AMD Phreak
Premium
join:2003-12-14
| Limiting p2p traffic
I was just out at a customers house with the installer and just as soon as we brought the radio online the kid sat down and started downloading stuff using limewire.
GRRR
What can i do to throttle traffic of this type? Is this done through QoS I assume? I found the ports for the gnutella protocol so I am guessing i can add these into QoS settings of something like monowall?
--
Using a non-ports-system OS is like masturbating with a cheese grater |
|
Bigpaddy_Irl
join:2005-12-12
Ireland
| I had a similar problem too only the lads here pointed me in the direction of m0n0wall. It has a wizard thingy which sets up all rules, pipes, gueue's, etc for you without the hassle. It will give the users adequate access to p2p traffic until a voip call starts or a ftp download begins, then you can see all the p2p connections being dropped. When I added it to my system i had a voip phone and all p2p traffic blocked. Now I have p2p allowed and there is a massive difference in my calls. thats my 2 cents! |
|
superdog
I Need A Drink
Premium,MVM
join:2001-07-13
Lebanon, PA
| reply to AMD Phreak
said by AMD Phreak  :I was just out at a customers house with the installer and just as soon as we brought the radio online the kid sat down and started downloading stuff using limewire. GRRR In our TOS, it warns that using P2P programs may result in legal action by the RIAA or some similar body if in fact the material You are downloading is illegal. I also explain that if pressed by one these groups for user info. we will hand it over ASAP, as we can not afford to fight them in court. It has made a major difference in P2P traffic, especially when You point it out to the parents that are signing and then show them a few news articles about pending RIAA lawsuits. It stops very quickly. 
--
»www.wavecrazy.net Join WISPA today! »www.wispa.org/ |
|
vincentfox
join:2003-03-18
Davis, CA | reply to AMD Phreak
Wow, P2P, that is an entirely new topic that we have never discussed before!
 |
|
AMD Phreak
Premium
join:2003-12-14
| reply to AMD Phreak
Thanks for the quick replys. I am working on a monowall box to drop in at the tower site. I just recieved a call from the customer wondering about how come his pc will download music ok but then his brothers wont, and then they switch off or soemthing. Maybe its because of their crappy belkin router?
I'll email the parent reguarding the issue. Thanks
--
Using a non-ports-system OS is like masturbating with a cheese grater |
|
pablo2525
join:2003-06-23
 ·TekSavvy Solutions..
| At a high-level, traffic shaping has two components:
* shaping: prioritization, bandwidth carving, etc
* classification
On Linux, you can use a Layer 7 classifier (»l7-filter.sourceforge.net/) in conjunction with iptables to classify the packets/connections. Shaping is done using tc (traffic control).
The problem is p2p is moving towards encrypted streams so L7 classifiers aren't going to work any more - and neither will M0n0wall.
One idea is to allow a connection N MB's before pushing down its priority. This is what I do for my shaping in conjunction with L7/iptables. For what it's worth, I consider a connection 'long running' when it's downloaded 2MB's At which point it loses priority.
For (what I believe) nifty real-time graph, see:
»www.hillsandlakes.com/stats/cgi-···ng.cgi?1
At a different site where the kernel isn't a vanilla kernel (which can be patched to include the latest L7/iptables support), they're sharing a single DSL connection (3Mbps/800Kbps) among 22 subscribers. Response time is _very_ snappy even with this suboptimal configuration.
--
Freed from the shackles of my Satellite ISP - private WISP |
|
lutful
Premium
join:2005-06-16
Ottawa, ON
·TekSavvy Solutions..
| said by pablo2525 :The problem is p2p is moving towards encrypted streams so L7 classifiers aren't going to work any more - and neither will M0n0wall. Yes. This old thread had a long discussion about the issues. »Managing/shaping bandwidth?
We developed FPGA inspection of encrypted streams at 1Gb/s, but for 10Mb/s WAN links software methods like ROPE works fine. The URL is in my 3rd post in that thread. |
|
AMD Phreak
Premium
join:2003-12-14
| reply to AMD Phreak
Ok so say i add Monowall. Should it be located at the tower site or should it be somewhere else, like a site that is still on the same leg but closer in. The tower is like almost an hour and a half away, so yea...... :-\
--
Using a non-ports-system OS is like masturbating with a cheese grater |
|
superdog
I Need A Drink
Premium,MVM
join:2001-07-13
Lebanon, PA
| said by AMD Phreak :Ok so say I add Monowall. Should it be located at the tower site or should it be somewhere else, like a site that is still on the same leg but closer in. I would run it at Your NOC, as it needs to be able to see ALL traffic on the network, unless You are just trying to throttle one subnet?
--
»www.wavecrazy.net Join WISPA today! »www.wispa.org/ |
|
AMD Phreak
Premium
join:2003-12-14
| reply to AMD Phreak
No, I would like to throttle the entire subnet. I'd like to make sure that this works ok before I go and request another rack spot at our colo center though.
--
Using a non-ports-system OS is like masturbating with a cheese grater |
|
superdog
I Need A Drink
Premium,MVM
join:2001-07-13
Lebanon, PA
| said by AMD Phreak : I'd like to make sure that this works ok before I go and request another rack spot at our colo center though. OUCH!. M0n0wall boxes are cheap enough(software free, old PII units are just laying around) that You could just install one at every PoP, saving You the colo. fees. There is no need to worry about whether it will work or not, as we have one, and it works great. You may see an extra 3 to 4ms in latency, but that's it. If You are very lazy?, just enable the magic shaper and walk away. It will do ALMOST everything You want right out of the box. 
--
»www.wavecrazy.net Join WISPA today! »www.wispa.org/ |
|
AMD Phreak
Premium
join:2003-12-14
| reply to AMD Phreak
Yeah I need to find the old p2's though, and the chances of that happening soon are slim. The management would most likely cut the check for a newer rack mounted box before that happened.
I would like to shape at each site, but like i said some of the sites are darn near 1.5 hours away, and one of them is very difficult to reach in the winter time.
Thanks for the input though superdog, as always you come through.
--
Using a non-ports-system OS is like masturbating with a cheese grater |
|
superdog
I Need A Drink
Premium,MVM
join:2001-07-13
Lebanon, PA
| said by AMD Phreak :Yeah I need to find the old p2's though, and the chances of that happening soon are slim. Hmmm....I'll bet if You look around, someone You know has 2 or 3 of them collecting dust in a basement somewhere??. I just parted out and smashed the shells of 20 or so older PII and PIII boxes  . If only I had known?????.............
said by AMD Phreak :Thanks for the input though superdog, as always you come through. You are quite welcome!. I don't know that I did that much?, but anytime I can help, I will?.
--
»www.wavecrazy.net Join WISPA today! »www.wispa.org/ |
|
TWireless
Premium
join:2006-04-03
Round Rock, TX
| reply to AMD Phreak
AMD,
Cant you just shape and block the traffic at the CPE? This would improve overall network performance, since the CPE would stop the radio from even TX'ing.
Even if the AP or a router at your NOC/POP does this for you, your AP still has to give the clients radio time, which could reduce your networks performance. If you stop it at the customer you would be better off.
--
Tasos Alexiou
www.titanwirelessonline.com |
|
bonald
join:2004-08-23
Bassin, QC
| I am using netequalizer. It's not expensive and works perfectly. I limit gnutella,bittorent,winmx and limit a maximum of 30 inbound and 30 outbuond active connections per IP. Since it's linux based, i've installed a harddrive and I've put squid on it and now it's a cache server too!
lots of fun. |
|
AMD Phreak
Premium
join:2003-12-14
| reply to AMD Phreak
We are running a 100% canopy network. Therefore I need some way to limit it at the pop as the canopy's do not have the nice feature of QoS at the SM like many others do, or as far as I can tell they don't.
--
Using a non-ports-system OS is like masturbating with a cheese grater |
|
korym
Go Wisp's
ExMod 1999-03
join:1999-12-23
Richmond, VA
clubs:
| reply to bonald
said by bonald :I am using netequalizer. It's not expensive and works perfectly. bonald, would you mind sharing approximate costs for your netqualizer? I've been looking at various solutions but they can get fairly pricey. I've heard good things about neteq.
Thx much, in advance!
Regards,
Kory
--
WISP Directory : WISP News : Start a WISP |
|
bonald
join:2004-08-23
Bassin, QC | total cost with shipping was 2100$
It's a P4 1U server w/512 ddr ram and a 256compact flash. |
|
public
join:2002-01-19
Santa Clara, CA
·DSL EXTREME
| reply to AMD Phreak
said by AMD Phreak :What can i do to throttle traffic of this type? Is this done through QoS I assume? I found the ports for the gnutella protocol so I am guessing i can add these into QoS settings of something like monowall? A sample case study
»www.uark.edu/staff/arknet/ARKnet···ions.ppt |
|
AMD Phreak
Premium
join:2003-12-14 | reply to AMD Phreak
So since we have an all cisco network (routers and switches) I am understanding it would be best to utilize these devices instead of 3rd party device.
--
Using a non-ports-system OS is like masturbating with a cheese grater |
|
