[c-nsp] NBAR on SVI on 7600 w/ Sup720

Pete Lumbis alumbis at gmail.com
Tue Jan 22 07:29:30 EST 2013 

I can tell you from internal documentation that this is what happens. Only
SIP-200 possesses the hardware to do these operations on the card.
Everything else will hit a hardware forwarding exception and punt to CPU to
see if the CPU can figure out what to do with it.


On Tue, Jan 22, 2013 at 6:32 AM, Alex K. <nsp.lists at gmail.com> wrote:

> Yes I know. I'm looking for a best match.
>
> I've already sent an email to my local SE.
>
> The point is that I need something official that will state 'yes, it's
> done by software, cpu impact is expected'.
>
> Best Regards,
> Alex.
> On Jan 22, 2013 11:58 AM, "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
> wrote:
>
>> Alex,
>>
>> not sure what you're looking for. "Not supported" means you're on your
>> own, use it at your own risk and expect things can go wrong. It could be
>> switched in software in one release (which might be fine and serve your
>> purpose as long as the traffic stays below given threshold or it doesn't
>> affect other features you are using), or hell could freeze over in other
>> releases, we don't test this. So I guess you could call your setup
>> "mis-configured".
>>
>> you will not find a document stating "NBAR implementation is software
>> based on the PFC/7600".
>>
>>         oli
>>
>>
>>
>> On 22/01/2013 10:47, "Alex K." <nsp.lists at gmail.com> wrote:
>>
>> >Hi Oliver,
>> >Exactly - not supported. It implies that *if it works (not on SIP-200),
>> >it
>> >must be software'.
>> >I came across this document before I sent the question. As it seems, that
>> >what I'll use.
>> >I'm looking for a document that say explicitly 'NBAR implementation is
>> >software based' to be sure we didn't run into some sort of
>> >bug/mis-configuration.
>> >Thank you.
>> >
>> >Best Regards,
>> >Alex.
>> >On Jan 22, 2013 8:04 AM, "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com
>> >
>> >wrote:
>> >
>> >Alex,
>> >
>> >
>> >On 22/01/2013 01:19, "Alex K." <nsp.lists at gmail.com> wrote:
>> >
>> >>Hi Pete,
>> >>
>> >>We're running 12.2(33)SRA6.
>> >>
>> >>
>> >>On SIP-200 it's running fine (as expected). Configuring
>> >>NBAR-using-policy-map on an *SVI*, causes high CPU ­ Interrupts.
>> >>
>> >> I do believe it's being punted to a CPU.
>> >>
>> >>But this time I need a document that clearly states that ­ i.e. on
>> >>SIP-200
>> >>by hardware, on SVI by software ­ and this is not a bug/some other
>> >>malfunctioning.
>> >>
>> >>I'm asking for a document from which we can understand that, yes, using
>> >>NBAR on an SVI will make those packets punted. Technically I agree with
>> >>you
>> >>completely, most likely that¹s what happening.
>> >
>> >
>> >
>> http://www.cisco.com/en/US/docs/routers/7600/ios/15S/configuration/guide/q
>> >o
>> >s.html says "The PFC does not support Network-Based Application
>> >Recognition (NBAR).", this is valid for earlier SW releases as well. So
>> >your config on the SVI is not supported.
>> >
>> >SIP200 Datasheets clearly state NBAR support.
>> >
>> >        oli
>> >
>>
>>

More information about the cisco-nsp mailing list