Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Managing Device-Upgrade Bandwidth Use?

Posted by timothy on from the selective-enforcement dept.

First time accepted submitter wallydallas writes "I'm close to a solution, but I wonder how other people block their many devices and operating systems from updating in working hours. For example: I'm the IT guy who blocks iPads from updating when school is in session because we are in a rural location. 3mbps is the best WAN we can buy. Devices can update after hours just fine. We do this with our router (DDWRT) by blocking MESU.APPLE.COM. Many guests bring in Windows 7 laptops, and I want to welcome them, but not their updates. How can I block updates on Android Phones and Linux Laptops? I have a 4G device at home, and I'd like to apply the same tricks 24 hours a day so that I don't use up the bandwith from my vendor. And my many home visitors should have their updates blocked."

11 of 159 comments (clear)

  1. For Windows by jones_supa · · Score: 5, Informative

    For Windows, you could try blocking the addresses listed in the Microsoft Knowledge Base article 818018.

  2. Pfsense by bhenson · · Score: 5, Informative

    Use PFsense and use the package squidguard(or dansguardian) and use the software downloads list.

  3. pfSense by Anonymous Coward · · Score: 4, Informative

    http://www.pfsense.org/

    install pfsense plus squid and block the update sites.

    pfsense wan goes to the modem
    pfsense lan goes to the access point.

  4. Don't block it, QoS it. by phizi0n · · Score: 5, Interesting

    There's no reason to avoid using your bandwidth when you can use QoS to deprioritize it so that they can still update any time the bandwidth is available. Most any linux router can do this with tc and iptables, or sometimes with less configurability through their GUI's.

    At home you have control over the devices and can just disable them from automatically updating.

    1. Re:Don't block it, QoS it. by Port-0 · · Score: 3, Informative

      I did IT work for a private university for 14 years, I managed bandwidth by blocking certain protocols to various networks and hosts until Naptster, and the following peer to peer protocols, after a couple of years trying to manage bandwidth by blocking protocols, sites, advertising, etc. I gave up on that. Ultimately all of that damages the user's experience, and increased my work load. It puts the IT guy in the position of chasing the users behaviors, always responding to the latest fire and worse it put the IT guy in the position of determining what is important to the users, which it turns out is different to each class of user. So next I tried using one of the many products that allow the IT guy to create classes of users, and classify traffic, apply rules by class, build QoS rules based on all classes. Turns out this is the same nightmare with a prettier UI. I ultimately found the Net Equalizer (netequalizer.com) it is an elegant solution at a fraction of the cost. If you want to be the network nazi and control who uses what protocol, this isn't for you. But if you want to forget about bandwidth problems, this is it. It took about an hour to read the manual, play with options and plug it in, then I only touched it when we increased our bandwidth beyond its capacity a few years later. I don't work for the company or anything like that. It is just one device I bought that performed way beyond my expectations. Their web site has all the info about what it does and how. I would encourage everyone check this out if you have less bandwidth than you feel you need.

  5. Re:3Mbps?!?? by The_Wilschon · · Score: 5, Funny

    Wasn't 3 Mbps "high-speed" ten years ago?

    --
    SIGSEGV caught, terminating

    wait... not that kind of sig.
  6. Consider caching instead by nemesisrocks · · Score: 5, Informative

    Since you're in such a remote area, your visitors very likely also have slow connections at home too. Why not cache the updates instead? You'll be contributing towards a safer, more secure internet.

    The first person who downloads them would cause a drain on the network, but at least all future attempts would be served up from your cache. You could even have a spare machine downloading the updates overnight, pre-populating the cache for your visitors, to reduce the burden updates cause during the day.

    I've used the instructions here with great success on Squid: http://wiki.squid-cache.org/SquidFaq/WindowsUpdate

    Apparently Apple iOS updates can be cached too, e.g.: http://lkrms.org/caching-ios-updates-on-a-squid-proxy-server/

  7. Why just device updates? by ChaseTec · · Score: 3, Informative

    Any particular reason you've singled out device updates? Seems like you'd be want to block or QoS all large or multi-range binary transfers. You should have a transparent caching proxy server in place (which is where you'll be able to inspect and block large transfers).

    --
    My Hello World is 512 bytes. But it's also a valid Fat12 boot sector, Fat12 file reader, and Pmode routine.
  8. Re:3Mbps?!?? by queazocotal · · Score: 3, Interesting

    They are good for 30 miles - if there is a clear path.
    This is not just line of sight - but slightly more than this - the path cannot go just past obstacles.
    http://www.proxim.com/products/knowledge-center/calculations/calculations-fresnel-clearance-zone

    For a 30 mile link, the fresnel zone reaches 100 feet in the middle of the link - if anything is in this zone, then the signal will be severely affected.
    Add to this the limitation of sight due to a non-flat horizon - 150 feet towers are needed just to get minimum line of sight.
    For flat land with trees up to 30 feet in places in the middle, for example, that adds up to a total of (100/2)+30+150 =
    230 feet towers.

    If one end is at altitude - you still may need a significant tower in order to clear the fresnel zone.

  9. Wide scale blocking. by Lumpy · · Score: 3, Interesting

    I strongly suggest you also block all the common advert servers such as doubleclick as they consume far more bandwidth than the updates do.

    --
    Do not look at laser with remaining good eye.
  10. Ditch the WRT by kroby · · Score: 4, Informative

    WRT is great for tinkering and home users, but good god, please don't put it in a production network. Get something like a SonicWALL or a FortiGate, learn to use it, and thank me later. QoS will get you nothing, there is no such thing as QoS on the internet. However, bandwidth management and throttling could help a lot. Before you can prioritize traffic you need to be able to identify it, and this is where life becomes much easier with a UTM appliance. You can prioritize by device type (MAC address), source, destination, protocol, or application. With application awareness you can easily see what is sucking up the most bandwidth, and it classifies all the traffic for you automagically based on signatures ran against deep packet inspection. A caching proxy, as mentioned in other posts, would help speed up the internet and reduce bandwidth consumption. Something like Squid would work here, or you could go the appliance route. Bonus, with a UTM device you also get IDS/IPS, botnet filtering, gateway antivirus, spam filtering, RBL filter, content filtering, application control, SSL VPN, wireless controller, and more. They cost money, but you will not find these features for free, and if you do it is going to be a nightmare to manage.