Re: SV: Question about NBAR.. not really related to CCIE lab

From: Carlos G Mendioroz (tron@huapi.ba.ar)
Date: Tue Oct 25 2005 - 07:29:05 GMT-3

• Next message: Javier Tomé: "Re: STP Question"
• Previous message: Shanky: "secondary addresses and split horizon , routing updates"
• Maybe in reply to: JP: "SV: Question about NBAR.. not really related to CCIE lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

JP,
just courious... when you tried the 12.2T image, you used the default
nbar or you loaded the pdlm files ?

NBAR kazaa pdlm (i.e. its recognition code) has had some revisions and
I'm not sure which stage was included in the 12.2T you tried.

Thanks,
-Carlos

JP @ 24/10/2005 09:17 dixit:
> Hi all,
>
> NBAR for matching on filsharing protocols works very well from 12.3 and up.
> With 12.2 NBAR has problem matching on those dynamic ports that are used.
> F.ex I tested kazaa 2 and 3 with 12.2T(15), and I did not have any hits on
> the policy. Then I upgraded to 12.3, and it worked very well.
>
> So you should try to use this on a newer IOS, and I think you will be happy.
>
> Jens P
>
> -----Opprinnelig melding-----
> Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av Tim
> Sendt: 24. oktober 2005 11:58
> Til: 'Niche'; ccielab@groupstudy.com
> Emne: RE: Question about NBAR.. not really related to CCIE lab
>
> Hi Jacky,
>
> NBAR does more than match static protocol and port assignments. For
> example, when nbar is used to match ftp traffic, it can determine which port
> is used for the dynamic data channel.
>
> I haven't used nbar to classify p2p file sharing programs so I can't comment
> on how well it works for that but I would expect it to work pretty well.
>
> Tim
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Niche
> Sent: Monday, October 24, 2005 3:40 AM
> To: ccielab@groupstudy.com
> Subject: Question about NBAR.. not really related to CCIE lab
>
> Hi guys,
>
> Is NBAR truely using layer-7 application pattern to classify traffic for
> bandwidth control, security blocking, etc?
> Or it just use protocl type (tcp, udp) with port number still?
>
> We may need to consider to use it for controlling bandwidth usage to p2p
> file sharing traffic. So I am concerning about the effectiveness of NBAR to
> this issue (e.g. users can modify the usual port number to a new one of the
> application in order to avoid traditional port-number tracking method).
>
> Cheers~
> Jacky
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

-- 
Carlos G Mendioroz  <tron@huapi.ba.ar>  LW7 EQI  Argentina

• Next message: Javier Tomé: "Re: STP Question"
• Previous message: Shanky: "secondary addresses and split horizon , routing updates"
• Maybe in reply to: JP: "SV: Question about NBAR.. not really related to CCIE lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:52 GMT-3