Network Based Application Recognition

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Network Based Application Recognition (NBAR)[1] is the mechanism used by some Cisco routers and switches to recognize a dataflow by inspecting some packets sent.

The networking equipment which uses NBAR does a deep packet inspection on some of the packets in a dataflow, to determine which traffic category the flow belongs to. Used in conjunction with other features, it may then program the internal ASICs to handle this flow appropriately. The categorization may be done with OSI layer 4 info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging.[2]

The NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic", as well as non-standard applications using dynamic ports.[3] That's why NBAR is also known as OSI layer 7 categorization.

On Cisco routers, NBAR is mainly used for Quality of Service and Security purposes.


External links[edit]