[c-nsp] NBAR on 2800
Justin Shore
justin at justinshore.com
Thu Jan 10 09:31:22 EST 2008
Kristofer Sigurdsson wrote:
> Hi list,
>
> I'm looking for words of wisdom on NBAR on the 2800s. The main link is 100
> Mbit/s (at present maxing in 60 Mbit/s bursts, average 30 Mbit/s). We will
> implement a 20 Mbit/s backup link in the next few weeks. Both links are
> delivered as fastethernet links on copper. We would like to be able to
> block P2P, or at least most of the P2P. We will use a 2821 (currently in
> use for the main link without NBAR) for the backup link, which I believe is
> more than enough, but I'm a bit puzzled about the main one It will be a
> separate router, the bean counters will push for a 2821, but I believe that
> will not be enough. How about a 2851?
I would caution you against using a 2800 (or any ISR) for this
application. The ISRs have very limited throughput. A couple years ago
87Mbps might have seemed like a lot. It doesn't seem like a lot now and
will definitely leave you short in the near future.
http://www.cisco.com/warp/public/765/tools/quickreference/routerperformance.pdf
Your existing router is already undersized for the 100Mbps link you have
on it. Through NBAR on it and you'll really be hitting a wall.
I would recommend you push the bean counters towards a different router.
The 7201 would be a good sized router for what you want to do. How
much growth are you expecting? Fight off the bean counters with the
argument of the router being maxed out at capacity from day 1. A 7201
with Advanced IP (you want the NBAR features) is $28.5k. A loaded 2821
with 1GB of RAM and Advanced IP is $12,145. The 7201 has 4x the GigE
interfaces w/ builtin SFP slots to boot whereas the ISR only has 2 and
no built SFP slots. The 7201 has roughly 6x the capacity of the 2821
for 2.5x the price plus all the other benefits. That's the direction
I'd push.
> Another thing. How good is NBAR these days? I have zero experience with
> it. Can it effectively block P2P? Can we mark and even prioritize VoIP?
> In short: does it work?
Someone else will have to answer this.
Justin
More information about the cisco-nsp
mailing list