02-09-2016 09:02 AM - edited 03-05-2019 03:18 AM
Greetings,
Are there any best practices for blocking bittorrent on an ASR9K? NBAR or NBAR2 would be great, but they are not supported in IOS-XR. Is there something similar on the ASR9K? Thanks!
02-09-2016 12:50 PM
Give up. You can't really block it. Bittorrent can use any UDP or TCP port, and be encrypted. It is a loosing battle.
BitTorrent has not been easy to control for a long time now. It has evolved too far.
02-10-2016 09:46 AM
But with NBAR or similar tools I don't have to worry about port numbers, because it is looking at the application layer, correct? I realize there is nothing that can be done about p2p traffic that is running over TOR, SSL, or VPN. What i'd like to prevent is the casual user that downloaded utorrent for the first time and visits piratebay from clogging up my core. The more savvy users that can encrypt p2p, we will have to try to identify off of bandwidth usage alone.
02-10-2016 11:35 AM
I think all modern Torrent clients encrypt traffic by default and as their first choice. You could only catch users with really old versions who have never upgraded.
I don't think it is very feasible to block this type of traffic any more.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide