But be careful about the CPU usage and platform support for NBAR. I don't think the sup720 will do NBAR, at least that's what I heard.
Chuck Church Lead Design Engineer CCIE #8776, MCNE, MCSE Netco Government Services - Design & Implementation Team 1210 N. Parker Rd. Greenville, SC 29609 Home office: 864-335-9473 Cell: 864-266-3978 [EMAIL PROTECTED] PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ray Burkholder Sent: Thursday, December 01, 2005 8:52 AM To: Ejay Hire Cc: 'Kim Onnel'; 'NANGO' Subject: RE: QoS for ADSL customers There are a bunch of p2p and torrent custom classifier pdlm's at http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm Quoting Ejay Hire <[EMAIL PROTECTED]>: > > I got an off-list reply about using Nbar, but I've never > seen a class map that would match torrent. > > -e > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On > > Behalf Of Kim Onnel > > Sent: Thursday, December 01, 2005 7:12 AM > > To: Ejay Hire > > Cc: NANGO > > Subject: Re: QoS for ADSL customers > > > > Our ADSL customers traffic is 3 OC3 worth of traffic, I > dont > > think our management would buy the idea. > > > > thanks > > > > > > On 12/1/05, Ejay Hire <[EMAIL PROTECTED]> wrote: > > > > Hello. > > > > Going back to your original question, how to keep > from > > saturating the network with residential users using > > bittorrent/edonkey et al, while suffocating business > > customers. Here goes. > > > > Netfilter/IpTables (and a slew of commercial > products I'm > > sure) has a Layer 7 traffic classifier, meaning it > can > > identify specific file transfer applications and set > a > > DiffServ bit. This means it can tell between a real > http > > request and a edonkey transfer, even if they are > both using > > http. It also has rate-limiting capability. So... > If you > > pass all of the traffic destined for your DSL > customers > > through an iptables box (single point of failure) > then you > > can classify and rate-limit the downstream rate on a > > > per-application basis. > > > > Fwiw, if you are using diffserv bits, you could push > the > > rate-limits down to the router with a qos policy in > it > > instead of doing it all in the iptables box. > > > > References on this.. The netfilter website (for > > classification info) and the Linux advanced router > tools > > (LART) (qos info/rate limiting) > > > > -e > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > > On > > > Behalf Of Kim Onnel > > > Sent: Thursday, December 01, 2005 3:26 AM > > > To: NANGO > > > Subject: Re: QoS for ADSL customers > > > > > > Can any one please suggest to me any commercial or > none > > > solution to cap the download stream traffic, our > upstream > > > will not recieve marked traffic from us, so what > can be > > done ? > > > > > > > > > On 11/29/05, Kim Onnel <[EMAIL PROTECTED]> > wrote: > > > > > > Hello everyone, > > > > > > We have Juniper ERX as BRAS for ADSL, its > GigE > > > interface is on an old Cisco 3508 switch with an > old IOS, > > its > > > gateway to the internet is a 7609, our transit > internet > > links > > > terminate on GigaE, Flexwan on the 7600 > > > > > > The links are now almost always fully > utilized, we > > want > > > to do some QoS to cap our ADSL downstream, to give > room > > for > > > the Corp. customers traffic to flow without pain. > > > > > > I'm here to collect ideas, comments, advises > and > > > experiences for such situations. > > > > > > Our humble approach was to collect some p2p > ports > > and > > > police traffic to these ports, but the traffic > wasnt much, > > > > > one other thing is rate-limiting per ADSL > customers IPs, > > but > > > that wasnt supported by management, so we thought > of > > matching > > > ADSL www traffic and doing exceed action is > transmit, and > > > police other IP traffic. > > > > > > Doing so on the ERX wasnt a nice experience, > so > > we're > > > trying to do it on the cisco. > > > > > > Thanks > > > > > > > > > > > > > > > > > > > > > > -- > Scanned for viruses and dangerous content at > http://www.oneunified.net and is believed to be clean. > > -- Ray Burkholder http://www.oneunified.net [EMAIL PROTECTED] 441 505 7293 ------------------------------------------------- Sent from http://www.oneunified.net via IMP: http://horde.org/imp/ -- Scanned for viruses and dangerous content at http://www.oneunified.net and is believed to be clean.