Security Basics mailing list archives
RE: Re[2]: Internet Cafe
From: "Paul Stewart" <pauls () nexicom net>
Date: Mon, 20 Jan 2003 18:51:09 -0500
You can also use etinc.com's products which work well.... Can get a Linux version for a reasonable cost or buy one of their appliances..;) ET/BWMGR vs Packeteer The major difference between the technologies described from a functional standpoint is capacity. The PacketShaper 4000isp, for example, can only manage 1000 "partitions" (500 bi-directional), which means that you can only limit 500 hosts. But in order to limit 500 hosts, you can't limit other types of traffic. In effect, you can only limit 375 hosts and still use the box's shaping capabilities on other streams. The ET/BWMGR can support THOUSANDs of limits of any type, so you can set a limit for each and every web site and/or customer individually. The folks at Packeteer will tell you to "cascade" their very expensive boxes to get more capacity, but for a LOT LESS the ET/BWMGR can do what you'd need multiple PacketShapers to do. In terms of total capacity, a 700Mhz ET/BWMGR can handle multiple 100Mb/s wires, and is rated at 125Mb/s total throughput, while the Packeteer is rated at less than half of that. A major reason for the difference in capacity is that PacketShaper's rate limiting algorithm chokes its resources. For example, to limit a busy web server using the ET/BWMGR requires the management of 1 logical stream. For the PacketShaper, a stream is required for each connection. So if you have 300 users on the web site, Packeteer's product must manage each of those connections individually. Ultimately, there is no difference in the resulting performance, as the ET/BWMGR also withholds ACKs (by slowing the original data to the host and by generally controlling the TCP window) so ACKs are paced naturally without having to physically manipulate them, and without the associated overhead. When the numbers get really big, the differences become more significant. With 500 hosts (the PacketShaper 4000isp capacity), you may have 50,000 (or more) connections for the PacketShaper to manage, while ET/BWMGR has only 500. Paul Stewart Nexicom Inc. -----Original Message----- From: Mark Kelsay [mailto:mkelsay () Switchboard com] Sent: Friday, January 17, 2003 4:05 PM To: 'Marc Cuypers'; security-basics () securityfocus com Subject: RE: Re[2]: Internet Cafe This will do it, but I am not sure of the price. http://www.packeteer.com/products/packetshaper/ -----Original Message----- From: Marc Cuypers [mailto:m.cuypers () pandora be] Sent: Thursday, January 16, 2003 3:32 PM To: security-basics () securityfocus com; Terry Peterson Subject: Re[2]: Internet Cafe On Wed, 15 Jan 2003 12:31:56 -0800 Terry Peterson <tpeterson () snocom org> wrote:
I currently own an internet cafe. Instead of applying strict policies
we have decided to image the hard drives often. We have found that we
had to lock down the boxes to tight that they became difficult for our customers to use. So far, we have not had anyone attempting to compromise the systems or use our center to source attacks. Out biggest problem is figuring out
a
way to limit bandwidth usage. Is anyone aware of anyway to limit download bandwidth on a per machine basis? Terry Peterson
Bandwith management can be done with linux (advanced routing). With advanced routing it is possible to shape the IP-traffice. So you need a linux-box as a router with 'advanced routing' enabled. Notice the word 'advanced', it will take a little effort to grasp and configure. Marc Cuypers
Current thread:
- RE: Internet Cafe, (continued)
- RE: Internet Cafe squid (Jan 19)
- RE: Internet Cafe Terry Peterson (Jan 19)
- RE: Internet Cafe Gunn, Jeff (Jan 21)
- Very basic security question: Ing. Bernardo Lopez (Jan 23)
- Re: Very basic security question: Diego Figueroa (Jan 24)
- Re: Very basic security question: Brad Arlt (Jan 24)
- Message not available
- Re: Very basic security question: Brad Arlt (Jan 27)
- Very basic security question: Ing. Bernardo Lopez (Jan 23)