03-13-2006 05:32 AM - edited 03-03-2019 12:02 PM
I am implementing a CBWFQ policing to oy router to try to limit the P2P traffic, like BT and Edonkey2000. My config is as below:
class-map match-any denybt
match protocol bittorrent
match protocol edonkey
match protocol fasttrack
match protocol gnutella
!
!
policy-map bt-attack
class denybt
police 128000 conform-action transmit exceed-action drop violate-action drop
!
!
interface Ethernet1/0
description *** network Segment ***
ip address 203.x.x.x.x.255.224
service-policy input bt-attack
service-policy output bt-attack
full-duplex
!
!
interface serial1/0
description *** WAN network Segment ***
ip address 165.x.x.x.x.255.224
service-policy input bt-attack
service-policy output bt-attack
full-duplex
But, unfortunately, I still manage to get 300Kbps for my download using Bittorent! Why is that so?
03-13-2006 10:20 PM
Hello,
Firstly, is your router able to recognise bittorent, edonkey, fasttrack and gnutella protocols?
Does your router support nbar software version? You may want to refer to the following URLs for more information:
Regards,
Nichole
03-14-2006 01:25 AM
One thing to bear in mind is that the 128000 is not an absolute value it is an average rate.
This link may help explain how ths works
03-17-2006 09:09 AM
Hello,
I have a thought that may or may not apply, and here is the litmus test: Are you seeing 300k throughput per the bittorrent app, or per the show policy-map interface command on the router? If it is the former, then I would think that strange myself but it must be due to the mechanisms of the token-bucket algorithm, etc...
But if it is the latter, if the router shows <= approximately 128k but your host shows 300k, then adding what Nichole said, for a sanity check you may want to make sure that your box is really recognizing all of the Bittorrent traffic. Since you were able to add the "match protocol bittorrent" command, you have the proper pdlm's loaded. If you didn't have the proper PDLM's loaded/imbedded or they were incompatible with the underlying NBAR version, you would have received an error message and it would not have taken those commands - don't ask how I know :-)
I would recommend this test: create an access-list that points to your bittorrent host, then add a match statement for that access-list to the END of your "denybt" class-map. Then run bittorrent again, and the counters & bit rate matching that access-list within the show policy-map int will tell you if the bittorrent pdlm is catching all, some, or none.
Hopefully that helps. Good luck!
Best Regards
Robert
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: