Announcement

Collapse
No announcement yet.

Network shaping/limiting/balance bandwidth software

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Network shaping/limiting/balance bandwidth software

    Hello All!
    I run a network with about 30pcs and VOIP through a cisco (that I have no controll over) switch (not router) and a netgear firewall/vpn/router/Gateway.
    I'm looking for a piece of software that I can use the shape/limit/balance user's bandwidth and maybe if have a day/week visual report.
    Common sense tells me I must either have a piece of hardware on the want port or in/at the router, or software on each PC that communicates with a main computer.
    I do have a server, but the network doesn't really run through the server. We did have smoothwall firewall, which did do much of what I'm talking about, but between linux based and open platform, I don't really trust it. (I'm sure you that use it trust if fully... and that's fine for you)

    What options do I have or is there a inexpensive box? I would like to have a solution I can provide local offices.
    I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
    Chris Robertson
    The Computer Doctor

  • #2
    Re: Network shaping/limiting/balance bandwidth software

    You don't get much more inexpensive than open source. Any particular reason why you don't trust it?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Network shaping/limiting/balance bandwidth software

      I've read a lot of the forums for open source programs, and many are hacked on a regular basis. Open Knowledge of holes and weakneses make them vulnerable. I had a few open source websites, and I spent most of the time, trying to secure them, and fixing hacks. So I have had some bad experiences, and the firewall isn't one I wanted to be unsure about.
      I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
      Chris Robertson
      The Computer Doctor

      Comment


      • #4
        Re: Network shaping/limiting/balance bandwidth software

        Originally posted by crobertson View Post
        We did have smoothwall firewall, which did do much of what I'm talking about, but between linux based and open platform, I don't really trust it. (I'm sure you that use it trust if fully... and that's fine for you).
        You don't trust what you can observe working... but do trust that which you cannot. I understand completely. Now if it's a proficiency issue, I can truly understand completely. If you're not familiar with Linux or a certain software package it can be rather daunting and mis-configurations can abound.

        Moving on... most firewalls have some amount of traffic shaping and report generating, however I'm not sure if it would be entirely worth it from a monetary standpoint to purchase one for just 30 users. SonicWall, CheckPoint, Barracude, et. alii make plenty of low-end firewalls that may be able to do just that. How much are you/your company willing to spend on this? As far as commercially supported firewall/traffic shaping/report generating software... I'm at a loss. Every time I thought of one I realized "Oh wait... that's FOSS...".

        EDIT: crobertson, I just noticed your post below. We cross-posted.
        Wesley David
        LinkedIn | Careers 2.0
        -------------------------------
        Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
        Vendor Neutral Certifications: CWNA
        Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
        Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

        Comment


        • #5
          Re: Network shaping/limiting/balance bandwidth software

          What are the exact requirements?
          What do you want to shape/limit? Yes I understand bandwidth, but where are you thinking about?
          Blocking sites? Using QOS? Limit the max bandwidth per user? etcetc.

          It won't be really cheap in either case, so posting a budget might help.
          Cheap = open source. Expensive = Non Open source.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Network shaping/limiting/balance bandwidth software

            Originally posted by crobertson View Post
            I've read a lot of the forums for open source programs, and many are hacked on a regular basis. Open Knowledge of holes and weakneses make them vulnerable. I had a few open source websites, and I spent most of the time, trying to secure them, and fixing hacks. So I have had some bad experiences, and the firewall isn't one I wanted to be unsure about.
            I know you just wanted info about network traffic shaping software/hardware, but there are a few things that I thought I might address. I don't want to see you lose a good opportunity over a possible (I emphasize 'possible') misunderstanding. I also really, really don't want this to spiral down into a Holy War about FOSS vs. Close Source software. I'm not really on one side or the other. I'm more of a pragmatist that thinks along the lines of "I don't care what model it is, what logo it has on it or what the programmer's preferred to have for breakfast... if it works I'll use it." However, I think the relative security and functionality of established FOSS projects surpasses that of many proprietary projects.


            Originally posted by crobertson View Post
            I've read a lot of the forums for open source programs, and many are hacked on a regular basis.
            Let's be careful about the logic here. I've heard of many cars getting broken into on a regular basis but that won't stop me from owning a car. I'll just research which ones fit my needs and then which one of those is most secure. I'll also take steps to secure it further on my own. So, to extend the logic... I'd hate to see you exclude a good possibility (like say IPCop) because another Open Source project was hacked. Also, I've read a lot of forums (and news stories! ) about closed-source products getting hacked on a regular basis too. It basically goes back to SysAdminicus Emptor.


            Originally posted by crobertson View Post
            Open Knowledge of holes and weakneses make them vulnerable.
            Take a look at Metasploit. There's quite a few exploits for closed-source, proprietary products as well. The open knowledge of holes and weaknesses are generally looked at as the reason why some FOSS projects are more secure and patched quicker than their closed-source counterparts. That's not true for absolutely every FOSS product, but research into a product would show which ones have a better track record and then you can pick from those. Many closed source products tend to take longer to be patched and some speculate that it's simply because they are relying on security through obscurity. Who knows how many people have quietly exploited those unseen holes?


            Originally posted by crobertson View Post
            I had a few open source websites, and I spent most of the time, trying to secure them, and fixing hacks. So I have had some bad experiences, and the firewall isn't one I wanted to be unsure about.
            Might you be referring to Drupal? Anyways... I don't know if using an experience with FOSS web site software to compare the relative security and reliability of FOSS firewall software is the best idea. Absolutely there are flaky, buggy apps out there but there are also some rock-hard products out there too. Your feeling of security might be misplaced if you feel good about proprietary products just because they're closed-source and have a big logo on it. If my memory serves correctly, there was a relatively large security fault in the Cisco IOS that was discovered but barred form being published at the last Black Hat conference.


            Okay, so at the end of this post I want to make some things clear. I'm not trying to tell you how to run your IT shop. I'm not the consumate rabid fan of FOSS. I'm not a "down-with-the-man" detractor of big-name solutions. However, like I said earlier, I'd hate to see you pass a good product by because of misinformation. My research and experience (admittedly not the most amazing) have shown that established FOSS products (ironically, the best ones seem to have some kind of corporate backing ) are solid and worth at least a smuch trust as big-name products.

            If you're at all interested, IPCop does a good job of firewalling, traffic shaping and other things as well. It's extensible so it can have a myriad of plug ins added to give you just about any feature that you want. SmoothWall is okay, but I've heard people say that SmoothWall Corporate can be put to shame by IPCop's abilities which are totally free.

            Okay, that's the last comments I'll make about the FOSS debate in this thread. I don't want this to get too far I'll keep my eye out for some closed-source software based corporate firewalls. If you fine one, let us all know! I'd be interested.




            EDIT: Goodness... did I really just type that much text?
            Wesley David
            LinkedIn | Careers 2.0
            -------------------------------
            Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
            Vendor Neutral Certifications: CWNA
            Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
            Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

            Comment


            • #7
              Re: Network shaping/limiting/balance bandwidth software

              Originally posted by Nonapeptide View Post
              EDIT: Goodness... did I really just type that much text?
              The Mass is ended. Go in peace to love and serve the Lord. Go man go!

              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment


              • #8
                Re: Network shaping/limiting/balance bandwidth software

                I want to thank everyone for their input. I read forums and threads all I can, when I can. I work on computers and my hobby is...well you guessed it. Computers. Not because I love them, quite the opposite. I'm trying to catch up to some of the little kids that know more than I.
                I say that to let all of you know I apprecaite you bringing that to my attention and to the table.

                As far as money, I work for a company that believes, if It ain't broke (yet) don't fix it. They want to see justification for the money, and like to wait until we are hacked and cracked to do something. So everything I'm doing it out of the 1,000 dollar toliet seat fund you see. This is pretty common. We get many that work in/with large companies that look down from the mountain and say, "You should use top of the line little IT person" When my hands are tied. Can you relate?

                Well not to babel on anymore, I'll lookinto IPcop and (never heard much of FOSS) others.

                My simple attempt (and what should be in every firewall) is to track how much bandwidth is taken up by each user (helps determine infections & hijacking too!) Plus limit those that are hogging up bandwidth or at least leave bandwidth for the rest.

                Yes, everything can get hacked, but I am jaded with my OS experience, and this is why I ask, what do you use, and your experience, which I appreciate greatly. I am now a little more educated.

                Chris Robertson
                Writer "Printed Circuit Board Designer's Reference"
                I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
                Chris Robertson
                The Computer Doctor

                Comment


                • #9
                  Re: Network shaping/limiting/balance bandwidth software

                  I don't think it's true that you always need top of the line. Look at my company and our sister company. Both similar sizes - less than 50 users at each site. At the time when the networks went in, there was pretty much zero chance of a merge - single forest, single domain, single site. They wanted top of the line, so they bought Server 03, Exchange 03 and all related CALs. Spent a small fortune. We on the other hand bought SBS 03. Got the same out of it, spent next to nothing by comparison.

                  Sure, top of the line is always nice to have - there's no denying that. But pick the right tool to do what you need - especially if you end up using something with a pricetag.
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment


                  • #10
                    Re: Network shaping/limiting/balance bandwidth software

                    Originally posted by crobertson View Post
                    We get many that work in/with large companies that look down from the mountain and say, "You should use top of the line little IT person" When my hands are tied. Can you relate?
                    Having done alot of work for non-profits, I can relate to the budget crunch. You know you're strapped for cash when bailing wire and duct tape are your most used tools.

                    Originally posted by crobertson View Post
                    I'll lookinto IPcop and (never heard much of FOSS) others.
                    For the record, FOSS == Free and Open Source Software.


                    Originally posted by crobertson View Post
                    My simple attempt (and what should be in every firewall) is to track how much bandwidth is taken up by each user (helps determine infections & hijacking too!) Plus limit those that are hogging up bandwidth or at least leave bandwidth for the rest.

                    What kind of switches do you have? I think you can find bandwidth hogs by port using sflow/netflow collectors. Cisco uses netflow and other switches (like ProCurve) may use sFlow. Anyway, I'm pretty sure that you should be able to monitor bandwidth usage by internal IP address with IPCop. Monitoring by user would require integration with Active Directory... and I'm not sure if IPCop supports that. It may... but I haven't looked into it. One place that I work at uses a threat detection system made by 8e6 that shows tons of network related information on each Active Directory user... but something tells me that you wouldn't be fond of the price.


                    Originally posted by crobertson View Post
                    Yes, everything can get hacked
                    That brings to mind one of the various iterations of the following quote that are darting around on the interwebs: "The only truly secure computer is one buried in concrete, with the power turned off and the network cable cut -- and even then I wouldn't bet anything valuable on it."
                    Wesley David
                    LinkedIn | Careers 2.0
                    -------------------------------
                    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
                    Vendor Neutral Certifications: CWNA
                    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
                    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

                    Comment


                    • #11
                      Re: Network shaping/limiting/balance bandwidth software

                      Sounds like you just described a computer with Windows ME on it
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment

                      Working...
                      X