CCO official release on blocking code red w/ IOS NBAR -
Excellent. Is anyone implementing this on large scale networks? What
sort of performance hit are you seeing on what levels of traffic?
Based on the testing we have done with this feature - you can expect the
this feature requries CEF switching turned on :
7200 NPE 300 w/ Stateful Classification ( http subport and marking )
Your looking at about an incremental max 15% hit w/ 45 meg each direction
( 90 meg total )
3660 25 meg unidirectional ~11%
3640 8 meg unidirectional ~11%
3620 4 meg unidirectional ~16%
2650 8 meg unidirectional ~11%
2610 4 meg unidirectional ~16%
Many enterprise customers are starting to implement this at the ingress of
One of the side effects that has been reported are open tcp sessions that
are left on servers as the result of this filtering.