Quality of Service (QoS)-Part4
Classification,Marking and NBAR
Classification: Inspecting one or more aspects of a packet to see what that packet is carrying.
Primarily classification can be done by access-list based on source/destination ip addresses and port numbers. Here are the limitations of access-list:
For example:
RTP or RTCP are two protocols that are used to manage audio sessions. We can prioritize traffic for these protocol before entering into the router. Our first job will be to classify this traffic. Classification can be done in different levels:
Layer 2=based on source ATM VCC, FR DLC, MAC
Problem: QoS based on layer 2 information creates lots of CPU and configuration overhead.What about that PC that run multiple services (VOICE,VIDEO,DATA) but have a single mac address. Or a DLC which is used to tranfer data/voice packets both. So this is not scalable.
Layer 3=based on source IP address
Problem: Devices keep changing IP addresses and this becomes difficult when DHCP keep changing IPs. So this is also not scalable.
Layer 4=based on source port numbers
Problem:RTP and RTCP can change UDP port numbers dynamically. And prioritizing UDP traffic will also prioritize other application traffic that uses UDP as transport layer protocol. So it is also unreliable.
Layer 5-7=NBAR PDLM (Application itself)
NBAR is used to classify based on application itself (like RTP or RTCP). But router has to perform a big job to pass through all the layers (7 to 2) before it looks into actual so a very high administrative processor overhead attached in doing classification based on NBAR. And we do not want same job to be done by every router(layer 3) device in the path.
Most likely we will not do this and we will only configure first router in trust boundary to mark the classify the traffic and mark it so that other devices won't have to do classification again. Other router will only see ToS field in the IP header and forward the traffic accordingly.
Trust boundary:So the first incoming router is known as trust boundary . Trust boundary is where we first begin to trust and mark the traffic. Trust boundary should be as close as
possible as recommended by Cisco.
Commands:
router#show class-map
Class Map match-all test (id1)
Description:test class
Match any
Match non access-group 5
Above commands will classify traffic from any source which do not fulfil access-group 5.
Router(config-cmap)#match ?
access-group
any
class-map ===>based on another class-map called embedded class-map
cos =======>>match layer 2 to new layer 3 marking
destination-address =====>>destination mac address
dscp
source-address ====>>source mac address
fr-de ====> match frame-relay DE bit (mark a kind of traffic with DE bith before it get to the ISP)
Router(config)#class-map test2
Router(config-cmap)#match class-map test
In above 2 commands new class-map test2 will match only from the traffic which is already matched in class-map test. suppose class-map test is matching internet traffic and in new class-map we want to match ftp traffic only, not http traffic. This method can be used.
Router(config)#class-map test3
Router(config-cmap)#match input-interface s0
Above class-map test3 will match all the traffic coming to serial 0.
Router(config)#class-map test4
Router(config-cmap)#ip ?
dscp
precedence
rtp ===>>rtp ports
Router(config)#class-map test5
Router(config-cmap)#packet ===>> packet length in bytes
Router(config)#class-map test6
Router(config-cmap)#mpls =====>>mark experimental bits in mpls label
Network Based Application Recognition (NBAR)
By using this feature you can classify traffic without knowing IP addresses or port numbers. This NBAR application can start recognizing based on application signature itself. This is why it is very powerful. NBAR does not use the advance feature of all of the mentioned protocol/ applicaiton. Therefore, we require deep packet inspection for the latest protocol/application version.
NBAR feature allows you to quickly create class-maps that matches specific application. NBAR is extendable through a system of PDLM .
for example :
Router(config)#class-map test7
Router(config-cmap)#protocol ?
arp
bgp
cdp
gnutella
eigrp
icmp
http
cetrix
gopher
gre
exchange
fasttrack
edonkey
jpeg
xwindows
telnet
bittorrent
SAP
etc.
NBAR:- Network Based Application Recognition.
PDLM=(Packet Description Language Module)
e.g
If there is any change in protocol name or version, you can download PDLM for that application version and definition for all of the new application that coming out. These are only 1-3 kB files and copy them into the flash of the router after downloading from Cisco site.
Once it is copied into flash apply this below command.
Router(config)#ip nbar pdlm flash://bittorrent.pdlm
NBAR has built in packet sniffing capability. NBAR can watch through the traffic that is traversing the router (input and output) By turning on this feature, we will be turning on some processing overhead in the router.
Router(config)# int s0
Router(config-if)# ip nbar protocol-discovery
to show traffic flow enabled by nbar below command is used:
Router#show ip nbar protocol-discovery stats bit-rate top-n <n>
or
To check what type of traffic in unknown category, below command is used:
router#show ip nbar unclassified-port-stats
Classification,Marking and NBAR
Classification: Inspecting one or more aspects of a packet to see what that packet is carrying.
Primarily classification can be done by access-list based on source/destination ip addresses and port numbers. Here are the limitations of access-list:
- A few application keep changing IP addresses and even port numbers
- You can either allow or block all the traffic or some kind of traffic based on port number but you cannot police, shape that traffic generated by different applications/protocols.
For example:
RTP or RTCP are two protocols that are used to manage audio sessions. We can prioritize traffic for these protocol before entering into the router. Our first job will be to classify this traffic. Classification can be done in different levels:
Layer 2=based on source ATM VCC, FR DLC, MAC
Problem: QoS based on layer 2 information creates lots of CPU and configuration overhead.What about that PC that run multiple services (VOICE,VIDEO,DATA) but have a single mac address. Or a DLC which is used to tranfer data/voice packets both. So this is not scalable.
Layer 3=based on source IP address
Problem: Devices keep changing IP addresses and this becomes difficult when DHCP keep changing IPs. So this is also not scalable.
Layer 4=based on source port numbers
Problem:RTP and RTCP can change UDP port numbers dynamically. And prioritizing UDP traffic will also prioritize other application traffic that uses UDP as transport layer protocol. So it is also unreliable.
Layer 5-7=NBAR PDLM (Application itself)
NBAR is used to classify based on application itself (like RTP or RTCP). But router has to perform a big job to pass through all the layers (7 to 2) before it looks into actual so a very high administrative processor overhead attached in doing classification based on NBAR. And we do not want same job to be done by every router(layer 3) device in the path.
Most likely we will not do this and we will only configure first router in trust boundary to mark the classify the traffic and mark it so that other devices won't have to do classification again. Other router will only see ToS field in the IP header and forward the traffic accordingly.
Trust boundary:So the first incoming router is known as trust boundary . Trust boundary is where we first begin to trust and mark the traffic. Trust boundary should be as close as
possible as recommended by Cisco.
Commands:
router#show class-map
Class Map match-all test (id1)
Description:test class
Match any
Match non access-group 5
Above commands will classify traffic from any source which do not fulfil access-group 5.
Router(config-cmap)#match ?
access-group
any
class-map ===>based on another class-map called embedded class-map
cos =======>>match layer 2 to new layer 3 marking
destination-address =====>>destination mac address
dscp
source-address ====>>source mac address
fr-de ====> match frame-relay DE bit (mark a kind of traffic with DE bith before it get to the ISP)
Router(config)#class-map test2
Router(config-cmap)#match class-map test
In above 2 commands new class-map test2 will match only from the traffic which is already matched in class-map test. suppose class-map test is matching internet traffic and in new class-map we want to match ftp traffic only, not http traffic. This method can be used.
Router(config)#class-map test3
Router(config-cmap)#match input-interface s0
Above class-map test3 will match all the traffic coming to serial 0.
Router(config)#class-map test4
Router(config-cmap)#ip ?
dscp
precedence
rtp ===>>rtp ports
Router(config)#class-map test5
Router(config-cmap)#packet ===>> packet length in bytes
Router(config)#class-map test6
Router(config-cmap)#mpls =====>>mark experimental bits in mpls label
Network Based Application Recognition (NBAR)
By using this feature you can classify traffic without knowing IP addresses or port numbers. This NBAR application can start recognizing based on application signature itself. This is why it is very powerful. NBAR does not use the advance feature of all of the mentioned protocol/ applicaiton. Therefore, we require deep packet inspection for the latest protocol/application version.
NBAR feature allows you to quickly create class-maps that matches specific application. NBAR is extendable through a system of PDLM .
for example :
Router(config)#class-map test7
Router(config-cmap)#protocol ?
arp
bgp
cdp
gnutella
eigrp
icmp
http
cetrix
gopher
gre
exchange
fasttrack
edonkey
jpeg
xwindows
telnet
bittorrent
SAP
etc.
NBAR:- Network Based Application Recognition.
PDLM=(Packet Description Language Module)
e.g
If there is any change in protocol name or version, you can download PDLM for that application version and definition for all of the new application that coming out. These are only 1-3 kB files and copy them into the flash of the router after downloading from Cisco site.
Once it is copied into flash apply this below command.
Router(config)#ip nbar pdlm flash://bittorrent.pdlm
NBAR has built in packet sniffing capability. NBAR can watch through the traffic that is traversing the router (input and output) By turning on this feature, we will be turning on some processing overhead in the router.
Router(config)# int s0
Router(config-if)# ip nbar protocol-discovery
to show traffic flow enabled by nbar below command is used:
Router#show ip nbar protocol-discovery stats bit-rate top-n <n>
or
To check what type of traffic in unknown category, below command is used:
router#show ip nbar unclassified-port-stats
No comments:
Post a Comment