APconnections NETEQUALIZER NE 3000, User Manual

Page 1: ...NetEqualizer User Guide Copyright 2014 2017 APconnections Inc All Rights Reserved No part of this publication including text examples diagrams or illustrations may be reproduced transmitted or translated in any form or by any means electronic mechanical manual optical or otherwise for any purpose without prior written permission of APconnections Inc ...

Page 2: ...arameter to Adjust Equalizing Sensitivity 17 Set Additional Equalizing Parameters 18 Additional Parameters to Adjust Equalizing Sensitivity 18 Parameters to Size Internal Tables 20 Viewing your Equalizing Parameter Settings 21 Equalizing in Action 21 Setting Bandwidth Limits 22 Configure Hard Limits by IP 23 Hard Limit Rules 24 Creating a Hard Limit 25 Modifying a Hard Limit 25 Deleting a Hard Lim...

Page 3: ...55 Restricting Bandwidth Usage 56 Establishing User Quotas 56 User Quota Rules 57 Creating User Quota Rules 58 Resetting User Quota Rules 59 Modifying User Quota Rules 61 Deleting User Quota Rules 61 Starting the Quota System 62 Viewing User Quotas 63 MAC Redirection 65 Perform Quick Edits 67 Quick Edit Deleting a Rule 68 Quick Edit Adding a Rule 68 Distributed Denial of Service Attack DDoS Tools ...

Page 4: ...ance Tasks 97 Powering Off the NetEqualizer 97 Backing Up Your Configuration Settings 97 Getting Software Updates for the NetEqualizer 97 Troubleshooting 100 Frequently Asked Questions FAQs 103 Appendix 1 Equalizing Parameters Units Defaults 107 Appendix 2 Setting Forcing LAN Speeds and Duplex 108 Appendix 3 Packet Capturing for taps such as CALEA 110 Appendix 4 NetEqualizer Caching Option NCO 112...

Page 5: ...Once up and running it is a good idea to review this entire NetEqualizer User Guide to become familiar with all of the advanced features available to you Note The NetEqualizer User Guide is not a step by step instruction manual Select the feature you are interested in from the Table of Contents and go directly to that section For Additional Help Should you need further assistance setting up your N...

Page 6: ... generally a constriction point in traffic flow where many users compete for this limited resource By placing your NetEqualizer at this junction you will automatically optimize your Internet speed The NetEqualizer operates as a Transparent Bridge on your network There is typically no need to change anything in your network configuration to install the appliance Simply install the NetEqualizer betw...

Page 7: ...rk First make sure that you power on the NetEqualizer Do this by pressing the red power button to the right of the LED panel Note We recommend that you install your NetEqualizer on a UPS to protect from power surges and outages All of the NetEqualizer models series 3000 4000 5000 have two Ethernet interfaces and a Management Port We are now using port plugs to help distinguish the various interfac...

Page 8: ...ts in the Power LED Eth0 and Eth1 LEDs as shown in the display panel picture on the previous page optional Access Point Configuration in a Wireless Network Put your radios in bridging mode and set your Firewall Router at your headend to do DHCP and NAT instead of doing DHCP and NAT at your Access Points optional Setting LAN Port Speed and Duplex Occasionally customers need to manually set LAN Port...

Page 9: ...fault passwords install your license key change your IP addresses and set the date time and time zone All of these functions are found under the Setup button circled in orange above on the NetEqualizer Dashboard When you Click on Setup the Setup window at right come up Note that all Setup functions are available by clicking on the links orange text The Side Menu also can be used to navigate to fun...

Page 10: ...om here you can Start Stop Equalizing Show your current NetEqualizer Configuration View Active Connections all traffic running through the NetEqualizer or Run Diagnostics Information Buttons provide a quick overview of key settings To help keep you up to date on if you need to upgrade we display the current software version that you are running You can also see the system date time and time zone a...

Page 11: ...ted in orange on the Setup window For example if you click on Manage Traffic Limits you will see Configure Hard Limits Configure Pools and VLANS etc On the Setup screen all Setup Functions are available by clicking on the links orange text For example the Manage Traffic Limits functions are circled in blue above Note that clicking on a Side Menu Item or a Function orange text will bring up a new c...

Page 12: ...n specifically for configuring Equalizing and all Traffic Limits We strongly recommend that you set this to megabits per second Mbps which best matches most customer s environments General Traffic Real Time Graph Units These units are used anywhere the General Traffic Graph is displayed This includes the NetEqualizer Dashboard the RTR Dashboard and in General Traffic History We also recommend that...

Page 13: ...ndwidth users do not have to share the pain of a slow congested network with the network hogging applications Equalizing does this by using our proprietary algorithms to implement fairness First equalizing tracks how much bandwidth is being used If bandwidth used is over a predefined level the network is considered congested Once the network is considered congested equalizing looks at every connec...

Page 14: ... Process Started Click on Setup Configure Equalizing The Configure Equalizing window appears defaulted to the Key Equalizing Parameters tab as shown below As of Software Update 8 4 once you are in the Configure Equalizing screen if Equalizing is OFF you will see a warning message seen here that prompts you to start Equalizing Click on Start Equalizing to start the Equalizing process You can also v...

Page 15: ...that you have set up When you lower RATIO Equalizing will kick in sooner making equalizing more sensitive When you raise RATIO Equalizing kicks in later making equalizing less sensitive To change the Ratio RATIO Parameter If you are not already on the Setup screen from the NetEqualizer Dashboard Click on Setup Configure Equalizing The Configure Equalizing window appears defaulted to Key Equalizing...

Page 16: ...r of these parameters larger than your actual trunk size will make the shaping rules less restrictive Making them smaller than your actual trunk size will make them more restrictive Alternatively you can reduce RATIO to make shaping rules more restrictive The NetEqualizer defaults Bandwidth Up and Bandwidth Down to a 15 360 Mbps However you will see what bandwidth level you are licensed in the not...

Page 17: ... level for which connections will not be penalized In other words a connection using less bandwidth in megabits per second than this number will never get penalized The default value of 1 megabit per second will ensure that most business critical traffic such as VoIP web browsing and web applications are never accidentally throttled back when NetEqualizer reaches a congestion threshold as they wil...

Page 18: ...al Parameters to Adjust Equalizing Sensitivity In some instances Equalizing defaults may need to be custom tuned for sensitivity For example if streaming music feeds break midstream at times when the total usage on the trunk is light it might be because Equalizing is tuned to be too sensitive Penalty Unit PENALTY_UNIT 100ths of seconds Default 5 PENALTY_UNIT is the minimum penalty that will be inf...

Page 19: ...nger visible on the NetEqualizer web GUI as this is rarely changed MOVING_AVG keeps NetEqualizer from penalizing short bursts of activity For example if this variable is set to 8 and the network is hit with a burst of 8000 bytes over a second from an IP address the moving average for the second would be 8000 8 or 1000 bytes If the burst persisted for four seconds the average would be 32000 8 or 40...

Page 20: ...on ability with that of their Router which uses a timeframe of minutes Inactive Tics INACTIVE_TICS units are hundredths of seconds Default 200 This parameter is rarely changed from the Default This is how long an entry in the Connection Tracking Table BRAIN_SIZE from above will live before being removed if no activity is detected Generally we are not interested in connections that are idle For exa...

Page 21: ...alties being applied to your network from the Dashboard Click on RTR Active Connections View Active Penalties To see a history of the penalties being applied from the Dashboard Click on RTR Traffic History General Penalty Reports When your network is experiencing moderate to heavy use you will see entries containing the word PENALTY followed by two IP addresses in the NetEqualizer Log To view the ...

Page 22: ...eir own bandwidth limit Pool1 students 100Mbps up 120Mbps down Pool2 faculty 50Mbps up 60Mbps down Pool3 administrators 25Mbps up 30Mbps down Bandwidth Limiting Rules define and restrict the amount of bandwidth a specific IP address or set of IP addresses can use Bandwidth Limits do NOT physically reserve bandwidth on your network They are used to set a virtual ceiling or limit for an IP or group ...

Page 23: ... The Configure Hard Limits screen opens shown here Configure Hard Limits is a Batch Entry Screen where you can add or edit many rules at once and then save your changes saving you time in the setup process Click on the dark blue buttons to add entries red x to delete entries circled in blue above and the blue up down arrows circled in orange to reorder Hard Limits Once you have entered modified or...

Page 24: ... address does NOT match the override individual IP For example this is allowed Subnet Hard Limit 10 1 1 0 24 Override Hard Limit 10 1 1 143 32 This is NOT allowed Subnet Hard Limit 10 1 1 143 24 Override Hard Limit 10 1 1 143 32 When setting up Subnet Hard Limits we recommend using 0 for the base address This means that you can have override Hard Limits for any IP except 10 1 1 0 using our example...

Page 25: ...et saved your changes If you were to click off this screen before saving changes your data would be cleared Once you have entered all of your limits Click on Save Changes to save changes or Click on Reset to discard changes We are now prompted to Restart Equalizing for the new Hard Limits to take effect Once we Click on Restart Equalizing our new Hard Limits will be available to the NetEqualizer p...

Page 26: ...n the row that you wish to delete The HL row will disappear To completely remove the HL from the configuration file you need to Click on Save Changes We are now prompted to Restart Equalizing for the Hard Limit rule to be completely removed from the NetEqualizer Configuration Once we Click on Restart Equalizing our HL will be permanently deleted In our example we have clicked on the red x next to ...

Page 27: ...ser at warp speed In order to make bursting a special feature it obviously can t be on all the time For this reason by default the NetEqualizer will force a user to wait 80 seconds before they can burst again Setting up Bursting on an IP Address From the NetEqualizer Dashboard or Navigation Menu Click on Setup Manage Traffic Limits Configure Hard Limits The Configure Hard Limits screen opens shown...

Page 28: ...first parameter BURST DELAY is the time an IP must wait in seconds before it can burst again If an IP has done a burst cycle it will be forced to wait this long in seconds before it can burst again BURST DELAY is defaulted to 80 seconds This means that an IP address will wait 80 seconds after its last burst duration completes before bursting again The second parameter BURST DURATION is the time an...

Page 29: ...raffic Limits Hard Limits are the first section of the report You will see a list of your Hard Limits as shown in the following excerpt from the report From this report you can also navigate back to the Hard Limits batch entry by clicking on the dark blue Edit button Configuration File You can also see your Hard Limits in the NetEqualizer Configuration File From the NetEqualizer Dashboard or Navig...

Page 30: ...if RATIO was 85 then equalizing would occur on the 10Mbps Pool when download bandwidth hits 8 5Mbps The bandwidth restriction on a Pool may fluctuate a bit depending on the type of traffic Heavy use of UDP traffic tends to run over the limit and heavy TCP IP traffic FTP for example will tend to be held below the limit Pools were added for network topologies where bandwidth congestion is occurring ...

Page 31: ...re Update 8 4 this maintained in our Quick Edit screens From the Configure Pools and VLANs batch entry screen you can move to the Quick Edit Pools screen to add or delete Pool Members or Add a Pool without having to restart equalizing Quick Edit cannot be used to modify rules Bandwidth Pool Rules Before creating Pools it is important for you to understand several rules that apply Bandwidth Pools c...

Page 32: ... special characters are allowed We typed in another pool You will see the following error when you click on Save Changes if your Pool Name is not valid TAB to Download Mbps field Type in a Positive Number You can use fractional values such as 12 04 as shown above for Pool 2 We typed in 20 TAB to Upload Mbps field Type in a Positive Number You can use fractional values such as 2 848 as shown above ...

Page 33: ...us to add another Pool Member to Pool 4 Any unsaved fields are shown in yellow as a visual reminder that you have not yet saved your changes If you were to click off this screen before saving changes your data would be cleared Once you have entered all of your Pool Members Click on Save Changes to save changes or Click on Reset to discard changes In our example Pool 4 now has one Pool Member a 24 ...

Page 34: ... prompted to Restart Equalizing for the updated Pool Limit rules to take effect Once we Click on Restart Equalizing our new Pools settings will be available to the NetEqualizer process Deleting a Pool or Pool Member In order to remove a Pool or Pool Member click on the red x button on the row that you wish to delete The Pool or Pool Member row will disappear To completely remove the Pool or Pool M...

Page 35: ...Ns batch entry by clicking on the dark blue Edit button Configuration File You can also see your Pools in the NetEqualizer Configuration File From the NetEqualizer Dashboard or Navigation Menu Click on RTR Configuration If your configuration file is more than 25 lines you may need to click on the Last button to go to the end of your file as we did below Each Pool row will start with the Pool displ...

Page 36: ... You can read row 33 as follows an individual IP 204 48 96 61 32 is a member of Pool 1 200001 with no bursting 1 Row 34 reads as the subnet 204 48 111 and all its IP addresses 24 are members of Pool 1 200001 with no bursting 1 Note Pools look similar to Hard Limits in the Configuration File You can tell apart by the Pool IP address which is made up of the Pool repeating For example Pool 1 would be...

Page 37: ...In our example shown below if you set the download limit on VLAN 200 to 100Mbps and the VLAN usage level reaches RATIO default value is 85 the NetEqualizer will begin to penalize any connection exceeding the value of HOGMIN within the VLAN From the NetEqualizer Dashboard or Navigation Menu Click on Setup Manage Traffic Limits Configure Pools and VLANs By VLAN tab The following screen opens Configu...

Page 38: ...ess exists within a VLAN Limit it will receive priority over other IP addresses within the VLAN Limit Creating a VLAN Limit A VLAN Limit is a shaping rule that causes the NetEqualizer to enforce your rate limit such that the aggregate bandwidth usage of all current VLAN users will not exceed the values selected for incoming and outgoing bytes per second To create a VLAN Limit Click on dark blue bu...

Page 39: ... Pools and VLANs screen opens In our example shown below we changed the Download Limit from 50 to 75Mbps and the Upload Limit from 25 to 50Mbps for VLAN 205 These fields turn yellow showing that we have updated the VLAN Limit but not saved our changes As we are done with our changes we will now Click on Save Changes to save them We are prompted to Restart Equalizing for the updated Pool Limit rule...

Page 40: ...mits View All Traffic Limits Limits By VLAN is the 3rd section of the report Click on any of the dropdown arrows like the one circled in blue below to minimize or maximize any section of the report In our excerpt we show two VLAN Limits 200 and 205 From this report you can navigate back to the Configure Pools and VLANs batch entry by clicking on the dark blue Edit button Configuration File You can...

Page 41: ...otas 6 P2P Traffic Limits 7 Priority Traffic We show an excerpt of the View All Traffic Limits Report here containing two sections 1 P2P Traffic Limits and 2 Priority Traffic We describe each section of the report in more detail under the appropriate section of the User Guide If you want more detail please refer to the section you are interested in by clicking on the link above in our 1 7 list Fro...

Page 42: ...T staff While there are techniques that attempt to validate the incoming requests by sending queries back to the sending IP address for verification these approaches create more traffic on the network Instead of this approach we chose to address the issue by offering DDoS protection via Connection Limits You may also use our DDoS Monitor to assess potential DDoS threats Connection Limits Defined W...

Page 43: ...ualizer Dashboard or Navigation Menu Click on Setup Limit P2P Traffic The Limit P2P Traffic screen opens as shown below In our example we have created two Connection Limit CL rules Limit P2P is a Batch Entry Screen where you can add or edit many rules at once and then save your changes saving you time in the setup process Click on the blue buttons to add entries red x to delete entries circled in ...

Page 44: ...Connection Limit apply to an IP address within that subnet you would need to do the following Set up Connection Limit for an individual IP address 32 Set up Connection Limit for subnet 16 24 etc For example this is NOT allowed as shown in the screen below as the individual connection limit is AFTER the subnet limit CONNECTION 10 1 1 0 24 1600 CONNECTION 10 1 1 45 32 60 You can use the arrow button...

Page 45: ...Host IP address in 11 22 33 44 format TAB to CIDR field On the CIDR field Click on dropdown arrow to select a CIDR value For an individual IP use 32 for a Class B use 16 for a Class C use 24 or any other subnet value from 1 32 If using subnets each IP in the subnet will get the Connection Limit TAB to Connection Limit field Type in a Positive Even Integer TAB off the field to complete your entry Y...

Page 46: ... If you plan to set up a large number of subnet ranged Connection Limits 32 subnet ranges you will need to set several tuning parameters Please see Appendix 5 for detailed instructions Note If you have online gamers on your network you may need to set your Connection Limit as high as sixty 60 to facilitate online game playing Note When you first set up a Connection Limit for an IP address NetEqual...

Page 47: ... on the row that you wish to delete The CL row will disappear To completely remove the CL from the configuration file you need to Click on Save Changes We are now prompted to Restart Equalizing for the Connection Limit rule to be completely removed from the NetEqualizer Configuration Once we Click on Restart Equalizing our CL will be permanently deleted In our example we have clicked on the red x ...

Page 48: ... can also see your Connection Limits in the NetEqualizer Configuration File From the NetEqualizer Dashboard or Navigation Menu Click on RTR Configuration If your configuration file is more than 25 lines you may need to click on the Last button to go to the end of your file as we did in our example below There will be one row for each Connection Limit encompassing both an inbound and outbound limit...

Page 49: ...server or site hosting the training videos Masked Traffic is invisible to the NetEqualizer Typically this is used to exclude local traffic i e a computer talking to a server on your network crossing the NetEqualizer link from being considered for any shaping decisions Defining Priority Traffic back How does NetEqualizer grant priority for IP addresses NetEqualizer recognizes two classes of traffic...

Page 50: ...et This feature is useful if you need to prioritize a section of your network for example a subnet where your video streaming servers are hosted If you use this feature to prioritize an IP or entire subnet and are concerned with these priorities using too much bandwidth we also recommend using Hard Limits to add a hard limit for the IP or subnet so that it does not take an unlimited amount of band...

Page 51: ... them Once saved our Priority Limit rows show no remaining yellow fields as our changes are saved We are now prompted to Restart Equalizing for the updated Priority Limit rules to take effect Once we Click on Restart Equalizing our new Priority Limit settings will be available to the NetEqualizer process Deleting a Priority Limit In order to remove a Priority Limit click on the red x button on the...

Page 52: ... it is talking to another host or subnet that is also registered as a paired mask By design a Paired Mask will cause NetEqualizer to ignore hosts talking to other paired mask hosts while at the same time subject the same hosts to NetEqualizer s bandwidth shaping rules if they make a connection with a server on the Internet Absolute Masks ignore all traffic to or from the masked host or subnet rega...

Page 53: ...sks using VLAN IDs Our new VLAN Masking feature enables you to designate entire local VLANs that you want masked from Equalizing To implement this feature follow the instructions below From the Maintenance and Reference Menu Click on Maintenance Run a Command To create a VLAN Mask also known as VLAN Exclusion Type in sbin brctl vlanexclusion my This will exclude this VLAN ID and store this VLAN in...

Page 54: ...ton on the row that you wish to delete The row will disappear To completely remove the Masked Host from the configuration file you need to Click on Save Changes We are now prompted to Restart Equalizing for the Masked Host rule to be completely removed from the NetEqualizer Configuration Once we Click on Restart Equalizing our Masked Host will be permanently deleted In our example we have clicked ...

Page 55: ...t to see any Masked Hosts that you have configured From this report you can also navigate back to the Configure Priority Traffic or Configured Masked Hosts batch entry by clicking on the dark blue Edit button Configuration File You can also see your Priority Traffic or Masked Hosts in the NetEqualizer Configuration File From the NetEqualizer Dashboard or Navigation Menu Click on RTR Configuration ...

Page 56: ...width usage or if you want to track bandwidth usage over a set time period Manage User Quotas is a standard pre written quota utility imbedded in each system You can quickly plug in IP addresses from the GUI and have a monthly quota enforced right away The GUI Interface enables you to Track user data by IP Specify Quotas and Bandwidth Limits Rules by IP or an entire IP subnet quotas are then appli...

Page 57: ...nd several rules Quota Hard Limit Restrictions are only enforced on Downloads Quota Hard Limit Restrictions are only enforced on downloads Uploads are not restricted This is a simplification that we put in place as 99 percent of problems are download related Hard Limits Interact with Quota If you wish to have BOTH Hard Limits and Quota Rules in place the Hard Limits must be specified at the subnet...

Page 58: ...email per hour to that address containing all violations You will see one email per email address used as your Contact Creating User Quota Rules At the heart of the Professional Quota API are User Quota Rules Above we have created one User Quota Rule Our example would restrict each IP within the subnet to use 1 gigabyte of data over a one 1 week period and then cap each IP at 1Mbps if they exceed ...

Page 59: ...lert Emails please use Manage NetEqualizer Manage Alerts Configure Alert Email to set up your alert emails See Quota Rules Parameters Table for more details Note In 8 4 you must use tab to move between rows If you hit return your data will be cleared This will be fixed in a future release Click on any of the icon to continue adding User Quotas Once you have entered all of your User Quotas Click on...

Page 60: ...0000 1 000 000 000 bytes Do not put commas in the rule Duration Minutes Quota Amount applies for this amount of time duration If the QUOTA amount goes over during that time the restriction will be enforced for the rest of that time period Once the time expires the quota restriction is reset and the time starts over One 1 day would be 1440 24 60 If Quota Amount was set to 2000000 2meg and Duration ...

Page 61: ... Restart the Quota System for our updated User Quota Rules to take effect Click on Restart Quota System for the settings to be available to the Quota process Deleting User Quota Rules In order to remove a User Quota Rule click on the red x button on the row that you wish to delete The User Quota row will disappear In our example we have clicked on the red x next to the 2nd row to delete the User Q...

Page 62: ...s Manage User Quotas The following screen opens Click on Start Quota System You see the following message once the Quota System is started Setting up Quota Email Notifications In order to get email notifications you must set up a valid gmail account to be used to send emails from the Quota System In order to set up an email for notifications Click on Manage NetEqualizer Manage Alerts Configure Ale...

Page 63: ...k on the Quota System Status Indicator or Click on Setup Manage Traffic Limits Manage User Quotas The following screen opens Click on Stop Quota System You see the following message once the Quota System is stopped Viewing User Quotas There are several places in the NetEqualizer where you can view and validate your configuration for User Quotas These reports are useful to confirm that your adds ch...

Page 64: ... like to the quota amounts consumed for each IP from the NetEqualizer Dashboard or Navigation Menu Click on RTR Active Connections View Quota Report The following screen report screen opens Status of All IPs On the View Quota Report you can see where every IP with a Quota Rule defined is against their current Quota Amount This report will display all active IPs involved in Quota accounting It show...

Page 65: ...u Click on Maintenance Manage Firewall The window below opens defaulted to the Start Stop Firewall tab To learn more about setting up MAC redirection Click on Edit Rules File Tab The screen shown below will open Then Click on Sample Firewall Rules circled in blue below This will take you to a webpage with Firewall Samples Click on the links to view the samples You will find examples of setting up ...

Page 66: ...wall our new MACS to Allow will be available to the NetEqualizer Firewall Note Each MAC and associated name or description must be unique To remove a MAC address from your authorized list In order to remove a MAC address from your authorized list click on the red x button on the row that you wish to delete The MAC to Allow row will disappear To completely remove the MAC to Allow from the configura...

Page 67: ...advantage to Quick Edits is that you do NOT need to restart equalizing after making your changes From the NetEqualizer Dashboard or Navigation Menu Click on Setup Perform Quick Edits The following screen opens defaulted to the Hard Limits Tab You can select any of the seven 7 tabs to Add or Delete Rules 1 Hard Limits 2 By Pool 3 By VLAN 4 Masked Hosts 5 User Quotas 6 P2P Traffic or 7 Priority Traf...

Page 68: ...2 for a Class B use 16 for a Class C use 24 or any other subnet value from 1 32 If using subnets each IP in the subnet will get the Hard Limit TAB to Download Mbps Hard Limit field Type in a Positive Number TAB off the field to complete your entry TAB to Upload Mbps Hard Limit field Type in a Positive Number TAB off the field to complete your entry TAB to Burst Factor We recommend that you keep th...

Page 69: ...comes standard in 8 2 shows you some basic metrics on the outside intrusion hit rate into your network It can be used to spot anomalies that would indicate a likely DDoS attack in progress See our detailed blog article on the subject for how this technology works If you decide you need something more proactive to mitigate a DDoS attack we install our DDoS Firewall DFW feature and provide consultin...

Page 70: ...internally or externally 1 inside initiated 2 outside initiated On the DDoS Monitor this should always be 2 Seconds How long the requests have been running in seconds Positive number greater than zero Count The number of times the request has run over the Seconds indicated Positive number greater than zero Rate Number of requests per second during the last second Positive number greater than zero ...

Page 71: ...below RTR also contains the NetEqualizer Log Configuration and Running Processes Active Connections Reports enable you to see what is going on in your network at this moment in order to actively monitor and manage your network usage Active Connections tabular reports are sortable and searchable real time views of all connections or penalties active on the NetEqualizer They also include Lookups by ...

Page 72: ...ic History 2 Traffic History by IP Pool VLAN 3 Top Talkers 4 General Penalty Reports and 5 Export Data Traffic History reports are graphs or tables that show from 10 minutes up to 4 weeks worth of upload and download bandwidth usage or penalties for your entire network Pool VLAN or tracked IP 4 NetEqualizer Log Displays key activity on the NetEqualizer such as limits being applied and penalties be...

Page 73: ... have not focused on until now is making this wealth of data available to our customers in a nice organized usable format With the advent of our 64 bit release 7 0 and a more robust Apache web server we are now able to display this data in real time All data is current as of this second when displayed You can click on Update Data where appropriate to refresh the data From the Dashboard Click on Dy...

Page 74: ...ate Time matches whatever is set for your NetEqualizer in Manage NetEqualizer Configure Date Time Real time Pool Data We also have a bar chart of all the Pools defined on your NetEqualizer Real time Pool Data shows upload and download bandwidth usage for each Pool If no Pools have been defined you will only see the default pool Pool 0 Pool 0 contains your entire network In our graph above we have ...

Page 75: ...ups by IP country DNS rules as well as links to the Traffic by IP Graph To view the Active Connections Reports from RTR Menus Click on Active Connections to open the menu The menu expands to show the options listed at right View Active Connections back The first report Active Connections shows the data streams pairs of IP addresses that are currently live on your network for all IPv4 and IPv6 traf...

Page 76: ...able row SRC Port The source port for this connection DST Port The destination port for this connection the service being requested http FTP etc Wavg A weighted average of total bytes on this connection per second for the last eight seconds Used to determine if the flow is a bandwidth hog over Hog Minimum which defaults to 12000 bytes Avg The average in bytes per second since this IP pair came int...

Page 77: ...ative answer has been found Note You need to use an external IP for this lookup to bring back a value Show All Rules for an IP On the Active Connections Table if I Click on AR All Rules Lookup for the DST IP on Row 1 192 168 1 113 the screen at below opens Show All Rules for an IP enables you to see the rules that have been set up for an individual IP This is great way to determine if an IP has as...

Page 78: ...In this case by IP Address is selected and Value is 192 168 1 113 The traffic shown is in whatever units have been selected under RTR Preferences Traffic by IP Pool VLAN Graph Units In this case I have selected Megabits per second Mbps The graph defaults to 1 hour for the last hour Under Show data for last on the top left you can change the graph to show 10 minutes 30 minutes 12 hours 1 day 1 week...

Page 79: ...en mapped to IPv4 address space This Active Connections table above is now supporting a dual stack Rows where the Ptcl is blank circled in the table above are the IPv6 rows You can also see that the DST IP and SRC IP for these rows are in IPv4 format As of software update 8 2 equalizing is based on the total bandwidth across both sets of addresses and not a separate decision for IPv6 and IPv4 Base...

Page 80: ...dress involved in the connection Ptcl The protocol ICMP TCP IP UDP View Connection Counts back The third report on the Active Connections Menu View Connections Count is used to see if and to what extent P2P traffic is present on your network Use this report to determine if you have IP addresses with unexpectedly high numbers of connections You should also view this report to better understand how ...

Page 81: ...tions used by this IP View Active Penalties back The fourth report on the Active Connections Menu View Active Penalties is used to see equalizing in action This report shows you equalizing in the current moment You will see where equalizing is adding increasing or decreasing penalties on data streams on your network There are three 3 columns New Penalties Increased Penalties and Decreased Penaltie...

Page 82: ...ol you can get a better handle on how busy your network is over time which is useful in capacity planning and also what IPs are consuming your bandwidth From the RTR Dashboard Click on Traffic History The screen at right opens In the Traffic History menu there are currently five 5 reports and two management capabilities In brief General Traffic History enables you to see bandwidth usage for your e...

Page 83: ... know which IPs you would like to track or collect data against We call this tracked IPs To set up your tracked IPs Click on Manage Tracked IP s The screen on the right will come up Type in an IP or subnet that you would like to track Make sure to enter a NEWLINE after each entry Once complete Click on Save Changes to keep your edits or Click on Reset to discard your changes To see which IPs are b...

Page 84: ... RTR Preferences General Traffic Real Time Graph Units You will see the Both radio button selected You can click on Download Upload or Both to change what bandwidth usage is displayed Information and tips above the graph shows you useful information about the data displayed If you want to zoom in on the graph use your browser commands Note By design the graph does not refresh Click on Update Data ...

Page 85: ...t 30 minutes radio button The Traffic by Pool graph is displayed for Pool 3 This graph shows all the traffic for tracked IPs in Pool 3 Note If you did not track an IP that is in Pool 3 the data will not be included here Traffic by Pool Graph By default the Traffic Reports by IP Pool VLAN show data in kilobytes per second KBps for the last hour You can use the RTR Preferences menu to change the uni...

Page 86: ...to 4 weeks and can view the graphs in megabytes MBps or megabits Mbps The graph will use whatever units you have selected in RTR Preferences General Traffic Real Time Graph Units You will see the Both radio button selected You can click on Download Upload or Both to change what bandwidth usage is displayed Information and tips above the graph shows you useful information about the data displayed I...

Page 87: ...r General Traffic Data the data used for the General Traffic History and General Penalty graphs will be deleted from graphs and storage General Traffic data will restart collection When you click on Clear IP Traffic Databases the IP tracking data used for Traffic by IP Pool VLAN graphs Top Talkers and Export Data will be deleted from the graphs and storage IP tracking data will restart collection ...

Page 88: ... which gives your hour by hour data from in bytes second 3 General Penalty data which gives you minute by minute count of penalties over 4 weeks View NetEqualizer Log back The NetEqualizer Log File contains a record of the actions of the NetEqualizer It displays key activity on the NetEqualizer such as limits being applied and penalties being added or removed It is viewable from two menus in the N...

Page 89: ...tional purposes only Not actual penalties Sample NetEqualizer Log Traffic Up and Down Approximately every twenty seconds the NetEqualizer Log will contain a date and time stamped entry for Traffic Up outbound and Traffic Down inbound This is instantaneous bytes per second of traffic in each direction flowing on your network The default pool 0 entire network trunk will always be displayed If VLANs ...

Page 90: ...00 displayed for up and down as well In our sample NetEqualizer Log the 2nd line shows a penalty threshold Note PENALTY_THRESHOLD lines are NOT actual penalties being applied to your network View the Entire NetEqualizer Log or the Previous Log While we do not suggest using the log to decide if someone or something is being a bandwidth hog there may be times where you want to view it in its entiret...

Page 91: ...alizer Log You can also see all your traffic limits connection limits P2P priorities and masks The lines that start with TRACK show the subnets that are being tracked for the IP level traffic reports In the example below you can see on Line 29 that I am tracking the 192 168 1 1 24 subnet Running Processes back View this report to check out what processes are running on your NetEqualizer Use this r...

Page 92: ... is also documented in the Start RTR section of Traffic History From the RTR Menus Click on Start Stop RTR and then Click on Start RTR to turn on Traffic History reporting Once you have turned on traffic reporting the System Status first line will be green and say Traffic History Reporting is currently ON circled above Autostart RTR back If you would like RTR to automatically start upon reboot so ...

Page 93: ... alerts To set up an email address to send alerts to From the Management and Reporting menu Click on Manage Alerts Configure Email Fill out the eight 8 fields which are used to populate each email notification as follows type in a valid SMTP Server Port Authentication Secure Transfer Username Password From email address and From Name that you would like used for the alert emails You will need to s...

Page 94: ...mail yourdomain com From Name Name FROM for all emails Blank Configure Alerts back Once you have set up your email server you can select events to be notified on and the notification period which is the amount of time between alert emails To select events and set your notification period Click on Manage Alerts Configure Alerts The following screen opens Simply select any number of events from 1 to...

Page 95: ...t all times you can put two NetEqualizers in your network in active passive mode NetEqualizer is designed to fail closed meaning that network traffic will not pass through the unit if it goes down You can set up redundancy across your two 2 NetEqualizers in one of two ways as described below Your network setup should look something like this You may have a firewall or smart switches and the actual...

Page 96: ... this example Second on each of the NetEqualizers from the Maintenance and Reference Menu Click on Maintenance Edit Autostart File Edit Type in the following two lines at the bottom of the file sbin brctl stp br0 on sbin brctl stp my on Finally for STP to take effect reboot each of the NetEqualizer s From the Maintenance and Reference Menu Click on Maintenance Reboot NetEqualizer Note Under this s...

Page 97: ...on Click on Save Configuration Save the NetEq cfg file to a backup location Getting Software Updates for the NetEqualizer We release Software Updates typically two 2 times per year All customers that have current NSS contracts are eligible to receive Software Updates If you are not sure if you are current on NSS contact us at admin apconnections net or 303 997 1300 option 5 To get the latest Softw...

Page 98: ... your CFs Please be aware that when you replace the CF you replace every file and setting as this is no different than putting a new hard drive into a system and removing the old one In order to not lose your custom changes you will need to retain the following files Save off your Custom Configuration NetEq cfg file You need to first save off your existing configuration file NetEq cfg and then rep...

Page 99: ...your re flashed CF card you will need to re enter your Final Key restore your NetEq cfg file copy back in your Autostart File and copy back in any shell script files The instructions that you receive from Support will walk you through this process in detail Note Support will send detailed instructions to walk you through re flashing or replacing the Compact Flash card ...

Page 100: ... no traffic back If you have set up pools and your cables are reversed you will see no traffic flowing though your pools The remedy will be to swap your LAN and WAN cables Review the diagram below to identify the WAN and LAN ports Once you swap cables you will need to one of the following 1 reboot your box or 2 restart the equalizing process 1 To reboot your box From the Maintenance and Reference ...

Page 101: ... and email to support apconnections net errors like can t read disk sector or out of memory or Duplicate IP Ideally you should not reboot the NetEqualizer as that will clear out the NetEqualizer Log File although we do save the previous version to a bak file I would like to check my NetEqualizer Log back The NetEqualizer Log File contains a record of the actions of the NetEqualizer Here we highlig...

Page 102: ...ommand The following window opens You can either enter a Command in the text box or scroll down to see Common Commands see List of Common Commands Table below and run any of them by clicking on the associated button Note You cannot run any command that requires user input List of Common Commands Command Description Date To get the current date and time shutdown h now To shutdown the NetEqualizer u...

Page 103: ...sily tell which NetEqualizer you are administering From the Maintenance and Reference menu Click on Maintenance Edit Any Text File To open the config file type in etc arbdefault conf Go to the NAME parameter line in the file and change whatever is listed after the equal sign to what you want to call this NetEqualizer For example if you decided to name by location you might have a NAME BoulderNetEQ...

Page 104: ... only 46098 was achieved 45 of expected bandwidth If this test was run during peak hours either your pipe is not saturated or you would contact your bandwidth provider to find out why you are not able to access all of your promised bandwidth Click on Back Arrow to return to Run a Command and then Close the window To stop the process you run the following From the Maintenance and Reference menu Cli...

Page 105: ...k on the link to go to the PENALTY_UNIT section of this document where we offer detailed recommendations on tuning PENALTY_UNIT How to Monitor Bandwidth Hogs back Below is a step by step process to create a new script that will just show you network connections over Hog Minimum HOGMIN This does not mean that they are currently being penalized because the script doesn t know if you are in a penalty...

Page 106: ...ol n x sbin brctl getbrain my 0 grep v Wavg foreach line x chomp line specials split line if specials 5 hogmin print specials 1 specials 2 specials 3 specials 4 specials 5 specials 6 specials 7 specials 8 specials 9 n Click on Post Changes to save changes On the next screen you will see Your request is complete Click on Maintenance Run a Command Type in art showhogs All connections over Hog Minimu...

Page 107: ...0Mbps 1Gbps 1 0 1Gbps 2 0 Default of 0 5Mbps 500 kbps is set so that VoIP email web based applications web surfing and chat is below Hog Minimum Equalizing Rules DEFAULT_RULES On Off toggle On Leave at Default of on Must be On for Equalizing to kick in Turn off during installation if you want to run throughput tests Additional Equalizing Parameters Maximum Penalty MAX_PENALTY Hundredths of seconds...

Page 108: ...u Click on Maintenance Run a Command to run the following commands To see if your ports are dropping packets or having collisions run sbin ifconfig To see what your ports details are run the following commands usr sbin ethtool eth0 and usr sbin ethtool eth1 You can also run these commands by clicking on To get the current connection speed of the network interfaces button To Set Your Port Speed and...

Page 109: ...s root using the default password unless you changed it previously From vi or nano You can also use nano or vi to edit the art autostart file Start your editor by typing in the following nano w art autostart The command is formatted as follows ethtool s DEVNAME speed 10 100 1000 duplex half full autoneg on off At the very bottom of art autostart put in your new command lines such as usr sbin ethto...

Page 110: ... be done the how is not addressed to any level of detail to which we can engineer our solution We believe that the law and specifications on how to deliver to a law enforcement agency are somewhat ambiguous The FBI has created some detailed specifications but the reality is that there are some 40 000 law enforcement agencies and they are each given autonomy on how they receive data We do provide s...

Page 111: ...l Netcat can be piped to a file using the and like any other command Step 2 Setting up the NetEqualizer to Capture Packets To set up packet capturing on the NetEqualizer From the Management and Reporting Menu Click on Manage Packet Capture Manage Packet Capture Fill in the fields and scroll down to Click on Start Packet Capture As packet capturing takes up both memory and CPU on the NetEqualizer w...

Page 112: ...c can be accessed from cache or accessed from the Internet and equalized as needed NCO caches all port 80 traffic file sizes from 2MB to 40MB including YouTube videos Any type of static content that is frequently accessed will benefit from caching To get a good overview of this feature read our Caching Executive Whitepaper To deepen your knowledge and better understand the technical details please...

Page 113: ...r Set_Max_Table_Size Parameter The tuning parameter set_max_table_size is used to increase the number of subnet range definitions possible from the default of 32 up to a maximum of 128 To set this parameter go to the Maintenance and Reference Menu Click on Maintenance Run a Command Type in sbin brctl set_max_table_size my XX Replace XX with the number of subnet ranged entities that you want to sup...

Page 114: ...top is off if the button is OFF RED If the ntop process is ON GREEN Click on View Historical Reports Start Stop ntop and stop ntop Set Time Zone You should also set your time zone for the NetEqualizer Note This does NOT need to be added to the autostart file or the cron job 1 Login to your NetEqualizer console with the default root account credentials Log into the unit with SSH or via a keyboard a...

Page 115: ...is complete 6 Click on Maintenance Run a Command Type in crontab root crontab Blank screen will come up when command is processed Click on Back Arrow to return to Run a Command and then close the window 7 To have the sync persist upon reboot you must add this to the AutoStart file as well Click on Maintenance Edit Autostart File Type in crontab root crontab on a new line right ABOVE the line that ...

Page 116: ...Note The NetEqualizer has a bridging firewall installed so the FORWARD table is used for rules affecting things going through the unit INPUT and OUTPUT tables are used to protect the unit itself Sample file Description firewallprotectneteq txt How to protect the NetEqualizer unit from unauthorized access howtodroppacketsfromthisorthat txt How to drop packets by IP or PORT or MAC address going thro...

Page 117: ... Directory Integration NDI Once set up NDI software itself is covered under NSS to get future releases you will need to be current on your NSS Check our price list for details on the NDI activation charge Setting up NetEqualizer Directory Integration Level 1 NDI Level 1 consists of a generic API that can be used by customers once they implement a function on their domain controller DC server Once ...

Page 118: ... takes an argument of an IP address and then returns one parameter username Return value should be either a clean username or unknown if the IP address cannot be found ARG2 text file directory_ip_list directory_ip_list is the text file that you created above which contains the IP subnets to use when looking up usernames The fully qualified command art usernames2 http server script directory_ip_lis...

Page 119: ... Once Named Quotas are in place quota reporting will now status bandwidth usage by username instead of IP 1 Make sure that the NDI API usernames2 is running from 2 above 2 Your back end Domain Controller server must be set up from 1 above 3 You must be on Software Update 7 0 In order to work with the quota commands you must first start the Quota System If not started the other commands will return...

Page 120: ... Reserved version 8 4 Notes When you make this call for one username make sure that you put the username in quotes like Patricia O Hodge so that it see the username as one argument Note As a reminder Quota Usage data is not persistent on a restart of the quota process or the equalizing process It also does not persist upon a machine reboot ...