Both P2P and IP-CAR are Configured, Causing A Problem

Publication Date:  2012-07-17 Views:  119 Downloads:  0
Issue Description
A customer wants to set the highest P2P download speed for three IP addresses of admin to 50M, the highest P2P download speed for VIPs to 16M, and the P2P download speed for other IP addresses to 0 Kbps. However, after the customer configures P2P and IP-CAR traffic restriction, the highest download speed of the three admin IP addresses is 300K and the highest IP download speed of VIPs is also 300K.
Alarm Information
None.
Handling Process
Tell the customer to deny addresses of admin and VIPs (IP addresses in ACL 3005 and ACL 3010). That is, IP-CAR does not restrict addresses of admin and VIPs. The problem is rectified.
Root Cause
acl number 3005
 description admin
 rule 0 permit ip source 19.133.233.98 0
 rule 5 permit ip source 19.133.233.9 0
 rule 10 permit ip source 19.133.233.66 0
acl number 3010
 description vip
 rule 10 permit ip source 19.133.233.88 0
 rule 15 permit ip source 19.133.233.198 0
 rule 20 permit ip source 19.133.233.12 0
 rule 25 permit ip source 19.133.233.15 0
 rule 30 permit ip source 19.133.233.158 0
 rule 35 permit ip source 19.133.233.229 0
 rule 40 permit ip source 19.133.233.148 0
 rule 45 permit ip source 19.133.233.213 0
 rule 50 permit ip source 19.133.231.37 0
 rule 55 permit ip source 19.133.233.202 0
 rule 60 permit ip source 19.133.233.189 0
acl number 3015
 description p2p-car other ip
 rule 0 permit ip
firewall interzone trust untrust
 p2p-car 3005 class 5 inbound
 p2p-car 3010 class 10 inbound
 p2p-car 3015 class 15 inbound
 p2p-car 3005 class 5 outbound
 p2p-car 3010 class 10 outbound          
 p2p-car 3015 class 15 outbound
 p2p-detect enable
 p2p-detect mode default
 p2p-detect mode behavior
p2p-class 5
 cir default 50000
#
p2p-class 10
 cir default 16000
#
p2p-class 15
 cir default 0 
The previous information is P2P configuration information. The IP-CAR configuration is as follows:
acl number 3020
 description xiaoluyou
 rule 0 permit ip source 19.133.233.208 0
 rule 5 permit ip source 19.133.65.14 0
 rule 10 permit ip source 19.133.232.121 0
 rule 15 permit ip source 19.133.234.168 0
acl number 3030
 description jianjin
 rule 0 permit ip source 19.133.232.92 0
acl number 3040
 description ip-car any ip
 rule 0 permit ip
 firewall car-class 1 5000000
 firewall car-class 2 3000000
 firewall car-class 3 2400000
firewall zone trust
 set priority 85
 add interface GigabitEthernet0/0/1
 statistic enable ip inzone
 statistic enable ip outzone
 statistic car ip inbound 2 acl-number 3020
 statistic car ip outbound 2 acl-number 3020
 statistic car ip inbound 1 acl-number 3030
 statistic car ip outbound 1 acl-number 3030
 statistic car ip inbound 3 acl-number 3040
 statistic car ip outbound 3 acl-number 3040
 
The customer configures P2P first and then IP-CAR.
IP addresses in ACL 3005 and ACL 3010 matches P2P and then ACL 3040 of IP-CAR. Therefore, download speed of IP addresses in ACL 3005 and ACL 3010 fails to exceed 300K. The download speed of IP addresses in acl 3015 is set to 0, so these addresses do not mach IP-CAR.
Suggestions
You are advised to configure P2P first and then IP-CAR.
Packets does not match IP-CAR if they are discarded by the P2P process. Otherwise, they go to the IP-CAR process.

END