[c-nsp] QoS for skype with nbar on 837 with 12.3(11)YZ2

Matthew Huff mhuff at ox.com
Fri Jun 19 15:57:36 EDT 2009


Even with the newest Skype nbar pdlm or built-in nbar in 12.4T(x), it is
pretty useless. The majority of Skype traffic is sent now encrypted over
port 443. The only way I know to monitor/block it is with something like
bluecoat/websense, and then only at the point of origin (since you have to
proxy the ssl traffic at the source). I'd be happy to be proved wrong, but I
believe, at least for now, that Skype has won the war. 

----
Matthew Huff       | One Manhattanville Rd
OTA Management LLC | Purchase, NY 10577
http://www.ox.com  | Phone: 914-460-4039
aim: matthewbhuff  | Fax:   914-460-4139



> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> bounces at puck.nether.net] On Behalf Of Giorgos Manousakis
> Sent: Friday, June 19, 2009 3:28 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] QoS for skype with nbar on 837 with 12.3(11)YZ2
> 
> Dear All,
> 
> i am trying to apply QoS on my aDsl interface (2048/256) and i need to
> give
> strict priority to voice traffic, including skype and g711.
> 
> I suppose that i can match the g711 by using nbar rtp audio protocol or
> by
> using source ports that are know on my asterisk server.
> 
> Because of randomness of skype protocol that kind of handling does not
> apply.
> I found that skype is included in nbar but only after 12.4 version.
> Unfortunately i cannot upgrade the ios of my 837 cause of lack of DRAM,
> which is not upgradable.
> So i tried to find a pdlm addon for skype, but it is not available for
> stand
> alone download (http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm).
> 
> Can i found anywhere a skype.pdlm file? Is there any other way that i
> can
> match this traffic? Could i try rtp audio for that one too?
> 
> Thanks
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4229 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20090619/711ce0a2/attachment.bin>


More information about the cisco-nsp mailing list