This p2p is always going to be a pain. p2p will always advance and create new ways to avoid shaping. layer 7 can only do so much but is based on static principles. the new generation will need and have to be bandwidth arbitration. a real-time way to see concurrent conncections/sec, traffic usage down and up, destination hosts, and give it the lowest priority.
So far, ZEROSHELL has been, THE ONLY, only open-source software/hardware based piece to come close to doing this, THANK YOU FULVIO FROM THE BOTTOM OF MY HEART, … that I know of…
Again p2p will always come up with new ways, and have a default of encryption from now on, especially now since bittorrent/utorrent 2.0 (torrentfreak) is coming out, and cause issues for everyone. But… if this helps…
I’ve found the best way to find the most active host(s) on a network is with NTOP first, then iptraf, whichever you’d like if that helps. Then apply a pipe or class in ZS* with DSCP of 0 w/ BE, 0BE, to give lowest priority. Then make a classifier for that pipe with the port in question, apply the DSCP with 0BE and the class specified.
I’ve found, if this helps, on a bridge NIC ZS box… A bridged NIC, Wan – LAN, the LAN NIC is the destination IP/mask on the classifier, and for the download, the upload will be the source/ip range. I found that to be quick, yet, confusing at first.
Again p2p will always port hop and such, but until something comes by to almost AI (Artifical Intelligence) it’s way, to see mass connections on obscure connections, random port hops, and judge what to do by itself, we will need ZS, NTOP, and IPTRAF!!!
On a side note, Google OSSIM, for an open-source OSSIM (Open Source Security Information Management). This software will use bleeding edge snort rules, THANK YOU FULVIO FOR IMPLEMENTING SNORT, to see what I have found on an ISP, “DHT P2P”, and “P2P downloading” signatures daily. If there was only a way to implement a way into ZS a way to deny, or such, these signature, that would be another way to balance bandwidth, and have p2p co-exist.
I know p2p is evil-yet-good, but it looks like it is here to stay, and we should find a way to co-exist, with some kind of balance.
I use a dual 2.6 xeon, 4-core, and snort is quite high, around 80% with 4 gigs of ram… Though quite high, but insanely quite worth it… considering…
That’d be great if there was a way to include snort into the gui, such as the with the Command Line Interaface of… “http://samiux.wordpress.com/2008/12/05/howto-intrusion-prevention-system-ips-with-zeroshell-easyids-and-guardian/”
This way you could drop anything that is seen as DHT or P2P… hmmm..!!!