PostACK® Shaper
3-Tier Arch.
5-Step Mgmt.
Successful Case
HOME > PRODUCTS > InstantQoS Technology
InstantQoS Technology

PostACK® TCP Bandwidth Optimizer
      Accurate Layer-7 Bandwidth Shaping

      When managing the TCP traffic, pass-through TCP flows can introduce large buffer requirements, large latency, frequent buffer overflows, and unfairness among flows competing for the same queue. So, how to allocate the bandwidth for a TCP flow without the above drawbacks becomes an important issue. The patented PostACK® is an innovative approach that can improve TCP rate shaping to solve the above problems. The widely deployed TCP Rate Control (TCR®) approach patented by Packeteer Inc. is found to be:
more vulnerable to Internet packet losses in throughput

less compatible to some TCP sending operating systems

In contrast, the PostACK approach can preserve TCR's advantages while avoiding TCR's drawbacks. PostACK emulates per-flow queuing, but relocates the queuing of data to the queuing of ACKs in the reverse direction, hence minimizing the buffer requirement up to 96 percent. PostACK also has 10 percent goodput improvement against TCR under lossy WAN environments. A further scalable design of PostACK can scale up to 750Mbps while seamlessly cooperating with the link-sharing architecture. Experimental results can be reproduced through a testbed for conducting switched LAN-to-WAN or WAN-to-LAN experiments with RTT/loss/jitter emulations.
L7 Networks Inc. has published a series of PostACK® related research papers to contribute to the IEEE society of computer science:
IEEE Transactions on Computers, Vol.53, No.3, March 2004: Assessing and Improving TCP Rate Shaping over Enterprise Edges
IEEE Communications Surveys and Tutorials, Vol.5, No.2, 2003: A Measurement-Based Survey and Evaluation of Bandwidth Management Systems
IEEE Global Telecommunications Conference 2004 (IEEE Globecom 2004), Dallas, Texas USA, Nov. 2004: On Shaping TCP Traffic at Edge Gateways
IEEE Symposium on Computers and Communications (IEEE ISCC 2003), Kemer - Antalya, Turkey, Jun. 2003: Co-DRR: An Integrated Uplink and Downlink Scheduler for Bandwidth Management over Wireless LANs

SoftASIC® Layer-7 Classification:
      Classify Once Switch Many (COSM) Acceleration

      Due to the fact that many modern networking applications use port-hopping to bounce from well-known ports to random ports, or even emulate themselves as HTTP/HTTPS/... protocols, layer-4 classification is not accurate anymore. The patented SoftASIC(TM) equipped with InstantQoS can:

1st-Stage: Deterministic Signature Matching for Sessions: Since layer-4 header is useless, efforts must be made in application protocols and contents. The SoftASIC(TM) can classify the sessions in a deterministic way (up to 12 consecutive packets). Mostly a session can match the signature database within the first two packets. The worst case, for example, the InstantQoS does not contain the signature for the new application, the SoftASIC(TM) can determine the session as unknown within 12 packets. The matching is done with transitions in a Global DFA (Deterministic Finite Automata), which is pre-compiled among all the signatures.
2nd-Stage: Classify Once Switch Many: After classifying by the 1st stage, all the rest of the packets in the session are forwarded without any signature matching. They are all switched to the right interface, with the appropriate services done in the following stages. For example, after the session has been recognized as the KaZaA application over port 80 (HTTP), all the rest of the packets of the session will be directly recognized as KaZaA and be put into the right queue for advanced bandwidth shaping. No any further signature matching are needed for the rest of the packets.

3-Tier Architecture:
      Maximize the Performance, Availability, and Functionality

      Layer-7 network eqipments often do computing-extensive tasks and require better architecture to maximize the performance, availability, and functionality. InstantQoS empolys 3-tier architecture to boost the performance for every purpose.
Tier-1: Device: The device should aim at rapidly and accurately doing content inspection. In such a way, the device which is installed inline at the network will not influence the network performance.
Tier-2: Management Server: The management server takes the responsibility to centralize the management to multiple devices, while accepting event logs into database for further reporting & analysis.
Tier-3: Management Client: The management client can be any PC with a java-enabled browser. As long as he/she can connect to the management server, he/she can control all the devices under the server.

5-Step Bandwidth Management:
      Maximize Productivity/Security, Minimize Theats/TCO

      Nowadays, many Internet users have installed IM and P2P applications which apply port-hopping and HTTP-tunnelling to avoid being checked or blocked. To help MIS to overcome the issues, 5-step Content Management is proposed to maximize the productivity / security and minimize the threats / TCO (Total Cost of Ownership).
Step 1. Plug & Play Real-time Discovery/Learning: To help the network administrators solve the above problems, InstantQoS provides the Plug & Play Discovery as the step-1 procedure. Just plug in the wire and the InstantQoS will show the network traffic in real time. You can see how many MSN tunnelled in the HTTP, and see how many IM peers are chatting.
Step 2. Layer-7 to Layer-4 Normalization: After discovering for a while, if you decide to manage the traffic, you can start to block something using the Application Firewall. In the figure, the InstantQoS has normalize the traffic. The MIS can easily control the InstantQoS just like what layer-4 firewalls can do. Furthermore, the InstantQoS can help you stop non-standard IM connection. For example, the MSN will automatically detect the firewall settings. If the MSN cannot find a way out through standard port 1863, it will try to connect to an HTTP proxy. However, anyone can manually configure his/her MSN settings to use any HTTP/SOCKS4/SOCKS5 proxies in the world, including those in your company. What is worse, users can connect to many WebIM pages to chat with their browsers. The InstantQoS can help you handle those situations.
Step 3. Bandwidth Management by Behaviors: Nevertheless, the MIS would like to do individual policy settings. Since the InstantQoS can recognize the detailed behaviors of each application, the MIS can setup individual policies. For example, the sessions for Skype file transfer, Skype voice, SkypeOut, QQ file transfer, are all encrypted but can be detected by InstantQoS for traffic shaping or rate guarantee. The user's information can be easily integrated with enterprises' user database, such as LDAP, Active Directory, POP3(S), IMAP(S), and RADIUS.
Step 4. Network Protection: The Internet is under constant attack. And many residential broadband subscribers remain completely vulnerable as they understand neither the dangers nor the relatively simple steps to avoid even well known exposures. So a service provider's own subscribers have become a major source of malicious traffic that degrades service not only for the infected subscriber but for surrounding subscribers on the shared network. As a result, service providers have been forced to bear escalating support call costs along with a higher risk of customer churn resulting from frustrations due to poor service quality.
Step 5. Offline Report/Analysis: Finally, reporting and analysis can help the MIS to find out the problem. Tens of graphical reports are presented, including daily/weekly/monthly bandwidth usage, applications' behaviors, and policy violations. Reports can be customized, searched, and emailed with PDF/HTML attachment by user-defined schedule.