RE: TFTP QOS with NBAR

From: Joel Amao (femmy79@hotmail.com)
Date: Wed Oct 17 2007 - 21:13:49 ART

• Next message: slevin kremera: "3 rate policer"
• Previous message: Gregory Gombas: "Re: Logging routing table changes"
• Maybe in reply to: John: "TFTP QOS with NBAR"
• Next in thread: John: "Re: TFTP QOS with NBAR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I am not too sure but i think this has beed fixed in newer codes.

 I ran into this issue in the past, where NBAR would classify tftp packets as
unknown because after the initial setup on a standard port (port 69), the
server replies to the client to setup the connection on a random transfer
identifier (TID).
The problem is that this TID is passed down to the datagram layer and used as
the port number (random ports number) thus confusing Nbar.

I havent tested this recently though.

regards,

Joel Amao
CCIE#18128

<
>

> From: jgarrison1@austin.rr.com> To: ccielab@groupstudy.com> Subject: TFTP
QOS with NBAR> Date: Wed, 17 Oct 2007 14:35:26 -0600> > TFTP only uses port 69
in it's initial packet. Does NBAR montior a rnage of> ports or just port 69.
If it doesn't monitor other ports how does it know to> distinguish TFTP
packets with ports other then 69. Is NBAR useless as far as> TFTP is
concerned.> >

• Next message: slevin kremera: "3 rate policer"
• Previous message: Gregory Gombas: "Re: Logging routing table changes"
• Maybe in reply to: John: "TFTP QOS with NBAR"
• Next in thread: John: "Re: TFTP QOS with NBAR"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:15 ART