Rate Limiting BANDWIDTH MANAGEMENT IMPLEMENTATION

Managing Internet Bandwidth: Experience in Faculty of Industrial Technology, Islamic University of Indonesia – Mukhammad Andri Setiawan ISSN 1858-1633 2005 ICTS 39 used on the Web, and can provide bandwidth savings of up to 40 [1]. After the initial download of the resource the users do not have to compete for bandwidth on what is likely to be a slow and congested external network path. Instead, users will get a copy of the resource delivered rapidly to them from a local cache server over what will normally be a much faster and less heavily loaded internal institutional network connection. A hierarchy of caches may be used to increase the effective cache size and thus improve the hit rate. Push caching attempts to place content in a cache before it is requested, either by looking at other caches, or by predicting usage. Some of these techniques are discussed by Dias 1996 in his research paper in title “A Smart Internet Caching System” as described in [1]. In Faculty of Industrial Technology, Islamic University of Indonesia, we do serve the Internet access by using the Squid proxy server. Squid proxy server is used to cache web pages that have been accessed recently. Squid is implemented as a transparent proxy at the central cache server, therefore, users are automatically served by the proxy for all web access without any browser configuration.

4.2 Access List

Faculty of Industrial Technology is an academic institution. We realize that, most of Internet access should be addressed into academic needs, and should not intended to fulfill needs on leisure such as networking games, peer to peer program such as napster, e donkey, grokster, or bit torrent, and adults sites, and ads. Here, we define access lists that will control user, which site they can visit and which one is not. We also combine access list and firewall in PC router to disable some common port that is used to run some spyware program. Figure 2 show access list that is implemented in our server. acl notsex url_regex -i etcsquidnotsex acl sex url_regex -i etcsquidsex acl utara src 192.168.100.024 acl ftinetwork dst 202.150.76.20029 http_access always_direct allow ftinetwork http_access allow notsex all http_access deny sex all http_access allow utara Figure 2. Access list configuration file As a result, users who try to access site that is prohibited in our access list will get an error message.

4.3 Quality of Service QoS

To provide a good link connection, sometimes a network manager may wish to offer different levels of service for different subsets of the traffic passing over the infrastructure. The QoS technologies allow the manager to do this. The service levels that QoS deals with include dedicated bandwidth, reduced packet loss, controllable amounts of jitter and latency and ensure that particular traffic flows do not swamp the network and drown out other flows. These facilities can help ensure that critical traffic is delivered more reliably [2]. The QoS systems operate only in real-time, in response to the traffic. They do not generally attempt to manage traffic over a longer term. Also, QoS systems normally operate in an environment where the total bandwidth requirement of high-priority traffic is less than the available bandwidth. If high-priority traffic approaches or exceeds the available bandwidth, performance degrades rapidly [1]. To make use of QoS, packets in flow need to be identified, classified and then marked. The identification and classification of packets is performed as described above for traffic shaping, either by source, destination and ports or by using application level probing into the packet contents [2]. In Faculty of Industrial Technology, we manage QoS especially at wireless networking. As we provided free hotspot areas, we must provide a guarantee that the academic staffs still have a good link quality even a numerous wireless user is connecting to our hotspot areas. We provide QoS well so that our bandwidth doesn’t run out quickly because of the use of WiFi devices in our free hotspot areas. The objective of much work on Quality of Service QoS is to provide desired levels of throughput, delay, etc. in the face of unreliable networks and congestion. In wireless networking especially for the free hotspot areas, we provide a low priority to all services, including HTTP, FTP, POP3, SMTP and a few ports that commonly used in Internet. It means that all services will be treated as a lower level priority if there are other activities that is using those services but not using the free hotspot connections. If the priority is set to lower, a lower speed will impact; hence our bandwidth isn’t grabbed out by wireless connections. The free hotspot areas will have its high priority back if the other connection is not using those services.

4.4 Rate Limiting

It is very often that the amount of traffic wanting to use a network link of Internet far exceeds the available capacity of the link. Rate limiting techniques are designed to force some request to reduce their demands for bandwidth based on the protocol, network interface or user involved. Traffic shaping on the other hand aims to spread out the demand for bandwidth and ensure that the most efficient use is made of the available bandwidth. Both of these help to either reduce the required bandwidth to within the Information and Communication Technology Seminar, Vol. 1 No. 1, August 2005 ISSN 1858-1633 2005 ICTS 40 available capacity or to give competing traffic a chance of using the link. We implement this techniques using squid delay pool and reply_body_max_size configuration. Below is our Delay pool configuration in Squid Configuration file which is located in etcsquidsquid.conf as shown in Figure 3. reply_body_max_size 8000000 allow all acl magic_words1 url_regex -i 192.168.100 202.150.76 66.179.235 192.168.1 cisco .pdf netacad uii acl magic_words2 url_regex -i ftp .mp3 .vqf .tar.gz .gz .rpm .exe .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .tar.bz2 .bz2 delay_pools 2 delay_class 1 2 delay_parameters 1 -1-1 -1-1 delay_access 1 allow magic_words1 delay_class 2 2 delay_parameters 2 50005000 5000120000 delay_access 2 allow magic_words2 Figure 3. Delay pool configuration File The configuration above shows us, that a user can only download file not more than 8000000 bytes approximately 7800 Kbytes. We prevent user to download a huge file, by doing this, it is expected that bandwidth is not run out quickly. We also create a rate limiting management by using delay pool. Conceptually, delay pools are bandwidth limitations – “pools” of bandwidth that drain out as people browse the Web, and fill up at rate we specify – this can be thought of as leaky bucket that is continually being filled. Delay behavior is selected by ACLs low and high priority traffic, staff vs students or student vs authenticated student or so on [4]. Above parameters create two delay pools. Each delay pool is class 2 which is suitable for aggregate and individual access, so that we can control each client. The first delay pool is initiated to provide a maximum capacity of Internet bandwidth to serve client, it is useful when user try to connect to local area network begin with IP address 192.168.100, connect to site that contain UII means every site that contain UII – Universitas Islam Indonesia – Islamic University of Indonesia, then to download some PDF and DOC file, that usually is needed by academic activities. The second delay pool is initiated to limit the use of bandwidth capacity by limiting each user to download at maximum rate 5000 bytes 40 kbps as an aggregate maximum download of each client, and down the rate of download speed after opening some web pages if the total amount of download exceeds 120000 bytes.

5. RESULT