[c-nsp] NBAR on SVI on 7600 w/ Sup720
Alex K.
nsp.lists at gmail.com
Mon Jan 21 19:19:06 EST 2013
Hi Pete,
We're running 12.2(33)SRA6.
On SIP-200 it's running fine (as expected). Configuring
NBAR-using-policy-map on an *SVI*, causes high CPU – Interrupts.
I do believe it's being punted to a CPU.
But this time I need a document that clearly states that – i.e. on SIP-200
by hardware, on SVI by software – and this is not a bug/some other
malfunctioning.
I'm asking for a document from which we can understand that, yes, using
NBAR on an SVI will make those packets punted. Technically I agree with you
completely, most likely that’s what happening.
Alex.
On Tue, Jan 22, 2013 at 12:53 AM, Pete Lumbis <alumbis at gmail.com> wrote:
> I'm a little confused. Are you saying "it's obviously supported because I
> can configure it, however I see high CPU when I do"?
>
> The CLI was removed in 15.0.1S, when support for the SIP-200 ended.
> Generally on the 6k "not supported" means "can't be done in hardware", so I
> would say that punting the traffic and causing high CPU is expected
> behavior, unless you have a SIP-200.
>
>
> On Mon, Jan 21, 2013 at 5:12 PM, Alex K. <nsp.lists at gmail.com> wrote:
>
>> Thank you Pete,
>>
>> Unfortunately, this link is inconclusive either.
>>
>> Earlier in this document it says that NBAR is indeed supported on SIP-200
>> (here:
>> http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76ovwsip.html),
>> afterwards it claims it isn’t (here:
>> http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76cfgsip.html#wp1543942 ,
>> the same document, simply the next chapter) after these two, comes the
>> chapter you linked to, but unfortunately it claims that no NBAR should be
>> available on MSFC/PFC 3 (by the way of exclusion) but in my case it is
>> supported (i.e. on SVI).
>>
>> It just sends the CPU thru the roof.
>>
>> Thank you for your efforts, but that not seems to be document I'm looking
>> for, either. Will be glad to hear your future thoughts on this one.
>> Best Regards,
>> Alex.
>>
>> On Mon, Jan 21, 2013 at 9:37 PM, Pete Lumbis <alumbis at gmail.com> wrote:
>>
>>> NBAR is only supported on SIP-200 (not SIP-400/ES/ES+) and MSFC2 (Sup32).
>>>
>>> NBAR without a SIP-200 on sup720 will be done entirely in software.
>>>
>>>
>>> http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76cfgsip.html#wp1526795
>>>
>>>
>>> On Mon, Jan 21, 2013 at 2:16 PM, Alex K. <nsp.lists at gmail.com> wrote:
>>>
>>>> Hi All ...
>>>>
>>>>
>>
>
More information about the cisco-nsp
mailing list