All about Cisco NBAR ( Network Based Application Recognition )

 Today I am going to talk about NBAR- Network Based Application Recognition. As you know about the intent based networking, it is very important to use the allocated resources for the network applications. So NBAR is the way to adjusts bandwidth for network applications to confirm that accessible resources are consumed as proficiently.

Let’s take an example in the case of simple router, in your network a router will be assign for all essential bandwidth like many of them are mission-critical applications or some are low priority, bandwidth intensive applications.

NBAR can be utilize here for bandwidth controlling in your network. The network admin can view the mix of applications in use by the network at any given time and choose how much bandwidth to permit for each application. The process is called bandwidth policing.

Fig 1.1- Cisco NBAR

So In simple, you can say that you are assigning the bandwidth to the applications on the bases of priority and use. Higher priority or mission critical applications have high bandwidth allocation and lower will get low but at any time you can change and do vice versa according to your needs and requirement.

Once these mission critical applications are categorized they can be assured a minimum amount of bandwidth, policy routed, and noticeable for special treatment. Non-critical applications including Internet gaming applications and MP3 file sharing applications can also be categorized using NBAR and noticeable for best effort service, policed, or blocked as required.

If you remember the NBAR in use was during the Code Red worm attacks of 2001. Most firewalls couldn't look into the HTTP data stream to identify Code Red traffic. However, implementation of NBAR made it possible to recognize the suspicious traffic and block access.

What are the other capabilities of NBAR ?

  1. Eliminate data-flow bottlenecks
  2. Reducing latency in the network
  3. Blocking and denning Spams
  4. Blocking Malware
  5. Increase security and efficiency in the network
  6. Increase revenue and optimize service performance

How do I configure modular QoS traffic classification?
Modular QoS configuration for NBAR is stated in simple three step configuration:

Step-1:Use a class-map command to identify traffic:

Step-2 Use a policy-map command to define how to treat the traffic:

The services which can be configured using policy-map are:

  1. Ensuring bandwidth with Class-Based Weighted Fair Queuing (CBWFQ)
  2. Policing and restrictive bandwidth
  3. Creating for differentiated service downstream or from the service provider (ToS or Diff Serv code points [DSCP])
  4. Drop policy to avoid congestion (Weighted Random Early Detection [WRED])

Step-3: Use a service-policy command to apply this policy on the interface:

In our next article, we will discuss about the NBAR 2 and also the difference between NBAR and NBAR2 which can helps you to understand why and when we required these features.