Information and Communication Technology Seminar, Vol. 1 No. 1, August 2005 ISSN 1858-1633 2005 ICTS 38 Our network is fully managed by Informatics Department with a help from Computer Network Laboratory assistant. Recently we run two PC routers with Linux Operating Systems one with Fedora and one with Trustix to connect users in network so they are able to connect to Internet with Network Address Translation NAT technology. By mid end 2005, we plan to use Cisco Router to replace the PC routers which is equipped with network QoS. We also run a web server with mobile-phone Proliant server with dual Xeon Processor, and in mid 2005 we will run a mail server also using mobile- phone Proliant to provide email system in our faculty by our self. The Faculty of Industrial Technology has two buildings, to connect both; we provide a fiber optic backbone. Since March 2005, the Faculty of Industrial Technology implementing WiFi, hence devices equipped with 802.11 devices compliant can connect to Internet. To provide wireless access, we use Linksys WRT54G and WAP54G Access Points.

2.1 The Case

The Faculty of Industrial Technology Network is divided into two main subnets. The first is the north area the new building and the second is the south area the old building. Both servers are running Linux to serve as gateway to connect them to the Internet. Our gateways are installed with Squid to serve as proxy server, which is responsible in caching and distributing Internet connection. To serve the network well, we also run a firewall in our Linux system, so inappropriate access of network can be avoided. Figure 1. Faculty of Industrial Technology Network Infrastructure Design Our networks serve about a hundred computers that connect using cables, and more than fifty wireless devices in everyday of working hours that are connected to Internet. If we count this amount of devices, we will have not less than 150 computers. If we just divide the 256 kbps with 150 computers then each computer will have a connection only in 1.7 kbps, which means that each can download a file in size 100 kilo byte in 470 seconds. Of course, that is not what we expected. So, we need to manage well so that everyone can have its connection fine, although of course we cannot serve in a maximum speed.

3. BANDWIDTH MANAGEMENT CONCEPTS

Bandwidth management is neither a technique nor tool. Successful provision of managed network bandwidth within an organization is likely to involve the application of many tools encompassing a number of different techniques. The techniques and tools an institution uses will depend on a number of factors [2]: • ratio of available bandwidth to existingfuture demand; • need to prioritize some traffic typesusers over others; • resources available to implement bandwidth management strategies; • Organizational experience with products and systems. Before an institution can decide how to solve the problem of reducing bandwidth demands, it is important to be aware of how bandwidth is being consumed at the moment. There are a number of options for doing this. Firstly some of the bandwidth management products have a monitoring as well as proactive mode. Simple Network Management Protocol SNMP based network management solutions give an overall indication of bandwidth ‘hotspots’ on the network that can be further investigated. Here, we use CACTI that connected to our SNMP to manage, monitor, and learn the network behavior in Faculty of Industrial Technology. And also, we learn from log file that produced by our Proxy Server.

4. BANDWIDTH MANAGEMENT IMPLEMENTATION

4.1 Caching

Web caching [3] is the storage of recently accessed pages locally, and delivery of subsequent requests for pages from the local cache rather than the original web site. Caching resources allows a single copy of a resource to be downloaded over an external network connection and then served out to multiple users locally. Caching not only reduces the amount of bandwidth used on the external network connection but can also sometimes provide increased performance for the local users. The prime objective of caching is to improve user response time, but it also reduces the load on the long-distance links. Caching is widely Managing Internet Bandwidth: Experience in Faculty of Industrial Technology, Islamic University of Indonesia – Mukhammad Andri Setiawan ISSN 1858-1633 2005 ICTS 39 used on the Web, and can provide bandwidth savings of up to 40 [1]. After the initial download of the resource the users do not have to compete for bandwidth on what is likely to be a slow and congested external network path. Instead, users will get a copy of the resource delivered rapidly to them from a local cache server over what will normally be a much faster and less heavily loaded internal institutional network connection. A hierarchy of caches may be used to increase the effective cache size and thus improve the hit rate. Push caching attempts to place content in a cache before it is requested, either by looking at other caches, or by predicting usage. Some of these techniques are discussed by Dias 1996 in his research paper in title “A Smart Internet Caching System” as described in [1]. In Faculty of Industrial Technology, Islamic University of Indonesia, we do serve the Internet access by using the Squid proxy server. Squid proxy server is used to cache web pages that have been accessed recently. Squid is implemented as a transparent proxy at the central cache server, therefore, users are automatically served by the proxy for all web access without any browser configuration.

4.2 Access List

Faculty of Industrial Technology is an academic institution. We realize that, most of Internet access should be addressed into academic needs, and should not intended to fulfill needs on leisure such as networking games, peer to peer program such as napster, e donkey, grokster, or bit torrent, and adults sites, and ads. Here, we define access lists that will control user, which site they can visit and which one is not. We also combine access list and firewall in PC router to disable some common port that is used to run some spyware program. Figure 2 show access list that is implemented in our server. acl notsex url_regex -i etcsquidnotsex acl sex url_regex -i etcsquidsex acl utara src 192.168.100.024 acl ftinetwork dst 202.150.76.20029 http_access always_direct allow ftinetwork http_access allow notsex all http_access deny sex all http_access allow utara Figure 2. Access list configuration file As a result, users who try to access site that is prohibited in our access list will get an error message.

4.3 Quality of Service QoS