Title: Network Quotas for Individuals A better answer to the P2P bandwidth problem
1Network Quotas for Individuals A better answer
to the P2P bandwidth problem?
Bruce Curtis North Dakota State University
2NDSU Implemented a Usage Based Rate Limit System
- On April 2nd 2002 NDSU started testing a new (for
us) system for limiting bandwidth usage in our
residence halls.
3Back to Why?
- Looking back I guess that since day one I was
motivated by the idea of personal
accountability. I liked the principle that a
users actions should affect them more directly,
rather than have the pain of network slowness be
spread to the whole ResNet community.
4More Why?
- With this system we dont have to decide which
apps are mis-behaved. - We dont have to keep updating access-lists or
wait for vendors to update code to recognize the
latest P2P or other app. - It may just be a matter of time before P2P apps
start using random ports and/or encryption. - (Kazaa now is configured with a random port by
default. Blubster touts anonymity. Freenet
encryption?)
5- This will apply only to traffic going to or
coming from the Internet. On campus traffic, like
reading your Mail_at_NDSU e-mail or using
Blackboard, will not be counted nor will usage
between 200 AM and 600 AM. The bandwidth usage
will be reset daily at 600 AM. - If a resident exceeds their daily allocation,
they will be placed into a shared, limited pool
with other users that have exceeded their
allocation. They will not be disconnected they
will be sharing 300 kbps, which may be very slow
for the remainder of the day.
6The Network
7Information Flows
8 i1 and i2 traffic flows
9Original Implementation Details
- Track usage by ethernet number
- Add to CAR access lists every 5 minutes
- Rebuild CAR access lists from scratch hourly to
avoid limiting someone who inherited via DHCP an
IP number that is in the access lists.
10Changing Ethernet or IP
- Ethernet numbers in ResNet must be registered.
We use the NetReg package from Southwestern U.
Each ethernet number must be registered before it
can access the Internet. - Changing the IP number only helps for 5 minutes
until the access lists are updated from the usage
info and arp table. - Cross checks and countermeasures could be set up
monitor when these things are tried.
11Limiting Issues
- Our bandwidth target was 15 Mbps so we chose the
limited pool size to be 10 of that which is 1.5
Mbps. - We have 5 subnets.
- So 1.5 Mbps / 5 pools 300 kbps per pool
- In other words we sacrifice 1.5 Mbps to
discourteous users taking more than their share
of bandwidth. - If successful the quota should affect 10 of the
users and restrict them to using only 10 of the
bandwidth. (After reaching their quota)
12Picking the Numbers
- We postulated a bandwidth hungry but legitimate
educational activity for an estimated quota. - A video class offered via H.323 for an hour would
take 384 Kbps some overhead. - 500 Kbps 60 s/m 60 m/hr / 8 bits/byte 225
MB - We count both inbound and outbound data so 225
2 450 MB - Allowing for other daily traffic we picked 600 MB
as our initial quota for the test.
13(No Transcript)
1468
31
1513
61
16Before
There are about 500 AudioGalaxy users
Put in flowscan out graph and mention that about
500 users Are running audiogalaxy. But first
put in before and after outbound graphs.
17(No Transcript)
18Probation
- Implemented the concept of probation.
- If a student was over their quota yesterday their
traffic will be limited. But the probation rate
limits will be 5 times the quota rate limits. - Probation works well and keeps chronic offenders
under control which avoids reset spikes. - But it is complicated to explain to students.
19Quota reset spike
Smaller spikes
No spike
Transition to yesterdays quota scheme, kazaa
spikes on left, not on right
20Closeup of Kazaa Spikes
7 Mbps 60 s/m 15 m / 8 bits/byte 787.5
Mbytes Someone reached their quota in 15
minutes. Probation tends to smooth the spikes to
be wider and less tall.
21Tunnels
- The University of Waterloo evolved to a similar
situation in which on-campus traffic did not
count against a students quota. - They had a problem with tunnels. Students would
set up a tunnel to a computer on the main campus
and thus access the internet without affecting
their quota.
22Tunnels
- I dont believe that we will have the same
problem with tunnels. Our previous method was
more restrictive and we did not have a problem
with tunnels. - A large bump in P2P traffic from our main campus
would be easily spotted in our flowscan graphs. - (We have had no problems with tunnels,now the
most likely problem would be remote control of a
computer on our main campus.)
23Links to Info on Other Similar Systems
- University of Waterloo
- http//ist.uwaterloo.ca/cn/Residence/history.html
- http//ist.uwaterloo.ca/cn/Residence/rn-excess.htm
l - http//ist.uwaterloo.ca/cn/Residence/logic.html
- University of Texas
- http//resnet.utexas.edu/
- www.ncne.org/training/techs/2001/0128/presentation
s/ - 200101-kline1_files/v3_document.htm
- Dyband commercial product
- http//dyband.com/products/prodInfo/wp-ipTrafficMg
t.htm - Mayville State University
24Internet2 Campus Bandwidth Working Group
- Home Page
- http//cbm.internet2.edu/
- Matrix Link
- http//qos.internet2.edu/wg/cbm/cbm-matrix.html
25Changes and Updates
- Original
- Cisco 5000
- CAR
- Complexity in code
- Config by Telnet
- 5 Pools
- 12 Residence Halls
- Track usage by ethernet number
- Now
- Cisco 4000
- Policy Map/ Policing
- Complexity in config
- Config by FTP
- 1 Pool
- 13 Residence Halls
- Track usage by user id (multiple computers)
26Biggest Change From Students Point of View
- Lowered the Quota from 600 to 200 MegaBytes per
day Fall semester 2002 - Surprisingly users exceeding the quota stayed
about 10
27(No Transcript)
28External Changes
- Gone
- Audogalaxy,Scour,CuteMX
- New
- Blubster, Ares, Sharaza
29Problems
- MAC thieves/spoofers
- Using another person's MAC address
30NDSU Monthly i1 95th Percentile
31Future Possibilities
- Quota applied to Main Campus
- Differentiate Student, Faculty/Staff, Server
- Seperate Public ports (Wireless Project)
- By DHCP log info
32(No Transcript)
33(No Transcript)
34Abacast
35Nightime Quota
Compromised
36Thanks
- Brian Asker Our student who developed the web
pages with the quota meter on them. - John Underwood Our Help Desk and ResNet Manager
who provided valuable input, feedback and I stole
the free cable joke from him.
37 - In email Marty Hoag mentioned that we should tell
the students - The good news is that we are no longer filtering
on content. The bad news is that you are
accountable for your usage. -)