From: Koen Zeilstra (koen@koenzeilstra.com)
Date: Thu Jun 01 2006 - 08:40:19 ART
Petr, I sort of missed that. Sorry about that.
I labbed up your config and it works with
match protocol http url *.jpg
however I don't get any matches on:
match protocol http mim *jpg
I applied the service-policy in and outbound. On both directions no match.
Am I doing something wrong?
class-map match-all MIME
match protocol http mime "*jpg"
!
policy-map TEST2
class MIME
!
interface Serial0/0
service-policy input TEST2
service-policy output TEST2
!
-----------------------
Oh, well, I guess this is just going to be one of those lifetimes.
On Thu, 1 Jun 2006, Petr Lapukhov wrote:
| Koen, I alredy mention that in previous thread.. :)
|
| You apply policy for HTTP INBOUND. At the same time,
| NBAR recognizes OUTGOING URLs with GET requests,
| and classifies return traffic as HTTP stream, relatedto that
| URLs.
|
| (Also, matchig MIME types will work too. But if you see stuff
| like "*.jpeg" you should clearly think of URL matching).
|
| Here is a scenario where you can verify that:
|
| ----------
|
| R1 is downloading images from SW1, which is the HTTP server
| with ip address 151.10.7.7
|
| R3 is in control of data streams. It utilizes policy map
| inbound on interface Fa 0/0.
|
| -----------
|
| (Following text is best viewed with Courier New Font ;))
|
| R1-----R3::Fa0/0----SW1::Lo0(7.7/24)
|
| SW1:
|
| SW1#sh running-config | inc ip http
| ip http server
| ip http path flash:
|
| SW1#dir flash:*.jpeg
| Directory of flash:/*.jpeg
|
| 95 -rwx 2227 Mar 2 1993 00:28:03 +00:00 image.jpeg
|
|
| R3:
| !
| class-map match-any IMAGES
| match protocol http url "*.jpeg"
| match protocol http url "*.jpg"
| match protocol http url "*.gif"
| match protocol http url "*.png"
| !
| policy-map TEST
| class IMAGES
| police 128000
| !
| interface FastEthernet0/0
| ip address 151.10.33.3 255.255.255.0
| ip nbar protocol-discovery
| service-policy input TEST
| end
|
| R1#copy http://151.10.7.7/image.jpeg null:
| Loading http://151.10.7.7/image.jpeg !
| 2227 bytes copied in 0.040 secs (55675 bytes/sec)
|
| R1#copy http://151.10.7.7/image.jpeg null:
| Loading http://151.10.7.7/image.jpeg !
| 2227 bytes copied in 0.040 secs (55675 bytes/sec)
|
| R3#show ip nbar protocol-discovery interface fastEthernet 0/0 protocol http
|
| FastEthernet0/0
| Input Output
|
| ----- ------
|
| Protocol Packet Count Packet Count
|
| Byte Count Byte Count
|
| 5min Bit Rate (bps) 5min Bit Rate (bps)
|
| 5min Max Bit Rate (bps) 5min Max Bit Rate (bps)
|
| ------------------------ ------------------------
| ------------------------
| http 12 24
|
| 5594 1544
|
| 0 0
|
| 0 0
|
| unknown 4 4
|
| 240 224
|
| 0 0
|
| 0 0
|
| Total 20 33
|
| 6189 2177
|
| 0 0
|
| 0 0
|
|
| R3#show policy-map interface fastEthernet 0/0
| FastEthernet0/0
|
| Service-policy input: TEST
|
| Class-map: IMAGES (match-any)
| 12 packets, 5594 bytes
| 5 minute offered rate 2000 bps, drop rate 0 bps
| Match: protocol http url "*.jpeg"
| 12 packets, 5594 bytes
| 5 minute rate 2000 bps
| Match: protocol http url "*.jpg"
| 0 packets, 0 bytes
| 5 minute rate 0 bps
| Match: protocol http url "*.gif"
| 0 packets, 0 bytes
| 5 minute rate 0 bps
| Match: protocol http url "*.png"
| 0 packets, 0 bytes
| 5 minute rate 0 bps
| police:
| cir 128000 bps, bc 4000 bytes
| conformed 12 packets, 5594 bytes; actions:
| transmit
| exceeded 0 packets, 0 bytes; actions:
| drop
| conformed 2000 bps, exceed 0 bps
|
| Class-map: class-default (match-any)
| 14 packets, 1236 bytes
| 5 minute offered rate 0 bps, drop rate 0 bps
| Match: any
|
|
| HTH
| Petr
|
| _______________________________________________________________________
| Subscription information may be found at:
| http://www.groupstudy.com/list/CCIELab.html
|
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:31 ART
