[geeks] P2P Monitoring / Mitigation

Mike Meredith very at zonky.org
Tue Mar 25 15:43:22 CDT 2008


On Tue, 25 Mar 2008 12:36:44 -0400 (EDT), der Mouse wrote:
> Has anyone considered human-level measures, such as telling the
> students "look, people, we don't have the bandwidth to support this"?
> (It might help, it might not, depending on the students.)

Nice idea; shame it doesn't work. You may stop the well behaved and
considerate students that way, but not the others. The use of P2P is a
big problem for resnet services.

What we did was :-

* Had bandwidth to burn. Work's resnet project was initially funded by
  a supplement to the student rents and some of the money was diverted 
  into upgrading our bandwidth.

* Blocked the obvious P2P ports. This isn't 100% effective but was
  pretty good at stopping the majority ... those who wouldn't know a
  port if it bit them.

* Graphed (with MRTG) the traffic levels at each switch port and kept
  an eye on those with obvious patterns of high usage.

If I were still actively involved, I'd look at traffic shaping.
Determine how large a share of the total bandwidth should be consumed
by your resnet (if it shares the pipe with internal users) and limit
the entire resnet to no more than that. Go further back towards the
user and limit bandwidth to each group of users ("hall" or "floor") to
a reasonable share of the total bandwidth (if 5 halls share 100Mbps,
limit each to 20Mbps (perhaps increase slightly after bringing your
existing problem under control).

Ideally traffic shape each individual user so if they consume huge
quantities of bandwidth they become limited to a much restricted
bandwidth for a week. Inform them why their bytes are coming down as a
trickle :) (it isn't always P2P consuming bandwidth; compromised
machines can also do that)

Primitive 'traffic shaping' can be accomplished by simply nailing
uplink ports to 10Mbps rather than 100Mbps ... we had to resort to this.

I'd be wary of going down the content inspection route. The vendors are
keen but tend to be aimed towards the commercial market with prices to
match. And academia tends to be allergic to content monitoring.

-- 
Mike Meredith (http://zonky.org/)
  'A foolish consistency is the hobgoblin of little minds'



More information about the geeks mailing list