Before go into “9800 custom QoS” post, it may be useful to understand Cisco NBAR – Network Based Application Recognition.As name implies it is the way Cisco can detect based on application layer characteristics.Since it is layer 7 detection even encrypted traffic, you should be able to understand application. Here is a great Ciscolive presentation that you can get deeper understanding about How NBAR is working.
Image below (taken from that presentation) shown the “Traffic Class” and “Business Relevance” NBAR attributes that can be used to group all those NBAR detected applications into groups that you can easily manage. When you develop a custom QoS policy in a Cisco device (including 9800 WLC), these two attributes can use to simplify your classification rules (ie class-maps)
NBAR use same 12 class model defined in RFC 4594. Note that “Best Effort” traffic is using “class-default” class-map which you do not require to explicitly defined. Also note that by default all applications marked with “Business Irrelevant” attribute goes into “Scavenger” class. Therefore you will see 10 traffic classes for the rest of the traffic. You can verify it as shown below.
C9800-2#sh ip nbar attribute traffic-class ?
broadcast-video Broadcast TV, live events, video surveillance
bulk-data Non-interactive data applications
multimedia-conferencing Desktop software multimedia collaboration applications
multimedia-streaming Video-on-Demand (VoD) streaming video
network-control Network control plane traffic
ops-admin-mgmt Network operations, administration, and management traffic
real-time-interactive High-definition interactive video applications
signaling Signaling traffic that supports IP voice and video telephony
transactional-data Interactive data applications
voip-telephony VoIP telephony (bearer-only) traffic
| Output modifiers
<cr> <cr>
C9800-2#sh ip nbar attribute traffic-class
Name : traffic-class
Help : SRND class
Type : group
Groups : broadcast-video
: bulk-data
: multimedia-conferencing
: multimedia-streaming
: network-control
: ops-admin-mgmt
: real-time-interactive
: signaling
: transactional-data
: voip-telephony
Need : Mandatory
Default : bulk-data
If you want to look at what applications categorized into “VoIP-Telephony” class, you can use that “traffic-class” name at the end of above CLI command. (see below)
C9800-2#show ip nbar attribute traffic-class voip-telephony aol-messenger-audio DEPRECATED, traffic will not match cisco-collab-audio Cisco Collaboration Voice by various Cisco unified communication clients. cisco-jabber-audio Cisco Jabber Client; Audio Calls and Voice Mail cisco-media-audio Cisco IP Phones and PC-based Unified Communicators cisco-phone-audio Cisco IP Phones and PC-based Unified Communicators; Audio Calls cisco-smart-probe Cisco smart probe cisco-spark-audio Cisco Spark / Webex Teams Audio - unified communications client audio citrix-audio Citrix Audio Traffic facebook-audio Facebook Audio fring-voip DEPRECATED, traffic will not match google-services-audio Google Services Audio gtalk-voip Protocol integrated into hangouts-audio hangouts-audio Google Hangouts audio jabber-audio Communications protocol for message-oriented middleware based on XML ms-lync-audio Skype provides cost effective and collaborative tools for businesses rtp-audio Real Time Protocol Audio telepresence-audio Telepresentce Voice by various Cisco unified communication clients. yahoo-voip-messenger Free P2P calls yahoo-voip-over-sip Yahoo VoIP over SIP
Now, as a customer you may not want to classify those VoIP application traffic as EF. To make your life easy, Cisco came up with “Business-Relevance” attribute where you can easily classify any of those 10 traffic classes’ application into 3 business relevant categories
- Business-Relevant
- Business-Irrelevant
- Default
C9800-2#show ip nbar attribute traffic-class voip-telephony business-relevance ? business-irrelevant Undesirable business traffic business-relevant Business critical applications default Related business applications
Now, if you want to see which VoIP-Telephony application goes into “business-relevant” category you can use the below CLI command.
C9800-2#show ip nbar attribute traffic-class voip-telephony business-relevance business-relevant cisco-collab-audio Cisco Collaboration Voice by various Cisco unified communication clients. cisco-jabber-audio Cisco Jabber Client; Audio Calls and Voice Mail cisco-media-audio Cisco IP Phones and PC-based Unified Communicators cisco-phone-audio Cisco IP Phones and PC-based Unified Communicators; Audio Calls cisco-smart-probe Cisco smart probe cisco-spark-audio Cisco Spark / Webex Teams Audio - unified communications client audio citrix-audio Citrix Audio Traffic jabber-audio Communications protocol for message-oriented middleware based on XML ms-lync-audio Skype provides cost effective and collaborative tools for businesses rtp-audio Real Time Protocol Audio telepresence-audio Telepresentce Voice by various Cisco unified communication clients.
Here is the list of “VoIP-Telephony” applications falls into “Business-Irrelevant” category
C9800-2#show ip nbar attribute traffic-class voip-telephony business-relevance business-irrelevant aol-messenger-audio DEPRECATED, traffic will not match facebook-audio Facebook Audio fring-voip DEPRECATED, traffic will not match gtalk-voip Protocol integrated into hangouts-audio hangouts-audio Google Hangouts audio yahoo-voip-messenger Free P2P calls yahoo-voip-over-sip Yahoo VoIP over SIP
Here is the “Default” VoIP-Telephony applications
C9800-2#show ip nbar attribute traffic-class voip-telephony business-relevance default google-services-audio Google Services Audio
How can you change these default classification ? If that does not fit for your business requirements, you can easily modify in your 9800 configuration under Configurations > Services > Application Visibility > Define Policy section.
Let’s classify Google Hangout audio as “Business-Relevant” “VoIP-Telephony” application category. Below shows “google-services-audio” classify as “Business-Relevant”.
If you go to “Business Irrelevant” category and “consumer-messaging” sub-category, then you can change “gtalk-voip” & “hangout-audio” into “Business-Relevant” application.
If you want to find out equivalent CLI configrations, you can find it out using “show archive config difference” command as shown below. (you have to issue this command prior to save your config via GUI)
C9800-2#sh archive config differences nvram:startup-config system:running-config !Contextual Config Diffs: +ip nbar attribute-map webui-relavant +attribute business-relevance business-relevant +ip nbar attribute-set google-services-audio webui-relavant +ip nbar attribute-set gtalk-voip webui-relavant +ip nbar attribute-set hangouts-audio webui-relavant
I would encourage you to go through those 12 different traffic classes and which applications Cisco by default classify into “business-relevant”, “default” & “business-irrelevant” category.
In the next post let’s look at how we can use “Business Relevance” & “Traffic Class” attribute to define a custom QoS policy in 9800. In that way, you can re-classify your business relevant application traffic on SSID level with proper DSCP that closely match RFC8325. (Above diagram shows downstream direction, however classification policy on SSID level is more important in upstream direction)
RELATED POSTS
1. QoS for WLAN Professionals
2. RFC8325 – QoS Mappings
3. AireOS QoS Recommendations
4. 9800 QoS Overview
5. 9800 QoS Webinar
6. 9800 Custom QoS
mrn-cciew 
For NBAR to collect and classify data, does “ip nbar protocol-discovery” need to be added to the wireless profile policy? I could not find the option in the GUI, but I could not get information on NBAR discovered protocols without it e.g., “show show ip nbar protocol-discovery wlan ” returned no data unless it was there.
I’ve not seen in mentioned in the 9800 best practices guide, or in 17.3.x references, but did find a reference to it in much older code versions.
Thank you for valuable input Jeff, i have to do further testing on custom QoS policies (I am using 17.6.1) for these testing. I will keep you updated here..
Rasika
Thanks Rasika,
Do you have a post on 8540 to 9800 migration? Tried searching for it but couldn’t find it.
Or do you know of a good resource (article, link etc) which can help me kick start the migration process?
Thanks a lot
Khawar
Hi Khawar, there is no post on AireOS to 9800 migration. I will try to do one (hopefully within the next 2 months).
A good starting point is get “show run-config startup-commands” output and use below tool to convert it to IOS-XE (9800). Pls do not upload it to 9800, rather use that migrated config as reference & go part by part (copy & paste)
https://cway.cisco.com/wlc-config-converter
Refer below 9800 configuration best practices document too
https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-series-wireless-controllers/guide-c07-743627.html
Also if you can watch Ciscolive presentations on Cisco 9800 migration, you will get some useful tips. Here is a one of those session I highly recommend
https://www.ciscolive.com/on-demand/on-demand-library.html?search=9800&search.event=1654953906132001zSK6&search.technology=1614262524988012b7aY#/session/16554805164360015Kbz
HTH
Rasika