Solutions

P2P Management

In today's networks, the growth of peer-to-peer traffic (P2P) has caused a major problem for operators. Anagran has a unique approach to this problem, which - unlike existing products - is 100% effective. P2P applications are a problem because they are very "greedy" for network resources. They use various techniques, such as opening very large numbers of concurrent sessions and masquerading as other applications, which result in them taking far more than their fair share of bandwidth in the network. Measurements by service providers show that 70% or more of total bandwidth can be taken by these applications, even though less than 5% of users are using them. In addition, nearly all material transferred with P2P applications is copyrighted, and the copying is illegal. This is increasingly leading to legal action by the copyright owners. In some countries, service providers are legally required to detect such illegal usage and to take action against such users. Educational institutions face similar concerns - there have been several lawsuits against universities in the United States.

The common method of detecting P2P until now is "Deep Packet Inspection" (DPI), i.e. inspecting the contents of users' data packets looking for the data patterns which identify known P2P applications. DPI has several problems though:

• Examining every byte of user data requires a lot of computation. DPI devices either have low performance or are very expensive. Equipping a multi-gigabit network with DPI is prohibitively expensive.
• Detecting P2P applications requires up-to-date signatures of their data patterns. But these applications are constantly mutating as their developers try to avoid detection, making the maintenance of up-to-date signatures nearly impossible.
• Increasingly, P2P applications use encryption, making it impossible to detect them using DPI no matter how powerful the processor or how sophisticated the signatures and algorithms.
• P2P applications use as much bandwidth as they can get, so detecting most of them offers little or not benefit. Measurements in service provider networks have shown that eliminating 70% of P2P users has no benefit for other users - the remaining 30% of P2P traffic simply expands to fill the void.

The solution implemented in Anagran's FR-1000 depends on detecting the behavior of P2P applications: their use of large numbers of sessions and their high bandwidth usage. It is deep in their nature to work this way, and there is nothing they can do, through encryption or mutation, to avoid it - which is why the FR-1000 can detect 100% of P2P traffic.

The simplest way to ensure fair network usage, using the FR-1000, is to enable host equalization. With this turned on, all hosts will receive an equal share of the network bandwidth, regardless of the number of sessions they have. A user who is downloading a legitimate video at one address, and a neighbor who has a greedy P2P application, will receive exactly the same share of the network. This is much better than today's situation, where the P2P user will typically get 10 or more times the bandwidth of the legitimate user. The FR-1000 does this with a single configuration command. No complex policy setting is needed, and no updating of signature files. The graph below, an actual measurement in a live network, shows the FR-1000 enforcing fairness between P2P and normal users. To the left, the FR-1000 is not controlling the traffic. To the right, it is. The top 7% of the users are getting 80% of the bandwidth without control, and just 10% of it with control.

The FR-1000 can also implement a more aggressive policy towards P2P traffic, not just reducing it to a fair usage but giving it so little bandwidth that it simply doesn't work. First, P2P traffic is recognised by its inherent behavior: lots of sessions, and high bandwidth. Then, it is assigned to a Flow Class with very restricted bandwidth. This effectively eliminates P2P traffic from the network, and with it the risk of legal action from the legitiimate copyright holders. At the same time, the risk of false positives - of penalising users whose traffic is not in fact P2P - is negligible, because of the umistakable behabior pattern of P2P. The graph below shows this in a university network. The policy for P2P users was set to give them just a few kilobit/second between them. Again, to the left is without the FR-1000 controlling the traffic, while to the right, control is enabled.

To summarise, the FR-1000 is a powerful tool to control 100% of peer-to-peer traffic. It can ensure fairness between P2P and normal users. And where even stricter control is required, to limit illegal sharing of copyright material, the FR-1000 can reduce P2P traffic to the point where it becomes useless.