[Bloat] Dealing with P2P traffic in modern networks - measurement, identification, and control

grenville armitage garmitage at swin.edu.au
Mon Apr 16 23:23:15 EDT 2012


Apologies for re-animating an old thread, but please see
below for something possibly of tangential interest to
the list.

On 09/29/2011 06:51, grenville armitage wrote:
>
>
> On 09/29/2011 03:40, Jesper Dangaard Brouer wrote:
>>
>> Thanks Dave,
>>
>> I have always had the dream of implementing a behavioural based traffic
>> classification Netfilter module. But I have been unable to find some
>> good research in this area, this might be the answer :-)
>>
>> If anybody else on the list have links/articles relating to behavioral
>> traffic classification, I'm interested! :-)
>
> If by "behavior" you're referring to the statistical patterns within flows
> (packet length variations, inter arrival times, etc) you might be interested
> in our DIFFUSE (http://caia.swin.edu.au/urp/diffuse) work. We've extended
> FreeBSD's ipfw firewall code so that it can recognise traffic based on statistical
> characteristics, and use this (rather than direct packet inspection) to trigger
> e.g. rate shaping, etc. Although our prototype code was initially developed
> for FreeBSD, we've got a preliminary Linux port too. The website contains an
> overview description, docs and patch files against FreeBSD and Linux source.

After some poking, prodding and hair-pulling over the past few months
we've released a prototype implementation of our DIFFUSE system ported
to OpenWRT -- http://caia.swin.edu.au/urp/diffuse/openwrt/

We have specifically implemented and tested DIFFUSE running on a
TP-Link WR1043ND using OpenWRT, and documented the work in tech report
(http://caia.swin.edu.au/reports/120412A/CAIA-TR-120412A.pdf)
In particular, we demonstrated the ability of a DIFFUSE-enabled WR1043ND
to detect & protect certain online game traffic (without knowing ports and
addresses a priori) from queuing delays usually induced by bulk TCP cross
traffic, and do so at line rates quite suitable for typical ADSL2+ environments.

This is prototype work, not rigorously debugged nor read for prime time. But
we hope it is nevertheless of some interest!

cheers,
gja



More information about the Bloat mailing list