Firewall Wizards mailing list archives

Re: Sizing a firewall

From: Robert Graham <robert_david_graham () yahoo com>
Date: Thu, 30 Dec 1999 13:58:06 -0800 (PST)

A T1 for 25,000 desktops?

A lot of users of DSL and cable-modems are already feeling that 1-mbps
downloads are a little slow. You will have a few users attempting MP3
downloads, port downloads, or somebody downloading the latest RedHat CD-ROM
image or Win2k full install.

Thus, I predict the amount of traffic you will see is 100%. This isn't a
problem, though. The Internet is self-throttling. When your users get used to
the fact that their bandwidth is slow, they will naturally back off from
high-bandwidth sites, downloading large files (that time out long before they
complete), and so forth. By forcing all Internet access through a HTTP proxy
server, you'll help a lot (caching will help a little, but the fact that they
can only use HTTP will help a lot).

It is also likely that 1% of your users will account for 99% of your traffic,
which you can easily track and limit.

Finally, you'll have other issues, such as the huge amount of porn your people
will be downloading from the net and viewing on their PCs. Every firewall
administrator with more than 100 users is exposed to this issue.
http://www.robertgraham.com/pubs/firewall-pr0n.html

Regards,
Rob.

--- Walt Sullivan <walt () trytel com> wrote:

I'm consulting for a Canadian government agency that plans to allow
desktop access to the Internet for the first time next year (yes, I
know, "Forward into the 70's", but is is government).

They think they have about 25,000 desktops (Windows 95/98, shudder).

How can I help them predict the amount of traffic they'll see on their
T1 connection?

Is there anybody out there running a firewall for 25K desktops that is
willing to share an order-of-magnitude guess?

Thanks,

Walt

-- 
Walt Sullivan
UNIX & Networks, Security & SysAdmin
walt () trytel com



=====
Robert Graham
"Anxiously awaiting the millenium so I can start programming
dates with 2-digits again."
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://messenger.yahoo.com

Current thread:

Re: Sizing a firewall R. DuFresne (Jan 02)
- <Possible follow-ups>
- Re: Sizing a firewall Robert Graham (Jan 02)
- Re: Sizing a firewall Bill_Royds (Jan 02)
- Re: Sizing a firewall Carric Dooley (Jan 02)
- Re: Sizing a firewall Rafael Teixeira (Jan 02)
- RE: Sizing a firewall Dom De Vitto (Jan 02)
- Re: Sizing a firewall Ryan Russell (Jan 03)
- Re: Sizing a firewall ark (Jan 05)
- Re: Sizing a firewall daN. (Jan 18)