Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
727
Views
0
Helpful
6
Replies

nbar & bittorrent

liamkennedy
Level 1
Level 1

‎08-11-2006 02:05 AM - edited ‎03-03-2019 01:37 PM

Hi

i'm trying to setup nbar to police P2P traffic and throttle it down to dialup speeds. However testing with bittorrent it doesn't seem to be working - here's my config:

---------------------------------

!

ip nbar pdlm bittorrent.pdlm

!

class-map match-any P2P

match protocol bittorrent

match protocol fasttrack

match protocol gnutella

match protocol kazaa2

match protocol napster

match protocol edonkey

match protocol winmx

!

policy-map slow-P2P

class P2P

police rate 56000 bps

conform-action transmit

exceed-action drop

class class-default

police rate 512000

conform-action transmit

exceed-action transmit

violate-action drop

!

interface Tunnel0

ip nbar protocol-discovery

service-policy input slow-P2P

service-policy output slow-P2P

---------------------------------

I'm running a torrent at the moment and its showing upload speed of 60kB/s.

"sh policy-map int tun0" shows that nbar is working and is dropping packets, but "sh ip nbar protocol-discovery top-n 5" shows a lot of unknown traffic (there's no other significant traffic running over this interface).

It looks to me like the bittorrent pdlm only catches traffic between the client and the tracker, and not the actual peer-2-peer traffic. Anyone know for certain how this works?

Labels:
0 Helpful
6 Replies 6

globalnettech
Level 5
Level 5

‎08-11-2006 03:38 AM

Hello,

are you running at least 12.4(2)T ?

Regards,

GNT

0 Helpful

liamkennedy
Level 1
Level 1
In response to globalnettech

‎08-11-2006 04:53 AM

no - 12.3(8)YI1

is there an issue with NBAR on earlier IOS?

0 Helpful

globalnettech
Level 5
Level 5
In response to liamkennedy

‎08-11-2006 05:06 AM

Hello,

you need 12.4(2)T for the bittorrent pdlm to work. Check this link for the IOS requirements (scroll down to 'Peer-to-Peer File-Sharing Applications'):

Table 1 NBAR-Supported Protocols

http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a008064fb35.html#wp1056828

Regards,

GNT

0 Helpful

liamkennedy
Level 1
Level 1
In response to globalnettech

‎08-11-2006 06:05 AM

now on 12.4(6)T but no difference.

here's what I'm seeing:

#sh ip nbar protocol-discovery top-n 5

Tunnel0

Input Output

----- ------

Protocol Packet Packet

Byte Count Byte Count

5min (bps) 5min (bps)

5min Max 5min Max

----------------------------------------------

bittorrent32295 260

1631816 40301

17000 0

20000 2000

h323 0 2

0 2888

0 0

0 0

ntp 0 28

0 2128

0 0

0 0

gre 84 0

2016 0

0 0

0 0

edonkey 0 1

0 1444

0 0

0 0

unknown 1503 51212

74716 59629733

1000 613000

4000 619000

Total 33885 51511

1708721 59677409

18000 613000

24000 621000

edit - sorry about the formatting - doesn't seem to be any way to get it formatted correctly. If you look carefully you can see there is more BT traffic on the input than the output, but more unknown on the output.

0 Helpful

Joshua Engels
Level 1
Level 1
In response to liamkennedy

‎02-22-2011 08:45 PM

Any updates to this case?

I have been facing the same issues and hacking away at it off and on for months.  even opened a TAC case but for the first time, Cisco TAC was absolutley no help and basically could not give me an answer.

0 Helpful

liamkennedy
Level 1
Level 1
In response to liamkennedy

‎02-23-2011 01:24 AM

sorry Joshua, can't remember if we found a solution to this and we're not now using NBAR (have a

dedicated UTM solution for that sort of thing).  5 years is a long time in

networking.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card