NSU's Peer to Peer Policy

Northeastern State University
How to Block Peer to Peer

Challenge:
The popularity of P2P applications is causing significant concerns from a legal point of view, and it also creates network problems for the University. Because P2P applications differ from traditional client-server applications in the way they operate, they fall outside the parameters that existing network infrastructure is designed to meet.

Table 1 demonstrates how P2P technologies can impact network traffic


Parameter

Relevance to Network Planning

Traditional Application

P2P Impact

Upstream/downstream traffic ratio

The asymmetrical nature of networks mandates that the amount of upstream traffic the network sustains differs from the amount of downstream traffic. The ratio is correlated to application requirements. If the network ratio assumption is incorrect, congestion and unused capacity results.

Typical network use for applications such as e-mail, Web browsing, etc., generates a larger amount of downstream traffic for a single upstream request.

With P2P applications, users share files and a typical peer serves megabytes of files, causing a shift in the upstream/downstream ratio. Congestion results on the upstream link because of a larger number of subscribers using the upstream link.

Time of day and percentage of activity

Typically we have seen that during the day most of the traffic was consumed by the University traffic (Internet, ITV, e-mail, filer access, etc.). We assumed that dorm traffic would peak at night time and during weekends.

Time-of-day and percentage-of-activity assumptions for residential broadband subscribers assume the user is active only when present, typically weekends and evenings.

P2P applications run 24 hours in the background, constantly downloading content, and are left unattended for days at a time.

Estimated traffic volume

Network bandwidth is finite for all its users.

Traditional applications have a large "time-to-consume" factor: A small Webpage can take several minutes to read, and a single e-mail message might take several hours to process.

P2P applications are mainly used to share large binary files that have a much lower "attention-per-byte" ratio. A typical music download occurs at 3- to 5-MB speeds, whereas a movie download is at GB speeds.

Solutions:
In order to combat P2P traffic, we must:

  1. Find out what P2P traffic is used on our network and contain it
  2. Identify users who use P2P applications
  3. Block P2P traffic

At the same time, we should make sure that actions taken do not interfere with University traffic, web browsing, e-mail. 

Identifying P2P traffic:
To understand the type of P2P traffic that is running on our network, we must have tools that can identify P2P-related packets and differentiate them from regular IP traffic.  However, many of the communication protocols used by P2P applications are extremely difficult to detect using traditional techniques.  Specifically, many P2P protocols do not use static, well-known port numbers, but rather dynamically use available port numbers and can frequently mask themselves by using ports reserved for other applications. For example, KaZaA uses port 80, typically reserved for HTTP Web browsing for its own communication, allowing it to penetrate firewalls and network packet filters. This makes it impossible to identify, track, or control P2P traffic by using simple port-based classification.

Controlling P2P Traffic with Policies:

  1. Deprioritizing  P2P
  2. Throttling upstream traffic (file upload) while not limiting downstream traffic (file downloads)
  3. Limit P2P access during certain periods of the day or week
  4. Limit P2P access based on traffic source and destination (dorm users)
  5. Enforce a quota, which when depleted, throttles back P2p traffic or all traffic

Identify Users Who Use P2P Applications:

  1. Monitor IP connections to well known P2P servers
  2. Utilize Layer 7 stateful packet inspection
  3. Scan PC’s applications prior to allowing connection to network

Block P2P traffic:

  1. Implement IP based access list at the core or the firewall
  2. Block access to well known P2P utilized ports
  3. Restrict Layer 7 P2P traffic

What Can We Do:

  1. Write an official University policy prohibiting or limiting P2P traffic
  2. Implement IP access lists which will block access to well know IP address of static sharing servers
  3. Implement port based access list which will block access to well known ports used by P2P applications
  4. Identify and block P2P traffic with IPS/IDP solution
  5. Utilize Layer 7 network based application recognition at the core router
  6. Identify and block P2P traffic with bandwidth management appliance
  7. Scan PC’s programs with network access solution

None of these solutions are perfect.  Some of them can have negative impact on NSU’s business traffic such as implementation of network based application recognition.  A combination of these options might work in a short term, however, a long term solution will require a network based appliance which is specifically designed to identify and block P2P traffic.

 

 
NetNotes Home Page
Frequently Asked Questions
The Latest NET Happenings
Campus Wide Email Groups
NetNotes Historical Data
Do It Yourself - Self Help Tutorials
The Web or NetNotes
Service Interruptions
Online Forms
Fun N Useful Stuff
I Need Assistance NOW!