Difference between revisions of "NBAR"
m (→Network-Based Application Recognition) |
|||
| Line 1: | Line 1: | ||
== Network-Based Application Recognition == | == Network-Based Application Recognition == | ||
See [[Media:Bittorrent_pdlm_readme.pdf]] | See [[Media:Bittorrent_pdlm_readme.pdf]] | ||
| + | |||
| + | = NBAR on tunnels and encrypted Interfaces = | ||
| + | |||
| + | NBAR is not configurable on logical interfaces where tunneling or encryption is used. It also is not supported on any physical interface configured with a crypto map. Thus, you cannot use NBAR to classify traffic based on higher-layer packet information such as a URL or Web server hostname for any QoS policy where GRE and/or IPSec are being used. This restriction results from the number of bytes of the packet header that the pre-classify feature saves and then refers. Specifically, QoS preclassification calls an API in IOS before a packet is encapsulated. This API takes a copy of the original packet header information. When the packet eventually hits the egress QoS function, QoS can be applied to the packet based on any of the saved information such as TCP port or real destination IP address. | ||
| + | |||
| + | == Beskriv eksempel på QoS-group der kan klassificere pakke før kryptering == | ||
[[Category:Cisco]][[Category:IOS]][[Category:Network]][[Category:CCNP]] | [[Category:Cisco]][[Category:IOS]][[Category:Network]][[Category:CCNP]] | ||
Revision as of 17:38, 3 May 2010
Network-Based Application Recognition
See Media:Bittorrent_pdlm_readme.pdf
NBAR on tunnels and encrypted Interfaces
NBAR is not configurable on logical interfaces where tunneling or encryption is used. It also is not supported on any physical interface configured with a crypto map. Thus, you cannot use NBAR to classify traffic based on higher-layer packet information such as a URL or Web server hostname for any QoS policy where GRE and/or IPSec are being used. This restriction results from the number of bytes of the packet header that the pre-classify feature saves and then refers. Specifically, QoS preclassification calls an API in IOS before a packet is encapsulated. This API takes a copy of the original packet header information. When the packet eventually hits the egress QoS function, QoS can be applied to the packet based on any of the saved information such as TCP port or real destination IP address.