Thread: Reducing the impact of P2P users on home network
View Single Post
  #5 (permalink)  
Old 12-21-2006, 09:53 PM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: Reducing the impact of P2P users on home network
On Thu, 21 Dec 2006 20:26:47 +0000 (UTC), retsuhcs@xinap.moc (Mike S.)
wrote:

>Amateur though I am, I've become the default manager for internet access
>in our large home.

You have my sympathy.

>The hardware consists of a cable modem and older model
>WRT54G with updated firmware. All but my own PC (which connected via the
>local ethernet port on the router) are using wireless. This has worked
>quite well until the two college-age folks in the house started getting
>heavy into P2P (Limewire and Sharezaa). This has had a noticeable performance
>impact on net access, and I'd like to try to improve things.

Noticeable? I suspect your network comes to a complete stop when
they're serving out stolen music and movies.

>I am not in a position to prohibit these kids from using P2P, and polite
>efforts to get them to limit the number of connections, and to postpone
>heavy transfers to off-hours has not worked for very long.

Are you in a position to send them an invoice proportional to their
usage? Instead of interposing a bandwidth manager, it might be better
to simply charge them for their over-use. If you switch to
alternative firmware for your WRT54G such as DD-WRT:
<http://www.dd-wrt.com>
it will add SNMP as a feature. You can then use any of an assortment
of SNMP based traffic monitoring and measuring tools such at MRTG or
preferably RRDTool.
<http://oss.oetiker.ch/rrdtool/>
Just setup pre-assigned DHCP IP addresses to all the equipment. Then,
Just monitor the traffic for the month by IP address, calculate the
proportional usage, and send them a giant bill. Be sure to amortize
the cost of the added equipment and your time playing policeman. My
guess(tm) is that it will probably equal the cost of them getting
their own DSL or cable service.

>I understand
>that various port blocking rules within the router are largely ineffective
>because the P2P clients use port-hopping, and can even use port 80 if
>notinh else works. I was wondering if a more sophisticated hardware solution
>might help us.

Generally true. However, if you can identify the specific computers
that are consistently doing the downloading, you can also apply QoS
(Quality of Service) limits to those IP's, regardless of how many IP
ports they open. QoS options for DD-WRT:
<http://www.informatione.gmxhome.de/DDWRT/Standard/V23final/QoS.html>
Of course, if they change their MAC address, or introduce a new
computer, such QoS by IP address or MAC address is useless.

>My first understanding is that the limited CPU power and RAM in an
>inexpensive router get overwhelmed by such a large number of connections.
>Would a more robust hardware (NAT router) be likely to help? If yes, and
>specific suggestions?

That's just one problem. Most file sharing software opens a huge
number of ports and buffers. The result is that they also allocate a
huge number of buffers in the router. If the router firmware hasn't
been tested for such unusual operation, it might crash. The best way
to prevent this is to tweak the file sharing client to limit the
number of simultaneous connections, and the number of streams.

The other major problem is that file sharing that it tends to saturate
your uplink. Your cable modem may have 6MBits/sec or more of incoming
bandwidth, but if the 384k or 512kbits/sec of uplink bandwidth is
saturated, incoming bandwidth will appear useless because the outgoing
ACK's and responses will probably be lost or delayed by the
constipated uplink.

>From what I gather, true hardware firewall appliances allow the use of
>rules that can limit the number of connections and the bandwidth allotted
>to each client IP address. This, to me, seems very attractive (although
>more expensive) and I was wondering if interposing a firewall between the
>cable modem and the router (or discarding the modem and using the firewall
>with an access point) would achieve the desired end. Any specific
>suggestions?

If you like spending money, there are several dedicated bandwidth
managers on the market. All will require a dedicated PC to run the
software:
<http://www.softperfect.com/products/bandwidth/>
<http://www.etinc.com/index.php?page=bwmgr.htm>
<http://info.iet.unipi.it/~luigi/ip_dummynet/>
<http://www.bandwidthcontroller.com/>
(Lots more. Search Google for "bandwidth manager").

Otherwise, you already have a router that can do QoS. I suggest that
you:
1. Replace WRT54G firmware with DD-WRT v23 SP2.
2. Setup fixed MAC to IP address DHCP mapping in WRT54G.
3. Implement QoS by IP address or MAC address.
4. Setup monitoring so you can document abuse and bill accordingly.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

Reply With Quote