Re: QoS and P2P?

[Mikael Olsson <mikael.olsson () clavister com>]

I'm getting repeat questions to this off line, so I guess I'd better 
follow up on my own posting.

(YES! I know I wrote "PoP" instead of "P2P" throughout my mail.
 I have no idea why I did that. :))


Example question 1:
> Define "plain bandwidth balancing"

We're controlling bandwidth per user (IP) in the network I was talking
about.  If the choke point (internet connection) is full, the bandwidth 
limit per user is decreased.  If it isn't full, the limit is increased. 

In other words: when the internet connection becomes full, the ones 
that will be punished _first_, are the ones using the most bandwidth.


Example question 2:
> What is the size of the network you're doing this for?

Good question; it's been quite a while since I took a closer look.

I _think_ it's currently about a thousand users, riding on a GigE 
backbone with various modes of uplink (radio, cable, fiber).
The Internet connection is currently 30 Mbit/s and was 2 Mbit/s 
when the network went operational a couple of  years ago.


Example question 3:
> If you've been using this for a long time, how do you even know
> it works?!

Well, back when the Internet connection was 12 Mbit/s, the average
outbound load was three to four Mbit/s.  We didn't do any balancing
on the outbound pipe. "Not necessary".  Then, over the course of a
week, it became constantly crammed full (recognizing smiles, anyone? :))
Throughput was erratic and RTTs sucked.  Quake players were committing
suicide in droves.  We enabled balancing outbound as well, and there 
was much rejoicing.


Example question 4:
> What product are you using?

We're using the traffic shaper in our firewall product these days.
It can separate and prioritize things up to layer four if necessary, 
but won't look at L7 data, and, no, we don't really have any plans 
to extend it to do so. [1]

We've tried going the L7 filtering way in a part of said public 
network, and, yes, it seemed to work fine until the users got 
smart.

I can see L7 filtering working better inside a corporation where
you can actually LART users for doing Bad Things.


Example question 5:
> List commercial products capable of "bandwidth balancing"?

Ugh, I really don't know.  I've been told that Packeteer can do
this, but I'm guessing that there are more, with varying 
feature sets as well as price.


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

[1] The current level of functionality is to f.i. help make servers
    more resistant to overload attacks, which IMHO makes it a valid
    thing to have in a firewall.  Extending it to look at L7 data 
    would make it quite a bit more complex, which is something you
    try to avoid in firewalls.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards