jdflory
asked on
Throttling Bandwidth
Hello All,
Our company just purchased a DS3 circuit with 5mg of bandwidth and a burstable speed of 45 mg. So in theory we will maintain the 5mg connection and only use above that when we really need it. Any time we go over 5mgs we get billed per mg.
What I am looking for an inexpensive way to throttle bandwidth to this connection. At&t recommends a choke router which is very expensive ranging anywhere from $1200 to 12,000. I am hoping that we can throttle bandwidth with hardware that we already have.
We currently have a PIX 515 running version 6.3 and we also have a couple of Cisco 1720 routers that are not in use. One point to keep in mind is that the Cisco 3800 series router that delivers the DS3 line to our PIX is managed by AT&T and we do not have access to this unit.
I am hoping this can be done with PIX or if we have to place the 1720 router between the 3800 and the PIX which would mean completely reconfiguring our external network.
Any help would be much appreciated
Our company just purchased a DS3 circuit with 5mg of bandwidth and a burstable speed of 45 mg. So in theory we will maintain the 5mg connection and only use above that when we really need it. Any time we go over 5mgs we get billed per mg.
What I am looking for an inexpensive way to throttle bandwidth to this connection. At&t recommends a choke router which is very expensive ranging anywhere from $1200 to 12,000. I am hoping that we can throttle bandwidth with hardware that we already have.
We currently have a PIX 515 running version 6.3 and we also have a couple of Cisco 1720 routers that are not in use. One point to keep in mind is that the Cisco 3800 series router that delivers the DS3 line to our PIX is managed by AT&T and we do not have access to this unit.
I am hoping this can be done with PIX or if we have to place the 1720 router between the 3800 and the PIX which would mean completely reconfiguring our external network.
Any help would be much appreciated
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you everyone for the quick responses
Neoponder:
I checked on the PIX version 7 and you are correct it has QOS built into it which would allow bandwidth limiting on a per protocol basis or all protocols in one access list. I think tthis is the direction we will be going. When I mentioned the 1720 what I was talking about was placing it between the PIX and the DS3 router and then breaking our IP block into 2 subnets.
One thing I did not mention is we have another site (connected by site to site VPN) with the exact same setup except that it has has PIX 506 which isn not upgradable to 7.x. Maybe I can use the 1720 there.
Lrmoore:
You bring up a good point I will take a look at the contract and see if it is an average. One problem I can forsee is that we actually do have alot of replication traffic at night and that the my manager is very hard set on getting something to limit bandwidth. He does not want to get into "policing the network" aslo there are alot of poeple that have legitimate hi bandwidth needs. You are right that now would be the time to implement WSUS. I am going to forward your ideas to my manager.
Thanks you all
HAve a good holiday
Neoponder:
I checked on the PIX version 7 and you are correct it has QOS built into it which would allow bandwidth limiting on a per protocol basis or all protocols in one access list. I think tthis is the direction we will be going. When I mentioned the 1720 what I was talking about was placing it between the PIX and the DS3 router and then breaking our IP block into 2 subnets.
One thing I did not mention is we have another site (connected by site to site VPN) with the exact same setup except that it has has PIX 506 which isn not upgradable to 7.x. Maybe I can use the 1720 there.
Lrmoore:
You bring up a good point I will take a look at the contract and see if it is an average. One problem I can forsee is that we actually do have alot of replication traffic at night and that the my manager is very hard set on getting something to limit bandwidth. He does not want to get into "policing the network" aslo there are alot of poeple that have legitimate hi bandwidth needs. You are right that now would be the time to implement WSUS. I am going to forward your ideas to my manager.
Thanks you all
HAve a good holiday
Since you do have PIX 7.x at one end, you can do some rate-limiting/policing
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b9a.html#wp1045477
You're out of luck on site with PIX 506.
I just can't get my head around paying good $$$ for a DS3 with managed 3800 series router, and throw in an old junky 1700 just as a bandwidth controller. It'll make troubleshooting difficult. Application performance may suffer greatly causing disgruntled workers. It's another in-line point of failure and added complexity in the network. It wasn't designed to handle the throughput of a full DS3 so your burst capabilities will be severely limited.
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080450b9a.html#wp1045477
You're out of luck on site with PIX 506.
I just can't get my head around paying good $$$ for a DS3 with managed 3800 series router, and throw in an old junky 1700 just as a bandwidth controller. It'll make troubleshooting difficult. Application performance may suffer greatly causing disgruntled workers. It's another in-line point of failure and added complexity in the network. It wasn't designed to handle the throughput of a full DS3 so your burst capabilities will be severely limited.
ASKER
You are probably right adding another device allways adds to the complexity of your network so I think I will pitch replacing the 506 pix with another model that supports an upgrade to 7x. I have already got the OK to purchase the 7.x software for our office and from what I here the upgrade is not to painful as long as you do not have any unsupported commands in your config.
The upgrade really is quite painless, unless you try to go from 6.3x all the way to 7.2 (7.22 is latest/greatest)
You have to take an incremental step and upgrade to 7.0x first, let the upgrade process convert your config, reboot, then upgrade to 7.22
You have to take an incremental step and upgrade to 7.0x first, let the upgrade process convert your config, reboot, then upgrade to 7.22
ASKER
Thanks I will definitly keep that in mind.
And just how much are you going to pay if you go over your 5 Mbps? Look at it this way, spending $2-3K may save you $100K over a years time period.
neoponder is correct, PIX6.3 does not do rate limiting.
Just how do you plan to allow usage above 5Mbps one you implment rate limiting?
Depending on what you are using this for, you may want to look at taking a "spare" PC an installing Squid on it. Use this is as a proxy server for web surfing and it (Squid) has built in bandwidth throttling. Limit employee web surfing bandwidth and you may not need to cap anything else.