NBAR: network-based application recognition
-based application to identify the network layer
NBAR to solve the problem of how to classify client / server (application layer traffic) and web-based applications are.
NBAR performs the following functions:
1. recognition applications and protocols (Layer to Layer. 7. 4)
2. discovery protocol (the distinction between different protocols)
3. To provide traffic statistics
categorize traffic NBAR, these classes can be performed early random detection (random early detection), class-based queuing (classification based on queue), and PHP behavior policing QOS of
new applications easily supports loading PDLM (packet description language module), which is why NBAR can identify the upper flow
NBAR application may be used for classifying:
TCP and UDP 1. statically assigned port number
2. non the IP protocol UDP and non-TCP
3. negotiated during connection establishment dynamically allocated TCP and UDP port number (necessary state detection)
4 sub-port classification: HTTP classification, or video, pictures, text flow classification (URLs or MIME Host names ...)
5.MIME: multipurpose Internet Mail extensions type, set some sort of extension to file an application with type of way open, when the extension of the file being accessed, the browser will automatically use the specified application to open, used to specify some customers Custom file name, and some media files.
6. Classification (RTP payload classification) and a plurality of deep packet inspection based application-specific attributes
PDLM: Packet Description Language Module1
PDLM loaded from the flash memory of the router, the identification of new protocol or application;
can be loaded at runtime extensions PDLM, for the identification of new applications and protocols;
may be used to enhance the ability to identify existing protocols;
PDLMs NBAR allowed without the use of a new IOS, identifying new protocol;
PDLMs engineer must be manufactured by Cisco;
currently available PDLMs include:
Peer-to-the peer File-Sharing applications
KaZaa, Morpheus, Grokster, Gnutella and
the Citrix
Novadigm Enterprise Desktop Manager
protocol discovery
protocol analysis found that real-time application traffic patterns, spot traffic running on the network.
Provides bi-directional, each interface, statistics for each protocol:
5-minute bit Rate
Packet Counts
byte Counts
important detection tool (support cisco QoS management tool)
to generate real-time applications statistics
provide traffic information distribution network in key position
Configuration Protocol discovery:
注意:Requires that CEF be enabled before protocol discovery。
配置静态协议的NBAR
Configures the match criteria for a class map on the basis of the specified protocol.
Static protocols are recognized based on the well-known destination port number.
Dynamic protocols are recognized by inspecting the session.
A match not command can be used to specify a QoS policy value that is not used as a match criterion. In this case, all other values of that QoS policy become successful match criteria.
Configure NBAR to search for a protocol or protocol name using a port number other than the well-known port.
Up to 16 additional port numbers can be specified.
Specifies the location of the Packet Description Language Module file to extend the NBAR capabilities of the router.
The filename is in the URL format (for example, flash://citrix.pdlm).
案例:
HTTP is a static protocol using a well-known port number 80. However, other port numbers may also be in use.
The ip nbar port-map command will inform the router that other ports are also used for HTTP.
Case 2
