How Do Businesses Scale Their Bandwidth Needs? 116
onebadmutha asks: "I'm technology admin for a very rapidly growing company. We've gone from a fractional T-1, to supplementing that with a snappy DSL line, and now we're running out of reasonable options. I've looked at routers that load-balance, but do so horribly. I've considered splitting up my network users to use several incoming DSL lines, only to be confronted with intranet accessibility issues. None of these provide the kind of redundancy and control that I'd like, and certainly not with a nice pleasant UI that doesn't cause me great grief. I've looked at Open Source router distros (like routerOS, and others) and I've looked at using the full gamut of Microsoft madness. How do other businesses solve this problem of scaling bandwidth needs, without completely unlimited budgets for redundant OC-48 runs?"
Speakeasy Bonded T1? (Score:5, Interesting)
I'm not sure if you are in an area where you can get Speakeasy service, but htey allow you to bond up to four T1 lines. I have no experience with the service, but I understand that it is cheaper than a fractional T3 and they provide you with hardware that does it for you transparently. I don't know if there are other service providers that have something similar, but it seems like a good idea.
Re:Speakeasy Bonded T1? (Score:5, Informative)
Re:Speakeasy Bonded T1? (Score:5, Informative)
You could also install SNMP on the workstations themselves and track it back that way.
Disable any unused ports and lock active ports to specific MAC addresses to stop the "laptop freeloader" from sucking bits on a rogue PC.
Finally, start blocking all the ports for incoming and outgoing traffic. Open 443 and 80 for outgoing and then wait for people to call. Open ports on a per-user basis. Workers need department head approval. Dept heads need C*O approval.
You forgot the part... (Score:3, Insightful)
Nobody likes living under a fascist big-brother network policy. But, hey, you put those lousy "freeloaders" in their place, huh? That's all that matters, after all...
And YOU forgot... (Score:3, Insightful)
Some non-work net use is inevitable (like me making this post). But when people are using their workplace's network connection for non-work activities to the extent that it's impacting the performance of the rest of the network, then something has to change.
For most businesses, there is simply no business reason to allow people to download music and/or stream video to or from the office. It's just like the telephone. Most places don't mind people making personal c
Re:And YOU forgot... (Score:2)
Re:You forgot the part... (Score:4, Insightful)
Lay off the bong hits kid. Grownups understand that they aren't supposed to be torrenting all day on the boss's network connection. Anyone who quits because they won't be allowed to torrent porn all day does the boss a favor.
Re:You forgot the part... (Score:2)
And those whiners who quit because they can't get the information they need to do their jobs? The workaholics who used to stay 12 hours because they could be little timmy a birthday toy from Amazon.com in 5 minutes? The companies better off without them too. What the company needs are a bunch of bottom feeders who know they can't get better jobs elsewhere, and so put up with having to clock out to take bathroom br
Re:You forgot the part... (Score:1)
Re:You forgot the part... (Score:1)
The GP post was discussing torrenting porn, which: a) can consume much bandwidth both ways, b) may open up the business to sexual harassment issues and a hostile work environment, c) may be illegal.
As for your ideas, sucking down 2 MB of
Re:You forgot the part... (Score:3, Interesting)
The post I replied to suggested blocking all internet traffic and reopening holes on a user by user and port by port basis. If users are downloading porn at work, you have an HR issue. If users are streaming audio/video against policy, you have an HR issue. If you don't have a policy about streaming either its not an issue for you or it never occured to you to tell you users its a bad thing. Many users are just clueless about the cumlative effect of streaming, sin
Re:You forgot the part... (Score:2)
It's quite annoying when a websearch takes 20 seconds to load because of some P2P crap or movie downloading.
If I were the admin, I'd still allow video streams, but they'd be on a lower priority compared to everything else.
I doubt even email should be held back just so someone can watc
Re:You forgot the part... (Score:2)
Grownups understand that they aren't supposed to be torrenting all day on the boss's network connection.
One might THINK that, but...
I find it's much better to set up QOS and relegate anything not business related to 0 commit best effort. It's easy for users to whine about how their one little personal download can't hurt anything, but really hard to argue at work that their personal crap should be higher priority than business related traffic.
As far as downloading porn at work, It might be better if
Re:Speakeasy Bonded T1? (Score:2)
Re:Speakeasy Bonded T1? (Score:1)
Seriously not a good idea. You can save a lot of frustrations and agonizing if you ask people their requirements first and then trim down.
* lon3st4r *
Re:Speakeasy Bonded T1? (Score:2)
After that, use the internets and your memory to figure out what people are doing.
However, after all that, you'll find that 99% of people can get what they need over 80 and 443. A few will use FTP or SSH. Of those, none of them are really buisness-related.
We keep a single, unblocked PC in the network operations cent
Re:Speakeasy Bonded T1? (Score:2)
The firewall does not care what port you are using. It's smart enough to figure out what protocol you are using.
As for the cubicle nazi thing, that's just dumb. My company has limited resources. We have to ensure that those resources are used p
Re:Speakeasy Bonded T1? (Score:2)
You could try installing it on another PC and copying it over. But, if you needed to write anything in the Windows folder, you'd be out of luck.
Re:Speakeasy Bonded T1? (Score:3, Informative)
It (obviously) requires both T1's to be from the same provider, as there is configuration needed on both ends.
Re:Speakeasy Bonded T1? (Score:4, Insightful)
I say spend your budget on additional lines instead of cisco smartnet.
Re:Speakeasy Bonded T1? (Score:1)
Not to say the software solution is useless, just not the same.
--
Phil
Re:Speakeasy Bonded T1? (Score:1)
Forget speakeasy bonded T1, you can bond your standard DSL lines through an OpenBSD firewall using CARP. Read also about VRRP and (HSRP and GLBP) for cisco solutions. They add not only redundancy but also load balancing, and recovery is real fast as opposed to something like RIP2. You can also use OSPF but careful, OpenOSPFD and zebra dont provide load balancing and redundancy of default routes. IOS does.
I recently did something similar with Linux.
Business wanted bigger bandwidth and higher availabili
Re:Speakeasy Bonded T1? (Score:2)
T1s are still selling because there's still a need for them. Frame devices have guaranteed throughput, guaranteed uptime, service level contracts and so on. Bound DSL just isn't a responsible choice for a business.
Re:Speakeasy Bonded T1? (Score:1)
Bonded T1s from the same provider? (Score:1)
Question (Score:3, Interesting)
Re:Question (Score:2)
And the answer is a series of questions in itself:
Re:Define the Question (Score:1)
Does renting rack space at a data center with redundant connections, air, power, generator and 7x24 staffing make sense? Or do you need to run the exchange se
Dark fiber Ethernet service, or fractional DS3 (Score:5, Insightful)
Bonding T1s and DSL is neat and all, but if your business actually depends on the Internet working, go with one really good fat pipe and then maybe a thin one (T1 or so) as a backup. Don't mess with complex setups. Complex = new ways to fail.
Re:Dark fiber Ethernet service, or fractional DS3 (Score:2, Funny)
Check the link [intouchtechnical.com], which has since been removed. The computers page is especially amusing.
Re:Dark fiber Ethernet service, or fractional DS3 (Score:2)
now one thing that grand parent AC over looked is that if they are small ther is always a cost problem.
one thing i have found is to use a T1 has the primary line for max up time services.. and then get a cheep microwave/wireless connection for fast but doesn't have to work 100% of the time - where i am you can get 2mb up 2mb down for around 200$ a month including small ip block and leased router (cisco 80
Re:Dark fiber Ethernet service, or fractional DS3 (Score:5, Insightful)
Why is it every time someone asks a legitimate IT question on /. the poster is ridiculed with the above statement. Every. Single. Time. I for one think /. is a GREAT place to ask questions like these. Unless you've been the 'jack of all trades' IT guy at a small company, you have no idea what it is like. You're expected to know EVERYthing. Sure - there are forums all over the place dedicated to this specialty or that specialty. And if he was a network admin only, he likely would read those forums every day.
I think /. is a great place to ask questions like these. Sure you have trolls and ACs who sometime suggest silly solutions. But you also have a LOT of hardened geeks and IT types who have been around the block a few times who make good suggestions. Already here I've seen 3 or 4 solid solutions that he can now consider and do more research on to see which fits his company best.
Asking /. a question is not a sign of a n00b or bad IT person. What better place than one of the biggest techie readerships on the Internet to ask questions. I find many Ask Slashdot threads to be very informative, filed away for 'future use'
At least you followed up the standard 'I can't believe he asked /.' with an actual, you know, answer.
OK, move along nothign to see here. I had to waste a little Karma anyway.
Re:Dark fiber Ethernet service, or fractional DS3 (Score:2)
The issue isn't whether or not the submitter is a "n00b" (although he clearly is). The issue is whether or not SLashdot is an approrpiate format for such poorly formulated questions. Questions that require clarification. Notice that we have not yet heard back from Mr. "
Re:Dark fiber Ethernet service, or fractional DS3 (Score:2)
personaly i feel ask
Re:Dark fiber Ethernet service, or fractional DS3 (Score:2)
Re:Dark fiber Ethernet service, or fractional DS3 (Score:2)
Re:Dark fiber Ethernet service, or fractional DS3 (Score:1)
So anyways I would expect that a 10mb Fractional DS3 would be somewhere between 3000 and 5000 a month, not including the local loop.
I'm curious as to how much this stuff costs now, and where the quotes are coming from.
Re:Dark fiber Ethernet service, or fractional DS3 (Score:2)
Re:Dark fiber Ethernet service, or fractional DS3 (Score:1)
Choices! (Score:5, Informative)
There are a couple of options available, though. Although my organization appears to be a bit larger than yours, we've decided to utilize a spare T1 that simply sits there for disaster recovery purposes with Policy Based Routing (We're an all Cisco network, although this can be done on a variety of platforms, including Linux..) This directs traffic from a certain IP (and possibly port, I believe) to a specific interface, so that important data (Citrix, etc) has access to our main pipes while web traffic gets the shaft, so to speak. It uses policy maps to do so; I'm relatively noobish to IOS so maybe someone else can shed some light on this.
I'm hopefully certain you have explored QoS and are currently implementing it, but even QoS has limits.
I'm pretty sure a combination of the 2 methods listed above should take care of you. As a network admin, I could care less if web traffic gets dropped on a cheap DSL or cable connection.
Just my 2c, hope it helps
Understanding networks (Score:3)
1) Where are you located? Changing from a fractional T1 to DSL is usually a downgrade, unless it's some sort of SDSL if you're inside the US.
2) Do you have any latency/packet reordering requirements? Bad things happen when packets are out of order, and modern routers avoid reordering like the plague to keep bad things(tm) from happening.
3) What resources do you not need onsite, perhaps some reasonbly priced colo is a better solution for your more resource intensive solutions
4) What are your true bandwith requirements? Most major cities you can get metro-ethernet or various flavors of dark/dim to lit fiber for cheap.
Multiple geographically diverse OC48's are not for most people, are you sure this applies to your requirements?
Re:Understanding networks (Score:2)
Re:Understanding networks (Score:2)
T-1s are also much faster upstream, which is where a budding internet company or the like needs their bandwidth.
Re:Understanding networks (Score:2)
As I said in response to the other gentleman who posted
More than bandwidth (Score:3, Insightful)
-matthew
Re:More than bandwidth (Score:3, Insightful)
Reliability may be an issue of course. Depends on how much the
SDSL (Score:1)
T1's and other leased lines are too expensive...check for SDSL offerings in your area
Granted, my office is in downtown of a large city, so we have more choices...
What exactly do you need? (Score:5, Insightful)
Then, ask yourself what kind of traffic you are handling. If you're looking at users surfing the web, you probably needn't be overly concerned with load balancing; if you're receiving tons of inbound traffic to your servers, on the other hand, not only do you need load balancing, but you probably also need to seriously consider co-location solutions for your servers.
The adminstrative traffic is typically a much lower priority in most companies. I don't know how many users you're talking about, or what they're doing, but most small companies just live with a single (full) T1 until they absolutely need to bond another T1 (where "need" is subject, but should be kept in check, especially given that last bit about not having unlimited funding).
I guess this is not much of an answer, but these are all important questions you need to be asking yourself well before seeking specific answers. I'm not sure where you're coming from, and I don't mean to accuse you of anything, but taking the approach that you'll know the right answer when you see it is usually flawed from the start.
A reasonable voice- Re:What exactly do you need? (Score:1)
As add-on, I strongly suspect that most businesses can live on a T1 with possible exception of web-surfers that could be shunted over to DSL links allowing VOIP and customer traffic to use the stable T1. Engineering and IT always will want fast downloading pipes so that might be another consideration for a separate broadband feed.
IMHO too many times vendors harvest customers because the client did not calm down and define the issues needing address while a
Whoa, slow down there (Score:4, Insightful)
Couple questions:
1) How many employees are we talking about here?
2) What are they doing on the internet that is so demanding?
3) Are you running any web/streaming servers onsite?
4) Have you gone to any lengths to diagnose exactly what your bottleneck might be?
5) Are you sure you don't just have a couple of hogs downloading porn all day?
I know 200+ employee companies that get by with a single T-1 just fine. I'm a little suspicious of your bandwidth needs.
But if you really meed that much bandwidth for web browsing (I doubt you do), the next step would be a DS-3 circuit at about 45Mbit. But that can be pretty costly for the circuit alone. It would, however, allow you to scale because you'd probably be paying for the bandwidth used and not the full 45Mbit. If you are in a building with other companies who have similar needs, you may be able to split the cost of the circuit and share it.
Also, depending on your location, you may be able to setup a wireless (not WiFi) deal with someone. Something with real gear, of course. Not just a couple Linksys' with Pringle can antennaes.
-matthew
Re:Whoa, slow down there (Score:2)
When I first joined my current company back in 2000, we had nothing more then a 56k line (and a few dial-up users). We upgraded that to a T1 pretty quick in order to provide better support to our remote workers.
Over the years, we've added more remote workers. Plus, remote workers tend to be connecting via multi-megabit DSL/Cable connections instead of the sub-megabit speeds of 5 years ago. Combine that with more and more internet use, us
Re:Whoa, slow down there (Score:2)
What are you using it for? (Score:3, Insightful)
The possible set of right answers depends a lot on what you're doing with it.
Policy based routing plus any number of DSL lines will work for splitting up desktop web access.
Inbound traffic for the corporate website is pretty much the antithesis of that... outbound traffic is the target, and that ends up being T-1 optimized for small sites and bonded T-1s or faster links for bigger ones.
VPNs can be symmetrical or asymmetrical. Your mileage may vary.
Sonicwall 4060 (Score:2, Informative)
honestly (Score:5, Interesting)
Re:honestly (Score:1)
You get that, plus you get about $750 worth of hardware and software for only $2099.95. These guys MUST be good!
Intranet and Internet (Score:5, Funny)
Have you tried dialing zero and asking for one of these technicians?
-Peter
Looting and polluting is not the way (Score:2, Funny)
Re:Looting and polluting is not the way (Score:1)
Ban BitTorrent = problem solved (Score:3, Insightful)
Re:Ban BitTorrent = problem solved (Score:1)
As others have said... (Score:2)
Intouch Technical? (Score:2)
I bet they have like 1 guy running Bittorrent all day using up all their bandwidth.
-matthew
Re:Intouch Technical? (Score:2)
Old page (Score:2)
Date: Wed, 31 May 2006 03:29:16 GMT
Server: Apache
Last-Modified: Sat, 16 Aug 2003 01:39:59 GMT
Etag: "6151ef-3ef-3f3d8b6f"
Accept-Ranges: bytes
Content-Length: 1007
Content-Type: text/html
200 OK
Re:Old page (Score:2)
-matthew
Speakeasy isn't the only one and it's called IMA (Score:2)
However ATM allows for IMA lines which are bonding the
Re:Speakeasy isn't the only one and it's called IM (Score:2)
Weigh your options (Score:3, Insightful)
1) Classic T-1, 1.5Mbps
2) IMA (Inverse Multiplexing over ATM) - Essentially bonded T-1s up to about 6 Mbps before the cost of the routers becomes prohibitive
3) Ethernet Switching - 10Mbps and higher
4) DS-3 and higher - 45 Mbps and up
If you need high availability, option 1 is ruled out. IMA is good for speed and availability, but increases complexity. Ethernet switching is fast, but redundancy will cost you and it will require additional CPE devices for security and traffic monitoring. DS-3s and up are reliable and fast, but the cost of high availability (e.g. dual-entrance facilities, multiple providers) is astronomical.
Set yourself up a matrix of each of the key metrics that make a difference to you. Talk to all your possible providers and populate your matrix with their service responses. Read their SLAs very carefully. Understand how they calculate their measurements. A 99.98% availability can be insufficient depending on how they calculate it. Weight their responses based on your business requirements and then choose the option that best suits your needs.
If all else fails, bring in a telecommunications expert for a couple hours to help you analyze your options.
What you missed (Score:2)
Depending on where your office is, this may be an option. Nextweb [nextweb.net] offers T1-equivalent (1.5Mbps) up to 6MBps.
Re:What you missed (Score:1)
Currently I'm looking into business class cable (6mb / 2mb), T-1s, and
Re:What you missed (Score:2)
Well, you may have had a bad experience, but I used fixed wireless for about 3 years at my last company and it proved to be highly reliable and we did not see any latency issues.
OK, we did have some problems when some trees grew into the path of the wireless link, but once that was solved, it was very good. What's more, while we paid for 2Mbps, that was the minimum we saw and most of the time, we ac
Re:What you missed (Score:2)
As a contractor who has dealt with Nextweb for two of my customers, this should not be an option. Nextweb support is ridiculously undertrained on their own equipment, and the service provided is inconsistant at best.
I have since moved both of my customers off, and they've never been happier.
Re:Weigh your options (Score:1)
If you can get your hands a little dirty... (Score:2)
Although we weren't providing anything around 5-9's service, my setup managed 3-9's without too much effort.
The router was a simple vanilla Linux router with n-ports, one for each internet line and one for any local subnets. You could be creative and break up the internal architecture any way you like.
You'll need to sp
shape it (Score:1)
You will be able to see who is using the bandwidth and what applications are using it.
You can then block or set low priority for non-work related traffic.
If bandwidth is still an issue I would look at bonded T-1 lines, which is what we do.
Once the router is configured there is really no administration.
Then step up to a fractional t-3 when necessary.
Re:shape it (Score:2)
We're approaching a phase where application prioritization is already a standard headed for commoditization via CoS in standard MPLS networks. IMHO the single best investment you can make in this performance management arena (and I work in it so it's not a totally uninformed opinion) is in training the people you have
ok, i'll bite (Score:1)
Standing rule of don't install anything on your pc but look at anything you want. About one human sacrafice
every year to keep people in line. Check the router for open connections about once a week to check for zombies and abuse. Offer to bring in porn on dvd for home viewing to anybody who wants it. It works for me for about 60 users at my pontiac gmc store.
well, your www, smtp, and dns aren't the issue (Score:2)
network:IP-Network:64.14.68.0/24
network:Organization;I:ICDSOFT LTD
network:Street;I:6 Asen Halachev Street
network:City;I:SOFIA
network:Postal-Code;I:1113
network:Country-Code;I:Bulgaria
So, what are you doing from your own network, that requires all that bandwidth?
Surely not hosting anything for customers, like web or mail, if your own servers are outsourced (and all sharing the same IP!)
What's traffic analysis show you?
How many campuses do you
Re:well, your www, smtp, and dns aren't the issue (Score:2)
intouchtechnical seems to be a two person small time operation. I didn't even think it was possible to get a fractional T1 any more, except for grandfathered connections. And any company claiming on their website to be experts should have a Cisco router and some Cis
Re:well, your www, smtp, and dns aren't the issue (Score:2)
Savvis told me:
Comcast Commercial Services (Score:2)
http://tinyurl.com/4db44 [tinyurl.com]
Their 'network' service also looks cool for distributed metro campus issues. One ethernet segment to interconnect multiple locations. They even support vlan trunking without having to harass them!
OpenBSD is your friend (Score:2)
Re:Don't you mean Inferno/Plan 9? (Score:1)
Reduce bandwidth consumption (Score:1)
back when I used to do it (Score:4, Interesting)
First thing to do is get a hold of your firewall. Block all traffic, in and out. Then create rules to only let in and out specific traffic types with specific end points. Outbound http should only go through your web server. SMTP through your mail server. Don't let ssh out at all unless you must, and even then see if you can determine specific hosts to permit it to and from. Rate limit ssh to make it usable for remote shell access but painful for port forwarding other application types (forwarding http through ssh is an old trick to get around the company logging your web surfing activity).
Notice I mentioned a squid server. Yes, you need one of those. And yes, you need to force everyone to use it. There is a very good chance your router can do this for you transparently.
Users will scream. Loudly. Prepare yourself and your management for this. Anyone who thinks they are being treated unfairly needs to submit IN WRITING a business justification for the traffic they want you to permit, which must be approved jointly by IT and HR.
With an arrangement like this, I was able to keep over 500 users happy on a pair of bonded T1 lines. 3Mbps for 500+ users. The biggest consumer of bandwidth was the 5 person IT department pulling patches for all the different OS's we had to support. Every now and then one of the software developers would think he was being clever and find a way around the outbound blocks on the firewall using an exception in the rules that their manager got approved, but it would end quickly with a very embarassing personal visit from our Director and their own boss within a few minutes of the music streaming starting.
Broadband to the home has been a mixed blessing. People have gotten too used to having bandwidth-hungry apps at home which is fine when you have 3Mbps+ all to yourself but when you are at work and have to share it, it's time to leave the toys at home and be a considerate network citizen.
Luckily I don't have to be network cop these days. Someone else gets to do that. Someone that doesn't have a good handle on their network so they are buying way more bandwidth than they really need.
Squid (or other cache) Can Help to Solve Problem (Score:2)
Right on, Yonder. I have six years of data showing
that Squid works wonders.
I put a Squid server online in 2000 and forced our
1,200 users to use it (domain logon script set IE to
use automatic proxy config script). Even I was impressed
at how much bandwidth we saved.
Immediately, a third to half of our web (http) traffic
disappeared. Yes, the web cache was really that effective.
This freed
Re:back when I used to do it (Score:2)
Wow you must love working there. (Score:2)
Linksys to the rescue! (Score:1)
Point 1: Looked at routers that load-balance, but do so horribly.
Counter-Point 1: The RV016 uses weighted round-robin or various other methods, depending on your preference.
Point 2: I've considered splitting up my network users to use several incoming DSL lines, only to be confronted with intranet accessibility issues.
Counter-Point 2: The Linksys can do this for up to SEVEN WAN connections. It can split by IP range(multiple ranges), protocol(SPI), and port.
Point 3: None of these
timewarner (Score:1)
If you are actually growing rapidly (in sales, not overhead), the cost shouldn't be so much of an issue.
I would not go for a solution that mashes together a bunch of residential services.
Is more bandwidth necessary? (Score:3, Interesting)
Now, if you still find that you need more bandwidth, the easiest solution is to purchase a nice router that can handle routing and load balancing over multiple connections. Forget about a cheap LinkSys or NetGear DSL router, get yourself a serious router like the Cisco Integrated Services Routers. For under $3000 you can get one that has expansion slots for up to 4 WICs, and it can handle T1/E1, DSL, voice, etc.
I would also recommend that you talk to data providers in your area, as they are the people who build and sell these solutions every day. Don't just talk to the telco, talk to other providers as well. Where I work we get our T1 lines from AT&T, but there are several other providers that we could get them from, and the prices do vary some. There is also at least one provider that offers a wireless RF solution for Internet access that works as a line-of-sight basis. In this case you would essentially mount an antenna on your building, point it at their tower, and then hook it into your network. They were offerring speeds significantly faster than T1 but slower than T3 for very competitive prices, and they also offerred bandwidth on demand services (i.e., your usual allotted bandwidth was 10 Mbps, but they had excess capacity to handle spikes in traffic up to 15 Mbps or whatever).
Honestly, if you have to ask Slashdot how to scale your company's Internet bandwidth, odds are you're working for a pretty small company (because if you're working for a much larger company you would seem to be fairly incompetent for a network engineer). Most small companies wouldn't normally need more bandwidth than can be provided over a couple of T1 connections.
linux advanced routing and traffic control howto (Score:2)
another option though it would require some client side configuration is to have several IP subnets, set a static route up to your intranet router and then stick a cheap DSL router box on each subnet for internet.
try this (Score:2)
(if it doesn't work, go to foundry networks website and look for serveriron link balancer)
they provide means of load balancing traffic across multiple links (max of 6 t3 or 2 oc3 capacity) without having to go through complex bgp stuff.
hopping on the traffic analysis bandwagon (Score:1)
2001 called... (Score:2)
Looks like the good folks over at In-Touch Technical *really* need to update their computers page [intouchtechnical.com]
Re:2001 called... (Score:4, Funny)
They would have uploaded a new page, but they're having some trouble with their internet connection...