Solved: How can I limit endpoint bandwidth on 1921 Router to mitigate bittorrent traffic impact on guest net...

John Luft · ‎04-16-2014

We have set up an independent network for our guest wireless. It is an ADSL modem going into a Cisco 1921. I setup NAT and DHCP on the router and it is only accessible through the wireless connection. We have a 50Mbps connection and about 250 devices connecting to it. Some of these are using bittorrent and other file sharing software to eat up this bandwidth quickly.

Since torrent software can be set to any port and cannot be blocked that way, I was wondering if there is a way to limit the available bandwidth for each connecting device to mitigate this.

I put this into the WAN group because that seemed appropriate as it is making the external connection. I know the argument could be made for LAN as it only connects within the corporate building and not to any of our service centers.

Any help would be appreciated.

luckymike33 · ‎04-16-2014

Hi John,

I don't see anything wrong with applying a basic qos policy, classifying traffic using nbar to match against the protocol bittorrent, and other similar protocols. And then just throttle that traffic down using a policy map.

HTH

Mike

View solution in original post

John Luft · ‎06-05-2014

Thank you for the advice and for pointing me to NBAR.

I did some research and wanted to share what I came up with on it. (G0/1 is the inside port)

!

! Creating the class map to identify it

!

class-map match-any P2P

match protocol bittorrent

!

! Creating the policy map to identify how to treat it

! (Here is it dropped completely)

!

policy-map P2P

class P2P

drop

!

! Applying it to the interface

!

interface GigabitEthernet 0/1

service-policy input P2P

!

!Show command to test

show policy-map interface g0/1 input

View solution in original post

luckymike33 · ‎04-16-2014

Hi John,

I don't see anything wrong with applying a basic qos policy, classifying traffic using nbar to match against the protocol bittorrent, and other similar protocols. And then just throttle that traffic down using a policy map.

HTH

Mike

Joseph W. Doherty · ‎04-17-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

As Mike mentioned, NBAR might be able to identify something like bittorrent regardless of its port usage. Or, you try the converse, identify "good" traffic (which should exclude bittorrent).

Regardless whether you can identify "good" traffic or bittorrent, FQ might be used on egress. It won't restrict bandwidth, but at least it's fairly shared (NB: HQF can have different classes with FQ, allowing relative FQ sharing). Assuming your ADSL has much less egress than ingress bandwidth, this might be all you need.

If you want to do similar for ingress, you cannot use queuing on ingress. However, you can shape interior egress to be less than exterior ingress, and queue there. Doing so, you'll "lose" some of your external ingress bandwidth, and it won't work nearly as well (for other reasons).

John Luft · ‎06-05-2014