Re: Do you block P2P ?

[Cal Frye <cjf () CALFRYE COM>]

David Gillett wrote:
>   Skype resembles P2P technology in two key ways:  in its making
> multiple overlapping/simultaneous connections to remote machines
> that appear more likely to be end-user clients than servers, and
> in its design assumption that network management is the enemy of
> the application and its users.

In our experience, the bulk of these connections are small, updating the
online status of folks in one's "buddy list." 'Tis true, this can create
hundreds of connections from a single client, but the bandwidth
consumption remains pretty small, actually. At Oberlin, the academic use
outweighs the difficulty of not only managing but protecting the
traffic. Your policies, of course, may well vary.

The supernode phenomenon can be limited both by one's bandwidth manager
and in the Skype setup itself.
>   Without spending significant money on protocol-analysis boxes
> that can distinguish between them, it is really hard to block one
> and permit the other.

I don't have the bandwidth available to operate /without/ a DPI box. We
feel it very important to be able to distinguish the important
applications from the unwanted on better characterization than simple
flow control or connection counts. Our Packetlogic setup still cost us
less than the cost of another DS3, and the ongoing cost is far less.

What I cannot do, and don't want to get into the business of doing, is
differentiating BitTorrent downloads based on copyright or web browsing
based on content...

--
Celebrating the 150th anniversary of the publication of the Origin of
Species.
-- Cal Frye, Network Administrator, Oberlin College
   Mudd Library, x.56930 -- CIT will NEVER ask you for your password!

   www.calfrye.com,  www.pitalabs.com

"si duae res sufficient ad ejus veritatem, superfluum est ponere aliam
tertiam rem" --William of Ockham (1285-1349)