Apply bandwidth limits
We are a serviced office and have freely just passed broadband between all the tenants.
Since one of the tenants are taking a lot of the bandwidth we now need to apply limits to the pipe.
I’ve checked with out switch and we can only limit upload.
Please can somebody suggest the best way to do this? We can get new hardware if required. But not sure if this is usually achieved via switch or router and how it passes through for 30 separate tenants.
Thanks in advanced.
Since one of the tenants are taking a lot of the bandwidth we now need to apply limits to the pipe.
I’ve checked with out switch and we can only limit upload.
Please can somebody suggest the best way to do this? We can get new hardware if required. But not sure if this is usually achieved via switch or router and how it passes through for 30 separate tenants.
Thanks in advanced.
Soulja
What model/type of switch. How are you currently logically separating the tenants?
ASKER
We have Netgear GS752 switches (I can’t remember the full model name off the top of my head but can confirm tomorrow).
We currently use VLANS to separate the tenants.
Thanks.
We currently use VLANS to separate the tenants.
Thanks.
It is normal you can only apply limits to egress traffic. ( you cannot prevent traffic being sent @you from arriving at your systems, that's what some kinds of DDOS makes it so effective )
But your tennant is also connected to the switch, the egress to his/her site is also egress traffic so you should be able limit that.
If you can also filter the traffic from them to the public internet (filter selective on source address) then that can also be limitted.
Otherwise if you can assign traffic classes to ports make other ports a higherpriority.
If that won;t work then buy some security applicance that can do BW management and use that on their link. (Zywall USG can do this).
But your tennant is also connected to the switch, the egress to his/her site is also egress traffic so you should be able limit that.
If you can also filter the traffic from them to the public internet (filter selective on source address) then that can also be limitted.
Otherwise if you can assign traffic classes to ports make other ports a higherpriority.
If that won;t work then buy some security applicance that can do BW management and use that on their link. (Zywall USG can do this).
Or if you require very flexible/fine control over many connections, setup a pass through Linux box (using Ubuntu Bionic) + use one of the many tools to throttle bandwidth.
The tc (traffic control) command is a good starting point.
Create a queue for every client + then cap the total amount of throughput one client can take, so if you have say 10 clients, then many you set your cap at 25% or 50%, so no one client can consume all bandwidth.
Or you can leave bandwidth open to 100% for everyone + deprioritize the one problem client, so they can have 100% anytime they like + if anyone else have traffic running, then other clients connections will take priority over your problem client.
The tc command allows extremely complex queuing rules to be setup. Far more complex than any hardware solution... well... unless you shell out some big bucks for expensive hardware with complex QOS support built into the router.
The tc (traffic control) command is a good starting point.
Create a queue for every client + then cap the total amount of throughput one client can take, so if you have say 10 clients, then many you set your cap at 25% or 50%, so no one client can consume all bandwidth.
Or you can leave bandwidth open to 100% for everyone + deprioritize the one problem client, so they can have 100% anytime they like + if anyone else have traffic running, then other clients connections will take priority over your problem client.
The tc command allows extremely complex queuing rules to be setup. Far more complex than any hardware solution... well... unless you shell out some big bucks for expensive hardware with complex QOS support built into the router.
@David Zywall USG is exactly that + web management. (all in one box < A4 surface, 1U high)
@kenzii
Okay so it seems your switches are only Layer 2. What is providing the routing for each of the tenant VLANs. It's on that device that you want to enforce some type of QOS policy to limit bandwidth.
Okay so it seems your switches are only Layer 2. What is providing the routing for each of the tenant VLANs. It's on that device that you want to enforce some type of QOS policy to limit bandwidth.
ASKER
Thanks for the comments all.
Just wondered how it’s commonly done in serviced offices or even data centres where they have 1 big pipe shared between lost of different companies.
I think it’s steering more to the router than the switch?
Just wondered how it’s commonly done in serviced offices or even data centres where they have 1 big pipe shared between lost of different companies.
I think it’s steering more to the router than the switch?
Yes in the multitenant dc's the customers are usually on separate vrf's and qos is applied at their layer 3 boundaries.
ASKER
Thanks for all the comments. I'm afraid I'm not much clearer on the way to go.
Perhaps somebody could recommend the hardware required and I can look into from there. I've looked at Cisco ASA5505 but I think these will need a compatible switch in order to control bandwidth speed.
Perhaps somebody could recommend the hardware required and I can look into from there. I've looked at Cisco ASA5505 but I think these will need a compatible switch in order to control bandwidth speed.
Kenzi,
What are you using to route the traffic to the internet?
What are you using to route the traffic to the internet?
ASKER
We currently have a Draytek 2920. But happy to make an investment in hew hardware but ideally don’t want to take a ccna in order to set it up
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.