Re: Speeds and feeds

[Drexx Depuno <drexx () mindgate com ph>]

Hello,

If you really want bandwidth management and firewall functionality,
why don't you use Check Point's Floodgate-1 and Firewall-1 on a
good, 2-CPU, Solaris SPARC machine? We use it in our office and our
humble 64kbps to ISP was given a new lease on life (pardon the pun).

I think the Cisco solution uses RSVP and so do a lot of other traffic
management solutions. If so, isn't a requirement of RSVP to be fully
effective is to have RSVP-speaking devices connected per device on
the network? And so it's almost impossible to achieve in the Internet?

BTW, is there any serious security trade-offs of having traffic
management and firewall functionality on one box? 

Drexx Depuno (Opinions are my own and not of my employer.)

At 03:46 AM 5/29/98 -0700, Bennett Todd wrote:
> It definitely sounds like the T1 is saturating --- but it would never
> hurt to more-positively document that. If you can get router statistics
> on line utilization that would help.
>
> Given that they're using up the T1, one good question is, do they want
> to buy more bandwidth? If so then by all means do so. But people doing
> big downloads can saturate _anything_ (I know --- I like to do tricks
> like mirror the entire Red Hat site:-).
>
> So if other users are noticing degraded response, I'd look into
> bandwidth management solutions. Cisco has some traffic shaping options
> for recent IOS releases, there's dummynet[1] (for FreeBSD --- freely
> available) and the Bandwidth Manager[2] (for FreeBSD, BSDI, and NetBSD,
> $500).
>
> And worst comes to worst, you may well be able to do the deed if you
> force the big downloaders to go through a separate set of proxies, and
> put a mechanism in place --- e.g. a slip line running at 115kbps --- to
> throttle their bandwidth.
>
> -Bennett
>
> [1] <URL:http://www.iet.unipi.it/~luigi/ip_dummynet/>
> [2] <URL:http://www.etinc.com/bwmgr.htm>