One of the most powerful features that the MQC (Modular QoS CLI) offers is NBAR (Network Based Application Recognition) or also called DPI (Deep Packet Inspection). Today, I will be showing you how to manipulate routing based on upper layer levels of data packet.
What’s so powerful with MQC is that by using NBAR, you can inspect any part of a L4+ data packet and do whatever you like with it. In this example, I will be using the MQC to classify and mark web traffic such as youtube.com or facebook.com and then routing it to null0 (the bit bucket). This will result in black-holing traffic for anyone trying to reach those webpages.
- Lets start by identifying our traffic using the class-map feature of the MQC:
This will put any http packet that has the string *youtube.com* OR “*myspace*” OR “*facebook*” in our first logical queue.
2.Let’s mark this class by creating a policy-map and set the DSCP value to 1.
3. Now that we used the packet inspection feature of NBAR and marked our traffic with a DSCP value, we can map it to an access-list.
This creates a named access-list called “drop-traffic” and maps the DSCP value of 1 to it. Using the formula if a=b and b=c then a =c, we mapped the packet inspection (a) to the DSCP value (b) to the access-list (c).
4. Lets apply this policy to the inbound interface of our web traffic:
5. Now that we have an access-list mapped to a class, we can do whatever we want with this traffic using PBR. In this case, we drop the traffic by setting the next hop to null0 (the bit bucket).
6. Let’s not forget to apply PBR to the interface:
Since we have a QoS and PBR applied to that interface, you might be wondering which one will be applied first. Lets have a look:
We can see that QoS Markings is before Policy Routing and this is what we want. We need the packets entering to be marked first for the route-map to affect it.
There it is, 6 easy steps to route any traffic you choose. In this example my next hop was null0, but you could use any of the set commands for PBR.
Hope this was helpful.