[c-nsp] NBAR on SVI on 7600 w/ Sup720

Alex K. nsp.lists at gmail.com
Tue Jan 22 07:56:12 EST 2013 

Hi Andy,

Cat6500 is a distributed environment. Not only PFC (or any other one part
for this matter) is responsible for capabilities.

Alex.
On Jan 22, 2013 2:27 PM, "Andy Ellsworth" <andy at dar.net> wrote:

> If the PFC doesn't support it, it's done in software (or not at all). This
> is Cat6500 fundamentals.
>
> Q.E.D.
>
>
> On Tue, Jan 22, 2013 at 5:32 AM, Alex K. <nsp.lists at gmail.com> wrote:
>
> > Yes I know. I'm looking for a best match.
> >
> > I've already sent an email to my local SE.
> >
> > The point is that I need something official that will state 'yes, it's
> done
> > by software, cpu impact is expected'.
> >
> > Best Regards,
> > Alex.
> > On Jan 22, 2013 11:58 AM, "Oliver Boehmer (oboehmer)" <
> oboehmer at cisco.com>
> > wrote:
> >
> > > Alex,
> > >
> > > not sure what you're looking for. "Not supported" means you're on your
> > > own, use it at your own risk and expect things can go wrong. It could
> be
> > > switched in software in one release (which might be fine and serve your
> > > purpose as long as the traffic stays below given threshold or it
> doesn't
> > > affect other features you are using), or hell could freeze over in
> other
> > > releases, we don't test this. So I guess you could call your setup
> > > "mis-configured".
> > >
> > > you will not find a document stating "NBAR implementation is software
> > > based on the PFC/7600".
> > >
> > >         oli
> > >
> > >
> > >
> > > On 22/01/2013 10:47, "Alex K." <nsp.lists at gmail.com> wrote:
> > >
> > > >Hi Oliver,
> > > >Exactly - not supported. It implies that *if it works (not on
> SIP-200),
> > > >it
> > > >must be software'.
> > > >I came across this document before I sent the question. As it seems,
> > that
> > > >what I'll use.
> > > >I'm looking for a document that say explicitly 'NBAR implementation is
> > > >software based' to be sure we didn't run into some sort of
> > > >bug/mis-configuration.
> > > >Thank you.
> > > >
> > > >Best Regards,
> > > >Alex.
> > > >On Jan 22, 2013 8:04 AM, "Oliver Boehmer (oboehmer)" <
> > oboehmer at cisco.com>
> > > >wrote:
> > > >
> > > >Alex,
> > > >
> > > >
> > > >On 22/01/2013 01:19, "Alex K." <nsp.lists at gmail.com> wrote:
> > > >
> > > >>Hi Pete,
> > > >>
> > > >>We're running 12.2(33)SRA6.
> > > >>
> > > >>
> > > >>On SIP-200 it's running fine (as expected). Configuring
> > > >>NBAR-using-policy-map on an *SVI*, causes high CPU ­ Interrupts.
> > > >>
> > > >> I do believe it's being punted to a CPU.
> > > >>
> > > >>But this time I need a document that clearly states that ­ i.e. on
> > > >>SIP-200
> > > >>by hardware, on SVI by software ­ and this is not a bug/some other
> > > >>malfunctioning.
> > > >>
> > > >>I'm asking for a document from which we can understand that, yes,
> using
> > > >>NBAR on an SVI will make those packets punted. Technically I agree
> with
> > > >>you
> > > >>completely, most likely that¹s what happening.
> > > >
> > > >
> > > >
> > >
> >
> http://www.cisco.com/en/US/docs/routers/7600/ios/15S/configuration/guide/q
> > > >o
> > > >s.html says "The PFC does not support Network-Based Application
> > > >Recognition (NBAR).", this is valid for earlier SW releases as well.
> So
> > > >your config on the SVI is not supported.
> > > >
> > > >SIP200 Datasheets clearly state NBAR support.
> > > >
> > > >        oli
> > > >
> > >
> > >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list