Re: policing based on nbar

From: Bill Eyer (beyer@optonline.net)
Date: Fri Sep 12 2008 - 07:34:26 ART

• Next message: GAURAV MADAN: "eigrp key on SVI"
• Previous message: Chidd: "Re: need help in switching tasks"
• Maybe in reply to: Igor M.: "policing based on nbar"
• Next in thread: Chidd: "Re: policing based on nbar"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes, but when you match on a mime type in a URL are you matching inbound
or outbound. In other words can

class-map match-all URL
 match protocol http url "www.cisco.com"

Be used in an outbound service policy against packets sent towards that
URL, inbound against packets from that URL or can it be used in either
direction?

Bill

Huan Pham wrote:
> Policy can be done both Inbound or Outbound. This is true no matter if
> you use NBAR or ACL to match traffic.
> On the other hand, shapping can be done outbound only.
>
>
> For instance, with a topology like below:
>
> PC ---- R1 ---------- R2 ----- WWW Server
> E0 S0 S0 E0
>
> If you want to policy image traffic from the WWW server, you can police
> - inbound on R1 Serial interface,
> - outbound on R1 Ethernet,
> - inbound on R2 Ethernet
> - outbound on R2 Serial.
>
> Cheers,
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Igor M.
> Sent: Friday, 12 September 2008 5:07 AM
> To: Cisco certification
> Subject: policing based on nbar
>
> Hi all,
>
> If I want to match on a bunch of mime types in the http request header
> and police that kind of traffic - would that have to be an inbound or
> outbound policy, or both?
> The goal is to limit the rate of downloading the specified image
> types...
>
> Like so:
>
> class-map match-all IMAGES
> match protocol http mime "*.(gif|jpg|jpeg)"
> policy-map NBAR
> class IMAGES
> police 100000
> int e0/0
> service-policy input NBAR
>
>
> ----------------------
>
> I.M., M.Eng. P.Eng.
>
> Network Architect
>
> CI Investments
>
> ----------------------
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: GAURAV MADAN: "eigrp key on SVI"
• Previous message: Chidd: "Re: need help in switching tasks"
• Maybe in reply to: Igor M.: "policing based on nbar"
• Next in thread: Chidd: "Re: policing based on nbar"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART