Main Nav

F&M currently has two ISPs, each with a 200 Mb/sec connection. Each connection uses a Gigabit Ethernet handoff. I manage Internet bandwidth with a pair of Packetshaper 10000s in Direct-Standby. I'm looking to upgrade our two ISP links next summer, and I suspect our current solution won't handle our projected needs. We have about 2400 students, and almost all of them live on-campus and use our campus network for residential purposes. The same network also supports the business of the college. In our students' eyes, the role of Internet connectivity has changed over the past few years. Very few students bring a television with them when they move in. For those who do, I suspect the TV spends most of its time connected to a game console. Students generally expect the same level of Internet performance they had at home, when they shared their broadband connection with their immediate family. I'd like to get an idea of what other folks are doing for bandwidth management at their Internet edge. I'm looking at a few options and weighing the costs and benefits of each (sorted from most to least expensive): 1) Replace the Packetshapers with another bandwidth management system that can shape 2 Gbits/sec. 2) Limit our upgraded capacity based on what the Packetshapers can handle - somewhere around 600 - 800 Mbits, from what I hear.. Our cost for bandwidth management is the Packetshaper annual support contract. 3) Use the bandwidth management functionality on our Palo Alto firewalls. We'll lose some functionality but save some $$$. 4) Don't manage bandwidth. Maybe we will finally have enough to please everyone? What's everyone else doing, and how's it working for them? Thanks! -Matt -- Matt Richard '08 Access and Security Coordinator Information Technology Services Franklin & Marshall College matt.richard@fandm.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

Message from r_harris@culinary.edu

Talk to Exinda, we swapped out our PS10000 for them a few ears ago, love them!



Robert Harris
Manager of Network
and Audio/Video

Culinary Institute of America
1946 Campus Drive
Hyde Park, NY
845-451-1681
www.ciachef.edu

Food is Life, Create and Savor Yours.™

Please consider the environment before printing this e-mail.

>>> Matt Richard <matt.richard@FANDM.EDU> 11/07/12 11:47 AM >>>
F&M currently has two ISPs, each with a 200 Mb/sec connection. Each
connection uses a Gigabit Ethernet handoff. I manage Internet bandwidth
with a pair of Packetshaper 10000s in Direct-Standby. I'm looking to
upgrade our two ISP links next summer, and I suspect our current
solution won't handle our projected needs.

We have about 2400 students, and almost all of them live on-campus and
use our campus network for residential purposes. The same network also
supports the business of the college.

In our students' eyes, the role of Internet connectivity has changed
over the past few years. Very few students bring a television with them
when they move in. For those who do, I suspect the TV spends most of
its time connected to a game console. Students generally expect the
same level of Internet performance they had at home, when they shared
their broadband connection with their immediate family.

I'd like to get an idea of what other folks are doing for bandwidth
management at their Internet edge. I'm looking at a few options and
weighing the costs and benefits of each (sorted from most to least
expensive):

1) Replace the Packetshapers with another bandwidth management system
that can shape 2 Gbits/sec.

2) Limit our upgraded capacity based on what the Packetshapers can
handle - somewhere around 600 - 800 Mbits, from what I hear.. Our cost
for bandwidth management is the Packetshaper annual support contract.

3) Use the bandwidth management functionality on our Palo Alto
firewalls. We'll lose some functionality but save some $$$.

4) Don't manage bandwidth. Maybe we will finally have enough to please
everyone?


What's everyone else doing, and how's it working for them?

Thanks!
-Matt

--
Matt Richard '08
Access and Security Coordinator
Information Technology Services
Franklin & Marshall College
matt.richard@fandm.edu

**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

I second the vote for Exinda. We got ours about 3 years ago and think they are a great solution. 

Thanks,

Chris Mielke

NETWORK ENGINEER 3

COMPUTER AND NETWORK SERVICES



From: Robert Harris <r_harris@CULINARY.EDU>
Reply-To: The EDUCAUSE Network Management Constituent Group Listserv <NETMAN@LISTSERV.EDUCAUSE.EDU>
Date: Wednesday, November 7, 2012 11:54 AM
To: "NETMAN@LISTSERV.EDUCAUSE.EDU" <NETMAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [NETMAN] Bandwidth Management

Talk to Exinda, we swapped out our PS10000 for them a few ears ago, love them!



Robert Harris
Manager of Network
and Audio/Video

Culinary Institute of America
1946 Campus Drive
Hyde Park, NY
845-451-1681
www.ciachef.edu

Food is Life, Create and Savor Yours.™

Please consider the environment before printing this e-mail.

>>> Matt Richard <matt.richard@FANDM.EDU> 11/07/12 11:47 AM >>>
F&M currently has two ISPs, each with a 200 Mb/sec connection. Each
connection uses a Gigabit Ethernet handoff. I manage Internet bandwidth
with a pair of Packetshaper 10000s in Direct-Standby. I'm looking to
upgrade our two ISP links next summer, and I suspect our current
solution won't handle our projected needs.

We have about 2400 students, and almost all of them live on-campus and
use our campus network for residential purposes. The same network also
supports the business of the college.

In our students' eyes, the role of Internet connectivity has changed
over the past few years. Very few students bring a television with them
when they move in. For those who do, I suspect the TV spends most of
its time connected to a game console. Students generally expect the
same level of Internet performance they had at home, when they shared
their broadband connection with their immediate family.

I'd like to get an idea of what other folks are doing for bandwidth
management at their Internet edge. I'm looking at a few options and
weighing the costs and benefits of each (sorted from most to least
expensive):

1) Replace the Packetshapers with another bandwidth management system
that can shape 2 Gbits/sec.

2) Limit our upgraded capacity based on what the Packetshapers can
handle - somewhere around 600 - 800 Mbits, from what I hear.. Our cost
for bandwidth management is the Packetshaper annual support contract.

3) Use the bandwidth management functionality on our Palo Alto
firewalls. We'll lose some functionality but save some $$$.

4) Don't manage bandwidth. Maybe we will finally have enough to please
everyone?


What's everyone else doing, and how's it working for them?

Thanks!
-Matt

--
Matt Richard '08
Access and Security Coordinator
Information Technology Services
Franklin & Marshall College
matt.richard@fandm.edu

**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Message from dwcarder@wisc.edu

Thus spake Matt Richard (matt.richard@FANDM.EDU) on Wed, Nov 07, 2012 at 11:46:32AM -0500: > F&M currently has two ISPs, each with a 200 Mb/sec connection. Each > connection uses a Gigabit Ethernet handoff. I manage Internet > bandwidth with a pair of Packetshaper 10000s in Direct-Standby. I'm > looking to upgrade our two ISP links next summer, and I suspect our > current solution won't handle our projected needs. > > We have about 2400 students, and almost all of them live on-campus > and use our campus network for residential purposes. The same > network also supports the business of the college. > > In our students' eyes, the role of Internet connectivity has changed > over the past few years. Very few students bring a television with > them when they move in. For those who do, I suspect the TV spends > most of its time connected to a game console. Students generally > expect the same level of Internet performance they had at home, when > they shared their broadband connection with their immediate family. > > I'd like to get an idea of what other folks are doing for bandwidth > management at their Internet edge. We are doing nothing. Dale ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Likewise, we (University of Michigan, Ann Arbor campus) don't attempt to manage bandwidth at our border.
But we also have ca. 43K students, somewhat over 6K regular faculty (ca. 25K total faculty and staff), and dual 10GE links to our ISP.  It's not bandwidth to burn, but it's also not saturated - yet...

What is your student to bandwidth ratio? Bruce Entwistle Network Manager University of Redlands
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Nov 07, 2012 at 05:05:47PM -0500, Kurt Hillig wrote: > Likewise, we (University of Michigan, Ann Arbor campus) don't attempt to > manage bandwidth at our border. > But we also have ca. 43K students, somewhat over 6K regular faculty (ca. > 25K total faculty and staff), and dual 10GE links to our ISP. It's not > bandwidth to burn, but it's also not saturated - yet... Kurt, do you run any type of cache - squid, akamai, etc? kmw -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlCa4OgACgkQsKMTOtQ3fKGwxwCfbDyS4RMdqwN8DQECC+Cg1Xg6 BqsAoKo+yjSlW0xaR/5sQ0A0gs6ZxIj/ =dDN/ -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Message from dwcarder@wisc.edu

Hey Bruce, For our main campus it's around 45,000 students, maybe 8,000 of which are in the dorms. Add in another 10,000 faculty staff & researchers and it looks like it's around ~4G inbound of commodity traffic inbound mostly sourced from CDN's and such like netflix. Just the dorms looks like around 1.5gbit/sec. I don't have data on hand for our other campuses. Also for comparison sake typical home service in our area is about 25mbit/sec down, 3/up for ~$40/mo via the cable company. So the dorms have to stay competitive with this at a minimum. Dale Thus spake Entwistle, Bruce (Bruce_Entwistle@REDLANDS.EDU) on Wed, Nov 07, 2012 at 02:12:55PM -0800: > What is your student to bandwidth ratio? > > Bruce Entwistle > Network Manager > University of Redlands > > >
Our ISP is Merit - a regional network for education/research in Michigan, similar to WiscNet, 
OARnet, I-Light etc. - and they've got an Akamai farm on their backbone that serves all of their
member institutions; we don't do any caching internally.

Sounds pretty similar to us: - about 30,000 students, around 8,000 in residence halls - about 12,000 faculty and staff - two 10Gb links to regional backbone (active/active) - bimodal bandwidth peaks on border links -- on a typical day, around 3.5G inbound (aggregated) around 3:30PM, and another ~3G inbound around 10:30PM - interestingly enough, not all of that 10:30PM border peak is ResNET traffic, but about 1.7gbps is from the residence halls (so more than half); only about 750 mbps of the 3:30PM border peak is residence halls For bandwidth management, we do only two things: (1) we do have a per-user rate limit in the residence halls for OFF-CAMPUS traffic only (25 mbps in each direction, so it fits within the typical home service model) - no limit for on-campus (2) we have a "HallPass" program via NAC for P2P traffic. I guess you could say the fact that almost half of our access layer switches are still only 100 Mbps is in itself a form of bandwidth management. -- Jim Gogan / Univ of North Carolina at Chapel Hill
~52K students, 7.5K residential We put a financial model in place-- students pay bandwidth, which enables us to purchase more bandwidth. A "virtuous cycle". As of spring our ratios for ResNet usage was 7.4 to 1, and the rest of our public (wireless) networks were 5.7 to 1. I'd be very interested in other university ratios. We haven't completed the financial model for non-Resnet yet, they still receive a paltry default allocation of 500MB/week, and only 15% of those are buying additional bandwidth. We have no plans to change the default, and are in discussions about eliminating it altogether. -- William C. Green e-mail: green@austin.utexas.edu Director, Networking and Telecommunications phone: +1 512-475-9295 ITS (Information Technology Services) fax: +1 512-471-2449 University of Texas 1 University Station Stop C3800 Austin, TX 78712 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Another vote for Exinda.

The other option is do nothing at the edge but cap the Ethernet ports using QOS to make sure a couple students don't hog the pipes. All decent switches have that ability, albeit Cisco does it in a roundabout way with their policy maps.

Most centralized wireless controllers have this ability if you have WiFi in the dorms.


On 11/7/2012 11:58 AM, Christopher R Mielke wrote:
I second the vote for Exinda. We got ours about 3 years ago and think they are a great solution. 

Thanks,

Chris Mielke

NETWORK ENGINEER 3

COMPUTER AND NETWORK SERVICES



From: Robert Harris <r_harris@CULINARY.EDU>
Reply-To: The EDUCAUSE Network Management Constituent Group Listserv <NETMAN@LISTSERV.EDUCAUSE.EDU>
Date: Wednesday, November 7, 2012 11:54 AM
To: "NETMAN@LISTSERV.EDUCAUSE.EDU" <NETMAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [NETMAN] Bandwidth Management

Talk to Exinda, we swapped out our PS10000 for them a few ears ago, love them!



Robert Harris
Manager of Network
and Audio/Video

Culinary Institute of America
1946 Campus Drive
Hyde Park, NY
845-451-1681
www.ciachef.edu

Food is Life, Create and Savor Yours.™

Please consider the environment before printing this e-mail.

>>> Matt Richard <matt.richard@FANDM.EDU> 11/07/12 11:47 AM >>>
F&M currently has two ISPs, each with a 200 Mb/sec connection. Each
connection uses a Gigabit Ethernet handoff. I manage Internet bandwidth
with a pair of Packetshaper 10000s in Direct-Standby. I'm looking to
upgrade our two ISP links next summer, and I suspect our current
solution won't handle our projected needs.

We have about 2400 students, and almost all of them live on-campus and
use our campus network for residential purposes. The same network also
supports the business of the college.

In our students' eyes, the role of Internet connectivity has changed
over the past few years. Very few students bring a television with them
when they move in. For those who do, I suspect the TV spends most of
its time connected to a game console. Students generally expect the
same level of Internet performance they had at home, when they shared
their broadband connection with their immediate family.

I'd like to get an idea of what other folks are doing for bandwidth
management at their Internet edge. I'm looking at a few options and
weighing the costs and benefits of each (sorted from most to least
expensive):

1) Replace the Packetshapers with another bandwidth management system
that can shape 2 Gbits/sec.

2) Limit our upgraded capacity based on what the Packetshapers can
handle - somewhere around 600 - 800 Mbits, from what I hear.. Our cost
for bandwidth management is the Packetshaper annual support contract.

3) Use the bandwidth management functionality on our Palo Alto
firewalls. We'll lose some functionality but save some $$$.

4) Don't manage bandwidth. Maybe we will finally have enough to please
everyone?


What's everyone else doing, and how's it working for them?

Thanks!
-Matt

--
Matt Richard '08
Access and Security Coordinator
Information Technology Services
Franklin & Marshall College
matt.richard@fandm.edu

**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.


-- Vlade Ristevski Network Manager IT Services Ramapo College (201)-684-6854 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Here's the data points from the three replies on this topic that included both their number of students and their total bandwidth. I've added my school also. It would be handy to have some more responses from campuses with < 10,000 students, and also some in the 10K 30K range. I've used number of students as the the user count, because it is simpler, and at this level of detail, we can assume that faculty and staff add a similar percentage of users everywhere. Also, to compare to "student internet performance similar to what they get at home", I've picked a basic home connection of 10 Mbps inbound serving four users. Campus MbpsIn Users Mbps/user users/Mbps PacketShaping? (Home) 10 4 2.5 0.4 No simons-rock.edu 45 400 0.11 8.8 Yes, Allot NetEnforcer 402 fandm.edu 400 2400 0.17 6 Yes, Packetshaper 10000 umich.edu 20000 43000 0.47 2.15 No unc.edu 20000 30000 0.67 1.5 rate limited to 25 Mbps residential (Dale at Wisc.edu gave a usage quote of "~4G inbound" for 45,000 students. I assume they have 10 or 20 Gbps, but it is interesting to hear their actual usage works out at only 0.089 Mb/user, or 11.25 users per Mb. But, it is not clear if this is a typical daily peak, or just the value when he looked.) I'm hoping to get some sense of what is a sufficient amount of bandwidth so that you can get by with "lightweight" packet shaping, e.g. a NetEqualizer or PFSense system to throttle-the-heavy-users; rather than a "heavyweight" DPI packet shaping system that can classify and prioritize every flow. These heavyweight systems can keep priority data flowing even when your link is saturated, so that's what my (very small) college has been doing so far. But, I hope that at some point, it will be cheaper to buy more bandwidth, than to buy an expensive packet shaper. It seems to me that this relationship is definitely non-linear, in that you need more "bandwidth per user" to be safe from saturation at lower user counts than at higher counts, but I wonder if and where it flattens out. Intuitively, once you have enough users and a big enough pipe, it seems likely that you'll have enough spare capacity so that any of them can grab, say, 10 Mbps at any given moment without needing anything like 10 Mbps per user; though at home, you need 10 or 25 Mbps for just a few users to assure that. Since Simon's Rock is so small, we are certainly down in the curvy part of the graph. I'm embarrassed to admit that we only have 45 Mbps in, so we need to aggressively shape our traffic, and (obviously!) student internet performance is crap most of the time. The link is essentially saturated from about noon through 2 AM every day. (We actually have 51 Mbps in and out, but so far our Allot NetEnforcer is only licensed for 45 Mbps. Thus, even when the Allot is flatlined at 45 Mbps, there is some space on the link for new connections to come in without being dropped at the far end of our last hop.) It was interesting to me to see the datapoint of 25 Mbps home internet service for $40/month. Out here in the sticks, our campus gets pretty exactly 2x that bandwidth for just under 100x that price. (However, MA is building out their "middle mile" network with state funding, so it should get much better in a year or so.) Steve Bohrer Network Admin Bard College at Simon's Rock 413-528-7645 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
We have been using  Bluecoat (nee packeteer), though we have ordered a Netequalizer to replace the packeteer.  The annual maintenance on the p'teer was only slightly less than the full cost of the NetEq.  We have been only using the p'teer to limit per user bandwidth in res net and wireless to a (what we consider) reasonable 5mb/s.  We no longer have much use for trying to manage bandwidth at L7, which was what the packeteer was good at.  We have around 500 mb/s bandwidth, now topping out at a bit below 300 mb/s.  Interestingly, we are pretty consistently 250-300 mb/s from 10:00 AM to 1:00 AM.  This is with 1,900 resident students and a total student population of around 8,000.  

From what I can tell, with the Netequalizer we will be able to give the resnet an allocated bandwidth and there will be no throttling till it is nearing capacity.  That would be neat, cause who doesn't love a smokin' fast download of a large file?

My $.02.
Dennis Bohn
Manager of Network and Systems
Adelphi University
bohn@adelphi.edu
5168773327


our numbers for another data point. 20,000 students 5,000 faculty/staff 4,000 student housing 10,000 peak wireless users 600Mbps peak wireless inbound 1.3Gbps peak inbound internet 2x 10Gbps connections no throttling On 11/07/2012 04:12 PM, Bruce Entwistle wrote: > What is your student to bandwidth ratio? ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Message from dwcarder@wisc.edu

Steve. I asked similar questions back in April or so. Here's what I came away with (and what I remember). We were looking at seriously increasing our bandwidth and the impact that was going to have on our preferred method of management, a Bluecoat Packetshaper. I have been working with them for many years now. Started with a pair of 2500s, then a 6500 and then a pair of 7500s. They have always been pricey boxes, but we felt we got a really good value out of them. But recently, I'd been feeling we were not getting as good a value out of them as we did in the past. At the time, we had 100Mb/S for our college site and 30Mb/S for our K-12. Both were fully utilized when school was in session. There were about 900 students, faculty and staff on each campus. The K-12 was the most heavily hit at 30Mb. We aggressively shaped both campuses. Upgrading to our new bandwidth, 100Mb/S at the K-12 and 150Mbit (we were considering 200 but scaled back) at the college and what we planned for beyond those upgrades were going to move us into some pretty heavy dollars for Packetshaper upgrades. I looked for alternatives and found one. APConnections NetEqualizer. One of those changes I was undergoing was the desire to equalize bandwidth among my users, not prioritize it. I just wanted the access to be equal (but thankfully I found out I could still prioritize in some ways too, just not as high a control level as with the shaper). We took a test run at our K-12 while it was still in session and found it did just as good a job controlling P2P (we try to make it un-useable) and equally sharing our (at the time) limited bandwidth. I also asked on the list about bandwidth and number of students and shaping. The results came down to most folks doing some kind of shaping, were finding the sweet spot for user/Mb bandwidth was between 4/1 and 8/1. Some got away with as much as 20/1 but most everyone seemed to find happiness between 4 and 8 to 1. We have had a great year up to now. The NetEqualizer is pretty much set and forget as they promise. I did spend a few months over the summer mucking about with settings, and then when everyone piled back on at start of school I fine-tuned them again. But we haven't had any problems since. So, at 6/1 and 9/1 with about 900 users at each campus, we're doing pretty well. The NetEqualizer had the bonus of being much more cost effective as well. I bought 2 for the price of just over the maintenance cost of my shapers for this year. Along with support. I know, I sound like an ad, but it has been a great tool for us. And again, the data mentioned above were with institutions that did have some kind of shaping online. Either NetEQualizer type or deep packet inspection type (Packetshaper, etc). Chris CIS Security Director The Principia
Only shaping P2P here. Otherwise our 1 Gbps connection is wide open.

Heath Barnhart, CCNA
Network Administrator
Information Technology Services
Washburn University
Topeka, KS

On 11/7/2012 10:46 AM, Matt Richard wrote:
F&M currently has two ISPs, each with a 200 Mb/sec connection. Each connection uses a Gigabit Ethernet handoff.  I manage Internet bandwidth with a pair of Packetshaper 10000s in Direct-Standby.  I'm looking to upgrade our two ISP links next summer, and I suspect our current solution won't handle our projected needs.

We have about 2400 students, and almost all of them live on-campus and use our campus network for residential purposes.  The same network also supports the business of the college.

In our students' eyes, the role of Internet connectivity has changed over the past few years.  Very few students bring a television with them when they move in.  For those who do, I suspect the TV spends most of its time connected to a game console.  Students generally expect the same level of Internet performance they had at home, when they shared their broadband connection with their immediate family.

I'd like to get an idea of what other folks are doing for bandwidth management at their Internet edge.  I'm looking at a few options and weighing the costs and benefits of each (sorted from most to least expensive):

1)  Replace the Packetshapers with another bandwidth management system that can shape 2 Gbits/sec.

2)  Limit our upgraded capacity based on what the Packetshapers can handle - somewhere around 600 - 800 Mbits, from what I hear..  Our cost for bandwidth management is the Packetshaper annual support contract.

3)  Use the bandwidth management functionality on our Palo Alto firewalls.  We'll lose some functionality but save some $$$.

4)  Don't manage bandwidth.  Maybe we will finally have enough to please everyone?


What's everyone else doing, and how's it working for them?

Thanks!
-Matt

********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Message from briggsgb@plu.edu

I am going to have to second the NetEqualizer recommendation.  It works well, is easy to forget about once it is setup, is inexpensive, and fair.  It doesn't do much until you hit a configurable threshold.  What's not to like?  It is the "keep it simple stupid" option.  

Here comes the data point:
PLU is about 3500 students.  The connection from our primary ISP is 400Mbps.  The secondary is 100Mbps.  We are hoping to get the secondary to 500 so we can fail over if we have to.  We also have PaloAlto firewalls.  

Greg Briggs
Network Manager
Pacific Lutheran University
253-538-5666

If the access interface is 10G, what products are you guys using or can you recommend? We are using Cisco SCE2020 (2 x 1G) and quite happy with it, 10G platform is on our radar but the price tag of Cisco 10G platform is really hard to get buy in. 

Leo Song, Senior Analyst & Cluster Lead
Computing and Communication Services - Networking and Security
University of Guelph
(519) 824-4120 x 53181

From: "Greg Briggs" <briggsgb@PLU.EDU>
To: NETMAN@LISTSERV.EDUCAUSE.EDU
Sent: Wednesday, 14 November, 2012 4:30:48 PM
Subject: Re: [NETMAN] Bandwidth Management

I am going to have to second the NetEqualizer recommendation.  It works well, is easy to forget about once it is setup, is inexpensive, and fair.  It doesn't do much until you hit a configurable threshold.  What's not to like?  It is the "keep it simple stupid" option.  

Here comes the data point:
PLU is about 3500 students.  The connection from our primary ISP is 400Mbps.  The secondary is 100Mbps.  We are hoping to get the secondary to 500 so we can fail over if we have to.  We also have PaloAlto firewalls.  

Greg Briggs
Network Manager
Pacific Lutheran University
253-538-5666

We are hands off for the most part.  We have a NetEqualizer as well and out of the box it kicks in only if your throughput reaches 85% utilization.  We have a few rules in place on our guest network to limit the number of connections and throttle bandwidth to 10 Mbps per host.  These rules are always "on" regardless of the utilization.

We are also looking into Palo Alto and a few other vendors for a firewall & IPS upgrade.

Greg - have you looked at eliminating the NetEqualizer and using your Palo Alto for bandwidth management?  We have been kicking around that idea, but honestly have no idea if the Palo Alto can handle it.  It looks like all of these Next-Gen firewalls have some sort of QoS feature.

Stats:
Students: ~2100
Primary ISP: 1 Gbps
Secondary ISP: 300 Mbps 

Thanks,
Alan

Alan Nord, CCNA
Network Administrator 
Information Technology Services
Macalester College
1600 Grand Avenue
St. Paul, MN 55105



Message from briggsgb@plu.edu

Alan,

I haven't looked into the Palo Altos for bandwidth management.  We currently only use them for security policies.  We are going to be using them for VPN.  Our experience with Palo Alto has been fairly rocky.  I know a lot of folks swear by then, so I am hoping we have just had a run of bad luck.  

Greg



I recently did a firewall upgrade and Palo Alto was a finalist.  This is my understanding of the bandwidth management part of the Palo Alto solution.  First, it is not done in the parallel ASIC based inspection.  It is implemented in software.  Second, it isn’t really a strong bandwidth manager (not just my opinion).  As I remember the description, you can specify 8 different categories of control and place folks into those categories.  I’m not sure how much granular control there is on top of that. 

 

On the other hand, they just released version 5 of PanOS as I hear, things may have changed.  You should have a look.  I liked their solution. 

 

Chris

 

From: Greg Briggs [mailto:briggsgb@PLU.EDU]
Sent: Wednesday, November 14, 2012 7:04 PM
Subject: Re: Bandwidth Management

 

Alan,

 

I haven't looked into the Palo Altos for bandwidth management.  We currently only use them for security policies.  We are going to be using them for VPN.  Our experience with Palo Alto has been fairly rocky.  I know a lot of folks swear by then, so I am hoping we have just had a run of bad luck.  

 

Greg

 

 

Close
Close


Annual Conference
September 29–October 2
View Proceedings

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.