From: k c (jwongccie@yahoo.com.hk)
Date: Wed Oct 08 2003 - 08:37:46 GMT-3
NBAR will read the packet payload and examine the content. Does anybody have experience in production platform to use this feature and what is the cpu and memories before and after turn-on the features?
"Church, Chuck" <cchurch@wamnetgov.com> wrote:Ken,
The simple command: 'ip nbar protocol-discovery' on an IP interface will
cause the router to build a table of statistics, showing you protocol
distribution on that interface, such as:
border-router#sh ip nbar pro
Serial0/0.1
Input Output
Protocol Packet Count Packet Count
Byte Count Byte Count
5 minute bit rate (bps) 5 minute bit rate (bps)
------------------------ ------------------------ ------------------------
http 12332805 10324213
10994216698 1503535410
33000 1000
smtp 732724 629477
378882475 266019078
6000 0
icmp 10425341 10236304
998604432 981136476
1000 0
ipsec 12530494 10361257
3099004560 2927829620
0 0
netshow 1707909 1346165
1784257040 67899419
0 0
exchange 15351550 15190700
802691981 794318552
..........
It'll show all the protocols it supports. Still need CEF. Keep in mind that
some such as Kazaa2 were added later, thus requiring a newer version, such as
12.2.13T, I think. You're right though, it's pretty cool.
Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnetgov.com
PGP key:
http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.com
-----Original Message-----
From: Ken.Farrington@barclayscapital.com
[mailto:Ken.Farrington@barclayscapital.com]
Sent: Tuesday, October 07, 2003 2:57 PM
To: ccielab@groupstudy.com
Subject: Is this NBAR? Is it not?
Guys, It's been a day of QoS so by now, I just wanna permit IP any any )
NBAR ? what is it? Is it just the fact that now you can use this command
(and others for MIME etc etc) under a class map?
match protocol http url "/exec/show/interface/*" and a shed load of other
protocols/commands under the class-map for further in-depth classification?
Is that the strength of it? Just added protocols under this command? so you
can look further into the packet?
YOU DONT NEED ANY NBAR COMMANDS do you? I know you need CEF running
Please could you be so kind to advise?
!
class-map match-all http_interface
match protocol http url "/exec/show/interface/*"
class-map match-all http_log
match protocol http url "/exec/show/log/*"
!
!
policy-map cisco
class http_interface
set ip precedence 5
class http_log
set ip precedence 1
!
interface Ethernet0/0
ip address 2.2.2.2 255.255.255.0
service-policy output cisco
!
------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.
Internet communications are not secure and therefore the Barclays
Group does not accept legal responsibility for the contents of this
message. Although the Barclays Group operates anti-virus programmes,
it does not accept responsibility for any damage whatsoever that is
caused by viruses being passed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
Barclays Group. Replies to this email may be monitored by the Barclays
Group for operational or business reasons.
------------------------------------------------------------------------
***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***
This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:58 GMT-3