How to slow down offending traffic using Cisco Quality of Service, NBAR and traffic policing.
For the sake of all that is sacred....save us from the bandwidth theives! YouTube, Google Video, MySpace....and others. All of them are to thank for our latest level of Internet bandwidth saturation. If it bothers you like it does me, why not do something about it. Save the Internet bandwidth for your business!!
On a Cisco router, it is easy to recognize and limit this type of traffic by using Cisco Quality of Service, specifically NBAR and traffic policing components. In my scenario I will be reserving and policing the standard web traffic to 11Mbps of our DS3 and the Offending Traffic (mentioned above) to just 64Kbps. Offending traffic will still flow, but it WILL be slooooow ...
sample config:
Start by creating your traffic classes
!
class-map match-any web-traffic
match protocol http
match protocol secure-http
match protocol ipsec
match protocol dns
match protocol .... (match any other non-offending traffic here)
class-map match-any scum
match protocol http url "*youtube*"
match protocol http url "*video.google*"
match protocol http url "*myspace*"
Next, create your class maps to define the traffic parameters. (note the embedded policy may for the scum traffic)
policy-map inbound-internet
class web-traffic
bandwidth 10000 (in Kbps)
police cir 10000000 pir 11000000 conform-action transmit exceed-action set-prec-transmit 0 violate-action drop
service-policy die-scum
policy-map die-scum
class scum
police cir 56000 pir 64000 conform-action set-prec-transmit 0 exceed-action drop
Finally, assign the service policy to your coporate facing interface interface and enable NBAR for application recognition
interface GigabitEthernet0/1
service-policy output inbound-internet
ip nbar protocol-discovery
No comments:
Post a Comment