cariboo
join:2005-04-26
Schefferville, QC
| Which web services (like kazza) should I block ? First post. I'm working on starting up a wifi network in my small town (not more than about 1 km from the access point in any direction, not more than 50 users max at any one time. Maybe 250 accounts max.
Flat terrain, no trees at all.
Any way, none of that is probably relevant to my queston here Just wanting to know which services (Kazza for example) can really bog down the system for everyone. please give me specific ones that have caused problems. I plan to block them with some kind of Hotspot controller (DSA 3100?) and are there such things as "mirror sites" that tricky 14 yr olds could use to get around my blocks? (forgive me, just starting out.) | |
|
 snowpro2000
join:2004-06-13
Canada | Re: Which web services (like kazza) should I block ? Sorry to be off topic here but is dsl available in a remote area like Schefferville. A quick check on my end shows no dsl for...like hundreds of miles from your place. Correct me if I am wrong.
thanks
Paul | |
|
 | cariboo
join:2005-04-26
Schefferville, QC | Re: Which web services (like kazza) should I block I'll take care of that little problem. Got any suggestions to my question? | |
|
Semaphore
Premium
join:2003-11-18
Arnprior On.
| Why not just rate limit them ? The problem with blocking the native ports/protocols used by most P2P stuff is that it's adaptive... they will find away around an outright block. Everytime. Guaranteed. Why not allow it and either compensate with Usage caps, and $$ penalties for over use, or rate limit user connections with WRED or some shaper like Microtik or M0n0wall ? | |
|
Chele
join:2003-07-23
| Rate limiting is not enough! Three customers going full speed dowloading stuff will bring your network to its knees. Even if you limit their bandwidth, this is the voice of experience talking! You should not block P2P, you should shape it. Bandwidth Arbitrator, StarOs, & Microtik, among others, will let you control/shape P2P traffic. Your customers are paying for access to the Internet, and (in my mind) P2P is part of what the customer is paying for. I know of an ISP that is blocking everything except web browsing/email, to me, that is not fair to the customer. | |
|
| cariboo
join:2005-04-26
Schefferville, QC
| Re: Which web services (like kazza) should I block said by Chele  :...Your customers are paying for access to the Internet, and (in my mind) P2P is part of what the customer is paying for. I know of an ISP that is blocking everything except web browsing/email, to me, that is not fair to the customer. Unless I explain what I am blocking before they purchase, then my customers are paying for access to "the internet" as I define it. I will be doing no one any favors by letting 1 or 2 users screw service for all the other paying customers. I just want to block the worst offenders and cheaply if possible since this is such a micro project. | |
|
| | 
bito
Premium
join:2001-10-08
Atlanta, GA
| Re: Which web services (like kazza) should I block MicroTik has the ability to do inspection and flag/limit P2P traffic, if I remember correctly. I know several on this board who use it to do so.
You have to inspect the traffic patterns because even if you block the primary ports, it will hop over to an unused port. Or, if you make it really cranky, it will hop over on 80, at that point in gets ugly 
Caleb | |
|
| |
Semaphore
Premium
join:2003-11-18
Arnprior On.
| I agree with Caleb - we see port 80 P2P at work - LOTS, because we deliberately (wrongly) try to block some of the "known copyright violation" software - hey don't blame me for the label.... I'm not management .
I think Rate limiting with WRED is effective and does a pretty damn fine job of control while allowing for short bursts. Give them 15 seconds and then scale them back.Put priority queues on VOIP (if you're doing that) HTTP/HTTPS, ICMP, DNS, and anything else that's known to be 'interactive', but keep even those queues shallow so that can't be stolen by huge P2P and let the B/W hogs get the REALLY shallow buckets with the steepest discard rates. Or you can setup PFQ and evenly share whatever's available at the time within the pipe.
A shaper's good, but if all you have is a router at the POP then Weighted Random Early Discard is not so bad. | |
|
| anoclon
join:2004-10-12
Guatemala
| said by Chele :You should not block P2P, you should shape it. Bandwidth Arbitrator, StarOs, & Microtik, among others, will let you control/shape P2P traffic. Do you know any other similar software for a windows base server that can control/shape P2P traffic? | |
|
Chele
join:2003-07-23
| We had one that was Windows based, it would limit the bandwidth, but not shape it. I think it was Brylan(Brilan?), It was better than nothing. However, once we installed BandwidthArbitrator(*nix), it was night and day. On the Brilan, we had to manually adjust the bandwidth to the ones that were hogging the line. Arbi(as they call it), took us about 20 minutes to get it running out of the box. It runs on a Pentium II, 400MHZ, with 128 of ram. You burn the ISO on a CD, and the PC boots from the CD. We bought Arbi when they firs came out with it, it costs us $159, and soon they started jacking up the price. It went to about $700 within a few weeks, and now they only sell it as an appliance($1800 or so). They offer a free version(Linux license), from what I understand, you lose some of the graphical features/reporting. But the bulk of the features are available in the free version. Some of the best $159 we have spent!! | |
|
| robbin
Premium,MVM
join:2000-09-21
Leander, TX
| Re: Which web services (like kazza) should I block said by Chele :...and now they only sell it as an appliance($1800 or so)... I heard they had a cheaper version out now? | |
|
harvSki
Premium
join:2004-03-09
Suffolk, UK
| We use Mikrotik and shape the p2p traffic during the day and take the limits off in the dead of night. I've set it up for serveral ISPs as a transparent bridge so you just pop it into your internet pipe and it starts shaping. Seems OK on a pentium 233 64Mb RAM with 2mbps throughput 10% CPU. | |
|
harvSki
Premium
join:2004-03-09
Suffolk, UK
| We use Mikrotik and shape the p2p traffic during the day and take the limits off in the dead of night. I've set it up for serveral ISPs as a transparent bridge so you just pop it into your internet pipe and it starts shaping. Seems OK on a pentium 233 64Mb RAM with 2mbps throughput much less than 10% CPU. | |
|
shamanfk
join:2001-03-12
Fort Kent, ME
| You should not block traffic (except malware)and shaping the whole pipe is the best solution as previously mentioned,,(MikroTik fan)
one thing that has been overlooked here is that any device which limits/shapes P2P traffic is "dumb" as is can not detect the difference between illegal P2P traffic and legal "paid" P2P,,
as more people use the legal paid services you will run into problems if you are blocking them.
you are selling bandwidth not taking responsibility for content.
--
Success is getting what you want; Happiness is wanting what you get. | |
|
|
|
bito
Premium
join:2001-10-08
Atlanta, GA
| Re: Interesting Article On BitTorrent Slightly OT:
Back when BT first started coming out, I tried running it over our 1M SDSL line at the time. The line could handle it, but damn if it didn't completely hose up every router I could swap out down there. I am glad they have made the progress they have. | |
|
snowpro2000
join:2004-06-13
Canada
| Cariboo:
The reason I was asking how you intend to get dsl up there is that I also have some remote areas that I would like to cover.
I thought this forum existed to share knowledge and expertise.
I guess folks that far North do this differently.
If you are afraid of competitors moving in on your turf (or snow drift) perhaps you should keep your location a secret.
Paul | |
|
| cariboo
join:2005-04-26
Schefferville, QC
| Re: Which web services (like kazza) should I block said by snowpro2000 :Cariboo: The reason I was asking how you intend to get dsl up there... First of all, you didn't ask me 'how' I intended to get dsl up here, you asked me:
said by snowpro2000 :is dsl available in a remote area like Schefferville. A quick check on my end shows no dsl for...like hundreds of miles from your place. Secondly, to your comment:
said by snowpro2000 :I thought this forum existed to share knowledge and expertise. I began this thread asking for help, knowledge, expertise. A lot of good people have posted a lot of useful information, which I have been digesting, that is why I hadn't yet thanked them, but I am thankful.
You, on the other hand, have not offered anything but an off topic question followed up by a strangely sarcastic attitude when you didn't get an off topic answer to your satisfaction.
Why would I want to share any info with someone who shifts into insult mode so easily/quickly?
Sorry to everyone else for this off topic reply, this thread has been otherwise very informative and I thank you. | |
|
| | 
superdog
I Need A Drink
Premium,MVM
join:2001-07-13
Lebanon, PA
| Re: Which web services (like kazza) should I block said by cariboo :You, on the other hand, have not offered anything but an off topic question followed up by a strangely sarcastic attitude While I should probably stay out of this, I also found Your answer to the original question by snopro2000 to be maybe a bit short?
said by cariboo :I'll take care of that little problem. Got any suggestions to my question? Off topic posts do happen occasionally here(OK, all the time:D ), but I do think that perhaps both of You should stop, sit back and look in the mirror, and ponder how this thread truly got off topic completely, instead of only partly.:) It would have taken about 3 seconds to say, "I am setting up a WISP dude, no DSL" and then move on. And maybe snowpro2000 could have sent an IM and asked You about it?. I know that I am not perfect or I would have stayed out of this in the first place  , I just want You guys to be "Happy posters" here at DSL Reports;)
--
»www.wavecrazy.net Join WISPA today! »www.wispa.org/ | |
|
| | | cariboo
join:2005-04-26
Schefferville, QC | Re: Which web services (like kazza) should I block I'm more than happy with the quality of this forum, It seems to be a fantastic place ! | |
|
snowpro2000
join:2004-06-13
Canada
| I'm back..
Let's put this fire out before it gets out of hand!
While I did not think that my original question was sarcastic in any way shape or form, I guess we all look at things in a different way.
I'm ready to kiss and make up as long as you are a blond, blue eyed female with a body to die for. Sorry If you were offended but I did not appreciate the way your response was worded. I am often told that I am too sensitive.
Does that mean I can cancel the order I just placed on that new snowmobile? (just kidding!).
Life would be boring around here without things like this happening.
Paul | |
|
bilbo4fun
Premium
join:2002-02-18
Camden, SC
 ·Windstream
| Having been where you are I wouldn't block any ports. Too many calls with Internet problems and after much time on phone you find out they can surf and email fine, it's there file sharing program. I used Microtik and looked every morning at the queues and saw who the highest users where. I would throttle them down there. I had 4 users i cut down to 64000kbps and they never said a thing about speed. A few heavy abusers I would slow down more..they did call and I told them my software saw abnormal usage and throttled them down. Do you have a virus or do file sharing? I then explained the facts of life and everything worked out. In my opinion leaving everything open, give new users a 10 day or so honeymoon period, then throttle down abusers is the way to go.
--
Have you played Tradewars today? I miss the old BBS days. | |
|
|
shamanfk
join:2001-03-12
Fort Kent, ME
| Re: Which web services (like kazza) should I block ? One of the advantages of Mikrotik is that you can burst each connection,,so we identify the abusers and allow them to burst to their full speed for 75 seconds (enough to download 8MBs and do a speed check) then throttle them down a notch and they must go lower for awhile until they can burst again.
We also throttle the upload when we find a kazaa/napster user who leaves the program on and takes the entire allotted u/l bandwidth for extended periods of time--so we cut those in half after 75 seconds,,,,we have not had one complaint from customers and have freed up bandwidth to allow more webhosting/CPE's on the T1.
at this point we have not prioritized the whole pipe with bandwidth management but have 75 clients on a T1.
I am looking to engineer/integrate a bandwidth management configuration/solution this summer/fall which should bring us to 100 users on a single T1.
--
Success is getting what you want; Happiness is wanting what you get. | |
|
| cariboo
join:2005-04-26
Schefferville, QC | Re: Which web services (like kazza) should I block Thanks bilbo4fun! I appreciate the help/advice. I'm thinking Mikrotik is the way to go now.
Thanks to shamanfk too! | |
|
|
|
|
