janet-bmas cisco nbar. bandwidth management advisory service cisco nbar ben horner george neisser...
TRANSCRIPT
JANET-BMAS
Cisco NBAR
Bandwidth Management Advisory Service
Cisco NBAR
Ben Horner
George Neisser
Bandwidth Management Advisory Service
Introduction BMAS
To keep abreast of the latest developments, technologies and standards in bandwidth management
To trial and evaluate products To assess their usefulness and applicability within UK education To produce advisory materials, usage guidelines and
recommendations BMAS web site: http://www.bmas.ja.net/
To collaborate with organisations
NBAR What can it do? How is it applied? BMAS Results What can’t it do?
Bandwidth Management Advisory Service
What is NBAR? Cisco:
Intelligent classification engine used with Quality of Service (QoS) class-based features
Protocol Discovery analyses application traffic patterns in real time and identifies which traffic is running on the network
Capable of classifying applications that have: Statically assigned TCP and UDP port numbers Non-TCP and non-UDP IP protocols Dynamically assigned TCP and UDP port numbers during
connection establishment Classification based on deep packet inspection: NBAR can look
deeper into the packet to identify applications HTTP traffic by URL, host name or MIME type using regular
expressions (*, ?, [ ]), Citrix ICA traffic, RTP Payload type classification
Currently supports 88 protocols/applications
Bandwidth Management Advisory Service
What can NBAR do?
SD
SD
2Mb/s WAN
Bottleneck causes traffic to back up into queues that are all given best effort
HTTP
KaZaA
Video Conference
Key:
LOCAL CAMPUS
INTERNET
NBAR can stop KaZaA and give priority to the video conference traffic
Bandwidth Management Advisory Service
Applying NBAR
Get the latest IOS and PDLMs Enable NBAR on your interfaces Collect and analyse results Decide upon and create classes Decide upon and create policies Apply policies to interfaces Collect and analyse results Modify classes and policies appropriately
Bandwidth Management Advisory Service
ExampleRouter# conf tRouter(config)# ip cefRouter(config)# int eth0/0Router(config-if)# ip nbar protocol-discoveryRouter(config-if)# exitRouter(config)# int se0/0Router(config-if)# ip nbar protocol-discovery
Router# show ip nbar protocol discovery int eth0/0 top 3
FastEthernet0/0 Input Output Protocol Packet Count Packet Count Byte Count Byte Count 5 minute bit rate (bps) 5 minute bit rate (bps) ------------------------ ------------------------ ------------------------ ftp 64175242 45153848 89351513113 2484576000 1073000 28000 http 58194017 32519125 82356099996 1958417833 924000 22000 netshow 161827 76694 211785210 4328663 0 0 unknown 151860 24174 103546921 1594651 0 0 Total 123055877 77838212 172435146582 4477038399 1997000 50000
Bandwidth Management Advisory Service
Router(config)# class-map match-any streamsRouter(config-cmap)# match protocol rtpRouter(config-cmap)# match protocol rtspRouter(config-cmap)# match protocol netshowRouter(config-cmap)# match ip dscp efRouter(config-cmap)# exitRouter(config)# policy-map dscp_markRouter(config-pmap)# class streamsRouter(config-pmap-c)# set ip dscp efRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# policy-map apply_qosRouter(config-pmap)# class streamsRouter(config-pmap-c)# bandwidth 600Router(config-pmap-c)# exitRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# fair-queueRouter(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# int eth0/0Router(config-if)# service-policy input dscp_markRouter(config-if)# exitRouter(config)# int se0/0Router(config-if)# service-policy output apply_qosRouter(config-if)# exitRouter(config)# exitRouter# show running-config
class-map match-any streams match protocol rtp match protocol rtspplayer match protocol netshow match ip dscp ef!!policy-map input_mark class stream set ip dscp efpolicy-map apply_qos class stream bandwidth 600 class class-default fair-queue
Example continued…
Bandwidth Management Advisory Service
Example continued…Router# show policy-map int eth0/0
Ethernet0/0 Service-policy input: dscp_mark
Class-map: stream (match-any) 130521 packets, 97066868 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: protocol rtp 0 packets, 0 bytes 5 minute rate 0 bps Match: protocol rtspplayer 117857 packets, 79344153 bytes 5 minute rate 0 bps Match: protocol netshow 12664 packets, 17722715 bytes 5 minute rate 0 bps Match: ip dscp ef 0 packets, 0 bytes 5 minute rate 0 bps QoS Set dscp ef Packets marked 130521
Class-map: class-default (match-any) 175792 packets, 231418813 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any
Bandwidth Management Advisory Service
BMAS NBAR ResultsPacketeer and NBAR with Real Media
0
500000
1000000
1500000
2000000
2500000
Time
bps
Total bps
FTP bps
HTTP bps
Stream bps
Bandwidth Management Advisory Service
What can’t NBAR do?
It’s not a magic wand It doesn’t recognise everything (but what does?) Requires the very latest IOS and PDLMs to be fully effective
You can create your own PDLMs(ish)ip nbar custom lunar_light 8 ascii Moonbeam tcp range 2000 2999
NBAR is quite crude. Queues and drops rather than shapes.
It will add a CPU overhead NBAR is not particularly easy to configure/get right It probably will improve as it becomes a more accepted
method of bandwidth management
Bandwidth Management Advisory Service
Further Information Cisco presentations and documentation
NBAR Overview (12.2T) http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cd0
.html
Code Red virus blocking: http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00800fc176.shtml
Nimda virus blocking http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/
products_tech_note09186a0080110d17.shtml Many NBAR presentations and papers
http://www.cisco.com/warp/public/732/Tech/qos/nbar/
NBAR Protocol Discovery MIB www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ftpdmib.htm
BMAS website http://www.bmas.ja.net
Contact me [email protected]
Thank you