Slowing down p2p traffic with L7 or other methods

Home Page Forums Network Management ZeroShell Slowing down p2p traffic with L7 or other methods

This topic contains 6 replies, has 0 voices, and was last updated by  cozzi@nd.edu 3 years, 6 months ago.

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #40972

    cozzi@nd.edu
    Member

    I have an Intel box with two gigabit interfaces. ETH1 on the
    outside and ETH0 on the inside. No iptables rules have been
    applied. I am using version 1.0 beta9 from a CD image and
    database on a usb flash device.

    Intentionally I have set up a system on the inside with BitTorrent
    v 6.0.3 running on windows XP.

    Right now I am trying to understand how to limit the uploading
    (outbound) traffic from this system via the classifier rules.
    Next will be the downloading issue.
    For example:
    MARK all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 LAYER7 l7proto bittorrent MARK set 0x10
    OR:
    MARK all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 ipp2p v0.8.2 –bit MARK set 0x10

    Basically, I want to “slowdown” anything p2p or in this case
    Bittorrent, however, the qos class manager has 50kb/s set for this
    classification, the bittorrent system is eating up all the bandwidth.

    Any idea how to do this?

    Thanks for any help

    –marc

    #46322

    cozzi@nd.edu
    Member

    I should add to this, that the bittorrent client
    is NOT encrypted.

    thanks
    😕

    #46323

    aeronet
    Member

    I also have the same problem. Don´t know how tu slow down the bittorrent. I will appreciate some help.

    #46324

    AtroposX
    Member

    This p2p is always going to be a pain. p2p will always advance and create new ways to avoid shaping. layer 7 can only do so much but is based on static principles. the new generation will need and have to be bandwidth arbitration. a real-time way to see concurrent conncections/sec, traffic usage down and up, destination hosts, and give it the lowest priority.

    So far, ZEROSHELL has been, THE ONLY, only open-source software/hardware based piece to come close to doing this, THANK YOU FULVIO FROM THE BOTTOM OF MY HEART, … that I know of…

    Again p2p will always come up with new ways, and have a default of encryption from now on, especially now since bittorrent/utorrent 2.0 (torrentfreak) is coming out, and cause issues for everyone. But… if this helps…

    I’ve found the best way to find the most active host(s) on a network is with NTOP first, then iptraf, whichever you’d like if that helps. Then apply a pipe or class in ZS* with DSCP of 0 w/ BE, 0BE, to give lowest priority. Then make a classifier for that pipe with the port in question, apply the DSCP with 0BE and the class specified.

    I’ve found, if this helps, on a bridge NIC ZS box… A bridged NIC, Wan – LAN, the LAN NIC is the destination IP/mask on the classifier, and for the download, the upload will be the source/ip range. I found that to be quick, yet, confusing at first.

    Again p2p will always port hop and such, but until something comes by to almost AI (Artifical Intelligence) it’s way, to see mass connections on obscure connections, random port hops, and judge what to do by itself, we will need ZS, NTOP, and IPTRAF!!!

    On a side note, Google OSSIM, for an open-source OSSIM (Open Source Security Information Management). This software will use bleeding edge snort rules, THANK YOU FULVIO FOR IMPLEMENTING SNORT, to see what I have found on an ISP, “DHT P2P”, and “P2P downloading” signatures daily. If there was only a way to implement a way into ZS a way to deny, or such, these signature, that would be another way to balance bandwidth, and have p2p co-exist.

    I know p2p is evil-yet-good, but it looks like it is here to stay, and we should find a way to co-exist, with some kind of balance.

    I use a dual 2.6 xeon, 4-core, and snort is quite high, around 80% with 4 gigs of ram… Though quite high, but insanely quite worth it… considering…

    That’d be great if there was a way to include snort into the gui, such as the with the Command Line Interaface of… “http://samiux.wordpress.com/2008/12/05/howto-intrusion-prevention-system-ips-with-zeroshell-easyids-and-guardian/”

    This way you could drop anything that is seen as DHT or P2P… hmmm..!!!

    #46325

    Anonymous
    Member

    DELETED

    #46326

    krishnaraj
    Member

    I tried what you have said but still it didnt work. If this works fine then guys i will tell Zeroshell is the best i have ever worked with. Thanks ZS team for a wonderful work.

    @atroposx wrote:

    This p2p is always going to be a pain. p2p will always advance and create new ways to avoid shaping. layer 7 can only do so much but is based on static principles. the new generation will need and have to be bandwidth arbitration. a real-time way to see concurrent conncections/sec, traffic usage down and up, destination hosts, and give it the lowest priority.

    So far, ZEROSHELL has been, THE ONLY, only open-source software/hardware based piece to come close to doing this, THANK YOU FULVIO FROM THE BOTTOM OF MY HEART, … that I know of…

    Again p2p will always come up with new ways, and have a default of encryption from now on, especially now since bittorrent/utorrent 2.0 (torrentfreak) is coming out, and cause issues for everyone. But… if this helps…

    I’ve found the best way to find the most active host(s) on a network is with NTOP first, then iptraf, whichever you’d like if that helps. Then apply a pipe or class in ZS* with DSCP of 0 w/ BE, 0BE, to give lowest priority. Then make a classifier for that pipe with the port in question, apply the DSCP with 0BE and the class specified.

    I’ve found, if this helps, on a bridge NIC ZS box… A bridged NIC, Wan – LAN, the LAN NIC is the destination IP/mask on the classifier, and for the download, the upload will be the source/ip range. I found that to be quick, yet, confusing at first.

    Again p2p will always port hop and such, but until something comes by to almost AI (Artifical Intelligence) it’s way, to see mass connections on obscure connections, random port hops, and judge what to do by itself, we will need ZS, NTOP, and IPTRAF!!!

    On a side note, Google OSSIM, for an open-source OSSIM (Open Source Security Information Management). This software will use bleeding edge snort rules, THANK YOU FULVIO FOR IMPLEMENTING SNORT, to see what I have found on an ISP, “DHT P2P”, and “P2P downloading” signatures daily. If there was only a way to implement a way into ZS a way to deny, or such, these signature, that would be another way to balance bandwidth, and have p2p co-exist.

    I know p2p is evil-yet-good, but it looks like it is here to stay, and we should find a way to co-exist, with some kind of balance.

    I use a dual 2.6 xeon, 4-core, and snort is quite high, around 80% with 4 gigs of ram… Though quite high, but insanely quite worth it… considering…

    That’d be great if there was a way to include snort into the gui, such as the with the Command Line Interaface of… “http://samiux.wordpress.com/2008/12/05/howto-intrusion-prevention-system-ips-with-zeroshell-easyids-and-guardian/”

    This way you could drop anything that is seen as DHT or P2P… hmmm..!!!

    #46327

    janmoys
    Member

    DROP all — 192.168.2.94 anywhere LAYER7 l7proto rtp
    DROP all — 192.168.2.94 anywhere LAYER7 l7proto pplive
    DROP all — 192.168.2.94 anywhere LAYER7 l7proto quicktime
    DROP all — 192.168.2.94 anywhere LAYER7 l7proto rtsp
    DROP all — 192.168.2.94 anywhere LAYER7 l7proto http-rtsp
    DROP all — 192.168.2.94 anywhere LAYER7 l7proto httpvideo

    I have this to block any video streaming website on certain IP address. but it does not block any streaming website. kindly help. thankss. Im using zeroshell Release 3.0.0. thanks.

    #46328

    gordonf
    Member

    This older discussion brings up a question on throttling in general.

    If P2P software insists on being all cloak-and-dagger-y to evade Layer 7 filters, how about throttling based on source IP instead? “Well my son/daughter, if you insist on running BitTorrent you can suffer with dial-up speeds for everything. And that includes YouTube.”

    Yes this is me being the evil ISP. Too bad: This is my network.

    The trick would be finding out where the threshold is. Streaming a YouTube video at 1080p 60fps or watching some 2 hour movie in HD on Netflix would ideally not trip the throttle. And if that means P2P would throttle itself in order to avoid tripping the router throttle, then I’ve succeeded.

    How would I go about this in ZS 3?

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic.