. :   Policing RapidShare - Cisco   : .



I have to say that RapidShare is a great invention, but sometimes it can be a problem that they are so well connected *G* Compared to torrent/edonkey/... RapidShare customers normally have full speed for their downloads from the very first second. RapidShare is connected by many HUGE carriers, like Global Crossing (Tier 1), Cogent (Tier 1), Level3 (Tier 1), ... which is just great for the person downloading, but on the other hand it's sometimes a pain in the admin's a**. The bandwidth you are giving your customers will be used for the download - completelly! A let's say 8mbit cable client will download with 8mbit. If you want the customers to browse the web lightning fast but don't want him to constantly consume his full bandwidth by downloading multiple gigs from RapidShare, you could do the following:

Create an access-list with all RapidShare networks (2008-12-03)

   access-list 11 permit 62.140.31.0 0.0.0.255
   access-list 11 permit 62.153.244.0 0.0.0.255
   access-list 11 permit 62.67.46.0 0.0.0.255
   access-list 11 permit 62.67.50.0 0.0.0.255
   access-list 11 permit 62.67.57.0 0.0.0.255
   access-list 11 permit 64.211.146.0 0.0.0.255
   access-list 11 permit 64.214.225.0 0.0.0.255
   access-list 11 permit 64.215.245.0 0.0.0.255
   access-list 11 permit 80.152.62.0 0.0.0.255
   access-list 11 permit 80.231.128.0 0.0.0.255
   access-list 11 permit 80.231.24.0 0.0.0.255
   access-list 11 permit 80.231.41.0 0.0.0.255
   access-list 11 permit 80.231.56.0 0.0.0.255
   access-list 11 permit 80.239.137.0 0.0.0.255
   access-list 11 permit 80.239.151.0 0.0.0.255
   access-list 11 permit 80.239.152.0 0.0.0.255
   access-list 11 permit 80.239.159.0 0.0.0.255
   access-list 11 permit 80.239.226.0 0.0.0.255
   access-list 11 permit 80.239.236.0 0.0.0.255
   access-list 11 permit 80.239.239.0 0.0.0.255
   access-list 11 permit 82.129.33.0 0.0.0.255
   access-list 11 permit 82.129.35.0 0.0.0.255
   access-list 11 permit 82.129.36.0 0.0.0.255
   access-list 11 permit 82.129.39.0 0.0.0.255
   access-list 11 permit 195.122.131.0 0.0.0.255
   access-list 11 permit 195.122.149.0 0.0.0.255
   access-list 11 permit 195.122.151.0 0.0.0.255
   access-list 11 permit 195.122.152.0 0.0.0.255
   access-list 11 permit 195.122.153.0 0.0.0.255
   access-list 11 permit 195.219.1.0 0.0.0.255
   access-list 11 permit 206.57.14.0 0.0.0.255
   access-list 11 permit 207.138.168.0 0.0.0.255
   access-list 11 permit 208.48.186.0 0.0.0.255
   access-list 11 permit 212.162.2.0 0.0.0.255
   access-list 11 permit 212.162.63.0 0.0.0.255
   access-list 11 permit 217.243.210.0 0.0.0.255


BTW: It was a quick and dirty awk hack with /24 only, but 195.122.152.0 could be added as /23 as well!


Now let's create a class-map to match the access-list

   class-map match-any RapidShare
     match access-group 11



This is the interessting part: Police 'em *G* (in this case it's 1024000 bps)

   policy-map RapidShare
     class RapidShare
       police rate 1024000 burst 192000
         conform-action transmit
         exceed-action drop
         violate-action drop



Finally add the policy-map to the correct (WAN) interface

   interface FastEthernet0
     service-policy input RapidShare








Disclaimer: Use on your own risk, absolutely no warranty and.... please be nice to your clients!!!! I hate sadistic admins who want the clients to have no fun at all, but if you are sure that RapidShare is used for sharing of the latest movies and other warez, you might just have to police (or even block) it.
All commands are entered in global configuration mode, of course.
The access-list was a quick and dirty hack (as mentioned above), so maybe there is a network shown as /24 which might be /25 or less and you block something/somebody else by accident!



!!!!! Use it ONLY if it is really necessary !!!!!
http://en.wikipedia.org/wiki/Network_neutrality