Firewall Wizards mailing list archives
Re: Traffic Management
From: "Swift Griggs" <ssgriggs () usa net>
Date: Wed, 14 Feb 2001 19:39:26 -0700 (MST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 9 Feb 2001 bparis () sorrentolactalis com wrote: - -=> Recently we've been experiencing "congestion" of our internet - -=>pipe. We've tried restricting various thing like Napster, Gnutella - -=>and the like with varying degrees of success, but as more and more - -=>users come onto our LAN/WAN we've noticed our performance - -=>decreasing. Rather than manage this at our firewall (with many many - -=>rules), I'd like to know how you manage your traffic. What do you - -=>use? I'd recommend upgrading your network first and foremost. Cascading switches on gigabit fabrics or very high speed backplanes tend to be the best solution to layer 2 congestion. This may seem like a "brute force" solution, but it's usually the most appropriate. Barring that you can also use VLANs to segment bursty or broadcast prone segments (like tons of winbl^H^Hdows clients broadcasting and holding SMB elections). Segmenting server farms behind clustering devices is a definite to-do as well. If you want to track down and eliminate activities which are not business related (ie.. Quake, streaming porn, icecast), then look into a decent sniffer or check out a NIDS box than can do TCP (and limited UDP) session killing like Sessionwall, Dragon, ISS RealSecure, NetProwler, Cisco IDS, or SNORT which will can kill these services when it detects them. This gives you an added benefit of being able to log the perpetrators and thus tap them on the shoulder to knock it off. Once the word gets out that segments are being "watched" and people are actively getting nasty-grams, you'll probably see less unnecessary traffic. My experience is that it's pretty tough to control. Hardware upgrades for the network need to keep up with the demands of the users. That's not to say that people should be given free reign to take over the network with obnoxious and wasteful activities. SWiFT GRiGGS | NiC SG1991 | PGP D38E3D91 | SSGRiGGS () USA NET Non Illegitemus Carborundum. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6i0Fhgta6ENOOPZERAlAIAJwPCTE1nW2gu/aHe1Y8T5KXM1aXywCfZ9p0 Q1Bca/6tAjL8Teye2znM41Y= =pL9G -----END PGP SIGNATURE----- _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Traffic Management bparis (Feb 11)
- RE: Traffic Management Steven Osman (Feb 12)
- Re: Traffic Management Rama Kant (Feb 12)
- Re: Traffic Management Firewall Team (Feb 13)
- Re: Traffic Management Swift Griggs (Feb 15)
- Re: Traffic Management Firewall Team (Feb 16)
- Re: Traffic Management Ng Pheng Siong (Feb 16)
- <Possible follow-ups>
- Re: Traffic Management Alex Goldney (Feb 12)
- RE: Traffic Management Safier, Adam (GEIO) (Feb 13)
- RE: Traffic Management Paul Heber (Feb 14)