[c-nsp] NBAR on SVI on 7600 w/ Sup720

Alex K. nsp.lists at gmail.com
Tue Jan 22 06:32:27 EST 2013 

Yes I know. I'm looking for a best match.

I've already sent an email to my local SE.

The point is that I need something official that will state 'yes, it's done
by software, cpu impact is expected'.

Best Regards,
Alex.
On Jan 22, 2013 11:58 AM, "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
wrote:

> Alex,
>
> not sure what you're looking for. "Not supported" means you're on your
> own, use it at your own risk and expect things can go wrong. It could be
> switched in software in one release (which might be fine and serve your
> purpose as long as the traffic stays below given threshold or it doesn't
> affect other features you are using), or hell could freeze over in other
> releases, we don't test this. So I guess you could call your setup
> "mis-configured".
>
> you will not find a document stating "NBAR implementation is software
> based on the PFC/7600".
>
>         oli
>
>
>
> On 22/01/2013 10:47, "Alex K." <nsp.lists at gmail.com> wrote:
>
> >Hi Oliver,
> >Exactly - not supported. It implies that *if it works (not on SIP-200),
> >it
> >must be software'.
> >I came across this document before I sent the question. As it seems, that
> >what I'll use.
> >I'm looking for a document that say explicitly 'NBAR implementation is
> >software based' to be sure we didn't run into some sort of
> >bug/mis-configuration.
> >Thank you.
> >
> >Best Regards,
> >Alex.
> >On Jan 22, 2013 8:04 AM, "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> >wrote:
> >
> >Alex,
> >
> >
> >On 22/01/2013 01:19, "Alex K." <nsp.lists at gmail.com> wrote:
> >
> >>Hi Pete,
> >>
> >>We're running 12.2(33)SRA6.
> >>
> >>
> >>On SIP-200 it's running fine (as expected). Configuring
> >>NBAR-using-policy-map on an *SVI*, causes high CPU ­ Interrupts.
> >>
> >> I do believe it's being punted to a CPU.
> >>
> >>But this time I need a document that clearly states that ­ i.e. on
> >>SIP-200
> >>by hardware, on SVI by software ­ and this is not a bug/some other
> >>malfunctioning.
> >>
> >>I'm asking for a document from which we can understand that, yes, using
> >>NBAR on an SVI will make those packets punted. Technically I agree with
> >>you
> >>completely, most likely that¹s what happening.
> >
> >
> >
> http://www.cisco.com/en/US/docs/routers/7600/ios/15S/configuration/guide/q
> >o
> >s.html says "The PFC does not support Network-Based Application
> >Recognition (NBAR).", this is valid for earlier SW releases as well. So
> >your config on the SVI is not supported.
> >
> >SIP200 Datasheets clearly state NBAR support.
> >
> >        oli
> >
>
>

More information about the cisco-nsp mailing list