|
|
This feature module describes the Network-Based Application Recognition (NBAR) feature. It includes information on the benefits of the new feature, supported platforms, restrictions, definitions, and new and revised command syntax.
This document includes the following sections:
As IP quality of service (QoS) technology matures and customers begin QoS deployment in production networks, new requirements for packet classification have emerged. Today's applications require high performance to ensure competitiveness in an increasingly fast-paced business environment. Networks provide a variety of services to ensure that mission critical applications receive the required bandwidth for high performance. Today's Internet-based and client-server applications make it difficult for networks to identify packets and provide the proper level of control.
Network-Based Application Recognition (NBAR) solves this problem by adding intelligent network classification to network infrastructures. NBAR is a new classification engine that recognizes a wide variety of applications, including web-based and other difficult to classify protocols that utilize dynamic TCP/UDP port assignments. When an application is recognized and classified by NBAR, a network can invoke services for that specific application. NBAR ensures that network bandwidth is used efficiently by working with QoS features to provide:
NBAR introduces several new classification features:
NBAR can also classify static port protocols. While Access Lists (ACLs) can also be used for this purpose, NBAR is easier to configure and can provide classification statistics which are not available when using ACLs.
NBAR provides a special Protocol Discovery feature that determines which application protocols are traversing a network at any given time. The Protocol Discovery feature captures key statistics associated with each protocol in a network. These statistics can be used to define traffic classes and QoS policies for each traffic class.
NBAR can classify application traffic by looking beyond the TCP/UDP port numbers of a packet. This is subport classification. NBAR looks into the TCP/UDP payload itself and classifies packets on content within the payload such as transaction identifier, message type, or other similar data.
NBAR recognizes HTTP GET packet(s) containing the URL and classifies all packets that are sent to the source of the HTTP GET request. Figure 1 illustrates a network topology with NBAR in which Router Y is the NBAR-enabled router.
When specifying a URL for classification, include only the portion of the URL following the www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/whatsnew.html, include only /latest/whatsnew.html.
HOST specification is identical to URL specification. NBAR performs a regular expression match on the HOST field contents inside an HTTP GET packet and classifies all packets from that host. For example, for the URL www.cisco.com/latest/whatsnew.html, include only www.cisco.com.
For MIME type matching, the MIME type can contain any user-specified text string. A list of the Internet Assigned Numbers Authority (IANA) supported MIME types can be found at:
ftp://ftp.isi.edu/in-notes/iana/assignments/media-types/media-types
In MIME type matching, NBAR classifies the packet containing the MIME type and all subsequent packets, which are sent to the source of the HTTP GET request.
NBAR supports URL and HOST classification in the presence of persistent HTTP. NBAR does not classify packets that are part of a pipelined request. With pipelined requests, multiple requests are pipelined to the server before previous requests are serviced. Pipelined requests are a less commonly used type of persistent HTTP request.
An external Packet Description Language Module (PDLM) can be loaded at run time to extend the NBAR list of recognized protocols. PDLMs can also be used to enhance an existing protocol recognition capability. PDLMs allow NBAR to recognize new protocols without requiring a new IOS image or a router reload.
New PDLMs will only be released by Cisco and can be loaded from flash memory. Please contact your local Cisco Representative to request additions or changes to the set of protocols classified by NBAR.
NBAR uses approximately 150 bytes of DRAM for each flow that requires stateful inspection. (See Table 3 for a list of stateful protocols supported by NBAR that require stateful inspection.) When NBAR is configured, it allocates 1 MB of DRAM to support up to 5000 concurrent flows. NBAR checks to see if it needs more memory to handle additional concurrent stateful flows. If such a need is detected, NBAR expands its memory usage in increments of 200 Kb to 400 Kb.
NBAR is capable of classifying the following three types of protocols:
| Protocol | Type | Well-Known Port Number | Description | Syntax |
|---|---|---|---|---|
EGP | IP | 8 | Exterior Gateway Protocol | egp |
GRE | IP | 47 | Generic Routing Encapsulation | gre |
ICMP | IP | 1 | Internet Control Message Protocol | icmp |
IPINIP | IP | 4 | IP in IP | ipinip |
IPSec | IP | 50, 51 | IP Encapsulating Security Payload/Authentication Header | ipsec |
EIGRP | IP | 88 | Enhanced Interior Gateway Routing Protocol | eigrp |
| Protocol | Type | Well-Know Port Number | Description | Syntax |
|---|---|---|---|---|
BGP | TCP/UDP | 179 | Border Gateway Protocol | bgp |
CU-SeeMe | TCP/UDP | 7648, 7649 | Desktop video conferencing | cuseeme |
CU-SeeMe | UDP | 24032 | Desktop video conferencing | cuseeme |
DHCP/Bootp | UDP | 67, 68 | Dynamic Host Configuration Protocol/ Bootstrap Protocol | dhcp |
DNS | TCP/UDP | 53 | Domain Name System | dns |
Finger | TCP | 79 | Finger user information protocol | finger |
Gopher | TCP/UDP | 70 | Internet Gopher Protocol | gopher |
HTTP | TCP | 80 | Hypertext Transfer Protocol | http |
HTTPS | TCP | 443 | Secured HTTP | secure-http |
IMAP | TCP/UDP | 143, 220 | Internet Message Access Protocol | imap |
IRC | TCP/UDP | 194 | Internet Relay Chat | irc |
Kerberos | TCP/UDP | 88, 749 | The Kerberos Network Authentication Service | kerberos |
L2TP | UDP | 1701 | L2F/L2TP tunnel | l2tp |
LDAP | TCP/UDP | 389 | Lightweight Directory Access Protocol | ldap |
MS-PPTP | TCP | 1723 | Microsoft point-to-point tunneling protocol for VPN | pptp |
MS-SQLServer | TCP | 1433 | Microsoft SQL Server Desktop Video Conferencing | sqlserver |
NetBIOS | TCP | 137, 139 | NetBIOS over IP (MS Windows) | netbios |
NetBIOS | UDP | 137, 138 | NetBIOS over IP (MS Windows) | netbios |
NFS | TCP/UDP | 2049 | Network File System | nfs |
NNTP | TCP/UDP | 119 | Network Time Protocol | nntp |
Notes | TCP/UDP | 1352 | Lotus Notes | notes |
NTP | TCP/UDP | 123 | Network Time Protocol | ntp |
PCAnywhere | TCP | 5631, 65301 | Symantec PCAnywhere | pcanywhere |
PCAnywhere | UDP | 22, 5632 | Symantec PCAnywhere | pcanywhere |
POP3 | TCP/UDP | 110 | Post Office Protocol | pop3 |
RIP | UDP | 520 | Routing Information Protocol | rip |
RSVP | UDP | 1698,1699 | Resource Reservation Protocol | rsvp |
SFTP | TCP | 990 | Secure FTP | secure-ftp |
SHTTP | TCP | 443 | Secure HTTP | secure-http |
SIMAP | TCP/UDP | 585, 993 | Secure IMAP | secure-imap |
SIRC | TCP/UDP | 994 | Secure IRC | secure-irc |
SLDAP | TCP/UDP | 636 | Secure LDAP | secure-ldap |
SNNTP | TCP/UDP | 563 | Secure NNTP | secure-nntp |
SMTP | TCP | 25 | Simple Mail Transfer Protocol | smtp |
SNMP | TCP/UDP | 161, 162 | Simple Network Management Protocol | snmp |
SOCKS | TCP | 1080 | Firewall security protocol | socks |
SPOP3 | TCP/UDP | 995 | Secure POP3 | secure-pop3 |
SSH | TCP | 22 | Secured Shell | ssh |
STELNET | TCP | 992 | Secure TELNET | secure-telnet |
Syslog | UDP | 514 | System Logging Utility | syslog |
Telnet | TCP | 23 | Telnet Protocol | telnet |
X Windows | TCP | 6000-6003 | X11, X Windows | xwindows |
| Protocol | Type | Description | Syntax |
|---|---|---|---|
FTP | TCP | File Transfer Protocol | ftp |
Exchange | TCP | MS-RPC for Exchange | exchange |
HTTP | TCP | HTTP with URL or MIME classification | http |
Netshow | TCP/UDP | Microsoft Netshow | netshow |
Realaudio | TCP/UDP | Real Audio Streaming Protocol | realaudio |
r-commands | TCP | rsh, rlogiin, rexec | rcmd |
StreamWorks | UDP | Xing Technology Stream Works audio and video | streamwork |
SQL*NET | TCP/UDP | SQL*NET for Oracle | sqlnet |
SunRPC | TCP/UDP | Sun Remote Procedure Call | sunrpc |
TFTP | UDP | Trivial File Transfer Protocol | tftp |
VDOLive | TCP/UDP | VDOLive Streaming Video | vdolive |
NBAR addresses IP QoS classification requirements by classifying application-level protocols so that QoS policies can be applied to the classified traffic. NBAR addresses the ongoing need to extend the classification engine for the many existing and emerging application protocols by providing an extensible Packet Description Language (PDL). NBAR can determine which protocols and applications are currently running on a network so that an appropriate QoS policy can be created based upon the current traffic mix and application requirements.
NBAR can now perform subport classification of HTTP traffic by HOST name in addition to classification by MIME-type or URL. This enables users to classify HTTP traffic by web server names. With URL matching, only the portion of the URL following the hostname can be specified for a match. To perform a match on the hostname portion of the URL, use the new HOST matching criteria. For example, a HOST match on http://www.cisco.com/latest/whatsnew.html will classify all traffic from the web server www.cisco.com while a URL match can be performed on the /latest/whatsnew.html portion of the URL.
The NBAR feature does not support the following:
NBAR is not configurable on the following logical interfaces:
 |
Note NBAR cannot be used to classify output traffic on a WAN link where tunneling or encryption is used. Therefore, NBAR should be configured on other interfaces on the router (such as a LAN link) to perform input classification before the traffic is switched to the WAN link for output. |
No new or modified MIBs are supported by this feature.
For descriptions of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
You must enable Cisco Express Forwarding (CEF) before you configure NBAR. For more information on CEF, refer to the Cisco IOS Release 12.0 configuration guide titled Cisco IOS Switching Services Configuration Guide.
Your interface to NBAR is via the Modular QoS Command Line Interface (MQC). MQC provides a model for QoS configuration under IOS. MQC provides a clean separation between the specification of a classification policy and the specification of other policies that act based on the results of the applied classification.
Use the class-map command to define one or more traffic classes by specifying the criteria by which traffic is classified.
Use the policy-map command to define one or more QoS policies (such as shaping, policing, and so on) to apply to traffic defined by a class-map.
Use the service-policy command to attach a policy map to an interface on the router.
See the following sections for configuration tasks for the NBAR feature. Each task in the list indicates if it is optional or required:
| Command | Purpose |
|---|---|
Router(config)# class-map match-all | match-any class-name | Specifies the user-defined name of the class map. The match-all option specifies that all match criteria in the class-map must be matched. The match-any option specifies that one or more match criteria must match. |
Router(config-cmap)# match protocol protocol-name | Specifies a protocol supported by NBAR as a matching criteria. |
Router(config-cmap)# match class-map class-name | Specifies a class-map as a matching criteria (nested class-maps). |
When neither match-all nor match-any is specified, the default is match-all. Use the no class-map command to disable the class map. Use the no match-all and no match-any commands to disable these commands within the class map. Use the match not command to configure a match that evaluates to true if the packet does not match the specified protocol.
Use the policy-map configuration command to specify the QoS policies to apply to traffic classes defined by a class map. QoS policies that can be applied to traffic classification are listed in the table below.
| Command | Purpose |
|---|---|
Router(config)# policy-map policy-name | User specified policy map name. |
Router(config-pmap)# class class-name | Specifies the name of a previously defined class map. |
Router(config-pmap-c)# bandwidth kbps | Specifies a minimum bandwidth guarantee to a traffic class. |
Router(config-pmap-c)# police bps conform transmit exceed drop | Specifies a maximum bandwidth usage by a traffic class. |
Router(config-pmap-c)# set ip precedence {0-7} | Specifies the IP precedence of packets within a traffic class. |
outer(config-pmap-c)# set qos-group {0-99} | Specifies a qos-group value to associate with the packet. |
Router(config-pmap-c)# random-detect | Enables weighted random early detection (WRED) drop policy for a traffic class that has a bandwidth guarantee. |
Router(config-pmap-c)# queue-limit packets | Specifies maximum number of packets queued for a traffic class (in the absence of random-detect). |
Use the no policy-map command to deconfigure the policy map. Use the no bandwidth, no police, no set, and no random-detect commands to disable these commands within the policy map.
Use the service-policy interface configuration command to attach a policy map to an interface and to specify the direction in which the policy should be applied (on either packets coming into the interface or packets leaving the interface.)
.
| Command | Purpose |
|---|---|
Router(config-if)# service-policy output policy-map-name | Specifies the name of the policy map to be attached to the output direction of the interface. |
Router(config-if)# service-policy input policy-map-name | Specifies the name of the policy map to be attached to the input direction of the interface. |
Use the no service-policy [input | output] policy-map-name command to detach a policy map from an interface.
Use the show policy-map [interface [interface-spec [input | output [class class-name]]]] command to display the configuration of a policy map and its associated class maps. Forms of this command are listed in the table below.
| Command | Purpose |
|---|---|
Router# show class-map | Displays all class map information. |
Router# show class-map class-name | Displays the class map information of the user specified class map. |
Router# show policy-map | Displays all configured policy maps. |
Router# show policy-map policy-map-name | Displays the user-specified policy map. |
Router# show policy-map interface | Displays statistics and configurations of all input and output policies, which are attached to an interface. |
Router# show policy-map interface-spec | Displays configuration and statistics of the input and output policies attached to a particular interface |
Router# show policy-map interface-spec [input] | Displays configuration and statistics of the input policy attached to an interface. |
Router# show policy-map interface-spec [output] | Displays configuration statistics of the output policy attached to an interface. |
Router# show policy-map interface-spec [input|output] class class-name | Displays the configuration and statistics for the class name configured in the policy. |
You must enable Cisco Express Forwarding (CEF) on the router prior to configuring the NBAR feature.
NBAR can determine which protocols and applications are currently running on a network. NBAR includes the Protocol Discovery feature that provides an easy way of discovering application protocols operating on an interface so that appropriate QoS policies can be developed and applied. With Protocol Discovery, you can discover any protocol traffic supported by NBAR and obtain statistics associated with that protocol. To monitor and maintain the NBAR feature, use the following commands:
| Command | Purpose |
|---|---|
Router# show ip nbar port-map [protocol-name] | Displays the TCP/UDP port number(s) used by NBAR to classify a given protocol. |
Router# show ip nbar protocol-discovery | Displays the statistics for all interfaces on which protocol-discovery is enabled. |
This section provides the following configuration examples:
In the following example, the class-map foo command uses NBAR classification of SQL*Net as its matching criteria:
Router(config)# class-map foo Router(config-cmap)# match protocol sqlnet
In the following example, the policy-map bar command reserves a minimum bandwidth guarantee of 10 Kbps to the traffic within class foo:
Router(config)# policy-map bar Router(config-pmap)# class foo Router(config-pmap-c)# bandwidth 10
In the following example, the policy-map bar command establishes a maximum bandwidth limit of 16 Kbps to the traffic within class foo resulting in the transmission of conforming packets and the drop of exceeding packets:
Router(config)# policy-map bar Router(config-pmap)# class foo Router(config-pmap-c)# police 16000 8000 8000 conform transmit exceed drop
In the following example, the policy-map bar command establishes an IP precedence of four packets within traffic class foo:
Router(config)# policy-map bar Router(config-pmap)# class foo Router(config-pmap-c)# set ip precedence 4
In the following example, the policy-map command attaches the policy map to the output direction of an Ethernet interface:
Router(config)# interface ethernet 1/3 Router(config-if)# service-policy output bar
This section documents new and enhanced commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.
To extend or enhance the list of protocols recognized by NBAR through a Cisco provided PDLM, use the ip nbar pdlm configuration command. Use the no form of this command to unload a PDLM if it was previously loaded.
ip nbar pdlm pdlm-name
Syntax Description
pdlm-name The URL where the PDLM can be found on the flash card.
Defaults
No default behavior or values.
Command Modes
Configuration
Command History
12.0(5)XE2 This command was introduced.
Release
Modification
Usage Guidelines
This command is used in configuration mode to extend the list of protocols recognized by a given version of NBAR or to enhance an existing protocol recognition capability. NBAR can be given an external PDLM at run time. In most cases, the PDLM enables NBAR to recognize new protocols without requiring a new IOS image or a router reload. Only Cisco can provide you with a new PDLM.
Examples
The following example configures NBAR to load the citrix.pdlm PDLM from flash memory on the router:
ip nbar pdlm flash://citrix.pdlm
Related Commands
Displays the current PDLM in use by NBAR.
Command
Description
To configure NBAR to search for a protocol or protocol name using a port number other than the well-known port, use the ip nbar port-map global configuration command. Use the no form of this command to look for the protocol name using only the well-known port number.
ip nbar port-map protocol-name [tcp | udp] port
Syntax Description
protocol-name Name of protocol known to NBAR port Assigned port for named protocol.
Defaults
No default behavior or values.
Command Modes
Global configuration
Command History
12.0(5)XE2 This command was introduced.
Release
Modification
Usage Guidelines
This command is used in configuration mode to tell NBAR to look for the protocol protocol-name using a port number or numbers other than the well-known (IANA-assigned) port number. For example, use this command to configure NBAR to look for Telnet on a port other than 23. 1 to 16 ports can be specified with this command. Port number values can range from 0 to 65535.
Examples
The following example configures NBAR to look for the protocol SQL*NET on port numbers 63000 and 63001 instead of on the well-known port number:
ip nbar port-map sqlnet tcp 63000 63001
Command History
Displays the current protocol-to-port mappings in use by NBAR.
Command
Description
Syntax Description
None
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
12.0(5)XE2 This command was introduced.
Release
Modification
Usage Guidelines
Use the ip nbar protocol-discovery command to configure NBAR to keep traffic statistics for all protocols known to NBAR. Protocol Discovery provides an easy way to discover application protocols transiting an interface so that QoS policies can be developed and applied. Protocol Discovery feature discovers any protocol traffic supported by NBAR. Protocol Discovery can be used to monitor both input and output traffic and may be applied with or without a service policy enabled.
Examples
The following example configures protocol discovery on a main Ethernet interface:
interface ethernet 1/3ip nbar protocol-discovery
Related Commands
Displays the statistics gathered by the NBAR protocol-discovery feature.
Command
Description
Syntax Description
protocol-name Identifies a particular protocol as a matching criterion.
Defaults
No default behavior or values.
Command Modes
Class map configuration
Command History
12.0(5) XE2 This command was introduced.
Release
Modification
Usage Guidelines
This command can be used to match protocols that are known to NBAR. See the tables in the "Supported Protocols" section for a list of protocols currently supported by NBAR.
Examples
The following example configures NBAR to match ftp traffic:
match protocol ftp
To configure NBAR to match HTTP traffic by URL, HOST or MIME-type, use the match protocol http class map configuration command. Use the no form of this command to disable NBAR from matching HTTP traffic by URL, HOST or MIME-type.
match protocol http url | host | mime [url-string | hostname-string | MIME-type]
Syntax Description
url-string User-specified URL of HTTP traffic to be matched. hostname-string User-specified HOST name to be matched. MIME-type User specified MIME text string to be matched.
Defaults
No default behavior or values.
Command Modes
Class map configuration
Command History
12.0(5) XE2 This command was introduced. 12.1(1)E This command was enhanced to include the hostname-string keyword.
Release
Modification
Usage Guidelines
ftp://ftp.isi.edu/in-notes/iana/assignments/media-types/media-types
When matching by MIME-type, NBAR matches a packet containing the MIME-type and all subsequent packets until the next HTTP transaction.
When matching by HOST, NBAR performs a regular expression match on the HOST field contents inside an HTTP GET packet and classifies all packets from that host.
When matching by URL, NBAR recognizes the HTTP GET packets containing the URL, and then matches all packets that are part of the HTTP GET request. When specifying a URL for classification, include only the portion of the URL following www.hostname.domain in the match statement. For example, in the URL www.anydomain.com/latest/whatsnew.html include only /latest/whatsnew.html.
To match on the www.anydomain.com portion, use the HOST name matching feature. The URL or HOST specification strings can take the form of a regular expression with the following options:
| Option | Description |
Match any zero or more characters in this position. | |
Match any one character in this position. | |
Match one of a choice of characters. | |
Match one of a choice of characters in a range. For example foo. (gif|jpg) matches either foo.gif or foo.jpg. | |
Match any character in the range specified, or one of the special characters. For example, [0-9] is all of the digits. [*] is the "*" or [[] is the "[" character. |
Examples
The following example classifies, within class map foo, HTTP packets based on any URL containing the string whatsnew/latest followed by zero or more characters:
class-map foomatch protocol http url whatsnew/latest*
The following example classifies, within class map foo, packets based on any HOST name containing the string cisco followed by zero or more characters:
class-map foo match protocol http host cisco*
The following example classifies, within class map foo, packets based on the jpeg MIME type:
class-map foomatch protocol http mime "*jpeg"
To display the currently loaded PDLMs, use the show ip nbar pdlm EXEC command.
show ip nbar pdlm
Syntax Description
None
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
12.0(5)XE2 This command was introduced.
Release
Modification
Usage Guidelines
This command is used to display a list of all the PDLMs that have been loaded into NBAR using the ip nbar pdlm command.
Examples
The following example displays the show ip nbar pdlm command where the citrix.pdlm PDLM has been loaded from flash memory:
show ip nbar pdlm The following PDLMs have been loaded: flash://citrix.pdlm
Related Commands
ip nbar pdlm Extends or enhances the list of protocols recognized by NBAR through a PDLM.
Command
Description
To display the current protocol-to-port mappings in use by NBAR, use the show ip nbar port-map EXEC command.
show ip nbar port-map [protocol-name]
Syntax Description
protocol-name Limits the command display to the specified protocol.
Defaults
This command displays port assignments for NBAR protocols.
Command Modes
Privileged EXEC
Command History
12.0(5)XE2 This command was introduced.
Release
Modification
Usage Guidelines
This command is used to display the current protocol-to-port mappings in use by NBAR. When the ip nbar port-map command has been used, the show ip nbar port-map command displays the ports assigned by the user to the protocol. If no ip nbar port-map command has been used, the show ip nbar port-map command displays the default ports. A protocol-name can also be used to limit the display to a specific protocol.
Examples
The following example displays the show ip nbar port-map command:
show ip nbar-port-map port-map bgp udp 179 port-map bgp tcp 179 port-map cuseeme udp 7648 7649 port-map cuseeme tcp 7648 7649 port-map dhcp udp 67 68 port-map dhcp tcp 67 68 port-map dns udp 53 port-map dns tcp 53
Related Commands
Configures NBAR to search for a protocol or protocol name using a port number other than the well-known port.
Command
Description
To display the statistics gathered by the NBAR Protocol Discovery feature, use the show ip nbar protocol-discovery privileged EXEC command.
show ip nbar protocol-discovery [interface interface-spec] [stats {byte-count | bit-rate | packet-count}][{protocol protocol-name | top-n number}]
Syntax Description
interface Specifies that protocol discovery statistics for the interface are to be displayed. interface-spec Specifies an interface to display. stats Specifies that the byte count, byte rate, or packet count is to be displayed. byte-count Specifies that the bit count is to be displayed. bit-rate Specifies that the bit rate is to be displayed. packet-count Specifies that the packet-count is to be displayed. protocol Specifies that statistics for a specific protocol are to be displayed. protocol-name User specified protocol-name for which the statistics are to be displayed. top-n Specifies that a top-n is to be displayed. number Specifies the number of top discovered protocols to be displayed.
Defaults
Statistics for all interfaces on which Protocol Discovery is enabled are displayed.
Command Modes
Privileged EXEC
Command History
12.0(5)XE2 This command was introduced.
Release
Modification
Usage Guidelines
Use the show ip nbar protocol-discovery command to display statistics gathered by the NBAR Protocol Discovery feature. This command, by default, displays statistics for all interfaces on which Protocol Discovery is currently enabled. The default output of this command includes, in the following order, input bit rate (bps), input byte-count, input packet count and protocol name.
Protocol Discovery can be used to monitor both input and output traffic and may be applied with or without a service policy enabled. NBAR Protocol Discovery gathers statistics for packets switched to output interfaces. These statistics are not necessarily for packets that exited the router on the output interfaces, as packets may have been dropped after switching due to various reasons including policing at the output interface, access lists, or queue drops.
Examples
The following example displays partial output of the show ip nbar protocol-discovery command for an Ethernet interface:
show ip nbar protocol-discovery interface FastEthernet 6/0
FastEthernet6/0
Input Output
Protocol Packet Count Packet Count
Byte Count Byte Count
5 minute bit rate (bps) 5 minute bit rate (bps)
------------------------ ------------------------ ------------------------
igrp 316773 0
26340105 0
3000 0
streamwork 4437 7367
2301891 339213
3000 0
rsvp 279538 14644
319106191 673624
0 0
ntp 8979 7714
906550 694260
0 0
.
.
.
Total 17203819 151684936
19161397327 50967034611
4179000 6620000
Related Commands
Discovers traffic for all protocols known to NBAR.
Command
Description
MQC---Modular QoS Command Line Interface (CLI). A new CLI for QoS features that makes configuring and implementing packet classification and QoS policies easier than with existing CLI.
PDLM---Packet Description Language Module. A file containing Packet Description Language statements used to define the signature of one or more application protocols.
Stateful Protocol---A protocol that uses TCP and UDP port numbers that are determined at connection time.
Static Protocol---A protocol that uses well-defined (pre-determined) TCP and UDP ports for communication.
SubPort Classification---The classification of network traffic by information contained in the packed payload, that is, information found beyond the TCP or UDP port number.
Below is a sample of how NBAR may be used.
E-Express Inc.'s network administrators wish to enforce the following policies on a 64 Kb WAN link:
Follow the steps below to configure the above policies:
Router(config)# class-map match-all http_transact Router(config-cmap)# match protocol http url "/transact/*" Router(config)# class-map match-all http_secure Router(config-cmap)# match protocol secure-http Router(config)# class-map match-any ecommerce Router(config-cmap)# match class-map http_transact Router(config-cmap)# match class-map http_secure
Step 2 Classify all traffic to SuperNetwork Inc:
Router(config)# access-list 101 permit ip 10.0.0.1 0.0.0.0 10.0.0.3 0.0.0.0 Router(config)# class-map match-all super_network Router(config-cmap)# match access-group 101
Step 3 Classify all audio, video, and image web traffic:
Router(config)# class-map match-any audio_video Router(config-cmap)# match protocol http mime "audio/*" Router(config-cmap)# match protocol http mime "video/*" Router(config)# class-map match-any web_images Router(config-cmap)# match protocol http url "*.gif" Router(config-cmap)# match protocol http url "*.jpg|*.jpeg" Router(config)# class-map match-any av_im_web Router(config-cmap)# match class-map audio_video Router(config-cmap)# match class-map web_images
Step 4 Create the policies:
Router(config)# policy-map e-express Router(config-pmap)# class ecommerce Router(config-pmap-c)# bandwidth 32 Router(config-pmap-c)# class super_network Router(config-pmap-c)# bandwidth 10 Router(config-pmap-c)# class av_im_web Router(config-pmap-c)# police 10000 conform transmit exceed drop
Step 5 Attach the policy to the WAN link
Router(config)# interface hssi1/0 Router(config-if)# service-policy output e-express
Posted: Thu Mar 30 16:09:56 PST 2000
Copyright 1989 - 2000©Cisco Systems Inc.