[afnog] Use of BitTorrents in Academic Environments

Erik Rowberg erowberg at habari.co.tz
Wed Feb 27 13:39:02 UTC 2013 

I agree with implementing per-host bandwidth limits, but instead of static
bandwidth accross the board we found using volume limits made most users
happier. As long as you are under volume limits you get high speed (say
1mbps), if you go over you get limited lower (say 64kbps).  Without this
you are penalizing everyone because 5% take 90% of bandwidth.  Heavy p2p
24/7 users go over and are limited severely.  Others can download a
document at high speed and still have decent browsing.  The 5% read the
User Agreement and have no case.

For a university however you need roaming, which is hardwith static ip's
assigned to individual users.  of the half dozen universities here they
can't seem implement static ips.

Trying to block P2P is a never ending struggle.  you figure it out then
they change their system.  And then you need exceptions and exceptions.

erik


On Wed, Feb 27, 2013 at 2:19 PM, Kyle Spencer <kyle at stormzero.com> wrote:

> Hi Amon,
>
> I recommend implementing per-host bandwidth limits.
>
> For example, if you limit LAN connections at (or near) the gateway to
> 64Kbps down/128Kbps up, each user will be unable to exceed that amount
> of bandwidth no matter what they use the link for (e.g. HTTP,
> BitTorrent, FTP).
>
> Regards,
> Kyle Spencer
>
>
> On Wed, Feb 27, 2013 at 1:39 PM,  <afnog-request at afnog.org> wrote:
> > Send afnog mailing list submissions to
> >         afnog at afnog.org
> >
> > To subscribe or unsubscribe via the World Wide Web, visit
> >         http://afnog.org/mailman/listinfo/afnog
> > or, via email, send a message with subject or body 'help' to
> >         afnog-request at afnog.org
> >
> > You can reach the person managing the list at
> >         afnog-owner at afnog.org
> >
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of afnog digest..."
> >
> >
> > Today's Topics:
> >
> >    1. Re:  Use of BitTorrents in Academic Environments (Anibe Onuche)
> >    2. Re:  Use of BitTorrents in Academic Environments (Phil Regnauld)
> >    3. Re:  Use of BitTorrents in Academic Environments (Scott Weeks)
> >    4. Re:  Use of BitTorrents in Academic Environments (NJIE Paul EFOME)
> >    5. Re:  Use of BitTorrents in Academic Environments (Seun Ojedeji)
> >
> >
> > ----------------------------------------------------------------------
> >
> > Message: 1
> > Date: Tue, 26 Feb 2013 15:03:12 +0100
> > From: Anibe Onuche <a.onuche at nixp.net>
> > To: Stephane Bortzmeyer <bortzmeyer at nic.fr>
> > Cc: amon.kasonda at unza.zm, afnog at afnog.org
> > Subject: Re: [afnog] Use of BitTorrents in Academic Environments
> > Message-ID: <512CC0A0.3000703 at nixp.net>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> > I agree with the issue that Stephane raised below...
> >
> > So what are the student downloading? I mean as a student  i have free
> > bandwidth to play with and i can do as i please.
> > But wait... Limiting my internet usage could mean denying me internet
> > rights to access "legitimate content" despite the Volume of the content
> >
> > My sincere advise , Get dedicated servers with proper login identity,
> > Have policies that will guide them  e.g no movies, porn , Afcon football
> > matches :-(
> > Once We have contents that have been downloaded , other students can
> > access the database or request for a content if it is not found.
> >
> > Then we can start talking of Bandwidth restriction.. mind you some
> > bandwidth will be used for restriction.
> >
> > Anibe
> >
> >
> > On 2/26/2013 2:22 PM, Stephane Bortzmeyer wrote:
> >> On Tue, Feb 26, 2013 at 01:21:09PM +0200,
> >>   amon.kasonda at unza.zm <amon.kasonda at unza.zm> wrote
> >>   a message of 473 lines which said:
> >>
> >>> because of the effect it has on internet bandwidth
> >> So, when students wants to download FreeBSD or Arch Linux, you prefer
> >> them to use HTTP, thus downloading the same file several times,
> >> instead of only one (and then seeding it)?
> >>
> >>> and issues pertaining to security.
> >> Which ones? ("Security" is a buzzword which means many different
> >> things. Most of the times, its use is a warning signal.)
> >>
> >>
> >> _______________________________________________
> >> afnog mailing list
> >> http://afnog.org/mailman/listinfo/afnog
> >
> >
> > --
> >
> > Anibe Onuche
> > Internet Exchange Point of Nigeria
> > Network /Communication Department
> >
> > Tel:+234-809-3878-113
> > NOC:+234-809-3878-110
> > Website:www.ixp.net.ng
> >
> >
> >
> >
> > ------------------------------
> >
> > Message: 2
> > Date: Tue, 26 Feb 2013 23:59:33 +0800
> > From: Phil Regnauld <regnauld at nsrc.org>
> > To: amon.kasonda at unza.zm
> > Cc: afnog at afnog.org
> > Subject: Re: [afnog] Use of BitTorrents in Academic Environments
> > Message-ID: <20130226155933.GH9247 at macbook.bluepipe.net>
> > Content-Type: text/plain; charset=us-ascii
> >
> > amon.kasonda at unza.zm (amon.kasonda) writes:
> >> Dear All,
> >>
> >> I am seeking advice from IT experts in academic environments on
> >> how they have handled the issue of BitTorrents on their network.
> >> As a university we have blocked this service because of the effect
> >> it has on internet bandwidth and issues pertaining to security. This
> >> is an inherent default configuration policy I have found in the
> >> university. However, our users strongly feel the service must be
> >> restored to enhance their learning and internet experience. Your
> >> independent views in this regard are welcome.
> >
> >     Hello Amon,
> >
> >     A few observations and questions from an outsider:
> >
> >     While I understand that bittorrent is frighteningly efficient
> >     at downloading lots of content in a short time (which is,
> >     after all, that which it was designed to do), but I'm a bit
> >     curious about the security aspect. Would you care to elaborate
> >     on that particular point ? It would actually be useful for
> >     us as the question of dealing with bittorrent is quite a
> >     popular one when we talk to universities around the world.
> >
> >     Is it insecure clients ? Or something else ?
> >
> >     The next question is: how do you block bittorrent ? In doing
> >     so, are you certain that you are not blocking other services
> >     ?  Filtering ports 6881-6999 may not be enough as motivated
> >     users will find ways around it, such as changing the ports,
> >     or using encryption/ Tor. Third party solutions such as DPI
> >     or similar (NBAR) will have an impact on performance -
> >     something that may not be an issue today, but as networks
> >     get faster, this will almost certainly be a bottleneck (or
> >     get really expensive to license).
> >
> >     The third question is: while a major part of bittorrent
> >     content may not be of educational interest, can you be
> >     certain that limiting access to it is not going to hurt
> >     someone's research ?
> >
> >     For instance: http://en.wikipedia.org/wiki/BitTorrent#Education
> >
> > Education
> >
> > * Florida State University uses BitTorrent to distribute large scientific
> >   data sets to its researchers.[37]
> > * Many universities that have BOINC distributed computing projects have
> used
> >   the BitTorrent functionality of the client-server system to reduce the
> >   bandwidth costs of distributing the client side applications used to
> process
> >   the scientific data.
> >
> >     Finally, a suggestion: what some universities have done is:
> >
> >     1. Create an Acceptable Use Policy that all students and
> >     faculty must sign upon enrolling. This AUP will amont other
> >     things state that users and faculty are not allowed to use
> >     university facilities including Internet access to access
> >     or download material obtain illegally, and that university
> >     staff can terminate internet access for these users should
> >     they do so repeatedly.
> >
> >     2. Setup a passive monitor (span port, mirroring) to monitor
> >     traffic with something like Snort or NfSen, and upon detecting
> >     traffic on these ports, redirect the client's port 80 traffic
> >     to a webpage, where something similar is displayed:
> >
> > "You are currently, or have recently, been using bittorrent. If you
> > are running bittorrent, please take the following measures: limit
> > your upload and download rates as a courtesy to other users and
> > make sure you are not downloading material you do not have permission
> > to copy, as stated in the AUP. Do note that your IP, MAC address
> > and the time of this connection has been logged.
> >
> > If this is not the case, please disregard this message and click
> > Continue, but know that you may unknowingly be running software
> > that was installed without your knowledge."
> >
> >     What we've seen is that this (and it may be different in some
> >     parts of the world), is usually enough to make users think twice
> >     about using bittorrent for downloading content.
> >
> >
> >
> >
> >
> > ------------------------------
> >
> > Message: 3
> > Date: Tue, 26 Feb 2013 10:18:57 -0800
> > From: "Scott Weeks" <surfer at mauigateway.com>
> > To: <afnog at afnog.org>
> > Subject: Re: [afnog] Use of BitTorrents in Academic Environments
> > Message-ID: <20130226101857.FAFFBDF5 at m0005296.ppops.net>
> > Content-Type: text/plain; charset="UTF-8"
> >
> >
> > On 26/02/13 14:21, amon.kasonda at unza.zm wrote:
> >
> >> I am seeking advice from IT experts in academic environments on
> >> how they have handled the issue of BitTorrents on their network.
> >> As a university we have blocked this service because of the effect
> >> it has on internet bandwidth and issues pertaining to security. This
> >> is an inherent default configuration policy I have found in the
> >> university. However, our users strongly feel the service must be
> >> restored to enhance their learning and internet experience. Your
> >> independent views in this regard are welcome.
> > ---------------------------------------------------
> >
> >
> > Perhaps you can use QoS to prioritize important traffic
> > and let torrent traffic take what's left of your internet
> > circuit.  This doesn't do anything about the security
> > aspects you mention, but it controls your bandwidth in
> > a manner that allows everyone to get what they need and
> > then allows the rest of the bandwidth to go to the torrent
> > traffic.
> >
> > scott
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > afnog mailing list
> > http://afnog.org/mailman/listinfo/afnog
> >
> >
> >
> >
> >
> > ------------------------------
> >
> > Message: 4
> > Date: Wed, 27 Feb 2013 01:34:33 -0800 (PST)
> > From: NJIE Paul EFOME <efomenjie at camtel.cm>
> > To: "surfer at mauigateway.com" <surfer at mauigateway.com>,
> >         "afnog at afnog.org" <afnog at afnog.org>
> > Subject: Re: [afnog] Use of BitTorrents in Academic Environments
> > Message-ID:
> >         <1361957673.34466.YahooMailNeo at web124702.mail.ne1.yahoo.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > You can not use ports to block Bittorent. You'll need an application
> layer firewall like Palo-Alto to achieve this.
> > Regards,
> >
> > ----------------------------
> > NJIE Paul EFOME
> > DSIR (IT & IP Manager) - Camtel
> > B.P. 1571 Yaound? - Cameroon
> > Tel/Fax: +237-2222-5235
> > CDMA:? +237-2275-8229
> >
> >
> >
> >
> >>________________________________
> >> From: Scott Weeks <surfer at mauigateway.com>
> >>To: afnog at afnog.org
> >>Sent: Tuesday, February 26, 2013 7:18 PM
> >>Subject: Re: [afnog] Use of BitTorrents in Academic Environments
> >>
> >>
> >>On 26/02/13 14:21, amon.kasonda at unza.zm wrote:
> >>
> >>> I am seeking advice from IT experts in academic environments on
> >>> how they have handled the issue of BitTorrents on their network.
> >>> As a university we have blocked this service because of the effect
> >>> it has on internet bandwidth and issues pertaining to security. This
> >>> is an inherent default configuration policy I have found in the
> >>> university. However, our users strongly feel the service must be
> >>> restored to enhance their learning and internet experience. Your
> >>> independent views in this regard are welcome.
> >>---------------------------------------------------
> >>
> >>
> >>Perhaps you can use QoS to prioritize important traffic
> >>and let torrent traffic take what's left of your internet
> >>circuit.? This doesn't do anything about the security
> >>aspects you mention, but it controls your bandwidth in
> >>a manner that allows everyone to get what they need and
> >>then allows the rest of the bandwidth to go to the torrent
> >>traffic.
> >>
> >>scott
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>_______________________________________________
> >>afnog mailing list
> >>http://afnog.org/mailman/listinfo/afnog
> >>
> >>
> >>
> >>_______________________________________________
> >>afnog mailing list
> >>http://afnog.org/mailman/listinfo/afnog
> >>
> >>
> >>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> http://afnog.org/pipermail/afnog/attachments/20130227/6431dac2/attachment-0001.html
> >
> >
> > ------------------------------
> >
> > Message: 5
> > Date: Wed, 27 Feb 2013 11:38:58 +0100
> > From: Seun Ojedeji <seun.ojedeji at gmail.com>
> > To: NJIE Paul EFOME <efomenjie at camtel.cm>
> > Cc: "afnog at afnog.org" <afnog at afnog.org>
> > Subject: Re: [afnog] Use of BitTorrents in Academic Environments
> > Message-ID:
> >         <
> CAD_dc6gCxZbgxy1924ZsSpbPYcX_NVgB7F+gBu8xcFtSg39tCg at mail.gmail.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> >
> > On Wed, Feb 27, 2013 at 10:34 AM, NJIE Paul EFOME <efomenjie at camtel.cm
> >wrote:
> >
> >> You can not use ports to block Bittorent.
> >>
> >
> > Using TCP/UDP port numbers(ofcourse you don't mean interface ports ;) at
> > times can be dicey as those ports can be easily changed considering the
> > more sophisticated torrent clients we have around. Also blocking range of
> > ports may actually block off some important sites who necessary are not
> > torrents....at least i know it can affect some linux update sources
> >
> >
> >> You'll need an application layer firewall like Palo-Alto to achieve
> this.
> >>
> >
> > On a personal note i usually don't worry much about filtering torrents, i
> > only worry about ensuring each client gets a fair share of the bandwidth.
> >
> > Cheers!
> >
> >> Regards,
> >> ----------------------------
> >> NJIE Paul EFOME
> >> DSIR (IT & IP Manager) - Camtel
> >> B.P. 1571 Yaound? - Cameroon
> >> Tel/Fax: +237-2222-5235
> >> CDMA:  +237-2275-8229
> >>
> >>   ------------------------------
> >> *From:* Scott Weeks <surfer at mauigateway.com>
> >> *To:* afnog at afnog.org
> >> *Sent:* Tuesday, February 26, 2013 7:18 PM
> >> *Subject:* Re: [afnog] Use of BitTorrents in Academic Environments
> >>
> >>
> >> On 26/02/13 14:21, amon.kasonda at unza.zm wrote:
> >>
> >> > I am seeking advice from IT experts in academic environments on
> >> > how they have handled the issue of BitTorrents on their network.
> >> > As a university we have blocked this service because of the effect
> >> > it has on internet bandwidth and issues pertaining to security. This
> >> > is an inherent default configuration policy I have found in the
> >> > university. However, our users strongly feel the service must be
> >> > restored to enhance their learning and internet experience. Your
> >> > independent views in this regard are welcome.
> >> ---------------------------------------------------
> >>
> >>
> >> Perhaps you can use QoS to prioritize important traffic
> >> and let torrent traffic take what's left of your internet
> >> circuit.  This doesn't do anything about the security
> >> aspects you mention, but it controls your bandwidth in
> >> a manner that allows everyone to get what they need and
> >> then allows the rest of the bandwidth to go to the torrent
> >> traffic.
> >>
> >> scott
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> afnog mailing list
> >> http://afnog.org/mailman/listinfo/afnog
> >>
> >>
> >>
> >> _______________________________________________
> >> afnog mailing list
> >> http://afnog.org/mailman/listinfo/afnog
> >>
> >>
> >>
> >> _______________________________________________
> >> afnog mailing list
> >> http://afnog.org/mailman/listinfo/afnog
> >>
> >
> >
> >
> > --
> > ------------------------------------------------------------------------
> >
> > *Seun Ojedeji,
> > Federal University Oye-Ekiti
> > web:      http://www.fuoye.edu.ng
> > Mobile: +2348035233535
> > **alt email: <http://goog_1872880453>seun.ojedeji at fuoye.edu.ng*
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> http://afnog.org/pipermail/afnog/attachments/20130227/a1af7b79/attachment.html
> >
> >
> > ------------------------------
> >
> > _______________________________________________
> > afnog mailing list
> >
> > End of afnog Digest, Vol 107, Issue 29
> > **************************************
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20130227/231742af/attachment-0001.html>

More information about the afnog mailing list