Peer-to-peer networking. Jupiter Research



Similar documents
Internet Services. Amcom. Support & Troubleshooting Guide

WAN Traffic Management with PowerLink Pro100

FRANKFORT PLANT BOARD CABLE MODEM INTERNET BROADBAND INTERNET SERVICE DISCLOSURES

IVCi s IntelliNet SM Network

A guide to VoIP for small to medium sized business

This document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks.

Firewalls Overview and Best Practices. White Paper

Farmers Mutual Telephone Company (FMTC) Network Management Practices Policy

Question: 3 When using Application Intelligence, Server Time may be defined as.

LAKE REGION ELECTRIC COOPERATIVE, INC. BROADBAND INTERNET SERVICE DISCLOSURES. Updated September, 2013

Application Visibility and Monitoring >

Walnut Telephone Company, Inc. dba/ Walnut Communications Network Management Practices Policy Disclosure

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

NORTHLAND COMMUNICATIONS BROADBAND INTERNET SERVICES NETWORK MANAGEMENT POLICY

NEWWAVE COMMUNICATIONS BROADBAND INTERNET SERVICE DISCLOSURES. Updated October 2012

APRIL 2010 HIGH PERFORMANCE NETWORK SECURITY APPLIANCES

Cameron Communications Network Management Practices Policy November, Cameron Communications Network Management Practices Policy Disclosure

Southwest Arkansas Telephone Cooperative Network Management Practices

NEW HOPE TELEPHONE COOPERATIVE

YUKON-WALTZ TELEPHONE COMPANY BROADBAND INTERNET SERVICE DISCLOSURES

Steelcape Product Overview and Functional Description

How To Block A Ddos Attack On A Network With A Firewall

Network performance in virtual infrastructures

Integration Guide. EMC Data Domain and Silver Peak VXOA Integration Guide

Managing Data, Voice, and Converged IP Networks

Cisco Application Networking for IBM WebSphere

Congestion Management Provider does not employ any congestion management tools, practices and/or software on network traffic.

Business Case for S/Gi Network Simplification

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

APRIL 2010 HIGH PERFORMANCE INTRUSION PREVENTION SYSTEMS

ethernet services for multi-site connectivity security, performance, ip transparency

The Application Delivery Controller Understanding Next-Generation Load Balancing Appliances

The Broadband Service Optimization Handbook Chapter 3

Truffle Broadband Bonding Network Appliance

NComputing L-Series LAN Deployment

POTTAWATOMIE TELEPHONE COMPANY BROADBAND INTERNET SERVICE DISCLOSURES. Updated November 19, 2011

SHIDLER TELEPHONE INTERNET BROADBAND INTERNET SERVICE DISCLOSURES. Updated November 20, 2011

Avaya P333R-LB. Load Balancing Stackable Switch. Load Balancing Application Guide

Cisco ASA 5500 Series IPS Solution

Network Services Internet VPN

Peer-to-Peer Networks Organization and Introduction 1st Week

WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO

Peer-to-Peer Networks 02: Napster & Gnutella. Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg

The Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands

TRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Network Visibility Guide

JACKSON ENERGY AUTHORITY BROADBAND INTERNET SERVICE DISCLOSURES. Update November 20, 2011

Whitepaper. 10 Metrics to Monitor in the LTE Network. blog.sevone.com

MITEL. NetSolutions. Flat Rate MPLS VPN

Exam Name: Cisco Sales Associate Exam Exam Type: Cisco Exam Code: Doc Type: Q & A with Explanations Total Questions: 50

Best Practices for Controlling Skype within the Enterprise > White Paper

Network Management Basics

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

Updated December 2014 INFOSTRUCTURE, INC. D/B/A CLICK1.NET BROADBAND INTERNET SERVICE DISCLOSURES

Edgewater Routers User Guide

Partner with the UK s leading. Managed Security Service Provider

Security and Risk Analysis of VoIP Networks

Network Management, Performance Characteristics, and Commercial Terms Policy. (1) mispot's Terms of Service (TOS), viewable at mispot.net.

CMPT 471 Networking II

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

TRUFFLE Broadband Bonding Network Appliance BBNA6401. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Region 10 Videoconference Network (R10VN)

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

Cisco Application Networking for BEA WebLogic

Gigabit Content Security Router

Testing Packet Switched Network Performance of Mobile Wireless Networks IxChariot

Distributed Denial of Service Attacks & Defenses

IPDR vs. DPI: The Battle for Big Data

RESERVATION TELEPHONE COOPERATIVE BROADBAND INTERNET SERVICE DISCLOSURES

Cisco Branch Routers Series Network Analysis Module

Link Controller ENSURES RELIABLE NETWORK CONNECTIVITY

10 METRICS TO MONITOR IN THE LTE NETWORK. [ WhitePaper ]

FEDERALLY-MANDATED OPEN INTERNET DISCLOSURE STATEMENT

Gaining Operational Efficiencies with the Enterasys S-Series

Getting the Most Out of Your Existing Network A Practical Guide to Traffic Shaping

Understanding & Preventing DDoS Attacks (Distributed Denial of Service) A Report For Small Business

Consolidating Multiple Network Appliances

Edgewater Routers User Guide

BroadCloud PBX Customer Minimum Requirements

Advantage for Windows Copyright 2012 by The Advantage Software Company, Inc. All rights reserved. Internet Performance

Gigabit Multi-Homing VPN Security Router

Enabling Cloud Architecture for Globally Distributed Applications

Firewalls: The Next Generation. Rick Coloccia Network Manager

HyperQ Remote Office White Paper

Dell SonicWALL report portfolio

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

West River Telecom Network Management Practices Policy

Network Management Practices Policy

Product Announcement BreezeACCESS-TM

Recommended QoS Configuration Settings for TP-LINK Archer C3200 Wireless Router

Skype Connect Requirements Guide

FortiDDos Size isn t everything

Allot Communications Solutions. Enterprise Solutions. Ensuring mission- and business-critical application performance, and controlling IT costs

Intro to Firewalls. Summary

VOIP QOS. Thomas Mangin. ITSPA - Autumn Seminar 11th October 2012 LEEDS. Technical Director IXLeeds AND THE IXP THE CORE THE EDGE

LOBSTER: Overview. LOBSTER: Large Scale Monitoring for Broadband Internet Infrastructure

Carrier Ethernet: New Game Plan for Media Converters

Get Your Business Connected Dedicated Leased Line Internet Access

Transcription:

Jarkko Niittylahti: Outline Peer-to-peer networking Network security issues Network overloading Compare: Distributed Denial of Service attack Congestion Solving problems due to P2P Fair bandwidth sharing Why you should not open the IP-packets Identifying P2P-servers Limiting network loads Example network Summary

Peer-to-peer networking -P2P (peer-to-peer) causes 70% of traffic -Distributed, fast file sharing -3,5 MB MP3 audio, 2,0 GB DivX video -75% of europeans use P2P monthly 1 -Developed in 1999, constant growth -Numerous applications and software -Causes equal traffic to both directions -Kazaa, Gnutella, Morpheus, Skype, Groove,... -P2P -> subscribe broadband -> use P2P ->... 1 Jupiter Research

Network security issues -Unintentional file sharing of confidential material -Virus in the files -Network overloading -Copyright violations possible (P2P servers as such found legal in Canada)

D SERVER SERVER SERVER Network overloading SERVER SERVER My LAN -P2P opens large number of parallel connections -Any bandwidth and network can be filled -Each user provides a server for others -Directory (D) listing of material on the servers -Each server may have large number of clients -Large amount of traffic to both directions -Large number of connections may overload server memory -A single user may steal the bandwidth, everybody else suffers

H AGENT AGENT AGENT AGENT TARGET My LAN Compare: Distributed Denial of Service attack -DDoS (Distributed Denial of Service) -Intended to parallize the target network -Large amount of traffic is sent to the target -Large number of agents sending in parallel -Intentional network overload -Intentional server memory overload -Hostile attacker (H) uses malformed IP-packages, forged IP (spoofing), viruses etc. -Result is the same as in case of DDoS

Application taking all available bandwidth LAN LAN Congestion Bottleneck Real-time application (VoIP) is not possible Internet -Certain type of traffic takes all the bandwidth -> larger bandwidth is not a solution -Slow response, poor performance -Real time applications are not possible -End-to-end solution is too complicated

Eliminating problems due to P2P 1) Increase bandwidth? -> more P2P usage and more problems 2) Decrease bandwidth? -> poor Quality of Service, the customers will choose another service provider 3) Limit P2P only? -> must identify the P2P traffic, which is not easy -> P2P users will choose another service provider 4) Use appropriate bandwidth management -> few suitable solutions exist Image: http://www.ociojoven.com

Fair bandwidth sharing -In case of congestion, fair bandwidth sharing -Everybody gets a fair share of bandwidth -Limit the bandwidth consuming applications, guarantee bandwidth for critical applications, and make a fair share of bandwidth among users -Eliminates congestion, P2P can be used -A single user can not fill the whole network

7 Application Requires opening the packet 6? 5 4 Port Application by port number 3 IP User by IP address 2 Ethernet 1 Physical Why you should not open the packets -The application is at the topmost level -Checking layer 7 requires opening the packets -In practise, a stateful device for tracking the connections at layer 7 is required -New applications appear frequently, only 60% can be positively identified -Expensive hardware needed -Frequent software upates required

Identifying P2P servers -In case of congestion, fair bandwidth sharing -Everybody gets a fair share of bandwidth -Create traffic counters for all users -Look for large update traffic to find servers -Use port number to identify application -Note: a large network requires a device with high throughput and fine granularity

Internet Intentional bottleneck Firewall protected Network protected BW Management Appliance Firewall My LAN Router protected Overload protection -In practise, it is possible to identify P2P servers without opening packets of all users -Use stateless, bridging device -Suitable protection device can not be overloaded -> Avoid network overload -> Avoid firewall (router, server etc.) overload -Protection against DDoS attacks -Smaller and cheaper hardware will be OK -Peak loading is eliminated -Faster network, smaller latency

Example network -TOASNet campus network at Tampere (TUT) -5,000 fixed broadband users around the city with 1 Mbit/s or more bandwidth - Internet access 100 Mbit/s (full duplex) -35 000 packets/second, up to 100% load -NE200 Big Brother is the firewall and eliminates congestion and other P2P problems -Traffic statistics for each user (100,000 rules) -"The Network Solution of the Year 2003" (Elisa)

Bandwidth management appliance requirements: Stand-alone High Availability Immunity High Performance Compatibility Bridging Service Fine-grained Stateless -P2P overloads servers and upstream bandwidth -A single P2P user can "steal" the whole network -P2P can fill any bandwidth and server Summary -Paying customers want to use P2P -> Banning P2P is not a solution -Limiting P2P only (at layer 7) is not a solution -Intelligent bandwidth management is a solution -Security issues must be covered

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information