Bittorrent is getting around Cisco Nbar

Unanswered Question
Nov 13th, 2008

Half my of my DS3 bit rate is unknown with nbar protocol-discovery. I know this traffic is bittorrent is there any think else I can to rate limit it with Cisco? Or do I need to look at a different product? The problem is that cisco nbar is not seeing the bittorent.

Cisco 3845 with Version 12.4(21a)

class-map match-any P2P

match protocol bittorrent

match protocol gnutella

match protocol edonkey

match protocol kazaa2

match protocol fasttrack

match protocol directconnect

match protocol winmx

match protocol custom-01

!

!

policy-map P2P

class P2P

police cir 40000

conform-action transmit

exceed-action drop

violate-action drop

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Thu, 11/13/2008 - 14:35

Does it really not see it, or is it not policing it? Where is the policy map applied and in what direction?

If it's on say S0, can you post the results of:

sh policy-map int S0

--John

byronwysocki Thu, 11/13/2008 - 14:53

The problem is that cisco nbar is not doing it's job in finding bittorrent. I can fire up bittorret on a test computer and it can still upload way above the 40000 bit rate.

giga 0/0 is the network side

giga 0/1 internet side

The setup is all correct.

sh policy-map int giga 0/1

GigabitEthernet0/1

Class-map: P2P (match-any)

3094246 packets, 405621021 bytes

5 minute offered rate 84000 bps, drop rate 44000 bps

Match: protocol bittorrent

2012067 packets, 323545868 bytes

5 minute rate 59000 bps

Match: protocol gnutella

50716 packets, 10618062 bytes

5 minute rate 4000 bps

Match: protocol edonkey

1016563 packets, 68773980 bytes

5 minute rate 20000 bps

Match: protocol kazaa2

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol fasttrack

209 packets, 26453 bytes

5 minute rate 0 bps

Match: protocol directconnect

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol winmx

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol custom-01

14690 packets, 2656604 bytes

5 minute rate 0 bps

police:

cir 40000 bps, bc 1500 bytes, be 1500 bytes

conformed 2539939 packets, 198667831 bytes; actions:

transmit

exceeded 17316 packets, 3979007 bytes; actions:

drop

violated 536991 packets, 202974183 bytes; actions:

drop

conformed 39000 bps, exceed 0 bps, violate 44000 bps

Class-map: class-default (match-any)

61657129 packets, 25490943500 bytes

5 minute offered rate 4702000 bps, drop rate 0 bps

Match: any

byronwysocki Thu, 11/13/2008 - 14:56

show ip nbar protocol-discovery stats bit-rate top-n 10

GigabitEthernet0/1

Input Output

----- ------

Protocol 5min Bit Rate (bps) 5min Bit Rate (bps)

------------------------ ------------------------ ------------------------

http 30624000 923000

bittorrent 1185000 69000

edonkey 985000 23000

secure-http 237000 92000

rtsp 239000 4000

smtp 41000 127000

h323 98000 3000

dns 36000 11000

novadigm 0 31000

secure-pop3 21000 3000

unknown 5217000 3592000

Total 38725000 4888000

byronwysocki Thu, 11/13/2008 - 15:12

interface GigabitEthernet0/1

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip nat outside

no ip mroute-cache

duplex full

speed 100

media-type rj45

no cdp enable

no mop enabled

service-policy output P2P

Actions

This Discussion