No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


In order to limit HTTP_Download flow, the P2P current limiting failed

Publication Date:  2019-07-18 Views:  87 Downloads:  0

Issue Description

User equipment USG5500, version is V200R002C00SPC200, configured P2P current-limiting function. But when the user use thunder test, it can’t reach the perfect limiting effect, the downloading flow largely exceeded the threshold value which is configured by P2P current limiting.
The configuration is as follows:
dpi enable
dns resolve
dns server
whole-packet-search enable all         
relation-detection enable
update rule-base server domain
template liuliangxianzhi
  rule 0 if-match category P2P apply qos-car 2048000
  rule 6 if-match category Streaming apply qos-car 2048000
  rule 7 if-match category PeerCasting apply qos-car 2048000
policy 1
  policy template liuliangxianzhi

Alarm Information


Handling Process

1, check the configuration, found it hasn’t limited the “HTTP_Download”, the protocols which involved by thunder besides P2P and Streaming and PeerCasting, it still has HTTP_Download and HTTP_Proxy and HTTP_Streaming. In http flow, the thunder mainly uses HTTP_Download. Limit the flow of HTTP_Download, the added configuration is as follows:
rule 8 if-match category Web_Browsing application HTTP_Download apply qos-car  2048000
The thunder downloading speed is limited effectively, but the internal network accesses external network slowly.
2, User internal network is out through NAT changeover and then through USG do the twice NAT changeover, but the P2P current limiting is aim at the global current limiting but not the single IP.
3, based on the user networking and the protocol used by thunder for downloading, can only cancel the limiting of HTTP_Download, just limit the flow of P2P.

Root Cause

1, configuration is not correct.
2, DPI character library doesn’t update.
3, other reasons.


Usually in order to limit the thunder downloading, it needs to limit HTTP_Download flow, but HTTP_Download will seriously influence the online speed of the internal network users, so you’d better no use it.