Maxwell, In a multi-tenant situation, that's exactly what we try to do per apartment. Ie limit their bandwidth. They can run whatever they want. In one particular case some tenants are 'smart' enough to ask for some QOS, we help them classify and prioritise their traffic. Search for something called software defined networking, specifically openflow. It will probably help a lot in such cases. Sorry..about off topic but that happened a while back. Sent from my iPad On 16 Feb 2012, at 11:44, Ochieng Maxwell <maxwell@barua.co.ke> wrote:
@Tusker21
my old style of thinking is you need to control how much bandwith a user can utilize within the network, managing bandwidth by protocols in most cases is a "waste" of time considering they change almost every second, remember even the http traffic your talking about is highly unlikely real http but a bunch of p2p traffic, Gnutella, torrents etc camouflaging as HTTP and some of the traffic could even be encrypted.
NB: It's said in any network 20% of the users use or abuse 80% of the resources as long as you can deal with the 20% you will be home and dry and am sure you don't need a fancy device to do this.
My 2 cents Maxwell
" Tusker 21 wrote:
Thans for all the comments and advise.
In my opinion. How do i take charge and manage a network in a simple and efficient way. At the moment our ISP is able to give us user based reports by IP and traffic since there is no proxy or firewall in place.
Torrents top the list, skype then http traffic. Objective is to block/limit torrents. commercial or open source any goes but the ideal is whatever works efficiently. From an ISP perspective, i am not sure if they are best to manage my network since altering or creating rules for different classes of traffic might not be so flexible.
I have used pfsense and smoothwall before. but creating the rules was not fun.
regards,
On Wed, Feb 15, 2012 at 9:35 PM, Steve Muchai <smuchai@gmail.com <mailto:smuchai@gmail.com>> wrote:
On Wed, Feb 15, 2012 at 9:25 PM, aki <aki275@gmail.com <mailto:aki275@gmail.com>> wrote:
@Steve, just one inline below, a bit provocative but light hearted. :-) [...] not mean it's everything. Well, it can be everything if only people put their minds to doing things rather than waiting to be offered devices that run it in the first place. Do you remember etinc and freebsd? What about packeeter that also runs on RE clone? How many use these devices because they have no freakin' idea that they too could have developed on the TCP stack. So please, allow me the chance to insult intelligently. For a better
Case closed, let's all go write firewall code and be intelligent.
I'm through with this thread, I hope it's over.
BR S _______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke <mailto:Skunkworks@lists.my.co.ke> ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 <http://my.co.ke/phpbb/viewtopic.php?f=24&t=94> ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Skunkworks mailing list Skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke