[nsp] NBAR question

Cisco Geek Rotation cisco at peakpeak.com
Mon Mar 3 10:56:21 EST 2003


I've yet to be able to get the Packetshaper people to respond with a quote 
on an update of a unit I've been looking at buying.  Do you have a contact 
you can share.

Chris

At 09:28 AM 3/3/2003 -0800, Voll, Scott wrote:
>I agree with Mark.  If you want great control, the PacketShaper is a
>great product.  Might be a little spendy.  We were lucky enough to get
>an old PacketShaper (in an Intel box) and buy the support from Packeteer
>and get a fully up to date OS.  Great Way to keep garbage out of your
>network or police your bandwidth.  It's great for keeping File sharing
>programs out and streaming within limits.
>
>
>
>Scott Voll
>Network Analyst, CCNA
>Willamette ESD
>scott.voll at wesd.org
>
>
>
>
>
>-----Original Message-----
>From: Mark Persiko [mailto:mark.persiko at bvsd.k12.co.us]
>Sent: Monday, March 03, 2003 8:03 AM
>To: cisco-nsp at puck.nether.net
>Subject: RE: [nsp] NBAR question
>
>
>Another product you can use is Packeteer PacketShaper, which
>shows egress/ingress protocols and lets you set bandwidth
>allocations or blocks for types of traffic.  This might be
>more efficient than the CPU cost of NBAR in software, depending on the
>router you use.
>
>Thanks,
>  Mark
>
>- Mark C. Persiko, Network Engineer
>- IT Division, Boulder Valley School District
>- mark.persiko at bvsd.k12.co.us
>
>
>
>-----Original Message-----
>From: Scott Morris [mailto:swm at emanon.com]
>Sent: Monday, March 03, 2003 5:38 AM
>To: 'Cisco Geek Rotation'; cisco-nsp at puck.nether.net
>Subject: RE: [nsp] NBAR question
>
>
>It could be as simple as parts of protocols that aren't caught by the
>signature.  Such as passive FTP or something utilizing a high port.
>*shrug*
>
>If you really want to be sure of things, plug a sniffer into your line
>and take a look at it "manually"!
>
>Scott
>
>
>-----Original Message-----
>From: Cisco Geek Rotation [mailto:cisco at peakpeak.com]
>Sent: Sunday, March 02, 2003 9:27 PM
>To: swm at emanon.com; cisco-nsp at puck.nether.net
>Subject: RE: [nsp] NBAR question
>
>
>At 08:35 PM 3/2/2003 -0500, Scott Morris wrote:
> >Wait for more signatures to get programmed into the IOS, or by adding a
>
> >PDLM in your config!
> >
> >The more signatures to compare against, the more work you want your
> >router to do!
> >
> >Scott
>
>
>Sure, but looking at what all is in the list of protocols already when I
>do
>a show ip nbar proto interface <x> that list looks pretty
>comprehensive.  What other protocols are likely to be happening that are
>
>missing from that list?
>
>Chris
>
>
> >-----Original Message-----
> >From: cisco-nsp-bounces at puck.nether.net
> >[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Cisco Geek
> >Rotation
> >Sent: Sunday, March 02, 2003 12:22 PM
> >To: cisco-nsp at puck.nether.net
> >Subject: [nsp] NBAR question
> >
> >
> >I've been putting ip nbar protocol-discovery on egress interfaces as a
> >way of seeing what kinds of traffic are traversing the WAN links.
> >
> >What I've noticed even on very late revisions of IOS (a month old) is
> >that the "unknown" category always seems to have more traffic than
> >anything else
> >(853Kbps here which oeverwhelms the traffic of anything else).  It's as
> >though NBAR can't classify a lot of the traffic.  Any ideas how to get
> >NBAR
> >to more carefully detail what the traffic is?
> >
> >#show ip nbar proto int fastether4/0/0
> >
> >   FastEthernet4/0/0
> >                              Input                    Output
> >     Protocol                 Packet Count             Packet Count
> >                              Byte Count               Byte Count
> >                              30 second bit rate (bps) 30 second bit
> >rate
> >(bps)
> >     ------------------------ ------------------------
> >------------------------
> >     fasttrack                458                      1200
> >                              27480                    1582200
> >                              3000                     123000
> >     http                     1218                     2617
> >                              543204                   546493
> >                              50000                    33000
> >     gnutella                 386                      1120
> >                              135542                   349589
> >                              13000                    33000
> >     icmp                     51                       62
> >                              9026                     6752
> >                              2000                     1000
> >     smtp                     26                       69
> >                              6167                     7032
> >                              3000                     0
> >
> >
> ><snip>
> >
> >     unknown                  2052                     11682
> >                              758973                   7760912
> >                              88000                    853000
> >     Total                    4529                     17380
> >                              1546650                  10359269
> >                              165000                   1045000
> >
> >
> >_______________________________________________
> >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >http://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list