No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

Bandwidth Control over P2P Traffic by USG5500 on an Enterprise Network

Publication Date:  2012-07-17  |   Views:  101  |   Downloads:  0  |   Author:  cwx00003497  |   Document ID:  EKB1000001532

Contents

Issue Description

P2P applications are bandwidth-intensive. Controlling the bandwidth of P2P applications is important on an enterprise network.

Alarm Information

None.

Handling Process

Configure the USG5500 as follows:
                                Step 1     Set the IP addresses of the interfaces, define routing polices, and add routes to the routing table.
interface GigabitEthernet0/0/0
ip address 10.1.1.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/2 
nat-policy interzone trust untrust outbound
policy 1
policy source 10.1.1.0 mask 24
                                Step 2      Configure a P2P policy.
ip address-set p2padd type object
address 0 range 10.1.1.1
acl number 3004
rule 0 permit ip source address-set p2padd
rule 5 permit ip destination address-set p2padd
p2p-class 1
cir 10000 index 1 time-range
cir 20000 index 2 time-range
                                Step 3     Apply the P2P policy on the trust zone.
firewall interzone trust untrust
p2p-car 3004 class 1 inbound
p2p-car 3004 class 1 outbound
p2p-detect enable

Root Cause

Networking in lab environment:
As shown in the following figure, the private network is 10.1.1.0, and the public network is represented by network 192.168.1.0. The bandwidth for the P2P traffic between the two networks must be limited to 10 Mbit/s.

Suggestions

                 On an enterprise network, P2P traffic can also be controlled by using time-range ACL as follows:
Step 1     Set a time range as follows:
                 time-range day 12:00 to 18:00 daily
Step 2     Assign class 1 to P2P traffic.
                 p2p-class 1
                 cir 10000 index 1 time-range day