:1 netflow sampling. Hence my intention to experiment with a faster cpu. Have since found a better solution to the cpu:netflow relationship. ---- Liam Farr +64-22-6107884 +64-27-5222624 Sent using my BlackBerry -----Original Message----- From: Andrew Thrift Date: Tue, 13 Mar 2012 16:22:44 To: Liam Farr; nznog(a)list.waikato.ac.nz Subject: Re: [nznog] traffic shaping I believe they used Celeron 2.4 for "control plane" and a bunch of StrongARM's linked with SPI to form a pseudo hardware forwarding plane.  I guess it shows the age of the platform. On 13/03/2012 3:52 p.m., Liam Farr wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oh and I have a slot in P4 2.8 CPU replacement for the Celeron 2.4 that ships standard with the J2320, if anyone has a spare unit and wants to see if they can make the magic smoke come out, let me know :) On 13/03/2012 3:31 p.m., Andrew Thrift wrote: +1 SRX is much more powerful than the J series. Just make sure to use them in packet mode. On 13/03/2012 10:43 a.m., Nathan Ward wrote: Instead of J2300 look at SRX perhaps. Cheap, fast, good. Pick three. On 13/03/2012, at 10:34 AM, Jodi wrote: Hello Again I’ve had a few options given to me – a mixture of router based solutions vs separate appliances On the router front the options given are: Cisco ASR1k/1001s Cisco SCE (Service Control Engines) Juniper J2320 Mikrotik And I’ve been informed that policing rather than shaping is the way to go using this type of solution On the appliance front we have: Allot NetEnforcers Allot Sigma http://www.allot.com/Products_Overview.html A few people recommended these – however I did have one reply stating that the GUI is Java based and horrible Sandvine DPI boxes http://www.sandvine.com/products/traffic_management.asp Exinda http://www1.exinda.com/ PacketShaper http://www.packeteer.com/ And there was one recommendation for software http://www.dmasoftlab.com/cont/home I’m currently leaning towards router based policing using J2320’s which should be more than enough for our needs for the foreseeable future. It’ll mean a slightly higher learning curve as I’ve only done basic JUNOS configuration before. My reasoning however is as follows 1) Having a single box handling the routing/policing means one less box to troubleshoot if any issues arise 2) JUNOS has a fairly logical layout, which while it takes a bit of getting used to is easier to read than ios – oh and the commit/rollback feature is also nice 3) The JUNOS web interface – while I prefer to work at the cli (I don’t trust GUIs) the web interface is good for a quick glance to check for potential problems by those who don’t have the cli skills 4) I need new routers anyway and have plans to redeploy my Cisco 2821s 5) $Price$ – easier to convince the boss to sign the cheque While not a contributing factor I am keen to improve my JUNOS skills, and in turn my overall routing knowledge Cheers again for all those who replied Kind Regards Jodi From: nznog-bounces(a)list.waikato.ac.nz mailto:nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Jodi Sent: Friday, 9 March 2012 4:44 p.m. To: nznog(a)list.waikato.ac.nz mailto:nznog(a)list.waikato.ac.nz Subject: Re: [nznog] traffic shaping Thanks to all who sent advice and recommendations. Time for some ‘light’ reading over the weekend Hope you all enjoy yours J Kind Regards Jodi From: nznog-bounces(a)list.waikato.ac.nz mailto:nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Jodi Sent: Thursday, 8 March 2012 4:38 p.m. To: nznog(a)list.waikato.ac.nz mailto:nznog(a)list.waikato.ac.nz Subject: [nznog] traffic shaping Hi All Currently we’re running a couple of Packeteers (one for each of our upstreams) to give users a fair slice of the pie. However they’re starting to wilt under the increased load and it’s time to look at replacing. I’ve been looking around at some of the more popular appliances that I am aware of (Packeteer, Exinda, Netequalizer), however I don’t want to buy a lemon. The other thought was to shape directly on the routers – have a couple of Cisco 2821’s at our borders. I’m familiar with the shaping process but have never attempted on Cisco kit before so don’t want to start down that path if it’s the wrong way to go (especially as I would be the only one who could manage it and I like the occasional day off). My main focus to is to shape at the border by IP for different classes based on our plans e.g. burst to 4meg, 2meg dedicated, 2.5 burst to 10, etc Secondary to that is reporting and 3rdly QoS Any and all advice welcome, on and off list Cheers Jodi -- Jodi Thomson Network& Systems Engineer Ph +64-6-8355800 Fax +64-6-8355811 Mob +64-21-903712 E-Mail jodi(a)team.waspnet.co.nz mailto:jodi(a)team.waspnet.co.nz www.waspnet.co.nz http://www.waspnet.co.nz _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz mailto:NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz mailto:NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz mailto:NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog - -- Liam Farr skype: nz_liam mobile: +64-22-6107884 mobile: +64-27-5222624 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPXrZ1AAoJEDIB8XDlmaeB0S0IAJMTCgaXaNHfmP8ITTejUF1v k6JD9RH7dcRofMX4voR58shCN1X8cpXQqCuV6YMtANPGTyJrKOqJKVMJCJ5spiID 4MHQ1JCUZpLw/BxfNE7VxECQy00TjP37Y6AK44DeuevdX+VQx54oh1azF0IIAMsa +fcDVoR6ysNnpm9uCRoT02ZnUcgo7owM6k5E0pxisDWxIwYGjwd13S186OprBEaq AaqvSKC5zD2s1LHmwHsWSLEsKz+ZrKbHuQdJuiFqmh6zUncrrx06NSDvUVTWnxgk qHG1MHl7V+A5v2wAbrPG0H/i0dvLFfcw5SPWBxtCAtw+vmhblr5s4yuuN+5cK+I= =3Zog -----END PGP SIGNATURE----- _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz mailto:NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog