No relevant resource is found in the selected language.
Your browser version is too early. Some functions of the website may be unavailable. To obtain better user experience, upgrade the browser to the latest version.
A customer wants to set the highest P2P download speed for three IP addresses of admin to 50M, the highest P2P download speed for VIPs to 16M, and the P2P download speed for other IP addresses to 0 Kbps. However, after the customer configures P2P and IP-CAR traffic restriction, the highest download speed of the three admin IP addresses is 300K and the highest IP download speed of VIPs is also 300K.
Alarm Information
None.
Handling Process
Tell the customer to deny addresses of admin and VIPs (IP addresses in ACL 3005 and ACL 3010). That is, IP-CAR does not restrict addresses of admin and VIPs. The problem is rectified.
Root Cause
acl number 3005
description admin
rule 0 permit ip source 19.133.233.98 0
rule 5 permit ip source 19.133.233.9 0
rule 10 permit ip source 19.133.233.66 0
acl number 3010
description vip
rule 10 permit ip source 19.133.233.88 0
rule 15 permit ip source 19.133.233.198 0
rule 20 permit ip source 19.133.233.12 0
rule 25 permit ip source 19.133.233.15 0
rule 30 permit ip source 19.133.233.158 0
rule 35 permit ip source 19.133.233.229 0
rule 40 permit ip source 19.133.233.148 0
rule 45 permit ip source 19.133.233.213 0
rule 50 permit ip source 19.133.231.37 0
rule 55 permit ip source 19.133.233.202 0
rule 60 permit ip source 19.133.233.189 0
acl number 3015
description p2p-car other ip
rule 0 permit ip
firewall interzone trust untrust
p2p-car 3005 class 5 inbound
p2p-car 3010 class 10 inbound
p2p-car 3015 class 15 inbound
p2p-car 3005 class 5 outbound
p2p-car 3010 class 10 outbound
p2p-car 3015 class 15 outbound
p2p-detect enable
p2p-detect mode default
p2p-detect mode behavior
p2p-class 5
cir default 50000
#
p2p-class 10
cir default 16000
#
p2p-class 15
cir default 0
The previous information is P2P configuration information. The IP-CAR configuration is as follows:
acl number 3020
description xiaoluyou
rule 0 permit ip source 19.133.233.208 0
rule 5 permit ip source 19.133.65.14 0
rule 10 permit ip source 19.133.232.121 0
rule 15 permit ip source 19.133.234.168 0
acl number 3030
description jianjin
rule 0 permit ip source 19.133.232.92 0
acl number 3040
description ip-car any ip
rule 0 permit ip
firewall car-class 1 5000000
firewall car-class 2 3000000
firewall car-class 3 2400000
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/1
statistic enable ip inzone
statistic enable ip outzone
statistic car ip inbound 2 acl-number 3020
statistic car ip outbound 2 acl-number 3020
statistic car ip inbound 1 acl-number 3030
statistic car ip outbound 1 acl-number 3030
statistic car ip inbound 3 acl-number 3040
statistic car ip outbound 3 acl-number 3040
The customer configures P2P first and then IP-CAR.
IP addresses in ACL 3005 and ACL 3010 matches P2P and then ACL 3040 of IP-CAR. Therefore, download speed of IP addresses in ACL 3005 and ACL 3010 fails to exceed 300K. The download speed of IP addresses in acl 3015 is set to 0, so these addresses do not mach IP-CAR.
Suggestions
You are advised to configure P2P first and then IP-CAR.
Packets does not match IP-CAR if they are discarded by the P2P process. Otherwise, they go to the IP-CAR process.
