ScreenOS Firewalls (NOT SRX)
Reply
Contributor
TravisJohnson
Posts: 116
Registered: ‎12-14-2009
0

Bonded T1 with SSG-20

Hello all,

 

I have a client with a bonded T1 at 3mb so using 2 T1's into a Samsung router, and a less than desirable firewall for the situation, along with another T1 dedicated to voice.

 

I was looking at using an SSG20 with 1xT1 mPIM and 1xADSL mPIM until I contacted the T1 provider.

 

I can't figure out the need for the bonded T1 as there are only 10 employees in the office and a connection to a MS Dynamics server to integrate with their website.

 

To me it appears that the former IT provider and the telco were looking to make some easy money.

 

With all of that out of the way, can I get some recommendations?  I am contemplating the idea of rolling back to a 1.5mb standard T1 for data, a second for voice, and piping users traffic out the DSL connection that is only used as backup currently.

________________________________________________


If my post helped you, please feel free to give me kudos.
Distinguished Expert
spuluka
Posts: 2,704
Registered: ‎03-30-2009
0

Re: Bonded T1 with SSG-20

Before initiating bandwidth reductions at a site I think you really need actual traffic statistics and not just profile information.  In this case you have a deployed solution and are looking to cut the bandwidth available in half.  So you had better be really certain the additional bandwidth is not needed.

 

If you don't have monitoring setup to measure bandwidth utilization on the nework, start with your carrier.  Most have a basic system in place where the customer can see what traffic is actually being sent on the circuits provided.  This will verify that the total usage is within the limits you suspect before the change.

 

If you have a monitoring system available, you can add SNMP to the SSG firewall and collect per interface traffic statistics and know the breakdown of that traffic internally.

 

A second statistic you will want to monitor is latency.  This is important for quality performance for database and VOIP traffic.  I've found that sometimes even if you are only approaching 75% utilization of bandwidth you can still see an adverse affect on latency that can affect the user experience quality in these applications. 

 

The sensitivity to latency varies  a lot by the particular application, so you'll need either monitored experience or your application provider to help you identify the right numbers.  But they can be quite low.  I have a particular Sybase db connection that really starts to choke at 120 ms and higher and becomes nearly unusable when latency hits the 180 ms plus range.

 

In short, if the system performs well, I'm very conservative and cautious in removing bandwidth allocatted.  And I'll only do that with strong imperical evidence that there will be no adverse affect.

Steve Puluka BSEET
Juniper Ambassador
Senior Network Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Contributor
mali
Posts: 145
Registered: ‎01-29-2008
0

Re: Bonded T1 with SSG-20

Is MS Dynamics server offsite?  If it is you certainly don't want to reduce the bandwidth.

Contributor
TravisJohnson
Posts: 116
Registered: ‎12-14-2009
0

Re: Bonded T1 with SSG-20

Thanks for the info.

 

I was able to look into the bandwidth usage and they are using 1.89k peak average during work hours.  This is with traffic from the website and users surfing / streaming music.

 

They have an aDSL 3.0mb service that is well, not connected :-/

 

I think downgrading and using the SSG20 in conjunction with source based routing to push web traffic through aDSL is going to be just fine.

 

Also, the Dynamics server is on-site and has a web service connect to it for client information.

 

One additional question I have is with the T1 pim.  If I am using that and the T1 drops, will that cause a route to become inactive and use a second route?  (Thinking to use voice T1 as backup through the ethernet port on Cisco IAD 2400 series)

 

Thanks for the input!

________________________________________________


If my post helped you, please feel free to give me kudos.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.