[Cialug] Bandwidth Shapers

Zachary Kotlarek zach at kotlarek.com
Mon Dec 17 13:50:32 CST 2007 

On Dec 17, 2007, at 12:30 PM, Jeffrey Ollie wrote:

> The problems with this approach:
>
> 1) It's not all HTTP traffic, some of it is encrypted, some of it is
> non HTTP protocols.

Hence the DNS non-application-specific approach I suggested later. But  
you were talking about filtering by web sites, and that's a smaller  
data set than "all traffic", and therefore a shorter, easier-to- 
maintain list; I was trying to match the priorities you expressed.

> 2) Not all HTTP traffic is on port 80.

Port-based traffic identification is for script-kiddie security  
consultants. Real men use protocol analyzers.

If you're doing enough work to read HTTP headers you can find HTTP  
traffic in any stream.

> 3) It's not always easy to tell from the Host header what "site" the
> traffic belongs to.

Not always, but in many circumstances the two most significant domains  
in the hostname are useful, particularly for the types of sites you  
noted. And this is a reactive system, so you don't have to guess at  
every possible domain name -- it can tell you if there is a  
significant amount of traffic to unmatched domains, and you can slap  
the top 5 into a browser and see what they are.

> This isn't really about technical know how - I know how all of this is
> done, I've done it in the past and I could do it now - I just don't
> have the time to do implement and manage this myself.  I want to pay
> someone to do it for me.

I'm not trying to shove this down your throat; I started my message by  
noting that this solution may not be the one for you. But it was not  
clear that you knew the IP list creation process could be simplified  
at all, and I was simply try to suggest that this could be largely  
automated without any terribly advanced techniques. Moreover, paying  
someone else to do this is not exclusive of the solutions I suggested;  
you could hire someone to implement them for you, and even to maintain  
the domain lists (if only there were someplace to find network-savvy  
programmers willing to take contract work).

--

But if you want something pre-fab, I'd recommend you just get a web  
filter and subscribe to their category/site list; a good number of web  
filters now offer shaping as an option, and they're relatively easy to  
slap into your network. You may not be able to select sites as  
specifically as "YouTube", but you can at least get to "Multimedia  
Sites" or some other moderately-specific category (which is less work  
to maintain anyway, as you don't have to chase Internet fads). I know  
web filters only do web traffic, but without knowing what "non-HTTP"  
protocols you're talking about it's hard to make any other  
recommendation; I doubt you'll be able to find lists for anything  
other than websites anyway.

	Zach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1682 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20071217/1a69d828/smime.bin

More information about the Cialug mailing list