Installing firewalls, traffic prioritization tools and bandwidth governors typically involves buying separate products and configuring each via a convoluted, product-specific procedure. Having adequate expertise always on hand to deal with your network' s disparate software tools entails lots of cross-training, and the sheer number of products makes technical support a many-headed Hydra.
Lightspeed Semiconductor Corp. says it has a better approach. Using what it calls IP Magic technology, Lightspeed has created collections of interchangeable software tools that manage traffic on networks that include one or more Windows NT-based computers. The company claims the tools are easy to install and configure. We put one of the collections, Total Control for e-Business, through its paces in our lab to test those claims.
The comprehensive set of network tool components worked well, and we could arrange the components in highly flexible ways. Moreover, the underlying plug-and-play parts technology is so compelling, we wonder why all network software doesn' t use IP Magic' s approach. Total Control for e-Business is especially appropriate for busy companies whose networks need almost daily reconfigurations and installations of firewalls, bandwidth allocators, traffic filters and load balancers.
It' s a kind of magic
Between two network adapters in an NT 4.0 computer, you use Total Control for e-Business to insert any combination you desire of what Lightspeed calls IP Magic objects. These objects include source and destination network address translation (NAT) tools, a firewall, traffic filter, packet counter, SNMP agent, load balancer, traffic prioritizer, speed limiter and various other functions. Because each of the mix-and-match interchangeable components has the same input and output parameters, it' s possible to string them together in whatever order you want. We found choosing combinations of IP Magic objects an easy, intuitive process. To build each IP Magic network control point, we dragged and dropped icons in Lightspeed' s visual design and configuration environment. Saving, loading and activating different IP Magic configurations is as painless as saving and loading word processing documents.
Even though Total Control for e-Business' several components are easy to select and configure, don' t think that they' re not high-quality, serious software. For example, in our firewall tests we found Lightspeed' s product immune to almost all our hacking attempts. Our efforts revealed some vulnerabilities in TCP sequence prediction, but the firewall component successfully thwarted SYN floods, data storms, port scans and a teardrop-style denial-of-service attack. The firewall operated at near wire speeds in the performance tests, resolving all packets within 12 seconds of the end of each 10-minute stress test. Furthermore, IP Magic' s installation program replaces Microsoft Corp.' s TCP/IP stack with Lightspeed' s more robust and secure protocol stack.
For configuration purposes, each component has its own property sheet, activated via a right click. Rules on the stateful firewall' s property sheet define security policies for particular types of IP traffic. The outbound NAT tool' s property sheet contains internal-to-external network IP address translation rules for TCP and User Datagram Protocol (UDP) traffic, and it works with static and dynamic IP addressing schemes. Similarly, the inbound NAT tool has settings for how to swap each packet' s IP address and port number with values you specify. The NAT tools also have settable timeout intervals for TCP and UDP packets.
The Total Control for e-Business collection of components includes a server load balancer and WAN load balancer. The server load balancer works somewhat like Microsoft Windows Load Balance Service. It excelled at distributing transaction traffic across multiple Web servers in our tests, and it even detected and thereafter avoided servers that we abruptly removed from the network. By setting bandwidth values for each gateway in the WAN load balancer, we throttled and distributed outbound IP traffic over multiple WAN links.
We also liked how we could place a traffic-monitoring IP Magic component wherever we wished. As we first configured our Total Control for e-Business installations, we inserted these packet counters liberally to see the effects of the filtering and load-balancing components. After verifying our configurations, we then removed the packet counters with a mouse click.
The installation was straightforward. Although it lacks an index, the documentation was clear and thorough.
Late in the review, Lightspeed shipped us a Model 1100 hardware version of IP Magic (a dual-processor Model 2100 is also available). A slim, rack-mountable NT computer with no monitor, keyboard or mouse, the Model 1100 uses Microsoft' s Distributed Component Object Model (DCOM) interface to accept configurations built with the IP Magic visual design environment. Any Windows-based computer on the network can run the design environment and thus control the appliance' s IP Magic configuration. Downloading the visual design environment to a client computer is a matter of connecting to the Model 1100 appliance via its browser interface. The only minor problem we noted was an occasional DCOM timeout and subsequent disconnection of the visual design environment' s DCOM link to the appliance. However, the IP Magic hardware device performed quickly and with rock-solid reliability in our tests.
Lightspeed bundles varying numbers of IP Magic objects in several collections it sells, and the Total Control for e-Business collection is one of the most complete. Each set of easily configured tools is cost-effective when you contrast it with the expense of buying, training for and setting up multifunction routers or special-purpose network products. We recommend IP Magic to any network administrator who longs to have a set of comprehensive network tools with a single, cohesive user interface.
Nance, a software developer and consultant for 29 years, is the author of Introduction to Networking, 4th Edition and Client/Server LAN Programming. You can contact him at firstname.lastname@example.org.