Halls Bandwidth Management

Document Sample
Halls Bandwidth Management Powered By Docstoc
					Halls Bandwidth Management
   London South Bank University
            John Shanks
   Network and Systems Manager
   Email: john.shanks@lsbu.ac.uk
  Halls Bandwidth Management

• Students will use all the available
• Students will use p2p traffic regardless of
  the obstacles placed in their way.
Halls Bandwidth Management

            Borough Road

          Three Halls of Residence linked Via
          100Mb Lasers from LaserBit.
          Dante Road goes via McLaren House to
          avoid a building which prevents direct
          line of sight.
  Halls Bandwidth Management

• We have placed students on to a private IP
  address and only allowed students access
  via a squid cache, socks proxy and email.
• We also pass VLAN traffic to the Halls for
  the Halls Administrators and also a separate
  VLAN for the network management traffic.
  Halls Bandwidth Management

• To restrict students bandwidth we connected the
  students via a PC running FreeBSD and used ipfw
  to filter ports and to rate limit by IP address.
• We use a Viglen Contender P3 550Mhz PC to act
  as the rate limiting, router/firewall and Student
  DHCP server. It has 3 Intel Ethernet Express 100
  Ethernet Cards. It has 128MB of which 72MBis
  usually free.
  Halls Bandwidth Management

• Ipfw statements to limit each ip address to 2Mbs
• ipfw add 1000 pipe 1 ip from to any
• ipfw add 1000 pipe 2 ip from any to
• ipfw pipe 1 config mask scr-ip 0x0000ffff bw
• ipfw pipe 2 config mask dst-ip 0x0000ffff bw
  Halls Bandwidth Management

• However we have noticed a number of
  students who have setup SSL tunnels
  through our squid proxy to an external end
     Halls Bandwidth Management

                    The Student connects to a
                    Squid Cache on port 8080
                    And establishes an SSL
                    Connection to End Point
 P2P user
  Halls Bandwidth Management

• We plan to upgrade during the summer to a newer
  version of FreeBSD which allows for static arp’s
  and connection rate limiting (Ignore wormed
• We are also looking at the Delay Pools feature
  inside squid as it allows for an initial fast
  connection and download until a set threshold has
  been reached at which point the throughput starts
  to tail off.
  Halls Bandwidth Management

• We have trialed both Packeteer PacketShaper
  6500 and Allot NetEnforce KAC-402/100M-DK
  with version 5 Beta software.
• The Packeteer was not able to establish what was
  going on inside a socks connection.
• Allot with a bit of work could.
• Neither system could easily rate limit by IP
  Halls Bandwidth Management

• They both supported either fixed bandwidth for all
  users of a protocol or max bandwidth for each
• Protocols could be prioritised with respect to each
• Where the Allot system scored over the Packeteer
  was its ability to allow the manger of the box to
  drill down.
    Halls Bandwidth Management

•   Start with the overview of the traffic.
•   Right click on a protocol group
•   Establish top 5 protocols
•   Right click on a protocol
•   Establish top hosts
•   Right click on host
•   Establish its top protocols
  Halls Bandwidth Management

• Allot uses Java and allows for 10 real time graphs
  per session.
• Packeteer only allow for one graph which does not
  update in real time.
• Allot has a separate management interface and can
  therefore be connected in the middle of a point to
  point Ethernet link, as it requires no IP address on
  the monitored link.
  Halls Bandwidth Management

• Allot can recognise P2P traffic which does
  not work with fixed ports for example
  KaZaR v2.
• You can group protocols and manage them
  as a single class of service.
  Halls Bandwidth Management

• Further Reading
• Anonymous SSL tunnel service
• Allot NetEnforcer http://www.allot.com/
• FreeBSD Release Notes
• Packeteer http://www.packeteer.com/
  Halls Bandwidth Management

Question to the Audience?
 How do you plan to handle the problem of
 student passing all their traffic through
 remote SSL Proxy Services?

Shared By: