ResTek Traffic Shaping and Statistics Policy
ResTek is not currently enforcing volume-based shaping.
How ResTek Shapes Traffic
All traffic bound from within the residential network to the internet must pass through our border packet shaping appliance. At the time of writing, this is the Procera PacketLogic PL8720. The device inspects the flow of packets and determines algorithmically which application or protocol it belongs to and labels the flow as such. At that point, if any shaping rules controlling the rate or priority of the flow match the service detected, they will be applied and the traffic is considered “shaped”.
Which Applications or Services are Shaped
Short answer: Nearly all of them to some extent. The term “shaped” may be ambiguous to some who tend to believe, either through genuine misunderstanding or deliberate oversight, that it refers to what happens when, for example, an ISP slows down the BitTorrent protocol or other traffic after a certain volume of traffic has been passed. While this can be considered shaping, it is more precise to call this “throttling” or “volume-based shaping.”
ResTek uses volume-based shaping to slow down heavy users in order to provide equal access to everyone. Our system has two tiers of usage. In both cases, the traffic limits apply to data transferred in the past three-hour sliding window. The throttling only takes effect between 6am and 6pm when our internet connection is otherwise completely saturated.
- Tier 1: 3 GB –> 8 Mbps limit
- Tier 2: 6 GB –> 2 Mbps limit
On our network, “shaped traffic” refers to traffic that has been assigned a certain priority. The priority determines the order in which the packets are transmitted and not the speed at which they are transmitted. Transfer speeds are dependent primarily on how many users are utilizing bandwidth at that time.
This is how priority is currently assigned on the network:
- Dedicated Gaming Servers – Highest Priority
- includes Xbox Live, SonyOnline, and automatically detected PC games
- Prioritized gaming currently utilizes a small fraction of total student internet usage.
- A playable gaming experience, much unlike regular internet usage, is highly dependent on latency. If games were not given priority, their packets would be delayed, and the games would not be playable in realtime.
- Since gaming traffic has such a small footprint on the network, prioritizing it doesn’t cause slowdowns elsewhere. Stopping game prioritization would negatively affect gamers without providing better service quality for other users.
- Low Latency Services – Highest Priority
- includes realtime communication, VoIP, Skype, etc
- Similar to gaming, this traffic must receive highest priority, otherwise these applications would be jittery, out of sync, and largely unusable. Currently, utilization of Skype and related services has not generated enough bandwidth to overrun the network with high priority traffic.
- Proxies – High Priority
- includes ResTek’s dual caching webproxy servers
- High priority provides an incentive for residents to use the proxies. High-demand pages and images can be cached for other residents to use, preventing the need to retrieve them from the internet over and over and freeing up bandwidth for other services.
- Instant messaging and Remote Access – High Priority
- includes AOL, IRC, MSN, SSH, Remote Desktop, GoToMyPC, etc
- Chat protocols are less time sensitive than real time voice communication, so the highest priority is not necessary. However, due to the nature of “instant” messaging, the bandwidth per interaction is small. Giving priority to IMs is not a strain on the network and improves their usability.
- Remote access protocols use more bandwidth, but their usability is largely dependent on latency. Since remote access is infrequently used on our network, the benefits of higher prioritization outweigh the costs.
- Web Content – Normal Priority
- includes HTTP, SOCKS, HTTPS, SSL, etc
- Web content uses high bandwidth and is generally not time sensitive. If the network gets busy, web traffic will slow down. We recommend that end users make use of the proxies for higher priority access to web content.
- Network Services – Normal to Highest Priority
- Highest: DNS, RTSP, other low-latency low-bandwidth services
- These protocols are time sensitive and low bandwidth.
- High: IMAP, LDAP, POP3, RTP, SMTP (mainly email and authentication services)
- These services are somewhat time sensitive and generally low bandwidth, and cannot be accessed through the proxies.
- Normal: FTP, IPSec, MSSQL, rsync, SNMP, everything else
- Highest: DNS, RTSP, other low-latency low-bandwidth services
- Streaming Media Services – Below Normal Priority
- includes iTunes, Flash Video, Youtube, Netflix
- Streaming media is legitimate content, but is very high in bandwidth and not time sensitive. If the network gets busy, streaming media will slow down.
- Filesharing Applications – Lowest Priority
- includes BitTorrent, Limewire, Soulseek, etc
- These filesharing applications are largely used to illegally procure and distribute copyrighted materials. These protocols are extremely high bandwidth and cause interference with normal legitimate traffic during peak hours. When bandwidth is not at maximum utilization, no throttling will occur, and full speeds should be attainable.
- Disclaimer: While ResTek does not monitor student traffic nor care what is done with a connection, the registered user of the IP address is legally responsible for the data that is transferred from it. Even though ResTek is not looking for illegal material, other groups are. When we receive emails and can confirm their claims, the registered owner of the IP address will be held accountable.
What Statistics Does ResTek Keep About End User Activities
ResTek seeks to provide a quality internet connection to all residents living on campus at WWU, while maintaining and respecting each individual’s personal privacy online.
Currently ResTek stores and maintains access to the following information about end users:
- Personally identifiable numerical values representing traffic passing from the internal network to the internet for each connection (retained for up to 3 months prior to today)
- Personally identifiable recent flows passing from the internal LAN to the internet; including Service Name, Destination IP, Source IP, port, time, and data transferred (retained for a variable amount of time depending on space requirements)
- Numerical values representing traffic classified in each service group including number of hits, and data transferred (retained for up to 1 academic year)