Managing P2P Applications or Where Did My Internet Bandwidth Go? David L. Merrifield University of Arkansas June 19, 2003

The First Peer-to-Peer (P2P) Application Widely Accepted by the Internet Public

May 1999 – Napster created by Northeastern University students Shawn Fanning and Sean Parker and takes the college world by storm December 7, 1999 – RIAA sues Napster on grounds of copyright infringement April 13, 2000 – Metallica files suit against Napster and three universities for copyright infringement

May 5, 2000 – Judge rules that Napster is in violation of DMCA October 31, 2000 – Napster announces that it will partner with Bertelsmann AG to develop subscription-based distribution March 2001 – Napster attempts file blocking and filtering techniques to eliminate copyrighted material from distribution

July 2001 – Judge orders Napster offline until copyrighted material is removed entirely October 2001 – Napster begins self destructing March 2002 – Federal appeals court orders Napster offline September 2002 – Judge blocks sale of Napster to Bertelsmann

November 2002 – Roxio bought Napster’s name and technology in bankruptcy auction for $5M Napster may be gone, but it was only the beginning…

What is the P2P Problem? MP3

What is the P2P Problem? MP3

What is the P2P Problem? More inbound than outbound traffic Double-Humped Curve

What is the P2P Problem? Near 100% outbound utilizationMore evening activity

Steps to Managing P2P Use Ignore the problem Management by written policy Port blocking Rate limiting Bandwidth quotas QoS

Ignore The Problem Disruptive to your legitimate users Consumes your expensive bandwidth Presents security exposures Presents copyright issues

Management by Written Policy Thou Shalt Not… P2P

Port Blocking Port blocking as a means to block P2P applications Not effective for all P2P applications Some P2P apps use other well-known ports, such as port 80 (web) Some P2P apps negotiate ports, so actual ports used are not predictable

Rate Limiting Limit the abusing users –Set limit on individual or total throughput Limit the abusing applications –Set limit on application throughput

Rate Limiting University of Arkansas Experience –September 2001 –Outbound Bandwidth at Max Most of Day –High Packet Drop Rates –Very Poor Internet Performance –No One Was Happy

Rate Limiting University of Arkansas Experience –November 2001 –Implemented Committed Access Rate (CAR) on Cisco 7507 Border Router –Limited Aggregate Dorm Traffic to 5 Mbps UARK Internet Bandwidth Blue Line Outbound Traffic Green Solid Inbound Traffic

Rate Limiting University of Arkansas Experience UARK Internet Outbound Packet Rate UARK Ping Statistics Blue Line Outbound Packet Rate Green Solid Outbound Packet Drops

Rate Limiting University of Arkansas Experience –Beware that some routers experience high CPU utilizations and performance is degraded when rate limiting is being done. Router CPU Utilization Router CPU usage increased 20% when CAR was enabled on Cisco 7507

Bandwidth Quotas Bruce Curtis, North Dakota State University Implemented bandwidth quotas for residence halls Every user is authenticated before they can use the network Bandwidth utilization is measured via flow data collected at border router

Bandwidth Quotas Authentication Server Internet 1. User authenticates Flow Data Collector

Bandwidth Quotas Flow Data Collector 2. User queued to use high-speed Internet pipe Internet Authentication Server

Bandwidth Quotas Flow Data Collector Internet Authentication Server 3. If user exceeds bandwidth quota, queued to use low-speed pipe Over Quota!!!

Bandwidth Quotas Fair share quota established for every user 300 MB per day If limit exceeded, user is placed in a rate- limiting pool (aggregate limit of 300 Kbps) About 15% of users regularly exceed limit Limits are reset daily at 6:00 A.M.

Quality of Service Use external device to manage traffic by application or user or both Build and apply policies about the way applications and users use bandwidth Quality of Disservice

Quality of Service Two major competitors –Packeteer PacketShaper –Allot NetEnforcer

Quality of Service Internet Border Router Firewall LAN

Quality of Service Classify traffic by: –Application signature –Protocol –Port number –Subnet –URL –Host name –LDAP host list –Diffserv setting –802.1p/q –MPLS tag –IP precedence bits –IP or MAC address –Direction (in vs. out) –Source –Destination –MIME type –Web browser –Oracle database

Quality of Service Shape traffic –Per application minimum –Per application maximum –Per session minimum –Per session maximum –Dynamic per-user minimum & maximum –TCP & UDP rate control –DoS attack avoidance

Quality of Service Sample configuration –Group P2P apps (KaZaa, Morpheus, eDonkey, BearShare, etc.) into one class –Limit the P2P class to 15% of capacity of inbound Internet link –Limit the P2P class to 5% of capacity of outbound Internet link

Packeteer

Packeteer

Packeteer

Packeteer PacketShaper Series Max Throughput (Mbps) Max Classes ,0242,048 Max Dynamic Partitions ,00020,000 Max Static Partitions ,024 Max Policies ,0242,048 Max IP Hosts 5,00010,00025,00025,000100,000 Max IP Flows 7,50030,00075,000150,000300,000

Allot NetEnforcer ModelBandwidthPipesPoliciesConnections AC-102/ Kbps1281,0246,000 AC-102/ Kbps1281,0246,000 AC-202/2M2 Mbps2562,04812,000 AC-202/10M10 Mbps5122,04820,000 AC Mbps1,0244,09664,000 AC Mbps1,0244,09696,000 AC Mbps2,0488,192128,000 AC Mbps2,0488,192128,000 AC Mbps2,0488,192128,000

Conclusion P2P applications are here to stay Legality and copyright issues aside, the network bandwidth consumed can overwhelm most networks Management by decree may work in small environments, but not large ones Effective management techniques usually involve bandwidth shaping or quotas

The End Questions?