QoS Classification on Cisco IOS Router

1. QoS Classification on Cisco IOS Router
Quality of Service (QoS) | www.netprotocolxpert.in

2.  On most networks you will see a wide range of applications,
each application is unique and has its own requirements when it
comes to bandwidth, delay, jitter, etc.
 For example, an FTP application used for backups of large files
might require a lot of bandwidth but delay and jitter won’t
matter since it’s not an interactive application.
 Voice over IP on the other hand doesn’t require much
bandwidth but delay and jitter are very important. When your
delay is too high your calls will become walkie-talkie
conversations and jitter screws up the sound quality.
 To make sure each application gets the treatment that it
requires we have to implement QoS (Quality of Service).

3.  By default your router doesn’t care what kind of IP packets it is
forwarding. The only important thing is looking at the
destination IP address, doing a routing table lookup and the IP
packet has been forwarded.
 Before we can configure any QoS methods like queuing, policing
or shaping we have to look at the traffic that is running through
our router and identify (classify) it so we know to which
application it belongs. Once the traffic has been classified, we
will mark it and apply a QoS policy to it.

4.  On IOS routers there are a couple of methods we can use for
classification:
 Header inspection
 Payload inspection
 There are quite some fields in our headers that we can use to
classify applications. For example, telnet uses TCP port 23 and
HTTP uses TCP port 80. Using header inspection you can look
for:
 Layer 2: MAC addresses
 Layer 3: source and destination IP addresses
 Layer 4: source and destination port numbers and protocol

5.  This is a really simple method of classification that works well
but has some downsides. For example, you can configure your
router that everything that uses TCP and destination port
number 80 is “HTTP” but it’s possible that some other
applications (instant messaging for example) are also using TCP
port 80. Your router will perform the same action for IM and
HTTP traffic.
 Payload inspection is more reliable as it will do deep packet
inspection. Instead of just looking at layer 2/3/4 information
the router will look at the contents of the payload and will
recognize the application. On Cisco IOS routers this is done with
NBAR (Network-Based Application Recognition).

6.  When we enable NBAR on an interface, the router will inspect
all incoming IP packets and tries to match them with signatures
and attributes in the PDLM (Packet Description Language
Module). For example, NBAR can detect HTTP traffic no matter
what ports you are using and it can also match on things like:
 URL
 MIME type (zip file, image, etc)
 User-agent (Mozilla, Opera, etc)
 Since NBAR can see the URL, it is also commonly used to block
websites and a popular choice for classification. You should
now have an idea what classification is about, let’s look at
some routers and configure classification.

7. Configuration
 We’ll start with a simple example where I use an access-list to
classify some telnet traffic. Here’s the topology that we will
use:
 R1 will be our telnet client and R2 the telnet server. We will
classify the packets when they arrive at R2. Let’s look at the
configuration!

8. Classification with access-list
 First we have to create an access-list that matches on telnet
traffic:
 R2(config)#ip access‐list extended TELNET
 R2(config‐ext‐nacl)#permit tcp any any eq 23
 This will match on all IP packets that use TCP as the transport
protocol and destination port 23. Normally when you configure
an access-list for filtering, we apply it to the interface. When
configuring QoS we have to use the MQC (Modular Quality of
Service Command-Line Interface). The name is pretty
spectacular but it’s a really simple method to configure QoS.

9.  We use something called a policy-map where we configure the QoS
actions we want to perform, marking, queueing, policing, shaping, etc.
These actions are performed on a classmap, and that’s where we
specify the traffic. Let me show you how this is done:
 R2(config)class‐map TELNET
 R2(config‐cmap)#match ?
 access‐group Access group
 any Any packets
 class‐map Class map
 cos IEEE 802.1Q/ISL class of service/user priority values
 destination‐address Destination address
 discard‐class Discard behavior identifier
Cont.….

10.  dscp Match DSCP in IP(v4) and IPv6 packets
 flow Flow based QoS parameters
 fr‐de Match on Frame‐relay DE bit
 fr‐dlci Match on fr‐dlci
 input‐interface Select an input interface to match
 ip IP specific values
 mpls Multi Protocol Label Switching specific values
 not Negate this match result
 packet Layer 3 Packet length
 precedence Match Precedence in IP(v4) and IPv6 packets
 protocol Protocol
 qos‐group Qos‐group
 source‐address Source address
 vlan VLANs to match

11.  We created a class-map called “TELNET” and when you create a
class-map you have a lot of options. On top you see access-
group which uses an access-list to classify the traffic, that’s
what we will use. Some other nice methods are the input-
interface, frame-relay DLCI values, packet length, etc.
 The most simple option is probably the access-list:
 R2(config‐cmap)#match access‐group name TELNET
 Our class-map called “TELNET” now matches traffic that is
specified in the access-list called “TELNET”.

12.  Now we can create a policy-map and refer to our class-map:
 R2(config)#policy‐map CLASSIFY
 R2(config‐pmap)#class TELNET
 The policy-map is called “CLASSIFY” and the class-map called
“TELNET” belongs to it. Normally this is where I also specify the
QoS action like marking, queueing, etc.

13.  Before the policy-map does anything, we have to attach it to an
interface:
 R2(config)#interface FastEthernet 0/0
 R2(config‐if)#service‐policy input CLASSIFY
 That’s it, our router can now classify telnet traffic. Let’s try it
by telnetting from R1 to R2:
 R1#telnet 192.168.12.2
 Trying 192.168.12.2 ... Open

14.  R2#show policy‐map interface FastEthernet 0/0
 FastEthernet0/0
 Service‐policy input: CLASSIFY
Class‐map: TELNET (match‐all)
11 packets, 669 bytes
5 minute offered rate 0 bps
Match: access‐group name TELNET
Class‐map: class‐default (match‐any)
3 packets, 206 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

15.  Our router sees the telnet traffic that arrives on the
FastEthernet 0/0 interface.
 We can see the name of the policy-map, the class-map and the
access-list that we used.
 Something that we should remember is that all traffic that is
not specified in a class-map will hit the class default class-map.

16. Classification with NBAR
 The configuration of NBAR is quite easy. First let me show you a
simple example of NBAR where it shows us all traffic that is
following through an interface:
 R2(config)#interface FastEthernet 0/0
 R2(config‐if)#ip nbar protocol‐discovery

17.  R2#show ip nbar protocol‐discovery
 FastEthernet0/0
 Last clearing of "show ip nbar protocol‐discovery" counters 00:00:20
Input Output
‐‐‐‐‐ ‐‐‐‐‐‐
Protocol Packet Count Packet Count
Byte Count Byte Count
5min Bit Rate (bps) 5min Bit Rate (bps)
5min Max Bit Rate (bps) 5min Max Bit Rate (bps)
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Cont.….

18. telnet 8 7
489 457
0 0
0 0
unknown 3 2
180 120
0 0
0 0
Total 11 9
669 577
0 0
0 0

19.  We don't have a lot going on this router but telnet is there. This
is a nice way to see the different traffic types on your interface
but if we want to use this information for QoS we have to put
NBAR in a class-map. Here's how:
 R2(config)#class‐map NBAR‐TELNET
 R2(config‐cmap)#match protocol ?
 3com‐amp3 3Com AMP3
 3com‐tsmux 3Com TSMUX
 3pc Third Party Connect Protocol
 914c/g Texas Instruments 914 Terminal
 9pfs Plan 9 file service
 CAIlic Computer Associates Intl License Server
Cont.….

20.  Konspire2b konspire2b p2p network
 acap ACAP
 acas ACA Services
 accessbuilder Access Builder
 Accessnetwork Access Network
 acp Aeolon Core Protocol
 acr‐nema ACR‐NEMA Digital Img
 aed‐512 AED 512 Emulation service
 agentx AgentX
 Alpes Alpes
 aminet AMInet
 an Active Networks
 anet ATEXSSTR
 ansanotify ANSA REX Notify
 ansatrader ansatrader
 aodv AODV
[output omitted]

21.  We created a class-map called "NBAR-TELNET" and when I use
match protocol you can see there's a long list of supported
applications.
 R2(config‐cmap)#match protocol telnet
 That's how we use NBAR in a class-map. Now we need to add
this class-map to the policy-map:
 R2(config)#policy‐map CLASSIFY
 R2(config‐pmap)#no class TELNET
 R2(config‐pmap)#class NBAR‐TELNET
 We'll remove the old class-map with the access-list and add the
new class-map to our policy-map.

22. Now take a look at the policy-map in action:
 R2#show policy‐map interface FastEthernet 0/0
 FastEthernet0/0
 Service‐policy input: CLASSIFY
 Class‐map: NBAR‐TELNET (match‐all)
 9 packets, 549 bytes
 5 minute offered rate 0 bps
 Match: protocol telnet
 Class‐map: class‐default (match‐any)
 3 packets, 180 bytes
 5 minute offered rate 0 bps, drop rate 0 bps
 Match: any
 The output is pretty much the same as when we used
the access-list but the "match: protocol telnet"
reveals that we are using NBAR for classification this
time.

23. Follow us
@https://www.facebook.com
/NetProtocolXpert/
https://www.linkedin.com/
company/netprotocol-xpert
https://plus.google.com/u/
0/+NetProtocolXpert_NPX/p
osts
https://www.instagram.co
m/netprotocol_xpert/
https://twitter.com/NPX
_cisco
https://branded.me/n
etprotocolxpert