cariboo
join:2005-04-26
Schefferville, QC
| Which web services (like kazza) should I block ?
First post. I'm working on starting up a wifi network in my small town (not more than about 1 km from the access point in any direction, not more than 50 users max at any one time. Maybe 250 accounts max.
Flat terrain, no trees at all.
Any way, none of that is probably relevant to my queston here Just wanting to know which services (Kazza for example) can really bog down the system for everyone. please give me specific ones that have caused problems. I plan to block them with some kind of Hotspot controller (DSA 3100?) and are there such things as "mirror sites" that tricky 14 yr olds could use to get around my blocks? (forgive me, just starting out.) |
|
snowpro2000
join:2004-06-13
Canada | Sorry to be off topic here but is dsl available in a remote area like Schefferville. A quick check on my end shows no dsl for...like hundreds of miles from your place. Correct me if I am wrong.
thanks
Paul |
|
cariboo
join:2005-04-26
Schefferville, QC | Re: Which web services (like kazza) should I block
I'll take care of that little problem. Got any suggestions to my question? |
|
Semaphore
Premium
join:2003-11-18
Arnprior On.
| reply to cariboo
Re: Which web services (like kazza) should I block ?
Why not just rate limit them ? The problem with blocking the native ports/protocols used by most P2P stuff is that it's adaptive... they will find away around an outright block. Everytime. Guaranteed. Why not allow it and either compensate with Usage caps, and $$ penalties for over use, or rate limit user connections with WRED or some shaper like Microtik or M0n0wall ? |
|
Chele
join:2003-07-23
| reply to cariboo
Re: Which web services (like kazza) should I block
Rate limiting is not enough! Three customers going full speed dowloading stuff will bring your network to its knees. Even if you limit their bandwidth, this is the voice of experience talking! You should not block P2P, you should shape it. Bandwidth Arbitrator, StarOs, & Microtik, among others, will let you control/shape P2P traffic. Your customers are paying for access to the Internet, and (in my mind) P2P is part of what the customer is paying for. I know of an ISP that is blocking everything except web browsing/email, to me, that is not fair to the customer. |
|
cariboo
join:2005-04-26
Schefferville, QC
| said by Chele  :...Your customers are paying for access to the Internet, and (in my mind) P2P is part of what the customer is paying for. I know of an ISP that is blocking everything except web browsing/email, to me, that is not fair to the customer. Unless I explain what I am blocking before they purchase, then my customers are paying for access to "the internet" as I define it. I will be doing no one any favors by letting 1 or 2 users screw service for all the other paying customers. I just want to block the worst offenders and cheaply if possible since this is such a micro project. |
|
bito
Premium
join:2001-10-08
Atlanta, GA
| MicroTik has the ability to do inspection and flag/limit P2P traffic, if I remember correctly. I know several on this board who use it to do so.
You have to inspect the traffic patterns because even if you block the primary ports, it will hop over to an unused port. Or, if you make it really cranky, it will hop over on 80, at that point in gets ugly 
Caleb |
|
Semaphore
Premium
join:2003-11-18
Arnprior On.
| reply to cariboo
I agree with Caleb - we see port 80 P2P at work - LOTS, because we deliberately (wrongly) try to block some of the "known copyright violation" software - hey don't blame me for the label.... I'm not management .
I think Rate limiting with WRED is effective and does a pretty damn fine job of control while allowing for short bursts. Give them 15 seconds and then scale them back.Put priority queues on VOIP (if you're doing that) HTTP/HTTPS, ICMP, DNS, and anything else that's known to be 'interactive', but keep even those queues shallow so that can't be stolen by huge P2P and let the B/W hogs get the REALLY shallow buckets with the steepest discard rates. Or you can setup PFQ and evenly share whatever's available at the time within the pipe.
A shaper's good, but if all you have is a router at the POP then Weighted Random Early Discard is not so bad. |
|
anoclon
join:2004-10-12
Guatemala
| reply to Chele
said by Chele :You should not block P2P, you should shape it. Bandwidth Arbitrator, StarOs, & Microtik, among others, will let you control/shape P2P traffic. Do you know any other similar software for a windows base server that can control/shape P2P traffic? |
|
Chele
join:2003-07-23
| reply to cariboo
We had one that was Windows based, it would limit the bandwidth, but not shape it. I think it was Brylan(Brilan?), It was better than nothing. However, once we installed BandwidthArbitrator(*nix), it was night and day. On the Brilan, we had to manually adjust the bandwidth to the ones that were hogging the line. Arbi(as they call it), took us about 20 minutes to get it running out of the box. It runs on a Pentium II, 400MHZ, with 128 of ram. You burn the ISO on a CD, and the PC boots from the CD. We bought Arbi when they firs came out with it, it costs us $159, and soon they started jacking up the price. It went to about $700 within a few weeks, and now they only sell it as an appliance($1800 or so). They offer a free version(Linux license), from what I understand, you lose some of the graphical features/reporting. But the bulk of the features are available in the free version. Some of the best $159 we have spent!! |
|
robbin
Premium,MVM
join:2000-09-21
Leander, TX
| said by Chele :...and now they only sell it as an appliance($1800 or so)... I heard they had a cheaper version out now? |
|
harvSki
Premium
join:2004-03-09
Suffolk, UK
| reply to cariboo
We use Mikrotik and shape the p2p traffic during the day and take the limits off in the dead of night. I've set it up for serveral ISPs as a transparent bridge so you just pop it into your internet pipe and it starts shaping. Seems OK on a pentium 233 64Mb RAM with 2mbps throughput 10% CPU. |
|
harvSki
Premium
join:2004-03-09
Suffolk, UK
| reply to cariboo
We use Mikrotik and shape the p2p traffic during the day and take the limits off in the dead of night. I've set it up for serveral ISPs as a transparent bridge so you just pop it into your internet pipe and it starts shaping. Seems OK on a pentium 233 64Mb RAM with 2mbps throughput much less than 10% CPU. |
|
shamanfk
join:2001-03-12
Fort Kent, ME
| reply to cariboo
Re: Which web services (like kazza) should I block ?
You should not block traffic (except malware)and shaping the whole pipe is the best solution as previously mentioned,,(MikroTik fan)
one thing that has been overlooked here is that any device which limits/shapes P2P traffic is "dumb" as is can not detect the difference between illegal P2P traffic and legal "paid" P2P,,
as more people use the legal paid services you will run into problems if you are blocking them.
you are selling bandwidth not taking responsibility for content.
--
Success is getting what you want; Happiness is wanting what you get. |
|
John Galt
Forward, March
Premium
join:2004-09-30
Happy Camp | reply to cariboo
Interesting Article On BitTorrent
This article offers some insight on how BT works, and why it causes the problems that it does...
»www.pam2004.org/papers/148.pdf
--
A is A |
|
bito
Premium
join:2001-10-08
Atlanta, GA
| Slightly OT:
Back when BT first started coming out, I tried running it over our 1M SDSL line at the time. The line could handle it, but damn if it didn't completely hose up every router I could swap out down there. I am glad they have made the progress they have. |
|
snowpro2000
join:2004-06-13
Canada
| reply to cariboo
Re: Which web services (like kazza) should I block ?
Cariboo:
The reason I was asking how you intend to get dsl up there is that I also have some remote areas that I would like to cover.
I thought this forum existed to share knowledge and expertise.
I guess folks that far North do this differently.
If you are afraid of competitors moving in on your turf (or snow drift) perhaps you should keep your location a secret.
Paul |
|
cariboo
join:2005-04-26
Schefferville, QC
| Re: Which web services (like kazza) should I block
said by snowpro2000 :Cariboo: The reason I was asking how you intend to get dsl up there... First of all, you didn't ask me 'how' I intended to get dsl up here, you asked me:
said by snowpro2000 :is dsl available in a remote area like Schefferville. A quick check on my end shows no dsl for...like hundreds of miles from your place. Secondly, to your comment:
said by snowpro2000 :I thought this forum existed to share knowledge and expertise. I began this thread asking for help, knowledge, expertise. A lot of good people have posted a lot of useful information, which I have been digesting, that is why I hadn't yet thanked them, but I am thankful.
You, on the other hand, have not offered anything but an off topic question followed up by a strangely sarcastic attitude when you didn't get an off topic answer to your satisfaction.
Why would I want to share any info with someone who shifts into insult mode so easily/quickly?
Sorry to everyone else for this off topic reply, this thread has been otherwise very informative and I thank you. |
|
superdog
I Need A Drink
Premium,MVM
join:2001-07-13
Lebanon, PA
| said by cariboo :You, on the other hand, have not offered anything but an off topic question followed up by a strangely sarcastic attitude While I should probably stay out of this, I also found Your answer to the original question by snopro2000 to be maybe a bit short?
said by cariboo :I'll take care of that little problem. Got any suggestions to my question? Off topic posts do happen occasionally here(OK, all the time:D ), but I do think that perhaps both of You should stop, sit back and look in the mirror, and ponder how this thread truly got off topic completely, instead of only partly.:) It would have taken about 3 seconds to say, "I am setting up a WISP dude, no DSL" and then move on. And maybe snowpro2000 could have sent an IM and asked You about it?. I know that I am not perfect or I would have stayed out of this in the first place  , I just want You guys to be "Happy posters" here at DSL Reports;)
--
»www.wavecrazy.net Join WISPA today! »www.wispa.org/ |
|
cariboo
join:2005-04-26
Schefferville, QC | I'm more than happy with the quality of this forum, It seems to be a fantastic place ! |
|
