NBAR to block edonkey and bittorrent

Unanswered Question
Mar 26th, 2009
User Badges:

We are trying to block p2p traffic, especially bittorrent and edonkey, with NBAR on a 2821 router. The commands inserted at running-config are shown below.


The command “show policy-map int giga 0/0”, shows some packets dropped but when we using the program amule in Linux it works, but the program equivalent in windows, emule does not work. What can be happening ?


How can we be sure that the packages are correctly identified and blocked ?

When we have ACL and service-policy with NBAR at the same interface what is done first ?




“running-config”

-----

!

class-map match-any peer-to-peer

match protocol bittorrent

match protocol kazaa2

match protocol edonkey

!

policy-map drop-peer-to-peer

class peer-to-peer

drop

!

interface GigabitEthernet0/0

ip address 192.168.120.49 255.255.255.248

ip access-group 171 out

ip nbar protocol-discovery

duplex auto

speed auto

service-policy input drop-peer-to-peer

service-policy output drop-peer-to-peer

!

-------

“Output of command show policy-map interface”


Cisco2821#sh policy-map int giga 0/0

GigabitEthernet0/0


Service-policy input: drop-peer-to-peer


Class-map: peer-to-peer (match-any)

4148017 packets, 489766793 bytes

5 minute offered rate 5000 bps, drop rate 5000 bps

Match: protocol bittorrent

4090268 packets, 471253367 bytes

5 minute rate 5000 bps

Match: protocol kazaa2

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol edonkey

57747 packets, 18513426 bytes

5 minute rate 0 bps

drop


Class-map: class-default (match-any)

281519716 packets, 139238496766 bytes

5 minute offered rate 2769000 bps, drop rate 0 bps

Match: any


Service-policy output: drop-peer-to-peer


Class-map: peer-to-peer (match-any)

2040318 packets, 204257540 bytes

5 minute offered rate 1000 bps, drop rate 1000 bps

Match: protocol bittorrent

2023231 packets, 194432473 bytes

5 minute rate 1000 bps

Match: protocol kazaa2

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol edonkey

17087 packets, 9825067 bytes

5 minute rate 0 bps

drop


Class-map: class-default (match-any)

286842244 packets, 240568337214 bytes

5 minute offered rate 5294000 bps, drop rate 0 bps

Match: any

----------------------

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
MICHEL.HEGERAAT Thu, 03/26/2009 - 09:06
User Badges:

I found that most of these type of p2p try multiple ways to connect to their servers.


If they find a way that works they stick to that. If that way gets block they try other ways.


So to make sure the p2p does not disturb the business related traffic I would suggest you put the p2p in a low priority class but still allow it to work.


This way it won't try to connect in other ways. If it goes out as https traffic you won't be able to see the difference with business traffic. That would be a real problem.


Cheers,


Michel

Actions

This Discussion