Review: Bye Bye Network Jams
Traffic management and service management are becoming critical IT functions. PacketLogic from Procera Networks Inc., Los Gatos, Calif., is one of the best network traffic tools on the market for helping companies rein in network abusers.
Immediately after PacketLogic is placed on a network, data starts to appear in the appliance's user interface. Once administrators select and study the packets, they can block them, filter them and give them bandwidth priority for quality of service using other devices. Administrators can run statistical reports within an hour of deploying the appliance.
PacketLogic uses what the vendor calls deep flow inspection to collect network data. Deep flow inspection is one level deeper than deep packet inspection. The technology does a complete handshake between devices, looking at all traffic.
PacketLogic's deep flow inspection technology is driven by a proprietary data stream recognition definition language (DRDL) that is capable of reading an entire Layer 7 stack. The appliance divides its functions into modules, so its architecture is easy to control. The surveillance module is the only required program and arrives with the DRDL engine. Companies can just buy the surveillance module if they have other tools for collecting and analyzing data.
PacketLogic's filtering module looks for high-level traffic that cannot be correlated to devices. This traffic is usually made up of non-established connections that absorb bandwidth immediately and come from a single or just a couple of external IP addresses. Once the anomalous traffic is detected, administrators can take action by squeezing down the bandwidth to reduce its spreading to the rest of a network.
PacketLogic supports centralized management through a client application. The CRN Test Center looked at Procera's test network in Europe with the client software. With this architecture, a single administrator can manage using one device as a primary appliance while the others can be managed as subordinates. By navigating to the local host servers, administrators can view all the traffic on a network. Clicking on an upload section sorts the hosts and IP addresses, allowing administrators to quickly see the addresses that are taking up the most bandwidth. By double-clicking on an IP address, PacketLogic's client selects the machine and immediately shows its TCP and UDP status. Here, the power of PacketLogic comes alive. The appliance detects applications that are hogging bandwidth, including the ports used by the applications.
The BitTorrent client was the most popular peer-to-peer application used on the test network, which some users abused by keeping it alive all of the time. In addition, PacketLogic is capable of detecting Skype, ordinary HTTP traffic and many other services. Further drilling down on an IP address can tell administrators something about each port that is being used.
PacketLogic has some of the most dynamic and comprehensive reports the CRN Test Center has seen for monitoring network traffic. The company updates PacketLogic's signatures on a regular basis, which is crucial for maintaining accurate detection.
Procera offers partners margins between 20 percent and 30 percent. It also provides sales training through a two-tier program. Technical training is offered within three months of joining a program. Technical support is available via Internet relay chat, phone and e-mail.