Posts tagged ‘Policy Based Routing’

May 16, 2011

Matching packets based on their size

by costiser

Welcome on my very first post on my new fresh technical blog!  This post shows different ways of how to match packets based on their length. While this may not be very common in real production, you will find it for sure during your CCIE lab exam.

There are 3 ways (at least, those that I am aware of) to match packets by their size:

1. MQC  (Modular QoS CLI)

In the following example, we are given the task to limit to 500 Kbps all the packets that are over 1000 bytes in size. Using the MQC, you create a class-map matching the length of the packet, then create a policy-map to apply the police action to this class and finally apply it to on interface:

class-map match-all CLASS_BIG_PKTS
 match packet length min 1300

policy-map MY_POLICY
    police 500000

After applying the service-policy to an interface, you may tested by ICMP with packets of different sizes. To verify it, use the following command:

Router-1#sh policy-map inter fa0/0

  Service-policy output: MY_POLICY

    Class-map: CLASS_BIG_PKTS (match-all)
      10 packets, 10150 bytes
      5 minute offered rate 2000 bps, drop rate 0 bps
      Match: packet length min 1000
          cir 500000 bps, bc 15625 bytes
        conformed 10 packets, 10150 bytes; actions: transmit
        exceeded 0 packets, 0 bytes; actions:
        conformed 2000 bps, exceed 0 bps

    Class-map: class-default (match-any)
      26 packets, 2310 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

2) PBR (Policy Based Routing)

Using route-maps gives you also the possibility to match packets by their sizes. In the below example, all ICMP packets with size between 200 and 1200 will be dropped:

ip access-list extended ACL_ICMP
 permit icmp any any

route-map PBR_ICMP permit 10
 match ip address ACL_ICMP
 match length 200 1200
 set interface Null0

interface Serial0/0.1 multipoint
 ip policy route-map PBR_ICMP

To verify it, initiate pings with diferrent sizes and then check the route-map on the router:

Router-1#sh route-map
route-map PBR_ICMP, permit, sequence 10
  Match clauses:
    ip address (access-lists): ACL_ICMP
    interface FastEthernet0/0
    length 200 1200
  Set clauses:
    interface Null0
  Policy routing matches: 10 packets, 1290 bytes

3) FPM (Flexible Packet Matching)

I don’t believe that FPM may appear during CCIE R&S lab exam. It is more probable to see it during the CCIE Security exam. Anyway, here’s a quick referrence about it:

FPM is a set of classes and policies that provides pattern matching capability for more granular and customized packet filters for Layer 2 to 7-bit/byte matching capability deep into the packet at any offset within the packet header and payload.

How to configure
Step 1. Load the protocol header description file(s) (PHDF)
Step 2. Define the protocol stack (IP-UDP, IP-TCP, etc.)
Step 3. Define FPM match criteria filter (class-map)
Step 4. Define action to take on classes (service-map)
Step 5. Apply service policy to an interface

Cisco doc: