NBAR2:Overview

From DocWiki

Revision as of 10:02, 3 June 2013 by Jbarozet (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


With Cisco AVC, Cisco ASR 1000, ISR-G2 and Cisco Wireless Controllers can identify over 1000 applications within the traffic flow using NBAR2, Cisco’s innovative Deep Packet Inspection (DPI) technology. In order to address the evolving nature of applications, NBAR2’s application signature can be updated through Protocol Pack while the router is in-service.

A distinction needs to be made between protocols and applications. While protocols may be identifiable by port numbers, different applications may all run over the same port. Today, many applications run over HTTP. It may even be impossible to identify an application from just inspecting individual packets. Network based application recognition (NBAR) is a way of inspecting streams of packets, down to layer 7 inspection, to identify the end application. It is a key part of AVC because once the application has been identified it becomes possible to invoke application-specific behaviour or to collect metrics that are meaningful to enterprises because the reports relate directly to end usage of the network.

NBAR2 provides Stateful Deep Packet Inspection (DPI) capability natively. This Next Generation NBAR, or NBAR2, enhances application recognition engine to support over 1000 applications. NBAR2 also provides additional capabilities such as application attributes, which provide grouping of applications with similar properties into category, sub-category, application-group, etc. NBAR2’s categorization of protocols into meaningful terms simplifies report aggregation and control configuration. NBAR2 also provide field extraction capability, such as HTTP URL, SIP domain, Mail server, etc. which allow extract information out of application for classification or exporting. With NBAR2 Protocol Pack, new and updated application signatures can be loaded into the routers without the need to upgrade the software image. NBAR2 is capable of defining a customized applications based on ports, payload values, or URL. The set of attributes for each protocol could be customized as well.



Rating: 2.0/5 (2 votes cast)

Personal tools