Enabling Bittorrent at the University Level?

Sorthum asks: "I'm a network administrator for a small university (approximately 5000 students all told). We're running NAT in the dorms, which obviously restricts BitTorrent traffic. We do an annual student survey, on which 'Residential Network' is listed as the number 2 complaint. This translates more or less into 'Bittorrent is slow here.' My boss is in a frenzy to appease the users at virtually any cost, but it seems to me from my research that the only real way to improve Bittorrent speeds is to start assigning public IPs to the dorms. Add to that the potential liability of making a service that by most reports has upward of 90% of its traffic fall into a 'legally questionable' gray area, how can I win in this situation?"

You have to decide what's important

[daveschroeder]

BitTorrent, like any other technology, protocol, or tool, can be used for things that are legal, illegal, or questionable in various jurisdictions. Are you prepared to continue quashing a protocol or service simply because it may be abused?

On the other hand, almost all (or at least a great deal) of the BitTorremt traffic may be currently used for sharing copyrighted materials. We all know that to be the case. Is it responsible to open up the pipes for what you know is almost exclusively illegitimate usage, within the context of the law (regardless of how you or anyone else feels about copyright infringement, and so on)?

On yet another hand, what happens if BitTorrent usage becomes largely legitimate because some large legitimate service begins using it? (And yes, to those reading this, I'm more than aware BitTorrent is used for a variety of legitimate large downloads.) In that event, can you afford to continue treating any protocol or service as if it's illegitimate, just because some level of it is now?

During the heyday of Napster (1999-2000), UW-Madison estimated that Napster accounted for over half [wisc.edu] (!) of our inbound and outbound traffic. There was a lot of talk about how to deal with this. Ultimately, UW-Madison decided that as a large public research university, we can't afford to police a particular kind of traffic wholesale: any network protocol can be abused, used for illegal purposes, and so on. We felt that the academic arguments and responding to usage demands of the campus trumped making judgment calls about the appropriateness of the use. Granted, the appropriate use policy [wisc.edu] of the university forbade some of the things people were using the network for, but we didn't actively police (or restrict) traffic. In the end, this provided the university with the impetus to examine ways of meeting increased demand and come up with novel solutions to our neverending bandwidth needs. One interesting example is that we now locally host a collection of Akamai's servers on our own network, which serves UW-Madison, the 25 other UW System Schools, and WiscNet. However, some of the smaller schools couldn't afford to make those same determinations: they either restricted or blocked Napster (and other things, like Gnutella) completely.

Today, the university does shape and restrict traffic [wisc.edu] to the residence halls in various ways; but it's designed to do so in a way such that users almost always won't notice any impact and allows equal access for all. All of our residence halls feature 100mbit ethernet, and that full pipe may be taken advantage of. Some users do use the network for inappropriate purposes, and those cases are dealt with individually when needed. Still, there is no proactive policing unless there are clear abuse/misuse issues. For what it's worth, BitTorrent (and all other protocols) are fully usable here.

If you can afford it, politically and financially, I'd say you should be looking into opening this up. The school does not bear responsibility for the actions of its users unless there is a lack of good faith attempts to stop abuse when requested by, e.g., copyright holders. There always is the argument of customer satisfaction, as well, that must be responded to - whether some students' use is appropriate or not.

Re:

[aitikin]

I am currently attending a university where they shape traffic. I have been here for as long as the shaping system has been in place and I have heard nothing but complaints. Granted, the university implemented CleanAccess as well, but most of the complaints seem to be related to the shaping and I don't work in ITS, so this is all just what I have picked up from living here. The most common complaint seems to be how slow the network is period, not just for P2P purposes. I can't even connect to the comple

Re:

[daveschroeder]

Our restrictions for the residence halls really just come down to bandwidth restrictions.

Residents get 5GB/week off-campus (unlimited on-campus). If they go over this limit, their off-campus connectivity speed is reduced until their traffic usage goes below a 4GB for the previous 7 day period. Campus traffic is never affected.

We haven't had any complaints about usability of the residence hall connections. All other connections on campus (non-residence halls) are generally unrestricted, and almost all are 10

Re:

[Thalagyrt]

5 GB is absolutely nothing these days. It'd make more sense to have it something along the lines of 10 or 15 GB. Either way, I personally think that capping student downloads is pretty braindead. There are much better ways to deal with misbehaving students automatically on a case by case basis.

I'm an admin at University of Miami and we have no bandwidth usage policy, and you know what? We don't hear a single complaint from students about speed. If someone does something against the AUP, either our firewall

Re:

[Orion_]

Residents get 5GB/week off-campus (unlimited on-campus). If they go over this limit, their off-campus connectivity speed is reduced until their traffic usage goes below a 4GB for the previous 7 day period.

I would disagree that 5GB/week is really enough, but aside from that, I consider this a perfectly reasonable policy.

The problem is that the AUP you linked to flatly contradicts the bandwidth limitation policy as you described it. The real policy is that what you describe only happens the first time the 5GB

Re:

[commanderfoxtrot]

May I ask what you do with over 5GB?

How many Linux distributions can you download and USE in one day?

While I could certainly download tens of GBs, I wouldn't be able to actually use it. There aren't enough hours in the day to more than boot the 10 or so distributions that would make up 5GB. I have better things to do. And I would hope that most students at a university are similar.

Now, there will be exceptions (e.g. freely available census/seismic/GIS data), but most uses of >5GB are not urgent and I

Re:

[Schraegstrichpunkt]

May I ask what you do with over 5GB?

I routinely use 20-30 GB/month, and that's when I don't use BitTorrent. 5 GB/week would keep me pretty much perpetually bandwidth-limited.

How many Linux distributions can you download and USE in one day?

The last Debian release alone was 8.5 GB [kernel.org], and that's only for i386. Source code is another 8.8 GB [kernel.org]. (These links are for reference only, if you want to download Debian CD/DVDs, go here [debian.org] to avoid flooding the kernel.org mirror.)

On top of that, you'll probably want

Re:

[Ryan Amos]

Most large public universities host mirrors of the major linux distros somewhere on campus. Besides, it's faster to grab it over 100 mbit ethernet from a machine on campus than it is to download from a kernel.org mirror.

Re:

[drsmithy]

Residents get 5GB/week off-campus (unlimited on-campus). If they go over this limit, their off-campus connectivity speed is reduced until their traffic usage goes below a 4GB for the previous 7 day period. Campus traffic is never affected.

In principle this system sounds fair, but I can think of at least one improvement...

5G external is (more than) enough for education-related traffic (assuming you have decent internal mirrors), but you should have a system where students are allow to pay an additional (re

Limit how?

[khasim]

It all depends upon how you limit the bandwidth.

#1. Shrink the individual pipes to total_bandwidth/number_of_students? So you always get sucky performance?

#2. Cap the daily/weekly/monthly download/upload? So you get sucky performance during the first half of that period, but great performance once everyone else has hit their caps. And what happens when you have a legit need to go to a site after you've hit your cap?

#3. Do it like Frame Relay where you can "burst" to the available bandwidth? But if everyone

Re:

[ZachPruckowski]

#2 doesn't work. Here at UVA, on-campus dorms has a 750 MB limit per day. You violate that three times in two weeks and you get capped to 56k for a few days. Do it again and it's a few weeks, and a third time and it's the rest of the semester. But everyone knows that all you have to do is find a wireless router not in use (in an empty library or in a classroom) and you circumvent that dorm-room limit. It's useful when downloading a Linux distro or legal content.

Re:

[sniop1]

Here at my university, in the dorms connections have a 24 hour rolling bandwidth quota (updated hourly) of 750mb off campus traffic, which is sufficient for the overwhelming majority of users. Connections are not speed limited up to 750mb of traffic. After the 750mb has been reached, the user is placed into a "Class B" tier of service where connections are limited to 128kbit per flow. If the traffic exceeds 1gb per 24 hour period, users are moved into "Class C" service, which is 512kbit pool for all users i

Re:

[Deliveranc3]

Begin Linux Distro download, see 5k speed go to class, see cap totally breached.

Some files are bigger than your caps, and the user has little control.

Personally I don't like caps and instituting them seems like a waste of resources that could be better spent on faster connections.

Re:

[buysse]

Excellent troll, good sir! <applause />

Well, this worked for me...

[JimXugle]

UPnP [wikipedia.org].

UPnP?

[avalys]

I know on small, home networks, many routers now support the Internet Gateway Device (UGD) protocol of UPnP, which allows dynamic configuration of port-forwarding for applications running through NAT. I'm not sure how well-suited the protocol is for large networks, but perhaps that's something you could consider?

http://en.wikipedia.org/wiki/Internet_Gateway_Devi ce [wikipedia.org]

Re:

[ldspartan]

I don't believe there are any Industrial Strength(tm) routers that support UPnP; I don't even think there's a decent daemon for the *ixs.

Plus, its a scary idea. A protocol to poke arbitrary holes in firewalls? Brilliant!

Re:

[Karma Farmer]

NAT != Firewall

Re:

[jZnat]

But since this is a university, we can probably assume that the NAT and firewall are on the same router(s).

Leave it

[Vokbain]

They should be glad BitTorrent works at all. Students can wait a little while longer to steal movies/games/whatever.

Re:

[Cheapy]

Or download a Linux distro like I just did at my UW-Madison dorm.

Re:Leave it

[zippthorne]

If they mirror the linux distro, it'll download even faster. Perhaps they should figure out what students are downloading most (i.e. linux distros, game patches, movies that are in the public domain.. and keep local copies of those things. Once they learn of its existance, students will pretty much always go to the local cache for it's much much greater bandwidth and far lower latency.

They could even use mediawiki to allow the students to take some control of the cache.

Re:

[Sorthum]

I should have probably mentioned that this is a liberal arts school-- the vast majority of students aren't here for compsci. I've met ONE student who runs Linux during my tenure here, and I'm even willing to host a local mirror of any distro our students request.

Re:

[ednopantz]

Wow.

Do you really believe bittorrent is mainly about inux distros, game patches, movies that are in the public domain?

If so, welcome to Earth. You must be new here.

Re:

[zippthorne]

Of course not, but if the network admins take care of the legal bandwidth hogs by mirroring, the students can hardly complain if the connection turns out to be insufficient for their illegal interests.

Re:

[jb.hl.com]

Mod parent funsightful (funny with some insightfulness...I dunno, I might as well invent a new moderation).

If you think all college students are going to download over BitTorrent is shit from Archive.org and/or Debian, you're more than a little deluded.

Your fucked

[bernywork]

1) Implement public IPs and face the consequences, namely either knock on issues of them hammering your internet pipe, or as you said the otherwise potential legal issues surrounding it.
2) There was an article a little while back on rate shaping

You do have to question why the network is really there. Maybe you just need to tell your boss to get a grip.

I hate to say it, but does bittorrent (For non-uni use) really fall into the "supported" category? I know it's going to be something that everyone is going to try to find a way around as most uni networks have pretty good internet connections, but on a large scale like this you have to get an official statement from your boss as to say whether it's supported or not.

Sorry I can't give you better news.

Re:

[brunes69]

You do have to question why the network is really there. Maybe you just need to tell your boss to get a grip.

I hate to say it, but does bittorrent (For non-uni use) really fall into the "supported" category?

I don't know if you've ever been to a University before (and if so if you've ever stayed in a dorm), but you've got to rememebr for most of these kids, the Internet pipe that comes with their dorm is *their only option*. Lots of caompuses do not let students get their own DSL/Cable installed in thei

Are you sure that you're paying?

[toddbu]

That said, you also gotta remember, these kids *are payig for* that dormroom Internet

Well, yes and no. If the university has a clear $50/month charge on the bill then I'd say yes. I'm not sure all of them do though. If students really want ISP level internet access then they'd better be willing to pay for it, but I'm not sure that just because you're paying several thousand per year for tuition means that you get top-rate internet service. I really don't see internet access any different than dorm, fo

has *nothing* to do with tuition.

[brunes69]

Dorm fees have *nothing* to do with tution. Student's don't subsidize other students' housing, they are piad by dorm fees. It's akin to rent.

And when that rent lists "high speed internet included" as an option, and on top of that you are not allowed to procure your own alternative internet access, that Internet access should be as unencumbered as is reasonable.

Re:

[toddbu]

Dorm fees have *nothing* to do with tution. Student's don't subsidize other students' housing, they are piad by dorm fees. It's akin to rent.

Sorry if I wasn't clear. I wasn't trying to argue that they were linked. I know because I just paid separate fees for my kid's college bill recently. The bill is broken out into four charges: (1) tuition, (2) room, (3) meals, and (4) technology access and student activity fee. Because internet access is broken out separately, we know what it's worth. And I'll te

Re:

[Schraegstrichpunkt]

And I'll tell you, for $112.50 for four months my kid can't expect the same kind of service that I pay $70/month for here at home.

Indeed, but the option should be there. Keep in mind that not every student is fresh out of high school, and even the ones that are might need more Internet access if they're in technical fields than they would in, say, language arts.

Sure you have options. It's called "a different school". If internet access is that important then find another university with policies that y

Re:

[laughingcoyote]

Incorrect!

Unless you're allowed to seek your own, it should be unencumbered, period.

Re:

[dodobh]

In which case students should be allowed to get their own service from another ISP.

Re:

[Qzukk]

Some universities demand that students live on campus at least their freshman year.

Re:

[Schraegstrichpunkt]

What right do they even have to tell you where you can live?

None, but how many first-year students can afford a lawyer to fight it? Heck, how many students have time to launch a class-action lawsuit for this kind of crap?

The same kind of crap happened at my university. They implemented a mandatory health/dental plan (which doesn't even cover major things like reconstructive surgery) at my former university. You could "opt out", but only if you proved to the insurance company that you had equivalent-o

Re:

[Qzukk]

The university I went to even had apartments on campus for married people, though they didn't require anyone to live on campus. I lived off campus my freshman year, then switched to a dorm room. $500 a semester (3 months) all utilities paid and janitorial staff to clean up the bathroom simply could not be beat, even if I had to share a prison cell sized room with another guy. This was before the dorms came with ethernet jacks so I had to dial in from my dorm room, but I'd have had to dial in from anywhere

Re:

[bernywork]

I understand that it's their only option in some instances. At that point the uni should be running it as an ISP then, give each of them a public IP and then run it as seperate infrastructure, on a seperate business model. At that point they should also include a set of terms and conditions that specifically point out that they are not in any way responsible for anything that they do. If people complain that it's slow, then there may not be much more of an option aside to rate shape traffic.

Either way, (My

Social problem needs social solution

[Kadin2048]

Either way, (My semi-educated opinion) it's not an engineering problem, it's a managerial problem about how the whole lot is being run at the moment and it obviously needs a re-think on how things are being done.

Bingo; yet again, it's an attempt to solve a policy/managerial/social problem with a technological solution. Almost any time this is attempted, failure results.

As to the OP, if you want to provide customer satisfaction, and your customers want BT, then you need to provide externally-facing IP addres

Wonderful FUD

[Schraegstrichpunkt]

Great, so apparently public IP addresses have "legal issues" now. What a bunch of crap.

Re:

[bernywork]

I think you are missing the point. Assigning out IPs isn't the issue; it's assigning them out, and then allowing BitTorrent to hammer their internet link pipes, also with potentially more activity going on through BitTorrent you are becoming a larger target for the **AA to aim for.

Public IPs aren't the problem in and of themselves, the poster has said though that they are limiting the people who they connect through by using NAT. Public IP addresses get rid of this obstacle.

Re:

[Schraegstrichpunkt]

I realize that (and I still think it's a dubious claim), but the way the article is written, it looks as if "public IP addresses == legal problems". Murphy's law dictates that those people will be on the other end of your tech support call.

Re:

[bernywork]

Yep, they will be on the other end of the phone, granted, but do you have a technical answer for this poster?

Can you tell him how to get around this issue?

Re:

[Schraegstrichpunkt]

Yep, they will be on the other end of the phone, granted, but do you have a technical answer for this poster?

No, I don't have a technical answer. It's not a technical problem, as you have already pointed out [slashdot.org].

Re:

[AvitarX]

Is there really a big problem if the computers are given public IP addresses and then only open on ports 2000-3000, perhaps with all known services blocked within that range even. This would allow people to bittorrent and still keep most of the benifit of the NAT and use the firewall as it was meant to be used.

Re:

[bernywork]

Yes, yes it is. Did someone misunderstand what I was saying though? I doubt it. I wouldn't lose sleep over it.

Do what universities do here?

[Keruo]

Assess the need of services to provide to students, webmail, directory services, course pages etc.
Make the services available over net.
Kick residential networks completely away from university network.
Then you won't have to worry about what students do in their network, since it's operated by third party operator, not by university.
Third-party operators here are student unions etc, which partly/entirely own the housing which students rent,
and network policies are set at student level.

Re:

[GC]

Interesting, I think ridding yourself of the problem by bringing in a third-party operator probably wouldn't resolve the issues that the students have, but it might shift it to being their problem.

Slightly offtopic, when I was at Uni in 1991 (Warwick, UK) the department of computer services, CSV, had a similar issue with what would now be called "chat rooms" (I personally believe that this was where Internet chat was invented), although the problem was that the chat servers were being hosted I guess 'illega

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[joe 155]

I have to agree about not being able to win in this situation, I also agree that allowing bit torrent to run without restriction will most likely lead to lawsuits. I wonder if the uni could get round this by making the students sign a declaration that they are the sole persons responsible for what they do on the net. (I don't really get how it works though, if a student was downloading child porn the uni wouldn't be in trouble, would it?).

Other than that the guy could have a full (and anonymous) discu

Re:

[kz45]

"I have to agree about not being able to win in this situation, I also agree that allowing bit torrent to run without restriction will most likely lead to lawsuits. I wonder if the uni could get round this by making the students sign a declaration that they are the sole persons responsible for what they do on the net. (I don't really get how it works though, if a student was downloading child porn the uni wouldn't be in trouble, would it?)."

If a university does not have the capability to limit bandwidth on

Re:

[jZnat]

What's on port 100? :/

Re:

[laughingcoyote]

Aww, idn't that just too bad? The wittwe pipes awen't handwing the twaffic!

For what they charge in tuition, -GET- -BIGGER- -PIPES-! Not throttle! Either that or allow students to seek outside solutions.

Operate like an ISP

[mysidia]

Give them public ip addresses, but make them dynamic, possibly make each user connect using PPoE, so there is a username and password, limit the bandwidth, block inbound windows SMB/LSH/NetBIOS ports such as port 139, 137 incoming to each user, etc.

Keep logs of what user logs in to what ip address. As an ISP you aren't responsible for the details of exactly they do online, you have no idea about the nature of their activities, or if they're legal or not: make sure you stay within the DMCA safe harbour, and clearly document the contact information as required, so the ISP can receive DMCA letters.

ISP responsibilities should be mostly met by being able to match an ip address to an individual who is responsible for that node.

How are they using BT?

[barzok]

That's the key question. When I was in college, the network and internet access were provided "for academic use". Obviously, when you have thousands of people living on the campus 24/7 for 8 months out of the year, there will be plenty of non-academic use, but that's understood and accepted, as long as you're keeping it reasonable. Call up the helpdesk and complain that your Quake(World) ping times are slow or you're lagging, and they aren't going to work much at "fixing" it. Run a high-volume server (web or game), and they'll come shut you down, unless it's directly related to something you're doing academically. If you're having trouble downloading something from MIT for a research paper, and they'll take care of it.

Are the students using BT for legitimate academic purposes, or are they using it to download entertainment? Don't even get into the "gray area" of judging whether the content being downloaded is legal or not. If they have educational needs that are being met by BT, then there's an argument for "improving" that service. If not, why spend the time and bandwidth money on it?

If it's about Linux ISOs, set up a local mirror for the student body and ask them to use that. Bonus being that they'll download it faster than they ever could with BT.

Re:

[grim4593]

You act like the universities are doing them a favor by having internet. The students are paying for this, dorms are not cheap. The university is making lots of money when housing is thousands of dollars per person and there are 2-4 people to a room. And these are not large apartments either, the students have to get something out of the deal, especially when some universities come up with the BS idea of requiring freshmen and sophomores to live on campus. Since the university is a monopoly in most respects

Re:

[barzok]

The university isn't obligated to provide internet access at all. The primary intended use of that internet access is for academic purposes. If they're using BT for legitimate academic purposes, then whatever problem there is should be addressed. If they're not, it can wait.

BT uses bandwidth, and bandwidth costs money. Room & board are billed separately from all other university services, and that room & board bill doesn't include internet in most cases. Housing, contrary to what you may believ

Re:

[DeusExMalex]

The students get planty out of the deal - they don't have to pay for water, electricity, maintenance, food, most cleaning, heat, and grounds maintenance (the sidewalks don't shovel themselves).

Are you insane? What the hell makes you think that students living in the dorms don't pay for water, electricity, maintenance, food, cleaning, heat and maintenance?! Just the fact that we don't get a monthly bill for it?

I'll let you in on a little secret: the cost to a student of living in a dorm has all these facto

Re:

[mysidia]

The university is doing them a favor by providing a service they are not obligated to provide. Students may examine the lease, or the rental agreement they sign when they buy use of a room. The services the university is required to provide in consideration for the amount they pay for rent will be listed.

Internet service may not be listed, and there may indeed be an additional charge to use internet access. I know for a fact that a number of universities require payment of a fee to access the int

Re:

[aitikin]

"If the options offered by the University are not to the satisfaction of the students, they have the possible option of buying internet access from a third party"

Here at EIU we cannot buy third party access. If we do so, we violate our residance agreements. Furthermore, we can't setup wireless APs ourselves, we can't log on without doing the following (for windows), have CleanAccessAgent running, have bridge networking turned off, have every Windows Update, have one of three major AV programs (Symantic

MOD PARENT UP

[Schraegstrichpunkt]

Figure out whether you think you have a case, then get a bunch of people together to split the cost of hiring a lawyer to write up a nastygram to send to the landlords.

You might want to block email as well.

[JumperCable]

"Add to that the potential liability of making a service that by most reports has upward of 90% of its traffic fall into a 'legally questionable' gray area, how can I win in this situation?" -Author

Well as long as you are at it, you might as well block email given that there are reports that upward of 82% [internetnews.com] of it is spam. 419 scams, get-rich-quick schemes, multi-level-marketing, fake viagra, medication without a prescription, blatant fraud, identity theft, phishing, Pump & Dump stock trades, you name

Re:

[kz45]

"Well as long as you are at it, you might as well block email given that there are reports that upward of 82% [internetnews.com] of it is spam. 419 scams, get-rich-quick schemes, multi-level-marketing, fake viagra, medication without a prescription, blatant fraud, identity theft, phishing, Pump & Dump stock trades, you name a scam & e-mail has it"

yeah, well, most people communicate through email (including professors) and email is light for the most part, light bandwidth, so you don't even have a va

Limiting upload speeds?

[dimfeld]

If you're having troubles with your Internet connection slowing down a bunch while using Bittorrent, you probably need to cap its upload speed. As of a long time ago, you couldn't do this with the official client (maybe you can now; I haven't checked). Try getting Bittornado [bittornado.com] which will allow you to limit the speed at which it uploads and should allow you to use it without monopolizing your bandwidth.

Re:

[westlake]

Maybe redirect them to OSS software sites & Creative Commons music sites where people can legally explore & download music.

This generation of gamers is showing a distinct lack of interest in Nethack.

--- and while it would be nice to think that listeners are more interested in product from the independent labels, I suspect the "top of the chart" hits on BT pretty much track those posted by Billboard.

How much bandwith do you have

[Joe The Dragon]

How much bandwith do you have to the internet? that may be slowing it down as well this one school I was at only had a T1 line and it got real slow at times and that was with any Bittorrent being used.

Local Cache?

[Watson Ladd]

Azerus supports the use of the Joltid peer cache for downloads. Someone suggested dynamic, public IP's. You could use IPv6. Although it doesn't make sense: Bittorent works through NAT's very well. But if there are bandwith issues then use a cache.

Re:

[dodobh]

This is a NAT with a crapload of users behind it, unlike your home commection.

A rather important reason why NAT is considered evil by a lot of networking people.

IPv6?

[numbski]

Now this puts you into the "public IP's" area, but seriously.

You can still effectively firewall. You don't HAVE to NAT to have an effective firewall. Somewhere along the line this came into thought. Granted, that means all IP's are world-accessible, but that doesn't mean you have to allow traffic to reach those machines from outside.

allow tcp 22 from any to (ipv6 hosts allowed ssh)
allow tcp 80 from any to (ipv6 hosts allowed web access)
block icmp from any to (ipv6 network)
block from any to any

You can get

Re:

[numbski]

BTW, if you do this, you'll want the following too:

block smb from IPv6 network to world
block databasing from IPv6 to world

Probably a few others you'll want to toss in there that really should never go to the outside world. With windows hosts, you have to be careful.

Re:

[ichigo 2.0]

allow tcp 22 from any to (ipv6 hosts allowed ssh)
allow tcp 80 from any to (ipv6 hosts allowed web access)

What would this solve? You only need one open port to be able to host anything you want, including ssh and http.

We have public IPs at Leeds

[David Horn]

When I was in uni residences in 2005, we were assigned public, static, IP addresses which were fine for bittorrent. The IP is permanent and tied to both your university username and MAC address, and they were quite tough if the RIAA or MPAA reported abuse to them.

You don't need public IPs

[Guspaz]

Many BitTorrent clients support reporting a different IP to the tracker than the one actually held by the computer. This is useful for routing INCOMING connections through a third party.

Essentially what you need to do is have students connect to a server with a public IP via SSH, and set their BitTorrent client to report that server's IP to the tracker. The idea is that you set up an SSH tunnel that accepts connections on the remote end and forwards it over SSH. Most SSHv2 clients (such as PuTTY) support this functionality.

Assign each user a specific port on the server (There are over 65 thousand ports, and each person needs just one), and provide them with a nice little automated solution to set up the tunnel. PuTTY has a command-line version called "plink" that makes this super easy. Just write a short VisualBasic application that does nothing but show a window with a button to start up and connect plink to the server, and shut down the process when the user is done. This way, all a user has to do if he wants to use bittorrent is run the application and click a button. Or better yet, just write a short batch script that the user can launch when they want to do torrent-related stuff.

This is only one of the possible methods. As you can see, a computer doesn't need a public IP address in order to accept incoming connections via BitTorrent, since you can tunnel them. It should be noted that many BitTorrent clients also support proxies. uTorrent even supports proxies for peer-to-peer connections. And you may also want to look into P2P caching solutions, which could potentially significantly reduce the impact of BitTorrent on your university's connection.

My university...

[SanityInAnarchy]

...did just the opposite. They gave public IPs to all the students, seemingly with no restrictions -- I could have as many IPs as I had network adapters, even on the University wireless. They blocked inbound Windows filesharing ports and outbound SMTP, and throttled BitTorrent, but other than that, I could just about saturate the 10 mbit pipe to my dorm room. I could saturate BitTorrent if I turned on header encryption.

Basically, they decided that the web (port 80) needed to be as fast as possible, becau

P2P cache

[muftak]

Cache BitTorrent and other P2P traffic. These guys make such a device:- http://www.cachelogic.com/ [cachelogic.com]

Connection flood

[j35ter]

I administer a network of 30 inhouse and 400 remote workstations. Inhouse I have 2 NATted 4Mbps connections for 30 users, which should be enough for most cases. this summer, I had problems with the NAT routers slowing down almost to a halt. When I took a closer look, I found out that we had several BT clients running simultaneously with several hundred open connections!
Now I have 1(one) instance of an emule client running, with a web interface where everyone can "order" some files, and a public share where

Run Teh Internal Tracker

[Deliveranc3]

FTW!

Re:

[account_deleted]

Comment removed based on user account deletion

public IP space

[jon787]

I guess another question is whether your university has the public IP space to actually do that for all your students. If you don't already have enough public IP space then you're gonna have to deal with begging ARIN for a bigger allocation which might not be worth your time. /my university has a /16 //its only using 16% of it by my last check

Like others have said...

[kosmosik]

What for they need BT protocol? I see most of legitimate uses of BT as downloading Linux (or other freenix) ISOs, commercial games demos and other legitimate big files.

If they (the users) are downloading illegal stuff they should be prohibited to do that.

What I've read most of Slashdot users are suggesting is to set up mirrors of those stuff to let them download it of local network - great idea. But add to it that you do not need to make yourself an admin of those mirrors. Just set up an apply process for a

Re:

[kosmosik]

> What I've read most of Slashdot users are suggesting is to set
> up mirrors of those stuff to let them download it of local network
> - great idea. But add to it that you do not need to make yourself
> an admin of those mirrors. Just set up an apply process for a mirror
> maintainer and let the students maintain the mirrors themselves
> (even give the admin-ones way to use BT to mirror).

Actually all you need to do is give them (the maintainers) an account of one of the servers with proper she

Change the way they use the internet?

[crossmr]

First things first:
Separate residential network from the rest of the university.
Give it big fat internal pipes.
hint that there would be nothing to stop someone from running an internal tracker that wouldn't be limited in speed.
Let them do what they will with it.
It probably wouldn't take long for someone to set something up and people were sharing most of what they wanted anyway over it.
Mirror linux distros and other legit items, or create an electronic form where a student could request a copy of a legit it

Try to move most of the traffic inside

[Sloppy]

Add to that the potential liability of making a service that by most reports has upward of 90% of its traffic fall into a 'legally questionable' gray area

Until we have strong AI so that a cyber-lawyer inside your firewall can figure out whether a packet should have the 'evil bit' set or not, nobody is going to be able to identify whether a bittorrent (or any other protocol's) transaction is legal or not. It's no use to try. So I wouldn't worry about whether it's legal or not: you're never going to know.

Students sign a waiver saying they will be held...

[Antony-Kyre]

Students sign a waiver saying they will be held liable for all illegal activity that perform, and that the university holds absolutely no responsibility.

What about:

[EdMcMan]

• UPnP
• Reccomending users use clients that support NAT to NAT connections
• Proxying

Simple solution

[aminorex]

Assign each user a specific port for bittorrent traffic. Tell them to configure their client software to use that port.
DNAT that port. Voila, full-speed bittorrent. Moreover, the user is identifiable by port, so you need not fear liability any more than does my cable company. You are protected under U.S. law, as long as you do take downs upon
accusation, and restore service if the accusation is contested.

In the university environment, I think you'll find that illicit use of BT is probably lower than is i

Peercache

[AmiMoJo]

Peercache does something similar to a web cache, but for P2P traffic. It's a commercial product but could be worth a look.

The basic problem of having machine behind NAT, and thus unable to accept incomming connections, seems impossible to avoid unless you can get a block of 1000+ IPs.

dialup over a digital PBX phone!

[r00t]

I got a little box that would go between the phone body and the handset. This little box provided an analog phone jack. It had a way to adjust for 4 different power levels, to be set according to your digital phone. I think it needed a wall wart for power.

Procedure:

1. take handset off hook
2. tell modem to dial (any number will do)
3. dial the real number using buttons on the phone
4. enjoy the 9.6 kb/s connection

Re:They should be lucky...

[billstewart]

When I was an undergrad, we had to walk a quarter mile uphill in the snow to get to the nearest computer center to use keypunches, or (later, after I'd moved to north campus and the computer center had upgraded) 3/4 mile across mostly-flat snow to get to the one computer center that had some Decwriters and a couple of CRTs on the mainframe and a couple of PLATO terminals. Modems existed back then, but we didn't have an ASR33 in the dorm or fraternity house and there wasn't anything on our IBM-centric campu

Re:

[mattboston]

Their problem is they are spoiled brats who believe that they deserve everything for free. The school is not obligated to provide them anything except an education, room and board. The internet access they provide is a privledge, which can be taken away if people abuse the privledge. Read your college or university's AUP.

Also, wait till they get in the real world where their employment will be terminated for abusing the "free" internet at work. I've personally seen people terminated on the spot and esco

Re:

[Chowderbags]

Last time I checked, people pay to go to college and pay more on top of that for housing. The university is obligated to provide what it says it will provide (which in todays world almost always includes an internet connection). Beyond that, many college's internet use policy assumes general privacy, so unless you're hogging like crazy, I don't really see where it should matter what you're doing (until the law comes along). In "the real world", you are getting paid to perform a task. If you are using the i

Re:

[MBGMorden]

I wouldn't take too much of the high and mighty route here. Internet access is like air to people these days. Too much throwing around their weight saying "You can't do this and you can't do that." will very likely cause students to look elsewhere for their education - to somewhere that does provide the kind of internet access they want. Back in 1999 when I chose my school the fact that they had broadband in the dorms (not everywhere did at that time) was a very major criteria in my choosing that school

Re:

[mysidia]

No. The school doesn't have this obligation, not unless they provided it in the housing agreement.

The students want and expect internet access for school and pleasure. But this is something different from the school having an obligation to provide the same. A school, if it wishes, has the option of having no internet access on campus, whatsoever. They will seem to be living in the dark ages to most, and students will avoid the school as a result, but that is an option that schools have.

The student

Re:

[Chowderbags]

You're forgetting that plenty of colleges advertise that they have internet, cable, phone, whatever. If they suddenly take it away after you've paid tutition and housing costs, then they're violating the agreed upon conditions.

Not to say that Amish University couldn't get off the ground and running, just that most colleges at this point are rather locked into what they said they'd do.

Re:

[secolactico]

The school has an obligation to make sure they can use the internet for both school and pleasure

Whoa! Go back and re-read what you wrote. Why would the school have an obligation to provide for "pleasure" or leisure.

Higher education is not required by law. You don't *have* to attend an university. If you do so, it's under their rules. If they decree that you have to leave in their dorms but can't have internet, or cable TV or telephone or whatever... well, it sucks but it's their prerogative. I'm sure

Re:

[secolactico]

have to leave in their dorms

DOH! I meant live.

Re:

[dircha]

Yes it does. Let me explain, for your benefit and for the benefit of the topic submitter.

If your client does not accept incoming external connections and share torrents (if your client is not on an externally accessible device and you don't have port forwarding configured), all other peers will assign you a priority lower than every other peer that is sharing.

This doesn't just mean you will be last in line to receive the requested torrent. It means that all other clients will relegate your request to the sm

Re:

[Anonymous Coward]

Which I hope speaks to the question of why on earth would this university network administrator want to allow his users to use university bandwidth to get bonus points with copyright infringers so that they themselves can infringe copyright more effectively...

As a University student I find comments like that very frustrating. Making bittorrent faster (by opening incoming ports) will make it faster for *every* use, whether academic or otherwise. I'm not going to argue that most home bittorrent use is not

Re:

[Sigma 7]

If your client does not accept incoming external connections and share torrents (if your client is not on an externally accessible device and you don't have port forwarding configured), all other peers will assign you a priority lower than every other peer that is sharing.

Any client that relies on the fact that other peers cannot accept inbound connections is broken. A better design is based on the upload/download ratio. As long as the peer is capable of uploading (even if it is a seeder that makes outbou

Re:

[Sorthum]

It works behind NAT, but we're not filtering right now, and it's taking up very little bandwidth-- most users can't exceed 20K a second for some reasons.