RE: Marking DLSW with NBAR

From: joshua lauer (jslauer@hotmail.com)
Date: Sun May 08 2005 - 17:41:17 GMT-3

yes,

very correct.

JL

<br><br><br>&gt;From: &quot;ccie2be&quot;
&lt;ccie2be@nyc.rr.com&gt;<br>&gt;Reply-To: &quot;ccie2be&quot;
&lt;ccie2be@nyc.rr.com&gt;<br>&gt;To: &lt;gladston@br.ibm.com&gt;,
&lt;ccielab@groupstudy.com&gt;<br>&gt;CC: &quot;Scott Morris&quot;
&lt;swm@emanon.com&gt;, &quot;Bob Sinclair&quot;
&lt;bsinclair@netmasterclass.net&gt;<br>&gt;Subject: RE: Marking DLSW with
NBAR<br>&gt;Date: Sun, 8 May 2005 16:21:42
-0400<br>&gt;<br>&gt;Hi,<br>&gt;<br>&gt;match protocol dlsw won't match dlsw
when dlsw is configured with tcp or fst<br>&gt;encapsulation. I'm fairly
sure this will only work when either direct or<br>&gt;dlsw lite encap is
used.<br>&gt;<br>&gt;I seem to recall Scott Morris or Bob Sinclair pointing
this out on GS.<br>&gt;check the archives.<br>&gt;<br>&gt;HTH,
Tim<br>&gt;<br>&gt;-----Original Message-----<br>&gt;From:
nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of<br>&gt;gladston@br.ibm.com<br>&gt;Sent: Sunday, May 08, 2005 11:08
AM<br>&gt;To: ccielab@groupstudy.com<br>&gt;Subject: Marking DLSW with
NBAR<br>&gt;<br>&gt;R2 is marking telnet and dlsw packets using CB called
from a frame class.<br>&gt;Telnet is marked correctly,<br>&gt;but DLSW is
not.<br>&gt;Do you think match protocol dlsw matches just real dlsw
transport traffic,<br>&gt;and not dlsw session?<br>&gt;<br>&gt;dlsw peer
exist between R5 and R3:<br>&gt;Rack2R5&gt;sh tcp brief<br>&gt;TCB
Local Address Foreign Address (state)<br>&gt;8318400C
142.20.5.1.11000 142.20.6.1.179 ESTAB<br>&gt;831AF9A8
142.20.5.1.11001 142.20.3.1.2065 ESTAB<br>&gt;8316F6D0
142.20.125.5.179 142.20.125.1.11001 ESTAB<br>&gt;831D8F4C
142.20.5.1.23 142.20.23.3.11009 ESTAB<br>&gt;<br>&gt;R2 is
between R5 and R3<br>&gt;<br>&gt;<br>&gt;R2
config:<br>&gt;<br>&gt;<br>&gt;class-map dlsw<br>&gt;match protocol
dlsw<br>&gt;!<br>&gt;class-map telnet<br>&gt;match protocol
telnet<br>&gt;!<br>&gt;class-map match-all voip-rtp<br>&gt;match ip rtp
16384 16383<br>&gt;!<br>&gt;!<br>&gt;policy-map
Priority-with-FRTS<br>&gt;class voip-rtp<br>&gt;priority 32<br>&gt;class
dlsw<br>&gt;set dscp 55<br>&gt;class telnet<br>&gt;set dscp
60<br>&gt;!<br>&gt;interface Serial0/1<br>&gt;ip address 142.20.23.2
255.255.255.0<br>&gt;no sh<br>&gt;ip router isis<br>&gt;encapsulation
frame-relay<br>&gt;no fair-queue<br>&gt;isis circuit-type
level-2-only<br>&gt;isis authentication mode md5 level-2<br>&gt;isis
authentication key-chain Isis-authen level-2<br>&gt;frame-relay class
Frts-to-r3<br>&gt;frame-relay traffic-shaping<br>&gt;frame-relay map clns
200 broadcast<br>&gt;frame-relay map ip 142.20.23.3 200 broadcast<br>&gt;no
frame-relay inverse-arp<br>&gt;!<br>&gt;<br>&gt;map-class frame-relay
Frts-to-r3<br>&gt;frame-relay cir 128000<br>&gt;frame-relay bc
1280<br>&gt;frame-relay be 0<br>&gt;frame-relay mincir
64000<br>&gt;frame-relay adaptive-shaping becn<br>&gt;service-policy output
Priority-with-FRTS<br>&gt;<br>&gt;Monitoring:<br>&gt;Rack2R2#sh policy-map
interface ser 0/1<br>&gt; Serial0/1: DLCI 200 -<br>&gt;<br>&gt;
Service-policy output: Priority-with-FRTS<br>&gt;<br>&gt; Class-map:
voip-rtp (match-all)<br>&gt; 0 packets, 0 bytes<br>&gt; 5 minute
offered rate 0 bps, drop rate 0 bps<br>&gt; Match: ip rtp 16384
16383<br>&gt; Queueing<br>&gt; Strict Priority<br>&gt;
Output Queue: Conversation 24<br>&gt; Bandwidth 32 (kbps) Burst 800
(Bytes)<br>&gt; (pkts matched/bytes matched) 0/0<br>&gt;
(total drops/bytes drops) 0/0<br>&gt;<br>&gt; Class-map: dlsw
(match-all)<br>&gt; 0 packets, 0 bytes<br>&gt; 5 minute offered
rate 0 bps, drop rate 0 bps<br>&gt; Match: protocol dlsw<br>&gt;
QoS Set<br>&gt; dscp 55<br>&gt; Packets marked
0<br>&gt;<br>&gt; Class-map: telnet (match-all)<br>&gt; 28
packets, 1646 bytes<br>&gt; 5 minute offered rate 0 bps, drop rate 0
bps<br>&gt; Match: protocol telnet<br>&gt; QoS Set<br>&gt;
   dscp 60<br>&gt; Packets marked 28<br>&gt;<br>&gt;
Class-map: class-default (match-any)<br>&gt; 1175 packets, 1127462
bytes<br>&gt; 5 minute offered rate 2000 bps, drop rate 0 bps<br>&gt;
      Match: any<br>&gt;<br>&gt;<br>&gt;Rack2R3(config)#dls
dis<br>&gt;Rack2R3(config)#do sh dls peer<br>&gt;Rack2R3(config)#no dls
dis<br>&gt;Rack2R3(config)#do sh dls peer<br>&gt;Peers: state
     pkts_rx pkts_tx type drops ckts TCP<br>&gt;uptime<br>&gt; TCP
142.20.5.1 CONNECT 2 2 conf 0 0
0<br>&gt;00:00:02<br>&gt;Total number of connected peers: 1<br>&gt;Total
number of connections: 1<br>&gt;<br>&gt;<br>&gt;Rack2R2#sh policy-map
interface ser 0/1<br>&gt; Serial0/1: DLCI 200 -<br>&gt;<br>&gt;
Service-policy output: Priority-with-FRTS<br>&gt;<br>&gt; Class-map:
voip-rtp (match-all)<br>&gt; 0 packets, 0 bytes<br>&gt; 5 minute
offered rate 0 bps, drop rate 0 bps<br>&gt; Match: ip rtp 16384
16383<br>&gt; Queueing<br>&gt; Strict Priority<br>&gt;
Output Queue: Conversation 24<br>&gt; Bandwidth 32 (kbps) Burst 800
(Bytes)<br>&gt; (pkts matched/bytes matched) 0/0<br>&gt;
(total drops/bytes drops) 0/0<br>&gt;<br>&gt; Class-map: dlsw
(match-all)<br>&gt; 0 packets, 0 bytes<br>&gt; 5 minute offered
rate 0 bps, drop rate 0 bps<br>&gt; Match: protocol dlsw<br>&gt;
QoS Set<br>&gt; dscp 55<br>&gt; Packets marked
0<br>&gt;<br>&gt; Class-map: telnet (match-all)<br>&gt; 36
packets, 2010 bytes<br>&gt; 5 minute offered rate 0 bps, drop rate 0
bps<br>&gt; Match: protocol
telnet<br>&gt;<br>&gt;_______________________________________________________________________<br>&gt;Subscription
information may be found
at:<br>&gt;http://www.groupstudy.com/list/CCIELab.html>&gt;<br>&gt;_______________________________________________________________________<br>&gt;Subscription
information may be found
at:<br>&gt;http://www.groupstudy.com/list/CCIELab.html>

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:57 GMT-3