08-11-2006 02:05 AM - edited 03-03-2019 01:37 PM
Hi
i'm trying to setup nbar to police P2P traffic and throttle it down to dialup speeds. However testing with bittorrent it doesn't seem to be working - here's my config:
---------------------------------
!
ip nbar pdlm bittorrent.pdlm
!
class-map match-any P2P
match protocol bittorrent
match protocol fasttrack
match protocol gnutella
match protocol kazaa2
match protocol napster
match protocol edonkey
match protocol winmx
!
policy-map slow-P2P
class P2P
police rate 56000 bps
conform-action transmit
exceed-action drop
class class-default
police rate 512000
conform-action transmit
exceed-action transmit
violate-action drop
!
interface Tunnel0
ip nbar protocol-discovery
service-policy input slow-P2P
service-policy output slow-P2P
---------------------------------
I'm running a torrent at the moment and its showing upload speed of 60kB/s.
"sh policy-map int tun0" shows that nbar is working and is dropping packets, but "sh ip nbar protocol-discovery top-n 5" shows a lot of unknown traffic (there's no other significant traffic running over this interface).
It looks to me like the bittorrent pdlm only catches traffic between the client and the tracker, and not the actual peer-2-peer traffic. Anyone know for certain how this works?
08-11-2006 03:38 AM
Hello,
are you running at least 12.4(2)T ?
Regards,
GNT
08-11-2006 04:53 AM
no - 12.3(8)YI1
is there an issue with NBAR on earlier IOS?
08-11-2006 05:06 AM
Hello,
you need 12.4(2)T for the bittorrent pdlm to work. Check this link for the IOS requirements (scroll down to 'Peer-to-Peer File-Sharing Applications'):
Table 1 NBAR-Supported Protocols
Regards,
GNT
08-11-2006 06:05 AM
now on 12.4(6)T but no difference.
here's what I'm seeing:
#sh ip nbar protocol-discovery top-n 5
Tunnel0
Input Output
----- ------
Protocol Packet Packet
Byte Count Byte Count
5min (bps) 5min (bps)
5min Max 5min Max
----------------------------------------------
bittorrent32295 260
1631816 40301
17000 0
20000 2000
h323 0 2
0 2888
0 0
0 0
ntp 0 28
0 2128
0 0
0 0
gre 84 0
2016 0
0 0
0 0
edonkey 0 1
0 1444
0 0
0 0
unknown 1503 51212
74716 59629733
1000 613000
4000 619000
Total 33885 51511
1708721 59677409
18000 613000
24000 621000
edit - sorry about the formatting - doesn't seem to be any way to get it formatted correctly. If you look carefully you can see there is more BT traffic on the input than the output, but more unknown on the output.
02-22-2011 08:45 PM
Any updates to this case?
I have been facing the same issues and hacking away at it off and on for months. even opened a TAC case but for the first time, Cisco TAC was absolutley no help and basically could not give me an answer.
02-23-2011 01:24 AM
sorry Joshua, can't remember if we found a solution to this and we're not now using NBAR (have a
dedicated UTM solution for that sort of thing). 5 years is a long time in
networking.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide