Wikipedia

Network Based Application Recognition: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
this is cisco proprietary
Undid revision 1285706095 by Mike Holand102 (talk) Refspam
 
(16 intermediate revisions by 15 users not shown)
Line 1:
'''Network Based Application Recognition''' (NBAR)<ref>[https://web.archive.org/web/20050924161229/http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm NBAR defined at Cisco website]</ref> is the mechanism used by some [[Cisco]] [[Router (computing)|router]]s and [[Network switch|switches]] to recognize a [[Traffic_flow_(computer_networking)|dataflow]] by theinspecting firstsome [[packet (information technology)|packetpackets]] sent.
{{orphan}}
 
The [[Computer network|networking]] equipment which uses NBAR does a [[deep packet inspection]] on thesome firstof packetthe packets in a dataflow, to determine which traffic category the flow belongs to. ItUsed in conjunction with other features, it may then programsprogram the internal [[ASICapplication-specific integrated circuits]]s (ASICs) to handle this flow appropriately. The categorization ismay usuallybe done with [[OSI_layer_4Application_layer|Open Systems Interconnection (OSI) layer 4]] info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging.<ref>[[BitTorrent protocol encryption|BitTorrent Encryption and Obfuscation]]</ref>
'''Network Based Application Recognition''' (NBAR)<ref>[http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/dtnbarad.htm NBAR defined at Cisco website]</ref> is the mechanism used by some [[Cisco]] [[router]]s and [[Network switch|switches]] to recognize a dataflow by the first [[packet (information technology)|packet]] sent.
 
The NBAR approach is useful in dealing with malicious [[software]] using known [[TCP and UDP port|ports]] to fake being "priority traffic", as well as non-standard applications using dynamic ports.<ref>''[http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Using Network-Based Application Recognition and ACLs] for Blocking the "Code Red" Worm'', Cisco.</ref> That's why NBAR is also known as [[OSI_layer_7OSI layer 7]] categorization.
The [[Computer network|networking]] equipment which uses NBAR does a [[deep packet inspection]] on the first packet in a dataflow, to determine which traffic category the flow belongs to. It then programs the internal [[ASIC]]s to handle this flow appropriately. The categorization is usually done with [[OSI_layer_4]] info, but new applications have made it difficult to cling to this kind of tagging.
 
On Cisco routers, NBAR is mainly used for [[Qualityquality of Serviceservice]] and [[Securitynetwork security]] purposes.
The NBAR approach is useful in dealing with malicious [[software]] using known [[TCP and UDP port|ports]] to fake being "priority traffic", as well as non-standard applications using dynamic ports.<ref>''[http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml Using Network-Based Application Recognition and ACLs] for Blocking the "Code Red" Worm'', Cisco.</ref> That's why NBAR is also known as [[OSI_layer_7]] categorization.
 
On Cisco routers, NBAR is mainly used for [[Quality of Service]] and [[Security]] purposes.
 
==References==
{{reflist}}
<div class="references-small">
<references/>
</div>
 
== External links ==
*[http://whitepapers.zdnet.co.uk/0,39025945,60105500p-39000590q,00.htm ''Network Based Application Recognition: RTP Payload Classification''], Cisco.
*[http://www.cisco.com/en/US/products/ps5855/products_configuration_example09186a0080ac3082.shtml ''Block P2P Traffic on a Cisco IOS Router using NBAR Configuration Example''], Cisco.
 
[[Category:Computer network security]]
 
 
{{compu-network-stub}}
 
[[Category:Computer network security]]
 
[[ru:NBAR]]
Retrieved from "https://en.wikipedia.org/wiki/Network_Based_Application_Recognition"