Slashdot Mirror
How Do Businesses Scale Their Bandwidth Needs?
onebadmutha asks: "I'm technology admin for a very rapidly growing company. We've gone from a fractional T-1, to supplementing that with a snappy DSL line, and now we're running out of reasonable options. I've looked at routers that load-balance, but do so horribly. I've considered splitting up my network users to use several incoming DSL lines, only to be confronted with intranet accessibility issues. None of these provide the kind of redundancy and control that I'd like, and certainly not with a nice pleasant UI that doesn't cause me great grief. I've looked at Open Source router distros (like routerOS, and others) and I've looked at using the full gamut of Microsoft madness. How do other businesses solve this problem of scaling bandwidth needs, without completely unlimited budgets for redundant OC-48 runs?"
I'm not sure if you are in an area where you can get Speakeasy service, but htey allow you to bond up to four T1 lines. I have no experience with the service, but I understand that it is cheaper than a fractional T3 and they provide you with hardware that does it for you transparently. I don't know if there are other service providers that have something similar, but it seems like a good idea.
What, exactly, is the question? Is it: What kind of line should I have? or What kind of router hardware/software should I use? I'll shoot at the first question: You already have a fractional T-1, why not buy the whole thing? It's not as elite as redundant OC-48 lines, but like you said, you can't afford those anyway. If you want a step up from that, get redundant T-1 lines from 2 different providers in case one gets nicked.
That's how real tech companies do it. If you can get Yipes, Cogent, AboveNet, or some other dark fiber provider to serve you Ethernet service, that's the cheapest way to get a lot of bandwidth (10-100Mb/s range). If you can't, then you get a fractional DS3. Most real providers will let you dial the bandwidth up and down reasonably, so you could start out with a 5-10Mb/s circuit and grow from there.
Bonding T1s and DSL is neat and all, but if your business actually depends on the Internet working, go with one really good fat pipe and then maybe a thin one (T1 or so) as a backup. Don't mess with complex setups. Complex = new ways to fail.
Well, at my company, we were recently faced with the same dillema.
;)
There are a couple of options available, though. Although my organization appears to be a bit larger than yours, we've decided to utilize a spare T1 that simply sits there for disaster recovery purposes with Policy Based Routing (We're an all Cisco network, although this can be done on a variety of platforms, including Linux..) This directs traffic from a certain IP (and possibly port, I believe) to a specific interface, so that important data (Citrix, etc) has access to our main pipes while web traffic gets the shaft, so to speak. It uses policy maps to do so; I'm relatively noobish to IOS so maybe someone else can shed some light on this.
I'm hopefully certain you have explored QoS and are currently implementing it, but even QoS has limits.
I'm pretty sure a combination of the 2 methods listed above should take care of you. As a network admin, I could care less if web traffic gets dropped on a cheap DSL or cable connection.
Just my 2c, hope it helps
1) Where are you located? Changing from a fractional T1 to DSL is usually a downgrade, unless it's some sort of SDSL if you're inside the US.
2) Do you have any latency/packet reordering requirements? Bad things happen when packets are out of order, and modern routers avoid reordering like the plague to keep bad things(tm) from happening.
3) What resources do you not need onsite, perhaps some reasonbly priced colo is a better solution for your more resource intensive solutions
4) What are your true bandwith requirements? Most major cities you can get metro-ethernet or various flavors of dark/dim to lit fiber for cheap.
Multiple geographically diverse OC48's are not for most people, are you sure this applies to your requirements?
Then, ask yourself what kind of traffic you are handling. If you're looking at users surfing the web, you probably needn't be overly concerned with load balancing; if you're receiving tons of inbound traffic to your servers, on the other hand, not only do you need load balancing, but you probably also need to seriously consider co-location solutions for your servers.
The adminstrative traffic is typically a much lower priority in most companies. I don't know how many users you're talking about, or what they're doing, but most small companies just live with a single (full) T1 until they absolutely need to bond another T1 (where "need" is subject, but should be kept in check, especially given that last bit about not having unlimited funding).
I guess this is not much of an answer, but these are all important questions you need to be asking yourself well before seeking specific answers. I'm not sure where you're coming from, and I don't mean to accuse you of anything, but taking the approach that you'll know the right answer when you see it is usually flawed from the start.
Slow down there, chief. Exactly what kind of company would be going from fractional T-1, to DSL, to... an OC-48? (I sssume you were exaggerating on the OC-48)
Couple questions:
1) How many employees are we talking about here?
2) What are they doing on the internet that is so demanding?
3) Are you running any web/streaming servers onsite?
4) Have you gone to any lengths to diagnose exactly what your bottleneck might be?
5) Are you sure you don't just have a couple of hogs downloading porn all day?
I know 200+ employee companies that get by with a single T-1 just fine. I'm a little suspicious of your bandwidth needs.
But if you really meed that much bandwidth for web browsing (I doubt you do), the next step would be a DS-3 circuit at about 45Mbit. But that can be pretty costly for the circuit alone. It would, however, allow you to scale because you'd probably be paying for the bandwidth used and not the full 45Mbit. If you are in a building with other companies who have similar needs, you may be able to split the cost of the circuit and share it.
Also, depending on your location, you may be able to setup a wireless (not WiFi) deal with someone. Something with real gear, of course. Not just a couple Linksys' with Pringle can antennaes.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Is this internet access for desktop users? People from outside coming in to your corporate website? VPN connections to other offices? How many users? Are you attempting to syncronize any data across the link? In real time, or overnight?
The possible set of right answers depends a lot on what you're doing with it.
Policy based routing plus any number of DSL lines will work for splitting up desktop web access.
Inbound traffic for the corporate website is pretty much the antithesis of that... outbound traffic is the target, and that ends up being T-1 optimized for small sites and bonded T-1s or faster links for bigger ones.
VPNs can be symmetrical or asymmetrical. Your mileage may vary.
Our company uses a Sonicwall 4060 to load-balance two partial T1s. While it is a bit complex to set up, there's no lack of options on it. It's been extremely reliable too, I'd say its an excellent choice.
In all honesty, after looking over the intouchtechnical.com site, I'm going to go out on a limb here and tell you that you need to find which of your techs is running bittorrent all the time and either teach him how to set upload and download limits or cut him off entirely. As others have said, your posting is all over the map. You openly dismiss more than a few technologies that work quite well in competent hands. You mention fractional T1s, DSL, and OC48 as if you don't even know what they are. It really sounds like you aren't qualified to be the technology admin for a company whose business revolves around providing tech support to other businesses. Hate to say it, but that's what I see from where I'm sitting.
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
Have you tried dialing zero and asking for one of these technicians?
-Peter
You've got a variety of options for banning bitorrent (that is your problem, right? You have done traffic analysis before coming to Slashdot, right?). This is in an escalating hierarchy of how invasive you'll have to be. 1) Tell your employees that bandwidth costs have gone up, that you know BT to be the source of the problem, and that you trust them to do what is necessary. 1.5) Ban BT by policy, threaten severe sanctions up to and including dismissal for skirting the ban. 2) Block the standard BT ports. 3) Filter out BT packets. 4) Install computer forensics software and look for evidence of BT use (pretty much has to be combined with 1.5).
Help poke pirates in the eyepatch, arr.
Such a line can easily be brought to it's knees by simply saturating the upstream. ADSL does not work well in business environments with many users. I'd take a full T1 over that 7M/768k DSL line for a business any day.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
Here's what Captain Planet has to say
In short, there are several commercially available choices that may be available depending on latency, bandwidth, price, reliability, and availability.
1) Classic T-1, 1.5Mbps
2) IMA (Inverse Multiplexing over ATM) - Essentially bonded T-1s up to about 6 Mbps before the cost of the routers becomes prohibitive
3) Ethernet Switching - 10Mbps and higher
4) DS-3 and higher - 45 Mbps and up
If you need high availability, option 1 is ruled out. IMA is good for speed and availability, but increases complexity. Ethernet switching is fast, but redundancy will cost you and it will require additional CPE devices for security and traffic monitoring. DS-3s and up are reliable and fast, but the cost of high availability (e.g. dual-entrance facilities, multiple providers) is astronomical.
Set yourself up a matrix of each of the key metrics that make a difference to you. Talk to all your possible providers and populate your matrix with their service responses. Read their SLAs very carefully. Understand how they calculate their measurements. A 99.98% availability can be insufficient depending on how they calculate it. Weight their responses based on your business requirements and then choose the option that best suits your needs.
If all else fails, bring in a telecommunications expert for a couple hours to help you analyze your options.
nos laetus epulor qui would domito nos
Looks like the good folks over at In-Touch Technical *really* need to update their computers page
They would have uploaded a new page, but they're having some trouble with their internet connection...
It's tragic. Laugh.
...where morale drops through the floor and people start looking for new jobs.
Nobody likes living under a fascist big-brother network policy. But, hey, you put those lousy "freeloaders" in their place, huh? That's all that matters, after all...
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
The users hated me because they couldn't stream music to their desks. I would always bring them a Best Buy ad turned to the page with portable radios, CD players, and MP3 players.
First thing to do is get a hold of your firewall. Block all traffic, in and out. Then create rules to only let in and out specific traffic types with specific end points. Outbound http should only go through your web server. SMTP through your mail server. Don't let ssh out at all unless you must, and even then see if you can determine specific hosts to permit it to and from. Rate limit ssh to make it usable for remote shell access but painful for port forwarding other application types (forwarding http through ssh is an old trick to get around the company logging your web surfing activity).
Notice I mentioned a squid server. Yes, you need one of those. And yes, you need to force everyone to use it. There is a very good chance your router can do this for you transparently.
Users will scream. Loudly. Prepare yourself and your management for this. Anyone who thinks they are being treated unfairly needs to submit IN WRITING a business justification for the traffic they want you to permit, which must be approved jointly by IT and HR.
With an arrangement like this, I was able to keep over 500 users happy on a pair of bonded T1 lines. 3Mbps for 500+ users. The biggest consumer of bandwidth was the 5 person IT department pulling patches for all the different OS's we had to support. Every now and then one of the software developers would think he was being clever and find a way around the outbound blocks on the firewall using an exception in the rules that their manager got approved, but it would end quickly with a very embarassing personal visit from our Director and their own boss within a few minutes of the music streaming starting.
Broadband to the home has been a mixed blessing. People have gotten too used to having bandwidth-hungry apps at home which is fine when you have 3Mbps+ all to yourself but when you are at work and have to share it, it's time to leave the toys at home and be a considerate network citizen.
Luckily I don't have to be network cop these days. Someone else gets to do that. Someone that doesn't have a good handle on their network so they are buying way more bandwidth than they really need.
... that it's their network, their rules.
Some non-work net use is inevitable (like me making this post). But when people are using their workplace's network connection for non-work activities to the extent that it's impacting the performance of the rest of the network, then something has to change.
For most businesses, there is simply no business reason to allow people to download music and/or stream video to or from the office. It's just like the telephone. Most places don't mind people making personal calls, but they ask that they be reasonable about it, because you're supposed to do your socializing at home, on your own time. It's the same with the office net connection. Nobody cares if you use it to order a book from Amazon, or read the daily news, or browse Slashdot. But if you start hitting iTunes or Youtube, or start doing lots of Ebaying, or share a torrent of last night's "American Idol", then you might be crossing a line.
Step 1: Analyze your network traffic and determine if more bandwidth is really necessary. I am an engineer for a company of 300 users, and we get by just fine on a pair of T1 circuits. If you're having bandwidth problems there is a fair chance that someone is hogging all of the bandwidth. Once you filter out the guys streaming audio, video, and using P2P clients (either restrict them to a trickle with QoS or block it completely) I suspect that you will have a lot more bandwidth than you need.
Now, if you still find that you need more bandwidth, the easiest solution is to purchase a nice router that can handle routing and load balancing over multiple connections. Forget about a cheap LinkSys or NetGear DSL router, get yourself a serious router like the Cisco Integrated Services Routers. For under $3000 you can get one that has expansion slots for up to 4 WICs, and it can handle T1/E1, DSL, voice, etc.
I would also recommend that you talk to data providers in your area, as they are the people who build and sell these solutions every day. Don't just talk to the telco, talk to other providers as well. Where I work we get our T1 lines from AT&T, but there are several other providers that we could get them from, and the prices do vary some. There is also at least one provider that offers a wireless RF solution for Internet access that works as a line-of-sight basis. In this case you would essentially mount an antenna on your building, point it at their tower, and then hook it into your network. They were offerring speeds significantly faster than T1 but slower than T3 for very competitive prices, and they also offerred bandwidth on demand services (i.e., your usual allotted bandwidth was 10 Mbps, but they had excess capacity to handle spikes in traffic up to 15 Mbps or whatever).
Honestly, if you have to ask Slashdot how to scale your company's Internet bandwidth, odds are you're working for a pretty small company (because if you're working for a much larger company you would seem to be fairly incompetent for a network engineer). Most small companies wouldn't normally need more bandwidth than can be provided over a couple of T1 connections.