Given the complex behavior and architecture of many popular applications, the discovery and identification of application traffic flowing over network links can be challenging. However, technologies such as Cisco Network-Based Application Recognition (NBAR) provide Layer 7 application visibility directly from the router without additional probes or packet capture modules.
Similar to Cisco IP SLA, Cisco CBQoS, and Cisco NetFlow, NBAR is an inherent component of Cisco IOS. From within the network device operating system, NBAR can inspect packets traversing the device and identify the corresponding applications. This means traffic such as TCP packets running over port 80 could be more accurately labeled as http://www.google.com, SAP, Microsoft SharePoint, or http://www.salesforce.com. This level of identification at the router is especially beneficial in virtualized environments, where associating server port ranges with IP addresses to identify applications can be challenging. Service providers can also benefit from NBAR capabilities by properly identifying applications prior to VPN encryption, allowing them to provide differentiated services across their WAN.
| Protocol | Type | Description |
| BitTorrent | TCP | File-sharing application |
| Gnutella | TCP | File-sharing application |
| Kazaa2 | TCP | File-sharing application |
| eDonkey | TCP | File-sharing application |
| Fasttrack | TCP | File-sharing application |
| Napster | TCP | File-sharing application |
| SCCP | TCP | Skinny Call Control Protocol |
| SIP | TCP and UDP | Session Initiation Protocol |
| MGCP | TCP and UDP | Media Gateway Control Protocol |
| H.323 | TCP and UDP | An ITU-T standard for digital videoconferencing over TCP/IP networks |
| SKYPE | TCP and UDP | Application allowing telephone conversation over the Internet |
| FTP | TCP | File Transfer Protocol |
| Exchange | TCP | MS-RPC for Exchange |
| HTTP | TCP | HTTP with URL, host, or MIME classification |
| Citrix | TCP | Citrix published application |
| Netshow | TCP/UDP | Microsoft Netshow |
| RealAudio | TCP/UDP | RealAudio Streaming Protocol |
| r-commands | TCP | rsh, rlogin, rexec |
| StreamWorks | UDP | Xing Technology Stream Works audio/video |
| SQL*NET | TCP/UDP | SQL*NET for Oracle |
| SunRPC | TCP/UDP | Sun Remote Procedure Call |
| TFTP | UDP | Trivial File Transfer Protocol |
| VDOLive | TCP/UDP | VDOLive streaming video |
While Cisco IOS NetFlow has become the de facto standard for identifying protocol traffic mixes on network circuits, it does not provide application-layer visibility. Instead, it requires the user to make the connection between protocol port and a specific application. NBAR closes this gap for programs requiring specific application classification, such as QoS. While NetFlow continues to rise in popularity due to its widespread availability and straightforward implementation, NBAR complements NetFlow when application layer identification is needed.
CA | NetQoS - Network Performance Management products and services for the world's largest networks. © 2001-2010 CA | NetQoS, Inc. All rights reserved.
Newsletter Sign-Up