T1 connection

[Roody]

How well would a T1 connection handle a school with 250 computers for those of you with knowledge on the matter?

[SeedOfChaos]

T1 = 1,544 Mbit/s. In 56k times that was blazing fast, but today it's considerably less than the average DSL connection.

It would strongly depend on how those 250 computers use the web. If for example the proxy allows only a few text & image websites, it may be a little tight, but ok. If 250 computers constantly view streaming video... heeeell no! Maybe give us a bit more specifics on what they plan to do with those computers.

AFAIK, T1 is a synchronous connection. I would think that the school would be better off with a asynchronous business DSL connection with more download capacity than 1,5 Mbit.

[Roody]

We are looking into finding the best solution for here at the school I work at. We used to have business DSL, but it didn't run as fast as we wanted. Then we went to cable modem which gave us more speed, but it slows down when a bunch of people are online and it keeps getting worse so now we are trying to decide what the best approach is.

[Sava700]

Depends on how much your willing to spend...

http://en.wikipedia.org/wiki/Broadband_Internet_access

We have a OC-3 here at the school I'm at but that costs about 15,000$/month



You may wish to contact some of the phone companies for options and contracts they are willing to do with schools.

[DV]

I'd agree with SOC in that you'll probably want more down speed. Look around as I've seen prices dropping for fast connections. We just got an offer in Nor Cal for a 10 meg line from XO for $975 a month. Also one of our Tennessee companies got a 5 meg fiber line for $500 a month from a local provider.

[YeOldeStonecat]

Start with a fractional "3 flavor" of some sort. A slice of OC3/DS3. A true T-1 will not leave you with economical expandability. Starting off with a 2 or 4 meg chunk of "3"....at quite a low cost...you can add more "lanes to the highway" as needed. You'll often find a 2 meg slice of T-3 is less expensive than a full T-1.

Commonly being bundled with VoIP packages from various biz telco's. Dunno what your phone situation is now.

[Kip Patterson]

Do you block torrents? If you allow downloading of videos and music (which you shouldn't in my opinion) you will need a lot more than a T-1 - say ten t-1's.

[SeedOfChaos]

A quick google search lead me to this, I don't know, maybe worth checking out:

http://www.universalservice.org/sl/abou ... ogram.aspx

I'm just thinking maybe you can get additional funds for increased speed from some sort of government program or corporate sponsorship or something. Be creative and make a couple phone calls... start with the yellow pages of Silicon Valley

[CableDude]

We had 2 t1's about 8 years ago about 3000 users and it was slow at times.


Yes, I am referring to the place I work.

[Roody]

Ok thanks for the input everyone. I appreciate it.

[YeOldeStonecat]

Do you block torrents? If you allow downloading of videos and music (which you shouldn't in my opinion) you will need a lot more than a T-1 - say ten t-1's.

That's a good point...Roody..do you have any packet shaping appliance in place? Or are students left to use what they can?

[Roody]

That's a good point...Roody..do you have any packet shaping appliance in place? Or are students left to use what they can?

We are running a proxy server yes.

[Sava700]

We are running a proxy server yes.

thats not the same thing he's talking about... But either way when it comes to students of higher education like a college I disagree with packets being controlled cause they do pay to go to school there or anywhere and usually there is a network usage fee in the semester costs..so why would you want to pay for restricted access when they should just give more bandwidth to correct the usage issue if there is one.

[YeOldeStonecat]

I disagree with packets being controlled cause they do pay to go to school there or anywhere and usually there is a network usage fee in the semester costs..so why would you want to pay for restricted access when they should just give more bandwidth to correct the usage issue if there is one.

Because....it's still a bunch of kids. Only takes a very small handful to bring down a network running torrents and other p2p software, the answer isn't to feed them more bandwidth..because it'll get sucked up...he could give them an OC-48 or OC-92 ..if it's unmanaged...it'll get abused til its on its knees...leaving the people who are trying to do legitimate work like reseach on the web, e-mail, and other good uses with a miserable experience less than dial up.

They're paying for internet access within reason for normal use. There's an expected amount of bandwidth per student for standard use..which brings a similar oversubscription model to that used by ISPs.

More and more college networks these days need students PCs to pass a compliance test (A NAC such as Clean Access). Upon first plugging in their PCs..the PCs are directed via captive portal to a segmented network..where they're sniffed for a minimum checklist of windows updates, sevice packs, and that they have an approved antivirus installed...only upon passing this checklist..are they allowed on the main network and resources.

And some proxy servers do have options of traffic shaping.

[Roody]

Can someone give me an example of packet controlling software?

[YeOldeStonecat]

Can someone give me an example of packet controlling software?

What's your primary proxy package?
Or a dedicated appliance.....
NetEqualizer
Packeteer

[Sava700]

Because....it's still a bunch of kids. Only takes a very small handful to bring down a network running torrents and other p2p software, the answer isn't to feed them more bandwidth..because it'll get sucked up...he could give them an OC-48 or OC-92 ..if it's unmanaged...it'll get abused til its on its knees...leaving the people who are trying to do legitimate work like reseach on the web, e-mail, and other good uses with a miserable experience less than dial up.

They're paying for internet access within reason for normal use. There's an expected amount of bandwidth per student for standard use..which brings a similar oversubscription model to that used by ISPs.

More and more college networks these days need students PCs to pass a compliance test (A NAC such as Clean Access). Upon first plugging in their PCs..the PCs are directed via captive portal to a segmented network..where they're sniffed for a minimum checklist of windows updates, sevice packs, and that they have an approved antivirus installed...only upon passing this checklist..are they allowed on the main network and resources.

And some proxy servers do have options of traffic shaping.

I agree with what your saying on needs but seeing it first hand and the amount of money paid to have stable fast internet these kids pay its a shame some of them can barely stream a online music station at night..but can't say that it isn't the network admins fault cause he doesn't know what he's doing either.

[Roody]

What's your primary proxy package?
Or a dedicated appliance.....
NetEqualizer
Packeteer

We don't use anything like that. We currently are running a proxy filter through one of our servers called the PowerElf that manages our website and email.

[YeOldeStonecat]

We don't use anything like that. We currently are running a proxy filter through one of our servers called the PowerElf that manages our website and email.

Does all web traffic go through that? Based on skimming the website...it looks like it's just a transparent SMTP proxy at most.

Read that intro paragraph on NetEqualizers site......
The easy way to sell this to the bean counters at your school

"Whether you are a Business, Library, ISP, Hotel, School or some other entity using a T1/DS3/E1 connection to the internet you have probably struggled with the age old question...

Should I purchase more bandwidth to handle the ever increasing load I am seeing on our Internet trunk, or is there some other way to do it without the recurring monthly incremental cost?"

You take the cost of this box..plus the support package...
You take the increased cost of upgrading your internet pipe...including the initial setup, cutover, downtime, overtime in your staff, and monthly recurring...

The answer isn't just to feed them more bandwidth...you also, at the least, need to manage the bandwidth..because they will suck up no matter what you feed them..it's amazing what these devices do.

Also, if you have room to tinker yourself..check out some of the linux distros...there's PFSense which has traffic shaping as a feature..build your own box using an old P3 box with a pair of NICs. http://www.pfsense.com

[Roody]

Ok thanks man I will look into that. I appreciate you guys help as always.

[CableDude]

Because....it's still a bunch of kids. Only takes a very small handful to bring down a network running torrents and other p2p software, the answer isn't to feed them more bandwidth..because it'll get sucked up...he could give them an OC-48 or OC-92 ..if it's unmanaged...it'll get abused til its on its knees...leaving the people who are trying to do legitimate work like reseach on the web, e-mail, and other good uses with a miserable experience less than dial up.

They're paying for internet access within reason for normal use. There's an expected amount of bandwidth per student for standard use..which brings a similar oversubscription model to that used by ISPs.

More and more college networks these days need students PCs to pass a compliance test (A NAC such as Clean Access). Upon first plugging in their PCs..the PCs are directed via captive portal to a segmented network..where they're sniffed for a minimum checklist of windows updates, sevice packs, and that they have an approved antivirus installed...only upon passing this checklist..are they allowed on the main network and resources.

And some proxy servers do have options of traffic shaping.

This man knows his stuff.


We use packeteer.

[FunK]

You could look into a Ethernet solution.
I know that UUNET is selling Ethernet connections. You can buy the access and then specify the connection you want (from ethernet, fast ethernet or up to Gigabit). Then you can have a VLAN configured anywhere from 1M-Gig.
The VLAN is configured at the speed you pay for.. 1M 20M 300M, etc and it doesn't take much to order more bandwidth and can be done rather quickly.

Costs of course would be cheaper if there is a COLO near by but it might suit your needs.

As for traffic shaping, you could shape on the router facing the internet.. IE, if you have a 100M connection, you can police traffic from the "dorm subnets" and only allow say 60M total, then you can allocate the other 40M to administrative stuff.. Thus the kids can't walk on the schools bandwidth and bring it down. If the buildings are subnetted in a logical manner, you can easily calculate how many machines are on each segment and allocate bandwidth as needed. This should be possible no matter what connection is in use.

You could also order multiple VLANs per connection. One 10M VLAN for admin and say a 20M VLAN for the students. Separated completely (Diff subnets) but still on the same physical path / access method. Each has their own bandwidth and cannot walk on one another yet both are inherently shaped based on the size of the VLAN ordered.

More info here:

http://www.uunet.net/products/internet/ ... s-ethernet

Other possible solutions:
NxDS1 (bonded T1s grouped together) = 3M - 12M
Subrate DS3 (less than 45M). Can be split up to say 10M / 20M, etc.

[carterfed]

What did you end up going with here? NetEqualizer, or something else?

[terrancelam]

We use NetReg here at where I work (University of Toronto) . Its very similar to what YeOS mentioned, but I'm guessing you probably run a computer lab so maybe blocking off most ports except 21/25/80(standard web ports). Even then, if you have a managed switch / router, you can run QoS regulations on a range of IPs to limit them to a "decent" amount of bandwidth. Like some of the other guys mentioned, most students don't need to be downloading/uploading much of anything.

http://netreg.sourceforge.net/ (For netreg incase you do want to use it)