[c-nsp] NBAR on 2800
Nick Griffin
nick.jon.griffin at gmail.com
Thu Jan 10 09:55:15 EST 2008
I would agree with you that the performance will be much better, and the
price is not that much worse. Regardless, if your interested in nbar and
dropping peer to peer, this seems to work for me:
!
class-map match-all ICMP
match protocol icmp
class-map match-any PEER2PEER
match protocol fasttrack
match protocol edonkey
match protocol gnutella
match protocol kazaa2
match protocol bittorrent
match protocol napster
!
!
policy-map DROP
class PEER2PEER
drop
class ICMP
police 8000 1000 conform-action transmit exceed-action drop
SIOGMC-IRTR01#sh policy-map int ser 0/0/0:0
Serial0/0/0:0
Service-policy input: DROP
Class-map: PEER2PEER (match-any)
4286 packets, 1224059 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol fasttrack
675 packets, 36724 bytes
30 second rate 0 bps
Match: protocol edonkey
604 packets, 679846 bytes
30 second rate 0 bps
Match: protocol gnutella
816 packets, 335550 bytes
30 second rate 0 bps
Match: protocol kazaa2
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol bittorrent
2191 packets, 171939 bytes
30 second rate 0 bps
Match: protocol napster
0 packets, 0 bytes
30 second rate 0 bps
drop
Class-map: ICMP (match-all)
6117950 packets, 431232265 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: protocol icmp
police:
cir 8000 bps, bc 1000 bytes
conformed 6086423 packets, 426638532 bytes; actions:
transmit
exceeded 1807 packets, 2368194 bytes; actions:
drop
conformed 0 bps, exceed 0 bps
Nick Griffin, CCIE #17381
On Jan 10, 2008 8:31 AM, Justin Shore <justin at justinshore.com> wrote:
> Kristofer Sigurdsson wrote:
> > Hi list,
> >
> > I'm looking for words of wisdom on NBAR on the 2800s. The main link is
> 100
> > Mbit/s (at present maxing in 60 Mbit/s bursts, average 30 Mbit/s). We
> will
> > implement a 20 Mbit/s backup link in the next few weeks. Both links are
> > delivered as fastethernet links on copper. We would like to be able to
> > block P2P, or at least most of the P2P. We will use a 2821 (currently
> in
> > use for the main link without NBAR) for the backup link, which I believe
> is
> > more than enough, but I'm a bit puzzled about the main one It will be a
> > separate router, the bean counters will push for a 2821, but I believe
> that
> > will not be enough. How about a 2851?
>
> I would caution you against using a 2800 (or any ISR) for this
> application. The ISRs have very limited throughput. A couple years ago
> 87Mbps might have seemed like a lot. It doesn't seem like a lot now and
> will definitely leave you short in the near future.
>
>
> http://www.cisco.com/warp/public/765/tools/quickreference/routerperformance.pdf
>
> Your existing router is already undersized for the 100Mbps link you have
> on it. Through NBAR on it and you'll really be hitting a wall.
>
> I would recommend you push the bean counters towards a different router.
> The 7201 would be a good sized router for what you want to do. How
> much growth are you expecting? Fight off the bean counters with the
> argument of the router being maxed out at capacity from day 1. A 7201
> with Advanced IP (you want the NBAR features) is $28.5k. A loaded 2821
> with 1GB of RAM and Advanced IP is $12,145. The 7201 has 4x the GigE
> interfaces w/ builtin SFP slots to boot whereas the ISR only has 2 and
> no built SFP slots. The 7201 has roughly 6x the capacity of the 2821
> for 2.5x the price plus all the other benefits. That's the direction
> I'd push.
>
> > Another thing. How good is NBAR these days? I have zero experience
> with
> > it. Can it effectively block P2P? Can we mark and even prioritize
> VoIP?
> > In short: does it work?
>
> Someone else will have to answer this.
>
> Justin
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list