Two parts.

Part 1: We currently have 2 DSL Lines with 3Mb/768Kbps speeds load balanced for 60+ users. Accessing the Internet is borderline unusable. The simple solution would be to get a faster DSL Line but the highest DSL package is 6Mb/768Kbps, has quite the price jump, and doesn't do anything to help with upload speeds.

I'm looking for free or extremely low cost solutions (web cache, traffic shaping, bandwidth controls, etc) to help with making Internet access more bearable until the next funding year. Can anyone give any advice?

Part 2: We're looking into a 4.5Mb bonded T1 in the next funding year which is of course significantly more expensive than 2 DSL lines. Are bonded T1s our only hope for faster speeds? Are there any better alternatives?

  • 20,077
  • 4
  • 30
  • 39
  • 79
  • 5
  • Are you located in a major metro area? Cogent communications can have very attractive pricing on some metro-loops if you are lucky enough to be on one. – jeffatrackaid Feb 21 '10 at 03:21
  • Unfortunately, we're not. Our location is not the best of places. – elistp Feb 21 '10 at 06:03

9 Answers9


I have actually had to solve such a problem recently. We have 8Mbit/s for 150 PCs. The problem was not so much regular bandwidth use but people who would download big ISO files and kill the bandwidth for everyone else.

We handled this by inserting a caching web proxy (Squid on Pfsense) that allows for 2 bandwith limiting parameters. First one is max global bandwidth which is the speed of the line. Second is maximum bandwidth for one host. This is where this gets interesting. We supposed no more then 3 people would try to eat up all the bandwidth aht once. Therefore we set the second parameter at 1/4th (2Mbit/s) of the first parameter.

This kept large downloads from killing the internet for everyone yet allowed for decent download speeds.

All our problems then vanished. You don't want to set the max banwidth per host too low because it'll also be your maximum download speed.

Antoine Benkemoun
  • 7,314
  • 3
  • 41
  • 60
  • Don't know if squid does this, but I wonder if an ideal solution might allow any host (when all alone) the max global bandwidth, any two hosts a max of half, any three one-third each, etc... – Paul Feb 20 '10 at 22:30
  • Can Squid also dynamically set bandwidth paramaters? For instance, if I set the default bandwidth cap for everyone to be 1 Mb then if the max bandwidth of the line isn't being utilized can the extra bandwidth go to a user that needs more than 1M? – elistp Feb 21 '10 at 06:06
  • I don't think it can do it on its own but you could script that... – Antoine Benkemoun Feb 21 '10 at 14:45

Not sure where you are located, but whenever possible we are replacing T1s with Ethernet connections -- in many cases a 10MB ethernet connection costs about the save as a redundant T1. There are also providers that can get you direct fiber connections at a good price. (One example of a provider several mid-sized East Coast markets is Fibertech Networks.)

You're going to have startup costs for just about any option, and just about any option is going to be better than DSL.

  • 20,077
  • 4
  • 30
  • 39
  • I'm not too familiar with what's involved with various high bandwidth solutions but does getting a 10 Mb ethernet line involve running fiber? I ask this because I was told getting fiber to our location was astronomically high. The person getting me the quote didn't even give me a number because he said it was just too high. – elistp Feb 21 '10 at 05:38
  • 1
    In our rural location the "EtherLink" option runs over DSL quality copper pairs. http://en.wikipedia.org/wiki/Etherloop – Ed Fries Feb 21 '10 at 17:57

elistp, you have two options as I see it

  1. Call up all of your local providers and ask what connection types they offer and for what price. You have plenty of possibilities including FIOS, metro ethernet, MPLS, WiMAX and even Satellite (I know... but it's worth at least a glance). Also, ask for the price to be dropped. Nicely, of course. It can't hurt to ask and you will probably be pleasantly surprised with the answer.

  2. Optimizing the usage of the existing bandwidth. This should be done no matter what connection type(s) you use. You need to have a gateway that can QoS traffic types, targets and also throttle individual streams. QoS can bump things like FTP uploads up in the queue and streaming radio down. Filtering for targets can make sure time wasting web sites don't slaughter the connection while other sites are snappy. Throttling individual streams can make sure that no one can saturate the whole connection beyond a certain limit. Look into an intelligent firewall that can do this. You might also want to keep the cheap DSL lines around and use those to shunt nonsense traffic onto and keep the T1s for more important stuff (that's what was done at one of my workplaces; the bonded T1s were for the good stuff and the bonded 15Mb cable lines were for "junk").

Look into WAN optimization appliances as well. You could use an open source solution like Traffic Squeezer or appliances from companies like Riverbed, Ipanima, Exlinda, BlueCoat, f5 and more.

  • 32,320
  • 9
  • 80
  • 116
  • The later is important ;) I have a 512kbit uplink where I work. Open is a VPN all the time, plus I download stuff (MS ISO - thanks). THanks to quality management I can keep downloads and uploads and other things using up the line - and the quality is STILL good enough to run VOIP over the VPN (which gets priority) ;) – TomTom Apr 20 '10 at 16:19
  • Wow, great management of the bandwidth. Which audio codec does your voip use? – Wesley Apr 20 '10 at 18:30

I have to assume the 6MB DSL line is going to be an order of magnitude cheaper than the T1, probably 1/8th the cost. Wouldn't it make sense to try that before getting locked into a more expensive option?

  • 1,329
  • 5
  • 15
  • 23
  • The top tier DSL package would definitely would be cheaper but we would still be suffering from upload bandwidth problems. We're expecting growing Internet use as well in the next year. – elistp Feb 20 '10 at 21:31

Any other provider choices? In our area, cable generally offers more upload bandwidth than comparably-priced DSL.

  • 779
  • 1
  • 9
  • 18
  • Unfortunately our property has no existing cable lines that I am aware of. I'm sure it would involve installing new lines to our server closet which is another added expense. – elistp Feb 20 '10 at 23:27
  • Would it make sense to ask the cable company to estimate what a line install might cost? Then you could compare it rationally to the startup and operating costs of bonded T1s, Ethernet, and other options. They may not be free either! :-) – Paul Feb 21 '10 at 00:26
  • I know we have the ability to support bonded T1s because we had a site survey done. As for cable, it's definitely going to cost us because I know it will involve digging into the property to run a cable line to the building the server closet is housed in. – elistp Feb 21 '10 at 05:34

If you don't mind installing an additional PC to act as a bridge on the network, this software may be of help.


I'm using SPBWM with my cable connection to limit the available bandwidth on a per IP bases.

Here is a diagram of my network.


I have a rule for each address on my subnet, that limits up and down bandwidth.

  • 1,943
  • 12
  • 38
  • 53

This is how I've solved problems with many users on a single asymmetric DSL line before: http://www.benzedrine.cx/ackpri.html

It works extremely well! No more crappy download speeds because someone decided to seed a torrent (or large email attachment etc).

pfSense has ALTQ, and like Antoine posted earlier - it can be fitted with a Squid proxy.

HOWTO: pfSense 1.2.x Traffic Shaping with Squid Transparent Proxy

Calculating the required bandwidth for ACK queues for asymetric link

  • 19,532
  • 4
  • 55
  • 75

Depending on your market you can probably get Metro Ethernet, FIOS, U-verse, Cable, or even WiMax. Two bonded T1s go for around $600 nowadays. Speakeasy is promoting its Metro Ethernet service at 3/3mbps right now for about half that, but you may want to first price out providers like XO, Cogent, etc. This will be a lot more expensive than DSL, but you get what you pay for. You can check out the business broadband forums at dslreports.com for more info.

I would also look at the firewall and see what people are doing. If half your traffic is from people goofing off on youtube then you should consider blocking it. If anyone is running torrents or P2P then you should stop that. Or at least QoS then down to acceptable levels.

If you're using too much upload because of hosted servers then consider hosting them at a colo or elsewhere.

  • 1,174
  • 2
  • 9
  • 18

First thing you need to do is figure out what is using your network bandwidth. Without that information all of this is just guesswork.

What I would recommend is to take a PC with two network interfaces and wireshark or TCPdump, depending on Linux / Windows. Set it in between your main switch and router, and then sniff the traffic for awhile. You can do all sorts of stuff with the data. A better solution is to use a network tap, but these maybe outside of your budget.

I've seen organizations with one or two users hogging all of the bandwidth because they watch youtube all day, or listen to internet radio, or download porn.

Find your highest bandwidth users and figure out what you can do about them. Here are some options.

Block their access. i.e. if you can. Install a caching proxy server for web traffic. Install QOS guarantees that prioritize some traffic over others. Cleanup PC's if you find that you have a virus / bot problem.

The correct course of action is Dependant on what you find with the sniffer.

It is important to know what your most business critical data traffic is and prioritize that, this may require meetings with your management before or after using the sniffer. I've seen digital print houses do just fine with this sort of setup, and they were doing a lot of large downloads, but they didn't have anyone sitting there listening to radio or watching youtube all day. Currently you've got about (6MB / 60 ) == 100k per user of available bandwidth. The fact that you've used it all up indicates to me there is something else going on, I'd be most concerned about botnets or youtube or lots of downloads.

Also, I'd strongly suggest deploying something like cacti, or RRDtool on an old PC. Once configured they will give you historical information on your bandwidth usage. There are a lot of really good Open source tools available to help in exactly this sort of scenario, but you'll have to get your hands dirty.

Once you know your data needs, you can start to explore your connectivity options, T1, cable, DSL, etc.