Royal Institute of Technology

Cost Effective Bandwidth Management and Optimization System: A Case of Hawassa University

Bandwidth Management and Optimization System Design (draft)

Date: 20 March 2009.

By :

Kalkidan Alemayehu Zeleke zeleke@kth.se

Table of Contents
Abbreviations .............................................................................................................................. 3 Introduction ................................................................................................................................ 4 1. Network Monitoring ........................................................................................................... 4 1.1. Ntop............................................................................................................................ 4 1.2. Iptraf ........................................................................................................................... 5 1.3. MRTG......................................................................................................................... 6 1.4. Nagios ......................................................................................................................... 6 1.5. Web sense ................................................................................................................... 7 2. Firewall................................................................................................................................ 7 3. Traffic Shaping .................................................................................................................... 8 4. Quota System ...................................................................................................................... 8 5. Caching and mirroring....................................................................................................... 10 6. Anti-virus software ............................................................................................................ 10 7. Mail ................................................................................................................................... 10 Conclusion ................................................................................................................................ 11 Reference .................................................................................................................................. 12

Abbreviations
HUNet- Hawassa University network BWO- Bandwidth Management and optimization ACA- Awassa Collecge of agriculture

Introduction
A bandwidth management and optimization system improves the internet connection to be used for the right purpose, by the right people in the right time [1]. It increases the performance of the internet connection by removing unwanted traffic. However, there is no one tool or technique which brings about the needed uplift in performance. Thus, a variety of tools and techniques should be used. In order to address the problem of bandwidth management from different perspective it is good to include the following components based on the demand in the environment. These are network monitoring components, Firewalls, Anti-virus software, Caches, traffic shapers, Quota systems [2]. The design of BWO system for Hawassa University includes these components. In the over all design of the bandwidth management and optimization system for HUNet scalability, redundancy and cost effectiveness have been considered as attributes to be met as much as possible. Scalability is needed for HUNet as it is a growing network and the BWO system should still work in this situation. Redundancy is needed because there are two campuses and two internet gateways. Each campus users can freely use the internet through any of the gateways. Identical BWO system and policy has to be placed in both of the campuses. In addition, avoiding failure and loss of data of BWO is needed for proper functioning of the system. Maintaining cost effectiveness of the system is another consideration of the design. Whenever possible, all the new tools to be introduced into the system are intended to be open source tools. Using open source tools also makes it cost effective not only in avoiding the cost of the license but also hardware wise. Additional hardware could be assembled from existing computers in campus.

1. Network Monitoring
"Network monitoring is the use of logging and analysis tools to accurately determine traffic flows, utilization, and other performance indicators on a network."[3]. With network monitoring tools in place, it is possible to collect important statistics about the network that aids in bandwidth management and optimization. For HUNet BWO system some monitoring tools are selected out of a variety of tools available today. The following features have been considered while making the selection: Appropriateness, affordability, lightweight ness, flexibility, Graphical support, data retention, user friendliness and feature richness [3]. Ntop, Iptarf, MRTG, Nagios and Web sense are used as monitoring tools in the network. A discussion of each tool along with the reason of choice and its usage in HUNet is discussed below.

1.1. Ntop
Ntop is a protocol analyzer used to monitor traffic. It has features that most monitoring tools do not posses. Such information as the heaviest network users, bandwidth usage per switch port, by protocol or by MAC address, internet bandwidth use by host and protocol, point to point traffic are crucial to know in order to manage and optimize the bandwidth of HUNet. Ntop is an appropriate tool to use for HUNet for it is able to provide this information in a well organized and graphical way [3].

Ntop is also an open source tool with an extensive support. It stores data for a long time. Ntop is not however a lightweight tool and requires a high CPU. This can be dealt by either running Ntop only whenever needed or by monitoring the CPU. In HUNet, Ntop will be placed in both campuses in the server farm. Each Ntop server will be made to monitor the respective campus. Doing so has the following advantages. One, Ntop works by looking at packets which is a CPU intensive task [4]. Monitoring the packets of both campuses by one server will be placing too much load on the server. Secondly, since Ntop needs physical accesses to the network it is monitoring having separate servers in the two physically separate campuses is reasonable [5]. If redundancy is needed in case of server failure, to keep two servers in each campus is possible. Since Ntop is just a monitoring tool, and its failure does not hinder the functioning of the network, it is not necessary when comparing it with the trouble of running another server. In the Main Campus, as shown in figure 1 the Ntop server will be connected with the two redundant multilayer switches in the core/distribution layer so that all the inbound and outbound traffic will be visible by using port mirroring in these switches. A hub will be used to share this link with other servers. This design is scalable in that even if more ports of the core/distribution layer switches come to be used in the future, they will all be mirrored to one port. By enlarging the capacity of the Ntop server, it can handle increasing load on the network. In ACA, the setup will be similar. But in this case unlike the main campus case, there is only one switch in the core/distribution layer and Ntop will only monitor that one. Ntop will be implemented on Solaris, as these are the available servers in HUNet. The CPU usage of Ntop servers will be monitored by Nagios.

1.2. Iptraf
IPTraf is proposed to be used in HUNet BWO system as a complement to Ntop. Ntop does not provide instantaneous measures but only long time averages and totals. Iptraf is able to provide only instantaneous information [3]. IPtraf runs only in Linux [6]. A separate linux machine will be used for IPtraf. This machine is not required to be a complex server since IPtraf is a lightweight tool. Ntop and Iptraf works in the same way by inspecting packets [7]. Thus iptraf can be made to monitor on and interface of a hub that accepts from a mirrored port of both of the switches (see figure 1). This combination of Iptraf and Ntop enables the system to have both long time stored information as well as instantaneous information. The design is scalable in that even if more ports of the core/distribution layer switches come to be used in the future, they will all be mirrored to one port. By enlarging the capacity of the Iptraf server, it can handle increasing load on the network.

Figure 1 Ntop and IPtraf in Main campus

1.3. MRTG
For effectively managing and optimizing HUNet, being able to measure traffic load passing through links and/or devices is important. MRTG is a widely used open source tool that displays this information in a graphical form. With it, it is possible to infer the utilization of links in different times of the day. The graph depicts the inbound and outbound traffic [8]. In HUNet MRTG is already in place in the ACA campus. It is configured to show the traffic passing through different links and devices. This MRTG could be extended to monitor selected links and devices in the main campus. A redundant copy of this MRTG could be set up in the Main campus. This way we can have a redundant MRTG in both campuses. The use of MRTG in the network could handle growing number of devices as well as load on the devices. Since MRTG uses SNMP, configuring more devices will not affect the performance.

1.4. Nagios
One of the ways bandwidth is wasted in HUNet is due to failure of equipments and lack of a mechanism to detect the failure1 . During this time, users will not get accesses, though the university pays for the bandwidth. Nagios is an open source tool which gives automated notification during failure of hosts and services that could be used to alleviate this problem [9].

This information is obtained from information gathered from questionnaires and personal observation

The Nagios server will be placed in the serve farm in both campuses and will control the servers and the switches in the server farm and in core/distribution layers. The Nagios server is capable of working even if the network enlarges in the future for Nagios uses SNMP for polling data from the devices it is monitoring.

1.5. Web sense

The main campus has a web sense server that could be integrated with the squid to summarize and analyze the information from squid. Such valuable information as frequent sites visited, proxy cache hits, and top 100 sites visited that are useful for BWO can be obtained this way. Web sense is a proprietary solution that requires license to be used. For this reason, it will not be cost effective to duplicate it in the ACA campus. However, it is possible to integrate the Web sense server in the main campus with the proxy servers located in both campuses. The use of web sense server could still continue even if the network size grows. The web sense server is used integrated with the proxy server. This processing could handle increasing number of load on the proxy server.

2. Firewall
Network monitoring tools provides information that is useful to identify problems that causes bandwidth wastage. Then, there has to be tools in the network that deals with these problems. One such tool is firewall. Firewall can be uses to drop unwanted traffic which consumes bandwidth [3]. HUNet has separate Cisco Pix firewall in both campuses. The firewall is placed in both campuses as shown in Figure 2. Rules could be added to these firewalls in progress that would block traffic discovered to be causing bandwidth wastage.

Figure 2: Firewall in HUNet

3.

Traffic Shaping

Traffic in a network differs in its importance. Thus whenever a scarcity of bandwidth arises, there should be a way to give priority to the more important traffic. Traffic shaping is a technique of doing this. In HUNet, by placing the network monitoring systems in place, it will be possible to know the traffic pattern with respect to services and users. This is a crucial input to shaping traffic. There are various tools to shape a traffic based on a predefined criteria. Kernel tools, squid delay pools and BWM tools have been a candidate for BWO of HUNet. While kernel tools are very powerful, their complexity makes them inappropriate. Squid delay pools on the other hand will only serve to shape web traffic. A BWM tool is a more appropriate tool because of its simplicity to set up and wide support. It is an open source tool. Though BWM has both firewall and traffic shaping functionalities, only the traffic shaping functionality will be used here integrated with the existing firewall [3]. The BWM tool will be placed in the WAN side of the network before the firewall as this is the most expensive link. This way all traffic leaving and entering the network can be shaped.

Figure 3 Traffic Shaping

4. Quota System
The bandwidth usage behavior of individual users or machines is important for managing and optimizing the bandwidth. Some users continuously use excessive bandwidth to the level that they prevent other users from using the bandwidth. What is important to determine here is the maximum amount of approximate bandwidth that a user will need for appropriate tasks. By assigning such a quota for a user and denying accesses afterwards, the behavior of the user could be controlled. This technique specially helps to control users who use the bandwidth as a surplus

resource without actual need. The amount of quota assigned for different users as well as the way to enforce the quota will be as specified in the policy document. The first step towards a quota system is a way of logging bandwidth usage per user. In HUNet this is only possible to get the bandwidth usage history per IP address by integration of squid and log analyzers. Users do not have user name and password when using the network and thus authentication and user identification is not possible. However, the university is moving towards a centralized user and services administration of the network (see figure 3). The bandwidth management and optimization system should include a way to authenticate internet users that integrates with the campus wide authentication. A way of doing this is, use automatic proxy configuration feature of squid and integrate it with the web server used for authentication. Talking in terms of the architecture shown in figure 3, the proxy server is placed as an application server. After placing such authentication scheme each user's data will be logged in a database and manipulated using scripts. This way, a quota could be enforced for internet users[3].

Figure 4 Hawassa University ICT Architecture [10].

5. Caching and mirroring

Caching is a way of optimizing the bandwidth usage. In caching, a local copy of internet resource will be kept for subsequent requests so that the bandwidth of re-fetching a resource could be saved. This can be done for web resources or DNS requests. In HUNet web caching is already implemented by squid proxy servers in both campuses and DNS caching by Bind. This will be directly used in the new design of the bandwidth management and optimization system. HUNet could be served a lot from mirroring. The bandwidth utilization is almost nil during night times. It is possible to avoid some of the congestion during peak times by populating local copies of some resources during night times. Currently, the most appropriate copies for HUNet are software updates. Windows, Adobe, anti-virus and Firefox updates are the most commonly observed updates. Three solutions are included in the design in this regard. The first is a Microsoft Windows Server Update Services (WSUS). By keeping this server in the server farms of both campuses enabling accesses of users in both campuses. This solution requires some cost for setting up for the servers. The second solution is setting up a server which keeps a local mirror of mostly visited websites that are appropriate for mirroring. In the course of using the network, the administrator decides which sites to mirror from the proxy server logs. For this, rsync will be used in the existing file server. Users requesting the resource from the web will be redirected to the local mirror by the proxy. The third solution is encourage users through education and policy to disable automatic updates and use local up to date copies of common updates in the existing file server.

6. Anti-virus software
Virus or more specifically worms are the major threats to network bandwidth for HUNet. An up to date anti virus software is a major component of the bandwidth management and optimization system. To this day, there is an expired version of Symantic anti virus software. The university is in the processes of buying one. This will be in the antivirus software server in the server farm and users will be instructed to use it.

7. Mail
HUNet has no operational mail server. Threats associated with mail are not observed in HUNet. If the mail server is set up properly with spam controls, the problem will not arise. This design will not consider the mail server.

10

Conclusion
Bandwidth management and optimization system has different components. The design of bandwidth management and optimization system for Hawassa University has included components that are already in place, components that are being built components that are to be built. Moreover, a replicated system is going to be placed in both campuses. Figure 5 shows the logical design for the Main Campus. ACA has similar design with the omission of one of the switches in the core/distribution layer.

Figure 5 Logical Topology of Main Campus showing bandwidth management and optimization components

11

Reference
[1] Design and Procurement of Blantyre Campus Network, A Master of Science Thesis, David Blomberg [2] Bandwidth management position paper. Aptivate, June 2007 [3] How to accelerate your internet, A practical guide to Bandwidth Management and Optimization Using Open Source Software, INASP/ICTP. October 2006 [4] http://www.ntopsupport.com/faq.html, last accesses March 23, 2009 [5] http://www.ntopsupport.com/faq.html, last accesses March 23, 2009 [6] http://iptraf.seul.org/, last accesses March 23, 2009 [7] http://iptraf.seul.org/2.7/itrafmon.html, last accesses March 23, 2009 [8] http://oss.oetiker.ch/mrtg/, last accesses March 23, 2009 [9] http://nagios.sourceforge.net/docs/nagios-3.pdf, last accesses March 23, 2009 [10] ICT unit final BPR document, Hawassa University, December 2008.

12