VeeshanVault

So I'm finally back at school - and I of course am pissed at the IT department and their network limitations (though I understand their security motives). There are two things that are really bothering me the most - download/upload speeds and pings.

I received an email last week from the head of the IT department which included the following:

Mr. PissOffRellix wrote:Implemented Quality-of-Service measures that should ensure fairer usage of the College’s Internet connection.

From what I've found, regardless of the website, the maximum download speed I've been able to get is around 40kb/s, which leads me to believe that they've set a cap. When I try to ping websites or play an online game - I get pings of between 170 and 180, which a lot of privately owned gaming servers (bf2, cs:s, etc) will boot you for.

Obviously I don't have much control, but is there anything that I might be able to do?

I've noticed that my computer has a different IP from last year here (I'm living on the opposite side of campus) and instead of a NAT-esque IP (10.14.1.X) I have an address similar to that of my school's website (http://www.smcm.edu - 138.78.1.22) mine begins with 138.78.XXX.XXX. Also, my ip on http://www.whatismyip.com is the same as my address using ipconfig in the command window, which wasn't the case last year.

Any suggestions would be great.

You're not going to 'get around' QoS bandwidth restrictions which are applied at the boundaries. Unfortunately, they're probably causing the pings as a side effect.. not that the IT dept is going to give a damn about your BF2 ping

They've also pushed you outside the campus network proper, which puts you in a shitty position; on an attractive network segment to every spammer/DDOS jackass, and directly exposed to the internet. Best turn your windows firewall back on and keep your virus definitions up to date.

Either that or they decided to use routable IP address... which if that is the case then they could get fined from AARIN... if AARIN is still the group that does IP address... been about 5 years since I did network engineering.

Marb

Marbus wrote:Either that or they decided to use routable IP address... which if that is the case then they could get fined from AARIN... if AARIN is still the group that does IP address... been about 5 years since I did network engineering.

Marb

There's nothing wrong with using registered address space. ARIN woud just make it more difficult for them to get another block assignment unless they could show justification for the assignments.

So I spoke with a friend via IM who works for the IT department here..

Apparently the network is doing very shitty right now (as expected). There's no artificial cap that he knows of, just a clogged network.

Furthermore:

Me: What's this "fairer usage" crap?
Him: I would imagine that simply restricts open, high-bandwidth downloads such as movies and stuff - meaning that people who download dozens of 70 MB porn videos will be quite fucked

I then commented on the fact that they obviously then monitor every byte that goes through, to which he responded:

Him: but you'd have to do a pretty big thing to draw any attention to yourself. 1 GB download of pornography would do it - secure data transfer from FBI servers would too
And you might piss someone off if you downloaded a really, really large video game. Like say, America's Army followed by Phantasy Star Online: Blue Burst
Me: they never caught a certain roommate last year =P Note: my roommate downloaded tons of movies via bittorrent and socks5 proxies.
Him: eh, well, we have a T1 for the campus. that's a lot of bandwidth You'd need to leave a pretty big footprint for anyone to catch it

Finally.. I asked about the IP issue.

Me: what's the point? =P
Him: Uh, something about the VLAN, I think
Me: is it still secure?
Him: Yeah

A T1 for the whole campus doesn't seem like a whole lot of bandwidth.

Yeah, your school T1 = 1.5 Mbps, U of Winnow = 11 Mbps

You're out of luck if the entire school only has a T1 to share. Even a T3 with ~44Mbps would be sucked up pretty fast if your school has more than a handful of students.

~2000 students. It wasn't really this bad last year, and apparently there have been no major hardware changes excluding faster switches in the center of the network. Perhaps it's because it's the first week of school - I remember the first month last year being slow (but nothing like 40kb/s). I'm sure it will speed up as everyone gets settled, but this is just pathetic.

To quote IT guy, regarding the network:

It's uh.. "on".. and that's about it.

I'm averaging 56Mb/s from work to Giganews... (At home I'm limited to 6Mb/s, which is still quite good considering I'm just a regular Time Warner customer.)

But anyway, that sucks about the school network. I actually kind of doubt that they only have a T1. Those were quite the bomb before the broadband wave hit, and now they are only good for voice lines. Most schools these days have some sort of peering arrangement with a local provider. That is, they don't use T1/3 lines but instead have a dedicated direct 100+Mb/s link to a provider. They are surprisingly cheap, at least for an entity such as a school (not cheap for an individual).

Additionally, just because you may now have a "real" IP address does not mean by any stretch that you're "outside" of the campus network. You are almost certainly not outside of it in any fashion. Although I'm confused as to why a "smart" institution like a school wouldn't use NAT. I doubt that they'll have any trouble with ARIN, since they probably got a pretty large network block assigned to them in the first place, so they probably have more address space than they currently know what to do with.

If you've got real address space to use, why bother with NAT and the problems it can cause? The little bit of security through obscurity you get using it isn't a reason to go that route if you don't have to. It's also more load on the routers, firewall, or wherever they're doing it, and they may not have had the cash to upgrade them. Turning off NAT is a decent stop-gap measure to get back some memory and processor time if you need it.

NATing and not using huge chunks of allocated address space is more likely to cause a problem than using it is. My company auctioned off a couple class B blocks we weren't using a couple years ago. All those unused addresses were a fairly valuable property apprently.

Rellix wrote:I'm sure it will speed up as everyone gets settled, but this is just pathetic.

If you've got a whole school going through a T1 it won't get better. They may have throttled all the "recreational use" into a T1 sized pipe so the business functions properly without the students eating all the bandwidth (meant to do useful things) downloading porn.

Also using registered address space prevents you from having to deal with RFC 1918 address space overlaps if you ever merge two networks.