Firewall Wizards mailing list archives
Re: QoS and P2P?
From: Mikael Olsson <mikael.olsson () clavister com>
Date: Wed, 06 Nov 2002 11:36:04 +0100
I'm getting repeat questions to this off line, so I guess I'd better follow up on my own posting. (YES! I know I wrote "PoP" instead of "P2P" throughout my mail. I have no idea why I did that. :)) Example question 1:
Define "plain bandwidth balancing"
We're controlling bandwidth per user (IP) in the network I was talking about. If the choke point (internet connection) is full, the bandwidth limit per user is decreased. If it isn't full, the limit is increased. In other words: when the internet connection becomes full, the ones that will be punished _first_, are the ones using the most bandwidth. Example question 2:
What is the size of the network you're doing this for?
Good question; it's been quite a while since I took a closer look. I _think_ it's currently about a thousand users, riding on a GigE backbone with various modes of uplink (radio, cable, fiber). The Internet connection is currently 30 Mbit/s and was 2 Mbit/s when the network went operational a couple of years ago. Example question 3:
If you've been using this for a long time, how do you even know it works?!
Well, back when the Internet connection was 12 Mbit/s, the average outbound load was three to four Mbit/s. We didn't do any balancing on the outbound pipe. "Not necessary". Then, over the course of a week, it became constantly crammed full (recognizing smiles, anyone? :)) Throughput was erratic and RTTs sucked. Quake players were committing suicide in droves. We enabled balancing outbound as well, and there was much rejoicing. Example question 4:
What product are you using?
We're using the traffic shaper in our firewall product these days. It can separate and prioritize things up to layer four if necessary, but won't look at L7 data, and, no, we don't really have any plans to extend it to do so. [1] We've tried going the L7 filtering way in a part of said public network, and, yes, it seemed to work fine until the users got smart. I can see L7 filtering working better inside a corporation where you can actually LART users for doing Bad Things. Example question 5:
List commercial products capable of "bandwidth balancing"?
Ugh, I really don't know. I've been told that Packeteer can do this, but I'm guessing that there are more, with varying feature sets as well as price. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com [1] The current level of functionality is to f.i. help make servers more resistant to overload attacks, which IMHO makes it a valid thing to have in a firewall. Extending it to look at L7 data would make it quite a bit more complex, which is something you try to avoid in firewalls. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- QoS and P2P? Paul Robertson (Nov 04)
- Re: QoS and P2P? Mikael Olsson (Nov 05)
- Re: QoS and P2P? Paul Robertson (Nov 05)
- Re: QoS and P2P? Mikael Olsson (Nov 06)
- Re: QoS and P2P? Mikael Olsson (Nov 05)