Bandwidth issues for US Troops

[etsmith3]

Hello, my name is Earl Smith. I am currently deployed to Afghanistan, and have purchased a satellite internet system with a 2048/1024 Kb/s connection. I am currently using a home router and a bunch of switches and wireless AP to get the connection out to 90 people. At any given time there are only about 30 people on, because crews go out to different areas. My main issue I have is there are certain people who like to download non-stop. They will suck the bandwidth out from everyone else and then causing some people to not be able to browse the internet. I am unable to pinpoint who is doing it, and no matter how many times I say do one thing at a time, people still use 3 messenger services, download 2 files, use Itunes, and browse the internet. I have been working on a solution for months, looking at routers, servers, etc. I have a computer I bought to use as a server running everything I could think of to limit bandwidth.
Does anyone have a good solution to this?

 

[knudsen]

Are the switches unmanaged? Are the switches physically in your area so you can watch the lights go blinkety blink? (crude but effective)

I was a squid from 82-88. Made E-5 in two years and never tried for E-6. Got to run through communist jungles of Malaysia when their government didn't even know we were there. You are fighting for us; I will go the extra mile to help anyway I can. Rock on.

 

[knudsen]

I'm wondering, does anyone have any ideas on this? I might be able to get a used managed switch or router if that's what we need. We should at least be able to find out who is doing the big downloads.

 

[fredweston]

m0n0wall. You can use it to shape the traffic and prevent people from sucking up all the bandwidth. It has a very small footprint. For your number of users, it could run great on something like a pentium 3 with about 256mb of RAM.

 

[fredweston]

I'm wondering, does anyone have any ideas on this? I might be able to get a used managed switch or router if that's what we need. We should at least be able to find out who is doing the big downloads.

Yo man, you can send that switch my way. I'm a poor student, and I'll use it to learn more about networking so I can help more people out

 

[etsmith3]

Yes I have 2 Netgear FSM726S They both do QOS, but I need more than this. I dont want to just have it prioritize I want it to be able to limit each user to a certain amount of bandwidth. So if they are running a P2P and chatting, that they only use "X" amount of bandwidth. Both of these switches are in my area and I have access to them. One is used right off the router, and the other is in another part of the hangar, used to run that side.
Im going to look at that m0n0wall option. I have looked at Smoothwall it seems fairly nice, but I dont want to spend alot of time editing and testing different mods to accomplish what I want.
I do have an AMD athlon 64 3400+ with 512MB and 300Gig HDD. I think this is a bit over kill for the smoothwall, and I would like to be able to use this as a network storage/server of some sort. I have windows 2003 server, I tried to install that, just couldnt figure out how to get it limit bandwidth.
If this computer can be put to some good use, besides a huge over kill, great its just sitting here collecting dust right now.
Thanks again, knudsen thanks for all the help you are trying to get.

 

[fredweston]

QOS is not what you want, traffic shaping is. QOS simply gives certain types of traffic priority, it doesn't limit traffic rates. Anything better than a P3 is going to be severe overkill. Smoothwall is ok... I guess. m0n0wall is like smoothwall on steroids. And regarding Windows Server, it isn't designed to do any of this stuff.

If you only have the one PC and can't get another old PC to use as the router, you could run Linux on the single PC and have it function as a file server and the router, but then you're getting into complex command line configuration and judging from what you wrote, you don't want that. The best overall solution is probably going to be keeping the server on one PC and the router on another. I said P3 before, but you could probably get away with even a Pentium 2. It doesn't even need a hard drive to run m0n0wall, it can run off the CD.

 

[knudsen]

I'm wondering, does anyone have any ideas on this? I might be able to get a used managed switch or router if that's what we need. We should at least be able to find out who is doing the big downloads.

Yo man, you can send that switch my way. I'm a poor student, and I'll use it to learn more about networking so I can help more people out

Fred, if any of our managed switches move down to "scrap" status, I will be happy to get you one. The problem is, we have so many less critical areas to use old equipment in, that most of the PCs and network hardware is pretty useless by the time we scrap it. For this cause, I have asked our usually kind and giving pres for a spare switch or a little cash to buy a used one. No answer yet.

Checkout the list of used Cisco these guys have:

http://www.compuvest.com/Items.jsp?cid=5&sid=72

Admins: I confess. I didn't read anything when I signed up. I hope the link is OK. I am not affiliated with compuvest, except as a one time purchaser.

 

[etsmith3]

Ok I have found these routers all offering traffic shaping, Cisco 831, ZyXEL Prestige 652HW, ZyXEL X-550 Xtreme MIMO . Which one would you recommend, or not at all?
I also found another one that has alot of features for double the price, but I dont think is a router, if you go to ZyXEL's website, ZyXEL ZyWALL 35
Thanks again guys for the help, I figured the computer I had was a huge overkill.

 

[El0him]

The simple answer to finding out who's using the most bandwidth is to put in a network monitor. It'll break down for you the most talkative workstations, the most used protocols, the most visited destination, etc, etc, etc. And if you want to get creative, put in a firewall that will ask users to authenticate before they are allowed to pass through, then limit the bandwidth based on users.

 

[knudsen]

That last one looks like it's wireless only? I would try for the Cisco for the reliability. You are in a harsh environment. Most places seem to want around $400, compuvest has a refurb for $300.

 

[El0him]

You know... a couple of the posts in here could be construed as national security issue....

 

[knudsen]

 

[fredweston]

Before you spend any money, I'd seriously give some of the opensource firewall solutions a shot. Buying hardware has the bad side effect of locking you into that vendor's solutions.

 

[knudsen]

Our biz goes up and down like a yoyo. I did not receive an enthusiastic yes when requesting funding, more of a maybe. That tells me the yoyo is down right now. If we can't do it with software, the yoyo is likely to be up in a month. Or leader loves to help our troops, so I am sure he is supportive of the concept.

 

[etsmith3]

You know... a couple of the posts in here could be construed as national security issue....

Hmmmm, considering that I am incharge of making sure 100 people don't break security issues or "OPSEC" Nothing said on here breaks regulations.
Thanks for the advise though, might have to try that way too, but how do I limit bandwidth after I find that out?
I am thinking about going with the Cisco router. I have had no issues with that company, and there is alot of add ons you can do with their routers. Im still looking for another option before I do. If anyone can shoot me in the right direction, that would be great, something with a good Tut would be awsome.

 

[fredweston]

Well, without knowing what a "Tut" is, the Cisco is probably what I would get if I had to have an appliance-type device. I'm not sure what you mean by addons for Cisco routers though. You're locked into Cisco IOS, and they get pretty pricey when it comes to enabling additional features.

 

[etsmith3]

Well, without knowing what a "Tut" is, the Cisco is probably what I would get if I had to have an appliance-type device. I'm not sure what you mean by addons for Cisco routers though. You're locked into Cisco IOS, and they get pretty pricey when it comes to enabling additional features.

Sorry Im use to my forums, a Tut is short for tutorial.
I found a company who actually emailed me back about thier product SoftPerfect
In the middle of testing now, tried it out on 2000 pro already, didnt work to well. Im testing it against a mac, since we have a few users who have macs, and since I have both I can test accordingly. I figure if I can get it to work against a mac, a windows pc will be easy.
Thanks for the reply Fred, Im looking at that cisco now and thinking about going on ahead and order it, if it doesnt do the traffic shaping that I want, then its still better then the Netgear home router we are using now, lol.

 

[knudsen]

You won't go wrong with the Cisco, and you will learn some usefull and marketable skills from using it. I was hoping to get the boss to spring for that refurb and give it to you, but that will probably have to wait. If you got a month or two, to wait on the funds, and APO/FPO shipping (does that still suck?) we might have a deal. Keep us posted on what works and what doesn't. I know someone who is doing exactly what you want to do, but I didn't have time to call today. It's been a 12 hour Monday workday. That's half a deployed GI's workday!!!

 

[fredweston]

I'm just hoping the 830 series is actually a real router running IOS, and not a dumbed down version. Regarding your comment about the Mac vs. Windows, it's all IP to the router, so it shouldn't make a difference.