Security Basics mailing list archives
Re: Bandwidth monitor/management
From: Peter Morgan <pmorgan () exceedsecurity com>
Date: Mon, 03 Apr 2006 11:47:10 -0500
anon () somefin de wrote:
I hope this is the right list to post this. we are looking for hardware bandwidth monitoring/management solution. Has any of you have experince with that ?I've used a Packeteer PacketShaper 5000 series hardware device. It takes some time to get configured for your network, but does layer-7 inspection and can monitor AND throttle the flows accordingly.
That really depends on the size and the function of your network. In my case, it was used at an .edu, where there was:Another thing i want to know is in which sceneario a hardware bandwidth solution should be deployed? ie it should be deployed after or before the firewall in the network or it should be deployed in the lan ?
internet --> edge_router --> edge_firewall --> packeteer --> core router --> firewall #1 -> network #1 |---------> firewall #2 -> network #2
This was because the needs of the .edu network, the edge firewall only blocked very certain things, instead of "block all/allow some", but the benefit of that firewall was to allow block the garbage before it got to the packeteer. Similarly, there was a definite need to protect the internet from our users (most being students) and the firewalls in place between the core router and the networks would drop packets that were not allowed. Thus the "throttling" was done by the packetShaper, and the dropping of various services was done with the firewalls. This reduced strain on the respective devices. This was specific to our environment, In a usual context I would configure the network as:
internet --> edge_gateway --> firewall --> packetshaper --> router --> network
unless there existed specific reason not to. I hope this helps Pete
any inputs are appreciated. Thanks in advance. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- .
--------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Re: Bandwidth monitor/management nedsonconde (Apr 03)
- <Possible follow-ups>
- RE: Bandwidth monitor/management Charles Hammett (Apr 03)
- RE: Bandwidth monitor/management Keenan Smith (Apr 03)
- RE: Bandwidth monitor/management Craig Van Tassle (Apr 03)
- RE: Bandwidth monitor/management David Gillett (Apr 03)
- RE: Bandwidth monitor/management Burton Strauss (Apr 03)
- Re: Bandwidth monitor/management Paul Halliday (Apr 04)
- RE: Bandwidth monitor/management Brian Bemis (Apr 03)
- Re: Re: Bandwidth monitor/management molshoop (Apr 03)
- Re: Bandwidth monitor/management Peter Morgan (Apr 03)
- RE: Bandwidth monitor/management Jennifer Jabbusch (jj) (Apr 04)