From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Tue Mar 11 2008 - 17:33:22 ARST
Your quite right Tony but I find that depends on IOS version.
fasttrack, gnutella, kazaa2, napster and such did not appear on a router I
played with recently.
----- Original Message -----
From: "Tony Schaffran (GS)" <groupstudy@cconlinelabs.com>
To: "'Joseph Brunner'" <joe@affirmedsystems.com>; "'Edward Balow'"
<ebalow@hotmail.com>; "'groupstudy'" <ccielab@groupstudy.com>
Sent: Tuesday, March 11, 2008 7:18 PM
Subject: RE: real world QOS issue
> By the way, eDonkey is a protocol that can be matched as well. No need
> for
> an access-list.
>
>
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
> www.cconlinelabs.com
> Your #1 choice for online Cisco rack rentals.
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Joseph Brunner
> Sent: Tuesday, March 11, 2008 1:04 PM
> To: 'Edward Balow'; groupstudy@cconlinelabs.com; 'groupstudy'
> Subject: RE: real world QOS issue
>
> I have had issues (perhaps someone can elaborate)
>
>
>
> Where say you are doing this.
>
>
>
> access-list 101 remark edonkey
>
> access-list 101 permit tcp 10.1.1.0 0.0.0.255 any eq 4672
>
>
>
> Class-map junk
>
> Match protocol kazaa
>
> Match protocol bittorent
>
> Match access-group 101
>
>
>
> Policy-map inbound
>
> Class junk
>
> Drop
>
>
>
> Int F0/0
>
> Service-policy input drop
>
>
>
> Dropping TCP 4672 DOESN'T WORK. but if you do this.
>
>
>
>
>
> Class-map junk_mark
>
> Match protocol kazaa
>
> Match protocol bittorent
>
> Match access-group 101
>
>
>
>
>
> Policy-map inbound
>
> Class junk_mark
>
> Set dscp cs1
>
>
>
> Int F0/0
>
> Service-policy input inbound
>
>
>
> Then (now I marked it with dscp, cause it's going to be natted to
> different
> ip's outbound.. and we cant match ip source so easily,
>
> But we can match dscp)
>
>
>
> Class-map junk
>
> Match dscp cs1
>
>
>
> Policy-map outbound
>
> Class junk
>
> Drop
>
>
>
> Interface s0/0/0
>
> Service-policy output junk
>
>
>
> IT WORKS!
>
>
>
> ALL TCP to 4672 and the other stuff that was MARKED CS1 inbound on F0/0 is
> DROPPED.
>
>
>
> It was another policy dropping CS1 out of F0/0 that killed my clients
> sites.
>
>
>
> So my question is.
>
>
>
> What causes the DROP option to ONLY work when traffic is LEAVING an
> interface????
>
> (I had this happen a lot last year with my policies to "drop all images
> from
> a url, but permit the site itself) the traffic had to be dropped on router
> egress to work!!!
>
>
>
> Thanks,
>
>
>
> Joe
>
>
>
>
>
> _____
>
> From: Edward Balow [mailto:ebalow@hotmail.com]
> Sent: Tuesday, March 11, 2008 1:55 PM
> To: Joseph Brunner; groupstudy@cconlinelabs.com; 'groupstudy'
> Subject: RE: real world QOS issue
>
>
>
> Why bother to mark stuff you want to drop? You're marking at the edge.
> Why
> would you want traffic you're eventually going to drop to eat up internal
> resources before being dropped at distribution? Don't mark it as
> anything,
> just drop it.
>
>> From: joe@affirmedsystems.com
>> To: groupstudy@cconlinelabs.com; ccielab@groupstudy.com
>> Subject: RE: real world QOS issue
>> Date: Tue, 11 Mar 2008 14:41:47 -0500
>>
>> Yeah, duh, I'm dumb...
>>
>> (no wonder I'm going for 3 more stars, so I can learn something)
>>
>> What I did in my little qos world was use CS1/Scavenger as a place to put
>> stuff I wanted to drop anyway (like kazaa, bittorrent, etc)
>>
>> So what is the recommended dscp for stuff you REALLY do want to drop,
>> even
>> if there is NO congestion...
>>
>> Thanks,
>>
>> Joe
>>
>> -----Original Message-----
>> From: Tony Schaffran (GS) [mailto:groupstudy@cconlinelabs.com]
>> Sent: Tuesday, March 11, 2008 1:24 PM
>> To: 'Joseph Brunner'; 'groupstudy'
>> Subject: RE: real world QOS issue
>>
>> You would normally not drop scavenger class unless you are experiencing
>> congestion.
>>
>>
>> Tony Schaffran
>> Network Analyst
>> CCIE #11071
>> CCNP, CCNA, CCDA,
>> NNCDS, NNCSS, CNE, MCSE
>>
>> www.cconlinelabs.com
>> Your #1 choice for online Cisco rack rentals.
>>
>>
>> -----Original Message-----
>> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>> Joseph Brunner
>> Sent: Tuesday, March 11, 2008 9:45 AM
>> To: 'groupstudy'
>> Subject: real world QOS issue
>>
>> Can anyone tell me why Sungard (and I know several of you guys work for
>> them) would mark data from their websites with CS1 ???!?!?!?!?
>>
>>
>>
>> What are you thinking? That is the scavenger class in many books and it's
>> frequently used in the real world to mark JUNK (to be dropped later).
>>
>>
>>
>> Just today I solved an issue where a client couldn't get to a few big
> firm's
>> website. Turns out they are all hosted on Sungard.
>>
>> I had to temporarily disabled the scavenger class's drop setting
>>
>>
>>
>> policy-map somepolicy
>>
>> class scavenger
>>
>> drop
>>
>>
>>
>> interface f0/0
>>
>> service-policy output somepolicy
>>
>>
>>
>> Take this capture image from example law firm, www.shearman.com
>> <http://www.shearman.com/>
>>
>>
>>
>> http://img364.imageshack.us/my.php?image=shearmanyo5.jpg
>>
>>
>>
>>
>>
>> Can anyone explain this!!!
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Joe
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _____
>
> Need to know the score, the latest news, or you need your HotmailR-get
> your
> "fix". Check it out. <http://www.msnmobilefix.com/Default.aspx>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:53 ART
