Thursday, 25 August 2011

Netflow Vs NBAR

You are the Cisco Network Designer in Which statement is correct regarding NBARand NetFlow?
A. NBAR examines data in Layers 1 and 4.
B. NBAR examines data in Layers 3 and 4.
C. NetFlow examines data in Layers 3 and 4.
D. NBAR examines data in Layers 2 through 4.

Answer is C


Netflow works between 3 and 4

Layer Flexible Netflow workd from Layer 2 to 7 inspect payload

NBAR works 3 to 7

Friday, 12 August 2011

Switching, Backplane and Switching fabric

There is a biggest confusing in the datasheets to understand Forwarding , Switching, Backplane and Switching fabric Internally to a switch.

A specialized hardware is needed to move frames between ports.This specific part can be called backplane or in some cases we talk of switching fabric.

When the forwarding capabilities of a backplane or switching fabric are greater then the sum of speeds of all ports (counted twice one for tx and one rx direction) / full duplex we call the switching fabric non blocking

Traffic between a pair of ports is not influenced by what traffic is exchanged on all other ports.The forwarding rate is expressed in packet per seconds and expresses how many packets per second are needed to reach a certain traffic volume (throughpout)

Clearly forwarding rate depends on frame size.

Ideally a backplane switching fabric should be non blocking for every frame size including the smallest ones (64 bytes in ethernet standard) but in reality most devices can be non blocking for an average size of 400 bytes.

bandwidth is the speed of traffic.

to convert between forwarding rate and used bandwidth we need to take in account some specific aspects of ethernet: with this kind of calculation using frames of minimum size 64 bytes you need 1488000 frames per second and per direction to fill a Gigabit ethernet port.

Be aware that all figures you see sum tx and rx directions so if a switch has 100 Mpps (Million Pkts per second) capability this accounts for a certain number of GE ports at 1 Gbps full duplex.

In almost all switches (Cisco and non-Cisco) the switching limitation is actually NOT bandwidth, its Mpps (mega packets per second).

So the answer actually depends mostly on what your traffic looks like. Worst-case is VOIP traffic which consists of 100byte packets, best case is file transfers using full 1500 byte packets.