Using Connection Limits to defeat torrents

[bawjkt]

I got a NetEqualizer yesterday and ordered a Netgear 3700 today which will be running Gargoyle 1.5.4. I corresponded with pbix about comparing these two Active Traffic Control devices. I'll do that as soon as I actually start using Gargoyle. For now, having a great time understanding the NetEqualizer.

And since I wrote just hours ago I have begun testing Connection Limits on the NetEqualizer and have found them surprisingly effective in blocking P2P.

A simple limit of 40 (20 up, 20 down) allows normal activities.

Pre-uTorrent
-------------------
I just checked, this machine has 7 open connections, with two dozen tabs open and a lot of other items active. Baseline upload and download are both single digits, a few kilobit. Latency to my ISP gateway is at 15ms. By the way, the NetLimiter app is a great way to see connections and their speeds. That and BitMeter.


Open uTorrent
------------------------
Opening uTorrent takes this machine to hundreds of connections. This happens even if I am not downloading; it *always* seeds. Upload is always maxed out to the max upload allowed by my ISP. That also quickly takes latency to my ISP gateway from a normal value of 15 to 2000ms or higher. Pinging my ISP gateway now takes over two seconds - this is a problem.

POOF !

All I did was open a torrent application and the whole network is trashed. Even if I'm not downloading. Even with a $1,400 NetEqualizer running. That torrent application is a serious destructive force. And all it takes is one person on the network to run it or iTunes or other P2P to instantly trash the entire network. Now everything is slow.

But, NetEqualizer also lets me set Connection Limits by IP and IP range. And to be fair, it is part of the initial setup process in the Quickstart guide. So I used a recommended value of 40 (20 up/20 down) and set it for 192.168.254.124, my current IP on this machine.

Open uTorrent, but this time with Connection Limits
-------------------------------------------------------------------------
Now let's open uTorrent again.

And let's watch NetLimiter to see how many processes are spawning, each trying to open a connection. Hmmm the scroll box under the uTorrent category just went from long rectangle to tiny square. There are 21 processes per page, and I can page down more than 40 times so it's somewhere north of 800. Those are new processes spawned by uTorrent, all trying to open up new connections and *choke this network*.

But now very few of these new processes are making lasting connections.

How many of these connections succeed? Well, looking at Active Connections as seen by NetEqualizer, this machine now has 35, up from 7 before opening uTorrent.

And, looking at Bitmeter for my bandwidth utilization for this machine, it's 20some kilobit upload and nine kilobit download. That's pretty close to single digits - nowhere near maxed out.

Latency (pingtime) to my ISP gateway is now around 60-100 ms for everybody else on my network. On my machine I get a lot of ping timeouts because the machine is crawling the walls desperately trying to initiate those 800 uTorrent connections.

And looking at uTorrent itself, there are Zero active torrents.
It just sits there and does no uploading or downloading. Number of torrents in Active status stays at zero. It's like it's broken.

"What happened to uTorrent? It's not working?"
"Yep, you got that right! That's because it just had its legs sawed off by setting Connection Limits. That's why you can still watch your YouTube..."

What's more, as long as it is running and still trying to exceed its connection limits, I can't open any new connections, like a new Google search. If I shut down uTorrent, everything works as normal.

Two hours ago I wasn't sure if Connection Limits would tame the torrent issue. If you fret about torrent control, take comfort in these findings. Setting connection limits of 40 on this machine with the NetEqualizer completely crippled uTorrent. You could do it network-wide by just setting a network range. And, the browser can't open up new things until uTorrent has been definitively quit. People remember that sort of thing.

Quite impressed - using connection limits to control P2P definitely works ! I don't even know if Gargoyle has per-user Connection Limits; I bet it does. I will definitely be using them on whatever routing solution I use.

Now I have to find something new to worry about because Connection Limits certainly crush the torrent menace. It took a few hours of testing to realize how well it works. What a powerful new tool in keeping your public networks running smoothly.

Did you ever worry about that one person in 20 who fires up torrents on every network they log onto? Oh *you* are that guy?

Well just set connection limits on your network and find something else to worry about.

[pbix]

Your post is interesting because I have never really seen how these modern more expensive routers approach this problem.

It would be nice if you could post a few screen shots to show what these screens look like. I am always interested in what other designs look like.

Using connection limits to control P2P does have drawbacks as you noted. The P2P application cannot work properly, the computer running the P2P cannot even browse properly even though there is plenty of bandwidth available. So while you seem satisfied with this approach it seems not very elegant to me.

When you get your Gargoyle router we will look at another way to control such traffic which should not suffer these limitations. Gargoyle does not have per IP connection limits instead it has per IP bandwidth sharing. Bandwidth sharing should allow bittorrent applications to run properly even on multiple computers and still prevent other computers from suffering unfairly.

[bawjkt]

I'm not a forum pro and don't have some http parking space set up for drops of the graphics.

Perhaps this is unwise but in the interest of progress, you and other readers can simply log in and poke around on this unit.

I have set port forwarding for IP and username and password as follows to make it especially easy:

118.137.159.69:8443
user/pass = neteq/neteq

valid this weekend only (it's 2A Saturday already where I am)

I'll activate some torrents to give an interesting active traffic load. What I have learned recently is that it really hits its stride at thousands of concurrent connections; testing it with a single 720P stream as earlier tonight isn't accurate.

Luckily this will be deployed to 500 - 800 users on Monday night so I have a big enough network to use it on. Perhaps they have a Quickstart Guide on the site; I only have the PDF and can't post it.

[bawjkt]

Re

Using connection limits to control P2P does have drawbacks as you noted. The P2P application cannot work properly, the computer running the P2P cannot even browse properly even though there is plenty of bandwidth available. So while you seem satisfied with this approach it seems not very elegant to me.

I'm a bit of a novice so anything that defeats the immediate problem is impressive. Still, the fact that the computer does not work properly when torrents are running does generate service calls by users; a major issue. I agree, inelegant and a "fix" that generates problems of its own.

When you get your Gargoyle router we will look at another way to control such traffic which should not suffer these limitations. Gargoyle does not have per IP connection limits instead it has per IP bandwidth sharing. Bandwidth sharing should allow bittorrent applications to run properly even on multiple computers and still prevent other computers from suffering unfairly.

The "all machines in same class" with equal sharing sounds like what I've been looking for for a long time. To see torrents crushed down to 1/3 of the pipe in the face of two other users also contending sounds amazing; I just have to see it and understand it to realize it's possible. That is the new functionality in 1.5.4, right?

They promised a WNDR3700V1 but delivered a WNDR3700V3 two days ago. If that can't be fixed I will have to go for the "high-end TP-Link" which I think is an oxymoron. Then again realistically I only need 30Mbit out of this solution this year.

[pbix]

I tried to connect to your router but just got a timeout on connecting. It would be interesting to see if you can make it work.

That is the new functionality in 1.5.4, right?

I can recommend either v1.5.4 or v1.5.5 to you

It would be very interesting to see Gargoyle working on such a large LAN. In reality Gargoyle can handle only up to 250 connections because it manages only one subnet. I have no way myself to test such a thing.

Most high end routers I have seen run Linux as well so I suspect there is no reason it cannot work up to 250 IP addresses. You just need to make sure you have enough RAM to support the connections you need and the CPU to support the bandwidth you have.

Too bad about your WNDR3700 because a v1 or v2 would have been a good router. I have a Buffalo WZR-HP-G300NH which would also be a good choice if you can get it. How about the WNDR3800 can you get that? We have Ebay here in the USA so we can get most any router used so not usually a problem to find one that will work.

[bawjkt]

re connecting...try again
http://118.137.159.69:8443

We've been connection from open Internet from different points around this country today/tonight and I did try it through my 3G connection on my phone prior to posting to make sure it works. It's possible it's an Int'l issue but I doubt it.

Any version worries on the 3800? I was vexed to take delivery of a 3700v3 when wither a v1 or v2 would have been adequate.

Appreciate the info re 250 connections; that helps me slot this product

[pbix]

I was able to connect to your router and spend a few minutes looking at it. Its interesting to see another design.

I noted that the NetEqualizer is using Linux v2.6 which is what Gargoyle is using so the base OS is the same. The NetEq has an Intel Atom N270 1.6Mhz processor and 2GB of RAM. This compares to the WDNR3800 which has 680Mhz Atheros processor and 128MB of RAM. Your NetEq is well endowed with hardware compared to the WDNR3800.

Looking at the screens they look pretty basic with not a lot of flexibility. There does not seem to be much you can really do from them. Of course since you have Linux underneath there is a lot that can be done with custom scripts but that is complex.

I do not see any DHCP setup on these screens. Am I missing something? How many clients can this router support?

So we shall see but I still like Gargoyle's chances of providing a superior solution based on it better software system and adequate hardware.

[bawjkt]

Looking at the screens they look pretty basic with not a lot of flexibility. There does not seem to be much you can really do from them. Of course since you have Linux underneath there is a lot that can be done with custom scripts but that is complex.

Yes, intentionally. This is a product where the the QOS functionality is already done and does not need any thinking to set up. Just enter basic upload and download values and step back.

There are half a dozen levers that you can adjust but it is designed to equalize well based on just those UL/DL values. There is a whole world of scripting also I think I will stay away from.

I do not see any DHCP setup on these screens. Am I missing something? How many clients can this router support?

It isn't a router. It's a bridge. And importantly, it does nothing as long as the link is under 85% utilization. Everything moves at wire speed as long as capacity is there. It watches but does nothing as long as there is headroom on the link.

All flows under 96Kbit *always* move without any penalty. Even if the link is at 90%. When the link is over 85%, any connection moving over 96Kbit gets penalized to maintain headroom on the link. Typically YouTube, large attachments, OS updates. To protect Skype sessions and other low-bandwidth needs.

http://www.youtube.com/watch?v=6uqcUCp-53Q

Cool view of connections on network. Unfortunately not supplied with unit; expected to build it oneself following guide. Knowledge of Visual Basic and Excel scripting required. They were nice enough to send the template; I may have the skills to modify it. May. May not also.

Quite keen to try Gargoyle. Mired in return unpleasantness at moment. There are 3 models that work with Gargoyle: 3700 V1, 3700 V2, and 3800.

Local vendor promised 3700 V1 and delivered 3700 v3, the only one out of 4 that would not work. Fixing it. Not a Netgear-friendly country.

How many clients can this router support?

This bridge, at the 50 Mbit level, $1,400 not the $999 10Mbit model, can support recommended 350 users. Most NetEqs are bigger than this; these Lites are new.

http://www.netequalizer.com/files/data_ ... _Sheet.pdf

if you want to see details.

[kurjak]

Does gargoyle split number of connections (specified in max connections limit) equaly between clients?

[pbix]

No, Gargoyle splits bandwidth not connections.