Configuring Network-Based Application Recognition

Similar documents
Nested Class Map Support for Zone-Based Policy Firewall

Classifying Network Traffic

Marking Network Traffic

Classifying Network Traffic

Marking Network Traffic

QoS Group Match and Set for Classification and Marking

EVC Quality of Service

EVC Quality of Service

Classifying and Marking MPLS EXP

Using NetFlow Filtering or Sampling to Select the Network Traffic to Track

EVC Quality of Service

Fine-Grain NBAR for Selective Applications

Fine-Grain NBAR for Selective Applications

Control Plane Policing

Configuring QoS Policy Propagation via Border Gateway Protocol

Quality of Service for VPNs

Using NetFlow Sampling to Select the Network Traffic to Track

QoS Tunnel Marking for GRE Tunnels

Using NetFlow Filtering or Sampling to Select the Network Traffic to Track

Applying QoS Features Using the MQC

Quality of Service Commands match ip precedence. match ip precedence ip-precedence-value [ip-precedence-value ip-precedence-value

Configurable Queue Depth

Modular QoS CLI Three-Level Hierarchical Policer

Using NetFlow Sampling to Select the Network Traffic to Track

Sharing Bandwidth Fairly During Congestion

Firewall Stateful Inspection of ICMP

Sun RPC ALG Support for Firewalls and NAT

Sun RPC ALG Support for Firewalls and NAT

Configuring Application Visibility and Control for Cisco Flexible Netflow

Configuring Class-Based RTP and TCP Header Compression

Loose Checking Option for TCP Window Scaling in Zone-Based Policy Firewall

Configuring Weighted Fair Queueing

Set Inner CoS Bits for QinQ

Configuring Weighted Random Early Detection

FlowMonitor for WhatsUp Gold v16.3 User Guide

How to Create an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports or TTL Values,

Packet Classification Using the Frame Relay DLCI Number

Prerequisites for Creating an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports

Creating an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports or TTL Values

Flexible NetFlow IPFIX Export Format

Configuring Link Fragmentation and Interleaving for Multilink PPP

WRED Explicit Congestion Notification

Sun RPC ALG Support for Firewall and NAT

Configuring Class-Based RTP and TCP Header Compression

MSRPC ALG Support for Firewall and NAT

Provisioning: Working with Pre-Configuration

Implementing QoS for IPv6

Configuring Auto-QoS

Frame Relay IP RTP Priority

Flexible Packet Matching XML Configuration

Medianet Metadata. Finding Feature Information. Restrictions for Medianet Metadata

Modular Quality of Service Overview on Cisco IOS XR Software

QoS: Time-Based Thresholds for WRED and Queue Limit

NBAR2 HTTP-Based Visibility Dashboard

Metadata Configuration Guide Cisco IOS Release 15M&T

Configuring Cisco Performance Monitor

Port-Level Shaping and Minimum Bandwidth Guarantee

Enabling ALGs and AICs in Zone-Based Policy Firewalls

BCP Support on MLPPP

Configurable Number of Simultaneous Packets per Flow

QoS: Classification, Policing, and Marking on LAC Configuration Guide, Cisco IOS Release 12.4T

Configuring GPRS Tunneling Protocol Support

Object Groups for ACLs

NAT Routemaps Outside-to-Inside Support

Enabling ALGs and AICs in Zone-Based Policy Firewalls

Home Agent Quality of Service

Table of Contents. Cisco Quality of Service Options on GRE Tunnel Interfaces

QoS: Color-Aware Policer

RSVP Scalability Enhancements

Configuring AVC to Monitor MACE Metrics

QoS: Child Service Policy for Priority Class

QoS: Per-Session Shaping and Queuing on LNS

WRED-Explicit Congestion Notification

Configuring Quality of Service

Implementing QoS for IPv6

Multi-Level Priority Queues

QoS: Child Service Policy for Priority Class

QoS: Match on ATM CLP

Configuring Policy-Based Routing

Configuring Bridge Domain Interfaces

identity policy (policy-map)

QoS Policy Propagation via BGP

Configuring Network QoS

Configuring Firewall TCP SYN Cookie

QoS: Policing Support for GRE Tunnels

Configuring Classification

Quality of Service. Create QoS Policy CHAPTER26. Create QoS Policy Tab. Edit QoS Policy Tab. Launch QoS Wizard Button

Flexible NetFlow IPv6 Unicast Flows

Configuring Quality of Service

Using AutoQoS. Understanding AutoQoS CHAPTER

Configuring RSVP Support for Frame Relay

Flexible NetFlow IPv6 Unicast Flows

Committed Access Rate

SSL Custom Application

QoS Packet-Matching Statistics Configuration

Configuring Quality of Service

Configuring Ethernet Virtual Connections on the Cisco ASR 1000 Series Router

Configuring Quality of Service

Configuring Quality of Service

Flexible Packet Matching XML Configuration

Transcription:

Configuring Network-Based Application Recognition This chapter describes the tasks for configuring the Network-Based Application Recognition (NBAR) feature. For complete conceptual information, see the section Network-Based Application Recognition in the Classification Overview chapter in this book. For a complete description of the NBAR commands mentioned in this chapter, refer to the Cisco IOS Quality of Service Solutions Reference. To locate documentation of other commands that appear in this chapter, use the command reference master index or search online. To identify the hardware platform or software image information associated with a feature, use the Feature Navigator on Cisco.com to search for information about the feature or refer to the software release notes for a specific release. For more information, see the Identifying Supported Platforms section in the Using Cisco IOS Software chapter in this book. NBAR Configuration Task List Your interface to NBAR is through the Modular QoS -Line Interface (Modular QoS CLI) feature. The Modular QoS CLI provides a model for QoS configuration under Cisco IOS software. The Modular QoS CLI provides a clean separation between the specification of a classification policy and the specification of other policies that act based on the results of the applied classification. Configuring a QoS policy typically requires the configuration of traffic classes, the configuration of policies that will be applied to those traffic classes, and the attaching of policies to interfaces using the following commands: class-map policy-map service-policy Use the class-map command to define one or more traffic classes by specifying the criteria by which traffic is classified. Use the policy-map command to define one or more QoS policies (such as shaping, policing, and so on) to apply to traffic defined by a class map. Use the service-policy command to attach a traffic to an interface on the router. For additional information on the Modular QoS CLI, see the Modular Quality of Service -Line Interface Overview chapter in this book. QC-75

NBAR Configuration Task List Configuring Network-Based Application Recognition To configure NBAR, perform the tasks described in the following sections. The tasks in the first three sections are required; the tasks in the remaining two sections are optional. Configuring a Traffic Class (Required) Configuring a Traffic Policy (Required) Attaching a Traffic Policy to an Interface (Required) Verifying Traffic Policy Configuration (Optional) Monitoring and Maintaining NBAR (Optional) Note You must enable Cisco Express Forwarding (CEF) on the router prior to configuring the NBAR feature. For information on how to enable CEF, refer to the Cisco IOS Switching Services Configuration Guide. See the end of this chapter for the section NBAR Configuration Example. Configuring a Traffic Class To configure a traffic class and the match criteria that will be used to identify traffic as belonging to that class, use the class-map global configuration command. For more information about match criteria, see the section Creating a Traffic Class in the chapter Configuring the Modular Quality of Service -Line Interface in this book. To define the match criteria, use the following commands beginning in global configuration mode. In the following procedure, all traffic matching a specified protocol will be classified as belonging to the traffic class. The traffic class will classify traffic while the traffic policy configuration will determine how to treat the traffic. For instance, if you wanted all FTP traffic to be marked with the QoS group value of 1, you would use the match protocol ftp command in class-map configuration mode, and use the set qos-group 1 command in policy-map class configuration mode (assuming the traffic policy uses the specified class). Therefore, the classification purpose (classifying FTP traffic) would be handled in the traffic class, while the QoS feature (marking the QoS group value to 1) would be handled in the traffic policy. Step 1 Router(config)# class-map [match-all match-any] class-name Specifies the user-defined name of the class map. The match-all option specifies that all match criteria in the class map must be matched. The match-any option specifies that one or more match criteria must match. Step 2 Router(config-cmap)# match protocol protocol-name Specifies a protocol supported by NBAR as a matching criterion. QC-76

Configuring Network-Based Application Recognition NBAR Configuration Task List Configuring a Traffic Policy To specify the QoS policies to apply to traffic classes defined by a traffic class, use the following commands beginning in global configuration mode: Step 1 Router(config)# policy-map policy-name Specifies the traffic policy name entered by the user. Step 2 Router(config-pmap)# class class-name Specifies the name of a previously defined traffic class. Step 3 Router(config-pmap-c)# Enters policy-map class configuration mode, a prerequisite for entering QoS policies. Attaching a Traffic Policy to an Interface. To attach a traffic policy to an interface and to specify the direction in which the traffic policy should be applied (on either packets coming into the interface or packets leaving the interface), use the following commands in interface configuration mode, as needed: Router(config-if)# service-policy output policy-map-name Router(config-if)# service-policy input policy-map-name Specifies the name of the traffic policy to be attached where it can be applied to all packetes leaving the interface. Specifies the name of the traffic policy to be attached where it can be appliced to all packets entering the interface. To detach a policy map from an interface, use the no service-policy [input output] policy-map-name command. Verifying Traffic Policy Configuration To display the configuration of a traffic policy and its associated traffic classes, use the following commands in privileged EXEC mode, as needed: Router# show class-map Router# show class-map class-name Router# show policy-map Router# show policy-map policy-map-name Router# show policy-map interface Router# show policy-map interface-spec Displays all traffic class information. Displays the traffic class information of the userspecified traffic class. Displays all configured policy maps. Displays the user-specified policy map. Displays statistics and configurations of all input and output policies attached to an interface. Displays configuration and statistics of the input and output policies attached to a particular interface. QC-77

NBAR Configuration Example Configuring Network-Based Application Recognition Router# show policy-map interface-spec [input] Router# show policy-map interface-spec [output] Router# show policy-map interface-spec [input output] class class-name Displays configuration and statistics of the input policy attached to an interface. Displays configuration statistics of the output policy attached to an interface. Displays the configuration and statistics for the class name configured in the policy. Monitoring and Maintaining NBAR NBAR can determine which protocols and applications are currently running on a network. NBAR includes the Protocol Discovery feature that provides an easy way of discovering application protocols operating on an interface so that appropriate QoS policies can be developed and applied. With Protocol Discovery, you can discover any protocol traffic supported by NBAR and obtain statistics associated with that protocol. To monitor and maintain the NBAR feature, use the following commands in privileged EXEC mode, as needed: Router# show ip nbar port-map [protocol-name] Router# show ip nbar protocol-discovery Displays the TCP/User Datagram Protocol (UDP) port number(s) used by NBAR to classify a given protocol. Displays the statistics for all interfaces on which Protocol Discovery is enabled. NBAR Configuration Example The following Configuring a Traffic Class with NBAR Example section provides an NBAR configuration example. For information on how to configure NBAR, see the section NBAR Configuration Task List in this chapter. Configuring a Traffic Class with NBAR Example In the following example, all SQL*Net traffic leaving fastethernet interface 0/1 is marked with the IP precedence value of 4. In the example, NBAR is used to identify SQL*Net traffic, while the treatment of SQL*Net traffic (in this case, it is forwarded with the IP precedence bit set as 4) is determined by the traffic policy configuration (the set ip precedence 4 command in policy-map class configuration mode). Router(config)# class-map sqlnettraffic Router(config-cmap)# match protocol sqlnet Router(config)# policy-map sqlsetipprec1 Router(config-pmap)# class sqlnettraffic Router(config-pmap-c)# set ip precedence 4 QC-78

Configuring Network-Based Application Recognition NBAR Configuration Example Router(config)# interface fastethernet 0/1 Router(config-if)# service-policy output sqlsetipprec1 QC-79

NBAR Configuration Example Configuring Network-Based Application Recognition QC-80

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback