What is Network Based Application Recognition (NBAR)?
How Does Network Based Application Recognition (NBAR) Impact Application Performance?
Network Based Application Recognition
(NBAR) is a network traffic classification engine with QoS support within the Cisco Application Visibility and Control (AVC) solutions suite that uses deep packet inspection (DPI) to analyze and categorize network traffic by application. It supports a wide range of protocols and ports to identify application traffic, as well as flexible packet description language modules (PDLM) to quickly add new protocols. Combining NBAR with other technologies, notably, a metrics collection and exporting agent, a management and reporting system, and a Quality of Service (QoS) control system, completes the Application Visibility and Control (AVC) solution and allows network managers a full visibility of their network traffic and control over traffic priority and network optimization.By using NBAR to intelligently categorize application traffic, mission critical applications can be prioritized, guaranteeing them bandwidth resources. While non-critical applications can have their bandwidth limited to allow users some access while budgeting resources. Other applications can be identified as threats or resource hogs and can be blocked altogether. This gives network managers significant control over applying security and optimization policies throughout their network.
What is Next Generation Network Based Application Recognition (NBAR2)?
Next Generation NBAR
or NBAR2 is a backward compatible re-architecture of NBAR, designed with several new advantages that give greater granular control over network traffic while addressing new technologies and emerging security threats. Features include advanced classification techniques to identify new IP protocols, evasive applications (for example, Tor), cloud applications, and mobile applications. Further improvements include traffic accuracy techniques, custom protocols, common protocol library, and a new signature delivery using protocol packs that allow distribution of protocol updates outside of the Cisco operating release train enabling rapid response to market trends.
Application Performance and Network Based Application Recognition (NBAR)
Bandwidth for enterprise networks is a limited resource, and business operations use more by moving to the cloud, while applications continue to adjust their protocols to prevent detection, understanding exactly how efficiently and effectively bandwidth is utilized can have a tremendous impact on application performance. The ability to categorize network traffic based on application has been a significant game changer in network optimization. In its simplest form NBAR is merely a traffic classification engine, after packets are marked what is done with them is up to the network manager. With NBAR and NBAR2, network traffic congestion can be understood by its source and description and subsequently limited, blocked, or prioritized.
By displaying AVC metrics (application, server, and network response times) network managers can optimize and troubleshoot with greater visibility and control. Figure 1 displays traffic metrics from LiveAction’s AVC flow visualization, for example application names and their associated traffic.
By further visualizing these metrics, bottlenecks can be seen easily as in figure 2, and then Quality of Service (QoS) policies can be enacted to respond to network congestion. In figure 3, a QoS policy was applied to limit video traffic, as can be in the real-time monitoring traffic for that classification was throttled down.
The Cisco Application Visibility and Control (AVC) solution deploys a holistic approach for managing quality of service (QoS) technologies. It intelligently prioritizes traffic for critical applications while reducing or preventing traffic from noncritical or unwanted applications in an attempt to improve network and application performance over a wide area network (WAN).