Educause Security Discussion mailing list archives
Re: classifying P2P traffic
From: John Kristoff <jtk () DEPAUL EDU>
Date: Wed, 30 Jan 2008 08:09:14 -0600
On Tue, 29 Jan 2008 22:47:36 -0500 Cal Frye <cjf () CALFRYE COM> wrote:
It's not as easy as you describe, but nearly so. We still have to answer the questions when things get slow at times, but more often these days we're able to point to outside circumstances instead of having to take the blame on our own network ;-)
Thanks Cal. I ask, because I partiallly implemented something that did what I was suggesting using the unique prefix specific action filter knobs on a Juniper border router. For example: family inet { prefix-action psa-limit-resnet { policer 1Mbps; count; filter-specific; subnet-prefix-length 24; source-prefix-length 32; } then later something like this applied to an interface facing resnet: term limit-resnet { from { source-address { /* resnet subnets here */ 192.0.2.0/24; } protocol tcp; /* at the time this made sense */ } then { sample; next term; prefix-action psa-limit-resnet; } } The end result was to rate limit each /32 address to 1 Mb/s transmit rate. It seemed to work relatively well, but apparently after I was gone and as newer code grew bigger and more things were added to the config there was a hardware limitation with this particular M5 model that prevented it from being used due. As I recall the prefix specific filters were put into some limited memory that was being exhausted. I imagine the scenario has changed since, but it always seemed like an easy and reasonable approach compared to app identification and most middle box solutions. John
Current thread:
- Re: classifying P2P traffic, (continued)
- Re: classifying P2P traffic Michael Hornung (Jan 29)
- Re: classifying P2P traffic Michael Hornung (Jan 29)
- Re: classifying P2P traffic Lutzen, Karl F. (Jan 29)
- Re: classifying P2P traffic jkaftan (Jan 29)
- Re: classifying P2P traffic Alex (Jan 29)
- Re: classifying P2P traffic Samuel Young (Jan 29)
- Re: classifying P2P traffic Cal Frye (Jan 29)
- Re: classifying P2P traffic John Kristoff (Jan 29)
- Re: classifying P2P traffic Dan Oachs (Jan 29)
- Re: classifying P2P traffic Cal Frye (Jan 29)
- Re: classifying P2P traffic John Kristoff (Jan 30)
- Re: classifying P2P traffic Valdis Kletnieks (Jan 30)
- Re: classifying P2P traffic Shumon Huque (Feb 11)