[nsp] NBAR
Kimmo Liikonen
kimmo-cisco-nsp at sneezy.phnet.fi
Wed Jun 18 00:48:38 EDT 2003
On Sat, Jun 14, 2003 at 01:15:14PM +0300, Matti Saarinen wrote:
> rpcbind at speakeasy.net writes:
>
> > On Thu, 12 Jun 2003, mac wrote:
> >
> >> Some one know when nbar will be a usefull, stable and well supported
> >> technology in IOS. Now is a unstable piece of crap.
> >
> > What problems are you having with it?
>
> I tried it on 6509. I worked fine until we were hit by yet
> another DDoS. The volume of the attack was only about 130 Mbit/s
> but the 6509 was almost killed. When I turned nbar off, the box
> could again cope with the traffic and with the attacks, too.
This is because packets which cannot be dealt with hardware (ASIC) are
punted to MSFC(1|2), so your 6509 becomes powerless like NPE300. Does anyone
know if NBAR is done with hardware on Sup720? 12.2(14)SX release notes
says that it will support NBAR, but is it unclear if it's done in hardware
or with MSFC3.
- Kimmo Liikonen
More information about the cisco-nsp
mailing list