Shulou(Shulou.com)06/01 Report--

NBAR (Network-Based Application Recognition) means network application identification. NBAR is a technology that dynamically discovers protocols from layer 4 to layer 7. Different from ACL, it only depends on the port number to judge the application service, and what is more accurate is that it can be identified by the description of the packet itself, and which service the data belongs to. It can classify applications and HTTP traffic that dynamically assign TCP/ UDP port numbers (such as P2P download software).

In fact, the application principle of NBAR lies in the monitoring of the network application level, and code matching can be carried out to identify the specific applications of datagrams, such as FTP, WEB, BT, electric donkey and so on. Even if the applied service port changes, NBAR can identify the specific service. First of all, NBAR can be applied to network monitoring to determine which service occupies the most important traffic in your network, in order to cooperate with QOS to do traffic trimming.

PDLM is the main identification principle of NBAR for high-level network applications. Since Cisco IOS 12.0, the concept of NBAR has been introduced. Due to the different versions of IOS, the higher IOS already supports bittorrent and eDonkey. If your device does not have the ability to find the traffic of BT and donkey, it mainly does not support these two protocols.

1. Upload PDLM. If IOS already supports these two protocols, there is no need to upload PDLM.

Cisco#copytftp flash / / uses TFTP protocol to copy TFTP file to router flash

IP address of Addressor name of remote host []? 192.168.10.10 / / TFTP server

Sourcefilename []? Bittorrent.pdlm / / upload PDLM that supports BT protocol

Destinationfilename [bittorrent.pdlm]? / / the name of the uploaded destination file

Accessingt ftp://192.168.10.10/bittorrent.pdlm...

Eraseflash: before copying? [confirm] n

/ / be sure to select NO and do not format Flash, otherwise PDLM will be uploaded to Flash and other files in Flash will be formatted

Cisco#showflash / / check flash to confirm that it has been uploaded successfully

Systemflash directory:

File Length Name/status

1 15824768 3600 (22) (fc2). Bin

2 3100 bittorrent.pdlm

[15827996bytes used, 17202144 available, 33030140 total]

32768Kbytes of processor board System flash (Read/Write)

two。 Step 2: load the PDLM module into memory through the IP NBAR command

Cisco (config) # ipnbar pdlm flash:bittorrent.pdlm

Cisco (config) # ipnbar pdlm flash:eDonkey.pdlm

3. Use Class-map to classify and mark traffic

Cisco (config) # class-mapmatch-any bt

Cisco (config-cmap) # matchprotocol bittorrent

Cisco (config-cmap) # matchprotocol edonkey

If "match-any" matches one of the traffic types, the classification is performed.

"match-all" matches all traffic before it is classified

/ / use Class-map to classify traffic. The name of Class-map is BT.

/ / there are many Match objects, such as ACL, protocol, etc.

4. Use Policy-map to give a policy for discarding classified traffic

Cisco (config) # policy-mapDeny-bt

/ / Traffic has been classified, and the purpose of using Policy-map is to give a policy for these categories of traffic.

Here, the name of policy-map is defined as Deny-bt. The name can be any character.

Cisco (config-pmap) # classbt

/ / Associate the name of Class-map in Policy-map

/ / the strategy for policy-map to satisfy classified traffic is to discard. You can do the speed limit, you can download BT, but the speed limit is 20Kbps.

Cisco (config-pmap-c) # drop

Cisco (config) # ip cef / / Cisco Express forwarding must be enabled to use NBAR

5. Apply under the interface that connects to the Internet

Cisco (config) # int e0swap 2 / / the policy to call Policy-map under the API

Cisco (config-if) # ip nbar protocol-discovery// enable NBAR under the API

Cisco (config-if) # service-policyoutput Deny-bt / / apply the strategy to the exit direction of E0Unip 2

Cisco (config-if) # service-policyinput Deny-bt / / apply the strategy to the entry direction of E0Unip 2

6. Check the configuration on the router

Show class-map

Show Policy-map

Show policy-mapinterface e0/2

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.