Common AVC – DNS-AS Use Case Matrix
Everywhere you want to match on Metadata
- Reporting via FNF even if encrypted
- Easy QoS
- Troubleshooting
- SPAN
- Martian ACL’s
- IPSLA
- Domain Based Routing
- ZBF (Zone Based Firewalls)
- NSH (Service Chaining)
DNS-AS metadata as a match variable within C3PL MQC
1. QoS
class-map match-all NETWORK-CONTROL
match protocol attribute traffic-class network-control
match protocol attribute business-relevance business-relevant
match protocol {metadata}
2. Zone Based Firewalls
class-map type inspect match-all class-in-ssh
match access-group name ACL-IPv4-ssh-in
match protocol ssh
match protocol {metadata}
3. Security ACL’s
ip access-list extended ACL-IPv4-Minecraft-in
permit tcp any host aaa.bbb.ccc.ddd eq 25565
permit protocol {metadata}
ip access-list standard ACL-IPv4-NMS
remark ----- NOC DMZ
permit aaa.bbb.ccc.ddd
permit protocol {metadata}
4. Object Groups
object-group service port-proxy-server
tcp eq 8080
match protocol {metadata}
5. Domain Based Routing
track 104 match protocol {metadata}
ip route 192.168.168.0 255.255.255.0 192.168.252.114 111 track 104
DNS-AS the common policy Intent framework
How to make end2end policy intend a reality
DNS-AS and Easy QoS
How to make the RFC 4594 12-Class QoS Model an easy reality
DNS-AS Shortcuts for Cisco’s (RFC 4594-Based) 12-Class QoS Model
| APPLICATION CLASS | APPLICATION CLASS long | APPLICATION CLASS short | BUSINESS-RELEVANCE | DSCP | COS | WMM | QUEUING & DROPPING | APPLICATION EXAMPLES |
| (RFC 4594) | DNS-AS-RR (LONG) | DNS-AS-RR(SHORT) | DNS-AS-RR(SHORT) | 802.11e | ||||
| VoIP Telephony | app-class:VOIP-TELEPHONY | app-class:VO | business:yes | EF | Priority Queue (PQ) | Cisco IP Phones (G.711, G.729) | ||
| Broadcast Video | app-class:BROADCAST-VIDEO | app-class:BV | business:yes | CS5 | (Optional) PQ | Cisco IP Video Surveillance / Cisco Enterprise TV | ||
| Real-Time Interactive | app-class:REALTIME-INTERACTIVE | app-class:RTI | business:yes | CS4 | (Optional) PQ | Cisco TelePresence | ||
| Multimedia Conferencing | app-class:MULTIMEDIA-CONFERENCING | app-class:MMC | business:yes | AF4 | BW Queue + DSCP WRED | Cisco Jabber, Cisco WebEx | ||
| Multimedia Streaming | app-class:MULTIMEDIA-STREAMING | app-class:MMS | business:yes | AF3 | BW Queue + DSCP WRED | Cisco Digital Media System (VoDs) | ||
| Network Control | app-class:NETWORK-CONTROL | app-class:NC | business:yes | CS6 | BW Queue | EIGRP, OSPF, BGP, ISIS, HSRP, IKE | ||
| Signaling | app-class:SIGNALING | app-class:CS | business:yes | CS3 | BW Queue | SCCP, SIP, H.323 | ||
| Ops / Admin / Mgmt | app-class:OPS-ADMIN-MGMT | app-class:OAM | business:yes | CS2 | BW Queue | SNMP, SSH, Syslog | ||
| Transactional Data | app-class:TRANSACTIONAL-DATA | app-class:TD | business:yes | AF2 | BW Queue + DSCP WRED | ERP Apps, CRM Apps, Database Apps | ||
| Bulk Data | app-class:BULK-DATA | app-class:BD | business:yes | AF1 | BW Queue + DSCP WRED | E-mail, FTP, Backup Apps, Content Distribution | ||
| Best Effort | app-class:BEST-EFFORD | app-class:BE | business:default | DF | 0 | Default Queue + RED | Default Class | |
| Scavenger | app-class:SCAVENGER | app-class:SCV | business:no | CS1 | 0 | Min BW Queue (Deferential) | YouTube, Netflix, iTunes, BitTorrent, Xbox Live |
We match on both Application Class DNS-AS-RR, (short) or (long), if you prefer long names.
A comprehensive DNS-AS-RR may look like this:
"CISCO-CLS=app-name:WOLFGANG|app-class:OAM|business:YES"
DNS-AS and Easy QoS
ZERO touch auto-configuration of 1400 App / 12-Class Model Configuration
class-map match-all VOICE match protocol attribute traffic-class voip-telephony match protocol attribute business-relevance business-relevant class-map match-all BROADCAST-VIDEO match protocol attribute traffic-class broadcast-video match protocol attribute business-relevance business-relevant class-map match-all INTERACTIVE-VIDEO match protocol attribute traffic-class real-time-interactive match protocol attribute business-relevance business-relevant class-map match-all MULTIMEDIA-CONFERENCING match protocol attribute traffic-class multimedia-conferencing match protocol attribute business-relevance business-relevant class-map match-all MULTIMEDIA-STREAMING match protocol attribute traffic-class multimedia-streaming match protocol attribute business-relevance business-relevant class-map match-all SIGNALING match protocol attribute traffic-class signaling match protocol attribute business-relevance business-relevant class-map match-all NETWORK-CONTROL match protocol attribute traffic-class network-control match protocol attribute business-relevance business-relevant class-map match-all NETWORK-MANAGEMENT match protocol attribute traffic-class ops-admin-mgmt match protocol attribute business-relevance business-relevant class-map match-all TRANSACTIONAL-DATA match protocol attribute traffic-class transactional-data match protocol attribute business-relevance business-relevant class-map match-all BULK-DATA match protocol attribute traffic-class bulk-data match protocol attribute business-relevance business-relevant class-map match-all SCAVENGER match protocol attribute business-relevance business-irrelevant
policy-map MARKING class VOICE set dscp ef class BROADCAST-VIDEO set dscp cs5 class INTERACTIVE-VIDEO set dscp cs4 class MULTIMEDIA-CONFERENCING set dscp af41 class MULTIMEDIA-STREAMING set dscp af31 class SIGNALING set dscp cs3 class NETWORK-CONTROL set dscp cs6 class NETWORK-MANAGEMENT set dscp cs2 class TRANSACTIONAL-DATA set dscp af21 class BULK-DATA set dscp af11 class SCAVENGER set dscp cs1 class class-default set dscp default
The simple usage of metadata like on the right (app-class:TD, app-class:Transactional Data), magically allows the application “wolfgang.dns-as.org“ to sneak underneath class-map NETWORK-CONTROL on all DNS-AS client enabled network devices
With ZERO configuration
DNS-AS Metadata: www.dns-as.org TXT "CISCO-CLS=app-name:HTTP|app-class:TD” wolfgang.dns-as.org TXT "CISCO-CLS=app-name:WOLFGANG|app-class:NC"