Creating a Custom Protocol
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Contents
Creating a Custom ProtocolLast Updated: November 20, 2011
Network-Based Application Recognition (NBAR) recognizes and classifies network traffic on the basis of a set of protocols and application types. You can add to the set of protocols and application types that NBAR recognizes by creating custom protocols. Creating custom protocols is an optional process. However, custom protocols extend the capability of NBAR to classify and monitor additional static port applications and allow NBAR to classify nonsupported static port traffic. This module contains concepts and tasks for creating a custom protocol. Finding Feature InformationYour software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required. Prerequisites for Creating a Custom ProtocolBefore creating a custom protocol, read the information in the "Classifying Network Traffic Using NBAR" module. Information About Creating a Custom ProtocolNBAR and Custom ProtocolsNBAR supports the use of custom protocols to identify custom applications. Custom protocols support static port-based protocols and applications that NBAR does not currently support.
With NBAR supporting the use of custom protocols, NBAR can map static TCP and UDP port numbers to the custom protocols. Initially, NBAR included the following features related to custom protocols and applications:
In Cisco IOS Release 12.3(4)T, the following enhancements to custom protocols were introduced:
In Cisco IOS Release 12.4(1)T, the following enhancements to custom protocols were introduced:
This additional keyword and two additional arguments allow for creation of more than one custom protocol based on the same port numbers.
MQC and NBAR Custom ProtocolsNBAR recognizes and classifies network traffic by protocol or application. You can extend the set of protocols and applications that NBAR recognizes by creating a custom protocol. Custom protocols extend the capability of NBAR Protocol Discovery to classify and monitor additional static port applications and allow NBAR to classify nonsupported static port traffic. You define a custom protocol by using the keywords and arguments of the ip nbar custom command. However, after you define the custom protocol, you must create a traffic class and configure a traffic policy (policy map) to use the custom protocol when NBAR classifies traffic. To create traffic classes and configure traffic polices, use the functionality of the Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC). The MQC is a command-line interface that allows you to define traffic classes, create and configure traffic policies (policy maps), and then attach these traffic policies to interfaces. For more information about NBAR and the functionality of the MQC, see the "Configuring NBAR Using the MQC" module. How to Create a Custom Protocol
Defining a Custom ProtocolCustom protocols extend the capability of NBAR Protocol Discovery to classify and monitor additional static port applications and allow NBAR to classify nonsupported static port traffic. To define a custom protocol, perform the following steps. DETAILED STEPS ExamplesCustom Application Examples for Cisco IOS Releases Prior to 12.3(4)TIn the following example, a gaming application that runs on TCP port 8877 needs to be classified using NBAR. You can use custom-01 to map TCP port 8877 by entering the following command:
Router(config)# ip nbar custom-01 tcp 8877
Custom Application Examples for Cisco IOS Release 12.3(4)T and Later ReleasesIn the following example, the custom protocol app_sales1 will identify TCP packets that have a source port of 4567 and that contain the term "SALES" in the first payload packet:
Router(config)# ip nbar custom app_sales1 5 ascii SALES source tcp 4567
In the following example, the custom protocol virus_home will identify UDP packets that have a destination port of 3000 and that contain "0x56" in the seventh byte of the first packet of the flow:
Router(config)#
ip nbar custom virus_home 7 hex 0x56 destination udp 3000
In the following example, the custom protocol media_new will identify TCP packets that have a destination or source port of 4500 and that have a value of 90 at the sixth byte of the payload. Only the first packet of the flow is checked for value 90 at offset 6.
Router(config)# ip nbar custom media_new 6 decimal 90 tcp 4500
In the following example, the custom protocol msn1 will look for TCP packets that have a destination or source port of 6700:
Router(config)#
ip nbar custom msn1 tcp 6700
In the following example, the custom protocol mail_x will look for UDP packets that have a destination port of 8202:
Router(config)# ip nbar custom mail_x destination udp 8202
In the following example, the custom protocol mail_y will look for UDP packets that have destination ports between 3000 and 4000 inclusive:
Router(config)# ip nbar custom mail_y destination udp range 3000 4000
Configuring a Traffic Class to Use the Custom ProtocolTraffic classes can be used to organize packets into groups on the basis of a user-specified criterion. For example, traffic classes can be configured to match packets on the basis of the protocol type or application recognized by NBAR. In this case, the traffic class is configured to match on the basis of the custom protocol. To configure a traffic class to use the custom protocol, perform the following steps. DETAILED STEPS ExamplesIn the following example, the variable keyword is used while creating a custom protocol, and class maps are configured to classify different values within the variable field into different traffic classes. Specifically, in the example below, variable scid values 0x15, 0x21, and 0x27 will be classified into class map active-craft, while scid values 0x11, 0x22, and 0x25 will be classified into class map passive-craft. Router(config)# ip nbar custom ftdd 23 variable scid 1 tcp range 5001 5005 Router(config)# class-map active-craft Router(config-cmap)# match protocol ftdd scid 0x15 Router(config-cmap)# match protocol ftdd scid 0x21 Router(config-cmap)# match protocol ftdd scid 0x27 Router(config)# class-map passive-craft Router(config-cmap)# match protocol ftdd scid 0x11 Router(config-cmap)# match protocol ftdd scid 0x22 Router(config-cmap)# match protocol ftdd scid 0x25 Configuring a Traffic PolicyTraffic that matches a user-specified criterion can be organized into specific classes. The traffic in those classes can, in turn, receive specific QoS treatment when that class is included in a policy map. To configure a traffic policy, perform the following steps. DETAILED STEPS Attaching the Traffic Policy to an InterfaceAfter a traffic policy (policy map) is created, the next step is to attach the policy map to an interface. Policy maps can be attached to either the input or output direction of the interface.
To attach the traffic policy to an interface, perform the following steps. DETAILED STEPS
Displaying Custom Protocol InformationAfter you create a custom protocol and match traffic on the basis of that custom protocol, you can use the show ip nbar port-map command to display information about that custom protocol. To display custom protocol information, complete the following steps. DETAILED STEPS
Configuration Examples for Creating a Custom Protocol
Example Creating a Custom ProtocolIn the following example, the custom protocol called app_sales1 identifies TCP packets that have a source port of 4567 and that contain the term SALES in the first payload packet:
Router> enable
Router# configure terminal
Router(config)# ip nbar custom app_sales1 5 ascii SALES source tcp 4567
Router(config)# end
Example Configuring a Traffic Class to Use the Custom ProtocolIn the following example, a class called cmap1 has been configured. All traffic that matches the custom app_sales1 protocol will be placed in the cmap1 class.
Router> enable
Router# configure terminal
Router(config)# class-map cmap1
Router(config-cmap)# match protocol app_sales1
Router(config-cmap)# end
Example Configuring a Traffic PolicyIn the following example, a traffic policy (policy map) called policy1 has been configured. Policy1 contains a class called class1, within which CBWFQ has been enabled.
Router> enable
Router# configure terminal
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth percent 50
Router(config-pmap-c)# end
Example Attaching the Traffic Policy to an InterfaceIn the following example, the traffic policy (policy map) called policy1 has been attached to ethernet interface 2/4 in the input direction of the interface.
Router> enable
Router# configure terminal
Router(config)# interface ethernet 2/4
Router(config-if)# service-policy input policy1
Router(config-if)# end
Example Displaying Custom Protocol InformationThe following is sample output of the show ip nbar port-map command. This command displays the current protocol-to-port mappings in use by NBAR. Use the display to verify that these mappings are correct.
Router# show ip nbar port-map
port-map bgp udp 179
port-map bgp tcp 179
port-map cuseeme udp 7648 7649
port-map cuseeme tcp 7648 7649
port-map dhcp udp 67 68
port-map dhcp tcp 67 68
If the ip nbar port-map command has been used, the show ip nbar port-map command displays the ports assigned to the protocol. If the no ip nbar port-mapcommand has been used, the show ip nbar port-map command displays the default ports. To limit the display to a specific protocol, use the protocol-name argument of the show ip nbar port-map command. Additional ReferencesRelated Documents
Technical Assistance
Feature Information for Creating a Custom ProtocolThe following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. © 2011 Cisco Systems, Inc. All rights reserved.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||