NBAR (Network Based Application Recognition) is an intelligent classification engine in Cisco IOS Software that can conduct deep packet inspection, recognize and intelligently identify a wide variety of applications which use dynamic ports and otherwise would go unnoticed. Usually the applications are classified as critical or non critical, marked and appropriate action taken (giving preferential treatment or blocking them). It is supported in most Cisco switches and routers. The NBAR data for a particular switch / router is available via SNMP.
In any organization the network bandwidth available is limited and proper utilization of the available bandwidth is very critical. Mission critical applications have to be given the highest priority but most of the time low priority applications such as skype, torrent, games and so on clog the available bandwidth. This hinders the availability of bandwidth for critical applications. Cisco's NBAR, an inherent component of Cisco IOS comes to your rescue in such a case. They also recognize applications which are dynamically assigned TCP and UDP ports.
NetFlow Analyzer retrieves Cisco's NBAR data and it helps in monitoring the network and in reporting of these applications that use dynamic ports. The interfaces on which Cisco's NBAR have to be enabled should be decided. The polling interval has to be set by the user. Deep packet inspection is done which helps in identifying dynamically assigned TCP and UDP ports.
ManageEngine NetFlow Analyzer is now compatible with Cisco's next generation Flexible NetFlow(FNF). Any router which supports FNF can be used to obtain NBAR data. The advantage of using FNF is that we can get traffic usage and other statistics without SNMP polling. NBAR data will be obtained along with the traffic usage details.
The NBAR report contains the list of various applications along with their traffic and percentage of total traffic details. The time period for which these reports can be generated vary from 15-minutes to the previous quarter. The time period can be custom selected as well. From these reports, applications which use maximum bandwidth can be identified.
FNF NBAR report will contain the source and destination IP, application name, source and destination ports, the protocol and the size of the application. The source and destination IP's can be resolved using DNS.
These applications if found to be non-critical can be marked and blocked. In case they are critical they can be given highest priority by the network manager.
The network manager of an US based company is concerned about a problem in the network. The employees complain that mission critical applications (eg. ERP) fail to connect or they operate with a delay while using them over the network. Since the bandwidth-hogging applications are using dynamic ports, the open source "flow monitor" software fails to recognize those applications. Hence these applications are not marked and classified. Hence they traverse the network unchecked, clogging the network bandwidth and choking the mission critical applications.
The network administrator now decides to use a network traffic analysis and bandwidth monitoring tool which supports Cisco's NBAR. ManageEngine NetFlow analyzer is considered as an affordable option. With the help of NetFlow Analyzer, he is able to recognize all the applications passing through the network. Reports which lists the different applications along with their size and percentage of the total traffic details can be referred by the network manager. These reports are generated for each of the interfaces(both IN and OUT ports)on which NBAR is enabled. Hourly, weekly, monthly and quarterly reports can be viewed. The network manager custom selects the time period to view the top applications. He decides to block these non-critical applications. This results in business critical applications getting enough bandwidth which can be used without any problem.
NetFlow Analyzer is a NetFlow, sFlow, JFLow (and more) collector and analyzing engine integrated together. NetFlow analyzer is a software (for windows and linux), does not require any hardware probes, which can be downloaded, used in your network environment and can be evaluated for 30 days. Go through the following useful links for better understanding of how NetFlow Analyzer can help you in understanding your network traffic and bandwidth utilization.
- Ross Hunton
Operations & Network Manager in Tropical Shipping USA, LLC