NBAR2:PPFAQ

From DocWiki

Jump to: navigation, search


Contents




Last updated: June 2013


This document contains common questions and answers regarding Cisco® NBAR2 or Next Generation Network-Based Application Recognition (NBAR) Protocol Pack. If you have any unanswered questions after reading this document, or require more clarifications, please email: nbar-pp@cisco.com


This FAQ is divided into following sections:

  • NBAR Introduction
  • Protocol Pack Introduction
  • Protocol Pack Release
  • Protocol Pack SLA (Service Level Agreement)
  • Protocol Pack Licensing
  • Protocol Pack Loading
  • Miscellaneous


NBAR Introduction

Q. What is NBAR2?

A. NBAR2 (or Next Generation NBAR) is a re-architecture of NBAR based on the Service Control Engine (SCE) with advanced classification techniques, accuracy and many more signatures. NBAR2 is backward compatible and is supported on ISR-G2 and ASR1K platforms. NBAR2 is adopted as a Cisco cross platform protocol classification mechanism. It supports 1000 + application and sub-applications. Cisco adds/provides new signatures and signatures updates through monthly released protocol packs.

Q. What are the key benefits of NBAR2?

A. NBAR2 offers following key benefits over NBAR:

  • Advanced classification techniques: NBAR2 leverage classification techniques from SCE, which allow classification of IPv4, IPv6 and v6 transition techniques. NBAR2 can classify evasive applications such as Skype and Tor, as well as business applications such as ms-lync, cloud applications such as office-365 and even mobile applications such as facetime etc. using advanced classification techniques.
  • Field extraction support: It provides the mechanism to extract pre-defined fields from packet headers, which can be exported via Flexible NetFlow (FNF) for reporting.
  • Categorization and attributes: It provides the mechanism to match protocols or applications based on statically assigned attributes such as application-group, category, sub-category, encrypted and tunnel. Categorizing the protocols and applications into different groups helps with reporting and applying Quality of Service (QoS) policies.
  • Common protocol library for NBAR2 across platforms: It offers platform independent signatures for NBAR2 supported platforms.
  • Signatures delivery through protocol pack: A protocol pack is a set of protocols developed and packaged together. Protocol packs are a means to distribute protocol updates outside the Cisco operating system release train and allows more rapid, more flexible and faster adjustment to market trends. Protocol packs can be loaded on the router without replacing the Cisco IOS or reloading the device.
  • Custom protocol using HTTP URL and/or host name: It provides the mechanism to define custom protocols to match based on HTTP URL and/or host name.

Q. Which platforms support NBAR2?

A. NBAR2 is supported on Cisco Network devices such as ISR-G2, ASR1K ,CSR 1000V, ASA-CX and Wireless LAN Controller.

Q. Which protocols can NBAR2 classify?

A. The NBAR2 classification engine recognizes and classifies a wide variety of protocols and applications, including web-based and other difficult-to-classify applications and protocols that use dynamic TCP/UDP port assignments. Please refer to the link below for the complete list of NBAR2 supported protocols



Protocol Pack Introduction

Q. What is a protocol pack?

A. Traditionally, protocols were linked to CIsco operating software and customers had to upgrade Cisco operating software to get new protocol support. Protocol packs are a set of protocols developed and packaged together, and provide a means to distribute new protocols, protocol updates and bug fixes outside the Cisco operating software releases, and can be loaded on the network devices without replacing the Cisco operating software.


Q. Why is NBAR2 transitioning to a protocol pack model?

A. An application modules (also known as PDLM) were traditionally used to add new protocol support. A PDLM extends the list of protocols that NBAR can recognize. As opposed to a PDLM, a protocol pack is a single compressed file that contains multiple PDL files. Protocol packs allow users to load a set of protocols together rather than load them separately. Protocol packs provide an easy way to distribute new protocols, protocol updates and bug fixes. Protocol packs are easy to load. It is easy to upgrade to a later, more updated protocol pack, or revert to a previous version of a protocol pack (this is dependent on compatibility constraints). A protocol pack can be loaded on a device without replacing the Cisco OS image or rebooting the device. With NBAR2 transition to protocol pack model, PDLM are not provided any more. NBAR users using PDLM are recommended to migrate to protocol packs.


Q. Which NBAR2 platforms support protocol pack releases?

A. Today, NBAR protocol packs are released for Cisco ISR-G2, CSR 1000V and ASR1K platforms. The table below shows the minimum Cisco IOS /IOS-XE version required for loading a Protocol Pack.

Platform Minimum IOS/IOS-XE Release First Protocol Pack
ISR-G2 Cisco IOS 15.2(4)M Protocol Pack 2.1.0
ASR1000 Cisco IOS-XE3.7 Protocol Pack 2.1.0
CSR 1000V Cisco IOS-XE3.9 Protocol Pack 5.0.0


Q. Are protocol packs supported on NBAR-1 supported platforms such as Cisco ISR-G1, 7200, 7301 etc.?

A. Protocol packs are supported only on NBAR2 platforms.



Protocol Pack Release

Q. How frequently are protocol packs released?

A. Protocol packs are released monthly; major and minor packs released in alternate months. Major protocol packs deliver new protocols (up to 10), signature updates and bug fixes, in addition to all previously supported protocols. Major protocol packs are numbered as: 1.0, 2.0, 3.0 and so on. Minor protocol packs deliver signature updates and bug fixes only, in addition to previously supported protocols. Minor protocol packs are numbered as: 1.1, 2.1, .3.1 and so on.

The PP 2.1 is a first Protocol Pack release on Cisco IOS (ISR-G2) and Cisco IOS-XE (ASR1K). Cisco IOS (ISR-G2) protocol packs are released ~3 weeks later ASR1K protocol packs. Cisco may decide to skip minor protocol pack in particular month if If there is no significant content in pp.


Q. How are protocol packs released?

A. The Cisco IOS (ISR-G2) and Cisco IOS-XE (ASR1K) protocol packs are released monthly on Cisco.com (CCO). Customers can download protocol packs for their routers from the CCO software download location: Software Download

Q. Where do I find a protocol pack for my router on CCO?

A. NBAR users can download Cisco IOS (ISR-G2) and Cisco IOS-XE (ASR1K) protocol packs from the CCO software download page: Software Download

CCO Location for ISR-G2

Download Home Software Download ->Products->Routers->Branch Routers->Cisco 3900 Series Integrated Services Routers >Cisco 3945 Integrated Services Routers > software on chassis > NBAR2 Protocol Packs->

  -> Release 2.1.0
          Description: ISR 3900 NBAR2 Protocol Pack 2.1.0
               File name: pp-adv-isrg2-152-4M1-13-2.1.0.pack              Size: 0.19mb


CCO Location for ASR1K

Download Home Software Download ->Products->Routers->Service Provider Edge Routers->Cisco ASR 1000 Series Aggregation Services Routers->Cisco ASR 1006 Router > NBAR2 Protocol Packs->

    -> Release 2.1.0
          Description: ASR1k NBAR2 Protocol Pack 2.1.0
               File name: pp-adv-asr1k-152-4S-13-2.1.0.pack                       Size: 0.19mb


CCO Location for CSR 1000V

Download Home Software Download ->Products->Routers->Cloud Routers->Cisco Cloud Services Router 1000V Series ->Cisco Cloud Services 1000V Router > NBAR2 Protocol Packs->

    -> Release 5.0.0
          Description: CSR 1000V NBAR2 Protocol Pack 5.0.0
               File name: pp-adv-csr1000v-153-2-S0a-15-5.0.0.pack                       Size: 0.23mb

Q. Does a user need special access or permission to download a protocol pack from the Cisco software download web page?

A. NBAR users having access to CCO can download NBAR protocol packs from the software download web page.


Q. Does a user need a license of any kind to access NBAR protocol packs?

A. NBAR users having a AVC (Application Visibility and Control) feature license can load and use protocol packs on routers. Please refer to the protocol pack licensing section in this document for more details.


Q. What is the protocol pack image name on CCO?

A. The protocol pack release name format is:

pp-adv-PLT-IOS-E-M.m.r.pack

pp: represents protocol pack 
adv: represents advanced protocol pack (refer to the licensing section below for more details) 
PLT: represents the platform for which the protocol pack is built. i.e. ISR-G2 or ASR1K
IOS: represents the base Cisco IOS/ IOS-XE image for the protocol pack
E: represents the NBAR engine version
M: represents the Major protocol pack release number 
m: represents the Minor protocol pack release number 
r: represents the rebuild number

For example: An advanced protocol pack for a ISR-G2 product:

pp-adv-isrg2-152-4M1-13-2.0.0.pack (Major protocol pack release 2.0.0)

pp-adv-isrg2-152-4M1-13-2.1.0.pack (Minor protocol pack release 2.1.0)

Q. Where do I find information about the content of the protocol pack?

A. Customers can refer to the protocol pack release notes for new contents of protocol packs. Please click on the link below to access release notes under the NBAR2 protocol pack section: NBAR2 Protocol Pack Library



Protocol Pack SLA (Service Level Agreement)

The NBAR protocol pack SLA describes the types of services offered to NBAR2 supported platforms. Today NBAR protocol packs are released to ISR-G2 and ASR1K platforms. Cisco will use best effort to meet the target for all services. For any reason, if Cisco does not meet the target, Cisco customers are not entitled to make a compensation claim.

Services are outlined in the table below*:

Protocol PacK SLA
Protocol Pack SLA Target Comments
Frequency of protocol pack Monthly Protocol packs are released every month for supported platfroms.
Number of new protocols in a major protocol pack ~10 Number of new protocols in every major protocol pack
Protocol pack lifetime support Please refer “protocol pack support model” table below Protocol pack support for Cisco IOS and IOS-XE releases
  • Please note: Information in the table above is subject to change without notice.


Q. What is the support model for protocol packs?

A. Protocol pack support is aligned with the Cisco IOS/IOS-XE release support model. The support timeline is not for the protocol pack but for the base image. Extended Maintenance (EM) releases get more protocol packs compared to Standard Maintenance (SM) releases. Protocol packs on EM releases get support (critical bug fixes and PSIRT) for a longer duration as compared to standard maintenance releases. The table below summarizes the protocol pack support for different Cisco IOS/IOS-XE releases.


Protocol PacK Support Model
Platform Current IOS Release Releases Protocol Pack Support
ISR-G2 T train (EM Release) 15.2(4)M Monthly PP Phase = 12 months

Critical Bug Fix Phase = 18 months

PSIRT Phase = 12 months

ISR-G2 T train (SM Release) 15.3(1)T,15.3(2)T Monthly PP Phase = 6 months

Critical Bug Fix Phase = 6 months

PSIRT Phase = 6 months

ASR1000 S train (EM release) IOS XE 3.7 Monthly PP Phase = 12 months

PSIRT Phase = 12 months

ASR1000 S Train (SM release) IOS XE 3.8 Monthly PP Phase = 6 months

PSIRT Phase = 6 months

ASR1000,CSR 1000V S train (SM release) IOS XE 3.9 Monthly PP Phase = 6 months

PSIRT Phase = 6 months

Platform New IOS Release Releases Protocol Pack Support
ISR-G2 T Train(EM Release) 15.3(3)T Monthly PP Phase = 18 months

Critical Bug Fix Phase = 18 months

PSIRT Phase = 12 months

ISR-G2 T Train (SM release) 15.4(1)T Monthly PP Phase = 6 months

Critical Bug Fix phase = 6 months

PSIRT Phase = 6 months

ASR1000, CSR 1000V S Train (EM Release) IOS XE 3.10 Monthly PP Phase = 18 months

Critical Bug Fix Phase = 18 months

PSIRT Phase = 12 months

ASR1000 ,CSR 1000V S Train (SM release) IOS XE 3.11 Monthly PP Phase = 6 months

Critical bug fix Phase = 6 months

PSIRT Phase = 6 months

  • Please note: Information in table above is subject to change without notice


Extended Maintenance (EM) releases such as Cisco IOSXE 3.10 and Cisco IOS 15.3(3) T will have protocol pack support for 48 months. Of which, 18 months will be the protocol pack phase, followed by the next 18 months for the critical bug fix phase and then the next 12 months for the PSIRT phase.

Standard Maintenance (SM) releases such as Cisco IOS 15.4(1) T and Cisco IOS-XE 3.11 will have protocol pack support for 18 months. Protocol pack phase will be for 6 months, followed by 6 months of the critical bug fix phase and then the next 6 months will be the PSIRT phase.

Protocol pack support defines three phases:

Protocol Pack Phase: Monthly protocol packs are released in this phase. Bug fixes are provided in next possible protocol pack, giving priority to critical signature defects and PSIRT. Customers must provide sufficient information to reproduce and test the scenario that the signature does not detect.

Critical Bug Fix Phase: There are no monthly protocol packs in this phase. Only critical signature defects and PSIRT will be fixed / addressed during this phase. Customers must provide sufficient information to reproduce and test the scenario that the signature does not detect.

PSIRT Phase: There are no monthly protocol packs in this phase. Only PSIRT will be addressed during this phase. Customers must provide sufficient information to reproduce and test the scenario that the signature does not detect.


Cisco will use its best efforts to create a signature with the maximum fidelity possible, with the NBAR technology available at that time. However, in some rare cases, it may not be possible to create such a signature until additional details regarding the test scenario, that does not detect signature, have been discovered or disclosed. In these situations, rather than releasing a low-fidelity signature, Cisco will continue to assess the situation and gather additional data until a signature of sufficient fidelity can be released. Signatures may be improved over time to add additional detection capabilities.


Q. If a protocol pack can be used across a set of IOS image versions, how it will have different support timelines for SM and EM releases?

A. The support timeline is not for the protocol pack, but for the base image. A protocol pack is released every month–for the platforms and versions that support it. If PP9.0 is released only for 3.9 and up, users won’t be able to use it for 3.7, because it will be rejected.



Protocol Pack Licensing

Q. Which license do NBAR users require to load protocol packs?

A. The NBAR2 users require the AVC (Application Visibility and Control) license on routers to load the protocol pack.

AVC License
Platform Cisco Image / Package License
ISR-G2 (880 and 890) Advanced IP Image Services (AVC License)
ISR-G2 (1900,2900,3900) AX / DATA License
ASR1000 Advanced IP Services (AIS) Image or Advanced Enterprise Services Image (AES)

and in addition AVC RTU license

CSR 1000V Premium package

Advanced NBAR2 is enforced on a device configured with AVC license. It supports all protocols/applications (aka Advanced Protocol Pack) and all NBAR2 features. Standard NBAR2 is enforced on a Device without AVC license. It supports very limited NBAR2 functionality and only subset of Protocols (aka Standard Protocol Pack).


The “pProtocol pPack” mentioned throughout this document refers to “Advanced Protocol Pack”.


Q. What is the difference between an advanced and standard protocol pack?

A. The Standard Protocol Pack includes only subset of protocols and is not released periodically. It is not available on CCO for download and does not carry any SLA. It is default protocol pack on a device which has no AVC license. It supports very limited NBAR2 functionality. The standard protocol pack provides an option for NBAR1 users to upgrade to NBAR2 maintaining NBAR1 capabilities. If NBAR1 had limitations, they will remain in the standard protocol pack and will not be fixed.

The advanced protocol pack includes all NBAR2 supported protocols/applications. Support for new protocols/applications, signature updates and bug fixes are released periodically on CCO as explained above in the “Protocol Pack Release” section. It carries SLA (Service Level Agreement) as explained above. It supports all NBAR2 features and is a default protocol pack on device with an AVC license.

Cisco recommends Advanced Protocol Pack to all NBAR users.

Q. Which protocols / applications are supported in the standard protocol pack?

A. Table below lists the protocols / applications supported in the standard protocol pack.


Standard Protocol Pack
Enterprise Applications Security and Tunneling Network Mail services Internet
Citrix ica gre imap ftp
pcanywhere ipinip Pop3 gopher
novadigm ipsec exchange http
sap L2tp notes irc
Routing Protocols Ms-pptp smtp telnet
Bgp sftp Directory tftp
egp shttp Dhcp/bootp nntp
eigrp simap finger netbios
ospf sirc dns ntp
rip sldap kerberos print
Network Management snntp ldap x-windows
Icmp Spop3 Streaming Media Peer-to-Peer
snmp stelnet Cu-seeme bittorrnt
syslog socks netshow Direct connect
RPC ssh Streamworks eDonky/eMule
nfs Voice vdolive fasttrack
Sun-rpc H323 rtsp gnutella
Database rtcp mgcp Kazaa
sqlnet rtp signalling Winmx2.0
Ms-sql-server sip rsvp --
-- Sccp/skinny -- --
-- skype -- --




Protocol Pack Loading

Q. How can users load/unload a protocol pack?

A. The compatible protocol pack must first be copied locally to the router. The “ip nbar protocol-pack < protocol pack file>” command can be used to load a protocol pack on the router. The command syntax is:

[no] ip nbar protocol-pack <protocol pack file> [force]

The <protocol pack file> can be loaded from either the disk or flash, i.e. anything which is local to the router.

ip nbar protocol-pack flash0:pp_file

To unload any previously loaded protocol pack “no” version of the above CLI should be executed.

no ip nbar protocol-pack flash0:pp_file

Alternatively, the following command will revert to the protocol pack that is built into the image.

Default protocol-pack

Q. What is the use of “force” option while loading/unloading a protocol pack?

A. Under normal circumstances, there are a number of checks that are performed before a protocol pack can be loaded. These include:

A] The version of the protocol pack should not be higher than the one in the base image (Integrated PP).

B] The protocol pack must include all the protocols that are currently activated.

C] The protocol pack must include all the active attributes

If any of these checks fail, then the loading of the protocol pack is not allowed.

These checks can be bypassed, if the protocol pack load CLI is used with the “force” keyword.

ip nbar protocol-pack flash0:pp_file force

The CLI should be executed with the “force” argument in the following scenarios:

1.When the user needs to retain the loaded protocol pack configuration across the Cisco IOS version upgrades/downgrades.

2.The force option can be used to override the active protocols check. When the force option is used, the CLI will be accepted if protocol pack doesn’t contain the current active protocol(s).

Example: If User tries to load Protocol Pack 3.0 when base image Protocol Pack (Integrated PP) version is 5.0, Upgrade will be rejected with an error message

“% NBAR Error: Protocol pack version 3.0 is lower than default protocol pack version 5.0”

User can use Force option to load PP3.0.

Q. Which show commands can users use for a protocol pack on the device?

A. The “show ip nbar protocol-pack active” command can be used to view the details of the current active protocol pack. The command syntax is:

show ip nbar protocol-pack <active | protocol pack file> [detail]

This active protocol pack may be the one that is supplied with the base image or a custom protocol pack loaded by the user. The “show ip nbar protocol-pack <protocol pack file>” command can be used to view the details of a non-loaded protocol pack file. Without the “detail” argument, the protocol pack information such as name, publisher, and version will be displayed. With the “detail” argument, the content of protocol pack in details such as the protocols and version in the pack will be displayed.


Q. Can a user load a protocol pack on any Cisco IOS/IOS-XE image?

A. The minimum IOS version required to load a NBAR protocol pack on a ISR-G2 platforms is Cisco IOS Software Release15.2(4) M. Minimum IOS XE version required to load NBAR protocol pack on ASR1K platforms is Cisco IOS-XE 3.7. Protocol packs are released to specific NBAR engine versions. For example, Cisco IOS XE3.7 has NBAR engine 13, so protocol packs for it are written for engine 13 (pp-adv-asr1k-152-4.S-13-3.0.0.pack). Loading a protocol pack can be done if the engine version on the platform is the same or higher than the version required by the protocol pack (13 in the example above). Therefore NBAR protocol pack 3.0.0 for Cisco IOS-XE 3.7 can be loaded on top of Cisco IOS-XE3.7 and Cisco IOS-XE3.8. But protocol pack 3.0.0 for Cisco IOS-XE 3.8 cannot be loaded on top of XE3.7 To view the NBAR engine version on the device, use:

Router#sh ip nbar version | include software

It is strongly recommended to use the protocol pack that is the exact match for the engine, and also recommended to use the latest protocol pack for the base image.


Q. What are the steps to upgrade the protocol pack on the router?

A. Case 1: Upgrade the protocol pack on the router running Cisco IOS-XE 3.7

A] Use following command to check the current active protocol pack on device.

show ip nbar protocol-pack active 

B] Download the latest compatible protocol pack for Cisco IOS-XE 3.7 from the Cisco software download page. The compatible protocol pack has the engine version the same as the Cisco IOS-XE 3.7 image. Copy the protocol pack to the disk (including on standby).

C] Load the new protocol pack using the following command.

Router#ip nbar protocol-pack flash0:pp_file

D] Verify that the new protocol pack is successfully loaded and is active.

Router#show ip nbar protocol-pack <active | protocol pack file> [detail]

Case 2: Protocol pack upgrade during IOS upgrade from Cisco IOS XE 3.7 to 3.8

A] Use following command to check the current active protocol pack on the device. Assuming the current protocol pack is PP3.0.0 for XE3.7.

show ip nbar protocol-pack active

B] Download the protocol pack 3.0.0 for XE 3.8 or the latest compatible protocol pack from the Cisco software download page. The compatible protocol pack has the engine version the same as the Cisco IOS-XE 3.8 image. Copy the protocol pack to the disk (including on standby).

C] Upgrade the IOS to XE3.8 (at this point NBAR is working with a non-recommended protocol pack (3.0 for 3.7 on top of 3.8)

D] Load the new protocol pack using below command.

Router#ip nbar protocol-pack flash0:pp_file

E] Verify that new protocol pack is successfully loaded and is active.

Router#show ip nbar protocol-pack <active | protocol pack file> [detail]



Miscellaneous

Q. If I load incompatible protocol pack on my router, what is the impact?

A. If a user tries to load incompatible protocol pack on router, it will be rejected with an error message saying protocol pack is incompatible with underlying IOS NBAR software version. The Previous protocol pack will remain active on device.


Q. What is the impact of loading protocol pack to running traffic?

A. While loading protocol pack, data forwarding continues but Packets are classified as unknown (ID:0) till new protocol pack becomes active. Protocol pack loading time varies and it depends on protocol pack contents and platform. Users are not allowed to enter any cli till protocol pack loading is completed.


Q. The protocol pack file pp-adv-isrg2-152-4.M1-13-3.0.0.pack indicates IOS release as 15.2(4)M1. I have 15.2(4)M2, will the protocol pack work?

A. Yes, it will work. Major release such as 15.2(4)M and all its rebuilds (M1, M2, M3, etc) have same NBAR engine version. A protocol pack compatible with NBAR engine in IOS release 15.2(4)M will work with all its rebuilds such as 15.2(4)M1,15.2(4)M2, etc.


Q. How do I determine which PP is included with a particular IOS release? Does latest IOS release come with latest PP?

A. When Cisco IOS/IOS-XE image is released, it comes with integrated default protocol pack. This default protocol pack includes contents of protocol pack available at the time of integration. Protocol pack and IOS/IOS-XE images have different release cycles. So it is difficult to map particular protocol pack with IOS/IOS-XE image. It is also not guaranteed that new IOS/IOS-XE image will have any contents of latest protocol pack.



Rating: 0.0/5 (0 votes cast)

Personal tools