Best Practices

Cisco NBAR

Network Based Application Recognition (NBAR) is Cisco’s intelligent classification mechanism that uses deep packet inspection (examination of the data as well as the header of an IP packet) to organize Layer 7 applications on the basis of bandwidth usage. Using NBAR, the routers can now recognize traffic from layers 3 to 7. In addition to deep packet inspection, NBAR uses static TCP/UDP ports, non-UDP/TCP IP protocols, dynamically assigned TCP/UDP ports and sub-port classification to identify packets.

NBAR can recognize both web-based and client/server applications and classify them as per-bandwidth requirements, and the network device can then program the internal ASICs to take appropriate actions like ensuring higher priority, dropping packets, routing according to policy and so on. For instance, mission-critical applications and ERP can be guaranteed at least a minimum amount of bandwidth and can perhaps be marked for preferential treatment; non-critical applications can be marked for best service; and applications like gaming and video streaming might be blocked or flagged for bandwidth throttling.

NBAR is extensively used for QoS and security purposes. With NBAR’s intelligent classification in place, administrators can minimize latency and eliminate data-flow bottlenecks. Multiple service performance can be optimized, and critical applications like VoIP can be guaranteed requisite bandwidth in line with the QoS policies. Security can be enhanced by blocking spam and malware, and by monitoring non-standard and dynamic ports. For instance, NBAR-enabled devices were able to identify the Code Red worm of 2001, while normal firewalls were unable to do so.

WhatsUp Gold can intelligently identify and oversee NBAR traffic. It leverages NBAR’s protocol discovery feature, and uses SNMP to poll the NBAR Management Information Base (MIB) to collect application and protocol statistics for each interface. This allows the traffic monitoring software to identify standard ports, protocols as well as difficult-to-classify protocols and dynamically assigned ports. These statistics can then be used to defining traffic classes and QoS policies. Additionally, WhatsUp Gold’s new Top NBAR Applications report gives a complete view of NBAR traffic, thereby allowing administrators to rapidly diagnose performance issue and bandwidth utilization.

Monitor Everything in Your Network

Start Your Free Trial of WhatsUp Gold

  Download Free Trial     Watch a Demo