RE: QoS for ADSL customers

["Church, Chuck" <cchurch () netcogov com>]

But be careful about the CPU usage and platform support for NBAR.  I
don't think the sup720 will do NBAR, at least that's what I heard. 


Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 864-266-3978
cchurch () netcogov com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D 


-----Original Message-----
From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
Ray Burkholder
Sent: Thursday, December 01, 2005 8:52 AM
To: Ejay Hire
Cc: 'Kim Onnel'; 'NANGO'
Subject: RE: QoS for ADSL customers


There are a bunch of p2p and torrent custom classifier pdlm's at
http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm


Quoting Ejay Hire <ejay.hire () isdn net>:

> I got an off-list reply about using Nbar, but I've never
> seen a class map that would match torrent.
>
> -e 
>
> > -----Original Message-----
> > From: owner-nanog () merit edu [mailto:owner-nanog () merit edu]
> On 
> > Behalf Of Kim Onnel
> > Sent: Thursday, December 01, 2005 7:12 AM
> > To: Ejay Hire
> > Cc: NANGO
> > Subject: Re: QoS for ADSL customers
> >
> > Our ADSL customers traffic is 3 OC3 worth of traffic, I
> dont 
> > think our management would buy the idea.
> >
> > thanks
> >
> >
> > On 12/1/05, Ejay Hire <ejay.hire () isdn net> wrote:
> >
> >     Hello.
> >     
> >     Going back to your original question, how to keep
> from
> >     saturating the network with residential users using
> >     bittorrent/edonkey et al, while suffocating business
> >     customers.  Here goes.
> >     
> >     Netfilter/IpTables (and a slew of commercial
> products I'm 
> >     sure) has a Layer 7 traffic classifier, meaning it
> can
> >     identify specific file transfer applications and set
> a
> >     DiffServ bit.  This means it can tell between a real
> http
> >     request and a edonkey transfer, even if they are
> both using 
> >     http.  It also has rate-limiting capability.  So...
> If you
> >     pass all of the traffic destined for your DSL
> customers
> >     through an iptables box (single point of failure)
> then you
> >     can classify and rate-limit the downstream rate on a
>
> >     per-application basis.
> >     
> >     Fwiw, if you are using diffserv bits, you could push
> the
> >     rate-limits down to the router with a qos policy in
> it
> >     instead of doing it all in the iptables box.
> >     
> >     References on this..  The netfilter website (for 
> >     classification info) and the Linux advanced router
> tools
> >     (LART) (qos info/rate limiting)
> >     
> >     -e
> >     
> >     
> >     > -----Original Message-----
> >     > From: owner-nanog () merit edu
> [mailto:owner-nanog () merit edu]
> >     On
> >     > Behalf Of Kim Onnel
> >     > Sent: Thursday, December 01, 2005 3:26 AM
> >     > To: NANGO
> >     > Subject: Re: QoS for ADSL customers 
> >     >
> >     > Can any one please suggest to me any commercial or
> none
> >     > solution to cap the download stream traffic, our
> upstream
> >     > will not recieve marked traffic from us, so what
> can be
> >     done ?
> >     >
> >     >
> >     > On 11/29/05, Kim Onnel <karim.adel () gmail com>
> wrote:
> >     >
> >     >       Hello everyone,
> >     >
> >     >       We have Juniper ERX as BRAS for ADSL, its
> GigE
> >     > interface is on an old Cisco 3508 switch with an
> old IOS,
> >     its
> >     > gateway to the internet is a 7609, our transit
> internet
> >     links
> >     > terminate on GigaE, Flexwan on the 7600
> >     >
> >     >       The links are now almost always fully
> utilized, we 
> >     want
> >     > to do some QoS to cap our ADSL downstream, to give
> room
> >     for
> >     > the Corp. customers traffic to flow without pain.
> >     >
> >     >       I'm here to collect ideas, comments, advises
> and
> >     > experiences for such situations. 
> >     >
> >     >       Our humble approach was to collect some p2p
> ports
> >     and
> >     > police traffic to these ports, but the traffic
> wasnt much,
> >     
> >     > one other thing is rate-limiting per ADSL
> customers IPs,
> >     but 
> >     > that wasnt supported by management, so we thought
> of
> >     matching
> >     > ADSL www traffic and doing exceed action is
> transmit, and
> >     > police other IP traffic.
> >     >
> >     >       Doing so on the ERX wasnt a nice experience,
> so 
> >     we're
> >     > trying to do it on the cisco.
> >     >
> >     >       Thanks
> >     >
> >     >
> >     >
> >     
> >     
>
>
> -- 
> Scanned for viruses and dangerous content at 
> http://www.oneunified.net and is believed to be clean.


-- 
Ray Burkholder
http://www.oneunified.net
ray () oneunified net
441 505 7293

-------------------------------------------------
Sent from http://www.oneunified.net via IMP: http://horde.org/imp/

-- 
Scanned for viruses and dangerous content at 
http://www.oneunified.net and is believed to be clean.