NBAR stand for Network Based Application Recognition.

At the base of NBAR’s role we can find mission critical applications that the router can identify and classify. Once these mission critical applications are classified they can be guaranteed a minimum amount of bandwidth, policy routed, and marked for preferential treatment. Non-critical applications such as Internet can also be classified using NBAR and marked for best effort service, policed, or blocked as required.

NBAR can be used for security as it can verify an application uses the correct (expected) port to create the connection. This is useful with torrent applications or even programs like Skype that change the default port when the firewall block it and hide under known ports such as port 80.

NBAR come with a built-in application database that can be updated either by upgrading the IOS or importing PDLM files that contain updates to its database.
Cisco does not allow creating custom PDLM packages but you can use the many available files.
Loading a file in two steps: copy the file to flash and type the following command:

ip nbar pdlm FILE_NAME

As for command syntax, NBAR is simple and does not use a unique command. This is what you’ll need to use NBAR:

match protocol bittorrent
match protocol skype

You have to create a class-map and apply it using a policy-map.

NBAR is (one of) the most important tool(s) when you have to identify and classify data. It is flexible, versatile and powerful. It is also a major topic for the ONT exam and should be well-practiced, both in theory and labs.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: