Monday, October 11, 2021

What is of NBAR (network- based application recognition),classification QOS How to configure NBAR?

 When we implement Quality of Service (QoS) the first step is classification, by default our router does not care about what kind of IP packets it is. Our router just looks at the routing table to find the correct destination IP address and forwards.

When we configure QoS technologies like queuing, policing, or shaping before doing first we have to identify what kind of traffic is running on our routers so we can figure out what kind of application it belongs to. This is classification.


What is Quality of Service (QOS)?

What is Modular Quality of service CLI (MQC)?

What is Classification and marking? What are IP Precedence and DSCP Values? What is AF and EF?

 

 

Once we identify our traffic (classify). Now we can mark and apply QoS policy to it.

There are a few methods on IOS routers for classification:

Header inspection It is a simple classification method and it works really good but has some disadvantages. Let’s say we configure our router all the applications run TCP and its destination is HTTP port 80. Anyhow some other applications are also using TCP port 80. The router is going to perform the same action on both.

Payload inspection This is reliable and it will do deep packet inspection. This method will look at the content of the payload and recognize the application. On our Cisco IOS, this is done with the help of NBAR (network-based application recognition)



NBAR router inspects incoming IP packets and matches them with attributes and signatures in the (packet description language module) PDLM. NBAR is commonly used to block websites and it’s very popular for classification 

NBAR classification modern client-server and web-based applications. Perform identification of applications and protocols (layers 4-7) NBAR Performs protocol discovery and provides traffic statistics. NBAR enables downstream action based on QoS policies via (RED), class-based queuing, and policing. New applications are easily supported by loading a PDLM.

NBAR can classify applications that use Statically assigned TCP and UDP port numbers. Non-UDP and non-TCP IP protocols. Dynamically assigned TCP and UDP port numbers negotiated during connection establishing (requires stateful inspection)   

NBAR2 is the next generation of NBAR, enhancing the application recognition engine to support more than 1000 applications.  NBAR2 functionality requires an advanced license

 

Packet description language module

PDLMs allow NBAR to recognize new protocol-matching text patterns in data packets without requiring a new Cisco IOS software image or a router reload. An external PDLM can be loaded at run time to extend the NBAR list of recognized protocols. PDLMs can also be used to enhance an existing protocol recognition capability. PDLMs must be produced by Cisco engineers.

 

NBAR Protocol Discovery

Analyze application traffic patterns in real-time and discover which traffic is running on the network. Provides bidirectional, per-interface, and per-protocol statistics. Important monitoring tool supported by Cisco QoS management tools Generates real-time application statistics Provides traffic distribution information at key network locations.

let's see the configuration: -

Topology:


  • configure the topology as per our diagram
  • assign the IP address to their respective interfaces 
  • configure EIGRP AS65100
  • configure outbound MQC
  • configure IP precedence of 1 to ICMP packets, IP precedence of 2 HTTP packets and configure DSCP EF TO VoIP.

R1(config)#interface serial 4/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit


R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
R1(config-if)#no keepalive
R1(config-if)#no shutdown
R1(config-if)#exit

R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial4/0              192.168.10.1    YES manual up                    up


R2(config)#interface serial 4/0
R2(config-if)#ip address 192.168.10.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit



R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 20.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#no keepalive
R2(config-if)#exit


R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial4/0               192.168.10.2    YES manual up                    up


R1(config)#router eigrp 65100
R1(config-router)#network 192.168.10.0
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#exit


R2(config)#router eigrp 65100
R2(config-router)#network 192.168.10.0
R2(config-router)#network 192.168.10.0
R2(config-router)#network 20.1.1.1
R2(config-router)#no auto-summary
R2(config-router)#exit

*Oct 11 18:22:53.123: %DUAL-5-NBRCHANGE: EIGRP-IPv4 65100: Neighbor 192.168.10.1 (Serial4/0) is up: new adjacency


R1#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     20.0.0.0/8 [90/2172416] via 192.168.10.2, 00:00:21, Serial4/0


R1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(65100)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   192.168.10.2            Se4/0                    13 00:00:31   54   324  0  4

R2#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     10.0.0.0/8 [90/2172416] via 192.168.10.1, 00:00:42, Serial4/0


R2#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(65100)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   192.168.10.1            Se4/0                    11 00:00:46   44   264  0  3



R1(config)#class-map HTTP
R1(config-cmap)#match protocol http 
R1(config-cmap)#exit

R1(config)#class-map VoIP
R1(config-cmap)#match access-group name VOICE
R1(config-cmap)#exit

R1(config)#class-map ICMP
R1(config-cmap)#match protocol icmp
R1(config-cmap)#exit

R1(config)#ip access-list extended VOICE
R1(config-ext-nacl)#permit udp any any range 16380 32760
R1(config-ext-nacl)#exit

R1(config)#policy-map INTERNETWORKS

R1(config-pmap)#class ICMP
R1(config-pmap-c)#set ip precedence 1
R1(config-pmap-c)#exit

R1(config-pmap)#class HTTP
R1(config-pmap-c)#set ip precedence 2
R1(config-pmap-c)#exit

R1(config-pmap)#class VoIP
R1(config-pmap-c)#set ip dscp ef
R1(config-pmap-c)#exit
R1(config-pmap)#exit
R1(config)#exit


R1#show run policy-map
Building configuration...

Current configuration : 132 bytes
!
policy-map INTERNETWORKS
 class ICMP
  set ip precedence 1
 class HTTP
  set ip precedence 2
 class VoIP
  set ip dscp ef
!
end

R1#show run class-map
Building configuration...

Current configuration : 156 bytes
!
class-map match-all ICMP
 match protocol icmp
class-map match-all HTTP
 match protocol http
class-map match-all VoIP
 match access-group name VOICE
end


R1(config)#interface serial 4/0
R1(config-if)#service-policy output INTERNETWORKS
R1(config-if)#EXIT
R1(config)#END

R1#show policy-map interface serial 4/0
 Serial4/0

  Service-policy output: INTERNETWORKS

    Class-map: ICMP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: protocol icmp
      QoS Set
        precedence 1
          Packets marked 0

    Class-map: HTTP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: protocol http
      QoS Set
        precedence 2
          Packets marked 0

    Class-map: VoIP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name VOICE
      QoS Set
        dscp ef
          Packets marked 0

    Class-map: class-default (match-any)
      7 packets, 368 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any

R1#ping 20.1.1.1 source 10.1.1.1 repeat 16
Type escape sequence to abort.
Sending 16, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!!!!!!!!!!!!
Success rate is 100 percent (16/16), round-trip min/avg/max = 32/46/52 ms

R1#show policy-map interface serial 4/0
 Serial4/0

  Service-policy output: INTERNETWORKS

    Class-map: ICMP (match-all)
      16 packets, 1664 bytes
      5 minute offered rate 1000 bps, drop rate 0000 bps
      Match: protocol icmp
      QoS Set
        precedence 1
          Packets marked 16

    Class-map: HTTP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: protocol http
      QoS Set
        precedence 2
          Packets marked 0

    Class-map: VoIP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name VOICE
      QoS Set
        dscp ef
          Packets marked 0

    Class-map: class-default (match-any)
      20 packets, 1313 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any

R1#ping 20.1.1.1 source 10.1.1.1 repeat 4
Type escape sequence to abort.
Sending 4, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!
Success rate is 100 percent (4/4), round-trip min/avg/max = 44/49/52 ms
R1#show policy-map interface serial 4/0
 Serial4/0

  Service-policy output: INTERNETWORKS

    Class-map: ICMP (match-all)
      20 packets, 2080 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: protocol icmp
      QoS Set
        precedence 1
          Packets marked 20

    Class-map: HTTP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: protocol http
      QoS Set
        precedence 2
          Packets marked 0

    Class-map: VoIP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name VOICE
      QoS Set
        dscp ef
          Packets marked 0

    Class-map: class-default (match-any)
      26 packets, 1617 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any


by at
Tags:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

INSTAGRAM FEED

@soratemplates