Re[4]: [cisco-ttl] istenmiyen tirafik

From: Yalcin Cekic ([email protected])
Date: Tue Jun 24 2003 - 14:08:11 GMT

  • Next message: Devrim Yener KUCUK: "Re: Re[4]: [cisco-ttl] istenmiyen tirafik"

     
     Selam Devrim,

    yaptigim isin orjinal dokumani mail'in sonunda, orada denilenleri
    yaptik.

    >Neden conform actionlar hep "drop", gnutella , kazaa2 ve fasttrack
    >trafigini hic mi gecirmeyeceksin?
    evet bu trafik hic gecmesin istiyoruz.

    >yani sadece "exceed" e de drop diyebilirdin.
    bu konfigurasyonu baska bir listeden aldik.
    konuya hic hakim degilim o yuzden.

    oncelikle ilgili portlarin konfigurasyonu soyle
    --------------------------
    !
    interface FastEthernet0/1
     ip address xx.xx.xx.x 255.255.255.192
     ip policy route-map test
     duplex auto
     speed auto
     service-policy input p2p
     no cdp enable
    !
    !
    interface Serial0/1.1 point-to-point
     description sp1
     ip address xx.xx.xx.xx 255.255.255.252
     service-policy output p2p
     no cdp enable
     frame-relay interface-dlci 16
    !
    !
    interface Serial3/1:1.1 point-to-point
     description sp2
     ip address xx.xx.xx.xx 255.255.255.252
     service-policy output p2p
     no arp frame-relay
     no cdp enable
     frame-relay interface-dlci 93
    !

    -----------------------------------------------------------------

    sh policy-map interface ciktisi:

     FastEthernet0/1

      Service-policy input: p2p

        Class-map: kazaa2 (match-all)
          3305070 packets, 760620797 bytes
          5 minute offered rate 4000 bps, drop rate 4000 bps
          Match: protocol kazaa2
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 3305070 packets, 760620797 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 4000 bps, exceed 0 bps

        Class-map: gnutella (match-all)
          325004 packets, 20152378 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol gnutella
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 325004 packets, 20152378 bytes; actions:
    drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps

        Class-map: fasttrack (match-all)
          7992 packets, 499372 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol fasttrack
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 7992 packets, 499372 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps

        Class-map: class-default (match-any)
          513173538 packets, 279205029652 bytes
          5 minute offered rate 393000 bps, drop rate 0 bps
          Match: any
     Serial0/1.1

      Service-policy output: p2p

        Class-map: kazaa2 (match-all)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: protocol kazaa2
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 0 packets, 0 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps

        Class-map: gnutella (match-all)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: protocol gnutella
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 0 packets, 0 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
    drop
            conformed 0 bps, exceed 0 bps

        Class-map: fasttrack (match-all)
          0 packets, 0 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: protocol fasttrack
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 0 packets, 0 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps

        Class-map: class-default (match-any)
          32225283 packets, 10760448739 bytes
          30 second offered rate 0 bps, drop rate 0 bps
          Match: any
     Serial3/0:1.1: DLCI 100 -

      Service-policy output: VOICE-POLICY

        Class-map: voice-traffic (match-all)
          22238373 packets, 1568213366 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group 110
          Queueing
            Strict Priority
            Output Queue: Conversation 136
            Bandwidth 45 (kbps) Burst 1125 (Bytes)
            (pkts matched/bytes matched) 22238373/1567102235
            (total drops/bytes drops) 57209/77334611

        Class-map: voice-signaling (match-all)
          105774 packets, 39353396 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: access-group 111
          Queueing
            Output Queue: Conversation 137
            Bandwidth 8 (kbps) Max Threshold 64 (packets)
            (pkts matched/bytes matched) 105774/39353396
            (depth/total drops/no-buffer drops) 0/0/0

        Class-map: class-default (match-any)
          156984969 packets, 124669187316 bytes
          5 minute offered rate 81000 bps, drop rate 0 bps
          Match: any
          Queueing
            Flow Based Fair Queueing
            Maximum Number of Hashed Queues 128
            (total queued/total drops/no-buffer drops) 0/13906/0
     Serial3/1:1.1

      Service-policy output: p2p

        Class-map: kazaa2 (match-all)
          1 packets, 383 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol kazaa2
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 1 packets, 383 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps

        Class-map: gnutella (match-all)
          1 packets, 52 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol gnutella
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 1 packets, 52 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps

        Class-map: fasttrack (match-all)
          400 packets, 20704 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol fasttrack
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 400 packets, 20704 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps

        Class-map: class-default (match-any)
          531558282 packets, 251427043991 bytes
          5 minute offered rate 377000 bps, drop rate 0 bps
          Match: any
     Serial4/0:1.1

      Service-policy output: p2p

        Class-map: kazaa2 (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol kazaa2
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 0 packets, 0 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps

        Class-map: gnutella (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol gnutella
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 0 packets, 0 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps

        Class-map: fasttrack (match-all)
          0 packets, 0 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: protocol fasttrack
          police:
              cir 2048000 bps, bc 384000 bytes
            conformed 0 packets, 0 bytes; actions:
              drop
            exceeded 0 packets, 0 bytes; actions:
              drop
            conformed 0 bps, exceed 0 bps

        Class-map: class-default (match-any)
          32806530 packets, 15357051585 bytes
          5 minute offered rate 0 bps, drop rate 0 bps
          Match: any
    -----------------------------------------------------------------

    orjinal dokuman.
    *****************************************************************
    Onemli olan noktalardan biri de yonlendiricinizde CEF switchingin acik
    olmasidir.

            Router(config)#ip cef

    Su an yaygin kullanilan kazaa, morpheus gibi yazilimlarin kullandigi
    belli basli protokoller vardir. Fasttrack ve Gnutella bunlardan en fazla
    kullanilan ikisi. Cisco yonlendiricinize oncelikle bunlarin NBAR
    tarafindan taninmasini saglayan, bir nevi imza olan pdlm uzantili
    dosyalari tftp vasitasi ile atilmasi gerekiyor. Ekte verilen pdlm
    dosyalarini bir tftp sunucusuna koyduktan sonra bunlari yonlendirici
    flashina veya diskine tftp ile atmaniz gerekiyor:

            Router#copy tftp flash
    veya
            Router#copy tftp disk0
            
    Butun dosyalar atildiktan sonra:

            Router(config)#ip nbar pdlm flash:kazaa2.pdlm
            Router(config)#ip nbar pdlm flash:gnutella.pdlm
            Router(config)#ip nbar pdlm flash:fasttrack.pdlm

    Komutlari ile NBAR'a pdlmler tanitilir. Bu asamada yeni bazi IOSlarda bu
    pdlmlerin bir veya birkaci icin bunlar zaten yuklu gibi bir hata
    alabilirsiniz. Belli IOS versiyonlari standart olarak bu pdlmleri
    icerdigi icin boyle bir hata aldiginiz zaman gozardi edebilirsiniz.

    Daha sonra herbir trafik tipi icin asagidaki konfigurasyon komutlarini
    kullanarak class-mapler olusturmaniz gerekiyor:

            Router(config)#class-map match-all gnutella
            Router(config-cmap)#match protocol gnutella

            Router(config)#class-map match-all kazaa2
            Router(config-cmap)#match protocol kazaa2

            Router(config)#class-map match-all fasttrack
            Router(config-cmap)#match protocol fasttrack

    Bu sekilde siniflandirilan trafik tiplerine uygulanacak politikayi
    belirlemek uzere asagidaki sekilde bir policy-map olusturun. Asagidaki
    ornekte Kazaa2, Gnutella ve Fasttrack tipi uygulamalar tamamen
    kisitlanmistir.

    Router(config)#policy-map p2p

     Router(config-pmap)#class kazaa2
     Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
    conform-action drop exceed-action drop

      Router(config-pmap)#class gnutella
      Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
    conform-action drop exceed-action drop

      Router(config-pmap)#class fasttrack
      Router(config-pmap-c)# police cir 8000 bc 18750000 be 37500000
    conform-action drop exceed-action drop

    Yukaridaki 18750000 sayisi su sekilde hesaplanir: Hat kapasitesi (bps) x
    1.5 / 8
    37500000 sayisi ise yukarida verilen degerin iki katidir.

    Son olarak policy-map'in ilgili interface'te uygulanabilmesi icin
    interface konfigurasyon modunda asagidaki komutlar girilir:

            Router(config-if)#service-policy input p2p
            Router(config-if)#service-policy output p2p

    Uyguladiginiz policy-map'in calisip calismadigini izlemek icin asagidaki
    komutu kullanabilirsiniz:

            Router#sh policy-map interface
    ****************************************************************************

    Y.C

    ------------------------ Yahoo! Groups Sponsor ---------------------~-->
    Looking for the latest Free IT White Papers?
    Visit SearchSecurity.com to access over 500 white papers.
    Get instant access at SearchSecurity.com Today
    http://us.click.yahoo.com/n8VQRB/QLNGAA/ddnFAA/26EolB/TM
    ---------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile dogrudan herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için [email protected] adresine bir e-posta gönderebilirsiniz.

    Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/



    This archive was generated by hypermail 2.1.5 : Tue Jun 24 2003 - 18:04:02 GMT