I am preparing to add syntax to a metro circuit that is being terminated on one side by a Cat65000 and a Juniper EX4200 on the other. Right now I am focusing on configuring the Cisco side. The purpose of the syntax is to
preserve call quality in rare instances of a bandwidth consumption spike. I am leaning toward using NBAR instead of ACLs, please let me know if this is not a good idea to you in this particular context;
Circuit bandwidth 3072 kb/sec (3mb circuit)
GLOBAL CONFIGURATION on Cat65000
ip address x.x.x.x x.x.x.x
ip nbar protocol-discovery
service-policy output Data-Circuit
POLICY MAP CONFIGURATION
set dscp ef
priority percent 50 ! CONFIGURES LLQ FOR RTP TRAFFIC (LLQ IS ALSO CALLED "PRIORITY QUEUING")
set dscp cs3
bandwidth percent 5 ! RESERVES 5 PERCENT OF BANDWIDTH FOR VOICE CALL CONTROL
CLASS MAP CONFIGURATION
class-map match-any voip-rtp
match protocol rtp audio
class-map match-any voip-control
match protocol skinny
match protocol sip
match protocol h323
match protocol mgcp
So, a few questions;
1) Is the command "ip nbar protocol-discovery" necessary for the interface? This command does not appear available when I type it, but I don't know if that's because I have not applied the "ip cef" syntax or if this is a Cisco IOS
2) The purpose of this syntax is to control traffic in congestion situations. The QOS SRND supports this assumption, but I just want to make sure - in the absense of congestion, full bandwidth should be available to all applications,
3) I can't find information pertaining to the bandwidth requirements for SCCP. The configuration examples that I have found imply that it is 32kb/s, is this correct?
Anyway, I'd appreciate any feedback or clarification.
As long as CEF is enabled NBAR is running by default on any newer IOS. You only need to use the discovery command to log what is traversing the interface for your review. Without the discovery command NBAR will still match your protocols, you just won't be able to use the show ip nbar protocol-discovery command to review what NBAR has been seeing.
You can certainly use your ACL to match rather than matching the protocol. I think that is all NBAR is doing anyway - matching the ports that the protocol you specify uses.