Network Based Application Recognition
Network Based Application Recognition (NBAR)[1] is the mechanism used by some Cisco routers and switches to recognize a dataflow by inspecting some packets sent.
The networking equipment which uses NBAR does a deep packet inspection on some of the packets in a dataflow, to determine which traffic category the flow belongs to. Used in conjunction with other features, it may then program the internal ASICs to handle this flow appropriately. The categorization may be done with OSI layer 4 info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging.[2]
The NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic", as well as non-standard applications using dynamic ports.[3] That's why NBAR is also known as OSI layer 7 categorization.
On Cisco routers, NBAR is mainly used for Quality of Service and Security purposes.
References
- ^ NBAR defined at Cisco website
- ^ BitTorrent Encryption and Obfuscation
- ^ Using Network-Based Application Recognition and ACLs for Blocking the "Code Red" Worm, Cisco.
External links
- Network Based Application Recognition: RTP Payload Classification, Cisco.
- Block P2P Traffic on a Cisco IOS Router using NBAR Configuration Example, Cisco.