[c-nsp] NBAR on SVI on 7600 w/ Sup720

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Tue Jan 22 04:58:03 EST 2013 

Alex,

not sure what you're looking for. "Not supported" means you're on your
own, use it at your own risk and expect things can go wrong. It could be
switched in software in one release (which might be fine and serve your
purpose as long as the traffic stays below given threshold or it doesn't
affect other features you are using), or hell could freeze over in other
releases, we don't test this. So I guess you could call your setup
"mis-configured". 

you will not find a document stating "NBAR implementation is software
based on the PFC/7600".

	oli



On 22/01/2013 10:47, "Alex K." <nsp.lists at gmail.com> wrote:

>Hi Oliver,
>Exactly - not supported. It implies that *if it works (not on SIP-200),
>it 
>must be software'.
>I came across this document before I sent the question. As it seems, that
>what I'll use.
>I'm looking for a document that say explicitly 'NBAR implementation is
>software based' to be sure we didn't run into some sort of
>bug/mis-configuration.
>Thank you.
>
>Best Regards,
>Alex.
>On Jan 22, 2013 8:04 AM, "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
>wrote:
>
>Alex,
>
>
>On 22/01/2013 01:19, "Alex K." <nsp.lists at gmail.com> wrote:
>
>>Hi Pete,
>>
>>We're running 12.2(33)SRA6.
>>
>>
>>On SIP-200 it's running fine (as expected). Configuring
>>NBAR-using-policy-map on an *SVI*, causes high CPU ­ Interrupts.
>>
>> I do believe it's being punted to a CPU.
>>
>>But this time I need a document that clearly states that ­ i.e. on
>>SIP-200
>>by hardware, on SVI by software ­ and this is not a bug/some other
>>malfunctioning.
>>
>>I'm asking for a document from which we can understand that, yes, using
>>NBAR on an SVI will make those packets punted. Technically I agree with
>>you
>>completely, most likely that¹s what happening.
>
>
>http://www.cisco.com/en/US/docs/routers/7600/ios/15S/configuration/guide/q
>o
>s.html says "The PFC does not support Network-Based Application
>Recognition (NBAR).", this is valid for earlier SW releases as well. So
>your config on the SVI is not supported.
>
>SIP200 Datasheets clearly state NBAR support.
>
>        oli
>

More information about the cisco-nsp mailing list