Plan for Internet bandwidth usage for Office 365
Applies to: Office 365 Enterprise
Topic Last Modified: 2013-12-09
Summary: Provides tips for reducing bandwidth use during migrations and when updating clients, NAT limitations that affect Outlook, and links to bandwidth calculators for Office 365.
Using Office 365 service offerings may increase your organization’s Internet traffic, so it is important to evaluate and assess the network impact of the services. Email traffic with Exchange hybrid deployment and directory synchronization activity has the most impact on bandwidth, but some organizations may notice a general increase in Internet traffic after migrating users to the Office 365 suite.
|If you have a large number of shared calendars and mailboxes, you may see an increase in the number of connections from Outlook to Exchange. For instance, the Outlook client may open up to two additional connections for each shared calendar in use. In this situation, ensure that the egress proxy can handle the connections, or bypass the proxy for connections to Office 365 for Outlook.|
There are many variables to consider when estimating network traffic. Some of these variables are:
The Office 365 service offerings that your organization has subscribed to.
The number of client computers in use at one time.
The type of task each client computer is performing.
The performance of your Internet browser software.
The capacity of the network connections and network segments associated with each client computer.
Your organization’s network topology and the capacity of the various pieces of network hardware.
For information about bandwidth requirements for Lync Server 2010 conferencing, see the TechNet article Defining Your Requirements for Conferencing.
There are calculators available to assist you with estimating network bandwidth requirements. These calculators work for on-premises as well as Office 365 deployments. You can use the Exchange client network bandwidth calculator to estimate the bandwidth required for a specific set of Outlook, Outlook Web App, and mobile device users in your Office 365 deployment. With the Lync Server 2010 and 2013 bandwidth calculator, you enter information about users and the Lync Online features you want to deploy, and the calculator helps you determine bandwidth requirements.
Testing and validating your Internet bandwidth (download, upload, and latency constraints) are vital to understanding how to achieve high-velocity migration of on-premises mailbox content to the Office 365 and Exchange Online environments. Slow or latent connectivity reduces the number of mailbox migrations that can be completed during a migration window. Be sure to perform the following steps:
Test and confirm that your organization’s Internet bandwidth can manage the network impact of Office 365 migrations.
Assess internal network bandwidth availability for Office 365 migration events.
Make use of available network tools such as:
Microsoft Network Monitor - Allows you to capture network traffic, view, and analyze it. Look for HTTPS/SSL time-outs set too low on Proxy/Firewall/Router and excessive retransmits
Microsoft Remote Connectivity Analyzer - Tests connectivity in your Exchange Online environment
Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit - Use the MOSDAL Support Toolkit to perform ping, tracert, and pathping tests.
Determine your download, upload, and latency between your on-premises environment and the nearest Microsoft cloud services data center. The following activities can help with this task:
Ping outlook.com to determine the IP address of the nearest Microsoft cloud services data center from your location.
Consult a third-party IP mapping website (for example, iplocation.net) to determine that data center’s location.
Use a speed test website (for example, speedtest.net) to determine the upload, download, and latency statistics between your on-premises environment and the nearest location to the Microsoft cloud services data center.
Determine the periods in which the on-premises Exchange system is heavily used (for example, during backups).
To improve migration velocity as well as reduce your organization’s bandwidth constraints, you should consider the following:
Reduce mailbox sizes. Smaller mailbox size improves migration velocity.
Use the mailbox move capabilities with an Exchange hybrid deployment. With an Exchange hybrid deployment, offline mail (.OST files) does not require re-download when migrating to Exchange Online. This significantly reduces your download bandwidth requirements.
Schedule mailbox moves to occur during periods of low Internet traffic and low on-premises Exchange use. When scheduling moves, understand that migration requests are submitted to the mailbox replication proxy and may not take place immediately.
For more detailed information, see Factors that affect Exchange Online migration performance.
Your organization must deploy and run the Office 365 desktop setup on each user PC that will use applications such as Microsoft Outlook and Lync 2010. If you deploy the Office 365 desktop setup without first installing the necessary operating system service packs and updates, Office service packs and updates, Lync client application, and so on, there is the potential that your organization may require a significant amount of download bandwidth. More specifically, each PC needs to connect to the Internet, download, and install any necessary service packs or updates. Organizations with a large number of PCs that are not updated would have the greatest bandwidth demand.
To prevent saturation of your network bandwidth, we suggest that you download the necessary updates and deploy them to each of your organization’s PCs prior to deploying the Office 365 desktop setup. You can deploy the updates via a package deployment tool such as Microsoft System Center Configuration Manager or a third-party application.
Alternatively, if you do not have the infrastructure or ability to deploy the necessary updates, you may want to consider Active Directory group policy or throttling your deployment of the Office 365 desktop setup. To throttle the deployment of the Office 365 desktop setup, deploy the setup package to a subset of your users at a time, allowing each of those users to download the necessary updates. Upon completion, deploy the setup package to another subset of users. Repeat this process until the necessary updates are deployed to all of your PCs.
For more information, see Manually update and configure desktops for Office 365 for the latest updates.
Previous guidance suggested that a maximum of approximately 2,000 Exchange clients per IP address can be connected to Office 365 before port exhaustion. This section provides some details on this key issue, how to approximate the correct number, and some methods of resolution.
What is NAT?
Most corporate networks use private (RFC1918) IP address space. Private address space is allocated by Internet Assigned Numbers Authority (IANA) and intended solely for networks that do not route directly to and from the global Internet.
To provide Internet access to devices on a private IP address space, organizations use gateway technologies like firewalls and proxies that provide network address translation (NAT) or port address translation (PAT) services. These gateways make traffic from internal devices to the Internet (including Office 365) appear to be coming from one or more publicly routable IP addresses. Each outbound connection from an internal device translates to a different source TCP port on the public IP address.
In this way, thousands of people on a corporate network can “share” a few publicly routable IP addresses.
NAT limitations with Office 365
The Outlook client may open eight or more connections (in situations where there are add-ins, shared calendars, mailboxes, etc.). Because there are a maximum of 64,000 ports available on a Windows-based NAT device, there can be a maximum of 8,000 users behind an IP address before the ports are exhausted. Note that if customers are using non-Windows OS-based devices for NAT, the total available ports are dependent on what NAT device or software is being used. In this scenario, the maximum number of ports could be less than 64,000. Availability of ports is also affected by other factors such as Windows restricting 4,000 ports for its own use, which reduces the total number of available ports to 60,000.There may be other applications, such as Internet Explorer, that could connect at the same time, requiring additional ports.
Calculating maximum supported devices behind a single public IP address with Office 365
To determine the maximum number of devices behind a single public IP address, you should monitor network traffic to determine peak port consumption per client. Also, a peak factor should be used for the port usage (minimum 4). You can use the following formula to calculate the number of supported devices per IP address:
Maximum supported devices behind a single public IP address = (64,000 – restricted ports)/(Peak port consumption + peak factor)
For instance, if 4,000 ports were restricted for use by Windows and 6 ports were needed per device with a peak factor of 4:
Maximum supported devices behind a single public IP address = (64,000 – 4,000)/(6 + 4)= 6,000
Note that with the release of Office 365 hosting pack, included in the updates from September 2011 for Microsoft Office Outlook 2007, or November 2011 for Microsoft Outlook 2010, or a later update, the number of connections from Outlook (both Office Outlook 2007 with Service Pack 2 and Outlook 2010) to Exchange can be as few as 2.
If you want to support more than 2,000 devices behind a single public IP address, follow the steps outlined to assess the maximum number of devices that can be supported:
Monitor network traffic to determine peak port consumption per client. This data should be collected:
From multiple locations
From multiple devices
At multiple times
Use the preceding formula to calculate the maximum users per IP address that can be supported in their environment.
There are various methods for distributing client load across additional public IP addresses. Strategies available depend on the capabilities of the corporate gateway solution. The simplest solution is to segment your user address space and statically “assign” a number of IP addresses to each gateway. Another alternative that many gateway devices offer is the ability to use a pool of IP addresses. Using an address pool effectively requires that your gateway solution correctly implements client source IP stickiness because all of the connections from Outlook to the service must come from the same IP. The benefit of the address pool is that it is much more dynamic and less likely to require adjustment as your user base grows.