Blocking CODE RED IOS NBAR CCO Tech Tip

• Previous message (by thread): Blocking CODE RED IOS NBAR CCO Tech Tip
• Next message (by thread): Internet disruptions on multi-access networks, NAT and proxy caches
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Based on the testing we have done with this feature - you can expect the
following
this feature requries CEF switching turned on  :

7200 NPE 300  w/ Stateful Classification ( http subport and marking )
Your looking at about an incremental max 15% hit w/ 45 meg each direction
( 90 meg total )

3660  25 meg unidirectional  ~11%
3640  8 meg  unidirectional  ~11%
3620  4 meg  unidirectional  ~16%
2650  8 meg  unidirectional  ~11%
2610  4 meg  unidirectional  ~16%


Many enterprise customers are starting to implement this at the ingress of
the network
One of the side effects that has been reported are open tcp sessions that
are left on servers as the result of this filtering.



-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
dmuz
Sent: Wednesday, August 08, 2001 8:17 AM
To: Scott Frisby
Cc: nanog at merit.edu
Subject: Re: Blocking CODE RED IOS NBAR CCO Tech Tip



On Tue, Aug 07, 2001 at 10:21:10PM -0700, Scott Frisby said:
> CCO official release on blocking code red w/ IOS NBAR -
>
> http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml

Excellent. Is anyone implementing this on large scale networks? What
sort of performance hit are you seeing on what levels of traffic?

Thanks,
--
dmuz
dmuz.angrypacket.com <- vanity site
sec.angrypacket.com <- lame security site

"I'd rather have a bottle in front of me than a frontal lobotomy."
 - Tom Waits

• Previous message (by thread): Blocking CODE RED IOS NBAR CCO Tech Tip
• Next message (by thread): Internet disruptions on multi-access networks, NAT and proxy caches
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]