Sharing a 100Mb pipe between multiple end companies?

Five_Star · 9 Feb 2009 at 11:58

The company I’m working for is possibly moving into a shared building that is being renovated. The owner of the building wants to attract digital companies and is having a 100Mb line installed (virgin media I think). Initially this line is going to be running at 20Mb, and we have requested 4Mb up / down. Other companies have requested other amounts mostly 2Mb and 1Mb up / down.

As we use the web quite heavily for hosting test sites, vpn links to other sites, web e-mail etc I had to attend a meeting from the building project co-ordinator to ask what our internet usage is, and how they proposed to distribute the connection.

It seems they are going to receive the 20Mb in and then give each company in the building one port on the router and limit the throughput on that port to their desired amount, 4Mb in our case.

Then will also be running QoS on the router, and have said they will be limiting certain protocols, mostly for p2p stuff.

I assume that with port based limit we could start the download of a large file, it flows down to the their router at 20Mb, then is buffered as our port only allows 4Mb through which is then passed onto our network gear. Surely this means we are using bandwidth that other companies have paid for and could need for their own essential services like vpn etc?

This doesn’t really sound like a good way to share out a connection of this type, especially since we are going to be paying quite a bit more than our current SDSL price for this service.

pdw8 · 10 Feb 2009 at 11:51

I imagine that they will only be using a switch for the customer side. The building will have the bandwidth delivered on a switch and then they configure vlans for each customer in the building. The vlan has a bandwidth limit configured and they allocate you a public IP address for external interface on your firewall/router.

Not sure if they would use a router (on the customer facing side) as ideally they just get a /27 or /28 from Virgin and allocate IP's to the end users who will have their own routers anyway. Everyone points to the same default gateway which will be the Virgin access router.

I don't like the fact they are doing QoS and blocking things like P2P as thats a decision for each company to make not the building manager. I would seriously argue that and just insist on a basic connection.

Slime101 · 10 Feb 2009 at 11:59

If you only get 4mb then its not going to "flow" into their kit at 20mb....where do you think the other 16mb is going to go?? It wont buffer it, or hang on til you catch up - youll simply get the 4mb.

Five_Star · 10 Feb 2009 at 12:36

Yes, we’re not too happy about the filtering / restrictions on the connection. We do limit some p2p internally anyway, but the problem is I won’t know for sure exactly what they are doing until something doesn’t work I guess.

With regards to the bandwidth sharing, is this the correct way of implementing a share like this? We will only be happy if the end solution is like we had our own dedicated 4Mb pipe, regardless of other building use we should still have our 4M, is this true?

There is another meeting next week, what questions would it be worth asking about the implementation?

thanks

pdw8 · 10 Feb 2009 at 13:51

The bandwidth on the switch trunk port is 20Mb. The access (customer facing) ports are set to 10/100Mb by default but your vlan will have the bandwidth restriction on it. Therefore the cat5 run from the building switch to your kit will still show as a 10/100Mb connection. If you do speedtests you should see about 3.8Mb in either direction to the Internet. This is dedicated to your company assuming the vlan is configured correctly and unique to you.

I would ask for an unrestricted service and stress that your company IT policy states that you do all your own restrictions internally and if they are tinkering with things it could compromise things. You want a service which is literally an access port to the Internet and you will deal with anything else internally.

Curiosityx · 10 Feb 2009 at 20:32

Personally from experience dealing with managed offices is firstly to isolate each customer using vlans then drop either a router or a firewall in as the default gateway, like an ASA 5510 or 2851/3825 ISR.

Then simply trunk from the switch to the gateway which is also configured with each customers vlan, police traffic to it's desired rate based on the source network. You could apply this to each subinterface or globally depending on the device in question.

The alternative of course is to use a either dedicated packet shaping device such as those from packeteer.

Five_Star · 11 Feb 2009 at 08:01

Thanks very much for the diagram Curiosityx it's much easier to see drawn like that. It all makes more sense now, much more than the guy in the meeting I attended who, I suspect, didn’t really know what he was on about.

That is actually one of our main concerns with the contract, they don’t really know what they are doing and have yet to appoint a real IT support company to look after the connection.

Now I’ve got some real information about the kind of setup they should be providing we’ll see what they come up with and if we’re getting a real support contract with them.

cheers