Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Adam Greene 
Thanks, Chuck, for the helpful response.

My further research corroborates what you say.

Miercom has an interesting study showing enabling QoS on 4431 does not
affect total throughput: http://miercom.com/pdf/reports/20150817.pdf.
However, enabling FnF & NBAR2 might ... 

It looks like getting the base 4431 and adding the AX license is less
expensive than ordering the AX bundle, which also comes with a SEC license.

Currently not sure if AX license is required on 4431 to support FnF. It
looks like it's required for NBAR2, though.

Adam

-Original Message-
From: Chuck Church [mailto:chuckchu...@gmail.com] 
Sent: Wednesday, July 13, 2016 2:41 PM
To: 'Adam Greene' <maill...@webjogger.net>; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] ISR4431-AX/K9

Isn't WAAS their WAN acceleration product?  I don't think NBAR has any
reliance on that.  You just use NBAR to identify the traffic, then normal
QOS policy to do something with it.  I haven't done it on an ASR or ISR 4K,
but that's how it's worked on all previous devices.

Chuck

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam
Greene
Sent: Wednesday, July 13, 2016 1:04 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ISR4431-AX/K9

Kind of worried based on
http://www.cisco.com/c/en/us/products/collateral/routers/3900-series-integra
ted-services-routers-isr/guide_c07-726864.html that I'm also going to have
to buy: 

 

ISR4430U-MEM-SSD

DRAM upgrade to 16GB, Flash Memory upgrade to 16GB, NIM Carrier and 200GB
SSD Bundle

 

Not sure if WAAS is required for NBAR2, though, or even if not, if I should
use WAAS instead, or if they are synonymous.

 

And 1300 WAAS Optimized TCP Connections seems tiny, considering the ASA 5520
in line with it reports high water marks of up to 187,000 connections,
though averages about half that probably. Maybe WAAS connections are not the
same, though .

 

From: Adam Greene [mailto:maill...@webjogger.net]
Sent: Wednesday, July 13, 2016 12:50 AM
To: 'cisco-nsp@puck.nether.net' <cisco-nsp@puck.nether.net>
Subject: ISR4431-AX/K9

 

Hey guys,

 

If I need a router that can do application based bandwidth throttling
(NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick,
right? It seems to provide the features and throughput. Please tell me if
I'm wrong (other services enabled on the router will be limited to BGP and
OSPF).

 

Thanks,

Adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Emille Blanc 
I happen to be staring at an ISR4431/K9 with the APPX license (purchased for 
the L2 features), and it allows nbar configuration for ipv4 and ipv6.  I have 
none without said license pre-loaded, so cannot confirm if it's required or not.
It doesn't seem to complain or spam the license EULA if I enable any NBAR2 
pieces.

Hope this helps shed some light;

Running 15.4(3)S5
router#sh ip nbar version

NBAR software version:  20
NBAR minimum backward compatible version:  20

Loaded Protocol Pack(s):

Name:Advanced Protocol Pack
Version: 12.0
Publisher:   Cisco Systems Inc.
NBAR Engine Version: 20
State:   Active

ABCPGRGBC-57-DAO-R01# sh license | inc ^Index|Permanent|Activated
Index 1 Feature: appxk9
License Type: Permanent
Index 2 Feature: uck9
Period left: Not Activated
Index 3 Feature: securityk9
Period left: Not Activated
Index 4 Feature: ipbasek9
License Type: Permanent
Index 5 Feature: cme-srst
Period left: Not Activated
Index 6 Feature: hseck9
Index 7 Feature: throughput
License Type: Permanent
Index 8 Feature: internal_service


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Steve 
Mikulasik
Sent: July-13-16 12:00 PM
To: Adam Greene; cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ISR4431-AX/K9

I believe NBAR 2 is in the AVX bundle, but there is normal NBAR support in the 
other bundles.


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam 
Greene
Sent: Tuesday, July 12, 2016 10:50 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ISR4431-AX/K9

Hey guys,

 

If I need a router that can do application based bandwidth throttling
(NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick, 
right? It seems to provide the features and throughput. Please tell me if I'm 
wrong (other services enabled on the router will be limited to BGP and OSPF).

 

Thanks,

Adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Steve Mikulasik 
I believe NBAR 2 is in the AVX bundle, but there is normal NBAR support in the 
other bundles.


-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam 
Greene
Sent: Tuesday, July 12, 2016 10:50 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] ISR4431-AX/K9

Hey guys,

 

If I need a router that can do application based bandwidth throttling
(NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick, 
right? It seems to provide the features and throughput. Please tell me if I'm 
wrong (other services enabled on the router will be limited to BGP and OSPF).

 

Thanks,

Adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISR4431-AX/K9

2016-07-13 Thread Chuck Church 
Isn't WAAS their WAN acceleration product?  I don't think NBAR has any
reliance on that.  You just use NBAR to identify the traffic, then normal
QOS policy to do something with it.  I haven't done it on an ASR or ISR 4K,
but that's how it's worked on all previous devices.

Chuck

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Adam
Greene
Sent: Wednesday, July 13, 2016 1:04 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] ISR4431-AX/K9

Kind of worried based on
http://www.cisco.com/c/en/us/products/collateral/routers/3900-series-integra
ted-services-routers-isr/guide_c07-726864.html that I'm also going to have
to buy: 

 

ISR4430U-MEM-SSD

DRAM upgrade to 16GB, Flash Memory upgrade to 16GB, NIM Carrier and 200GB
SSD Bundle

 

Not sure if WAAS is required for NBAR2, though, or even if not, if I should
use WAAS instead, or if they are synonymous.

 

And 1300 WAAS Optimized TCP Connections seems tiny, considering the ASA 5520
in line with it reports high water marks of up to 187,000 connections,
though averages about half that probably. Maybe WAAS connections are not the
same, though .

 

From: Adam Greene [mailto:maill...@webjogger.net]
Sent: Wednesday, July 13, 2016 12:50 AM
To: 'cisco-nsp@puck.nether.net' <cisco-nsp@puck.nether.net>
Subject: ISR4431-AX/K9

 

Hey guys,

 

If I need a router that can do application based bandwidth throttling
(NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick,
right? It seems to provide the features and throughput. Please tell me if
I'm wrong (other services enabled on the router will be limited to BGP and
OSPF).

 

Thanks,

Adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ISR4431-AX/K9

2016-07-12 Thread Adam Greene 
Kind of worried based on
http://www.cisco.com/c/en/us/products/collateral/routers/3900-series-integra
ted-services-routers-isr/guide_c07-726864.html that I'm also going to have
to buy: 

 

ISR4430U-MEM-SSD

DRAM upgrade to 16GB, Flash Memory upgrade to 16GB, NIM Carrier and 200GB
SSD Bundle

 

Not sure if WAAS is required for NBAR2, though, or even if not, if I should
use WAAS instead, or if they are synonymous.

 

And 1300 WAAS Optimized TCP Connections seems tiny, considering the ASA 5520
in line with it reports high water marks of up to 187,000 connections,
though averages about half that probably. Maybe WAAS connections are not the
same, though .

 

From: Adam Greene [mailto:maill...@webjogger.net] 
Sent: Wednesday, July 13, 2016 12:50 AM
To: 'cisco-nsp@puck.nether.net' 
Subject: ISR4431-AX/K9

 

Hey guys,

 

If I need a router that can do application based bandwidth throttling
(NBAR2) at 500M-1G aggregate throughput, ISR4431-AX/K9 should do the trick,
right? It seems to provide the features and throughput. Please tell me if
I'm wrong (other services enabled on the router will be limited to BGP and
OSPF).

 

Thanks,

Adam

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/