[nsp] Re: NBAR question

Mark Pace Balzan mpb at melitacable.com
Thu Mar 6 21:48:02 EST 2003 

Hi All,

having the same problems with unknown traffic here.

I tried kazaa2 pdlm with 12.2(13)T/12.1(14)E and tac on the other end of the
line.

I still remained with lots of 'other' traffic as well. Packet traces showed
traffic on a variety of dynamic src/dst ports.

Also from casually talking to some users, the following applications are
also very common and use dynamic ports:
imesh, irc dcc, msn file transfers, emule and the list is endless

unfortunately this unidentified traffic flood also affects online gaming
which also uses dynamic ports. Problem is these games which are unknown
traffic are being choked by the other unknown traffic, most likely p2p.

So I think part of the solution is to identify more of the p2p applications,
plus more of the other applications such as onling gaming, so they can be
isolated from each other.

anyone from cisco, care to comment on future pdlm developments for
identifying other traffic types, or other ways of going about this.


cheers


Mark




| At 01:43 PM 3/5/2003 -0800, Siva Valliappan wrote:
| >Hi,
| >
| >   you might want to install the KaZaa 2 pdlm to see if more of your
| >peer 2 peer traffic is classified.  i checked with some of the QoS
| >team on your figures and they suspect you might be having a flood of
| >KaZaa 2 traffic.  the PDLM for KaZaa 2 is at:
| >
| >http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm
| >
| >cheers
| >.siva
|
| Hi Siva:
|
| The version of code I am now using has kazaa2 natively compiled in,
| however, I still see a large percentage of "unknown" traffic.
|
| IOS (tm) 7200 Software (C7200-JK8O3S-M), Version 12.2(16.4)T,  MAINTENANCE
| INTERIM SOFTWARE
|
| #show ip nbar proto int atm2/0.31
|
|   ATM2/0.31
|                              Input                    Output
|     Protocol                 Packet Count             Packet Count
|                              Byte Count               Byte Count
|                              30 second bit rate (bps) 30 second bit rate
(bps)
|     ------------------------ ------------------------ --------------------
----
|     http                     53747452                 28462585
|                              45422167937              6253508836
|                              2848000                  133000
|     kazaa2                   73290926                 34335768
|                              15097238440              11739546309
|                              986000                   806000
|     gnutella                 8697819                  3509837
|                              4307693371               1040095656
|                              868000                   136000
|     fasttrack                6866692                  3356722
|                              6281835790               2703015167
|                              546000                   315000
| <snip>
|     unknown                  55400852                 37217933
|                              25535714756              41656810393
|                              1597000                  1729000
|     Total                    228413920                130605910
|                              116208504466             70216336385
|                              7751000                  3279000
|
|
| So I don't think that PDLM will help.
|
| Chris

More information about the cisco-nsp mailing list