QoS Classification on Cisco IOS Router

(Rene Molenaar) #1

This topic is to discuss the following lesson:

0 Likes

(system) #2

Thank you very much. This is really very good topic and it is very clear to me.

0 Likes

(Jude O) #3

Thanks Renee! I’m gaining some traction on QOS

0 Likes

(dong q) #4

Hello Renee

Thanks for your excellent introduction!

Here I have one concern, which “Tool” is better to identify the specific traffic? For example, If want to perform QoS for one of applications named ABC, how does router know which traffic is for Application - ABC?

 

Thanks

Dong

0 Likes

(Rene Molenaar) #5

Hi Dong,

If it’s a well known application like HTTP, HTTPS, SMTP, POP3, IMAP, SQL, etc. then NBAR can recognize them. Otherwise, it’s best to use an access-list to match the port numbers of your application.

Rene

0 Likes

(dong q) #6

Hello Rene

Thanks for your feedback, and then, what’s the best way to get the port numbers of some particular applications?

 

Thanks

Dong

0 Likes

(Rene Molenaar) #7

Hi Dong,

If you have “well known” applications like HTTP, FTP, telnet, SSH, etc. then it’s easy to look them up. You can google for the RFCs to find the official documentation. Here’s an example for HTTP:

https://tools.ietf.org/html/rfc2616

If it’s an application from some vendor, contact them…most of them offer an overview with addresses / protocols / port numbers that should be allowed. Here’s a good example from Airwatch:

Hope this helps.

Rene

0 Likes

(Primoz C) #8

Hi, Rene,
my question is, how can I classify the encrypted traffic of a certain traffic category? If I want to classify all streaming video traffic and I don’t know the ports or IP addresses of the video streaming sources. And we know that great deal of traffic is encrypted (https) nowadays.
Is there a possibility?

Thanks.

Primoz

0 Likes

(Rene Molenaar) #9

Hi Primoz,

If your traffic is encrypted with IPsec then you could use QoS pre-classify. You’ll have to mark the non-encrypted traffic before it enters the tunnel:

QoS Pre-classify

If it’s HTTPS traffic then it will be difficult. From the outside, you can’t really tell what kind of traffic you are transmitting. If possible, see if your application can be configured to mark your traffic. If this is possible then you don’t have to classify/mark on the router, you can queue right away.

Rene

0 Likes

(Hussein Samir) #10

Hi Rene,

Can you give me an example of using match not classification ?? and in situation we used it ??

0 Likes

(Lazaros Agapides) #11

Hello Hussein.

The match not criterion for a class map matching statement essentially says “anything that doesn’t match what follows”. It is similar to “not equal to” in programming or logic. If we use the example in the lesson, and the command entered was:

R2(config-cmap)#match not access-group name TELNET

then the result would be that the policy map would match everything EXCEPT what is found in the access-list named TELNET.
In other words, the policy would match everything and would not match anything using port 23.

It is just another tool to be able to express what you require to be matched in the policy map and can be useful to more specifically define your requirements.

I hope this has been helpful!

Laz

1 Like