NBAR isn't supported on many switches. Within the 6500 series, some WAN cards, for the card only, support it (e.g. FlexWAN). Also for the 6500 series, the sup32-PISA FPM, I believe, might be able to match similar to NBAR, but don't recall what its features are compared to NBAR.
For the ASR, don't know for sure, but likely it doesn't support NBAR at all.
Perhaps ASR is more akin to 7200 or 7300 vs. 6500/7600 or 4500 series.
If there isn't any published performance for NBAR impact on an ASR, you might be able hope its impact is similar to what's been documented for other network devices.
I'm batting zero on ASRs and NBAR, but I recall NBAR isn't real, real heavy against performance. It may have been generally under 10%, but take that with a grain of salt. I think there are some whitepapers on Cisco's site documenting NBAR performance for some devices.
Just tried to find some info concerning the impact of NBAR, but only got 1, yes just 1, hit against the whole Cisco site searching on just "nbar"!?
If the ASRs support FPM and/or NBAR, like sup32-PISA supports FPM, I recall the latter takes quite a performance hit, so you're correct to be concerned about performance.
I use NBAR on many software routers, along with considerable QoS. On those I haven't seen a really significant performance hit. This makes sense because for some of NBAR it's often just a pretty face for some port matching ACLs. Some NBAR, though, can be stateful and/or dig into the packet. This might be much more system usage intensive. For instance, NBAR that examines HTTP URLs might be such, although I haven't used that kind of NBAR.
What you might try is to ease into NBAR with one match type at a non-peak time and watch what happens. Also, not 100% positive, but activation of flow caching might limit some NBAR analysis to just the first packet of some flows.
You are right. It really depends on the types of inspections. And according to the NBAR test report on the first message, Cisco claimed there would be no packet drop or significant speed reduce if the NDR traffic load were under certain number, such as 60%. The most significant impact would be CPU usage. If it is true, it would be very easy to test because just need to focus on CPU usage. It would be interesting to do a small test.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...