Community discussions

MikroTik App
 
wildbill442
Forum Guru
Forum Guru
Topic Author
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

P2P evolved

Thu Apr 20, 2006 1:26 am

By now you may or may not have noticed that a few bittorent clients have developed a work around for traffic shaping. Now these clients are encrypting packet headers and payloads to disguise their actual content, this means they can go unmetered/unfiltered on our networks.

These new bittorrent clients use unreserved, randomly generated ports for transmitting and recieving data. I started noticing large amounts of traffic on odd ports, TCP 1024, and other high port numbers. The only temporary solution I have for this is to block the port its connecting on for a limited amount of time till the client loses the connection, but you can't block these port indefinately as it could be used for legitimate purposes (http uses randomly generated src ports using the same ranges bittorrent is using).

What if anything can be done to combat this? I haven't had a chance to look into this further but does bittorrent have any centralized authentication server? I don't really want to block it, I just don't want the damn protocol consuming 1000kbps for hours on end. No where in my SLA does it say you have dedicated bandwidth 24/7. The only option I have is to scale the user back to a slower queue and when they complain explain the situation..
 
jdmarti1
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Fri Jan 28, 2005 10:22 pm

Thu Apr 20, 2006 3:10 am

Just use the firewall function to block bit-torrent.
I think my head is gonna explode!!!
 
wildbill442
Forum Guru
Forum Guru
Topic Author
Posts: 1050
Joined: Wed Dec 08, 2004 7:29 am
Location: Sacramento, CA

Thu Apr 20, 2006 3:58 am

Just use the firewall function to block bit-torrent.
Will that actually work tho? How will it know that its a bittorrent packet if the packet header is encrypted..
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24605
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Thu Apr 20, 2006 9:04 am

yes, RouterOS can already detect and drop this encrypted traffic.
 
pekr
Member Candidate
Member Candidate
Posts: 138
Joined: Tue Feb 22, 2005 9:05 pm
Location: Czech Republic
Contact:

Thu Apr 20, 2006 2:22 pm

I think that there also can be the oter way around. It is your network, isn't it? And you decide the rules, upon which you let users being connected. So - as for us, we do allow p2p, but we want to have it under control. I want to have such traffic mangled.

If I will see (manually chekcing IP firewall traffic from time to time), that users try to obey MY rules, then I will contact them, asking to turn off encryption (if it could not be detected one day). And he would not agree, I simply will not allow user breaking MY rules, to be in MY network, as it is part of the deal.

So far, we have good experience with our users. We allow them to visit us, and have a chat with us - it helps to build the relation ... and they do understand, why we try to limit p2p downloads/uploads between 15 - 21 hour - as that is the time, most of our clients are on-line, using web for just that - browsing, email, etc. So far, no problem .... otoh we are relatively small network ...

-pekr-
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Thu Apr 20, 2006 2:41 pm

if one of p2p ends want that traffic is encrypted it will be encrypted all you can get is - outoging traffic without encryption, so you can limit just outgoing traffic from torrent p2p connection.

i would limit-at each customer and use some prioritatisation. and if user wants to use all ots network for p2p this is what user wants so let him limit himself/herlself.
 
spire2z
Long time Member
Long time Member
Posts: 517
Joined: Mon Feb 14, 2005 2:48 am

Mon Apr 24, 2006 2:18 pm

I keep thinking that while all the traffic shaping is complex and fairly good at what it does I can't help thinking a more simple method is needed in todays world.

My idea is more like dynamic simple queues. For example the simple queues rates could be dynamic from a data transfer perspective. Customers on a 50:1 contention for example could be rated on how much they download and if at peak times the priority and speed dropped in acordance with their usage. I think this would be better and fairer than PCQ. The math could be quite simple and just look at what bandwidth was available and lower rated users speed on how much they download only if total capacity becomes full.

Who is online

Users browsing this forum: dave864, Google Feedfetcher, sindy, xvo and 66 guests