The following is a real life case study Network problem reported in the "Club Tech Networking Newsletter".
Jason Poley is a network guru with The County of Santa Barbara, in Santa Barbara, CA. ****************************************************************************************
Jason had a problem with one of their several upstream Internet feeds constantly running at full inbound utilization. No amount of load balancing seemed to help -- even shifting all inbound traffic to other interfaces via BGP prefixing (a technique described in the excellent O'Reilly Press book "BGP," http://www.oreilly.com/catalog/bgp ) didn't work. A continuous stream of port-80 Web traffic was still inbound to numerous destination addresses within the County's network.
The traffic originated from the Class C IP block 205.252.48.0, which turns out to belong to Speedera.Net, a streaming media content delivery service. "Visiting Speedera's Web site gave us no clue about the content involved, so I had to investigate further to isolate the problem." Contacting Speedera by phone did not help either -- Speedera claims they lack the technical means to determine what streams are in progress to a particular destination. So Jason found the problem the old fashioned way, by actually walking over to a user having one of the destination IP addresses. (I know this sounds like a rash move, but there is simply no SNMP probe for this.)
What Jason found is something that likely affects many other networks, and hence other Club Tech Networking Tips readers. It turns out that users were listening to the streaming media that Microsoft features under the "Media" button at the top of every Internet Explorer window. This button leads to a jungle of Internet radio sites, many of which are delivered by Speedera, perhaps on Microsoft's behalf.
Streaming traffic, like hydrogen and work, tends to fill the space allotted. When Jason moved competing traffic off the affected link, the multiple audio streams adapted by consuming more bandwidth. The only limiting factor is the size of the Internet conduit.
Speedera happens to be directly connected to one of the County's upstream providers, so its traffic never actually passed over the Internet itself, but came directly over that provider's network. Thus BGP load balancing, which influences traffic on the Internet backbone, had no effect. Because the traffic rides on TCP/IP port 80, it readily passes through firewalls and is virtually indistinguishable from ordinary Web traffic.
Jason's temporary fix is to ask their users to stop running streaming audio until appropriate rate limiting can be put in place. You should check for traffic with a 205.252.48.x source address as well -- it's quite possible that your users have also found Microsoft's handy "Media" button and are sucking the life out of your Internet feed.
Note that ordinary rate limiting, such as that built into routers and switches, won't work on this traffic without also affecting the HTTP traffic it mimics. You need a content-inspecting rate limiting device, such as Packeteer's products ( http://www.packeteer.com ).
***************************************************************************************
------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
