Hi, On Mon, 18 Sep 2006, Andy Furniss wrote: > Bill Blum wrote: > > Hi- > > I'm working in the IT department of a small liberal arts university-- we're > > getting *massacred* by P2P traffic. > > > > Informal testing/probing indicates that about 60% of our traffic from the > > dorms was P2P-- we've taken the initial step of hardlimiting the dorms > > to no > > more than 40% of outgoing university bandwidth. Also, we've blocked the > > 'standard' ports for KaZaa, Gnutella, etc. in our firewall/switch setup > > (Cisco Catalyst 6500 between us and the net at large).... > > Would be more liberal to try and allocate bandwidth per user - Do they > have real IPs? > > > > > However, the Powers That Be want a better, more effective solution--- > > without a performance hit for the VOIP phones on campus. > > > > Any suggestions on what part of the FM I should be reading/etc, so that I > > can make a better informed decision about how to proceed? > > Well I like to think Linux Qos could do it, but can't point you any > manual as such. Classifying traffic can be hard and will need ongoing > maintenance, but it's doable. I have no experience with the size of > network you have - I guess the cisco can't do anything more for you. > > What to do and what you can do also depends on how much bandwidth you > have and how many users - you wan't prio for voip, do you know how many > voip calls your link can sustain without any other traffic. > > Andy. > You don't mention your ISP situation, but an approach I have had good luck with is the classification of traffic by source and then the distribution of that traffic over more than a single ISP connection using LARTC in order to achieve classes of service... This is a simple approach that doesn't preclude doing traffic shaping on one or any of your ISP links. It also provides redundant ISP connectivity for disaster recovery/managment. So, you might have one ISP connection for high priority traffic (like VoIP) along with some VIP users and a second one (perhaps nearer capacity) for the dorms... This gets you in a situation where you can tweak the traffic to/from the dorms without potentially disrupting more business oriented traffic.... I have been doing it this way for a local municipality with good result for a couple of years now. City business goes out over a 3 meg link and the library traffic (where there is lots of public access and P2P activity) goes out over it's own T-1 but it all runs over a common infrastructure and is routed by a Linux router using LARTC source routing with some traffic shaping on the T-1.... Also, Tobi Oetiker's MRTG is your friend. I run MRTG on all outbound traffic and make the resulting graphs fairly public so peer pressure can have some effect without requiring never ending cat and mouse with the main abusers.... There is also a package called 'darkstat' that will aggregate traffic statistics by 'top 25' hosts and display it for you. This provides a good mechanism for the old 'heart-to-heart' conversation with your abusers.... ;) In any event, a good place to start your search for solutions might be Policy Routing Using Linux, Matthew G. Marsh, ISBN 0-672-32052-5 Dave _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc