Cisco IOS Routers support application traffic classification using the Network Based Application Recognition (NBAR) feature.
This brings application intelligence to the Layer 3 router device, putting more value into your network infrastructure.
NBAR is usually used for classifying mission critical applications in order to apply Quality of Service and bandwidth guarantees in the network.
Another useful implementation of NBAR is to identify and block peer-to-peer file sharing applications which are difficult to restrict by just Access Control Lists.
These applications are intelligent enough to use different communication ports in order to bypass firewalls and ACL restrictions. With NBAR, you can identify them on the application layer which is much more effective.
The protocols/applications supported by NBAR depend on the IOS version you are running. If your current IOS version does not support a specific application or protocol, you can download extra PDLM files from Cisco, which add support for additional applications and protocols.
These PDLM files can be stored on the router flash and accessed by
router(config)# ip nbar pdlm flash:// pdlm-name
To see what NBAR protocols are supported in your current IOS, use the command match protocol ? and see the options that appear (this is under the class-map command).
Lets see an example configuration below:
!Assume the following p-to-p applications are not supported and we have downloaded
! the appropriate PDLMs
Router(config) # ip nbar pdlm flash://kazaa2.pdlm
Router(config) # ip nbar pdlm flash://bittorrent.pdlm
Router(config) # ip nbar pdlm flash://gnutella.pdlm
Router(config) # ip nbar pdlm flash://eDonkey.pdlm
! configure a class-map to identify traffic
Router(config) # class-map match-any peer-to-peer
Router(config-cmap) # match protocol gnutella
Router(config-cmap) # match protocol kazaa2
Router(config-cmap) # match protocol napster
Router(config-cmap) # match protocol fasttrack
Router(config-cmap) # match protocol novadigm
Router(config-cmap) # match protocol edonkey
Router(config-cmap) # match protocol bittorrent
! Apply action to the traffic using a policy map
Router(config)# policy-map drop-peer-to-peer
Router(config-pmap)# class peer-to-peer
Router(config-pmap)# drop
! Apply the policy to the interface facing the internal LAN network
Router(config)# Interface fastethernet 0/0
Router(config-if)# ip nbar protocol-discovery
Router(config-if)# service-policy input drop-peer-to-peer
Cisco NBAR2 (Next Generation Nbar)
NBAR2 is the new version with better classification techniques, more signatures to identify applications and better accuracy. It is based on Service Control Engine (SCE) and is supported on ISR-G2 and ASR1K routing platforms.
Related Posts
- EIGRP Variance and Unequal Cost Load Balancing in Networking
- Comparison of Reported Distance vs Feasible Distance in EIGRP
- Explanation and Comparison of OSPF E1 vs E2 Routes
- Discussion and Explanation of OSPF Graceful Restart and Shutdown
- Explanation and Configuration of OSPF MD5 Authentication on Cisco Networks