Limiting Bandwidth



  • We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.



  • @wirestyle22 Firewall should be able to limit bandwidth on a port easily. What is the firewall?



  • @momurda said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 Firewall should be able to limit bandwidth on a port easily. What is the firewall?

    The inbound port?



  • @momurda said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 Firewall should be able to limit bandwidth on a port easily. What is the firewall?

    Differentiating between devices would require manual configuration of mac addresses? My co-worker doesn't like "doing things manually" whatever that means. He likes to make things easier for himself.



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    Not sure this is possible. The incoming traffic will come from whatever random source as fast as that source can send it. You have no control.

    What I don't know is - if you limit connections like youtube to say 1 Mb total allowed, will that keep youtube from flooding your inbound pipe?



  • @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    Not sure this is possible. The incoming traffic will come from whatever random source as fast as that source can send it. You have no control.

    What I don't know is - if you limit connections like youtube to say 1 Mb total allowed, will that keep youtube from flooding your inbound pipe?

    My co-worker is saying it can, but I don't believe anything he says which is why I'm asking. Reminds me of QoS which is entirely within the LAN



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    Not sure this is possible. The incoming traffic will come from whatever random source as fast as that source can send it. You have no control.

    What I don't know is - if you limit connections like youtube to say 1 Mb total allowed, will that keep youtube from flooding your inbound pipe?

    My co-worker is saying it can, but I don't believe anything he says which is why I'm asking. Reminds me of QoS which is entirely within the LAN

    If he's saying it can, then that means he knows how to do it, right?



  • @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    Not sure this is possible. The incoming traffic will come from whatever random source as fast as that source can send it. You have no control.

    What I don't know is - if you limit connections like youtube to say 1 Mb total allowed, will that keep youtube from flooding your inbound pipe?

    My co-worker is saying it can, but I don't believe anything he says which is why I'm asking. Reminds me of QoS which is entirely within the LAN

    If he's saying it can, then that means he knows how to do it, right?

    He asked me what the best way to achieve this would be, but I have no idea what he's talking about. You can manage the 1 KB request to YouTube, but not the resulting download AFAIK



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    Not sure this is possible. The incoming traffic will come from whatever random source as fast as that source can send it. You have no control.

    What I don't know is - if you limit connections like youtube to say 1 Mb total allowed, will that keep youtube from flooding your inbound pipe?

    My co-worker is saying it can, but I don't believe anything he says which is why I'm asking. Reminds me of QoS which is entirely within the LAN

    If he's saying it can, then that means he knows how to do it, right?

    He asked me what the best way to achieve this would be, but I have no idea what he's talking about. You can manage the 1 KB request to YouTube, but not the resulting download AFAIK

    Well, I think you can affect the download, but only once it reaches the firewall. Limit inbound from youtube to say 1 Mbps, but still at the start Youtube could flood you with 10 Mbps and the firewall would have packets stacking up, but I do believe that some form of return traffic to youtube must tell them to slow down/reduce quality (aka fewer packets or smaller ones) so things don't stack up..

    but you'd likely have to manage that for every site on the internet.



  • Of course, once Scott sees this thread, he's going to tell us the real of the situation..

    Or JB will find it and tell me what an idiot I am. 😛



  • @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    Not sure this is possible. The incoming traffic will come from whatever random source as fast as that source can send it. You have no control.

    What I don't know is - if you limit connections like youtube to say 1 Mb total allowed, will that keep youtube from flooding your inbound pipe?

    My co-worker is saying it can, but I don't believe anything he says which is why I'm asking. Reminds me of QoS which is entirely within the LAN

    If he's saying it can, then that means he knows how to do it, right?

    He asked me what the best way to achieve this would be, but I have no idea what he's talking about. You can manage the 1 KB request to YouTube, but not the resulting download AFAIK

    Well, I think you can affect the download, but only once it reaches the firewall. Limit inbound from youtube to say 1 Mbps, but still at the start Youtube could flood you with 10 Mbps and the firewall would have packets stacking up, but I do believe that some form of return traffic to youtube must tell them to slow down/reduce quality (aka fewer packets or smaller ones) so things don't stack up..

    but you'd likely have to manage that for every site on the internet.

    Yeah he's asking per device, not per website. He says it's possible but I've never seen it so I really don't know



  • I think Watchguard Firewalls have the ability to define maximum bandwidth as a rule, but I have not played with it enough to know how it functions and I was thinking that is only for the LAN itself.



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    Not sure this is possible. The incoming traffic will come from whatever random source as fast as that source can send it. You have no control.

    What I don't know is - if you limit connections like youtube to say 1 Mb total allowed, will that keep youtube from flooding your inbound pipe?

    My co-worker is saying it can, but I don't believe anything he says which is why I'm asking. Reminds me of QoS which is entirely within the LAN

    If he's saying it can, then that means he knows how to do it, right?

    He asked me what the best way to achieve this would be, but I have no idea what he's talking about. You can manage the 1 KB request to YouTube, but not the resulting download AFAIK

    Well, I think you can affect the download, but only once it reaches the firewall. Limit inbound from youtube to say 1 Mbps, but still at the start Youtube could flood you with 10 Mbps and the firewall would have packets stacking up, but I do believe that some form of return traffic to youtube must tell them to slow down/reduce quality (aka fewer packets or smaller ones) so things don't stack up..

    but you'd likely have to manage that for every site on the internet.

    Yeah he's asking per device, not per website. He says it's possible but I've never seen it so I really don't know

    oh, well that's different. Sure, if your firewall supports it.. you can limited the bandwidth a specific internal device gets. but again, only to the point where the firewall controls it.



  • @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    Not sure this is possible. The incoming traffic will come from whatever random source as fast as that source can send it. You have no control.

    What I don't know is - if you limit connections like youtube to say 1 Mb total allowed, will that keep youtube from flooding your inbound pipe?

    My co-worker is saying it can, but I don't believe anything he says which is why I'm asking. Reminds me of QoS which is entirely within the LAN

    If he's saying it can, then that means he knows how to do it, right?

    He asked me what the best way to achieve this would be, but I have no idea what he's talking about. You can manage the 1 KB request to YouTube, but not the resulting download AFAIK

    Well, I think you can affect the download, but only once it reaches the firewall. Limit inbound from youtube to say 1 Mbps, but still at the start Youtube could flood you with 10 Mbps and the firewall would have packets stacking up, but I do believe that some form of return traffic to youtube must tell them to slow down/reduce quality (aka fewer packets or smaller ones) so things don't stack up..

    but you'd likely have to manage that for every site on the internet.

    Yeah he's asking per device, not per website. He says it's possible but I've never seen it so I really don't know

    oh, well that's different. Sure, if your firewall supports it.. you can limited the bandwidth a specific internal device gets. but again, only to the point where the firewall controls it.

    Meaning the LAN



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    Not sure this is possible. The incoming traffic will come from whatever random source as fast as that source can send it. You have no control.

    What I don't know is - if you limit connections like youtube to say 1 Mb total allowed, will that keep youtube from flooding your inbound pipe?

    My co-worker is saying it can, but I don't believe anything he says which is why I'm asking. Reminds me of QoS which is entirely within the LAN

    If he's saying it can, then that means he knows how to do it, right?

    He asked me what the best way to achieve this would be, but I have no idea what he's talking about. You can manage the 1 KB request to YouTube, but not the resulting download AFAIK

    Well, I think you can affect the download, but only once it reaches the firewall. Limit inbound from youtube to say 1 Mbps, but still at the start Youtube could flood you with 10 Mbps and the firewall would have packets stacking up, but I do believe that some form of return traffic to youtube must tell them to slow down/reduce quality (aka fewer packets or smaller ones) so things don't stack up..

    but you'd likely have to manage that for every site on the internet.

    Yeah he's asking per device, not per website. He says it's possible but I've never seen it so I really don't know

    oh, well that's different. Sure, if your firewall supports it.. you can limited the bandwidth a specific internal device gets. but again, only to the point where the firewall controls it.

    meaning the LAN

    Of course - but as my youtube example above shows.. it would likely cause the sending server to slow down the send.



  • @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @dashrender said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    We have a client who wants VoIP but is maxing out their download capabilities due to streaming internet video. My co-worker wants to setup VLAN 1 for VoIP and VLAN 2 for everything else. VLAN 1 would be plugged into Port 1 on the Firewall, VLAN 2 would be plugged into Port 2 on the firewall. Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    Not sure this is possible. The incoming traffic will come from whatever random source as fast as that source can send it. You have no control.

    What I don't know is - if you limit connections like youtube to say 1 Mb total allowed, will that keep youtube from flooding your inbound pipe?

    My co-worker is saying it can, but I don't believe anything he says which is why I'm asking. Reminds me of QoS which is entirely within the LAN

    If he's saying it can, then that means he knows how to do it, right?

    He asked me what the best way to achieve this would be, but I have no idea what he's talking about. You can manage the 1 KB request to YouTube, but not the resulting download AFAIK

    Well, I think you can affect the download, but only once it reaches the firewall. Limit inbound from youtube to say 1 Mbps, but still at the start Youtube could flood you with 10 Mbps and the firewall would have packets stacking up, but I do believe that some form of return traffic to youtube must tell them to slow down/reduce quality (aka fewer packets or smaller ones) so things don't stack up..

    but you'd likely have to manage that for every site on the internet.

    Yeah he's asking per device, not per website. He says it's possible but I've never seen it so I really don't know

    oh, well that's different. Sure, if your firewall supports it.. you can limited the bandwidth a specific internal device gets. but again, only to the point where the firewall controls it.

    meaning the LAN

    Of course - but as my youtube example above shows.. it would likely cause the sending server to slow down the send.

    Right. I don't really get it but I don't know a lot about this stuff so I was hoping maybe it was just my misunderstanding



  • The hell are you guys talking about?
    You dont want an interface using all the available bandwidth, limit its bandwidth to a value less than the available bandwidth. This takes a few seconds to do on a Watchguard. Limit your bandwidth on vlan2 interface to 10Mb/s or slower. Then have no limit on the voip interface.

    Network bandwidth is like a chain, it will only go as fast the slowest link. If you have a limit of 10mb/s on an interface somewhere, no device/connection from external content to internal device in that chain will be more than 10mb/s.



  • @momurda said in Limiting Bandwidth (Help me name this thread):

    The hell are you guys talking about?
    You dont want an interface using all the available bandwidth, limit its bandwidth to a value less than the available bandwidth. This takes a few seconds to do on a Watchguard. Limit your bandwidth on vlan2 interface to 10Mb/s or slower. Then have no limit on the voip interface.

    Network bandwidth is like a chain, it will only go as fast the slowest link. If you have a limit of 10mb/s on an interface somewhere, no device/connection from external content to internal device in that chain will be more than 10mb/s.

    That's the best way to limit it? You have to use VLANs? That's what I'm asking



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    You never do this, ever. It makes no sense and serves no purpose.

    Youtube Video



  • @scottalanmiller said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    Then, from the firewall he wants to limit the amount of bandwidth VLAN 1 (everything but voip) can use in order to assure the customer that their phones will be functional.

    You never do this, ever. It makes no sense and serves no purpose.

    Youtube Video

    How do you solve this issue then when we can't purchase more bandwidth and we can't purchase new hardware?



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    I'm hoping there is a better way to limit them without needing to use VLAN's. This customer will not purchase any new hardware short of the phones themselves.

    The VLAN has nothing to do with it. It's irrelevant to the situation other than you have someone that wants to use one. It has nothing to do with limiting, which in turn has nothing to do with your situation.

    You need QoS, and you need to do it properly. No ifs, ands, or buts.



  • @wirestyle22 Doesnt have to be a vlan. Just an interface. But like scott says, limits are bads.



  • @momurda How would you separate the voip traffic from everything else on a single switch without a VLAN? If I could use one switch for each purpose, yeah that would be easy



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    How do you solve this issue then when we can't purchase more bandwidth and we can't purchase new hardware?

    Well certainly not with limits as that doesn't address the problem.

    Limits don't do anything QoS can't do, it just doesn't do it well.

    You need to control what people do on the network if there is nothing else to be done. Putting a limit somewhere will, eventually, encourage services to choke, but it can't stop the firewall from getting flooded - which is the actual issue.

    There is no magic here, if you need more bandwidth than you have, then you need more bandwidth. Period.



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @momurda How would you separate the voip traffic from everything else on a single switch without a VLAN? If I could use one switch for each purpose, yeah that would be easy

    You ask this over and over as if a VLAN can do that? But obviously a VLAN can't be used to separate out voice traffic. So this is a really weird question to ask.

    VoIP traffic is by protocol. So you assign your QoS by protocol, as you always would. Why do you mention VLANs as they cannot be part of the equation for anything you are discussing?



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    How do you solve this issue then when we can't purchase more bandwidth and we can't purchase new hardware?

    exactly - how do you do this on the inbound traffic for VOIP? I totally get the outbound with QoS bit.

    But if I'm downloading a 10 TB file, and the source enables me to download at my max download speed - how do you ensure good phone calls while that download is happening?



  • @wirestyle22 You never said in any of these posts it was all on a single switch. You indicated something would be plugged into 2 interfaces on the firewall, I took that to mean two switches one for phones, one for other devices.



  • @momurda said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 Firewall should be able to limit bandwidth on a port easily. What is the firewall?

    It can limit what is passed through, but not what is received.



  • @scottalanmiller said in Limiting Bandwidth (Help me name this thread):

    @momurda said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 Firewall should be able to limit bandwidth on a port easily. What is the firewall?

    It can limit what is passed through, but not what is received.

    Right



  • @wirestyle22 said in Limiting Bandwidth (Help me name this thread):

    @momurda said in Limiting Bandwidth (Help me name this thread):

    @wirestyle22 Firewall should be able to limit bandwidth on a port easily. What is the firewall?

    Differentiating between devices would require manual configuration of mac addresses? My co-worker doesn't like "doing things manually" whatever that means. He likes to make things easier for himself.

    VLANs are always manual. And never easier. So clearly this isn't a true statement. making things manual and hard is exactly what he wants.


Log in to reply