NBAR

Unanswered Question
Sep 25th, 2008
User Badges:

Hi all,

I've this scenario:


client ---Router---web server


I'd like to configure a policy with a class that match protocol http url (NBAR) and apply it outbound towards web server on Router. The question is: does it match only the http request for that url or the reply too? I'm very confused...since I don't understand if NBAR used inspection to classify traffic in both direction..even if the policy is applied only outbound.

Can I match an url appling my policy in input?

Many thanks in advance for your support


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Giuseppe Larosa Thu, 09/25/2008 - 08:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Gianluca,


nbar will work on only one direction depending on the direction in which you apply the service-policy that uses the class-map that calls with match protocol the NBAR feature.


Be aware that at L4

match protocol http


is able only to match traffic from client to server

=

access-list 121 permit tcp any any eq 80


the return traffic is not HTTP, here TCP 80 is the source port


access-list 122 permit tcp any eq 80 any


there was another thread about this.

I would suggest you to use it on the interface between client and router to be able to shape on the outgoing interface based on marking you do on the client-to-router interface:


two service-policy one used to mark in client to router and the other one used outbound on interface to the web server.


Hope to help

Giuseppe


Actions

This Discussion