Not sure how it would work in practice, but it could be worth spreading the duties of the filtering to two or more routers if possible. If you policy map packets with a destination port of 80 to have a next hop of a deligated 'http checker' cisco as detailed in the document which will then inspect the packet for the extensions in the http data and act accordingly. IMHO this would reduce the load of the edge router because instead of checking every packet for certain http extensions, you're only checking each packet against a destination port then policy routing if it matches port 80. Given that huge proportion of the internet's traffic is http, I doubt this would work where it's prohibitive to even contemplating putting such a list on an interface, but somewhere you'd like to get a smaller CPU load on your edge or core router(s) (depending on where you filter). Cheers, Chris Gordon Smith wrote:
Nope. Under 10% CPU on my 7200 at the moment...
I guess you'd impact performance if you tried this on a box with insufficient CPU. If you use smaller routers, you'd probably be better off setting one up with 2 F/E ints and just use it for traffic policing, or do as Steve did and use a layer 4 switch.
Cheers,
Gordon Smith Network Operations Manager
MoreNet Ltd.
Fingerprint: 4093 91BC 0055 46B9 1B1A EDBA 45AD 2381 7B1D E4BE
-----Original Message----- From: owner-nznog(a)list.waikato.ac.nz [mailto:owner-nznog(a)list.waikato.ac.nz]On Behalf Of Craig Whitmore Sent: Thursday, 16 August 2001 21:02 To: Terence; nznog(a)list.waikato.ac.nz Subject: Re: Code Red Filters...
I've saw that a while back...
Most of us have 10M+ links to us and looking at every bit of data going into an interface would probably kill it :-( Has anyone tried it with a large amount of real data without killing their Router...
Thanks Craig Whitmore Orcon Internet
----- Original Message ----- From: "Terence"
To: Sent: Thursday, August 16, 2001 8:51 PM Subject: Code Red Filters... --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog