Network Based Application Recognition (NBAR)

Network Based Application Recognition (NBAR) is the mechanism used by some Cisco routers and switches to recognize a dataflow by inspecting some packets sent. The networking equipment which uses NBAR does a deep packet inspection on some of the packets in a dataflow, to determine which traffic category the flow belongs to. Used in conjunction with other features, it may then program the internal application-specific integrated circuits (ASICs) to handle this flow appropriately. The categorization may be done with Open Systems Interconnection (OSI) layer 4 info, packet content, signaling, and so on but some new applications have made it difficult on purpose to cling to this kind of tagging. The NBAR approach is useful in dealing with malicious software using known ports to fake being "priority traffic", as well as non-standard applications using dynamic ports. That's why NBAR is also known as OSI layer 7 categorization. On Cisco routers, NBAR is mainly used for quality of service and network security purposes.^[1]

Applications in today's enterprise networks require different levels of service based upon business requirements. These requirements can be translated into network policies. The resources provided here assist you in configuring your network to provide the appropriate level of service to these applications. Mission critical applications including ERP and workforce optimization applications can be intelligently identified and classified using Network Based Application Recognition (NBAR). Once these mission critical applications are classified they can be guaranteed a minimum amount of bandwidth, policy routed, and marked for preferential treatment. Non-critical applications including Internet gaming applications and MP3 file sharing applications can also be classified using NBAR and marked for best effort service, policed, or blocked as required.

See Also

References