[c-nsp] NBAR + QoS - policing kills class-default traffic
Matthew White
mawhi at vestas.com
Tue Sep 22 17:07:28 EDT 2009
Greetings,
I've got the following kit:
Cisco 7204VXR (NPE-G1) processor
Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(24)T1
and the following NBAR + QoS config:
class-map match-any HULU
match protocol http host "t2.hulu.com"
match protocol http host "t.hulu.com"
match protocol http host "hulu.com"
class-map match-any YOUTUBE
match protocol http host "youtube.com"
class-map match-all PANDORA
match access-group name PANDORA_SERVERS
class-map match-any WEB_ENTERTAINMENT
match class-map PANDORA
match class-map HULU
match class-map YOUTUBE
policy-map LIMIT_INTERNET_TRAFFIC
class WEB_ENTERTAINMENT
police 8000 conform-action transmit exceed-action drop
interface GigabitEthernet0/1
ip address x.x.x.x 255.255.255.192
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
no ip mroute-cache
duplex full
speed 100
media-type rj45
no negotiation auto
service-policy output LIMIT_INTERNET_TRAFFIC
The policy polices HULU and PANDORA, counters don't increment for YOUTUBE (and doesn't get policed) and after 3 or 4 minutes ALL web traffic is policed. Has anyone seen this behavior before?
Yours Sincerely,
Matthew White
Sr. Network Engineer
Group IT, Operations, Network
Vestas Wind Systems A/S
T: +1 503 327 2320
M: +1 503 927 5728
mawhi at vestas.com
Company reg. name: Vestas Wind Systems A/S
This e-mail is subject to our e-mail disclaimer statement.
Please refer to www.vestas.com/legal/notice
If you have received this e-mail in error please contact the sender.
More information about the cisco-nsp
mailing list