Limiting Bandwidth
-
@scottalanmiller Totally agree that it doesn't make sense and did tell him that
-
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@momurda I'm telling you what my co-worker told me which doesn't make a lot of sense to me. He wants to partition the switch for half the ports to be vlan 1 and half to be vlan 2 and then he wants to create interfaces on the firewall for each.
The issue here is that his goal is to have VLANs, not to have VLANs for a purpose. He wants loads of extra work, that is manual, to drive up billing rates. That's all. There is nothing in what he is suggesting to support good networking or VoIP or anything of the sort. He's just trying to run the stock "VoIP network scam" that every reseller does.
-
@scottalanmiller So he is getting DDOS? Come on.
I can easily set the bandwidth on my external fw port to a value between 1 and 1000Mb/s, and whatever that limit is cant be exceeded. No device on the internal network will pull more than this from outside, ever. Not sure why anybody would want to do that as i said earlier, but it is possible.
I could even set the bandwidth max on an internal fw port to any of these values for the same effect. -
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
-
@momurda said in Limiting Bandwidth (Help me name this thread):
@scottalanmiller So he is getting DDOS? Come on.
I can easily set the bandwidth on my external fw port to a value between 1 and 1000Mb/s, and whatever that limit is cant be exceeded. No device on the internal network will pull more than this from outside, ever. Not sure why anybody would want to do that as i said earlier, but it is possible.
I could even set the bandwidth max on an internal fw port to any of these values for the same effect.yes it can be exceeded. The ISP could send 10,000 Mb/s down the pipe. Your firewall would just stop processing packets at whatever level you set.
-
@dashrender Unsolicited? Now youre talking about ddos, which is impossible under normal circumstances. Unless this is about hosting a voip conference call with 10000 users at once on a 10mb connection.
-
@rojoloco said in Limiting Bandwidth (Help me name this thread):
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
I'm using youtube as an example, I have no idea what they are watching or on what platform. I just know it's not hosted by them and they access it over the WAN
-
@rojoloco said in Limiting Bandwidth (Help me name this thread):
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
When we had a 10/10 connection this is exactly what we did. We disallowed all streaming because it frequently crippled our network.
-
@momurda said in Limiting Bandwidth (Help me name this thread):
@scottalanmiller So he is getting DDOS? Come on.
I can easily set the bandwidth on my external fw port to a value between 1 and 1000Mb/s, and whatever that limit is cant be exceeded. No device on the internal network will pull more than this from outside, ever. Not sure why anybody would want to do that as i said earlier, but it is possible.
I could even set the bandwidth max on an internal fw port to any of these values for the same effect.That's not how it works. You put that limit on the outside interface and the internal devices absolutely will pull more than that from it. Their ability to request more speed isn't affected by that limit. It will actually act like a DDoS attack, but obviously isn't really one.
The firewall has zero ability to influence the rate at which data arrives at it, normally that is limited far away at the other end of the WAN. If you add a limit on your firewall, the lack of packets making it back to devices will normally encourage their network stacks to start rate limiting based on the failures of packets to arrive, but nothing forces them to. The WAN will continue to get more traffic than the firewall is allowing through and the bottleneck will be moved from the far point of the network to the near one.
It can encourage internal devices to request data more slowly, but only sometimes and in no way creates the hard limit that you are imagining.
From an end point perspective, the traffic has been limited. From the WAN perspective, where it matters, it has not.
-
@momurda said in Limiting Bandwidth (Help me name this thread):
@dashrender Unsolicited? Now youre talking about ddos, which is impossible under normal circumstances. Unless this is about hosting a voip conference call with 10000 users at once on a 10mb connection.
It's solicited. That's the problem. People request a YouTube video, YouTube sends the stream. And will often do so higher than your firewall limit.
-
@momurda said in Limiting Bandwidth (Help me name this thread):
@dashrender Unsolicited? Now youre talking about ddos, which is impossible under normal circumstances. Unless this is about hosting a voip conference call with 10000 users at once on a 10mb connection.
But it's not unsolicited. The users are streaming. For example, Netflix will keep sending more and more packets until they stop getting the needed responses or it maxes out the speed needed for a given resolution - it's part of their auto resolution solution. If you have a crappy internet connection, you get a crappy looking video, if you have a fast internet connection, you get good looking video.
Now yes, if you limit it, and allow the VOIP traffic to not be limited, then you will have that always open head room - but then you should look at Scott's video and he explains why this is bad.
-
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@rojoloco said in Limiting Bandwidth (Help me name this thread):
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
I'm using youtube as an example, I have no idea what they are watching or on what platform. I just know it's not hosted by them and they access it over the WAN
His point was - when people complain (or logging servers send alerts about issues) you look at who and what is happening and tell those people to knock it off.
-
@dashrender said in Limiting Bandwidth (Help me name this thread):
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@rojoloco said in Limiting Bandwidth (Help me name this thread):
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
I'm using youtube as an example, I have no idea what they are watching or on what platform. I just know it's not hosted by them and they access it over the WAN
His point was - when people complain (or logging servers send alerts about issues) you look at who and what is happening and tell those people to knock it off.
I have been told it's for business purposes. It's a foster care non-profit so i have no idea how or why, but let's assume they are right for now
-
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@rojoloco said in Limiting Bandwidth (Help me name this thread):
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
I'm using youtube as an example, I have no idea what they are watching or on what platform. I just know it's not hosted by them and they access it over the WAN
Do they actually need it for some work related thing? If not, block that shit and put a no streaming policy in place. If they do actually need it, I have no idea how to solve the problem.
-
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@dashrender said in Limiting Bandwidth (Help me name this thread):
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@rojoloco said in Limiting Bandwidth (Help me name this thread):
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
I'm using youtube as an example, I have no idea what they are watching or on what platform. I just know it's not hosted by them and they access it over the WAN
His point was - when people complain (or logging servers send alerts about issues) you look at who and what is happening and tell those people to knock it off.
I have been told it's for business purposes. It's a foster care non-profit so i have no idea how or why, but let's assume they are right for now
Then you simply need more bandwidth. That's it. That's the only correct answer.
-
I'm glad it's not just me but this is why I ask. I already came to the correct conclusion for once. Thanks guys
-
As Scott has said - you could put the limit in place that @momurda is talking about, but this means that the applications that are using all the bandwidth have to abide by the desire to lower transfer rate, and are able to send that request to the sender... not everything works correctly like that.
So if everything is working correctly like that, then yes, you could leave yourself with say 10 Mb of head room, and have rules that allow the VOIP traffic to use it (but would only matter outbound, likely where there is no real issue).
But if the apps causing the download don't slow down the downloads, then the pipe will still get crushed by incoming traffic and VOIP traffic will have a hard time/impossible time making it through to your firewall from the internet.
-
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@dashrender said in Limiting Bandwidth (Help me name this thread):
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@rojoloco said in Limiting Bandwidth (Help me name this thread):
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
I'm using youtube as an example, I have no idea what they are watching or on what platform. I just know it's not hosted by them and they access it over the WAN
His point was - when people complain (or logging servers send alerts about issues) you look at who and what is happening and tell those people to knock it off.
I have been told it's for business purposes. It's a foster care non-profit so i have no idea how or why, but let's assume they are right for now
Ouch. But since they are a non-profit, tell them to have fun calling up their ISP to ask for more bandwidth pro bono.
They are paying you to work there, right? Don't fall for their "can I get that for free" BS.
-
@rojoloco said in Limiting Bandwidth (Help me name this thread):
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@dashrender said in Limiting Bandwidth (Help me name this thread):
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@rojoloco said in Limiting Bandwidth (Help me name this thread):
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
I'm using youtube as an example, I have no idea what they are watching or on what platform. I just know it's not hosted by them and they access it over the WAN
His point was - when people complain (or logging servers send alerts about issues) you look at who and what is happening and tell those people to knock it off.
I have been told it's for business purposes. It's a foster care non-profit so i have no idea how or why, but let's assume they are right for now
Ouch. But since they are a non-profit, tell them to have fun calling up their ISP to ask for more bandwidth pro bono.
They are paying you to work there, right? Don't fall for their "can I get that for free" BS.
It's not me. My co-worker has a habit of doing things the wrong way and then telling me it's easier and that's why. Unfortunately the owners think everything he says is gospel.
-
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@rojoloco said in Limiting Bandwidth (Help me name this thread):
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@dashrender said in Limiting Bandwidth (Help me name this thread):
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@rojoloco said in Limiting Bandwidth (Help me name this thread):
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
I'm using youtube as an example, I have no idea what they are watching or on what platform. I just know it's not hosted by them and they access it over the WAN
His point was - when people complain (or logging servers send alerts about issues) you look at who and what is happening and tell those people to knock it off.
I have been told it's for business purposes. It's a foster care non-profit so i have no idea how or why, but let's assume they are right for now
Ouch. But since they are a non-profit, tell them to have fun calling up their ISP to ask for more bandwidth pro bono.
They are paying you to work there, right? Don't fall for their "can I get that for free" BS.
It's not me. My co-worker has a habit of doing things the wrong way and then telling me it's easier and that's why. Unfortunately the owners think everything he says is gospel.
And that is why I will NEVER work for a non-profit or church (not even a side gig).