Traffic shaping and ports....

Discussion in 'NZ Computing' started by steve, Aug 11, 2005.

  1. steve

    steve Guest

    The Gnutella network (Bearshare, Limeware, Shareaza,
    gtk-gnutella....etc....) appears to be able to use any port.

    I have one system on a port in the 10ks and another on a port in the
    30ks....and obth work fine.

    How would any traffic shaping work out what the application is when the
    port used is - apparently - almost random?
    steve, Aug 11, 2005
    1. Advertisements

  2. steve

    Nova Guest

    They simply inspect the packets, layer 7 inspection.
    So if an ISP is using this it won't matter what port you use your p2p
    on, they will know :)

    Of course not all ISP's use this and usually only start shaping p2p
    traffic when other traffic is suffering.
    Nova, Aug 11, 2005
    1. Advertisements

  3. steve

    Daniel Guest

    Hmmm... curious.

    I would be surprised if any NZ ISP had the kind of processing power (and
    money) to do that kind of thing.

    The US Govt - possibly.

    Sniffing a packet is one thing, sniffing literally millions every
    second, let alone decoding them into meaningful data - assuming you've
    guessed the right protocol (i.e. layers about TCP/IP), not even counting
    packets with encrypted payloads, and doing all this in realtime?

    However, perhaps there's something I'm missing?

    Do you know what mechanism they're using to sniff packets, and what
    method of shaping is being implemented?
    Daniel, Aug 14, 2005
  4. steve

    Daniel Guest

    Oops, that should read "layers above TCP/IP"..
    Daniel, Aug 14, 2005
  5. steve

    ~misfit~ Guest

    It seems Orcon are doing it. I'm out of my depth here but from what is said
    on this page:

    It seems they are doing layer 7 inspection.

    Are you surprised?
    ~misfit~, Aug 15, 2005
  6. steve

    Daniel Guest

    Interesting - thanks for the info.

    I came across this as my first primer to L7 QOS filtering:

    Yes, pattern matching packet headers for protocols did occur to me when
    I was writing the post.

    So, it's not totally fool proof, but, it'll certainly catch people who
    just use different port numbers for P2P traffic - assuming they are one
    of the "suspected" ones (i.e. do enough traffic to warrant L7 QOS

    I guess, the other option (assuming it hasn't already been done) is to
    simply do P2P over an ssh tunnel. That would defeat the L7 QOS, and I
    guess things will eventually go that way anyway.
    Daniel, Aug 15, 2005
  7. steve

    Daniel Guest

    I was of course assuming that that an ISP would let high bandwidth SSL
    traffic through unfiltered, as they don't know what's inside.

    Otherwise, they could just do L7 filtering on SSL traffic. Which would
    be a bit annoying since they don't know what the "real" traffic is.

    Which brings us back full circle to the reasons behind doing traffic
    shaping in the first place.

    I like the model where you pay for what you use. It's fairer and doesn't
    penalise low capacity users. Of course, since the prmary DSL capacity
    provider has a monopoly, things aren't always so simple.
    Daniel, Aug 15, 2005
  8. But doing that you then have to centralise, or (I guess) multiple ssh
    tunnels to multiple hosts... kinda annoying, but I guess it could be
    done and automated...
    Dave -, Aug 15, 2005
  9. steve

    ~misfit~ Guest

    You're welcome. Your comment about layer 7 fired off a vague memory so I
    hunted it down. I actually know nothing about it.
    Hmmm. Out of my league again. :) I'm not a p2p user, or at least very,
    very rarelt so I'll just use defaults I think.

    ~misfit~, Aug 15, 2005
  10. steve

    dennis Guest

    I think its funny that you don't think "any NZ ISP" can afford a
    shaping device but that they can afford multi-gigabits of bandwidth
    (which would be required for "millions of packets/second"). A shaping
    device allows you to put 3-4 times more customers on a network, so they
    pay for themselves as soon as you plug them in. A device that can
    "sniff" 300K pps is about US$ 5K, which is probably what they'd pay per
    month for a couple of T1s in NZ (ie not very much).

    The trend is towards shaping all of the traffic on your IP so "L7
    inspections" are not required, which allows for the case of being able
    to shape traffic at gigabit speeds. The effects are somewhat the same
    to you, as p2p applications will quickly eat up your allotment due to
    their parasitic nature. By shaping your entire IP it doesn't matter
    what you run or what port you run it on; the controls are global so as
    soon as you start eating up bandwidth you are defeated.

    You can defeat L7 bandwidth management by tunneling to an external
    system, preferably with encryption. If the ISP has per IP controls
    there is nothing you can do realistically to get around it.

    Emerging Technologies, Inc.
    Bandwidth Management Solutions
    dennis, Aug 15, 2005
  11. Yes.. its done via Layer7. There are quite a number of companies
    offereing boxes which do Layer 7 QOS. Cisco,Allot,ETINC?,.. + more

    There are still a lot (mos?t) who do no layer7 so do something like
    port 80 is higher priority and everything else is slow.

    Or they do nothing and everythign is slow (as P2P is 90% of the

    ISP's only have a limited pipe they can use. either limited by Telecom
    (such as for UBS) or limited on the amount of bandwidth they can
    afford for its customers. And they have to do something to make it
    "the best for the greater good".

    Yes people complain about P2P speeds.. but do you really think that
    downloading illegal material off the net is "right". If any kind of
    P2P was removed from the internet then maybe ISP's can offer you UBS
    at $10/Month with no caps. Until then, ISP's have to offer customers
    what makes most people happy/

    At slow speeds (say under 100M) even a linux box can do Layer7
    perfectly well. (and its free)
    Yes.. a device which will do a few T1's (E1's in NZ) is quite
    cheaper.(4-5Mbit of traffic). Getting up to Gigabit speeds does
    increase the amount by a lot.

    Craig Whitmore, Aug 16, 2005
  12. steve

    Richard Guest

    If it wasnt for p2p I would just be on a 24/7 dialup connection, its not like
    128k out makes any non p2p apps work that much better then dialup, still useless
    for voip and other use at the same time.
    Richard, Aug 16, 2005
  13. steve

    Brendan Guest

    If by 'illegal' you mean copyrighted, then yes - I do think it is right.
    IP law exists at the sufferance of the electorate. That electorate is now
    displaying it's dissatisfaction with IP law by disobeying it en-mass; IP
    law has no mandate for it's current incarnation.

    Slippery slope, Craig. The moment you start exerting control over useage of
    their connection, you forfeit any common carrier arguments and might be
    found liable as contributory offenders.
    Crap. p2p is the killer app of broadband.

    If your employer has built a business model around people not fully
    utilising what they have paid for, that is Orcon's problem.


    .... Brendan

    #329409 +(3857)- [X]

    <benja> A worldwide survey was conducted by the UN. The only question
    asked was:"Would you please give your honest opinion about solutions to the
    food shortage in the rest of the world?"
    <benja> The survey was a huge failure...
    <benja> In Africa they didn't know what "food" meant.
    <benja> In Eastern Europe they didn't know what "honest" meant.
    <benja> In Western Europe they didn't know what "shortage" meant.
    <benja> In China they didn't know what "opinion" meant.
    <benja> In the Middle East they didn't know what "solution" meant.
    <benja> In South America they didn't know what "please" meant.
    <benja> And in the USA they didn't know what "the rest of the world" meant

    Note: All my comments are copyright 16/08/2005 10:24:54 p.m. and are opinion only where not otherwise stated and always "to the best of my recollection".
    Brendan, Aug 16, 2005
  14. steve

    dennis Guest

    ISPs aren't usually Oxford graduates. Offering something that can't be
    delivered is a marketing technique thats been used since the beginning
    of time.

    And lets try to be accurate, p2p is not "Level 7". Its L3 and/or L4. L7
    would imply application level stuff, such as knowing which user is
    logged it, or which command is being executed. protocols run at L3/L4

    Whether its "right" or not is and should not be an ISP issue. In my
    view, ISPs should not decide which applications are good and which are
    bad. They should manage bandwidth. You get "this much" for what you
    pay. If you use more, you'll be throttled. ISPs are bandwidth
    resellers, not content watchdogs. Most of them just aren't smart enough
    to figure out any other way to do things.

    dennis, Aug 16, 2005
  15. steve

    steve Guest


    How long before these apps start to encrypt traffic - and layers other than
    purely IP routing - once the peer to peer connection is established?
    steve, Aug 16, 2005
  16. I hope your ISP throttles you if you ever want to download the latest
    Knoppix release with a torrent client.

    Nicholas Sherlock
    Nicholas Sherlock, Aug 16, 2005
  17. *SNIP*

    Much as I hate to agree with someone who brands all P2P traffic as
    "illegal" (Craig should know better!), he's right. P2P stuff runs well
    above layer four - layer, not level, for starters, and calling it "level"
    shows your ignorance. Layer four is TCP/UDP, and you can't tell diddly
    about a connection if you're inspecting so far down the stack. You need to
    be looking at least to layer six to get some idea of what's going on
    inside the connection.
    Matthew Poole, Aug 16, 2005
  18. steve

    Mark Guest

    Ermmm hes kinda right. The products he talks about are L3/L4 products that
    look at packet headers for traffic shaping and use protocol based
    information to make decisions. This is fundamentally flawed though and would
    assume P2P apps don't port hop (which would be very easy to do). Where he
    does get things wrong is assuming L7 is not used, which it is. However L7
    products are a lot more complex and expensive than L3/4 products, as the L7
    products look inside the data, reassemble it, and analyze it.

    Most L7 products are not used for traffic shaping, they are used for
    security purposes (ie identifying and blocking P2P traffic, worms etc). A
    typical 200Mbps throughput L7 device lists for around $30k NZ. Going to
    gigabit level your talking in excess of $100k. Then you have to build in
    redundancy. If you took a 10Gb environment and wanted to put L7 on it with
    redundancy then you are talking in the millions of dollars plus ongoing
    annual maintainance.
    Mark, Aug 17, 2005
  19. steve

    Daniel Guest

    Very, very interesting.

    In that case, I wonder if Orcon are using genuine L7 products? (well
    thay say L7 QOS on their website)
    Daniel, Aug 17, 2005
  20. steve

    Mark Guest

    In reality its doubtful. However the problem these days is so many products
    confuse terminology. One products "l7 QOS" might be just identifying
    application traffic by port numbers, so while its not real L7 people could
    argue all day over the semantics. So if you moved a P2P app to a
    non-standard port its most likely their shaping would not pick it up, unless
    of course they shape in reverse. What I mean by reverse is that everything
    is low priority by default, then escalated if its identified. For example,
    web traffic (port 80) is seen and given high priority, but say you access a
    web server on a nonstandard port (say port 81) the traffic is not recognised
    as web and give low priority.

    A smart ISP would do it that way, adding protocols they want given priority,
    such as http, https, smtp, pop3, smtp, then gaming ports and so on.

    The only danger with such a system is people who run p2p apps on the
    standard ports effectively bypassing the shaping. However, that is rare, and
    some isps proxying process will break that.
    Mark, Aug 17, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.