North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Regional differences in P2P
On Sun, 18 Jul 2004, Walter De Smedt wrote: > How are ISPs monitoring P2P traffic these days? Monitoring based on > Netflow/cflowd data and fixed port numbers for application > classification doesn't seem to do the trick anymore as more P2P > applications use random port numbers or even use port 80, with the > purpose of circumventing potential ISP policies or accounting. > With Netflow/fixed port nrs the amount of 'unknown traffic' is > increasing steadily. > > The next step in P2P recognition seems to be deep packet inspection with > signature based detection. The major problem here is scalability - I > don't see some device analyzing 1G, the typical uplink capacity of > Internet gateways in a medium SP network, of traffic at layer 7. > If this should be feasable, what if P2P applications would employ > encryption schemes (e.g. IPSec) - this would render signature-based > recognition useless. you can also be fairly accurate from the flow data.. eg genuine web traffic is short small transfers, P2P is long-lived flows of continous high usage Steve
|