Hi,
I work in one ISP that serves a university campus connected on a LAN, apart
from many other customers. We have a congested internet access link, thanks to
the student community. Because of this, customers as well as the university
faculty are complaining of poor throughputs. One of the professors suggested
that faculty should be given a better bandwidth by imposing some kind of
traffic control on the student traffic. In this regard I plan to implement the
following idea.
I will be happy to receive your feedback.
Thanks for patiently reading my rather big mail. Hope I could express my idea
clearly, and pardon me if this is not the appropriate mailing list. Thought
this might be of interest to you all!
Regards
Anand
----------------------------------------------------------------------------
1. Put a Linux box in the path of the traffic just before it hits the access
router. After coming up with some packet classification scheme, control the
rates using Linux TC.
2. I have observed that packet classification based on pre-registered static
IP addresses has many difficulties. These include,
i) Faculty are forced to use the machine they have registered. Maintenance
of static addresses can be painful because whenever they migrate to
another machine, or operate from a different Lab the IP address is going
to change.
ii) Static addressing will not work when DHCP is used
iii) Students tend to "mis-use" faculty's machine in their absence by using
masquerading/login mechanisms
iv) In the long run, there will be many unused stale IP addresses clogging
the classifier table which can potentially be exploited
3. To combat the fore mentioned issues, I am thinking of coming up with
dynamic access lists with user authentication. There will be a notion of
"soft session" in the system. It is expected to work as follows.
- The faculty will initially register themselves with a server by giving
password
- Whenever he/she wants to access network, they will create "soft session"
by means of authentication by the server. This can happen in the browser
environment. During the authentication process, the faculty machine's IP
address is obtained and passed onto the Linux box that is running TC
- Linux box will update the faculty-classifier dynamically
4. After done with net access the faculty is expected to logout of the session.
The logging out process accordingly removes the entry in the Linux TC.
- In case the logout is not done explicitly, as it can happen with
pre-occupied professors :), a timeout mechanism can be built into the
system which will automatically purges the IP address of the idle session
I have not mentioned the nitty-gritty details because I wanted to know if
the basic idea is fine.
|