<br>I agree with implementing per-host bandwidth limits, but instead of static bandwidth accross the board we found using volume limits made most users happier. As long as you are under volume limits you get high speed (say 1mbps), if you go over you get limited lower (say 64kbps). Without this you are penalizing everyone because 5% take 90% of bandwidth. Heavy p2p 24/7 users go over and are limited severely. Others can download a document at high speed and still have decent browsing. The 5% read the User Agreement and have no case.<br>
<br>For a university however you need roaming, which is hardwith static ip's assigned to individual users. of the half dozen universities here they can't seem implement static ips. <br><br>Trying to block P2P is a never ending struggle. you figure it out then they change their system. And then you need exceptions and exceptions.<br>
<br>erik <br><br><br><div class="gmail_quote">On Wed, Feb 27, 2013 at 2:19 PM, Kyle Spencer <span dir="ltr"><<a href="mailto:kyle@stormzero.com" target="_blank">kyle@stormzero.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Amon,<br>
<br>
I recommend implementing per-host bandwidth limits.<br>
<br>
For example, if you limit LAN connections at (or near) the gateway to<br>
64Kbps down/128Kbps up, each user will be unable to exceed that amount<br>
of bandwidth no matter what they use the link for (e.g. HTTP,<br>
BitTorrent, FTP).<br>
<br>
Regards,<br>
Kyle Spencer<br>
<br>
<br>
On Wed, Feb 27, 2013 at 1:39 PM, <<a href="mailto:afnog-request@afnog.org">afnog-request@afnog.org</a>> wrote:<br>
> Send afnog mailing list submissions to<br>
> <a href="mailto:afnog@afnog.org">afnog@afnog.org</a><br>
><br>
> To subscribe or unsubscribe via the World Wide Web, visit<br>
> <a href="http://afnog.org/mailman/listinfo/afnog" target="_blank">http://afnog.org/mailman/listinfo/afnog</a><br>
> or, via email, send a message with subject or body 'help' to<br>
> <a href="mailto:afnog-request@afnog.org">afnog-request@afnog.org</a><br>
><br>
> You can reach the person managing the list at<br>
> <a href="mailto:afnog-owner@afnog.org">afnog-owner@afnog.org</a><br>
><br>
> When replying, please edit your Subject line so it is more specific<br>
> than "Re: Contents of afnog digest..."<br>
><br>
><br>
> Today's Topics:<br>
><br>
> 1. Re: Use of BitTorrents in Academic Environments (Anibe Onuche)<br>
> 2. Re: Use of BitTorrents in Academic Environments (Phil Regnauld)<br>
> 3. Re: Use of BitTorrents in Academic Environments (Scott Weeks)<br>
> 4. Re: Use of BitTorrents in Academic Environments (NJIE Paul EFOME)<br>
> 5. Re: Use of BitTorrents in Academic Environments (Seun Ojedeji)<br>
><br>
><br>
> ----------------------------------------------------------------------<br>
><br>
> Message: 1<br>
> Date: Tue, 26 Feb 2013 15:03:12 +0100<br>
> From: Anibe Onuche <<a href="mailto:a.onuche@nixp.net">a.onuche@nixp.net</a>><br>
> To: Stephane Bortzmeyer <<a href="mailto:bortzmeyer@nic.fr">bortzmeyer@nic.fr</a>><br>
> Cc: <a href="mailto:amon.kasonda@unza.zm">amon.kasonda@unza.zm</a>, <a href="mailto:afnog@afnog.org">afnog@afnog.org</a><br>
<div class="im">> Subject: Re: [afnog] Use of BitTorrents in Academic Environments<br>
</div>> Message-ID: <<a href="mailto:512CC0A0.3000703@nixp.net">512CC0A0.3000703@nixp.net</a>><br>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
><br>
> I agree with the issue that Stephane raised below...<br>
><br>
> So what are the student downloading? I mean as a student i have free<br>
> bandwidth to play with and i can do as i please.<br>
> But wait... Limiting my internet usage could mean denying me internet<br>
> rights to access "legitimate content" despite the Volume of the content<br>
><br>
> My sincere advise , Get dedicated servers with proper login identity,<br>
> Have policies that will guide them e.g no movies, porn , Afcon football<br>
> matches :-(<br>
> Once We have contents that have been downloaded , other students can<br>
> access the database or request for a content if it is not found.<br>
><br>
> Then we can start talking of Bandwidth restriction.. mind you some<br>
> bandwidth will be used for restriction.<br>
><br>
> Anibe<br>
><br>
><br>
> On 2/26/2013 2:22 PM, Stephane Bortzmeyer wrote:<br>
>> On Tue, Feb 26, 2013 at 01:21:09PM +0200,<br>
>> <a href="mailto:amon.kasonda@unza.zm">amon.kasonda@unza.zm</a> <<a href="mailto:amon.kasonda@unza.zm">amon.kasonda@unza.zm</a>> wrote<br>
<div class="im">>> a message of 473 lines which said:<br>
>><br>
>>> because of the effect it has on internet bandwidth<br>
</div>>> So, when students wants to download FreeBSD or Arch Linux, you prefer<br>
>> them to use HTTP, thus downloading the same file several times,<br>
>> instead of only one (and then seeding it)?<br>
<div class="im">>><br>
>>> and issues pertaining to security.<br>
</div>>> Which ones? ("Security" is a buzzword which means many different<br>
>> things. Most of the times, its use is a warning signal.)<br>
<div class="im">>><br>
>><br>
>> _______________________________________________<br>
>> afnog mailing list<br>
>> <a href="http://afnog.org/mailman/listinfo/afnog" target="_blank">http://afnog.org/mailman/listinfo/afnog</a><br>
><br>
><br>
> --<br>
><br>
</div>> Anibe Onuche<br>
> Internet Exchange Point of Nigeria<br>
> Network /Communication Department<br>
><br>
> Tel:<a href="tel:%2B234-809-3878-113" value="+2348093878113">+234-809-3878-113</a><br>
> NOC:<a href="tel:%2B234-809-3878-110" value="+2348093878110">+234-809-3878-110</a><br>
> Website:<a href="http://www.ixp.net.ng" target="_blank">www.ixp.net.ng</a><br>
><br>
><br>
><br>
><br>
> ------------------------------<br>
><br>
> Message: 2<br>
> Date: Tue, 26 Feb 2013 23:59:33 +0800<br>
> From: Phil Regnauld <<a href="mailto:regnauld@nsrc.org">regnauld@nsrc.org</a>><br>
> To: <a href="mailto:amon.kasonda@unza.zm">amon.kasonda@unza.zm</a><br>
> Cc: <a href="mailto:afnog@afnog.org">afnog@afnog.org</a><br>
<div class="im">> Subject: Re: [afnog] Use of BitTorrents in Academic Environments<br>
</div>> Message-ID: <<a href="mailto:20130226155933.GH9247@macbook.bluepipe.net">20130226155933.GH9247@macbook.bluepipe.net</a>><br>
> Content-Type: text/plain; charset=us-ascii<br>
><br>
> <a href="mailto:amon.kasonda@unza.zm">amon.kasonda@unza.zm</a> (amon.kasonda) writes:<br>
>> Dear All,<br>
<div class="im">>><br>
>> I am seeking advice from IT experts in academic environments on<br>
>> how they have handled the issue of BitTorrents on their network.<br>
>> As a university we have blocked this service because of the effect<br>
>> it has on internet bandwidth and issues pertaining to security. This<br>
>> is an inherent default configuration policy I have found in the<br>
>> university. However, our users strongly feel the service must be<br>
>> restored to enhance their learning and internet experience. Your<br>
>> independent views in this regard are welcome.<br>
><br>
</div>> Hello Amon,<br>
><br>
> A few observations and questions from an outsider:<br>
><br>
> While I understand that bittorrent is frighteningly efficient<br>
> at downloading lots of content in a short time (which is,<br>
> after all, that which it was designed to do), but I'm a bit<br>
> curious about the security aspect. Would you care to elaborate<br>
> on that particular point ? It would actually be useful for<br>
> us as the question of dealing with bittorrent is quite a<br>
> popular one when we talk to universities around the world.<br>
><br>
> Is it insecure clients ? Or something else ?<br>
><br>
> The next question is: how do you block bittorrent ? In doing<br>
> so, are you certain that you are not blocking other services<br>
> ? Filtering ports 6881-6999 may not be enough as motivated<br>
> users will find ways around it, such as changing the ports,<br>
> or using encryption/ Tor. Third party solutions such as DPI<br>
> or similar (NBAR) will have an impact on performance -<br>
> something that may not be an issue today, but as networks<br>
> get faster, this will almost certainly be a bottleneck (or<br>
> get really expensive to license).<br>
><br>
> The third question is: while a major part of bittorrent<br>
> content may not be of educational interest, can you be<br>
> certain that limiting access to it is not going to hurt<br>
> someone's research ?<br>
><br>
> For instance: <a href="http://en.wikipedia.org/wiki/BitTorrent#Education" target="_blank">http://en.wikipedia.org/wiki/BitTorrent#Education</a><br>
><br>
> Education<br>
><br>
> * Florida State University uses BitTorrent to distribute large scientific<br>
> data sets to its researchers.[37]<br>
> * Many universities that have BOINC distributed computing projects have used<br>
> the BitTorrent functionality of the client-server system to reduce the<br>
> bandwidth costs of distributing the client side applications used to process<br>
> the scientific data.<br>
><br>
> Finally, a suggestion: what some universities have done is:<br>
><br>
> 1. Create an Acceptable Use Policy that all students and<br>
> faculty must sign upon enrolling. This AUP will amont other<br>
> things state that users and faculty are not allowed to use<br>
> university facilities including Internet access to access<br>
> or download material obtain illegally, and that university<br>
> staff can terminate internet access for these users should<br>
> they do so repeatedly.<br>
><br>
> 2. Setup a passive monitor (span port, mirroring) to monitor<br>
> traffic with something like Snort or NfSen, and upon detecting<br>
> traffic on these ports, redirect the client's port 80 traffic<br>
> to a webpage, where something similar is displayed:<br>
><br>
> "You are currently, or have recently, been using bittorrent. If you<br>
> are running bittorrent, please take the following measures: limit<br>
> your upload and download rates as a courtesy to other users and<br>
> make sure you are not downloading material you do not have permission<br>
> to copy, as stated in the AUP. Do note that your IP, MAC address<br>
> and the time of this connection has been logged.<br>
><br>
> If this is not the case, please disregard this message and click<br>
> Continue, but know that you may unknowingly be running software<br>
> that was installed without your knowledge."<br>
><br>
> What we've seen is that this (and it may be different in some<br>
> parts of the world), is usually enough to make users think twice<br>
> about using bittorrent for downloading content.<br>
><br>
><br>
><br>
><br>
><br>
> ------------------------------<br>
><br>
> Message: 3<br>
> Date: Tue, 26 Feb 2013 10:18:57 -0800<br>
<div class="im">> From: "Scott Weeks" <<a href="mailto:surfer@mauigateway.com">surfer@mauigateway.com</a>><br>
> To: <<a href="mailto:afnog@afnog.org">afnog@afnog.org</a>><br>
</div><div class="im">> Subject: Re: [afnog] Use of BitTorrents in Academic Environments<br>
</div>> Message-ID: <<a href="mailto:20130226101857.FAFFBDF5@m0005296.ppops.net">20130226101857.FAFFBDF5@m0005296.ppops.net</a>><br>
> Content-Type: text/plain; charset="UTF-8"<br>
<div class="im">><br>
><br>
> On 26/02/13 14:21, <a href="mailto:amon.kasonda@unza.zm">amon.kasonda@unza.zm</a> wrote:<br>
><br>
>> I am seeking advice from IT experts in academic environments on<br>
>> how they have handled the issue of BitTorrents on their network.<br>
>> As a university we have blocked this service because of the effect<br>
>> it has on internet bandwidth and issues pertaining to security. This<br>
>> is an inherent default configuration policy I have found in the<br>
>> university. However, our users strongly feel the service must be<br>
>> restored to enhance their learning and internet experience. Your<br>
>> independent views in this regard are welcome.<br>
> ---------------------------------------------------<br>
><br>
><br>
> Perhaps you can use QoS to prioritize important traffic<br>
> and let torrent traffic take what's left of your internet<br>
> circuit. This doesn't do anything about the security<br>
> aspects you mention, but it controls your bandwidth in<br>
> a manner that allows everyone to get what they need and<br>
> then allows the rest of the bandwidth to go to the torrent<br>
> traffic.<br>
><br>
> scott<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> afnog mailing list<br>
> <a href="http://afnog.org/mailman/listinfo/afnog" target="_blank">http://afnog.org/mailman/listinfo/afnog</a><br>
><br>
><br>
><br>
><br>
><br>
</div>> ------------------------------<br>
><br>
> Message: 4<br>
> Date: Wed, 27 Feb 2013 01:34:33 -0800 (PST)<br>
> From: NJIE Paul EFOME <<a href="mailto:efomenjie@camtel.cm">efomenjie@camtel.cm</a>><br>
> To: "<a href="mailto:surfer@mauigateway.com">surfer@mauigateway.com</a>" <<a href="mailto:surfer@mauigateway.com">surfer@mauigateway.com</a>>,<br>
> "<a href="mailto:afnog@afnog.org">afnog@afnog.org</a>" <<a href="mailto:afnog@afnog.org">afnog@afnog.org</a>><br>
<div class="im">> Subject: Re: [afnog] Use of BitTorrents in Academic Environments<br>
</div>> Message-ID:<br>
> <<a href="mailto:1361957673.34466.YahooMailNeo@web124702.mail.ne1.yahoo.com">1361957673.34466.YahooMailNeo@web124702.mail.ne1.yahoo.com</a>><br>
> Content-Type: text/plain; charset="iso-8859-1"<br>
><br>
> You can not use ports to block Bittorent. You'll need an application layer firewall like Palo-Alto to achieve this.<br>
<div class="im">> Regards,<br>
><br>
> ----------------------------<br>
> NJIE Paul EFOME<br>
> DSIR (IT & IP Manager) - Camtel<br>
</div>> B.P. 1571 Yaound? - Cameroon<br>
> Tel/Fax: <a href="tel:%2B237-2222-5235" value="+23722225235">+237-2222-5235</a><br>
> CDMA:? <a href="tel:%2B237-2275-8229" value="+23722758229">+237-2275-8229</a><br>
<div class="im">><br>
><br>
><br>
><br>
>>________________________________<br>
>> From: Scott Weeks <<a href="mailto:surfer@mauigateway.com">surfer@mauigateway.com</a>><br>
>>To: <a href="mailto:afnog@afnog.org">afnog@afnog.org</a><br>
>>Sent: Tuesday, February 26, 2013 7:18 PM<br>
>>Subject: Re: [afnog] Use of BitTorrents in Academic Environments<br>
>><br>
>><br>
>>On 26/02/13 14:21, <a href="mailto:amon.kasonda@unza.zm">amon.kasonda@unza.zm</a> wrote:<br>
>><br>
>>> I am seeking advice from IT experts in academic environments on<br>
>>> how they have handled the issue of BitTorrents on their network.<br>
>>> As a university we have blocked this service because of the effect<br>
>>> it has on internet bandwidth and issues pertaining to security. This<br>
>>> is an inherent default configuration policy I have found in the<br>
>>> university. However, our users strongly feel the service must be<br>
>>> restored to enhance their learning and internet experience. Your<br>
>>> independent views in this regard are welcome.<br>
>>---------------------------------------------------<br>
>><br>
>><br>
>>Perhaps you can use QoS to prioritize important traffic<br>
>>and let torrent traffic take what's left of your internet<br>
</div>>>circuit.? This doesn't do anything about the security<br>
<div class="im">>>aspects you mention, but it controls your bandwidth in<br>
>>a manner that allows everyone to get what they need and<br>
>>then allows the rest of the bandwidth to go to the torrent<br>
>>traffic.<br>
>><br>
>>scott<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>>_______________________________________________<br>
>>afnog mailing list<br>
>><a href="http://afnog.org/mailman/listinfo/afnog" target="_blank">http://afnog.org/mailman/listinfo/afnog</a><br>
>><br>
>><br>
>><br>
>>_______________________________________________<br>
>>afnog mailing list<br>
>><a href="http://afnog.org/mailman/listinfo/afnog" target="_blank">http://afnog.org/mailman/listinfo/afnog</a><br>
>><br>
>><br>
>><br>
</div>> -------------- next part --------------<br>
> An HTML attachment was scrubbed...<br>
> URL: <<a href="http://afnog.org/pipermail/afnog/attachments/20130227/6431dac2/attachment-0001.html" target="_blank">http://afnog.org/pipermail/afnog/attachments/20130227/6431dac2/attachment-0001.html</a>><br>
><br>
> ------------------------------<br>
><br>
> Message: 5<br>
> Date: Wed, 27 Feb 2013 11:38:58 +0100<br>
> From: Seun Ojedeji <<a href="mailto:seun.ojedeji@gmail.com">seun.ojedeji@gmail.com</a>><br>
> To: NJIE Paul EFOME <<a href="mailto:efomenjie@camtel.cm">efomenjie@camtel.cm</a>><br>
> Cc: "<a href="mailto:afnog@afnog.org">afnog@afnog.org</a>" <<a href="mailto:afnog@afnog.org">afnog@afnog.org</a>><br>
<div class="im">> Subject: Re: [afnog] Use of BitTorrents in Academic Environments<br>
</div>> Message-ID:<br>
> <<a href="mailto:CAD_dc6gCxZbgxy1924ZsSpbPYcX_NVgB7F%2BgBu8xcFtSg39tCg@mail.gmail.com">CAD_dc6gCxZbgxy1924ZsSpbPYcX_NVgB7F+gBu8xcFtSg39tCg@mail.gmail.com</a>><br>
> Content-Type: text/plain; charset="iso-8859-1"<br>
<div class="im">><br>
> On Wed, Feb 27, 2013 at 10:34 AM, NJIE Paul EFOME <<a href="mailto:efomenjie@camtel.cm">efomenjie@camtel.cm</a>>wrote:<br>
><br>
>> You can not use ports to block Bittorent.<br>
>><br>
><br>
> Using TCP/UDP port numbers(ofcourse you don't mean interface ports ;) at<br>
> times can be dicey as those ports can be easily changed considering the<br>
> more sophisticated torrent clients we have around. Also blocking range of<br>
> ports may actually block off some important sites who necessary are not<br>
> torrents....at least i know it can affect some linux update sources<br>
><br>
><br>
>> You'll need an application layer firewall like Palo-Alto to achieve this.<br>
>><br>
><br>
> On a personal note i usually don't worry much about filtering torrents, i<br>
> only worry about ensuring each client gets a fair share of the bandwidth.<br>
><br>
> Cheers!<br>
><br>
>> Regards,<br>
>> ----------------------------<br>
>> NJIE Paul EFOME<br>
>> DSIR (IT & IP Manager) - Camtel<br>
</div>>> B.P. 1571 Yaound? - Cameroon<br>
>> Tel/Fax: <a href="tel:%2B237-2222-5235" value="+23722225235">+237-2222-5235</a><br>
>> CDMA: <a href="tel:%2B237-2275-8229" value="+23722758229">+237-2275-8229</a><br>
>><br>
>> ------------------------------<br>
>> *From:* Scott Weeks <<a href="mailto:surfer@mauigateway.com">surfer@mauigateway.com</a>><br>
>> *To:* <a href="mailto:afnog@afnog.org">afnog@afnog.org</a><br>
>> *Sent:* Tuesday, February 26, 2013 7:18 PM<br>
>> *Subject:* Re: [afnog] Use of BitTorrents in Academic Environments<br>
<div><div class="h5">>><br>
>><br>
>> On 26/02/13 14:21, <a href="mailto:amon.kasonda@unza.zm">amon.kasonda@unza.zm</a> wrote:<br>
>><br>
>> > I am seeking advice from IT experts in academic environments on<br>
>> > how they have handled the issue of BitTorrents on their network.<br>
>> > As a university we have blocked this service because of the effect<br>
>> > it has on internet bandwidth and issues pertaining to security. This<br>
>> > is an inherent default configuration policy I have found in the<br>
>> > university. However, our users strongly feel the service must be<br>
>> > restored to enhance their learning and internet experience. Your<br>
>> > independent views in this regard are welcome.<br>
>> ---------------------------------------------------<br>
>><br>
>><br>
>> Perhaps you can use QoS to prioritize important traffic<br>
>> and let torrent traffic take what's left of your internet<br>
>> circuit. This doesn't do anything about the security<br>
>> aspects you mention, but it controls your bandwidth in<br>
>> a manner that allows everyone to get what they need and<br>
>> then allows the rest of the bandwidth to go to the torrent<br>
>> traffic.<br>
>><br>
>> scott<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> afnog mailing list<br>
>> <a href="http://afnog.org/mailman/listinfo/afnog" target="_blank">http://afnog.org/mailman/listinfo/afnog</a><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> afnog mailing list<br>
>> <a href="http://afnog.org/mailman/listinfo/afnog" target="_blank">http://afnog.org/mailman/listinfo/afnog</a><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> afnog mailing list<br>
>> <a href="http://afnog.org/mailman/listinfo/afnog" target="_blank">http://afnog.org/mailman/listinfo/afnog</a><br>
>><br>
><br>
><br>
><br>
> --<br>
> ------------------------------------------------------------------------<br>
><br>
</div></div>> *Seun Ojedeji,<br>
<div class="im">> Federal University Oye-Ekiti<br>
> web: <a href="http://www.fuoye.edu.ng" target="_blank">http://www.fuoye.edu.ng</a><br>
> Mobile: <a href="tel:%2B2348035233535" value="+2348035233535">+2348035233535</a><br>
</div>> **alt email: <<a href="http://goog_1872880453" target="_blank">http://goog_1872880453</a>><a href="mailto:seun.ojedeji@fuoye.edu.ng">seun.ojedeji@fuoye.edu.ng</a>*<br>
> -------------- next part --------------<br>
> An HTML attachment was scrubbed...<br>
> URL: <<a href="http://afnog.org/pipermail/afnog/attachments/20130227/a1af7b79/attachment.html" target="_blank">http://afnog.org/pipermail/afnog/attachments/20130227/a1af7b79/attachment.html</a>><br>
><br>
> ------------------------------<br>
><br>
> _______________________________________________<br>
> afnog mailing list<br>
><br>
> End of afnog Digest, Vol 107, Issue 29<br>
> **************************************<br>
<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
afnog mailing list<br>
<a href="http://afnog.org/mailman/listinfo/afnog" target="_blank">http://afnog.org/mailman/listinfo/afnog</a><br>
</div></div></blockquote></div><br>