dbauer3851
asked on
Dealing with interface over-utilization on a cisco network
I'm an administrator for a large all cisco network at a major university. Currently all of our internet traffic runs out one 6509 switch that serves as our gateway. The external interface is 100 Mbs fdx ethernet when leaving our network. We run multi-gig on the backbone. Outside the gateway router traffic passes through a couple security routers and firewalls that are controlled by our parent organization and we have no ability to configure.
Our students have recently discovered a legitimate and legal music and movie site with massive amounts of bandwidth. As the word spread the average traffic inbound on the external interface of the gateway has pegged at 100% utilization with packets being dropped because theres nowhere for them to go. Due to the site being legal and legalities pertaining to academic freedom I cannot block this site outright, nor do I want to. I'm looking for a way to limit the amount of traffic bombarding that interface from within my span of control which runs from the access layer up through the core and the gateway router at the edge.
In addition to standard cisco 6500s, 4500s, and 3550s that compose most of our network traffic entering and leaving the gateway router is funneled through two cisco content engines, a websense server, and a pix firewall that we control before being passed up the security stack to the internet. A solution using any of these pieces of equipment or a combination thereof would be acceptable.
Our students have recently discovered a legitimate and legal music and movie site with massive amounts of bandwidth. As the word spread the average traffic inbound on the external interface of the gateway has pegged at 100% utilization with packets being dropped because theres nowhere for them to go. Due to the site being legal and legalities pertaining to academic freedom I cannot block this site outright, nor do I want to. I'm looking for a way to limit the amount of traffic bombarding that interface from within my span of control which runs from the access layer up through the core and the gateway router at the edge.
In addition to standard cisco 6500s, 4500s, and 3550s that compose most of our network traffic entering and leaving the gateway router is funneled through two cisco content engines, a websense server, and a pix firewall that we control before being passed up the security stack to the internet. A solution using any of these pieces of equipment or a combination thereof would be acceptable.
ASKER
Thats pretty much exactly the situation. Kids aren't dumb, any time you find a way to beat one thing they're doing they'll come up with a new one and the other end doesn't want to be in the business of dealing with that.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Perhaps you can find a way to get the folks on the other end to set up some basic QOS for you that limits that stuff? But next month there may be something else and they may not want to set a precedent...