With the release of Scrutinizer v7.3, we’ve been advertising the support of a couple of new filters that focus around reporting on NBAR. HURRAY!
But in case you don’t know exactly what NBAR is or why its so very cool, lets take a step back and look at what it does for us:
What is NBAR?
First off, NBAR is an acronym for Network-Based Application Recognition.
NBAR works as an application identifier for your traffic streams and works hand-in-hand with QoS to make sure your important applications get prioritized.
Why use NBAR?
With more and more applications using a large spectrum of random ports, sometimes its nearly impossible for your NetFlow analyzer to accurately label the traffic.
Skype is a great example. Since Skype doesn’t commonly use any one well known port, most NetFlow collectors will end up classifying Skype traffic as another application type, which uses those same ports.
As a result, you end up having traffic that is incorrectly labeled.
This is where NBAR comes in.
NBAR will identify that application as Skype, regardless of what port it is using. That application definition will then get exported within the NetFlow packet to your NetFlow trending application.
So with the release of Scrutinizer v7.3, we now introduce the ability to create filters around NBAR applications. Instead of creating reports using port ranges, you can now create a filter for a specific NBAR classification, regardless of which ports they might be using.
Below is a nice screenshot showing application usage based on NBAR definitions:
If this has piqued your interest, here is a nice list of application types that NBAR can define for you.
I want it! How do I setup NBAR?
On a side note, here’s another good acronym that you should know:
T.G.I.F (Go look it up)Tags: NBAR, NBAR applications, netflow packet