[c-nsp] NBAR on SVI on 7600 w/ Sup720

Andy Ellsworth andy at dar.net
Tue Jan 22 07:15:36 EST 2013 

If the PFC doesn't support it, it's done in software (or not at all). This
is Cat6500 fundamentals.

Q.E.D.


On Tue, Jan 22, 2013 at 5:32 AM, Alex K. <nsp.lists at gmail.com> wrote:

> Yes I know. I'm looking for a best match.
>
> I've already sent an email to my local SE.
>
> The point is that I need something official that will state 'yes, it's done
> by software, cpu impact is expected'.
>
> Best Regards,
> Alex.
> On Jan 22, 2013 11:58 AM, "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> wrote:
>
> > Alex,
> >
> > not sure what you're looking for. "Not supported" means you're on your
> > own, use it at your own risk and expect things can go wrong. It could be
> > switched in software in one release (which might be fine and serve your
> > purpose as long as the traffic stays below given threshold or it doesn't
> > affect other features you are using), or hell could freeze over in other
> > releases, we don't test this. So I guess you could call your setup
> > "mis-configured".
> >
> > you will not find a document stating "NBAR implementation is software
> > based on the PFC/7600".
> >
> >         oli
> >
> >
> >
> > On 22/01/2013 10:47, "Alex K." <nsp.lists at gmail.com> wrote:
> >
> > >Hi Oliver,
> > >Exactly - not supported. It implies that *if it works (not on SIP-200),
> > >it
> > >must be software'.
> > >I came across this document before I sent the question. As it seems,
> that
> > >what I'll use.
> > >I'm looking for a document that say explicitly 'NBAR implementation is
> > >software based' to be sure we didn't run into some sort of
> > >bug/mis-configuration.
> > >Thank you.
> > >
> > >Best Regards,
> > >Alex.
> > >On Jan 22, 2013 8:04 AM, "Oliver Boehmer (oboehmer)" <
> oboehmer at cisco.com>
> > >wrote:
> > >
> > >Alex,
> > >
> > >
> > >On 22/01/2013 01:19, "Alex K." <nsp.lists at gmail.com> wrote:
> > >
> > >>Hi Pete,
> > >>
> > >>We're running 12.2(33)SRA6.
> > >>
> > >>
> > >>On SIP-200 it's running fine (as expected). Configuring
> > >>NBAR-using-policy-map on an *SVI*, causes high CPU ­ Interrupts.
> > >>
> > >> I do believe it's being punted to a CPU.
> > >>
> > >>But this time I need a document that clearly states that ­ i.e. on
> > >>SIP-200
> > >>by hardware, on SVI by software ­ and this is not a bug/some other
> > >>malfunctioning.
> > >>
> > >>I'm asking for a document from which we can understand that, yes, using
> > >>NBAR on an SVI will make those packets punted. Technically I agree with
> > >>you
> > >>completely, most likely that¹s what happening.
> > >
> > >
> > >
> >
> http://www.cisco.com/en/US/docs/routers/7600/ios/15S/configuration/guide/q
> > >o
> > >s.html says "The PFC does not support Network-Based Application
> > >Recognition (NBAR).", this is valid for earlier SW releases as well. So
> > >your config on the SVI is not supported.
> > >
> > >SIP200 Datasheets clearly state NBAR support.
> > >
> > >        oli
> > >
> >
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list