NBAR configuration for specific Vlan to throttle youtube

Answered Question
Feb 12th, 2012

I am trying to throttle http traffic for a specific network utilizing a policy-map and class-maps.  What I am trying to do is limit facebook, youtube, etc for a specific vlan but allow others to pass unmetered.  I have class-maps that match the http hosts which work fine and I have a class-map that matches the source network but I cannot seem to get it to match both at the same time.  Does anyone have a sample config that will match a source network and http host and apply a policer or priority to both?  So basically I just want to slow down youtube and facebook for the network below.

vlan IP 192.168.30.0/24

websites *youtube* *facebook* *fbcdn*

Thank you all for your support and assistance.

Mike

I have this problem too.
0 votes
Correct Answer by dancicioiu about 2 years 2 months ago

ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )

POLICE-WWW will match url list and source 192.168.30/24

"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :

policy-map filter

class ALL-SOURCES

   police rate 10000000

class POLICE-WWW

   police rate 1000000

Dan

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
dancicioiu Sun, 02/12/2012 - 01:58

Hi ,

The policy-map works by the first match. I think that the problem is that if you have the first class-map matching all the www traffic , this class-map will match also the "unwanted vlan source". So you should deny the IP sources that you want to police. Your config should look like :

!

ip access-list stan ACL-VLAN30

  permit 192.168.30.0 0.0.0.255

!

class-map match-all ALL-SOURCES

  match no access-group name ACL-VLAN30

  match protocol http url "*facebook*" "*youtube*" "*fbcdn*"

!

!

class-map match-all POLICE-WWW

  match access-group name ACL-VLAN30

  match protocol http url "*facebook*" "*youtube*" "*fbcdn*"

!

Dan

spartain Sun, 02/12/2012 - 02:05

Thanks for the reply,

would the policy-map just match ALL-Sources then POLICE like?

policy-map filter

class ALL-SOURCES

     priority 10000000  (10mb)

class POLICE-WWW

     priority 1000000 (1mb)

Am I thinking about this right?

Thanks again, this has been a challenge for me.

Correct Answer
dancicioiu Sun, 02/12/2012 - 02:26

ALL-SOURCES will match url list and any source but not the 192.168.30/24 ( match not access-group name )

POLICE-WWW will match url list and source 192.168.30/24

"priority" it is used for LLQ ( low latency queueing ) usually to prioritize the VOIP traffic . If you want to limit the traffic you better use shaping or policing. Policing will drop any excees traffic , Shaping will try to queue the excess traffic adding some latency. I would use policing :

policy-map filter

class ALL-SOURCES

   police rate 10000000

class POLICE-WWW

   police rate 1000000

Dan

spartain Sun, 02/12/2012 - 02:29

Perfect! I will test this out tomorrow. Thanks for the help and the quick response! 

Much appreciated!

Mike

Actions

Login or Register to take actions

This Discussion

Posted February 12, 2012 at 1:31 AM
Stats:
Replies:4 Avg. Rating:5
Views:562 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 2,069
2 1,736
3 1,675
4 1,624
5 1,529