[c-nsp] NBAR on SVI on 7600 w/ Sup720

Pete Lumbis alumbis at gmail.com
Mon Jan 21 22:55:29 EST 2013 

Do you have any ports in that VLAN that are not on the SIP?


On Mon, Jan 21, 2013 at 7:19 PM, Alex K. <nsp.lists at gmail.com> wrote:

> Hi Pete,
>
> We're running 12.2(33)SRA6.
>
>
> On SIP-200 it's running fine (as expected). Configuring
> NBAR-using-policy-map on an *SVI*, causes high CPU – Interrupts.
>
>  I do believe it's being punted to a CPU.
>
> But this time I need a document that clearly states that – i.e. on SIP-200
> by hardware, on SVI by software – and this is not a bug/some other
> malfunctioning.
>
> I'm asking for a document from which we can understand that, yes, using
> NBAR on an SVI will make those packets punted. Technically I agree with you
> completely, most likely that’s what happening.
>
>
>
> Alex.
> On Tue, Jan 22, 2013 at 12:53 AM, Pete Lumbis <alumbis at gmail.com> wrote:
>
>> I'm a little confused. Are you saying "it's obviously supported because I
>> can configure it, however I see high CPU when I do"?
>>
>> The CLI was removed in 15.0.1S, when support for the SIP-200 ended.
>> Generally on the 6k "not supported" means "can't be done in hardware", so I
>> would say that punting the traffic and causing high CPU is expected
>> behavior, unless you have a SIP-200.
>>
>>
>> On Mon, Jan 21, 2013 at 5:12 PM, Alex K. <nsp.lists at gmail.com> wrote:
>>
>>> Thank you Pete,
>>>
>>> Unfortunately, this link is inconclusive either.
>>>
>>> Earlier in this document it says that NBAR is indeed supported on
>>> SIP-200 (here:
>>> http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76ovwsip.html),
>>> afterwards it claims it isn’t (here:
>>> http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76cfgsip.html#wp1543942 ,
>>> the same document, simply the next chapter) after these two, comes the
>>> chapter you linked to, but unfortunately it claims that no NBAR should be
>>> available on MSFC/PFC 3 (by the way of exclusion) but in my case it is
>>> supported (i.e. on SVI).
>>>
>>> It just sends the CPU thru the roof.
>>>
>>> Thank you for your efforts, but that not seems to be document I'm
>>> looking for, either. Will be glad to hear your future thoughts on this one.
>>> Best Regards,
>>> Alex.
>>>
>>> On Mon, Jan 21, 2013 at 9:37 PM, Pete Lumbis <alumbis at gmail.com> wrote:
>>>
>>>> NBAR is only supported on SIP-200 (not SIP-400/ES/ES+) and MSFC2
>>>> (Sup32).
>>>>
>>>> NBAR without a SIP-200 on sup720 will be done entirely in software.
>>>>
>>>>
>>>> http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76cfgsip.html#wp1526795
>>>>
>>>>
>>>> On Mon, Jan 21, 2013 at 2:16 PM, Alex K. <nsp.lists at gmail.com> wrote:
>>>>
>>>>> Hi All ...
>>>>>
>>>>>
>>>
>>
>

More information about the cisco-nsp mailing list