Getting Started Guide v74

PacketShaper PacketShaper ISP
Getting Started Guide

Models 1200, 1400, 1550, 1700, 2500, 3500, 6500, 7500, 9500, 10000 PacketWise 7.4
P/N 20-0192-04 Revision C
Disclaimer
THIS DOCUMENT IS PROVIDED AS IS WITHOUT ANY EXPRESS OR IMPLIED WARRANTY OF ANY KIND, INCLUDING WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT OF INTELLECTUAL PROPERTY, OR FITNESS FOR ANY PARTICULAR PURPOSE. IN NO EVENT SHALL PACKETEER OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION, OR LOSS OF INFORMATION) ARISING OUT OF THE USE OF OR INABILITY TO USE THIS DOCUMENT OR THE PRODUCTS DESCRIBED HEREIN, EVEN IF PACKETEER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME JURISDICTIONS PROHIBIT THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU. Packeteer and its suppliers further do not warrant the accuracy or completeness of the information, text, graphics, links, or other items contained within this document, or assume liability for any incidental, indirect, special, or consequential damages in connection with the furnishing, use, or performance of the information in this document. Packeteer may make changes to this document, or to the products or software described herein, at any time, without notice. Packeteer makes no commitment to update this document.
Copyright/Trademarks/Patents
Packeteer, the Packeteer logo, and combinations of Packeteer and the Packeteer logo, as well as PacketWise, PacketSeeker, PacketShaper, PacketShaper Xpress, and PolicyCenter, are trademarks or registered trademarks of Packeteer, Inc. in the United States and other countries. Other product and company names used in this document are used for identification purposes only, may be trademarks of other companies, and are the property of their respective owners. Copyright 19962006 Packeteer, Inc. All rights reserved. No part of this document may be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into another language without the express written consent of Packeteer, Inc. PacketShaper, PacketShaper Xpress, and PacketSeeker appliances, and PolicyCenter and PacketWise software protected by, or for use under, one or more of the following U.S. Patents: 5,802,106; 6,018,516; 6,038,216; 6,046,980; 6,115,357; 6,205,120; 6,285,658; 6,298,041; 6,412,000, 6,456,630; 6,457,051; 6,591,299; 6,741,563; 6,928,052; 6,934,745; 6,970,432; 7,003,572; 6,460,085; 6,529,477; 6,584,083; 6,654,344; 6,934,255; 7,013,342 and 7,012,900. Other U.S. and international patents pending. Portions of the product incorporate software licensed from General Software, Inc. Copyright 2001 General Software, Inc. All rights reserved. This product also includes software for zipping and unzipping. Copyright 1990-2001 Info-ZIP. All rights reserved.
U.S. Government Restricted Rights

Packeteer software comprises commercial computer software and commercial computer software documentation as such terms are used in 48 C.F.R. 12.212 (SEPT 1995) and is provided to the United States Government (i) for acquisition by or on behalf of civilian agencies, consistent with the policy set forth in 48 C.F.R. 12.212; or (ii) for acquisition by or on behalf of units of the Department of Defense, consistent with the policies set forth in 48 C.F.R. 227-7202-1 (JUN 1995) and 227.7202-3 (JUN 1995). Packeteer software is provided with RESTRICTED RIGHTS. Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in FAR 52.227-14 and DFAR 252.227-7013 et seq. or their successors. Use of Packeteer products or software by the U.S. Government constitutes acknowledgment of Packeteers proprietary rights in them and to the maximum extent possible under federal law, the U.S. Government shall be bound by the terms and conditions set forth in Packeteers end user agreement. Packeteer, Inc. 10201 North De Anza Boulevard Cupertino, CA 95014 http://www.packeteer.com
Printing History
September, 2006 PacketWise 7.4
Regulatory Information
For information on regulatory compliance, see Appendix G:, Safety and Regulatory Information.
ABOUT THIS GUIDE

Getting Started Guide The PacketShaper Getting Started Guide provides the basic information needed for setting up the PacketShaper and initially configuring the PacketWise software. Chapter 1: Before You Install covers information you need to know before you set up your PacketShaper, such as determining a deployment strategy and filling in the preinstallation checklist. Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500) includes instructions and illustrations to help you connect your PacketShaper to the network. Chapter 3: Hardware Installation (PacketShaper 1400) provides the same information as Chapter 2, with information specific to the PacketShaper 1400. Chapter 4: Hardware Installation (PacketShaper 1700, 3500, 7500) provides the same information as Chapter 2, with information specific to the 1700, 3500 and 7500 models. Chapter 5: Hardware Installation (PacketShaper 9500, 10000) provides the same information as Chapter 2, with information specific to the 9500 and 10000 models. Chapter 6: PacketWise Software Configuration explains how to initially configure the PacketWise software and modify the settings after installation. Chapter 7: Redundant Configurations is for deployments in which two PacketShapers are used redundantly, for example two units connected to different routers in a redundant topology. Chapter 8: Non-Inline Deployment explains how PacketShapers can monitor networks when deployed non-inline for monitoring and/or compression estimation. This capability is part of the watch mode feature. The final chapters are product-specific. Read the chapter that corresponds to the product you are using (PacketShaper, Xpress, or PacketShaper ISP): Chapter 9: PacketShaper Quick Start tells you how to quickly become productive with your PacketShaper. This chapter provides basic instructions on using a PacketShaper to classify traffic, analyze application and network performance, and solve performance problems. For complete detailed information, see PacketGuide (described on next page). Chapter 10: Compression (Xpress) Quick Start describes the compression module (Xpress) option and explains how to configure compression and view compression reports. Chapter 11: PacketShaper ISP Quick Start shows service providers an effective way to set up the PacketShaper ISP to allocate bandwidth to their subscribers.
Other Resources
Online Help The PacketWise browser interface contains context-sensitive help with sufficient detail to assist you in setting up and maintaining configurations. To access help, click the help button and context-sensitive help will display in a separate window. The command-line interface (CLI) also has online help, which provides command syntax details.
PacketShaper Getting Started Guide
PacketGuide Included with all PacketShaper models is a browser-based reference resource called PacketGuide. In addition to complete reference material pertaining to the use of PacketWise software, PacketGuide contains recommendations for using Packeteer products to solve common network and application problems. There are three ways to access PacketGuide: Click the packetguide tab in the PacketWise browser interface. Enter the following URL in your Netscape or Internet Explorer browser window:
http://support.packeteer.com/documentation/packetguide/version.htm
and then choose version 7.4 from the PacketShaper list. Use the PacketGuide CD included with your PacketShaper. Quick Start Guide This concise booklet is shipped with all units and covers hardware installation and basic configuration. Complete installation and configuration instructions are provided in the Getting Started Guide (this manual). PacketGuide CD The PacketGuide CD includes an off-line version of the PacketGuide reference resource, plus PDF versions of the Quick Start Guide, Getting Started Guide, CLI Commands, Release Notes, and Preconfigured Graphs documents. Note that the latest online versions of these documents can be found by clicking the packetguide button in the PacketWise browser interface. Customer Support If you have a technical question about your PacketShaper, go to the Packeteer customer support website: http://support.packeteer.com. This website has a Technical Information Library (TIL) and an Online Support Center. Best Practices The Best Practices website offers a single location where you can come to answer the question, What should I be doing now? in any phase of your process with Packeteer products. It lists and describes the tasks involved at the various stages of deployment, and it provides links to information contained elsewhere on Packeteer websites that can give you detailed specifics. The URL is:
http://support.packeteer.com/documentation/BestPractices/
TABLE OF CONTENTS
CHAPTER 1: BEFORE YOU INSTALL
Introduction .................................................................................................................................................. 1-1 Determining Your Enterprise Deployment Strategy .................................................................................... 1-3 Placing PacketShapers into Redundant Topologies ..................................................................................... 1-8 Deploying Non-Inline PacketShapers .......................................................................................................... 1-9 Determining Your PacketShaper ISP Deployment Strategy ...................................................................... 1-10 Determining Which Mode to Use............................................................................................................... 1-11 Pre-Installation Checklist for Local Mode ................................................................................................. 1-12 Pre-Installation Checklist for Shared Mode ............................................................................................... 1-17
CHAPTER 2: HARDWARE INSTALLATION (PACKETSHAPER 1200, 1550, 2500, 6500)

Overview ...................................................................................................................................................... 2-1 Front Panel.................................................................................................................................................... 2-2 Rack-Mounting the Unit (optional) .............................................................................................................. 2-4 Connecting a PacketShaper to the Network ................................................................................................. 2-5 Turning on the PacketShaper........................................................................................................................ 2-7
CHAPTER 3: HARDWARE INSTALLATION (PACKETSHAPER 1400)

CHAPTER 4: HARDWARE INSTALLATION (PACKETSHAPER 1700, 3500, 7500)

CHAPTER 5: HARDWARE INSTALLATION (PACKETSHAPER 9500, 10000)

Overview ...................................................................................................................................................... 5-1 Front Panel.................................................................................................................................................... 5-2 Rack-Mounting the Unit (optional) .............................................................................................................. 5-5 Connecting the PacketShaper 9500/10000 to the Network .......................................................................... 5-6 Turning on the PacketShaper 9500/10000 ................................................................................................. 5-13
CHAPTER 6: PACKETWISE SOFTWARE CONFIGURATION

Before You Begin ......................................................................................................................................... 6-1 Configuring the PacketWise Software.......................................................................................................... 6-6 Changing Settings after Installation.............................................................................................................. 6-9
CHAPTER 7: REDUNDANT CONFIGURATIONS

Modifying a PacketShaper for Direct Standby ............................................................................................. 7-4 Connecting to a Redundant Router Topology ............................................................................................ 7-12 Setting Up Direct Standby .......................................................................................................................... 7-22
CHAPTER 8: NON-INLINE DEPLOYMENT

Overview....................................................................................................................................................... 8-1 Connecting Non-Inline Units to the Network............................................................................................... 8-3 Configuring Watch Mode ............................................................................................................................. 8-7 Connecting to a Network Tap ....................................................................................................................... 8-9 Configuring the Compression Estimator .................................................................................................... 8-11
CHAPTER 9: PACKETSHAPER QUICK START

Overview....................................................................................................................................................... 9-1 Classifying Traffic on the Network .............................................................................................................. 9-2 Analyzing Network Traffic........................................................................................................................... 9-5 Solving Performance Problems .................................................................................................................... 9-8 Advanced Features...................................................................................................................................... 9-11
CHAPTER 10: COMPRESSION (XPRESS) QUICK START

Overview..................................................................................................................................................... 10-1 Configuring Compression........................................................................................................................... 10-3 Displaying Compression Reports ............................................................................................................... 10-6
CHAPTER 11: PACKETSHAPER ISP QUICK START

Overview..................................................................................................................................................... 11-1 Using the Classification-Accelerator Cache ............................................................................................... 11-2 Traffic Tree Configuration.......................................................................................................................... 11-3 Defining Classes for Each Subscriber ........................................................................................................ 11-5 Allocating Bandwidth to Subscribers ......................................................................................................... 11-7 Creating a Data Entry Form........................................................................................................................ 11-8 Verifying that the IP Class Lookup Accelerator Cache is Being Used ...................................................... 11-9 Advanced Features.................................................................................................................................... 11-10
APPENDIX A: PRODUCT SPECIFICATIONS

PacketShaper 10000 Specifications ............................................................................................................. A-1 PacketShaper 9500 Specifications ............................................................................................................... A-3 PacketShaper 7500 Specifications ............................................................................................................... A-5 PacketShaper 6500 Specifications ............................................................................................................... A-7
PacketShaper 3500 Specifications................................................................................................................A-9 PacketShaper 2500 Specifications..............................................................................................................A-11 PacketShaper 1700 Specifications..............................................................................................................A-13 PacketShaper 1550 Specifications..............................................................................................................A-14 PacketShaper 1400 Specifications..............................................................................................................A-15 PacketShaper 1200 Specifications..............................................................................................................A-16
APPENDIX B: PINOUT DESCRIPTIONS

Console Port Pinout Description ..................................................................................................................B-1
APPENDIX C: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 1400

Field-Replaceable Hard Drive ......................................................................................................................C-1
APPENDIX D: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 1700

Field-Replaceable Power Supply .................................................................................................................D-1 Field-Replaceable Hard Drive ......................................................................................................................D-2 Field-Replaceable Cooling Unit ...................................................................................................................D-8
APPENDIX E: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 3500, 7500

Power Supplies ............................................................................................................................................. E-1 Field-Replaceable Hard Drive ...................................................................................................................... E-2 Field-Replaceable Cooling Units ................................................................................................................. E-5
APPENDIX F: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 9500, 10000

Hot-Swappable Power Supplies ................................................................................................................... F-1 Field-Replaceable Hard Drive (PacketShaper 10000) ................................................................................. F-4 Field-Replaceable Cooling Unit (PacketShaper 10000)............................................................................... F-7
APPENDIX G: SAFETY AND REGULATORY INFORMATION

Safety Warnings ...........................................................................................................................................G-1 Electro-Magnetic Interference/Compatibility and Safety Compliance ........................................................G-6 Proper Disposal of Packeteer Products.........................................................................................................G-9 RoHS Compliance ........................................................................................................................................G-9
Index
CHAPTER 1: BEFORE YOU INSTALL

Introduction
Packeteer Products This guide covers the installation and setup of the following Packeteer products: PacketShaper The PacketShaper is the physical platform that supports Packeteers WAN application optimization components. Three modules are available: Monitoring: The monitoring module, included with all PacketShapers, lets you gain visibility into your network. The PacketShaper tells you precisely which applications traverse the network, what portion of the network they consume, how well they perform, and where delays originate. A PacketShaper configured with only a monitoring module was previously known as a PacketSeeker. Shaping: Enabled with a software key, the shaping module allows you to take control of network traffic. With shaping, the PacketShaper can boost or curb application performance over the WAN and Internet using policy-based bandwidth allocation. Flexible policies protect critical applications, pace greedy traffic, limit recreational usage, and block malicious activity. Compression: Enabled with a software key, the compression module increases the usable capacity of your network. Compression enables more data to flow through constrained WAN links, freeing bandwidth to enhance the performance of applications that are most critical. A PacketShaper with the compression module was previously known as a PacketShaper Xpress.
PacketShaper ISP PacketShaper ISP models all include the monitoring and shaping modules (the compression module is not available for the PacketShaper ISP). The PacketShaper ISPs high-level capacities for classes and partitions allow service providers and universities to perform bandwidth farming: they can allocate bandwidth to each of their subscribers or students and use the PacketShapers extensive reports to verify usage. Information about hardware installation and software setup that is applicable to all Packeteer products is covered in the first part of this guide (Chapters 17). Specific configuration information for each Packeteer product is included in Quick Start chapters (Chapters 911).
Considerations
Before you proceed to hardware and software setup, you need to consider the following: Your placement strategy Its important to know where you will install the PacketShapers in your network. The locations depend on a number of factors, such as the type of network topology and what traffic you want the unit to monitor and manage. See Determining Your Enterprise Deployment Strategy on page 1-3, Placing PacketShapers into Redundant Topologies on page 1-8, Deploying Non-Inline PacketShapers on page 1-9, or Determining Your PacketShaper ISP Deployment Strategy on page 1-10. Which mode youll use When you run Guided Setup, the initial software configuration program, you will need to select either local or shared mode. The modes are explained in Determining Which Mode to Use on page 1-11.
1-1
Chapter 1: Before You Install
Your configuration settings By filling in the checklist on page 1-12 (local mode) or page 1-17 (shared mode), you will have all the information you need to answer the Guided Setup questions.
1-2
Determining Your Enterprise Deployment Strategy

PacketShapers generally sit behind WAN-link routers and/or Internet-link routers at main sites and branch offices. Each unit must be positioned so it sees all the traffic you want to monitor or manage. The most common topological locations for PacketShapers are at the: Main sites WAN link connects a main site to branch offices across a private corporate WAN Main sites Internet link connects a main site to branch offices across a virtual private network (VPN) and/or is a link to the Internet Main sites WAN/Internet links and at each branch office referred to as a distributed deployment Each of these deployment strategies is illustrated and described in detail in the following pages. For additional information, see the technical guide, Enterprise Deployment Topologies. Some enterprises first deploy PacketShapers at the main sites WAN and/or Internet links. Then, as the need for more granular management at branch offices is identified, additional units are deployed at the branches.
Note: For installing a PacketShaper unit into a redundant network topology, see page 1-8; for a non-inline deployment, see page 1-9. For PacketShaper ISP deployment strategies, see page 1-10.
PacketShapers are not Intended to be Firewalls Although PacketShapers can help identify performance problems due to viruses, worms, and denial-of-service attacks and can even help block some of this undesired traffic, they are not intended to act as firewalls. Packeteer recommends that you use a firewall or antivirus tools to protect your network from viruses and worms.
Main Site WAN Link Deployment
When a main site WAN link connects the main site to branch offices across a private corporate WAN, connect the PacketShaper to the WAN router as shown in the illustration below.
Enterprise Servers
Corporate WAN
PacketShaper
Main Site LAN
Main Site WAN Link
Branch Offices Connected via WAN
1-3
Assuming that you want to manage the WAN connections of the branch offices in addition to the main sites WAN link, this strategy is appropriate in hub-and-spoke topologies where the PacketShaper can see all branch traffic. All branch traffic must go through the main site PacketShaper, and there should be no direct branch-to-branch traffic. In this deployment strategy, the application and intranet servers are at the main sites data center, and each branch office must access the Internet through either the main site or a totally separate Internet connection that doesnt use the same last-mile WAN connection.
Note: Pure hub-and-spoke design is not necessary if you are managing only the main sites WAN link and not the branch offices WAN connections.
There are two basic reasons for placing a PacketShaper at a main site WAN link: To monitor or provision bandwidth to each branch office To monitor or provision bandwidth to each branch office and analyze and/or control individual application performance at each site
Depending on your purpose for deploying a PacketShaper, you will need to configure your unit differently. See the Enterprise Deployment Topologies guide for details. The number of branch offices a single PacketShaper can support depends on the complexity of the configuration. For example, in a complex configuration where a unit is managing bandwidth for each remote site in addition to controlling individual application performance at each site, a PacketShaper would not be able to manage as many branch offices as in a simpler configuration where the unit is not controlling application performance.
Main Site Internet Link Deployment
A main site Internet link topology has a PacketShaper unit at the main sites link to VPNconnected branch offices, dial-up VPN users, partner extranets, and/or simply the Internet. Applications for VPN-connected branch offices are hosted at the main site servers.
Enterprise Servers
Main Site LAN PacketShaper
Internet
Main Site Internet Link
Branch Offices Connected via VPN
When an Internet link supports both critical and casual traffic, you can use a PacketShaper to distinguish between the different types of Internet traffic. For example, a PacketShaper with the Monitor Module can determine how much of the link is going to web browsing and MP3 downloads, and even produce a list of top link users and Web destinations. With PacketShapers control module features, you can make sure dial-up users get the bandwidth they need, contain unsanctioned music downloads, and pace Voice over IP (VoIP) and streaming video traffic for stutter-free performance.
1-4
Virtual Private Networks (VPN) If you use VPN, you can install PacketShaper on either side of your VPN gateway. Its position with respect to the VPN gateway dictates whether it will classify applications before or after encryption. If you want to be able to classify, monitor, or control individual applications, place the PacketShaper between the LAN and the VPN gateway (see first illustration below). On the other hand, if you want to classify and protect all encrypted VPN traffic, place the unit between the router and the VPN gateway (second illustration).
VPN gateway LAN Internet router PacketShaper
LAN VPN gateway
router Internet PacketShaper
Multiple LANs (DMZ and Private LAN) If you have a private local-area network (LAN) and a Demilitarized Zone (DMZ) connected to your Internet link, you can purchase a Packeteer LAN Expansion Module (LEM) to provide additional connections. The private LAN is connected to the built-in ports, and the DMZ is connected to the LEM ports.
DMZ LAN
LAN Internet PacketShaper with LEM firewall with DMZ port router
1-5
Proxy Server/NAT Some proxy servers also perform Network Address Translation (NAT), so both functions need to be considered when you are determining the placement of PacketShapers. To be effective, the units should be placed outside a proxy server, since proxy servers typically terminate and restart TCP sessions. A unit inside a proxy server would see all inbound traffic sourced from the proxy server.
inside
outside
Internet proxy server PacketShaper router
LAN web server mail server
For details on configuring the traffic tree at a main site Internet link, see the Enterprise Deployment Topologies guide.
Distributed Deployment (Main Site and Branch Offices)
A distributed deployment includes PacketShapers at the main site and at each branch office. This strategy monitors and/or controls all application performance at all offices regardless of network size or topology. By having PacketShapers at each branch office in addition to the main site, you can get a more granular view of application bandwidth use and performance.
Enterprise Servers
Corporate WAN
PacketShaper
Main Site LAN
Internet PacketShaper
Main Site WAN Link
Main Site InternetLink
PacketShapers
PacketShapers
Branch Offices Connected via WAN
Branch Offices Connected via VPN
1-6
To effectively control bi-directional non-TCP-based applications, such as UDP and IPX, youll need to place PacketShapers on both ends of the link, one at the main site to control traffic outbound to the branch office, and one at the branch office to control traffic outbound to the main site. This is also recommended for point-to-point and mesh topologies that use technologies like Frame Relay and SMDS.
Main Site Branch Offices
router Frame Relay cloud
PacketShaper clients
PacketShaper server router PacketShaper
servers
PacketShaper with Compression Another topology that requires a distributed deployment is one which includes a PacketShaper configured with the compression module (previously known as a PacketShaper Xpress). The Xpress feature works by identifying other compression-enabled PacketShapers on the network and creating compression tunnels between them. A tunnel is automatically set up when traffic is sent through the PacketShaper to a host on the other side of another PacketShaper. In the illustration below, Tunnel A is created for the traffic between the clients in Branch Office A and the servers at the main site. Likewise, Tunnel B is created for the traffic between the clients in Branch Office B and the main site servers. Tunnel C is created for the traffic between the clients in Branch Office A and the clients in Branch Office B. For more information on using Xpress, see Chapter 10, Compression (Xpress) Quick Start.
Branch Office A Main Site Servers Branch Office B
PacketShaper Corporate WAN
PacketShaper Main Site LAN
PacketShaper Internet
PacketShaper
Tunnel A Tunnel C
Tunnel B
Packet Capture Another reason you might want PacketShapers at each site is to analyze detailed information about packets. Using the packet capture feature, you can capture packets for future analysis. For details on configuring the traffic trees at branch offices and main sites in a distributed deployment, see the Enterprise Deployment Topologies guide.
1-7
Placing PacketShapers into Redundant Topologies

PacketShapers can be placed into a variety of redundant topologies those with redundant routers, redundant switches, two data paths, two LANs, and/or redundant firewalls. For the PacketShapers to function in these topologies, connect one unit into each redundant network path and the directly connect the two units. This Packeteer feature is called direct standby. One of the basic direct standby topologies is illustrated below. For additional topologies and details on connecting PacketShapers into these redundant topologies, see Connecting to a Redundant Router Topology on page 7-12.
clients
WAN
Live data path Direct connection
PacketShapers routers switches servers
Note: To use a PacketShaper in a redundant network, a Packeteer LAN Expansion Module (LEM) is required. If you are already using a LEM for another purpose, you will need two LEMs. PacketShapers must be directly connected through the uppermost or right-most LEM.
1-8
Deploying Non-Inline PacketShapers

When you want to monitor traffic without having the PacketShaper cabled into the main data path, you can use Packeteers watch mode feature. This feature works with all PacketShapers. When a unit is in watch mode, it passively watches the traffic on your network and performs all typical monitoring tasks: identify your network traffic, measure response times, track bandwidth utilization, notify you of conditions of interest, and report on the performance of your applications and network. Additionally, watch mode can estimate outbound compression gains, so that you can see how much compression would be achieved if PacketShapers were deployed inline. Compression estimation mode is for evaluation purposes only, since it does not actually compress data.
Note: Because a PacketShaper in watch mode cannot perform traffic shaping, this feature is more often used on PacketShapers configured only with the monitoring module.
One of the basic non-inline topologies is shown below. For illustrations of all supported topologies, see Chapter 8.
Routers
PacketShaper
Outside port (for monitoring) Inside port (for management) SPAN port
Switch
The PacketShaper can also be connected to the network through a tap. A network tap is a transmit-only hardware device, placed inline, that provides a permanent access port for passive network monitoring. When a PacketShaper is connected to a tap, it receives the same traffic as if it were located directly on the wire.
Routers
Hub PacketShaper Tap
Switch
1-9
Determining Your PacketShaper ISP Deployment Strategy

To maximize performance, configure PacketShaper ISP models so that the inside port of the unit is on the same side as the blocks of IP addresses being managed. The following network topologies show configurations that optimize PacketShaper ISP units. For details on configuring PacketShaper ISP units, see Chapter 11, PacketShaper ISP Quick Start.
ISP Upstream Link
To set up an ISP upstream link configuration, connect the PacketShaper ISP units outside port to the router and connect the inside port to the ISP network.
Internet
router
outside
inside
ISP Network
PacketShaper ISP
Cable or DSL Head End
To set up a cable or DSL head end configuration, connect the PacketShaper ISPs outside port to the ISP network and the inside port to the distribution network that contains the users.
outside
inside
ISP Network
PacketShaper ISP DSLAM or cable head-end
cable or DSL users
1-10
Determining Which Mode to Use

Local Mode vs. Shared Mode PacketShapers can operate two different ways. Local mode is for units operating independently. For example, if you have only a few units and they serve different functions, use local mode. If you have many units, but some of them perform a unique function, put the unique units in local mode. If a unit will be in local mode, complete the checklist in this chapter titled Pre-Installation Checklist for Local Mode on page 1-12. Shared mode uses a directory server and works with PolicyCenter, a centralized management application used to configure and manage multiple PacketShapers throughout the enterprise. PolicyCenter offers a quick way to set up many units with similar configurations, for example, dozens (or even hundreds) of PacketShapers installed at your branch offices. If you decide to purchase PolicyCenter, install PolicyCenter first and then install your PacketShapers in shared mode. (For more information, see the PolicyCenter Getting Started Guide.) For PacketShapers in shared mode, complete the checklist in this chapter titled Pre-Installation Checklist for Shared Mode on page 1-17.
Determining Your Local Operating Mode
If you are configuring a PacketShaper in local mode, you must also select an operating mode: Shaping This option enables traffic discovery and shaping. Use this setting to automatically discover the traffic running on your network and apply default policies and partitions. To create new policies and partitions, see Chapter 9. Monitor Only Use this mode to have PacketShaper automatically create traffic classes based on the traffic it detects, but not control (shape) the traffic. Monitor Only mode is the most common choice for initial setup, since users typically want to discover and monitor traffic before turning on shaping controls. Shaping can be enabled later under the setup tab. Custom Traffic discovery and shaping are initially disabled. These options can be enabled later under the setup tab. If you have PacketShaper 1200 or 1400 Lite, Packeteer recommends Custom mode.
1-11
Pre-Installation Checklist for Local Mode

You will need to supply the information described below to configure your PacketShaper. To prepare for Guided Setup, fill in the third column with your settings. You may need to consult your system administrator or network administrator. Parameter IP Address Description IP address to be assigned to the PacketShaper, for example 10.1.2.3 Consult your network administrator to obtain an unassigned address. Note that when using the compression module (Xpress), all PacketShaper Xpress units need to be assigned additional IP addresses in order to exchange data with all other Xpress units. For more information, see the Compression parameter at the end of this section. Net Mask Subnet mask for the subnet on which the PacketShaper resides, for example 255.255.255.0 IP address of the access router to the link the PacketShaper is managing, for example 10.1.2.254 When you set the site router to none, the unit manages all traffic passing through it, regardless of whether the traffic is going to or from the site router. Most customers set site router to none; this is the recommended setting. When you set a site router IP address, the unit only monitors/manages Ethernet packets going to and from this router. All other Ethernet packets, including multicast, are ignored. Gateway IP address the PacketShaper uses to reach other networks, for example 10.1.2.254 The gateway routes PacketShaper-initiated transactions to a non-local address. DNS List (optional) IP address(es) of the Domain Name Server(s), for example 192.181.5.1 You can enter a maximum of eight addresses, separated by spaces. Domain Name (optional) Look Password Default domain name, for example packeteer.com Your Setting
Site Router
Password for read-only access, for example READ. Passwords can be up to nineteen characters long and are case sensitive. They can consist of a combination of letters, numbers, and all special characters.
1-12
Parameter Touch Password Inbound and Outbound Rates
Description Password for read/write access, for example 7JX1R5 Inbound and outbound link speeds in bits per second. Use the same link speed as that set in the network router. Data rates may be specified as integer bits per second, followed by a k (thousands), M (millions), or G (billions), or specified symbolically (T1, E1, T3). Examples: 1.536 M or T1. For a full-duplex WAN link, enter the total link speed for the inbound and outbound rates. Because full-duplex has wires that can simultaneously communicate in both inbound and outbound directions, you should enter the same rate for Inbound Rate and Outbound Rate. For example, if you have two T1 lines (3 Mbps), you should enter 3M for Inbound Rate and 3M for Outbound Rate. In rare situations in which the PacketShaper is managing half-duplex links, split the rate between the inbound and outbound links. For example, if you are managing a 10 Mbps half-duplex link, you could configure 5 Mbps for the inbound rate and 5 Mbps for the outbound rate since data can be transmitted in only one direction at a time. Note: If you set any NIC in the PacketShaper to halfduplex, you will not be able to transmit and receive at the same time, limiting the bandwidth to half. For example, if you have set 10 Mbps half-duplex on the NIC, the PacketShaper will be able to pass only 5 Mbps IN and 5 Mbps OUT at one time. Hence, you will not be able to manage a WAN link size greater than 5 Mbps. When using the direct standby feature (described in Chapter 7) in a load-sharing topology, set the link speed to the sum of both WAN links. Because each unit receives copied packets from its partner, the overall Inbound and Outbound partition sizes must be able to support that level of extra traffic. In this situation, you may want to use the access-link monitoring feature (advanced mode) to monitor the routers WAN interfaces and avoid over-subscribing the WAN bandwidth. See PacketGuide for details.
Your Setting
1-13
Parameter Inbound and Outbound Rates (continued)
Description The linksize key associated with a units shaping license may enforce an upper limit on the configurable link size. Note: 10BaseT links rarely reach the 10 Mbps limit. Keep Ethernets practical limits in mind when configuring rates. If your unit is using LAN Expansion Modules (LEMs) to manage different WAN links and you dont want to control each LEM separately, the rate should be the size of the smallest LEM. For example, if you have two 100 Mbps LEMs managing two links, you should specify 100M for the rate. On the other hand, if you want to control each link separately, the rate should be the sum of the link speeds on all devices. For example, if the built-in device is controlling a T1 line (1.5 Mbps) and a LEM is managing two T1 lines (3.0 Mbps), you should specify 4.5M for the rate. To control traffic across each link separately, you can create a class for each device (for example, Builtin_LEM and Upper_LEM) and assign partitions that match the link size (1.5M for the Builtin_LEM class and 3.0M for the Upper_LEM class). If your unit is using two LEMs to manage a single WAN link, specify the WAN link speed for the rate. Although the Info page will give you an error message (such as Link speed of 155 Mbps exceeds outside NIC speed of 100 Mbps) in the latter situation, it is still appropriate to specify the actual size of the link for the rate.
Your Setting
1-14
Parameter Inside and Outside NIC Modes
Description PacketShaper 1200, 1400, 1550, 2500, 6500: Choose: auto-negotiate, 10BaseT half-duplex, 10BaseT full-duplex, 100BaseT half-duplex, 100BaseT full-duplex PacketShaper 1700, 3500, 7500: As above, plus 1000BaseT full-duplex When you select auto-negotiate, the PacketShaper detects the connected devices port speed and configures the speed and duplex settings for a best match. While the PacketShaper automatically negotiates ports according to the IEEE 802u standard, other connected devices may not operate in compatible modes, which can result in connectivity problems. PacketShaper 9500, 10000 (Gigabit Fiber-Optic): The choices for gigabit fiber-optic are auto-negotiate, autoneg-only, and 1000BaseX full-duplex. If autonegotiate is specified and auto-negotiation signals are not received from the other side, the negotiation will time out in one second and the interface will be set at 1000 fixed. To force auto-negotiation without timing out, use the autoneg-only option. PacketShaper 1700, 3500, 7500, 9500, 10000 (Gigabit Ethernet): For gigabit Ethernet, you can specify auto-negotiate or 1000BaseT full-duplex. (1000BaseT actually does the same thing as auto-negotiate; manual setting to gigabit Ethernet is not part of the 802.3 Ethernet standard.) Notes: Whenever you wish to change Network Interface Card (NIC) settings, always select auto-negotiate first, then select a different value if desired. Do not change from one non-auto setting to another nonauto setting directly; re-negotiation may fail and In Link Down or Out Link Down appears on the LCD. Although you can specify different fixed speeds on the Inside and Outside interfaces, such a configuration will result in a network interruption if the PacketShaper is turned off because the end devices will not be able to negotiate the correct speed for the link.
Your Setting
1-15
Parameter Time Zone
Description A drop-down menu that allows you to select the time zone. (The default is local time, depending on time zone configuration.) Once you configure a time zone, the local time automatically changes at the start and end of daylight savings time.
Your Setting
Date
Current date. Enter the date in the format: mm dd yyyy, for example 09 15 2006 for September 15, 2006. Current time. Enter the time in the 24-hour format: hh:mm:ss, for example 14:36:23. See Determining Your Local Operating Mode on page 1-11 for details on the three operating modes: Shaping, Monitor Only, and Custom. If you have the compression module, you have the option of enabling compression during initial setup. For each PacketShaper device (main or LEM) you want to use for compression, you will need to provide the following information: IP Address IP address to assign to the interface; each interface must have a unique address. Note that this address is used by the Xpress feature and is not for managing the PacketShaper. An Xpress-IP address can NOT be the same as the units management address if you have a LEM installed or if you have enabled the Dedicated Management Port feature. It should not be the same address as the secondary customer portal address. Packeteer strongly recommends that you do not use the management IP address for an Xpress-IP address. Net Mask Subnet mask Gateway IP address of the router; leave blank or enter none if there is no gateway. The gateway is required if the compression partner is not on the same subnet.
Time
Operating Mode (PacketShaper)
Compression
1-16
Pre-Installation Checklist for Shared Mode

You will need to supply the information described below to configure your PacketShaper in shared mode (that is, to work with PolicyCenter). To prepare for Guided Setup, fill in the third column with your settings. You may have to consult your system administrator or network administrator. Parameter IP Address Description IP address to be assigned to the PacketShaper, for example 10.1.2.3 Consult your network administrator to obtain an unassigned address. Net Mask Subnet mask for the subnet on which the PacketShaper resides, for example 255.255.255.0 IP address of the access router to the link the PacketShaper is managing, for example 10.1.2.254 When you set the site router to none, the unit manages all traffic passing through it, regardless of whether the traffic is going to or from the site router. Most customers set site router to none; this is the recommended setting. When you set a site router IP address, the unit only monitors/manages Ethernet packets going to and from this router. All other Ethernet packets are ignored. Gateway IP address the PacketShaper uses to reach other networks, for example 10.1.2.254 The gateway routes PacketShaper-initiated transactions to a non-local address. The gateway address is often the same as the site router address. DNS List (optional) IP address(es) of the Domain Name Server(s), for example 192.181.5.1 You can enter a maximum of eight addresses separated by spaces. Domain Name (optional) Directory Server Host Name Default domain name, for example packeteer.com Your Setting
Site Router
The domain name or dotted-decimal IP address for the Directory Server. The Directory Server is usually the computer with PolicyCenter installed on it.
1-17
Parameter Default Touch Password
Description Password to access PolicyCenter default group, for example 7JX1R5; allows you to add units to PolicyCenter. Passwords can be up to nineteen characters long and are case sensitive. They can consist of letters, numbers, and all special characters. PacketShaper 1200, 1400, 1550, 2500, 6500: Choose: auto-negotiate, 10BaseT half-duplex, 10BaseT full-duplex, 100BaseT half-duplex, 100BaseT full-duplex PacketShaper 1700, 3500, 7500: As above, plus 1000BaseT full-duplex When you select auto-negotiate, the PacketShaper detects the connected devices port speed and configures the speed and duplex settings for a best match. While the PacketShaper automatically negotiates ports according to the IEEE 802u standard, other connected devices may not operate in compatible modes, which can result in connectivity problems. PacketShaper 9500, 10000 (Gigabit Fiber-Optic): The choices for gigabit fiber-optic are auto-negotiate, autoneg-only, and 1000BaseX full-duplex. If autonegotiate is specified and auto-negotiation signals are not received from the other side, the negotiation will time out in one second and the interface will be set at 1000 fixed. To force auto-negotiation without timing out, use the autoneg-only option. PacketShaper 3500, 7500, 9500, 10000 (Gigabit Ethernet): For gigabit Ethernet, you can specify auto-negotiate or 1000BaseT full-duplex. (1000BaseT actually does the same thing as auto-negotiate; manual setting to gigabit Ethernet is not part of the 802.3 Ethernet standard.) Note: Although you can specify different fixed speeds on the Inside and Outside interfaces, such a configuration will result in a network interruption if the PacketShaper is turned off because the end devices will not be able to negotiate the correct speed for the link.
Your Setting
Inside and Outside NIC Modes
1-18
Parameter Time Zone
Description A drop-down menu that allows you to select the time zone. (The default is local time, depending on time zone configuration.) Once you configure a time zone, the local time automatically changes at the start and end of daylight savings time.
Your Setting
1-19
1-20
CHAPTER 2: HARDWARE INSTALLATION (PACKETSHAPER 1200, 1550, 2500, 6500)

Overview
This chapter describes how to install a PacketShaper (model 1200, 1550, 2500, 6500) into your network. Installing a unit is simple: no network reconfiguration is required. You can insert Packeteer units directly into your existing network. These are the steps you will follow: 1. 2. 3. Rack-mount the unit (optional). Connect the PacketShaper to the network. Connect the power and (for some units) turn the unit on.
Failover Bypass
A bypass switch connects the inside and outside built-in interfaces together when a Packeteer unit is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime.
Note: When using the standby feature, the hardware bypass must be disabled. For more information about the standby feature and instructions for disabling the hardware bypass relays, see Redundant Configurations on page 7-1.
2-1
Chapter 2: Hardware Installation (PacketShaper 1200, 1550, 2500, 6500)
Front Panel
A PacketShaper front panel, shown in the following illustration, has two network ports, INSIDE and OUTSIDE. The unit has an AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the unit for local configuration. (A null-modem cable is provided for this purpose.) The LCD (liquid crystal display) panel on the front of some Packeteer models indicate the units operating state; see LCD Panel on page 2-7 for more information.
Outside RJ-45 Connector Inside RJ-45 Connector
DB-9 Serial Port
Expansion Slots
CONSOLE STATUS FAULT POWER
LINK Tx/Rx 100
INSIDE
LINK Tx/Rx 100
OUTSIDE
LCD
Note: The front panel of your unit may differ from the one shown. See Hardware Features on page 2-3 to see which features your unit has.
A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting a PacketShaper to the Network on page 2-5 for additional information to help you determine which cable to use. If you are managing more than one LAN or using the direct standby feature, you can add LAN Expansion Modules (LEMs) to the expansion slots.
LED Indicators
The front panel has the following LED indicators: Indicator Status Description If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED is amber. Fault Power Illuminated when unit is in safe or corrupted mode Illuminated when unit is plugged into an active power outlet and the unit is turned on Illuminated when the network cable is properly connected on both ends Flickers when the unit is transmitting and receiving data
Link
Tx/Rx
2-2
Indicator 100 Indicates link speed: green = 100 Mbps off = 10 Mbps
Description
Hardware Features
PacketShaper models have different features, as described below: Maximum Link Speed 2 Mbps 2 Mbps 10 Mbps 100 Mbps Expansion Slots for LEMs none none 2 2
Model
Power
LCD
1200 1550 2500 6500
single outlet with switch single outlet with switch single outlet with switch dual outlets with no switch
no no yes yes
See Appendix A for detailed product specifications.
2-3
Rack-Mounting the Unit (optional)

PacketShapers can be installed in standard 19-inch racks. Included with the unit are: 2 mounting brackets 6 bracket screws 4 mounting screws
Each side of the Packeteer case has three sets of screw holes (located in the front, middle, and rear) so that you can rack-mount the box in any of these positions. The following illustration shows details for rack installation:
Rack Rack Air Flow Vents
Bracket
STATU S FAULT POWE R CONS OLE
Rear-Mounting Position
LINK Tx/Rx 100 INSIDE LINK Tx/Rx 100 OUTS IDE
Bracket Mounting Screws
Center-Mounting Position Front-Mounting Position
Bracket Screws
To rack-mount a PacketShaper: 1. 2. 3. Decide whether the unit will be mounted in the front, center, or rear position in the rack, and locate the corresponding set of screw holes on the sides of the case. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side, as shown.
When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within the limit specified for the unit There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit
2-4
Connecting a PacketShaper to the Network
Selecting the Right Cable
Note: If you are deploying a PacketShaper in a redundant configuration, see Chapter 7, Redundant Configurations, for instructions and illustrations of supported topologies.
You can use either a crossover or straight-through cable to connect a PacketShaper to a network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between a Packeteer unit and a: router firewall server uplink ports hub switch Use this cable: crossover (orange) crossover (orange) crossover (orange) crossover (orange) straight-through straight-through
Connecting to a Router
To connect a PacketShaper to a router: 1. 2. 3. On the router, disconnect the straight-through cable that goes to the switch or hub. Reconnect this cable to the PacketShapers front panel port labeled INSIDE. Connect the OUTSIDE port to the router, using the orange crossover cable.
Router
INPUT 100-240 MAX 50-60Hz
Transceiver
Outside RJ-45 Connector Inside RJ-45 Connector PacketShaper
LINK Tx/Rx 100
INSIDE
LINK Tx/Rx 100
OUTSIDE
To Hub
4.
Proceed to Turning on the PacketShaper on page 2-7.
2-5
Connecting to a Server
To connect a PacketShaper to a server: 1. 2. 3. 4. On the server, disconnect the straight-through cable that goes to the switch or hub. Connect this cable to the PacketShapers front panel port labeled OUTSIDE. Connect the orange crossover cable to the units port labeled INSIDE. Connect the other end of this cable to the server.
Server
LINK Tx/Rx 100
INSIDE
LINK Tx/Rx 100
OUTSIDE
To Hub
5.
2-6
Turning on the PacketShaper

Your PacketShaper may have a dual power supply. If it does, connect both power connectors, using two separate AC outlets. 1. Connect the power cord(s) to the PacketShapers outlet(s) and plug the other end into AC power. If the unit has redundant power supplies, connect the power cords to outlets on separate circuit breakers. If there is a power switch on the back, turn the power on.
2.
LCD Panel
An LCD on the front of some PacketShaper models indicate the units operating state. The LCD graphically represents the traffic throughput for the units inside and outside interfaces. Every six seconds, the PacketShaper checks for conditions that may affect normal operations and then displays appropriate messages on the LCD. The following status information should be displayed sequentially on the Packeteer LCD after power is connected: LCD Information Booting... Version: 7.4 PacketShaper State System Startup Initialization Description The PacketShaper initializes and displays the startup status on the LCD. Upon successful bootup, the software version is displayed for several seconds. The numbers represent the amount of inbound and outbound traffic in Mbps. The bar graphs represent the percentage of link speed consumed by the inbound and outbound traffic. To the right of the bar, a vertical line indicates the tensecond peak.
Operational Mode Throughput Graph alternates with message Not Configured
3.
Check the following: Are the transmit (Tx) and receive (Rx) LEDs illuminated and flickering on the front panel of your Packeteer unit? If they are, the cables are connected correctly. Does the LCD window have an error message? If so, see Problems? on page 2-8.
4.
Follow the directions in Chapter 6 to configure your software.
2-7
Problems?
Is there an error message in the LCD window? If so, check this chart for directions. PacketShaper Condition Bypass mode
Message
Description In bypass mode, the LCD no longer displays the bar graph. Bypass mode prevents both packet shaping and network management access. For additional details, see the setup shaping command in the online PacketGuide. Contact Packeteer Support. Unable to detect link state of the inside interface. Check Packeteer unit cabling. Unable to detect link state on both interfaces. Check PacketShaper cabling. L=Lower These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling. Site router is incorrectly configured or PacketWise cannot find it. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. This is expected, since you havent configured the system yet. This message will disappear after you run Guided Setup to set the PacketShapers IP address for your network. Unable to detect link state of the outside interface. Check PacketShaper cabling. Your PacketShaper may have redundant power supplies. If one fails, the other one keeps the unit operational. Verify that both power supplies are connected to a power source. If this message occurs when both power supplies are connected to a power source, contact your reseller for service.
? Bypass Mode
Corrupt Config
Corrupt file Network connectivity problem Network connectivity problem Network connectivity problem
? In Link Down
? Links Down
L-InLink Down L-OutLink Down
No Router Found
Network connectivity problem
Not Configured
Factory-default IP address configured
? Out Link Down
Network connectivity problem Power supply problem
Power 1 Failed
2-8
Message Router Inside
PacketShaper Condition Network connectivity problem Network connectivity problem Safe mode
Description The site router is incorrectly connected to the INSIDE port. See Connecting a PacketShaper to the Network on page 25. A site router has not been configured. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. PacketWise reverts to safe mode after repeated system failures. For safe mode details, see Safe Mode in the online PacketGuide. Shaping can be enabled by going to the setup tab in the browser interface. U=Upper These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.
Router=0.0.0.0
Safe Mode
? Shaping Off
U-InLink Down U-OutLink Down
Shaping is not enabled Network connectivity problem
2-9
2-10
CHAPTER 3: HARDWARE INSTALLATION (PACKETSHAPER 1400)

Overview
This chapter describes how to install a PacketShaper 1400 into your network. Installing a unit is simple: no network reconfiguration is required. You can insert PacketShapers directly into your existing network. These are the steps you will follow: 1. 2. 3. Rack-mount the unit (optional). Connect the PacketShaper to the network. Connect the power and turn the unit on.
Failover Bypass
A bypass switch connects the inside and outside built-in interfaces together when a PacketShaper is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime.
Note: The failover bypass feature is not supported on the ports labeled BACKUP INSIDE and BACKUP OUTSIDE. If the PacketShaper 1400 is turned off or disabled, traffic will only continue to pass through the INSIDE and OUTSIDE ports
3-1
Chapter 3: Hardware Installation (PacketShaper 1400)
Front Panel
PacketShaper 1400 models include the following features: LED indicators that indicate the PacketShapers operating state; see LED Indicators on page 3-2 for more information Two main RJ-45 Ethernet ports, INSIDE and OUTSIDE Two backup RJ-45 Ethernet ports, BACKUP INSIDE and BACKUP OUTSIDE One AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the PacketShaper for local configuration Two USB ports, reserved for future use
USB CONSOLE INSIDE
POWER STATUS DISK
BACKUP
OUTSIDE
INSIDE
OUTSIDE
A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting a PacketShaper to the Network on page 3-5 for additional information to help you determine which cable to use.
LED Indicators
The front panel has the following LED indicators: Indicator Power Description Illuminated when unit is plugged into an active power outlet and the unit is turned on If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED remains off. Disk Indicates flash memory and/or hard disk activity
Status
Each RJ-45 port has two LED indicators: Indicator Amber Description Off when the link is down On when the link is up Flashing to indicate network traffic Green Off when unit is connected to a 10 Mbps Ethernet link On when unit is connected to a 100 Mbps Ethernet link
3-2
Hardware Features
The PacketShaper 1400 has the following hardware features: Power: single input with standby switch Maximum link speed: 2 Mbps LCD: none Backup Ethernet ports for connection to a backup DSL modem or router
See Product Specifications on page A-1 for detailed product specifications.
3-3

Each side of the PacketShaper case has a set of screw holes that can accomodate rack mounting brackets, as shown in the following illustration.
CO
NS
OLE
PO WE
US B
ST AT US DIS K
INSI
DE OU TS IDE
INSI DE
BA CK UP
OUT
SIDE
To rack-mount a PacketShaper: 1. 2. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side.
When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within specified limits. See PacketShaper 1400 Specifications on page A-15. There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit
3-4
Note: If you are deploying a PacketShaper in a redundant configuration, see Chapter 7, Redundant Configurations, for instructions and illustrations of supported topologies. If you are deploying a PacketShaper non-inline, see Chapter 8, Non-Inline Deployment.
You can use either a crossover or straight-through cable to connect a PacketShaper to a network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between a PacketShaper and a: router firewall server uplink ports hub switch Use this cable: crossover (orange) crossover (orange) crossover (orange) crossover (orange) straight-through straight-through
Router
Transceiver

USB CONSOLE INSIDE
POWER STATUS DISK BACKUP
OUTSIDE
INSIDE
OUTSIDE
To Hub
3-5
4. 5.
(Optional) If you have a backup router, repeat the previous three steps to connect a it to the PacketShapers BACKUP INSIDE and BACKUP OUTSIDE ports. Proceed to Turning on the PacketShaper on page 3-7.
Server

USB CONSOLE INSIDE
POWER STATUS DISK BACKUP
OUTSIDE
INSIDE
OUTSIDE
To Hub
5.
3-6

The PacketShaper 1400 has one power supply module.
Powering On
1. 2. 3.
Connect the power cord to the PacketShapers power connector outlet in the back of the unit. Plug the other end of the power cord into AC power. Flip the standby switch to the on position.
Powering Off
To put the PacketShaper into standby mode, flip the standby switch to the off position. To fully remove power from the motherboard, disconnect the power cord.
3-7
3-8
CHAPTER 4: HARDWARE INSTALLATION (PACKETSHAPER 1700, 3500, 7500)

Overview
This chapter describes how to install a PacketShaper 1700, 3500, or 7500 into your network. Installing a unit is simple: no network reconfiguration is required. You can insert PacketShapers directly into your existing network. These are the steps you will follow: 1. 2. 3. Rack-mount the unit (optional). Connect the PacketShaper to the network. Connect the power and turn the unit on.
Failover Bypass
A bypass switch connects the inside and outside built-in interfaces together when a PacketShaper is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime.
Note: When using the direct standby feature, the hardware bypass must be disabled. For more information about the standby feature and instructions for disabling the hardware bypass relays, see Redundant Configurations on page 7-1.
4-1
Chapter 4: Hardware Installation (PacketShaper 1700, 3500, 7500)
Front Panel
An example of a PacketShaper front panel is shown in the illustration below. While the front panel of your unit may differ in appearance, all PacketShaper 1700, 3500, and 7500 models include the following features: An LCD (liquid crystal display) panel that indicates the PacketShapers operating state; see LCD Panel on page 4-8 for more information Two RJ-45 Ethernet ports, INSIDE and OUTSIDE One RJ-45 Ethernet out-of-band management port (MGMT) to access and manage the unit on a management network; see Using the Out-of-Band Management Port (1700/3500/7500 only) on page 6-1 One AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the PacketShaper for local configuration Two USB ports, reserved for future use
DB-9 Serial Port Expansion Slots
INSIDE
INSIDE
SPEED
SPEED
Tx/Rx
Tx/Rx
LINK
LINK
IN: OUT:
USB Power Status Fault
CONSOLE CONSOLE
MGMT
LINK Tx/Rx SPEED
INSIDE
LINK Tx/Rx SPEED
OUTSIDE
LINK Tx/Rx SPEED OUTSIDE OUTSIDE
LCD
USB Ports
Management RJ-45 Connector Inside RJ-45 Connector Outside RJ-45 Connector
3500/7500 models only: expansion slots for LAN Expansion Modules (LEMs), which are used when managing more than one LAN or using the direct standby feature.
A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting a PacketShaper to the Network on page 4-5 for additional information to help you determine which cable to use.
LED Indicators
The front panel has the following LED indicators: Indicator Fault Description Illuminated when unit is in safe or corrupted mode
4-2
Indicator Status
Description If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED is amber.
Power Link Tx/Rx Speed
Illuminated when unit is plugged into an active power outlet and the unit is turned on Illuminated when the network cable is properly connected on both ends Flickers when the unit is transmitting and receiving data Indicates link speed: amber = 1 Gbps green = 100 Mbps off = 10 Mbps
Hardware Features
The PacketShaper 1700 has the following hardware features: Supports maximum link speed of 45 Mbps Power switch Field-replaceable power supply Field-replaceable, hot-swappable cooling unit
The PacketShaper 3500 and 7500 have the following hardware features: Supports maximum link speed of 200 Mbps (7500) and 45 Mbps (3500) Power switch for each power supply Field-replaceable power supply; the PacketShaper 7500 has two hot-swappable power supply modules Field-replaceable, hot-swappable cooling unit Field-replaceable hard drive Two expansion slots
See Product Specifications on page A-1 for detailed product specifications. See FieldReplaceable Components: PacketShaper 1700 on page D-1 and Field-Replaceable Components: PacketShaper 3500, 7500 on page E-1 for instructions on installing fieldreplaceable components.
4-3

Each side of the Packeteer case has two sets of screw holes (located in the front and middle) so that you can rack-mount the box in either of these positions. The following illustration shows details for rack installation:
Rack
Rack Bracket
Air Flow Vents
Mounting Screws
Bracket Center-Mounting Position
Front-Mounting Position
Bracket Screws
To rack-mount a PacketShaper: 1. 2. 3. Decide whether the unit will be mounted in the front or center position in the rack, and locate the corresponding set of screw holes on the sides of the case. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side, as shown.
4-4
Note: If you are deploying a PacketShaper in a redundant configuration, see Chapter 7, Redundant Configurations, for instructions and illustrations of supported topologies. If you are deploying a PacketShaper non-inline, see Chapter 8, Non-Inline Deployment.
You can use either a crossover or straight-through cable to connect a PacketShaper to a network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between a PacketShaper and a: router firewall server uplink ports hub switch Use this cable: crossover (orange) crossover (orange) crossover (orange) crossover (orange) straight-through straight-through
Router
Transceiver
IN: OUT:
USB CONSOLE Power Status Fault
MGMT
LINK Tx/Rx SPEED
INSIDE
LINK Tx/Rx SPEED
OUTSIDE
LINK Tx/Rx SPEED
To Hub
4-5
4.
If desired, connect an Ethernet cable from the MGMT port to a router on your management network.
Router
Transceiver
Management Port PacketShaper
IN: OUT:
MGMT
LINK Tx/Rx SPEED
INSIDE
LINK Tx/Rx SPEED
OUTSIDE
LINK Tx/Rx SPEED
To Hub
To Management Network
5.
4-6
Server
IN: OUT:
MGMT
LINK Tx/Rx SPEED
INSIDE
LINK Tx/Rx SPEED
OUTSIDE
LINK Tx/Rx SPEED
To Hub
5.
If desired, connect an Ethernet cable from the MGMT port to a router on your management network.
Server
Management Port PacketShaper
IN: OUT:
MGMT
LINK Tx/Rx SPEED
INSIDE
LINK Tx/Rx SPEED
OUTSIDE
LINK Tx/Rx SPEED
To Hub
To Management Network
6.
4-7

PacketShaper 1700 and 3500 units have one power supply module; the PacketShaper 7500 has two hot-swappable modules. For information about replacing power supply modules, see Appendix D (1700) and Appendix E (3500, 7500).
Powering On
One power cable is included for each installed power supply. Each power supply has its own power switch, located on the back of the unit. 1. 2. 3. Connect the power cord(s) to the PacketShapers outlet(s) in the back of the unit. Plug the other ends of the power cord(s) into AC power. When using two power supplies, be sure to connect the two power cords to outlets on separate circuit breakers. Press the power switch on each power supply.
Powering Off
To turn off the PacketShaper, press the power switch(es) or disconnect the power cord(s).
Note: Behind the rear access door is a reset button that should not be used without the direction of Packeteer customer support or a qualified systems engineer. Pressing this button will result in a hardware reset, causing all PacketShaper functions to cease temporarily.
LCD Panel
An LCD on the front of the unit indicate the operating state. The LCD graphically represents the traffic throughput for the units inside and outside interfaces. Every six seconds, the PacketShaper checks for conditions that may affect normal operations and then displays appropriate messages on the LCD. The following status information should be displayed sequentially on the Packeteer LCD after power is connected: LCD Information Booting... Version: 7.4 PacketShaper State System Startup Initialization Description The PacketShaper initializes and displays the startup status on the LCD. Upon successful bootup, the software version is displayed for several seconds. The numbers represent the amount of inbound and outbound traffic in Mbps. The bar graphs represent the percentage of link speed consumed by the inbound and outbound traffic. To the right of the bar, a vertical line indicates the tensecond peak.
4.
Check the following: Are the transmit (Tx) and receive (Rx) LEDs illuminated and flickering on the front panel of your PacketShaper? If they are, the cables are connected correctly. Does the LCD window have an error message? If so, see Problems? on page 4-9.
4-8
5.
Problems?
Is there an error message in the LCD window? If so, check this chart for directions. PacketShaper Condition Regulators indicate that voltage is out of the normal range
Message Bad 2.5v reg Bad 3.3v reg Bad 5v reg Bad 12v reg Bad CPU reg Bad Right LEM Bad Left LEM
Description Contact Packeteer Support.
Incompatible LEM installed
PacketShaper 3500/7500 units require a LEM designed specifically for these models. If your unit doesnt recognize the LEM or you get one or both of the LCD error messages shown (opposite), you may have installed a LEM that was designed for a different PacketShaper model. In bypass mode, the LCD no longer displays the bar graph. Bypass mode prevents both packet shaping and network management access. For additional details, see the setup shaping command in the online PacketGuide. Contact Packeteer Support. Unable to detect link state of the inside interface. Check cabling. Unable to detect link state on both interfaces. Check Packeteer unit cabling. L=Left These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling. Site router is incorrectly configured or PacketWise cannot find it. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. This is expected, since you havent configured the system yet. This message will disappear after you run Guided Setup to set the PacketShapers IP address for your network.
? Bypass Mode
Bypass mode
Corrupt Config
? In Link Down
? Links Down
No Router Found
Network connectivity problem
Not Configured
Factory-default IP address configured
4-9
Message
PacketShaper Condition Network connectivity problem Power supply problem
Description Unable to detect link state of the outside interface. Check PacketShaper cabling. Power 1 refers to the lower power supply. Power 2 refers to the upper power supply (PacketShaper 7500 only). The PacketShaper 7500 has redundant power supplies. If one fails, the other one keeps the unit operational. Verify that both power supplies are connected to a power source. If this message occurs when both power supplies are connected to a power source, contact your reseller for service.
? Out Link Down
Power 1 Failed Power 2 Failed
Router Inside
Network connectivity problem Network connectivity problem Safe mode
The site router is incorrectly connected to the INSIDE port. See Connecting a PacketShaper to the Network on page 45. A site router has not been configured. Use the setup tab in the browser interface or the setup siterouter CLI command to configure a site router. PacketWise reverts to safe mode after repeated system failures. For safe mode details, see Safe Mode in the online PacketGuide. Shaping can be enabled by going to the setup tab in the browser interface. R=Right These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.
Router=0.0.0.0
Safe Mode
? Shaping Off
R-InLink Down R-OutLink Down
Shaping not enabled Network connectivity problem
4-10
CHAPTER 5: HARDWARE INSTALLATION (PACKETSHAPER 9500, 10000)

Overview
This chapter describes how to connect PacketShaper models 9500 or 10000 to your copper Ethernet or fiber-optic Ethernet network. Installing a unit is simple: no network reconfiguration is required. You can insert PacketShapers directly into your existing network. These are the steps you will follow: 1. 2. 3. Rack-mount the unit (optional). Connect the PacketShaper to the network. Connect the power and turn the unit on.
Failover Bypass
A bypass switch connects the inside and outside interfaces together when a PacketShaper with RJ-45 connectors is not powered on or is reset. This feature prevents the unit from interrupting network traffic. When set into bypass mode, the PacketShaper acts like a crossover cable, so cabling configurations that work with the unit powered on will also work with the unit powered off. The failover bypass capability is built into PacketShaper 9500 and 10000 models with RJ-45 connectors.
Note: In order to use the failover bypass feature on fiber-optic PacketShaper 9500 and 10000 models, you need to purchase and install the Packeteer Fiber Bypass Switch. See Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch on page 5-10.
As part of installation testing, you should verify that network devices attached to the PacketShaper correctly negotiate Ethernet options (speed and duplex), both with the unit powered on and with the unit powered off. When the unit is powered on, each device negotiates Ethernet options with the corresponding port of the PacketShaper. When the unit is powered off and in bypass mode, the devices must be able to negotiate with each other directly in order to prevent network downtime.
Note: When using the standby feature, you must disable the hardware bypass on PacketShaper 9500 and 10000 models with RJ-45 connectors. For more information about the standby feature and instructions for disabling the hardware bypass relays, see Redundant Configurations on page 7-1.
5-1
Chapter 5: Hardware Installation (PacketShaper 9500, 10000)
Front Panel
The front panel of PacketShaper models 9500 and 10000 varies depending on whether it has RJ-45 or fiber-optic connectors. Refer to the section below that applies to your model.
RJ-45 Connectors
As shown in the following illustration, the front panel of PacketShaper models 9500 and 10000 has two RJ-45 ports, INSIDE and OUTSIDE for connecting to an Ethernet LAN using twisted-pair cables. The unit also has an AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the unit for local configuration. (A nullmodem cable is included for this purpose.) The LCD (liquid crystal display) panel indicates the units operating state; see LCD Panel on page 5-13 for more information.
Outside RJ-45 Connector Inside RJ-45 Connector DB-9 Serial Port Expansion Slots
INSIDE
LINK Tx/Rx SPEED
INSIDE
OUTSIDE
LINK Tx/Rx SPEED
OUTSIDE
LCD
A straight-through and an orange crossover patch cable with RJ-45 connectors are provided to complete the installation. See Connecting the PacketShaper 9500/10000 to the Network on page 5-6 for information to help you determine which cable to use. If you are managing more than one LAN or using the direct standby feature, you can add LAN Expansion Modules (LEMs) to the expansion slots.
Fiber-Optic Connectors
The fiber-optic PacketShaper 9500/10000 front panel, shown in the following illustration, has two fiber-optic ports, labeled INSIDE and OUTSIDE. You can install either SX or LX small form-factor pluggable (SFP) transceivers into these ports. The CONTROL port can be used with the Packeteer Fiber Bypass Switch to provide failover bypass; see Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch on page 5-10. If you do not have the bypass switch, the CONTROL port is not used.
5-2
The unit also has an AT-compatible DB-9 serial port (CONSOLE) to connect a terminal or PC to the unit for local configuration. A null-modem cable is included for this purpose. The LCD (liquid crystal display) panel indicates the units operating state; see LCD Panel on page 5-13 for more information.
Outside Transceiver Inside Transceiver DB-9 Serial Port Bypass Control Port Expansion Slots
INSIDE
CONTROL
OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE
Link Tx/Rx
SX/LX
INSIDE
LCD
If you are managing more than one LAN or using the direct standby feature, you can add LAN Expansion Modules (LEMs) to the expansion slots.
LED Indicators
The front panel has the following LED indicators: Indicator Status Description If all of the following conditions are true, the Status LED is green: all links are up traffic shaping is on the configured site router address is detected by the PacketShaper, or the site router address is set to none If any of the above conditions are not true, the LED is amber. Fault Power Illuminated when unit is in safe or corrupted mode Illuminated when unit is plugged into an active power outlet and the unit is turned on Illuminated when the network cable is properly connected on both ends Flickers when the unit is transmitting and receiving data Indicates link speed: amber = 1 Gbps green = 100 Mbps off = 10 Mbps
Link
Tx/Rx Speed (copper Ethernet)
5-3
Indicator SX/LX (fiber-optic)
Description Indicates types of fiber-optic transceiver installed in the port: green = SX yellow = LX
Hardware Features of PacketShaper 9500 Models
PacketShaper 9500 models have the following hardware features: Power switch Supports maximum link speed of 200 Mbps LCD RJ-45 or fiber-optic connectors Two expansion slots for LAN Expansion Modules Dual hot-swappable power supplies
See Product Specifications on page A-1 for detailed product specifications. For instructions on installing field replaceable components, see Field-Replaceable Components: PacketShaper 9500, 10000 on page F-1.
Hardware Features of PacketShaper 10000 Models
PacketShaper 10000 models have has the following hardware features: Power switch Supports maximum link speed of 1 Gbps LCD RJ-45 or fiber-optic connectors Two expansion slots for LAN Expansion Modules Dual hot-swappable power supplies Field-replaceable hard drive Field-replaceable cooling unit
See Product Specifications on page A-1 for detailed product specifications. For instructions on installing field replaceable components, see Field-Replaceable Components: PacketShaper 9500, 10000 on page F-1.
5-4

PacketShapers can be installed in standard 19-inch racks. Included are: 2 mounting brackets 6 bracket screws 4 mounting screws
Each side of the PacketShaper case has three sets of screw holes (located in the front, middle, and rear) so that you can rack-mount the unit in any of these positions. The following illustration shows details for rack installation:
Rack Rack Air Flow Vents
Bracket
STATU S FAULT POWE R CONS OLE
Rear-Mounting Position Center-Mounting Position Front-Mounting Position
Bracket Mounting Screws
Bracket Screws
To rack-mount the PacketShaper: 1. 2. 3. Decide whether the unit will be mounted in the front, center, or rear position in the rack, and locate the corresponding set of screw holes on the sides of the Packeteer case. Attach one bracket to the left side of the unit and one bracket to the right side, as shown. Each bracket requires three bracket screws. Attach the PacketShaper to the rack with two mounting screws on the racks left side and two mounting screws on the racks right side, as shown.
5-5
Connecting the PacketShaper 9500/10000 to the Network

This section covers two methods of hardware installation: Installing PacketShaper models 9500/10000 with RJ-45 Connectors (below). Connecting PacketShaper 9500/10000 models to a Fiber-Optic Network (page 58). Note: If you are deploying PacketShaper 9500/10000 units in a redundant configuration, see Chapter 7, Redundant Configurations, for instructions and illustrations of supported topologies. If you are deploying a PacketShaper noninline, see Chapter 8, Non-Inline Deployment.
Installing PacketShaper models 9500/10000 with RJ-45 Connectors
You can use either a crossover or straight-through cable to connect a PacketShaper with RJ45 connectors to an Ethernet network. Which cable you use depends on what you are connecting directly to the unit. Follow these guidelines when connecting devices: Between PacketShaper 9500/10000 and a: router or GBIC connection on a router for 1000Base-T firewall server uplink ports hub switch or GBIC connection on a switch for 1000Base-T
Use this cable: crossover (orange)
crossover (orange) crossover (orange) crossover (orange) straight-through straight-through
Connecting a PacketShaper 9500/10000 Between a Router and Hub To connect to a router: 1. 2. On the router, disconnect the straight-through cable that goes to the switch or hub. Reconnect this cable to the units front panel port labeled INSIDE.
5-6
3.
Connect the router to the OUTSIDE port, using the orange crossover cable.
WAN Router
WAN
PacketShaper 9500/10000
INSIDE
LINK Tx/Rx SPEED
INSIDE
OUTSIDE
LINK Tx/Rx SPEED
OUTSIDE
To hub
4.
Proceed to Turning on the PacketShaper 9500/10000 on page 5-13.
Connecting a PacketShaper 9500/10000 Between a Server and Hub To connect to a server: 1. 2. 3. 4. On the server, disconnect the straight-through cable connected to the switch or hub. Connect this cable to the units front panel port labeled OUTSIDE. Connect the orange crossover cable to the units port labeled INSIDE. Connect the other end of this cable to the server.
Server
INSIDE
LINK Tx/Rx SPEED
INSIDE
OUTSIDE
LINK Tx/Rx SPEED
OUTSIDE
To hub
5.
5-7
Connecting PacketShaper 9500/ 10000 models to a Fiber-Optic Network
The fiber-optic PacketShaper 9500/10000 uses modular SFP transceivers, allowing the unit to be used in a wide variety of fiber-optic networks. SX transceivers are included with the 9500/10000; if you need LX transceivers, you can purchase one or more Single-Mode Transceiver Upgrade Kits. (Each kit contains a single SFP transceiver.) Inserting SFP Transceiver Modules If the transceivers are not already installed, follow these steps to insert the modules into the PacketShapers fiber-optic ports: 1. Remove the rubber protectors from the connectors on the transceivers.
2.
Pull down on the latch handle until the latch on each transceiver is open at a 90-degree angle.
Note: If your transceiver does not have a handle or latch similar to the one shown here, refer to the transceivers manufacturer for specific instructions.
5-8
3.
Ensure that the transceivers are oriented as shown, then carefully insert them into their slots.
4.
Push up on the small latch on each transceiver until it clicks, to lock the transceiver into place.
Connecting a PacketShaper 9500/10000 Between a Router and a Switch To cable a fiber-optic PacketShaper 9500/10000 to a fiber-optic router and switch: 1. On the router, disconnect the fiber-optic cable connected to the switch. Note: If your router has SC connectors, replace this cable with a LC-to-SC cable. Reconnect this cable to the units front panel port labeled INSIDE. Use the appropriate cable (either LC-to-LC or LC-to-SC) to connect the OUTSIDE port to the router.
WAN Router
2. 3.
WAN
INSIDE
BYPASS CTRL
OUTSIDE
INSIDE
Link Tx/Rx
SX/LX
Link Tx/Rx
SX/LX
OUTSIDE
To switch
4.
Proceed to Turning on the PacketShaper 9500/10000 on page 5-13. Note: PacketShaper 9500/10000 units with fiber-optic connection do not have builtin bypass mode; if this unit fails, the network will be briefly disrupted while the unit reboots. If you require fiber bypass capability, use the Packeteer Fiber Bypass Switch. See Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch on page 5-10 for more information.
Connecting a PacketShaper 9500/10000 Between a Server and a Switch To connect PacketShaper 9500/10000 to a server and switch:
5-9
1.
On the server, disconnect the fiber-optic cable connected to the switch. Note: If your server has SC connectors, replace this cable with a LC-to-SC cable. Connect this cable to the units front panel port labeled OUTSIDE. Use the appropriate cable (either LC-to-LC or LC-to-SC) to connect the INSIDE port to the server.
Server
2. 3.
INSIDE
BYPASS CTRL
OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE
Link Tx/Rx
SX/LX
INSIDE
To switch
4.
Connecting a PacketShaper 9500/10000 to a Fiber Bypass Switch You can add fiber failover bypass functionality to a PacketShaper 9500/10000 by installing the Packeteer Fiber Bypass Switch. This bypass switch has four duplex-LC fiber-optic connectors labeled Inside, Outside, To Packeteer Inside, and To Packeteer Outside as well as an RJ-45 port labeled Control.
To Packeteer Inside LC port To Packeteer Outside Outside LC port LC port
Inside LC port
Control RJ-45 port
To cable a fiber-optic PacketShaper 9500/10000 to a fiber-optic network using a Fiber Bypass Switch: 1. 2. On the router, disconnect the fiber-optic cable connected to the switch. Reconnect this cable to the Fiber Bypass Switch port labeled Inside.
5-10
3.
Connect a two-meter long LC-to-LC or LC-to-SC cable from the bypass switchs Outside port to the router.
WAN Router
WAN
Inside LC port Fiber Bypass Switch
To Switch Outside LC port
4. 5.
Connect a one-meter LC-to-LC cable from the To Packeteer Inside port on the bypass switch to the units INSIDE port. Connect a one-meter LC-to-LC cable from the To Packeteer Outside port on the bypass switch to the units OUTSIDE port.
To Packeteer Inside LC port To Packeteer Outside LC port
Fiber Bypass Switch
To Switch To Router
INSIDE
BYPASS CTRL
OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE
Link Tx/Rx
SX/LX
INSIDE
5-11
6.
Connect a control cable between the RJ-11 port (labeled CONTROL) on the PacketShaper 9500/10000 to the RJ-45 port (labeled Control) on the bypass switch.
Fiber Bypass Switch
Control RJ-45 port
To Switch To Router
Bypass Control RJ-11 port
INSIDE
CONTROL
OUTSIDE
Link Tx/Rx
SX/LX
OUTSIDE
Link Tx/Rx
SX/LX
INSIDE
5-12
Turning on the PacketShaper 9500/10000

Your PacketShaper 9500/10000 has dual hot-swappable alternating power supplies. For information about removing power supply modules, see Field-Replaceable Components: PacketShaper 9500, 10000 on page F-1.
Powering On
Two power cables are included with your PacketShaper one for each power supply. The power switch is located on the back of the unit. 1. 2. Connect the power cords to the PacketShapers outlets in the back of the unit. Plug the other ends of the power cords into AC power. Be sure to connect the two power cords to outlets on separate circuit breakers. The PacketShaper should immediately turn on; if it doesnt, press the power switch on the back of the unit. 3. 10000 only: Press the power switch momentarily. (If you press the switch too long, it will not power up. If this happens, just press the switch again.)
Powering Off
To turn off the PacketShaper: 9500: Press the power switch, or disconnect both power cords. 10000: Hold down the power switch for about five seconds, until the unit powers off, or disconnect both power cords.
LCD Panel
An LCD on the front of the PacketShaper 9500/10000 indicates the operating state. The LCD graphically represents the traffic throughput for the units inside and outside interfaces. Every six seconds, the PacketShaper checks for conditions that may affect normal operations and then displays appropriate messages on the LCD. The following status information should be displayed sequentially on the PacketShaper LCD after power is connected: LCD Information Booting... Version: 7.4 PacketShaper State System Startup Initialization Description The PacketShaper initializes and displays the startup status on the LCD. Upon successful bootup, the software version is displayed for several seconds. The numbers represent the amount of inbound and outbound traffic in Mbps. The bar graphs represent the percentage of link speed consumed by the inbound and outbound traffic. To the right of the bar, a vertical line indicates the tensecond peak.
5-13
4.
Check the following: Are both the transmit (Tx) and receive (Rx) LEDs flickering on the front panel of your PacketShaper? If they are, the cable is connected correctly. Does the LCD window have an error message? If so, see Problems? on page 514.
5.
Problems?
Is there an error message in the LCD window? If so, check this chart for directions. PacketShaper Condition Incompatible LEM installed
Message Bad Upper LEM Bad Lower LEM
Description PacketShaper 10000 models are only compatible with newer-generation LEMs. If your 10000 model does not recognize the LEM, or you get one or both of the LCD error messages shown (opposite), you may have installed an older LEM2-1000M-T or LEM2-1000M-SX LAN Expansion Module into a Packeteer 10000 series. Check the packaging for the LEM and verify its serial number; PacketShaper 10000 models require a LEM2-1000M-T with a serial number greater than 006-10010001, or a LEM2-1000M-SX with a serial number greater than 007-10010001. If the LEM has a smaller serial number, remove the LEM from the unit and replace it with a Packeteer LEM with a compatible serial number.
? Bypass Mode
Bypass mode
When the unit is in bypass mode, the LCD no longer displays the bar graph. Bypass mode prevents both packet shaping and network management access. Contact Packeteer Support. Unable to detect link state of the inside interface. Check PacketShaper cabling. Unable to detect link state on both interfaces. Check PacketShaper cabling. L=Lower These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.
Corrupt Config
? In Link Down
? Links Down
5-14
Message No Router Found
PacketShaper Condition Network connectivity problem Factory-default IP address configured
Description The site router is incorrectly configured or PacketWise cannot find it. Use the setup tab in the browser interface to configure a site router. This is expected, since you havent configured the system yet. The message will disappear after you run Guided Setup to set the PacketShapers IP address for your network. Unable to detect link state of the outside interface. Check PacketShaper cabling. Your PacketShaper has redundant power supplies. If one fails, the other one keeps the unit operational. Verify that both power supplies are connected to a power source. If this message occurs when both power supplies are connected to a power source, contact your reseller for service.
Not Configured
? Out Link Down
Network connectivity problem Power supply problem
Power 1 Failed
Router Inside
Network connectivity problem Network connectivity problem Safe mode
The site router is incorrectly connected to the INSIDE port. See Connecting the PacketShaper 9500/10000 to the Network on page 5-6. A site router has not been configured. Use the setup tab to configure a site router. PacketWise reverts to safe mode after repeated system failures. For safe mode details, see the online PacketGuide. Shaping can be enabled by going to the setup tab in the browser interface. U=Upper These messages may appear if you have installed a LAN Expansion Module and the link state cannot be detected. Check your cabling.
Router=0.0.0.0
Safe Mode
? Shaping Off
U-InLink Down U-OutLink Down
Shaping not enabled Network connectivity problem
5-15
5-16
CHAPTER 6: PACKETWISE SOFTWARE CONFIGURATION

Before You Begin
After you install the PacketShaper into your network, you need to configure the PacketWise software. The PacketWise web browser interface provides a Guided Setup that prompts you for all required settings and provides information to help you make configuration decisions. You can also run Guided Setup from a command line with a remote login utility (such as Telnet) or through a console connection.
Pre-Installation Checklist
Be sure that you have completed one of the Pre-Installation Checklists in Chapter 1; you will need this information during installation.
Using the Out-ofBand Management Port (1700/3500/7500 only)
PacketShaper models 1700, 3500, and 7500 have an out-of-band Ethernet management port (MGMT) that you can use to access and manage the unit via a web browser or a remote login utility. This port can be connected to the same network the PacketShaper is monitoring or to a different network (such as a management network). When the MGMT port is connected to a management network, you may want to enable the Dedicated Management Port option so that the unit cannot be accessed from other networks; this provides increased security.
Note: Enabling dedicated management port access will cause loss of remote connectivity to the unit through all other ports.
When considering whether to enable the dedicated management port feature, bear in mind that certain Packeteer features will not function properly unless the network administrator provides outside hosts with a route to reach the PacketShaper through the management port. These features include, but are not limited to, the following: PolicyCenter Access Link Monitoring Frame Relay and ATM HP OpenView Flow Detail Records Adaptive response SNMP traps and polling from third-party applications Synthetic transactions Customer portal traffic (if the portal IP address is set to be the same as the management IP address)
To use the dedicated management port: 1. Connect an Ethernet cable from the MGMT port to a router on your management network.
6-1
Chapter 6: PacketWise Software Configuration
2. 3.
Access the PacketShaper (described below) and run Guided Setup (see Configuring the PacketWise Software on page 6-6). Enable the dedicated management port: Click the setup tab. From the Choose Setup Page list, choose management port. The Management Port setup page appears. For Dedicated Management Port, choose on. Click apply changes. Note: Changing management port access may cause temporary loss of access to the PacketShaper through the management port.
Accessing the PacketShaper
There are three ways to access the PacketShaper and configure the PacketWise software: Through a web browser Through a remote login utility With a direct console connection
Accessing PacketWise Guided Setup With a Browser You should have a browser such as Netscape Navigator or Internet Explorer to configure this software. The settings can be accessed using the English versions of the following web browsers: 1. Netscape 7.1 or higher (Windows NT, 2000, or XP) Microsoft Internet Explorer v5.5 or higher (Windows NT, 2000, or XP) Set to accept cookies, the default setting for most web browsers. JavaScript enabled. Cache preference set to verify documents every time in the Netscape browser and every visit to the page in Internet Explorer. As you modify PacketWise configurations in the browser interface, the browser must update the page each time rather than displaying the data already stored in the cache. For optimal formatting of features such as graphs, reports, and data charts, set the screen resolution to 1024x768. To maximize the amount of data that can be viewed on the screen, you may want to adjust the font.
Be sure your web browser is configured as follows:
2.
Start your browser, then enter either the factory-set IP address 207.78.98.254 or the DNS name unconfigured.packetshaper.com in your browsers Address or Location box.
Note: Using the DNS name to access an unconfigured unit works only if a DNS server is configured on your network and your desktop computer is connected to the PacketShapers interface marked INSIDE.
6-2
Did you successfully access the PacketShaper? If so, the Guided Setup window appears, and you are ready to configure the software (see Configuring the PacketWise Software on page 6-6).
If you did not successfully access the PacketShaper, turn to Problems? on page 6-4. Accessing Guided Setup With a Remote Login Utility You are free to choose any remote login utility that is available for your operating system. For example, for clear text connections, you can use Telnet. For secure connections, you can choose any SSH client, such as SecureCRT for Windows or OpenSSH for UNIX operating systems. To access Guided Setup using the command-line interface: 1. Connect to unconfigured.packetshaper.com (or 207.78.98.254) at your login utilitys command line for example telnet 207.78.98.254 or ssh 207.78.98.254. The PacketShapers factory-installed IP address and password prompt appear. 2. Press Enter to bypass the password for now. You will set the password and new IP address later. When you successfully connect to Guided Setup, you will see a banner and prompt similar to the following:
PacketShaper v7.4 2006-09-01 Copyright (c) 1996-2006 Packeteer, Inc. All rights reserved. PacketShaper not yet configured. Do you wish to be guided through initial setup of PacketShaper? (yes):
3.
Press Enter.
Did you successfully access Guided Setup? If so, you can now complete the Guided Setup. Turn to page 6-6 and configure the software. If you did not successfully access Guided Setup, see Problems? on page 6-4. Accessing Guided Setup With a Console Connection If these remote-access methods do not work due to network or configuration issues, you can access the unit directly with a null-modem cable. This cable, included with the PacketShaper, offers both 9-pin and 25-pin connectors on each end. To access the command-line interface with a serial connection: 1. 2. 3. 4. Attach the null-modem cable to the serial port on your workstation or PC, using the connector that matches your serial port configuration (9-pin or 25-pin). Connect the 9-pin connector on the other end of the null-modem cable to the PacketShapers port labeled CONSOLE. Open a terminal emulation program (such as HyperTerminal). Verify that you have configured your program with the following values to communicate with the PacketShapers console serial port:
6-3
9600 bps, 8 data bits, 1 stop bit, no parity, no hardware flow control If you are using a modem connected to the serial port, the modem must be set to: 9600 bps, 8 data bits, 1 stop bit, no parity, auto-answer (usually ATS0=1 in the standard Hayes command set), and DTR always on (usually the command AT&D0 or a DIP-switch setting). Check the modem manual for details. 5. Power on the PacketShaper, if you have not already done so. If the unit was already turned on, you will need to press Enter several times to make the connection. The password prompt appears. For example:
PacketShaper (console) Password:
6.
Press Enter to bypass this prompt. You will configure passwords during setup. The PacketShaper prompt appears.
7.
Press Enter to start Guided Setup.
Did you successfully access Guided Setup? If so, turn to page 6-6 and configure the software. If you did not successfully access the PacketShaper, see Problems? below.
Problems? Whats wrong? Link light on front of unit is not lit and the Tx/Rx lights are not flickering. What might fix it: You may have used the wrong type of cable to connect the PacketShaper. See the chart on page 2-5. If you are using the correct type of cable, the cable itself may be bad. Try a different cable. Ethernet auto negotiation may be failing. Packeteer Ethernet settings can be configured manually with either the command line setup nic command or the Setup:Basic Setup page in the browser interface. Check the router, switch, and PacketShaper with the setup show CLI command. If they are set to auto-negotiate, reset at least one of them to another setting. For instructions on accessing the CLI, see Accessing Guided Setup With a Remote Login Utility on page 6-3. For details on the setup nic command, see the online PacketGuide. PacketShaper is blocking traffic. Turn off traffic shaping from the setup tab. If this corrects the problem, policies or partitions are configured incorrectly. Check the policies and partitions you have created. You may have used the wrong type of cable to connect the PacketShaper. See the chart on page 2-5. Telnet is not responding. Exit the Telnet session and start a new one. Ensure that the PacketShaper is placed between the client and the default gateway. If you are using a site router, ensure that the site router address is correct. Is it a real IP address or just a virtual address?
6-4
Whats wrong? Cant access unit with a browser. The lights on front of unit are not illuminated or flickering.
What might fix it: If you are using a site router, ensure that the site router address is correct. Is it a real IP address or just a virtual address? Some PacketShapers have an on/off switch. Check the back of the unit and press the switch if there is one. Are your network interface card (NIC) settings correct? Check them with the setup show CLI command. PacketShaper Ethernet settings can be configured manually with either the command line setup nic command or the setup tab in the browser interface. For instructions on accessing the CLI, see Accessing Guided Setup With a Remote Login Utility on page 6-3. For details on the setup nic command, see the online PacketGuide. You may have a bad NIC card in your PacketShaper; call support for further instructions.
Configuring Multiple PacketShapers
If you want to configure another PacketShaper, you need to open a new browser window. If you reload the current window, the browser remembers the connection to the first unit and displays the login window instead of the Guided Setup window.
6-5
Configuring the PacketWise Software

Running Guided Setup Once you have accessed the PacketShaper, you are ready to configure the settings. This process is called Guided Setup. A screen similar to the one below should be displayed in your browser:
1.
Select local or shared mode. Shared mode is used to configure multiple PacketShapers with the PolicyCenter software. If you are not using PolicyCenter, or if you want to configure the unit independently of other units, choose local mode.
2.
Answer the questions as they are asked, using the information from the PreInstallation Checklist for Local Mode on page 1-12 or Pre-Installation Checklist for Shared Mode on page 1-17. When you are finished, click Commit All Settings. A dialog box notifies you that your configuration will be saved to your unit.
3.
Logging In
After you complete Guided Setup, the login window appears. 1. 2. 3. Enter the password (if any) that you just provided during Guided Setup. If a secure connection is desired, select the Secure Login checkbox. Click login.
When you successfully log in using a browser, the PacketWise software appears in your browser window. The info tab, shown below, is displayed initially.
6-6
Checking the LCD Panel
When the PacketShaper is operating, the LCD panel (if your model includes one) shows traffic passing through it.
Note: When the PacketShaper is in bypass mode, the traffic throughput display is not available. For details on bypass mode, see Failover Bypass on page 2-1, page 3-1, page 4-1, or page 5-1.
Problems? Whats wrong? Both the inbound and outbound values shown in the LCD are zero. What might fix it: Traffic is not flowing through the PacketShaper. First be sure there is actually traffic on the network. Then, access the PacketShaper and check the setup tab to make sure the IP addresses are correct for both devices that the unit is connected to (the site router IP address for example). Traffic passing through the PacketShaper is asymmetric. Access the Packeteer unit and check the setup tab to make sure the IP addresses are correct for both devices that the unit is connected to (the site router, for example). Traffic Discovery may not be turned on. Access the PacketShaper and check the setup tab to make sure Traffic Discovery is set to on. Your browser may not be set to reread the HTML page source every time as required by PacketWise. See Accessing PacketWise Guided Setup With a Browser on page 6-2.
Either the inbound or the outbound value in the LCD is zero. The LCD readout shows traffic but the traffic tree is empty.
6-7
Whats wrong? Traffic discovery is not collecting information the way I expected it to do.
What might fix it: Its possible that you accidentally connected the PacketShaper backwards that is, with the cable for inbound in the OUTSIDE connector and vice versa. If you set up your cables this way, your router must have been set to none (or you would have gotten the error Router Inside in your LCD window when you initially set up the unit). To find out if your cables are switched, specify a router in the setup tab. If you then get the error message Router Inside, your cables are connected incorrectly. Switch the cables. Is shaping turned on? If so, turn it off. Does this help network performance? If so, one of the policies or partitions needs to be reconfigured. Turn the PacketShaper off (or unplug it). Does this solve the problem? If so, the unit is probably not placed in a good location on the network. For example, it could be overwhelmed with traffic at the central server. Ensure that the default gateway address is correct. Is it a real IP address or just a virtual address?
The network (even the LAN) slowed way down after I installed the PacketShaper.
Cant access unit via Telnet or a web browser. The PacketShaper failed and no network traffic is going beyond it.
If the NIC link settings are set to full duplex for one port and half duplex for the other (to accommodate connected equipment), the PacketShaper copes with it. When the unit fails or is off, the bypass switch cant work because of the different duplex settings. Inbound and outbound link rates are probably set too high. Check the setup tab to be sure rates match the router rate.
Router is swamped.
6-8
Changing Settings after Installation

Accessing the PacketShaper In your web browser, access the PacketWise software with the IP address or domain name you configured in Guided Setup.
Changing the Configuration
To change the configuration: 1. 2. Click the setup tab in the PacketWise browser interface. In the Setup window, verify or modify configuration details. Note that there is more than one setup page; change pages using the Choose Setup Page drop-down menu at the top of the screen.
3.
Click apply changes to update the settings with any changes you made.
6-9
Forgot Your Password?
If you forget the touch password, you can use the password recovery method to access the unit and then reset the password. To ensure that security is not compromised, this feature works only when you are directly connected to the units CONSOLE port. 1. 2. 3. Connect the null-modem cable (included with your unit) from the units CONSOLE port to the serial port on your PC or workstation. Open a terminal emulation program (such as HyperTerminal). Verify that you have configured the program with the following values to communicate with the units CONSOLE serial port: 9600 bps, 8 data bits, 1 stop bit, no parity, no hardware flow control If you are using a modem connected to the serial port, the modem must be set to: 9600 bps, 8 data bits, 1 stop bit, no parity, auto-answer (usually ATS0=1 in the standard Hayes command set), and DTR always on (usually the command AT&D0 or a DIP-switch setting). Check the modem manual for details. 4. 5. 6. Power cycle the PacketShaper. If your unit doesnt have a power switch, unplug the power cord and then plug it back in. When prompted for the password, type touchpwd= within thirty seconds, and press Enter. You will then be prompted for a new password. Enter a new password.
6-10
CHAPTER 7: REDUNDANT CONFIGURATIONS
High Availability
In a general sense, high availability is a network topology feature that ensures mission critical applications are available 100% of the time. This goal is typically accomplished by having multiple access routers with multiple WAN interfaces. PacketShapers can sit in these redundant router topologies and perform their traffic management responsibilities, without disrupting the existing high availability configuration. As part of the high availability solution, you can install PacketShapers in redundant network paths to provide PacketShaper redundancy in case one of the units fails. This capability is called direct standby. It is described more fully below. Another part of the solution is access-link monitoring. This feature allows the PacketShaper to automatically adjust Inbound and Outbound partition sizes as WAN links go down and back up. In addition, this feature can help prevent link overload that may occur when a loadbalancing scheme is less than perfect. Configuration of access-link monitoring is outside the scope of the Getting Started Guide; however, it is described in detail in the online PacketGuide.
Standby Modes
PacketWise offers two modes to provide PacketShaper redundancy. Direct standby allows two PacketShapers to work in a redundant network topology, with each unit connected to a different router. The other mode, hot standby, allows PacketShapers to act as a redundant pair connected to the same router. The remainder of this chapter describes how to configure PacketShapers for direct standby; for further information on hot standby, see PacketGuide.
Note: In order to use standby, you must modify each standby unit to inhibit the normal failover bypass function of a disabled or powered-down PacketShaper. See Disabling Bypass Relays (3500, 7500) on page 7-4, Disabling Bypass Relays (2500, 6500) on page 7-6, or Disabling Bypass Relays (9500, 10000) on page 78. An exception is the PacketShaper 1400, which requires no modification.
Direct Standby
The direct standby function allows two PacketShapers to work in a redundant network topology, with each unit connected to a different router. The two units are directly connected to each other, through the OUTSIDE port on a LAN Expansion Module (LEM), or through the port labeled BACKUP OUTSIDE on a PacketShaper 1400. Both units are considered active and each unit can receive and forward traffic. To ensure that both units accumulate the same traffic tree and measurement data, each PacketShaper processes the packets received by the other unit. When a unit directly receives traffic, it will copy that traffic and transmit it to the other unit. The other unit will classify the traffic, just as if it
7-1
Chapter 7: Redundant Configurations
had received it directly, but it will never forward the traffic onto the LAN. As a result, each unit is ready at any time to take over full PacketShaper responsibility should the other unit fail.
clients
WAN
Live data path Direct connection
PacketShapers routers switches servers
The direct standby feature can operate in a redundant topology that is set up to do load balancing (in other words, traffic flows through both paths) or one that is set up as a backup in case of component failure (traffic flows through one path). When using the direct standby feature in a load-sharing topology, set the link speed to the sum of both WAN links. Because each unit receives copied packets from its partner, the overall Inbound and Outbound partition sizes must be able to support that level of extra traffic.
Note: In this situation, you may want to use the access-link monitoring feature (advanced mode) to monitor the routers WAN interfaces and avoid oversubscribing the WAN bandwidth. See PacketGuide for details.
The direct standby feature also works well in a topology in which inbound traffic goes through one path and outbound traffic goes through the other. Without the direct connection, PacketWise would classify these flows as asymmetric and would be unable to manage application traffic or take advantage of Packeteers TCP Rate Control, a technology that smooths bursty traffic. With the direct standby feature, each PacketShaper is able to see both inbound and outbound traffic and manage the traffic appropriately. Feature Requirements and Limitations The direct standby feature has the following requirements and limitations: The following Packeteer features cannot be used in conjunction with the direct standby feature: Frame Relay and ATM. All PacketShaper models except the 1400: the two units must be directly connected using the OUTSIDE ports on the upper-most or right-most LEM. In other words, if the PacketShaper has two LEMs installed, the upper or right LEM must be used for the direct connection. This LEM cannot be configured for compression. PacketShaper 1400 only: the two units must be directly connected using their BACKUP OUTSIDE ports. When compression and direct standby are both enabled, Packeteer recommends that automatic reprobe mode be used on Xpress units at all branch offices. Use the setup compression reprobe auto CLI command to enable automatic reprobe mode. Both units must be running the same version of PacketWise and have the same plug-ins installed.
7-2
Both units must have the same configuration limits. For example, both units must be 512-class PacketShaper 3500s, 64-class PacketShaper 1400 Lites, and so on. You should not mix units with different capacities since the units will be passing the same traffic and require identical configurations. Both units must have identical hardware configuration: the same PacketShaper model, link speed, installed memory, number of LEMs installed, and type of LEMs (fiber optic vs. copper Ethernet). If there is any difference in the two partner units, the direct standby feature will not function optimally. The two units must be configured with the same touch password. A customer portal IP address should not be configured. The bypass relays in the PacketShaper and all LEMs must be disabled (not applicable to the PacketShaper 1400). See Modifying a PacketShaper for Direct Standby on page 7-4. Note: Since PacketShapers with fiber-optic connectors dont have bypass jumpers, they do not need to be modified. The Packeteer Fiber Bypass Switch should not be deployed in direct standby mode.
Because the bypass relays have been disabled, PacketShapers should not be powered off when they sit in a redundant configuration doing so will cause loss of connectivity on that link and all traffic will be routed to the other path. The direct link connection between the two PacketShapers must be equal to or greater in speed than each of the WAN links. This requirement ensures that each unit receives copies from the other unit fast enough to prevent out-of-order packets. The following types of packets are not copied over the direct connection: broadcast/multicast/unicast packets, attack packets, and IPComp control packets (when using Xpress). Link state mirroring is automatically enabled when direct standby is enabled if the redundant management link is connected. (With link state mirroring, PacketWise will bring down the second port of a NIC pair if the first goes down.)
7-3
Modifying a PacketShaper for Direct Standby

To implement direct standby operation, you must modify the motherboard to disable the normal bypass relay function of a powered-down PacketShaper (not applicable to the PacketShaper 1400). In a typical installation, if a unit fails or loses power, relays close to allow user traffic to pass unhindered between the two ports. As a component of a redundant configuration, however, a powered-down PacketShaper needs to be a point of failure in the network. Therefore, disabling the bypass functionality ensures that an out-of-service, failed, or powered-down unit does not pass traffic. For instructions on disabling bypass relays, see the appropriate section for your model: Disabling Bypass Relays (3500, 7500) on page 7-4 Disabling Bypass Relays (2500, 6500) on page 7-6 Disabling Bypass Relays (9500, 10000) on page 7-8. Note that PacketShapers with fiber-optic connectors do not need to be modified, and the Packeteer Fiber Bypass Switch should not be deployed. Note: Because the PacketShaper models 1200, 1550, and 1700 dont have expansion slots and cant accommodate a LAN Expansion Module, you will not be able to use the direct standby feature on these models.
Disabling Bypass Relays (3500, 7500)
To disable the bypass relays: 1. Disconnect the system from any telecommunication links, networks, or modems, and then turn off the system power source. WARNING: Failure to disconnect these cables before you open the unit can result in personal injury or equipment damage.
2. 3.
Unplug the power cords. Ground yourself. WARNING: Electrostatic discharge (ESD) can damage system components. If an ESD station is not available, wear a wrist strap attached to a metal part of the unit. If you dont have a strap, touch some metal part of the case to ground yourself.
4. 5.
If they are present, remove the rackmount ears. In order to remove the top cover, the LEM cover must be removed: Using a Phillips-head screwdriver, remove the two screws on the side.
7-4
Lift up the hinged cover and remove.
6.
Remove the screws that attach the top cover to the chassis:
7.
Slide the cover toward the back of the unit as shown below, and then lift the cover up to remove.
7-5
8.
Remove all nine jumpers from the motherboard. These jumpers are located just behind the INSIDE RJ-45 connector, between two relays, as shown in the following illustration.
Jumpers
9.
Note: Retain the jumpers in case the unit is later used in a non-standby application. If this unit has RJ-45 connector LEMs installed in either of the two slots, you must remove the jumpers from these cards. Note that fiber-optic LEMs should NOT be connected to a Fiber Bypass Switch when using direct standby.
10. Set the cover on top of the chassis and slide the cover forward, toward the front of the unit. As you slide the cover into the chassis, make sure the lip on the cover fits into the slot on the chassis. 11. Replace the LEM cover and all screws. 12. Repeat the above steps for the other standby unit. 13. Proceed to Connecting to a Redundant Router Topology on page 7-12.
To disable the bypass relays: 1. Disconnect the system from any telecommunication links, networks, or modems, and then turn off the system power source. WARNING: Failure to disconnect these cables before you open the unit can result in personal injury or equipment damage.
2. 3.
4. 5.
If they are present, remove the rackmount ears. Remove the three cover screws. One screw is located next to the power supply receptacles at the back of the unit.
7-6
6.
Two screws are located on the bottom of the unit, near the back panel.
Remove the cover.
7.
Remove five jumpers from the motherboard. These jumpers are located just behind the INSIDE RJ-45 connector, between two relays, as shown in the following illustration.
LINK Tx /R 10 x 0
INS IDE
LINK Tx LINK Tx /R 10 x 0
INS IDE
/R 10 x 0
OU TS IDE
LINK Tx
/R 10 x 0
OU TS IDE
Jumpers
LIN K Tx /R 10 x 0
LIN K Tx /R 10 x 0
7-7
8.
Note: Retain the jumpers in case the unit is later used in a non-standby application. If this unit has RJ-45 connector LEMs installed in either of the two slots, you must remove the jumpers from these cards. Refer to the LAN Expansion Module documentation for instructions. Note that fiber-optic LEMs should NOT be connected to a Fiber Bypass Switch when using direct standby. Replace the cover and screws.
9.
10. Repeat the above steps for the other standby unit. 11. Proceed to Connecting to a Redundant Router Topology on page 7-12.
Note: If your PacketShaper has fiber-optic connectors, you can skip this section the unit doesnt have bypass jumpers. However, you will have to remove bypass jumpers from any RJ-45 connector LEMs. See the LAN Expansion Module documentation for instructions.
To disable the bypass relays on PacketShapers with RJ-45 connectors: 1. Disconnect the PacketShaper from any telecommunication links, networks, or modems, and then turn off the system power source. WARNING: Failure to disconnect these cables before you open the unit can result in personal injury or equipment damage.
2. 3.
4. 5.
If they are present, remove the rackmount ears. Remove screws and side door as shown.
7-8
6.
Remove the screws from the top cover.

PacketShaper 9500
PacketShaper 10000
7.
Remove the top cover: 9500: Lift the cover straight up. 10000: Slide the cover toward the back of the unit as shown below, and then lift the cover up to remove.
7-9
8.
Remove nine jumpers from the built-in Ethernet card. These jumpers are located just behind the INSIDE RJ-45 connector, between two relays, as shown in the following illustration.
LIN K Tx /R x
9.
Note: Retain the jumpers in case the unit is later used in a non-standby application. If any RJ-45 connector LAN Expansion Modules have been added to the two available slots, you must also remove the jumpers from those cards. For details, see the LEM manual. Note that fiber-optic LEMs should NOT be connected to a Fiber Bypass Switch when using direct standby.
7-10
10. Replace the top cover: 9500: Set the cover on top. 10000: Angle the cover as shown below. As you slide the cover into the case, make sure the lip on the cover fits into the slot on the case.
Lower the cover so that its resting on top of the case. Slide the cover towards the back of the unit so that the cover overhangs approximately 3/8 inch (1 cm); when you hear a click as the rear lip drops below the rear slot, slide the cover forward. 11. Replace the screws. 12. Replace the side door and screws. 13. Repeat the above steps for the other standby unit. 14. Proceed to Connecting to a Redundant Router Topology on page 7-12.
7-11
Connecting to a Redundant Router Topology

PacketShapers can be placed into a variety of redundant topologies those with redundant routers, redundant switches, two data paths, two LANs, and/or redundant firewalls. For the PacketShapers to function in these topologies, connect each unit into each redundant network path and directly connect the two units, as shown in the illustration below. When a unit directly receives traffic, it will copy that traffic and transmit it to the other unit, through the direct connection. The other unit will classify the traffic and maintain historical measurement data, just as if it had received it directly, but it does not forward the traffic onto the LAN.
Legend:
I O I O I O I O
I O
Live data path Direct Connection Router Switch Inside Outside
The illustration above is an example of one of four supported redundant topologies. The complete set of supported topologies appears later in this section. You directly connect PacketShapers via a LEM. If two LEMs are present, you must use the upper-most or right-most LEM for the direct connection between PacketShapers. More detail on the direct connection appears below. When you connect a PacketShaper in a redundant topology, you can access and manage the unit from any of the LAN-connected ports. If desired, the INSIDE port on the directstandby LEM can be connected to a management network. Note, however, that when this port is connected, it becomes the exclusive management port for the unit; you will not be able to access the unit from the other ports. On PacketShaper 3500 and 7500 models, you can connect to a management network via the MGMT port. This connection would provide a secondary way to access the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only. If both the MGMT port and the INSIDE port on the direct standby LEM are connected, the MGMT port takes precedence.
7-12
Connecting PacketShapers into a Redundant Network Refer to the topology diagrams on the following pages as you follow these basic connection instructions: 1. Make sure you have disabled the bypass relays (not applicable to the PacketShaper 1400). See Disabling Bypass Relays (3500, 7500) on page 7-4, Disabling Bypass Relays (2500, 6500) on page 7-6, or Disabling Bypass Relays (9500, 10000) on page 7-8. On the router, disconnect the straight-through cable that goes to the switch. Reconnect this cable to the PacketShapers built-in port labeled INSIDE. Connect the built-in OUTSIDE port to the router, using the orange crossover cable. Repeat the above steps for the other router/switch. To directly connect the two PacketShapers, connect a crossover cable between the OUTSIDE LEM port on each unit, or between the BACKUP OUTSIDE ports on the PacketShaper 1400. If a unit has two LEM cards installed, you must use the upper or right LEM. Proceed to Turning on the PacketShaper on page 2-7 (models 1550/2500/6500), Turning on the PacketShaper on page 3-7 (model 1400), Turning on the PacketShaper on page 4-8 (models 1700/3500/7500 models), or Turning on the PacketShaper 9500/10000 on page 5-13 (models 9500/10000).
2. 3. 4. 5. 6.
7.
7-13
Topology 1 Before PacketShaper
With PacketShaper 3500, 7500
Legend: Live data path Direct Connection Alternate Management Link Router Switch Inside Outside
I O
I O
I O
I O
I O
Mgmt. Network
This basic redundant router topology uses a single LEM to connect the redundant PacketShapers. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.
7-14
With PacketShaper 1400
Legend: Live data path Direct Connection Router Switch Inside Outside
I O I O Backup Outside Ports
I O I O
I O
This basic redundant router topology uses the BACKUP OUTSIDE ports to connect the redundant PacketShapers.
With PacketShaper 4500, 6500, 8500, 9500, 10000
I O
I O
I O
I O
I O
This basic redundant router topology uses a single LEM to connect the redundant PacketShapers.
7-15
I O
I O
I O
I O
Mgmt. Network
This topology requires two LEMs. The left LEM is for the redundant data path and the right LEM is used to connect the PacketShapers directly. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.
I O
7-16
Topology 2 contd With PacketShaper 4500, 6500, 8500, 9500, 10000
I O I O I O
I O
I O
This topology requires two LEMs. The lower LEM is for the redundant data path and the upper LEM is used to connect the PacketShapers directly.
7-17
Legend: Live data path Direct Connection Alternate Management Link Router Switch Firewall Inside Outside
I O
I O
I O
I O
I O
Mgmt. Network
The firewall shown in this topology can actually be any generic device that sits in this position. A single LEM is needed to connect the redundant PacketShapers. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.
7-18
Topology 3 contd With PacketShaper 1400
Legend:
I O I O Backup Outside Ports I O I O
I O
Live data path Direct Connection Router Switch Firewall Inside Outside
The firewall shown in this topology can actually be any generic device that sits in this position. The BACKUP OUTSIDE port connects the redundant PacketShapers. With PacketShaper 4500, 6500, 8500, 9500, 10000
Legend:
I O I O I O I O
I O
Live data path Direct Connection Router Switch Firewall Inside Outside
The firewall shown in this topology can actually be any generic device that sits in this position. A single LEM is needed to connect the redundant PacketShapers.
7-19
I O
I O
I O
I O
Mgmt. Network
In this topology, there are routers on each side of each PacketShaper. On PacketShaper 3500 and 7500 units (shown above), the MGMT port can be connected to a management network to provide an alternate way to manage the unit. If you enable the Dedicated Management Port option, you would be able to access the unit through this port only.
I O
7-20
Topology 4 contd With PacketShaper 4500, 6500, 8500, 9500, 10000
Legend:
I O I O I O I O
I O
Live data path Direct Connection Router Switch Inside Outside
In this topology, there are routers on each side of each PacketShaper.
7-21
Setting Up Direct Standby

Before you can configure a pair of PacketShapers for direct standby, make sure you have taken the following steps: Removed jumpers from each units motherboard and from all LEMs; see Modifying a PacketShaper for Direct Standby on page 7-4 (not applicable to the PacketShaper 1400). Connected the two PacketShapers into your redundant network. See Connecting to a Redundant Router Topology on page 7-12.
Configuring Units to Have Similar Traffic Trees
The two PacketShapers must have similar traffic trees so that flows will be classified and controlled identically, and the same measurement data will be collected on each unit. Youll want to make sure each unit has the same traffic classes, policies, partitions, and settings. Packeteer offers several ways you can configure units with the same settings. Save and Load Configurations With this technique, you configure one of the standby units, save its configuration, and then load the configuration on the other standby unit. 1. 2. 3. 4. 5. Set up one unit with the desired classes, policies, partitions, events, agents, and other settings. (See Chapter 9, PacketShaper Quick Start) Save the configuration with the config save CLI command. This creates a file with a .ldi extension. Use PacketWises File Browser to copy the .ldi file to a PC or network drive. Log into the other standby unit and use the File Browser to upload the .ldi file. Load the configuration with the config load CLI command.
If you need more detail on any of the above steps, refer to PacketGuide. Use PolicyCenter PolicyCenter is a Packeteer software package that centralizes management and propagates configuration changes to multiple PacketShapers. You can use PolicyCenter to distribute traffic configurations between direct standby units.
Enabling Direct Standby 1.
Note: PolicyCenter is a separate product, not included with the PacketShaper.
To configure units for direct standby: For each standby unit, configure the IP address and all other parameters. Note: The two units must be configured with the same touch password. Open a browser window, enter the IP address of one of the PacketShapers, and log in. Click the setup tab. On the Choose Setup Page list, choose standby. The Standby Configuration screen appears. For the Type, select Direct. Click apply changes. Repeat the above steps to enable direct standby on the other unit.
2. 3. 4. 5. 6. 7.
7-22
8.
To check the standby status, go to the Standby Configuration setup page. You should see the message Standby/Direct is active with partner. Check the table below if you see a different status message. Status Message Description The unit is unable to establish communication with another PacketShaper. Make sure the units are directly cabled though the OUTSIDE port on the upper-most or right-most LEM, or through the BACKUP OUTSIDE port in the PacketShaper 1400. When two PacketShapers are directly connected, traffic is running, and then the direct standby feature is disabled on one of the partner units, the copied packets coming through the direct link between the units are leaking onto the LAN causing the receiving unit to see duplicate packets. Note that this situation happens only for a short time period because the unit sending the copied packets would stop sending packets immediately upon realizing that its partner is down.
Standby/Direct has not found a partner.
Standby/Direct disabled (connected to site LAN).
Disabling Direct Standby
To disable the direct standby feature, choose None on the Standby Configuration setup page.
Note: You must also replace the jumpers removed from the motherboard and all LEMs. If you fail to re-install the jumpers, the PacketShaper will not bypass traffic when it is powered down or in a failed state. In a non-standby configuration, all WAN traffic would be blocked.
7-23
7-24
CHAPTER 8: NON-INLINE DEPLOYMENT

Overview
Watch Mode This chapter describes how to install PacketShapers into a network when your situation requires that the unit monitor the traffic non-inline, in other words, when you dont want the unit to be cabled into the main data path. This type of deployment is sometimes required for data centers that have restrictions on the introduction of inline elements into the network. This Packeteer feature is called watch mode and works with all PacketShaper models. When a unit is in watch mode, it passively monitors the traffic on your network and performs all the traffic classification and reporting tasks that PacketShapers typically do: identify your network traffic, measure response times, track bandwidth utilization, notify you of conditions of interest, and report on the performance of your applications and network. Consistent with its role as a passive watcher, a PacketShaper in watch mode will not perform traffic shaping or compression; any existing policies and partitions will be ignored.
Note: Because a PacketShaper in watch mode cannot perform traffic shaping, this feature is more often used on units configured only with the monitoring module.
The watch mode feature offers functionality similar to a network probe, but the PacketShaper can classify and record measurement data by application (layer 7), not just by port. For example, suppose youre investigating slow SAP performance. A probe might give you packet rates for one of the hosts using SAP, but doesnt tell you which portion is SAP traffic. The PacketShaper gives you usage rates for SAP traffic for all hosts or specific hosts. PacketShapers in watch mode have the following capabilities: Compatible with SPAN ports, mirrored switch ports, and hubs connecting multiple routers Monitor traffic to/from up to 256 WAN routers Receive traffic from up to three network segments (if LAN Expansion Modules are installed) Manageable from a separate network than the one being monitored
Non-Inline Deployment Requirements and Limitations Packeteers non-inline deployment has the following requirements and limitations: Packeteer has tested and certified watch mode compatibility with the Cisco Catalyst 4000/5000 series and the Dell PowerConnect 5212. Packeteer has tested and certified tap compatibility with the following NetOptics taps: 10/100 Ethernet, Gigabit 1000BaseTX, and fiber-optic splitter. See Connecting to a Network Tap on page 8-9. Packeteers watch mode and direct standby features cannot be used together.
8-1
Chapter 8: Non-Inline Deployment
Device classification cannot be used in watch mode. Because PacketWise performs classification by device (LEM) when a packet exits the PacketShaper, and watch mode drops all packets, the packets do not exit on any interface and thus cannot be classified by interface. If you are using watch mode and want to classify and/or control traffic by device, you can create classes based on the MAC address of the watch mode routers. Watch mode is not supported on the PacketShaper 1200 and 1400 Lite models.
Compression Estimator Mode
Another useful application of watch mode is to evaluate Packeteers Xpress compression feature, using a single PacketShaper. When a PacketShaper is deployed non-inline with compression and watch mode enabled, PacketWise will estimate the amount of compression that would have occurred on outbound data if the unit had been deployed inline. All the compression statistics, graphs, and reports are accessible and reflect an estimation of compression benefits. To come up with these estimates, Xpress does not compress the live data; it compresses the packets that were copied to the unit and then drops the compressed data. Packeteers Compression Estimator provides you with a simple way to project compression gains from PacketShapers compression module with a single unit evaluation. Deployed using mirrored switch ports, taps, or SPAN ports, Compression Estimator allows a PacketShaper to monitor traffic and estimate the bytes saved for different application traffic types and produce overall compression savings estimation for the entire link. See Configuring the Compression Estimator on page 8-11. Compression Estimator Limitations Compression Estimator mode has the following limitations: Works on outbound traffic only. An outbound data center traffic installation represents a good proxy for traffic mixes. Due to the asymmetric nature of traffic, the majority of traffic is served outbound from data center servers and represents a suitable proxy for overall network traffic. Offers statistics on byte savings and bandwidth increases, but doesnt provide differences in response times. (An inline deployment of a PacketShaper with the compression module offers this capability.) Is not applicable where existing PacketShapers are deployed inline. This mode is targeted for new customers. Existing customers with inline deployments can enable compression evaluation keys on two PacketShapers to enable a real-world test.
8-2
Connecting Non-Inline Units to the Network

Overview In watch mode, a PacketShaper will monitor network traffic connected to any of its OUTSIDE ports (built-in or on LEMs). For accessing and managing the unit itself, you can use an INSIDE port, or on the PacketShaper 1700, 3500, and 7500, you can use the builtin MGMT port. If an INSIDE or MGMT port isnt connected to a network, the OUTSIDE port can be used for management. If more than one INSIDE port is connected, only one will be active and pass traffic; the other connected ports will provide redundant management access. The PacketShaper decides which port to use for management access according to the following order: MGMT (if available), built-in INSIDE, BACKUP INSIDE, upper/ right LEM INSIDE, lower/left LEM INSIDE.
Note: If the Dedicated Management Port feature is enabled on a PacketShaper 1700, 3500, or 7500, you will only be able to access the unit through the MGMT port; you cannot manage via any other port.
Watch mode is supported in a variety of network configurations. The supported topologies are illustrated and described in the following pages. Use this legend when referring to the topologies on the following pages.
Legend: Router Switch Hub Management Link Inside Outside
I O
If a PacketShaper is connected to a switch, it should be connected to a SPAN (Switched Port Analyzer) port so that it can monitor the WAN traffic. To monitor traffic sent by the switch to the router, copy the bidirectional traffic on the switchs router port to the SPAN port so that it can be received and monitored by the PacketShaper.
Topology 1
Note: Do not actually make the connections shown in the following topologies until you have read Configuring PacketWise Software on page 8-7.
In this topology, a hub is connected to the OUTSIDE port on the PacketShaper and nothing is connected to the INSIDE port. The unit will be accessed and managed from the same LAN that is being monitored.
I O
8-3
Topology 2
In this topology, the PacketShaper monitors network traffic via a connection between its OUTSIDE port and a switchs SPAN port. The INSIDE port, which is connected to the switch, is used for PacketShaper access and management. Traffic received on the management port is not classified or measured.
I O
SPAN port
Topology 3
This topology is similar to Topology 2 in that the PacketShapers OUTSIDE port is connected to a switchs SPAN port. In Topology 3, however, you can access the PacketShaper from a PC on another LAN. On a PacketShaper 1700, 3500, or 7500, you can use the MGMT port to manage the unit from another LAN.
IO
SPAN port Management link (MGMT port)
On the PacketShaper 1400, you can manage the unit from the BACKUP INSIDE port. Traffic received on the management port is not classified or measured..
Management link (BACKUP INSIDE port)
I O I O
SPAN port
On other PacketShaper models, you can manage the unit from an INSIDE port on a LEM.. Traffic received on the management port is not classified or measured.
Management link
I O I O
SPAN port
8-4
Topology 4
In this topology, the PacketShaper monitors traffic on up to three different LAN segments. This is achieved by using two LEMs. The built-in OUTSIDE port is connected to a switch or hub on one LAN and the OUTSIDE ports on two LEMs are connected to two other LANs. On a PacketShaper 1700, 3500, and 7500, you can use the MGMT port to manage the unit from another LAN.
Management link (MGMT port)
I O
On other PacketShaper models, you can manage the unit from any of the INSIDE ports (built-in or LEM).
Management link
I O I O
8-5
Topology 5
In this topology, the network to be monitored is connected to the OUTSIDE port on a LEM, or to the BACKUP OUTSIDE port of the PacketShaper 1400. The built-in INSIDE port is used for management access to the unit. This configuration is appropriate, for example, when a fiber-optic LEM is installed on a PacketShaper 6500 in order to monitor a fiberoptic network.
I O I O
Management link
On a PacketShaper 1400, the network to be monitored is connected to the BACKUP OUTSIDE port. The INSIDE port is used for management access to the unit
I O I O
Management link (INSIDE port)
On a PacketShaper 1700, 3500, or 7500, you can use the MGMT port to manage the unit from another LAN.
Management link (MGMT port)
I O
I O
8-6
Configuring Watch Mode

Configuring PacketWise Software Follow this basic procedure: 1. Connect one cable (either MGMT, INSIDE or OUTSIDE). Pick the port you will be using to access the PacketShaper during Guided Setup. Refer to Chapters 24 for details on connecting cables to your PacketShaper. Important: Do not connect both cables until after watch mode is enabled. If the PacketShaper is configured inline when you enable watch mode, network connectivity problems will occur. This is because in watch mode packets are dropped and not forwarded through the network. 2. Run Guided Setup, as described in Chapter 5. To access the PacketShaper, use a workstation that is on the network connected to the cabled port. Alternatively, you can connect directly to the unit using the CONSOLE port. Enable watch mode. See Enabling Watch Mode below. If applicable to your topology, connect the other cable(s) to the PacketShaper. Refer to the topologies illustrated on the previous pages. Add routers to the watch list. See Adding Routers on page 8-7.
3. 4. 5.
Watch Mode and Site Routers When watch mode is enabled, the Site Router field is ignored. If you have defined a site router IP address when watch mode is turned on, a message similar to the following may appear on the Info screen:
Site router configuration is ignored in watch mode.
This message doesnt appear if you have set the Site Router field to none.
Enabling Watch Mode
To turn on watch mode: 1. 2. 3. Click the setup tab. Set Shaping to watch. Click apply changes.
The LCD panel flashes Watch Mode and the Info page says Shaping: Watch. Although watch mode is enabled, traffic cannot be monitored until you connect the OUTSIDE port to the network you want to monitor and add routers to your watch list.
Adding Routers
Note: When connecting a PacketShaper to a tap, do not use watch mode; instead, set Shaping to off. You will not need to create a router watch list in this case, since the list is only used in watch mode.
The watch mode feature can monitor traffic to/from up to 256 routers. The PacketShaper uses the router list to determine direction of the packets the unit is monitoring: if a packet is from the router, it will be considered to be inbound or if the packet is to the router, the packet will be considered outbound. If both the source and destination addresses of a packet are in the watch list, the packet is considered same side traffic.
8-7
You identify each router by its IP or MAC address. If you enter an IP address, PacketWise will attempt to resolve its MAC address. Note that when the PacketShaper lacks two-way communication with the end host, you must define the router by its MAC address. For example, when a PacketShaper is connected to a switchs SPAN port, the unit receives copies of the packets that go through the switch, but since communication is one way, it cannot send ARP requests to determine the routers MAC address. In this case, you must define the router by its MAC address, not IP address. To add a router to the watch list: 1. If you are still on the Basic Settings setup page, click the Watch Mode Configuration link. or Click the setup tab and choose watch mode from the Choose Setup Page drop-down list. 2. Click add router. The Add Watch Mode Router screen appears.
3.
In the Name field, enter a descriptive name to uniquely identify the router (up to 32 characters; no spaces are allowed, the only special characters allowed are colon, dash, underline, and period.) In the IP Address field, enter the routers IP address. or In the MAC Address field, enter the routers MAC address.
4.
5. 6.
Click add router. Repeat steps 2-5 for each router you want to add to the watch list.
Next Step
Once watch mode is configured, the PacketShaper will begin collecting data for the traffic it is watching. For information on viewing statistics, graphs, and reports, see Chapter 9, PacketShaper Quick Start.
8-8
Connecting to a Network Tap

In this topology, the PacketShaper is connected to the network through a tap. A network tap is a transmit-only hardware device, placed inline, that provides a permanent access port for passive network monitoring. When a PacketShaper is connected to a tap, it receives the same traffic as if it were located directly on the wire. The PacketShapers INSIDE and OUTSIDE ports are connected to the tap and watch mode is not enabled. The tap will copy traffic in both inbound and outbound directions. Since the tap does not pass traffic back to the network, you must use the MGMT port (on PacketShaper 1700, 3500, and 7500 models) to manage the unit.
IO
TAP
Management port
On the PacketShaper 1400, you must use one of the BACKUP ports to manage the PacketShaper.
Management link (BACKUP OUTSIDE port)
I O I O
TAP
If you have set your site router to none (recommended), you can access the unit via the BACKUP INSIDE or BACKUP OUTSIDE port. The units address can be on the same or different subnet from the subnet being monitored (where the tap is located). If you have set a specific site router address, Packeteer recommends that you manage the PacketShaper via the BACKUP OUTSIDE port. In addition, the units address, site router, and management port connection must be on the same subnet.
8-9
On other models, you must use a LEM port to manage the PacketShaper.
Management link
I O I O
TAP
If you have set your site router to none, you can access the unit via the INSIDE or OUTSIDE LEM port. The units address can be on the same or different subnet from the subnet being monitored (where the tap is located). If you have set a specific site router address, Packeteer recommends that you manage the PacketShaper via the OUTSIDE LEM port. In addition, the units address, site router, and management port connection must be on the same subnet.
8-10
Configuring the Compression Estimator

The Compression Estimator is a simple way of evaluating Packeteers compression module. You set up a PacketShaper non-inline and enable compression and watch mode. PacketWise will estimate the amount of compression that would have occurred on outbound data if the unit had been deployed inline. In order to use the Compression Estimator, you need to request an evaluation compression module key; contact your Packeteer representative or Customer Support to request the key. To configure the Compression Estimator: 1. Connect one cable (either MGMT, INSIDE, or OUTSIDE) pick the port you will be using to access the PacketShaper. Do not connect both cables until after watch mode is enabled. Caution: If the PacketShaper is configured inline when you enable watch mode, network connectivity problems will occur. This is because in watch mode packets are dropped and not forwarded through the network.
2. 3.
Install the compression module key, following the instructions included with the key. Set the Xpress-IP address and gateway for the device (main or LEM) you are using for compression estimation: a. From the Choose Setup Page list, select compression. The Xpress-IP Settings screen appears.
8-11
b.
For each Packeteer device (PacketShaper or LEM) you want to use for compression, fill in the following information: Field IP Address Description IP address to assign to the interface; each interface must have a unique address. Note that this address is used by the compression module (Xpress) feature and is not for managing the PacketShaper. An Xpress-IP address can NOT be the same as the units management address if you have a LEM installed or if you have enabled the Dedicated Management Port feature. It should not be the same address as the secondary customer portal address. Packeteer strongly recommends that you do not use the management IP address for an Xpress-IP address. Net Mask Gateway Subnet mask IP address of the router
c. 4. 5. 6. 7. 8.
Click apply changes to update the settings.
From the Choose Setup Page list, select basic. Set Compression to on to enable compression. Set Shaping to watch to turn on watch mode. Click apply changes to update the settings. Add your router(s) to the watch list. (See Adding Routers on page 8-7.)
To see an estimate of how compression is working on your link, you can look at compression reports. For more information, see Displaying Compression Reports on page 10-6.
Note: If you arent seeing compression results, its possible that the PacketShaper isn't able to resolve the gateways IP address. In this case, youll need to manually add the address to the ARP table using the arp privadd command.
If you want to use the compression module to compress data, you will need to purchase the compression module key and deploy additional PacketShapers (to create compression tunnels). All units must be deployed inline in order to compress data.
8-12
CHAPTER 9: PACKETSHAPER QUICK START

Overview
This quick start chapter will show you how to use a PacketShaper to: Classify network traffic Analyze network and application performance Solve performance problems Note for PacketShaper 1200 and 1400 Lite users: Because these PacketShaper models are often used in wide-spread distributed deployments, we recommend that you configure these units with PolicyCenter, Packeteers central management product. Using PolicyCenter, you can configure a traffic tree with appropriate policies and partitions and then distribute this configuration to all the PacketShapers installed at your branch offices. Refer to the PolicyCenter Getting Started Guide for details. For generating graphs and reports, use Packeteers centralized reporting product, ReportCenter. See the ReportCenter Getting Started Guide for details.
If your PacketShaper is configured with the compression module, read this chapter before turning to the next chapter, Compression (Xpress) Quick Start. If you are using a PacketShaper ISP model, see Chapter 11, PacketShaper ISP Quick Start.
9-1
Chapter 9: PacketShaper Quick Start
Classifying Traffic on the Network

PacketShapers traffic discovery feature detects and identifies the traffic running on a network and automatically creates traffic classes for each application, service, or protocol that it discovers. These classes are organized into a hierarchical traffic tree. Classification is a prerequisite for other PacketShaper functions. To analyze a particular applications performance, you must first identify that applications traffic. Likewise, to control an applications performance, you isolate its traffic to adequately ration and assign resources. Note that traffic discovery is not appropriate for all situations. If PacketShaper units are at branch office deployments where you are monitoring and controlling application performance, you can use the traffic discovery feature to create application-based traffic trees. In deployments where the PacketShaper is located at the main sites WAN or Internet link, you will want a location-based traffic tree that has traffic classes for each branch office; in this situation, you would not want to use automatic traffic discovery. For a detailed explanation of these traffic tree strategies, see the Packeteer Deployment Topologies guide or the online PacketGuide.
Discovering Traffic
Note: Because PacketShaper 1200 and 1400 Lite models are limited to 64 classes, you may want to create traffic classes manually rather than enabling the automatic traffic discovery feature.
Automatic traffic discovery may already be enabled. To check the status of the Traffic Discovery setting: 1. 2. 3. 4. 5. Access the PacketWise software by entering PacketShapers URL or IP address in your browser. Check the status line underneath the tabs. If it says Discovery: On, you can skip the following steps. Click the setup tab in the PacketWise navigation bar. To enable automatic traffic discovery, select on for Traffic Discovery. Click apply changes.
Traffic needs to run through the PacketShaper over time before you can see trends and decide on a course of action. We suggest you collect data for at least three days.
Viewing the Traffic Tree
Note: Make sure the mission-critical applications are being accessed during this time so that the protocols, services, and/or applications will be auto-discovered.
The traffic discovery process detects traffic types and creates traffic classes automatically. For example, web surfing is categorized in the HTTP traffic class. To see what classes the PacketShaper has auto-discovered, display the traffic tree: 1. 2. Access the PacketWise software by entering PacketShapers URL or IP address in your browser. Click the monitor or manage tab in the PacketWise navigation bar. The discovered classes appear in a hierarchical tree under the Inbound and Outbound folders.
9-2
PacketWise displays applications in a hierarchical tree representing application traffic traveling inbound and outbound (relative to the PacketShaper). Applications listed in the Outbound folder represent a request for data from external servers or responses of data from internal servers to outside requests. Applications shown in the Inbound folder represent the data being transmitted from outside servers to the LAN or requests for data from internal servers. When managing an applications performance, you must consider the characteristics and significance of an application flows direction. For example, suppose a user is running Oracle as a published application over Citrix Metaframe. Assume the Oracle user is on the LAN side of PacketShaper, and the server is on the outside. In the traffic tree, the /Outbound/Citrix/Oracle class tracks the data entry activity. The /Inbound/Citrix/Oracle class tracks the data downloads.
Problems? Whats wrong? The traffic tree is empty. The traffic tree doesnt have classes for some of the applications I know are on the network. What might fix it: Is traffic discovery turned on? Look at the status line underneath the tabs to make sure it says Discovery: On. Have users initiated new sessions after connecting the unit to the network and configuring the PacketShaper? A PacketShaper cant discover traffic classes until it sees the traffic. Make sure users are accessing the critical applications and establishing new sessions on the network. To avoid creating classes needlessly, the PacketShaper must see at least three* distinct flows of an application before it deems the flows significant enough to warrant autodiscovery. The flows must begin within the same time-out interval, typically one minute, and should have different source/destination address pairs. If youre performing tests and want a specific application to be auto-discovered, it may be necessary to open a session, quit, and then re-open the application so that PacketWise sees another session. Is the PacketShaper installed on an Internet link between the VPN gateway and the router? If so, the unit sees encrypted traffic, not individual applications; consequently, the applications will not appear in the traffic tree. In order to differentiate between encrypted applications, the unit must be positioned between the LAN and the VPN gateway. Although PacketWise classifies hundreds of applications, there could be custom or unique applications that do not get auto-classified. To accommodate these situations, PacketWise provides the ability to create classes manually. Are you using a PacketShaper 1200 or 1400 Lite? If you have enabled automatic traffic discovery, the traffic tree will likely reach its maximum capacity (64 classes) quickly, and perhaps not with the applications you need to classify. For PacketShaper 1200 and 1400 Lite models, Packeteer recommends that you not enable traffic discovery; instead, manually create classes, or use PolicyCenter.
9-3
*The number of flows required to trigger class discovery can be adjusted using the Autodiscovery variables on the System Variables setup page.
9-4
Analyzing Network Traffic

Analyzing Data After the PacketShaper has a chance to collect data, you can look at some of the statistics that have been generated. Here are some analytical questions you can start with: Question: What type of traffic is consuming the most bandwidth right now? How to find the answer: Click the top ten tab to display the Top Ten Average Rate report. Which inbound traffic class has consumed the most bandwidth in the last hour? Which outbound traffic class? Click the monitor tab. Find FTP in the traffic class tree on the left and then look at the value in the Class Hits column. First, you need to enable host analysis. Click the manage tab and select Citrix in the traffic tree. Enable Top Talkers and Top Listeners, then click apply changes. Later, go back to this page and click the Top Talkers or Top Listeners links to see the hosts that have generated the most Citrix traffic. Note that this feature shows top hosts since the feature was last reset. You can use the reset button on the Top Talkers or Top Listeners page to clear the list and restart the host-tracking process. What was the peak bps rate for web traffic? What is the link utilization? Click the monitor tab. Find HTTP in the traffic tree and look at the value in the Peak column. Click the report tab, and look at the first chart, Utilization. The red line is average inbound link utilization and the blue line is peak inbound link utilization. Scroll down and look at the outbound chart.
How many times has FTP been used?
Who is generating the most Citrix traffic? (If you dont have Citrix, use any other class of interest.)
Note: Detailed reporting is also available via Packeteer ReportCenter. Because PacketShaper 1200 and 1400 Lite models have limited reporting capabilities, it is recommended that you use ReportCenter to generate your reports.
9-5
Analyzing Network Performance
The Network Performance Summary shows you where most traffic occurs on the network. To view the summary: 1. Click the report tab on the navigation bar. The Network Performance Summary report appears. This report contains six graphs Utilization, Network Efficiency, and Top 10 Classes, for both the Inbound and Outbound directions. The default report graphs data from the last hour, but you can select a different time interval (such as three days), if you like. 2. To choose a different time interval, enter the number of minutes, hours, days, weeks, or months in the Show field, and then select the unit of time. For example, by entering 3 in the Show field and selecting day for the unit of time, you create a report with the data the PacketShaper collected over the last three days. 3. 4. 5. Click update to apply the new time interval settings. The new report appears. Scroll down to see the Top 10 Classes graph for inbound traffic. Scroll down further to see the Top 10 Classes graph for outbound traffic. Note: As you are viewing the Top 10 Classes pie chart in the Network Performance Summary, you may want more detail on a particular class. A quick way to get this detailed information is to click the class name on the pie chart legend. When you click a class name, the Statistics:Reports screen appears, where you can change the period or select additional graphs to include in the report. To print the report, click print.
6.
9-6
Looking at Top Ten Reports
The Top Ten tab offers several reports that allow you to quickly see which classes have the highest average rate, peak rate, total bytes, or network efficiency. For example:
1. 2.
Note: The top ten tab is not available on PacketShaper 1200 and 1400 Lite models.
To view the Top Ten reports: Click the top ten tab on the navigation bar. In the View top field, enter the number of classes you want to view in the report (default is 10). To view all classes, clear this field so that its blank. Note: If you dont want to change the view (the next step), you must click update to see the revised list.
3. Select the desired view: View Average Rate Description The classes with the highest average bandwidth rate in the designated time interval; measured in bits per second (the default report type) The classes with the highest peak bandwidth rate in the designated time interval; measured in bits per second The classes with the highest total bandwidth consumed in the designated time interval; measured in bytes The classes with the most retransmissions (that is, the lowest network efficiency)
Peak Rate
Total Bytes
Network Efficiency
9-7
Solving Performance Problems

PacketShapers configured with the shaping module offer two ways to solve application and network performance problems: Setting policies. A policy determines how an applications individual flows are treated in the context of competing applications and allows you to manage bandwidth on a flow-by-flow basis. With policies, you can give each flow of mission-critical traffic the bandwidth it needs for optimum performance, as well as protect it from demanding, less important traffic. In addition, policies can keep non-urgent traffic flows (such as FTP) from consuming more than an appropriate share of bandwidth or can block flows completely. Creating partitions. A partition manages bandwidth for a traffic class aggregate flows, so that all of the flows for the class are controlled together as one. You can use partitions to protect mission-critical traffic by guaranteeing that a traffic class always gets a defined amount of bandwidth. In addition, you can use partitions to limit aggressive, non-critical traffic by allowing that traffic class to consume only a defined amount of bandwidth.
Set Policies
A policy controls traffic on a flow-by-flow basis. When you apply a policy to a traffic class, you define how each flow will be treated when competing with other applications. While there are several different types of policies you can create in PacketWise, the rate policy is the most common. With this type of policy, you can: Guarantee each flow a minimum bits-per-second rate Give each flow prioritized access to excess bandwidth Limit each flow to a maximum amount of bandwidth Take advantage of Packeteers TCP Rate Control technology that prevents traffic from being sent at a rate that is higher than it can be transferred and received, thereby greatly reducing queuing in router buffers and controlling inbound traffic Smooth bursty traffic (such as HTTP)
Priority policies, another type of PacketWise policy, establish a priority for traffic without specifying a particular rate. Use priority policies for non-IP traffic types, or traffic that does not burst (for example, Telnet). In addition to creating policies for mission-critical applications, you may also want to place controls on some of the most active services and applications on the network (such as HTTP or FTP). PacketShapers supply a set of suggested policies for many supported protocols and services. You can apply a suggested policy to a traffic class, whether it was manually created or automatically created by the traffic discovery process.
1. 2.
Note: Most suggested rate policies set the guaranteed rate to zero with bursting enabled. If you have a specific minimum rate requirement for an application, such as Voice over IP, you will need to modify the suggested policy.
To create a policy using PacketShapers suggested settings: Click the manage tab on the navigation bar. The Traffic Class window appears. Select a class in the tree in the left window pane.
9-8
3. 4.
In the Traffic Class window pane, click policy and select add from the menu. Click suggest policy in the New Policy window. A pop-up window appears, notifying you whether a default policy was found for this service type.
5. 6. 7.
Click OK in the pop-up window. To fine-tune the policy, overwrite the displayed values or select a new policy type. To create the policy, click add policy in the New Policy window.
Create Partitions
A partition is a virtual pipe that you can create for a given traffic class. This virtual pipe reserves bandwidth for all flows of a given type the traffic class aggregate. Partitions can protect traffic by guaranteeing a defined amount of bandwidth for the mission-critical traffic classes. For example, you could set a 128 Kbps partition for SNA traffic. This partition ensures that SNA will always have at least 128 Kbps of bandwidth. Partitions can also limit less important traffic by putting a cap on the amount of bandwidth a traffic class can use. For example, you can assign a 64 Kbps partition to FTP traffic. This prevents FTP traffic from consuming your entire link and blocking more important traffic. To create a partition: 1. 2. 3. 4. 5. 6. 7. Click the manage tab on the navigation bar. The Traffic Class window displays. Select the class in the traffic tree. Click partition in the Traffic Class window and click add. The New Partition window appears. In the Size field, enter the minimum partition size in bits per second (bps). Alternatively, you can select % and enter a percentage of the parent partition size. To allow the partition to use available excess bandwidth, select the Burstable checkbox. Optional: In the Limit field, set a maximum bandwidth limit to be used when the partition bursts. This limit must be greater than the partition minimum. Click add partition to create the partition.
Turn Shaping On
Policies and partitions have no effect unless traffic shaping is turned on. To do this: 1. 2. 3. Click the setup tab. Turn Shaping on. Click apply changes.
Verify that the Policies are Working
To verify that a traffic class and policy are working as expected, you can: Observe the number of Class Hits and Policy Hits for that class in the Monitor Traffic window. Class Hits are the number of times flows match the class and Policy Hits are the number of times the policy has been enforced. Generate more traffic for that traffic class to see if the number of hits increases. Compare the statistics (such as the peak rate) before and after the policy was set. Make a Class Utilization graph (not available on PacketShaper 1200 and 1400 Lite models). Be sure to specify a time period that includes before and after the creation of the policy.
9-9
Problems? Whats wrong? My graphs look strange: the data cant be correct. The LCD readout shows traffic but the traffic tree is empty. What might fix it: Is the date set correctly? Check the date & time page under the setup tab. Is traffic discovery turned on? Look at the status line underneath the tabs to make sure it says Discovery: On. Is your browser set to reread the HTML page source every time? This is a PacketShaper requirement. See Accessing PacketWise Guided Setup With a Browser on page 6-2. Is shaping turned on? Policies are only applied if shaping is on. Look at the status line underneath the tabs to make sure it says Shaping: On. Did you set too many policies? Try just setting policies for your most critical and most bandwidth-greedy classes. Is shaping turned on? Policies are only applied if shaping is on. Look at the status line underneath the tabs to make sure it says Shaping: On. Are you looking at current data? Use the update button to refresh the screen or the clear stats button to zero out the values and begin displaying new (post-policy) data.
Performance hasnt improved since I set policies and created partitions.
Statistics on the Monitor Traffic screen dont seem to be consistent with the policies I set.
9-10
Advanced Features
Most PacketShaper models also support advanced monitoring and control features, for example: Response Time Measurement (RTM) The RTM feature tracks delay (network and server) statistics for connection-based TCP traffic classes. You can set acceptable responsetime thresholds for selected traffic classes. Response times are defined as bad or good according to the threshold you set. When a transactions total delay is lower than the threshold, the transaction is considered good. When the total delay is higher, the transaction is considered bad. Adaptive Response Packeteers adaptive response feature allows you to monitor the status of your network, the applications running on the network, and the capacities and loads of the PacketShaper. This feature can also detect hosts that are using up too much of the link, and allows you to set thresholds for specific traffic classes, links, and partitions and will notify you when thresholds are exceeded. For example, you can use adaptive response to automatically send an email, SNMP trap, or a Syslog message when there are unacceptable network delays. By having PacketWise send you notifications automatically, you have the opportunity to be aware of situations before they trigger user complaints. Flow Detail Records The Flow Detail Records (FDR) feature is an alternate method for gathering and processing per-flow statistics. When FDR is enabled, the PacketShaper will become an emitter, automatically pushing data to a remote system, called a collector, on a continuous basis. The unit will emit records that contain details of all flows that go through the PacketShaper to a collector, such as Packeteers ReportCenter 3. In ReportCenter, you can view a wide variety of reports to summarize and analyze the data for troubleshooting, diagnostics, or application-usage billing. A record format is also available for collectors and analyzers with Cisco NetFlow compatibility, such as Evident Billing Software and Cisco Collector. Packet Capture The packet capture feature captures packets for future analysis, allowing you to analyze detailed information about the packets in a class, such as the source and destination IP addresses and protocols used. For example, you can analyze packets in a Default or a port-numbered class to get details about the traffic hitting these classes. Or, you can use packet capture to investigate what an IP address-based class is doing. For information on these and other advanced features, see the online PacketGuide (click the packetguide tab in the browser interface).
9-11
9-12
CHAPTER 10: COMPRESSION (XPRESS) QUICK START

Overview
The compression module enables Xpress, Packeteers compression feature that allows you to increase the virtual size of WAN bandwidth and improve application performance. By integrating compression technologies with traffic management, PacketWise ensures that the increased virtual WAN pipe is not consumed by aggressive, non-mission-critical applications that burst to consume any bandwidth given to them. In addition, the effective throughput of the mission-critical traffic can also increase, providing a double benefit. Packeteers shaping feature protects mission-critical traffic, contains recreational and unsanctioned traffic, and smooths peaks in bursty traffic, while the Xpress feature provides greater throughput and network capacity. Xpress works by identifying other PacketShapers with compression modules on the network and dynamically setting up compression tunnels between the units. A tunnel is automatically set up when traffic is sent between Xpress-enabled PacketShapers, as shown in the following diagram. Tunnel A is created for the traffic between the clients in Branch Office A and the servers at the main site. Likewise, Tunnel B is created for the traffic between the clients in Branch Office B and the main site servers. Tunnel C is created for the traffic between the clients in Branch Office A and the clients in Branch Office B.
Branch Office A Main Site Servers Branch Office B
PacketShaper Corporate WAN
PacketShaper Main Site LAN
PacketShaper Internet
PacketShaper
Tunnel A Tunnel C
Tunnel B
Xpress does not attempt to compress all traffic. Because the PacketShaper is application intelligent, it is able to identify each traffic flow and compress only the flows that are likely to achieve useful gains. Previously compressed traffic (such as streaming media) and encrypted data are examples of non-compressible traffic. The ability to apply appropriate compression algorithms to different applications is built into the Xpress compression engine. With this design, you can choose, for each application, the appropriate algorithm that will yield the best compression ratio, with minimal latency.
Note: If you want to evaluate the compression feature before purchase, you can use the Compression Estimator. See Chapter 7 for more information.
10-1
Chapter 10: Compression (Xpress) Quick Start
Xpress Feature Requirements and Limitations
The list below describes the requirements and limitations for the Xpress feature: Xpress is supported on the following PacketShaper models. Make sure your model has the minimum amount of memory listed below: Packeteer Models 1200 1400 1550 1700 2500 Minimum Memory Requirement 256 MB 512 MB 256 MB 256 MB 512 MB Note: A Memory Upgrade Kit may be required. 1 GB 512 MB 2 GB 1 GB 2 GB 2 GB
3500 6500 7500 8500 9500 10000
To use Xpress on existing PacketShaper units, you need to purchase a compression module software key from Packeteer, and install it onto each unit. Xpress is not available on PacketShaper ISP models. If you are using Xpress with Packeteers direct standby feature, the LEM that is used for direct connection cannot be configured for compression. If Xpress is deployed in a Virtual Private Network (VPN), the (private) address space on both sides of the VPN tunnel between the Xpress units needs to be separate and unique in order to allow the two Xpress units to set up a compression tunnel. Only packets with unicast destination addresses are sent through the compression tunnel; broadcast and multicast packets are not sent through the tunnel. Non-IP protocol traffic (such as IPX and SNA) is not sent through the compression tunnel.
10-2
Configuring Compression
The Xpress feature requires that each network interface (built-in or LEM) on the PacketShaper be assigned a unique IP address, called an Xpress-IP address. The Xpress-IP address is used for establishing compression tunnels between PacketShapers.You may have already configured Xpress-IP addresses during Guided Setup; if so, you can skip this section. To configure compression settings: 1. Click the setup tab. The Basic Settings screen is displayed in the Setup window. Note: If compression is already turned on, the Basic Settings screen will have a link to Compression Settings. You can click this link to go directly to the Xpress-IP Settings page. From the Choose Setup Page list, select compression. The Xpress-IP Settings screen appears.
2.
10-3
3.
For each PacketShaper device (main or LEM) you want to use for compression, fill in the following information:
Field IP Address
Description IP address to assign to the interface; each interface must have a unique address. Note that this address is used by the Xpress feature and is not for managing the PacketShaper. An Xpress-IP address can NOT be the same as the units management address if you have a LEM installed or if you have enabled the Dedicated Management Port feature. It should not be the same address as the secondary customer portal address. Packeteer strongly recommends that you do not use the management IP address for an Xpress-IP address.
Net Mask Gateway
Subnet mask IP address of the router; leave blank or enter none if there is no gateway. The gateway is required if the compression partner is not on the same subnet.
4. 5. 6. 7. 8.
Click apply changes to update the settings. From the Choose Setup Page list, select basic. In the Compression field, select on to enable compression. Click apply changes. Log in to each PacketShaper on your network and repeat the above steps.
As soon as compression is enabled and compressible traffic goes through your PacketShaper, Xpress will automatically set up compression tunnels with other compression-enabled units that are detected on the network. Xpress creates tunnels and compresses data when the following conditions are true: Compression is enabled. The flow is destined for a host on the other side of a compression-enabled PacketShaper. The flow belongs to a compressible service. Services that are unlikely to achieve useful gains from compression are not compressed by default. VoIP and encrypted data are examples of traffic that are not compressed.
10-4
The two PacketShapers are configured outside port to outside port. For example:
LAN LAN
INSIDE OUTSIDE
WAN or Internet
INSIDE
OUTSIDE
Each units OUTSIDE port connected to router
Direct Standby
PacketShapers can be used in a redundant configuration using Packeteers direct standby feature. The direct standby function allows two PacketShapers to work in a redundant network topology, with each unit connected to a different router. See Chapter 7, Redundant Configurations for more information on direct standby configuration. When compression and direct standby are both enabled, Packeteer recommends that automatic reprobe mode be used on PacketShapers at all branch offices. In auto reprobe mode, the PacketShaper manages connectivity and periodically sends maintenance probes to ensure that compressed traffic is routed via an available path. If a host does not respond to the probe (perhaps because a router has failed, making the host unreachable through the existing data path), the unreachable host will be removed from the compression tunnel and the PacketShaper will attempt to re-discover it through an alternate path, if one exists. The default probing mode is manual. To enable automatic mode, use the following CLI command:
setup compression reprobe auto
10-5
Displaying Compression Reports

Viewing the Compression Summary For an overview of how compression is working on your link, you can display the Compression Summary report. The top of this report has a table that summarizes compression statistics for the Inbound and Outbound links. The Inbound statistics represent inbound traffic that gets decompressed by Xpress, and the Outbound statistics represent outbound traffic that Xpress compresses. This report contains a total of eight graphs four graphs for the Inbound direction and four for Outbound. The graphs compare bandwidth usage, with and without compression, so that you can quickly see the amount of compression on your link. To see a meaningful Compression Summary, wait approximately an hour after enabling compression before viewing the report. To display the compression summary: 1. 2. Click the report tab. Click compression summary. The Compression Summary report displays in the current window. Note: By default, only compressible traffic is included in the graphs and data. If you want to show all traffic (compressible and non-compressible), select the include non-compressible traffic in graphs and data checkbox. When this checkbox is selected, you may also want to select the include link size in graphs checkbox. (Link size is less meaningful when viewing only some of the traffic, as is the case when non-compressible traffic is not included.) Adjust the time period and end date, if desired.
3.
The top of the Compression Summary report has a table that summarizes compression statistics for the Inbound and Outbound links. Each statistic is described below: Statistic Precompression Bytes Description Outbound: For compressible outbound traffic, the number of bytes before compression has been applied Inbound: For inbound compressed traffic, the number of bytes after decompression Postcompression Bytes Outbound: For outbound traffic sent through a compression tunnel, the number of bytes after compression has been applied Inbound: For inbound compressed traffic, the number of bytes before decompression Bytes Saved The number of bytes that didnt have to traverse the link, due to compression; allows you to see how many bytes the compression feature actually saved on the link. Bytes Saved is the difference between precompression bytes and postcompression bytes.
10-6
Statistic % Bytes Saved
Description For traffic sent through a compression tunnel, the percentage of bytes saved, due to compression For traffic sent through a compression tunnel, the percentage by which virtual bandwidth is increased due to compression
Bandwidth Multiple
Heres an example of one of the compression graphs in the Compression Summary.
The Compression Summary report contains the following graphs: Graph Average Rates Description Compares average bandwidth usage of compressible traffic, with and without compression. The Tunneled Postcompression Average Rate line represents usage with compression enabled, and the Tunneled Precompression Average Rate line represents what average usage would have been without compression. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic (compressed and non-compressible) and compares Postcompression Average Rate with Precompression Average Rate. Peak Rates Compares peak bandwidth usage of compressible traffic, with and without compression. The Tunneled Postcompression Peak Rate line represents usage with compression enabled and the Tunneled Precompression Peak Rate line represents what peak usage would have been without compression. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic (compressed and non-compressible) and compares Postcompression Peak Rate with Precompression Peak Rate.
10-7
Graph Compression
Description Shows the total number of bytes recorded on the link, with and without compression. The Tunneled Postcompression Bytes line shows the number of bytes that went through a compression tunnel. The Tunneled Precompression Bytes line represents the number of bytes that would have passed through the link if compression werent enabled. The Bytes Saved line shows the number of bytes that didnt have to traverse the link, due to compression; its the difference between precompression and postcompression bytes. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic (compressed and non-compressible) and compares Postcompression Bytes with Precompression Bytes. This graph includes an additional line, Noncompressible Bytes, which shows the number of bytes that PacketWise did not attempt to compress, either because they didnt belong to a compressible service or because they were destined for a location without an Xpress partner.
Percent Bytes Saved
Shows the percentage of bytes saved on the link, due to compression. The Tunneled Percent Bytes Saved value is calculated by subtracting tunneled postcompression bytes (the size after compression) from tunneled precompression bytes (the size without any compression) and dividing this difference by tunneled precompression bytes. For example, if a link would have had 700k without compression and is 400k after being compressed, the Tunneled Percent Bytes Saved would be approximately 43%: (700-400)/700. If you enable the include non-compressible traffic in graphs and data checkbox, the graph includes all traffic on the link (compressible and non-compressible). The Percent Bytes Saved value is calculated by subtracting precompression bytes (the size without any compression) and postcompression bytes (the size after compression) and dividing this difference by precompression bytes. For example, if the link in the example above had 100k of non-compressible traffic, the Percent Bytes Saved would be 38%: ((700+100)(400+100))/(700+100).
If your Compression Summary doesnt show any compression data, see Problems? on page 10-10.
10-8
Viewing the Top Ten Compressed Applications
PacketWise offers two reports that list the applications, services, or protocols that achieved the most compression. A third compression-related report lists the classes that had the most traffic along with their compression savings.
1. 2. 3.
Note: The top ten tab is not available on PacketShaper 1200 and 1400 Lite models.
To view the Top Ten compression reports: Click the top ten tab on the navigation bar. In the View top field, enter the number of classes you want to view in the report (default is 10). To view all classes, clear this field so that its blank. Click the View drop-down list and select Compression % Bytes Saved.
This report lists the classes with the highest percentage of bytes saved, due to compression, in the designated time interval. The Compression % Bytes Saved value is calculated by subtracting pre-compression bytes (the size without any compression) and postcompression bytes (the size after compressible bytes were compressed) and dividing this difference by pre-compression bytes.
4.
To choose a different time interval, enter the number of minutes, hours, days, weeks, or months in the Show field, and then select the unit of time. For example, by entering 3 in the Show field and selecting day for the unit of time, you create a report with the data collected over the last three days.
5. 6.
Click update to apply the new time interval settings. The new report appears. To see another Top Ten compression report, click the View drop-down list and select Compression Bytes Saved.
10-9
This report lists the classes in which compression offered the most bytes savings. For each class, this view lists the number of bytes that didnt have to traverse the link, because compression was used. 7. View the Average Rate, Precompressed with % Bytes Saved report. This report lists the classes that had the highest volume of precompressed traffic along with the compression savings. If your Top Ten reports dont show any compression data, see Problems? on page 10-10.
Problems?
If your compression reports dont show any results, check the table below for possible problems and solutions. Problem Cables are connected backwards. Solution Refer to Chapter 2, 3, or 4 for instructions on connecting your PacketShaper to the network. If you discover that you have miscabled the unit, reconnect the cables properly, and then turn compression off and back on. If the host does not have a compressionenabled PacketShaper in front of it, data cannot be compressed. Xpress cant create a compression tunnel unless the partner unit has also turned on compression. Log in to each of the partner units and go to the Setup tab and make sure Compression is set to on. Xpress will not create compression tunnels or compress data for devices (main or LEM) that are not configured with Xpress-IP settings. To configure Xpress-IP settings for each device, go to the setup tab and choose the Compression page.
You are not sending/receiving flows to/from a host on the other side of a compression-enabled PacketShaper. Compression is not enabled on the partner unit(s).
Xpress-IP settings are not configured.
10-10
Problem The Compression Summary shows little compression savings.
Solution Enable the checkbox include noncompressible traffic in graphs and data and click update. Look at the Non-compressible Bytes line in the Compression graph. If this line shows that non-compressible bytes are at about the same level as precompression bytes, most of the traffic on your link is not compressible. This could be because: the traffic is destined to sites without Xpress. Make a site-based traffic tree, creating classes for each of your branch offices. Look at compression reports for each class. If no traffic is being compressed to a site, its possible that there is no PacketShaper, compression is not turned on, or Xpress-IP settings havent been configured. or the applications are non-compressible. Go to the Top Ten page and make note of the top Outbound classes. Examples of noncompressible applications are streaming media and encrypted data. View Class Compression Bytes Transferred graphs for each class and enable the checkbox Include NonCompressible Traffic in Compression Graphs. If the Non-compressible Bytes line is at about the same level as the Precompression Bytes line, most of the traffic in the class is not compressible.
You applied a never-admit policy to the RSVP class.
The compression tunnel discovery process will not function if the RSVP class has a neveradmit policy. Delete the policy.
If you are still experiencing problems with compression after trying the above solutions, use the setup compression show command in the command-line interface. This command provides compression tunnel partner status. PacketGuide provides additional troubleshooting details just search for compression troubleshooting.
10-11
10-12
CHAPTER 11: PACKETSHAPER ISP QUICK START

Overview
PacketShaper ISP models offer bandwidth provisioning and management solutions for Internet Service Providers, educational institutions, and other bandwidth providers. For providers, it is often most effective to organize the PacketShapers traffic tree by subscriber rather than by application. A PacketShaper offers two ways to track and allocate bandwidth per subscriber: By manually creating traffic classes, one per subscriber, and then assigning partitions to each of these classes. Subscribers can be allocated different amounts of bandwidth, depending on the terms of their contract. By using the dynamic partition feature to allocate bandwidth to users as they log on to the network. With this technique, each user is allocated the same amount of bandwidth. You can use the flow detail records or host accounting features to track usage.
This chapter shows you how to configure your PacketShaper using the first method. If you want to explore the possibility of using dynamic partitions and host accounting, see PacketGuide for details. In addition, PacketGuide includes a recommendation, Provision Bandwidth Equitably, that may be of particular interest to educational institutions and service providers who want to ensure that each user gets an equal share of bandwidth.
11-1
Chapter 11: PacketShaper ISP Quick Start
Using the Classification-Accelerator Cache

PacketShaper ISP models offer a caching feature that stores qualified IP address-based classes in a cache, thereby increasing the speed at which the PacketShaper classifies flows on the inside of the unit. Best performance is achieved when address-based classes are cached in the classification-accelerator cache. Caching can reduce the number of CPU cycles needed for classification by ten times, leaving more processing capability available for traffic shaping. In particular, the cache provides benefits if you have more than 750 classes in your traffic tree. To take advantage of the classification-accelerator cache: 1. Position PacketShaper ISP units so that most of the IP addresses or subnets are located on the INSIDE port (unless you change the Caching of IP address-based classes system variable to outside). See Determining Your PacketShaper ISP Deployment Strategy on page 1-10 for topology examples. For each subscriber, create an IP address-based class. (See Defining Classes for Each Subscriber on page 11-5.) Note: Using other criteria, such as specific services or ports, you can create classes that do not use the address cache. Append additional matching rules, if applicable. (See Adding Matching Rules on page 11-5.) Make sure cacheable classes are indeed being cached. (See Verifying that the IP Class Lookup Accelerator Cache is Being Used on page 11-9.)
2.
3. 4.
11-2
Traffic Tree Configuration

A traffic tree is a hierarchical list of traffic classes. A traffic class is a logical grouping of traffic flows that share the same characteristics a specific application, protocol, address, or set of addresses. Typically, on PacketShaper ISP units, each subscriber is configured as a traffic class based on an IP address or subnet.
Direction
Note: If you want to control application performance in addition to allocating bandwidth, you can create application-based traffic classes as well. However, this quick-start chapter focuses on the creation of subscriber-based classes.
PacketShapers have a fixed number of traffic classes for example, a maximum of 5000 classes on the 9500/ISP series. Therefore, give careful consideration to whether you want PacketShaper to manage traffic in one or both directions. If inbound traffic uses an insignificant amount of bandwidth, you may not want to create classes for the inbound direction. By creating classes for only one direction, you will be able to create twice as many classes.
Organization
Before creating any classes, you should also think about how you want to organize the traffic tree. By grouping your subscriber classes into categories, you will be able to locate them more easily in the tree and create more meaningful reports and graphs. Here are a few ways you can organize your subscriber classes: by rack by subnet by subscriber plan (gold, bronze, silver) by region
For example:
Outbound Gold_Plan Brians_Bridal Florences_Flowers Gregs_Greetings Jeffs_Java Jennifers_Jellies Silver_Plan Pats_Pets Steves_Stereos Todds_Toys
In the above example, Gold_Plan and Silver_Plan are folder classes, used for organizing and logically grouping traffic classes.
Using the CommandLine Interface
Since you will be manually creating many classes and partitions, Packeteer recommends using the command-line interface (CLI) for initial configuration. To access the PacketWise CLI with a remote login utility (such as Telnet or SSH): 1. 2. Connect to the unit using its IP address for example telnet 10.10.1.100. When you connect successfully, you will be prompted for the units password. Enter the password and press Enter.
11-3
Creating Folder Classes
The CLI command for creating a folder class is:

class new <parent_name> <name> folder
For example, to create an Inbound folder named Gold_Plan:

class new inbound Gold_Plan folder
11-4
Defining Classes for Each Subscriber

Most often, ISPs can identify subscribers by IP address, by subnet, by VLAN, or by HTTP 1.1 host name, so configuring PacketShaper involves manually creating traffic classes, one per subscriber. PacketShaper ISP models have been optimized for these IP address-centric configurations. You will need to define a traffic class for each subscriber (either single IP address or subnet) on the inside of the PacketShaper.
Creating Classes
The CLI command for creating IP address-based classes is:

class new <parent_name> <tclass> inside <ipaddr>[/<cidr>] [:<submask>]
Examples: To create a traffic class based on a single IP address, enter the following command at the PacketShaper# command-line prompt:
class new inbound/gold_plan sample_subscriber_ip inside 192.168.1.1
Notice that the above command specifies the folder (inbound/gold_plan) in which you want the class created. To create a traffic class based on a subnet, using CIDR (Classless Inter-Domain Routing) shorthand to represent the IP network/subnet mask pair:
class new inbound/gold_plan sample_subscriber_subnet inside 192.168.2.0/24
When creating a child class of an IP address-based parent, you will probably want to use the class news nodefault parameter. For example:
class new outbound/silver_plan 216.158.145.0 nodefault inside net:216.158.145.0/19 outside host:any
With the nodefault parameter, PacketWise will not create a Default match-all class as it normally does. Be aware that match-all siblings or parents of cacheable classes can create redundancies in the tree and cause problems in the accelerator cache. (See Improving Cache Performance on page 11-9.)
Adding Matching Rules
Matching rules define the criteria PacketWise uses to identify traffic types. If a subscriber has more than one IP address or subnet range, you will need to append additional matching rules to the class. Repeat as necessary if multiple subnets or IP addresses are allocated to a single subscriber. Consider using host lists if more than two IP address ranges are assigned to a single subscriber. A host list contains a list of IP addresses, ranges of IP addresses, subnets, and DNS names. If the number of IP addresses exceeds the size of the host database, additional flows will be classified in the /Inbound/Default and /Outbound/Default classes. To avoid this, optimize the definition of matching rules so that the total number of IP addresses or subnets for all of the matching rules does not exceed the size of the host database. The host database size is listed in the online PacketGuide reference section. The CLI command for adding a matching rule to an IP address-based class is:
class rule add <tclass> inside <ipaddr>[/<cidr>] [:<submask>]
11-5
Examples: To add a matching rule for an additional IP address to the sample_subscriber_ip traffic class:
class rule add inbound/gold_plan/sample_subscriber_ip inside 192.168.1.2
To add a matching rule for an additional subnet to the sample_subscriber_subnet class:

class rule add inbound/gold_plan/sample_subscriber_subnet inside 192.168.3.0/24
To create a host list, use the hl new command. To add hosts to an existing host list, use the hl add command. For example:
hl new mylist 192.168.4.0/24 hl add mylist 192.168.1.10-19.168.1.200 class rule add inbound/gold_plan/subscriber inside list:mylist
Adding Subscriber Comments
You can use the comment field to include additional information about each subscriber. For example, enter the following command to note that sample_subscriber_ip is a subscriber with two IP addresses:
class note inbound/gold_plan/sample_subscriber_ip "Class for subscriber with 2 IP addresses"
The note will appear in the Comment field on the Traffic Class page in the browser interface.
Adding Owners
The customer portal feature, described in detail in PacketGuide, allows you to offer customized screens of PacketWise statistics to your subscribers. If you plan to use the customer portal feature, you may want to assign an owner to each class after you create it, using the following command:
class owner <tclass> <ownername>
The <ownername> should match the login ID you plan to give the subscriber.
11-6
Allocating Bandwidth to Subscribers

To allocate bandwidth to a subscriber, assign a partition of a specific size to its traffic class. A partition is a virtual pipe that you can create for a given traffic class. This virtual pipe reserves bandwidth for all flows of a given type such as all traffic associated with an IP address or subnet. The partition can be used either to place bandwidth utilization limits on a subscriber or to guarantee the subscriber a minimum amount of bandwidth. Some ISPs use partitions to enforce maximum bandwidth usage limits, which are similar to Frame Relays concept of EIR (Excess Information Rate) but offer no guaranteed bandwidth (such as Frame Relays concept of 0 Committed Information Rates [CIRs]). Other ISPs may design their service offerings so that each subscriber is guaranteed a minimum quantity of bandwidth, either with or without a maximum bandwidth utilization limit.
Examples
The first example below shows a partition with 0 Kbps CIR, 256 Kbps EIR. The second example shows a partition with 64 Kbps CIR, 256 Kbps EIR. To allocate a minimum of 0 bandwidth and a maximum bandwidth of 256 Kbps to the sample_subscriber_ip class:
partition apply /inbound/gold_plan/sample_subscriber_ip 0 256k
To allocate a minimum of 64 Kbps and a maximum of 256 Kbps:

partition apply /inbound/gold_plan/sample_subscriber_ip 64k 256k
For an ISP upstream link configuration, you will want to create a partition for each subscriber in the ISP network. For a web hosting configuration, you will want to create a class and a partition for the IP address of each virtual web server. If you are using HTTP 1.1 Host Name headers (multiple host names per single IP address), create the class using the HTTP Criterion option to specify the Virtual Host name. For a cable or DSL head end configuration, you will want to create a partition for each cable or DSL subscriber, based on IP addresses or subnets. These environments use DHCP (Dynamic Host Configuration Protocol), so IP address policies will be ineffective. This is a good application for dynamic partitions. (For details about dynamic partitions, see your online PacketGuide.)
Turning Shaping On
Partitions have no effect until traffic shaping is turned on. To do this in the CLI, type:
setup shaping on
Or, in the browser interface: 1. 2. 3. Click the setup tab. Turn Shaping on. Click apply changes.
11-7
Creating a Data Entry Form

Instead of using the CLI to manually create all of your IP address-based classes and partitions, PacketWise offers a way to automate the process with a fill-in-the-blanks data entry form. An HTML form is generated from a command file that consists of CLI commands and variables. You can fill in the blanks in the HTML form, and when the data is processed, the CLI commands in the source command file will be executed. For more information on this technique, see the online PacketGuide. (In the PacketGuide navigation bar, choose Tasks > Administration > Create Forms.)
11-8
Verifying that the IP Class Lookup Accelerator Cache is Being Used

Cacheable Classes PacketShaper ISP models follow certain criteria to determine whether a class can go into the accelerator cache. In order for a class to be considered cacheable: It must be a leaf class (that is, it cant have any children). Its parents and siblings must be either IP address-based classes or match-all classes. The class matching rules must specify outside host:any if the cache is on inside addresses (the default).
Use the class show command to determine if a class is cacheable. Cacheable classes are marked with a C flag. Cacheable classes are always address-based (marked with an a flag) and their parents are also address-based or match-all classes (marked with an m flag). Note that exception classes are not cacheable.
class show Derivation: (I)nherited (O)verride (U)nderride (L)ocal Class Flags: (A)utocreated (D)iscovering (E)xception (I)nherit (P)olicy (C)acheable Rule Types: (o)ptimized (m)atch-all (a)ddress is cacheable Class Name Inbound Localhost 10.7.38.0 SUBSCRIBER mysite.org Default Outbound Localhost 10.7.38.0 SUBSCRIBER mysite.org Default Flags Partition Name m E P /Inbound a /Inbound ma /Inbound C a /Inbound IP m /Inbound m E P /Outbound a /Outbound ma /Outbound C a /Outbound IP m /Outbound
In this example, the class mysite.org in the Inbound and Outbound direction is cacheable.
Improving Cache Performance
If a cacheable class has more than one match-all sibling or parent, it will not be treated as cacheable. You can use the flags in the output of the class show command to determine if this situation exists in your traffic tree. These flags indicate whether the class is (C)acheable, (a)ddress-based, and/or (m)atch-all. Because uncached classes can use more CPU resources to classify traffic, you can improve performance by making all qualified address-based leaf classes cacheable. One way to do this is to remove a redundant match-all class near the uncached class, such as removing a Default bucket that is a sibling of the uncached class(es) or a sibling of the parent of the uncached class(es). In the example below, you can make the mysite.org class cacheable by removing the Default class that is mysite.orgs sibling.
Class Name . . . SUBSCRIBER mysite.org Default Flags Partition Name
ma /Inbound a /Inbound m /Inbound
11-9
Advanced Features
PacketShapers also have advanced tuning and reporting features, such as policies for guaranteeing per-flow Quality of Service, subscriber usage reports, and automatic event notification. For information on these and other advanced features, see the online PacketGuide (click the packetguide button in the browser interface).
11-10
APPENDIX A: PRODUCT SPECIFICATIONS

PacketShaper 10000 Specifications
Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width: 17.31 in. (43.97 cm) Depth: 20.25 in. (51.43 cm) including handles Weight Network Ports per NIC 33 lbs. (14.97 kg) Two gigabit Ethernet ports: 1000Base-T, 100Base-T, or 10Base-T or Two gigabit fiber-optic ports with small form-factor pluggable (SFP) transceivers: 1000Base-SX or 1000Base-LX Two (each slot can accommodate one LAN Expansion Module) RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper, or the unit has the site router address set to none Network LEDs Fault LED Power Supply Green flicker for network activity Illuminated when the PacketShaper is in safe or corrupted mode Rating: 100/240 VAC, 50/60 Hz, 6A Typical power consumption: 235 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) ambient 0% to 95% non-condensing 0 to 10,000 ft. operating
Expansion Slots Serial Port Status LED
Environmental (Operating)
A-1
Appendix A: Product Specifications
Environmental (Storage)
Packeteer product packages meet the storage standard ETS 300 0191-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Managed Link Speed
Multiple configurations are offered; supports links up to 1 Gbps full duplex. Software configuration determines maximum shaping capacity.
Warning Attention Warnung
Class 1 laser product. Produit laser de classe 1 Laserprodukt der Klasse 1.
A-2

Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width: 17.31 in. (43.97 cm) Depth: 19.25 in. (48.90 cm) including handles Weight Network Ports per NIC 27 lbs. (12.25 kg) Two gigabit Ethernet ports: 1000Base-T, 100Base-T, or 10Base-T or Two gigabit fiber-optic ports with small form-factor pluggable (SFP) transceivers: 1000Base-SX or 1000Base-LX Two (each slot can accommodate one LAN Expansion Module) RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper, or the unit has the site router address set to none Network LEDs Fault LED Power Supply Green flicker for network activity Illuminated when the PacketShaper is in safe or corrupted mode Rating: 100/240 VAC, 50/60 Hz, 6A Typical power consumption: 199 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) ambient 0% to 95% non-condensing 0 to 10,000 ft. operating
Expansion Slots Serial Port Status LED
A-3
Managed Link Speed
Multiple configurations are offered; supports links up to 200 Mbps full duplex. Software configuration determines maximum shaping capacity.
A-4

Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width: 17.35 in. (44.07 cm) Depth: 16 in. (40.64 cm) Weight Expansion Slots Network Ports per NIC Management Port Serial Port USB Ports Status LED 20.48 lbs. (9.29 kg) Two (each slot can accommodate one LAN Expansion Module) Two gigabit Ethernet ports: 1000Base-T, 100Base-T, or 10Base-T
One gigabit Ethernet port RS-232 (AT-compatible) serial port with male DB-9 connector Two (reserved for future use) If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none
Network LEDs Fault LED Power Supply
Green flicker for network activity Illuminated when in safe or corrupted mode Rating: AC 100-240 V, 50/60 Hz, 2.5 A Typical power consumption: 48 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
A-5
Managed Link Speed
A-6

Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width: 17.00 in. (43.18 cm) Depth: 15.25 in. (38.74 cm) including handles Weight Network Ports per NIC Expansion Slots Serial Port Status LED 17 lbs. (7.71 kg) Two Ethernet ports: 10BaseT or 100BaseT
Two (each slot can accommodate one LAN Expansion Module) RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none
Green flicker for network activity Illuminated when in safe or corrupted mode Rating: 100/240 VAC, 50/60 Hz, 2A Typical power consumption: 30 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
Environmental (Operating) Environmental (Storage)
Managed Link Speed
A-7
A-8

Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width:17.35 in. (44.07 cm) Depth: 16 in. (40.64 cm) Weight Expansion Slots Network Ports per NIC Management Port Serial Port USB Ports Status LED 18.04 lbs. (8.18 kg) Two (each slot can accommodate one LAN Expansion Module) Two gigabit Ethernet ports: 1000Base-T, 100Base-T, or 10Base-T
One gigabit Ethernet port RS-232 (AT-compatible) serial port with male DB-9 connector Two (reserved for future use) If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none
Green flicker for network activity Illuminated when in safe or corrupted mode Rating: AC 100-240 V, 50/60 Hz, 2.5 A Typical power consumption: 48 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
A-9
Managed Link Speed
A-10

Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 3.50 in. (8.89 cm) Width: 17.00 in. (43.18 cm) Depth: 14.00 in. (35.56 cm) Weight Network Ports per NIC Expansion Slots Serial Port Status LED 16 lbs. (7.36 kg) Two Ethernet ports: 10BaseT or 100BaseT
Two (each slot can accommodate one LAN Expansion Module) RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none
Green flicker for network activity Illuminated when in safe or corrupted mode Rating: 100/240 VAC, 50/60 Hz, 2A Typical power consumption: 30 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
Managed Link Speed
A-11
A-12

Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 1.75 in. (4.45 cm) Width: 17.00 in. (43.18 cm) Depth: 14.00 in. (35.56 cm) Weight Network Ports Management Port Serial Port 14.00 lbs. (6.35 kg) Two Ethernet ports: 10BaseT or 100BaseT One gigabit Ethernet port RS-232 (AT-compatible) serial port with male DB-9 connector Two (reserved for future use) If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none Network LEDs Power Supply Green flicker for network activity Rating AC 100-240 V, 50/60 Hz, 2.5 A Typical power consumption: 48 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
USB Ports Status LED
Packeteer product packages meet the storage standard ETS 300 019-1-1, Class 1.2. The storage climatic conditions for warehousing Packeteer products are: Low air temperature: High air temperature: Low relative humidity: High relative humidity: Low air pressure: High air pressure: -13 F (-25C) 131 F (55C) 5% 95 % 70 kPa 106 kPa
Managed Link Speed
A-13

Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 1.75 in. (4.45 cm) Width: 17.00 in. (43.18 cm) Depth: 14.00 in. (35.56 cm) Weight Network Ports Serial Port 11 lbs. (4.99 kg) Two Ethernet ports: 10BaseT or 100BaseT RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none Network LEDs Power Supply Green flicker for network activity Rating: 100/240 VAC, 50/60 Hz, 2A Typical power consumption: 18 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
Status LED
Managed Link Speed
A-14

Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 1.73 in. (4.4 cm) Width: 16.97 in. (43.1 cm) Depth: 10.63 in. (27.0 cm) Weight Network Ports 12.79 lbs. (5.8 kg) Four Ethernet ports (two primary, two backup): 10BaseT or 100BaseT None RS-232 (AT-compatible) serial port with male DB-9 connector Two (reserved for future use) If all of the following conditions are true, the LED is green: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none If any of the above conditions are not true, the LED remains off. Network LEDs Power Supply Amber flicker for network activity Rating AC 100-240 V, 50/60 Hz, 5 A Typical power consumption: 48 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
Management Port Serial Port
USB Ports Status LED
Managed Link Speed
A-15

Specifications are subject to change without notice. Dimensions Standard 19-inch rack mount Height: 1.75 in. (4.45 cm) Width: 17.00 in. (43.18 cm) Depth: 14.00 in. (35.56 cm) Weight Network Ports Serial Port 11 lbs. (4.99 kg) Two Ethernet ports: 10BaseT or 100BaseT RS-232 (AT-compatible) serial port with male DB-9 connector If all of the following conditions are true, the LED is green, otherwise it is amber: all links are up shaping is on the configured site router address is detected by the PacketShaper or the site router address is set to none Network LEDs Power Supply Green flicker for network activity Rating: 100/240 VAC, 50/60 Hz, 2A Typical power consumption: 18 watts Temperature: Relative humidity: Altitude: 32F to 104F (0C to 40C) 0% to 95% non-condensing 0 to 10,000 ft. operating
Status LED
Managed Link Speed
A-16
APPENDIX B: PINOUT DESCRIPTIONS

Console Port Pinout Description
The PacketShapers CONSOLE port is a standard DB-9 male connection, operating at 9600 baud, 8 bits, no parity, 1 stop bit:
.
Pin 1 2 3 4 5 6 7 8 9
Name DCD -Data Carrier Detect RXD - Received Data TXD - Transmitted Data DTR - Data Terminal Ready GND - Signal Ground DSR - Data Set Ready RTS - Request To Send CTS - Clear To Send RI - Ring Indicator
Function Indicates there is a valid connection to another serial device Indicates incoming data (from the terminal to the PacketShaper) Indicates outgoing data (from the PacketShaper to the terminal) Indicates the terminal (the PacketShaper) is ready Signal return for all signal lines Indicates that the terminal is ready to receive data from the PacketShaper Tells the terminal that the PacketShaper wants to send data Indicates the terminal is ready to receive data from the PacketShaper Not used by the PacketShaper
A lap link serial cable has the following configuration: DCD RXD TXD DTR GND DSR RTS CTS RI DCD RXD TXD DTR GND DSR RTS CTS RI
B-1
Appendix B: Pinout Descriptions
B-2
APPENDIX C: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 1400

Field-replaceable components the PacketShaper 1400 model include: Hard drive
This appendix describes how to replace this component in case of failure.
Field-Replaceable Hard Drive

The PacketShaper 1400 has a field-replaceable hard drive; replacement drives can be ordered from Packeteer. Before removing the drive, make sure you have the replacement drive on hand. You will need to power down the unit and remove it from its rack mount (if applicable), but drive removal and installation can be done in just a few minutes.
Remove from Equipment Rack
Note: After the hard drive is replaced, the measurement engine will reset and all measurement data will be cleared.
If your unit is mounted in an equipment rack, you must remove it before replacing the hard drive: 1. 2. 3. 4. Turn off the PacketShaper using the power switch on the back of the unit. Unplug the power cord and all other cabling. Remove the screws that attach the units mounting brackets to the equipment rack and set aside. Remove the unit from the rack and place on a sturdy work surface.
Remove Top Cover
The hard drive is located under the top cover of the unit.
1. 2.
Warning: The hard drive is NOT hot swappable. You must turn off and unplug the PacketShaper before removing the hard drive.
Turn off the PacketShaper by flipping the power switch. Disconnect the power cord.
C-1
Appendix C: Field-Replaceable Components: PacketShaper 1400
3.
Using a screwdriver, remove the screws that attach the top cover of the unit. Remove the top cover and set aside.
PO WE ST R AT US FA UL T
US
CO NS OL E
MGM
LIN K Tx Sp /R x ee d
INSI
DE
LIN K Tx /R x Sp ee d
OU
TS
IDE
C-2
Remove Hard Drive Assembly
To remove the hard drive and its mounting bracket: 1. Unplug the data and power cables from the hard drive.
K C A B
P T U O
E ID
E ID S IN
E T S ID
U O
E S IN ID
B S U
2.
Remove the screws that attach the hard drives mounting bracket to the unit and remove the hard drive assembly.
K C A B
P T U O
E ID
E ID S IN
E T S ID
U O
E S IN ID
B S U
C-3
3.
Remove the screws that attach the hard drive to its mounting bracket and set the old drive aside.
Note: You will re-use the mounting bracket and screws with the new hard drive.
C-4
Install New Hard Drive
To install the new hard drive: 1. Attach the new hard drive to the original mounting bracket that came with your PacketShaper 1400.
C-5
2.
Plug the data and power cables from the PacketShaper into the hard drive.
K C A B
P T U O
E ID
E ID S IN
U O
E ID S T
E S IN ID
B S U
3.
Attach the hard drive assembly to the PacketShaper.
E
P T U O
ID S
K C A B
E ID S IN
E T S ID
U O
E S IN ID
B S U
4. 5. 6. 7.
Replace the top cover. If necessary, re-install the unit in your equipment rack. Reconnect the power cord and other cabling. Turn on the PacketShaper by flipping the power switch.
C-6
APPENDIX D: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 1700

Field-replaceable components the PacketShaper 1700 model include: Power supply Hard drive Cooling unit
This appendix describes how to replace each of these components in case of failure.
Field-Replaceable Power Supply

The power supply module on a PacketShaper 1700 is field replaceable. 1. 2. Turn off the power supply and disconnect its power cord. To remove a defective power supply, loosen the two captive thumb screws as shown below. You may need a Phillips-head screwdriver.
Power supply screws
3.
Pull out and remove the power supply, as shown below.
4. 5. 6. 7.
Make sure the replacement power supply is turned off and unplugged. Insert the new power supply module. Tighten the two screws on the power supply. Reconnect the power cord, and turn on the power supply.
D-1
Appendix D: Field-Replaceable Components: PacketShaper 1700

The PacketShaper 1700 has a field-replaceable hard drive; replacement drives can be ordered from Packeteer. Before removing the drive, make sure you have the replacement drive on hand. You will need to power down the unit and remove it from its rack mount (if applicable), but drive removal and installation can be done in just a few minutes.
Remove from Equipment Rack
If your unit is mounted in an equipment rack, you must remove it before replacing the hard drive: 1. 2. 3. 4. Turn off the PacketShaper using the power switch on the back of the unit. Unplug the power cord and all other cabling. Remove the screws that attach the units mounting brackets to the equipment rack and set aside. Remove the unit from the rack and place on a sturdy work surface.
Remove Top Cover
The hard drive is located under the top cover of the unit.
1. 2.
Turn off the PacketShaper by flipping the power switch. Disconnect the power cord.
D-2
3.
Using a screwdriver, remove the six screws that attach the top cover of the unit. Remove the top cover and set aside.
PO
WE ST R AT US FA UL T
US
CO NS OL E
MGM
LIN K Tx Sp /R x ee d
INSI
DE
OU
TS
IDE
D-3
Remove Hard Drive Assembly
To remove the hard drive and its mounting bracket: 1. Remove the screws that attach the hard drives mounting bracket to the unit and remove the hard drive assembly.
2.
Unplug the data and power cables from the hard drive.
D-4
3.
Remove the screws that attach the hard drive to its mounting bracket and set the old drive aside.
Note: You will re-use this mounting bracket with the new hard drive.
D-5
Install New Hard Drive
The replacement hard drive may ship with a mounting bracket designed for other PacketShaper models. To install this hard drive in your PacketShaper 1700, you will need to remove the drive from this bracket and then attach it to the original mounting bracket that came with your PacketShaper: 1. 2. Remove the screws that attach the new hard drive to its mounting bracket and set this bracket aside (it is not needed). Attach the new hard drive to the original mounting bracket that came with your PacketShaper 1700.
D-6
3.
Plug the data and power cables from the PacketShaper into the hard drive.
4.
Attach the hard drive assembly to the PacketShaper.
5. 6. 7. 8.
Replace the top cover. If necessary, re-install the unit in your equipment rack. Reconnect the power cord and other cabling. Turn on the PacketShaper by flipping the power switch.
D-7
Field-Replaceable Cooling Unit

PacketShaper 1700 units have a field-replaceable, hot-swappable cooling unit. If you have configured PacketWise to send SNMP traps, a trap will be sent automatically if the fan fails. Packeteer recommends that you power down the PacketShaper after a fan failure, in order to avoid damage to the unit. Before removing the cooling unit, make sure you have the replacement unit on hand. If you are hot-swapping a cooling unit as part of scheduled maintenance, the new cooling unit should be installed within a minute of removing the old one, to prevent overheating of system components.
Remove Rear Door
The cooling unit is located behind a door on the back of the unit. 1. 2. 3. Turn off the PacketShaper by flipping the power switch on the power supply. Disconnect the power cord. Loosen the captive screw on the door on the back of the unit, using a screwdriver.
Back panel screw
4.
The rear door is hinged on the left side. To remove the door, swing the door open slightly and pull to the right. Set the door aside.
Remove System Cooling Unit
To remove the system cooling unit: 5. Loosen the captive thumb screw on the cooling unit.
VIDEO
Cooling unit screw
D-8
6.
Grasp the handle on the cooling unit and pull out the unit as shown below; no wires need to be disconnected.
Handle
Install New System Cooling Unit
To install the new system cooling unit: 1. 2. Slide in the new cooling unit and tighten the captive screw. To replace the rear door, slide the tab on the left side of the door into the slot and push the door in place.
3.
Tighten the screw.
D-9
D-10
APPENDIX E: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 3500, 7500

Several of the components on the PacketShaper 3500 and 7500 are field replaceable: Power supplies Hard drive Cooling units
Power Supplies
PacketShaper 3500 and 7500 units have removable power supplies. PacketShaper 3500 units have one power supply module and PacketShaper 7500 units have two hot-swappable power supplies that is, they can be replaced while a unit has power and is operating. 1. 2. Turn off the power supply to be removed and disconnect its power cable. To remove a defective power supply, loosen the two captive thumb screws as shown below. You may need a Phillips-head screwdriver.
power supply screws
3.
When you remove one of the two power supplies on the PacketShaper 7500, you will see a message in the LCD window that says Power 1 Failed or Power 2 Failed. This will not interrupt operation because there are two power supplies. If you remove both power supplies, the unit will fail. 4. 5. 6. 7. Make sure the replacement power supply is turned off. Insert the new power supply module. Tighten the two screws on the power supply. Turn on the power supply. After a moment, the Power failed message on the LCD window will disappear.
E-1
Appendix E: Field-Replaceable Components: PacketShaper 3500, 7500

PacketShaper models 3500 and 7500 have a field-replaceable hard drive; replacement drives can be ordered from Packeteer. Before removing the drive, make sure you have the replacement drive on hand. You will need to power down the unit, but drive removal and installation can be done in just a few minutes.
Remove Rear Door
The hard drive is located behind a door on the back of the unit.
1. 2. 3.
Turn off the PacketShaper by flipping the power switch on both power supplies. Disconnect the power cords. Loosen the captive thumb screw on the door on the back of the unit, using a screwdriver.
Back panel screw
4.
The rear door is hinged on the right side. To remove the door, swing the door open slightly and pull to the left. Set the door aside.
E-2
Remove Hard Drive
To remove the hard drive: 1. Loosen the captive thumb screw on the hard drive.
Hard drive screw
2.
To remove the drive, pull the drive tray out; no wires need to be disconnected.
E-3
Install Hard Drive
To install the new drive: 1. 2. Slide the new drive tray in the drive slot and tighten the captive screw. To replace the rear door, slide the tabs on the right side into their respective holes and push the door in place.
3. 4. 5.
Tighten the screw. Reconnect the power cords. Turn on the PacketShaper by flipping the power switch on each power supply.
E-4
Field-Replaceable Cooling Units

PacketShaper 3500 and 7500 units have field-replaceable, hot-swappable cooling units. All units have a system cooling unit. On the PacketShaper 7500, an additional cooling unit is installed next to the power supplies. If you have configured PacketWise to send SNMP traps, a trap will be sent automatically if either of the fans fail. Packeteer recommends that you power down the PacketShaper after a fan failure, in order to avoid damage to the unit. Before removing the cooling unit, make sure you have the replacement unit on hand. If you are hot-swapping a cooling unit as part of scheduled maintenance, the new cooling unit should be installed within a minute of removing the old one, to prevent overheating of system components.
Remove System Cooling Unit
To remove the system cooling unit: 1. 2. The system cooling unit is located behind a door on the back of the PacketShaper. See Remove Rear Door on page E-2. Loosen the captive thumb screw on the cooling unit.
Cooling unit screw
3.
Grasp the handle on the cooling unit and pull out the unit as shown below; no wires need to be disconnected.
Handle
E-5
Install New System Cooling Unit
To install the new system cooling unit: 1. 2. Slide in the new cooling unit and tighten the captive screw. To replace the rear door, slide the tabs on the right side of the door into their respective holes and push the door in place.
3.
Tighten the screw.
Replace Power Supply Cooling Unit
On the PacketShaper 7500, a second cooling unit is installed next to the power supplies. To replace the power supply cooling unit: 1. Loosen the captive thumb screw on the power supply cooling unit.
cooling unit screw
2. 3. 4.
Pull the power supply cooling unit out of the chassis. Insert the replacement cooling unit. Tighten the screw.
E-6
APPENDIX F: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 9500, 10000

Some of the components on PacketShaper models 9500 and 10000 are field replaceable: Power supplies on the PacketShaper 9500 and 10000 Hard drive on the PacketShaper 10000 Cooling unit on the PacketShaper 10000
Hot-Swappable Power Supplies

PacketShaper models 9500 and 10000 have dual removable power supplies. These power supplies can be hot swapped that is, replaced while a unit has power and is operating. The RoHS-compliant versions of the PacketShaper 10000 (revision G and higher) use a new power supply that is not compatible with older PacketShaper 9500 and 10000 models. The two power supplies on RoHS-compliant PacketShaper 10000 models are stacked vertically, while the power supplies on older PacketShaper 10000 models and all PacketShaper 9500 models are installed side-by-side. Choose the procedure appropriate for the model and revision of your PacketShaper: Replacing the Power Supply on a RoHS-Compliant PacketShaper 10000 (revision G or higher) on page F-1 Replacing the Power Supply on a PacketShaper 9500 or 10000 on page F-3
Replacing the Power Supply on a RoHS-Compliant PacketShaper 10000 (revision G or higher) Each power supply module for the RoHS-compliant PacketShaper 10000 features an LED to the left of the locking screw. If the LED is green, the power supply is operating normally. If the LED is off, the power supply is not operational.
Warning: The external temperature of the power supply module can range between 50 to 60 degrees Celsius (122 to 140 degrees Farenheit). To protect your hands from burns, Packeteer recommends that you wear insulating gloves when removing the power supply from a powered unit.
F-1
Appendix F: Field-Replaceable Components: PacketShaper 9500, 10000
1.
Turn the locking screw counter-clockwise to loosen, and then pull the locking lever to the left to release the power supply from its bracket.
2.
While continuing to pull the locking lever to the left, grasping the handle and pull out and remove the power supply, as shown below.
When you remove either one of the power supplies, you will see a message in the LCD window that says Power 1 Failed. This will not interrupt operation because there are two power supplies. If you remove both power supplies, the unit will fail. 3. 4. Insert the new power supply until the locking tab clicks into place. Tighten the locking screw.
F-2
Replacing the Power Supply on a PacketShaper 9500 or 10000 1. Remove the two screws on the security plate.
2.
When you remove either one of the power supplies, you will see a message in the LCD window that says Power 1 Failed. This will not interrupt operation because there are two power supplies. If you remove both power supplies, the unit will fail. 3. 4. Insert the new power supply. Screw the security plate back into position.
F-3
Field-Replaceable Hard Drive (PacketShaper 10000)

The PacketShaper 10000 has a field-replaceable hard drive; replacement drives can be ordered from Packeteer. Although some revisions of the PacketShaper 10000 have slots for two hard drives, only one slot is used. Before removing the drive, make sure you have the replacement drive on hand. You will need to power down the unit, but drive removal and installation can be done in just a few minutes.
Remove Rear Door
The hard drive is located behind a door on the back of the unit.
1. 2. 3.
Turn off the PacketShaper by holding down the power switch for about five seconds, until the unit powers off. Disconnect both power cords. Loosen the screw on the door on the back of the unit, using a screwdriver.
back panel screw
4.
The rear door is hinged on the right side. To remove the door, swing the door open slightly and pull to the left. Set the door aside.
F-4
Remove Hard Drive
The hard drive is installed in the lower slot. To remove the hard drive: 1. Loosen the captive screw on the hard drive.
hard drive screws
2.
To remove the drive, pull the drive tray out; no wires need to be disconnected.
F-5
Install Hard Drive
To install the new drive: 1. 2. Slide the new drive tray in the lower drive slot and tighten the captive screw. To replace the rear door, slide the posts on the right side into their respective holes and push the door in place.
3. 4. 5.
Tighten the screw. Reconnect the power cords. Turn on the PacketShaper by pressing the power switch momentarily. (If you press the switch too long, it will not power up. If this happens, just press the switch again.)
F-6
Field-Replaceable Cooling Unit (PacketShaper 10000)

The PacketShaper 10000 has a field-replaceable cooling unit. The assembly contains two sets of in-series fan pairs; if one fan fails in a series pair, the other fan has sufficient cooling capacity under normal environmental conditions. If you have configured PacketWise to send SNMP traps, a trap will be sent automatically if any of the fans fail. Packeteer recommends that you replace the cooling unit as quickly as possible after a fan failure. Before removing the cooling unit, make sure you have the replacement unit on hand. You will need to power down the PacketShaper, but fan removal and installation can be done in just a few minutes.
Remove Cooling Unit
To remove the cooling unit:
1. 2. 3. 4.
Warning: The cooling unit is NOT hot swappable. You must turn off and unplug the PacketShaper before removing the cooling unit.
Turn off the PacketShaper by holding down the power switch for about five seconds, until the unit powers off. Disconnect both power cords. The cooling unit is located behind a door on the back of the PacketShaper. See Remove Rear Door on page F-4. Loosen the captive screw on the cooling unit.
cooling unit screw
5.
Grasp the handle on the left side of the cooling unit and pull out the unit as shown below; no wires need to be disconnected.
handle
F-7
Install New Cooling Unit
To install the new cooling unit: 1. 2. Slide in the new cooling unit and tighten the captive screw. To replace the rear door, slide the posts on the right side of the door into their respective holes and push the door in place.
3. 4. 5.
Tighten the screw. Reconnect the power cords. Turn on the PacketShaper by pressing the power switch momentarily. (If you press the switch too long, it will not power up. If this happens, just press the switch again.)
F-8
APPENDIX G: SAFETY AND REGULATORY INFORMATION

Safety Warnings
SAFETY ELECTRICAL NOTICES WARNING: ELECTRIC SHOCK HAZARD To prevent ELECTRIC shock, do not remove cover. This unit contains HAZARDOUS VOLTAGES and should only be opened by a trained and qualified technician. To avoid the possibility of ELECTRIC SHOCK, disconnect electric power to the product before connecting or disconnecting the LAN cables. LIGHTNING DANGER DANGER: DO NOT WORK on equipment or CABLES during periods of LIGHTNING ACTIVITY. CAUTION: POWER CORD IS USED AS THE MAIN DISCONNECT DEVICE. Ensure that the socket outlet is located/installed near the equipment and is easily accessible. CAUTION: THIS UNIT MAY HAVE MORE THAN ONE POWER SUPPLY CORD. Disconnect all power supply cords before servicing, to avoid electric shock. INSTALLATION ELECTRICALTYPE CLASS 1 EQUIPMENT THIS EQUIPMENT MUST BE GROUNDED. Power plug must be connected to a properly wired earth ground socket outlet. An improperly wired socket outlet could place hazardous voltages on accessible metal parts. CAUTION: Danger of explosion if battery is replaced with incorrect type. Replace only with the same type recommended by the manufacturer. Dispose of used batteries according to the manufacturers instructions. MOUNTING INSTRUCTIONS CAUTION: Air vents must not be blocked and must have free access to the room ambient air for cooling. CAUTION: MECHANICAL LOADINGMounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven loading. CAUTION: PacketShaper models 1200 and 1550 have no operator-serviceable parts inside. Refer service issues to the manufacturer or a factory-authorized service center. When operating the unit in an equipment rack, ensure that: The ambient temperature around the unit (which may be higher than the room temperature) is within the limit specified for the unit There is sufficient airflow around the unit Electrical circuits are not overloaded consider the nameplate rating of all the connected equipment, and make sure you have over current protection. The equipment is properly grounded No objects are placed on top of the unit
G-1
Appendix G: Safety and Regulatory Information
Operating Temperature This product is designed for an ambient temperature of 32 to 104F (0 to 40C). All Countries: Install product in accordance with local and national electrical codes. CAUTION: RISK OF ELECTRIC SHOCK. An improperly wired socket outlet could place hazardous voltages on accessible metal parts. ENERGIE RAYONNEE Ce matriel a t test et est certifi conforme la rglementation amricaine aux normes dfinies pour les appareils. SECURITE INFORMATIONS SUR LELECTRICITE ADVERTISSEMENT: DANGER DELECTROCUTION Pour empcher les dangers dELECTROCUTION, ne pas enlever le couvercle. Lquipement ne contient aucun lment rparable par lutilisateur. Cet appareil comprend des TENSIONS DANGEREUSES et ne doit tre ouvert que par un technicien dment qualifi. Pour viter tout risque dELECTROCUTION, dbrancher lappareil de la prise de courant avant de connecter ou de dconnecter les cables LAN. DANGER DE FOUDRE DANGER: NE PAS MANIER lquipement ou les CABLES pendant les priodes dactivit orageuse. ATTENTION: CET APPAREIL COMPORTE PLUS DUN CORDON DALIMENTATION. Rafin de prvenir les chocs lectriques, debrancher les deux cordons dalimentation avant de faire le dpannage. ATTENTION: Le cordon dalimentation est utilis comme interrupteur gnral. La prise de courant doit tre situe ou installe proximit du matriel et tre facile daccs. INSTALLATION ELECTRICITEEQUIPEMENT DE CLASSE 1 CET APPAREIL DOIT ETRE MIS A LA TERRE. La prise de courant doit tre branche dans une prise femelle correctement mise la terre. Sinon, des tensions dangereuses risqueraient datteindre les pices mtalliques accessibles lutilisateur. ATTENTION: Pour ce qui est de la protection contre les courts-circuits (surtension), ce produit dpend de linstallation lectrique du local. Vrifier quon fusible ou quun disjoncteur de 15A/250V est utilis sur les circuits de CC. ATTENTION: Il y a danger dexplosion sil y a remplacement incorrect de la batterie. Remplacer uniquement avec une batterie du mme type ou dun type quivalent recommand par le constructeur. Mettre au rebut les batteries usages conformment aux instructions du fabricant. INSTRUCTIONS DE MONTAGE ATTENTION: Ne pas bloquer les fentes daration, ce qui empcherait lair ambiant de circuler librement pour le refroidissement. ATTENTION: REPARTITION DE LA CHARGE MECANIQUE Le montage des appareils dans le bti doit tre effectu de telle manire que la rpartition de la charge mcanique ne pose aucun danger. Temperature de Fonctionnement Ce produit est capable de tolrer une temprature ambiante 0 40C.
G-2
Pour tous pays: Installer le produit conformment aux normes lectriques nationales et locales. Zur sicheren Trennung des Gerates vom Netz ist der Netzstecker zu ziehen. Vergewissern Sie sich, das die Steckdose leicht zuganglich ist. Achtung. Explosionsgefahr wenn die Battery in umgekehrter Polaritt eingesetzt wird. Nur mit einem gleichen oder hnlichen, vom Hersteller empfohlenen Typ, ersetzen. Verbrauchte Batterien mssen per den Instructionen des Herstellers verwertet werden.
Warning:
Read the installation instructions before connecting the system to the power source. Avant de brancher le systme sur la source dalimentation, consulter les directives dinstallation. Vor dem Anschlieen des Systems an die Stromquelle die Installationsanweisungen lesen.
Attention:
Warnung:
Warning:
This product relies on the buildings installation for short-circuit (over current) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15 A U.S. (240 VAC, 10 A international) is used on the phase conductors (all current-carrying conductors). Pour ce qui est de la protection contre les courtscircuits (surtension), ce produit dpend de linstallation lectrique du local. Vrifier quun fusible ou quun disjoncteur de 120 V alt., 15 A U.S. maximum (240 V alt., 10 A international) est utilis sur les conducteurs de phase (conducteurs de charge). Dieses Produkt ist darauf angewiesen, da im Gebude ein Kurzschlu- bzw. berstromschutz installiert ist. Stellen Sie sicher, da eine Sicherung oder ein Unterbrecher von nicht mehr als 240 V Wechselstrom, 10 A (bzw. in den USA 120 V Wechselstrom, 15 A) an den Phasenleitern (allen stromfhrenden Leitern) verwendet wird.
Attention:
Warnung:
Warning:
The plug-socket combination must be accessible at all times, because it serves as the main disconnecting device. La combinaison de prise de courant doit tre accessible tout moment parce quelle fait office de systme principal de dconnexion. Der Netzteilstecker muss immer zugnglich sein, da er als Hauptabschaltgert dient.
Attention:
Warnung:
G-3
Warning:
The unit has more than one power supply connection; all connections must be removed to remove all power from the unit. Cette unit est quipe de plusieurs raccordements dalimentation. Pour supprimer tout courant lectrique de lunit, tous les cordons dalimentation doivent tre dbranchs. Diese Einheit verfgt ber mehr als einen Stromanschlu; um Strom gnzlich von der Einheit fernzuhalten, mssen alle Stromzufuhren abgetrennt sein.
Attention:
Warnung:
Warning: To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety:
unit should be mounted at the bottom of the rack if it is the only unit in the rack. When mounting this unit in a partially filled rack, load the rack from the bottom to the top with the heaviest component at the bottom of the rack. If the rack is provided with stabilizing devices, install the stabilizers before mounting or servicing the unit in the rack.
This
Attention: Pour viter toute blessure corporelle pendant les operations de montage ou de rparation de cette unit en casier, il convient de prendre des prcautions spciales afin de maintenir la stabilit du systme. Les directives ci-dessous sont destines assurer la protection du personnel: Si cette unit constitue la seule unit monte en casier, elle doit tre place dans le bas. Si cette unit est monte dans un casier partiellement rempli, charger le casier de bas en haut en plaant llment le plus lourd dans le bas. Si le casier est quip de dispositifs stabilisateurs, installer les stabilisateurs avant de monter ou de rparer lunit en casier.
G-4
Warnung: Zur Vermeidung von Krperverletzung beim Anbringen oder Warten dieser Einheit in einem Gestell mssen Sie besondere Vorkehrungen treffen, um sicherzustellen, da das System stabil bleibt. Die folgenden Richtlinien sollen zur Gewhrleistung Ihrer Sicherheit dienen: Wenn diese Einheit die einzige im Gestell ist, sollte sie unten im Gestell angebracht werden. Bei Anbringung dieser Einheit in einem zum Teil gefllten Gestell ist das Gestell von unten nach oben zu laden, wobei das schwerste Bauteil unten im Gestell anzubringen ist. Wird das Gestell mit Stabilisierungszubehr geliefert, sind zuerst die Stabilisatoren zu installieren, bevor Sie die Einheit im Gestell anbringen oder sie warten.
G-5
Electro-Magnetic Interference/Compatibility and Safety Compliance

Overview The EMI/EMC emissions and safety compliance information for Packeteer products is listed below.
Products 1200 1400 1550 1700 2500 3500 6500 7500 9500 10000
EMI/EMC Standards AS/NZS 3548 Class A AS/NZS 4252.1 ICES-003, Class A EMC Directive 89/336/EEC EMC Directive 73/23/EEC EMC Directive 93/68/EEC EN 55022:1998 Class A EN 61000-3-2:1995_A1(98) +A2(98), & prA14(00) EN 61000-3-3:1995 EN 55024:1998 VCCI:2002, Class A KN55022 Class A KN6100-4-2,3,4,5,6,8,11 GOST-R 60950-2002 GOST-R 51318.22-99, .24-99 FCC 47 CFR part 15, subpart B, Class A CNS 13438 Class A
Safety Standards IEC 60950-1 EN 60950-1+A11 UL 60950-1: 03 CAN/CSA C22.2 No. 60950-1: 03 EN 60825-1,-2 Class I Laser
United States FCC Statement
This product has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This product generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning this equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Change the direction of the radio or TV antenna. To the extent possible, relocate the radio, TV, or other receiver away from the product. Plug the product into a different electrical outlet so that the product and the receiver are on different branch circuits.
If these suggestions dont help, consult your dealer or an experienced radio/TV repair technician for more suggestions.
G-6
NOTE: This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
CAUTION: Any modification to the equipment not expressly approved by Packeteer

could void your authority to operate the equipment.
European Union (CE) Statement
This product is in conformity with the essential requirements of EU directives, specifically EU Directives 89/336/EEC, 73/23/EEC and 93/68/EEC, by applying the following standards EN55022: 1998, EN55024:1998, EN61000-3-2: 2001, EN61000-3-3: 1995 plusA1: 2001,EN60950-1: 2001 CLASS 1 LASER PRODUCT (except for PacketShaper 1200, 1400, 1550, and 1700 models) The Declaration of Conformity is available on the Internet at: http://support.packeteer.com/documentation/conformity/declaration.pdf
European Union CISPR 22 Statement
WARNING: This is a Class A product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures.
Japan VCCI Statement
Class A ITE
This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. Internal access to Packeteer devices is intended only for qualified service personnel.
Canada Compliance Statement (Industry Canada)
Cet appareil numrique respecte les limites bruits radiolectriques applicables aux appareils numriques de Classe A prescrites dans la norme sur le matriel brouilleur: Appareils Numriques, NMB-003 dicte par le Ministre Canadien des Communications. This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the interference-causing equipment standard entitled: Digital Apparatus, ICES-003 of the Canadian Department of Communications.
G-7
Taiwan BSMI Class A EMI Statement
Australia C-tick Statement
WARNING The system is designed to operate in a typical office environment. Choose a site that is: Clean and free of airborne particles (other than normal room dust) Well-ventilated and away from sources of heat including direct sunlight Away from sources of vibration or physical shock Isolated from strong electromagnetic fields produced by electrical devices In regions that are susceptible to electrical storms, we recommend you plug your system into a surge suppressor and disconnect telecommunication lines to your modem during an electrical storm. Provided with a properly grounded wall outlet
Do not attempt to modify or use the supplied AC power cord if it is not the exact type required. Ensure that the system is disconnected from its power source and from all telecommunications links, networks, or modem lines whenever the chassis cover is to be removed. Do not operate the system with the cover removed.
Russia Certification
PacketShaper models 1200, 1400, 1550, 1700, 2500, 3500, 6500, 7500, and 10000 are Russia GOST-R certified.
Korea MIC Statement
G-8
Proper Disposal of Packeteer Products

To reduce waste and to protect the environment from hazardous materials, waste electrical equipment must be disposed of properly. The crossed-out wheelie bin symbol pictured here and labeled on Packeteer products (purchased after August 13, 2005) is a reminder that electrical equipment should not be mixed in with general trash or disposed of in a landfill. Once your Packeteer product or component has reached its end-of-life, you should dispose of it through a reputable, licensed hazardous materials processor. If you are located in one of the European Union Member States, please refer to the product's end user license agreement for further information regarding the proper disposal, reporting, and/or return of the product to Packeteer. For additional information and to obtain return instructions, please go to the Packeteer website at http://www.packeteer.com/program/recycling/.
RoHS Compliance
Packeteer supports the EU directive for Restriction of Hazardous Substances (RoHS). PacketShaper models 1400, 1700, 3500, 7500, and 10000 (Revision G and higher) are RoHS-compliant.
G-9
G-10
INDEX
1 Gbps WAN link 5-4 100 LED indicator 2-3 1000 BaseT 5-6 200 Mbps WAN link 5-4 using 11-3 comment field 11-6 compression displaying Compression Summary 10-6 displaying Top Ten reports 10-9 enabling 1-16, 10-3 problems 10-10 using with direct standby 10-5 Compression Estimator configuring 8-11 described 8-2 Compression Module 1-1, 1-7, 8-2, 8-11 compression tunnels 1-7, 10-1, 10-3, 10-4, 10-10 configuration, corrupt 2-8, 4-9, 5-14 console connection 2-2, 3-2, 4-2, 5-2, 5-3, 6-3, 6-10 console port pinout description B-1 CONTROL port 5-2, 5-12 cookies 6-2 cooling unit (fan), replacing PacketShaper 10000 F-7 PacketShaper 1700 D-8 PacketShaper 3500 E-5 PacketShaper 7500 E-5 copper Ethernet network installing a PacketShaper 9500/10000 5-6 Corrupt Config messages 2-8, 4-9, 5-14 crossover cable 2-5, 3-5, 4-5, 5-6
A
accelerator cache defined 11-2 verifying 11-9 access-link monitoring feature 7-2 asymmetric flows 7-2 auto-negotiate NIC mode 1-15, 1-18
B
BACKUP INSIDE port 3-2 BACKUP OUTSIDE port 3-2 Bad 12v reg message 4-9 Bad 2.5v reg message 4-9 Bad 3.3v reg message 4-9 Bad 5v reg message 4-9 Bad Left LEM message 4-9 Bad Lower LEM message 5-14 Bad Right LEM message 4-9 Bad Upper LEM message 4-9, 5-14 bandwidth allocating 9-9, 11-7 capping 9-9 bandwidth farming 1-1, 11-1 bandwidth limit 9-9 booting, status on LCD 2-7, 4-8, 5-13 browser interface accessing PacketWise 6-2 online help 1-1 browsers configuration 6-2 supported 6-2 bypass control port 5-2, 5-12 bypass mode 2-8, 4-9, 5-9, 5-14 bypass relays, disabling 7-6, 7-8
D
data entry form, creating 11-8 date setup 1-16, 9-10 DB-9 connection 2-2, 3-2, 4-2, 5-2, 5-3, B-1 Dedicated Management Port feature 6-1, 8-3 Dell PowerConnect 8-1 deployment branch offices 1-6 ISP 1-10 main site 1-3 non-inline 8-1 redundant topologies 1-8 Xpress 1-7 deployment strategies 1-3 direct standby 1-8, 7-1 configuring 7-22 using with Xpress 10-5 discovery, traffic 9-2 Disk LED indicator 3-2 DMZ 1-5 DNS server address(es) 1-12, 1-17 domain name setup 1-12, 1-17 DSL topology 1-10
C
cable modem topology 1-10 cable problems 6-4 cables 2-5, 3-5, 4-5, 5-6 caching defined 11-2 verifying 11-9 Cisco Catalyst 8-1 Citrix traffic 9-5 classes, traffic 9-2 creating IP address-based 11-5 classification, traffic 9-2 classification-accelerator cache defined 11-2 verifying 11-9 command-line interface accessing 6-3
E
Ethernet BACKUP INSIDE port 3-2 BACKUP OUTSIDE port 3-2 INSIDE port 3-2 OUTSIDE port 3-2
I-1
Index
expansion slots 2-2, 4-2, 5-2, 5-3
F
fan assembly, replacing PacketShaper 10000 F-7 PacketShaper 1700 D-8 PacketShaper 3500 E-5 PacketShaper 7500 E-5 Fault LED indicator 2-2, 4-2, 5-3, A-1, A-3, A-5, A-7, A-9, A-11 Fiber Bypass Switch 5-10 fiber-optic bypass control port 5-2, 5-12 fiber-optic network connecting a PacketShaper 9500/10000 5-8 firewall 7-18, 7-19 folder classes, creating 11-4 font 6-2 forgotten passwords 6-10 front panel 2-2, 3-2, 4-2 front panel (PacketShaper 9500/10000) 5-2 FTP 9-5 full-duplex WAN link 1-13
default PacketShaper 6-3 defining 1-12, 1-17 IP address-based classes 11-2, 11-9 IPX 1-7 ISP deployment strategies 1-10 ISP models configuring 11-1
L
LAN Expansion Modules expansion slots 2-2, 4-2, 5-2, 5-3 for direct standby 1-8, 7-1 for watch mode 8-4 L-InLink Down message 2-8, 4-9, 5-14 L-OutLink Down message 2-8, 4-9, 5-14 R-InLink Down message 4-10 R-OutLink Down message 4-10 U-InLink Down message 2-9, 5-15 U-OutLink Down message 2-9, 5-15 using two 1-14 LC connectors 5-8 LCD bar graph 2-7, 4-8, 5-13 described 6-7 messages 2-7, 4-8, 5-13 problems 6-7 status 2-7, 4-8, 5-13 LED Fault A-1, A-3, A-5, A-7, A-9, A-11 network A-1, A-3, A-5, A-7, A-9, A-11, A-13, A-14, A15, A-16 Status A-1, A-3, A-5, A-7, A-9, A-11, A-13, A-14, A-15, A-16 LEMs expansion slots 2-2, 4-2, 5-2, 5-3 for direct standby 1-8, 7-1 for watch mode 8-4 using two 1-14 Link LED indicator 2-2, 4-3, 5-3 link utilization 9-5 links 1 Gbps 5-4 200 Mbps 5-4 In Link Down message 2-8, 4-9 Links Down message 2-8, 4-9 Out Link Down message 2-8, 4-10 Links Down message 2-8, 4-9, 5-14 links, inbound/outbound 1-13, 1-14 L-InLink Down message 2-8, 4-9, 5-14 load-sharing topology 1-13, 7-2 local mode 1-11, 1-12 login 6-6 look password 1-12, 1-17 L-OutLink Down message 2-8, 4-9, 5-14
G
gateway 1-12, 1-17 GBIC 5-6 Getting Started Guide 1-1 graphing problems 9-10 Guided Setup 6-1, 6-6
H
half-duplex links 1-13 hard drive, replacing PacketShaper 10000 F-4 PacketShaper 3500 E-2 PacketShaper 7500 E-2 hardware installation (PacketShaper 9500/10000) 5-1 hardware, installation 2-1, 3-1, 4-1 help system 1-1 host lists 11-5, 11-6 hot standby 7-1 hot-swappable power supplies PacketShaper 10000 F-1 PacketShaper 3500 E-1 PacketShaper 7500 E-1 PacketShaper 9500 F-1 HTTPS login 6-6
I
In Link Down message 2-8, 4-9, 5-14 initialization 2-7, 4-8, 5-13 installation hardware 2-1, 3-1, 4-1 hardware (PacketShaper 9500/10000) 5-1 non-inline 8-3 PacketShaper 9500/10000-to-server 5-7 PacketShaper-to-router 2-5, 3-5, 4-5 PacketShaper-to-server 2-6, 3-6, 4-7 rack-mounting 2-4, 3-4, 4-4 rack-mounting (PacketShaper 9500/10000) 5-5 Internet Explorer browsers 6-2 IP address
M
management port enabling 4-2, 6-1 watch mode 8-3 with direct standby 7-14, 7-16, 7-18, 7-20 mask, subnet 1-12, 1-17 matching rules 11-5 Microsoft Internet Explorer 6-2
I-2
Index
mode bypass 2-8, 4-9, 5-9, 5-14 operating 1-16 safe 2-9, 4-10, 5-15 watch 8-1 modem settings 6-4 monitor only mode 1-16 Monitoring Module 1-1, 8-1
N
NAT 1-6 net mask, defining 1-12, 1-17 NetOptics taps 8-1 Netscape browsers 6-2 network hardware installation 2-1, 3-1, 4-1 hardware installation (PacketShaper 9500/10000) 5-1 non-inline installation 8-3 ports 2-2, 3-2, 4-2 ports (PacketShaper 9500/10000) 5-2 Network Address Translation (NAT) 1-6 network link down 2-8, 4-10, 5-15 Network Performance Summary 9-6 network speed problems 6-8 NIC mode 1-15, 1-18 No Router Found message 2-8, 4-9 non-inline deployment 8-1 Not Configured message 2-8, 4-9, 5-15
O
OpenSSH 6-3 operating mode 1-11, 1-16 Out Link Down message 2-8, 4-10, 5-15
P
packet capture 9-11 packet shaping enabling 9-9, 11-7 Shaping Off message 2-9, 4-10 PacketGuide 1-2 PacketSeeker non-inline deployment 8-1 PacketShaper accessing with a browser 6-2 accessing with a console connection 6-3 accessing with remote login software 6-3 defined 1-1 deployment strategies 1-3 IP address 1-12, 1-17 modules 1-1 turning on 2-7, 3-7, 4-8 using 9-1 PacketShaper 10000 cooling unit (fan) replacement F-7 hard drive replacement F-4 hardware features 5-4 hot-swappable power supplies F-1 installing 5-1 powering on 5-13 specifications A-1 PacketShaper 1200 configuring 1-11, 9-1
generating reports 9-1 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-16 PacketShaper 1400 BACKUP INSIDE port 3-6 BACKUP OUTSIDE port 3-6 hardware features 3-3 installing 3-1 powering on 3-7 specifications A-15 PacketShaper 1400 Lite configuring 9-1 generating reports 9-1 PacketShaper 1550 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-14 PacketShaper 1700 cooling unit (fan) replacement D-8 hardware features 4-3 installing 4-1 management port (described) 4-2 management port (enabling) 6-1 management port (watch mode) 8-3, 8-4, 8-6, 8-9 power supply replacement D-1 powering on 4-8 specifications A-13 PacketShaper 2500 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-11 PacketShaper 3500 cooling unit (fan) replacement E-5 hard drive replacement E-2 hardware features 4-3 hot-swappable power supplies E-1 installing 4-1 management port (described) 4-2 management port (direct standby) 7-14, 7-16, 7-18, 7-20 management port (enabling) 6-1 management port (watch mode) 8-3, 8-4, 8-5, 8-6, 8-9 powering on 4-8 specifications A-9 PacketShaper 6500 hardware features 2-3 installing 2-1 powering on 2-7 specifications A-7 PacketShaper 7500 cooling unit (fan) replacement E-5 hard drive replacement E-2 hardware features 4-3 hot-swappable power supplies E-1 installing 4-1 management port (described) 4-2 management port (direct standby) 7-14, 7-16, 7-18, 7-20 management port (enabling) 6-1 management port (watch mode) 8-3, 8-4, 8-5, 8-6, 8-9 powering on 4-8 specifications A-5
I-3
Index
PacketShaper 9500 hardware features 5-4 hot-swappable power supplies F-1 installing 5-1 powering on 5-13 specifications A-3 PacketShaper ISP configuring 11-1 defined 1-1 PacketShaper Xpress configuring 10-1 PacketWise accessing with a console connection 6-3 accessing with browser 6-2 accessing with remote login 6-3 configuring 6-6 logging in 6-6 partitions assigning with CLI 11-7 creating 9-9, 11-7 defined 9-8 password look 1-12, 1-17 recovery 6-10 touch 1-13, 1-18 pinout description console port B-1 policies creating 9-8 verifying 9-9 PolicyCenter 1-11, 7-22 Power 1 Failed message 2-8, 4-10, 5-15 Power 2 Failed message 4-10 Power LED indicator 2-2, 3-2, 4-3, 5-3 power supplies, replacing PacketShaper 10000 F-1 PacketShaper 1700 D-1 PacketShaper 3500 E-1 PacketShaper 7500 E-1 PacketShaper 9500 F-1 power supply dual 2-7, 4-8, 5-13 failure 2-8, 4-10, 5-15 power consumption A-1, A-3, A-5, A-7, A-9, A-11, A13, A-14, A-15, A-16 rating A-1, A-3, A-5, A-7, A-9, A-11, A-13, A-14, A-15, A-16 proxy servers 1-6
Router Inside message 2-9, 4-10, 5-15 Router=0.0.0.0 message 2-9, 4-10, 5-15 setup 1-12, 1-17 setup site address 1-12, 1-17 using GBIC 5-6 R-OutLink Down message 4-10
S
safe mode 2-9, 4-10, 5-15 secure login 6-6 SecureCRT 6-3 serial connection 2-2, 3-2, 4-2, 5-2, 5-3, 6-3 server connecting to PacketShaper 2-6, 3-6, 4-7 connecting to PacketShaper 9500/10000 5-7 DNS 1-12, 1-17 installation 2-6, 3-6, 4-7 settings changing 6-9 setup links 1-13, 1-14 software 6-1 Setup window 6-9 SFP transceivers 5-8 shaping enabling 9-9, 11-7 Shaping Module 1-1, 9-8 Shaping Off message 2-9, 4-10, 5-15 shared mode 1-11, 1-17 site router 1-12, 1-17 Small Form-Factor Pluggable transceivers 5-8 software key 1-1, 8-11, 8-12 SPAN port, connecting to 8-3 Speed LED indicator 4-3, 5-3 SSH clients 6-3 SSH login 6-6 standby direct 7-1, 7-22 hot 7-1 Status LED indicator 2-2, 3-2, 4-3, 5-3, A-1, A-3, A-5, A-7, A-9, A-11, A-13, A-14, A-15, A-16 straight-through cable 2-5, 3-5, 4-5, 5-6 subnet mask 1-12, 1-17 switch, using GBIC 5-6 SX/LX LED indicator 5-4 system startup 2-7, 4-8 system startup (PacketShaper 9500/10000) 5-13
R
rack mounting 2-4, 3-4, 4-4 rack mounting (PacketShaper 9500/10000) 5-5 redundant Packeteer units 7-1 redundant router topologies 1-8, 7-1, 7-12 remote login, accessing PacketWise with 6-3 Response Time Measurement (RTM) 9-11 R-InLink Down message 4-10 RoHS F-1, G-8 router connecting to a PacketShaper 9500/10000 5-6 connecting to PacketShaper 2-5, 3-5, 4-5, 7-13 connectivity problems 2-9, 4-10, 5-15 installation 2-5, 3-5, 4-5 No Router Found message 2-8, 4-9, 5-15
T
taps NetOptics 8-1 taps, connecting to 1-9, 8-9 TCP Rate Control 9-8 Telnet, accessing PacketWise with 6-3 time setup 1-16 time zone setup 1-16, 1-19 Top 10 Classes graph 9-6 Top Ten Compression reports 10-9 Top Ten tab 9-5, 9-7 touch password 1-13, 1-18 traffic classes 9-2 creating IP address-based 11-5 traffic classification 9-2
I-4
Index
traffic discovery 9-2 problems 9-3, 9-10 traffic shaping enabling 9-9, 11-7 Shaping Off message 2-9, 4-10 traffic tree 9-2, 11-3 turning on PacketShaper 2-7, 3-7, 4-8 Tx/Rx LED indicators 2-2, 2-7, 4-3, 4-8, 5-3, 5-14, 6-4
U
UDP-based applications 1-7 U-InLink Down message 2-9, 5-15 U-OutLink Down message 2-9, 5-15
V
version 2-7, 4-8, 5-13 VPN 1-5, 9-3
W
watch mode 8-1 adding routers to watch list 8-7 enabling 8-7 management port 8-3 web traffic 9-5 web, supported browsers 6-2
X
Xpress 1-7, 1-16 configuring 10-1 feature requirements 10-2
I-5

Getting Started Guide v74

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Getting Started Guide v74

Hochgeladen von

Copyright:

Verfügbare Formate

PacketShaper PacketShaper ISP

Getting Started Guide

P/N 20-0192-04 Revision C

U.S. Government Restricted Rights

ABOUT THIS GUIDE

PacketShaper Getting Started Guide

PacketShaper Getting Started Guide

CHAPTER 2: HARDWARE INSTALLATION (PACKETSHAPER 1200, 1550, 2500, 6500)

CHAPTER 3: HARDWARE INSTALLATION (PACKETSHAPER 1400)

CHAPTER 4: HARDWARE INSTALLATION (PACKETSHAPER 1700, 3500, 7500)

CHAPTER 5: HARDWARE INSTALLATION (PACKETSHAPER 9500, 10000)

CHAPTER 6: PACKETWISE SOFTWARE CONFIGURATION

CHAPTER 7: REDUNDANT CONFIGURATIONS

CHAPTER 8: NON-INLINE DEPLOYMENT

CHAPTER 9: PACKETSHAPER QUICK START

CHAPTER 10: COMPRESSION (XPRESS) QUICK START

CHAPTER 11: PACKETSHAPER ISP QUICK START

APPENDIX A: PRODUCT SPECIFICATIONS

APPENDIX B: PINOUT DESCRIPTIONS

APPENDIX C: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 1400

APPENDIX D: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 1700

APPENDIX E: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 3500, 7500

APPENDIX F: FIELD-REPLACEABLE COMPONENTS: PACKETSHAPER 9500, 10000

APPENDIX G: SAFETY AND REGULATORY INFORMATION

CHAPTER 1: BEFORE YOU INSTALL

PacketShaper Getting Started Guide

Chapter 1: Before You Install

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Determining Your Enterprise Deployment Strategy

Main Site WAN Link Deployment

Main Site LAN

Main Site WAN Link

Branch Offices Connected via WAN

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Main Site Internet Link Deployment

Main Site LAN PacketShaper

Main Site Internet Link

Branch Offices Connected via VPN

PacketShaper Getting Started Guide

Chapter 1: Before You Install

LAN VPN gateway

router Internet PacketShaper

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Internet proxy server PacketShaper router

LAN web server mail server

Distributed Deployment (Main Site and Branch Offices)

Main Site LAN

Main Site WAN Link

Main Site InternetLink

Branch Offices Connected via WAN

Branch Offices Connected via VPN

PacketShaper Getting Started Guide

Chapter 1: Before You Install

router Frame Relay cloud

PacketShaper server router PacketShaper

PacketShaper Corporate WAN

PacketShaper Main Site LAN

PacketShaper Getting Started Guide

Chapter 1: Before You Install

Placing PacketShapers into Redundant Topologies