NBAR, Netflow, QoS Policing, 6500s, IOS 12.1(26)E7, and MARS
Hello. I'm having trouble seeing the forest OR the trees, and I'd appreciate some help from someone who has a better field view than myself. We're upgrading our internet connection to 200MB and management is wanting to upgrade our Packet Shaper to meet the new bandwidth. (The Packet Shaper shows top talkers, top protocols, and rate limits protocols or users.) I'm trying to make the argument that we can do this w/ existing tools (nbar, netflow, QoS policing, and MARS), at the same time I'm trying to make the argument that we need to have our supervisors (currently SUP2 MSFC2) on a 3-4 year upgrade cycle.
To get to the 12.2 IOS, I'd require a memory or sup upgrade. What I am hoping for is someone who has gone down this road who knows what I'm lacking in 12.1 code, or if in fact I can do it all here.
While it is self-evident to most in IT why we need to regularly upgrade equipment, I'm having difficulty making this argument to management with hard facts. I'm guessing they'd still be running Windows for Workgroups to save money...but that's another story.
My plan is to use Netflow and MARS to track top users and top protocols. It appears that I lose some mgt functionality w/ MARS in conjunction w/ IOS 12.1, but I am currently unclear if I lose any tracking capability. (MARS is new to us and awaiting install.)
Then, I hope to use NBAR to identify all the latest P2P traffic and police it appropriately w/ QoS tools.
Does my thinking sound solid? Will I be able to pull this off w/ 12.1? If not, what do I need that I lack in 12.1?
Thank you for your time,
Joshua
Hi,
First of all - you need to be clear that although MARS uses netflow data, it uses it for the purpose of identifying security issues. If you want to use netflow for reporting and/or accounting purposes MARS isn't the tool you need, try one of the following freeware netflow tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/freeware/index.shtml
or one of the following commercial tools:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/index.shtml
The freeware ones are generally more difficult to set up but once running are just as good as the commercial ones.
However, this means you need two netflow destinations - one for MARS and one for your netflow tool, and this feature is called "Netflow Multiple Export Destinations" and initially appeared at 12.1(3)T, but it seems to be VERY platform specific - for example, because we only run GD software on our 3660's we had to upgrade to 12.3(20) to get it.
Looking at the Feature Navigator for SUP2/MSFC2 it appears that you need at least 12.2(18)SXF6 to get this feature so that might help your case.
I'd personally keep the PacketShaper for it's reporting capability if nothing else (IOS can do the job, but not as elegantly as the PacketShaper).
HTH - plz rate if useful.
Andrew.
Similar Messages
-
Hello,
Here is the config for Catalyst 3560 found under the link below.
I would like to do same setting on Catalyst 3850.
http://itknowledgeexchange.techtarget.com/network-engineering-journey/how-to-configure-per-vlan-qos-in-cisco-3550-and-3560/
mls qos
interface fa0/2
mls qos vlan-based
class-map INT
match input-interface fa0/2
policy-map NESTED_POLICE
class INT
policy 12800 1600 exceed-action drop
class-map HTTP
match protocol http
policy-map PARENT_MARK
class HTTP
set dscp af11
service-policy NESTED_POLICE
interface vlan 10
service-policy input PARENT_MARK
But commands like "mls qos", "mls qos vlan-based" and "match input-interface " doesn't work on 3850.
There is no helpful Cisco manual for it.
Could anyone help me?
Thanks in advance,
TaroHello Paul,
Thank you for the attention.
Here is the information.
#sh ver
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.01.SE RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 20-Mar-13 17:10 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)
SW01 uptime is 21 weeks, 6 days, 14 hours, 27 minutes
Uptime for this control processor is 21 weeks, 6 days, 14 hours, 30 minutes
System returned to ROM by reload at 22:27:58 JST Wed Jan 8 2014
System restarted at 22:27:52 JST Wed Jan 8 2014
System image file is "flash:packages.conf"
Last reload reason: Reload command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Ipservices
License Type: Permanent
Next reload license Level: Ipservices
cisco WS-C3850-24T (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FOC1717V01B
24 Virtual Ethernet interfaces
56 Gigabit Ethernet interfaces
8 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
250456K bytes of Crash Files at crashinfo-2:.
1609272K bytes of Flash at flash:.
1609272K bytes of Flash at flash-2:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of Dummy USB Flash at usbflash0-2:.
0K bytes of at webui:.
Base Ethernet MAC Address : 44:ad:d9:6d:4e:00
Motherboard Assembly Number : 73-12238-06
Motherboard Serial Number : FOC17163HB8
Model Revision Number : B0
Motherboard Revision Number : D0
Model Number : WS-C3850-24T
System Serial Number : FOC1717V01B
Switch Ports Model SW Version SW Image Mode
1 32 WS-C3850-24T 03.02.01.SE cat3k_caa-universalk9 INSTALL
2 32 WS-C3850-24T 03.02.01.SE cat3k_caa-universalk9 INSTALL
Switch 02
Switch uptime : 21 weeks, 6 days, 14 hours, 31 minutes
Base Ethernet MAC Address : 20:bb:c0:01:86:80
Motherboard Assembly Number : 73-12238-06
Motherboard Serial Number : FOC17163HCM
Model Revision Number : B0
Motherboard Revision Number : D0
Model Number : WS-C3850-24T
System Serial Number : FOC1717V01K
Configuration register is 0x102
SW01#sh sdm prefer
Showing SDM Template Info
This is the Advanced template.
Number of VLANs: 4094
Unicast MAC addresses: 32768
Overflow Unicast MAC addresses: 512
IGMP and Multicast groups: 8192
Overflow IGMP and Multicast groups: 512
Directly connected routes: 32768
Indirect routes: 8192
Security Access Control Entries: 3072
QoS Access Control Entries: 2816
Policy Based Routing ACEs: 1024
Netflow ACEs: 1024
Input Microflow policer ACEs: 256
Output Microflow policer ACEs: 256
Flow SPAN ACEs: 256
Tunnels: 256
Control Plane Entries: 512
Input Netflow flows: 8192
Output Netflow flows: 16384
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created. -
All of the QOS configuration guidance I've seen in the documentation on this website refers to 6500 switched interfaces (switchport mode access/trunk).
Is the QOS configuration different on a 6500 routed interface. For instance on an interface between two core switches in a routed (Layer 3) core?
I have already reviewed all of the IOS-related 6500 Cisco documents I could find, and the latest QOS SRND with no luck finding info on this issue.
Thanks
GregThis URL should help you:
http://www.cisco.com/application/pdf/en/us/guest/products/ps708/c2001/ccmigration_09186a00801a90cc.pdf -
CBWFQ style QoS on 6500 (Native)
Hi, Is it possible to have CBWFQ style QoS on 6500 SUP2/MFSC2/PFC2, 12.1.23E on the LAN cards, the cards with 1P2Q2T type ports (not the flexWANs). I have read 6500 PFC QoS documentation and did not found any reference to router style CBWFQ (I did not find an option for defining policy maps with 'bandwidth' under classes like the way we do on router IOS). Wondering if it is possible at all with HW/SW combination mentioned above.
If it not possible on the HW above, is it possible with any new HW like S720 etc and 12.2 codes ?
thanks
IftikharCBWFQ is not supported on the 6500, except in the case of WAN interfaces, as the QoS is not supplied by the PFC for these modules.
HTH,
Bobby -
Bandwidth Management(Rate Limit) Using QoS Policies
Hello,
I need some advice. We have an ASA 5525 running version 8.6(1)2 and a 10 MG pipe. I have execs that want to limit bandwidth on users for stuff like youtube, stream media, and downloads. I found the article on ‘Bandwidth Management(Rate Limit) Using QoS Policies’ so it appears our firewall can do what we want. I’m not a cisco person. My knowledge is limited when it comes to configuration – that’s why we have SmartNet :). The advice I need is what to ask for, so to speak, when I put a case in. Can bandwidth be limited on end users and/or can they limit the ‘bandwidth rate limit’ to just youtube, steaming media, and downloads? If so, what should the limit be? and I’m assume this would be for ‘incoming’ traffic only? we’re running into some bandwidth hogs – usually youtube and/or streaming media. We have a Barracuda web filter which we’ve used to block and monitor activity but I simply do not have time to babysit this all day. I should also mention we do have critical data running up and down the pipe; such as credit card processing, DB replication between in house DB and hosted website, TPCx and EDI, FTP, and such that we don’t want restricted.
Need input please,
Thanks,
DHello,
That's a question that you as the network admin of that organization could answer.
How much traffic for business purposes must travel via HTTP/HTTPS?
How much bandwith are you willing to provide to this 2 protocols?
Those are the kind of answers you need to answer before setting the number
Regards
Remember to rate all of the helpful posts, Just click the 5 stars at the left of each post
Julio -
IDSM2 on 6500-IOS inline mode support?
Hi,
I have an IDSM-2 running IPS5.1(1d) software (recently upgraded from 4.x) that is sitting on a 6500 IOS.
The IPS device manager shows gi0/7 and gi0/8 as both in Promiscuous mode. There is no option to change the mode to inline and pair them.
Is it so that IDSM-2 currently supports only Promiscuous mode?
If so, then this module is still acting as an IDS despite running IPS5.1. Isn't it? What is the advantage that I get after upgrading it from 4.x to 5.1?
-- VasanthThere are 2 pieces to the puzzle.
There is the IDSM-2 version and what it supports, but also the Cat 6K Native IOS version and what it supports.
IDSM-2 v5.1(1d) supports
a) Promiscuous mode,
b) InLine Interface Pair mode (2 interfaces are paired for inline monitoring), and also
c) InLine Vlan Pair mode (2 vlans on a single interface are paired for inline monitoring, you will also see it called inline-on-a-stick)
But for these features to be used, the switch code must also support configuring the switch side of the IDSM-2 for each of these 3 features.
Native IOS Versions prior to 12.2(18)SXE will support only Promiscuous mode on the IDSM-2.
12.2(18)SXE and later versions will support InLine Interface Pair mode on the IDSM-2.
No Native IOS versions currently support InLine Vlan Pair mode on the IDSM-2 (a new Native IOS versions with this support is currently in development).
So to get Inline (IPS) functionality you need to be running a Native IOS version 12.2(18)SXE or later, and on the IDSM-2 run IPS versions 5.1 (or even the older 5.0).
(NOTE: Cat OS 8.5(1) does support all 3 modes of the IDSM-2. So if you are using Cat OS instead of Native IOS, then run version 8.5(1) to have access to all of the features of IPS 5.1(1) on the IDSM-2)
If you are running a Native IOS version prior to 12.2(18)SXE then the IDSM-2 can only be operated in Promiscuous mode even if 5.1(1) is loaded on the IDSM-2.
However, even in promiscuous mode the IPS 5.1(1) software does have a few advantages.
There are several engines, and engine parameters that are only supported in the 5.1 version and not the 4.0 version. So there are several signatures that are either a) not even created for 4.x sensors, or b) the 4.x signature is not as precise as the 5.x signature in the new engines.
(These new engines have proved invaluable in writing signatures to detect some of the new attacks that have come out over the past year.)
There are of course other advantages as well:
For example:
1) Risk Rating to better aid in prioritization of alerts.
2) More flexible fitlering mechanism for alerts that allows for fitlering individual actions
The 2 features above are just 2 of the new features that have been added in 5.0 and 5.1 that apply to both promiscuous and inline modes. -
Enabling Netflow on Production 6500 Core switch
Hi All,
I am looking for a little expert advise regarding Cisco Netflow. For monitoring I need to enable Netflow feature on 6500 core switch or 6500 load balancer with CSM module installed, but I am just concern about the CPU hits on the devices. we are not using any dynamic routing protocols. Can someone please advise how will it effect on the local resources when using Netflow? Is it fine if I enable this feature on these devices in production?
Thanks in advance,Hi Mudassar,
Enabling netflow will not have a major impact on CPU or memory but you will want to keep a close eye on the switches TCAM utilisation. Features like netflow, TCP intercept and WCCP can use resources from “NetFlow TCAM Table”.
Use the "show mls netflow table-contention detailed" command to monitor TCAM utilisation.
Regards
Brett -
How do people manage QoS Policies in large network without using QPM
We are using QPM to manage QoS polices however we are looking at decommissioning CiscoWorks. How are people managing with their QoS settings in large environments?
I have no idea about the modem and bridge mode (I don't do networking -- hopefully Bob Timmons, Tesserax, or one of the other networking gurus will drop in and address that).
But . . . you should be able to back up to the TC as long as it's on your network and recognized by your Macs. I think being in bridge mode means it will be rather slow, but it should work. Until/unless we hear otherwise, you might want to see #Q1 in Using Time Machine with a Time Capsule. -
IOS IPS for blocking IM and P2P
Any recommendations on the best way to use IOS IPS to stop P2P and IM?
I set up a 3845 with 12.3(14)T1 to do this by importing signatures from the latest SDF using SDM. I used the attack-drop, and all IM and P2P signatures I could find. I changed them all to drop and reset. I then applied it to the inside interface of a 3845. I also set up nbar with a drop policy for all P2P traffic.
The configuration caused very slow web response time for users, including blocked pages. Removing the IPS filter made everything work properly again. The router also stopped rebooting periodically.
Is there a recommended way to set this up that does not cause slow performance and reboots?OK, went back and loaded some upgraded software. Now using 12.4.1 Advanced security IOS on the 3845, and SDM 211. The new 256MB.sdf signature file has all the IM and P2P signatures in it already!
After applying the IPS inbound on the serial interface, I changed the UDP signatures action to drop and the TCP to drop/reset.
Everything appears to be working beautifully. Yahoo and MSN messenger get dropped, as well as the peer to peer requests. I am unable to download Bittorrent. Web access is fast, and there is no hesitation by the router in configuring the IPS.
This appears to be a great solution so far. -
I can not view ANY videos on Vimeo, I have 'reset' the Ipad, original IOS 5, cleared the history and cookies, I haves changed the DNs number to 8.8.8.8, I have worked on this for 3 days now, HELP!!!!
Try a reset: Simultaneously hold down the Home and On buttons until the device shuts down. Ignore the off slider if it appears. Once shut down is complete, if it doesn't restart on it own, turn the device back on using the On button. In some cases it also helps to double click the Home button and close all apps BEFORE doing the reset.
-
My iPad 4 does not show up on my TV screen when in AirPlay mirroring mode using WiFi. The iPad displays AirPlay set to TV with the Mirroring On (green).
My iPad IOS software is 8.2 and my Apple TV software is at 7.1. The TV displays the Apple Menu. The “Settings” does however displays the General menu allowing me to see:
Apple software: 7.1 (7003)
Apple TV: Model No. A1464, Part No. MD199B/A
Signal Strength shows 5 circles.
It does not display the iPad screen but when I use the BT Sport App I can hear the sound but there is no video. I have searched the internet for a solution to no avail. The problem first arose when the IOS was at 8.1+ but it worked correctly briefly when I updated to IOS 8.2. Can you help please?Welcome to the Apple Community.
Try the following steps, check whether things are working after each step where appropriate, before trying the next.
Check AirPlay is turned on on the Apple TV (turn it off and on if it already is)
Check that both devices are on the same network (Settings > Wifi, on the mobile device and Settings > General > Network, on the Apple TV).
Restart the Apple TV (Settings > General > Restart).
Restart the Apple TV by removing ALL the cables for 30 seconds.
Restart your router. (Also try removing it’s power cord for at least 30 seconds)
Restart your mobile device.
If you are still having problems, the following article(s) may help you.
Troubleshooting AirPlay
Troubleshooting Wi-Fi networks and connections
Recommended Wi-Fi settings
Wifi Diagnostic Software (for Mac users)
You may also find some help on this page, where I’ve collected some of the more unusual solutions to network issues.
When making adjustments to your network for better optimisation, you may find some of the points mentioned on this page helpful. -
My ipod 5th gen ios 7.0.6 crashed and keeps going from the apple logo, going to a black screen, back to the apple logo, then back to the black screen and so on. Furthermore, my laptop doesn't recognise that the iPod is connected. What do I do?
Please help me out as this is very irritating. This has been happening for the last 20-30 minutes. It had roughly half battery left.Try:
- iOS: Not responding or does not turn on
- Also try DFU mode after try recovery mode
How to put iPod touch / iPhone into DFU mode « Karthik's scribblings
- If not successful and you can't fully turn the iOS device fully off, let the battery fully drain. After charging for an least an hour try the above again.
- Try another cable
- Try on another computer
- If still not successful that usually indicates a hardware problem and an appointment at the Genius Bar of an Apple store is in order.
Apple Retail Store - Genius Bar -
IPad 1 Safari crashes frequently. I went to many Apple stores in different countries and each Apple staff member had their own different opinions with no help. I had upgraded my iOS to 5.1.1 and the Safari crashing started about one year after the upgrade and some Apple staff blame this- but this started one year later after the iOS upgrade. Recently at the Apple Store in Vancouver an Apple staff reset my computer (erased everything and sent to iCloud to reset the iPad) and I hoped this would fix the problem. IPad Safari still crashes. Short of booking an appointment for taking it for repair to Apple technicians which will cost me money can anyone help me to fix this Safari crashing.
Hi,
You might have a 3rd party plugin that isn't compatible with Safari 4.0.4. Go here for help...
Safari add-ons can cause performance issues or other situations
If you are using a USB hub, try disconnecting and restarting with just your keyboard and mouse connected.
From the Safari Menu Bar, click Safari / Empty Cache. When you are done with that...
from the Safari Menu Bar, click Safari / Reset Safari. Select the top 5 buttons and click Reset.
Mac OS: Web Browser Quits Unexpectedly or Stops Responding
Also, you could download and install the 10.5.8 combo update (PowerPC) available here.
http://support.apple.com/downloads/MacOS_X_10_5_8_ComboUpdate
It contains fixes that might help. Then repair disk permissions.
Quit any open applications/programs. Launch Disk Utility. (Applications/Utilities) Select MacintoshHD in the panel on the left, select the FirstAid tab. Click: Repair Disk Permissions. When it's finished from the Menu Bar, Quit Disk Utility and restart your Mac. If you see a long list of "messages" in the permissions window, it's ok. That can be ignored. As long as you see, "Permissions Repair Complete" when it's finished... you're done. Quit Disk Utility and restart your Mac.
Carolyn -
I started my update for ios 5.1for iPhone 4s and cancelled it have way through now it says it's downloaded but really it's not the update is still there and when I try to update it it says unable to install update : an error occurred installing iOS 5.1 ?
See Here... Unable to Update or Restore...
http://support.apple.com/kb/HT1808 -
hello, i have updated my iphone 5 black 16 gb to ios 7.0.2 (11a501) and my battery life of my iphone has become worse it gives 9 hours of usage with out doing anything, i have done everything every tip that is available online i had 3gs and 4s so i know how to save battry life,i even tried not using my iphone as well but still no change at all!. i have upadted to ios 7.0.3 then downgraded it , i thought battery may be an issue ,so i put brand new battery still no change , so what should i do ? , update to the latest version which is ios 7.0.4 or wait for the ios 7.1 , i was using iphone 4s running on ios 6.1 it gave me 3 days of battery timing , iphone 5 seemed to be very bad for me ,help ! ?
its facory unlocked btwTry to do a reset, if it doesn't work try remove recently added apps this may solve your problem ( like google app because it has happened with me)
Take a look at apps using your location service in privacy, it can cause battery draining.
Maybe you are looking for
-
I've been trying to remember my security questions for ages, and I can't seem to remember them. On my Apple ID I have changed my alternate email address because the previous one was deleted, but when I go on the "Password and Security" page on my App
-
Hi experts, When executing a simple oops program ..i got the following error. Please correct the code. "VAR" is not type-compatible with formal parameter "I_DATA". CLASS main DEFINITION CLASS main DEFINITION. PUBLIC SECTION. "//
-
Can I use two SCXI-1600 in a SCXI chassis (such as SCXI-1001)?
Hi, I want to insert two SCXI-1600 in one SCXI-1001. But the two SCXI-1600 don't work at the same time. Can the system work properly? Hitech Gaotd
-
Variant Configuration:Batch search procedure
dear experts, we are about to go for Varinat configuration in a steel plant. what i want is the batch should be allowed to get posted only when its configured characteristics are getting matched with configure variant. For that what customizing se
-
how do i set up my wifes and i's two nanos so that they work on one computer. i have tried without much succes as the computer recognises my nano as my wifes and synchronises to her settings ?