NBAR is an intelligent classification engine in Cisco IOS Software that can recognize a wide variety of applications, including web-based and client/server applications. Once the applications are recognized, the network can invoke required services for that particular application.
NBAR adds intelligent network classification to your infrastructure, thus ensuring that the network bandwidth is used efficiently by working with QoS (Quality Of Service ) feature. Using NBAR, network-traffic classification becomes easy and by this you can know how much of say, HTTP traffic, is going on. This in turn allows you to set QoS standards. An uniqueness of NBAR is that unlike NetFlow, it doesn't rely on port & protocol for application categorization, rather it performs a deep-packet inspection and allows you to recognize applications that use dynamic ports. The NBAR approach is useful in dealing with malicious software.
NBAR is capable of conducting deep packet inspection, recognizing and intelligently identifying a wide variety of applications, which use dynamic ports and otherwise would go unnoticed. Usually the applications are classified as critical or non-critical, marked and appropriate action taken (giving preferential treatment or blocking them). It is supported in most Cisco switches and routers. The NBAR data for a particular switch / router is available via SNMP.
ManageEngine IT360 retrieves Cisco's NBAR data that helps in monitoring the network and in reporting of those applications that use dynamic ports. The interfaces on which Cisco's NBAR have to be enabled should be decided. The polling interval has to be set by the user. Deep packet inspection is done which helps in identifying dynamically assigned TCP and UDP ports.
IT360 is now compatible with Cisco's next generation Flexible NetFlow (FNF). Any router which supports FNF can be used to obtain NBAR data. The advantage of using FNF is that we can get traffic usage and other statistics without SNMP polling. NBAR data will be obtained along with the traffic usage details.
The first step is to check if your router supports NBAR. Then, find out the platforms that support NBAR, which can be enabled only on those interfaces identified by IT360. If your router supports NBAR, then you will have to enable NBAR on each of the interfaces that you want to collect NBAR statistics.
NBAR can be enabled in two ways:
SNMP NBAR Report: This report holds the list of various applications, along with their traffic and percentage of total traffic details. The time period for which these reports can be generated vary from 15-minutes to the previous quarter. The time period can be custom selected as well. From these reports, applications which use maximum bandwidth can be identified.
Flexible NetFlow (FNF) NBAR Report: This holds the source and destination IP, application name, source and destination ports, the protocol and the size of the application. The source and destination IP's can be resolved using DNS.