Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
437
Views
0
Helpful
3
Replies

CBWFQ implementation

intertouch
Level 1
Level 1

‎03-13-2006 05:32 AM - edited ‎03-03-2019 12:02 PM

I am implementing a CBWFQ policing to oy router to try to limit the P2P traffic, like BT and Edonkey2000. My config is as below:

class-map match-any denybt

match protocol bittorrent

match protocol edonkey

match protocol fasttrack

match protocol gnutella

!

!

policy-map bt-attack

class denybt

police 128000 conform-action transmit exceed-action drop violate-action drop

!

!

interface Ethernet1/0

description *** network Segment ***

ip address 203.x.x.x.x.255.224

service-policy input bt-attack

service-policy output bt-attack

full-duplex

!

!

interface serial1/0

description *** WAN network Segment ***

ip address 165.x.x.x.x.255.224

service-policy input bt-attack

service-policy output bt-attack

full-duplex

But, unfortunately, I still manage to get 300Kbps for my download using Bittorent! Why is that so?

Labels:
0 Helpful
3 Replies 3

nicholeleow
Level 1
Level 1

‎03-13-2006 10:20 PM

Hello,

Firstly, is your router able to recognise bittorent, edonkey, fasttrack and gnutella protocols?

Does your router support nbar software version? You may want to refer to the following URLs for more information:

http://www.cisco.com/en/US/products/hw/routers/ps368/products_command_reference_chapter09186a0080202743.html#wp1021242

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm#wp1096784

Regards,

Nichole

0 Helpful

ndarnell
Level 1
Level 1

‎03-14-2006 01:25 AM

One thing to bear in mind is that the 128000 is not an absolute value it is an average rate.

This link may help explain how ths works

http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/qos_c/qcpart4/qcpolts.htm#xtocid74401

0 Helpful

robert.hyde
Level 1
Level 1

‎03-17-2006 09:09 AM

Hello,

I have a thought that may or may not apply, and here is the litmus test: Are you seeing 300k throughput per the bittorrent app, or per the show policy-map interface command on the router? If it is the former, then I would think that strange myself but it must be due to the mechanisms of the token-bucket algorithm, etc...

But if it is the latter, if the router shows <= approximately 128k but your host shows 300k, then adding what Nichole said, for a sanity check you may want to make sure that your box is really recognizing all of the Bittorrent traffic. Since you were able to add the "match protocol bittorrent" command, you have the proper pdlm's loaded. If you didn't have the proper PDLM's loaded/imbedded or they were incompatible with the underlying NBAR version, you would have received an error message and it would not have taken those commands - don't ask how I know :-)

I would recommend this test: create an access-list that points to your bittorrent host, then add a match statement for that access-list to the END of your "denybt" class-map. Then run bittorrent again, and the counters & bit rate matching that access-list within the show policy-map int will tell you if the bittorrent pdlm is catching all, some, or none.

Hopefully that helps. Good luck!

Best Regards

Robert

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card