[Cialug] Bandwidth Shapers

Zachary Kotlarek zach at kotlarek.com
Mon Dec 17 12:14:49 CST 2007 

On Dec 17, 2007, at 11:41 AM, Jeffrey Ollie wrote:

> I'm OK with shaping by IP address, I just don't want to maintain the
> list of IP addresses myself - I'd rather pay to have someone else
> maintain the list.  I just want to click a checkbox next to something
> that says "limit facebook to 5Mb/s" and have it "just work" without me
> having to run a sniffer and figure out what IP addresses facebook's
> servers run from.  Same deal for myspace, youtube, etc.

This may not be the solution you're looking for, but it's not as hard  
as you think to maintain that list:

Listen to all HTTP traffic
Record HOST headers
Record IP address
Record transfered data size
Sort that list by transfered data size

Then put the whole thing a feedback loop so that the sniffer add new  
IPs based on the hostname of traffic you actually see, and time out  
old entries after 30 days. Violin! The list maintains itself. You  
could even have it automatically alert you when some new hostname  
crops up with more than X MB/day in transfers, and you can decide to  
whitelist/blacklist/ignore that hostname -- that would keep you on top  
of the actual traffic use at your site, rather than some static list  
that seemed important to someone else.

If you wanted something that's not application dependent you could  
apply a similar solution to DNS:

Listen to A record lookups (either at your local cache or on the line)
Record hostname->IP associations in the reply
Record total traffic transfered by IP
Combine the two lists and sort by size -- you'll again have a list of  
hostnames by transfer size, and you could again put it into a feedback  
loop to make the list self-maintaining.

Also keep in mind that many high-bandwidth sites share hosting (think  
akamai) with sites you may not what to filter. This is less of an  
issue with shaping than with blocking, but you're still going to end  
up with baby-and-bath-water situations, at least from time to time.

	Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1682 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20071217/4d4709ce/smime.bin

More information about the Cialug mailing list