From: Scott M Vermillion (scott_ccie_list@it-ag.com)
Date: Sat Feb 21 2009 - 16:22:45 ARST
I don't think Cisco has ever released too much in the way of
"under-the-hood" details of the actual mechanics of NBAR. However, in
Chapter 3 of "End-to-end QoS Network Design," there's a short one-paragraph
discussion that delves into NBAR and CEF. It says:
"NBAR is dependent on Cisco Express Forwarding (CEF) and performs
deep-packet classification only on the first packet of a stream. The
remainder of the packets belonging to the stream are then CEF-switched."
I have also seen Cisco/Cisco Press literature where NBAR is described as
highly CPU-intensive (not surprisingly). So perhaps the CEF requirement
just has more to do with self-preservation than the actual mechanics of how
it actually works; doing NBAR _and_ process switching might very well result
in some bad behavior on the part of a router, so they simply don't allow it.
Sounds good on paper anyway...
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of dave
dave
Sent: Thursday, February 19, 2009 10:58 PM
To: Cisco certification
Subject: IP CEF required for NBAR what logic?
Hi Expert,
Why do we need to enable "ip cef" when using the "NBAR protocol", no
explanation found on this. I have enable "ip cef" then configure "NBAR" then
i removed "no ip cef" & "NBAR" was working fine :((( not understand the
logic behind this.
r1(config-if)#ip nbar protocol-discovery
CEF or distributed CEF switching is required for NBAR 'protocol discovery'
command
Regards
Dave
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:44:12 ARST