A project to consolidate servers in a central data centre highlighted the need for international law firm Reed Smith to use traffic-shaping technology to ensure that its most important applications perform well on its now-critical WAN.

So far Reed Smith has used Packeteer PacketShapers to prioritise key flows, limit or block unnecessary traffic and adjust the size of its WAN links to make the network as cost-effective as possible, says Frank Hervert, senior manager of network and messaging services for the firm.

He doesn't have a quantified return on investment, but the Packeteer appliances enable him to cost-justify increases or decreases in bandwidth, so the firm doesn't pay for bandwidth it doesn't use. "Over a six-month term that will easily save me money beyond the cost of the PacketShaper," he says.

The equipment also provides monitoring and records that enable Reed Smith to double-check carrier services and ensure that service providers meet service-level agreements and configure the network in accordance with its design, he says.

The Pittsburgh-based law firm has 15 offices in the US and six offices overseas. Each used to have its own Internet access and servers, but for the past two years, the firm has been consolidating its servers and Internet access at a leased secure data centre.

The centralisation is about 60 percent complete for the US offices, Hervert says. In June, the firm plans to switch its foreign offices to a new European data centre based on the same model.

Centralised apps

The US data centre contains 180 Citrix servers that host the law firm's key applications, including common office applications such as Word, Excel, PowerPoint and e-mail. "All of that processing is centralised out of one data centre," he says. "That affords us LAN-like access anywhere."

The company bases its fully meshed primary WAN on MPLS services supplied by AT&T. That network is backed up by an Ethernet WAN from Yipes. Connections into the data centre from the carriers are separate OC-3 fibre links.

With the MPLS network, each large office is connected to the service with DS-3 lines that have committed access rates (CAR) less than the 45Mbit/s capacity of the connections. But traffic on these pipes is allowed to burst up to the full bandwidth. Smaller offices are connected via T-1s or multiple T-1s, he says. This primary network is used for critical business applications.

The backup Ethernet network also has DS-3 backhauls to a Yipes Layer 2 Ethernet network. Some sites that sit on Yipes metropolitan networks have 1Gbit/s connections but have a CAR for only a portion of them. This network is routinely used for traffic such as FTP traffic among offices.

If an MPLS link to an office fails, business applications run over the Ethernet network, and the PacketShapers enforce policies that give the applications priority over file transfers, Hervert says.

PacketShapers discovered an improperly configured fail-over mechanism, says Karl Greenwood, network analyst for the firm. When a site went down, traffic left it via the Ethernet backup network to the data centre, but traffic from the data centre back to the branch office was routed via the MPLS network, he says.

"The MPLS network discovered the outage and re-routed through another office," says Hervert. "It was finding its own path when it broke."

Traffic still flowed where it should, but the firm corrected the problem with AT&T because it wants to tightly control which traffic runs over which links all the time so it can maintain performance levels, he says.

Performance reporting

PacketShapers also give a view of network performance that can be compared to performance numbers supplied by carriers. "Without PacketShapers, we would be relying on AT&T's portal of bandwidth utilisation, which is very rudimentary," says Greenwood.

The PacketShapers also are used to keep the size of WAN links optimised. For instance, when the firm recently turned up a new office in Chicago, it bought the full bandwidth on a DS-3 during the period that files were being uploaded from the office to the data centre.

But when those uploads were completed, it planned to reduce its bandwidth commitment to fit the demands of routine traffic, Hervert says. "We can reduce costs by saying, 'We've gone a month here and PacketShaper says the Chicago office peaks at 5Mbit/s.' We can go back to our carriers and lower our CAR values," he says.

Reed Smith uses PacketShapers to limit bandwidth available to unauthorised traffic and to automatically identify and monitor new types of traffic as they are discovered. The PacketShaper can limit bandwidth available to recreational traffic such as peer-to-peer or in some cases block it altogether, he says.

Reed Smith uses a feature of PacketShapers called adaptive response to address unexpected events that might affect network performance. Based on policies the firm sets, for example, if an office generates more than 75 percent of total traffic the Packeteer devices send an alert.

Or if a particular application generates traffic outside the norm, the gear automatically creates a separate traffic class for it. The new class jumps out when Hervert reviews routine network performance reports, he says. The gear also generates an e-mail about the spike in traffic.

The firm does not take advantage of Packeteer's ability to compress traffic across WAN links. So far, there is enough bandwidth to keep performance high without it, says Hervret. The goal is to get the Citrix traffic and voice traffic among offices running well, then add IP video to the mix over time, he says.

"The PacketShape is our view, our measurement of what's there, of what's behaving on the network and what we can add to it," Hervert says.