Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NBAR and http download

Hi all,

I want to limit http download for urls like

youtube.com for example

How can I do this ,

I make it for entire protocol http

but for only this url I don't see .

Can You help me please

13 REPLIES

Re: NBAR and http download

Hi,

I am afraid you cant limit traffic for specific URLS using NBAR. rather than using HTTP.

NBAR is most offenly used for peer-to-peer applications using PDLM (Packet description language Module).

You can installs every new application and you can copy and install in into your router flash using the command (ip nbar pdlm flash://xxx.pdlm) and apply the policy which defines the matching class.

In your case, There is another ption, just figure the source IP of the website & create 2 class-maps , One matches traffic from your source IP's to the destination URL & limit its bandwidth accordingly.

The other Class matches any any, then apply the policy to the interface.

example:

class-map match-any tube.com

match access-group 100

class-map match-any normal-traffic

match access-group 101

access-list 100 permit ip (your source IP's) (destination URL IP) eq www

access-list 101 permit ip any any

policy-map policing-tube

class tube.com

police (bit per second) conform-action drop -- Bandwidthe limited for Tube.com traffic

class normal-traffic

police (bits per second)

int x

service-policy output/input policing-tube

let us know if it works with you,

Regards,

Mohamed Sobair

Hall of Fame Super Bronze

Re: NBAR and http download

Please see:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r/qos_m1h.htm#wp1128712

class-map youtube

match protocol http url host youtube*

Re: NBAR and http download

Great Info..

Regards,

Mohamed Sobair

New Member

Re: NBAR and http download

hi all

In fact the pb is: a router (3745) with 2 interfaces: 1 for LAN f0/0

1 for WAN f0/1

I want to limit bandwith in download for url like youtube...

so my config is:

class-map youtube

match protocol http url "*youtube.com*"

policy-map youtube

class youtube

police 100000

nbar is applied on 2 interfaces fastethernet.

So if I want to limit download (100Kbits) ,I put the policy-map in INPUT on F0/1

But It doesn't work .

nbar match for the get request but it doesn't match for the reponse.

How can I do that?

Nbar doesn't seem to be stateful for me.

Thanks for your answer.

Hall of Fame Super Bronze

Re: NBAR and http download

Can you post the output from:

show policy-map interface

New Member

Re: NBAR and http download

Hi, my conf:

class-map match-all youtube

match protocol http url "*youtube.com*"

policy-map youtube

class youtube

police 100000 conform-action transmit exceed-action drop

interface FastEthernet0/0

description To WAN

ip address dhcp

ip nbar protocol-discovery

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

service-policy input youtube

interface FastEthernet0/1

description To LAN

ip address 10.0.0.2 255.255.255.240

ip nbar protocol-discovery

ip nat inside

ip virtual-reassembly

speed 100

full-duplex

Output of sh policy-map interface

FastEthernet0/0

Service-policy input: youtube

Class-map: youtube (match-all)

0 packets, 0 bytes

5 minute offered rate 0 bps, drop rate 0 bps

Match: protocol http url "*youtube.com*"

police:

cir 100000 bps, bc 3125 bytes

conformed 0 packets, 0 bytes; actions:

transmit

exceeded 0 packets, 0 bytes; actions:

drop

conformed 0 bps, exceed 0 bps

Class-map: class-default (match-any)

14367 packets, 1890350 bytes

5 minute offered rate 13000 bps, drop rate 0 bps

Match: any

Hall of Fame Super Bronze

Re: NBAR and http download

This line

match protocol http url "*youtube.com*"

should be

match protocol http url host "*youtube.com*"

Hall of Fame Super Bronze

Re: NBAR and http download

and actually, I recommend removing the "*" from the beginning of the string:

match protocol http url host "youtube*"

New Member

Re: NBAR and http download

(config-cmap)#match protocol http url host "*youtube.com*"

^

% Invalid input detected at '^' marker.

my ios :

3700 Software (C3745-ADVENTERPRISEK9_IVS-M), Version 12.4(9)T

New Member

Re: NBAR and http download

invalid after host

Hall of Fame Super Bronze

Re: NBAR and http download

Verified command with a router, this is the correct syntax

match protocol http host "youtube.com*"

New Member

Re: NBAR and http download

this line doesn't match packets I want

They 're in class map default.

I test with a router ( 2600)

Hall of Fame Super Bronze

Re: NBAR and http download

Strange...

Do you have CEF enabled ?

What IOS version are you running on the 2600 ?

Can you change the traffic flow from service-policy input to service-policy output ?

332
Views
5
Helpful
13
Replies