Solved: Re: QoS

hpitt2009 · ‎10-13-2009

What is the proper way to:

Limit any web traffic from www.site.com to 1 Mbps and if the site has .torrent extension then drop the packet.

Here is my configuration, tell me if it is wrong or right?

Webserver IP is 2.2.2.2

access-list 120 permit host 2.2.2.2 eq 80 any

class-map match-all DROPPED_TRAFFIC

match access-group 120

match protocol http url "www.site.com/"

match protocol http url "*.torrent"

class-map match-all LIMITED_TRAFFIC

match access-group 120

match protocol http url "www.site.com/"

match not protocol http url "*.torrent"

policy-map MYPOLICY

class DROPPED_TRAFFIC

drop

class LIMITED_TRAFFIC

police cir 1000000

int f0/0

service-policy input MYPOLICY

My main question is, is the "match not protocol http url "*.torrent" " important under the LIMITED_TRAFFIC class-map or can I perform the objective successfully without it?

Giuseppe Larosa · ‎10-13-2009

Henry,

access-list 120 should be

access-list 120 permit tcp host 2.2.2.2 eq 80 any

clearly a mistyping.

>> is the "match not protocol http url "*.torrent" " important under the LIMITED_TRAFFIC class-map or can I perform the objective successfully without it?

the order of calls of class-maps in the policy-map is important.

Because DROPPED_TRAFFIC is called first torrent traffic will match it.

So the match not protocol http url "*.torrent" " in the second class invoked is not strictly required.

It would be if the class-maps had been invoked in reverse order.

only doubt is if the bit torrent protocol is matched in this way.

you need to use

match protocol bittorrent

or

match not protocol bittorrent

see

BitTorrent

TCP

Dynamically Assigned or

6881-6889

BitTorrent File Transfer Traffic

bittorrent>> keyword to be used

!First IOS to support:

12.2(18)ZYA1

12.4(2)T

http://www.cisco.com/en/US/docs/ios/qos/command/reference/qos_m1.html#wp1038163

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎10-13-2009