Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

How Do Businesses Scale Their Bandwidth Needs?

Cliff posted more than 8 years ago | from the large-bit-buckets dept.

116

onebadmutha asks: "I'm technology admin for a very rapidly growing company. We've gone from a fractional T-1, to supplementing that with a snappy DSL line, and now we're running out of reasonable options. I've looked at routers that load-balance, but do so horribly. I've considered splitting up my network users to use several incoming DSL lines, only to be confronted with intranet accessibility issues. None of these provide the kind of redundancy and control that I'd like, and certainly not with a nice pleasant UI that doesn't cause me great grief. I've looked at Open Source router distros (like routerOS, and others) and I've looked at using the full gamut of Microsoft madness. How do other businesses solve this problem of scaling bandwidth needs, without completely unlimited budgets for redundant OC-48 runs?"

cancel ×

116 comments

Amended summary (-1, Offtopic)

linvir (970218) | more than 8 years ago | (#15432601)

onebadmutha [mailto] asks: "I'm technology admin for a very rapidly growing company [intouchtechnical.com] . We've gone from a fractional T-1, to supplementing that with a snappy DSL line, and now we're running out of reasonable options... bla bla bla tech speak bla bla skip this part bla bla bla... Microsoft madness. bla bla bla make a joke about a game called "Microsoft Madness" bla bla bla, without completely unlimited budgets for bla bla bla?"

Many eyes make all bugs shallow.

Foolish moderators (-1, Offtopic)

linvir (970218) | more than 8 years ago | (#15432673)

I was attempting to implement the Speare doctrine of learning [slashdot.org] , whereby Mr. Onebadmutha would learn by solving *his* problems. This was to be accomplished by providing a handy link to his company website [intouchtechnical.com] , thus providing him with the vital practice he is so clearly begging us for, and would already be receiving had Cliff not blatantly cut his link from the summary. For shame.

Re:Amended summary (0)

Anonymous Coward | more than 8 years ago | (#15432687)

"If technical support you can shake hands with, rather than wait on hold for, sounds good to you, please contact us!"

That's truly beautiful! So now you can go to some guy for your support needs, and since he won't know the answer, he'll post it as an Ask Slashdot question...

2001 called... (1)

rednip (186217) | more than 8 years ago | (#15432945)

2001 called, and they want their computers back.

Looks like the good folks over at In-Touch Technical *really* need to update their computers page [intouchtechnical.com]

Re:2001 called... (3, Funny)

Everleet (785889) | more than 8 years ago | (#15433079)

Looks like the good folks over at In-Touch Technical *really* need to update their computers page

They would have uploaded a new page, but they're having some trouble with their internet connection...

Speakeasy Bonded T1? (4, Interesting)

El Cubano (631386) | more than 8 years ago | (#15432614)

I'm not sure if you are in an area where you can get Speakeasy service, but htey allow you to bond up to four T1 lines. I have no experience with the service, but I understand that it is cheaper than a fractional T3 and they provide you with hardware that does it for you transparently. I don't know if there are other service providers that have something similar, but it seems like a good idea.

Re:Speakeasy Bonded T1? (4, Informative)

packetmon (977047) | more than 8 years ago | (#15432745)

I currently work at a communications company (VoIP, IP, PBX, etc.) and I would suggest that before IT managers dish out money for connections, they sit and analyze traffic patterns and do some QoS, policy based routing before kicking out money for a faster connection. Many companies dish out unnecessary money for faster connections when all they have to do is creative filtering beforehand. You take out 20 audio streamers and I guarantee you some of those bottlenecks won't be an issue. I used to work in a small office with about 40 employees. I had a business cable connection with 5mb speed and ran VoIP services, Internet services, etc. without issues. I also set up some cache servers and streamlined what went and came in first, to make sure business came first no matter what. Best thing to do before ordering a faster connection is to do an analysis of the current architecture and go from there.

Re:Speakeasy Bonded T1? (4, Informative)

Bios_Hakr (68586) | more than 8 years ago | (#15433200)

MRTG can create bandwidth charts for individual ports on most Cisco kit. Run it for 24 hours and then drill-down through the gear to find out who the abusers are.

You could also install SNMP on the workstations themselves and track it back that way.

Disable any unused ports and lock active ports to specific MAC addresses to stop the "laptop freeloader" from sucking bits on a rogue PC.

Finally, start blocking all the ports for incoming and outgoing traffic. Open 443 and 80 for outgoing and then wait for people to call. Open ports on a per-user basis. Workers need department head approval. Dept heads need C*O approval.

You forgot the part... (2, Insightful)

Atario (673917) | more than 8 years ago | (#15433642)

...where morale drops through the floor and people start looking for new jobs.

Nobody likes living under a fascist big-brother network policy. But, hey, you put those lousy "freeloaders" in their place, huh? That's all that matters, after all...

And YOU forgot... (2, Insightful)

JoeD (12073) | more than 8 years ago | (#15434201)

... that it's their network, their rules.

Some non-work net use is inevitable (like me making this post). But when people are using their workplace's network connection for non-work activities to the extent that it's impacting the performance of the rest of the network, then something has to change.

For most businesses, there is simply no business reason to allow people to download music and/or stream video to or from the office. It's just like the telephone. Most places don't mind people making personal calls, but they ask that they be reasonable about it, because you're supposed to do your socializing at home, on your own time. It's the same with the office net connection. Nobody cares if you use it to order a book from Amazon, or read the daily news, or browse Slashdot. But if you start hitting iTunes or Youtube, or start doing lots of Ebaying, or share a torrent of last night's "American Idol", then you might be crossing a line.

Re:And YOU forgot... (1)

xmedar (55856) | more than 8 years ago | (#15434561)

It depends, for example listening to IT Conversations [itconversations.com] while having lunch at their desk is quite reasonable, certainly more reasonable that sending people to conferences all the time.

Re:You forgot the part... (3, Insightful)

ednopantz (467288) | more than 8 years ago | (#15434316)

>fascist?

Lay off the bong hits kid. Grownups understand that they aren't supposed to be torrenting all day on the boss's network connection. Anyone who quits because they won't be allowed to torrent porn all day does the boss a favor.

Re:You forgot the part... (1)

ePhil_One (634771) | more than 8 years ago | (#15434734)

Anyone who quits because they won't be allowed to torrent porn all day does the boss a favor.

And those whiners who quit because they can't get the information they need to do their jobs? The workaholics who used to stay 12 hours because they could be little timmy a birthday toy from Amazon.com in 5 minutes? The companies better off without them too. What the company needs are a bunch of bottom feeders who know they can't get better jobs elsewhere, and so put up with having to clock out to take bathroom breaks.

Managing HR issues through technology is a dead end. If someone is getting their work done with high morale because they spend 30 minutes a day browsing Slashdot and feeling connected, why isn't that better than getting your 8 hours of blood in a low morale, low productivity (the two go together hand in hand) environment. In 3 years of fast food, I never had a problem with cash. No cameras, just happy employees and often an open till. Sales were up 30%. Less than a year after I left, morale had crashed, sales were down, and cash was dissapearing regularly. Management responded by cracking down, lowering morale further, adopting an us vs them philosophy. Problems got worse and not better.

Re:You forgot the part... (1)

DDLKermit007 (911046) | more than 8 years ago | (#15435012)

Reading /. and buying Timmy a toy at Amazon both go over port 80 and impact connections minimaly and are fine. Streaming some random shit internet radio-station all day at 128kbs (or video which neither go over port 80) cloggs a simple DSL line pretty bad. No one mentioned blocking specific sites. Just unnnecicary ports for things like streaming audio, video, torrents, other P2P, and anything else that no one has any use for at work so they can feel "connected."

Re:You forgot the part... (1)

Magic5Ball (188725) | more than 8 years ago | (#15435068)

Congratulations for refuting a position you contrived and mis-attributed to the GP with your expert knowledge from the bandwidth-management trenches at MacDonalds...

The GP post was discussing torrenting porn, which: a) can consume much bandwidth both ways, b) may open up the business to sexual harassment issues and a hostile work environment, c) may be illegal.

As for your ideas, sucking down 2 MB of /. a day (70 bytes per second over eight hours) stuff the network connections much less than streaming, torrents, Skype, etc.

Re:You forgot the part... (2, Interesting)

ePhil_One (634771) | more than 8 years ago | (#15438031)

The GP post was discussing torrenting porn

The post I replied to suggested blocking all internet traffic and reopening holes on a user by user and port by port basis. If users are downloading porn at work, you have an HR issue. If users are streaming audio/video against policy, you have an HR issue. If you don't have a policy about streaming either its not an issue for you or it never occured to you to tell you users its a bad thing. Many users are just clueless about the cumlative effect of streaming, since it works fine at home. Suggest they bring in a radio or CD's

with your expert knowledge from the bandwidth-management trenches at MacDonalds

Aw, I didn't know you cared. Rest assured that I know more about the subject than 99% of the IT pros on Slashdot (which really isn't hard), and I'm proud to have knowledge and experience that extends beyond the IT cubicle. Its a pet peeve of mine when folks recommend technical solutions for people management issues (Joey set up a porn screen saver! we must block people from chosing their own screen savers!). It shows a lack of leadership and management ability.

Re:You forgot the part... (1)

TheLink (130905) | more than 8 years ago | (#15435424)

Uh, without any controls, the frigging torrents and video streams are more likely to get in the way of stuff like google searches for work-related tasks. It could make the quick "shopping trip" to Amazon take a fair bit longer.

It's quite annoying when a websearch takes 20 seconds to load because of some P2P crap or movie downloading.

If I were the admin, I'd still allow video streams, but they'd be on a lower priority compared to everything else.

I doubt even email should be held back just so someone can watch a video smoothly.

Sure policies, enforcement is always down to management and not tech. But this is more like basic traffic control.

Re:Speakeasy Bonded T1? (1)

w1r3sp33d (593084) | more than 8 years ago | (#15434163)

MRTG has always done the job for me but I have been looking more and more at cacti, it's worth a look over here http://www.cacti.net/ [cacti.net]

Re:Speakeasy Bonded T1? (1)

Magada (741361) | more than 8 years ago | (#15434409)

You, sir, are exactly the kind of ill-informed cubicle nazi because of whose kind I have to tunnel FTP and POP3/SMTP over a SSH connection to an outside machine when I actually want to get some work done *at work*. Port blocking is inane if you only need the bandwidth. Do traffic analysis and prioritize all you wish, use a caching proxy. People will soon learn to not download or use Skype in the time interval you're synching remote databases, the BitTorrent freeloaders will achieve consistent 5Kb/second speeds and therefore realise it's not worth it, the latest youtube video will only be downloaded exactly once and all will be well in network land. Also, your bosses might like you more, for not having to review inane "please boss can i look at pr0n^H^H^H^H market data all day" requests all day every day.

Re:Speakeasy Bonded T1? (1)

Bios_Hakr (68586) | more than 8 years ago | (#15439785)

We use an packet analyzing firewall. By default, SSH cannot be tunneled through it. I set up an external server and then used PuTTY to try and connect from internal land. Even after reconfiguring everything to run over port 443, PuTTY cannot create a connection.

The firewall does not care what port you are using. It's smart enough to figure out what protocol you are using.

As for the cubicle nazi thing, that's just dumb. My company has limited resources. We have to ensure that those resources are used properly. I don't have time to run down every downloader and slap them on the wrist. I look at the proxy logs and decide if the top 100 sites are work-related or not.

For a long time, the top 100 sites were mostly pr0n. I mean, seriously people. Why are you surfing pr0n at work.

Video.google.com and YouTube and the like are also blocked now. MySpace was blocked long ago. Virtually all of the Fantasy $sport sites are blocked.

When you are at work, you need to be working, not fucking off on Amazon or eBay.

Re:Speakeasy Bonded T1? (1)

lon3st4r (973469) | more than 8 years ago | (#15437174)

Finally, start blocking all the ports for incoming and outgoing traffic. Open 443 and 80 for outgoing and then wait for people to call.

Seriously not a good idea. You can save a lot of frustrations and agonizing if you ask people their requirements first and then trim down.

* lon3st4r *

Re:Speakeasy Bonded T1? (2, Informative)

222 (551054) | more than 8 years ago | (#15432749)

I'm not sure if we're talking about the same thing, but Multilink Encapsulation allows for multiple T1's to be seen as one interface, and I can't imagine an ISP that wouldn't support this.
It (obviously) requires both T1's to be from the same provider, as there is configuration needed on both ends.

Re:Speakeasy Bonded T1? (3, Insightful)

mnmn (145599) | more than 8 years ago | (#15432854)

Forget speakeasy bonded T1, you can bond your standard DSL lines through an OpenBSD firewall using CARP. Read also about VRRP and (HSRP and GLBP) for cisco solutions. They add not only redundancy but also load balancing, and recovery is real fast as opposed to something like RIP2. You can also use OSPF but careful, OpenOSPFD and zebra dont provide load balancing and redundancy of default routes. IOS does.

I say spend your budget on additional lines instead of cisco smartnet.

Re:Speakeasy Bonded T1? (1)

ldspartan (14035) | more than 8 years ago | (#15433078)

How is that the same as bonding? You can load balance all you want, you're not going to be able to push one stream to 3mbit over two T1s.

Not to say the software solution is useless, just not the same.

--
Phil

Re:Speakeasy Bonded T1? (1)

tzanger (1575) | more than 8 years ago | (#15434118)

Forget speakeasy bonded T1, you can bond your standard DSL lines through an OpenBSD firewall using CARP. Read also about VRRP and (HSRP and GLBP) for cisco solutions. They add not only redundancy but also load balancing, and recovery is real fast as opposed to something like RIP2. You can also use OSPF but careful, OpenOSPFD and zebra dont provide load balancing and redundancy of default routes. IOS does.

I recently did something similar with Linux.

Business wanted bigger bandwidth and higher availability than was available in town without going to expensive bandwidth. We took ADSL from two different providers (could have also used wireless, cable, etc.) and a machine in Toronto in a data centre on a multihomed network and created a pair of GRE tunnels between them.

The multihomed server extrudes an IP on its network for the business, and the ip-up scripts for the PPPoE connections fiddle with the tunnels. Now they have an IP address which is located in multihomed space in this little old town of 5300 people, and through creative use of iproute2 the only multihomed bandwidth they use is what they actually really need to be redundant. Everything else (basic web browsing and outgoing email being the biggest ones) is just coarsely load-balanced over the basic PPPoE connections, without travelling over the tunnels. I've got route caching turned off so it works pretty well.

The next step is to encrypt the tunnels using OpenS/WAN -- that was the original idea, but unfortunately it's not possible to do this without the GRE tunnels, since OpenS/WAN would get confused about which traffic was for which connection since they both have the same endpoints in the configuration file. I'm sure I could use another encryption package but I'd rather stick to something standard.

Re:Speakeasy Bonded T1? (1)

stonecypher (118140) | more than 8 years ago | (#15435970)

Yeah, and if DSL wasn't oversold 150:1, that'd be a great idea.

T1s are still selling because there's still a need for them. Frame devices have guaranteed throughput, guaranteed uptime, service level contracts and so on. Bound DSL just isn't a responsible choice for a business.

Re:Speakeasy Bonded T1? (1)

littlerubberfeet (453565) | more than 8 years ago | (#15437336)

Bonded DSL works. I know a few G**gl* employees that have 3 bonded SDSL lines, so they can do video conferencing from home. It costs next to nothing on the user side, but the ISP has to be willing to invest a grand or so on the backend.

Bonded T1s from the same provider? (1)

Dadoo (899435) | more than 8 years ago | (#15433072)

I don't get why you'd want multiple T1s from the same provider, if you're looking for redundancy. In my experience, it's much more likely your upstream provider will go down, than the T1, itself.

Question (2, Interesting)

42Penguins (861511) | more than 8 years ago | (#15432635)

What, exactly, is the question? Is it: What kind of line should I have? or What kind of router hardware/software should I use? I'll shoot at the first question: You already have a fractional T-1, why not buy the whole thing? It's not as elite as redundant OC-48 lines, but like you said, you can't afford those anyway. If you want a step up from that, get redundant T-1 lines from 2 different providers in case one gets nicked.

Re:Question (1)

arivanov (12034) | more than 8 years ago | (#15433460)

That is the way I understood the question.

And the answer is a series of questions in itself:

  • Do you use hosting for customer facing services? If not you are looking towards being multihomed to more than one provider and having the minimum bandwidth at which they agree to do that (usually T1 or E1).
  • Do you monitor your capacity utilisation? What is it showing at the moment. If not how can you judge if it is being utilised well? Similarly, if how do you know that your backup link provisions have sufficient capacity?
  • Do you use QoS and do you classify traffic and allocate different bandwidth allocations to different types of traffic? If you do you can usually get away with an E1/T1 up to 200 employees. If you do not you end up having to use several times more. Once again, if you monitor it you can have an excellent idea which types of traffic have a suppressed demand and which not.
  • Do you use proxies and force their use? Once again, do you monitor them?
  • Do you allow P2P and if so do you QoS it down? If you do not you should refraze the question as "How much would I like to sponsor resource thieves around the world on my company bill?".

So on so fourth. Every company is different and there is no silver bullet solution.Even so, putting CBQ or HTB on the link is always a good start. Everything else aside it can give you a good idea what types of traffic have a suppressed demand and what types of traffic have reached a steady state. Once this information is available you can decide if more bandwidth is actually necessary.

Alternatively you can use the dumbfuckistani penis extension approach known as "More Fiber is the solution to all humanity problems". Telcos will love you.

Re:Define the Question (1)

tengu1sd (797240) | more than 8 years ago | (#15438552)

Before you start to design a solution, you need to define the problem and expectations. Are you providing services to customer or do you have gaggle of developers that need porn and music? Are you getting mail in html format with attachments of the latest dancing baby video? Is downtime less expensive than redundancy, what's the business impact?

Does renting rack space at a data center with redundant connections, air, power, generator and 7x24 staffing make sense? Or do you need to run the exchange server under Bob's desk so it can be rebooted regularly? Can you try to block audio/video files?

There are a variety of bandwidth solutions, I have customers with multiple OC-3s and customers with a DSL business line. The answer is: it depends on business impact and downtime tolerance. Many redudant solutions get postponed once the cost is known.

Before you can propose a technical solution, you need to know the political layout.

Dark fiber Ethernet service, or fractional DS3 (5, Insightful)

Anonymous Coward | more than 8 years ago | (#15432643)

That's how real tech companies do it. If you can get Yipes, Cogent, AboveNet, or some other dark fiber provider to serve you Ethernet service, that's the cheapest way to get a lot of bandwidth (10-100Mb/s range). If you can't, then you get a fractional DS3. Most real providers will let you dial the bandwidth up and down reasonably, so you could start out with a 5-10Mb/s circuit and grow from there.

Bonding T1s and DSL is neat and all, but if your business actually depends on the Internet working, go with one really good fat pipe and then maybe a thin one (T1 or so) as a backup. Don't mess with complex setups. Complex = new ways to fail.

Re:Dark fiber Ethernet service, or fractional DS3 (2, Funny)

Anonymous Coward | more than 8 years ago | (#15432973)

Dead on the money AC. You forgot the colo/data-center option, which will generally come with burstable ethernet. This isn't a real tech company though.

Check the link [intouchtechnical.com] , which has since been removed. The computers page is especially amusing.

Re:Dark fiber Ethernet service, or fractional DS3 (1)

Amouth (879122) | more than 8 years ago | (#15433385)

i can't belive he asked slashdot.. there are plenty of forums out there deticated to this type of stuff.

now one thing that grand parent AC over looked is that if they are small ther is always a cost problem.

one thing i have found is to use a T1 has the primary line for max up time services.. and then get a cheep microwave/wireless connection for fast but doesn't have to work 100% of the time - where i am you can get 2mb up 2mb down for around 200$ a month including small ip block and leased router (cisco 800's not crap netopia). and if you ask (or just reset them) they will give you accounts on them to configure them.

Re:Dark fiber Ethernet service, or fractional DS3 (4, Insightful)

baptiste (256004) | more than 8 years ago | (#15434288)

i can't belive he asked slashdot.. there are plenty of forums out there deticated to this type of stuff.

Why is it every time someone asks a legitimate IT question on /. the poster is ridiculed with the above statement. Every. Single. Time. I for one think /. is a GREAT place to ask questions like these. Unless you've been the 'jack of all trades' IT guy at a small company, you have no idea what it is like. You're expected to know EVERYthing. Sure - there are forums all over the place dedicated to this specialty or that specialty. And if he was a network admin only, he likely would read those forums every day.

I think /. is a great place to ask questions like these. Sure you have trolls and ACs who sometime suggest silly solutions. But you also have a LOT of hardened geeks and IT types who have been around the block a few times who make good suggestions. Already here I've seen 3 or 4 solid solutions that he can now consider and do more research on to see which fits his company best.

Asking /. a question is not a sign of a n00b or bad IT person. What better place than one of the biggest techie readerships on the Internet to ask questions. I find many Ask Slashdot threads to be very informative, filed away for 'future use'

At least you followed up the standard 'I can't believe he asked /.' with an actual, you know, answer.

OK, move along nothign to see here. I had to waste a little Karma anyway.

Re:Dark fiber Ethernet service, or fractional DS3 (1)

misleb (129952) | more than 8 years ago | (#15435378)

Asking /. a question is not a sign of a n00b or bad IT person. What better place than one of the biggest techie readerships on the Internet to ask questions. I find many Ask Slashdot threads to be very informative, filed away for 'future use'

The issue isn't whether or not the submitter is a "n00b" (although he clearly is). The issue is whether or not SLashdot is an approrpiate format for such poorly formulated questions. Questions that require clarification. Notice that we have not yet heard back from Mr. "onebadmutha" despite many requests for more information about his configuration and requirements. I seriously doubt his sincerity.

-matthew

Re:Dark fiber Ethernet service, or fractional DS3 (1)

Amouth (879122) | more than 8 years ago | (#15436220)

thankyou .. someone that saw why i said what i said..

personaly i feel ask /. is for things that you can't find answers to but it would help to see what the rest of the world does to solve a problem that isn't esily fixed

Re:Dark fiber Ethernet service, or fractional DS3 (0)

Anonymous Coward | more than 8 years ago | (#15439237)

The issue is whether or not SLashdot is an approrpiate format for such poorly formulated questions.

Your UID is only barely above five digits, you can't be this green.

Re:Dark fiber Ethernet service, or fractional DS3 (1)

MrResistor (120588) | more than 8 years ago | (#15438672)

Man, I hope those prices are in Canadian dollars.

Re:Dark fiber Ethernet service, or fractional DS3 (1)

ostiguy (63618) | more than 8 years ago | (#15435384)

What should a 10 megabit connection cost from one of those providers? I recently got a quote from one of them that was wholly out of line with what a multiple imuxed t1 solution would cost.

Re:Dark fiber Ethernet service, or fractional DS3 (1)

doughrama (172715) | more than 8 years ago | (#15437193)

I really don't know what the going rates are these days. When I sold them the best deal I ever gave was $350 per Mb per month... And that happened to be for a friend of the company. At the time a normal price was around $700 or more per Mb per month.

So anyways I would expect that a 10mb Fractional DS3 would be somewhere between 3000 and 5000 a month, not including the local loop.

I'm curious as to how much this stuff costs now, and where the quotes are coming from.

Re:Dark fiber Ethernet service, or fractional DS3 (1)

Glendale2x (210533) | more than 8 years ago | (#15437461)

I got a quote from Level3 a while back for fractional DS3 starting at 6MB/s for $2300/mo. Install was something in the same range. Didn't pursue it further, though.

Choices! (4, Informative)

222 (551054) | more than 8 years ago | (#15432684)

Well, at my company, we were recently faced with the same dillema.
There are a couple of options available, though. Although my organization appears to be a bit larger than yours, we've decided to utilize a spare T1 that simply sits there for disaster recovery purposes with Policy Based Routing (We're an all Cisco network, although this can be done on a variety of platforms, including Linux..) This directs traffic from a certain IP (and possibly port, I believe) to a specific interface, so that important data (Citrix, etc) has access to our main pipes while web traffic gets the shaft, so to speak. It uses policy maps to do so; I'm relatively noobish to IOS so maybe someone else can shed some light on this.

I'm hopefully certain you have explored QoS and are currently implementing it, but even QoS has limits.
I'm pretty sure a combination of the 2 methods listed above should take care of you. As a network admin, I could care less if web traffic gets dropped on a cheap DSL or cable connection.

Just my 2c, hope it helps ;)

Understanding networks (2)

jaredmauch (633928) | more than 8 years ago | (#15432685)

You need to understand a bunch of things to solve your problem, and we need some more data too

1) Where are you located? Changing from a fractional T1 to DSL is usually a downgrade, unless it's some sort of SDSL if you're inside the US.
2) Do you have any latency/packet reordering requirements? Bad things happen when packets are out of order, and modern routers avoid reordering like the plague to keep bad things(tm) from happening.
3) What resources do you not need onsite, perhaps some reasonbly priced colo is a better solution for your more resource intensive solutions
4) What are your true bandwith requirements? Most major cities you can get metro-ethernet or various flavors of dark/dim to lit fiber for cheap.

Multiple geographically diverse OC48's are not for most people, are you sure this applies to your requirements?

Re:Understanding networks (1)

Wdomburg (141264) | more than 8 years ago | (#15432741)

Eh? Even a full T1 line is only 1.544Mbps. Verizon offers 7.1Mbps/768Kbps DSL lines for about $200/mo. Have been for years.

Re:Understanding networks (1)

Baddas (243852) | more than 8 years ago | (#15432761)

Correct, but you realize that is subject to the vagaries of normal DSL service. T-1s are more reliable, generally.

T-1s are also much faster upstream, which is where a budding internet company or the like needs their bandwidth.

Re:Understanding networks (1)

Wdomburg (141264) | more than 8 years ago | (#15433134)

The company he linked to specializes in "on-site consultation, installation and support for small business" not internet services or hosting of any kind. We're talking about an office network, where downstream is going to be the predominant concern. Doesn't take much bandwidth to send out the occasional mail and request web pages. There may be exceptions - VOIP, for example - but given the existing connections those are almost certainly non-issues.

As I said in response to the other gentleman who posted me, reliability needs vary heavily from site to site. As does the relative reliability of business class DSL. I've had an SDSL line in my house running for about seven years now and can count the outages on one hand (and twice it involved hardware failures on my end).

Oh, and upstream depends on what you pay for, just like traditional carrier lines. A frac T1 is typically going to be 768, just like the ASDL line I referenced. If that's not enough, I know locally I can get SDSL at rates well below carrier lines.

Unfortunately there's no objectively Right solution that applies to every situation, and even the Right solution for a specific situation is going to involve a trade-off; it's just another form of the old cliche: fast, cheap, reliable - choose two.

More than bandwidth (2, Insightful)

misleb (129952) | more than 8 years ago | (#15432782)

Such a line can easily be brought to it's knees by simply saturating the upstream. ADSL does not work well in business environments with many users. I'd take a full T1 over that 7M/768k DSL line for a business any day.

-matthew

Re:More than bandwidth (2, Insightful)

Wdomburg (141264) | more than 8 years ago | (#15433074)

I wouldn't make that kind of determination without evaluating the existing and projected traffic and use patterns. Considering this was supplemental bandwidth, it's almost certainly being used for internet access and not critical services. The upstream requirements are likely well below what a business class ADSL line provides. If the problem isn't upstream and you go for a plain T1, you'll bring it to its knees saturating the downstream. :)

Reliability may be an issue of course. Depends on how much the userbase depends on real-time access to the internet. If most of the users rely on intranet resources, no biggie. They can live without the web for a little while. On the otherhand, if the company relies heavily on externally hosted applications like CRMs or mail, you likely should have redundant connections, period.

SDSL (1)

redshadow01 (113325) | more than 8 years ago | (#15432690)

Where I work we have an SDSL line, 10Mbit up/down, with the bandwidth being charged by the 95th percentile of sustained 3Mbits/sec...it comes out to a fairly reasonable number, similar to about 20-25 consumer DSL Lines...we will be changing that for fibre, same bandwidth, almost the same price...

T1's and other leased lines are too expensive...check for SDSL offerings in your area

Granted, my office is in downtown of a large city, so we have more choices...

What exactly do you need? (4, Insightful)

dereference (875531) | more than 8 years ago | (#15432692)

Your "requirements" seem to be all over the map. If you want redundancy, that's one thing. If you want simply to scale, that's quite another thing. If you want partitioning, that's yet a different problem.

Then, ask yourself what kind of traffic you are handling. If you're looking at users surfing the web, you probably needn't be overly concerned with load balancing; if you're receiving tons of inbound traffic to your servers, on the other hand, not only do you need load balancing, but you probably also need to seriously consider co-location solutions for your servers.

The adminstrative traffic is typically a much lower priority in most companies. I don't know how many users you're talking about, or what they're doing, but most small companies just live with a single (full) T1 until they absolutely need to bond another T1 (where "need" is subject, but should be kept in check, especially given that last bit about not having unlimited funding).

I guess this is not much of an answer, but these are all important questions you need to be asking yourself well before seeking specific answers. I'm not sure where you're coming from, and I don't mean to accuse you of anything, but taking the approach that you'll know the right answer when you see it is usually flawed from the start.

Whoa, slow down there (3, Insightful)

misleb (129952) | more than 8 years ago | (#15432697)

Slow down there, chief. Exactly what kind of company would be going from fractional T-1, to DSL, to... an OC-48? (I sssume you were exaggerating on the OC-48)

Couple questions:

1) How many employees are we talking about here?
2) What are they doing on the internet that is so demanding?
3) Are you running any web/streaming servers onsite?
4) Have you gone to any lengths to diagnose exactly what your bottleneck might be?
5) Are you sure you don't just have a couple of hogs downloading porn all day?

I know 200+ employee companies that get by with a single T-1 just fine. I'm a little suspicious of your bandwidth needs.

But if you really meed that much bandwidth for web browsing (I doubt you do), the next step would be a DS-3 circuit at about 45Mbit. But that can be pretty costly for the circuit alone. It would, however, allow you to scale because you'd probably be paying for the bandwidth used and not the full 45Mbit. If you are in a building with other companies who have similar needs, you may be able to split the cost of the circuit and share it.

Also, depending on your location, you may be able to setup a wireless (not WiFi) deal with someone. Something with real gear, of course. Not just a couple Linksys' with Pringle can antennaes.

-matthew
 

Re:Whoa, slow down there (1)

WuphonsReach (684551) | more than 8 years ago | (#15433128)

While not the original poster, I can think of an example or two.

When I first joined my current company back in 2000, we had nothing more then a 56k line (and a few dial-up users). We upgraded that to a T1 pretty quick in order to provide better support to our remote workers.

Over the years, we've added more remote workers. Plus, remote workers tend to be connecting via multi-megabit DSL/Cable connections instead of the sub-megabit speeds of 5 years ago. Combine that with more and more internet use, using VOIP to save on toll calls, etc. and that T1 starts to look a little overused.

Re:Whoa, slow down there (1)

misleb (129952) | more than 8 years ago | (#15433401)

I guess it depends on how your 'remote workers' are accessing your network. Are they trying to mount your internal file server? Just POP'ing email? SSH to your servers? Are they doing it constantly? Remote users working on a fast internet connection doesn't automatically mean they demand lots of bandwidth. The majority of T1's I have seen have been largely underutilized on average even with remote users. And a company of any significant size (big enough to saturate a T1) would probably not run VoIP over that same line without some way of prioritizing voice traffic. I certainly wouldn't recommend it.

Anyway, The original poster specifically mentioned using DSL and splitting their users between DSL lines. Didn't sound like he was concerned about remote users... just getting faster internet for local users.

-matthew

Step by step assessment... (0)

alexcampbell (709969) | more than 8 years ago | (#15433982)

I don't know where to start on this one. Firstly, you need to assess what your exact bandwidth requirements are. This is not difficult - just MRTG graphs and some reporting from whatever firewall / routing equipment you're using right now. Secondly, you need to figure out what sort of cabling is in your area. As others above have noted, the best solution is an ethernet VLAN over fibre between you and your provider. You could start out at 10mbps and scale up to 100mbps easily if you need to. If there is no fibre running in your area then you'll be stuck with a T1 (but if you are currently fractional, why not upgrade to full?). Thirdly, you need to make sure that you have the routing equipment to make this work. I can't think of any device with a "nice pleasant UI that doesn't cause me great grief" that could actually forward packets at T3 speeds, let alone 100mbps. Serious equipment is configured from the command line, if you can't figure out the command line then... Lastly, you'll sound a lot smarter if you don't throw around terms like "redundant OC-48 runs". Is it possible that you will ever need Nx2.4gbps of connectivity? Do you know how much this would cost? Do you know how much the routing gear to handle this would cost? There are a lot of ISPs that don't use anywhere near that much transit bandwidth.

What are you using it for? (2, Insightful)

georgewilliamherbert (211790) | more than 8 years ago | (#15432709)

Is this internet access for desktop users? People from outside coming in to your corporate website? VPN connections to other offices? How many users? Are you attempting to syncronize any data across the link? In real time, or overnight?

The possible set of right answers depends a lot on what you're doing with it.

Policy based routing plus any number of DSL lines will work for splitting up desktop web access.

Inbound traffic for the corporate website is pretty much the antithesis of that... outbound traffic is the target, and that ends up being T-1 optimized for small sites and bonded T-1s or faster links for bigger ones.

VPNs can be symmetrical or asymmetrical. Your mileage may vary.

Sonicwall 4060 (2, Informative)

Anonymous Coward | more than 8 years ago | (#15432717)

Our company uses a Sonicwall 4060 to load-balance two partial T1s. While it is a bit complex to set up, there's no lack of options on it. It's been extremely reliable too, I'd say its an excellent choice.

honestly (4, Interesting)

BushCheney08 (917605) | more than 8 years ago | (#15432739)

In all honesty, after looking over the intouchtechnical.com site, I'm going to go out on a limb here and tell you that you need to find which of your techs is running bittorrent all the time and either teach him how to set upload and download limits or cut him off entirely. As others have said, your posting is all over the map. You openly dismiss more than a few technologies that work quite well in competent hands. You mention fractional T1s, DSL, and OC48 as if you don't even know what they are. It really sounds like you aren't qualified to be the technology admin for a company whose business revolves around providing tech support to other businesses. Hate to say it, but that's what I see from where I'm sitting.

Re:honestly (1)

sharkey (16670) | more than 8 years ago | (#15433023)

Don't be too hasty. I was starting to doubt these guys after looking at the prices for their "iT for nn" computers, but then I looked through the "iT for Professionals" offering and saw this:

  • 52x CDRW w/ 8Meg Cashe

You get that, plus you get about $750 worth of hardware and software for only $2099.95. These guys MUST be good!

Intranet and Internet (5, Funny)

pete-classic (75983) | more than 8 years ago | (#15432759)

From the In-Touch website:


Our Technicians Offer:

Consultation, Installation, Upgrade,
and Technical Support of:
[. . .]
        - Intranet and Internet


Have you tried dialing zero and asking for one of these technicians?

-Peter

Re:Intranet and Internet (0)

Anonymous Coward | more than 8 years ago | (#15433048)

Perhaps one of us should go the extra mile and fill out the contact form [intouchtechnical.com] for him.

Ban BitTorrent = problem solved (2, Insightful)

patio11 (857072) | more than 8 years ago | (#15432770)

You've got a variety of options for banning bitorrent (that is your problem, right? You have done traffic analysis before coming to Slashdot, right?). This is in an escalating hierarchy of how invasive you'll have to be. 1) Tell your employees that bandwidth costs have gone up, that you know BT to be the source of the problem, and that you trust them to do what is necessary. 1.5) Ban BT by policy, threaten severe sanctions up to and including dismissal for skirting the ban. 2) Block the standard BT ports. 3) Filter out BT packets. 4) Install computer forensics software and look for evidence of BT use (pretty much has to be combined with 1.5).

Re:Ban BitTorrent = problem solved (1)

MichaelMarch (686675) | more than 8 years ago | (#15435986)

We only have 10 people working at a time and not all of them use the internet all the time. But recently the internet connection started to jump up and down.. Sometimes causing the linksys router to stall all together. Found out that one of the employee's discovered bit torrents and was downloading tv shows during work hours. Since this discovery, I've blocked the range of 6881-6999 and now he can't connect to BitTorrent files... Now the internet has stopped bouncing so damn much!

As others have said... (1)

Greyfox (87712) | more than 8 years ago | (#15432793)

First check and see how much of your current broadband is being consumed by itunes (By far the biggest offender in many companies) bittorrent and the like. If QOSing those ports down to 56 (or 3) kilobits a second doesn't solve matters, check with various providers. MCI used to have a 10mbps service back in the day. Speakeasy has some interesting options and their technical support is some of the best I've ever run across. Sprint... probably isn't worth talking to. I guarantee you whatever they offer will be cheap, and that's about all that can be said about it. Make sure that you have a path for growth with whatever option you choose and you should do all right.

Intouch Technical? (1)

misleb (129952) | more than 8 years ago | (#15432848)

Heh, I just went to http://www.intouchtechnical.com/ [intouchtechnical.com] (the domain of the submitter's email address). Looks like a pretty amateurish IT shop. Especially if they don't understand how to scale Internet access. And check out their computers section: http://www.intouchtechnical.com/comp.html [intouchtechnical.com] Geez, $1200 for an AthonXP +2200 system.... with Win2k?? WTF?

I bet they have like 1 guy running Bittorrent all day using up all their bandwidth.

-matthew

Re:Intouch Technical? (1)

Mike Buddha (10734) | more than 8 years ago | (#15432928)

The mere fact that they try and sell PCs tells you that this is amateur hour. Send them to Dell if they want hardware. You might be able to beat a large manufacturers prices, but support for that crap is an expensive timesink for your techs.

Old page (1)

SanityInAnarchy (655584) | more than 8 years ago | (#15432951)

From the response header:

Date: Wed, 31 May 2006 03:29:16 GMT
Server: Apache
Last-Modified: Sat, 16 Aug 2003 01:39:59 GMT
Etag: "6151ef-3ef-3f3d8b6f"
Accept-Ranges: bytes
Content-Length: 1007
Content-Type: text/html

200 OK

Re:Old page (1)

misleb (129952) | more than 8 years ago | (#15433017)

Out of date or out of reason, either way it reeks of "amateur." I mean, come on. The site is like 5 pages total. The least they can do is keep it up to date.

-matthew

Speakeasy isn't the only one and it's called IMA (1)

scronline (829910) | more than 8 years ago | (#15432904)

Speakeasy isn't the only ISP that allows you to "bond" lines. That's part of the reason why ATM has become the norm. It's called an IMA line which stands for "Inverse Multiplexing For ATM". There's an up and downside to IMA/ATM circuits. Downside to ATM is you lose a little bit of your traffic in overhead. So while you're paying for 1.5meg you're only going to see 1.2 to 1.3 depending on conditions which isn't the case with traditional Frame Relay.

However ATM allows for IMA lines which are bonding the T1s together. You'll need a specific card to handle it like a 4 or an 8 port IMA card. Of course the more you add, the larger the gap will be with the bandwidth loss. 3 meg you'll be down around 2.4-2.6 actual and so forth. While it's not the best solution, it's better than some of the other options.

Of course, you may find that with the price that you'll be paying that it will be better to just say to heck with it and get 2 Frame Relay (not to be confused with Frame Relay over ATM which is essentially ATM with the bandwidth costs just marketed as a frame relay) lines and use BGP shape the traffic.

Re:Speakeasy isn't the only one and it's called IM (1)

ItWasThem (458689) | more than 8 years ago | (#15433296)

GO GO MLFR! Seriously though the only carrier in the US pushing IMA is at&t, everyone else when you ask for a bonded T1 will give you MLPPP or MLFR. It feels funny to say "only" though when these days we're really only looking at 2.5 players...

Weigh your options (2, Insightful)

aelbric (145391) | more than 8 years ago | (#15432915)

In short, there are several commercially available choices that may be available depending on latency, bandwidth, price, reliability, and availability.

1) Classic T-1, 1.5Mbps
2) IMA (Inverse Multiplexing over ATM) - Essentially bonded T-1s up to about 6 Mbps before the cost of the routers becomes prohibitive
3) Ethernet Switching - 10Mbps and higher
4) DS-3 and higher - 45 Mbps and up

If you need high availability, option 1 is ruled out. IMA is good for speed and availability, but increases complexity. Ethernet switching is fast, but redundancy will cost you and it will require additional CPE devices for security and traffic monitoring. DS-3s and up are reliable and fast, but the cost of high availability (e.g. dual-entrance facilities, multiple providers) is astronomical.

Set yourself up a matrix of each of the key metrics that make a difference to you. Talk to all your possible providers and populate your matrix with their service responses. Read their SLAs very carefully. Understand how they calculate their measurements. A 99.98% availability can be insufficient depending on how they calculate it. Weight their responses based on your business requirements and then choose the option that best suits your needs.

If all else fails, bring in a telecommunications expert for a couple hours to help you analyze your options.

What you missed (1)

whoever57 (658626) | more than 8 years ago | (#15432967)

5) Fixed Wireless Internet.

Depending on where your office is, this may be an option. Nextweb [nextweb.net] offers T1-equivalent (1.5Mbps) up to 6MBps.

Re:What you missed (1)

tradiuz (926664) | more than 8 years ago | (#15435263)

The problem with point to point microwave wireless is that its unreliable at best, not in service at worst. There are problems with packet loss and latency. Our office currently is paying $300 for 2mbit service, and I'm working to remedy that. The biggest problem is convincing the president that we need to spend another $400 a month for T-1 (he's smarter than the PHB in all aspects other than why we need to spend more money, not less).

Currently I'm looking into business class cable (6mb / 2mb), T-1s, and SDSL. Even with the great leaps and bounds in technology, you'd think the cost of T-1 lines would be lower (or the bandwidth significantly higher).

Re:What you missed (1)

whoever57 (658626) | more than 8 years ago | (#15437019)

The problem with point to point microwave wireless is that its unreliable at best, not in service at worst.
Well, you may have had a bad experience, but I used fixed wireless for about 3 years at my last company and it proved to be highly reliable and we did not see any latency issues.

OK, we did have some problems when some trees grew into the path of the wireless link, but once that was solved, it was very good. What's more, while we paid for 2Mbps, that was the minimum we saw and most of the time, we actually got up to 4Mbps.

Actually, T1 has come down in price: only 3-4 years ago, you could not get T1 service for less than $800.

Re:Weigh your options (1)

n1ckml007 (683046) | more than 8 years ago | (#15434546)

I agree with the bonded T1's; a cisco router will be able to keeping routing even if one of the T1's drops. Also you can add bonded T1's as needed. Fiber (muni or commercial) is another option, which also scalable.

Great question (0)

Anonymous Coward | more than 8 years ago | (#15432924)

Next time just post "It's broken, you fix" and save all of us some reading.

Bonded T-1s (0)

Anonymous Coward | more than 8 years ago | (#15433027)

Like everyone else here has said, bond your T-1s, you can afford it.

If you can get your hands a little dirty... (1)

ADRA (37398) | more than 8 years ago | (#15433042)

there are next to $0 solutions to your problems. I used to admin a network with a t1 and 3 DSL's. The DSL's were for specialty web traffic while the T1 was business services traffic and email.

Although we weren't providing anything around 5-9's service, my setup managed 3-9's without too much effort.

The router was a simple vanilla Linux router with n-ports, one for each internet line and one for any local subnets. You could be creative and break up the internal architecture any way you like.

You'll need to spend a few dedicated weeks learning everything about iproute2, iptables, and tc. Its not all that pretty for newbs, and if you simply don't have the time to get comfortable with it, just stop reading now. If you step into this, you'll need to be armed with information. Otherwise, you're in for a world of hurt. On the bright side, once, you've mastered all there is to it, you'll truly be a networking god, and not just the lowly net-op that you are today.

shape it (1)

Mike_ya (911105) | more than 8 years ago | (#15433084)

Use a packet shaper, we use one by Packeteer.

You will be able to see who is using the bandwidth and what applications are using it.
You can then block or set low priority for non-work related traffic.

If bandwidth is still an issue I would look at bonded T-1 lines, which is what we do.
Once the router is configured there is really no administration.
Then step up to a fractional t-3 when necessary.

Re:shape it (1)

ItWasThem (458689) | more than 8 years ago | (#15433273)

Packeteer shapers were helpful 5 years ago before MPLS was hot on the scene. It's the traditional new technology curve where first it's proprietary, then it's a standard, then it's a commodity.

We're approaching a phase where application prioritization is already a standard headed for commoditization via CoS in standard MPLS networks. IMHO the single best investment you can make in this performance management arena (and I work in it so it's not a totally uninformed opinion) is in training the people you have to use the tools you already have.

Barring that invest in a tool that will help inform your decisions without locking you in to any one particular proprietary implementation. Something entirely passive with an extreme focus on pure monitoring. Most bang for your buck IMO, leave the acceleration and route optimization to the carrier whose responsibility that stuff ultimately is anyways.

ok, i'll bite (1)

l79327 (174203) | more than 8 years ago | (#15433142)

6meg/768 dsl for web browsing, full t1 for mail,dns,vpn and stuff I don't want to come in on sunday to fix.
Standing rule of don't install anything on your pc but look at anything you want. About one human sacrafice
every year to keep people in line. Check the router for open connections about once a week to check for zombies and abuse. Offer to bring in porn on dvd for home viewing to anybody who wants it. It works for me for about 60 users at my pontiac gmc store.

Re:ok, i'll bite (1)

polar red (215081) | more than 8 years ago | (#15433228)

Sacrifices? Great! I'll get my outfit ...

well, your www, smtp, and dns aren't the issue (1)

artifex2004 (766107) | more than 8 years ago | (#15433337)

Looks like they're all being done on the same server by Bulgarians:

network:IP-Network:64.14.68.0/24
network:Organization;I:ICDSOFT LTD
network:Street;I:6 Asen Halachev Street
network:City;I:SOFIA
network:Postal-Code;I:1113
network:Country-Code;I:Bulgaria

So, what are you doing from your own network, that requires all that bandwidth?
Surely not hosting anything for customers, like web or mail, if your own servers are outsourced (and all sharing the same IP!)
What's traffic analysis show you?

How many campuses do you have? Your website says Seattle, Portland, and Salem on one page, but only Seattle on another, so I assume only Seattle has a real office, and you maybe recently got stringers for the other locations. This explains why you only care about one pipe, I guess?

In fact, I'd say, if physical mail for your domain is going to your office, it's at an address on 92nd Ave in Edmonds that looks a lot like a house, with maybe 4 cars parked when the bird flew overheard. So... maybe 4 employees, saturating your bandwidth? Again, what traffic analysis have you done?

You do know that if someone's running a p2p server at the office, not only does it saturate your bw, it's also a legal liability for your company, right?

Re:well, your www, smtp, and dns aren't the issue (1)

anticypher (48312) | more than 8 years ago | (#15434220)

I don't see where you are getting the Bulgarian link from, it seems to be hosted on a shared server in Boston. The registrar is a local seattle company, and all their net presence is on a linux box with dozens of other domains on Savvis' network.

intouchtechnical seems to be a two person small time operation. I didn't even think it was possible to get a fractional T1 any more, except for grandfathered connections. And any company claiming on their website to be experts should have a Cisco router and some Cisco certs all around. None of this A+ crap either, but some solid knowledge of networks beyond "a snappy DSL line".

From the OP How do other businesses solve this problem of scaling bandwidth needs

Other businesses realise that in order to be seen as a competent technical company they have to contact local ISPs and ask what is available in their area. Seattle has SBC/AT&T (retch), Sprint, Global Crossing, AboveNet, and almost certainly a dozen other small time resellers. Find out what can be delivered to the office, either multiple T1s, a DS3, or maybe even fibre. A real router is an absolute must, used Ciscos or Foundrys go for under US$1000. Screwing around with a linux box and quagga is fine for learning about how not to do a network, but just doesn't cut it for a business.

If you have bandwidth problems, kick off P2P users. Period. No business can justify letting people leech bandwith, and the legal risks if someone is sharing copyrighted material is too great to ignore.

The best answer I can give isn't technical, its to hire a real networking person. Yes, this costs money, but they'll look at your problems and offer real solutions rather than the crap shoot of an ask /. posting. And update web pages, 2003 is long passed, hire a real web designer to build something a little more professional and update it every Monday morning with news. Then potential clients will have confidence you actually do some work.

the AC

Re:well, your www, smtp, and dns aren't the issue (1)

Artifex (18308) | more than 8 years ago | (#15436044)

I don't see where you are getting the Bulgarian link from, it seems to be hosted on a shared server in Boston. The registrar is a local seattle company, and all their net presence is on a linux box with dozens of other domains on Savvis' network.


Savvis told me:

$ whois -h rwhois.savvis.net -p 4321 64.14.68.15
%rwhois V-1.5:001ab7:00 rwhois.exodus.net (Exodus Communications)
network:Class-Name:network
network:Auth-Area:0.0.0.0/0
network:Network-Name:64.14.68.0
network:IP-Network:64.14.68.0/24
network:Organization;I:ICDSOFT LTD
network:Street;I:6 Asen Halachev Street
network:City;I:SOFIA
network:Postal-Code;I:1113
network:Country-Code;I:Bulgaria


ICDSoft's own website confirms they have a presence in the Waltham facility [icdsoft.com] . So it's less likely this is stale info, as sometimes happens when providers don't keep their whois servers up to date. You can double check by tracing:

14 csr2-ve242.waltham1bo1.savvis.net (64.14.70.18) 58.097 ms 58.427 ms acr1-as0-0.boston.savvis.net (208.172.51.53) 60.124 ms
15 server262.com (64.14.68.15) 59.017 ms 56.119 ms 55.625 ms


anyway, the biggest point was that they are obviously outsourcing their own website and mail, and that the people they outsourced it to put everything, even DNS, on the same machine, which is rather risky. This bolstered my assertion that they weren't hosting anything for any customers at the end of their office pipe, and called into question what in the world they were really doing with that bandwidth.

Comcast Commercial Services (1)

dieman (4814) | more than 8 years ago | (#15433579)

I know it sounds stupid, but they have a metro area network fiber setup in some cities (especially former mediaone markets, i think) that is very, very nice and ethernet based. You'd get internet in increments from 5mbps-1gbps depending on how much you want to spend.

http://tinyurl.com/4db44 [tinyurl.com]

Their 'network' service also looks cool for distributed metro campus issues. One ethernet segment to interconnect multiple locations. They even support vlan trunking without having to harass them!

OpenBSD is your friend (1)

DrSkwid (118965) | more than 8 years ago | (#15433599)

trunk [openbsd.org] and pf [openbsd.org] should meet your binding and shaping needs.

Don't you mean Inferno/Plan 9? (0)

Anonymous Coward | more than 8 years ago | (#15434353)

Check out ip(3) [bell-labs.com]

Re:Don't you mean Inferno/Plan 9? (1)

DrSkwid (118965) | more than 8 years ago | (#15434511)

Plan9 doesn't do bonding afaik

Reduce bandwidth consumption (1)

solid_liq (720160) | more than 8 years ago | (#15433994)

Just out of curiosity, have you tried reducing your bandwidth needs? I recently redid the network for a small company which wanted to upgrade their bandwidth afterwards because employees complained their internet access was too slow. As part of the upgrade, I added a proxy server and blocked all unneeded ports as well as many non-work approved sites. I also put ad blocking on their proxy server, as clicking on advertisements really isn't work-approved anyway. Afterwards, they didn't need to upgrade their bandwidth because these simple changes were enough for their internet access to be "faster than it ever was before."

back when I used to do it (3, Interesting)

Yonder Way (603108) | more than 8 years ago | (#15434097)

The users hated me because they couldn't stream music to their desks. I would always bring them a Best Buy ad turned to the page with portable radios, CD players, and MP3 players.

First thing to do is get a hold of your firewall. Block all traffic, in and out. Then create rules to only let in and out specific traffic types with specific end points. Outbound http should only go through your web server. SMTP through your mail server. Don't let ssh out at all unless you must, and even then see if you can determine specific hosts to permit it to and from. Rate limit ssh to make it usable for remote shell access but painful for port forwarding other application types (forwarding http through ssh is an old trick to get around the company logging your web surfing activity).

Notice I mentioned a squid server. Yes, you need one of those. And yes, you need to force everyone to use it. There is a very good chance your router can do this for you transparently.

Users will scream. Loudly. Prepare yourself and your management for this. Anyone who thinks they are being treated unfairly needs to submit IN WRITING a business justification for the traffic they want you to permit, which must be approved jointly by IT and HR.

With an arrangement like this, I was able to keep over 500 users happy on a pair of bonded T1 lines. 3Mbps for 500+ users. The biggest consumer of bandwidth was the 5 person IT department pulling patches for all the different OS's we had to support. Every now and then one of the software developers would think he was being clever and find a way around the outbound blocks on the firewall using an exception in the rules that their manager got approved, but it would end quickly with a very embarassing personal visit from our Director and their own boss within a few minutes of the music streaming starting.

Broadband to the home has been a mixed blessing. People have gotten too used to having bandwidth-hungry apps at home which is fine when you have 3Mbps+ all to yourself but when you are at work and have to share it, it's time to leave the toys at home and be a considerate network citizen.

Luckily I don't have to be network cop these days. Someone else gets to do that. Someone that doesn't have a good handle on their network so they are buying way more bandwidth than they really need.

Squid (or other cache) Can Help to Solve Problem (1)

InitZero (14837) | more than 8 years ago | (#15436277)

> Notice I mentioned a squid server.

        Right on, Yonder. I have six years of data showing
that Squid works wonders.
        I put a Squid server online in 2000 and forced our
1,200 users to use it (domain logon script set IE to
use automatic proxy config script). Even I was impressed
at how much bandwidth we saved.
        Immediately, a third to half of our web (http) traffic
disappeared. Yes, the web cache was really that effective.
This freed-up lots of bandwidth on our T1.
        A few years later, as we found our needs growing again,
we added a DSL line. HTTP traffic was pulled through the
DSL line. Everything else went out the T1. Squid handled
fail over to the T1 in case the DSL line dropped.
        Every once and a while, we ran into a web site or
service that simply wouldn't work through Squid. When that
happened, we placed an exception in the proxy.pac config
script and bypassed the cache.

        If your problem is web browsing, get a cache. Of
course, that is a big 'if'. As others have suggested, a
traffic analysis should be required before you attempt to
fix anything. Squid won't fix your bittorrent or other P2P
problem. If you are hosting services for external users,
you may be able to collocate the services externally for
substantially less than bringing a bigger pipe to your door.

        Matt

Re:back when I used to do it (1)

raddan (519638) | more than 8 years ago | (#15436324)

I know that these are all good recommendations for businesses that are cash-strapped, but it smacks of cheapness to me. Our Cogent 50Mbps line is dirt cheap considering the available bandwidth. Sure, a bean-counter might say that streaming audio is not a business necessity, and I agree, but if you give your employees a little breathing room, I think you'll find yourself in a more productive environment. AND the next time there IS a legitimate network issue, they won't be breathing down your neck to get it fixed because they know you'll go out of your way to help them out. I basically draw the line at P2P. A visit from the Director for streaming audio? Holy shit would I quit that job in a heartbeat.

Your point is essentially correct, though. The poster needs to analyze his traffic and go from there.

Wow you must love working there. (1)

/dev/trash (182850) | more than 8 years ago | (#15436616)

Do people get to take bathroom breaks and go outside the cube for lunch?

Linksys to the rescue! (1)

Daniel Wood (531906) | more than 8 years ago | (#15434280)

Solution: Linksys RV016, $400

Point 1: Looked at routers that load-balance, but do so horribly.
Counter-Point 1: The RV016 uses weighted round-robin or various other methods, depending on your preference.

Point 2: I've considered splitting up my network users to use several incoming DSL lines, only to be confronted with intranet accessibility issues.
Counter-Point 2: The Linksys can do this for up to SEVEN WAN connections. It can split by IP range(multiple ranges), protocol(SPI), and port.

Point 3: None of these provide the kind of redundancy and control that I'd like
Counter-Point 3: The RV016 provides failover and extensive control.

Point 4: Certainly not with a nice pleasant UI that doesn't cause me great grief.
Counter-Point 4: The RV016 is as easy as they come.

timewarner (1)

figital (576803) | more than 8 years ago | (#15434548)

Timewarner business class road runner can be pretty speedy.

If you are actually growing rapidly (in sales, not overhead), the cost shouldn't be so much of an issue.

I would not go for a solution that mashes together a bunch of residential services.

Is more bandwidth necessary? (2, Interesting)

ocbwilg (259828) | more than 8 years ago | (#15434752)

Step 1: Analyze your network traffic and determine if more bandwidth is really necessary. I am an engineer for a company of 300 users, and we get by just fine on a pair of T1 circuits. If you're having bandwidth problems there is a fair chance that someone is hogging all of the bandwidth. Once you filter out the guys streaming audio, video, and using P2P clients (either restrict them to a trickle with QoS or block it completely) I suspect that you will have a lot more bandwidth than you need.

Now, if you still find that you need more bandwidth, the easiest solution is to purchase a nice router that can handle routing and load balancing over multiple connections. Forget about a cheap LinkSys or NetGear DSL router, get yourself a serious router like the Cisco Integrated Services Routers. For under $3000 you can get one that has expansion slots for up to 4 WICs, and it can handle T1/E1, DSL, voice, etc.

I would also recommend that you talk to data providers in your area, as they are the people who build and sell these solutions every day. Don't just talk to the telco, talk to other providers as well. Where I work we get our T1 lines from AT&T, but there are several other providers that we could get them from, and the prices do vary some. There is also at least one provider that offers a wireless RF solution for Internet access that works as a line-of-sight basis. In this case you would essentially mount an antenna on your building, point it at their tower, and then hook it into your network. They were offerring speeds significantly faster than T1 but slower than T3 for very competitive prices, and they also offerred bandwidth on demand services (i.e., your usual allotted bandwidth was 10 Mbps, but they had excess capacity to handle spikes in traffic up to 15 Mbps or whatever).

Honestly, if you have to ask Slashdot how to scale your company's Internet bandwidth, odds are you're working for a pretty small company (because if you're working for a much larger company you would seem to be fairly incompetent for a network engineer). Most small companies wouldn't normally need more bandwidth than can be provided over a couple of T1 connections.

linux advanced routing and traffic control howto (1)

petermgreen (876956) | more than 8 years ago | (#15437139)

is a good starting point if you wan't to use multiple DSL lines from a linux box.

another option though it would require some client side configuration is to have several IP subnets, set a static route up to your intranet router and then stick a cheap DSL router box on each subnet for internet.

Well... (0)

Anonymous Coward | more than 8 years ago | (#15437498)

I find a CAT5 cable to the ISP upstairs works wonders for my office.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...