Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing P2P Applications or Where Did My Internet Bandwidth Go? David L. Merrifield University of Arkansas June 19, 2003.

Published byMelody Millman Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing P2P Applications or Where Did My Internet Bandwidth Go? David L. Merrifield University of Arkansas June 19, 2003."— Presentation transcript:

1 Managing P2P Applications or Where Did My Internet Bandwidth Go? David L. Merrifield University of Arkansas dlm@uark.edu June 19, 2003

2 The First Peer-to-Peer (P2P) Application Widely Accepted by the Internet Public

3 May 1999 – Napster created by Northeastern University students Shawn Fanning and Sean Parker and takes the college world by storm December 7, 1999 – RIAA sues Napster on grounds of copyright infringement April 13, 2000 – Metallica files suit against Napster and three universities for copyright infringement

4 May 5, 2000 – Judge rules that Napster is in violation of DMCA October 31, 2000 – Napster announces that it will partner with Bertelsmann AG to develop subscription-based distribution March 2001 – Napster attempts file blocking and filtering techniques to eliminate copyrighted material from distribution

5 July 2001 – Judge orders Napster offline until copyrighted material is removed entirely October 2001 – Napster begins self destructing March 2002 – Federal appeals court orders Napster offline September 2002 – Judge blocks sale of Napster to Bertelsmann

6 November 2002 – Roxio bought Napster’s name and technology in bankruptcy auction for $5M Napster may be gone, but it was only the beginning…

7

8 What is the P2P Problem? MP3

9 What is the P2P Problem? MP3

10 What is the P2P Problem? More inbound than outbound traffic Double-Humped Curve

11 What is the P2P Problem? Near 100% outbound utilizationMore evening activity

12 Steps to Managing P2P Use Ignore the problem Management by written policy Port blocking Rate limiting Bandwidth quotas QoS

13 Ignore The Problem Disruptive to your legitimate users Consumes your expensive bandwidth Presents security exposures Presents copyright issues

14 Management by Written Policy Thou Shalt Not… P2P

15 Port Blocking Port blocking as a means to block P2P applications Not effective for all P2P applications Some P2P apps use other well-known ports, such as port 80 (web) Some P2P apps negotiate ports, so actual ports used are not predictable

16 Rate Limiting Limit the abusing users –Set limit on individual or total throughput Limit the abusing applications –Set limit on application throughput

17 Rate Limiting University of Arkansas Experience –September 2001 –Outbound Bandwidth at Max Most of Day –High Packet Drop Rates –Very Poor Internet Performance –No One Was Happy

18 Rate Limiting University of Arkansas Experience –November 2001 –Implemented Committed Access Rate (CAR) on Cisco 7507 Border Router –Limited Aggregate Dorm Traffic to 5 Mbps UARK Internet Bandwidth Blue Line Outbound Traffic Green Solid Inbound Traffic

19 Rate Limiting University of Arkansas Experience UARK Internet Outbound Packet Rate UARK Ping Statistics Blue Line Outbound Packet Rate Green Solid Outbound Packet Drops

20 Rate Limiting University of Arkansas Experience –Beware that some routers experience high CPU utilizations and performance is degraded when rate limiting is being done. Router CPU Utilization Router CPU usage increased 20% when CAR was enabled on Cisco 7507

21 Bandwidth Quotas Bruce Curtis, North Dakota State University Implemented bandwidth quotas for residence halls Every user is authenticated before they can use the network Bandwidth utilization is measured via flow data collected at border router

22 Bandwidth Quotas Authentication Server Internet 1. User authenticates Flow Data Collector

23 Bandwidth Quotas Flow Data Collector 2. User queued to use high-speed Internet pipe Internet Authentication Server

24 Bandwidth Quotas Flow Data Collector Internet Authentication Server 3. If user exceeds bandwidth quota, queued to use low-speed pipe Over Quota!!!

25 Bandwidth Quotas Fair share quota established for every user 300 MB per day If limit exceeded, user is placed in a rate- limiting pool (aggregate limit of 300 Kbps) About 15% of users regularly exceed limit Limits are reset daily at 6:00 A.M.

26 Quality of Service Use external device to manage traffic by application or user or both Build and apply policies about the way applications and users use bandwidth Quality of Disservice

27 Quality of Service Two major competitors –Packeteer PacketShaper –Allot NetEnforcer

28 Quality of Service Internet Border Router Firewall LAN

29 Quality of Service Classify traffic by: –Application signature –Protocol –Port number –Subnet –URL –Host name –LDAP host list –Diffserv setting –802.1p/q –MPLS tag –IP precedence bits –IP or MAC address –Direction (in vs. out) –Source –Destination –MIME type –Web browser –Oracle database

30 Quality of Service Shape traffic –Per application minimum –Per application maximum –Per session minimum –Per session maximum –Dynamic per-user minimum & maximum –TCP & UDP rate control –DoS attack avoidance

31 Quality of Service Sample configuration –Group P2P apps (KaZaa, Morpheus, eDonkey, BearShare, etc.) into one class –Limit the P2P class to 15% of capacity of inbound Internet link –Limit the P2P class to 5% of capacity of outbound Internet link

32 Packeteer

33 Packeteer

34 Packeteer

35 Packeteer PacketShaper Series15502500450065008500 Max Throughput (Mbps) 21045100200 Max Classes 2565125121,0242,048 Max Dynamic Partitions 1285125125,00020,000 Max Static Partitions 1282562565121,024 Max Policies 2565125121,0242,048 Max IP Hosts 5,00010,00025,00025,000100,000 Max IP Flows 7,50030,00075,000150,000300,000

36 Allot NetEnforcer ModelBandwidthPipesPoliciesConnections AC-102/128128 Kbps1281,0246,000 AC-102/512512 Kbps1281,0246,000 AC-202/2M2 Mbps2562,04812,000 AC-202/10M10 Mbps5122,04820,000 AC-30245 Mbps1,0244,09664,000 AC-402100 Mbps1,0244,09696,000 AC-601100 Mbps2,0488,192128,000 AC-702155 Mbps2,0488,192128,000 AC-802310 Mbps2,0488,192128,000

37 Conclusion P2P applications are here to stay Legality and copyright issues aside, the network bandwidth consumed can overwhelm most networks Management by decree may work in small environments, but not large ones Effective management techniques usually involve bandwidth shaping or quotas

38 The End Questions?

Download ppt "Managing P2P Applications or Where Did My Internet Bandwidth Go? David L. Merrifield University of Arkansas June 19, 2003."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
© R. Jayanthan, K. Gunasakera 1999 Quality of Service in Multiservice Networks for Digital Economy R. Jayanthan & Kithsiri Gunasakera National IT Conference.

© R. Jayanthan, K. Gunasakera 1999 Quality of Service in Multiservice Networks for Digital Economy R. Jayanthan & Kithsiri Gunasakera National IT Conference.
TCP-IP Primer David Cozens. Targets Have a basic understanding of Ethernet network technology Be aware of how this technology is applied on the 5000 series.

TCP-IP Primer David Cozens. Targets Have a basic understanding of Ethernet network technology Be aware of how this technology is applied on the 5000 series.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Introducing ACLs.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—6-1 Access Control Lists Introducing ACL Operation.
The Latest In Denial Of Service Attacks: “Smurfing” Description and Information to Minimize Effects Craig A. Huegen Cisco Systems, Inc. NANOG 11 Interprovider.

The Latest In Denial Of Service Attacks: “Smurfing” Description and Information to Minimize Effects Craig A. Huegen Cisco Systems, Inc. NANOG 11 Interprovider.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Policy Based Routing using ACL & Route Map By Group 7 Nischal (304360958) Pranali (304378534)

Policy Based Routing using ACL & Route Map By Group 7 Nischal ( ) Pranali ( )
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Reduced TCP Window Size for Legacy LAN QoS Niko Färber July 26, 2000.

Reduced TCP Window Size for Legacy LAN QoS Niko Färber July 26, 2000.
Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.

Advanced Internet Bandwidth and Security Strategies Fred Miller Illinois Wesleyan University.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.

Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Sepehr Firewalls Sepehr Sadra Tehran Co. Ltd. Ali Shayan December 2008.

Sepehr Firewalls Sepehr Sadra Tehran Co. Ltd. Ali Shayan December 2008.

Similar presentations

Ads by Google