Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
0
Helpful
1
Replies

NBAR to block edonkey and bittorrent

ime_redes
Level 1
Level 1

‎03-26-2009 04:47 AM

We are trying to block p2p traffic, especially bittorrent and edonkey, with NBAR on a 2821 router. The commands inserted at running-config are shown below.

The command “show policy-map int giga 0/0”, shows some packets dropped but when we using the program amule in Linux it works, but the program equivalent in windows, emule does not work. What can be happening ?

How can we be sure that the packages are correctly identified and blocked ?

When we have ACL and service-policy with NBAR at the same interface what is done first ?

“running-config”

-----

!

class-map match-any peer-to-peer

match protocol bittorrent

match protocol kazaa2

match protocol edonkey

!

policy-map drop-peer-to-peer

class peer-to-peer

drop

!

interface GigabitEthernet0/0

ip address 192.168.120.49 255.255.255.248

ip access-group 171 out

ip nbar protocol-discovery

duplex auto

speed auto

service-policy input drop-peer-to-peer

service-policy output drop-peer-to-peer

!

-------

“Output of command show policy-map interface”

Cisco2821#sh policy-map int giga 0/0

GigabitEthernet0/0

Service-policy input: drop-peer-to-peer

Class-map: peer-to-peer (match-any)

4148017 packets, 489766793 bytes

5 minute offered rate 5000 bps, drop rate 5000 bps

Match: protocol bittorrent

4090268 packets, 471253367 bytes

5 minute rate 5000 bps

Match: protocol kazaa2

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol edonkey

57747 packets, 18513426 bytes

5 minute rate 0 bps

drop

Class-map: class-default (match-any)

281519716 packets, 139238496766 bytes

5 minute offered rate 2769000 bps, drop rate 0 bps

Match: any

Service-policy output: drop-peer-to-peer

Class-map: peer-to-peer (match-any)

2040318 packets, 204257540 bytes

5 minute offered rate 1000 bps, drop rate 1000 bps

Match: protocol bittorrent

2023231 packets, 194432473 bytes

5 minute rate 1000 bps

Match: protocol kazaa2

0 packets, 0 bytes

5 minute rate 0 bps

Match: protocol edonkey

17087 packets, 9825067 bytes

5 minute rate 0 bps

drop

Class-map: class-default (match-any)

286842244 packets, 240568337214 bytes

5 minute offered rate 5294000 bps, drop rate 0 bps

Match: any

----------------------

Labels:
0 Helpful
1 Reply 1

MICHEL.HEGERAAT
Level 1
Level 1

‎03-26-2009 09:06 AM

I found that most of these type of p2p try multiple ways to connect to their servers.

If they find a way that works they stick to that. If that way gets block they try other ways.

So to make sure the p2p does not disturb the business related traffic I would suggest you put the p2p in a low priority class but still allow it to work.

This way it won't try to connect in other ways. If it goes out as https traffic you won't be able to see the difference with business traffic. That would be a real problem.

Cheers,

Michel

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents