RE: TFTP QOS with NBAR

From: Antonio Soares (amsoares@netcabo.pt)
Date: Thu Oct 18 2007 - 20:49:28 ART

Because this is not NBAR. And it's explained in the DocCD why you get that
behaviour with PQ:

"For some protocols, such as TFTP and FTP, only the initial request uses
port 69. Subsequent packets use a randomly chosen port number. For these
types of protocols, the use of port numbers fails to be an effective method
to manage queued traffic."

Link:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hqos_r
/qos_o1h.htm#wp1081283

Regards,

Antonio Soares
CCIE #18473 (R&S),CCNP,CCIP,JNCIA-ER
http://pwp.netcabo.pt/amsoares/

-----Original Message-----
From: John [mailto:jgarrison1@austin.rr.com]
Sent: sexta-feira, 19 de Outubro de 2007 1:28
To: Antonio Soares
Cc: ccielab@groupstudy.com
Subject: Re: TFTP QOS with NBAR

Please tell me what I'm doing wrong. Telnet and udp 16384 traffic go to the
proper queues, but not tftp.

interface Serial2/0
 ip address 155.1.0.5 255.255.255.0
 encapsulation frame-relay
 ip ospf network broadcast
 no fair-queue
 serial restart-delay 0
 frame-relay traffic-shaping
 frame-relay map ip 155.1.0.4 504 broadcast
 frame-relay interface-dlci 504
  class frts
 no frame-relay inverse-arp

!
map-class frame-relay frts
 frame-relay cir 56000
 frame-relay bc 560
 frame-relay be 80
 frame-relay priority-group 1
priority-list 1 protocol ip high udp 16384
priority-list 1 protocol ip medium tcp telnet
priority-list 1 protocol ip high udp tftp
----- Original Message -----
From: "Antonio Soares" <amsoares@netcabo.pt>
To: "'John'" <jgarrison1@austin.rr.com>
Cc: <ccielab@groupstudy.com>
Sent: Thursday, October 18, 2007 5:46 AM
Subject: RE: TFTP QOS with NBAR

> It works for me:
>
> ++++++++++++++++++++++++
> R1--|--R2--|--R3
> ++++++++++++++++++++++++
> R3#copy running-config flash:
> Destination filename [r3-confg]?
> Erase flash: before copying? [confirm]n
> Verifying checksum... OK (0x71EF)
> 773 bytes copied in 3.280 secs (236 bytes/sec)
> R3#
> ++++++++++++++++++++++++
> R1#copy tftp: null:
> Address or name of remote host []? 23.23.23.3
> Source filename []? r3-confg
> Accessing tftp://23.23.23.3/r3-confg...
> Loading r3-confg from 23.23.23.3 (via FastEthernet0/0): !
> [OK - 773 bytes]
>
> 773 bytes copied in 0.492 secs (1571 bytes/sec)
> R1#
> ++++++++++++++++++++++++
> R2#sh policy-map interface
> FastEthernet0/1
>
> Service-policy input: qos-in
>
> Class-map: tftp (match-all)
> 8 packets, 3460 bytes
> 5 minute offered rate 2000 bps
> Match: protocol tftp
>
> Class-map: class-default (match-any)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
> R2
> ++++++++++++++++++++++++
> hostname R2
> !
> class-map match-all tftp
> match protocol tftp
> !
> !
> policy-map qos-in
> class tftp
> class class-default
> !
> interface FastEthernet0/0
> ip address 12.12.12.2 255.255.255.0
> duplex auto
> speed auto
> !
> interface FastEthernet0/1
> ip address 23.23.23.2 255.255.255.0
> duplex auto
> speed auto
> service-policy input qos-in
> !
> ++++++++++++++++++++++++
>
> The 3 routers are 3725's running 12.4.12 ADVENTERPRISEK9. This was tested
> with Dynamips.
>
>
> Regards,
>
> Antonio Soares
> CCIE #18473 (R&S),CCNP,CCIP,JNCIA-ER
> http://pwp.netcabo.pt/amsoares/
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> John
> Sent: quinta-feira, 18 de Outubro de 2007 3:41
> Cc: ccielab@groupstudy.com
> Subject: Re: TFTP QOS with NBAR
>
> I'm running c3725-adventerprisek9-mz.124-16 and when I used NBAR to
> classify
> the traffic and put it in a high priority queue it put the traffic into
> the
> default queue. I changed the command to telnet and it worked just fine.
> ----- Original Message -----
> From: Joel Amao
> To: John
> Cc: ccielab@groupstudy.com
> Sent: Wednesday, October 17, 2007 6:13 PM
> Subject: RE: TFTP QOS with NBAR
>
>
>
> I am not too sure but i think this has beed fixed in newer codes.
>
> I ran into this issue in the past, where NBAR would classify tftp
> packets
> as unknown because after the initial setup on a standard port (port 69),
> the
> server replies to the client to setup the connection on a random transfer
> identifier (TID).
> The problem is that this TID is passed down to the datagram layer and
> used
> as the port number (random ports number) thus confusing Nbar.
>
> I havent tested this recently though.
>
>
>
>
> regards,
>
> Joel Amao
> CCIE#18128
>
>
>
>
>
> <
>>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > From: jgarrison1@austin.rr.com
> > To: ccielab@groupstudy.com
> > Subject: TFTP QOS with NBAR
> > Date: Wed, 17 Oct 2007 14:35:26 -0600
> >
> > TFTP only uses port 69 in it's initial packet. Does NBAR montior a
> rnage
> of
> > ports or just port 69. If it doesn't monitor other ports how does it
> know to
> > distinguish TFTP packets with ports other then 69. Is NBAR useless as
> far as
> > TFTP is concerned.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
----------------------------------------------------------------------------
> -
> -
> Help yourself to FREE treats served up daily at the Messenger Cafi. Stop
> by today!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:16 ART