to apply QoS to the classified traffic is configured using the Cisco Modular QoS CLI (MQC). Figure shows the syntax for the ip nbar protocol-discovery and show ip nbar protocol-discovery commands. Use the ip nbar protocol-discovery command to configure NBAR to keep traffic statistics for all protocols known to NBAR. NBAR Protocol Discovery provides an easy way to discover application protocols supported by NBAR that are transiting an interface so that QoS policies can be developed and applied. The feature discovers any protocol traffic. NBAR Protocol Discovery can monitor both input and output traffic and can be applied with or without a service policy enabled. Use the show ip nbar protocol-discovery command to display statistics gathered by the NBAR Protocol Discovery feature. This command, by default, displays statistics for all interfaces on which this feature is currently enabled. NBAR Protocol Discovery can monitor both input and output traffic and can be applied with or without a service policy enabled. NBAR Protocol Discovery gathers statistics for packets switched to output interfaces. These statistics are not necessarily for packets that exited the router on the output interfaces, because packets might have been dropped after switching for various reasons (policing at the output interface, ACLs, or queue drops). The example in Figure displays partial output of the show ip nbar protocol-discovery command for an Ethernet interface.
Content 4.2 Using NBAR for Classification 4.2.6 Configuring NBAR for Static Protocols The ability of NBAR to classify traffic by protocol and then apply QoS to that traffic uses the MQC class map match criteria. The steps, as shown in Figure , are required to successfully deploy NBAR for static protocols. When configuring NBAR, the administrator does not need to understand how a certain protocol works. The configuration simply requires the administrator to enter the name of the protocol (static or stateful). Figure shows the command syntax for the match protocol command. match protocol protocol-name match protocol Parameter
Parameter Description protocol-name Name of the protocol used as a matching criterion. Supported protocols include the following (some protocols have been omitted; refer to Cisco IOS documentation for complete details): Some protocols (static or stateful) can use additional TCP or UDP ports. Use the ip nbar port-map command to extend the NBAR functionality for well-known protocols to new port numbers. To extend or enhance the list of protocols recognized by NBAR through a Cisco PDLM, use the ip nbar pdlm global configuration command. Example
Figure is an example of using the ip nbar port-map command. HTTP is often used on other port numbers. The example shows the usage of the ip nbar port-map command to also enable HTTP recognition on TCP port 8080. The NBAR port map is configured for HTTP for TCP ports 80 and 8080. The class map called “HTTP” is used to match the HTTP protocol. The policy map called “LIMITWEBB” will use the class map HTTP and set the bandwidth for HTTP traffic to 256 kbps. The policy map is then applied as a service policy for outbound traffic on serial0/0.
Content 4.2 Using NBAR for Classification 4.2.7 Configuring Stateful NBAR for Dynamic Protocols Use the MQC to configure the ability to classify traffic by protocol using NBAR and then apply QoS to the classified traffic. The steps, as shown in Figure , are required to deploy NBAR for stateful protocols. As shown in Figure , NBAR has enhanced classification capabilities for HTTP. It can classify packets belonging to HTTP flows based on the following: The following example classifies, within the class map called “class1,” HTTP packets based on any URL containing the string “whatsnew/latest” followed by zero or more characters: class-map class1
match protocol http url whatsnew/latest* The next example classifies, within the class map called “class2,” packets based on any host name containing the string “cisco” followed by zero or more characters: class-map class2
match protocol http host cisco* NBAR supports a wide range of network protocols, including the stateful protocols that were difficult to classify before. Stateful protocols such as HTTP or FastTrack applications need special configuration to use the NBAR feature. NBAR offers the ability to match packets containing a specified MIME type. The following example classifies, within the class map called “class3,” packets based on the JPEG MIME type: class-map class3
match protocol http mime "*jpeg" Applications that use the FastTrack peer-to-peer protocol include Kazaa, Grokster, and Morpheus (although newer versions of Morpheus use Gnutella). A regular expression is used to identify specific FastTrack traffic. For instance, entering “cisco” as the regular expression would classify the FastTrack traffic containing the string “cisco” as a match for the traffic policy. To specify that all FastTrack traffic be identified by the traffic class, use “*” as the regular expression. Figure lists various regular expressions and their description. The following example configures NBAR to match all FastTrack traffic: match protocol fasttrack file-transfer "*" In the next example, all FastTrack files that have the .mpeg extension will be classified into class map nbar. class-map match-all nbar
match protocol fasttrack file-transfer "*.mpeg" The following example configures NBAR to match FastTrack traffic that contains the string “cisco”: match protocol fasttrack file-transfer "*cisco*" Real-Time Transport Protocol (RTP) consists of a data part and a control part. The control part is called Real-Time Transport Control Protocol (RTCP). It is important to note that the NBAR RTP payload classification feature does not identify RTCP packets and that RTCP packets run on odd-numbered ports, while RTP packets run on even-numbered ports. The data part of RTP is a thin protocol providing support for applications with real-time properties (such as continuous media [audio and video]), which includes timing reconstruction, loss detection, and security and content identification. The RTP payload type is the data transported by RTP in a packet (for example, audio samples or compressed video data). NBAR RTP payload classification not only allows you to statefully identify real-time audio and video traffic, but it also can differentiate on the basis of audio and video codecs to provide more granular QoS. The RTP payload classification feature looks deep into the RTP header to classify RTP packets. Example: Classification of RTP Session
The example in Figure shows a simple classification of RTP sessions, both on the input interface and on the output interface of the router. On the input interface, three class maps have been created: voice-in, videoconferencing-in, and interactive-in. The voice-in class map will match the RTP audio protocol, the videoconferencing-in class map will match the RTP video protocol, and the interactive-in class map will match the Citrix protocol. The class-mark policy map will then do the following: