NBAR monitoring

    Cisco's Network Based Application Recognition (NBAR) is a classification engine that recognizes a wide variety of applications that uses dynamic ports as well as those using well-known port numbers (like Bit Torrent). It helps the network administrator to identify what's really is going on in the network and then define QoS policies to ensure that the bandwidth is used for business applications. It classifies layer 4-7 application traffic which will help you to measure traffic more accurately.

    NBAR benefits

    • Enhance traffic visibility with detailed traffic classification.
    • Identify malicious traffic using dynamic ports with deep-packet inspection.
    • Used in AVC for better QoS and policing.
    • Identify high bandwidth consumption to apply CBQoS policies.

    NBAR traffic report

    The NBAR data for a particular switch / router is available via SNMP. The NBAR report contains the list of various applications along with their traffic and percentage of total traffic details. The period for which these reports can be generated varies from 15-minutes to the last 90 days. You also have an option to customize the time period. This report is used to identify the bandwidth consuming applications and lower the priority of this traffic.

    NBAR traffic report

    Configure NBAR on Cisco devices

    To analyze NBAR traffic, you need to enable polling for NBAR devices.

    Refer the below link to enable NBAR in NetFlow Analyzer:
    https://www.manageengine.com/products/netflow/help/how-to-enable-polling-for-nbar.html

    By default, the polling and timeout interval for NBAR is 5 mins and 10 secs. You can also set the sampling rate manually. It is possible to change the data retention period for CBQoS and NBAR from Settings.

    NBAR-supported platforms include Cisco 800 (12.3T), 1700, 2600, 2800, 3600, 3700, 3800, 7100 (12.0(5)XE2), 7100uBR, 7200 (12.0(5)XE2), 7200 uBR, 7300, 7500 (VIP), and Catalyst 6500 (with or without a FlexWAN card).

     

    CBQoS monitoring

    CBQoS (Class Based Quality of Service) is a Cisco feature set that is part of the IOS 12.4(4)T and above. It provides information about the applied QoS policies to ensure that business-critical applications receive the highest priority on the network. CBQoS monitoring provides you in-depth visibility into the policies applied on your links and the traffic patterns in your various class of traffic.

    CBQoS benefits

    • Validate the effectiveness of class-based QoS policies.
    • Implement changes in current policies with the help of CBQoS stats.
    • Troubleshoot bandwidth congestion by measuring the performance of QoS policies.
    • Check dropped traffic after applying policies.

    CBQoS report

    Cisco CBQoS report shows graphs on pre-policy, post-policy and dropped traffic in defined class-maps. The QoS statistics provided by CBQoS are made available via SNMP polling. If any of the traffic was dropped during congestion because of the rules defined in a policy.

    CBQoS report

    Configure CBQoS for Cisco devices

    To configure CBQoS you need to enable polling on your Cisco devices.

    Refer the below link to enable NBAR in NetFlow Analyzer:
    https://www.manageengine.com/products/netflow/help/how-to-enable-polling-for-cbqos.html

    By default, the polling and timeout interval for CBQoS is 5 mins and 10 secs. You can also set the sampling rate manually. It is possible to change the data retention period for CBQoS and NBAR from Settings.