Re: need help on NBAR

Hi,

I initially configure the class- map matching all the url and the protocols
and define the my policy-map with action drop and applied it for both
inbound and outbound on the WAN interface. still, it matches and and their
was no drop action,

Then I decided to implement policing to drop all the packet, but is still
the same thing.

I hope policy based Routing do not have effect on NBAR as I have policy base
routing on the interface

Thanks

On Tue, Jun 2, 2009 at 1:49 PM, Ryan West <rwest_at_zyedge.com> wrote:

> Abdul,
>
> Without reference to which direction your flow is, I would say that you're
> policing your requests and not the return traffic from those sites. If you
> want an atomic drop of the outgoing request to that site, you should use
> drop in favor of policing or apply a mark to the packet and drop it with an
> egress ACL.
>
> -ryan
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Abdul Muhammed
> Sent: Tuesday, June 02, 2009 3:49 AM
> To: Cisco certification
> Subject: need help on NBAR
>
> Hi,
>
> I configured NBAR on 7200 series router to drop some unwanted traffic from
> sites like rapidshare, mediafire and others, but it matches the traffic,
> but
> drop ratio is zero( no dropping).
> below is a result of my show policy-map int g0/2
>
> please why is it not dropping the packets.
>
> sh policy-map int g0/2
> GigabitEthernet0/2
>
> Service-policy input: policy1
>
> Class-map: downloader (match-any)
> 31 packets, 6418 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol http url "*.4shared"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*youtube*"
> 31 packets, 6418 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*.googlevideo.*"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*googlevideo*"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*.mediafire.*"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*mediafire*"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*rapidshare*"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*.rapidshare.*"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*.tube8.*"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol http url "*tube8*"
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> police:
> cir 8000 bps, bc 1500 bytes
> conformed 13 packets, 790 bytes; actions:
> drop
> exceeded 0 packets, 0 bytes; actions:
> drop
> conformed 0 bps, exceed 0 bps
>
> Class-map: p2p (match-any)
> 5 packets, 5798 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol edonkey
> 5 packets, 5798 bytes
> 5 minute rate 0 bps
> Match: protocol fasttrack
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol finger
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol kazaa2
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol bittorrent
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol gnutella
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol napster
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> Match: protocol vdolive
> 0 packets, 0 bytes
> 5 minute rate 0 bps
> police:
> cir 8000 bps, bc 1500 bytes
> conformed 1 packets, 1434 bytes; actions:
> drop
> exceeded 0 packets, 0 bytes; actions:
> drop
> conformed 0 bps, exceed 0 bps
>
> Class-map: class-default (match-any)
> 413369 packets, 396012906 bytes
> 5 minute offered rate 1786000 bps, drop rate 0 bps
> Match: any
>
> --
> Cherish your visions and your dreams as they are the children of your soul,
> the blueprints of your ultimate achievements. "Napoleon Hill"
>
> There are no limitations to the mind except those we acknowledge; both
> poverty and riches are the offspring of thought. "Napoleon Hill"
>
> Abdul Muhammed Murtala
> American University of Nigeria
> Lamido Zubairu way, Yola
> Adamawa
> +2348052001153, +2348056201237
>
> Network Manager
> MCSE,MCDBA,MCSA,OCPDBA,CCNA,CCIE Written.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Cherish your visions and your dreams as they are the children of your soul,
the blueprints of your ultimate achievements. "Napoleon Hill"
There are no limitations to the mind except those we acknowledge; both
poverty and riches are the offspring of thought. "Napoleon Hill"
Abdul Muhammed Murtala
American University of Nigeria
Lamido Zubairu way, Yola
Adamawa
+2348052001153, +2348056201237
Network Manager
MCSE,MCDBA,MCSA,OCPDBA,CCNA,CCIE Written.
Blogs and organic groups at http://www.ccie.net