cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5326
Views
20
Helpful
7
Replies

Ask the Expert:Next Generation Network-Based Application Recognition (NBAR2)

ciscomoderator
Community Manager
Community Manager

Read the bioWith Shankar Sthanuretnam

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn from Cisco expert Shankar Sthanuretnam about next generation Network Based Application Recognition. (NBAR2) is a Deep Packet Inspection technology traditionally available on Cisco routers

Shankar Sthanuretnam is the technical leader for network-based application recognition (NBAR) within the Network Operating Systems Technology Group. He has been leading platform-independent software development for NBAR and next-generation NBAR (NBAR2) for more than four years. With over 18 years of industry experience in data networking, he has worked on software design and architecture in areas including deep packet inspection, VoIP, network processors, TCP/IP, and LAN/WAN routing technologies. He holds a bachelor of technology degree in computer science from the Indian Institute of Technology, Bombay.

Remember to use the rating system to let Shankar know if you have received an adequate response. 

Shankar might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Network Infastructure sub-community discussion forum shortly after the event. This event lasts through March 23, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

7 Replies 7

Shankar,

I would like to know which platforms and releases support NBAR2?

NBAR2 is is available on ASR1k and ISR-G2 platforms. NBAR2 features are being added incrementally IOS XE release 3.3 and IOS release 15.2(1)T onwards. For more details on specific feature availability in IOS and IOS XE images, please visit:

http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/15_2m_and_t.html

http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_feats_important_notes_35s.html

Thanks Shankar for the response and the ref documents detailing about the same.

NAGISWAREN2
Level 1
Level 1

Hi,

Im very new to nbar... Can you tell me in simple way, what it is, and in which scenario can be used? Thanks.

Sent from Cisco Technical Support iPad App

Regards, Nagis

Hi,

   NBAR (Network Based Application Recognition) is a stateful Deep Packet Inspection technology available on Cisco IOS and IOS-XE routers. It can examine the L3-L7 payload of router traffic and identify which application the traffic belongs to as well as some associated properties. Examples of applications are Skype, Youtube, bittorrent, citrix etc. This information is used by other router features such as QoS, Flexible netflow etc. to enable application based services (e.g. marking/policing based on application and reporting application information in netflow records sent to the collector). NBAR2 is the next-generation architectural evolution of NBAR. NBAR2 can identify many applications seen in enterprise and service provide networks. New application support is being added constantly. For more information on NBAR2 features, please see:

http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6558/ps6616/qa_c67-697963.html

There was also a session on NBAR2 at  Cisco Live London 2012: BRKRST-2065 - Application Visibility Control – NBAR2, QoS, FNF and Insight Reporter. The presented material can be accessed by logging into Cisco Live Virtual.

John Ventura
Level 1
Level 1

Hi Shankar,

Based on the implementation of NBAR i.e., to identify and block peer-to-peer app, I have following questions:

Is it possible for NBAR2 to recognize skype and other Peer-to-peer traffic and what happens when the traffic is encrypted?

Let me know the answers when you can.

thanks,

-John

Hi John,

        NBAR2 uses some heuristic techniques to identify encrypted streams of peer-to-peer apps like skype, bittorrent etc. These heuristic "signatures" are constantly updated to keep pace with new versions of supported apps. There's some risk of false-positives or false-negatives for encrypted apps. This is mitigated by rigorous R&D,  and validation of signatures by a dedicated expert team. There's also a process of continuous feedback from live traffic analysis, customer reports etc.

In many cases, the apps may also change behavior when completely blocked, and new  behavior may not be caught with the available signatures. To avoid such  situations, we recommend throttling (rather than blocking) of  peer-to-peer traffic.

The list of apps supported by NBAR2 is available at:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html

Thanks,

Shankar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco