Normally, the packages sent out from the Windows Update service are quite small in size and the BITS service helps to stream these at a reasonable rate to your local system. However, there have been a couple of recently released security patches that are quite large (one was +300 MB) which could cause quite a strain on your connection if there were a large number of patches (including the larger packages) needed on each respective workstation and all were getting these large downloads simultaneously. The point is, that normally Windows Update packages shouldn't be an issue for your network connection especially when your systems are fully up-to-date with patches.
However, with only four computers in this scenario it sounds like it may be worthwhile to some bandwidth and connection health testing to confirm your providers connection is actually performing as advertised. If you wanted to do some additional internal testing of throughput on your pipe or internal switched connections you can use IPERF, or other application to accomplish this and I'm sure this list can provide plenty of suggestions in this area as it relates to tools and methods to validate throughput, latency, packet loss or other network performance validation items. (I wouldn't solely rely on SpeetTest.net here.) Additionally, as mentioned previously in this thread, in the end traffic shaping may be required in order to properly prioritize traffic deemed as important to the business needs in critical network communication areas. This is especially true if you are stuck with a limitation in bandwidth. Regardless, at face value I find it difficult to believe that four computers downloading a few patches from Windows Update can bring a T1 to its knees. It sounds like there may be other issues here, and only testing and verification will the root cause to light. -----Original Message----- From: Chuck Mariotti [mailto:[email protected]] Sent: May-13-09 8:20 AM To: [email protected] Subject: RE: [pfSense Support] RE: T1 Saturating - Windows update kills the connection... ?? Thanks everyone... I should clarify a little more of what my worry is. Specifically the 4 machines downloading updates at the exact same time and taking the internet connection to its knees probably isn't too realistic a scenario. We did do it in the middle of the night, so it can happen, but WSUS is probably not a solution to the overall problem I'm worried about (it's specific to the windows update problem). I am still blown away that this happened so easily though. Maybe I expected too much intelligence on the firewall to handle overloading? It just doesn't feel right. I a more worried about the realistic scenarios where publishing could be downloading a few large files via web (say some artwork that's 200MB). Another user is streaming a video, another is ftping some files, etc... so the overall usage pegs the 1.5Mbit to it's max download (like the Microsoft Update did), and the whole thing stalls the internet again. This is what I am worried about. Or some similar combination of traffic and the firewall just sits there letting it saturate/stall everything. I'm sorry if it sounds like I'm blaming the firewall... but I never thought a T1 would saturate and become useless with 4 computers downloading some large files. There must be a LOT of people having this problem then. ChuckM -----Original Message----- From: Paul Mansfield [mailto:[email protected]] Sent: Wednesday, May 13, 2009 6:09 AM To: [email protected] Subject: Re: [pfSense Support] RE: T1 Saturating - Windows update kills the connection... ?? put in a big squid proxy with a large disk cache, and or set up windows clients to auto-download updates during the night so at least congestion happens outside critical times if you're using managed switches, can you throttle back individual ports? otherwise, traffic shaping may be your friend --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
