SAN MATEO (05/15/2000) - If you are building or running a sophisticated IP-based network, installing an IP traffic-management suite could be just what your IT department, customers, and CFO need. Used properly, it will help maximize the efficiencies of your hardware and bandwidth, while giving better control of the traffic itself. No matter what your situation, there's nothing wrong with saving time and money while increasing the quality of your network service.
I recently looked at Lightspeed Systems Inc.'s IPMagic. It comprises two products: Traffic Control for e-Business, which lets you find out where your bandwidth is going, and QoS (quality of service) Control for e-Business, which lets you impose controls on the utilization of that bandwidth. The products can be bought separately, but they work very well together. Overall, I found IPMagic a stunning product that allows a system manager to perform a wide range of network management, maintenance, and optimization tasks. IPMagic is flexible enough that it can help almost any company that connects to an external network.
Traffic Control includes load balancing; security features such as firewall, NAT (network address translation), and port mapping; and real-time traffic statistics. QoS Control includes traffic prioritization, differential services, data-rate control, and speed-limiting functions.
IPMagic is such a large tool kit; I was only able to scratch its surface in my testing. Although each of these functions can be purchased separately or as groups, this is the most comprehensive IP management suite I have seen. Fully duplicating IPMagic would require several products -- including a firewall, a load balancer, and a QoS appliance.
For example, to reproduce what IPMagic does on a Windows NT-based server, you could choose firewall services from Check Point Software Technologies, load balancing from Resonate's Central Dispatch, and a QoS package such as Resonate's Commander. A hardware approach could combine the Cisco Secure PIX Firewall 520 with a Cisco Local Director. However, the management software is unlikely to be as flexible and easy to use as IPMagic's, and QoS functions would still need to be addressed.
Because IPMagic is less expensive, easier to use, and more complete than a mix-and-match package, I gave it a score of Very Good. I could not rate it higher due to the sometimes unhelpful documentation and the lack of support for the IPX protocol.
Slow start, easy management
Although the installation was easy, the initial configuration was less than pleasant. The documentation assumed that I already understood the basics of IPMagic, and as a result it wasn't terribly useful in getting the system running. I fought with establishing a route between a public and private network for about a day before I called for help. Lightspeed System's technical support staff quickly set me straight and was very pleasant, despite my errors.
A Lightspeed Systems official tells me that the company is about to package a quick-start pamphlet, a troubleshooting guide, and wizards in the next version to make this process less frustrating.
Once the initial configuration was complete, I was pleased to see my NT-based IPMagic system then acted as a NAT router for my public and private networks.
This allowed me to use nonrouting class B IP addresses (for example, 192.168.xxx.xxx) for my LAN, while maintaining my class C addresses to be used as a public network. NAT router duties also included the option of assigning the internal addresses dynamically.
Extending the basic setup was very easy due to IPMagic's intuitive user interface. IPMagic is configured through a drag-and-drop interface that let me define data flows, add functions, and redirect data. For example, the real-time traffic statistics showed me that FTP was consuming more bandwidth than I like to see. The solution was to drop a port redirector and a flow restrictor in place and draw lines connecting them so the FTP traffic went through the flow restrictor and the other traffic flowed directly through the system. I changed the properties of the flow restrictor to change its name and to set its speed limit. I stopped and restarted IPMagic, and then the other traffic had access to more bandwidth while the FTP traffic was throttled back to the speed limit I had set.
In the business world, an e-commerce site system manager could use this to make sure that secure traffic -- the traffic that is placing orders and paying the bills -- has unimpeded access to the servers while other traffic has a lower priority. Another option is employing time-of-day and user controls so some servers or services will be available to specific systems only at specific times of day; this is a great way of limiting Internet radio, for example.
A welcome bonus to installing IPMagic is increased stability. I used only the Lightspeed Systems IP protocol drivers on this public network interface, rather than Microsoft's IP drivers, thereby removing the many known weaknesses (documented in a seemingly endless flow of CIAC Advisory Notices and Microsoft fixes). Although I didn't try to stress-test the NT server running IPMagic, the 350MHz AMD K6-2 system was handling about 27Mbps of FTP traffic with no apparent problems such as poor server or network performance or an increase in network-related errors. Moreover, IPMagic routed Web traffic with aplomb.
Some advice and a glitch
While playing with a client, I noticed the IPMagic server was available as a general NT server to my local users. Although this seems an attractive and cost-saving feature, using part of your security infrastructure as a general-purpose server is a false economy because it exposes your security system to whatever weaknesses the server, its applications, and its configuration exhibit. I recommend that you resist the temptation to economize and create a dedicated IPMagic server. If security is important and you need to load-balance between servers anyway, the additional cost of a dedicated server for IPMagic should not be a large consideration.
I found only one glitch with the program. As I was getting used to how the controls were working, I felt I had misconfigured the flow restrictor, so I added traffic analysis icons to the traffic-flow diagram. And that's when I noticed a bug. Although I expected that I'd need to stop then restart the IPMagic service to make the port redirector and flow restrictor work, I didn't expect that the traffic analysis icon wouldn't work until the IPMagic console was shut down and restarted. It was a minor glitch, but an annoying one.
Lightspeed Systems officials were surprised to hear about this problem, and they indicated IPMagic shouldn't work that way. They are still checking into the matter at press time. Some of the changes in IPMagic don't require that the service be stopped, but others do. In the end, I found it simpler just to stop and restart the service with every change.
IPMagic is pretty clearly living on Internet time: In the two weeks since I first received the product, Lightspeed had already released an update. On top of that, Version 2.5 should be shipping by the time this review is published.
In it, Lightspeed officials promise these problems will be resolved.
IPMagic solves a number of related security, availability, and performance problems for network managers in general and for the network managers of e-businesses in particular. It's a strong product; I suggest that anyone interested in a more controllable and efficient IP network download a copy from Lightspeed Systems' home page.
Mike Avery (email@example.com) is a networking consultant in Beaumont, Texas.
IPMagic's black box of problem solving
Lightspeed Systems combines key functions normally found in a combination of several more expensive products.
* Load balancing
* Network address translation
* Port mapping
* Real-time traffic statistics
Quality of service features
* Traffic prioritization
* Differential services
* Data-rate control
* Speed-limiting function
THE BOTTOM LINE: VERY GOOD
IPMagic Traffic Control for e-Business and QoS Control for e-Business, Version 2.03Business Case: IPMagic can insulate your IP network from many security and stability problems, keep your services flowing in the event of server failure, and help you maximize your existing infrastructure by controlling the flow of traffic. This will boost not only the bottom line, but also the quality of your network.
Technology Case: IPMagic resolves a large number of e-business networking issues, and does so elegantly with a straightforward user interface. To duplicate its functions would take several more expensive products -- such as a firewall, load balancer, and QoS package. Its ease of use is head and shoulders above the competing products, which often have fewer features at higher prices.
+ Easy-to-use interface for simple configuration+ Clear, complete traffic-statistics options to easily figure out where bandwidth is being used+ Flexible scheduling controls over filters and other functions for easy-to-control system accessCons:
- Restart needed for statistics counters to take effect- Online manual poor; it assumes user has great knowledge of the productCost: $13,490Platform(s): Windows 2000; Windows NT 4.0 with Service Pack 4 or laterLightspeed Systems Inc., Bakersfield, California; (877) 447-6244; www.lightspeedsystems.com.