Post on 14-Jan-2016
Managing P2P ApplicationsManaging P2P Applicationsoror
Where Did My Internet Bandwidth Go?Where Did My Internet Bandwidth Go?
David L. MerrifieldDavid L. MerrifieldUniversity of ArkansasUniversity of Arkansas
dlm@uark.edudlm@uark.eduJune 19, 2003June 19, 2003
The First Peer-to-Peer (P2P) ApplicationThe First Peer-to-Peer (P2P) Application
Widely Accepted by the Internet PublicWidely Accepted by the Internet Public
May 1999 – Napster created by May 1999 – Napster created by Northeastern University students Shawn Northeastern University students Shawn Fanning and Sean Parker and takes the Fanning and Sean Parker and takes the college world by stormcollege world by stormDecember 7, 1999 – RIAA sues Napster December 7, 1999 – RIAA sues Napster on grounds of copyright infringementon grounds of copyright infringementApril 13, 2000 – Metallica files suit against April 13, 2000 – Metallica files suit against Napster and three universities for Napster and three universities for copyright infringementcopyright infringement
May 5, 2000 – Judge rules that Napster is May 5, 2000 – Judge rules that Napster is in violation of DMCAin violation of DMCAOctober 31, 2000 – Napster announces October 31, 2000 – Napster announces that it will partner with Bertelsmann AG to that it will partner with Bertelsmann AG to develop subscription-based distributiondevelop subscription-based distributionMarch 2001 – Napster attempts file March 2001 – Napster attempts file blocking and filtering techniques to blocking and filtering techniques to eliminate copyrighted material from eliminate copyrighted material from distributiondistribution
July 2001 – Judge orders Napster offline July 2001 – Judge orders Napster offline until copyrighted material is removed until copyrighted material is removed entirelyentirelyOctober 2001 – Napster begins self October 2001 – Napster begins self destructingdestructingMarch 2002 – Federal appeals court March 2002 – Federal appeals court orders Napster offlineorders Napster offlineSeptember 2002 – Judge blocks sale of September 2002 – Judge blocks sale of Napster to BertelsmannNapster to Bertelsmann
November 2002 – Roxio bought Napster’s November 2002 – Roxio bought Napster’s name and technology in bankruptcy name and technology in bankruptcy auction for $5Mauction for $5M
Napster may be gone, but it was only the Napster may be gone, but it was only the beginning…beginning…
What is the P2P Problem?What is the P2P Problem?
MP3
What is the P2P Problem?What is the P2P Problem?
MP3MP3MP3MP3MP3MP3MP3
What is the P2P Problem?What is the P2P Problem?More inbound than outbound trafficDouble-Humped Curve
What is the P2P Problem?What is the P2P Problem?Near 100% outbound utilization More evening activity
Steps to Managing P2P UseSteps to Managing P2P Use
Ignore the problemIgnore the problem
Management by written policyManagement by written policy
Port blockingPort blocking
Rate limitingRate limiting
Bandwidth quotasBandwidth quotas
QoSQoS
Ignore The ProblemIgnore The Problem
Disruptive to your legitimate usersDisruptive to your legitimate users
Consumes your expensive bandwidthConsumes your expensive bandwidth
Presents security exposuresPresents security exposures
Presents copyright issuesPresents copyright issues
Management by Written PolicyManagement by Written Policy
ThouShaltNot…
P2P
Port BlockingPort Blocking
Port blocking as a means to block P2P Port blocking as a means to block P2P applicationsapplications
Not effective for all P2P applicationsNot effective for all P2P applications
Some P2P apps use other well-known Some P2P apps use other well-known ports, such as port 80 (web)ports, such as port 80 (web)
Some P2P apps negotiate ports, so actual Some P2P apps negotiate ports, so actual ports used are not predictableports used are not predictable
Rate LimitingRate Limiting
Limit the abusing usersLimit the abusing users– Set limit on individual or total throughputSet limit on individual or total throughput
Limit the abusing applicationsLimit the abusing applications– Set limit on application throughputSet limit on application throughput
Rate LimitingRate Limiting
University of Arkansas ExperienceUniversity of Arkansas Experience– September 2001September 2001– Outbound Bandwidth at Max Most of DayOutbound Bandwidth at Max Most of Day– High Packet Drop RatesHigh Packet Drop Rates– Very Poor Internet PerformanceVery Poor Internet Performance– No One Was HappyNo One Was Happy
Rate LimitingRate Limiting
University of Arkansas ExperienceUniversity of Arkansas Experience– November 2001November 2001– Implemented Committed Access Rate (CAR) Implemented Committed Access Rate (CAR)
on Cisco 7507 Border Routeron Cisco 7507 Border Router– Limited Aggregate Dorm Traffic to 5 MbpsLimited Aggregate Dorm Traffic to 5 Mbps
UARK Internet Bandwidth
Blue LineOutboundTraffic
Green SolidInboundTraffic
Rate LimitingRate Limiting
University of Arkansas ExperienceUniversity of Arkansas Experience
UARK Internet Outbound Packet Rate
UARK Ping Statistics
Blue LineOutboundPacket Rate
Green SolidOutboundPacket Drops
Rate LimitingRate Limiting
University of Arkansas ExperienceUniversity of Arkansas Experience– Beware that some routers experience high Beware that some routers experience high
CPU utilizations and performance is degraded CPU utilizations and performance is degraded when rate limiting is being done.when rate limiting is being done.
Router CPU Utilization
RouterCPU usageincreased20% whenCAR wasenabled onCisco 7507
Bandwidth QuotasBandwidth Quotas
Bruce Curtis, North Dakota State Bruce Curtis, North Dakota State UniversityUniversity
Implemented bandwidth quotas for Implemented bandwidth quotas for residence hallsresidence halls
Every user is authenticated before they Every user is authenticated before they can use the networkcan use the network
Bandwidth utilization is measured via flow Bandwidth utilization is measured via flow data collected at border routerdata collected at border router
Bandwidth QuotasBandwidth Quotas
AuthenticationServer
Internet
1. User authenticates
FlowDataCollector
Bandwidth QuotasBandwidth QuotasFlowDataCollector2. User queued to use high-speed
Internet pipe
InternetAuthenticationServer
Bandwidth QuotasBandwidth QuotasFlowDataCollector
InternetAuthenticationServer
3. If user exceeds bandwidth quota, queued to use low-speed pipe
OverQuota!!!
Bandwidth QuotasBandwidth Quotas
Fair share quota established for every Fair share quota established for every useruser
300 MB per day300 MB per day
If limit exceeded, user is placed in a rate-If limit exceeded, user is placed in a rate-limiting pool (aggregate limit of 300 Kbps)limiting pool (aggregate limit of 300 Kbps)
About 15% of users regularly exceed limitAbout 15% of users regularly exceed limit
Limits are reset daily at 6:00 A.M.Limits are reset daily at 6:00 A.M.
Quality of ServiceQuality of Service
Use external device to manage traffic by Use external device to manage traffic by application or user or bothapplication or user or both
Build and apply policies about the way Build and apply policies about the way applications and users use bandwidthapplications and users use bandwidth
Quality of DisserviceQuality of Disservice
Quality of ServiceQuality of Service
Two major competitorsTwo major competitors– Packeteer PacketShaperPacketeer PacketShaper
– Allot NetEnforcerAllot NetEnforcer
Quality of ServiceQuality of Service
Internet
BorderRouter
Firewall
LAN
Quality of ServiceQuality of Service
Classify traffic by:Classify traffic by:– Application signatureApplication signature– ProtocolProtocol– Port numberPort number– SubnetSubnet– URLURL– Host nameHost name– LDAP host listLDAP host list– Diffserv settingDiffserv setting– 802.1p/q802.1p/q
– MPLS tagMPLS tag– IP precedence bitsIP precedence bits– IP or MAC addressIP or MAC address– Direction (in vs. out)Direction (in vs. out)– SourceSource– DestinationDestination– MIME typeMIME type– Web browserWeb browser– Oracle databaseOracle database
Quality of ServiceQuality of Service
Shape trafficShape traffic– Per application minimumPer application minimum– Per application maximumPer application maximum– Per session minimumPer session minimum– Per session maximumPer session maximum– Dynamic per-user minimum & maximumDynamic per-user minimum & maximum– TCP & UDP rate controlTCP & UDP rate control– DoS attack avoidanceDoS attack avoidance
Quality of ServiceQuality of Service
Sample configurationSample configuration– Group P2P apps (KaZaa, Morpheus, Group P2P apps (KaZaa, Morpheus,
eDonkey, BearShare, etc.) into one classeDonkey, BearShare, etc.) into one class– Limit the P2P class to 15% of capacity of Limit the P2P class to 15% of capacity of
inbound Internet linkinbound Internet link– Limit the P2P class to 5% of capacity of Limit the P2P class to 5% of capacity of
outbound Internet linkoutbound Internet link
PacketeerPacketeer
PacketeerPacketeer
PacketeerPacketeer
Packeteer PacketShaperPacketeer PacketShaper
SeriesSeries 15501550 25002500 45004500 65006500 85008500Max Throughput Max Throughput (Mbps)(Mbps)
22 1010 4545 100100 200200
Max ClassesMax Classes 256256 512512 512512 1,0241,024 2,0482,048
Max Dynamic Max Dynamic PartitionsPartitions
128128 512512 512512 5,0005,000 20,00020,000
Max Static PartitionsMax Static Partitions 128128 256256 256256 512512 1,0241,024
Max PoliciesMax Policies 256256 512512 512512 1,0241,024 2,0482,048
Max IP HostsMax IP Hosts 5,0005,000 10,00010,000 25,00025,000 25,00025,000 100,000100,000
Max IP FlowsMax IP Flows 7,5007,500 30,00030,000 75,00075,000 150,000150,000 300,000300,000
Allot NetEnforcerAllot NetEnforcerModel Bandwidth Pipes Policies Connections
AC-102/128 128 Kbps 128 1,024 6,000
AC-102/512 512 Kbps 128 1,024 6,000
AC-202/2M 2 Mbps 256 2,048 12,000
AC-202/10M 10 Mbps 512 2,048 20,000
AC-302 45 Mbps 1,024 4,096 64,000
AC-402 100 Mbps 1,024 4,096 96,000
AC-601 100 Mbps 2,048 8,192 128,000
AC-702 155 Mbps 2,048 8,192 128,000
AC-802 310 Mbps 2,048 8,192 128,000
ConclusionConclusion
P2P applications are here to stayP2P applications are here to stay
Legality and copyright issues aside, the Legality and copyright issues aside, the network bandwidth consumed can network bandwidth consumed can overwhelm most networksoverwhelm most networks
Management by decree may work in small Management by decree may work in small environments, but not large onesenvironments, but not large ones
Effective management techniques usually Effective management techniques usually involve bandwidth shaping or quotasinvolve bandwidth shaping or quotas
The EndThe End
Questions?Questions?