Part 2: How to run CBAR on Cisco DNA center

How to run CBAR on Cisco DNA center

A CBAR implementation is a controller-based approach for recognizing applications in which the controller interacts with any NBAR function in the network.

NBAR/NBAR2 cannot classify homegrown and custom applications until unless you are going to configure the custom NBAR signatures on the every device who so every is managed and provide feeds to the Orchestrator like DNA Center but CBAR can do for unknown applications, integrate with the third party adapters to get the information through the A records and get the signatures from the home grown applications.

Fig 1.1- CBAR

How to enable CBAR on DNA Center

Step 1: Go the Application visibility under provision tab in the DNA Center and you will see the applications running in your infrastructure.

Step 2: Here is the example showing the applications running in your infrastructure. There are some unclassified applications also running which may be the home grown or custom applications which can de defined and recognized through 

Step 3: When you see the inventory, you will came to know there are some devices which are ready and there are devices which are not ready. These are based on the Device role we are using for the device and the supported IOS version. 

Secondly, we should have the application services running which should be ( application visibility service; application registry and application policy).

Another thing you need to check the protocol packs, as by protocol packs the signatures are being delivered to the devices. So you should update that and make sure you have connection with from the 
DNA Center in order to update your protocol packs.

Once you enable the device with the CBAR, it will get the feeds from NBAR, external sockets like InfoBlox for DNS/A records to understand the applications, O365 to get the dynamic O365 list information.

How CBAR works tightly with NBAR/NBAR2

NBAR (Network Based Application Recognition) is the foundation of CBAR Application Visibility Service. In the backend, NBAR Engines are continuously sending classification rules (server-based mapping of IP/port to application name) to the controller, details about unclassified traffic, and basic application visibility information to the controller.

To understand the application service, the CBAR needs to receive feeds from the NBAR.

In addition, CBAR controller can connect to external authoritative sources such as Infoblox and O365, which could either be used for classifying unclassified traffic or for generating improved signatures.

The controller eventually resolves conflicts between engines, imports new data from external sources and generates both an aggregated Classification Rules File (App Rules) and a dedicated signature file (Protocol Pack) that are periodically downloaded to the devices (using HTTPS) to improve the functionality of the NBAR software.