From: Pavel Bykov (slidersv@gmail.com)
Date: Thu Sep 11 2008 - 19:34:41 ART
From the performance point of view, the direction is irrelevant. See the
following performance analysis:
http://www.cisco.com/en/US/technologies/tk543/tk759/technologies_white_paper0900aecd8031b712_ps6616_Products_White_Paper.html
This is due to the fact, that NBAR has to read the whole (well, at least the
beginning of) packet, and therefore it is fully received before it is
processed and could not be dropped directly at input buffers.
Now, general logic for policers is to police at input. BUT that logic
assumed that packet can be dropped at input without impacting rotuer
performance, which in this case not possible.
So you can follow the guide line and apply it on input.
On Thu, Sep 11, 2008 at 9:07 PM, Igor M. <imanassypov@rogers.com> wrote:
> Hi all,
>
> If I want to match on a bunch of mime types in the http request header and
> police that kind of traffic - would that have to be an inbound or outbound
> policy, or both?
> The goal is to limit the rate of downloading the specified image types...
>
> Like so:
>
> class-map match-all IMAGES
> match protocol http mime "*.(gif|jpg|jpeg)"
> policy-map NBAR
> class IMAGES
> police 100000
> int e0/0
> service-policy input NBAR
>
>
> ----------------------
>
> I.M., M.Eng. P.Eng.
>
> Network Architect
>
> CI Investments
>
> ----------------------
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Pavel Bykov ------------------------------------------------- Stop the braindumps! http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sat Oct 04 2008 - 09:26:18 ART