P2P traffic monitoring and analysis
1, P2P basic concepts
P2P (Peer-to-Peer) network is a peer computing technology, which utilizes the processing capabilities of the client,
Achieve point to point network communications. In P2P network environment, millions of computers are connected to each other in a peer status, the network generally does not rely on a dedicated centralized server, each computer in the network can not only act as a network server, but also to other computer respond to a request to provide resources and services.
P2P technology allows data stored in the dispersed plurality of nodes, rather than stored on a dedicated server may be a special terminals, such as set-top boxes, PDA, sensors, etc., may also be used in gene database searches and password cracking, etc. require large-scale computing power Applications. P2P widely used, not only for the people most familiar with P2P file sharing and downloading, online streaming media player, can be used for data storage, real-time communication, collaborative work environment, P2P application layer multicast, P2P search technology.
2, regulatory analysis P2P traffic
2.1 P2P traffic characteristics and hazards
P2P traffic is characterized by the following: (1) a fixed flow rate characteristics. Most P2P traffic has a relatively fixed features, such as a fixed port number with a particular keyword or binary string or strings, which brings convenience to some extent as P2P traffic monitoring technology. (2) the amount of data currently popular P2P application is mainly file downloads, streaming media, and download the file type is mainly large files of audio, video, etc., when users download or online viewing will generate a lot of data. Broadband is occupied by a large number of P2P applications, affecting the normal user's connection speed. Download required (3) large files online has been a long time, regardless of time so the user can perform high-speed P2P download, likely to cause link congestion Bureau peak periods. (4) substantially symmetrical upstream and downstream traffic different from the conventional service, P2P applications substantially symmetric uplink and downlink traffic, and even greater than the upstream traffic downstream traffic. P2P users to download high-rate entertainment audio and video files, consume large amounts of bandwidth. P2P applications accounted for 60% -80% of the network bandwidth, the remaining bandwidth left only non P2P users, this traditional asymmetric downlink possible support device had an impact on the network performance is likely to cause the same uplink congestion. (5) security mechanism P2P software allows a single user P2P networks end to end transmission through sharing of any content, easy to bring viruses, worms or other malicious code between them, it is likely to cause personal or corporate leaks.
2.2 P2P traffic policing difficulties
P2P traffic policing difficulties mainly in the following three points:
(1) P2P traffic recognition reasonable
P2P traffic reasonable and effective identification should include the following: a first feature, the P2P traffic must have good properties distinguishable; second, identify P2P traffic and throughout the overlay network, so that it may be made based on the new model and active defense mechanisms. There are many P2P uses a dynamic port, an increase of P2P traffic identification difficult. How to identify new traffic model, rather than stay in some fixed identification method to better identification and monitoring of P2P traffic, it is the focus of P2P traffic management is difficult.
The rapid development (2) P2P applications
P2P application development in recent years from simple to complex, from lower to higher. Network structure also experienced by the control center to the fully distributed change. From the early use of readily detectable, easy to manage a fixed port number. Progressive development to disguise using HTTP, encryption, and other transport block having a sense of anti-reconnaissance, to evade detection and identification. How for the rapid development of P2P applications, based on its constant transmission characteristics to establish the appropriate model, put forward a new theoretical framework is now a more challenging problem.
(3) Data acquisition and analysis
To P2P traffic management must be addressed online traffic detection problem. How to design efficient implementation of online rapid detection and filtering to be a problem. Meanwhile, limited storage and processing capabilities of network equipment, in order to save resources, the algorithm needs to adapt to the dynamic changes in network traffic, the maximum amount of information, the effect of filtering the maximum can be detected. This involves two key elements: high-speed data processing and preclude the collection of massive data analysis and processing.
2.3 P2P traffic management steps
P2P traffic effectively manage, protect network utilization efficiency, avoid bottlenecks in the network blocked, mainly in the following five steps:
(1) the identification and classification: The source domain, the target domain, application type, protocol, and application features other applications, to identify and classify the data stream. Protocol analysis engine not only for static port, IP address, etc. for analysis, but more deeply into the seventh layer of the OSI network model to classify the application layer information for a variety of applications for precise positioning.
(2) Control: according to administrator requirements, precisely to user-defined bandwidth policies. Use for the user, it is possible to protect the majority of users of the resource; corresponding bandwidth allocation levels used, and the maximum bandwidth applications, the minimum guaranteed bandwidth and other parameters, effectively ensure the application-specific definition of the user's applications, limits non-critical applications, such as P2P, . Amount of control information can be simultaneously active inbound and outbound, to avoid blocking, preventing unnecessary packet discard, to secure the smooth flow maximizes throughput.
(3) analysis: The analysis of the current status of network efficiency, then classified to collect information, to generate bandwidth utilization, response time, and other data, optimization parameters by analyzing the data.
(4) Adjustment: adjust the parameters according to the analysis program generated intelligently adjust the current treatment strategies to achieve network optimization.
Report: According to user needs, providing detailed reports of network operation, regularly generate statistical analysis reports and optimization strategy to provide system logs, complete system alarm information.
3, P2P traffic control method
Currently Internet P2P traffic control There are two main technologies: direct the flow control path connected in series, the bypass interference control. Flow control generally straight road concatenated in series directly to the P2P traffic monitoring network link, the basis for classification of the various types of application traffic on a link on the strip, can be easily implemented for different types of traffic types and the implementation of flexible traffic management and control strategies, providing different business Q0S priority. The advantage of this method is straight road traffic shaping tandem flow control, sliding window, the token bucket, and bandwidth rate limiting and other methods may be employed to ensure a smooth control P2P traffic; implemented μs stage optical path through the passive protection fast switching fault protection. The problem is that all of the network traffic to go through the process for forwarding device, easy to bring additional delays, quality problems caused by network services. Further, since the detection device must be deployed to the true path of network traffic, it is possible to form a processing bottleneck and single point of failure; Straight forward tandem configuration and processing performance requirements are high equipment.
Bypass mode mainly interference control packet interception camouflage packets disguised interference communication is sent to the TCP / UDP connection, the data transfer rate by reducing or disconnect the connection in order to achieve flow control.
Since the P2P data transmission may use TCP or UDP mode, thus bypassing the flow control method of controlling interference are: TCP truncated by forging and send a TCP RST packet to truncate the TCP connection; TCP deceleration, and forged by sending a special packet sequence to reduce the value of the TCP sliding window; UDP cut, by forging a special control command mode and transmits P2P application layer truncated UDP connections; UDP deceleration, to reduce the transmission rate and UDP connections by forging a special control command transmitting mode P2P application layer . The advantage of this method is the use of a bypass (spectral or mirror) traffic analysis mode, to avoid the device directly connected in series on the link, to avoid any impact on the existing network performance. And it may also be linked through the same Radius server, to Q0S accurate traffic management for a single user, and the like. The disadvantage is the need to introduce the spectral image device or a switching device, and take up the access port of a switching device for interference circuit; As a result of transmitting pseudo packets split interference chained, for controlling the flow jagged fluctuations affect the network performance.