Welcome on my very first post on my new fresh technical blog!
This post shows different ways of how to match packets based on their length. While this may not be very common in real production, you will find it useful during your CCIE preparations.
Below is a summary of this post:
There are 3 ways (at least, those that I am aware of) to match packets by their size:
1. Modular QoS CLI (MQC)
In the following example, we are given the task to limit to 500 Kbps all the packets that are over 1000 bytes in size. Using the MQC, you create a class-map matching the length of the packet, then create a policy-map to apply the police action to this class and finally apply it to on interface:
class-map match-all CLASS_BIG_PKTS
match packet length min 1300policy-map MY_POLICY class CLASS_BIG_PKTS police 500000
After applying the service-policy to an interface, you may tested by ICMP with packets of different sizes. To verify it, use the following command:
Router-1#sh policy-map inter fa0/0 FastEthernet0/0 Service-policy output: MY_POLICY Class-map: CLASS_BIG_PKTS (match-all) 10 packets, 10150 bytes 5 minute offered rate 2000 bps, drop rate 0 bps
Match: packet length min 1000police: cir 500000 bps, bc 15625 bytes conformed 10 packets, 10150 bytes; actions: transmitexceeded 0 packets, 0 bytes; actions: drop conformed 2000 bps, exceed 0 bps Class-map: class-default (match-any) 26 packets, 2310 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any
2. Policy Based Routing (PBR)
Using route-maps gives you also the possibility to match packets by their sizes. In the below example, all ICMP packets with size between 200 and 1200 will be dropped:
ip access-list extended ACL_ICMP permit icmp any any route-map PBR_ICMP permit 10 match ip address ACL_ICMP
match length 200 1200set interface Null0 interface Serial0/0.1 multipoint ip policy route-map PBR_ICMP
To verify it, initiate pings with diferrent sizes and then check the route-map on the router:
Router-1#sh route-map route-map PBR_ICMP, permit, sequence 10
Match clauses:ip address (access-lists): ACL_ICMP interface FastEthernet0/0 length 200 1200Set clauses: interface Null0 Policy routing matches: 10 packets, 1290 bytes
3. Flexible Packet Matching (FPM)
Flexible Packet Matching is a solution that is belongs more to the Security rather than Routing & Switching and I'm not going to go into many details about it (maybe a separate post ?). Here's a quick referrence about it:
FPM is a set of classes and policies that provides pattern matching capability for more granular and customized packet filters for Layer 2 to 7, bit/byte matching capability, deep into the packet at any offset within the packet header and payload.
- Step 1. Load the protocol header description file(s) (PHDF)
- Step 2. Define the protocol stack (IP-UDP, IP-TCP, etc.)
- Step 3. Define FPM match criteria filter (class-map)
- Step 4. Define action to take on classes (service-map)
- Step 5. Apply service policy to an interface
Here is the Cisco Documentation for FPM !