cancel
Showing results for 
Search instead for 
Did you mean: 

Reasonable Bandwidth Cap for NetConnect Users

SOLVED
mtessier_
Frequent Contributor

Reasonable Bandwidth Cap for NetConnect Users

I have an active / passive SA6500 cluster. At any given time we have between 30 and 350 users logged into the VPN. Roughly 50% of the users are logged into a core-services only Realm while the other 50% are logged into a Realm that auto-launches NetConnect.

My cluster has a full 100Mbps Internet connection. It actually sits behind a 300Mbps connection, but the switch in between only has 100Mbps ports. I do have the option of moving to gigabit switch ports which would let the SAs have more of the 3000Mbps, but I don't want to make that recommendation without some data to back up the need.

- Does anyone have any recommendations on how to determine an appropriate per session BW cap?

- Are there any best practices for a configuration with BW caps enabled?

- Are there any potential negative side effects of enabling a BW cap that I should be considering?

I'm interested in hearing what others have done and what has worked well.

1 ACCEPTED SOLUTION

Accepted Solutions
kenlars_
Super Contributor

Re: Reasonable Bandwidth Cap for NetConnect Users

Wow - this is really one of those YMMV (your mileage may vary) questions.

I support what I suspect to be the largest enterprise Network Connect configuration existing with 150K total users, of whom 25-30K are online at any given time. At our largest sites, we have 8 SAs sharing the load, which is typically 10K users at peak time. We have less than 1Gb for these 10K users, so that comes down to less than 100Kb per user. We do not come close to exhausting our bandwidth, typically running between 40-50% utilization at peaks.

Our users are a mix of people - customer service, sales, engineering, etc. - from all types of businesses. Our users mostly have full access into the corporate network, and do the same work using VPN as they do at their desks. Heavy-duty file transfer is slower than in the office, but you would be hard-pressed to see the difference in most applications.

So your numbers sound very generous to me.

You could look at the utilization of the external interface of your active device from the main admin screen or by using SNMP to get some sense of whether your 100Mb "bottleneck" is a real one or not. Unless you have a user community doing nothing but full-motion video streaming, I'd bet on "not".

Ken

View solution in original post

3 REPLIES 3
kenlars_
Super Contributor

Re: Reasonable Bandwidth Cap for NetConnect Users

Wow - this is really one of those YMMV (your mileage may vary) questions.

I support what I suspect to be the largest enterprise Network Connect configuration existing with 150K total users, of whom 25-30K are online at any given time. At our largest sites, we have 8 SAs sharing the load, which is typically 10K users at peak time. We have less than 1Gb for these 10K users, so that comes down to less than 100Kb per user. We do not come close to exhausting our bandwidth, typically running between 40-50% utilization at peaks.

Our users are a mix of people - customer service, sales, engineering, etc. - from all types of businesses. Our users mostly have full access into the corporate network, and do the same work using VPN as they do at their desks. Heavy-duty file transfer is slower than in the office, but you would be hard-pressed to see the difference in most applications.

So your numbers sound very generous to me.

You could look at the utilization of the external interface of your active device from the main admin screen or by using SNMP to get some sense of whether your 100Mb "bottleneck" is a real one or not. Unless you have a user community doing nothing but full-motion video streaming, I'd bet on "not".

Ken

View solution in original post

zanyterp_
Respected Contributor

Re: Reasonable Bandwidth Cap for NetConnect Users

+1 to what Ken said.

It really depends on your usage and environment; I have not seen this in production with many customers (I can think of only 1 or 2 in the several years since this was introduced) so I can't provide feedback from that perspective.

mtessier_
Frequent Contributor

Re: Reasonable Bandwidth Cap for NetConnect Users

Thanks, Ken. I appreciate the information. It has been very helpful.