Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1023
Views
0
Helpful
2
Replies

Large uploads incorrectly marked as eDonkey traffic

c.holloway
Level 1
Level 1

‎02-18-2011 05:48 AM - edited ‎03-04-2019 11:28 AM

Hey everyone.

I ran into this recently with a client of mine.  When uploading files (either via FTP or through a shared drive in terminal services) from the site any files larger than 200MB or so would hang in the middle of the upload as the TCP session timed out because the traffic was cut off.  I started pulling apart the config on the 2911 edge router to determine what the issue was.

I trace the issue down to this particular policy which was created by CCP: sdmappfwp2p_CCP_LOW (When this policy was removed from the wan interface the issue vanished).  The default config of this policy was as follows:

policy-map sdmappfwp2p_CCP_LOW

class sdm_p2p_edonkey

drop

class sdm_p2p_gnutella

  drop

class sdm_p2p_kazaa

  drop

class sdm_p2p_bittorrent

  drop

I first removed the highlighted drop command from the edonkey class and reapplied the inspection policy to the WAN port and the issue remained resolved!

While this fixed the issue and I was able to block eDonkey traffic with just a simple outgoing ACL to block tcp port 4662 I find it very strange that a eDonkey inspection policy would cause such problems for eDonkey traffic.  I know for sure this is the only change made on the router and I'm just scratching my head at what I've found.  Has anyone else run into anything like this?  Is it a bug with NBAR?  Mostly I'm just curious as the issue is already resolved.

1 person had this problem
Labels:
0 Helpful
2 Replies 2

PShipley000
Level 1
Level 1

‎05-01-2013 07:19 AM

Hi c.holloway, thank you VERY much for tracking this one down. I had same issue when copying over site-to-site VPN link. Was pulling my hair out tinkering around with MTU, mss, TCP window sizes, etc across the board/devices/hosts.

Sure enough, examing the stats for the policy showed the matches as the transfer(s) progressed. Removing the edonkey statement cleared it up pronto....

Odd that this is triggered on standard SMB type traffic. Using a 2901 here with Version 15.1(4)M4

I know this topic is dated/old, but wanted to give you props for this one.

0 Helpful

c.holloway
Level 1
Level 1
In response to PShipley000

‎05-01-2013 08:14 AM

I'm glad I could help you out Phil.  If you don't mind, please rate the post when you have a moment since you found it helpful

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card