From: Koen Zeilstra (koen@koenzeilstra.com)
Date: Thu Jun 01 2006 - 09:27:00 ART
It sure helped.
I have test.jpg (which is truly an image on my http server
enabled switch. With your debug commands I found out it responds with mime
type image/jpeg. I am matching on *jpg which ofcourse doesn't match.
I switch to:
atch protocol http mime "*jpeg"
and it works.
Thanks!!
-----------------------
The only thing to do with good advice is pass it on. It is never any
use to oneself.
-- Oscar Wilde
On Thu, 1 Jun 2006, Petr Lapukhov wrote:
| Koen,
|
| You see that url matches part of a HTTP GET _request_.
| (To match hostname you need match protocol http host).
|
| Next, mime-type. If you recall what is MIME, you may quickly
| understand, that matching mime-type actually matches
| part of HTTP reply BODY. That is, server respond you with
| octect stream, you got a mime-header in the beginning of the
| stream, which states "image/jpeg" for example.
|
| Now you can match mime-types only if server truly responds you
| with images :) In my case, I used simple text-file to "simlate" file
| with "jpeg" extension. It will not be send as MIME-encoded message
| with mime-type image/jpeg actually :)
|
| So you see, that matching mime-types is related to content, and
| matching url is related solely to requests being made.
|
| BTW, if you actually want to see what do you get in response to your
| HTTP request, you may use "debug ip packet detail dump" (beware!)
| or more advanced:
|
| debug ip nbar filter destination_port tcp 80
| debug ip nbar capture 200 10 10 10
| show ip nbar capture
|
| HTH
| Petr
|
| 2006/6/1, Koen Zeilstra <koen@koenzeilstra.com>:
| >
| > Petr, I sort of missed that. Sorry about that.
| >
| > I labbed up your config and it works with
| >
| > match protocol http url *.jpg
| >
| > however I don't get any matches on:
| >
| > match protocol http mim *jpg
| >
| >
| > I applied the service-policy in and outbound. On both directions no match.
| >
| > Am I doing something wrong?
| >
| >
| > class-map match-all MIME
| > match protocol http mime "*jpg"
| > !
| > policy-map TEST2
| > class MIME
| > !
| > interface Serial0/0
| > service-policy input TEST2
| > service-policy output TEST2
| > !
| >
| >
| >
| >
| > -----------------------
| > Oh, well, I guess this is just going to be one of those lifetimes.
| >
| > On Thu, 1 Jun 2006, Petr Lapukhov wrote:
| >
| > | Koen, I alredy mention that in previous thread.. :)
| > |
| > | You apply policy for HTTP INBOUND. At the same time,
| > | NBAR recognizes OUTGOING URLs with GET requests,
| > | and classifies return traffic as HTTP stream, relatedto that
| > | URLs.
| > |
| > | (Also, matchig MIME types will work too. But if you see stuff
| > | like "*.jpeg" you should clearly think of URL matching).
| > |
| > | Here is a scenario where you can verify that:
| > |
| > | ----------
| > |
| > | R1 is downloading images from SW1, which is the HTTP server
| > | with ip address 151.10.7.7
| > |
| > | R3 is in control of data streams. It utilizes policy map
| > | inbound on interface Fa 0/0.
| > |
| > | -----------
| > |
| > | (Following text is best viewed with Courier New Font ;))
| > |
| > | R1-----R3::Fa0/0----SW1::Lo0(7.7/24)
| > |
| > | SW1:
| > |
| > | SW1#sh running-config | inc ip http
| > | ip http server
| > | ip http path flash:
| > |
| > | SW1#dir flash:*.jpeg
| > | Directory of flash:/*.jpeg
| > |
| > | 95 -rwx 2227 Mar 2 1993 00:28:03 +00:00 image.jpeg
| > |
| > |
| > | R3:
| > | !
| > | class-map match-any IMAGES
| > | match protocol http url "*.jpeg"
| > | match protocol http url "*.jpg"
| > | match protocol http url "*.gif"
| > | match protocol http url "*.png"
| > | !
| > | policy-map TEST
| > | class IMAGES
| > | police 128000
| > | !
| > | interface FastEthernet0/0
| > | ip address 151.10.33.3 255.255.255.0
| > | ip nbar protocol-discovery
| > | service-policy input TEST
| > | end
| > |
| > | R1#copy http://151.10.7.7/image.jpeg null:
| > | Loading http://151.10.7.7/image.jpeg !
| > | 2227 bytes copied in 0.040 secs (55675 bytes/sec)
| > |
| > | R1#copy http://151.10.7.7/image.jpeg null:
| > | Loading http://151.10.7.7/image.jpeg !
| > | 2227 bytes copied in 0.040 secs (55675 bytes/sec)
| > |
| > | R3#show ip nbar protocol-discovery interface fastEthernet 0/0 protocol
| > http
| > |
| > | FastEthernet0/0
| > | Input Output
| > |
| > | ----- ------
| > |
| > | Protocol Packet Count Packet Count
| > |
| > | Byte Count Byte Count
| > |
| > | 5min Bit Rate (bps) 5min Bit Rate (bps)
| > |
| > | 5min Max Bit Rate (bps) 5min Max Bit Rate
| > (bps)
| > |
| > | ------------------------ ------------------------
| > | ------------------------
| > | http 12 24
| > |
| > | 5594 1544
| > |
| > | 0 0
| > |
| > | 0 0
| > |
| > | unknown 4 4
| > |
| > | 240 224
| > |
| > | 0 0
| > |
| > | 0 0
| > |
| > | Total 20 33
| > |
| > | 6189 2177
| > |
| > | 0 0
| > |
| > | 0 0
| > |
| > |
| > | R3#show policy-map interface fastEthernet 0/0
| > | FastEthernet0/0
| > |
| > | Service-policy input: TEST
| > |
| > | Class-map: IMAGES (match-any)
| > | 12 packets, 5594 bytes
| > | 5 minute offered rate 2000 bps, drop rate 0 bps
| > | Match: protocol http url "*.jpeg"
| > | 12 packets, 5594 bytes
| > | 5 minute rate 2000 bps
| > | Match: protocol http url "*.jpg"
| > | 0 packets, 0 bytes
| > | 5 minute rate 0 bps
| > | Match: protocol http url "*.gif"
| > | 0 packets, 0 bytes
| > | 5 minute rate 0 bps
| > | Match: protocol http url "*.png"
| > | 0 packets, 0 bytes
| > | 5 minute rate 0 bps
| > | police:
| > | cir 128000 bps, bc 4000 bytes
| > | conformed 12 packets, 5594 bytes; actions:
| > | transmit
| > | exceeded 0 packets, 0 bytes; actions:
| > | drop
| > | conformed 2000 bps, exceed 0 bps
| > |
| > | Class-map: class-default (match-any)
| > | 14 packets, 1236 bytes
| > | 5 minute offered rate 0 bps, drop rate 0 bps
| > | Match: any
| > |
| > |
| > | HTH
| > | Petr
| > |
| > | _______________________________________________________________________
| > | Subscription information may be found at:
| > | http://www.groupstudy.com/list/CCIELab.html
| > |
| >
|
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:31 ART
