Class Maps
The class-map command defines each Layer 3 and Layer 4 traffic class and each Layer 7 protocol class. You create class maps to classify the traffic received and transmitted by the ACE.
•
Layer 3 and Layer 4 traffic classes contain match criteria that identify the IP network traffic that can pass through the ACE or network management traffic that can be received by the ACE.
Layer 3 and Layer 4 traffic classes contain match criteria that identify the IP network traffic that can pass through the ACE or network management traffic that can be received by the ACE. •Layer 7 protocol-specific classes identify server load balancing based on HTTP traffic, deep inspection of HTTP traffic, or the inspection of FTP commands by the ACE.
Layer 7 protocol-specific classes identify server load balancing based on HTTP traffic, deep inspection of HTTP traffic, or the inspection of FTP commands by the ACE. A traffic class contains the following components:
•Class map name
Class map name •One or more match commands that define the match criteria for the class map
One or more match commands that define the match criteria for the class map •Instructions on how the ACE evaluates match commands when you specify more than one match command in a traffic class (match-any, match-all)
Instructions on how the ACE evaluates match commands when you specify more than one match command in a traffic class (match-any, match-all) The ACE supports a system-wide maximum of 8192 class maps.
The individual match commands specify the criteria for classifying Layer 3 and Layer 4 network traffic as well as the Layer 7 HTTP server load balancing and application protocol-specific fields. The ACE evaluates the packets to determine whether they match the specified criteria. If a statement matches, the ACE considers that packet to be a member of the class and forwards the packet according to the specifications set in the traffic policy. Packets that fail to meet any of the matching criteria are classified as members of the default traffic class if one is specified.
When multiple match criteria exist in the traffic class, you can identify evaluation instructions using the match-any or match-all keywords. If you specify match-any as the evaluation instruction, the traffic being evaluated must match one of the specified criteria, typically match commands of the same type. If you specify match-all as the evaluation instruction, the traffic being evaluated must match all of the specified criteria, typically match commands of different types.
The specification of complex match criteria using the match-all or match-any keywords for Layer 7 HTTP load-balancing applications is useful as a means to provide the nesting of one class map within a second class map. For example, to specify a match criteria for load balancing where the URL is either /foo or /bar and the header "host" equals "thishost".
host1/Admin(config)# class-map type http loadbalance match-any
URLCHK_SLB_L7_CLASS
host1/Admin(config-cmap-http-lb)# match http url /foo
host1/Admin(config-cmap-http-lb)# match http url /bar
host1/Admin(config-cmap-http-lb)# exit
host1/Admin(config)# class-map type http loadbalance match-all URLHDR_SLB_L7_CLASS
host1/Admin(config-cmap-http-lb)# match http header host header-value thishost
host1/Admin(config-cmap-http-lb)# match class-map URLCHK_SLB_L7_CLASS
host1/Admin(config-cmap-http-lb)# exit Policy Maps
The policy-map command creates the traffic policy.
The purpose of a traffic policy is to implement specific ACE functions
associated with a traffic class. A traffic policy contains the following
components:
•Policy map name
•Previously created traffic class map or, optionally, the class-default class map
•One
or more of the individual Layer 3 and Layer 4 or Layer 7 policies that
specify the actions (functions) to be performed by the ACE
The ACE supports a system-wide maximum of 4096 policy maps.
A Layer 7 policy map is always associated within a Layer 3 and Layer 4
policy map to provide an entry point for traffic classification. Layer 7
policy maps are considered to be child policies and can only be nested
under a Layer 3 and Layer 4 policy map. Only a Layer 3 and Layer 4
policy map can be activated on a VLAN interface; a Layer 7 policy map
cannot be directly applied on an interface. For example, to associate a
Layer 7 load-balancing policy map, you nest the load-balancing policy
map using the Layer 3 and Layer 4 loadbalance policy command.
Depending on the policy-map command, the ACE executes the action specified in the policy map on the network traffic as follows:
•first-match—For policy-map commands that contain the first-match
keyword, the ACE executes the specified action only for traffic that
meets the first matching classification within a policy map. No
additional actions are executed.
•all-match—For policy-map commands that contain the all-match
keyword, the ACE attempts to match a packet against all classes in the
policy map and executes the actions of all matching classes associated
with the policy map.
•multi-match—For policy-map commands that contain the multi-match
keyword, these commands specify that multiple sets of classes exist in
the policy map and allow a multi-feature policy map. The ACE applies a
first-match execution process to each class set in which a packet can
match multiple classes within the policy map, but the ACE executes the
action for only one matching class within each of the class sets. The
definition of which classes are in the same class set depends on the
actions applied to the classes; the ACE associates each policy map
action with a specific set of classes. Some ACE functions may be
associated with the same class set as other features (for example,
application protocol inspection actions would typically all be
associated with the same class set), while the ACE associates other
features with a different class set.
When there are multiple instances of actions of the same type configured
in a policy map, the ACE performs the first action encountered of the
same type that has a match.
If none of the classifications specified in policy maps match, then the ACE executes the default actions specified against the class-default
class map (if one is specified). All traffic that fails to meet the
other matching criteria in the named class map belongs to the default
traffic class. The class-default class map has an implicit match any statement in it and is used to match any traffic classification.
For example, with the following classifications for a specific request,
the ACE attempts to match the incoming content request with the
classification defined in class maps C1, C2, and C3.
host1/Admin(config)# policy-map type loadbalance first-match
SLB_L7_POLICY
host1/Admin(config-pmap-lb)# class C1
host1/Admin(config-pmap-lb-c)# serverfarm SF1
host1/Admin(config-pmap-lb-c)# exit
host1/Admin(config-pmap-lb)# class C2
host1/Admin(config-pmap-lb-c)# serverfarm SF2
host1/Admin(config-pmap-lb-c)# exit
host1/Admin(config-pmap-lb)# class C3
host1/Admin(config-pmap-lb-c)# serverfarm SF3
host1/Admin(config-pmap-lb-c)# exit
host1/Admin(config-pmap-lb-c)# class class-default
host1/Admin(config-pmap-lb-c)# serverfarm SFBACKUP
Ref: From Cisco.com
No comments:
Post a Comment