Hi Matt,
you might look at http://www.etinc.com/index.php?cPath=25
more $$s than your budget UNLESS you go with their software and you
handle the OS/Hardware.
I don't have experience with this -- yet... but thinking of using one
of their appliances or get the software and trying it.
--
Thanks again,
-jason
[EMAIL PROTECTED]
- - - - - - - - - - - - - - - - - -
Wednesday, February 16, 2005, 2:18:27 PM, you wrote:
M I just wanted to follow up on this thread. First, thanks for
M all of the suggestions. Here's a summary of what caught my eye.
M 1) There are some decent choices out there, and seemingly a
M 3COM SuperStack 3 3226 comes at a nice price point (around $500)
M and allows limiting per port at 1 Mbps increments and also does 7
M custom levels of protocol prioritization. This was suggested to me
M off-list. It seems like a good thing for colocation since you
M don't care for more granularity among your customers, they can
M choose to do with their bandwidth what they wish. I'm not into
M colocation yet and this probably falls short of my needs otherwise.
M 2) I was also intrigued by the NetEqualizer product, which
M seems to be a the commercial version of an open source project
M called Linux Bandwidth Arbitrator (www.bandwidtharbitrator.com).
M This might very well offer functionality beyond all of the
M switches, but offers more complication in setup and management
M unless you go with the for-profit version. This is of course not a
M switch, but that's ok since cheap switches can be placed behind it.
M 3) Cisco is of course a popular choice, but I'm not a fan of
M their ridiculous licensing schemes for the software and high
M prices. Used, these things come fairly cheap, but they are the
M 'Outlook' of routers and switches, and the most likely to be
M targeted by exploits. For that reason, I am probably going to
M migrate away from anything Cisco once I outgrow what I already
M have. I may change my mind however.
M 4) I don't think I need a firewall, or don't want to deal with
M the expense and limitations of it (concurrent sessions, etc.). I
M have so few ports open that I'm fine with router level protection
M and this is exclusively a DMZ with no client computers behind it.
M Despite what these products offer, I still think that the
M switches generally come up short of being a perfect solution to my
M needs (that of a Web hosting/E-mail provider). I essentially have
M 5 services that I need to support across 3 machines; HTTP, FTP,
M DNS, SMTP, and POP3. It seems that by just simply bandwidth
M limiting a port, I won't be able to slow down but a portion of the
M problematic bandwidth and there can be other issues caused by that
M (such as limiting all HTTP because of one site that is getting
M hammered). It would be best to limit HTTP by IP instead of by
M port. I haven't tested it out yet, but it may be that IIS will
M actually work when limiting in Windows 2003 unlike 2k, and that may
M solve my issue on that front at least. FTP may or may not be
M covered by the same, I'm not sure yet.
M It seems however that some of the worst issues are coming from
M fairly unique situations and specific IP addresses. Conditions
M like E-mail loops can not only bring down a mail server, but also
M bring down a whole network if all of your bandwidth is used. This
M of course can also affect POP3 service. If a customer does a mass
M mailing with huge images sourced from their site, the bandwidth
M could also bring us down without limits. I even had a customer
M send 144 messages out the other day with a 2.5 MB attachment, and
M if you do the math, you will find that this was 400 MB of bandwidth
M that IMail naturally attempts to deliver ASAP. I've also noted
M that IMail doesn't do well with response times under heavy
M bandwidth load even if the CPU is fine while other services on the
M same box have far less latency. This affects the quality of
M service to my customers, and I like things to be responsive.
M So what I am really looking for is some way to protect Web
M hosting clients from another Web hosting client's issue, protect
M POP3 service from having the bandwidth bogarted by some SMTP loop,
M or FTP, or HTTP, etc. Since everyone shares the same MX records,
M and the same outgoing SMTP and POP3, it's hard to find decent
M separation unless I get down to the IP level and start limiting
M things based on at least the destination IP if not the source IP
M also. To do anything less would seem to be somewhat futile because
M I would continue to have sporadic issues with the most problematic
M things which can be long-lived to the point that they are
M resolved/blocked (DOS or loops for instance).
M I kind of get the feeling that a hardware based solution
M living in a switch or firewall of some sort might not be
M appropriate because it would be too expensive for me to justify.
M It seems that a Linux solution such as Bandwidth
M
