`Packeteer’s PacketShaper product line enables organizations to control application performance and WAN costs. The PacketShaper/ISP
`product line enables providers of managed bandwidth services to provision and manage customized IP services. Brief, technical feature
`descriptions follow, divided into categories. If you’d like more complete introductions, consult PacketShaper’s technical product
`overviews, “Four Steps to Application Performance” or “Innovative Bandwidth Farming.”
`
`Feature
`Traffic Categorization
`
`Layer-Seven
`Classification
`
`Classification Features
`Description
`Classify traffic by application, protocol,
`port number, URL or wildcard, host
`name, LDAP host lists, Diffserv setting,
`MPLS labels, IP precedence bits, IP or
`MAC address, subnet, travel direction
`(inbound/outbound), source, destination,
`host speed range, Mime type, web
`browser, Oracle database, Citrix
`published application, Citrix ICA
`priority tagging, VLAN varieties, and
`more.
`Detect dynamic port assignments, track
`transactions with migrating port
`assignments, and even differentiate
`among different applications using the
`same port
`
`Examples
`SAP traffic to/from a specific server
`•
`• Oracle traffic referencing the Sales database
`• Web traffic to your e-commerce website from
`those using a Netscape Navigator browser
`• WindowsMedia
`Traffic with an MPLS label of 9
`•
`Print traffic from MS Word running over Citrix
`•
`with an MPLS label of 5.
`
`Traffic requiring layer-seven classification technology:
`• MP3 music downloads
`Passive FTP
`•
`PeopleSoft running on Citrix
`•
`
`
`Application Discovery Chart, Partial List
`Applications and protocols PacketShaper automatically detects, identifies, and classifies include:
`
`Client/Server
`CORBA
`Folding@Home
`FIX (Finance)
`Java Rmt Mthd
`MATIP (Airline)
`MeetingMaker
`NetIQ AppMngr
`OpenConnect JCP
`SunRPC (dyn port)
`
`ERP
`Baan
`JavaClient
`JD Edwards
`Oracle (7,8,9i)
`SAP
`
`Internet
`ActiveX
`FTP, Passive FTP
`Gopher
`IP, IPIP, UDP, TCP
`IPv6
`IRC
`Mime type
`NNTP
`SSHTCP
`SSL
`TFTP
`UUCP
`URL
`Web browser
`
`Database
`FileMaker Pro
`MS SQL
`Oracle 7/8i
`Progress
`
`Directory
`Services
`CRS
`DHCP
`DNS
`DPA
`Finger
`Ident
`Kerberos
`LDAP
`RADIUS
`TACACS
`WINS
`whois
`
`E-mail,
`Collaboration
`Biff
`cc:MAIL
`IMAP
`LotusNotes MSSQ
`Microsoft DCOM
` (MS Exchange)
`Novell
` GroupWise
`POP3
`Kerberos
`SMTP
`
`File Server
`AFS
`CVSup
`Lockd
`NetBIOS-IP
`NFS
`Novell
` NetWare5
`
`Games
`Asheron’s Call
`Battle.net
`Diablo II
`Doom
`EverQuest
`Kali
`Half-Life
`MSN Zone
`Quake I, II, & III
`Tribes I,II
`Unreal
`Yahoo! Games
`
`Host Access
`ATSTCP
`Attachmate
` SHARESUDP
`Persoft Persona
`SMTBF
`TN3270
`TN5250
`
`Legacy LAN
`and Non-IP
`AFP
`AppleTalk
`DECnet
`IPX
`FNA
`LAT
`NetBEUI
`MOP-DL/RC
`PPPoE
`SNA
`
`Messaging
`AOL Instant Msging
`ICQ Chat
`MSN Messenger
`Yahoo! Messenger
`Internet Relay Chat
`
`Misc
`Time Server
`Date-Time
`
`Multi-Media
`Multi-cast
` NetShow
`NetMeeting
`QuickTime
`RTP
`Real Audio
`Streamworks
`RTSP
`MPEG
`ST2
`SHOUTcast
`WebEx
`WindowsMedia
`
`
`Music P2P
`Aimster
`AudioGalaxy
`DirectConntect
`eDonkey2000
`Gnutella
`Groove
`Hotline
`Imesh
`KaZaA
`Napster
`Scour
`Tripnosis
`
`Network
`Management
`Cisco Discovery
`ICMP by
` packet type
`Microsoft SMS
`NTP
`RSVP
`SNMP
`SYSLOG
`
`LPR
`IPP
`TN5250p
`TN3287
`
`Push
`Backweb
`EntryPoint
`Marimba
`PointCast
`
`Routing
`AURP
`BGP
`CBT
`DRP
`EGP
`EIGRP
`IGMP
`IGP
`MPLS (+tag, +app)
`OSPF
`PIM
`RARP
`RIP
`Spanning Tree
`VLAN (802.1q/p)
`
`Security
`Protocol
`DLS
`DPA
`GRE
`IPSEC
`ISAKMP/IKE
` key exchange
`L2TP
`PPTP
`SOCKS Proxy
`
`Session
`REXEC
`rlogin
`rsh
`Telnet
`Timbuktu
`VNC
`Xwindows
`
`Thin Client or
`Server Based
`Citrix
` Published Apps
` and VideoFrame
`RDP/Terminal
` Server
`
`Voice over IP
`Clarent
`CUSeeMe
`Dialpad
`H.323
`I-Phone
`MCK Commun.
`Micom VIP
`RTP
`RTCP
`T.120
`VDOPhone
`
`
`
`
`Packeteer, Inc.
`
`
`
`1
`
`Cloudflare - Exhibit 1017, page 1
`
`
`
`
`
`Feature
`Response-Time
`Management
`(not available in
`PS/ISP)
`
`Analysis and Reporting Features
`Description
`Gain access to performance statistics, threshold
`monitoring, high-level problem indicators, and
`performance graphs. Divide response times into
`components for time spent on the server, on the
`network, or on a portion of the network. Identify
`the clients and servers with the slowest
`performance.
`
`Examples
`• Microsoft Exchange response times:
`Total Delay: 630 ms
`Server Delay: 210 ms
`Network Delay: 420 ms
`• MS Exchange, later:
`Total Delay: 2230 ms
`Server Delay: 190 ms
`Network Delay: 2040 ms
`• Other features help isolate the cause of the jump
`in network delay and prevent future occurrences.
`Top Talkers for http: yahoo.com, nasdaq.com,
`cnn.com, and espn.com
`Top Listeners for http:
`CfoPC, VpMarketingPC, DirEngineeringPC
`99 percent of JD Edwards transactions should
`have end-to-end response times of less than
`1100 milliseconds.
`• Actual average response time is 867
`milliseconds.
`• But only 97 percent of transactions complete
`within limits, so SLA is in violation.
`12 percent of bandwidth goes to retransmissions
`The rate jumps to 37 percent for Oracle 8i
`traffic.
`The rate jumps to 78 percent for the Oracle
`traffic to a specific (and overburdened) server.
`
`•
`
`•
`
`•
`
`•
`•
`
`•
`
`Top Talkers and
`Top Listeners
`
`Answer your questions about who generates the
`most traffic or who receives the most traffic of a
`certain type.
`
`Service-Level
`Agreements
`(not available in
`PS/ISP)
`
`Network
`Efficiency and
`TCP Health
`
`Top Ten
`
`Set response-time commitments in milliseconds.
`Measure and track service-level compliance.
`
`Expose hidden network inefficiencies:
`Calculate the percentage of bandwidth wasted by
`retransmissions. Correlate dropped packets with
`their corresponding applications, servers, or URLs.
`Compare the number of TCP connections that were
`started, aborted, and ignored or refused by the
`server. Group connection or retransmission
`statistics for a link, partition, or traffic class.
`Zero in on the traffic types that are generating the
`most traffic. Top Ten is part of PacketShaper’s
`easy-access features that help new users spot
`trouble and fix it -- quickly and without a big
`learning curve.
`
`
`Host Accounting Track historical usage levels for each IP address
`and retrieve statistics summed for each user, host
`list, or subnet. If you import this data into a tool
`such as MS Excel, you can sort the results, yielding
`top users, or even a fully ranked list of users from
`top to bottom.
`
`46 percent of bandwidth goes to web browsing
`22 percent of bandwidth goes to music downloads
`12 percent goes to MS Exchange
`07 percent goes to SAP
`… and so on.
`
`
`• Departmental usage figures (Human Resources
`uses this much and Marketing uses that much)
`Per-user usage figures.
`Per-group usage (roll-ups of individual usage
`figures into grouped totals)
`
`•
`•
`
`
`
`Packeteer, Inc.
`
`
`
`2
`
`Cloudflare - Exhibit 1017, page 2
`
`
`
`Metrics
`
`Graphs
`
`
`
`
`
`
`Track over 50 metrics. Most can apply to all traffic or to just a portion, such as one application or a
`particular group of users. Metrics can reflect a flexible time interval.
`Throughput in units of bytes, packets, transactions, connections
`•
`• Byte throughput for any traffic class: counts, averages, and peaks
`Throughput counts for any IP address, host list, subnet
`•
`• Counts and percentages of TCP connections that were denied by a policy, denied because of resource
`contention, ignored by servers, aborted by users, refused by servers
`• Counts and percentages of retransmitted, received, tossed, dropped, and good TCP packets
`• Number of HTTP response messages with 2xx success codes, 3xx redirection codes, 4xx client error
`codes, and 5xx server error codes.
`Largest number of simultaneous TCP connections
`•
`• Connection-speed and packet-size histogram data for profiling users
`• Histograms, medians, and averages for components of transaction response time: network delay, server
`delay, total delay, round-trip time, and normalized network delay
`• Counts and percentages of transactions that satisfied (or did not satisfy) performance requirements
`Time intervals within service-level compliance
`•
`Time intervals that a service was unavailable
`•
`Top applications, URLs, users; worst performing clients and servers
`•
`• Number of users per dynamic partition, using dynamic partitions, and denied access to dynamic
`partitions
`• Counts of traffic flows that were blocked after exceeding a configurable flow limit (suspected DoS
`attack involvement)
`• Numbers of software licenses allowed and in use
`Examine graphs describing current or historical network and application behavior. Apply graphs to the
`whole link or to just one portion such as one application or URL.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Packeteer, Inc.
`
`
`
`3
`
`Cloudflare - Exhibit 1017, page 3
`
`
`
`QoS and Performance-Control Features
`Description
`Examples
`Limit Music downloads to 128 Kbps of a
`Protect or cap all the traffic in one class with a
`T1 WAN link.
`partition. You specify the size of the reserved virtual
`link, choose if it can exceed that size (called
`• Reserve a minimum of 20 percent of the
`bursting), and optionally cap its growth. Partitions
`WAN link for Microsoft Exchange. Allow
`function like frame relay PVCs, but with the added
`Exchange to exceed the minimum, but cap
`important benefits that they cost less and they share
`it at 60 percent of the link.
`unused bandwidth with other traffic.
`Create per-user subpartitions dynamically, as
`needed, when users initiate traffic of a given class.
`When the maximum number of subpartitions is
`reached, an inactive slot is released for each new
`active user. As always, unused bandwidth is
`available to others.
`Keep greedy traffic sessions in line or protect
`latency-sensitive sessions with a rate policy. Deliver
`a minimum rate (perhaps zero) for each individual
`session of traffic, allow that session prioritized
`access to excess bandwidth, and set a limit on the
`total bandwidth it can use.
`Priority policies allocate bandwidth based on a
`priority, 0 to 7. The priorities determine how pro-
`rated bandwidth allocation is scaled.
`
`Feature
`Partitions
`
`Dynamic Per-User
`Partitions
`
`Rate Policies
`
`Priority Policies
`
`Discard Policies
`
`Discard policies intentionally block traffic. The
`packets are simply tossed and no feedback is sent
`back to the sender.
`
`Never-Admit
`Policies
`
`Ignore Policies
`
`Easy Config
`
`Never-Admit policies are similar to discard policies
`except that the policy informs the sender of the
`block.
`Ignore policies simply pass traffic on, not applying
`any bandwidth management at all.
`
`Instead of creating policies and partitions
`yourself, let PacketShaper do it for you. Assign
`your applications to categories, such as
`MissionCritical. PacketShaper automatically
`creates appropriate partitions and policies. This
`is an optional feature.
`
`•
`
`•
`
`Each dormitory student gets a minimum of
`20 Kbps and a maximum of 60 Kbps to use
`in any way they wish. No tedious per-user
`configuration required.
`
`• Reserve precisely 21 Kbps for each VoIP
`session to avoid jitter and static.
`• Cap each FTP download at 28 Kbps.
`
`•
`
`Protect Telnet, which has small but latency-
`sensitive flows, with a priority of 6.
`• Give games such as Doom and Quake a
`priority of 0 on a business network. People
`can play if the network is not otherwise
`busy.
`• Discard traffic from websites with
`questionable content.
`• Block attempts to Telnet into your site.
`• Block external FTP requests to your internal
`FTP server.
`Redirect music enthusiasts to a webpage
`explaining that streaming audio is allowed only
`between 10:00 p.m. and 6:00 a.m.
`Let any traffic pass unmanaged that is going to a
`destination that is not on the other side of the
`managed WAN access link.
`
`
`
`
`
`Applications
`SAP
`Oracle
`Customers’ web
`Internal web
`MS Exchange
`Email, FTP
`Gnutella, Imesh
`Internet Radio
`
`Assignment
`MissionCritical
`MissionCritical
`MissionCritical
`Average
`Average
`LowPriority
`Prohibited
`Prohibited
`
`
`
`Packeteer, Inc.
`
`
`
`4
`
`Cloudflare - Exhibit 1017, page 4
`
`
`
`TCP Rate Control
`
`TCP Autobaud
`
`Overcome TCP’s shortcomings with Packeteer’s
`TCP rate control. It proactively prevents congestion
`on both inbound and outbound flows. It tells the end
`stations to slow down—it's no use sending packets
`any faster because they will be accepted only at a
`particular rate once they arrive. Rather than
`discarding packets from a congested queue, TCP rate
`control paces packets to prevent congestion. It forces
`a smooth, even flow rate that maximizes throughput.
`
`Detect the connection speed of the client or server at
`the other end of the connection or on the other side
`of the Internet. This automatic speed-detection
`mechanism can adjust bandwidth management even
`as bandwidth conditions vary.
`
`Admission Control Decide how to handle additional sessions during
`bandwidth shortages: deny access, squeeze in
`another user, or, for web requests, redirect the
`request.
`
`Denial-of-Service
`Attack Avoidance
`
`MPLS Support
`
`Don’t be an assailant: Avoid being an unwilling
`participant (so-called launch pad) in a DoS attack.
`Don’t be a target: Detect and stop SYN floods or
`similar DoS attacks.
`Add to the performance gains possible with MPLS
`alone. Attend to some of MPLS’ administrative
`overhead. Add layer-7 application awareness to
`MPLS installations.
`Classify traffic based on MPLS labels, tag an
`application’s unlabelled traffic, swap or remove
`labels.
`
`•
`
`Packeteer’s TCP rate control has four key steps:
`1. Measure network latency
`2. Forecast packet inter-arrival times
`3. Adjust window size according to latency
`and forecast
`4. Meter the acknowledgement stream to
`ensure just-in-time delivery of the
`transmissions
`Substitute a text-only web page for a highly
`graphical web page if the user has a very
`slow dial-in connection.
`• Use different minimum and maximum
`bandwidth rates for an application
`according to connection speed.
`Accommodate new patrons of a streaming-media
`website until additional visitors would
`downgrade the quality of service to all. Then
`redirect latecomers to a page describing the
`temporary over-popularity problem.
`Detect and block ICMP variants that can plant
`malicious instructions.
`Block flows to the KeySales web server after
`15,000 flows-per-minute exceeded
`Tag SAP traffic with an MPLS label of 12 to
`preserve QoS through the MPLS core.
`Tag traffic from one subscriber with a given
`MPLS label to route subscriber’s traffic
`appropriately through their VPN.
`
`
`
`Feature
`Installation
`
`Ease-of-Use, Interface, and Integration Features
`Description
`Examples
`Install PacketShaper products by plugging in
`two cables and filling out a convenient, web-
`based form. No need to change router
`configurations, topology, desktops, or servers.
`
`
`
`
`
`Browser-Based
`Interface
`
`Manage PacketShaper with an easy, graphical user
`interface from any desktop with a web browser.
`
`
`
`
`
`Use a command-line interface over Telnet as an
`Command-Line
`efficient alternative to a GUI for streamlined,
`Interface
`advanced operations.
`Passive Connector Remain connected — even if PacketShaper goes
`down or is turned off, traffic passes right on through.
`Add redundancy to PacketShaper. Deploy two
`PacketShapers together, one passive and one active.
`Supply alternate policy values for use with a slower
`backup link, and PacketShaper automatically
`switches when it detects a failure of the primary link.
`Use SNMP to access PacketShaper data. Packeteer
`provides MIB II and two proprietary MIBs with the
`
`SNMP Support
`
`Hot Standby
`
`Failover Support
`
`telnet command line>> class show
`
`
`
`
`
`
`
`HP OpenView Network Node Manager can
`solicit information from PacketShaper using its
`
`
`
`Packeteer, Inc.
`
`
`
`5
`
`Cloudflare - Exhibit 1017, page 5
`
`
`
`Integration
`
`PacketShaper metrics listed above.
`Integrate with third-party tools via HTML, XML and
`CGI APIs, SNMP traps, POP3 email traps, the
`PacketShaper user interface, or customized
`integration features with select Packeteer partners.
`Extracted data can be saved in a variety of formats
`including SML, CSV, TSV, and ASCII.
`Centralized Control Centralized access: Access all your PacketShaper
`units individually from a single desktop with the
`browser-based user interface.
`Centralized configuration: Multiple PacketShapers
`can share configuration and policy definitions with
`Packeteer’s PolicyCenter.
`Through partnerships with leading vendors of
`network-management platforms, PacketShaper
`offers centralized access and control with HP’s
`OpenView Network Node Manager and PolicyXpert
`and Micromuse’s NetCool. Platform functions such
`as topology mapping, data collection, user-interface
`access, and event reporting all integrate smoothly
`with PacketShaper.
`Centralized Policy Management: PacketShaper
`integrates with HP PolicyXpert and serves as a
`policy-enforcement point.
`Centralized Reporting: While each PacketShaper
`tells its own story, Packeteer ReportCenter gives the
`big picture. It aggregates metrics from large
`deployments and creates organization-wide reports
`to manage trends or problems before they adversely
`affect applications.
`Offer subscribers customized, branded network and
`application status web pages. Enable subscribers to
`check their own status and reduce the volume of
`helpdesk calls.
`PacketShaper/ISP maintains your portal’s HTML
`pages and automatically customizes them for each
`subscriber. It serves HTML pages to subscribers
`when requested and insulates subscribers from each
`other’s data.
`
`
`Customer Portal
`(only available in
`PS/ISP)
`
`standard SNMP management tools.
`Export usage data into an Excel
`•
`spreadsheet.
`• Use a favorite reporting tool with
`PacketShaper metrics.
`
`
`Define a QoS strategy with HP PolicyXpert and
`PacketShaper enforces performance policies.
`Access PacketShaper configuration by clicking
`on the Packeteer icon in HP OpenView’s
`topology map.
`
`
`
`Portion of a Sample Customer Portal Page
`in HTML with 60-Minute Graphs
`…(deleted)…<head>
`<title> Graph sample </title>
`</head>
`<body>
`<h1> Network performance overall, last 60
`minutes </h1>
`<h2> Inbound throughput </h2>
`<IMG
`SRC=/customer/Cgi1?OP.MEAS.GETGRAPH=
`&MEAS.NAME=/Inbound&MEAS.TYPE=link
`&MEAS.PERIOD=3600&MEAS.VARLIST=
`avgbps%%20peakbps&MEAS.VARLISTLABE
`L=AverageRate%%2CPeakRate&MEAS.GRAP
`HTYPE=line>
`<h2> Outbound throughput </h2>
`<IMG
`SRC=/customer/Cgi2?OP.MEAS.GETGRAPH=
`&MEAS.NAME=/Outbound&MEAS.TYPE=
`link&MEAS.PERIOD=3600&MEAS.VARLIST
`… (Deleted)…</body>
`</html>
`
`
`
`
`
`Packeteer, Inc.
`
`
`
`6
`
`Cloudflare - Exhibit 1017, page 6
`
`