From: Jared Scrivener (jscrivener@ipexpert.com)
Date: Wed Feb 18 2009 - 18:04:48 ARST
"When matching by MIME-type, the MIME-type can contain any user-specified
text string. Refer to the Internet Assigned Numbers Authority (IANA) web
page (www.iana.com) for a list of the IANA-registered MIME types.
When matching by MIME-type is performed, NBAR matches a packet containing
the MIME-type and all subsequent packets until the next HTTP transaction.
When matching by HOST is performed, NBAR performs a regular expression match
on the host field contents inside an HTTP GET packet and classifies all
packets from that host.
When matching by URL is performed, NBAR recognizes the HTTP GET packets
containing the URL, and then matches all packets that are part of the HTTP
GET request. When specifying a URL for classification, include only the
portion of the URL following www.hostname.domain in the match statement. For
example, in the URL www.anydomain.com/latest/whatsnew.html, include only
/latest/whatsnew.html."
That's from the Command Reference at Cisco.com.
If we match the host that'll apply to all packets from the host. If we match
MIME that'll apply to the MIME session. If we match both as a match-all (as
I described) we'll only be filtering for packets from that host that match
the specified MIME type and that filter will apply on a per MIME transaction
basis.
Cheers,
Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com
-----Original Message-----
From: Ivan Walker [mailto:ivan@itpro.co.nz]
Sent: Wednesday, 18 February 2009 2:48 PM
To: Jared Scrivener
Cc: 'Henry Ugwuadu'; 'olumayokun fowowe'; 'Cisco certification'
Subject: Re: QOS with nbar
My understanding and experience in the lab is that http mime types can
only be matched in the direction of webserver response to client as it
is the actual reply from the web server that contains the image. I also
have found in the lab the you can only match an http host or url in the
request from the client to the server.
Apply this to the question presented
"I ve got a scenario here, I want to allocate 32kbps for replies from a
webserver for address with the url http:// www.abc.com . And I want my
router to drop any image file of type jpeg, jpg and gif" .(from that site).
and I don't see how all requirements can be met unless the address of
the web server is used to match incoming traffic. We can match
* http requests to http host www.abc.com
* http requests for images by matching *jpg etc
* http responses that contain a mime type of "image*"
I don't think we can match reponses from http host www.abc.com (which is
required to shape/police) without finding the IP of the webserver and
limiting on that. And given the the webserver may be using host headers
to host a number of sites on a single IP that may not work either.
Ivan
Jared Scrivener wrote:
> Policy maps are processed top down. In both answers you'll ignore the mime
> type as you are applying the WEB policy first. Try changing it to this:
>
> class-map match-any IMAGES
> match protocol http mime "*.jpg"
> match protocol http mime "*.jpeg"
> match protocol http mime "*.gif"
>
> class-map match-all WEB
> match protocol http host "www.abc.com"
>
> policy-map POLICY
> class IMAGES
> drop
> class WEB
> bandwidth 32000
>
> int f0/0
> service-policy input POLICY
>
> Cheers,
>
> Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
> Technical Instructor - IPexpert, Inc.
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: jscrivener@ipexpert.com
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:11 ARST