Information and Communication Technology Seminar, Vol. 1 No. 1, August 2005
ISSN 1858-1633 2005 ICTS 38
Our network is fully managed by Informatics Department with a help from Computer Network
Laboratory assistant. Recently we run two PC routers with Linux Operating Systems one with Fedora and
one with Trustix to connect users in network so they are able to connect to Internet with Network Address
Translation NAT technology. By mid end 2005, we plan to use Cisco Router to replace the PC routers
which is equipped with network QoS.
We also run a web server with mobile-phone Proliant server with dual Xeon Processor, and in mid
2005 we will run a mail server also using mobile- phone Proliant to provide email system in our faculty
by our self.
The Faculty of Industrial Technology has two buildings, to connect both; we provide a fiber optic
backbone. Since March 2005, the Faculty of Industrial
Technology implementing WiFi, hence devices equipped with 802.11 devices compliant can connect
to Internet. To provide wireless access, we use Linksys WRT54G and WAP54G Access Points.
2.1 The Case
The Faculty of Industrial Technology Network is divided into two main subnets. The first is the north
area the new building and the second is the south area the old building. Both servers are running Linux
to serve as gateway to connect them to the Internet.
Our gateways are installed with Squid to serve as proxy server, which is responsible in caching and
distributing Internet connection. To serve the network well, we also run a firewall in our Linux system, so
inappropriate access of network can be avoided.
Figure 1. Faculty of Industrial Technology Network Infrastructure Design
Our networks serve about a hundred computers that connect using cables, and more than fifty wireless
devices in everyday of working hours that are connected to Internet. If we count this amount of
devices, we will have not less than 150 computers. If we just divide the 256 kbps with 150 computers then
each computer will have a connection only in 1.7 kbps, which means that each can download a file in
size 100 kilo byte in 470 seconds. Of course, that is not what we expected. So, we need to manage well so
that everyone can have its connection fine, although of course we cannot serve in a maximum speed.
3. BANDWIDTH MANAGEMENT CONCEPTS
Bandwidth management is neither a technique nor tool. Successful provision of managed network
bandwidth within an organization is likely to involve the application of many tools encompassing a number
of different techniques. The techniques and tools an institution uses will depend on a number of factors [2]:
• ratio of available bandwidth to existingfuture demand;
• need to prioritize some traffic typesusers over others;
• resources available to implement bandwidth management strategies;
• Organizational experience with products and systems.
Before an institution can decide how to solve the problem of reducing bandwidth demands, it is
important to be aware of how bandwidth is being consumed at the moment. There are a number of
options for doing this. Firstly some of the bandwidth management products have a monitoring as well as
proactive mode.
Simple Network Management Protocol SNMP based network management solutions give an overall
indication of bandwidth ‘hotspots’ on the network that can be further investigated. Here, we use CACTI that
connected to our SNMP to manage, monitor, and learn the network behavior in Faculty of Industrial
Technology. And also, we learn from log file that produced by our Proxy Server.
4. BANDWIDTH MANAGEMENT IMPLEMENTATION
4.1 Caching
Web caching [3] is the storage of recently accessed pages locally, and delivery of subsequent requests for
pages from the local cache rather than the original web site. Caching resources allows a single copy of a
resource to be downloaded over an external network connection and then served out to multiple users
locally. Caching not only reduces the amount of bandwidth used on the external network connection
but can also sometimes provide increased performance for the local users. The prime objective of caching is
to improve user response time, but it also reduces the load on the long-distance links. Caching is widely
Managing Internet Bandwidth: Experience in Faculty of Industrial Technology, Islamic University of Indonesia – Mukhammad Andri Setiawan
ISSN 1858-1633 2005 ICTS 39
used on the Web, and can provide bandwidth savings of up to 40 [1].
After the initial download of the resource the users do not have to compete for bandwidth on what is
likely to be a slow and congested external network path. Instead, users will get a copy of the resource
delivered rapidly to them from a local cache server over what will normally be a much faster and less
heavily loaded internal institutional network connection.
A hierarchy of caches may be used to increase the effective cache size and thus improve the hit rate.
Push caching attempts to place content in a cache before it is requested, either by looking at other
caches, or by predicting usage. Some of these techniques are discussed by Dias 1996 in his
research paper in title “A Smart Internet Caching System” as described in [1].
In Faculty of Industrial Technology, Islamic University of Indonesia, we do serve the Internet
access by using the Squid proxy server. Squid proxy server is used to cache web pages that have been
accessed recently. Squid is implemented as a transparent proxy at the central cache server,
therefore, users are automatically served by the proxy for all web access without any browser configuration.
4.2 Access List
Faculty of Industrial Technology is an academic institution. We realize that, most of Internet access
should be addressed into academic needs, and should not intended to fulfill needs on leisure such as
networking games, peer to peer program such as napster, e donkey, grokster, or bit torrent, and adults
sites, and ads. Here, we define access lists that will control user, which site they can visit and which one is
not.
We also combine access list and firewall in PC router to disable some common port that is used to run
some spyware program. Figure 2 show access list that is implemented in our server.
acl notsex url_regex -i etcsquidnotsex acl sex url_regex -i etcsquidsex
acl utara src 192.168.100.024 acl ftinetwork dst 202.150.76.20029
http_access always_direct allow ftinetwork
http_access allow notsex all http_access deny sex all
http_access allow utara
Figure 2. Access list configuration file
As a result, users who try to access site that is prohibited in our access list will get an error message.
4.3 Quality of Service QoS