cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
828
Views
5
Helpful
13
Replies

NBAR and http download

fd_case17
Level 1
Level 1

Hi all,

I want to limit http download for urls like

youtube.com for example

How can I do this ,

I make it for entire protocol http

but for only this url I don't see .

Can You help me please

13 Replies 13

Mohamed Sobair
Level 7
Level 7

Hi,

I am afraid you cant limit traffic for specific URLS using NBAR. rather than using HTTP.

NBAR is most offenly used for peer-to-peer applications using PDLM (Packet description language Module).

You can installs every new application and you can copy and install in into your router flash using the command (ip nbar pdlm flash://xxx.pdlm) and apply the policy which defines the matching class.

In your case, There is another ption, just figure the source IP of the website & create 2 class-maps , One matches traffic from your source IP's to the destination URL & limit its bandwidth accordingly.

The other Class matches any any, then apply the policy to the interface.

example:

class-map match-any tube.com

match access-group 100

class-map match-any normal-traffic

match access-group 101

access-list 100 permit ip (your source IP's) (destination URL IP) eq www

access-list 101 permit ip any any

policy-map policing-tube

class tube.com

police (bit per second) conform-action drop -- Bandwidthe limited for Tube.com traffic

class normal-traffic

police (bits per second)

int x

service-policy output/input policing-tube

let us know if it works with you,

Regards,

Mohamed Sobair

Edison Ortiz
Hall of Fame
Hall of Fame

Please see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_m1h.htm#wp1128712

class-map youtube

match protocol http url host youtube*

Mohamed Sobair
Level 7
Level 7

Great Info..

Regards,

Mohamed Sobair

hi all

In fact the pb is: a router (3745) with 2 interfaces: 1 for LAN f0/0

1 for WAN f0/1

I want to limit bandwith in download for url like youtube...

so my config is:

class-map youtube

match protocol http url "*youtube.com*"

policy-map youtube

class youtube

police 100000

nbar is applied on 2 interfaces fastethernet.

So if I want to limit download (100Kbits) ,I put the policy-map in INPUT on F0/1

But It doesn't work .

nbar match for the get request but it doesn't match for the reponse.

How can I do that?

Nbar doesn't seem to be stateful for me.

Thanks for your answer.

Can you post the output from:

show policy-map interface

Hi, my conf:

class-map match-all youtube

match protocol http url "*youtube.com*"

policy-map youtube

class youtube

police 100000 conform-action transmit exceed-action drop

interface FastEthernet0/0

description To WAN

ip address dhcp

ip nbar protocol-discovery

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

service-policy input youtube

interface FastEthernet0/1

description To LAN

ip address 10.0.0.2 255.255.255.240

ip nbar protocol-discovery

ip nat inside

ip virtual-reassembly

speed 100

full-duplex

Output of sh policy-map interface

FastEthernet0/0

Service-policy input: youtube

Class-map: youtube (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol http url "*youtube.com*"

police:

cir 100000 bps, bc 3125 bytes

conformed 0 packets, 0 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

conformed 0 bps, exceed 0 bps

Class-map: class-default (match-any)

14367 packets, 1890350 bytes

5 minute offered rate 13000 bps, drop rate 0 bps

Match: any

This line

match protocol http url "*youtube.com*"

should be

match protocol http url host "*youtube.com*"

and actually, I recommend removing the "*" from the beginning of the string:

match protocol http url host "youtube*"

(config-cmap)#match protocol http url host "*youtube.com*"

^

% Invalid input detected at '^' marker.

my ios :

3700 Software (C3745-ADVENTERPRISEK9_IVS-M), Version 12.4(9)T

invalid after host

Verified command with a router, this is the correct syntax

match protocol http host "youtube.com*"

this line doesn't match packets I want

They 're in class map default.

I test with a router ( 2600)

Strange...

Do you have CEF enabled ?

What IOS version are you running on the 2600 ?

Can you change the traffic flow from service-policy input to service-policy output ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco