JANET Bandwidth Management Advisory Service

BMAS Home | About BMAS | Bandwidth Management | Technology Papers and Guidance | Product Evaluations | Calls for Partipation

Allot NetEnforcer Overview
Allot is an Israeli based company that was started in 1997.  It now has offices worldwide including Singapore, the US and the UK.  They offer a wide selection of hardware and software network solutions that provide bandwidth management and network monitoring/accounting.  Their most prominent product is the NetEnforcer which is available to high and low bandwidth users and offers a simple solution to bandwidth management through prioritisation, limiting and shaping.

Installation and Configuration

The NetEnforcer we used for testing in our lab was a 1U rack mounted box (the higher end boxes are 2U).  The rear has a standard power input, a serial connection for the initial setup of the unit and a backup port.

(Click image to enlarge)

The front of the unit has a selection of ports alongside an LCD panel with navigation buttons.  The ports are a console port that can be used for the basic configuration of the box, a management port that can be used to access the unit's web interface without interfering with the main network traffic, and in and out ports for placing the NetEnforcer inline on your network.

The LCD panel and navigation buttons can be used to carry out a lot of tasks on the NetEnforcer, but it is rather impractical to do so, and it is there more as a facility to make a quick change whilst stood at the NetEnforcer.  Once up and running, the LCD panel will display live data about the amount of bandwidth currently in use.

(Click image to enlarge)

Using the NetEnforcer

Web Interface

To access the NetEnforcer through its web interface you will need to have a Java enabled web browser.  There is no software installation required, which means you can administer your NetEnforcer from anywhere with an internet connection.

Getting the NetEnforcer to start managing bandwidth is a very quick process thanks to the built in 'NetWizard'.  This wizard will spend short time looking at the traffic traversing the network and categorising it.  Once it has enough data you will then be able to select each protocol individually and assign it a policy, such as limiting its bandwidth or giving it priority over other traffic types.  The NetWizard is an invaluable tool as it gives network managers a fantastic overview of what is really going across their network - many network managers usually get quite a surprise.  The NetWizard is also not just for use once.  It can be re-run as many times as you feel necessary, and any protocols that appear after the wizard has run will also be recognised, so don't feel it needs to be used to catch new traffic.

(Click image to enlarge)

All the non bandwidth management administration such as network settings and registration keys are handled in the below screen.  There are many tabs that control different sections of the unit including DDoS support, VLAN configuration and accounting.  Note that accounting on the NetEnforcer is an optional upgrade that does not come as standard.

(Click image to enlarge)

The page that will certainly get the most use on the NetEnforcer is the following one.  It is called 'My Favourite View' and it is fully customisable to what the administrator wants to see.  The administrator can pick and choose what data is on this page and how it should be arranged.  Once happy, the administrator can tell the NetEnforcer to remember the layout and each time the administrator logs in, that page will show. This gives the opportunity to have a complete view of how well the NetEnforcer and network are running and what protocols are currently being used.  The data presented here is shown in near real-time which means any changes to policies can be seen in graphical form almost immediately.  The screenshot below only shows 2 protocols currently being used - if you wish to see an example with more protocols in use, there are many screenshots available on the Allot website .

Many of the graphs also have extra features which can be accessed by right clicking and 'drilling down' into them.  This can provide data such as which clients are using the most bandwidth in a certain protocol or how many packets are being dropped due to congestion.

(Click image to enlarge)

Once the wizard has been run you can modify the policies in a variety of ways.  Using the NetEnforcer does require the learning of a few terms, but after a week or so of use you will feel quite comfortable with the way Allot have decided to lay out their data.

The traffic handled by the NetEnforcer is split into what Allot call 'pipes' and 'virtual channels'.  You can specify which pipes and virtual channels you want, with each pipe containing one or more virtual channels.  Each virtual channel is then defined by the rules within it.  One example would be to have within the main Fallback pipe a virtual channel called P2P.  Inside the virtual channel would be a rule for each of the P2P applications you wish to limit.  Once all the rules have been added you can then use the policy editor to decide what quality of service it should receive or if it should even be allowed at all.  Although this sounds complicated and long winded, it is much easier and quicker when actually carried out through the interface.

(Click image to enlarge)

Below is a screenshot of the page that is used to set a virtual channel's quality of service.  There are many options for setting upper and lower bandwidth limits, plus burst limits.  The NetEnforcer also supports the use of ToS (Type of Service) marking, which could be used if the network is currently already employing a QoS strategy on different hardware.

(Click image to enlarge)

Command Line Interface

The CLI is very similar in approach to the Packeteer PacketShaper .  It allows you to carry out all the tasks that can be done through the web interface, plus you can carry out some more high end task that would be more useful if/when you use the technical support.

Users familiar with a CLI will find the commands all very familiar, with many standard Linux based commands being available in addition to the NetEnforcer specific commands.

Good Practise

When using the NetEnforcer it is very advisable to become familiar with the terms used by Allot such as 'pipes' and 'virtual channels'.  Once these concepts are understood, the administration of the box becomes a very easy task.  It would also be useful to run the NetWizard as this takes time off getting the basic rules in place when the box is first installed.

The main piece of advice with any appliance such as this would be to arrange a trial alongside other similar products to see which answers your needs most.  Many people really like the Java interface of the NetEnforcer whilst others may prefer the cleaner, though static, interface of the Packeteer.  Only a hands-on test of the products can tell you which will suit you best.

Conclusions

The NetEnforcer does exactly what it sets out to achieve.  If you either want better visibility of your network or to gain more control of its uses, the NetEnforcer should be on your consideration list.  The after sales support available was found to be very knowledgeable and eager to help, with the Allot staff taking on board any suggestions in order for them to continually improve their product.

Links

If you are interested in the NetEnforcer and would like more information or to request a trial of an Allot product either email BMAS or follow one of these links:

Allot - http://www.allot.com
NetEnforcer - http://www.allot.com/pages/product_content.asp?intGlobalId=6
NetEnforcer Data Sheet - http://www.allot.com/media/pages/NetEnforcer%20DS%20EN%20D240002.pdf
Online NetEnforcer Demo - http://www.allot.com/pages/demo.asp
CyberProtect (reseller) - http://www.cyberprotect.co.uk