«

On 15 Aug 2005 08:13:59 -0700, wrote:

>Daniel wrote:
>> Nova wrote:
>> > steve wrote:
>> >
>> >> The Gnutella network (Bearshare, Limeware, Shareaza,
>> >> gtk-gnutella....etc....) appears to be able to use any port.
>> >>
>> >> I have one system on a port in the 10ks and another on a port in the
>> >> 30ks....and obth work fine.
>> >>
>> >> How would any traffic shaping work out what the application is when
>> >> the port used is - apparently - almost random?
>> >
>> >
>> > They simply inspect the packets, layer 7 inspection.
>> > So if an ISP is using this it won't matter what port you use your p2p
>> > on, they will know

Yes.. its done via Layer7. There are quite a number of companies
offereing boxes which do Layer 7 QOS. Cisco,Allot,ETINC?,.. + more

There are still a lot (mos?t) who do no layer7 so do something like
port 80 is higher priority and everything else is slow.

Or they do nothing and everythign is slow (as P2P is 90% of the
traffic).

ISP's only have a limited pipe they can use. either limited by Telecom
(such as for UBS) or limited on the amount of bandwidth they can
afford for its customers. And they have to do something to make it
"the best for the greater good".

Yes people complain about P2P speeds.. but do you really think that
downloading illegal material off the net is "right". If any kind of
P2P was removed from the internet then maybe ISP's can offer you UBS
at $10/Month with no caps. Until then, ISP's have to offer customers
what makes most people happy/


>> >
>> > Of course not all ISP's use this and usually only start shaping p2p
>> > traffic when other traffic is suffering.
>> >
>>
>> Hmmm... curious.
>>
>> I would be surprised if any NZ ISP had the kind of processing power (and
>> money) to do that kind of thing.

At slow speeds (say under 100M) even a linux box can do Layer7
perfectly well. (and its free)

>
>I think its funny that you don't think "any NZ ISP" can afford a
>shaping device but that they can afford multi-gigabits of bandwidth
>(which would be required for "millions of packets/second"). A shaping
>device allows you to put 3-4 times more customers on a network, so they
>pay for themselves as soon as you plug them in. A device that can
>"sniff" 300K pps is about US$ 5K, which is probably what they'd pay per
>month for a couple of T1s in NZ (ie not very much).

Yes.. a device which will do a few T1's (E1's in NZ) is quite
cheaper.(4-5Mbit of traffic). Getting up to Gigabit speeds does
increase the amount by a lot.

Thanks
Craig

Craig Whitmore wrote:
> Yes people complain about P2P speeds.. but do you really think that
> downloading illegal material off the net is "right". If any kind of
> P2P was removed from the internet then maybe ISP's can offer you UBS
> at $10/Month with no caps. Until then, ISP's have to offer customers
> what makes most people happy/

If it wasnt for p2p I would just be on a 24/7 dialup connection, its not like
128k out makes any non p2p apps work that much better then dialup, still useless
for voip and other use at the same time.

On Tue, 16 Aug 2005 19:52:47 +1200, Craig Whitmore wrote:

> Yes people complain about P2P speeds.. but do you really think that
> downloading illegal material off the net is "right".

If by 'illegal' you mean copyrighted, then yes - I do think it is right.
IP law exists at the sufferance of the electorate. That electorate is now
displaying it's dissatisfaction with IP law by disobeying it en-mass; IP
law has no mandate for it's current incarnation.

Slippery slope, Craig. The moment you start exerting control over useage of
their connection, you forfeit any common carrier arguments and might be
found liable as contributory offenders.

>If any kind of
> P2P was removed from the internet then maybe ISP's can offer you UBS
> at $10/Month with no caps. Until then, ISP's have to offer customers
> what makes most people happy/

Crap. p2p is the killer app of broadband.

If your employer has built a business model around people not fully
utilising what they have paid for, that is Orcon's problem.

--

.... Brendan

#329409 +(3857)- [X]

<benja> A worldwide survey was conducted by the UN. The only question
asked was:"Would you please give your honest opinion about solutions to the
food shortage in the rest of the world?"
<benja> The survey was a huge failure...
<benja> In Africa they didn't know what "food" meant.
<benja> In Eastern Europe they didn't know what "honest" meant.
<benja> In Western Europe they didn't know what "shortage" meant.
<benja> In China they didn't know what "opinion" meant.
<benja> In the Middle East they didn't know what "solution" meant.
<benja> In South America they didn't know what "please" meant.
<benja> And in the USA they didn't know what "the rest of the world" meant


Note: All my comments are copyright 16/08/2005 10:24:54 p.m. and are opinion only where not otherwise stated and always "to the best of my recollection". www.computerman.orcon.net.nz.

Craig Whitmore wrote:
> On 15 Aug 2005 08:13:59 -0700, wrote:
>
> >Daniel wrote:
> >> Nova wrote:
> >> > steve wrote:
> >> >
> >> >> The Gnutella network (Bearshare, Limeware, Shareaza,
> >> >> gtk-gnutella....etc....) appears to be able to use any port.
> >> >>
> >> >> I have one system on a port in the 10ks and another on a port in the
> >> >> 30ks....and obth work fine.
> >> >>
> >> >> How would any traffic shaping work out what the application is when
> >> >> the port used is - apparently - almost random?
> >> >
> >> >
> >> > They simply inspect the packets, layer 7 inspection.
> >> > So if an ISP is using this it won't matter what port you use your p2p
> >> > on, they will know
>
> Yes.. its done via Layer7. There are quite a number of companies
> offereing boxes which do Layer 7 QOS. Cisco,Allot,ETINC?,.. + more
>
> There are still a lot (mos?t) who do no layer7 so do something like
> port 80 is higher priority and everything else is slow.
>
> Or they do nothing and everythign is slow (as P2P is 90% of the
> traffic).
>
> ISP's only have a limited pipe they can use. either limited by Telecom
> (such as for UBS) or limited on the amount of bandwidth they can
> afford for its customers. And they have to do something to make it
> "the best for the greater good".
>
> Yes people complain about P2P speeds.. but do you really think that
> downloading illegal material off the net is "right". If any kind of
> P2P was removed from the internet then maybe ISP's can offer you UBS
> at $10/Month with no caps. Until then, ISP's have to offer customers
> what makes most people happy/

ISPs aren't usually Oxford graduates. Offering something that can't be
delivered is a marketing technique thats been used since the beginning
of time.

And lets try to be accurate, p2p is not "Level 7". Its L3 and/or L4. L7
would imply application level stuff, such as knowing which user is
logged it, or which command is being executed. protocols run at L3/L4
generally.

Whether its "right" or not is and should not be an ISP issue. In my
view, ISPs should not decide which applications are good and which are
bad. They should manage bandwidth. You get "this much" for what you
pay. If you use more, you'll be throttled. ISPs are bandwidth
resellers, not content watchdogs. Most of them just aren't smart enough
to figure out any other way to do things.

DB

~misfit~ wrote:

> It seems Orcon are doing it. I'm out of my depth here but from what is
> said on this page:
>
> http://www.orcon.net.nz/help/status/bitstream/
>
> It seems they are doing layer 7 inspection.
>
> Are you surprised?

Interesting.

How long before these apps start to encrypt traffic - and layers other than
purely IP routing - once the peer to peer connection is established?

Craig Whitmore wrote:
> Yes people complain about P2P speeds.. but do you really think that
> downloading illegal material off the net is "right". If any kind of
> P2P was removed from the internet then maybe ISP's can offer you UBS
> at $10/Month with no caps. Until then, ISP's have to offer customers
> what makes most people happy/

I hope your ISP throttles you if you ever want to download the latest
Knoppix release with a torrent client.


Cheers,
Nicholas Sherlock

On Tue, 16 Aug 2005 08:34:35 -0700, someone purporting to be dennis didst
scrawl:

>
> Craig Whitmore wrote:
*SNIP*
>> >> > They simply inspect the packets, layer 7 inspection.
>> >> > So if an ISP is using this it won't matter what port you use your p2p
>> >> > on, they will know
>>
>> Yes.. its done via Layer7. There are quite a number of companies
>> offereing boxes which do Layer 7 QOS. Cisco,Allot,ETINC?,.. + more
>>
*SNIP*
> And lets try to be accurate, p2p is not "Level 7". Its L3 and/or L4. L7
> would imply application level stuff, such as knowing which user is
> logged it, or which command is being executed. protocols run at L3/L4
> generally.
>
*SNIP*

Much as I hate to agree with someone who brands all P2P traffic as
"illegal" (Craig should know better!), he's right. P2P stuff runs well
above layer four - layer, not level, for starters, and calling it "level"
shows your ignorance. Layer four is TCP/UDP, and you can't tell diddly
about a connection if you're inspecting so far down the stack. You need to
be looking at least to layer six to get some idea of what's going on
inside the connection.

--
Matthew Poole
"Don't use force. Get a bigger hammer."

"Matthew Poole" <> wrote in message
news...
> On Tue, 16 Aug 2005 08:34:35 -0700, someone purporting to be dennis didst
> scrawl:
>
>>
>> Craig Whitmore wrote:
> *SNIP*
>>> >> > They simply inspect the packets, layer 7 inspection.
>>> >> > So if an ISP is using this it won't matter what port you use your
>>> >> > p2p
>>> >> > on, they will know
>>>
>>> Yes.. its done via Layer7. There are quite a number of companies
>>> offereing boxes which do Layer 7 QOS. Cisco,Allot,ETINC?,.. + more
>>>
> *SNIP*
>> And lets try to be accurate, p2p is not "Level 7". Its L3 and/or L4. L7
>> would imply application level stuff, such as knowing which user is
>> logged it, or which command is being executed. protocols run at L3/L4
>> generally.
>>
> *SNIP*
>
> Much as I hate to agree with someone who brands all P2P traffic as
> "illegal" (Craig should know better!), he's right. P2P stuff runs well
> above layer four - layer, not level, for starters, and calling it "level"
> shows your ignorance. Layer four is TCP/UDP, and you can't tell diddly
> about a connection if you're inspecting so far down the stack. You need to
> be looking at least to layer six to get some idea of what's going on
> inside the connection.
>
> --
> Matthew Poole
> "Don't use force. Get a bigger hammer."
>

Ermmm hes kinda right. The products he talks about are L3/L4 products that
look at packet headers for traffic shaping and use protocol based
information to make decisions. This is fundamentally flawed though and would
assume P2P apps don't port hop (which would be very easy to do). Where he
does get things wrong is assuming L7 is not used, which it is. However L7
products are a lot more complex and expensive than L3/4 products, as the L7
products look inside the data, reassemble it, and analyze it.

Most L7 products are not used for traffic shaping, they are used for
security purposes (ie identifying and blocking P2P traffic, worms etc). A
typical 200Mbps throughput L7 device lists for around $30k NZ. Going to
gigabit level your talking in excess of $100k. Then you have to build in
redundancy. If you took a 10Gb environment and wanted to put L7 on it with
redundancy then you are talking in the millions of dollars plus ongoing
annual maintainance.

Mark wrote:
>
> Ermmm hes kinda right. The products he talks about are L3/L4 products that
> look at packet headers for traffic shaping and use protocol based
> information to make decisions. This is fundamentally flawed though and would
> assume P2P apps don't port hop (which would be very easy to do). Where he
> does get things wrong is assuming L7 is not used, which it is. However L7
> products are a lot more complex and expensive than L3/4 products, as the L7
> products look inside the data, reassemble it, and analyze it.
>
> Most L7 products are not used for traffic shaping, they are used for
> security purposes (ie identifying and blocking P2P traffic, worms etc). A
> typical 200Mbps throughput L7 device lists for around $30k NZ. Going to
> gigabit level your talking in excess of $100k. Then you have to build in
> redundancy. If you took a 10Gb environment and wanted to put L7 on it with
> redundancy then you are talking in the millions of dollars plus ongoing
> annual maintainance.
>

Very, very interesting.

In that case, I wonder if Orcon are using genuine L7 products? (well
thay say L7 QOS on their website)

"Daniel" <> wrote in message
news:ddu02h$du8$...
> Mark wrote:
>>
>> Ermmm hes kinda right. The products he talks about are L3/L4 products
>> that look at packet headers for traffic shaping and use protocol based
>> information to make decisions. This is fundamentally flawed though and
>> would assume P2P apps don't port hop (which would be very easy to do).
>> Where he does get things wrong is assuming L7 is not used, which it is.
>> However L7 products are a lot more complex and expensive than L3/4
>> products, as the L7 products look inside the data, reassemble it, and
>> analyze it.
>>
>> Most L7 products are not used for traffic shaping, they are used for
>> security purposes (ie identifying and blocking P2P traffic, worms etc). A
>> typical 200Mbps throughput L7 device lists for around $30k NZ. Going to
>> gigabit level your talking in excess of $100k. Then you have to build in
>> redundancy. If you took a 10Gb environment and wanted to put L7 on it
>> with redundancy then you are talking in the millions of dollars plus
>> ongoing annual maintainance.
>>
>
> Very, very interesting.
>
> In that case, I wonder if Orcon are using genuine L7 products? (well thay
> say L7 QOS on their website)

In reality its doubtful. However the problem these days is so many products
confuse terminology. One products "l7 QOS" might be just identifying
application traffic by port numbers, so while its not real L7 people could
argue all day over the semantics. So if you moved a P2P app to a
non-standard port its most likely their shaping would not pick it up, unless
of course they shape in reverse. What I mean by reverse is that everything
is low priority by default, then escalated if its identified. For example,
web traffic (port 80) is seen and given high priority, but say you access a
web server on a nonstandard port (say port 81) the traffic is not recognised
as web and give low priority.

A smart ISP would do it that way, adding protocols they want given priority,
such as http, https, smtp, pop3, smtp, then gaming ports and so on.

The only danger with such a system is people who run p2p apps on the
standard ports effectively bypassing the shaping. However, that is rare, and
some isps proxying process will break that.