From: Church, Chuck (no email)
Date: Thu Dec 01 2005 - 10:52:34 EST
But be careful about the CPU usage and platform support for NBAR. I
don't think the sup720 will do NBAR, at least that's what I heard.
Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 864-266-3978
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
-----Original Message-----
From: [mailto:] On Behalf Of
Ray Burkholder
Sent: Thursday, December 01, 2005 8:52 AM
To: Ejay Hire
Cc: 'Kim Onnel'; 'NANGO'
Subject: RE: QoS for ADSL customers
There are a bunch of p2p and torrent custom classifier pdlm's at
http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm
Quoting Ejay Hire <>:
>
> I got an off-list reply about using Nbar, but I've never
> seen a class map that would match torrent.
>
> -e
>
> > -----Original Message-----
> > From: [mailto:]
> On
> > Behalf Of Kim Onnel
> > Sent: Thursday, December 01, 2005 7:12 AM
> > To: Ejay Hire
> > Cc: NANGO
> > Subject: Re: QoS for ADSL customers
> >
> > Our ADSL customers traffic is 3 OC3 worth of traffic, I
> dont
> > think our management would buy the idea.
> >
> > thanks
> >
> >
> > On 12/1/05, Ejay Hire <> wrote:
> >
> > Hello.
> >
> > Going back to your original question, how to keep
> from
> > saturating the network with residential users using
> > bittorrent/edonkey et al, while suffocating business
> > customers. Here goes.
> >
> > Netfilter/IpTables (and a slew of commercial
> products I'm
> > sure) has a Layer 7 traffic classifier, meaning it
> can
> > identify specific file transfer applications and set
> a
> > DiffServ bit. This means it can tell between a real
> http
> > request and a edonkey transfer, even if they are
> both using
> > http. It also has rate-limiting capability. So...
> If you
> > pass all of the traffic destined for your DSL
> customers
> > through an iptables box (single point of failure)
> then you
> > can classify and rate-limit the downstream rate on a
>
> > per-application basis.
> >
> > Fwiw, if you are using diffserv bits, you could push
> the
> > rate-limits down to the router with a qos policy in
> it
> > instead of doing it all in the iptables box.
> >
> > References on this.. The netfilter website (for
> > classification info) and the Linux advanced router
> tools
> > (LART) (qos info/rate limiting)
> >
> > -e
> >
> >
> > > -----Original Message-----
> > > From:
> [mailto:]
> > On
> > > Behalf Of Kim Onnel
> > > Sent: Thursday, December 01, 2005 3:26 AM
> > > To: NANGO
> > > Subject: Re: QoS for ADSL customers
> > >
> > > Can any one please suggest to me any commercial or
> none
> > > solution to cap the download stream traffic, our
> upstream
> > > will not recieve marked traffic from us, so what
> can be
> > done ?
> > >
> > >
> > > On 11/29/05, Kim Onnel <>
> wrote:
> > >
> > > Hello everyone,
> > >
> > > We have Juniper ERX as BRAS for ADSL, its
> GigE
> > > interface is on an old Cisco 3508 switch with an
> old IOS,
> > its
> > > gateway to the internet is a 7609, our transit
> internet
> > links
> > > terminate on GigaE, Flexwan on the 7600
> > >
> > > The links are now almost always fully
> utilized, we
> > want
> > > to do some QoS to cap our ADSL downstream, to give
> room
> > for
> > > the Corp. customers traffic to flow without pain.
> > >
> > > I'm here to collect ideas, comments, advises
> and
> > > experiences for such situations.
> > >
> > > Our humble approach was to collect some p2p
> ports
> > and
> > > police traffic to these ports, but the traffic
> wasnt much,
> >
> > > one other thing is rate-limiting per ADSL
> customers IPs,
> > but
> > > that wasnt supported by management, so we thought
> of
> > matching
> > > ADSL www traffic and doing exceed action is
> transmit, and
> > > police other IP traffic.
> > >
> > > Doing so on the ERX wasnt a nice experience,
> so
> > we're
> > > trying to do it on the cisco.
> > >
> > > Thanks
> > >
> > >
> > >
> >
> >
> >
> >
> >
>
>
> --
> Scanned for viruses and dangerous content at
> http://www.oneunified.net and is believed to be clean.
>
>
-- Ray Burkholder http://www.oneunified.net 441 505 7293 ------------------------------------------------- Sent from http://www.oneunified.net via IMP: http://horde.org/imp/ -- Scanned for viruses and dangerous content at http://www.oneunified.net and is believed to be clean.
|
|
|