Eliminate Network Congestion by Limiting User Activities

Updated: August 20, 2012

Issue
 

Few front-line workers have any idea what causes network slowdowns, but the results are clear: plummeting productivity, irritated customers and lower morale.

Sometimes, the problem is spawned by workers. Someone may have found a hilarious video on the Internet and just has to share it with everyone (except the boss) on his or her departmental mailing list. There may be a critical football game on ESPN.com, and a couple dozen employees are downloading the streaming video. Obviously, you don't want this sort of activity on your network at all.

What are the best strategies for keeping your network running smoothly? Below are some ideas you should consider.

 

Analysis

One way to manage internal traffic nuisances, such as an employee's mammoth email attachment, is to lower the priority that such activity has on the network. The attachment will get through eventually, but it will have to wait until there isn't more time-sensitive traffic on the network. The football video can be eliminated by blocking access to the originating site. Better still, block all incoming streaming video.

Then you have perfectly legitimate network traffic, such as print jobs, that bog down the network and mission-critical applications. Here the problem is one of prioritizing traffic by type, giving precedence to applications such as those used by customer-service and sales personnel. The print job can wait a few seconds.

These are all examples of traffic management, the fine art of minimizing network congestion. Traffic management is critical in a world of finite bandwidth and infinite data. It can save money by avoiding bandwidth and infrastructure upgrades. More importantly, traffic management keeps business flowing smoothly.

Traffic management is partially accomplished by splitting a bandwidth pipeline into multiple channels and assigning different classes of data traffic to each channel. For example, one channel might be designated for high-priority inbound traffic from business partners. Another channel might carry internal email and other lower-priority traffic.

RSVP (Resource Reservation Protocol) and IP Precedence are two techniques used to prioritize classes of data. RSVP allows a data sender to reserve bandwidth on routers along the way to the recipient. However, bottlenecks can still occur if high-priority traffic arrives after low-priority traffic and the low-priority traffic has reserved the router. IP Precedence is a more flexible approach that overcomes this limitation of RSVP. Each packet is assigned a priority, and network devices shuffle incoming packets into different buffers and send out high-priority packets first.

Preventing certain traffic flows entirely is another aspect of traffic management. Most often, it focuses on blocking access to certain types of external Web sites. In some studies of network traffic, as much as 70 percent of a company's Internet bandwidth was consumed by nonwork activities.

The Ascensit BM-100 network-management appliance is one example of a traffic manager. Designed for midsize to large organizations, the BM-100 helps a network manager analyze, control and manage bandwidth by applications or user groups.

The NetEnforcer system, by Allot Communications, lets you link your business policies to specific network actions that improve and control users' productivity and satisfaction. It allows you to monitor network- and bandwidth-usage patterns so that you know where bottlenecks occur. Then, it lets you quickly define QoS (quality of service) policies that link business priorities to computing resources. For each application, you can assign minimum and maximum percentages of bandwidth and prioritize traffic on a scale from 1 to 10. For additional policy definition, you can use the Policy Editor to define policies based on addresses, protocols, vLAN tags, type of service or time of day. For example, you can limit music downloads to 10 percent of your WAN link capacity.

For simple access control, there is PortsLock, an appliance that allows system administrators to specify network-policy rules based on user and group membership. With PortsLock, you can block access to network resources (Web sites, network services, LAN resources and so on) for a particular user or user group. You can control access to network resources depending on the time of day and the day of the week. You can audit network activity for a particular user or user group. Finally, you can monitor applications' network activities and discover malicious programs (viruses, Trojan horses and so forth) in real time.

Internet Administrator is a shareware software package that focuses on one of the biggest wastes of bandwidth: unauthorized Internet use, like the previous football video example. The program monitors the Internet activity of each user in detail and keeps a log. Incoming traffic limits can be set on each user by day and month; for example, 10MB per day or 100MB per month. The access-control function defines what Web sites a user may access. A database of sites such as sports and gambling destinations is included so that entire categories of sites can be banned.

 

The Bottom Line


These are just a few examples of traffic-management solutions. There are literally dozens of them on the market, a testament to how critical controlling network traffic has become.