The problem caused by P2P and IP-CAR used together

Publication Date:  2012-11-19 Views:  182 Downloads:  0
Issue Description
After the customer has done the P2P and IP-CAR current limiting, it appears a problem, the download speed of admin three IP is only 300K, so it the IP of the VIP. The customer demands the download speed of admin three IP reaches 50M, and 16M to VIP’s P2P, the other IP’s P2P download speed is 0Kbps.
Alarm Information
None.
Handling Process
Let the customer refused the addresses of admin and VIP in acl3040, namely let the IP-CAR does not limit the addresses of admin and VIP, the problem is solved.
Root Cause
acl number 3005
description admin
rule 0 permit ip source 19.133.233.98 0
rule 5 permit ip source 19.133.233.9 0
rule 10 permit ip source 19.133.233.66 0
acl number 3010
description vip
rule 10 permit ip source 19.133.233.88 0
rule 15 permit ip source 19.133.233.198 0
rule 20 permit ip source 19.133.233.12 0
rule 25 permit ip source 19.133.233.15 0
rule 30 permit ip source 19.133.233.158 0
rule 35 permit ip source 19.133.233.229 0
rule 40 permit ip source 19.133.233.148 0
rule 45 permit ip source 19.133.233.213 0
rule 50 permit ip source 19.133.231.37 0
rule 55 permit ip source 19.133.233.202 0
rule 60 permit ip source 19.133.233.189 0
acl number 3015
description p2p-car other ip
rule 0 permit ip
firewall interzone trust untrust
p2p-car 3005 class 5 inbound
p2p-car 3010 class 10 inbound
p2p-car 3015 class 15 inbound
p2p-car 3005 class 5 outbound
p2p-car 3010 class 10 outbound         
p2p-car 3015 class 15 outbound
p2p-detect enable
p2p-detect mode default
p2p-detect mode behavior
p2p-class 5
cir default 50000
#
p2p-class 10
cir default 16000
#
p2p-class 15
cir default 0
The above is the configuration of P2P, the below is the configuration of IP-CAR.
acl number 3020
description xiaoluyou
rule 0 permit ip source 19.133.233.208 0
rule 5 permit ip source 19.133.65.14 0
rule 10 permit ip source 19.133.232.121 0
rule 15 permit ip source 19.133.234.168 0
acl number 3030
description jianjin
rule 0 permit ip source 19.133.232.92 0
acl number 3040
description ip-car any ip
rule 0 permit ip
firewall car-class 1 5000000
firewall car-class 2 3000000
firewall car-class 3 2400000
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/1
statistic enable ip inzone
statistic enable ip outzone
statistic car ip inbound 2 acl-number 3020
statistic car ip outbound 2 acl-number 3020
statistic car ip inbound 1 acl-number 3030
statistic car ip outbound 1 acl-number 3030
statistic car ip inbound 3 acl-number 3040
statistic car ip outbound 3 acl-number 3040

The customers do P2P at first, and then do IP-CAR.
After the IP of acl 3005 and acl3010 is matched by P2P, then it is matched by the acl 3040 of IP-CAR, so it appears the phenomenon that the download speed of the IP in 3005 and 3010 can’t reach to 300k. The IP of acl3015 is limited to 0 and won’t enter the IP-CAR process.
Suggestions
Do P2P at first, and then do IP-CAR.
If the message which entered P2P flow is lost, it will not enter IP-CAR, otherwise it will.

END