North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Blocking CODE RED IOS NBAR CCO Tech Tip
Based on the testing we have done with this feature - you can expect the following this feature requries CEF switching turned on : 7200 NPE 300 w/ Stateful Classification ( http subport and marking ) Your looking at about an incremental max 15% hit w/ 45 meg each direction ( 90 meg total ) 3660 25 meg unidirectional ~11% 3640 8 meg unidirectional ~11% 3620 4 meg unidirectional ~16% 2650 8 meg unidirectional ~11% 2610 4 meg unidirectional ~16% Many enterprise customers are starting to implement this at the ingress of the network One of the side effects that has been reported are open tcp sessions that are left on servers as the result of this filtering. -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of dmuz Sent: Wednesday, August 08, 2001 8:17 AM To: Scott Frisby Cc: [email protected] Subject: Re: Blocking CODE RED IOS NBAR CCO Tech Tip On Tue, Aug 07, 2001 at 10:21:10PM -0700, Scott Frisby said: > CCO official release on blocking code red w/ IOS NBAR - > > http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Excellent. Is anyone implementing this on large scale networks? What sort of performance hit are you seeing on what levels of traffic? Thanks, -- dmuz dmuz.angrypacket.com <- vanity site sec.angrypacket.com <- lame security site "I'd rather have a bottle in front of me than a frontal lobotomy." - Tom Waits
|