Re: Policer for Application on cEdge

andre.ortega · ‎08-13-2024

Hello,

we created a centralized policy, to policer traffic FTP, but it is not working.

We are using cEdges running version 17.09.03.0.15, and vManage 20.9.3.1.

Traffic Policy Config:

viptela-policy:policy
data-policy _VPN10_DP_Policer200kbps
vpn-list VPN10
sequence 1
match
app-list APP_BULK_DATA
source-data-prefix-list VPN10_Site300_400_500_Prefixes
!
action accept
set
policer Policer200Kbps
!
!
!
sequence 11
match
source-data-prefix-list VPN10_Site300_400_500_Prefixes
app-list VIP07_YouTube
!
action drop
!
!
default-action accept
!
policer Policer200Kbps
burst 200000
exceed drop
rate 200000
!
lists
app-list APP_BULK_DATA
app ftp
app jabber
app netblt
app ftp-data
app ftp_data
app rsync
app cisco-jabber-im
!
app-list VIP07_YouTube
app youtube
app ytimg
app youtube_hd
!
data-prefix-list VPN10_Site300_400_500_Prefixes
ip-prefix 10.30.1.0/24
ip-prefix 100.110.30.1/32
ip-prefix 10.40.1.0/24
ip-prefix 100.110.40.1/32
ip-prefix 10.50.1.0/24
ip-prefix 100.110.50.1/32
ip-prefix 100.110.50.2/32
!
site-list AllSites
site-id 100
site-id 200
site-id 300
site-id 400
site-id 500
!
vpn-list VPN10
vpn 10
!
!
!
apply-policy
site-list AllSites
data-policy _VPN10_DP_Policer200kbps from-service
!
!

If we remove the application list and use only source and destinatino IP address, the policer works.

Is there some error on the config? Or this is not supported on cEdges?

Kanan Huseynli · ‎08-14-2024

Hi,

did you enable DPI for routers in localized policy?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Added Solucoes · ‎08-15-2024

Hi Kanan,

yes, it is enabled. To test, on the same policy we create a rule to block Youtube and it worked.

Only the policer is not working.

Is it supported (to policy traffic based on application)? We are testing on 8000v.