Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CBWFQ implementation

I am implementing a CBWFQ policing to oy router to try to limit the P2P traffic, like BT and Edonkey2000. My config is as below:

class-map match-any denybt

match protocol bittorrent

match protocol edonkey

match protocol fasttrack

match protocol gnutella

!

!

policy-map bt-attack

class denybt

police 128000 conform-action transmit exceed-action drop violate-action drop

!

!

interface Ethernet1/0

description *** network Segment ***

ip address 203.x.x.x.x.255.224

service-policy input bt-attack

service-policy output bt-attack

full-duplex

!

!

interface serial1/0

description *** WAN network Segment ***

ip address 165.x.x.x.x.255.224

service-policy input bt-attack

service-policy output bt-attack

full-duplex

But, unfortunately, I still manage to get 300Kbps for my download using Bittorent! Why is that so?

3 REPLIES
Community Member

Re: CBWFQ implementation

Hello,

Firstly, is your router able to recognise bittorent, edonkey, fasttrack and gnutella protocols?

Does your router support nbar software version? You may want to refer to the following URLs for more information:

http://www.cisco.com/en/US/products/hw/routers/ps368/products_command_reference_chapter09186a0080202743.html#wp1021242

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm#wp1096784

Regards,

Nichole

Community Member

Re: CBWFQ implementation

One thing to bear in mind is that the 128000 is not an absolute value it is an average rate.

This link may help explain how ths works

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart4/qcpolts.htm#xtocid74401

Community Member

Re: CBWFQ implementation

Hello,

I have a thought that may or may not apply, and here is the litmus test: Are you seeing 300k throughput per the bittorrent app, or per the show policy-map interface command on the router? If it is the former, then I would think that strange myself but it must be due to the mechanisms of the token-bucket algorithm, etc...

But if it is the latter, if the router shows <= approximately 128k but your host shows 300k, then adding what Nichole said, for a sanity check you may want to make sure that your box is really recognizing all of the Bittorrent traffic. Since you were able to add the "match protocol bittorrent" command, you have the proper pdlm's loaded. If you didn't have the proper PDLM's loaded/imbedded or they were incompatible with the underlying NBAR version, you would have received an error message and it would not have taken those commands - don't ask how I know :-)

I would recommend this test: create an access-list that points to your bittorrent host, then add a match statement for that access-list to the END of your "denybt" class-map. Then run bittorrent again, and the counters & bit rate matching that access-list within the show policy-map int will tell you if the bittorrent pdlm is catching all, some, or none.

Hopefully that helps. Good luck!

Best Regards

Robert

156
Views
0
Helpful
3
Replies
CreatePlease to create content