Network-Based Application Recognition (NBAR)





   Ø  Cisco Content Networking is an intelligent network architecture that dynamically recognizes internet business applications and engages network services to achieve end-to-end security, performance and availability.
   Ø  This architecture has three components:
-          Intelligent network classification and network services delivered through Cisco IOS software.
-          Intelligent network devices that integrate internet business applications with network service.
-          An intelligent policy management framework for configuration, monitoring and accounting.

Network-Based Application Recognition Overview:
 
     Ø  NBAR , a feature first available in Cisco IOS software Release 12.0(5)XE2, provides intelligent network classification for network infrastructure.
     Ø  NBAR is a classification engine that can recognize a wide variety of applications, including web-based applications and client/server application that dynamically assign TCP or UDP port numbers.
     Ø  NBAR currently works with QoS feature to help ensure that the network bandwidth.
     Ø  These feature include the ability to
-          guarantee bandwidth to critical applications
-           limit bandwidth to other applications
-          Drop selective packets to avoid congestion

Features at a Glance::
     
      Ø  NBAR supports a wide range of network protocols , including some of these stateful protocols that were difficult to classify before NBAR:
-          HTTP classification by URL
-          Oracle SQL*Net
-          Sun RPC
-          FTP
-          TFTP and more.
      Ø  NBAR also classifies traditional static port protocols for supporting a wide range of solutions.
      Ø  Support for new protocols can be easily and quickly added using packet description language   modulus (PDLMs) from Cisco systems.
      Ø  PDLM contain the rules used by NBAR to recognize an application.
      Ø  After applications are intelligently classified, the network can apply the following QoS features:
-          Guaranteed bandwidth with class-based weighted fair queuing (CBWFQ)
-          Enforce bandwidth limits using policing.
-          Making for differentiated service downstream.
            -          Drop policy to avoid congestion.

Protocol Supported by NBAR::
1
     1)      Non-UDP and Non-TCP Protocols:
-          EGP (8)
-          EIGRP (88)
-          GRE (47)
-          ICMP (1)
-          IPsec (50,51)
-           
     2)      TCP and UDP static port Protocols:
-          BGP (179)
-          DHCP/BOOTP(67,68)
-          DNS
-          HTTP
-          HTTPS
-          Kerberos (88,749)
-          LDAP (389)
-          NTP (123)
-          POP3
-          RIP
-          SMTP
-          SNMP (161,162)
-          SSH
-          Syslog (514)
-          Telnet

Configure NBAR::
     
       Ø  To configure NBAR, perform the tasks described in the following sections:
-          Configure a traffic class (Required)
-          Configure a Traffic policy (Required)
-          Attaching a traffic policy to an interface (Required)
-          Verifying Traffic policy configuration (Optional)
-          Monitoring and Maintaining NBAR (Optional)
        Ø  You must enable Cisco Express Forwarding (CEF) on the router prior to configuring the NBAR feature.
       
        1)      Configuring a Traffic Class:

Router (config)# class-map [match-all | match-any] <class-name>
Router (config-cmap)# match protocol <protocol-name>

       2)      Configure a Traffic Policy:

Router (config)# policy-map <policy-name>
Router (config-pmap)# class <class-name>
Router (config-pmap-c)#

      3)      Attaching a traffic policy to an interface:

Router (config-if)# service-policy [output|input] <policy-map-name>

     4)      Verifying Traffic Policy Configuration:

Show class-map
Show class-map <class-name>
Show policy-map
Show policy-map <policy-map-name>
Show policy-map interface
Show policy-map <interface-spec>
Monitoring and Maintaining NBAR:
     Ø  NBAR can determine which protocols and applications are currently running on a network.   
   Ø NBAR includes the Protocol Discovery feature that provides an easy way of discovering application protocols operating on an interface so that appropriate QoS policies can developed and applied.
    Ø  With protocols discovery, you can discover any protocol traffic supported by NBAR and obtain statistics associated with that protocol.

·         Displays the TCP/UDP port number used by NBAR to classify a given protocols.

# show ip nbar port-map [protocol-name]

·         Display the statistics for all interface on which protocol Discovery is enabled.

# show ip nbar protocol-discovery

EXAMPLE:
Router(config)# class-map CLASS
Route(config-cmap)# match protocol icmp
Router(config)# policy-map CLASS1
Router(config-pmap)# class CLASS
Router(Config-pmap-c)# drop
Router(config)# int fa0/0
Router(config-if)# service-policy output CLASS1
Router (config-if)# ip nbar protocol-discovery


By Er.AJAI SINGH on Sunday, 20 January 2013 | , | A comment?
0 responses to “Network-Based Application Recognition (NBAR) ”

Leave a Reply

Newer entries
Older entries