RE: NBAR & IP NBAR protocol-discovery

From: James Marinas (jmarinas@hotmail.com)
Date: Fri Jul 09 2004 - 16:31:43 GMT-3

• Next message: Wang Dehong-DWANG1: "RE: dialer watch failed.."
• Previous message: Gerry Hilton: "Re: dialer watch failed.."
• Maybe in reply to: Kenneth Wygand: "NBAR & IP NBAR protocol-discovery"
• Next in thread: James Marinas: "RE: NBAR & IP NBAR protocol-discovery"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The 'port-map custom-01 udp 0' is normal. It shows up on the ten custom
portmap settings. If you define a TCP portmap the udp will be 0.

-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Friday, July 09, 2004 2:51 AM
To: James Marinas; KWygand@customonline.com; ccielab@groupstudy.com
Subject: Re: NBAR & IP NBAR protocol-discovery

Hey James,

Thanks for that great example. I'm sure I would have missed something
like
that during the lab.

But, I noticed something I don't understand. After you created the
custom
port map, there was this line in the output which you didn't create:

port-map custom-01 udp 0

Where did this come from? And, why is it there?

Thanks, Tim

----- Original Message -----
From: "James Marinas" <jmarinas@hotmail.com>
To: <KWygand@customonline.com>; <ccielab@groupstudy.com>
Sent: Friday, July 09, 2004 12:27 AM
Subject: RE: NBAR & IP NBAR protocol-discovery

> 'ip nbar protocol-discovery' isn't needed and you're right about it
being
> used for gathering protocol statistics on the interface.
>
> In terms of gotchas... It seems that doing a 'match ip protocol____'
> uses NBAR's port map. Check out this DLSW example:
>
> class-map match-all DLSW
> match protocol dlsw
>
> policy-map POLICY
> class DLSW
> set precedence 5
>
> interface FastEthernet0/0
> service-policy input POLICY
>
> NOTICE THAT THE POLICY MAP ISN'T MATCHING ANY PACKETS
>
> r14#sh policy-map inter fast 0/0
> FastEthernet0/0
>
> Service-policy input: POLICY
>
> Class-map: DLSW (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol dlsw
> QoS Set
> precedence 5
> Packets marked 0
>
> THIS IS BECAUSE DLSW IS NOT IN THE PORT MAP
>
> r14# sh ip nbar port-map | begin port-map d
> port-map dhcp udp 67 68
> port-map dns udp 53
> port-map dns tcp 53
>
> Which makes me wonder why IOS let you choose 'match protocol dlsw'
under
> the class map if it isn't going to do anything.
>
> Now, I'm going to modify NBAR's port-map:
>
> r14(config)#ip nbar port-map custom-01 tcp 2065
> r14(config)#end
> r14#
> *Mar 1 02:46:06.031: %SYS-5-CONFIG_I: Configured from console by
console
> r14#sh ip nbar port-map | begin port-map custom
> port-map custom-01 udp 0
> port-map custom-01 tcp 2065
>
> And I'm going to modify the class-map:
>
> class-map match-all DLSW
> match protocol custom-01
>
> When I view the policy-map on the interface, it is marking packets as
it
> should:
>
> r14#sh policy-m inter fast 0/0
> FastEthernet0/0
>
> Service-policy input: POLICY
>
> Class-map: DLSW (match-all)
> 26 packets, 1946 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol custom-01
> QoS Set
> precedence 5
> Packets marked 26
>
> Another potential gotcha is FTP. r14#sh ip nbar port-map | begin
port-map
> ftp
> port-map ftp tcp 21
>
> Notice that ftp-data's port isn't mapped.
>
> Which brings me to the conclusion that if you are using the 'match
> protocol', make sure it's in the 'sh ip nbar port-map'. If not, map
it
> with one of the custom mappings or better yet... use an access-list:
>
> access-list 101 permit tcp any any eq ftp
> access-list 101 permit tcp any any eq ftp-data
> access-list 102 permit tcp any any eq 2065
>
> Hope this helps someone.
>
> >From: "Kenneth Wygand" <KWygand@customonline.com> >Reply-To: "Kenneth
> Wygand" <KWygand@customonline.com> >To: <ccielab@groupstudy.com>
> >Subject: NBAR & IP NBAR protocol-discovery >Date: Thu, 8 Jul 2004
> 22:03:00 -0400 > >Hey everyone, > >When using NBAR through a
class-based
> queuing mechanism (match ip protocol ____ ), do you need to have the
> command "IP nbar protocol-discovery" on the associated interface, or
is
> this command only used for gathering protocol statistics on the
> interface? > >I know "ip cef" is required when using NBAR... are there
> any other "gotcha's" that are important to know for variations of NBAR
> implementations? > >Thanks! >Ken >
>
>_______________________________________________________________________
> >Please help support GroupStudy by purchasing your study materials
from:
> >http://shop.groupstudy.com > >Subscription information may be found
at:
> >http://www.groupstudy.com/list/CCIELab.html
>
>
------------------------------------------------------------------------
>
> Get tips for maintaining your PC, notebook accessories and reviews in
> Technology 101.
>
>

• Next message: Wang Dehong-DWANG1: "RE: dialer watch failed.."
• Previous message: Gerry Hilton: "Re: dialer watch failed.."
• Maybe in reply to: Kenneth Wygand: "NBAR & IP NBAR protocol-discovery"
• Next in thread: James Marinas: "RE: NBAR & IP NBAR protocol-discovery"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:51 GMT-3