PDLM Implementation

intertouch · ‎03-13-2006

I am implementing a CBWFQ policing to oy router to try to limit the P2P traffic, like BT and Edonkey2000. My config is as below:

class-map match-any denybt

match protocol bittorrent

match protocol edonkey

match protocol fasttrack

match protocol gnutella

!

policy-map bt-attack

class denybt

police 64000 conform-action transmit exceed-action drop violate-action drop

!

interface Ethernet1/0

description *** network Segment ***

ip address 203.113.1.1 255.255.255.224

service-policy input bt-attack

service-policy output bt-attack

full-duplex

!

interface serial1/0

description *** WAN network Segment ***

ip address 165.113.24.33 255.255.255.224

service-policy input bt-attack

service-policy output bt-attack

full-duplex

But, unfortunately, I still manage to get 300Kbps for my download using Bittorent! Why is that so?

lgijssel · ‎03-13-2006

The problem with these protocols is that they do not always use the same protocol port. This makes them hard to detect. I do not exactly know how the router matches a packet to the listed protocols but I suspect that not all varieties of (for example) BT are identified as such by the router.

You will either need to analyse the packets yourself and adapt your service policy or use an Intrusion Detection System. The latter checks other properties (above layer4) of the traffic and will have more success in blocking or controlling unwanted streams.

Manual adjustment of the policy is labour intensive and will probably not last long and/or have unwanted side effects. Hence, using an IDS is the preferred solution.

Regards,

Leo