youtube making the800lb gorilla sleep?

B

bigstusexy

2[H]4U
Joined
Jan 28, 2002
Messages
3,194
Hello,


I work in a school district and we have recently allow wide access to things for teachers and secretaries, without going into it and calling peoples names we have a terrible problem with use of heavy bandwidth sites like youtube and other streaming sites. I don't want to block them, we have both a barracuda web filter and a watch guard firebox (no add on software) and booth could block this, barracuda with its site and protocol support and the firebox with its application control.

However I don't want to block this I want to... like QOS it or limit/throttle it. If we have to get a device as long as it isn't too expensive we might be able to possibly budget for it. We are looking into nettop? Netflow? Just so I can know whats going on in real time,.

How do you all handle this besides just outright blocking it, I wish we could but the genie is out. We are also looking into tippling our bandwidth but I don't see that as being the end.

EDIT: Disregard app control on the firebox, we have a e-series unit that can not run release 11.4
 
Last edited:
I know off the top of my head that Microsoft Forefront TMG and Cymphonics can do this. I believe the baracuda does have some traffic shaping abilities but I am not familiar with them.
 
I'm going to piggyback your question with another. I provided internet access to various civilians and soldiers in Iraq and we were using a Packetshaper. A frequent discussion I had with my business partner is that we couldn't restrict this type of traffic. I mean, we could...but the restriction would only occur on our side of the satellite link. By the time the traffic reached our Packetshaper it had already crossed the link and eaten our bandwidth. The only affect we were having was to restrict LAN traffic - which had more than enough bandwidth to handle the load.

So, in my opinion, you can only restrict the requests from going out. You can shape that traffic easily. We gave priority to https and various school sites so the guys trying to get their homework and bank statements wouldn't have an issue. But this would have no affect when people were streaming video, etc. Am I wrong? Is there a way to choke those type of downloads when you can't control the distant side of the pipe?
 
I went down another route and just gave users a limited about of bandwidth per hour, that soon stopped them wasting it on crap like youtube :D
 
Shadowspawn said:
I'm going to piggyback your question with another. I provided internet access to various civilians and soldiers in Iraq and we were using a Packetshaper. A frequent discussion I had with my business partner is that we couldn't restrict this type of traffic. I mean, we could...but the restriction would only occur on our side of the satellite link. By the time the traffic reached our Packetshaper it had already crossed the link and eaten our bandwidth. The only affect we were having was to restrict LAN traffic - which had more than enough bandwidth to handle the load.

So, in my opinion, you can only restrict the requests from going out. You can shape that traffic easily. We gave priority to https and various school sites so the guys trying to get their homework and bank statements wouldn't have an issue. But this would have no affect when people were streaming video, etc. Am I wrong? Is there a way to choke those type of downloads when you can't control the distant side of the pipe?
Click to expand...

If you restrict the incoming bandwidth on your side enough, dropping packets instead of buffering them, the sender side should start throttling its outgoing bandwidth to match (TCP flow control and all that). It will be bursty compared to if you could shape it on the remote side, but over time the average bandwidth used should approach the limits you set.
 
You must log in or register to reply here.
Back
Top