[c-nsp] Limiting bandwidth from specific source

Jeremy Bresley brez at brezworks.com
Wed Oct 21 08:26:55 EDT 2015 

Looking back through release notes for the NBAR packs, looks like the 
oldest release they had release notes for was 3.0, and it's in there.  
You can see which protocol pack you're using by doing show ip nbar 
protocol-pack active.  The latest is 14.0 which was released April 2015, 
and if you're running a compatible code version, I'd go as recent as 
possible, as they've added a LOT of new inspection protocols in the last 
3-4 versions.

They do "bundle" the newer protocol packs into newer IOS versions, so if 
you're on a recent 15.4S or 15.5S based release you may already have a 
fairly recent pack included.  The one thing to watch out for if you 
can't upgrade to newer code is the engine version.  13.0 and 14.0 are 
only supported by engine version 20 or 21.

Jeremy "TheBrez" Bresley
brez at brezworks.com

On 10/21/2015 1:49 AM, Antoine Monnier wrote:
> thanks to all for the feedback.
>
> Jeremy, would you know since which release that NBAR 2 capability of 
> matching youtube is available? or at least on which release you have 
> implemented that.
>
> thanks
>
> On Tue, Oct 20, 2015 at 3:47 PM, Jeremy Bresley <brez at brezworks.com 
> <mailto:brez at brezworks.com>> wrote:
>
>     Since you specificially mentioned an ASR1K, if you have the AVC
>     license ($10K list RTU license), you can enable NBAR2 which does
>     identify Youtube traffic.
>
>     Router#sh ip nbar protocol-id youtube
>
>     Protocol Name             id            type
>     ----------------------------------------------
>     youtube                  82            L7 STANDARD
>
>     Router#sh ip nbar protocol-attribute youtube
>
>                Protocol Name : youtube
>                    encrypted : encrypted-yes
>                       tunnel : tunnel-no
>                     category : consumer-streaming
>                 sub-category : consumer-video-streaming
>            application-group : flash-group
>               p2p-technology : p2p-tech-no
>                traffic-class : multimedia-streaming
>           business-relevance : business-irrelevant
>
>     There are some overhead concerns with doing DPI on all your
>     traffic, make sure you're not turning this on a link or router
>     that is overtaxed, etc, but it can be done.  We do this on our
>     internal MPLS headends running on ASR1004/RP2s and don't normally
>     exceed 10-15% CPU usage at gig speeds. You can also use the NBAR
>     classifiers in a QoS policy if they want to
>     rate-limit/shape/police that traffic.
>
>     Jeremy "TheBrez" Bresley
>     brez at brezworks.com <mailto:brez at brezworks.com>
>
>
>
>     On 10/20/2015 1:45 AM, Antoine Monnier wrote:
>
>         thanks Vijay.
>
>         so just to clarify the problem is on some customer facing
>         circuits.
>
>         Is there a way to identify "youtube" specific traffic compared
>         to "all of
>         Google services" traffic? Does Youtube use specific IP ranges?
>
>
>
>         On Tue, Oct 20, 2015 at 8:42 AM, Vijay S <vijay.hcr at gmail.com
>         <mailto:vijay.hcr at gmail.com>> wrote:
>
>             Well Google has ggc program which will give you free
>             Google peering you
>             dont need to pay to Google or any service provider except
>             connectivity cost.
>
>             And to limit traffic from specific source you can use
>             class based qos.
>

More information about the cisco-nsp mailing list