How Do Businesses Scale Their Bandwidth Needs?

onebadmutha asks: "I'm technology admin for a very rapidly growing company. We've gone from a fractional T-1, to supplementing that with a snappy DSL line, and now we're running out of reasonable options. I've looked at routers that load-balance, but do so horribly. I've considered splitting up my network users to use several incoming DSL lines, only to be confronted with intranet accessibility issues. None of these provide the kind of redundancy and control that I'd like, and certainly not with a nice pleasant UI that doesn't cause me great grief. I've looked at Open Source router distros (like routerOS, and others) and I've looked at using the full gamut of Microsoft madness. How do other businesses solve this problem of scaling bandwidth needs, without completely unlimited budgets for redundant OC-48 runs?"

Speakeasy Bonded T1?

[El Cubano]

I'm not sure if you are in an area where you can get Speakeasy service, but htey allow you to bond up to four T1 lines. I have no experience with the service, but I understand that it is cheaper than a fractional T3 and they provide you with hardware that does it for you transparently. I don't know if there are other service providers that have something similar, but it seems like a good idea.

Question

[42Penguins]

What, exactly, is the question? Is it: What kind of line should I have? or What kind of router hardware/software should I use? I'll shoot at the first question: You already have a fractional T-1, why not buy the whole thing? It's not as elite as redundant OC-48 lines, but like you said, you can't afford those anyway. If you want a step up from that, get redundant T-1 lines from 2 different providers in case one gets nicked.

honestly

[BushCheney08]

In all honesty, after looking over the intouchtechnical.com site, I'm going to go out on a limb here and tell you that you need to find which of your techs is running bittorrent all the time and either teach him how to set upload and download limits or cut him off entirely. As others have said, your posting is all over the map. You openly dismiss more than a few technologies that work quite well in competent hands. You mention fractional T1s, DSL, and OC48 as if you don't even know what they are. It really sounds like you aren't qualified to be the technology admin for a company whose business revolves around providing tech support to other businesses. Hate to say it, but that's what I see from where I'm sitting.

back when I used to do it

[Yonder Way]

The users hated me because they couldn't stream music to their desks. I would always bring them a Best Buy ad turned to the page with portable radios, CD players, and MP3 players.

First thing to do is get a hold of your firewall. Block all traffic, in and out. Then create rules to only let in and out specific traffic types with specific end points. Outbound http should only go through your web server. SMTP through your mail server. Don't let ssh out at all unless you must, and even then see if you can determine specific hosts to permit it to and from. Rate limit ssh to make it usable for remote shell access but painful for port forwarding other application types (forwarding http through ssh is an old trick to get around the company logging your web surfing activity).

Notice I mentioned a squid server. Yes, you need one of those. And yes, you need to force everyone to use it. There is a very good chance your router can do this for you transparently.

Users will scream. Loudly. Prepare yourself and your management for this. Anyone who thinks they are being treated unfairly needs to submit IN WRITING a business justification for the traffic they want you to permit, which must be approved jointly by IT and HR.

With an arrangement like this, I was able to keep over 500 users happy on a pair of bonded T1 lines. 3Mbps for 500+ users. The biggest consumer of bandwidth was the 5 person IT department pulling patches for all the different OS's we had to support. Every now and then one of the software developers would think he was being clever and find a way around the outbound blocks on the firewall using an exception in the rules that their manager got approved, but it would end quickly with a very embarassing personal visit from our Director and their own boss within a few minutes of the music streaming starting.

Broadband to the home has been a mixed blessing. People have gotten too used to having bandwidth-hungry apps at home which is fine when you have 3Mbps+ all to yourself but when you are at work and have to share it, it's time to leave the toys at home and be a considerate network citizen.

Luckily I don't have to be network cop these days. Someone else gets to do that. Someone that doesn't have a good handle on their network so they are buying way more bandwidth than they really need.

Is more bandwidth necessary?

[ocbwilg]

Step 1: Analyze your network traffic and determine if more bandwidth is really necessary. I am an engineer for a company of 300 users, and we get by just fine on a pair of T1 circuits. If you're having bandwidth problems there is a fair chance that someone is hogging all of the bandwidth. Once you filter out the guys streaming audio, video, and using P2P clients (either restrict them to a trickle with QoS or block it completely) I suspect that you will have a lot more bandwidth than you need.

Now, if you still find that you need more bandwidth, the easiest solution is to purchase a nice router that can handle routing and load balancing over multiple connections. Forget about a cheap LinkSys or NetGear DSL router, get yourself a serious router like the Cisco Integrated Services Routers. For under $3000 you can get one that has expansion slots for up to 4 WICs, and it can handle T1/E1, DSL, voice, etc.

I would also recommend that you talk to data providers in your area, as they are the people who build and sell these solutions every day. Don't just talk to the telco, talk to other providers as well. Where I work we get our T1 lines from AT&T, but there are several other providers that we could get them from, and the prices do vary some. There is also at least one provider that offers a wireless RF solution for Internet access that works as a line-of-sight basis. In this case you would essentially mount an antenna on your building, point it at their tower, and then hook it into your network. They were offerring speeds significantly faster than T1 but slower than T3 for very competitive prices, and they also offerred bandwidth on demand services (i.e., your usual allotted bandwidth was 10 Mbps, but they had excess capacity to handle spikes in traffic up to 15 Mbps or whatever).

Honestly, if you have to ask Slashdot how to scale your company's Internet bandwidth, odds are you're working for a pretty small company (because if you're working for a much larger company you would seem to be fairly incompetent for a network engineer). Most small companies wouldn't normally need more bandwidth than can be provided over a couple of T1 connections.

Re:You forgot the part...

[ePhil_One]

The GP post was discussing torrenting porn

The post I replied to suggested blocking all internet traffic and reopening holes on a user by user and port by port basis. If users are downloading porn at work, you have an HR issue. If users are streaming audio/video against policy, you have an HR issue. If you don't have a policy about streaming either its not an issue for you or it never occured to you to tell you users its a bad thing. Many users are just clueless about the cumlative effect of streaming, since it works fine at home. Suggest they bring in a radio or CD's

with your expert knowledge from the bandwidth-management trenches at MacDonalds

Aw, I didn't know you cared. Rest assured that I know more about the subject than 99% of the IT pros on Slashdot (which really isn't hard), and I'm proud to have knowledge and experience that extends beyond the IT cubicle. Its a pet peeve of mine when folks recommend technical solutions for people management issues (Joey set up a porn screen saver! we must block people from chosing their own screen savers!). It shows a lack of leadership and management ability.