cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
942
Views
20
Helpful
11
Replies

NBAR Support

lamav
Level 8
Level 8

Folks:

Am I missing something or is it indeed the case that Cisco switches -- not routers -- do NOT support NBAR?

I cant seem to find one switch/software platform that supports NBAR...

Anyone?

Thank you ahead of time....

Victor

1 Accepted Solution

Accepted Solutions

We all do feel that NBAR should be supported on Cisco swicthes but the reality is that NBAR is very CPU intensive feature and it can severely degrade the network performance if done in software. All the LAN device carry a huge traffic across the network and any device that is doing the software based NBAR classification in the middle can impact the LAN peformance.

Sup32 with PISA has a dedicated hardware engine for NBAR classifcation and matching it with the policies in QOS. Sup 720 might be on the way with PISA card on it. Unless we have the dedicated hardware engine for this, I dont see it to be avialable in near future.

My thougths..

-amit singh

View solution in original post

11 Replies 11

Joseph W. Doherty
Hall of Fame
Hall of Fame

Within the 6500/7600 series, a couple of the WAN boards support NBAR, e.g. FlexWAN and SIP-200 I believe. Even with those boards, NBAR can't be applied to other interfaces not on the board. The Sup32-PISA supports NBAR (and FPM).

PS:

Suspect underlying issue is performance. Note the Sup32-PISA is only rated for 2 Gbps when doing deep packet inspection to support NBAR or FPM.

Mark Yeates
Level 7
Level 7

Lamav,

I don't believe that full scale NBAR is supported on any catalyst switch. The only documentation that I have found says that NBAR can only be implemented on an MSFC2 with Supervisor Engine 1 or Supervisor Engine 2 on the 6500 series switches. Other than that it appears you need a router. Here are a few helpful links.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6612/ps6653/prod_qas09186a00800a3ded_ps6616_Products_Q_and_A_Item.html

http://www.cisco.com/en/US/docs/ios/12_4/qos/configuration/guide/hdtnbara.html#wp1050810

HTH,

Mark

Joseph:

How the hell have ya been, man?? Long time. The last time we communicated we argued -- again! LOL..

Im really glad you answered my post, buddy. I know you're THE man when it comes to QoS and related topics. I was hoping you would contribute...

I'll investigate the 6500 with the PISA...that sounds familiar, actually.

Mark:

Im going to check out those links. Thank you kindly for the info.

I do think its weird that switches dont support NBAR fully. You would think that application recognition is something you would want right at the first network hop on the LAN....but what do I know? :-)

Victor

Victor,

I totally agree! NBAR should be fully supported on all core, and distribution layer switches, as well as the higher end access layer switches. Thanks for the rating! I hope the posted info helps.

Mark

We all do feel that NBAR should be supported on Cisco swicthes but the reality is that NBAR is very CPU intensive feature and it can severely degrade the network performance if done in software. All the LAN device carry a huge traffic across the network and any device that is doing the software based NBAR classification in the middle can impact the LAN peformance.

Sup32 with PISA has a dedicated hardware engine for NBAR classifcation and matching it with the policies in QOS. Sup 720 might be on the way with PISA card on it. Unless we have the dedicated hardware engine for this, I dont see it to be avialable in near future.

My thougths..

-amit singh

Thanks for that explanation, Amit. That really clears things up.

Victor

Can anyone shed any light on exactly how autoqos is supported on catalyst switches but NBAR is not? According to all the Cisco documentation that I have read on autoqos it uses NBAR for traffic classification.

Also, I don't understand the explanation that NBAR is not supported because it is too cpu intensive when a 2610 router can run nbar. I understand that the classification process would require some extra brain power but if a 2610 can do it how hard could it be really?

with auto Qos in cisco switches the clasiffication mostly based on COS and DSPs values not NBAR and also auto qos do wrr for input and out queues on switch ports

while nbar used with router auto qos

if helpful rate

thank you and thank you.

then rate the helpful post : )

". . . how hard could it be really?"

Consider that the sup32-PISA offers a 15 Mpps forwarding rate but bandwidth thoughtput can drop to 2 Gbps when using NBAR/FPM functions.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: