From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Sat Aug 20 2005 - 15:32:22 GMT-3
If you are asked (in some way) to match on H.323 signaling and voice
data traffic, the two options you list should be OK I think. Of course
H.323 is not the only possible call signalling protocol, skinny could be
another for example.
Call signaling is separate from RTCP packets. Familiarity with the
configuration prouced by the auto qos voip macro helps immensely with
this and lists out the sorts of things that need to be considered. The
following is what it produce for matching on control
ip access-list extended AutoQoS-VoIP-Control
permit tcp any any eq 1720
permit tcp any any range 11000 11999
permit udp any any eq 2427
permit tcp any any eq 2428
permit tcp any any range 2000 2002
permit udp any any eq 1719
permit udp any any eq 5060
ip access-list extended AutoQoS-VoIP-RTCP
permit udp any any range 16384 32767
Chris
-----Original Message-----
From: ccie2be [mailto:ccie2be@nyc.rr.com]
Sent: Saturday, August 20, 2005 10:35 AM
To: Chris Lewis (chrlewis); 'Edwards, Andrew M'; 'Group Study'
Subject: RE: match protocol rtp audio
Chris,
Thanks for bearing with us on this topic.
If I need to match voice traffic, do I need to include RTCP as well?
IOW, if I use an acl to match the signaling traffic (tcp port 1720) and
use match ip rtp 16384 16383 to capture the voice payload packets, will
I have achieved the needed results?
TIA, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Lewis (chrlewis)
Sent: Saturday, August 20, 2005 10:36 AM
To: Edwards, Andrew M; ccie2be; Group Study
Subject: RE: match protocol rtp audio
Well, presuming we are talking about entries in a class-map, the first
does not exist, match ip rtp 16384 16383 does :) and that does not match
RTCP, as it only matches even numbered ports in the defined range.
Match protocol rtp audio also does not match RTCP
To match odd and even ports to capture RTCP I think you'd have to use
the ACL option.
Chris
-----Original Message-----
From: Edwards, Andrew M [mailto:andrew.m.edwards@boeing.com]
Sent: Friday, August 19, 2005 5:15 PM
To: Chris Lewis (chrlewis); ccie2be; Group Study
Subject: RE: match protocol rtp audio
Chris, et.al.
What tim and I are wondering for NBAR is this:
Match protocol ip rtp 16384 16383
AND
Match protocol rtp audio
We know that the first doesn't match RTCP. What about the second?
Andy
-----Original Message-----
From: Chris Lewis (chrlewis) [mailto:chrlewis@cisco.com]
Sent: Friday, August 19, 2005 10:23 AM
To: ccie2be; Group Study
Subject: RE: match protocol rtp audio
RTP has payload and control packets (referred to as RTCP), H.323 is
completely separate.
RTP for voice uses the range 16384 to 32767 RTP for video uses 49152 to
65535
There is a significant difference between the two methods you describe.
The NBAR RTP Payload Classification feature does not identify RTCP
packets, whereas the ACL will, as it matches on both even and odd
numbered ports within the range. RTCP packets run on odd-numbered ports
while RTP packets run on even-numbered ports.
Chris
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Thursday, August 18, 2005 7:40 AM
To: Group Study
Subject: match protocol rtp audio
Hi guys,
Can someone confirm this:
access-list 100 permit udp any any range 16384 32767 = match prot rtp
audio
And, match prot rtp audio doesn't include the control H323 signaling
(tcp any any eq 1720).
The Doc-CD is about as clear as mud on this:
<quote>
audio: Specifies matching by audio payload-type values in the range of 0
to 23. These payload-type values are reserved for audio traffic.
<endquote>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/
qos_
r/qos_m1g.htm#wp1112916
TIA, Tim
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3