When we implement Quality of Service (QoS) the first step is classification, by default our router does not care about what kind of IP packets it is. Our router just looks at the routing table to find the correct destination IP address and forwards.
When we configure QoS technologies like queuing, policing, or shaping before doing first we have to identify what kind of traffic is running on our routers so we can figure out what kind of application it belongs to. This is classification.
Once we identify our traffic (classify). Now we can mark and apply QoS policy to it.
There are a few methods on IOS routers for classification:
Header inspection It is a simple classification method and it works really good but has some disadvantages. Let’s say we configure our router all the applications run TCP and its destination is HTTP port 80. Anyhow some other applications are also using TCP port 80. The router is going to perform the same action on both.
Payload inspection This is reliable and it will do deep packet inspection. This method will look at the content of the payload and recognize the application. On our Cisco IOS, this is done with the help of NBAR (network-based application recognition)
NBAR router inspects incoming IP packets and matches them with attributes and signatures in the (packet description language module) PDLM. NBAR is commonly used to block websites and it’s very popular for classification
NBAR classification modern client-server and web-based applications. Perform identification of applications and protocols (layers 4–7) NBAR Performs protocol discovery and provides traffic statistics. NBAR enables downstream action based on QoS policies via (RED), class-based queuing, and policing. New applications are easily supported by loading a PDLM.
NBAR can classify applications that use Statically assigned TCP and UDP port numbers. Non-UDP and non-TCP IP protocols. Dynamically assigned TCP and UDP port numbers negotiated during connection establishing (requires stateful inspection)
NBAR2 is the next generation of NBAR, enhancing the application recognition engine to support more than 1000 applications. NBAR2 functionality requires an advanced license
Packet description language module
PDLMs allow NBAR to recognize new protocol-matching text patterns in data packets without requiring a new Cisco IOS software image or a router reload. An external PDLM can be loaded at run time to extend the NBAR list of recognized protocols. PDLMs can also be used to enhance an existing protocol recognition capability. PDLMs must be produced by Cisco engineers.
NBAR Protocol Discovery
Analyze application traffic patterns in real time and discover which traffic is running on the network. Provides bidirectional, per-interface, and per-protocol statistics. Important monitoring tool supported by Cisco QoS management tools Generates real-time application statistics Provides traffic distribution information at key network locations.
R1(config)#interface serial 4/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.1 YES manual up up
Serial4/0 192.168.10.1 YES manual up up
R2(config)#interface serial 4/0
R2(config-if)#ip address 192.168.10.2 255.255.255.0
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 20.1.1.1 255.0.0.0
R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 20.1.1.1 YES manual up up
Serial4/0 192.168.10.2 YES manual up up
R1(config)#router eigrp 65100
R2(config)#router eigrp 65100
*Oct 11 18:22:53.123: %DUAL-5-NBRCHANGE: EIGRP-IPv4 65100: Neighbor 192.168.10.1 (Serial4/0) is up: new adjacency
R1#show ip route eigrp
Codes: L — local, C — connected, S — static, R — RIP, M — mobile, B — BGP
D — EIGRP, EX — EIGRP external, O — OSPF, IA — OSPF inter area
N1 — OSPF NSSA external type 1, N2 — OSPF NSSA external type 2
E1 — OSPF external type 1, E2 — OSPF external type 2
i — IS-IS, su — IS-IS summary, L1 — IS-IS level-1, L2 — IS-IS level-2
ia — IS-IS inter area, * — candidate default, U — per-user static route
o — ODR, P — periodic downloaded static route, H — NHRP, l — LISP
+ — replicated route, % — next hop override
Gateway of last resort is not set
D 20.0.0.0/8 [90/2172416] via 192.168.10.2, 00:00:21, Serial4/0
R1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(65100)
H Address Interface Hold Uptime SRTT RTO Q Seq
0 192.168.10.2 Se4/0 13 00:00:31 54 324 0 4
R2#show ip route eigrp
Codes: L — local, C — connected, S — static, R — RIP, M — mobile, B — BGP
D — EIGRP, EX — EIGRP external, O — OSPF, IA — OSPF inter area
N1 — OSPF NSSA external type 1, N2 — OSPF NSSA external type 2
E1 — OSPF external type 1, E2 — OSPF external type 2
i — IS-IS, su — IS-IS summary, L1 — IS-IS level-1, L2 — IS-IS level-2
ia — IS-IS inter area, * — candidate default, U — per-user static route
o — ODR, P — periodic downloaded static route, H — NHRP, l — LISP
+ — replicated route, % — next hop override
Gateway of last resort is not set
D 10.0.0.0/8 [90/2172416] via 192.168.10.1, 00:00:42, Serial4/0
R2#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(65100)
H Address Interface Hold Uptime SRTT RTO Q Seq
0 192.168.10.1 Se4/0 11 00:00:46 44 264 0 3
R1(config-cmap)#match protocol http
R1(config-cmap)#match access-group name VOICE
R1(config-cmap)#match protocol icmp
R1(config)#ip access-list extended VOICE
R1(config-ext-nacl)#permit udp any any range 16380 32760
R1(config-pmap-c)#set ip precedence 1
R1(config-pmap-c)#set ip precedence 2
R1(config-pmap-c)#set ip dscp ef
R1#show run policy-map
Current configuration : 132 bytes
policy-map INTERNETWORKS
class ICMP
set ip precedence 1
class HTTP
set ip precedence 2
class VoIP
set ip dscp ef
R1#show run class-map
Current configuration : 156 bytes
class-map match-all ICMP
match protocol icmp
class-map match-all HTTP
match protocol http
class-map match-all VoIP
match access-group name VOICE
R1(config)#interface serial 4/0
R1(config-if)#service-policy output INTERNETWORKS
R1#show policy-map interface serial 4/0
Service-policy output: INTERNETWORKS
Class-map: ICMP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol icmp
QoS Set
precedence 1
Packets marked 0
Class-map: HTTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol http
Packets marked 0
Class-map: VoIP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICE
Packets marked 0
Class-map: class-default (match-any)
7 packets, 368 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
R1#ping 20.1.1.1 source 10.1.1.1 repeat 16
Type escape sequence to abort.
Sending 16, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
Success rate is 100 percent (16/16), round-trip min/avg/max = 32/46/52 ms
R1#show policy-map interface serial 4/0
Service-policy output: INTERNETWORKS
Class-map: ICMP (match-all)
16 packets, 1664 bytes
5 minute offered rate 1000 bps, drop rate 0000 bps
Match: protocol icmp
Packets marked 16
Class-map: HTTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol http
Packets marked 0
Class-map: VoIP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICE
Packets marked 0
Class-map: class-default (match-any)
20 packets, 1313 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
R1#ping 20.1.1.1 source 10.1.1.1 repeat 4
Type escape sequence to abort.
Sending 4, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
Success rate is 100 percent (4/4), round-trip min/avg/max = 44/49/52 ms
R1#show policy-map interface serial 4/0
Service-policy output: INTERNETWORKS
Class-map: ICMP (match-all)
20 packets, 2080 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol icmp
Packets marked 20
Class-map: HTTP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: protocol http
Packets marked 0
Class-map: VoIP (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name VOICE
Packets marked 0
Class-map: class-default (match-any)
26 packets, 1617 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps