Just another day at the office (Little devices slaying giant networks)

The long email below is something I sent to a Consortium member that has been having challenges with browsing speed due to unseen forces guzzling their bandwidth.

I had to audit the network for several days using a Mikrotik router to be totally sure. Thought I’d share part of my report here with anyone having a similar experience. Hopefully, I make it a guide someday.

Since installation, I
have observed on a daily basis that the traffic originating from your
network easily congests your link before midday. This leads to
complaints of slow browsing as has been confirmed in several telephone
conversations with Engr X.

Further network auditing which is still ongoing shows that there are two
major causes of the network congestion:

1. Smart phones. Mostly android devices, the phones are by default set
to update their operating system and software when they are connected to
a WiFi network (to save the user’s mobile data megabytes). If
unrestricted, a single phone just on its own can download at the speed
of 2-3Mbps all day long. It gets worse if the owner decides to watch
videos online. As an immediate damage control measure, I have been
manually going through the list of devices I can identify as phones and
limiting their download to just 50kbps between the hours of 11am and 4pm
when there are more people around. Before 11am and after 4pm, they are
allowed to run wild since I have observed that there are usually fewer
people on the network.

2. Network users using automated (torrent) software to aggressively
download movies, music and other files. I identified just a handful of
such computers but when unrestricted, they were taking up all the
Internet bandwidth available. Because of such systems, downloads across
board have been restricted to just 100kbps per computer with the option
to burst up to 700kbps momentarily (if it is not a heavy download and
the network is not already congested).

Since there is only 4Mbps of download bandwidth at the moment, it only
takes 10 users downloading at 100kbps to saturate the link. This
situation will improve slightly once the upgrade is completed.

The fact is that when an unrestricted Bring-Your-Own-Device (BYOD)
policy is in effect on an office network and the organization carries
the weight of software updates for hundreds of devices, you may never be
able to buy enough bandwidth to satisfy the growing demand. You may
upgrade bandwidth to a certain level if you can afford it but some
restrictions have to be in place to ensure the money spent is not wasted.

In addition to an upgrade, some remedies that the management of the
Academy may wish to consider are as follows:

1. Unofficial wireless devices could be restricted to connection
strictly via designated wireless access points. These access points will
be connected to a special interface on the central router. By connecting
all of them to a special segment, you can decide to allocate a maximum
of say 1Mbps by 1Mbps to all unofficial wifi devices. If there is only
one wifi device connected say in the middle of the night, he can have
all the bandwidth to himself; when the others arrive, they can all
jostle for the bandwidth without disturbing the computers (or other
devices) that are connected through priority ports.

2. Unofficial wireless devices could be banned from connecting to the
network outrightly. This will be difficult to implement in an
environment where you do not have a team dedicated to managing corporate
device access.

3. Enforce authentication for all users using something like a hotspot
page. Each user that is authorized to use the Internet will have an
individual username and password that can only be used on one device at
a time; It will also have a speed limit and if necessary a total
megabyte transfer limit. With this, users can decide if they want to use
their bandwidth for actual work or let runaway applications eat up all
their access.

4. Another deterrent that could be implemented is to sound a warning to
all staff that the use of torrent downloading software is forbidden on
the network. An automated policy could then be set on the
bandwidth manager to slow down any computer that passes torrent traffic.
An example would be to place the computer at a speed limit of say 05kbps
for a period of 2 hours; after 2 hours, the limit is automatically
removed only if the torrent software is stopped by the user. If the
torrent traffic continues, the user is penalized for another 2 hours.
Once word gets round, people will stop using torrent software.

The above or a mix of other solutions can be implemented to ensure that
your most critical Internet activities are not crippled by rogue usage.
We have gone beyond what any ISP will do to make sure that the capacity
delivered is properly utilized and it is our pleasure to provide these
insights for your decision-making.

Leave a Reply

Your email address will not be published. Required fields are marked *