Re: Cisco 6509 NBAR

liuguiqing · ‎12-07-2009

Hi All,

Does Cisco 6509 support NBAR ? do i need a FlexWAN module to implement the NBAR ?

Module:

WS-SUP32-10GE-3B ,

WS-F6K-MSFC2A,

IOS:

s3223-ipservices_wan-mz-1.122-18.SXF13.bin

Thanks

GD

Jon Marshall · ‎12-07-2009

liuguiqing wrote:

Hi All,

Does Cisco 6509 support NBAR ? do i need a FlexWAN module to implement the NBAR ?

Module:

WS-SUP32-10GE-3B ,

WS-F6K-MSFC2A,

IOS:

s3223-ipservices_wan-mz-1.122-18.SXF13.bin

Thanks

GD

NBAR is only officially supported on the 6500 when using a Sup32 with a PISA card and even then turning on NBAR drastically downgrades throughput.

Even though some of the commands might be available for the Sup720 you should not enable them as this means all packets are then software prcoessed and this will severely affect throughput. NBAR is every CPU intensive hence the reason you don't find it switches.

Netflow would be a much better choice for the 6500 with sup720.

Jon

liuguiqing · ‎12-08-2009

Hi jon.marshall ,

I want to limit the Bitorrent download and upload on the 6509 .

About 400Mbps traffice pass through the Cisco 6509 , Can i do NBAR ? will it cause hight CPU ? all packets are software prcoessed even install FlexWan module in 6509 ?

Thanks

Liuguiqing

vvasisth · ‎12-09-2009

As I understand, you would like to know about the SUP-32 supporting NBAR. NBAR is only supported on sup 32 with PISA not without PISA

These links will give you additional information :

1. Sup32 Pisa supports NBAR and can handle upto 2 Gbps maximum throughput for deep packet inspection .

The PISA is capable of accelerating intelligent services such as NBAR and FPM at 2-Gbps speeds for Internet mix (IMIX) traffic, which is
optimal for standard campus access networks of typical enterprises using a pair of Gigabit Ethernet Small Form-Factor Pluggable (SFP) uplinks to
each distribution layer switch.

http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps7209/prod_qas0900aecd805a0e95.html
<http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps7209/prod_qas0900aecd805a0e95.html>

2. Layer 2 NBAR is not supported on Layer 2 interfaces that are configured as part of a service module (such as FWSM and IDSM) when
those service modules are configured in inline mode (that is, network traffic is in a direct path through the service module).

FPM and NBAR policies can be applied on any Layer 3 LAN port (routed ports, SVIs, port channels) on the Supervisor Engine 32 PISA. They
cannot be applied to WAN interfaces or MPLS VPN/tunnel interfaces.

http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nbar.html#wp1128904
<http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/clsfy_traffic_nbar.html#wp1128904>

3. Also providing the data sheet for the SUP32-PISA.

http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps7209/product_data_sheet0900aecd805a6b87_ps708_Products_Data_Sheet.html
<http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps7209/product_data_sheet0900aecd805a6b87_ps708_Products_Data_Sheet.html>

Regards,
Varun

liuguiqing · ‎12-10-2009

Hi Varun , Thanks for you greate help .

Our 6509 is supervisor32 without PISA, so it cannot support NBAR .

vvasisth · ‎12-10-2009

Unfortunatly it wont support NBAR. NBAR was one of the main reason behind coming up with Pisa.

regards,

Varun