Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Microsoft Operating Systems Software Upgrades Windows

Microsoft Windows Update and Network Bandwidth? 144

Posted by Cliff from the bandwidth-hogs dept.
Brett Glass asks: "As we reviewed the cache statistics for our small ISP today, we noted that the traffic generated by Microsoft's Windows Update feature constituted 45% -- no, that's not a misprint -- of our total throughput. Because so many computers on the Internet run Windows, this massive resource drain occurs whenever Microsoft announces major security holes (as it did this week). The traffic could be greatly reduced, and service to users much improved, if the updates were cacheable at the ISP. But Microsoft has set up the service in such a way that the data can't be cached. (It's digitally signed, so inserting Trojans into the cache is virtually impossible; in any event, no more of an issue than intercepting the data stream.) Are others out there seeing the same pattern? How might Microsoft be convinced to make its updates cacheable, so as not to waste unthinkable amounts of bandwidth?"
This discussion has been archived. No new comments can be posted.

Microsoft Windows Update and Network Bandwidth? More

Microsoft Windows Update and Network Bandwidth?

Comments Filter:

  • MS wants you to host one internally (Score:3, Funny)

    by dgallina ( 665193 ) on Tuesday April 15, 2003 @11:16PM (#5741489)
    No no! You're supposed to buy and install and manage an internal (corporate, academic, whatever) Windows Update server and manage your internal clients yourself.... :-)

    • Valid (Score:4, Interesting)

      by Oculus Habent ( 562837 ) <oculus.habent@gm ... Nom minus author> on Tuesday April 15, 2003 @11:55PM (#5741698) Journal
      Wouldn't it be nice if you could set up a caching proxy to establish a verification process with the items being cached from that server - that way the server could perform checksum verification on the file and approve the copy for distribution.

      It seems that it could be an easy implementation. The proxy requests the file verification in, an XML-RPC request is returned from the server to perform the checksum, the resulting data is sent via SOAP, and approval is given or denied, causing the cache to be used or flushed.

      I don't know enough about it to say how difficult it would be to have the proxy determine if the service is available, though. It needs an acronym if it's going anywhere. How about Verify Cache Request (VCR)?

      • Re:Valid (Score:3, Interesting)

        by oh ( 68589 )
        how about HTTP? I don't done have (read "can't be bothered") a copy of the RFC but I'm almost sure there are headers defined to request the MD5 checksum of a file.

        Why invent a new protocol if you already have one with the required functionality.

      • Re:Valid (Score:5, Insightful)

        by mbogosian ( 537034 ) <matt@arenaun[ ]ited.com ['lim' in gap]> on Wednesday April 16, 2003 @01:50AM (#5742073) Homepage
        Wouldn't it be nice if you could set up a caching proxy to establish a verification process with the items being cached from that server - that way the server could perform checksum verification on the file and approve the copy for distribution.

        It seems that it could be an easy implementation. The proxy requests the file verification in, an XML-RPC request is returned from the server to perform the checksum, the resulting data is sent via SOAP, and approval is given or denied, causing the cache to be used or flushed.

        Ahh, but then that would involve Reverse Engineering, which, as we know [slashdot.org] is now illegal.

        Not to mention that this is approaching a P2P network, which as we know [slashdot.org] can only be used for piracy.

        Sorry, we're all just going to have to live with this new "innovation" in bandwidth utilization.
      • How about Verify Cache Request (VCR)?

        Should work just fine. The product currently using "VCR" has been declared obsolete anyways.

    • buy?? Windows Update Services is free, mate. Install it on your server, set the clients up via GPO, and off it goes, saves bandwidth and admin time by the bucketload.
    • Actually, it does exist and it is called SUS. It is free (if you already own a win2k server license).

      Let me just say, SUS sucks ass.

      Microsoft's systems of GPO's makes it pretty useless -- you need to set GPO's for hosts to use your SUS servers, so if your domain has any divergence from the stock GPO's there is a good chance it isn't going to work and it will be impossible to debug in less than a month.

      I believe there was a giant thread about it on focus-ms.
    • No no! You're supposed to buy and install and manage an internal (corporate, academic, whatever) Windows Update server and manage your internal clients yourself.... :-)

      Hey now... whose side are you on?? You're supposed to suggest to him "Why don't you ditch MS and install Linux on all your PC's - it is ready for the corporate desktop afterall."

      ;-)

  • can't be cached? (Score:5, Informative)

    by greck ( 79578 ) on Tuesday April 15, 2003 @11:17PM (#5741498) Homepage
    I can only speak from what I've seen in our offices, but squid (running in transparent proxy mode) very definitely caches content from Windows Update... I set it up about six month ago and remeber being really surprised (because I think I very reasonably expected it not to).

    • Re:can't be cached? (Score:5, Informative)

      by Blkdeath ( 530393 ) on Tuesday April 15, 2003 @11:21PM (#5741517) Homepage
      I can only speak from what I've seen in our offices, but squid (running in transparent proxy mode) very definitely caches content from Windows Update... I set it up about six month ago and remeber being really surprised (because I think I very reasonably expected it not to).

      Our store Squid server caches the likes of IE 6.1, Media Player and DirectX, but the vast majority of the Critical/Security updates are not cached. Our connection is quick enough to handle it, but a PITA nonetheless due to the dozens of machines requiring updates every week.

      • Re:can't be cached? (Score:2, Informative)

        by greck ( 79578 )
        It cached SP3 when we installed it--that must have contained some security roll-ups. I wonder what the rhyme is to what sticks in the cache and what doesn't...

      • Re:can't be cached? (Score:1, Informative)

        by freakkster ( 211106 )
        I seem to remember trying this once:
        use a redirector in squid and point customers to the local version on your website a la http://www.squid-cache.org/Doc/FAQ/FAQ-15.html [squid-cache.org] Seems basic to me

      • Re:can't be cached? (Score:5, Interesting)

        by PerryMason ( 535019 ) on Wednesday April 16, 2003 @06:56AM (#5742736)
        My experience is that if you download a single update, such as the Media Player, IE, service packs etc, which can only be downloaded individually, then squid will cache it. If you select a few updates, such as grouping your critical updates, it wont do it.

        Looking at my squid logs, it appeared that there was a problem with WindowsUpdate issuing a 0 byte sized reply to the GET request (must be somthing to do with the activex control I guess, but never really bothered to look further into it). Squid seemed to choke on the 0 byte reply and obviously didnt cache the rest of the download.

        Interestingly enough, MS's caching offering ISA appears to deal with it, but I suppose that they specifally coded it with a knowledge of how their activex control works and hence it knows whats following that 0 byte reply.

        Disclaimer - I checked this all out when the new WindowsUpdate first came out and havent been arsed to look at it since then. I ended up just setting up a shitty old box as a SUS server and going that route. (The only benefit to being an MSDN partner being $0 cost for licensing as I justify it as being for testing purposes ;)

    • Re:can't be cached? (Score:5, Informative)

      by bobibleyboo ( 13303 ) on Wednesday April 16, 2003 @01:40AM (#5742035)
      I can also vouch for this I had a Linux Mandrake SNF Server running a transparent squid server (with a little tweaking to the max file size and the average file size) I was able to cut out about 90% of the windows update traffic at the site (The site had about 200 users) none of the transactions where cached but when it came to downloading the updates and service packs it works wonderfully.

    • Re:can't be cached? (Score:3, Interesting)

      by Brett Glass ( 98525 )
      Squid can't cache the updates. We've tested this. The URLs for the transfers (files come in as small GETs about 1 KB in size) aren't set up to allow caching.

      • Re:can't be cached? (Score:4, Informative)

        by lifeless ( 322541 ) <rbtcollins@hotmail. c o m> on Wednesday April 16, 2003 @02:45AM (#5742209) Homepage
        Well, the sites I run happily cache all the udpates available via windows update. The only thing that doesn't cache is the https:// transfers (which I understand to be the catalog of available fixes).

        You might want to analyze exactly what is occuring in your site(s).

        Cheers,
        Rob
        (Squid core developer)
        • I wonder if MS is setting the proxy:nocache header in the HTTP reply, or if their client is always doing a reload rather than an if-modified-since.

          Perhaps allowing Squid to be configured to ignore proxy:nocache and to convert reload into IMS based on an ACL would allow a site admin to tweak around this without breaking other sites>
          • Certainly. It should be straight forward to convert reload into ims into an access-control driven directive (say reload_into_ims_access allow|deny acl ..).

            Still, I've not seen a windows update client set no-cache on their requests to date....

            What comes to mind though, is that windows update clients (both the web interface, and automatic updates) use the MS http support libraries, that are configured via the internet options control panel. And in there, the 'check every time' option results in no-cache bei

  • How big are these things? (Score:3, Interesting)

    by questamor ( 653018 ) on Tuesday April 15, 2003 @11:18PM (#5741508)
    Not being a windows user, how big are the windows updates and how often do they come?

    Apple's own software updates are pretty big, although with a much smaller percentage of machines as macs they're not going to cause the same volume of problems. The last few I've seen have been around 40MB, with one topping out at 80, and most security updates (every 2 months perhaps) being 5-15MB
    • Recently, I've been seeing about one new patch per week on Windows update, though usually they aren't nearly as frequent. In most cases, the patches are relatively small (just a few megs), although some (such as the .NET runtime) can be upwards of 20 megs.
    • The good news about Apple's updates are that they can be downloaded from the web and stored on the local network, or you can direct Software Update to download the update to your desktop.

      This makes it easy to share with others who might not have the bandwidth to download these freakin' things.

      • Re:How big are these things? (Score:2, Informative)

        by eht ( 8912 )
        so can the ones on windows update

        either you can build your own windows update server or at the very least download the individual updates and store them just as files

        and you can even build them into an iso image, my win2k cd has sp3 built into it so whenever I build a new machine it's already there, and you can do that with most of the updates
        • Well, I'm a little confused.

          I mean, I can see that an ISP couldn't really make any headway by hosting the file on web site or something, but there are several replies here from network managers complaining about bandwidth.

          Why don't they host it for their users and save the bandwidth?

          Am I missing something?
          • Probably because they're not doing internal testing of the updates, and the admin is too overworked to keep on top of the updates to download them to a central server. Best practices though, dictate that the admin download needed updates, test them on lab machines, and automatically rollout to clients. The rolling out to clients is the difficult part. Most updates can be installed unattended via CLI, but some can't. Of course, with a little effort (and something like AutoIt [hiddensoft.com]), all of them can be made unatten
          • Along with the big other reply the whole point is that just downloading and saving a local copy isn't going to help an ISP with users who want to use the simple Windows Update system. Transparent caching is what everyone wants. Having to direct users to updates, keep those updates up to date, and deal with users complaints/suggestions/whatever about the updates is just too much work to justify when the adoption rate will be very small (IMHO) as users continue to just start Windows Update.

    • Re:How big are these things? (Score:4, Informative)

      by tedDancin ( 579948 ) on Tuesday April 15, 2003 @11:43PM (#5741639)
      Not being a windows user, how big are the windows updates and how often do they come?

      Since Microsoft release patches via Windows Update so frequently, they are usually fairly small. 1MB-5MB downloads are frequent, with the occasional 10MB+ one every now and then. There are updates practically every few days, so having a Windows Update Server running will negate the expense of everyone having to download redundant files.

      Some help about storing Windows Update files for later can be found here [microsoft.com].

    • Individual patches are usually well under 5MB. When MS rolls all those little IE updates up into a service pack, they're usually around 10MB. Media Player updates weigh in around that size, too. Above that, you're looking at things like major DirectX revs and the .NET Framework. And I weep for those who try to download an OS service pack over a dial-up.

      • It's doable, but painful. The good thing is though, with XP SP1, I had stayed on top of the hotfixes/patches/addons and the actual SP1 download was around 20MB, about the same as the .Net Framework. Just dial up before bed and hang up in the morning.

  • Standard anti-MS rant (Score:4, Funny)

    by Bistronaut ( 267467 ) on Tuesday April 15, 2003 @11:23PM (#5741527) Homepage Journal
    I visited the site linked to in the post, and it came up with a message about how it doesn't work with my browser/OS (Mozilla/Linux). Boy, that just boils my blood! Oh, wait.

  • this nothing (Score:3, Funny)

    by jsse ( 254124 ) on Tuesday April 15, 2003 @11:27PM (#5741542) Homepage Journal
    compare to 95% usage last time Code Red visit. :)

    The rest 5% is Netbios traffic.

  • there is the way that large corperations do it (Score:4, Informative)

    by rritterson ( 588983 ) on Tuesday April 15, 2003 @11:36PM (#5741594)
    Here at Berkeley all of the Windowsupdates come from an internal server instead of externally. That way they control who gets the updates and when.

    You can download the updates individually, and there is probably a way to have them downloaded to the server automatically. All you have to do is convince the users to download them from you and install them manually. Can you block traffic from the autoupdate applet? I bet that would significantly reduce traffic, at the cost of insecure customers.

    What about running an internal WU server and changing the DNS entry at the local level to a local server? You'd have to keep the catalog of updates stocked and refreshed constantly, for multiple OS's, so I don't know how cost effective it might be.
    • It's possible to set this up within an institution, but not at an ISP. You'll have hundreds of users, each running a slightly different version and configuration of Windows. And you, yourself, aren't the administrator of those machines nor do you have an institutional license for Windows. (If you're a smart ISP, you're not running Windows on many machines, if at all.)
    • This is done with windows and some such server. It will only push out updates to registered members of the domain (which ISP customers are not) and requires a huge network to even justify the expense.

      • This is done with windows and some such server. It will only push out updates to registered members of the domain (which ISP customers are not) and requires a huge network to even justify the expense.

        Yeah, except the fact that SUS is a free download [microsoft.com]. Maybe you're talking about Systems Management Server [microsoft.com] which does cost a bit, but does a lot more than just security updates.

        • The problem is that you cant run SUS on any kind of AD master server. The server has to effectively be nothing more than a member server and not take part in any kind of AD master rolls.

          This means that for smallish organisations, you need your AD master, a backup master (at least 1) for redundancy and then your additional SUS server, which means minimum 3 server licenses, plus all your cals. It also means you have to run IIS (http and ftp) which noone in their right minds wants to run. I havent been able t
          • That's no longer true. See this page [microsoft.com], third question.

            Q. Can I run SUS on an Active Directory domain controller?

            A. Yes, SUS 1.0 SP1 allows for this.

            • I stand corrected.

              As I said though, there wasnt any valid reason that it couldn't be run on an AD DC. I imagine that enough people complained and MS was forced to remove whatever restrictions were in place, rather than added the functionality. (But then I'm always quick to abuse MS. I have had to support their crap software across 20 odd client sites, hundreds of servers and destops in their thousands over the past 8 years, so I reserve this right. :) As of the 31st of February though, I quit my job and i'
      • Um, it's actually a free download. You just need the hardware (which doesn't have to be that great for what it's doing. I think mine is running on a P2@333 w/ a 20GB drive for the downloads)

        I run it at home for my network (1 Email/Web/DNS, 1 DNS secondary, 2 AD, 1 SQL, 2 XP pro workstations for devel), just so I don't have to abuse my DSL too much. Instead of each machine hitting WU, only the SUS Server does. Each machine gets the update off the SUS server.

        I do think that MS should wise up and m

  • Several options available (Score:5, Informative)

    by questionlp ( 58365 ) on Tuesday April 15, 2003 @11:39PM (#5741612) Homepage
    There are a couple of options that you can choose to help reduce the amount of bandwidth used to pull down and install Windows Updates. The first one, which is available for free and runs on Windows 2000 Server, is Microsoft's Software Update Services [microsoft.com] which allows you to create a local store of the updates (for any language and all supported platforms) and point the client Windows Update to the internal server. It's not perfect but it works in a lot of cases.

    Another option is to use a systems management package (LANDesk, ZENworks, SMS, etc.) to build the packages and deploy them while only using your internal network bandwidth (once you've downloaded the hotfixes anyway).

    Of course, the two options above are really meant for company networks, but even those can help reduce the bandwidth used for more important things.

  • Out of my experience (Score:5, Informative)

    by jsse ( 254124 ) on Tuesday April 15, 2003 @11:41PM (#5741626) Homepage Journal
    Yes you can't cache it. That save Microsoft a lot of trouble and the trouble is on you. :)

    First step is to download the patches/update manually and save them elsewhere accessable to all users:

    Second, we found that users would rather use windowsupdate.microsoft.com then to go to our patches/update repository, that make sense. You could forbid your users from accessing windowsupdate.microsoft.com, but it might have a problem, as some update might actually request windowsupdate.microsoft.com during installation.

    Therefore, we limit the priority of traffic in/out of windowsupdate.microsoft.com. Eventually we lower the prior of entire microsoft.com because that's really necessary. Users could access to windowsupdate.microsoft.com on their own as usual - if they don't mind holding up their machines for a couple of days. :)

    This works great. Larger and bigger patches are stored locally for users, while they could still access to windowsupdate for smaller patches/fixes. Our bandwidth load lessen(to a certain degree, we still can't solve that 5-15% Netbios traffic jam :)

    Hope this help.

    • Re:Out of my experience (Score:2, Redundant)

      by Masa ( 74401 )
      Better link, IMHO, is this: Windows Downloads [microsoft.com]. The link provides correct up-to-date links to different download areas.
      • Windows Downloads requires you to know what you're looking for. Windows Update automatically checks the machine and grabs all updates that haven't been applied yet. Needless to say, 99% of all users use Windows Update.
    • Your solution sounds ideal but I am wondering that if users download the files manually, wouldn't it be possible to just run squid at least between them and *.microsoft.com and have it handle the file caching (remember, we are now doing standard HTTP GETs, not any Windows Update oddness)? That would eliminate the need to have someone keep the updates archive current on the ISP side.

      I particularly like the idaa of limiting the priority of traffic for windowsupdate.microsoft.com as it still lets the user run
      • We tried squid, but it wasn't working quite like the way we wanted it to be. Say user1 just downloaded 105M patch, and we supposed user2 would have that very same patch on the fly, it wasn't. My guess is that each users might download the same file(or fragment of files) from different locations. There might be some load balancing mechanism in out way, we aren't sure.

        Or may be, regardless of all the effort, we aren't very good at tuning squid. We'd be much appreciate if experts out there could give us some

  • Hope they don't notice . . . (Score:3, Funny)

    by Anonymous Coward on Tuesday April 15, 2003 @11:48PM (#5741665)
    that the other 55% was used for Slashdot.

    ~~~

  • The other 55% (Score:5, Funny)

    by Electrum ( 94638 ) <david@acz.org> on Tuesday April 15, 2003 @11:54PM (#5741695) Homepage
    Let me guess... the other 55% is porn?

  • You could... (Score:3, Informative)

    by maunleon ( 172815 ) on Tuesday April 15, 2003 @11:57PM (#5741709)
    ...download the updates yourself and either push them to the users through something like SMS, or have a program check the registry in the login script. It is fairly simple.

    If it's a big problem, just block off windowsupdate and redirect them to your own page. You could implement a simple scan using something like HFNetChk [microsoft.com]. It's command line and works well.

    Hey, look at it this way.. at least your users are updating! That puts them above 90% of the users out there.

  • You _have_ heard of Microsoft before, right?

    The only way to convince Microsoft of anything would be to _buy_ Microsoft.
  • As MS's server logs flood with people using Mozilla on Linux try to slashdot windowsupdate :)

  • Software Update Services (Score:5, Informative)

    by superyooser ( 100462 ) on Wednesday April 16, 2003 @12:17AM (#5741773) Homepage Journal
    Microsoft used to have a corporate Windows Update site where you could download all the patches as executable files. That site was retired last year in favor of something called Software Update Services [microsoft.com]. It requires running a SUS server and appears to distribute the updates only to systems running Windows 2000 or later.

    In the meantime, you should be aware that all the major service packs [microsoft.com] for Microsoft products can be downloaded as stand-alone executables. Also, the IE download page [microsoft.com] includes some critical updates. Make your own "cache" on the network, and let everybody get their updates from there.

  • The other 55%? (Score:3, Funny)

    by Omega Hacker ( 6676 ) <omega@omega[ ]net ['cs.' in gap]> on Wednesday April 16, 2003 @12:26AM (#5741803)

    So dare I ask what the other 55% is? Here's my guess:

    • 1% Instant messaging
    • 1% Real email
    • 3% SPAM
    • 5% Web browsing
    • 45% Windows vunlerability probes and active attacks

    No, don't check. You don't want to know.

    • Actually, porn is down at 1-2%. Banner advertising (especially Netscape, Yahoo, Doubleclick, eBay, and AOL) would be next after Windows Update if it weren't cacheable, but since the cache handles most of it we only waste about 10% on it.

  • Microsoft offers Software Update Services (Score:3, Insightful)

    by cookd ( 72933 ) <.moc.onuj. .ta. .koocsalguod.> on Wednesday April 16, 2003 @12:42AM (#5741865) Journal
    You can't transparently cache, but you can set up an SUS server and point your clients at it. Software Update Services FAQ [microsoft.com]. I don't think it costs anything (beyond the cost of a Windows 2000 Server or Windows 2003 Server), and I don't see anywhere that it says you can only use it in a business... Wouldn't that work?
    • You can't transparently cache, but you can set up an SUS server and point your clients at it. Software Update Services FAQ [microsoft.com]. I don't think it costs anything (beyond the cost of a Windows 2000 Server or Windows 2003 Server), and I don't see anywhere that it says you can only use it in a business... Wouldn't that work?

      No, this is Microsoft. They want your MONEY, so it isn't that simple. The main reason is it doesn't work with XP Home, only XP Professional. [Note: This is according the the
  • > How might Microsoft be convinced to make its updates
    > cacheable, so as not to waste unthinkable amounts of bandwidth?"

    Well, you could try threatening them with legal action - that usually works...
  • I hope that the fools at my ISP won't blame me for running apt-get every other day or so... And how about full <insert distro name> network installations over HTTP, if updates weren't enough ?! ;)

  • Stats for the past 24 hours are even worse.... (Score:4, Informative)

    by Brett Glass ( 98525 ) on Wednesday April 16, 2003 @02:05AM (#5742108) Homepage
    Just checked the stats for the past 24 hours (from a Squid cache). This time, *.windowsupdate.com generated 56.11% of the traffic, with a hit rate of only 2.37%. In short, Microsoft is eating (and expending!) huge amounts of bandwidth, and almost none of what is being transmitted can be cached. What a waste.
    • --THAT's why I recognized your name, Brett... FYI, this guy used to have a pretty cool site a few years ago called YMMV (your mileage may vary) and then its services were discontinued. Man that brings back some memories.
    • That's terrible. I mean Microsoft releasing frequent patches for their products - and then the users are finding those patches so easy to download and install that they keep doing it!

      That's so typical of Microsoft. They don't care about the little ISPs, they just want their customer base to have free, simple, access to frequent updates and fixes, without giving a damn about the impact that has on Internet traffic.

      I mean, at least when slashdot directs huge amounts of traffic to some dumb site about making a spaceship out of a floppy disc or whatever, they have the courtesy to always cache the site so that it doesn't take down the whole ISP that hosts that page.

      Why can't MS be more like /. ?
      • That's terrible. I mean Microsoft releasing frequent patches for their products - and then the users are finding those patches so easy to download and install that they keep doing it!

        [ponders, wonders, decides...yes! WACK WACK WACK WACK goes the Clue(tm)-brand clue bat against Jon Peterson's head.]

        The issue isn't that it is easy, but that they have such an ineffecient and mostly uncachable mechanism for distribution.

        The frequency of updates in relation to the bugs fixed isn't too much or too often.

      • That's terrible. I mean Microsoft releasing frequent patches for their products - and then the users are finding those patches so easy to download and install that they keep doing it!

        What's even more terrible is that no one really knows how many times the EULAs have been changed as a result.

        I installed Windows XP the first time recently and was disturbed at the default settings for Windows itself and the Media Player. MS should not be trusted. They're practically as bad as Real Player.
    • might Microsoft be convinced to make its updates cacheable, so as not to waste unthinkable amounts of bandwidth?

      Invoice them for your bandwidth.

  • If your ISP provides its users with a default homepage, try adding links to cached EXEs of the updates (aka the EXEs designed for corporate users) to that page. It's convenient, probably faster, et cetera.

  • ISP Caching (Score:4, Informative)

    by kmellis ( 442405 ) <kmellis@io.com> on Wednesday April 16, 2003 @03:21AM (#5742312) Homepage
    Why don't you subscribe to or at least take a look the ISP-Caching [isp-planet.com] mailing list?

  • Software Update Service (Score:4, Informative)

    by blues5150 ( 161900 ) on Wednesday April 16, 2003 @08:06AM (#5742935) Homepage
    How about trying something like this [microsoft.com].
  • Hmmmm. Given the amount of bandwidth Windows Update takes, I wonder how much of AOL's bandwidth it takes.

    Hmmm...

    On a related note: I haven't looked recently, but it used to be that Windows clients were TERRIBLE about DNS lookups - they would not cache anything, and were always making DNS requests on every little thing. I was helping a FOF set up his DSL, and his DNS lookups were taking 3-5 seconds, because his ISP's name servers (swbell) were overloaded. We finally set up his own internal name server, and
    • Given the amount of bandwidth Windows Update takes, I wonder how much of AOL's bandwidth it takes.

      None. AOL users don't do "updates" or "patches".

      Seems obvious in retrospect, doesn't it?

  • This is a nice example of how M$' our-products-are-blackboxes-policy is increasing the cost of using them.

    In a world of open systems, everyone who felt like doing it could cache software updates, freeing money and bandwith for more sensible uses than trying to cure a dead horse.
  • ... is that Microsoft send out a good number of responses with a "Cache-Control: private" header. Any public cache storing these responses is in violation of RFC2616.

    This posting [squid-cache.org] from the squid-users mailing list sheds some more light on the issue.

    If you were wanting to break the RFCs and were using squid, then you could probably modify src/http.c to return 1 for the relevant parts of the httpCachableReply function instead of 0, but that would be a "Bad Thing"(tm) when it came to RFC compliance.

  • Must be a small ISP (Score:3, Insightful)

    by Call Me Black Cloud ( 616282 ) on Wednesday April 16, 2003 @09:45AM (#5743392)
    The latest update was the Java fix, and that weighed in at 5MB. If that's all it takes to spike your traffic then you're probably getting off cheap the rest of the time, with most users not doing much downloading other than mail and news.

    Why don't you post some hard data instead of percentages? Saying windows update is 50% of your traffic is meaningless unless you provide background. What is your normal traffic? How close are you to capacity?
  • How might Microsoft be convinced to make its updates cacheable, so as not to waste unthinkable amounts of bandwidth?
    Maybe I'm being naive, but have you considered talking to somebody at Microsoft? They may be willing to listen to your input, as it saves them bandwidth, as well. Just get some data, possibly talk to some other ISPs (maybe some larger ones), and give the stats to a Microsoft rep.

  • Please don't (Score:2, Insightful)

    by cperciva ( 102828 )
    I've lost count of the times I've run into problems with transparent caches feeding me stale data; the last place I want to see stale data is when fetching security updates.

    If you think it wastes too much bandwidth, think about the bandwidth which could be wasted by a network full of machines which were compromised due to not fetching the latest securty updates.

    • Re:Please don't (Score:3, Insightful)

      by Brett Glass ( 98525 )
      I've lost count of the times I've run into problems with transparent caches feeding me stale data; the last place I want to see stale data is when fetching security updates.

      Doesn't happen. If there's an update to the update, it's done as a separate update.

  • Interesting. (Score:2, Interesting)

    by Brett Glass ( 98525 )
    During the last 24 hours (shortly after this article was posted to Slashdot) our cache suddenly began getting hits on Windows Update content. Not all of it, mind you, but some.... Which is a good thing, because Windows Update traffic shot up to a whopping 70.1% percent of the last day's throughput.

    I suspect that someone at Microsoft has been reading this discussion, which is good.

    Most of the stuff that became cacheable, though, was for Windows XP. Windows 98 and Me updates (and we have a lot of users ru

  • I've got access to stats for a couple of largish connections (good mix of individual and organization traffic) and that number seeems a little high.

    All the traffic I see to/from microsoft - including msn and hotmail, accounts for perhaps 30% of my traffic on a typical day. On a day when somethign like DX9 comes out, that figure goes up a bit - but still not to the 50% level.

    Do you maybe have a customer who builds systems and mass-updates them? that would almost make the number reasonable....

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close