[c-nsp] NBAR on 7600 - Internet Gateway
sthaug at nethelp.no
sthaug at nethelp.no
Sun Nov 20 08:05:27 EST 2005
> My 7609 has 4 OC3s worth of traffic, pushing the full table and receiving
> it, now that the OC3s are almost always busy and we cant get a new one,
> we're looking at doing some limiting on p2p traffic, i wonder whats the best
> way to do this, should i list the ports i know (emule, ares, kazaa,
> bearshare...) and put a police-map to do it or is NBAR a better solution,
> how about processing on the box ?
NBAR is processed in software, which will greatly limit your capacity.
If you can identify (statically) the ports you want to restrict, you
can use hardware filtering and policing, and the box will be much
happier.
> I wonder if its advised to do such configurations on this router or on the
> GigaEther switch its connected to: if it supports it
>
> C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE (fc1)
You can safely forget about doing it on the 3500XL, since it has *no*
L3 capabilities.
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the cisco-nsp
mailing list