NBAR(Network Based Application Recognition) is an intelligent classification engine in Cisco IOS Software that can recognize a wide variety of applications like Web-based and client/server applications. It can analyze & classify application traffic in real time. NBAR is supported in most Cisco switches and routers and this information is available via SNMP.
NBAR, by adding intelligent network classification to your infrastructure, helps in ensuring that the network bandwidth is used efficiently by working with QoS(Quality of Service) feature. With NBAR monitoring, network-traffic classification becomes possible and by this we can know how much of say, HTTP traffic is going on. By knowing this, QoS standards can be set. Unlike NetFlow, which relies on port & protocol for application categorization, NBAR allows you to recognize applications that use dynamic ports. Also, the NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic", as well as non-standard applications using non-determinaly ports.
NBAR can be enabled in two ways:
The NBAR enabling from the user interface is the most convenient way of enabling NBAR. You will first have to check whether your router supports Cisco NBAR. NBAR can be enabled only on those interfaces which are identified by NetFlow Analyzer. If your router supports NBAR, then you will have to enable NBAR on each of the interface that you want to collect NBAR statistics.
Network Based Application Recognition (NBAR) is a Cisco mechanism that analyzes applications traffic to determine malicious traffic and non-standard applications, used to ensure performance and security.
With NBAR, you can recognize traffic, classify the applications with dynamic ports, and decide priority with the QoS feature.
NBAR identifies the applications of the specific router interface by packet inspection. It classifies the applications and helps you provide differentiated services to every application.