From: Adarsh Singh (adarshs@hclinfinet.net)
Date: Fri Sep 27 2002 - 04:17:53 GMT-3
Dear All,
I have got 2 1603 routers connected via VPN network ,now
the last mile is connected to 64 Kbps,the aim is to run voip , we are doing
an ftp of the traffic from Location A to Location B of 4 MB of traffic
and also using a VOIP box of third party vendor at the two locations which
has been provided the ip address
Now i am trying to do the qos by LLQ , so that voice traffic is given a
higher priority & the rest of the ip traffic is given lower traffic .
The router commands used are as follows :
interface Serial 0
no shutdown
description connected to Internet
ip address 10.66.2.98 255.255.255.252
encapsulation ppp
!
! Committed Access Rate (CAR)
!
rate-limit output access-group 100 16000 16000 32000 conform-action
set-prec-continue 4 exceed-action transmit
rate-limit output access-group 101 64000 48000 64000 conform-action
set-prec-continue 0 exceed-action transmit
!
!
interface BRI 0
no description
no ip address
shutdown
!
! Access Control List 100
!
no access-list 100
access-list 100 permit tcp any 10.65.50.100 0.0.0.3 eq 1720
!
! Access Control List 101
!
no access-list 101
access-list 101 permit ip any 10.65.50.100 0.0.0.3
!
router rip
version 2
passive-interface Serial 0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0
for router B
interface Serial 0
no shutdown
description connected to Internet
ip address 10.65.50.102 255.255.255.252
encapsulation ppp
!
! Committed Access Rate (CAR)
!
rate-limit output access-group 100 16000 16000 32000 conform-action
set-prec-continue 4 exceed-action transmit
rate-limit output access-group 101 64000 48000 64000 conform-action
set-prec-continue 0 exceed-action transmit
!
!
! Access Control List 100
!
no access-list 100
access-list 100 permit tcp any 10.66.2.96 0.0.0.3 eq 1720
!
! Access Control List 101
!
no access-list 101
access-list 101 permit ip any 10.66.2.96 0.0.0.3
!
router rip
version 2
passive-interface Serial 0
no auto-summary
!
interface Serial 0
no shutdown
description connected to Internet
ip address 10.65.50.102 255.255.255.252
encapsulation ppp
!
! Committed Access Rate (CAR)
!
rate-limit output access-group 100 16000 16000 32000 conform-action
set-prec-continue 4 exceed-action transmit
rate-limit output access-group 101 64000 48000 64000 conform-action
set-prec-continue 0 exceed-action transmit
!
!
! Access Control List 100
!
no access-list 100
access-list 100 permit tcp any 10.66.2.96 0.0.0.3 eq 1720
!
! Access Control List 101
!
no access-list 101
access-list 101 permit ip any 10.66.2.96 0.0.0.3
!
router rip
version 2
passive-interface Serial 0
no auto-summary
!
interface Serial 0
no shutdown
description connected to Internet
ip address 10.65.50.102 255.255.255.252
encapsulation ppp
!
! Committed Access Rate (CAR)
!
rate-limit output access-group 100 16000 16000 32000 conform-action
set-prec-continue 4 exceed-action transmit
rate-limit output access-group 101 64000 48000 64000 conform-action
set-prec-continue 0 exceed-action transmit
!
!
! Access Control List 100
!
no access-list 100
access-list 100 permit tcp any 10.66.2.96 0.0.0.3 eq 1720
!
! Access Control List 101
!
no access-list 101
access-list 101 permit ip any 10.66.2.96 0.0.0.3
!
router rip
version 2
passive-interface Serial 0
no auto-summary
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0
Now when i do big file ftp & try to make voice calls the calls dosent
happen, how do i do voice qos , so that voice is not affected inspite lots
of data is going on .
Pls advice
----- Original Message -----
From: "Chuck Church" <cchurch@MAGNACOM.com>
To: "'McClure, Allen'" <Allen.McClure@Tricon-Yum.Com>; "'Carlos G
Mendioroz'" <tron@huapi.ba.ar>; "'Groupstudy ccielab list'"
<ccielab@groupstudy.com>
Sent: Thursday, September 26, 2002 4:12 AM
Subject: RE: dealing with fastrack (Kazaa et.al.)
> I tried to get NBAR to work against streaming radio stations using media
> player. I looked at the packet headers with Sniffer, and set the DSCP to
> that. But it never seemed to work correctly. If anyone got it to work,
I'd
> like to see how it's done.
>
> Thanks,
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
> Sr. Network Engineer
> Magnacom Technologies
> 140 N. Rt. 303
> Valley Cottage, NY 10989
> 845-267-4000
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> McClure, Allen
> Sent: Wednesday, September 25, 2002 4:56 PM
> To: Carlos G Mendioroz; Groupstudy ccielab list
> Subject: RE: dealing with fastrack (Kazaa et.al.)
>
>
> You may wish to look into NBAR. We're thinking about using it for the
> peer-to-peer junk.
>
> Allen McClure
> MCSE, CCNP, CCDP
> YUM! Brands, Inc.
> Sr. Network Analyst
> NEW E-Mail - mailto:allen.mcclure@yum.com
> 972-338-7494
>
>
> -----Original Message-----
> From: Carlos G Mendioroz [mailto:tron@huapi.ba.ar]
> Sent: Wednesday, September 25, 2002 3:32 PM
> To: Groupstudy ccielab list
> Subject: OT: dealing with fastrack (Kazaa et.al.)
>
>
> Hi,
> after a long time of chasing local servers on different ports and using
> CAR to make it a pain to use those pesty peer to peer programs, I'm
> trying to automatize the thing.
>
> Basically I want to find who has fasttrack (snort or the like triggering
> on port 1214 activity) and make a list, then dynamically build an ACL to
> CAR all traffic from/to those stations into a small pipe. End result
> would be "if you use it, your network access rate will be poor".
>
> Question: has anybody got a way to program ACLs from a unix box (via a
> script)
> in a secure way ? Is there a way to use SNMP to do this ?
>
> Advise on any solution to the fastrack net hogging problem is
> appreciated.
> Note: My network policy does not allow me to kill port 1214
>
> TIA
> --
> Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
>
>
> This communication is confidential and may be legally privileged. If you
> are not the intended recipient, (i) please do not read or disclose to
> others, (ii) please notify the sender by reply mail, and (iii) please
delete
> this communication from your system. Failure to follow this process may
be
> unlawful. Thank you for your cooperation.
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:44:04 GMT-3