Re: Dragonfly

["Kellogg, Brian D." <bkellogg () SBU EDU>]

My main concern lies in the fact that ports need to be opened incoming
to the computers using Dragonfly.  Relaying through a central server
would be much easier to secure since we would know exactly where traffic
is going to and coming from; in this scenario shaping would be much
easier also.  

We have a limited budget and therefore very limited bandwidth that needs
to be portioned out equitably.  Therefore priorities have to be set and
bandwidth apportioned properly.  P2P has the inherent ability to
overwhelm our limited bandwidth rather quickly.  So on the priority list
it takes a back seat.  I would personally love to not have to deal with
this, but it is a budgetary reality.



Thanks,

Brian Kellogg


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Justin Azoff
Sent: Thursday, October 30, 2008 12:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Dragonfly

On Wed, 2008-10-29 at 13:27 -0400, Kellogg, Brian D. wrote:
> Despite what Dragonfly says it is essentially a P2P application and
> therefore, in my opinion, should be treated as such.

Suppose Dragonfly wasn't P2P based, and relayed all data through a
central server. If it worked that way, and still managed to use all of
your bandwidth, what would you do then?  I'm not saying you are wrong
for shaping this application, just that your justification for doing so
seems a bit odd.

Dragonfly isn't greedy, it is just efficient.  It opens a single tcp
connection and sends optimal sized packets.  You couldn't ask for a
better behaving application.

-- 
-- Justin Azoff
-- Network Performance Analyst