Open source and Exinda
These days, it is foolhardy for a conscientious IT manager not to consider open-source alternatives when in need of a tool, particularly one that will be invisible to users. Unfortunately, most of the community developed applications currently available, like the popular firewall IPCop, are limited to shaping traffic by port. The few tools available that can analyze packets at layer 7-iPP2P and L7-Filter, for example-require you to manually edit config files and tables of filters, and muck about in the kernel. Besides the usability issues, such an approach places the onus of managing the library of application signatures on your already overworked IT manager. What she needs instead is a small, relatively inexpensive appliance with a friendly Web browser interface and an available subscription for support and signature updates.
Exinda Networks is a relative newcomer to the packet-shaping/WAN acceleration market, and has one of the lowest-priced appliances in the market today. Exinda's x700 series is focused on packet-shaping and QOS management, while the x800 line adds application acceleration features. Exinda's 1700 is the company's entry-level appliance, about the size of a small Ethernet switch. It sports one WAN and four LAN 10/100baseT ports. Available in 2Mbps and 10Mbps versions, this model is appropriate for a small office with no more than 50 users.
The first step, after a brief setup via the built-in Web server, is to insert the device in monitor-only mode between your router and your firewall. Once you accumulate several days' worth of data, you can use the very friendly Web interface to look at your overall traffic patterns by type of application, URLs, hosts and conversations, and easily drill down to pinpoint issues.
The next step is to configure priority and QOS rules to manage your Internet data flows. Priority rules allow you to give preferential treatment to packets that require low latency, such as VOIP; QOS policies let you protect bandwidth for critical applications such as e-mail or access to hosted services. The device is smart enough to expand the bandwidth allotted to other applications, such as Web browsing, when critical applications are not using it, and then throttling Web browsing back to free up space for the apps identified as critical. You can also set up rules to completely discard packets from any application you want to ban from your network such as P2P traffic.