From: ccie2be (ccie2be@nyc.rr.com)
Date: Sun May 08 2005 - 17:21:42 GMT-3
Hi,
match protocol dlsw won't match dlsw when dlsw is configured with tcp or fst
encapsulation. I'm fairly sure this will only work when either direct or
dlsw lite encap is used.
I seem to recall Scott Morris or Bob Sinclair pointing this out on GS.
check the archives.
HTH, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Sunday, May 08, 2005 11:08 AM
To: ccielab@groupstudy.com
Subject: Marking DLSW with NBAR
R2 is marking telnet and dlsw packets using CB called from a frame class.
Telnet is marked correctly,
but DLSW is not.
Do you think match protocol dlsw matches just real dlsw transport traffic,
and not dlsw session?
dlsw peer exist between R5 and R3:
Rack2R5>sh tcp brief
TCB Local Address Foreign Address (state)
8318400C 142.20.5.1.11000 142.20.6.1.179 ESTAB
831AF9A8 142.20.5.1.11001 142.20.3.1.2065 ESTAB
8316F6D0 142.20.125.5.179 142.20.125.1.11001 ESTAB
831D8F4C 142.20.5.1.23 142.20.23.3.11009 ESTAB
R2 is between R5 and R3
R2 config:
class-map dlsw
match protocol dlsw
!
class-map telnet
match protocol telnet
!
class-map match-all voip-rtp
match ip rtp 16384 16383
!
!
policy-map Priority-with-FRTS
class voip-rtp
priority 32
class dlsw
set dscp 55
class telnet
set dscp 60
!
interface Serial0/1
ip address 142.20.23.2 255.255.255.0
no sh
ip router isis
encapsulation frame-relay
no fair-queue
isis circuit-type level-2-only
isis authentication mode md5 level-2
isis authentication key-chain Isis-authen level-2
frame-relay class Frts-to-r3
frame-relay traffic-shaping
frame-relay map clns 200 broadcast
frame-relay map ip 142.20.23.3 200 broadcast
no frame-relay inverse-arp
!
map-class frame-relay Frts-to-r3
frame-relay cir 128000
frame-relay bc 1280
frame-relay be 0
frame-relay mincir 64000
frame-relay adaptive-shaping becn
service-policy output Priority-with-FRTS
Monitoring:
Rack2R2#sh policy-map interface ser 0/1
Serial0/1: DLCI 200 -
Service-policy output: Priority-with-FRTS
Class-map: voip-rtp (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip rtp 16384 16383
Queueing
Strict Priority
Output Queue: Conversation 24
Bandwidth 32 (kbps) Burst 800 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
Class-map: dlsw (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol dlsw
QoS Set
dscp 55
Packets marked 0
Class-map: telnet (match-all)
28 packets, 1646 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol telnet
QoS Set
dscp 60
Packets marked 28
Class-map: class-default (match-any)
1175 packets, 1127462 bytes
5 minute offered rate 2000 bps, drop rate 0 bps
Match: any
Rack2R3(config)#dls dis
Rack2R3(config)#do sh dls peer
Rack2R3(config)#no dls dis
Rack2R3(config)#do sh dls peer
Peers: state pkts_rx pkts_tx type drops ckts TCP
uptime
TCP 142.20.5.1 CONNECT 2 2 conf 0 0 0
00:00:02
Total number of connected peers: 1
Total number of connections: 1
Rack2R2#sh policy-map interface ser 0/1
Serial0/1: DLCI 200 -
Service-policy output: Priority-with-FRTS
Class-map: voip-rtp (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip rtp 16384 16383
Queueing
Strict Priority
Output Queue: Conversation 24
Bandwidth 32 (kbps) Burst 800 (Bytes)
(pkts matched/bytes matched) 0/0
(total drops/bytes drops) 0/0
Class-map: dlsw (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol dlsw
QoS Set
dscp 55
Packets marked 0
Class-map: telnet (match-all)
36 packets, 2010 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol telnet
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:57 GMT-3