From: JP (jenseike@start.no)
Date: Mon Oct 24 2005 - 09:17:30 GMT-3
Hi all,
NBAR for matching on filsharing protocols works very well from 12.3 and up.
With 12.2 NBAR has problem matching on those dynamic ports that are used.
F.ex I tested kazaa 2 and 3 with 12.2T(15), and I did not have any hits on
the policy. Then I upgraded to 12.3, and it worked very well.
So you should try to use this on a newer IOS, and I think you will be happy.
Jens P
-----Opprinnelig melding-----
Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av Tim
Sendt: 24. oktober 2005 11:58
Til: 'Niche'; ccielab@groupstudy.com
Emne: RE: Question about NBAR.. not really related to CCIE lab
Hi Jacky,
NBAR does more than match static protocol and port assignments. For
example, when nbar is used to match ftp traffic, it can determine which port
is used for the dynamic data channel.
I haven't used nbar to classify p2p file sharing programs so I can't comment
on how well it works for that but I would expect it to work pretty well.
Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Niche
Sent: Monday, October 24, 2005 3:40 AM
To: ccielab@groupstudy.com
Subject: Question about NBAR.. not really related to CCIE lab
Hi guys,
Is NBAR truely using layer-7 application pattern to classify traffic for
bandwidth control, security blocking, etc?
Or it just use protocl type (tcp, udp) with port number still?
We may need to consider to use it for controlling bandwidth usage to p2p
file sharing traffic. So I am concerning about the effectiveness of NBAR to
this issue (e.g. users can modify the usual port number to a new one of the
application in order to avoid traditional port-number tracking method).
Cheers~
Jacky
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:52 GMT-3