How Do Businesses Scale Their Bandwidth Needs? 116
onebadmutha asks: "I'm technology admin for a very rapidly growing company. We've gone from a fractional T-1, to supplementing that with a snappy DSL line, and now we're running out of reasonable options. I've looked at routers that load-balance, but do so horribly. I've considered splitting up my network users to use several incoming DSL lines, only to be confronted with intranet accessibility issues. None of these provide the kind of redundancy and control that I'd like, and certainly not with a nice pleasant UI that doesn't cause me great grief. I've looked at Open Source router distros (like routerOS, and others) and I've looked at using the full gamut of Microsoft madness. How do other businesses solve this problem of scaling bandwidth needs, without completely unlimited budgets for redundant OC-48 runs?"
Speakeasy Bonded T1? (Score:5, Interesting)
I'm not sure if you are in an area where you can get Speakeasy service, but htey allow you to bond up to four T1 lines. I have no experience with the service, but I understand that it is cheaper than a fractional T3 and they provide you with hardware that does it for you transparently. I don't know if there are other service providers that have something similar, but it seems like a good idea.
Question (Score:3, Interesting)
honestly (Score:5, Interesting)
back when I used to do it (Score:4, Interesting)
First thing to do is get a hold of your firewall. Block all traffic, in and out. Then create rules to only let in and out specific traffic types with specific end points. Outbound http should only go through your web server. SMTP through your mail server. Don't let ssh out at all unless you must, and even then see if you can determine specific hosts to permit it to and from. Rate limit ssh to make it usable for remote shell access but painful for port forwarding other application types (forwarding http through ssh is an old trick to get around the company logging your web surfing activity).
Notice I mentioned a squid server. Yes, you need one of those. And yes, you need to force everyone to use it. There is a very good chance your router can do this for you transparently.
Users will scream. Loudly. Prepare yourself and your management for this. Anyone who thinks they are being treated unfairly needs to submit IN WRITING a business justification for the traffic they want you to permit, which must be approved jointly by IT and HR.
With an arrangement like this, I was able to keep over 500 users happy on a pair of bonded T1 lines. 3Mbps for 500+ users. The biggest consumer of bandwidth was the 5 person IT department pulling patches for all the different OS's we had to support. Every now and then one of the software developers would think he was being clever and find a way around the outbound blocks on the firewall using an exception in the rules that their manager got approved, but it would end quickly with a very embarassing personal visit from our Director and their own boss within a few minutes of the music streaming starting.
Broadband to the home has been a mixed blessing. People have gotten too used to having bandwidth-hungry apps at home which is fine when you have 3Mbps+ all to yourself but when you are at work and have to share it, it's time to leave the toys at home and be a considerate network citizen.
Luckily I don't have to be network cop these days. Someone else gets to do that. Someone that doesn't have a good handle on their network so they are buying way more bandwidth than they really need.
Is more bandwidth necessary? (Score:3, Interesting)
Now, if you still find that you need more bandwidth, the easiest solution is to purchase a nice router that can handle routing and load balancing over multiple connections. Forget about a cheap LinkSys or NetGear DSL router, get yourself a serious router like the Cisco Integrated Services Routers. For under $3000 you can get one that has expansion slots for up to 4 WICs, and it can handle T1/E1, DSL, voice, etc.
I would also recommend that you talk to data providers in your area, as they are the people who build and sell these solutions every day. Don't just talk to the telco, talk to other providers as well. Where I work we get our T1 lines from AT&T, but there are several other providers that we could get them from, and the prices do vary some. There is also at least one provider that offers a wireless RF solution for Internet access that works as a line-of-sight basis. In this case you would essentially mount an antenna on your building, point it at their tower, and then hook it into your network. They were offerring speeds significantly faster than T1 but slower than T3 for very competitive prices, and they also offerred bandwidth on demand services (i.e., your usual allotted bandwidth was 10 Mbps, but they had excess capacity to handle spikes in traffic up to 15 Mbps or whatever).
Honestly, if you have to ask Slashdot how to scale your company's Internet bandwidth, odds are you're working for a pretty small company (because if you're working for a much larger company you would seem to be fairly incompetent for a network engineer). Most small companies wouldn't normally need more bandwidth than can be provided over a couple of T1 connections.
Re:You forgot the part... (Score:3, Interesting)
The post I replied to suggested blocking all internet traffic and reopening holes on a user by user and port by port basis. If users are downloading porn at work, you have an HR issue. If users are streaming audio/video against policy, you have an HR issue. If you don't have a policy about streaming either its not an issue for you or it never occured to you to tell you users its a bad thing. Many users are just clueless about the cumlative effect of streaming, since it works fine at home. Suggest they bring in a radio or CD's
with your expert knowledge from the bandwidth-management trenches at MacDonalds
Aw, I didn't know you cared. Rest assured that I know more about the subject than 99% of the IT pros on Slashdot (which really isn't hard), and I'm proud to have knowledge and experience that extends beyond the IT cubicle. Its a pet peeve of mine when folks recommend technical solutions for people management issues (Joey set up a porn screen saver! we must block people from chosing their own screen savers!). It shows a lack of leadership and management ability.