					Campus Bandwidth Management: Approaches and Tradeoffs
This is a work in progress. Oct 31, 2003
           Approach                      Advantages                    Disadvantages                       Examples
Do Nothing                         Simple                       Unfair                         Many
                                                                 Expensive
                                                                 Mis-match between usage
                                                                  and cost recovery,
                                                                  especially severe if
                                                                  university is charged per-
                                                                  bit, but performs cost
                                                                  recovery by charging flat
                                                                 Mission of university may
                                                                  be impeded by
                                                                  inappropriate use
Per-IP Quotas (Rate-Based)       Arguably "fair"                IP addresses become an         U. Penn
                                 Can tune quotas so that         artificially rare commodity    An overall rate limit is applied
                                  conforming traffic rarely       (consider impact on IPv6)      to outbound ResHall traffic.
                                  experiences congestion         Additional router              Additionally, rate-limiters (one
                                 No need for application-        complexity                     per IP address) are installed on
                                  level classification           May impede deployment of       the edge router and applied
                                 End-system portability is       meritorious high-bandwidth     only to outbound traffic.
                                  supported (since all            applications (especially if    [talk] [updated talk]
                                  ResHall IP addresses are        limits apply to Internet2
                                  policed identically)            traffic)
                                                                 Inability to burst once in a
         Approach                         Advantages                      Disadvantages                       Examples
Per-IP Quotas (Volume-Based)      Top talkers can be isolated      IP addresses become an        North Dakota State University
                                   by placing them in a              artificially rare commodity   Quotas apply only to ResHall
                                   penalty box                       (consider impact on IPv6)     users. Quota is 300 MB per day
                                  Negative feedback loop           May impede deployment of      per user. Users who exceed
                                   encourages users to modify        meritorious high-bandwidth    their quota are placed in a
                                   their own behavior                applications (especially if   shared pool rate-limited to
                                  No need for application-          limits apply to Internet2     256kbps.
                                   level classification              traffic)                      [talk] [ResNet]
                                  Ability to burst once in a       Additional router
                                   while                             complexity                    University of Waterloo
                                                                    Additional accounting         Residence hall users subjected
                                                                     complexity                    to per-user quotas of the form
                                                                    Usage and penalty status      "x MB in last y days". In
                                                                     need to be communicated       addition the residence hall
                                                                     quickly to average users      traffic aggregate is given a
                                                                                                   guaranteed minimum share of
                                                                                                   external bandwidth through
                                                                                                   [more info]

                                                                                                   Iowa State
                                                                                                   Residence hall users who
                                                                                                   exceed a specific level
                                                                                                   (currently 200 MB), are
                                                                                                   transferred to a "slower
                                                                                                   Internet connection". As abuse
                                                                                                   continues, offending users are
                                                                                                   shifted to ever more restricted
                                                                                                   traffic classes. User quotas are
                                                                                                   reset at the end of each day,
         Approach                        Advantages                      Disadvantages                       Examples
                                                                                                 except for those in the rate-
                                                                                                 limited classes, for whom a 24-
                                                                                                 hour moving average is applied
                                                                                                 to determine when they are
                                                                                                 returned to a less restrictive
                                                                                                 traffic class.
                                                                                                 [more info]

                                                                                                 Virginia Tech
                                                                                                          see below
Per-Class Quotas (Rate-Based)      Can balance use among           No fairness within classes  UC Berkeley
                                    different user communities      May impede deployment of Packeteers in front of a campus
                                   Can tune so that                 meritorious high-bandwidth edge router separately rate-
                                    conforming or exempt             applications (especially if limit commodity traffic to/from
                                    classes rarely experience        limits apply to Internet2   residence halls and to/from the
                                    congestion                       traffic)                    rest of campus (ROC) traffic.
                                   Easy to implement (if not                                    Two PacketShapers are
                                    discriminating between                                       required because the total
                                    commodity and Internet2                                      bandwidth exceeds the 100
                                    traffic)                                                     Mbps. Routing has been
                                   No need for application-                                     engineered to keep ResHall
                                    level classification                                         and ROC traffic separate.

                                                                                                 Virginia Tech
                                                                                                 Complex hybrid approach that
                                                                                                 primarily employs class-based
                                                                                                 policing, but also makes use of
                                                                                                 application-based policing and
                                                                                                 a penalty box scheme. Off-
Approach   Advantages   Disadvantages              Examples
                                        campus traffic from residence
                                        hall subnets is policed to 60
                                        Mbps aggregate and off-
                                        campus traffic from the
                                        campus news server is policed
                                        to 5 Mbps. "Nuisance
                                        applications" are policed to 10
                                        Mbps in aggregate (profiles are
                                        generated manually). Finally,
                                        individual users are placed in
                                        one of three classes: Class 0
                                        (unpoliced), Class 1 (policed to
                                        1.5 Mbps), and Class 3
                                        (policed to 250 Kbps). When
                                        users exceed a certain
                                        threshold (currently 650 MB)
                                        in a 24hr period, their class is
                                        incremented; if they stay under
                                        threshold, their class is
                                        decremented. (The CB-WFQ
                                        scheme described in the talk
                                        below is not currently in use.)

                                        University of Washington
                                        Total network bandwidth from
                                        the residence halls to off-
                                        campus commodity
                                        destinations is limited to 100
                                        Mbps. Off-campus access to
          Approach                         Advantages                     Disadvantages                         Examples
                                                                                                    common server ports (Web,
                                                                                                    FTP, IRC, etc) in the residence
                                                                                                    halls is blocked. Inbound peer-
                                                                                                    to-peer traffic is rate-limited to
                                                                                                    20 Mbps; outbound peer-to-
                                                                                                    peer traffic is limited to 2
                                                                                                    [residence hall computing

                                                                                                    UC Santa Cruz
                                                                                                    see below

Per-Class Proportional Sharing      Restricted traffic classes      No fairness within classes    University of Waterloo
                                     can use unused capacity         May impede deployment of      Residence hall traffic is given a
                                                                      meritorious high-bandwidth    guaranteed minimum share of
                                                                      applications (especially if   external bandwidth through
                                                                      limits apply to Internet2     CB-WFQ. (see above)
                                                                                                    Texas A&M
                                                                                                    Planning to support four
                                                                                                    application classes. Per-session
                                                                                                    admission to classes. Diff-serv
                                                                                                    edge marking, policing, and
                                                                                                    stateless core queueing.
                                                                                                    (Currently using per-
                                                                                                    application rate-limits.)
          Approach                      Advantages                        Disadvantages                     Examples
Per-IP Proportional Sharing      Arguably "fair"                   IP addresses become an        No known deployment
                                 No surprises (users get the        artificially rare commodity   examples
                                  service they pay for)              (consider impact on IPv6)
                                 [additional praise]               May impede deployment of
                                                                     meritorious high-bandwidth
                                                                     applications (especially if
                                                                     limits apply to Internet2
                                                                    Additional router
                                                                    Many queues required
                                                                    Care must be taken not to
                                                                     restrict Internet2
Usage-based Charges After        Economically rational             Additional accounting and     Cornell
Threshold                         (users who get the most            billing complexity            Planning to charge each
                                  value from a scarce               Need system to collect        department a monthly fee that
                                  resource pay the most for          usage stats (e.g. NetFlow)    includes a WAN usage
                                  it)                                                              component. Rate structure to
                                 Fair                                                             include a mix of port fees,
                                 Negative feedback loop for                                       infrastructure tax, and usage
                                  heavy users                                                      fees. Per-megabit usage fees
                                 Can be tuned so that most                                        will only kick in for use above
                                  users pay flat monthly rate;                                     a certain threshold (adjusted so
                                  similar to pricing of                                            that 80% of IP addresses will
                                  department printers for                                          avoid usage fees). Monthly
                                  students, of cell phones,                                        bills to the departments will
                                  etc.                                                             include enough detail to
                                 [additional praise]                                              support recursive usage-based
                                                                                                   charges to individual users or
         Approach                        Advantages                       Disadvantages                       Examples
                                                                                                   research groups. NetFlow-
                                                                                                   based billing system using
                                                                                                   Apogee software and home-
                                                                                                   brewed scripts.
                                                                                                   [white paper] [web site]

                                                                                                  University of Kansas
                                                                                                  Applying artificially low usage
                                                                                                  based charge to ResHall users.
                                                                                                  Only heavy users will feel the
                                                                                                  usage based fees; ordinary
                                                                                                  users will be charged a flat
Per-Application Quotas (Rate-      Majority of problems often       Must pass judgment on       UC Santa Cruz
Based)                              caused by small number of         which applications are      Allot NetEnforcer deployed
                                    applications                      "good" and which are "bad" between ResNet and
                                   Tool to reduce illegal use       Performance impact (QoS     commodity/Internet2 access
                                    of network (e.g. illegal          appliances are designed to  link. Traffic is classified into
                                    distribution of copyrighted       handle a scare resource and four priority levels: High (web,
                                    materials)                        therefore generally lag     ssh), Medium (everything
                                   "Magic bullet" middlebox          routers in their ability to except peer-to-peer), Low
                                   Automatic maintenance             handle high speeds or       (peer-to-peer), Blocked
                                    through "bad apps du jour"        maintain very low loss      (worms).
                                    subscriptions                     rates for "good" traffic)   [talk]2
                                   [additional praise]              Loss of transparency (e.g.
                                                                      rewriting of TCP window     Virginia Tech
                                                                      size)                               see above
                                                                     Complex and dynamic         University of Washington
                                                                      configurations complicate           see above
                                                                      performance debugging
         Approach                        Advantages                     Disadvantages                       Examples
                                                                   Application profiling
                                                                    creates a cat and mouse
                                                                    game that the mouse will
                                                                    win (e.g. http, https,
                                                                    proxies, random port
                                                                    numbers, ssh, etc.)
                                                                   [additional criticism]
Outsource Residential                                                                             University of New Mexico
Block Servers (with NAT or         Can apply only in "bad         Destroying end-to-end         We know you are out there!
firewall)                           neighborhoods" (e.g.            transparency can restrict
                                    residence halls)                deployment of numerous
                                                                    advanced applications (e.g.
                                                                    VoIP, research-oriented
                                                                   Potentially sever
                                                                    performance impacts
                                                                   Motivated users will learn
                                                                    to punch through

1. Talk addenda (10/25/2002): ResHall rate limit is 60 Mbps in each direction and ROC rate limit is 100 Mbps in each direction;
SETI@Home has purchased its own ISP service and is no longer in Berkeley's IP address space
2. Talk addendum (10/25/2002): UCSC has acquired a faster Allot box with more memory; they are still experiencing some problems
with interactive performance.

