Guest

Preview Tool

Cisco Bug: CSCvt46687 - NBAR not classifying traffic properly

Last Modified

Aug 01, 2020

Products (1)

  • Cisco IOS

Known Affected Releases

16.12.1a

Description (partial)

Symptom:
We’ve been working node REGV_FCC_ISR01.
♦ Both TCP and UDP traffic for MS-Teams is expected to be routed through Tunnel 0 which exits via G0/0/0 towards node REGV_FCC_ISR02.
♦ For traffic destined to Microsoft Teams only TCP traffic is being forwarded over G0/0/0 on ISR01 towards ISR02 to take the Direct Cloud Access (DCA) tunnel to INET.
♦ UDP traffic flows to Microsoft Teams are observed to route via the MPLS circuit towards the data center, which is the undesirable and unexpected path for this traffic to take.
♦ As per customer, Microsoft traffic will use UDP ports 3478, 3479, 3480, 3481 with IP addresses starting with 52.114.x.x and 52.113.x.x.
♦ Take a look at the following NetFlow table. Traffic marked in green corresponds to TCP traffic correctly classified as ms-teams and correctly routed back and forth between LAN int G0/0/2.1 and Tun0. Traffic marked in purple corresponds to UDP traffic incorrectly classified as statistical-conf-audio or statistical-p2p, and incorrectly routed back and forth between LAN interface G0/0/2.1 and Tun100:

Conditions:
All other flows between the client and subnet of MS teams are classified as ms-teams, ms-teams-video, ms-services, or ms-teams-audio. It would seem NBAR is not classifying traffic correctly to this one server 52.114.153.108.
statistical-conf-audio and statistical-p2p for three flows:
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.