« Flexible NetFlow NBAR Support is Working
WAN Optimization Sizing »

What’s all the talk about NBAR?

Posted in NetFlow, Network Traffic Analysis, Scrutinizer on November 20th, 2009 by nathanh
whats-all-the-talk-about-nbar

With the release of Scrutinizer v7.3, we’ve been advertising the support of a couple of new filters that focus around reporting on NBAR. HURRAY!

But in case you don’t know exactly what NBAR is or why its so very cool, lets take a step back and look at what it does for us:

What is NBAR?
First off, NBAR is an acronym for Network-Based Application Recognition.

NBAR works as an application identifier for your traffic streams and works hand-in-hand with QoS to make sure your important applications get prioritized.

Why use NBAR?
With more and more applications using a large spectrum of random ports, sometimes its nearly impossible for your NetFlow analyzer to accurately label the traffic.

Skype is a great example. Since Skype doesn’t commonly use any one well known port, most NetFlow collectors will end up classifying Skype traffic as another application type, which uses those same ports.
As a result, you end up having traffic that is incorrectly labeled.

This is where NBAR comes in.

NBAR will identify that application as Skype, regardless of what port it is using. That application definition will then get exported within the NetFlow packet to your NetFlow trending application.

So with the release of Scrutinizer v7.3, we now introduce the ability to create filters around NBAR applications. Instead of creating reports using port ranges, you can now create a filter for a specific NBAR classification, regardless of which ports they might be using.

Below is a nice screenshot showing application usage based on NBAR definitions:

If this has piqued your interest, here is a nice list of application types that NBAR can define for you.

I want it! How do I setup NBAR?

For more information on how to configure a router for NBAR, see this blog published by Network World.

On a side note, here’s another good acronym that you should know:

T.G.I.F (Go look it up)

-Nathan

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Reddit
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • Technorati
  • Twitter
  • email
  • Print
Tags: , , , , , , ,

This entry was posted on Friday, November 20th, 2009 at 3:37 pm and is filed under NetFlow, Network Traffic Analysis, Scrutinizer. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “What’s all the talk about NBAR?”

  1. Scrutinizer v7.3 – Flow Analytics – Nefarious Activity - NetFlow & sFlow Network Monitoring - Systrax Says:
    November 23rd, 2009 at 1:15 pm

    [...] v7.3, Plixer International showed why they are the leader in NetFlow and sFlow traffic analysis.  NBAR support, a number of new report filters, and a number of new Flow Analytic tools, all make it [...]

  2. What is Cisco NBAR - NetFlow & sFlow Network Monitoring - Systrax Says:
    November 28th, 2009 at 5:33 pm

    [...] this for us with something called Network-Based Application Recognition (NBAR) .   We explained NBAR support in a recent blog and how it allows us to improve on network traffic [...]

Leave a Reply