Bao Q. Nguyen wrote:

> If soaking up the bandwidth, wouldn't a simple technical solution like 
> priority queue solve this? For example, traffic that are unencrypted and 
> classifiable (http, aim ... etc) are given the highest priority in term 
> of delivery and anything else is best effort. So even if there are 6 
> abusive users online, the next guy who tried to load a webpage would get 
> it immediately.

This is the right approach. I have absolutely no desire to spend my time 
looking at packet traces, logs, traffic statistics and yelling at users. 
I'm not a cop or a busybody, and I'm not going to become either. That 
seems like a good way to make enemies in what's supposed to be a 
socially beneficial volunteer activity.

In fact I would strongly encourage my users to encrypt as much as they 
possibly can for both their protection and mine.

As a network operator, I only care how much traffic somebody sends when 
it unduly interferes with other users. And there are good technical ways 
to prevent this. Linux routing provides some excellent traffic control 
mechanisms, so we only have to decide ow to use them.

Here's the approach I'd take.

First, set up a "scavenger class" and strongly encourage P2P users to 
use it. Packets marked with DSCP 8 (priority class 1, ToS value 0x20) 
are allowed to soak up the whole link indefinitely, but at lower 
priority than all other traffic. (Scavenger class does get a very small 
bandwidth guarantee, e.g., 1% of the link, just to keep TCP connections 
from timing out during sustained higher priority traffic.)

Second, each active user generating traffic in the default QoS class 0 
is guaranteed his fair share of capacity: 1/N where N is the number of 
active users. Everyone will always get at least this much, assuming they 
want it, but it's first-come, first-served for the rest.

VoIP requires special consideration. If there's enough capacity to give 
everyone one active phone call, then you create a QoS class for it, give 
it priority over routine traffic, and cap it to one phone call per user. 
(This counts toward their 1/N guarantee). If there isn't enough capacity 
for one call per user, then you'll have to work things out with the 
users who want to do VoIP, e.g., by having them chip in for extra 
upstream bandwidth in return for priority access to it when they need 
it. In fact, you could do this for other traffic as well; it should 
always be possible for someone to get more by paying more.

That leaves outright network abuse. Here I much prefer to take a 
complaint-driven approach, because again I have no interest in 
monitoring anybody else's traffic. That may even be illegal wiretapping, 
but IANAL. If somebody complains about spam, by far the most likely 
situation is that the computer in question has been infected by malware 
that the owner knows nothing about. The owner would be required to fix 
it, of course, but I can't imagine that he'd be upset at the messenger.

DMCA violations would be the real headache. There is no legal 
requirement to keep logs of IP address assignments or to serve as the 
RIAA's or anybody else's legal proxies. In fact the EFF strongly 
recommends keeping as few logs for as short a time as possible.

One way to minimize complications with an upstream IP provider is to 
backhaul the users connections through a tunnel router at a colo, so 
that the users get their visible IP addresses from the colo's network 
rather than from the upstream provider. There are many more colos to 
choose from than upstream connectivity providers, so if one gets 
unreasonable and cuts you off, you can always move.

--Phil

_______________________________________________
SoCalFreeNet.org General Discussion List
To unsubscribe, please visit: 
http://socalfreenet.org/mailman/listinfo/discuss_socalfreenet.org

Reply via email to