Classifying Dropbox Traffic



  • Apologizes if this has been answered already, unfortunately when I was searching last night I found a lot of posts with links to files hosted via dropbox but very few that actually mention dropbox in terms of traffic management.

    Is there any way of Identifying and classifying Dropbox traffic for use in rate limiting in pfsense?
    I understand this is problematic due to Dropbox using AWS EC2 hosting for their files, so IP blocks and set ports seem to be out in terms of identifying the traffic.

    I can't just block dropbox a) I use it, and b) everyone else does, it just we need to ensure that during the day when everyone is online that its relegated to the bottom of the queue.

    Regards

    C.



  • Welcome to everything is a web service in the cloud and HTTPS.

    What problem are you trying to solve. Keeping latency down and fairly sharing bandwidth, or trying to keep bandwidth down? If all you want to do is keep latency low so VoIP doesn't have issues, that's easy, if you need to reduce bandwidth, that's much harder because you need to figure out how to classify the traffic.



  • I can't just block dropbox a) I use it, and b) everyone else does, it just we need to ensure that during the day when everyone is online that its relegated to the bottom of the queue.

    Set up VLANs, and only one VLAN for yours that is allowed to use it (DropBox).

    With Deep Packet Inspection you could get it right handled, but this often narrows down the whole
    pfSense machine really really hard.



  • @Harvy66:

    What problem are you trying to solve. Keeping latency down and fairly sharing bandwidth, or trying to keep bandwidth down? If all you want to do is keep latency low so VoIP doesn't have issues, that's easy, if you need to reduce bandwidth, that's much harder because you need to figure out how to classify the traffic.

    My voip phones are on their own vlan and traffic priority settings so they are mostly unaffected, we do get moments where the quality drop through the floor, but otherwise its generally ok. The bandwidth is the bigger issue as the standard web traffic is in the same priority level and it just crawl along like its back on dial up when dropbox is doing its thing..

    I did have a thought last night of a method of working out what is dropbox traffic and what isn't, but I am not sure how one would implement it or if it would be even possible within pfsense
    If you browse to the ip or fqdn of amazon server that dropbox is sending its data to, you will get a Dropbox - 404 webpage. e.g. ec2-23-21-219-248.compute-1.amazonaws.com
    I think ideally I would have a broad filter for anything going to or coming from ec2 amazonaws ip range or regex name matching for the fqdn
    if address is unknown, check and see if we get a dropbox 404 page, if so add it to an alias so it can be classified to be in the low Priority queue.
    Probably also have a another script that checks the ip's in the alias once a week or so, and remove the ones that no longer return dropbox pages.

    any idea on if there would be a way of implementing that?



  • That's a very very complex setup you're envisioning. Much more complex than most would want or could handle. KISS is your friend. Good luck.



  • I am not an expert but I believe the hsfc install wizard will help some.  There is an option to lower the priority of dropbox.  It is the Multi WAN/Multi LAN wizard.



  • There is no Dropbox option in the Shaping wizard.  As stated earlier, it's almost impossible.  They use HTTPS to Amazon EC2.  Good luck blocking it without potentially causing other problems.  The only way to do it would be to get your hands on a definitive list of netblocks used by Dropbox, if there is even such a static list.