6.2b, MQC classification, nbar, marking…

a simple network using ospf… on r3 we will classify and mark http and icmp traffic destined for r1 using MQC with NBAR…

click below on qos_mqc… it is a zip with only the ip addressing set up… the host is actually a vm adapter that will need to be adjusted per your system…

qos_mqc

6.2.b qos

r3(config-if)#do sh ip route | b Gate
Gateway of last resort is not set

O    192.168.12.0/24 [110/2] via 192.168.23.2, 01:05:04, FastEthernet1/0
10.0.0.0/24 is subnetted, 1 subnets
O       10.1.1.0 [110/2] via 192.168.34.4, 01:05:04, FastEthernet0/0
C    192.168.23.0/24 is directly connected, FastEthernet1/0
C    192.168.34.0/24 is directly connected, FastEthernet0/0

the 10 network connects  the host hanging off router 4…

first we’ll classify the traffic using two class maps and NBAR (network based application recognition) This is accomplished simply using the match protocol command and choosing from the list…

r3(config-cmap)#match protocol ?
aarp              AppleTalk ARP
appletalk         AppleTalk
arp               IP ARP
bgp               Border Gateway Protocol

etc…

we’ll match on icmp and http:

(ICMP and HTTP are the names of the class-maps)

class-map match-all ICMP
match protocol icmp
match access-group 1
class-map match-all HTTP
match protocol http
match access-group 1

we want to target traffic from the host network using access-list 1, therefore access-group 1 in the class-map…

r3#sh access-list
Standard IP access list 1
10 permit 10.1.1.0, wildcard bits 0.0.0.255
20 permit any

then we want to mark the traffic using a policy-map

(ICMP-WEB is the name of the policy-map)

policy-map ICMP-WEB
class HTTP
set dscp af21
class ICMP
set dscp af23

note that i’ve classified both protocols the same, however ICMP is more likely to be dropped because it has a higher drop probability…

then i place the service-policy on the interface that is receiving the host network traffic…

r3(config)#do sh run int f0/0
Building configuration…

Current configuration : 128 bytes
!
interface FastEthernet0/0
ip address 192.168.34.3 255.255.255.

service-policy input ICMP-WEB

before we begin generating traffic, we’ll check on the policy-map interface:

sh policy-map int

the counters are clear; send http:

r1-web

send icmp:

r1-ping

and now we’ll check our work:

r3-policy-map-after

note traffic not assigned gets shipped as class-default…