Home / server / Questions / 282434
Accepted
Michael
Asked: 2011-06-21 17:45:43 +0800 CST

Implement QoS/Bandwidth Management or Upgrade Bandwidth?

  • 772

A question that I'm faced with currently. Here's my setup:

Cisco ASA 5510 15Mbps Internet Connection @ $1350/month

The bandwidth was originally meant for 35-45 people but we've grown quite quickly to roughly 60-65 people. Needless to say, when I check bandwidth logs it's almost always spiked at 15Mbps.

I did use Wireshark to do some poking around to see what was hogging up our bandwidth but with everything running through CDNs and Cloud Services it proved difficult to get a good grasp of where our bandwidth was going. So the question is do I ONLY implement bandwidth management through ASA OR upgrade the Internet to 50Mbps ($1600/month) and then implement bandwidth management through ASA?

Any suggestions on how to segment the 15Mbps connection if we decided ONLY to go with the bandwidth management solution? Thanks.

UPDATE 1 Installed PRTG and used packet content to monitor the traffic. As I suspected still pretty vague. My Top Connections include the following:

a204-2-160-16.deploy.akamaitechnologies.com ec2-50-16-212-159.compute-1.amazonaws.com a204-2-160-48.deploy.akamaitechnologies.com a72-247-247-133.deploy.akamaitechnologies.com mediaserver-sv5-t1-1.pandora.com

Other than the Pandora destination, the rest doesn't tell me much on how to properly control the bandwidth.

Any thoughts or suggestions? Thanks.

M

cisco-asa qos bandwidth-control

4 Answers

  1. Best Answer

    A better understanding of the traffic would help. A tool that has really visualized this for us is Paessler PRTG PRTG. There is a free trial. You can monitor Netflow on the ASA and determine what is using bandwidth and generating traffic. It may be you could install a proxy that caches content and so users that visit common sites do not actually go to the web. You may have one or two users impacting the connection much more than others

    • 2

  2. As Dave M stated in his answer, PRTG is a great tool for visualizing bandwidth consumption per source, destination, conversation, and/or protocol. The way I use it in my office is to install PRTG on a management station, configure my switch to mirror traffic from the router uplink port to my management station port and set up a packet sniffer sensor in PRTG. This allows me to see all internet related traffic (inbound and outbound), the source and destination hosts involved in the traffic, and the protocols involved. I'm then able to quickly identify the bandwidth hogs (either hosts or protocols) and address them accordingly.

    As Dave M also stated, you can configure NetFlow on your firewall or router and install a NetFlow collector on a management station to achieve roughly the same results as with PRTG.

    • 1

  3. but with everything running through CDNs and Cloud Services

    That rather implies that the majority of the traffic is web based. You'll get much better information using an HTTP proxy (e.g. varnish, squid) rather than a generic traffic shaper.

    15Mbps Internet Connection @ $1350/month

    So you're at North pole/South pole/moon?

    Why is this so expensive?

    If you're running you're own internet servers from the site and need 15MBps outwards (which would explain the price), I'd strongly recommend you separate the internal generated traffic from the external access - and use an asymmetric service for the internal web access.

    If you're not running internet servers and a symmetric conenction, then ditch it and get an asymmetric one.

    • 1

  4. I'd definitely implement QoS. I've been experimenting with this for a while now and it makes an enormous difference, especially if like me you also run VOIP services over it.

    This tutorial: http://www.linksysinfo.org/forums/showthread.php?t=60304 Is related to the Tomato router firmware. However, it's worth reading as it relates to Linux and QoS in general and helps you understand how QoS can help.

    One interesting statement toastman makes here is this:

    Now, a warning - you'll find some people tell you that you cannot do this job with a small SOHO router, with or without Tomato firmware, because there are too many users. Please don't think about the number of users because it doesn't matter. The overall throughput is limited by the connection to your ISP and it makes no difference if you have one user or 100, as long as the firmware can handle the overall number of connections and throughput. Tomato makes this possible. In fact, many of my colleagues have been replacing their business Cisco routers with routers running Tomato, because they are just too difficult for them to administer.

    I am not suggesting you replace your Cisco ATA with a tomato based router. His comment about it making no difference if you have 1 user or 100 is what I am drawing your attention to. What you're wanting is to achieve good throughput for the number of users you have. Without QoS all you need is one user to download lots of data for a time to mess up the internet experience for other users. QoS can help with that problem. I believe it's possible to make a 15Mbit pipe look quite snappy for 100 users doing a variety of things.

    I have no experience with Cisco ATA, but with Tomato it does give you nice pie graphs in real time of the QoS classes. Not sure if Cisco can also give a summary of this as well.

    You make this comment:

    I should mention we cannot outright block social media sites, video streaming websites, and Dropbox.

    With QoS you should be able to limit the amount of bandwidth this type of media uses and prioritize other traffic like DNS and HTTP.

    • 0