janet-bmas cisco nbar. bandwidth management advisory service cisco nbar ben horner george neisser...

JANET-BMAS

Cisco NBAR

Bandwidth Management Advisory Service

Cisco NBAR

Ben Horner

George Neisser

[email protected]

[email protected]


Introduction BMAS

To keep abreast of the latest developments, technologies and standards in bandwidth management

To trial and evaluate products To assess their usefulness and applicability within UK education To produce advisory materials, usage guidelines and

recommendations BMAS web site: http://www.bmas.ja.net/

To collaborate with organisations

NBAR What can it do? How is it applied? BMAS Results What can’t it do?


What is NBAR? Cisco:

Intelligent classification engine used with Quality of Service (QoS) class-based features

Protocol Discovery analyses application traffic patterns in real time and identifies which traffic is running on the network

Capable of classifying applications that have: Statically assigned TCP and UDP port numbers Non-TCP and non-UDP IP protocols Dynamically assigned TCP and UDP port numbers during

connection establishment Classification based on deep packet inspection: NBAR can look

deeper into the packet to identify applications HTTP traffic by URL, host name or MIME type using regular

expressions (*, ?, [ ]), Citrix ICA traffic, RTP Payload type classification

Currently supports 88 protocols/applications


What can NBAR do?

SD

SD

2Mb/s WAN

Bottleneck causes traffic to back up into queues that are all given best effort

HTTP

KaZaA

Video Conference

Key:

LOCAL CAMPUS

INTERNET

NBAR can stop KaZaA and give priority to the video conference traffic


Applying NBAR

Get the latest IOS and PDLMs Enable NBAR on your interfaces Collect and analyse results Decide upon and create classes Decide upon and create policies Apply policies to interfaces Collect and analyse results Modify classes and policies appropriately


ExampleRouter# conf tRouter(config)# ip cefRouter(config)# int eth0/0Router(config-if)# ip nbar protocol-discoveryRouter(config-if)# exitRouter(config)# int se0/0Router(config-if)# ip nbar protocol-discovery

Router# show ip nbar protocol discovery int eth0/0 top 3

FastEthernet0/0 Input Output Protocol Packet Count Packet Count Byte Count Byte Count 5 minute bit rate (bps) 5 minute bit rate (bps) ------------------------ ------------------------ ------------------------ ftp 64175242 45153848 89351513113 2484576000 1073000 28000 http 58194017 32519125 82356099996 1958417833 924000 22000 netshow 161827 76694 211785210 4328663 0 0 unknown 151860 24174 103546921 1594651 0 0 Total 123055877 77838212 172435146582 4477038399 1997000 50000


Router(config)# class-map match-any streamsRouter(config-cmap)# match protocol rtpRouter(config-cmap)# match protocol rtspRouter(config-cmap)# match protocol netshowRouter(config-cmap)# match ip dscp efRouter(config-cmap)# exitRouter(config)# policy-map dscp_markRouter(config-pmap)# class streamsRouter(config-pmap-c)# set ip dscp efRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# policy-map apply_qosRouter(config-pmap)# class streamsRouter(config-pmap-c)# bandwidth 600Router(config-pmap-c)# exitRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# fair-queueRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# int eth0/0Router(config-if)# service-policy input dscp_markRouter(config-if)# exitRouter(config)# int se0/0Router(config-if)# service-policy output apply_qosRouter(config-if)# exitRouter(config)# exitRouter# show running-config

class-map match-any streams match protocol rtp match protocol rtspplayer match protocol netshow match ip dscp ef!!policy-map input_mark class stream set ip dscp efpolicy-map apply_qos class stream bandwidth 600 class class-default fair-queue

Example continued…


Example continued…Router# show policy-map int eth0/0

Ethernet0/0 Service-policy input: dscp_mark

Class-map: stream (match-any) 130521 packets, 97066868 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: protocol rtp 0 packets, 0 bytes 5 minute rate 0 bps Match: protocol rtspplayer 117857 packets, 79344153 bytes 5 minute rate 0 bps Match: protocol netshow 12664 packets, 17722715 bytes 5 minute rate 0 bps Match: ip dscp ef 0 packets, 0 bytes 5 minute rate 0 bps QoS Set dscp ef Packets marked 130521

Class-map: class-default (match-any) 175792 packets, 231418813 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any


BMAS NBAR ResultsPacketeer and NBAR with Real Media

0

500000

1000000

1500000

2000000

2500000

Time

bps

Total bps

FTP bps

HTTP bps

Stream bps


What can’t NBAR do?

It’s not a magic wand It doesn’t recognise everything (but what does?) Requires the very latest IOS and PDLMs to be fully effective

You can create your own PDLMs(ish)ip nbar custom lunar_light 8 ascii Moonbeam tcp range 2000 2999

NBAR is quite crude. Queues and drops rather than shapes.

It will add a CPU overhead NBAR is not particularly easy to configure/get right It probably will improve as it becomes a more accepted

method of bandwidth management


Further Information Cisco presentations and documentation

NBAR Overview (12.2T) http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cd0

.html

Code Red virus blocking: http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00800fc176.shtml

Nimda virus blocking http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/

products_tech_note09186a0080110d17.shtml Many NBAR presentations and papers

http://www.cisco.com/warp/public/732/Tech/qos/nbar/

NBAR Protocol Discovery MIB www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ftpdmib.htm

BMAS website http://www.bmas.ja.net

Contact me [email protected]

Thank you

janet-bmas cisco nbar. bandwidth management advisory service cisco nbar ben horner george neisser...

Documents