How to enable NBAR Protocol Pack on Cisco SDWAN router

Before starting the procedure of updating the NBAR protocol pack, we need to understand what exactly is this NBAR protocol pack means 

Fig 1.1- SD-AVC Cisco SDWAN

A protocol pack, which is a single compressed file containing many Protocol Description Language (PDL) files and a manifest file, may be easily loaded using the NBAR Protocol Pack functionality. 

Prior to the introduction of this functionality, PDLs required separate loading. A collection of necessary protocols may be loaded using NBAR Protocol Pack, assisting network-based application recognition (NBAR) in classifying more protocols on your network.

Lets talk about the two options to update the protocol packs on the Cisco routers as shown below 

Option 1 with SD-AVC enabled

1. Load Protocol Pack 60 into the bootflash on an affected router.

2. Disable NBAR by removing the "app-visibility" and "flow-visibility" commands in the localized policy. From CLI (this can also be done through a template): #config-t #policy #no app-visibility #no flow-visibility #commit

3. Configure "ip nbar protocol-pack bootflash:<path>/<filename>" from CLI or through CLI Add-On Template and commit.

4. Verify the protocol-pack version with command "show ip nbar version".

5. Enable NBAR by adding back the commands "app-visibility" and "flow-visibility" and committing the change.

6. If all changes are done from CLI, ensure that a CLI Add-On Template is added with the appropriate command "ip nbar protocol-pack bootflash:<path>/<filename>" is configured before pushing the template back to the device. Otherwise the config will be removed and these steps will need to be repeated.

Option 2 with SD-AVC disabled

1. Load Protocol Pack 60 into the bootflash on an affected router.

2. Configure "ip nbar protocol-pack bootflash:<path>/<filename>" from CLI or through CLI Add-On Template and commit.

3. Verify the protocol-pack version with command "show ip nbar version".

4. If all changes are done from CLI, ensure that a CLI Add-On Template is added with the appropriate command "ip nbar protocol-pack bootflash:<path>/<filename>" is configured before pushing the template back to the device. Otherwise the config will be removed and these steps will need to be repeated.

How to load an NBAR protocol pack 

NDNA_ASR01> enable
NDNA_ASR01# configure terminal
NDNA_ASR01(config)# ip nbar protocol-pack bootflash:<path>/<filename>
NDNA_ASR01(config)# exit

The following example shows how to load a default NBAR protocol pack:

NDNA_ASR01> enable
NDNA_ASR01# configure terminal
NDNA_ASR01(config)# default ip nbar protocol-pack
NDNA_ASR01(config)# exit

The following example shows how to load a protocol pack of a lower version using the force keyword:

NDNA_ASR01> enable
NDNA_ASR01# configure terminal
NDNA_ASR01(config)# ip nbar protocol-pack bootflash:<path>/<filename> force
NDNA_ASR01(config)# exit

Verifying the Loaded NBAR Protocol Pack

NDNA_ASR01#show ip nbar version

NBAR software version:  44
NBAR minimum backward compatible version:  44
Loaded Protocol Pack(s): 
Name:                            Advanced Protocol Pack
Version:                         44.0
Publisher:                       Cisco Systems Inc.
State:                           Active

Verifying the Loaded NBAR Protocol Pack using CLI Template

NDNA_ASR01#config-transaction
admin connected from 127.0.0.1 using console on NDNA_ASR01
NDNA_ASR01(config)# avc sd-service
NDNA_ASR01(config-sd-service)# commit
Commit complete.
NDNA_ASR01(config-sd-service)# exit
NDNA_ASR01(config)# no avc sd-service
NDNA_ASR01(config)# commit
NDNA_ASR01#config-transaction
ip nbar protocol-pack bootflash:pp-adv-asr1k-173.1a-40-60.0.0.pack ( Through CLI Template)

NDNA_ASR01# Clear sdwan control connections
NDNA_ASR01#  sh ip nbar protocol-pack active detail
Active Protocol Pack:
Name:                          Advanced Protocol Pack
Version:                       60.0
Publisher:                     Cisco Systems Inc.
NBAR Engine Version:           40
Creation time:                 Thu Feb 17 11:01:18 UTC 2022
File:                          bootflash:pp-adv-asr1k-173.1a-40-60.0.0.pack
State:                         Active
Name:                          Secondary Protocol Pack
Version:                       anadba3c9d87fc43f9e1b0ec75a28e
Publisher:                     SD-AVC
NBAR Engine Version:           1001
Creation time:                 Wed Jun 14 21:03:06 UTC 2023
NBAR PP level:                 1
File:                          bootflash:sdavc/sdavc_ppdk.pack
State:                         Active

Continue Reading...

• Cisco SDWAN : Enable onRamp on vManage - The Network DNA
• Cisco Viptela SD-WAN and AWS Transit Gateway: Cloud onRamp
• VMware NSX SD-WAN Onramp: The Best Way to Connect Cloud
• Megaport Virtual Edge & Cisco Viptela SD-WAN
• Cisco SD-WAN: Introduction to The Service Level Agreement (SLA)