© 2006 Cisco Systems, Inc. All rights reserved.ONT v Implement the DiffServ QoS Model Using NBAR for Classification

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Network Based Application Recognition

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Network-Based Application Recognition NBAR classifies modern client-server and web-based applications. NBAR functions: –Performs identification of applications and protocols (Layer 4–7) –Performs protocol discovery –Provides traffic statistics NBAR enables downstream actions based on QoS policies via (RED), class-based queuing, and policing. New applications are easily supported by loading a PDLM.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v NBAR Application Support

© 2006 Cisco Systems, Inc. All rights reserved.ONT v NBAR Application Support NBAR can classify applications that use: Statically assigned TCP and UDP port numbers Non-UDP and non-TCP IP protocols Dynamically assigned TCP and UDP port numbers negotiated during connection establishment (requires stateful inspection) Subport and deep packet inspection classification

© 2006 Cisco Systems, Inc. All rights reserved.ONT v NBAR Application Support (Cont.) TCP and UDP Static Port Protocols BGPIMAPNNTPRSVPSNNTP BOOTPIRCNotesSFTPSOCKS CU-SeeMeKerberosNovadigmSHTTPSQL Server DHCP/DNSL2TPNTPSIMAPSSH FingerLDAPPCAnywhereSIRCSTELNET GopherMS-PPTPPOP3SLDAPSyslog HTTPNetBIOSPrinterSMTPTelnet HTTPSNFSRIPSNMPX Window TCP and UDP Stateful Protocols Citrix ICAGnutellaR-commandsStreamWorks ExchangeHTTPRealAudioSun RPC FastTrackNapsterRTPTFTP FTPNetshowSQL*NETVDOLive Non-UDP and Non-TCP Protocols EGPICMP EIGRPIPINIP GREIPsec

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Packet Description Language Module

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Packet Description Language Module PDLMs allow NBAR to recognize new protocols matching text patterns in data packets without requiring a new Cisco IOS software image or a router reload. An external PDLM can be loaded at run time to extend the NBAR list of recognized protocols. PDLMs can also be used to enhance an existing protocol recognition capability. PDLMs must be produced by Cisco engineers.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Packet Description Language Module (Cont.) Used to enhance the list of protocols recognized by NBAR through a PDLM. The filename is in the URL format (for example, flash://citrix.pdlm). ip nbar pdlm pdlm-name router(config)# ip nbar port-map protocol-name [tcp | udp] port-number router(config)# Configures NBAR to search for a protocol or protocol name using a port number other than the well-known port. Up to 16 additional port numbers can be specified.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Packet Description Language Module (Cont.) Displays the current NBAR protocol-to-port mappings router#show ip nbar port-map port-map bgp udp 179 port-map bgp tcp 179 port-map cuseeme udp port-map cuseeme tcp port-map dhcp udp port-map dhcp tcp port-map dns udp 53 port-map dns tcp 53 show ip nbar port-map [protocol-name] router#

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Protocol Discovery

© 2006 Cisco Systems, Inc. All rights reserved.ONT v NBAR Protocol Discovery Analyzes application traffic patterns in real time and discovers which traffic is running on the network Provides bidirectional, per-interface, and per-protocol statistics Important monitoring tool supported by Cisco QoS management tools: –Generates real-time application statistics –Provides traffic distribution information at key network locations

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Configuring and Monitoring Protocol Discovery

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Configuring and Monitoring Protocol Discovery Configures NBAR to discover traffic for all protocols known to NBAR on a particular interface Requires that CEF be enabled before protocol discovery Can be applied with or without a service policy enabled ip nbar protocol-discovery router(config-if)# show ip nbar protocol-discovery router# Displays the statistics for all interfaces on which protocol discovery is enabled

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Configuring and Monitoring Protocol Discovery (Cont.) router#show ip nbar protocol-discovery Ethernet0/0 Input Output Protocol Packet Count Packet Count Byte Count Byte Count 5 minute bit rate (bps) 5 minute bit rate (bps) realaudio http

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Configuring NBAR for Static Protocols

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Configuring NBAR for Static Protocols Required steps: 1. Enable NBAR Protocol Discovery. 2. Configure a traffic class. 3. Configure a traffic policy. 4. Attach the traffic policy to an interface. 5. Enable PDLM if needed.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Configuring NBAR for Static Protocols (Cont.) Configures the match criteria for a class map on the basis of the specified protocol using the MQC configuration mode. Static protocols are recognized based on the well-known destination port number. A match not command can be used to specify a QoS policy value that is not used as a match criterion; in this case, all other values of that QoS policy become successful match criteria. match protocol protocol router(config-cmap)#

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Example HTTP is a static protocol using a well-known port number 80. However, other port numbers may also be in use. The ip nbar port-map command will inform the router that other ports are also used for HTTP.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Configuring Stateful NBAR for Dynamic Protocols

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Configuring Stateful NBAR for Dynamic Protocols Required steps: 1. Configure a traffic class. 2. Configure a traffic policy. 3. Attach the traffic policy to an interface.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Configuring Stateful NBAR for Dynamic Protocols (Cont.) Recognizes the HTTP GET packets containing the URL, and then matches all packets that are part of the HTTP GET request Include only the portion of the URL following the address or host name in the match statement match protocol http url url-string router(config-cmap)# match protocol http host hostname-string router(config-cmap)# Performs a regular expression match on the host field content inside an HTTP GET packet and classifies all packets from that host

© 2006 Cisco Systems, Inc. All rights reserved.ONT v match protocol http mime MIME-type router(config-cmap)# match protocol fasttrack file-transfer regular-expression router(config-cmap)# Configuring Stateful NBAR for Dynamic Protocols (Cont.) Matches a packet containing the MIME type and all subsequent packets until the next HTTP transaction for stateful protocol. Stateful mechanism to identify a group of peer-to-peer file-sharing applications. Applications that use FastTrack peer-to-peer protocol include Kazaa, Grokster, Gnutella, and Morpheus. A Cisco IOS regular expression is used to identify specific FastTrack traffic. To specify that all FastTrack traffic will be identified by the traffic class, use asterisk (*) as the regular expression.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v match protocol rtp [audio | video | payload-type payload-string] router(config-cmap)# Configuring Stateful NBAR for Dynamic Protocols (Cont.) Identifies real-time audio and video traffic in the class-map mode of MQC. Differentiates on the basis of audio and video codecs. The match protocol rtp command has these options: –audio: Match by payload type values 0 to 23, reserved for audio traffic. –video: Match by payload type values 24 to 33, reserved for video traffic. –payload-type: Match by a specific payload type value; provides more granularity than the audio or video options.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Example

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Summary NBAR identifies applications and protocols (Layer 4–7), and provides traffic statistics. NBAR supports both statically and dynamically assigned TCP and UDP port numbers along with other means to recognize applications. PDLMs contain the rules that are used by NBAR to recognize an application and can be used to bring new or changed functionality to NBAR. NBAR Protocol Discovery analyzes application traffic patterns in real time and discovers which traffic is running on the network.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v Summary (Cont.) Use the ip nbar protocol-discovery command to configure NBAR to keep traffic statistics for all protocols known to NBAR. Use the show ip nbar protocol-discovery command to display statistics gathered by the NBAR Protocol Discovery feature. Use the ip nbar port-map command to extend the NBAR functionality for well-known protocols to new port numbers. Use the match protocol command to allow static protocols to be recognized based on well-known port numbers. The match protocol rtp command allows identification of real- time audio and video traffic.

© 2006 Cisco Systems, Inc. All rights reserved.ONT v