100Mbit Internet

This post contains a little bit of bragging. My internet setup at work is pretty simple, we have two T1 lines (not counting our voip trunk or our DID lines but that’s sort of telephone) going into two different Cisco PIX firewalls and behind those an old Cisco 2600 to do basic routing. Network map One does NATing and port forwarding for our normal internet usage, as well as port forwarding from different IPs for our email and web servers. It’s important that the default route to the net not be the same as the email server as when people get viruses that spam everyone people will stop accepting email from your email server. The other provides vpn access to another office, which also only has a T1 Line. And while T1s are slow, it’s “enough” bandwidth for our business needs and the other office is in the middle of nowhere and can’t do much better. That being said, here in New York City we can do better. A lot better. A T1 usually offers about 1.5Mbit/second for data, I wont cover telephone applications which there are many. That’s fine for surfing the net, watching you tube videos, and email. It is slow for 25 people doing all those things, but more importantly it’s slow for downloading anything of any size. 1 megabyte for example (about a minute of audio, or one large photo – if you knew that I’m sorry to use the comparisons) takes about 6 seconds. 300 megabytes (for example the size of a decent video clip or a Microsoft or Apple security update) takes about half an hour. 700 megs (say the size of a ubuntu install cd – seriously guys no net install cd? I don’t want all your packages.) takes about an hour. t1 weekly You wont see it on this graph as it averages the speed over two hours, but we maxed out our bandwidth quite often. It’s mostly my fault, I download a lot. Our network graphs spike all the time and I can say “oh that was me” for most of them. I probably consume more bandwidth then everyone else here put together. It’s part of my job (and personality) and because I have to share the connection with 20 other people I can’t saturate it for long periods at a time (its rude). At home you probably have about 10Mbit download (700 megs in 10 minutes – but check for yourself) so what slows 20 people down for an hour here would only slow your family or roommate down for 10 minutes at home. Well last week our network graphs automatically adjusted to acomidate a new connection. fiberweekly Have a look at where it says “Maximum” that’s 28 times faster then the other graphs maximum. Technically it could read about 60Mbit a second, that’s the theoretical limit of our firewall. The Pix501 supports up to 60Mbits firewalled, while the Pix 506E does 100Mbit though its firewall it’s busy. What changed was our primary internet connection, we now have a 100Mbit fiber connection from a company called Cogent. They “lit” our building a few years ago but we didn’t have the need or $$ to change connections. It’s now super cheap (~$700 a month – a bargin compared to the ~$400 for a t1) and has proved to be quite relaible. In a few weeks we’re going to move to a Cisco ASA-5505 which will handel firewall, vpn and failover (incase we do loose connection to the internet) drop our remaining t1 line, and steal a few channels off one of the voice T1s for a backup data connection (slow but good enough to keep email flowing). All for less then what we were paying before.

Nice right? Let me put it in perspective. The 700 meg file I can now download in a minute and a half, and when we move to the new hardware it could take 56 seconds. Saving me 59 minutes compared to the origional connection. In actuality we’ll probably never hit full speed as most servers wont pump data at 100Mbit/s nor can you guarentee that you’ll get routed though the net that fast. There’s a noticable speed difference when I pull from california servers compared to new york servers compared to european servers.

My mind is blown. =)

DNS Changes

I’ve changed dsn servers today for roborooter and few other domains, let me know if you had a domain and it stopped working. Or if you can’t send me email, jabber requests or anything like that.


PS For the record DNS Made Easy is a good service I just don’t need it.