Re: NBAR classification
From: Darby Weaver (darbyweaver@yahoo.com)
Date: Tue Mar 13 2007 - 07:15:51 ART
jacque,
Basically the difference between the two commands is
that one is used to match the host itself and the
other is used to math use the URL portion of the
address.
I have shown the example below per your reference to
the doc cd.
I would like you to look closely at two items in
particular:
1. match protocol http url "univercd/*" should be
match protocol http url "/univercd/*"
2. bandwidth 80000 should be bandwidth 80
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hqos_c/part05/ch05/hdtnbara.htm#wp1060952
When specifying a URL for classification, include only
the portion of the URL following the
www.hostname.domain in the match statement. For
example, for the URL
www.cisco.com/latest/whatsnew.html, include only
/latest/whatsnew.html.
Host specification is identical to URL specification.
NBAR performs a regular expression match on the host
field contents inside an HTTP packet and classifies
all packets from that host. For example, for the URL
www.cisco.com/latest/whatsnew.html, include only
www.cisco.com.
So let's change this:
> Hi If I was aske to reserve a bandwidth of 80 Kb
HTTP traffic or
files
> being served from the http://www.cisco.com/univercd/
directory; How
would
> configure this.
>
> I was thinking about the following:
>
> class-map match-all HTTP
> match protocol http host "www.cisco.com"
> match protocol http url "univercd/*"
> policy-map POLICE
> class HTTP
> bandwidth 80000
to this:
class-map match-all HTTP
match protocol http host "www.cisco.com"
match protocol http url "/univercd/*"
Policy-map POLICE
class HTTP
bandwidth 80
Reserve a minimum bandwidth of 32 Kb out of the 64 Kb
available on the WAN link for all e-commerce traffic.
This e-commerce traffic will be secure HTTP traffic or
files being served from the
http://www.eexpress.com/transact/ directory through
regular HTTP on the E-Express Inc. network.
Router(config)# policy-map e-express
Router(config-pmap)# class ecommerce
Router(config-pmap-c)# bandwidth 32
Now if we wanted to LIMIT the bandwidth:
Limit to a maximum of 10 Kb all audio, video, and
image web traffic.
Router(config-pmap-c)# class super_network
Router(config-pmap-c)# bandwidth 10
Router(config-pmap-c)# class av_im_web
Router(config-pmap-c)# police 10000 conform transmit
exceed drop
===================================================================
This is the full example:
Sample Configuration
Below is a sample of how NBAR can be used.
E-Express Inc.'s network administrators wish to
enforce the following policies on a 64-Kb WAN link:
�Reserve a minimum bandwidth of 32 Kb out of the 64 Kb
available on the WAN link for all e-commerce traffic.
This e-commerce traffic will be secure HTTP traffic or
files being served from the
http://www.eexpress.com/transact/ directory through
regular HTTP on the E-Express Inc. network.
�SuperNetwork Inc. is a very important partner to
E-Express Inc. Reserve a minimum of 10 Kb for all
traffic flowing from E-Express Inc. to SuperNetwork
Inc.
�Limit to a maximum of 10 Kb all audio, video, and
image web traffic.
Follow the steps below to configure the above
policies:
--------------------------------------------------------------------------------
Step 1 Classify all secure HTTP and HTTP traffic for
the /transact/ directory:
Router(config)# class-map match-all http_transact
Router(config-cmap)# match protocol http url
"/transact/*"
Router(config)# class-map match-all http_secure
Router(config-cmap)# match protocol secure-http
Router(config)# class-map match-any ecommerce
Router(config-cmap)# match class-map http_transact
Router(config-cmap)# match class-map http_secure
Step 2 Classify all traffic to SuperNetwork Inc:
Router(config)# access-list 101 permit ip 10.0.0.1
0.0.0.0 10.0.0.3 0.0.0.0
Router(config)# class-map match-all super_network
Router(config-cmap)# match access-group 101
Step 3 Classify all audio, video, and image web
traffic:
Router(config)# class-map match-any audio_video
Router(config-cmap)# match protocol http mime
"audio/*"
Router(config-cmap)# match protocol http mime
"video/*"
Router(config)# class-map match-any web_images
Router(config-cmap)# match protocol http url "*.gif"
Router(config-cmap)# match protocol http url
"*.jpg|*.jpeg"
Router(config)# class-map match-any av_im_web
Router(config-cmap)# match class-map audio_video
Router(config-cmap)# match class-map web_images
Step 4 Create the policies:
Router(config)# policy-map e-express
Router(config-pmap)# class ecommerce
Router(config-pmap-c)# bandwidth 32
Router(config-pmap-c)# class super_network
Router(config-pmap-c)# bandwidth 10
Router(config-pmap-c)# class av_im_web
Router(config-pmap-c)# police 10000 conform transmit
exceed drop
Step 5 Attach the policy to the WAN link:
Router(config)# interface hssi1/0
Router(config-if)# service-policy output e-express
--- jacque vincent <jacque_vincent@hotmail.com> wrote:
> Hi If I was aske to reserve a bandwidth of 80 Kb
> HTTP traffic or files
> being served from the http://www.cisco.com/univercd/
> directory; How would
> configure this.
>
> I was thinking about the following:
>
> class-map match-all HTTP
> match protocol http host "www.cisco.com"
> match protocol http url "univercd/*"
> policy-map POLICE
> class HTTP
> bandwidth 80000
>
> I was looking at the following page and I am getting
> confuse with NBAR
> classification matching http protocol: ''match
> protocol http host'' and
> ''match protocol http url''
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hqos_c/part05/ch05/hdtnbara.htm
>
>
------------------------------------------------------------------------
>
> One Care: free Trial Version Today!
>
>
This archive was generated by hypermail 2.1.4
: Sun Apr 01 2007 - 06:35:51 ART