[c-nsp] NBAR on 7600 - Internet Gateway
Kristian Larsson
kristian at juniks.net
Sun Nov 20 12:28:46 EST 2005
On Sun, Nov 20, 2005 at 07:17:40PM +0200, Aivars wrote:
> Limiting P2P is a nasty business! You have to make L7 lookups to
> really catch it out. Just port filtering will not do the job. 3500XL
> can't to even that. We have spent a lot of time figuring out how to
> do it the best way. There is no easy answer. You can do it on the edge
> with smaller routers like 871, 18xx, 28xx or you will need a special
> shaper box. Cisco has SCE 1000 and Cisco SCE 2000 Service Control
> Engines for that purpose (ex Pcube or something like that). As far as I know it is planned to
> have a module for 65xx/76xx witch will do he same job. Another alternative
> is Allot. These things will give you an ability to see in nice graphs
> and limit or mark applications running through it. This fun is not
> cheap.
PacketLogic does this.
Or you can go Linux+l7-filter+opteron+pci-express
NICs.
Better yet, get more bandwidth.
Kristian
>
> Aivars
>
> Sunday, November 20, 2005, 2:47:48 PM, you wrote:
>
> KO> My 7609 has 4 OC3s worth of traffic, pushing the full table and receiving
> KO> it, now that the OC3s are almost always busy and we cant get a new one,
> KO> we're looking at doing some limiting on p2p traffic, i wonder whats the best
> KO> way to do this, should i list the ports i know (emule, ares, kazaa,
> KO> bearshare...) and put a police-map to do it or is NBAR a better solution,
> KO> how about processing on the box ?
>
> KO> I wonder if its advised to do such configurations on this router or on the
> KO> GigaEther switch its connected to: if it supports it
>
> KO> C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)XU, RELEASE SOFTWARE
> KO> (fc1)
> KO> _______________________________________________
> KO> cisco-nsp mailing list cisco-nsp at puck.nether.net
> KO> https://puck.nether.net/mailman/listinfo/cisco-nsp
> KO> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list