QoS

Answered Question
Oct 13th, 2009
User Badges:

What is the proper way to:


Limit any web traffic from www.site.com to 1 Mbps and if the site has .torrent extension then drop the packet.


Here is my configuration, tell me if it is wrong or right?


Webserver IP is 2.2.2.2


access-list 120 permit host 2.2.2.2 eq 80 any


class-map match-all DROPPED_TRAFFIC

match access-group 120

match protocol http url "www.site.com/"

match protocol http url "*.torrent"


class-map match-all LIMITED_TRAFFIC

match access-group 120

match protocol http url "www.site.com/"

match not protocol http url "*.torrent"


policy-map MYPOLICY

class DROPPED_TRAFFIC

drop

class LIMITED_TRAFFIC

police cir 1000000


int f0/0

service-policy input MYPOLICY



My main question is, is the "match not protocol http url "*.torrent" " important under the LIMITED_TRAFFIC class-map or can I perform the objective successfully without it?

Correct Answer by Giuseppe Larosa about 7 years 9 months ago

Henry,

access-list 120 should be

access-list 120 permit tcp host 2.2.2.2 eq 80 any


clearly a mistyping.


>> is the "match not protocol http url "*.torrent" " important under the LIMITED_TRAFFIC class-map or can I perform the objective successfully without it?


the order of calls of class-maps in the policy-map is important.

Because DROPPED_TRAFFIC is called first torrent traffic will match it.


So the match not protocol http url "*.torrent" " in the second class invoked is not strictly required.


It would be if the class-maps had been invoked in reverse order.


only doubt is if the bit torrent protocol is matched in this way.


you need to use

match protocol bittorrent


or

match not protocol bittorrent


see


BitTorrent


TCP


Dynamically Assigned or

6881-6889


BitTorrent File Transfer Traffic


bittorrent>> keyword to be used

!First IOS to support:

12.2(18)ZYA1

12.4(2)T


http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m1.html#wp1038163


Hope to help

Giuseppe


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Correct Answer
Giuseppe Larosa Tue, 10/13/2009 - 23:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Henry,

access-list 120 should be

access-list 120 permit tcp host 2.2.2.2 eq 80 any


clearly a mistyping.


>> is the "match not protocol http url "*.torrent" " important under the LIMITED_TRAFFIC class-map or can I perform the objective successfully without it?


the order of calls of class-maps in the policy-map is important.

Because DROPPED_TRAFFIC is called first torrent traffic will match it.


So the match not protocol http url "*.torrent" " in the second class invoked is not strictly required.


It would be if the class-maps had been invoked in reverse order.


only doubt is if the bit torrent protocol is matched in this way.


you need to use

match protocol bittorrent


or

match not protocol bittorrent


see


BitTorrent


TCP


Dynamically Assigned or

6881-6889


BitTorrent File Transfer Traffic


bittorrent>> keyword to be used

!First IOS to support:

12.2(18)ZYA1

12.4(2)T


http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m1.html#wp1038163


Hope to help

Giuseppe


hpitt2009 Wed, 10/14/2009 - 04:06
User Badges:

Thanks for the answer, I didn't know that you had to position class-maps in a certain order for them to execute. This was my confusion.

Actions

This Discussion