Research And Implementation Of P2P Traffic Control Based On QoS Bandwidth Management

Nowadays, with the rapid development of Internet, more and more critical applications of various organizations, e.g. enterprises and schools, depend on the Internet, but a majority of bandwidth is occupied by those network applications far away from the normal transactions. These facts lead to a long response time of critical applications and harm the network performance severely. In particular, the network applications became more complex lately, for example, P2P softwares for download and file transfer, taking bandwidth resources unlimited. These softwares use dynamic ports and masquerade its traffics as HTTP traffics, which makes them hard to be identified by the firewalls, routers and other filtering machines.Traditional packet filtering firewalls generally work at layer 2, 3 or 4 of the OSI architecture, based on the source/destination IP addresses, MAC addresses or TCP/UDP port numbers in the packet headers. Thus, they are unable to identify the P2P download traffics for their incapability of application layer data analysis.This paper presents a method of P2P traffic identification and control based on Netfilter connection tracking mechanism in Linux firewall architecture. Connection tracking system is in charge of tracking all the connections and judging to which connection every packet is related. Through extending the Netfilter/Iptables framework, the identification of P2P connection according to the application layer data is achieved and through some appropriate firewall filter rules, the P2P traffic management could also succeeds. This method could totally prohibit undesirable P2P traffic, and as well could restrict P2P bandwidth usage together with Linux QoS tools. Thus, the network resources could be alleviated and the performance be enhanced largely.This P2P traffic control system based on application layer analysis technology, could prohibit P2P download, and also could restrict the P2P download traffic to a predefined scope using Linux traffic control mechanism. In conclusion, this paper provides a very good solution for the monitor or control of P2P download in an internal network environment.