Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
819
Views
0
Helpful
2
Replies

Cisco NBAR

Go to solution
per.nielsen
Level 1
Level 1

‎05-01-2006 03:56 AM - edited ‎03-03-2019 03:01 AM

A few questions on Cisco Brilliant Product NBAR

Today the router are getting more and more of these DM GUI device managers, these are being used to configure out difficult concepts like IPSec etc.

Is there today any GUI Interfaces to NBAR except for the QPM (part of Cisco Works) ???

Also would anyone be able to tell a bit about the CPU load that NBAR evidently will introduce ???

Per

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
robert.hyde
Level 1
Level 1

‎05-04-2006 01:27 PM

Per,

I am not aware of any GUI interface to NBAR except QPM. But it is surprisingly easy to configure via the CLI, you end up with class-maps that look like this:

class-map match-any BULK

match protocol ftp

match protocol tftp

class-map match-any SCAVENGER

match protocol napster

match protocol gnutella

match protocol fasttrack

match protocol kazaa2

Keep in mind the interface must be running CEF for NBAR to work. Chances are, you already know all these things - just throwing them out there.

But I can speak a tad to the CPU load due to NBAR. This of course is quite difficult to quantify, and I certainly have never seen any charts, numbers, etc. Some docs say that they will take less CPU than an access-list, some case-studies show that it takes slightly more than an access-list.

In my experience it has been about on par with an access-list. We have NBAR running on over a hundred distribution/WAN routers, classifying and marking inbound from the LAN, LLQ to the WAN, 5-class model following the Cisco baseline. These routers all average about 6 megs of throughput each way during the day, and we see maybe 5% CPU due to all QoS activities. Not bad at all.

But then we have a 7600 that averages 430 megs of throughput each direction during the day, NBAR running on about 30 interfaces, 10 of those interfaces generating 90% of the traffic. QoS added about 55% to the CPU, so we had to scale back the QoS policies on that box.

I know that is not a clear answer but hopefully it is helpful. If you roll out QoS in incremental waves you can head off any CPU problems that NBAR may cause by modifying where needed, as opposed to throwing a 10-class model onto the network and risking an overload somewhere. Good luck!

Best regards

Robert

View solution in original post

0 Helpful
2 Replies 2

Go to solution
robert.hyde
Level 1
Level 1

‎05-04-2006 01:27 PM

Per,

I am not aware of any GUI interface to NBAR except QPM. But it is surprisingly easy to configure via the CLI, you end up with class-maps that look like this:

class-map match-any BULK

match protocol ftp

match protocol tftp

class-map match-any SCAVENGER

match protocol napster

match protocol gnutella

match protocol fasttrack

match protocol kazaa2

Keep in mind the interface must be running CEF for NBAR to work. Chances are, you already know all these things - just throwing them out there.

But I can speak a tad to the CPU load due to NBAR. This of course is quite difficult to quantify, and I certainly have never seen any charts, numbers, etc. Some docs say that they will take less CPU than an access-list, some case-studies show that it takes slightly more than an access-list.

In my experience it has been about on par with an access-list. We have NBAR running on over a hundred distribution/WAN routers, classifying and marking inbound from the LAN, LLQ to the WAN, 5-class model following the Cisco baseline. These routers all average about 6 megs of throughput each way during the day, and we see maybe 5% CPU due to all QoS activities. Not bad at all.

But then we have a 7600 that averages 430 megs of throughput each direction during the day, NBAR running on about 30 interfaces, 10 of those interfaces generating 90% of the traffic. QoS added about 55% to the CPU, so we had to scale back the QoS policies on that box.

I know that is not a clear answer but hopefully it is helpful. If you roll out QoS in incremental waves you can head off any CPU problems that NBAR may cause by modifying where needed, as opposed to throwing a 10-class model onto the network and risking an overload somewhere. Good luck!

Best regards

Robert

0 Helpful

Go to solution
robert.hyde
Level 1
Level 1

‎05-05-2006 07:10 AM

Per,

I forgot that I had stumbled across a link with some numbers and graphs concerning NBAR and CPU, "Network Based Application Recognition Performance Analysis":

http://www.cisco.com/en/US/partner/tech/tk543/tk759/technologies_white_paper0900aecd8031b712.shtml

Enjoy!

Best Regards

Robert

0 Helpful
Customers Also Viewed These Support Documents