ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Bonded T1 with SSG-20

02.07.10   |  
‎02-07-2010 11:02 PM

Hello all,


I have a client with a bonded T1 at 3mb so using 2 T1's into a Samsung router, and a less than desirable firewall for the situation, along with another T1 dedicated to voice.


I was looking at using an SSG20 with 1xT1 mPIM and 1xADSL mPIM until I contacted the T1 provider.


I can't figure out the need for the bonded T1 as there are only 10 employees in the office and a connection to a MS Dynamics server to integrate with their website.


To me it appears that the former IT provider and the telco were looking to make some easy money.


With all of that out of the way, can I get some recommendations?  I am contemplating the idea of rolling back to a 1.5mb standard T1 for data, a second for voice, and piping users traffic out the DSL connection that is only used as backup currently.


If my post helped you, please feel free to give me kudos.
ScreenOS Firewalls (NOT SRX)

Re: Bonded T1 with SSG-20

02.08.10   |  
‎02-08-2010 03:48 AM

Before initiating bandwidth reductions at a site I think you really need actual traffic statistics and not just profile information.  In this case you have a deployed solution and are looking to cut the bandwidth available in half.  So you had better be really certain the additional bandwidth is not needed.


If you don't have monitoring setup to measure bandwidth utilization on the nework, start with your carrier.  Most have a basic system in place where the customer can see what traffic is actually being sent on the circuits provided.  This will verify that the total usage is within the limits you suspect before the change.


If you have a monitoring system available, you can add SNMP to the SSG firewall and collect per interface traffic statistics and know the breakdown of that traffic internally.


A second statistic you will want to monitor is latency.  This is important for quality performance for database and VOIP traffic.  I've found that sometimes even if you are only approaching 75% utilization of bandwidth you can still see an adverse affect on latency that can affect the user experience quality in these applications. 


The sensitivity to latency varies  a lot by the particular application, so you'll need either monitored experience or your application provider to help you identify the right numbers.  But they can be quite low.  I have a particular Sybase db connection that really starts to choke at 120 ms and higher and becomes nearly unusable when latency hits the 180 ms plus range.


In short, if the system performs well, I'm very conservative and cautious in removing bandwidth allocatted.  And I'll only do that with strong imperical evidence that there will be no adverse affect.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
ScreenOS Firewalls (NOT SRX)

Re: Bonded T1 with SSG-20

02.08.10   |  
‎02-08-2010 07:35 AM

Is MS Dynamics server offsite?  If it is you certainly don't want to reduce the bandwidth.

ScreenOS Firewalls (NOT SRX)

Re: Bonded T1 with SSG-20

02.09.10   |  
‎02-09-2010 09:50 PM

Thanks for the info.


I was able to look into the bandwidth usage and they are using 1.89k peak average during work hours.  This is with traffic from the website and users surfing / streaming music.


They have an aDSL 3.0mb service that is well, not connected :-/


I think downgrading and using the SSG20 in conjunction with source based routing to push web traffic through aDSL is going to be just fine.


Also, the Dynamics server is on-site and has a web service connect to it for client information.


One additional question I have is with the T1 pim.  If I am using that and the T1 drops, will that cause a route to become inactive and use a second route?  (Thinking to use voice T1 as backup through the ethernet port on Cisco IAD 2400 series)


Thanks for the input!


If my post helped you, please feel free to give me kudos.