From: ccie2be (ccie2be@nyc.rr.com)
Date: Mon Jun 06 2005 - 11:12:17 GMT-3
It looks like you generated the traffic using your browser, right?
By any chance, have you found a way to generate this traffic using only the
equipment available in the lab?
The real issue here is how to verify one's nbar configuration during the lab
since we won't have access to a browser to generate HTTP GETS.
TIA, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Monday, June 06, 2005 10:01 AM
To: bsin@cox.net; swm@emanon.com; ccie@gannons.net; piotr@jelonek.info;
Richard.Dumoulin@vanco.fr; munsar@optonline.net
Cc: ccielab@groupstudy.com
Subject: Re: NBAR Not matching
Funny this "sniffing" capability of 12.2T (debug ip nbar filter
destination_port tcp 80,
debug ip nbar capture 200 10 10 10 and show ip nbar capture).
It showed that, using PuTTY, "GET /test.html HTTP/1.0" is divided in two
packets:
(I edited the result of show ip nbar capture to show just necessary
information)
FF[4 ] TCP 142.20.125.5(11019) -> 142.20.3.1(80 ) ACK PSH
test.html
FF[5 ] TCP 142.20.125.5(11019) -> 142.20.3.1(80 ) ACK PSH
HTTP/1.0
Changing the ip tcp mss and ip tcp window-size just not changed the
result.
NBAR inbound works:
Rack2R2#sh policy-map interface ser 0/0
Serial0/0
Service-policy input: URL
Class-map: URL (match-all)
3 packets, 157 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*test.html*"
QoS Set
precedence 4
Packets marked 3
NBAR outbound works:
Rack2R2#sh policy-map interface ser 0/1
Serial0/1
Service-policy output: URL
Class-map: URL (match-all)
3 packets, 157 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: protocol http url "*test.html*"
QoS Set
precedence 4
Packets marked 3
Configs:
For inbound NBAR:
class-map match-all URL
match protocol http url "*test.html*"
!
policy-map URL
class URL
set precedence 4
!
interface Serial0/0
bandwidth 64
ip address 142.20.125.2 255.255.255.224
ip pim sparse-dense-mode
service-policy input URL
encapsulation frame-relay
ip ospf authentication-key cisco
ip ospf priority 0
ipv6 address 2001:125::2/64
ipv6 rip IPV6-RIP enable
custom-queue-list 1
frame-relay de-group 5 205
frame-relay map ipv6 2001:125::1 205
frame-relay map ipv6 2001:125::5 205 broadcast
frame-relay map ip 142.20.125.1 205
frame-relay map ip 142.20.125.5 205 broadcast
no frame-relay inverse-arp
For outbound NBAR:
interface Serial0/1
ip address 142.20.23.2 255.255.255.0
ip access-group 160 in
ip access-group 161 out
ip router isis
ip pim sparse-dense-mode
service-policy output URL
encapsulation frame-relay
no ip mroute-cache
ipv6 address FEC0:2E3D:5B7C:23::2/64
ipv6 traffic-filter Inbound out
ipv6 router isis
no fair-queue
isis circuit-type level-2-only
isis authentication mode md5
isis authentication key-chain Isis-authen level-2
frame-relay map clns 200 broadcast
frame-relay map ipv6 FE80::2D0:58FF:FE4A:EC80 200 broadcast
frame-relay map ipv6 FEC0:2E3D:5B7C:23::3 200 broadcast
frame-relay map ip 142.20.23.3 200 broadcast
no frame-relay inverse-arp
Version is:
(C2600-J1S3-M), Version 12.2(15)T5 for the router running NBAR
(C2600-J1S3-M), Version 12.2(15)T5 for the router used for Telnet 80
access
Version of PuTTY, 0.57
Cordially
------------------------------------------------------------------
Gladston
p.s.: sorry for all that replies replicated; I don't know if it was my
computer or the site.
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3