08-31-2007 09:30 AM - edited 03-03-2019 06:33 PM
Hi all,
I want to limit http download for urls like
youtube.com for example
How can I do this ,
I make it for entire protocol http
but for only this url I don't see .
Can You help me please
08-31-2007 12:45 PM
Hi,
I am afraid you cant limit traffic for specific URLS using NBAR. rather than using HTTP.
NBAR is most offenly used for peer-to-peer applications using PDLM (Packet description language Module).
You can installs every new application and you can copy and install in into your router flash using the command (ip nbar pdlm flash://xxx.pdlm) and apply the policy which defines the matching class.
In your case, There is another ption, just figure the source IP of the website & create 2 class-maps , One matches traffic from your source IP's to the destination URL & limit its bandwidth accordingly.
The other Class matches any any, then apply the policy to the interface.
example:
class-map match-any tube.com
match access-group 100
class-map match-any normal-traffic
match access-group 101
access-list 100 permit ip (your source IP's) (destination URL IP) eq www
access-list 101 permit ip any any
policy-map policing-tube
class tube.com
police (bit per second) conform-action drop -- Bandwidthe limited for Tube.com traffic
class normal-traffic
police (bits per second)
int x
service-policy output/input policing-tube
let us know if it works with you,
Regards,
Mohamed Sobair
08-31-2007 01:39 PM
Please see:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_m1h.htm#wp1128712
class-map youtube
match protocol http url host youtube*
08-31-2007 01:57 PM
Great Info..
Regards,
Mohamed Sobair
09-07-2007 08:17 AM
hi all
In fact the pb is: a router (3745) with 2 interfaces: 1 for LAN f0/0
1 for WAN f0/1
I want to limit bandwith in download for url like youtube...
so my config is:
class-map youtube
match protocol http url "*youtube.com*"
policy-map youtube
class youtube
police 100000
nbar is applied on 2 interfaces fastethernet.
So if I want to limit download (100Kbits) ,I put the policy-map in INPUT on F0/1
But It doesn't work .
nbar match for the get request but it doesn't match for the reponse.
How can I do that?
Nbar doesn't seem to be stateful for me.
Thanks for your answer.
09-07-2007 02:39 PM
Can you post the output from:
show policy-map interface
09-09-2007 12:28 AM
Hi, my conf:
class-map match-all youtube
match protocol http url "*youtube.com*"
policy-map youtube
class youtube
police 100000 conform-action transmit exceed-action drop
interface FastEthernet0/0
description To WAN
ip address dhcp
ip nbar protocol-discovery
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
service-policy input youtube
interface FastEthernet0/1
description To LAN
ip address 10.0.0.2 255.255.255.240
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
Output of sh policy-map interface
FastEthernet0/0
Service-policy input: youtube
Class-map: youtube (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*youtube.com*"
police:
cir 100000 bps, bc 3125 bytes
conformed 0 packets, 0 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Class-map: class-default (match-any)
14367 packets, 1890350 bytes
5 minute offered rate 13000 bps, drop rate 0 bps
Match: any
09-09-2007 04:25 AM
This line
match protocol http url "*youtube.com*"
should be
match protocol http url host "*youtube.com*"
09-09-2007 05:03 AM
and actually, I recommend removing the "*" from the beginning of the string:
match protocol http url host "youtube*"
09-09-2007 08:17 AM
(config-cmap)#match protocol http url host "*youtube.com*"
^
% Invalid input detected at '^' marker.
my ios :
3700 Software (C3745-ADVENTERPRISEK9_IVS-M), Version 12.4(9)T
09-09-2007 11:22 AM
invalid after host
09-09-2007 01:41 PM
Verified command with a router, this is the correct syntax
match protocol http host "youtube.com*"
09-10-2007 07:35 AM
this line doesn't match packets I want
They 're in class map default.
I test with a router ( 2600)
09-10-2007 08:57 AM
Strange...
Do you have CEF enabled ?
What IOS version are you running on the 2600 ?
Can you change the traffic flow from service-policy input to service-policy output ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide