[c-nsp] NBAR on 7600 - Internet Gateway

Kim Onnel karim.adel at gmail.com
Sun Nov 20 08:32:10 EST 2005


Well, how about just using the monitoring feature(protocol discovery) to
know whats using the pipes

On 11/20/05, sthaug at nethelp.no <sthaug at nethelp.no> wrote:
>
> > My 7609 has 4 OC3s worth of traffic, pushing the full table and
> receiving
> > it, now that the OC3s are almost always busy and we cant get a new one,
> > we're looking at doing some limiting on p2p traffic, i wonder whats the
> best
> > way to do this, should i list the ports i know (emule, ares, kazaa,
> > bearshare...) and put a police-map to do it or is NBAR a better
> solution,
> > how about processing on the box ?
>
> NBAR is processed in software, which will greatly limit your capacity.
> If you can identify (statically) the ports you want to restrict, you
> can use hardware filtering and policing, and the box will be much
> happier.
>
> > I wonder if its advised to do such configurations on this router or on
> the
> > GigaEther switch its connected to: if it supports it
> >
> > C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE
> (fc1)
>
> You can safely forget about doing it on the 3500XL, since it has *no*
> L3 capabilities.
>
> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
>


More information about the cisco-nsp mailing list