[c-nsp] Limiting bandwidth from specific source

Jeremy Bresley brez at brezworks.com
Tue Oct 20 09:47:40 EDT 2015 

Since you specificially mentioned an ASR1K, if you have the AVC license 
($10K list RTU license), you can enable NBAR2 which does identify 
Youtube traffic.

Router#sh ip nbar protocol-id youtube

Protocol Name             id            type
----------------------------------------------
youtube                  82            L7 STANDARD

Router#sh ip nbar protocol-attribute youtube

            Protocol Name : youtube
                encrypted : encrypted-yes
                   tunnel : tunnel-no
                 category : consumer-streaming
             sub-category : consumer-video-streaming
        application-group : flash-group
           p2p-technology : p2p-tech-no
            traffic-class : multimedia-streaming
       business-relevance : business-irrelevant

There are some overhead concerns with doing DPI on all your traffic, 
make sure you're not turning this on a link or router that is overtaxed, 
etc, but it can be done.  We do this on our internal MPLS headends 
running on ASR1004/RP2s and don't normally exceed 10-15% CPU usage at 
gig speeds.  You can also use the NBAR classifiers in a QoS policy if 
they want to rate-limit/shape/police that traffic.

Jeremy "TheBrez" Bresley
brez at brezworks.com


On 10/20/2015 1:45 AM, Antoine Monnier wrote:
> thanks Vijay.
>
> so just to clarify the problem is on some customer facing circuits.
>
> Is there a way to identify "youtube" specific traffic compared to "all of
> Google services" traffic? Does Youtube use specific IP ranges?
>
>
>
> On Tue, Oct 20, 2015 at 8:42 AM, Vijay S <vijay.hcr at gmail.com> wrote:
>
>> Well Google has ggc program which will give you free Google peering you
>> dont need to pay to Google or any service provider except connectivity cost.
>>
>> And to limit traffic from specific source you can use class based qos.
>>
>> Regards
>> Vijay A.
>> On Oct 20, 2015 12:08 PM, "Antoine Monnier" <mrantoinemonnier at gmail.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> We are running into capacity issues on some internet pipes and this is
>>> affecting "business" traffic.
>>> A quick analysis showed us that roughly 40% of traffic on that specific
>>> pipe comes from Google-owned IP ranges.
>>> We are guessing that most of it is Youtube and we are being asked to come
>>> up with a solution to throttle that traffic. (Apparently making users sign
>>> internet-use policy is not effective!)
>>>
>>> Is there a way to identify youtube specific traffic on an ASR1K purely
>>> based on L3 info?
>>>
>>> And going more broadly, how are others handling such issues generally?
>>>
>>> (sure, we can upgrade the bandwidth if they have the money, but congestion
>>> point is just going to move further down their internal WAN network)
>>>
>>>
>>> Thanks
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list