[c-nsp] NBAR on SVI on 7600 w/ Sup720
Alex K.
nsp.lists at gmail.com
Tue Jan 22 04:34:52 EST 2013
Hi Pete,
Interesting point. I'll verify this tomorrow.
Thank you.
Best Regards,
Alex.
On Jan 22, 2013 5:55 AM, "Pete Lumbis" <alumbis at gmail.com> wrote:
> Do you have any ports in that VLAN that are not on the SIP?
>
>
> On Mon, Jan 21, 2013 at 7:19 PM, Alex K. <nsp.lists at gmail.com> wrote:
>
>> Hi Pete,
>>
>> We're running 12.2(33)SRA6.
>>
>>
>> On SIP-200 it's running fine (as expected). Configuring
>> NBAR-using-policy-map on an *SVI*, causes high CPU – Interrupts.
>>
>> I do believe it's being punted to a CPU.
>>
>> But this time I need a document that clearly states that – i.e. on
>> SIP-200 by hardware, on SVI by software – and this is not a bug/some other
>> malfunctioning.
>>
>> I'm asking for a document from which we can understand that, yes, using
>> NBAR on an SVI will make those packets punted. Technically I agree with you
>> completely, most likely that’s what happening.
>>
>>
>>
>> Alex.
>> On Tue, Jan 22, 2013 at 12:53 AM, Pete Lumbis <alumbis at gmail.com> wrote:
>>
>>> I'm a little confused. Are you saying "it's obviously supported because
>>> I can configure it, however I see high CPU when I do"?
>>>
>>> The CLI was removed in 15.0.1S, when support for the SIP-200 ended.
>>> Generally on the 6k "not supported" means "can't be done in hardware", so I
>>> would say that punting the traffic and causing high CPU is expected
>>> behavior, unless you have a SIP-200.
>>>
>>>
>>> On Mon, Jan 21, 2013 at 5:12 PM, Alex K. <nsp.lists at gmail.com> wrote:
>>>
>>>> Thank you Pete,
>>>>
>>>> Unfortunately, this link is inconclusive either.
>>>>
>>>> Earlier in this document it says that NBAR is indeed supported on
>>>> SIP-200 (here:
>>>> http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76ovwsip.html),
>>>> afterwards it claims it isn’t (here:
>>>> http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76cfgsip.html#wp1543942 ,
>>>> the same document, simply the next chapter) after these two, comes the
>>>> chapter you linked to, but unfortunately it claims that no NBAR should be
>>>> available on MSFC/PFC 3 (by the way of exclusion) but in my case it is
>>>> supported (i.e. on SVI).
>>>>
>>>> It just sends the CPU thru the roof.
>>>>
>>>> Thank you for your efforts, but that not seems to be document I'm
>>>> looking for, either. Will be glad to hear your future thoughts on this one.
>>>> Best Regards,
>>>> Alex.
>>>>
>>>> On Mon, Jan 21, 2013 at 9:37 PM, Pete Lumbis <alumbis at gmail.com> wrote:
>>>>
>>>>> NBAR is only supported on SIP-200 (not SIP-400/ES/ES+) and MSFC2
>>>>> (Sup32).
>>>>>
>>>>> NBAR without a SIP-200 on sup720 will be done entirely in software.
>>>>>
>>>>>
>>>>> http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76cfgsip.html#wp1526795
>>>>>
>>>>>
>>>>> On Mon, Jan 21, 2013 at 2:16 PM, Alex K. <nsp.lists at gmail.com> wrote:
>>>>>
>>>>>> Hi All ...
>>>>>>
>>>>>>
>>>>
>>>
>>
>
More information about the cisco-nsp
mailing list