Re: classifying P2P traffic

[John Kristoff <jtk () DEPAUL EDU>]

On Tue, 29 Jan 2008 22:47:36 -0500
Cal Frye <cjf () CALFRYE COM> wrote:

> It's not as easy as you describe, but nearly so. We still have to answer
> the questions when things get slow at times, but more often these days
> we're able to point to outside circumstances instead of having to take
> the blame on our own network ;-)

Thanks Cal.  I ask, because I partiallly implemented something that
did what I was suggesting using the unique prefix specific action
filter knobs on a Juniper border router.  For example:

   family inet {
          prefix-action psa-limit-resnet {
              policer 1Mbps;
              count;
              filter-specific;
              subnet-prefix-length 24;
              source-prefix-length 32;
          }

then later something like this applied to an interface facing resnet:

            term limit-resnet {
                from {
                    source-address {
                        /* resnet subnets here */
                        192.0.2.0/24;
                    }
                    protocol tcp;  /* at the time this made sense */
                }
                then {
                    sample;
                    next term;
                    prefix-action psa-limit-resnet;
                }
            }

The end result was to rate limit each /32 address to 1 Mb/s transmit
rate.

It seemed to work relatively well, but apparently after I was gone
and as newer code grew bigger and more things were added to the config
there was a hardware limitation with this particular M5 model that
prevented it from being used due.  As I recall the prefix specific
filters were put into some limited memory that was being exhausted.
I imagine the scenario has changed since, but it always seemed like
an easy and reasonable approach compared to app identification and
most middle box solutions.

John