Published On: August 6ᵗʰ, 2019 02:02

QoS: NBAR Configuration Guide, Cisco IOS XE Release 3S

Cisco provides periodic releases of NBAR protocol packs to improve NBAR traffic recognition capabilities on an ongoing basis. The Protocol Pack Auto Update feature assists in updating any number of routers with the latest compatible protocol pack.

Advantages

  • Automation: When a new protocol pack becomes available, download the protocol pack file to a server reachable by each of the routers, and indicate the file path within a simple configuration file. The routers within your network that have Auto Update enabled will check the server periodically. If a newer protocol pack is available and compatible, the router downloads the protocol pack file and installs it automatically.

  • Centralized System Administration: Protocol Pack Auto Update provides a powerful tool to network administrators. Administrators can control protocol pack deployment on any number of devices, using a single centralized configuration file.

Setting Up Protocol Pack Auto Update

Setting up Protocol Pack Auto Update requires a few simple steps on each router participating in auto update, as well as setting up two servers (or a single server performing both roles) to manage the centralized activities. For details, see NBAR Protocol Pack Auto Update Deployment.

NBAR Protocol Pack Auto Update Deployment

Elements

Using Protocol Pack Auto Update involves two servers, or a single server providing both functions, and any number of participating routers.

  • Protocol Pack Server: Contains:

    • Downloaded protocol pack installation files

  • Source Server: Contains:

    • Configuration file, NBAR_PROTOCOL_PACK_DETAILS.json, specifying the Protocol Pack Server location and Protocol Pack Auto Update settings

    • Protocol Pack Auto Update log files

  • Routers: One or more routers with Protocol Pack Auto Update enabled (see Enabling Protocol Pack Auto Update)

 

Figure 1. Protocol Pack Auto Update

Deployment Steps

  1. Set up a server reachable by all participating routers, to function as the Protocol Pack Server. Download the latest protocol pack files and store the files on the server.

  2. Set up a server reachable by all participating routers, to function as the Source Server. On the server, create the JSON-format configuration file specifying the location of the Protocol Pack Server and Auto Update settings.

    See Setting Up a Source Server for Protocol Pack Auto Update.


    Note


    A single server can perform the functions of both the Protocol Pack Server and Source Server.


  3. On participating routers, enable Protocol Pack Auto Update.

    See Enabling Protocol Pack Auto Update.

    Example:

    Device#configure terminal
    Device(config)#ip nbar protocol-pack-auto-update
    Device(config-pp-auto-update)#source-server tftp://10.20.300.400/NbarAutoUpdate
    Device(config-pp-auto-update)#exit
    
  4. (Optional) If required, use Protocol Pack Auto Update CLI commands on individual routers to locally override settings specified in the configuration file.

    See Configuring Local Protocol Pack Auto Update Settings on a Router.

  5. When new protocol pack releases are available, download them to the Protocol Pack Server and add the locations to the configuration file on the Source Server.

Setting Up a Source Server for Protocol Pack Auto Update

To set up a Source Server for Protocol Pack Auto Update, use the following procedure.

  1. Set up a server in a network location reachable by all participating routers.


    Note


    A single server can perform the functions of both the Protocol Pack Server and Source Server.


  2. In a directory on the server, create a text file called NBAR_PROTOCOL_PACK_DETAILS.json. This is the JSON-format configuration file controlling Protocol Pack Auto Update functionality on participating routers.

    See Protocol Pack Auto Update Configuration File.

  3. Note the network location of the server, and the path to the directory containing the configuration file. Use this location when specifying the Source Server on participating routers. Do not include the configuration filename in the path.

    Example: tftp://10.20.300.400/NbarAutoUpdate

Protocol Pack Auto Update Configuration File

The Protocol Pack Auto Update configuration file specifies:

  • Protocol Pack Server location

  • Locations of protocol pack files on the Protocol Pack Server

  • Schedule for participating routers to check the Protocol Pack Server for updates

Configuration File Format and Filename

The configuration file format is JSON. The required filename is: NBAR_PROTOCOL_PACK_DETAILS.json

Specifying Protocol Pack File Locations

The configuration file provides the path for each available protocol pack file. Participating routers use these paths to download and install the protocol pack files automatically.

The complete path is formed by combining the specified Protocol Pack Server location together with the file path. A router downloading the protocol pack uses this complete path to download the file. Example:

  • Protocol Pack Server location: tftp://10.20.200.1/NbarAutoUpdate/pp_server/

  • Directory and filename: protocolpack_dir/pp1

  • Complete path for downloading the protocol pack: tftp://10.20.200.1/NbarAutoUpdate/pp_server/protocolpack_dir/pp1

Organization of the Configuration File

Within the configuration file, protocol pack file locations are organized by platform and NBAR engine:

  • Platform

    Examples: ASR, CSR, ISR

  • NBAR engine version (example: 22)

    The NBAR engine version number identifies each version of NBAR, and can be displayed using the show ip nbar version command on a router.

Routers of Same Type Operating Different Versions of NBAR

Routers of the same platform type (for example, ISR) may be using different versions of NBAR—for example, two Cisco ISR 4451 routers, one operating with Cisco IOS XE 3.15 and the other with 3.17. The configuration file should specify protocol pack files for both NBAR versions.

Configuration File Parameters

The following parameters are used in the NBAR_PROTOCOL_PACK_DETAILS.json configuration file. Each router using Protocol Pack Auto Update may override these parameters using local CLI commands.

Parameter

Description

protocol-pack-server

(Mandatory)

Location of protocol pack server.

Example: tftp://10.20.200.1/NbarAutoUpdate/pp_server/

nbar_pp_files

(Mandatory)

Provides file locations for protocol pack files for various platforms and NBAR engines, identified by NBAR engine ID.

schedule {daily | weekly: | monthly:} [day]

{hh: hh, mm: mm}

Schedule for the NBAR protocol pack auto-update upgrade interval. Participating routers check regularly for updates at the scheduled time.

  • monthly: Day of the month

  • weekly: Day of the week (0 to 6)

  • hh: Hour (24-hour time)

  • mm: Minute

The actual run time depends on the update-window option.

Default: Daily at 00:00

update-window

Maintenance window (in minutes) for NBAR protocol pack auto-update to operate within. The maintenance window is scheduled according to the time configured by the schedule parameters.

Default: 60

clear-previous

enable: Causes unneeded protocol-pack files to be removed after a cool-down period.

disable: Configures the feature to not remove any files.

Default: enable

force-upgrade

enable: New protocol pack updates will be applied with the "force" flag.

disable: New protocol pack updates will not be applied with the "force" flag.

Default: disable

Configuration Files: Minimal Example

Example of a minimal configuration file, containing only the top-level nbar_auto_update_config, and mandatory fields. Because no schedule is configured, routers use the default schedule of checking daily at 00:00.

{
"nbar_auto_update_config":{
"protocol-pack-server":"tftp://10.20.200.1/NbarAutoUpdate/pp_server/"
},
"nbar_pp_files":{
"ISR":{"25":"/ProtoPack"},
"ASR":{"25":"/ProtoPack"},
"CSR":{"25":"/ProtoPack"},
"OTHER":{"25":"/ProtoPack"}
}
}

Configuration Files: Typical Example

Example of a typical configuration file, containing the top-level nbar_auto_update_config, plus mandatory and optional fields. In this example, the update schedule is weekly on Saturdays at 2:30 AM. Participating routers check for available updates at the scheduled time.

{
  "nbar_auto_update_config": {
    "protocol-pack-server": "tftp://10.20.200.1/NbarAutoUpdate/pp_server/",
    "update-window":0,
    "force-upgrade":true,
    "clear-previous":true,
    "schedule": {
      "weekly": 6,
      "hh": 02,
      "mm": 30
    },
  },
  "nbar_pp_files": {
    "ISR": {
      "22":"isr_protocolpack_dir/pp22",
      "23":"isr_protocolpack_dir/pp23"
    },
    "ASR": {
      "23":"asr_protocolpack_dir/pp23"
    },
    "CSR": {
      "23":["csr_protocolpack_dir/pp23"]
    },
    "OTHER": {
      "23":["other_pp1","other_pp23"]
    }
  } 
}

Enabling Protocol Pack Auto Update

Enabling Protocol Pack Auto Update on a router requires:

  • Enabling the feature

  • Specifying the Source Server to use, or ensuring that it has been specified already

SUMMARY STEPS

1. configure terminal

2. ip nbar protocol-pack-auto-update

3. source-server server

4. exit


DETAILED STEPS
  Command or Action Purpose
Step 1 configure terminal


Example:
Device#configure terminal
 

Enters global configuration mode.

 
Step 2 ip nbar protocol-pack-auto-update


Example:
Device(config)#ip nbar protocol-pack-auto-update
Device(config-auto-pp-update)#
 

Enables NBAR protocol pack auto update.

 
Step 3 source-server server


Example:
Device(config-auto-pp-update)#source-server tftp://10.20.300.400/NbarAutoUpdate
 

(Required only if the Source Server has not already been specified)

Specifies the location of the Source Server and the directory containing the Protocol Pack Auto Update configuration file, NBAR_PROTOCOL_PACK_DETAILS.json.

 
Step 4 exit


Example:
Device(config-auto-pp-update)#exit
 

Exits global configuration mode.

 

Disabling Protocol Pack Auto Update

Disables Protocol Pack Auto Update on a router.

SUMMARY STEPS

1. configure terminal

2. no ip protocol-pack-auto-update

3. exit


DETAILED STEPS
  Command or Action Purpose
Step 1 configure terminal


Example:
Device# configure terminal
 

Enters global configuration mode.

 
Step 2 no ip protocol-pack-auto-update


Example:
Device(config)# no ip nbar protocol-pack-auto-update
 

Disables NBAR protocol pack auto update.

 
Step 3 exit


Example:
Device(config)# exit
 

Exits global configuration mode.

 

Initiating Immediate Protocol Pack Update Using Auto Update

Initiates an immediate protocol pack update using the Protocol Pack Auto Update mechanism.

SUMMARY STEPS

1. configure terminal

2. ip nbar protocol-pack-auto-update now

3. exit


DETAILED STEPS
  Command or Action Purpose
Step 1 configure terminal


Example:
Device# configure terminal
 

Enters global configuration mode.

 
Step 2 ip nbar protocol-pack-auto-update now


Example:
Device(config)# ip nbar protocol-pack-auto-update now
 

Initiates a protocol pack update using the auto update mechanism.

 
Step 3 exit


Example:
Device(config)# exit
 

Exits global configuration mode.

 

Displaying Protocol Pack Auto Update Information

Displays the Protocol Pack Auto Update configuration, copied files, and statistics.

SUMMARY STEPS

1. show ip nbar protocol-pack auto-update


DETAILED STEPS
  Command or Action Purpose
Step 1 show ip nbar protocol-pack auto-update


Example:
Device# show ip nbar protocol-pack-auto-update
 

Displays the protocol pack auto update configuration, copied files, and statistics.

 

Example

The following example shows the information provided in the output of this command.

Device# show ip nbar protocol-pack-auto-update

NBAR Auto-Update:
=================

Configuration:
=============
force-upgrade                    : (Default)  Enabled
clear-previous                   : (Default)  Enabled
update-window                    : (Default)  30
source-server                    :                 tftp://10.20.200.1/NbarAutoUpdate/
protocol-pack-directory          : (Default)  harddisk:
schedule                         : (Default)  03:22

Copied files:
==========
File             : harddisk:/NbarAutoUpdate/AsrNbarPP
Copied           : *11:29:11.000 UTC Mon Jan 5 2015


Last run result: SUCCESS
Last auto-update run                     : *11:29:12.000 UTC Mon Jan 5 2015
Last auto-update success                 : *11:29:12.000 UTC Mon Jan 5 2015
Last auto-update successful update       : *11:29:12.000 UTC Mon Jan 5 2015

Last auto-update server-config update    : *16:15:13.000 UTC Mon Jan 5 2015
Success count                                    : 3
Failure count                                    : 0
Success rate                                     : 100 percent

Next AU maintenance estimated to run at  : *17:15:13.000 UTC Mon Jan 5 2015
Next AU update estimated to run at       : *03:41:00.000 UTC Tue Jan 6 2015

Configuring Local Protocol Pack Auto Update Settings on a Router

To configure local Protocol Pack Auto Update settings on a router, use the command sub-mode described here. Configuring local settings on the router overrides settings specified in the centralized configuration file.

SUMMARY STEPS

1. configure terminal

2. ip nbar protocol-pack-auto-update

3. Use one or more of the sub-mode commands. Use exit when finished to exit the command sub-mode.


DETAILED STEPS
  Command or Action Purpose
Step 1 configure terminal


Example:
Device#configure terminal
 

Enters global configuration mode.

 
Step 2 ip nbar protocol-pack-auto-update


Example:
Device(config)#ip nbar protocol-pack-auto-update
Device(config-auto-pp-update)#
 

Enters Protocol Pack Auto Update configuration sub-mode, indicated by a change in the prompt to include "(config-auto-pp-update)".

 
Step 3 Use one or more of the sub-mode commands. Use exit when finished to exit the command sub-mode.  

See Protocol Pack Auto Update Sub-mode Commands.

 

Protocol Pack Auto Update Sub-mode Commands

Protocol Pack Auto Update sub-mode commands configure local Auto Update settings on a router. For information on entering the command sub-mode, see Configuring Local Protocol Pack Auto Update Settings on a Router.

Use exit when finished to exit the command sub-mode.

Command

Description

clear-previous {enable | disable}

enable: Causes unneeded protocol-pack files to be removed after a cool-down period.

disable: Configures the feature to not remove any files.

Default: Enable

force-upgrade {enable | disable}

enable: New protocol pack updates will be applied with the "force" flag.

disable: New protocol pack updates will not be applied with the "force" flag.

Default: Disable

protocol-pack-directory directory

Local directory in which to save new protocol pack files.

Default: File system with highest space availability

schedule {daily | weekly | monthly} [day] [hh:mm]

Schedule the NBAR protocol pack auto-update upgrade interval. The actual run time depends on the update-window option.

Default: Daily at 00:00

update-window minutes

Maintenance window (in minutes) for NBAR protocol pack auto-update to operate within. The maintenance window occurs according to the time configured by the schedule option.

Range: 0 to 60

Default: 60

Example: Overriding Update Window

The following command sets the update window to 10 minutes, overriding the setting specified in the Protocol Pack Auto Update configuration file.

Device# configure terminal
Device(config)# ip nbar protocol-pack-auto-update
Device(config-auto-pp-update)# update-window 10