Re: NBAR & IP NBAR protocol-discovery

From: ccie2be (ccie2be@nyc.rr.com)
Date: Fri Jul 09 2004 - 06:51:05 GMT-3

• Next message: ccie2be: "Re: How Tunnels and Recursive Routing Occur"
• Previous message: Koen Peetermans: "CCIE Routing and Switching Practice Labs"
• Maybe in reply to: Kenneth Wygand: "NBAR & IP NBAR protocol-discovery"
• Next in thread: Koen Peetermans: "RE: NBAR & IP NBAR protocol-discovery"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey James,

Thanks for that great example. I'm sure I would have missed something like
that during the lab.

But, I noticed something I don't understand. After you created the custom
port map, there was this line in the output which you didn't create:

port-map custom-01 udp 0

Where did this come from? And, why is it there?

Thanks, Tim

----- Original Message -----
From: "James Marinas" <jmarinas@hotmail.com>
To: <KWygand@customonline.com>; <ccielab@groupstudy.com>
Sent: Friday, July 09, 2004 12:27 AM
Subject: RE: NBAR & IP NBAR protocol-discovery

> 'ip nbar protocol-discovery' isn't needed and you're right about it being
> used for gathering protocol statistics on the interface.
>
> In terms of gotchas... It seems that doing a 'match ip protocol____'
> uses NBAR's port map. Check out this DLSW example:
>
> class-map match-all DLSW
> match protocol dlsw
>
> policy-map POLICY
> class DLSW
> set precedence 5
>
> interface FastEthernet0/0
> service-policy input POLICY
>
> NOTICE THAT THE POLICY MAP ISN'T MATCHING ANY PACKETS
>
> r14#sh policy-map inter fast 0/0
> FastEthernet0/0
>
> Service-policy input: POLICY
>
> Class-map: DLSW (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol dlsw
> QoS Set
> precedence 5
> Packets marked 0
>
> THIS IS BECAUSE DLSW IS NOT IN THE PORT MAP
>
> r14# sh ip nbar port-map | begin port-map d
> port-map dhcp udp 67 68
> port-map dns udp 53
> port-map dns tcp 53
>
> Which makes me wonder why IOS let you choose 'match protocol dlsw' under
> the class map if it isn't going to do anything.
>
> Now, I'm going to modify NBAR's port-map:
>
> r14(config)#ip nbar port-map custom-01 tcp 2065
> r14(config)#end
> r14#
> *Mar 1 02:46:06.031: %SYS-5-CONFIG_I: Configured from console by console
> r14#sh ip nbar port-map | begin port-map custom
> port-map custom-01 udp 0
> port-map custom-01 tcp 2065
>
> And I'm going to modify the class-map:
>
> class-map match-all DLSW
> match protocol custom-01
>
> When I view the policy-map on the interface, it is marking packets as it
> should:
>
> r14#sh policy-m inter fast 0/0
> FastEthernet0/0
>
> Service-policy input: POLICY
>
> Class-map: DLSW (match-all)
> 26 packets, 1946 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol custom-01
> QoS Set
> precedence 5
> Packets marked 26
>
> Another potential gotcha is FTP. r14#sh ip nbar port-map | begin port-map
> ftp
> port-map ftp tcp 21
>
> Notice that ftp-data's port isn't mapped.
>
> Which brings me to the conclusion that if you are using the 'match
> protocol', make sure it's in the 'sh ip nbar port-map'. If not, map it
> with one of the custom mappings or better yet... use an access-list:
>
> access-list 101 permit tcp any any eq ftp
> access-list 101 permit tcp any any eq ftp-data
> access-list 102 permit tcp any any eq 2065
>
> Hope this helps someone.
>
> >From: "Kenneth Wygand" <KWygand@customonline.com> >Reply-To: "Kenneth
> Wygand" <KWygand@customonline.com> >To: <ccielab@groupstudy.com>
> >Subject: NBAR & IP NBAR protocol-discovery >Date: Thu, 8 Jul 2004
> 22:03:00 -0400 > >Hey everyone, > >When using NBAR through a class-based
> queuing mechanism (match ip protocol ____ ), do you need to have the
> command "IP nbar protocol-discovery" on the associated interface, or is
> this command only used for gathering protocol statistics on the
> interface? > >I know "ip cef" is required when using NBAR... are there
> any other "gotcha's" that are important to know for variations of NBAR
> implementations? > >Thanks! >Ken >
> >_______________________________________________________________________
> >Please help support GroupStudy by purchasing your study materials from:
> >http://shop.groupstudy.com > >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> ------------------------------------------------------------------------
>
> Get tips for maintaining your PC, notebook accessories and reviews in
> Technology 101.
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: ccie2be: "Re: How Tunnels and Recursive Routing Occur"
• Previous message: Koen Peetermans: "CCIE Routing and Switching Practice Labs"
• Maybe in reply to: Kenneth Wygand: "NBAR & IP NBAR protocol-discovery"
• Next in thread: Koen Peetermans: "RE: NBAR & IP NBAR protocol-discovery"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:50 GMT-3