Slashdot Mirror
Enabling Bittorrent at the University Level?
Sorthum asks: "I'm a network administrator for a small university (approximately 5000 students all told). We're running NAT in the dorms, which obviously restricts BitTorrent traffic. We do an annual student survey, on which 'Residential Network' is listed as the number 2 complaint. This translates more or less into 'Bittorrent is slow here.' My boss is in a frenzy to appease the users at virtually any cost, but it seems to me from my research that the only real way to improve Bittorrent speeds is to start assigning public IPs to the dorms. Add to that the potential liability of making a service that by most reports has upward of 90% of its traffic fall into a 'legally questionable' gray area, how can I win in this situation?"
Or are you just speculating? Because Bittorrent does work behind NAT, and most legitimate users of it, don't really track upload/download like the less legitimate versions do. If there's some reaource that's not fast enough, cache it locally and offer it to students that way.
BitTorrent, like any other technology, protocol, or tool, can be used for things that are legal, illegal, or questionable in various jurisdictions. Are you prepared to continue quashing a protocol or service simply because it may be abused?
On the other hand, almost all (or at least a great deal) of the BitTorremt traffic may be currently used for sharing copyrighted materials. We all know that to be the case. Is it responsible to open up the pipes for what you know is almost exclusively illegitimate usage, within the context of the law (regardless of how you or anyone else feels about copyright infringement, and so on)?
On yet another hand, what happens if BitTorrent usage becomes largely legitimate because some large legitimate service begins using it? (And yes, to those reading this, I'm more than aware BitTorrent is used for a variety of legitimate large downloads.) In that event, can you afford to continue treating any protocol or service as if it's illegitimate, just because some level of it is now?
During the heyday of Napster (1999-2000), UW-Madison estimated that Napster accounted for over half (!) of our inbound and outbound traffic. There was a lot of talk about how to deal with this. Ultimately, UW-Madison decided that as a large public research university, we can't afford to police a particular kind of traffic wholesale: any network protocol can be abused, used for illegal purposes, and so on. We felt that the academic arguments and responding to usage demands of the campus trumped making judgment calls about the appropriateness of the use. Granted, the appropriate use policy of the university forbade some of the things people were using the network for, but we didn't actively police (or restrict) traffic. In the end, this provided the university with the impetus to examine ways of meeting increased demand and come up with novel solutions to our neverending bandwidth needs. One interesting example is that we now locally host a collection of Akamai's servers on our own network, which serves UW-Madison, the 25 other UW System Schools, and WiscNet. However, some of the smaller schools couldn't afford to make those same determinations: they either restricted or blocked Napster (and other things, like Gnutella) completely.
Today, the university does shape and restrict traffic to the residence halls in various ways; but it's designed to do so in a way such that users almost always won't notice any impact and allows equal access for all. All of our residence halls feature 100mbit ethernet, and that full pipe may be taken advantage of. Some users do use the network for inappropriate purposes, and those cases are dealt with individually when needed. Still, there is no proactive policing unless there are clear abuse/misuse issues. For what it's worth, BitTorrent (and all other protocols) are fully usable here.
If you can afford it, politically and financially, I'd say you should be looking into opening this up. The school does not bear responsibility for the actions of its users unless there is a lack of good faith attempts to stop abuse when requested by, e.g., copyright holders. There always is the argument of customer satisfaction, as well, that must be responded to - whether some students' use is appropriate or not.
UPnP.
-jX
Don't you just love politics? It's like a comedy of errors.
I know on small, home networks, many routers now support the Internet Gateway Device (UGD) protocol of UPnP, which allows dynamic configuration of port-forwarding for applications running through NAT. I'm not sure how well-suited the protocol is for large networks, but perhaps that's something you could consider?
i ce
http://en.wikipedia.org/wiki/Internet_Gateway_Dev
This space intentionally left blank.
They should be glad BitTorrent works at all. Students can wait a little while longer to steal movies/games/whatever.
We're running NAT in the dorms, which obviously restricts BitTorrent traffic.
No it doesn't. BitTorrent works perfectly fine behind NAT, with or without port forwarding enabled for it. It can take a little extra time for things to get up to speed without any forwarding, but it still works fine.
Interested in open source engine management for your Subaru?
1) Implement public IPs and face the consequences, namely either knock on issues of them hammering your internet pipe, or as you said the otherwise potential legal issues surrounding it.
2) There was an article a little while back on rate shaping
You do have to question why the network is really there. Maybe you just need to tell your boss to get a grip.
I hate to say it, but does bittorrent (For non-uni use) really fall into the "supported" category? I know it's going to be something that everyone is going to try to find a way around as most uni networks have pretty good internet connections, but on a large scale like this you have to get an official statement from your boss as to say whether it's supported or not.
Sorry I can't give you better news.
Curiosity was framed; ignorance killed the cat. -- Author unknown
Assess the need of services to provide to students, webmail, directory services, course pages etc.
Make the services available over net.
Kick residential networks completely away from university network.
Then you won't have to worry about what students do in their network, since it's operated by third party operator, not by university.
Third-party operators here are student unions etc, which partly/entirely own the housing which students rent,
and network policies are set at student level.
There are no atheists when recovering from tape backup.
Comment removed based on user account deletion
Give them public ip addresses, but make them dynamic, possibly make each user connect using PPoE, so there is a username and password, limit the bandwidth, block inbound windows SMB/LSH/NetBIOS ports such as port 139, 137 incoming to each user, etc.
Keep logs of what user logs in to what ip address. As an ISP you aren't responsible for the details of exactly they do online, you have no idea about the nature of their activities, or if they're legal or not: make sure you stay within the DMCA safe harbour, and clearly document the contact information as required, so the ISP can receive DMCA letters.
ISP responsibilities should be mostly met by being able to match an ip address to an individual who is responsible for that node.
That's the key question. When I was in college, the network and internet access were provided "for academic use". Obviously, when you have thousands of people living on the campus 24/7 for 8 months out of the year, there will be plenty of non-academic use, but that's understood and accepted, as long as you're keeping it reasonable. Call up the helpdesk and complain that your Quake(World) ping times are slow or you're lagging, and they aren't going to work much at "fixing" it. Run a high-volume server (web or game), and they'll come shut you down, unless it's directly related to something you're doing academically. If you're having trouble downloading something from MIT for a research paper, and they'll take care of it.
Are the students using BT for legitimate academic purposes, or are they using it to download entertainment? Don't even get into the "gray area" of judging whether the content being downloaded is legal or not. If they have educational needs that are being met by BT, then there's an argument for "improving" that service. If not, why spend the time and bandwidth money on it?
If it's about Linux ISOs, set up a local mirror for the student body and ask them to use that. Bonus being that they'll download it faster than they ever could with BT.
should be lucky they get internet access in their rooms. When I went to college, which wasn't that long ago, we had to go to the library or settle for dialup in our rooms
Cyberbite Networks - Web Hosting, Dedicated Servers & Colocati
I have to agree about not being able to win in this situation, I also agree that allowing bit torrent to run without restriction will most likely lead to lawsuits. I wonder if the uni could get round this by making the students sign a declaration that they are the sole persons responsible for what they do on the net. (I don't really get how it works though, if a student was downloading child porn the uni wouldn't be in trouble, would it?).
Other than that the guy could have a full (and anonymous) discussion about what they would use it for, if it's downloading music are there not legal alternatives which they can use which the uni could pay for (or, add on to the cost of the rooms/'net) and then they would be fine not changing the systems
*''I can't believe it's not a hyperlink.''
It all depends upon how you limit the bandwidth.
#1. Shrink the individual pipes to total_bandwidth/number_of_students? So you always get sucky performance?
#2. Cap the daily/weekly/monthly download/upload? So you get sucky performance during the first half of that period, but great performance once everyone else has hit their caps. And what happens when you have a legit need to go to a site after you've hit your cap?
#3. Do it like Frame Relay where you can "burst" to the available bandwidth? But if everyone is try to burst, you get sucky performance anyway.
#4. "Shape" the bandwidth based upon protocol and use one of the above methods to share that bandwidth? This works as long as there's no way to masquerade as a different protocol.
Each way has its own problems.
Well, yes and no. If the university has a clear $50/month charge on the bill then I'd say yes. I'm not sure all of them do though. If students really want ISP level internet access then they'd better be willing to pay for it, but I'm not sure that just because you're paying several thousand per year for tuition means that you get top-rate internet service. I really don't see internet access any different than dorm, food, or phone service.
If you don't want crime to pay, let the government run it.
"Add to that the potential liability of making a service that by most reports has upward of 90% of its traffic fall into a 'legally questionable' gray area, how can I win in this situation?" -Author
Well as long as you are at it, you might as well block email given that there are reports that upward of 82% of it is spam. 419 scams, get-rich-quick schemes, multi-level-marketing, fake viagra, medication without a prescription, blatant fraud, identity theft, phishing, Pump & Dump stock trades, you name a scam & e-mail has it.
But still, for the 18% of mail that is legitamet, you still make use of it.
Just as e-mail systems block spam, you would do better to block the copy-right infringement websites. Maybe redirect them to OSS software sites & Creative Commons music sites where people can legally explore & download music.
How much bandwith do you have to the internet? that may be slowing it down as well this one school I was at only had a T1 line and it got real slow at times and that was with any Bittorrent being used.
I got a little box that would go between the phone body and the handset. This little box provided an analog phone jack. It had a way to adjust for 4 different power levels, to be set according to your digital phone. I think it needed a wall wart for power.
Procedure:
1. take handset off hook
2. tell modem to dial (any number will do)
3. dial the real number using buttons on the phone
4. enjoy the 9.6 kb/s connection
Azerus supports the use of the Joltid peer cache for downloads. Someone suggested dynamic, public IP's. You could use IPv6. Although it doesn't make sense: Bittorent works through NAT's very well. But if there are bandwith issues then use a cache.
Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
Now this puts you into the "public IP's" area, but seriously.
You can still effectively firewall. You don't HAVE to NAT to have an effective firewall. Somewhere along the line this came into thought. Granted, that means all IP's are world-accessible, but that doesn't mean you have to allow traffic to reach those machines from outside.
allow tcp 22 from any to (ipv6 hosts allowed ssh)
allow tcp 80 from any to (ipv6 hosts allowed web access)
block icmp from any to (ipv6 network)
block from any to any
You can get fancier than that if you want. Not a major problem. Only issue is that IPv6 can reach IPv4, but not the other way around. You have to encapsulate IPv6 into IPv4, but there's software for handling that.
Karma: Chameleon (mostly due to the fact that you come and go).
"I have to agree about not being able to win in this situation, I also agree that allowing bit torrent to run without restriction will most likely lead to lawsuits. I wonder if the uni could get round this by making the students sign a declaration that they are the sole persons responsible for what they do on the net. (I don't really get how it works though, if a student was downloading child porn the uni wouldn't be in trouble, would it?)."
If a university does not have the capability to limit bandwidth on a per-computer/connection basis, they need to block most if not all p2p services (and bittorrent).
When I was going to college in 2000, my university had no blocks (and did not have the capability to throttle bandwidth). The Internet was not only unusable, but I would find kazaa and napster clients running on lab computers all the time with hundreds of connections (mostly people downloading porn). Now, all odd outgoing ports are blocked (besides the usuals: 80, 100, 25, 443,etc) and the Internet is faster then ever.
We are also required to login with a username/password to get on the Internet, and any unlawful activity can be traced directly back to our account.
It's one thing to appease your users, but another if it effects the QOS for 99% of the people on the Network.
When I was in uni residences in 2005, we were assigned public, static, IP addresses which were fine for bittorrent. The IP is permanent and tied to both your university username and MAC address, and they were quite tough if the RIAA or MPAA reported abuse to them.
PocketGamer.org - For the gamer on the go!
This has nothing to do with BitTorrent. Assigning non-routable IP addresses to anyone is wrong, a violation of good network design, and a compatibility nightmare. Assigning non-routeable addresses to FIVE THOUSAND STUDENTS is even worse.
Every machine deserves a routeable IP, whether they use that IP to run BitTorrent, Skype, or just FTP.
nt
Many BitTorrent clients support reporting a different IP to the tracker than the one actually held by the computer. This is useful for routing INCOMING connections through a third party.
Essentially what you need to do is have students connect to a server with a public IP via SSH, and set their BitTorrent client to report that server's IP to the tracker. The idea is that you set up an SSH tunnel that accepts connections on the remote end and forwards it over SSH. Most SSHv2 clients (such as PuTTY) support this functionality.
Assign each user a specific port on the server (There are over 65 thousand ports, and each person needs just one), and provide them with a nice little automated solution to set up the tunnel. PuTTY has a command-line version called "plink" that makes this super easy. Just write a short VisualBasic application that does nothing but show a window with a button to start up and connect plink to the server, and shut down the process when the user is done. This way, all a user has to do if he wants to use bittorrent is run the application and click a button. Or better yet, just write a short batch script that the user can launch when they want to do torrent-related stuff.
This is only one of the possible methods. As you can see, a computer doesn't need a public IP address in order to accept incoming connections via BitTorrent, since you can tunnel them. It should be noted that many BitTorrent clients also support proxies. uTorrent even supports proxies for peer-to-peer connections. And you may also want to look into P2P caching solutions, which could potentially significantly reduce the impact of BitTorrent on your university's connection.
You could implement BitTorrent cacheing. You would still need to consider the cost efficiency of this solution, as it will cost money, and it will not help students in their academic tasks.
I think that the only commercial solution ATM is of CacheLogic, but the protocol itself is open, so others could follow.
Anyway, your users should be glad. On my university, BitTorrent/ed2k/etc. don't work at all. I can not even ssh/telnet/pop3/irc to the outside world, and not transfer files via ICQ. (Skype started to work recently). The closest anyone got near BT was a last-year project that specifically involved p2p file sharing, so the students were allowed to place a server on the DMZ without root access, and with traffic accounting.
...did just the opposite. They gave public IPs to all the students, seemingly with no restrictions -- I could have as many IPs as I had network adapters, even on the University wireless. They blocked inbound Windows filesharing ports and outbound SMTP, and throttled BitTorrent, but other than that, I could just about saturate the 10 mbit pipe to my dorm room. I could saturate BitTorrent if I turned on header encryption.
Basically, they decided that the web (port 80) needed to be as fast as possible, because that's where real work gets done.
Don't thank God, thank a doctor!
Cache BitTorrent and other P2P traffic. These guys make such a device:- http://www.cachelogic.com/
I administer a network of 30 inhouse and 400 remote workstations. Inhouse I have 2 NATted 4Mbps connections for 30 users, which should be enough for most cases. this summer, I had problems with the NAT routers slowing down almost to a halt. When I took a closer look, I found out that we had several BT clients running simultaneously with several hundred open connections!
...OTOH, I often forget that you guys in the US have to be careful not to get sued... :P
Now I have 1(one) instance of an emule client running, with a web interface where everyone can "order" some files, and a public share where he can pick them up...no complaints since then!
Delta-Mike November Bravo Tango
What about isp-level caching? Didn't Bram Cohen recently disparage encrypted bittorrent because it prevents ISPs from caching the bittorrent? That seems to imply this feature is possible and maybe even available.
FTW!
If you're having troubles with your Internet connection slowing down a bunch while using Bittorrent, you probably need to cap its upload speed. As of a long time ago, you couldn't do this with the official client (maybe you can now; I haven't checked). Try getting Bittornado which will allow you to limit the speed at which it uploads and should allow you to use it without monopolizing your bandwidth.
Why not just setup a socks5 proxy and have people use that for bittorent?
As for the legality, is it your job to police people on what's legal or not? I mean, there are also legitimate uses for bittorent.
Change is certain; progress is not obligatory.
It's spelled "you're".
Dorm fees have *nothing* to do with tution. Student's don't subsidize other students' housing, they are piad by dorm fees. It's akin to rent.
And when that rent lists "high speed internet included" as an option, and on top of that you are not allowed to procure your own alternative internet access, that Internet access should be as unencumbered as is reasonable.
I guess another question is whether your university has the public IP space to actually do that for all your students. If you don't already have enough public IP space then you're gonna have to deal with begging ARIN for a bigger allocation which might not be worth your time. /my university has a /16 //its only using 16% of it by my last check
X(7): A program for managing terminal windows. See also screen(1).
When I was an undergrad, we had to walk a quarter mile uphill in the snow to get to the nearest computer center to use keypunches, or (later, after I'd moved to north campus and the computer center had upgraded) 3/4 mile across mostly-flat snow to get to the one computer center that had some Decwriters and a couple of CRTs on the mainframe and a couple of PLATO terminals. Modems existed back then, but we didn't have an ASR33 in the dorm or fraternity house and there wasn't anything on our IBM-centric campus to talk to with it even if we had :-) We did have phones in the dorm rooms.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The big issue isn't legality, it's bandwidth (sort of). Bitorrent opens up a flurry of connections compared to say FTP. Wheras FTP opens one connection and leaves it open and sticks with it for the duration of the download, Bitorrent open many, many connections throughout the download process and continually queries known clients for what parts of the file they have. Different clients handle this process differently, but the basic Bitorrent client is by far the worst. A single download of a single file using the vanilla Bitorrent has brought my entire 125 KBps DSL connection to a screeching halt before. Either way, for every connection that is opened with another client, the queries must be passed through the campus routing system. Although these queries do not take up any real bandwidth, they occupy the processing time of the router. If the router doesn't have enough power to handle this traffic, ALL traffic gets choked off. There may be plenty of bandwidth left to use, but the router is too busy to deliver it to people.
Either way, (My semi-educated opinion) it's not an engineering problem, it's a managerial problem about how the whole lot is being run at the moment and it obviously needs a re-think on how things are being done.
Bingo; yet again, it's an attempt to solve a policy/managerial/social problem with a technological solution. Almost any time this is attempted, failure results.
As to the OP, if you want to provide customer satisfaction, and your customers want BT, then you need to provide externally-facing IP addresses and allow as much traffic to each client as is technologically and economically feasible. The law ought to be on your side, since you'd be acting as a 'common carrier,' just like any other ISP. Provided you respond to and comply with any court orders or other legal requests for action by copyright holders, and don't attempt to shield you users from the consequences of their actions, you ought to be OK.
I think that the cost of internet access to each student should be broken out on their residence-fee bill, so they know what they're paying: if they're only paying $5/mo for it, then they can't expect even Comcast-like service and customer satisfaction. But if they're paying $75 or $80 a month for a 128kbit pipe, on top of which you layer tons of NAT and filtering, then they probably are within their rights to be pissed. I certainly would be.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Heya, I'll tell you how things got done back in my frosh year.
A few brilliant members of our computer sciences division brewed up a marvelous piece of code. Essentially, it was a piece of P2P software that connected all users in all the dorms. Upload and download speeds were astonishing at easily over 500kB/s. Overall, it was better for the students because they could get what they wanted off of each other very, very fast. While Bit-torrent and other P2P programs were definitely choked, there was still a 5kB/s leeway. A dedicated few students used it to stream new content into the main data pool. The system was called ResX and was sponsored by the University for the most part. It kept the traffic inside the university, which is the first great hurdle. As a student, it was awesome.
Of course, my university is in Canada. Legality about filesharing definitly has a looser definition due to our levy on recordable media. Rumor has it, ResX isn't used anymore, or at least it's functionality has been cripped due to political drama. The tricky thing is, once you condone file sharing, your University can be easily targeted by the powers that be. An individual with his own IP address and line isn't much of a target.
What's on port 100? :/
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
Sorry, I meant port 110 :-D
What for they need BT protocol? I see most of legitimate uses of BT as downloading Linux (or other freenix) ISOs, commercial games demos and other legitimate big files.
If they (the users) are downloading illegal stuff they should be prohibited to do that.
What I've read most of Slashdot users are suggesting is to set up mirrors of those stuff to let them download it of local network - great idea. But add to it that you do not need to make yourself an admin of those mirrors. Just set up an apply process for a mirror maintainer and let the students maintain the mirrors themselves (even give the admin-ones way to use BT to mirror).
That way they can:
- learn how to operate such systems
- learn how to practically (as in social siences) operate such systems
- get some responsibility and management skills
Set up a usenet server. Many ISPs have one, so it must be legally ok. Let the students satiate their piratical instincts with that.
First things first:
Separate residential network from the rest of the university.
Give it big fat internal pipes.
hint that there would be nothing to stop someone from running an internal tracker that wouldn't be limited in speed.
Let them do what they will with it.
It probably wouldn't take long for someone to set something up and people were sharing most of what they wanted anyway over it.
Mirror linux distros and other legit items, or create an electronic form where a student could request a copy of a legit item, when its provided to them, they could use it on the internal tracker.
Better yet set up your own internatl tracker for those kinds of items, someone will realize they work, and set up one for non-legit items.
Until we have strong AI so that a cyber-lawyer inside your firewall can figure out whether a packet should have the 'evil bit' set or not, nobody is going to be able to identify whether a bittorrent (or any other protocol's) transaction is legal or not. It's no use to try. So I wouldn't worry about whether it's legal or not: you're never going to know. That didn't stop you from allowing web traffic, did it?
IMHO, the thing to do is to limit external connections in such a way that they are possible, but appear "expensive" to the client, so that intranet clients will be encouraged to connect to one another (instead of the outside) whenever possible. Ideally, a large file should only be transferred over your outside pipe once regardless of how many users are downloading it.
And along those lines, set up any sort of caching services that you can.
I suspect that what ISPs and Universities, really need is some kind of internal torrent watcher/cache thingie, that figures out what torrents are popular and then downloads the files and serves them (via bt) to the intranet. i.e. instead of banning bittorrent, run it on one of your machines, so that clients cheaply connect to that machine inside your network, instead of expensively connect to somewhere outside.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Students sign a waiver saying they will be held liable for all illegal activity that perform, and that the university holds absolutely no responsibility.
Provide your students with one static IP address per dorm room. Require the students to use a firewall and sign an agreement that is legally binding to that sense. This will allow them to use the built-in WinXP firewall, iptables in Linux distros, cable routers, etc... You may even try to go so far as to require that they allow non-invasive attacks or just simple port scans on their PCs to make sure their firewall is in place and operating. That's touchy as hell, so ask the lawyers before doing it. It could also get expensive to implement, so consider it a nice bonus to the students if you can do it. If you do it right, you could even have automated reports going to the students about their particular firewall tests to let them know what their status is and possibly how they can reduce their risks.
The nice thing about this is it is a proactive step to *help* dorm network security. It helps protect your students' computers without requiring them to spend more money to do it using built in firewalls. Or, if the students will have more than one computer in the room, they can get a router anyway or setup a NAT PC and will probably still be behind a reasonable firewall.
Additionally, it takes the burden of maintaining the firewall off you. Mostly, this absolves you of responsibility. If your firewall were to get hacked and a students' PC invaded, the fact you provided a firewall makes you responsible in the eyes of a court. However, moving the responsibility to the students by getting a signed agreement requiring them to implement a firewall with certain specifications can alleviate that responsibility from your own shoulders.
If you have a hard time selling it, use the VD analogy. Would you have sex with a prostitute without using a condom? Then why wouldn't you use a firewall for your PC?
Once this is done, as someone mentioned earlier, use traffic shaping on your end to make sure that a few people aren't monopolizing the dorm bandwidth and you're good to go.
When I was at RIT, we used Direct Connect (well, DC++), and some genious (possibly at U of R?) came up with the i2hub - a DC hub that was to be populated only by students at universities utilizing the Internet 2 network. Absofuckinglutly amazing transfer rates. 3-5MB/s (bytes, not bits) from someone at a university 1500 miles away. We could just about saturate our 100mbit lines when downloading from others inside the university's local network too (9-11MB/s [again, bytes, not bits] wasn't unheard of, nor rare).
They were shut down like half-way through the 2004 school year, I believe. I wasn't attending anymore at that time, but anyways - that was probably the best P2P experience most people could ever dream of.
Lets step back from the problem and review the difference between PAT and NAT.
PAT (Port Address Translation) is the most common way of sharing a single Public IP address with many hosts.
think ONE -> MANY.
NAT (Network Address Translation) is the process of having a single Public IP address point to a single internal address.
You problem is simple, the solution is to simply increase your NAT pool to the amount of internal clients.
This does require more public IP addresses as you stated, however it does not mean everyone gets a direct public address. you can have internal users REQUEST a NAT address rather then a PAT (shared) address.
The amount of people requesting NAT may not be the entire dorm. and you can still apply your normal firewall rules, just permit the port serverices you wish (in your case its bittorent). In some situations like DSL, the DSLAM can do this for you, and you can even charge the dorm users who want their one NAT address more in fee's or similar if needed to pay for your new IP SWIP.
I'm not a big bittorent user, however users should be able todo what they wish, thats what a EUA is for. don't blame technology, just use it the way the RFC describes it, not how vendors lock you in.
Assign each user a specific port for bittorrent traffic. Tell them to configure their client software to use that port.
DNAT that port. Voila, full-speed bittorrent. Moreover, the user is identifiable by port, so you need not fear liability any more than does my cable company. You are protected under U.S. law, as long as you do take downs upon
accusation, and restore service if the accusation is contested.
In the university environment, I think you'll find that illicit use of BT is probably lower than is illicit use of the library.
-I like my women like I like my tea: green-
Great, so apparently public IP addresses have "legal issues" now. What a bunch of crap.
http://outcampaign.org/
Peercache does something similar to a web cache, but for P2P traffic. It's a commercial product but could be worth a look.
The basic problem of having machine behind NAT, and thus unable to accept incomming connections, seems impossible to avoid unless you can get a block of 1000+ IPs.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Figure out whether you think you have a case, then get a bunch of people together to split the cost of hiring a lawyer to write up a nastygram to send to the landlords.
http://outcampaign.org/
Hi!
e -tc.html I just spaiced it up with IMQ.
In the university where I work, we made use of HTB (http://luxik.cdi.cz/~devik/qos/htb/) along with other "traffic shapping" tools. I don't have the scripts on hand, but it is based on the "wondershaper" you can find here: http://www.lartc.org/howto/lartc.cookbook.ultimat
Anyway, at our university we gave everyone a public IP address, because it was already done that way. But I proposed to change it (it hasn't been done yet, but it will). My proposal is as follow:
Assign private IP addresses via DHCP (previous 802.1x auth, or at least MAC access control, yes the address goes static becuase the DHCP have MAC-based IP address assignation), and add several "localized" IDSs and have one traffic shaper at the Internet link. The traffic shaper have simple rules: high priority to "real time" protocols,medium to "bulk" preffered traffic (http, mainly), slighly lower to "not interactive" protocols (like SMTP), and low to the rest (here you will have BT, or whatever). The idea is: if there is nothing better to do with the link, you will have fast BT download.
As for these kind of services, we decided to use more than one IP address and to SNAT instead of MASQUERADE on them, and then have each pool of address into one external address. Then, we create (via script, off course), the DNAT rules for port forwarding for income conections, and assign two ports to each internal IP (two TCP, two UDP (the same port numbers, but for TCP and UDP), then we would inform the users wich external IP/ports where assigned to each workstation (we are still not sure if publicate the info in the intranet server, or if we would send a massive e-mail). The idea is: the user have two TCP and two UDP ports, he/she will decide what to do with these (they could even create a web server or whatever), the thing is: they are being watched (no it detail), but we do internal scans of network to identify which services are running on each computer, and we have rules that forbid having SMTP. We have the ports firewalled (outgoing), but they could still have and "incoming" SMTP, and thus we would detect it, and inform the responsable user.
Yes, all of this is done with a Linux computer (well, more than one if you count the IDS).
Anyway, this is a "resumed" version of the idea, because I have no time to explain it all, but at least the "special services" are covered.
Hope this helps,
Ildefonso Camargo
Aww, idn't that just too bad? The wittwe pipes awen't handwing the twaffic!
For what they charge in tuition, -GET- -BIGGER- -PIPES-! Not throttle! Either that or allow students to seek outside solutions.
To fight the war on terror, stop being afraid.