From: Huan Pham (pnhuan@yahoo.com)
Date: Thu Aug 28 2008 - 03:55:29 ART
Hi Stephen,
As best practice, marking should be used as closed to the traffic source as possible. R4 would be the best candidate to do marking. However, depending on the scenario constraints, R3 is also a good option (especially if you want to enable QoS for the link from R3 to R1 only).
I would do match based on ACL
ip access-list extended WEB_RETURN_TRAFFIC
permit tcp VLAN3 eq www VLAN1
permit tcp VLAN3 eq www VLAN2
class-map match-all WWW
match access-group name WEB_RETURN_TRAFFIC
To match return traffic from Web server, you cannot use match url "www.groupstudy.com" for the two reasons:
- The URL exists only in the requests from webclients to the server (someone pls correct me if I am wrong)
- You can match URL for the portion after the domain name. To match the domain name, you should use match http host
Check the command reference for details. Here's quoted directly from there.
HTTP client request matching supports GET, PUT, HEAD, POST, DELETE, OPTIONS, and TRACE. When matching by URL, NBAR recognizes the HTTP packets containing the URL and then matches all packets that are part of the HTTP request. When specifying a URL for classification, include only the portion of the URL that follows the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html with the match statement (for instance, match protocol http url /latest/whatsnew.html).
The following example classifies, within class map class1, HTTP packets based on any URL containing the string whatsnew/latest followed by zero or more characters:
class-map class1
match protocol http url whatsnew/latest*
The following example classifies, within class map class2, packets based on any hostname containing the string cisco followed by zero or more characters:
class-map class2
match protocol http host cisco*
--- On Thu, 8/28/08, stephen skinner <stephenski@gmail.com> wrote:
> From: stephen skinner <stephenski@gmail.com>
> Subject: QOS Direction question clarification
> To: ccielab@groupstudy.com
> Date: Thursday, August 28, 2008, 2:34 PM
> hello,
>
> i have the following question
>
> users in Vlan 1 and 2 connect to a web server in vlan 3
>
> mark all "replies from the web server" as
> "anything"
>
> what i want to make sure of is that i get my DIRECTION the
> right way round
>
> match url " www.groupstudy.com"
>
> VLAN1 - R1 ----R3---R4 VLAN3 FA0/0
> VLAN2 - R1 ----R3---R4 VLAN3 FA0/0
>
> in answering this question i would apply my policy INBOUND
> on the FA0/0 on
> R3 , as the server would send all replies back int the
> fa0/0 , for the
> replies to get sent to the users .
>
> Thats Right , Yes ??
>
> TIA
>
> --
> Only two things are infinite, the universe and human
> stupidity, and I'm not
> sure about the former.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:32 ART