2

Preface:

My company hawks a software suite for delivering live and on demand multimedia (video, slides, chat, etc.). We provide the server, client side authoring tool, and client browser players. Many of our our customers are huge corporate behemoths with one thing in common: Complicated Global Intranets. We regularly run into issues with proxies, gateways, TCP accelerators, reverse proxy caching servers, QoS protocals, firewalls and the occasional BOFH.

Our team is small, and so is our office infrastructure. Everyone is on OSX, there are a few testing Windows machines. Our network is composed of an OSX Server, AirPort Extreme, an HP 2510-G24 and a 100mbps cable Internet feed. Nothing even remotely as complex as our customers. If it breaks, we run to the store and buy a new one.

The discrepancy is costing us time, money and face. We can do better. I want to setup a development Intranet to mimic our customers' networks. With such a rig in place we could improve our understanding of the problems our customers experience, and provide them with solid advice.

Question:

How can I simulating a generic corporate Intranet. What kind of minimal setup could I implement on the cheap to reproduce our customers' networking environment?

Some background details:

  • Our Platform:
    • Our content players are Flex-based, the videos are encoded h264
    • We stream on demand content over HTTP, bandwidth regulated.
    • We stream live content via RTMP, with an undesired fallback to RTMPT (RTMP tunneled over HTTP)
    • The platform scales, the only bottleneck is the network
  • Technical issues we've bumped into:
    • No RTMP (port 1935) access allowed
    • Rate limiting of requests by proxies. (RTMPT will make several HTTP POST calls per second)
    • Previously undisclosed bandwidth caps
    • Virus scanners insisting on a complete download of all files before sending on to client
    • Highly restrictive bandwidth quotas between subnetworks in an Intranet (eg: campus-to-campus, city-to-city)
    • Ancient infrastructures (You want to stream HD? To BFE? Over a 12-year-old fixed line that nobody can even find the paperwork for? To an NT4 client box with no speakers? O RLY?)
    • Intentional bandwidth constriction after n-number of bytes (is that the right word?)
  • We'd like to experiment with:
    • Multicasting protocols/technologies
    • Multicasting between subnetworks in an Intranet
    • Proprietary p2p streaming technologies between subnetworks in an Intranet
    • Adaptive rate streaming
    • QoS protocol configuration

Such a system should allow us to:

  • Develop solid fall back mechanisms into our software
  • Develop a simple to use diagnostics tool (sales, managers)
  • Document proven proxy/firewall configuration snippets
  • Provide accurate error messages to end users in our client players
  • Maybe even a white paper or two

Initially I started out thinking a single Linux box running squid along with a decent low-end managed switch would be enough. But who am I kidding? I've never designed a network before.

Any ideas? Am I missing something? Specific equipement suggestions are encouraged.

(BTW: budget is limited. The pointy haired boss is tight with cash, but will submit if I can document a clear cost/benefit.)

Stu Thompson
  • 3,339
  • 6
  • 30
  • 47

1 Answers1

2

Sounds like a job for VMs (dun duhhhh....)

But seriously, a lot of network equipment (Firewalls, proxys, routers etc.) comes in both a "hardware" and "appliance" version. The appliance versions can be installed on virtual machine servers like VMWare. And with the flexibility of VMs the only harware you would have to allocate would be disk space for the images (When you're not using a particular setup just power it down and you get all your CPU/RAM/Etc. back.

VMWare provide a free (as in beer) version of their ESX hyper-visor, ESX is probably the most popular enterprise level hyper-visor, but most appliances will run on XEN, and some even on KVM.

This does have some downsides, primarily every appliance you want to use would need to be licensed (unless you reached a special agreement with the provider, your usage fell under what the "trial" offered or there is a free version that would limit your needs).

The alternative to that if you don't need an identical environment, is go crazy with FOSS. Set up 3 firewall VMs one behind the other (yeah, my school used three firewalls in chain, I have no idea why), stick it behind a proxy and block POST requests, enforce bandwidth limits etc. I would have thought if you don't need an identical environment there will be some software available to provide similar missfunctionality.

TL;DR

VIRTUALIZE ALL THE THINGS

Community
  • 1
Smudge
  • 24,039
  • 15
  • 57
  • 76
  • I'm mildly hostile towards the virtualized approach. Not because I have some esoteric or irrational issue with VMs, but because we will need to see multiple machines on the network, ad hoc, that are not directly under my control. I need everyone else in the company to hop onto the network, to include pointy haired boss and visiting customers. That will be easy with a DHCP server and wifi hotspot as on the network. The network will run 24/7. The closer it is to reality the easier it will be for everyone. – Stu Thompson Nov 29 '11 at 18:36
  • @StuThompson Your test clients should be real world (laptops/tablets/iFarts whatever), but if you really want to simulate your users environment, set up a second network configured akin to a corporate environment (Firewalls, proxys etc.). The easiest and cheapest way to do this is through virtualization. Your second network should route all traffic through the VM's as though they were physical boxes in a real datacenter. Using VMs you can, potentially, simulate an entire datacenter of networking equipment on a couple of high-RAM desktop machines – Smudge Nov 30 '11 at 09:20
  • @StuThompson *Desktop machines are OK if performance isn't that important. Most VM providers can't thin-provision memory (I.E. if you want 16 machines running with 1GB memory each you'll need 16GB in the host - you can use swap space instead, but don't) but you could, theoretically, run as many VMs as you wanted on a single CPU core. You can probably get a decent desktop for <$1000 that would let you run 20 or so VMs, providing you don't need them to be lightning fast – Smudge Nov 30 '11 at 09:23