Working With The Bandwidth Problem? 28
macdaddy asks: "Being a Network Admin in a small university, I have to fight the Napster issue every day. I don't want to ban it but we only have 1 T1 and it maxes out around 10AM when the dormites wake up, and finally teeters off around 4AM when they go to bed. That really hinders legitimate use. My question, how does a Netadmin work with Napster and its users to keep from blocking it while still being able to use out lowly T1 for other purposes? What options are there? Proxies? Firewalls? Traffic shapers?" This problem is not just about Napster. There will be other services that, due to their popularity, will stress your network's bandwidth to the limit. It seems to me that establishing network controls would be more fair than completely filtering out the entire service, so what's the best way to implement them?
Re:traffic inside instead of outside (Score:1)
as soon as one person connects to a host/client outside of your LAN (remember, the gnutella network does NOT have a central authority), your precious internalization goes down the drain. Firewalling Gnutella ports, would in essence, be just as bad as what you're trying to avoid (firewalling napster).
Perhaps the simplest way around this would be to write some custom 'internal use only' gnutella-ish program. The simplest solution might just be to use a slightly modified gnutella client that uses a dif. range of ports, and filters out IPs not on your subnet.
Hrmm... I have been looking for a project to do for my Software Engineering class, and this would be a great project... if yr. interested, email me (by Sunday night) maybe we can work something out... =)
Dealing with high traffic (Score:3)
There are a number of possible solutions, and I'll mention some possible solutions.
Succes, and good luck, and I hope you find a way to keep your student network users as friends so you can do your work a lot easier.
So obvious it's overlooked? (Score:2)
Regards
Just the solution you need...... (Score:2)
Trying to put a cap on useage... i.e. X megabytes per week and you will cut access is a losing proposition from a game theory point of view.
There will always be the student who desides that the response to this is to download as much as possible before you cut access.
Or the student who thinks it would be realy cool to push the useage over the limit so you cut everyones access off.
Your best answer by far is to use a QoS aware firewall which can control the bandwidth used based on a policy you set.
There are a number of companies who make them, and one of them, Packeteer, even has a page devoted to exactly your problem.
You might want to check it out at http://www.packeteer.com/wintherace/ [packeteer.com]
Re:Dealing with high traffic (Score:2)
How small *is* your school? (Score:1)
Obviously, this is far from ideal for the vast majority of colleges. But if you're not that large, it might work better than it would seem at first glance. I wish you well.
Packetshaper will do it (Score:1)
Time based rules (Score:1)
Shut off the Napster ports during business hours. Simple as that. from about 8am-6pm. Send out a blanket e-mail to the student body that the network *has* to be open for legitimate use during those hours. Also make it clear that after 6pm that Napster and other traffic will flow freely, you're not attempting to censor anyone's rights or anything, and you have a real problem that you have to solve.
You're probably in the position where you have to do *something* right?
traffic inside instead of outside (Score:3)
The napster users should be on your side for this, as it would be faster for them also. Of course, they may be able to saturate that network also.
Could you hold a dorm meeting and convince everyone to get a napster user name with the same prefix or suffix, and prefer those names when selecting who to download from. It would be kind of like a distributed web proxy cache for the music -- check first to see if someone already pulled it through the T1, and if not, get it from the internet but make it available from your machine so it doesn't have to come through again.
Would gnutella do this automatically ? Could you get some dorm techie in each dorm to set up his machine in the manner of www.gnute.com, so that those people without systems that have a gnutella client could connect to it ? The napster and gnutella clients I have used on linux don't seem to allow uploads from my machine; this was a while ago, but of course you would need clients that worked in both directions for everybody.
Re:So obvious it's overlooked? (Score:1)
We really need to add another T1, maybe two. Problem is our network layout inhibits any growth in our upstream pipe. I could go into the gory details but I'm too tired for that tonight. Let me say this though, we don't have what can be called a "functional network". We have what most would call a miracle. Broadcasts account for 65-70% of our total packet count (with peaks much higher), where as it's only supposed to be 37% at a maximum. Whole segments of buildings falling off the network at almost regular intervals due to the broadcast problem. A MTBF of less than two weeks. A MTTR of sometimes an hour, sometimes 2 weeks or more. It's all shared and flat as a board. Top that off with roughly 2000 nodes, 1/3 Mac, mostly PC, and a network that isn't routed and you draw a picture of a big problem. We are going to firewall and NAT the dorms soon. I'm looking for a Linux-based traffic shaping method at the moment. The dorms may have their own 'Net connection or they may get dumped back into our network at a limited speed. Feel free to email if you want the details on my plan. Thanks again for your reply. I assume the email address you gave in your user info is correct, edited of course.
limit traffic used by napster (Score:3)
The visual networks device, I believe is a CSU/DSU, router, and this filtering logic all in one. It's got pretty good remote management features as well.
Re:traffic inside instead of outside (Score:3)
some students run local napster servers. It saves an awesome amount of bandwidth, plus transfers go about 1000k/s [not 100, 1000] (nearly instantaneous for mp3s.)
Washington Univeristy in St. Louis has one at Phreedom.Net/wustl
Lehigh also has one. (no URL)
-Davidu
Re:Freeware (Score:1)
There is only one way. to deal with this QoS (Score:1)
Have you looked here..... (Score:2)
Just a thought....
Malk-a-mite
Thanks! (Score:1)
Re:traffic inside instead of outside (Score:2)
What you want to do is prioritize the download site by whether or not the download will travel through the bottleneck. It is in the interests of the user to do this also, because then they get a faster download; so all you have to do is give the user the opportunity to select the fastest download site. To a limited extent, your interests coincide.
Maybe you could write a napster client that would allow a configurable list of IP addresses to prefer. Does the client have access to the IP addresses of the other clients ?
But what you want to do in general is have the information available to do some kind of optimization, maybe based on the speed of previous file transfers. It is kind of like what Akamai (www.akamai.com) does, keeping track of some sort of network topology for efficiency.
Because of the huge difference between speeds when you are within campus and off campus, this akamai-like system doesn't have to work that well to acheive what you want -- unclogging the campus-to-internet bottleneck.
So suppose you distributed a new napster client that kept track of the IP addresses it downloaded from, and it's own IP address, and the file size and time, and whether it was canceled -- etc. It could then connect to a server (doesn't have to be the napster server, this is just the network calculation server) and upload that information into a database, where it can be analyzed, and then the clients can somehow use that information to select the right download target. (You could make the ability in the napster client to sort by network connection, sort instead by this estimated download speed.)
So then the algorithm to estimate the download speed should always wait anything in campus higher.
But that calculation is pretty tricky. It would be nice if you could just take in IP addresses and speeds, and do everything from there; but some knowledge of the network topology would surely help.
Re:limit traffic used by napster (Score:2)
If you're using Linux on your servers then look into the Quality of Service (QoS) options in recent kernels. If not, you can get routers which have this sort of thing built-in.
We are this small... (Score:1)
Re:Just the solution you need... Packeteer (Score:2)
Packeteer is what you want if you don't have a big, expensive cisco router in place. Their bandwidth shaping technology is some of the best around, and they have tutorials on how to use their purple boxes to limit napster without killing it, very important with dorms full of screaming kids.
If you are lucky enough to have a big, expensive cisco router (not likely on just a T1), then you can play around with QoS, and set up different queues and filters to limit napster traffic. Cisco has a tutorial as well, you should poke around on their site for it.
the AC
Re:traffic inside instead of outside (Score:2)
That sounds good, but I'd be afraid of getting sucked into the lawsuit the RIAA has brought. My feeling is that if Napster I loses in court, all of the other servers that have sprung up are going to start drawing fire. A university can probably get away with telling the RIAA to stick it with their demands that the schools cut off access to Napster, but running actual servers might be beyond the pale.
Re:traffic inside instead of outside (Score:1)
This is a good idea, but as I understand how Napster works, it has many different servers, any one of which you may connect to, and you can only see files from users logged into the same server as you. If there is a likelyhood that everyone from the school is going to go to the same server, there may be no problem, but otherwise the users will be fragmented among different server unable to see each other's files.
Scour Exchange on the other hand is supposed to enable you to see files from all users logged into their system.
The closest I've been to this situation... (Score:1)
In the end, we solved everything by reaching some middle ground peacefully. Students and admin can settle on an agreement, and 95% of the time the students will respect whatever they agree on.
Extremely offtopic: the quote at the bottom of this discussion's page, Lisp, Lisp, Lisp Machine, Lisp Machine is Fun. Lisp, Lisp, Lisp Machine, Fun for everyone, is supposed to be sung to the tune of "Row your boat"?
Re:traffic inside instead of outside (Score:1)
Re:So obvious it's overlooked? (Score:1)
Regards
Re:Small school, small pipe. (Score:1)
Don't put the limit on the main router. Firewall off the dorms, and limit that traffic. OK, so the students can't run their own servers, but that's why the Uni offers shell accounts to everyone, right? Then, when they complain, tell them that if they can get all the Dormites to shell out the cash for another T-1, you'll devote it entirely to the dorms :).
You know, a friend of a friend just recently got a job at a small KS school where he ran into the same problem. I'll have to ask Dave if he knows how his friend solved it. :)
-Matthead
Utilize networking features and user policies (Score:1)
Next turn on the QOS features of your router. If you can, classify your traffic and drop it in a queue. Use WRR to prioritize what is important.
Utilize cache servers to help stretch your bandwidth and improve performance. Some people are able to get 30-50% hit rates on WWW, which means up to 30-50% more bandwidth depending upon what your original traffic patterns look like.
Educate your users about the impact their non-essential activities are having. Setup guidelines such as amount of traffic being used, hours of use, etc. Make sure you monitor it and enforce it. For example, try to block all napster traffic during the day and allow it only nights and weekends. Use RMON of flow accounting to see who your top talkers are and maybe send them an e-mail.
Most of these policies are going to need some nice pieces of hardware. Look at perhaps getting a traffic shaper, such as packeteer, or a nice switch router, such as Riverstone Networks. Make sure as your turn on features and implement policies you don't inadvertantly affect your router's performance.
Re:traffic inside instead of outside (Score:2)
If stricter measures such as port-blocking, bandwidth shaping, banning use during certian hours, or whatever, become necessary, then you can at least leave the local server as active to apease the download addicted.