[kwlug-disc] Slow OpenVPN on Rogers?
unsolicited at swiz.ca
Sat Jun 18 06:25:21 EDT 2011
Paul Nijjar wrote, On 06/18/2011 2:24 AM:
> On Sat, Jun 18, 2011 at 02:00:29AM -0400, William Rieck wrote:
>> Rogers statement is here, point number three, that other applications may be
>> impacted when there are P2P sharing applications are running on your
> That's helpful, thanks.
> Also, the statement in point 5 that "Rogers does not look at content.
> Our traffic management is not used to identify content: it identifies
> only the type of traffic." is demonstrably false. Here is a snippet
> they gave us when they shut us down for having an IRC bot on our
> Times are in GMT.
> [2009-04-22 14:50:11][188.8.131.52:59609] CONNECT 6669
> [2009-04-22 14:50:11][184.108.40.206:59609:6669] PASS dci
> [2009-04-22 14:50:12][220.127.116.11:59609:6669] NICK [SNiFFER]prewya
> [2009-04-22 14:50:12][18.104.22.168:59609:6669] USER thmcft ""
> "dvo" :thmcft
> [2009-04-22 14:50:12][[SNiFFER]prewya!thmcft at 22.214.171.124:59609:6669]
> ??hackz?? loser
> Sounds to me like listing usernames and IRC channels is an example of
> looking inside content. The type of the traffic is IRC traffic. The
> content helps identify it as an IRC bot.
I too came across this page recently.
Paul - I'm not entirely certain that this is the page that applies to
you. The page I read, and this looks very much like it (or perhaps it
was some page I read in and around that time), indicated that outgoing
mail was restricted to going by their servers only (smtp/25). Since
you're on business Roger's, and, I would hope, not restricted to their
port 25 - is it possible there are different pages / policies
depending upon whether you're a residential or a business customer?
(As a residential Roger's internet customer, I definitely can't go
anywhere but Roger's, on port 25.)
On a side note: I don't remember your (Working Centre) policies for
certain, but I assume you are not specifically 'mandated' to use
Rogers. I'm guessing you are mandated to use cable? If that is
correct, is TekSavvy or Acanac cable an option for you? [Reading DSL
Reports, I am struck by any complaints being mostly from
non-technically aware clients and/or a failure to accept that poor
installation technician performance by the copper provider - Rogers or
Bell - is a fact of life of using them.] TekSavvy has said to me they
do have to use at least a portion of Roger's network, so are impacted
by Roger's policies. Acanac is a CLEC, so if they are colocated at the
other end of the Roger's cable from you - is this a potential path for
you to stop having to deal with the nonsense you go through?
At the time I was running into these Roger's policy pages, 2 things
seemed pretty clear: (1) P2P uploads was limited to a max of 80kbps -
so all of your incoming traffic should be arriving full speed. (2)
There is no clear definition of just what 'P2P traffic' is [so if you
could figure out what traffic they are trapping as P2P, and rate limit
it to, say, 70 kbps, your irc would get through], and in the presence
of P2P traffic, other traffic may get caught up in the limiting. (As
you appear to be experiencing.)
Also, in the blurbs I saw about other traffic being caught up,
instructions were to make sure all P2P traffic had ceased for at least
10 minutes - at which point the other traffic being caught should be
able to proceed at full speed. Sadly, that has not been my experience.
As far as I know, any encrypted traffic (non-443?) gets caught up. It
can be weeks since I P2P'ed a Kubuntu distro, for example, and my ssh
is still dog slow. So, it is my impression that encryption = P2P in
Any chance blocking any outgoing traffic on the well known bittorrent
ports produces useful results?
If you are only being impacted in certain ways/users, is using a proxy
a route for you? (SDF?)
Surely the person who sent you the logs can point you towards, with
certainty, the specific policy pages that apply to you. (If it's not
http://www.rogers.com/web/content/network_management?) They won't tell
you what 'P2P traffic is' I don't expect - if that information got out
to the wild, workarounds would appear quickly thereafter.
This thread may be of interest to you too - apparently even
single-line MLPP gets around Bell traffic management, and MLPP for
cable is soon to be released. However, I haven't seen any confirmation
that MLPP, single or any other line, gets around Roger's practices.
http://www.dslreports.com/forum/r25676188-cable-internet - just go to
the bottom post.
More information about the kwlug-disc