Re: [c-nsp] ISR4431-AX/K9
Thanks, Chuck, for the helpful response. My further research corroborates what you say. Miercom has an interesting study showing enabling QoS on 4431 does not affect total throughput: http://miercom.com/pdf/reports/20150817.pdf. However, enabling FnF & NBAR2 might ... It looks like getting the base 4431 and adding the AX license is less expensive than ordering the AX bundle, which also comes with a SEC license. Currently not sure if AX license is required on 4431 to support FnF. It looks like it's required for NBAR2, though. Adam -Original Message- From: Chuck Church [mailto:chuckchu...@gmail.com] Sent: Wednesday, July 13, 2016 2:41 PM To: 'Adam Greene' <maill...@webjogger.net>; cisco-nsp@puck.nether.net Subject: RE: [c-nsp] ISR4431-AX/K9 Isn't WAAS their WAN acceleration product? I don't think NBAR has any reliance on that. You just use NBAR to identify the traffic, then normal QOS policy to do something with it. I haven't done it on an ASR or ISR 4K, but that's how it's worked on all previous devices. Chuck -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam Greene Sent: Wednesday, July 13, 2016 1:04 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ISR4431-AX/K9 Kind of worried based on http://www.cisco.com/c/en/us/products/collateral/routers/3900-series-integra ted-services-routers-isr/guide_c07-726864.html that I'm also going to have to buy: ISR4430U-MEM-SSD DRAM upgrade to 16GB, Flash Memory upgrade to 16GB, NIM Carrier and 200GB SSD Bundle Not sure if WAAS is required for NBAR2, though, or even if not, if I should use WAAS instead, or if they are synonymous. And 1300 WAAS Optimized TCP Connections seems tiny, considering the ASA 5520 in line with it reports high water marks of up to 187,000 connections, though averages about half that probably. Maybe WAAS connections are not the same, though . From: Adam Greene [mailto:maill...@webjogger.net] Sent: Wednesday, July 13, 2016 12:50 AM To: 'cisco-nsp@puck.nether.net' <cisco-nsp@puck.nether.net> Subject: ISR4431-AX/K9 Hey guys, If I need a router that can do application based bandwidth throttling (NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick, right? It seems to provide the features and throughput. Please tell me if I'm wrong (other services enabled on the router will be limited to BGP and OSPF). Thanks, Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISR4431-AX/K9
I happen to be staring at an ISR4431/K9 with the APPX license (purchased for the L2 features), and it allows nbar configuration for ipv4 and ipv6. I have none without said license pre-loaded, so cannot confirm if it's required or not. It doesn't seem to complain or spam the license EULA if I enable any NBAR2 pieces. Hope this helps shed some light; Running 15.4(3)S5 router#sh ip nbar version NBAR software version: 20 NBAR minimum backward compatible version: 20 Loaded Protocol Pack(s): Name:Advanced Protocol Pack Version: 12.0 Publisher: Cisco Systems Inc. NBAR Engine Version: 20 State: Active ABCPGRGBC-57-DAO-R01# sh license | inc ^Index|Permanent|Activated Index 1 Feature: appxk9 License Type: Permanent Index 2 Feature: uck9 Period left: Not Activated Index 3 Feature: securityk9 Period left: Not Activated Index 4 Feature: ipbasek9 License Type: Permanent Index 5 Feature: cme-srst Period left: Not Activated Index 6 Feature: hseck9 Index 7 Feature: throughput License Type: Permanent Index 8 Feature: internal_service -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Steve Mikulasik Sent: July-13-16 12:00 PM To: Adam Greene; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ISR4431-AX/K9 I believe NBAR 2 is in the AVX bundle, but there is normal NBAR support in the other bundles. -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam Greene Sent: Tuesday, July 12, 2016 10:50 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] ISR4431-AX/K9 Hey guys, If I need a router that can do application based bandwidth throttling (NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick, right? It seems to provide the features and throughput. Please tell me if I'm wrong (other services enabled on the router will be limited to BGP and OSPF). Thanks, Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISR4431-AX/K9
I believe NBAR 2 is in the AVX bundle, but there is normal NBAR support in the other bundles. -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam Greene Sent: Tuesday, July 12, 2016 10:50 PM To: cisco-nsp@puck.nether.net Subject: [c-nsp] ISR4431-AX/K9 Hey guys, If I need a router that can do application based bandwidth throttling (NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick, right? It seems to provide the features and throughput. Please tell me if I'm wrong (other services enabled on the router will be limited to BGP and OSPF). Thanks, Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISR4431-AX/K9
Isn't WAAS their WAN acceleration product? I don't think NBAR has any reliance on that. You just use NBAR to identify the traffic, then normal QOS policy to do something with it. I haven't done it on an ASR or ISR 4K, but that's how it's worked on all previous devices. Chuck -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam Greene Sent: Wednesday, July 13, 2016 1:04 AM To: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ISR4431-AX/K9 Kind of worried based on http://www.cisco.com/c/en/us/products/collateral/routers/3900-series-integra ted-services-routers-isr/guide_c07-726864.html that I'm also going to have to buy: ISR4430U-MEM-SSD DRAM upgrade to 16GB, Flash Memory upgrade to 16GB, NIM Carrier and 200GB SSD Bundle Not sure if WAAS is required for NBAR2, though, or even if not, if I should use WAAS instead, or if they are synonymous. And 1300 WAAS Optimized TCP Connections seems tiny, considering the ASA 5520 in line with it reports high water marks of up to 187,000 connections, though averages about half that probably. Maybe WAAS connections are not the same, though . From: Adam Greene [mailto:maill...@webjogger.net] Sent: Wednesday, July 13, 2016 12:50 AM To: 'cisco-nsp@puck.nether.net' <cisco-nsp@puck.nether.net> Subject: ISR4431-AX/K9 Hey guys, If I need a router that can do application based bandwidth throttling (NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick, right? It seems to provide the features and throughput. Please tell me if I'm wrong (other services enabled on the router will be limited to BGP and OSPF). Thanks, Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ISR4431-AX/K9
Kind of worried based on http://www.cisco.com/c/en/us/products/collateral/routers/3900-series-integra ted-services-routers-isr/guide_c07-726864.html that I'm also going to have to buy: ISR4430U-MEM-SSD DRAM upgrade to 16GB, Flash Memory upgrade to 16GB, NIM Carrier and 200GB SSD Bundle Not sure if WAAS is required for NBAR2, though, or even if not, if I should use WAAS instead, or if they are synonymous. And 1300 WAAS Optimized TCP Connections seems tiny, considering the ASA 5520 in line with it reports high water marks of up to 187,000 connections, though averages about half that probably. Maybe WAAS connections are not the same, though . From: Adam Greene [mailto:maill...@webjogger.net] Sent: Wednesday, July 13, 2016 12:50 AM To: 'cisco-nsp@puck.nether.net'Subject: ISR4431-AX/K9 Hey guys, If I need a router that can do application based bandwidth throttling (NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick, right? It seems to provide the features and throughput. Please tell me if I'm wrong (other services enabled on the router will be limited to BGP and OSPF). Thanks, Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ISR4431-AX/K9
Hey guys, If I need a router that can do application based bandwidth throttling (NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick, right? It seems to provide the features and throughput. Please tell me if I'm wrong (other services enabled on the router will be limited to BGP and OSPF). Thanks, Adam ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/