I have tried everything.. IMQ, SFQ, ESFQ, creating a class for each user connected, but it just seems to be imposible to shape traffic with p2p. For those of you who haven''t red any of my emails, i have to DSL connections and a linux box doing conntrack and SNAT for 200 "greedy" users. The problem is KaZZa seems to open thousands of TCP connections in a couple of seconds, and floods the system. I tried to shape traffic to grant web-surfing with low latency, but it seems to be imposible. I have been looking for a comercial solution, but there is no way this can be done at all. I dont know if any of you have a solution, i am going to read a bit about DSMARK because for real, i have no idea what to do.. Thank you especially to STEF COENE for his patience.. :) I will let you all know if i find a solution, because i am sure this is not only happening to me.. :) _________________________________________________________________ Charla con tus amigos en línea mediante MSN Messenger: http://messenger.yupimsn.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Fre, 16 Mai 2003, David Boreham wrote:>Sounds like you need something which allows each flow to >burst for a short time, but throttles long-lived connections.He needs quite the opposite: P2P tools receive many small packets from everywhere. Those many packets clog the connection and need to be throttled BEFORE they cross the bottleneck of your uplink. (I''m aware that''s not really possible on a standard DSL connection) Long-lived (TCP-) connections are good, since they can be easily shaped to any bandwidth you like. cu Arvid (also looking for the p2p-killing-silver-bullet) -- in bunten Bildern wenig Klarheit, viel Irrtum und ein Fünkchen Wahrheit (Johann Wolfgang v. Goethe) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> those of you who haven''t red any of my emails, i have to DSL connectionsand> a linux box doing conntrack and SNAT for 200 "greedy" users. The problemis> KaZZa seems to open thousands of TCP connections in a couple of seconds,and> floods the system.Sounds like you need something which allows each flow to burst for a short time, but throttles long-lived connections. In addition, you may need to rate-limit the SYN packets from each node to thwart clients which try to open many short-lived connections in order to defeat the long-lived connection throttling. AFAIK you''ll need to break out the C compiler to achieve this on Linux... _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Basically there is no solution to stop these? Is that what you are saying? Do other p2p programs produce these short SYN packages, or just KaZaa? I am studying the traffic in my lan with tcpdump and i get lots of packages like this coming to my inner interface : 19:14:50.866190 XXX.XXX.XXX.XXX.1101 > YYY.YYY.YYY.YYY.80: . ack 14594 win 64240 (DF) Being XXX my internal users and YYY external public addresses What are those? Response to ack packages right? I also have lots of 19:19:26.676651 YYY.YYY.YYY.YYY.80 > XXX.XXX.XXX.XXX.4078: . 10220:11680(1460) ack 1 win 17121 (DF) Is it posible that kazaa uses ACK packages to send data? Because these packages are comming to my lan with the MTUç - -----Mensaje original----- De: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] En nombre de David Boreham Enviado el: viernes, 16 de mayo de 2003 18:24 Para: lartc@mailman.ds9a.nl Asunto: Re: [LARTC] No way to shape my traffic with p2ps> P2P tools receive many small packets from everywhere. Those many > packets clog the connection and need to be throttled BEFORE they cross > the bottleneck of your uplink. (I''m aware that''s not really possible > on a standard DSL connection)I did say that he needs to rate-limit SYN segments. Those inbound packets are generated in response to an outbound SYN. Stop the SYN and you stop the inbound traffic. He''s NAT''ing, so there are no inbound connections to worry about. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQA/AwUBPsUQen7diNnrrZKsEQIFYwCgrkfbFNnnPgcnYdjBZq+OF062BOYAoJdG DVPhhHhfynSKz0HuD44GdkPE =K0xm -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> P2P tools receive many small packets from everywhere. Those many packets > clog the connection and need to be throttled BEFORE they cross the > bottleneck of your uplink. (I''m aware that''s not really possible on a > standard DSL connection)I did say that he needs to rate-limit SYN segments. Those inbound packets are generated in response to an outbound SYN. Stop the SYN and you stop the inbound traffic. He''s NAT''ing, so there are no inbound connections to worry about. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Friday 16 May 2003 18:23, GoMi wrote:> Basically there is no solution to stop these? Is that what you are saying? > Do other p2p programs produce these short SYN packages, or just KaZaa? I am > studying the traffic in my lan with tcpdump and i get lots of packages like > this coming to my inner interface : > > 19:14:50.866190 XXX.XXX.XXX.XXX.1101 > YYY.YYY.YYY.YYY.80: . ack 14594 win > 64240 (DF) Being XXX my internal users and YYY external public addresses > > What are those? Response to ack packages right? > > I also have lots of > > 19:19:26.676651 YYY.YYY.YYY.YYY.80 > XXX.XXX.XXX.XXX.4078: . > 10220:11680(1460) ack 1 win 17121 (DF) Is it posible that kazaa uses ACK > packages to send data? Because these packages are comming to my lan with > the MTUErik sended me some shaping tricks : http://www.docum.org/stef.coene/qos/faq/cache/49.html Quote : "ACK packets are usually very small, so putting them into a high-priority class is no problem. However, ACK packets can also cary a payload, and some indeed do so. Especially uploads in Kazaa tend to be all large ACK packets." Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Ricardo Jorge da Fonseca Marques Ferreira
2003-May-17 17:26 UTC
Re: No way to shape my traffic with p2ps
On Friday 16 May 2003 15:40, GoMi . wrote:> I have tried everything.. IMQ, SFQ, ESFQ, creating a class for each user > connected, but it just seems to be imposible to shape traffic with p2p. For > those of you who haven''t red any of my emails, i have to DSL connections > and a linux box doing conntrack and SNAT for 200 "greedy" users. The > problem is KaZZa seems to open thousands of TCP connections in a couple of > seconds, and floods the system.I had the same problem and i fixed it by limiting the number of connections per second in the p2p program. Of course i can do that cause i''m the user of said program. Emule has an option to limit the number of connections per 5 seconds. I dont think Kazzaa has that :( It might possible to limit the number of connections per second from some IP/PORT pair in iptables. I didnt test if that fixes it. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Ricardo Jorge da Fonseca Marques Ferreira
2003-May-17 23:23 UTC
Re: No way to shape my traffic with p2ps
On Friday 16 May 2003 18:46, Stef Coene wrote:> > Erik sended me some shaping tricks : > http://www.docum.org/stef.coene/qos/faq/cache/49.html > Quote : > "ACK packets are usually very small, so putting them into a high-priority > class is no problem. However, ACK packets can also cary a payload, and some > indeed do so. Especially uploads in Kazaa tend to be all large ACK > packets."This is also true for emule. When giving priority to ACKs i have to specify the size of the packet or else it''ll match all of emule''s upload. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/