Hi, I have a RB450G and I would like to know what’s the better way to block/limit P2P connection from a user from LAN/WLAN. I was reading some docs but is not really working for me. My plan is to install a small wisp for 30 users but I would like to have a little control about the p2p connections. Is any way to do this ? thank for support.
cbrown
September 19, 2011, 9:11pm
2
Which docs were you reading?
this is the web site that I was reading.
http://gregsowell.com/?p=894
I don’t really want to block all p2p but it will be nice if is any way to limit download/upload.
Any ideas ? thank for support.
cbrown
September 19, 2011, 9:37pm
4
thanks for reply. I’m going to take a look about that.
Yeah, and type “P2P” in the ´search´ field on top of the forum. You’ll be amazed how many is already written about that subject.
Thanks again for help. I was reading the docs and testing at the same time. it’s working good. Little by little getting in there.
CCDKP
September 20, 2011, 6:22pm
8
From my post here:http://forum.mikrotik.com/t/need-help-with-prioritizing-traffic/49827/1
Torrents pose 2 major problems when it comes to QoS. First, it is VERY hard to mark the encrypted UDP streams, since they are specifically designed to avoid detection and tracking. Your best bet there is to mark everything that isn’t torrent traffic and just increase it’s priority.
Secondly, the heavy use of UDP makes it almost impossible to reliably throttled download speeds. Throttling upload is always effective, because you can control the rate at which packets move from a large bandwidth connection (your LAN), to a low bandwidth pipe (your ISP connection). TCP or UDP, you can always insure packets always leave the router at a rate the internet connection can handle. In doing so, you are able to choose which packets go first and which packets can wait/be dropped. Throttling download is a bit more difficult.
Since your router is at the receiving end of the slower internet connection, you have no way of directly controlling the order or quantity of packets which are entering your internet connection. The only method for manipulating the data is to convince the remote peers to slow down the rate they are sending. In TCP, this is handled by congestion avoidance algorithms and manipulation of the TCP window size. If too many packets are sent down a congested link, some of them are dropped. When the sender realizes there has been some packet loss, they slow down the rate at which data is sent. This is a key principle QoS exploits. By regularly delaying or dropping packets, TCP connections can be held at a rate slower than your internet connection to allow room for other data to go first.
The UDP data connections used by bittorrent clients lacks this protocol-level functionality. While it is true the bittorrent clients should be responsible for regulating the data rate when congestion is detected, in practice this doesn’t always work well. Average torrent transfers involve connections with hundreds of different peers using many different clients, which typically means they will continue to bombard your internet connection until it is saturated at the ISP’s router. The only real way to prevent this is to set an appropriate download limit in your bittorrent client, so the client knows when to stop requesting data and can tell other bittorrent clients to not sent it so much data.
With all that, it still doesn’t mean that putting some QoS rules in the router won’t help some. I just wanted you to know some of the theory behind what you were looking to do and why you may not always see the results you were expecting from certain QoS setups, particularly those controlling download rates. I would suggest getting comfortable with QoS without the torrent traffic present first, then moving on to trying to tackle the p2p problem. It is an issue that troubles even experienced ISP, so don’t be too discouraged by it. Good Luck.
TL;DR, QoS is awesome, but throttling UDP downloads from bittorrent is painful at best.
–CC_DKP
That said, if you want a very in-depth discussion about tracking and blocking P2P, take a look at this thread:http://forum.mikrotik.com/t/how-block-connection-of-p2p/18495/1
You can’t catch all p2p, so you either need to whitelist known good traffic to higher priority, or detect users of p2p and temporarily throttle their whole connection down. Both methods are ugly, but they work. Good Luck!
Edit: fixed quote block
