Re: nbar direction for downloading content

From: Petr Lapukhov (petrsoft@gmail.com)
Date: Thu Jun 01 2006 - 06:21:15 ART

Koen, I alredy mention that in previous thread.. :)

You apply policy for HTTP INBOUND. At the same time,
NBAR recognizes OUTGOING URLs with GET requests,
and classifies return traffic as HTTP stream, relatedto that
URLs.

(Also, matchig MIME types will work too. But if you see stuff
like "*.jpeg" you should clearly think of URL matching).

Here is a scenario where you can verify that:

----------

R1 is downloading images from SW1, which is the HTTP server
with ip address 151.10.7.7

R3 is in control of data streams. It utilizes policy map
inbound on interface Fa 0/0.

-----------

(Following text is best viewed with Courier New Font ;))

R1-----R3::Fa0/0----SW1::Lo0(7.7/24)

SW1:

SW1#sh running-config | inc ip http
ip http server
ip http path flash:

SW1#dir flash:*.jpeg
Directory of flash:/*.jpeg

   95 -rwx 2227 Mar 2 1993 00:28:03 +00:00 image.jpeg

R3:
!
class-map match-any IMAGES
 match protocol http url "*.jpeg"
 match protocol http url "*.jpg"
 match protocol http url "*.gif"
 match protocol http url "*.png"
!
policy-map TEST
 class IMAGES
   police 128000
!
interface FastEthernet0/0
 ip address 151.10.33.3 255.255.255.0
 ip nbar protocol-discovery
 service-policy input TEST
end

R1#copy http://151.10.7.7/image.jpeg null:
Loading http://151.10.7.7/image.jpeg !
2227 bytes copied in 0.040 secs (55675 bytes/sec)

R1#copy http://151.10.7.7/image.jpeg null:
Loading http://151.10.7.7/image.jpeg !
2227 bytes copied in 0.040 secs (55675 bytes/sec)

R3#show ip nbar protocol-discovery interface fastEthernet 0/0 protocol http

 FastEthernet0/0
                            Input Output

                            ----- ------

   Protocol Packet Count Packet Count

                            Byte Count Byte Count

                            5min Bit Rate (bps) 5min Bit Rate (bps)

                            5min Max Bit Rate (bps) 5min Max Bit Rate (bps)

   ------------------------ ------------------------
------------------------
   http 12 24

                            5594 1544

                            0 0

                            0 0

   unknown 4 4

                            240 224

                            0 0

                            0 0

   Total 20 33

                            6189 2177

                            0 0

                            0 0

R3#show policy-map interface fastEthernet 0/0
 FastEthernet0/0

  Service-policy input: TEST

    Class-map: IMAGES (match-any)
      12 packets, 5594 bytes
      5 minute offered rate 2000 bps, drop rate 0 bps
      Match: protocol http url "*.jpeg"
        12 packets, 5594 bytes
        5 minute rate 2000 bps
      Match: protocol http url "*.jpg"
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: protocol http url "*.gif"
        0 packets, 0 bytes
        5 minute rate 0 bps
      Match: protocol http url "*.png"
        0 packets, 0 bytes
        5 minute rate 0 bps
      police:
          cir 128000 bps, bc 4000 bytes
        conformed 12 packets, 5594 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        conformed 2000 bps, exceed 0 bps

    Class-map: class-default (match-any)
      14 packets, 1236 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

HTH
Petr

This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:31 ART