[AusNOG] Traffic Shaping / NAT solution

David Connors david at codify.com
Thu Apr 22 10:08:15 EST 2010


Howdy,



I have a requirements for two pieces of hardware and I am interested to
hear:

a)      Any thoughts or general opinions on device(s) to meet the
requirements below

b)      Any interest from anyone in:

a.       Renting the devices to us for a 1 month period; or

b.      Providing the devices under a sponsorship arrangement for Microsoft
TechEd 2010 at the Gold Coast Convention and Exhibition Centre

c.       Maybe also providing associated services if relevant?



We are not interested in purchasing the hardware as the need is temporary
for the month starting August until end of first week of September.



We need solutions proposed from people with proven delivery through running
a large temporary network with the characteristics below. We’ve trialled
IPTables under these load characteristics and not had a great deal of
success. We won’t be using RRAS this year due to port exhaustion issues
described in the reference material below. We will not be using ISA or TMG.



Requirements:

*NAT Solution*

We need a NAT solution with the following characteristics:

·         Must support 3500 concurrent users on the inside of the NAT.

·         Must translate ~500mbps of traffic. I don’t have any guidance on
packet size distribution, sorry.



*Traffic Shaping Solution*

In tandem with the above requirement we need:

·         To discriminate peer to peer traffic going through the NAT
solution above.

·         Either block, or shape said traffic.

·         We do NOT want a captive portal solution or anything that requires
registration as that will ruin the delegate experience for phones, games
consoles etc that either can’t – or do a bad job of – browsing the web).

·         We do NOT want a transproxy. We’re after something that will shape
at the IP level, not HTTP.

·         Needs to cope with users at wire-speed on the inside of the device
(they will be split between 144mbps wifi and 100mbps Ethernet)

·         Any other traffic management features your solution may offer that
you might think we would be interested in.



*Background*

In previous years, Microsoft has provided open and unfettered access to
delegates at TechEd. We have deliberately taken the stance of providing the
highest throughput with no shaping so that users can use whatever bandwidth
is available for purposes relevant to the event.



We have run the network this way since 2004 with great success.
Unfortunately, TechEd2009 saw a small number of users take advantage of this
policy. This caused us issues as described here:



·
http://www.techedbackstage.net/2010/02/17/bittorrent-traffic-shaping-and-trusting-users/

·         http://www.techedbackstage.net/2010/02/18/never-gonna-give-you-up/



We are happy to discuss this further on or off list, as appropriate.



Responses via e-mail only though please (my phone seems to melt after I post
something to ausnog that might result in someone selling me something). I
will compile a list of candidate solutions and present them back to the
TechEd technology team/monkeys for their consideration.



Thanks in advance for your time in responding.



David.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100422/09c46f5a/attachment.html>


More information about the AusNOG mailing list