P-Cube's Engage software, part of its Service Engineering solution, can identify and block or prioritize a wide variety of applications and protocols, including potentially illegal P2P programs.

by Alex Goldman ISP-Planet Associate Editor [April 28, 2003]

Sunnyvale, Calif.-based P-Cube has released a software module called Engage, an upgrade to its Service Engineering solution that tacks peer-to-peer (P2P) traffic control on to an already impressive list of protocols and applications that the solution can block or prioritize.

The solution consists of software (the Service Management Platform, or SMP) and hardware appliances. The appliances monitor and control remote POPs or aggregation points. An appliance also sits in the ISP's NOC, where it assists in the creation and delivery of network policies and reporting. Currently available models are the SE100 (for Fast Ethernet speeds) and the SE1000 (for Gigabit Ethernet speeds).

Grokking Morpheus and the monkey
Samir Sharma, P-cube senior product marketing manager, notes that the software has to recognize a variety of different P2P applications. "We serve and international market, and each continent has a different P2P solution," he says. The software recognizes the following potentially illegal programs: KaZaA, Winny, iMesh, WinMX, LimeWire, eDonkey, Grokster, Bearshare, Piolet, and Morpheus. WinMX, for example, is popular in Asia because it supports Asian character sets.

P2P traffic, especially file trading, is a problem for an ISP of any size. Notes Sharma, "it fundamentally changes network behavior. ISPs planned on certain behaviors when they designed their backhaul. P2P increases network utilization, especially on international and backhaul links. Adding international links is expensive to an ISP—especially if they cannot add revenues in tandem with new costs."

An ISP that throttles or eliminates all P2P traffic risks losing subscribers, as does one that tries to crack down on heavy users. Engage allows the ISP to set any of a variety of policies.

For example, during daytime business hours, the ISP might limit aggregate P2P traffic to 10 percent of the total available—one user or many would be able to use that 10 percent. An ISP might give each user a P2P quota of 10 GB per month, after which the ISP could throttle or charge for that user's additional traffic. An ISP might set quotas, but allow unlimited P2P traffic within its network—only P2P traffic outside the network would count towards the quota.

Sharma says that each box deployed on an ISP's network should take only about an hour to set up. "We have tools and a GUI to administer the box, and they simplify the setup process," he says. "Of course, determining the rules the ISP will enforce [and communicating them to subscribers] requires planning. Usually, for a week, a company will put the box in the network [in a passive setup] and just take usage data. Then the company will examine behavior patterns. We provide very granular information that a service provider may or may not have had before."

We have the tools, we have the talent
The control offered by the device is so granular that ISPs can use it to prioritize or deny any of the following protocols:

• Streaming media: MPEG2-4, RTP, Real Audio, Real Player, RTSP, Windows Media
• VoIP: H.323, RTP, RTCP, MGCP, SIP, MegaCoE-mail: MS Exchange, SMTP, POP3, IMAP
• Session: Telnet, rlogin, rsh, SSH
• Security: HTTPS, LDAP-SSL, RADIUS
• Other: HTTP by URL, IP, UDP, TCP, FTP, LDAP, TFTP, SSL, PPTP, ISMP, NNTP, DNS, traceroute

Sharma noted that some providers are interested in using the devices to shape gaming traffic. For example, an ISP could sell a premium gaming package guaranteeing low latency access to the ISP's own game servers, or prioritizing traffic for a specific application (such as Doom or Quake). "If they pay less, they can access the servers, but don't get the latency guarantees," says Sharma, "so they catch a couple of rockets more than anyone else."

Sharma even claims that a game console maker is interested in using the devices on its network to make sure that only game traffic is originating from the consoles—not e-mail, HTTP, or any other non-game traffic.

The device uses a custom language the company calls Service Management Language (SML). Sharma says that, in practice, the language is similar to C or C++, and allows service providers to write their own scripts. "Most service providers," he adds, "just ask us to write scripts for them. It's easy and it's not a problem for us. In fact, it helps us stay on top of variants of popular protocols, and allows us to provide the scripts to all of our subscribers."

The device now has FCC Part 15 certification for fixed wireless services, and Sharma says that the company is working on its Encharge application, which works with billing software, to provide solutions for hotspot providers. Stay tuned.

Pricing and availability
The SMP, the Service Engine devices, and the Engage and Encharge modules are all available now. Sharma says that the solution is priced between Allot's low-end traffic shaping and management solution and Cisco's CSG (the Cisco product is a card, so its total price would include the price of a Cisco chassis).

The SE 100 serves 100,000 simultaneous IP traffic flows. The SE 1000 serves up to 100,000 subscribers or 1 million simultaneous IP traffic flows. The Cisco CSG serves up to 300,000 subscribers or 2 million simultaneous IP traffic flows.

A single SE 100 device, plus per-subscriber fees for the software, would cost about $25,000. A larger ISP, with several control points, would require several devices and might spend $90,000 to serve 100,000 subscribers.

—End