Re: nbar direction for downloading content

From: Koen Zeilstra (koen@koenzeilstra.com)
Date: Thu Jun 01 2006 - 05:56:38 ART

• Next message: Petr Lapukhov: "Re: nbar direction for downloading content"
• Previous message: Koen Zeilstra: "nbar direction for downloading content"
• Maybe in reply to: Koen Zeilstra: "nbar direction for downloading content"
• Next in thread: Petr Lapukhov: "Re: nbar direction for downloading content"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

As often is the case. You dig information and can not find the answer. As
soon as you ask someone else you find the answer yourself.....

I guess this solves the issue for policing images downloads:

class-map match-any HTTP_IMAGES
  match protocol http mime "*gif"
  match protocol http mime "*jpg"
  match protocol http mime "*jpeg"
!

policy-map LIM_IMAGE_DOWNLOAD
 class HTTP_IMAGES
  police 1000000
!

int s0
 service-policy input LIM_IMAGE_DOWNLOAD
!

See the "mime data" as a response (incoming) to the "url data"
(outgoing).

NB pay attention to the dots:

match protocol http url "*.gif"
match protocol http mime "*gif"

regards,

Koen Zeilstra

-----------------------
All power corrupts, but we need electricity.

On Thu, 1 Jun 2006, Koen Zeilstra wrote:

| Hi group,
|
| Please review the example on
|
| http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134add.html#wp1033958
|
|
| Suppose I have a network like this:
|
|
| (R3)f0-----f0(R1)s0-------INTERNET
|
|
| I want to limit all downloads of images to 1Mb using nbar.
|
| According to the example I would need something like this:
|
| Router(config)# class-map match-any web_images
| Router(config-cmap)# match protocol http url "*.gif"
| Router(config-cmap)# match protocol http url "*.jpg|*.jpeg"
|
| Router(config)# class-map match-any av_im_web
| Router(config-cmap)# match class-map audio_video
| Router(config-cmap)# match class-map web_images
|
| Router(config)# policy-map e-express
| Router(config-pmap-c)# class av_im_web
| Router(config-pmap-c)# police 1000000 conform transmit exceed drop
|
| However my question is. Where to apply the service-policy and in which
| direction?
|
| Downloading goes from INTERNET towards R1, so I would expect to apply the
| service-policy inbound of R1 s0. However a URL contains the link to the images
| on which the match statement matches. The download traffic which is a result
| of the URL submitted does not contain the URL information. Applying the
| service-policy outbound will cause the outgoing traffic to match, not the
| download traffic.
|
| Maybe I am making a wrong assumption here. Anyone who can shed some light on
| this?
|
| thanks,
|
| Koen
|
|
| -----------------------
| Mother is the invention of necessity.
|
| _______________________________________________________________________
| Subscription information may be found at:
| http://www.groupstudy.com/list/CCIELab.html
|

• Next message: Petr Lapukhov: "Re: nbar direction for downloading content"
• Previous message: Koen Zeilstra: "nbar direction for downloading content"
• Maybe in reply to: Koen Zeilstra: "nbar direction for downloading content"
• Next in thread: Petr Lapukhov: "Re: nbar direction for downloading content"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:31 ART