Network Based Application Recognition
The networking equipment which uses NBAR does a deep packet inspection on some of the packets in a dataflow, to determine which traffic category the flow belongs to. Used in conjunction with other features, it may then program the internal ASICs to handle this flow appropriately. The categorization may be done with OSI layer 4 info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging.
The NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic", as well as non-standard applications using dynamic ports. That's why NBAR is also known as OSI layer 7 categorization.
- NBAR defined at Cisco website
- BitTorrent Encryption and Obfuscation
- Using Network-Based Application Recognition and ACLs for Blocking the "Code Red" Worm, Cisco.
- Network Based Application Recognition: RTP Payload Classification, Cisco.
- Block P2P Traffic on a Cisco IOS Router using NBAR Configuration Example, Cisco.
|This computer networking article is a stub. You can help Wikipedia by expanding it.|