P2P Traffic Control

The growth of peer-to-peer traffic (P2P) is a major challenge for network operators of all types. P2P applications are a problem because they consume a disproportionate share of network resources using a variety of techniques, such as opening large numbers of concurrent TCP sessions or masquerading as other applications. Measurements by service providers have shown that as much as 70 percent of total bandwidth can be consumed by these applications, even though less than 5 percent of users employ them.

Until now, network operators have relied on deep packet inspection (DPI) devices to detect P2P traffic. DPI devices inspect the contents of data packets looking for the data patterns (i.e., “signatures”) which identify known P2P applications. DPI introduces a number of problems:

• Examining every byte of user data requires significant computational resources. DPI devices consequently either have low performance or are very expensive. Equipping a multi-gigabit network with DPI is prohibitively expensive.
• Successfully detecting P2P applications requires constantly updated signature libraries. But these applications are frequently mutating as their developers try to avoid detection, making the maintenance of up-to-date signatures nearly impossible.
• Increasingly, P2P applications use encryption, making it impossible to detect them using DPI no matter how powerful the processor or how sophisticated the signatures and algorithms.
• P2P applications use as much bandwidth as they can get, so detecting most of them offers little or no benefit. Measurements in service provider networks have shown that eliminating 70 percent of P2P users has no benefit for other users; the remaining 30 percent of P2P traffic simply expands to fill the void.

Anagran Internet traffic management (ITM) solutions focus on detecting the behavior of P2P applications: their use of large numbers of sessions and their high bandwidth utilization. Looking for these “behavioral fingerprints” as opposed to actual signatures (which, again, change and are often encrypted) results in the ability to detect and control 100 percent of P2P traffic traversing operator networks. It should be noted, consistent with net neutrality requirements, we do not peer into the user data portion of the packet.

Anagran’s ITM solutions do not penalize P2P traffic, they simply ensure that all users of a similar class have fair access to available bandwidth. Within the Anagran ITM product line this is referred to as “host equalization.” With this turned on, all hosts will have access to an equal share of network bandwidth, regardless of the number of sessions they have. A user downloading a legitimate video at one address and a neighbor with a greedy P2P application will receive exactly the same share of network capacity. Unlike DPI devices, the FR-1000 does this in real time with a single configuration command. No complex policy setting is needed, and no updating of signature files. The graph below shows the FR-1000 enforcing fairness between P2P and normal users. To the left, the FR-1000 is not controlling the traffic. To the right, it is. The top five percent of users are getting 80 percent of the bandwidth without control, and just 10 percent of it with control. As such, the Internet experience for the vast majority of users is greatly improved.