Solved

Dealing with interface over-utilization on a cisco network

Posted on 2007-04-09
3
586 Views
Last Modified: 2008-02-01
I'm an administrator for a large all cisco network at a major university.  Currently all of our internet traffic runs out one 6509 switch that serves as our gateway.  The external interface is 100 Mbs fdx ethernet when leaving our network.  We run multi-gig on the backbone.  Outside the gateway router traffic passes through a couple security routers and firewalls that are controlled by our parent organization and we have no ability to configure.  

Our students have recently discovered a legitimate and legal music and movie site with massive amounts of bandwidth.  As the word spread the average traffic inbound on the external interface of the gateway has pegged at 100% utilization with packets being dropped because theres nowhere for them to go.  Due to the site being legal and legalities pertaining to academic freedom I cannot block this site outright, nor do I want to.  I'm looking for a way to limit the amount of traffic bombarding that interface from within my span of control which runs from the access layer up through the core and the gateway router at the edge.

In addition to standard cisco 6500s, 4500s, and 3550s that compose most of our network traffic entering and leaving the gateway router is funneled through two cisco content engines, a websense server, and a pix firewall that we control before being passed up the security stack to the internet.  A solution using any of these pieces of equipment or a combination thereof would be acceptable.
0
Comment
Question by:dbauer3851
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 18879380
The best thing would be rate-limiting that traffic to a percentage of your interface bandwidth. Unfortunately if the gateway link is being pegged because of inbound traffic, the only place where you could make a real difference would be on the other side of that link- the side that it sounds like you do not control. You can configure rate-limiting on the router or on the PIX, but it still doesn't help if the outermost link to your domain is pegged with inbound traffic.

Perhaps you can find a way to get the folks on the other end to set up some basic QOS for you that limits that stuff? But next month there may be something else and they may not want to set a precedent...
0
 

Author Comment

by:dbauer3851
ID: 18879679
Thats pretty much exactly the situation.  Kids aren't dumb, any time you find a way to beat one thing they're doing they'll come up with a new one and the other end doesn't want to be in the business of dealing with that.
0
 
LVL 28

Accepted Solution

by:
mikebernhardt earned 500 total points
ID: 18883380
Perhaps you can limit the traffic TO that site down really low. Although it doesn't directly solve the problem, if you slow down the request for files enough, it should limit the amount of data that can come back. You would have to experiment unless you have some netflow or RMON analysis available to see just how much outbound data there is. Then try rate-limiting it to say, 50% of the current level.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RHEL6 + dockers - No route to host 7 104
Cisco 3650x ACL 8 50
Routing Issue 26 68
Programmable Firewall Router? 3 24
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question