JANETBMAS Cisco NBAR Cisco NBAR Ben Horner George
JANET-BMAS Cisco NBAR
Cisco NBAR Ben Horner George Neisser Ben. Horner@mcc. ac. uk George. Neisser@mcc. ac. uk Bandwidth Management Advisory Service
Introduction n BMAS § To keep abreast of the latest developments, technologies and standards in bandwidth management § To trial and evaluate products § To assess their usefulness and applicability within UK education § To produce advisory materials, usage guidelines and recommendations n BMAS web site: http: //www. bmas. ja. net/ § To collaborate with organisations n NBAR § What can it do? § How is it applied? § BMAS Results § What can’t it do? Bandwidth Management Advisory Service
What is NBAR? n Cisco: § Intelligent classification engine used with Quality of Service (Qo. S) class-based features § Protocol Discovery analyses application traffic patterns in real time and identifies which traffic is running on the network § Capable of classifying applications that have: n n n Statically assigned TCP and UDP port numbers Non-TCP and non-UDP IP protocols Dynamically assigned TCP and UDP port numbers during connection establishment Classification based on deep packet inspection: NBAR can look deeper into the packet to identify applications HTTP traffic by URL, host name or MIME type using regular expressions (*, ? , [ ]), Citrix ICA traffic, RTP Payload type classification Currently supports 88 protocols/applications Bandwidth Management Advisory Service
What can NBAR do? LOCAL CAMPUS NBAR can stop Bottleneck causes Ka. Za. A traffic and give to back priority upto into the queues video conference that are alltraffic given best effort 2 M b/s W AN INTERNET D S Key: HTTP Ka. Za. A Video Conference Bandwidth Management Advisory Service
Applying NBAR n n n n Get the latest IOS and PDLMs Enable NBAR on your interfaces Collect and analyse results Decide upon and create classes Decide upon and create policies Apply policies to interfaces Collect and analyse results Modify classes and policies appropriately Bandwidth Management Advisory Service
Example Router# conf t Router(config)# ip cef Router(config)# int eth 0/0 Router(config-if)# ip nbar protocol-discovery Router(config-if)# exit Router(config)# int se 0/0 Router(config-if)# ip nbar protocol-discovery Router# show ip nbar protocol discovery int eth 0/0 top 3 Fast. Ethernet 0/0 Input Packet Count Byte Count 5 minute bit rate (bps) ------------ftp 64175242 89351513113 1073000 http 58194017 82356099996 924000 netshow 161827 211785210 0 unknown 151860 103546921 0 Total 123055877 172435146582 1997000 Protocol Bandwidth Management Advisory Service Output Packet Count Byte Count 5 minute bit rate (bps) ------------45153848 2484576000 28000 32519125 1958417833 22000 76694 4328663 0 24174 1594651 0 77838212 4477038399 50000
Example continued… Router(config)# class-map match-any streams Router(config-cmap)# match protocol rtp Router(config-cmap)# match protocol rtsp Router(config-cmap)# match protocol netshow Router(config-cmap)# match ip dscp ef Router(config-cmap)# exit Router(config)# policy-map dscp_mark Router(config-pmap)# class streams Router(config-pmap-c)# set ip dscp ef Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# policy-map apply_qos Router(config-pmap)# class streams Router(config-pmap-c)# bandwidth 600 Router(config-pmap-c)# exit Router(config-pmap)# class-default Router(config-pmap-c)# fair-queue Router(config-pmap-c)# exit Router(config-pmap)# exit Router(config)# int eth 0/0 Router(config-if)# service-policy input dscp_mark Router(config-if)# exit Router(config)# int se 0/0 Router(config-if)# service-policy output apply_qos Router(config-if)# exit Router(config)# exit Router# show running-config Bandwidth Management Advisory Service class-map match-any streams match protocol rtp match protocol rtspplayer match protocol netshow match ip dscp ef ! ! policy-map input_mark class stream set ip dscp ef policy-map apply_qos class stream bandwidth 600 class-default fair-queue
Example continued… Router# show policy-map int eth 0/0 Ethernet 0/0 Service-policy input: dscp_mark Class-map: stream (match-any) 130521 packets, 97066868 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: protocol rtp 0 packets, 0 bytes 5 minute rate 0 bps Match: protocol rtspplayer 117857 packets, 79344153 bytes 5 minute rate 0 bps Match: protocol netshow 12664 packets, 17722715 bytes 5 minute rate 0 bps Match: ip dscp ef 0 packets, 0 bytes 5 minute rate 0 bps Qo. S Set dscp ef Packets marked 130521 Class-map: class-default (match-any) 175792 packets, 231418813 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any Bandwidth Management Advisory Service
BMAS NBAR Results Bandwidth Management Advisory Service
What can’t NBAR do? n n n It’s not a magic wand It doesn’t recognise everything (but what does? ) Requires the very latest IOS and PDLMs to be fully effective § You can create your own PDLMs(ish) ip nbar custom lunar_light 8 ascii Moonbeam tcp range 2000 2999 n n NBAR is quite crude. Queues and drops rather than shapes. It will add a CPU overhead NBAR is not particularly easy to configure/get right It probably will improve as it becomes a more accepted method of bandwidth management Bandwidth Management Advisory Service
Further Information n Cisco presentations and documentation § NBAR Overview (12. 2 T) n § § Code Red virus blocking: n n http: //www. cisco. com/warp/public/732/Tech/qos/nbar/ NBAR Protocol Discovery MIB n n http: //www. cisco. com/en/US/products/sw/iosswrel/ps 1835/products_tech_note 09186 a 0080110 d 17. sht ml Many NBAR presentations and papers n § http: //www. cisco. com/en/US/products/hw/routers/ps 359/products_tech_note 09186 a 00800 fc 176. shtml Nimda virus blocking n § http: //www. cisco. com/en/US/products/sw/iosswrel/ps 1839/products_feature_guide 09186 a 0080087 cd 0. html www. cisco. com/univercd/cc/td/doc/product/software/ios 122/122 newft/122 t 15/ftpdmib. htm BMAS website § http: //www. bmas. ja. net § ben. horner@mcc. ac. uk Contact me Thank you Bandwidth Management Advisory Service
- Slides: 12