Bao Q. Nguyen wrote: > If soaking up the bandwidth, wouldn't a simple technical solution like > priority queue solve this? For example, traffic that are unencrypted and > classifiable (http, aim ... etc) are given the highest priority in term > of delivery and anything else is best effort. So even if there are 6 > abusive users online, the next guy who tried to load a webpage would get > it immediately.
This is the right approach. I have absolutely no desire to spend my time looking at packet traces, logs, traffic statistics and yelling at users. I'm not a cop or a busybody, and I'm not going to become either. That seems like a good way to make enemies in what's supposed to be a socially beneficial volunteer activity. In fact I would strongly encourage my users to encrypt as much as they possibly can for both their protection and mine. As a network operator, I only care how much traffic somebody sends when it unduly interferes with other users. And there are good technical ways to prevent this. Linux routing provides some excellent traffic control mechanisms, so we only have to decide ow to use them. Here's the approach I'd take. First, set up a "scavenger class" and strongly encourage P2P users to use it. Packets marked with DSCP 8 (priority class 1, ToS value 0x20) are allowed to soak up the whole link indefinitely, but at lower priority than all other traffic. (Scavenger class does get a very small bandwidth guarantee, e.g., 1% of the link, just to keep TCP connections from timing out during sustained higher priority traffic.) Second, each active user generating traffic in the default QoS class 0 is guaranteed his fair share of capacity: 1/N where N is the number of active users. Everyone will always get at least this much, assuming they want it, but it's first-come, first-served for the rest. VoIP requires special consideration. If there's enough capacity to give everyone one active phone call, then you create a QoS class for it, give it priority over routine traffic, and cap it to one phone call per user. (This counts toward their 1/N guarantee). If there isn't enough capacity for one call per user, then you'll have to work things out with the users who want to do VoIP, e.g., by having them chip in for extra upstream bandwidth in return for priority access to it when they need it. In fact, you could do this for other traffic as well; it should always be possible for someone to get more by paying more. That leaves outright network abuse. Here I much prefer to take a complaint-driven approach, because again I have no interest in monitoring anybody else's traffic. That may even be illegal wiretapping, but IANAL. If somebody complains about spam, by far the most likely situation is that the computer in question has been infected by malware that the owner knows nothing about. The owner would be required to fix it, of course, but I can't imagine that he'd be upset at the messenger. DMCA violations would be the real headache. There is no legal requirement to keep logs of IP address assignments or to serve as the RIAA's or anybody else's legal proxies. In fact the EFF strongly recommends keeping as few logs for as short a time as possible. One way to minimize complications with an upstream IP provider is to backhaul the users connections through a tunnel router at a colo, so that the users get their visible IP addresses from the colo's network rather than from the upstream provider. There are many more colos to choose from than upstream connectivity providers, so if one gets unreasonable and cuts you off, you can always move. --Phil _______________________________________________ SoCalFreeNet.org General Discussion List To unsubscribe, please visit: http://socalfreenet.org/mailman/listinfo/discuss_socalfreenet.org
