Jeremy Charles <[email protected]> writes: > We're repeatedly faced with a situation where we purchase more Internet > capacity, our employees eventually oversubscribe it, we buy more, lather, > rinse, repeat. Currently, we're purchasing 40 Mbps of Internet from our > ISP, and the ISP's router guy tells me that his router typically sees about > 60 Mbps of traffic actually trying to come to us. (We're mostly an eyeball > network.) > > I'm tempted to look in to purchasing something like a Websense product or > other mechanism for, shall we say, reducing the appetite for non-business > Internet use during prime business hours. The big question I first want to > get a feel for is: Will the cost of the system be made up in terms of > reduced need to purchase more Internet capacity?
First, I would get quotes for more capacity. I got one the other day for $400 for a 100Mbps commit on a 1000Mbps line, mostly level3 and he.net. Ridiculous. Now, this was at a co-lo. If that isn't an option, (and bandwidth pricing seems to vary radically by location) I would do 1, then either 2a or 2b. 1. I would setup a squid proxy, and force all outgoing http traffic through it. 2a. I would make the logs world readable. Put them on a website where everyone can see them. 2b. if this is unacceptable, I think installing the squid proxy, then telling the users you are keeping logs might help enough. have the business owners setup a policy for who actually reads the logs and what they do with this information. > Would anybody mind sharing order-of-magnitude numbers on what you had to pay > in order to get something that did a good job at this and how much reduction > in Internet usage you think it resulted in? Squid is free. Unfortunately, last time I checked it didn't cache youtube, so it doesn't reduce traffic like it used to. (It used to be, sometimes, orders of magnitude) But it does log, so you can use it as a policy tool, and you can use it to block objectionable content. Personally, I think letting people know the rules and that they are being watched solves 90% of the problems. I remember once I worked in an office over a restaurant. We had a problem with people (accidentally) clogging the toilet to the point of overflowing and then slinking out without telling anyone, making our friends downstairs very angry. After I talked the boss into buying a water alarm (they make them for basements that flood) and testing said water alarm during work hours, we never had the problem again. If you actually want to block objectionable content, I would use squidGuard or the like. http://www.linux.com/feature/60050 This is not something I'd want to use a closed, proprietary tool for. -- Luke S. Crawford http://prgmr.com/xen/ - Hosting for the technically adept We don't assume you are stupid. _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
