03-26-2009 04:47 AM
We are trying to block p2p traffic, especially bittorrent and edonkey, with NBAR on a 2821 router. The commands inserted at running-config are shown below.
The command âshow policy-map int giga 0/0â, shows some packets dropped but when we using the program amule in Linux it works, but the program equivalent in windows, emule does not work. What can be happening ?
How can we be sure that the packages are correctly identified and blocked ?
When we have ACL and service-policy with NBAR at the same interface what is done first ?
ârunning-configâ
-----
!
class-map match-any peer-to-peer
match protocol bittorrent
match protocol kazaa2
match protocol edonkey
!
policy-map drop-peer-to-peer
class peer-to-peer
drop
!
interface GigabitEthernet0/0
ip address 192.168.120.49 255.255.255.248
ip access-group 171 out
ip nbar protocol-discovery
duplex auto
speed auto
service-policy input drop-peer-to-peer
service-policy output drop-peer-to-peer
!
-------
âOutput of command show policy-map interfaceâ
Cisco2821#sh policy-map int giga 0/0
GigabitEthernet0/0
Service-policy input: drop-peer-to-peer
Class-map: peer-to-peer (match-any)
4148017 packets, 489766793 bytes
5 minute offered rate 5000 bps, drop rate 5000 bps
Match: protocol bittorrent
4090268 packets, 471253367 bytes
5 minute rate 5000 bps
Match: protocol kazaa2
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol edonkey
57747 packets, 18513426 bytes
5 minute rate 0 bps
drop
Class-map: class-default (match-any)
281519716 packets, 139238496766 bytes
5 minute offered rate 2769000 bps, drop rate 0 bps
Match: any
Service-policy output: drop-peer-to-peer
Class-map: peer-to-peer (match-any)
2040318 packets, 204257540 bytes
5 minute offered rate 1000 bps, drop rate 1000 bps
Match: protocol bittorrent
2023231 packets, 194432473 bytes
5 minute rate 1000 bps
Match: protocol kazaa2
0 packets, 0 bytes
5 minute rate 0 bps
Match: protocol edonkey
17087 packets, 9825067 bytes
5 minute rate 0 bps
drop
Class-map: class-default (match-any)
286842244 packets, 240568337214 bytes
5 minute offered rate 5294000 bps, drop rate 0 bps
Match: any
----------------------
03-26-2009 09:06 AM
I found that most of these type of p2p try multiple ways to connect to their servers.
If they find a way that works they stick to that. If that way gets block they try other ways.
So to make sure the p2p does not disturb the business related traffic I would suggest you put the p2p in a low priority class but still allow it to work.
This way it won't try to connect in other ways. If it goes out as https traffic you won't be able to see the difference with business traffic. That would be a real problem.
Cheers,
Michel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: