Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Peer to Peer Protocols Lucent Security Products Configuration Example Series.

Published byBranden French Modified over 8 years ago

Similar presentations

Presentation on theme: "Managing Peer to Peer Protocols Lucent Security Products Configuration Example Series."— Presentation transcript:

1 Managing Peer to Peer Protocols Lucent Security Products Configuration Example Series

2 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols Peer to Peer protocols are becoming more and more popular. These protocols tend to use large amounts of bandwidth. This is causing bandwidth issues for service providers and enterprises alike. The Alcatel-Lucent Firewall solution has extensive Bandwidth Management capabilities that will allow the service provider or enterprise to restrict bandwidth of any data by; Interface, Rule Set, Rule or Session. In many cases this is not possible using any other firewall on the market as the sessions within peer to peer protocols attach to ports across a wide range in order to achieve their objective of using as much bandwidth as is available.

3 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols The key to blocking, selectively blocking or controlling the use of any protocol is to find the common behaviors in the protocol and then basing your rules on those behaviors. Information on most of the peer to peer protocols is readily available on the web. If it is a standards based protocol there will usually be RFC’s available that will give you all of the information that you will need in order to build your firewall rules to manage the protocol. In the event that you cannot find the necessary information on the web you could use a sniffer to analyze the protocol on your network. You could also examine your firewall session logs to get this information.

4 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols It’s important to note that blocking these protocols is usually pretty easy as they usually use some common behaviors such as a designated control port. By blocking a common control port you can eliminate the protocol entirely from traversing your network. Allowing but controlling these protocols is a bit trickier but not out of the question. In this configuration example we will focus on the BitTorrent protocol as our example. Note that other P2P protocols would be handled in a very similar way.

5 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols Bit Torrent version 3.2 and higher use a TCP port range of 6881-6999 and a control channel on TCP port 6969. The control channel is used as a tracker channel for the open sessions. Using the Alcatel-Lucent solution a service provider or enterprise would be able to block all of these ports if necessary or would be able to eliminate the application altogether by blocking the control port, TCP 6969. In cases where you would like to allow the application but would like to restrict the bandwidth usage you would do 3 simple steps to control the bandwidth through the Firewall and would then have fine grained controls to tune the application bandwidth usage. These same steps could be used to restrict bandwidth on any application to and including other file transfer applications such as FTP, Kazaa, eDonkey, Gnutella, Direct Connect, etc. The three steps are as follows.

6 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols Step 1. Create a service group referencing the ports of the application. (see configuration example on creating services and service groups)

7 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols Step 2 Create a rule in the rule set that you want to use for this bandwidth restriction, using the service group set up in step one. (see configuration example on creating rules and rule sets)

8 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols In the bandwidth management tab of that rule, set the bandwidth minimums and maximums as desired.

9 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols Step 3 Apply the rule to whatever rule set will be passing the application.

10 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols There are a few additional steps that you can take to further control any protocol by using the following features: Time of day per rule Maximum Concurrent Usage per rule Set TOS (Type of Service) or DiffServ (Differentiated Services) bits at the rule on the protocol so that bandwidth is enforced by other devices on your network Of course you can also pass selectively to only certain groups of users or hosts See the tabs at the top of the figure on the right.

11 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols Time of Day Settings: Time of day can be set on any rule. You can modify behavior dynamically by creating two rules Set bandwidth on one rule at x and another at z. Configure the first rule to deactivate at a certain time of day. At the same time of day have the other configured to activate. This will allow your settings to be different during business hours, for instance, than on the weekend or evening.

12 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols Maximum Concurrent Usage: Essentially this feature allows you to “pass” protocols but restrict the number of sessions using that protocol on the network at any given time. This is the number of times that a rule can be invoked concurrently. You may allow Bit Torrent to pass, with controls, but only allow 10 occurrences of Bit Torrent at any given time on your network. The 11 th will be dropped. But can pass later when one of the other sessions clears.

13 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols TOS and DiffServ TOS and DiffServ can be set at the Brick Packets with the TOS or DiffServ bits already set will be respected by the Bricks. This is a method to allow other devices on your network that are TOS or DiffServ compliant to assist in controlling bandwidth through prioritization.

14 Lucent Technologies – Proprietary Use pursuant to company instruction Managing Peer to Peer Protocols For more detailed information on configuring this feature click Help>On Line Product Manuals>Policy Guide See the section on Brick Zone Rule Sets as well as the subsection on Bandwidth management within a rule. The section on Service Groups will also apply. The Product Manuals can also be found on your ALSMS CD.

Download ppt "Managing Peer to Peer Protocols Lucent Security Products Configuration Example Series."

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.

Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Internetworking Devices that connect networks are called Internetworking devices. A segment is a network which does not contain Internetworking devices.

Internetworking Devices that connect networks are called Internetworking devices. A segment is a network which does not contain Internetworking devices.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
SM3121 Software Technology Mark Green School of Creative Media.

SM3121 Software Technology Mark Green School of Creative Media.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
Configuring NOE VOIP Alcatel-Lucent Security Products Configuration Example Series January 2010 Software Version 9.4.

Configuring NOE VOIP Alcatel-Lucent Security Products Configuration Example Series January 2010 Software Version 9.4.
Understanding and Managing WebSphere V5

Understanding and Managing WebSphere V5
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Network Layer Network Fundamentals – Chapter 5 Sandra Coleman, CCNA, CCAI.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Network Layer Network Fundamentals – Chapter 5 Sandra Coleman, CCNA, CCAI.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.

Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.
1/28/2010 Network Plus Unit 5 Section 2 Network Management.

1/28/2010 Network Plus Unit 5 Section 2 Network Management.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 6 Basic TCP/IP Services.

Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 6 Basic TCP/IP Services.
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

Similar presentations

Ads by Google