NBAR Performance test for ASR

cedar_lee · ‎11-13-2008

Does any one know if there is any NBAR performance test report for ASR? And also 6509?

I found one but it did not mention ASR or 6509. http://www.cisco.com/en/US/technologies/tk543/tk759/technologies_white_paper0900aecd8031b712_ps6616_Products_White_Paper.html

Joseph W. Doherty · ‎11-13-2008

NBAR isn't supported on many switches. Within the 6500 series, some WAN cards, for the card only, support it (e.g. FlexWAN). Also for the 6500 series, the sup32-PISA FPM, I believe, might be able to match similar to NBAR, but don't recall what its features are compared to NBAR.

For the ASR, don't know for sure, but likely it doesn't support NBAR at all.

cedar_lee · ‎11-13-2008

I believe ASR 1000 support NBAR. But I just could not find any performance test report.

http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet_c78-447652.html

Joseph W. Doherty · ‎11-13-2008

Your right, it does mention NBAR (FPM too)!

Perhaps ASR is more akin to 7200 or 7300 vs. 6500/7600 or 4500 series.

If there isn't any published performance for NBAR impact on an ASR, you might be able hope its impact is similar to what's been documented for other network devices.

I'm batting zero on ASRs and NBAR, but I recall NBAR isn't real, real heavy against performance. It may have been generally under 10%, but take that with a grain of salt. I think there are some whitepapers on Cisco's site documenting NBAR performance for some devices.

cedar_lee · ‎11-13-2008

I agree. Performance is the main concern stopping me from enabling NBAR on production. That's why I am looking for some test report to back me up if I use NBAR.

Joseph W. Doherty · ‎11-13-2008

Just tried to find some info concerning the impact of NBAR, but only got 1, yes just 1, hit against the whole Cisco site searching on just "nbar"!?

If the ASRs support FPM and/or NBAR, like sup32-PISA supports FPM, I recall the latter takes quite a performance hit, so you're correct to be concerned about performance.

I use NBAR on many software routers, along with considerable QoS. On those I haven't seen a really significant performance hit. This makes sense because for some of NBAR it's often just a pretty face for some port matching ACLs. Some NBAR, though, can be stateful and/or dig into the packet. This might be much more system usage intensive. For instance, NBAR that examines HTTP URLs might be such, although I haven't used that kind of NBAR.

What you might try is to ease into NBAR with one match type at a non-peak time and watch what happens. Also, not 100% positive, but activation of flow caching might limit some NBAR analysis to just the first packet of some flows.

cedar_lee · ‎11-14-2008

You are right. It really depends on the types of inspections. And according to the NBAR test report on the first message, Cisco claimed there would be no packet drop or significant speed reduce if the NDR traffic load were under certain number, such as 60%. The most significant impact would be CPU usage. If it is true, it would be very easy to test because just need to focus on CPU usage. It would be interesting to do a small test.

Thanks.