[Fault symptom]
Some users in the LAN use P2P download tools such as BT, Thunder, donkey, and dianpan to download the files. This causes other users in the LAN to experience slow Internet access and network speed cards.
[Fault Cause]
When a host in the LAN uses P2P for download, P2P software will occupy a large amount of bandwidth from the LAN to the Internet egress, leading to slow network speeds and cards for other users.
[Principle Analysis]
How BT works
While downloading P2P software, it also provides upload (upload) for other users, so the download speed will not decrease as the number of users increases. Simply put, the more people download, the faster the download speed.
The specific working principle of BT is: BT first divides a file into Z parts on the Uploader, and Jia randomly downloads N parts on the server, B randomly downloads the M part on the server, so that bt of a will go to B's computer to obtain the M part that B has downloaded according to the situation, the BT of Party B will go to Party A's computer as needed to obtain the N part that has been downloaded by Party A, so that the load on the server side will be relatively small and the user side will be accelerated (Party A and Party B) the download speed and efficiency are also improved, and the restrictions between regions are also reduced. For example, if C needs to connect to the server for download, it may only be a few K, but it would be much faster to Get It On A and B's computers. So the more people you use, the more people you download, and the faster you get. In addition, you are uploading the file while downloading it (someone else takes a part of the file from your computer ).
Other P2P software works in a similar way.
Test results:
Thunder and BT have the strongest bandwidth, and the speed improvement may not be very high due to seed reasons. BT and other software are used as seeds to provide download services for others. Because the maximum upstream bandwidth of ADSL is only 512 KB, therefore, P2P software is more likely to cause congestion of uplink bandwidth at the LAN egress, but any Internet access requires upstream/downstream traffic. If the uplink bandwidth is full, it will affect the use of all users.
[Solution]
1. Block the ports used by P2P software for restrictions. For Commonly Used P2P software ports, see Appendix 1.
2. Disable the IP address of the P2P software seed.
3. Use the Intranet host Speed Limit Function to limit the upload/download rates of Hosts. P2P software can be downloaded but its speed is limited to a tolerable range, at the same time, the upload bandwidth cannot exceed the download bandwidth.
4. When CBQ is used to limit the download speed (the total bandwidth is less than 7 Mbps), you can also use the Intranet host speed restriction function to limit the upload/download speed to achieve better results.
5. strengthen internal network management, interfere with administrative measures, and promptly detect illegal downloads to stop them.
[HiPER users can quickly find P2P software downloads]
Take BT as an example: BT downloads frequently used ports 6881-6889 and 6969. When you select "all records" for "Internet monitoring" on the HiPER router, you can see the access records of the BT port, when searching for records, you can focus on the Internet port number and the number of uploaded/downloaded packages, as shown below:
902123 902123.jpg 1.jpg 1 jpg N modify, delete,
902125 902125.jpg 2.jpg 2 jpg N modify, delete,
902127 902127.jpg 3.jpg 3 jpg N modify, delete,
902129 902129.jpg 4.jpg 4 jpg N modify, delete,
902131 902.161.jpg 5.jpg 5 jpg N modify, delete,
Most btsoftware now has the function of manually specifying ports, which makes it difficult for the network administrator to query and query, in this case, you can search for records with a large number of uploaded/downloaded data packets. For example, if the data traffic of record 3 is large, you can first check whether the host is in violation of regulations.
The methods for discovering other P2P software are similar to those described above. For Commonly Used P2P software ports, see Appendix 1.
[Solutions for HiPER users]
1. Common P2P ports
This method can only restrict the download of P2P software within a certain range, because the above P2P software has the function of manually specifying the port, for example, any of the above software can specify a port for data transmission at will, which makes it more difficult to find the download.
Example: block common ports of P2P software such as BT
Add a policy in "Advanced Configuration"-"Business Management" and set the policy as follows:
Policy Name: bt1
Group selection: 192.168.0.222
Protocol: 6 (tcp)
Destination Start port: 6881 destination end port: 6889
Destination start address: Keep default destination end address: Keep default
Source Start port: 1 source end port: 65535
Insert Location: Keep default
Action: forbidden
Time period: Keep default
2. Disable the IP address of the server where the seed is located.
Concerning the IP address of seed sealing, the network administrator needs to perform a lot of preliminary searches and daily accumulation. For example, http://bt.btchina.net, this website IP address is 222.208.183.15, but this website has a lot of mirror site, which requires network administrators to spend some time to collect and sort out and seal it.
Instance: Policy Name: bt2
Group selection: 192.168.0.222
Protocol: 0 (all)
Destination Start port: Keep default destination end port: Keep default
Destination start address: 222.208.183.15 destination end address: 222.208.183.15
Source Start port: Keep default source end port: Keep default
Insert Location: Keep default
Action: forbidden
Time period: Keep default
3. Use the Intranet host speed limit for Speed Limit
This method limits the speed of all hosts on the Intranet. The bandwidth usage status of each host is the same. Because the upstream bandwidth of ADSL is only 512 K, it is easier for BT and other software to cause LAN congestion. Therefore, we must strictly limit the upload speed. The following limits the upload bandwidth to 256 kb and the download bandwidth to 512 KB. It is recommended to work with bandwidth management (your total bandwidth is less than 7 Mbps ).
Instance: In "Advanced Configuration"-"special functions", use the Intranet host speed limit to limit the speed of All Intranet hosts. Note: when this function is enabled, the speed of all hosts on the Intranet is limited.
4. Use the bandwidth service to limit the Intranet host speed
Note: When this method is used, if a group of bandwidth is used for download, the borrowed group cannot be returned until the download ends. If you need to restrict this P2P software, it is not recommended that you allow external lending and borrow bandwidth. We recommend that you use it with the Intranet host speed limit (when your total bandwidth is less than 7 Mbps ).
Note: After bandwidth management is enabled, the L3 switch function cannot be used at the same time.
Instance: Use the bandwidth service in the "bandwidth service" to limit the host speed.
Physical interface bandwidth: 100 M
ISP assigned bandwidth: 2048
Remaining bandwidth: 2048
Group selection: 192.168.0.222
Allocated bandwidth: 512
Priority: High
Allow other groups to borrow idle bandwidth: not checked (not recommended)
Allow this group of out-of-stock bandwidth when idle: Select (not recommended)
Average bandwidth allocation to intra-group users: select
At the same time, you can use the Intranet host speed limit for speed limiting. The allocated bandwidth is larger than the bandwidth allocated in bandwidth management. Because the upstream bandwidth of ADSL is only 512 KB, therefore, BT and other software are more likely to cause LAN congestion, so we must strictly limit the upload rate, you can use "Advanced Configuration"-"special functions"-"intranet host speed limit function" to limit the upload bandwidth. For example, if the upload bandwidth is limited to 256 kb, the download bandwidth is limited to 1 Mbps. When you use ADSL for access, you can use bandwidth management and speed limits in combination to achieve better results.
Appendix 1: Default port used by common P2P software
Software name protocol/Port
BT tcp: 6881 ~ 6889
EMule tcp: 4661-4662
Thunder port tcp: 3077
Poco port udp: 9000 udp: 5356 tcp: 5354