-
Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2SR
-
Quality of Service Overview
- Part 1: Classification
- Part 2: Congestion Management
- Part 3: Congestion Avoidance
- Part 4: Policing and Shaping
-
Part 5: Signalling
-
Signalling Overview
-
RSVP
-
Configuring RSVP
-
Control Plane DSCP Support for RSVP
-
Configuring RSVP Support for Frame Relay
-
RSVP Scalability Enhancements
-
RSVP Refresh Reduction and Reliable Messaging
-
RSVP Message Authentication
-
RSVP Application ID Support
-
RSVP Fast Local Repair
-
RSVP Interface-Based Receiver Proxy
-
RSVP Aggregation
-
MPLS TE---Tunnel-Based Admission Control (TBAC)
-
Configuring Subnetwork Bandwidth Manager
-
-
- Part 6: Link Efficiency Mechanisms
- Part 7: Quality of Service Solutions
- Part 8: Modular Quality of Service Command-Line Interface
- Part 9: Security Device Manager
-
Table Of Contents
Configuring NBAR Using the MQC
Prerequisites for Configuring NBAR Using the MQC
Information About Configuring NBAR Using the MQC
NBAR and the MQC Functionality
NBAR and the match protocol Commands
How to Configure NBAR Using the MQC
Attaching a Traffic Policy to an Interface or Subinterface
Verifying the NBAR Traffic Classes, Traffic Policies, and Protocol-to-Port Mappings
Configuration Examples for Configuring NBAR Using the MQC
Configuring a Traffic Class: Example
Configuring a Traffic Policy: Example
Attaching a Traffic Policy to an Interface or Subinterface: Example
Verifying the NBAR Protocol-to-Port Mappings: Example
Feature Information for Configuring NBAR Using the MQC
Configuring NBAR Using the MQC
First Published: April 4, 2006Last Updated: August 7, 2008After you enable Protocol Discovery, you can configure Network-Based Application Recognition (NBAR) using the functionality of the Modular Quality of Service (QoS) Command-Line Interface (CLI) (MQC). The MQC uses traffic classes and traffic policies (policy maps) to apply QoS features to classes of traffic and applications recognized by NBAR.
This module contains concepts and tasks for configuring NBAR using the MQC.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all of the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Configuring NBAR Using the MQC" section.
Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for Configuring NBAR Using the MQC
•
•
•
•
Prerequisites for Configuring NBAR Using the MQC
•
•
Note
Information About Configuring NBAR Using the MQC
Before configuring NBAR using the MQC, you should understand the following concepts:
•
•
NBAR and the MQC Functionality
To configure NBAR using the MQC, you must define a traffic class, configure a traffic policy (policy map), and then attach that traffic policy to the appropriate interface. These three tasks can be accomplished by using the MQC. The MQC is a command-line interface that allows you to define traffic classes, create and configure traffic policies (policy maps), and then attach these traffic policies to interfaces.
In the MQC, the class-map command is used to define a traffic class (which is then associated with a traffic policy). The purpose of a traffic class is to classify traffic.
Using the MQC to configure NBAR consists of the following:
•
•
•
A traffic class contains three major elements: a name, one or more match commands, and, if more than one match command exists in the traffic class, an instruction on how to evaluate these match commands (that is, match-all or match-any). The traffic class is named in the class-map command line; for example, if you enter the class-map cisco command while configuring the traffic class in the CLI, the traffic class would be named "cisco."
The match commands are used to specify various criteria for classifying packets. Packets are checked to determine whether they match the criteria specified in the match commands. If a packet matches the specified criteria, that packet is considered a member of the class and is forwarded according to the QoS specifications set in the traffic policy. Packets that fail to meet any of the matching criteria are classified as members of the default traffic class.
Note
NBAR and the match protocol Commands
NBAR recognizes specific network protocols and network applications that are used in your network. Once a protocol or application is recognized by NBAR, you can use the MQC to group the packets associated with those protocols or applications into classes. These classes are grouped on the basis of whether the packets conform to certain criteria.
For NBAR, the criterion is whether the packet matches a specific protocol or application known to NBAR. Using the MQC, network traffic with one network protocol (citrix, for example) can be placed into one traffic class, while traffic that matches a different network protocol (gnutella, for example) can be placed into another traffic class. Later, the network traffic within each class can be given the appropriate QoS treatment by using a traffic policy (policy map).
You specify the criteria used to classify traffic by using a match protocol command. Table 1 lists some of the available match protocol commands and the corresponding protocol or traffic type recognized and supported by NBAR.
Note
Table 1 match protocol Commands and Corresponding Protocol or Traffic Type
match protocol (NBAR)
Protocol type supported by NBAR
match protocol citrix
Citrix protocol
match protocol fasttrack
FastTrack peer-to-peer traffic
match protocol gnutella
Gnutella peer-to-peer traffic
match protocol http
Hypertext Transfer Protocol
match protocol rtp
Real-Time Transport Protocol traffic
1 Cisco IOS match protocol commands can vary by release. For more information, see the command documentation for the Cisco IOS release that you are using.
How to Configure NBAR Using the MQC
This section contains the following tasks:
•
•
•
•
Configuring a Traffic Class
Traffic classes can be used to organize packets into groups based on a user-specified criteria. For example, traffic classes can be configured to match packets on the basis of the protocol type or application recognized by NBAR. In this task, the traffic class is configured to match on the basis of the Citrix protocol type.
To configure a traffic class, perform the following steps.
Note
Restrictions
Typically, a single traffic class contains one or more match commands that can be used to organize packets into groups on the basis of a protocol type or application. You can create as many traffic classes as needed. However, for Cisco IOS Release 12.2(18)ZY, the following restrictions apply:
•
•
SUMMARY STEPS
1.
2.
3.
4.
5.
DETAILED STEPS
Configuring a Traffic Policy
Traffic that matches a user-specified criterion can be organized into a specific class that can, in turn, receive specific user-defined QoS treatment when that class is included in a policy map.
To configure a traffic policy, perform the following steps.
Note
As of Cisco IOS Release 12.2(18)ZY, CBWFQ is not supported on the Catalyst 6500 series switch that is equipped with a Supervisor 32/programmable intelligent services accelerator (PISA).
Restrictions
For Cisco IOS Release 12.2(18)ZY, an existing traffic policy (policy map) cannot be modified if the traffic policy is already attached to the interface. To remove the policy map from the interface, use the no form of the service-policy command.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Attaching a Traffic Policy to an Interface or Subinterface
After a policy map is created, the next step is to attach the traffic policy (sometimes called a policy map) to an interface or subinterface. Traffic policies can be attached to either the input or output direction of the interface or subinterface.
Note
To attach a traffic policy (policy map) to an interface, perform the following steps.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
DETAILED STEPS
Step 1
enable
Example:Router> enable
Enables privileged EXEC mode.
•
Step 2
configure terminal
Example:Router# configure terminal
Enters global configuration mode.
Step 3
interface type number [name-tag]
Example:Router(config)# interface ethernet 2/4
Configures an interface type and enters interface configuration mode.
•
Step 4
pvc [name] vpi/vci [ilmi | qsaal | smds | l2transport]
Example:Router(config-if)# pvc cisco 0/16
(Optional) Creates or assigns a name to an ATM permanent virtual circuit (PVC), specifies the encapsulation type on an ATM PVC, and enters ATM virtual circuit configuration mode.
•
Note
Step 5
exit
Example:Router(config-atm-vc)# exit
(Optional) Returns to interface configuration mode.
Note
Step 6
service-policy {input | output} policy-map-name
Example:Router(config-if)# service-policy input policy1
Attaches a policy map (traffic policy) to an input or output interface.
•
Note
Note
%PISA-6-NBAR_ENABLED: feature accelerated on input direction of: [interface name and type]%PISA-6-NBAR_ENABLED: feature accelerated on output direction of: [interface name and type]While both of these messages appear, NBAR is enabled in the direction specified by the input or output keyword only.
Step 7
end
Example:Router(config-if)# end
(Optional) Returns to privileged EXEC mode.
Verifying the NBAR Traffic Classes, Traffic Policies, and Protocol-to-Port Mappings
After you create the traffic classes and traffic policies (policy maps), you may want to verify that the end result is the one you intended. That is, you may want to verify whether your traffic is being classified correctly and whether it is receiving the QoS treatment as intended. You may also want to verify that the protocol-to-port mappings are correct.
To verify the NBAR traffic classes, traffic policies, and protocol-to-port mappings, perform the following steps.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
DETAILED STEPS
Configuration Examples for Configuring NBAR Using the MQC
This section provides the following configuration examples:
•
•
•
•
Configuring a Traffic Class: Example
In the following example, a class called cmap1 has been configured. All traffic that matches the citrix protocol will be placed in the cmap1 class.
Router> enable
Router# configure terminal
Router(config)# class-map cmap1
Router(config-cmap)# match protocol citrix
Router(config-cmap)# end
Configuring a Traffic Policy: Example
In the following example, a traffic policy (policy map) called policy1 has been configured. Policy1 contains a class called class1, within which CBWFQ has been enabled.
Router> enable
Router# configure terminal
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# bandwidth percent 50
Router(config-pmap-c)# end
Note
As of Cisco IOS Release 12.2(18)ZY, CBWFQ is not supported on the Catalyst 6500 series switch that is equipped with a Supervisor 32/PISA.
Attaching a Traffic Policy to an Interface or Subinterface: Example
In the following example, the traffic policy (policy map) called policy1 has been attached to Ethernet interface 2/4 in the input direction of the interface.
Router> enable
Router# configure terminal
Router(config)# interface ethernet 2/4
Router(config-if)# service-policy input policy1
Router(config-if)# end
Verifying the NBAR Protocol-to-Port Mappings: Example
The following is sample output of the show ip nbar port-map command. This command displays the current protocol-to-port mappings in use by NBAR. Use the display to verify that these mappings are correct.
Router# show ip nbar port-mapport-map bgp udp 179port-map bgp tcp 179port-map cuseeme udp 7648 7649port-map cuseeme tcp 7648 7649port-map dhcp udp 67 68port-map dhcp tcp 67 68If the ip nbar port-map command has been used, the show ip nbar port-map command displays the ports assigned to the protocol.
If the no ip nbar port-map command has been used, the show ip nbar port-map command displays the default ports. To limit the display to a specific protocol, use the protocol-name argument of the show ip nbar port-map command.
Where to Go Next
To add application recognition modules (also known as Packet Description Language Modules or PDLMs) to your network, see the "Adding Application Recognition Modules" module.
To classify network traffic on the basis of a custom protocol, see the "Creating a Custom Protocol" module.
Additional References
The following sections provide references related to configuring NBAR using the MQC.
Related Documents
QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples
QoS features and functionality on the Catalyst 6500 series switch
"Configuring PFC QoS" chapter of the Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
MQC, traffic policies (policy maps), and traffic classes
CBWFQ
Concepts and information about NBAR
Information about enabling Protocol Discovery
Information about adding application recognition modules (also known as PDLMs)
Creating a custom protocol
"Creating a Custom Protocol" module
Technical Assistance
Feature Information for Configuring NBAR Using the MQC
Table 2 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(1) or a later release appear in the table.
For information on a feature in this technology that is not documented here, see the "Classifying Network Traffic Using NBAR Features Roadmap" module.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note
Table 2 Feature Information for Configuring NBAR Using the MQC
QoS: DirectConnect PDLM
12.4(4)T
Provides support for the DirectConnect protocol and Packet Description Language Module (PDLM). The DirectConnect protocol can now be recognized when using the MQC to classify traffic.
The following sections provide information about the QoS: DirectConnect PDLM feature:
•
QoS: Skype Classification
12.4(4)T
Provides support for the Skype protocol. The Skype protocol can now be recognized when using the MQC to classify traffic.
Note
The following sections provide information about the QoS: Skype Classification feature:
•
NBAR—BitTorrent PDLM
12.4(2)T
Provides support for the BitTorrent PDLM and protocol. The BitTorrent protocol can now be recognized when using the MQC to classify traffic.
The following sections provide information about the NBAR-BitTorrent PDLM feature:
•
NBAR—Citrix ICA Published Applications
12.4(2)T
Enables NBAR to classify traffic on the basis of the Citrix Independent Computing Architecture (ICA) published application name and tag number.
The following sections provide information about the NBAR-Citrix ICA Published Applications feature:
•
NBAR—Multiple Matches Per Port
12.4(2)T
Provides the ability for NBAR to distinguish between values of an attribute within the traffic stream of a particular application on a TCP or UDP port.
The following sections provide information about the NBAR-Multiple Matches Per Port feature:
•
NBAR Extended Inspection for HTTP Traffic
12.3(4)T
Allows NBAR to scan TCP ports that are not well known and identify HTTP traffic that traverses these ports.
The following sections provide information about the NBAR Extended Inspection for HTTP Traffic feature:
•
NBAR Real-Time Transport Protocol Payload Classification
12.2(15)T
Enables stateful identification of real-time audio and video traffic.
The following section provides information about the NBAR Real-Time Transport Protocol Payload Classification feature:
•
NBAR—Network-Based Application Recognition
12.2(18)ZYA
Integrates NBAR and Firewall Service Module (FWSM) functionality on the Catalyst 6500 series switch that is equipped with a Supervisor 32/programmable intelligent services accelerator (PISA). Additional protocols are now recognized by NBAR.
The following sections provide information about the NBAR feature:
•
•
The following command was modified: match protocol (NBAR).
NBAR—Network-Based Application Recognition (Hardware Accelerated NBAR)
12.2(18)ZY
Enables NBAR functionality on the Catalyst 6500 series switch that is equipped with a Supervisor 32/programmable intelligent services accelerator (PISA).
The following section provides information about the NBAR—Network-Based Application Recognition (Hardware Accelerated NBAR) feature:
•
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco Ironport, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Stackpower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flip Video, Flip Video (Design), Flipshare (Design), Flip Ultra, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0907R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2006-2008 Cisco Systems, Inc. All rights reserved.
