Hi,
Today i had the same requirement, and when i realized i had 75% of my bandwidth used classified as unknown by NBAR, i decided to do the following:
Consider the reverse logic. Police everything NBA does not recognize, including the P2P protocols NBAR does.
To make it clearer, i started off by created long class-map, with around 81 "match not protocol" statements.
The result is traffic NBAR does not recognize. and to match the P2P NBAR does recognize, i omitted them from the list.
Then i caled that class-map into a policy that polices the result to about 10% of my bandwidth.
The logic sounded nasty but made sense. But the config would no take, no clue why, but i guess the class-map was too long.
(if any developper is reading this, a coment would be nice please using 3845 and IOS version 12.4(15)T9)
So..........a minor adjustment .........created 14 class-maps, each matching (not "match not") 6 protocols, then a policymap calling those class-maps, not doing anything to the traffic, then a policer at the class-default.
This means that any match on any of the 14 class-maps would allow the packet to cross untouched, otherwise (unknown protocol), it will hit the policer.
expect around 25% of extra CPU load depending on your bandwidth.
I can post my config if you need it.
Good luck.
Bassem Kattan
CCIE# 20156
