What is NBAR?
NBAR(Network Based Application Recognition) is an intelligent classification engine in Cisco IOS Software that can recognize a wide variety of applications like Web-based and client/server applications. It can analyze & classify application traffic in real time. NBAR is supported in most Cisco switches and routers and this information is available via SNMP.
Why do I need NBAR?
NBAR, by adding intelligent network classification to your infrastructure, helps in ensuring that the network bandwidth is used efficiently by working with QoS(Quality Of Service) feature. With NBAR, network-traffic classification becomes possible and by this we can know how much of say, HTTP traffic is going on. By knowing this, QoS standards can be set. Unlike NetFlow, which relies on port & protocol for application categorization, NBAR performs a deep-packet inspection and allows you to recognize applications that use dynamic ports. Also, the NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic", as well as non-standard applications using non-determinaly ports.
NBAR can be enabled in two ways:
The NBAR enabling from the user interface is the most convenient way of enabling NBAR. You will first have to check whether your router supports NBAR. NBAR can be enabled only on those interfaces which are identified by NetFlow Analyzer. If your router supports NBAR, then you will have to enable NBAR on each of the interface that you want to collect NBAR statistics.
"NetFlow Analyzer has helped us reduce the time taken to isolate and
Fred Hassard, Sr. Network Engineer, Adventist Health