Re: NBAR and new-style traffic-shaping

From: Matt White (mwhite23@gmail.com)
Date: Mon Mar 28 2005 - 15:19:10 GMT-3

• Next message: Jongsoo kim: "Having a problem w/ OPSF point-to-multicast"
• Previous message: NGUYEN Trung: "Re: SNMP commands"
• Maybe in reply to: Matt White: "NBAR and new-style traffic-shaping"
• Next in thread: Sumit: "Re: NBAR and new-style traffic-shaping"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It's not that; you don't need that command for NBAR to work, just CEF.

Think of discovery as a reporting feature. It doesn't actually DO
anything to traffic however.

On Mar 28, 2005, at 1:11 PM, Groupstudy wrote:

> Just a quick guess, but I didn't see NBAR protocol discovery enabled
> on any interfaces.
>
> Matt White wrote:
>> I'm perplexed why, in the following configuration, http is not
>> matched outbound unless I classify it first coming in the f1/0
>> interface. Otherwise, it's like it doesn't see the HTTP packets in
>> the policy.
>> Any help would be appreciated... (I bet someone will know exactly
>> what I mean here.)
>> Thank you.
>> R3#sh run
>> Building configuration...
>> Current configuration : 2054 bytes
>> !
>> version 12.2
>> service timestamps debug datetime msec
>> service timestamps log datetime msec
>> no service password-encryption
>> !
>> hostname R3
>> !
>> logging queue-limit 100
>> !
>> ip subnet-zero
>> !
>> !
>> no ip domain lookup
>> !
>> ip cef
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> !
>> no voice hpi capture buffer
>> no voice hpi capture destination
>> !
>> !
>> mta receive maximum-recipients 0
>> !
>> !
>> class-map match-all BANDWIDTH
>> match protocol http
>> !
>> !
>> policy-map BANDWIDTH
>> class BANDWIDTH
>> bandwidth 128
>> class class-default
>> fair-queue
>> random-detect
>> policy-map SHAPE
>> class class-default
>> shape average 384000 3840
>> shape max-buffers 2048
>> service-policy BANDWIDTH
>> !
>> !
>> !
>> !
>> interface Loopback0
>> ip address 19.19.19.5 255.255.255.255
>> ip ospf network point-to-point
>> !
>> interface Ethernet0/0
>> no ip address
>> shutdown
>> half-duplex
>> !
>> interface Serial0/0
>> no ip address
>> encapsulation frame-relay
>> no keepalive
>> no frame-relay inverse-arp
>> !
>> interface Serial0/0.666 point-to-point
>> bandwidth 768
>> ip address 19.19.19.2 255.255.255.252
>> frame-relay interface-dlci 666
>> class SHAPE
>> !
>> interface FastEthernet1/0
>> ip address 19.19.19.129 255.255.255.128
>> duplex auto
>> speed auto
>> !
>> interface Serial1/0
>> no ip address
>> shutdown
>> clockrate 125000
>> !
>> interface FastEthernet1/1
>> no ip address
>> shutdown
>> duplex auto
>> speed auto
>> !
>> interface Serial1/1
>> no ip address
>> shutdown
>> clockrate 125000
>> !
>> router ospf 1
>> router-id 3.3.3.3
>> log-adjacency-changes
>> network 19.19.19.2 0.0.0.0 area 0
>> network 19.19.19.5 0.0.0.0 area 0
>> network 19.19.19.129 0.0.0.0 area 0
>> !
>> ip http server
>> ip classless
>> !
>> !
>> !
>> !
>> map-class frame-relay SHAPE
>> frame-relay end-to-end keepalive mode passive-reply
>> service-policy output SHAPE
>> frame-relay fragment 960
>> !
>> !
>> call rsvp-sync
>> !
>> !
>> mgcp profile default
>> !
>> dial-peer cor custom
>> !
>> !
>> !
>> !
>> line con 0
>> exec-timeout 0 0
>> privilege level 15
>> logging synchronous
>> line aux 0
>> line vty 0 4
>> login
>> !
>> !
>> end
>> R3#
>> Service-policy output: SHAPE
>> Class-map: class-default (match-any)
>> 3845 packets, 529413 bytes
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: any
>> Traffic Shaping
>> Target/Average Byte Sustain Excess Interval
>> Increment
>> Rate Limit bits/int bits/int (ms)
>> (bytes)
>> 384000/384000 960 3840 3840 10 480
>> Adapt Queue Packets Bytes Packets Bytes
>> Shaping
>> Active Depth Delayed Delayed
>> Active
>> - 0 3864 529603 45 23663 no
>> Service-policy : BANDWIDTH
>> Class-map: BANDWIDTH (match-all)
>> 1677 packets, 262053 bytes <----------This does not
>> increment unless I match inbound on f1/0 and classify the HTTP...
>> Don't necessary need to change the class-map to reflect what it
>> matches either???
>> 5 minute offered rate 0 bps, drop rate 0 bps
>> Match: protocol http
>> Queueing
>> Output Queue: Conversation 41
>> Bandwidth 128 (kbps) Max Threshold 64 (packets)
>> (pkts matched/bytes matched) 1677/262053
>> (depth/total drops/no-buffer drops) 0/0/0
>> ______________________________________________________________________
>> _
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Jongsoo kim: "Having a problem w/ OPSF point-to-multicast"
• Previous message: NGUYEN Trung: "Re: SNMP commands"
• Maybe in reply to: Matt White: "NBAR and new-style traffic-shaping"
• Next in thread: Sumit: "Re: NBAR and new-style traffic-shaping"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:53 GMT-3