hii..just to ask question about campus/university network design.. at my place take about 3500 user including staff and student.every user can get internet access.Here we use 4Mbps lease line to go to internet.Many user complaint that the connection to internet is so slow.My question is:
-Can 4Mbps cater all 3500 user or need to upgrade to higher bandwith lease line. 8Mbps maybe?
-Or we need policy to control the number of user that using internet
one more thing, at my campus using layer 2 and layer 3 switch for networking and PABX system.Before this, network engineer design the network to have about 90 vlan.The question is, do you think the design is ok or need to reduce the number of vlan?
anybody at here have experience administor or design campus network?need your advice.can we share idea?i need to know how you implement it at your campus.thanks
Does your network employee the use of a proxy server for all web traffic? That would probably help a lot if you didn't have one. As a matter of fact, I would add a proxy server before I would buy more bandwidth. It may not hurt to limit the number of users with web access either. It wouldn't hurt to take a look at their needs and see if they really need to putting their old books on ebay.
Something we do on my network that may help you out. We have several schools that connect to our MAN, and their students only need access to a limited set of sites, and only certain resources on our network. So through the use of access lists on the routers, and a proxy server just for them, they have access to a couple of internal servers, and certain sites like government sites.
Of course, such an endeavor will take time because you'll have to coordinate with the instructors to see what each individual course needs access to. The investment of maybe a couple thousand $ on a proxy server could save more money in the long term than wasting money of extra bandwidth each month.
As for the VLANs, I wouldn't worry about that too much. It's good to keep the network segmented, it reduces broadcasts and localizes many problems like rogue dhcp servers. VLANs are your friend.
With this kind of network I'd be prepared to be that a significant part of your performance problems are users running things that maybe they ought not, like peer-to-peer file swapping, streaming audio and video, and big downloads (perhaps of a dubious graphical nature). Get some sort of monitoring on the internet link and see what is being used in terms of percentage of the total bandwidth per application/port. Then as jwj suggests, get a proxy server in place and use it together with your firewall/router access control lists to block some of the things you'd rather not have going on. I think if you do that, you'll find performance improves
one more thing, i need your help with this design..
at my student network, we using wireless network..
total student at about 4000 user..
we give them 4Mbps leased line for internet access..
the problem is, the connection is still slow and sometime lost..
we come out with new plan to control user access and bandwidth
so this is the design::
our plan :
at bandwidth controller
every user get 128kbps
priority to port 80
other application like kazaa,bittorent should be block
at proxy server
block string such as sexs, porn etc
allow caching such as iso image etc
at radius server
to go to internet, user should login 1st
to go internal, just derect access
i ask some vendor to propose the equipment that can handle all this task..unfortunately, all the proposal is to expensive and our management could not accept it..
should you all propose any solution to solve this problem with less expensive cost?
can you give comment and recommendation to our plan..is it possible or need changes?
how do you implement this kind of problem at your site?
I'd monitor your proxy to see what the top sites are. If it's not school related, consider blocking them. Things like streaming video can clog up your internet connection. Also, another thing to consider is host security. You don't want the students to be able to install Doom 3 and play their buddies online. Also, spyware and adware could be clogging up your connection with uneeded traffic...that is if you have Windows computers.
I can't really give you a way to implement this without knowing your cost limit. However, the bandwidth controller portion can be done with a Cisco router doing QoS. Or maybe you can make a good Linux box that would serve as the firewall, router, and bandwidth controller?