When fighting peer-to-peer, packet shaping can be more effective than cat-and-mouse

Crimping access to P2P applications may be a more effective approach than trying to ban them.

When network managers find peer-to-peer file sharing overwhelming their networks, some of the best words of wisdom might be to "let it be," just at a slower pace. It is a strategy many colleges have found effective as they manage some of the heaviest users of BitTorrent and other protocols that can wreak havoc on a network -- not to mention land the operator in hot legal water.

Several university network managers who were interviewed said the most effective strategy was using network management devices from companies like Packeteer and Exinda to limit, but not block, peer-to-peer protocols. Slowing down peer-to-peer erodes these methods' usefulness for downloading the latest blockbuster while not making it so difficult that savvy students encrypt or otherwise make their traffic undetectable, which can end up increasing overall peer-to-peer usage.

It also takes colleges out of the sticky problem of policing the legality of content over their networks.

Cindy Borovick, program director with market intelligence firm IDC, said that today's packet-shaping devices were mature and ready to take on the challenge of effectively managing large networks.

"The issue really is: Have customers architected that functionality into their network?" Borovick said. "I think it's a matter of budget and recognizing that you have that need up front."

At Walla Walla University a relatively lenient approach, coupled with protocol-based traffic shaping, has largely mitigated the effects of file sharing.

"A couple years ago, we used to get one or two [copyright infringement notices] a week, but we haven't gotten any in two years," said Paul Harvey, a network manager at the university. "I don't know if that's because our ISP hasn't been forwarding them on, or because we've stopped being targeted, or why."

A combination of increased user demand and falling per-megabit costs also kept bandwidth expenses relatively stable for Walla Walla during that time. The university uses Exinda hardware to shape and monitor the traffic for its 2000 computers. BitTorrent is given a lower priority and a bandwidth cap, while HTTP and VoIP traffic is given priority. Some traffic, like SQL and Samba, is completely blocked off from the Internet to help cut out security holes and reduce bandwidth consumption.

"We decided to do this because people are going to find a way around [blocking peer-to-peer] anyways," Harvey said. "With the latest Exinda software version, it actually finds the latest encrypted peer-to-peer, and Exinda says don't block it completely, just slow it down because the latest programs will reconfigure the way they work [if blocked]."

Instead of playing cat-and-mouse with student pirates, Walla Walla and other universities play a waiting game -- but it is peer-to-peer users who have to wait. It also frees the university from having to use deep-packet inspection to actively police what students are downloading and uploading on their networks, deterring all peer-to-peer while not completely closing off legal (or illegal) usage.

"Maybe it's kind of an ostrich with the head in the sand, but the less we know the better it seems," Harvey added. "That's how some people view it at least."

Jason O'Rourke, director of Pavilion ConneXions, provides residential Internet access to students at the University of Lincoln in the United Kingdom and has found success using similar methods.

"We have a very open policy, in that we don't stop anybody from doing anything," O'Rourke said. "The Internet is for their personal use after all. There is a fair-use policy enforced."

He said that peer-to-peer protocols are not stopped but are restricted, particularly during peak usage hours. Occasionally, during maintenance, the Exinda traffic-shaping appliances that Pavilion uses are taken offline and users are immediately reminded why peer-to-peer is restricted: The connection slows to a crawl.

"We found that if you block p2p, students will find a way around it, so...restricting it was more effective," he said.

Read more on Network monitoring and analysis