We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKimberly Callahan
Modified over 2 years ago
1NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. NETWORK BASED APPLICATION RECOGNITION Tim McSweeney Product Manager, QoS Internet Technologies Division
2NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. Agenda What is Network Based Application Recognition (NBAR)? Benefits and hardware support NBAR Functionality
3NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 3Cisco IOS QoS Update, 11/03 © 2003 Cisco Systems, Inc. All rights reserved. My Application is too slow! Citrix25% Netshow 15% Fasttrack10% FTP30% HTTP20% Link Utilization Mark Citrix as Interactive traffic and police FTP. Guarantee bandwidth for Citrix! Intelligent classification engine used with Quality of Service (QoS) class-based features Protocol Discovery analyzes application traffic patterns in real time and identifies which traffic is running on the network NBAR
4NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 4Cisco IOS QoS Update, 11/03 © 2003 Cisco Systems, Inc. All rights reserved. NBAR – Intelligent Classification Capable of classifying applications that have: Statically assigned TCP and UDP port numbers Non-TCP and non-UDP IP protocols Dynamically assigned TCP and UDP port numbers during connection establishment Classification based on deep packet inspection: NBAR can look deeper into the packet to identify applications HTTP traffic by URL, host name or MIME type using regular expressions (*, ?, [ ]), Citrix ICA traffic, RTP Payload type classification Currently supports 88 protocols/applications
5NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. NBAR Benefit Footprint and Hardware Support Enterprise Backbone Enterprise Premise Edge Service Provider Aggregation Edge Service Provider Core Application classification Precise QoS treatment Application statistics for bandwidth provisioning Top-n views Threshold settings Mapping applications to an SPs service offering Cisco Catalyst 6500 and 7600 Series MSFC Planned ASIC Cisco Catalyst 6500 and 7600 Series FlexWAN, MWAM Planned ASIC Cisco 7100, 7200, and 7500 Series Cisco 83x, 1700, XM, 3600, and 3700 Series Cisco Catalyst 6500 and 7600 Series FlexWAN, MWAM Planned ASIC Cisco 7100, 7200, and 7500 Series Cisco Catalyst 6500 and 7600 Series FlexWAN, MWAM Planned ASIC Cisco 7500 Series
6NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. ToSSource IP Addr Dest IP Addr IP PacketTCP/UDP Packet Src Port Data Packet Sub-Port/Deep Inspection Stateful & Dynamic Inspection Dst Port Supported protocols as of Cisco IOS Software Release 12.2(8)T: egpexchangekerberossecure-nntpsmtp grefingerl2tpnotessnmp icmpftpldapnovadigmsocks ipinipsecure-ftpsecure-ldapntpsqlnet ipsecgophernetshowpcanywheressh eigrphttppptppop3streamwork bgpsecure-httpsqlserversecure-pop3syslog cuseemeimapnetbiosprintertelnet dhcpircnfsrealaudiosecure-telent dnssecure-ircnntprcmdtftp vdolive xwindows napstercitrix Protocol NBAR
7NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. Packet Description Language Modules Packet Description Language Modules (PDLMs) define applications recognizable by NBAR New applications supported by adding new PDLMs No Cisco IOS Software upgrade or reboot required to add new PDLMs New Cisco IOS Software required only when enhanced NBAR infrastructure is required for new PDLM functionality New PDLMs are incorporated natively into subsequent Cisco IOS Software releases Only new/updated PDLMs are loaded Must be produced by Cisco engineers Issues: Software quality: testing and support Software security:risk of Trojan horses and worms SDK infrastructure:development environment
8NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. Protocol Discovery: Traffic Classification & Real-Time Statistics Automatically uses all PDLMs Run Protocol Discovery instead of specifying individual protocols Includes statistics for traffic identified with user- defined custom application classification Statistics per-interface, per-protocol bit rate (bps) packet counts and byte counts
9NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. ToSSource IP Addr Dest IP Addr IP PacketTCP/UDP Packet Src Port Data Packet Dst Port Protocol FFFF0000MoonbeamFFFF ip nbar custom lunar_light 8 ascii Moonbeam tcp range class-map solar_system match protocol lunar_light policy-map astronomy class solar_system set ip dscp AF21 interface <> service-policy output astronomy Name – Name the match criteria – up to 24 characters lunar_light Offset – Specify the beginning byte of string or value to be matched in the data packet, counting from zero for the first byte Skip first 8 bytes Format – Define the format of the match criteria – ASCII, hex or decimal ascii Value – The value to match in the packet – if ASCII, up to 16 characters Moonbeam [Source or destination port] – Optionally restrict the direction of packet inspection; defaults to both directions if not specified [source | destination] TCP or UDP – Indicate the protocol encapsulated in the IP packet tcp Range or selected port number(s) – range with start and end port numbers, up to 1000 – 1 to 16 individual port numbers range Example 12/ (4)T Nov 2003 NBAR User-Defined Custom Application Classification
10NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. Extended Inspection: NBAR looks for an HTTP-specific signature in ports beyond well-known TCP port 80 NBAR HTTP Classification router(config-cmap)#match protocol http ? host host-name-string -- Match Host Name url url-string -- Match URL String mime MIME-type -- Match MIME Type HTTP Clients Router XRouter Y HTTP Server Responses to HTTP GET HTTP GET Request match protocol http: 10/03 HTTP GET request contains Host/URL string Optionally, HTTP responses may be further classified by MIME-type 12.3(4)T Nov 2003
11NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. NBAR: Additional Development New and updated PDLMs Citrix ICA: enhanced support for Citrix-based applications Real-Time Protocol (RTP) Real-Time Streaming Protocol (RTSP) eDonkey: peer-to-peer file sharing application KaZaA: revalidated for KaZaA v 2.5 Support for IP Services NBAR-NAT-RTSP integration: Release 12.3(3 rd )T [Q1CY04] Upcoming: NBAR-Firewall integration
12NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. KaZaA versions 2 and 2.5 KaZaA v2 PDLM available Classifies KaZaA v2 and v2.5 data traffic QoS policy can limit users to browse, but not share, files Covers file transfers Downloads and uploads PDLM Rev 6 April 2003
13NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. IP HdrUDPRTP Header Audio/Video/Data Stateful identification of real time audio and video traffic Differentiation on the basis of audio and video codecs RTP: transport protocol for Real-Time Applications – RFC 1889 RTP profile for audio and video conferences with minimal control – RFC 1890 NBAR RTP Payload Classification PDLM Rev 2 May 2003
14NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. NBAR RTP Payload Classification Configuration match protocol rtp [audio | video | payload-type payload-string] audio: Specifies matching by payload-type values video: Specifies matching by payload-type values payload-type: Specifies matching by payload-type value, for more granular matching than audio or video provide. Example NBAR to match RTP traffic with the payload-types 0, 1, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 64 match protocol rtp payload-type "0, 1, 4 - 0x10, 10001b b, 64"
15NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. NBAR Protocol Discovery MIB Release 12.3 Provides statistics per application, per interface via SNMP Enable or disable protocol discovery per interface Display protocol discovery statistics Configure and view multiple top-n tables listing protocols by bandwidth usage Configure thresholds: report breaches and send notifications when these thresholds are crossed Supported by Cisco QoS partners Concord Communications InfoVista: traffic monitoring; DoS attack mitigation NBAR Protocol Discovery MIB /122t/122t15/ftpdmib.htm CISCO-NBAR-PROTOCOL-DISCOVERY-MIB
16NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. DATDATDAT PDLMPDLMPDLM Previously: Each IP Service Processes Packets Sequentially FirewallNAT DATDATDAT IDS PDLMPDLMPDLM QoS Classifi- cation PACKET Parse PACKET + Parse QoS Uses NBAR Parsing Results for Traffic Classification Now: NBAR Provides a Shared Infrastructure for IP Traffic Identification Firewall Parse PACKET + NAT Parse PACKET + IDS Parse PACKET + QoS Classifi- cation Parse PACKET + Parse NBARs Parsing Utilized by Multiple Services New NBAR PDLMs Can be Added to Identify New Applications Without a Software Upgrade NBAR NBAR Classification for Multiple IP Services Parse
17NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. References QoS Classification Overview 22cgcr/fqos_c/fqcprt1/qcfclass.htm# Configuring Network-Based Application Recognition 22cgcr/fqos_c/fqcprt1/qcfnbar.htm Match Protocol Commands: Citrix, HTTP, RTP 23cgcr/qos_r/qos_m1g.htm#
18NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved.
19NBAR, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. Custom-xx NBAR Functionality Used for static TCP/UDP port based applications that NBAR does not support Add up to 10 custom applications Map 16 TCP and UDP ports each per application Statistics appear in the Protocol Discovery Router(config)#ip nbar port-map custom-01 ? tcp TCP ports udp UDP ports
1NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. NETFLOW & NETWORK-BASED APPLICATION RECOGNITION ITD PRODUCT MANAGEMENT.
1 © 2004 Cisco Systems, Inc. All rights reserved. Cisco IOS IP SLA, Technical, 9/04 Cisco Internal Use Only CISCO IOS IP SERVICE LEVEL AGREEMENTS: TECHNICAL.
CTT Corp. Derechos reservados CHANNEL READINESS PROGRAM FOR CISCO PARTNERS Selling Cisco SMB Solutions Advanced Security Selling SMB Solutions.
1111 © 2002, Cisco Systems, Inc. All rights reserved. AutoQoS Technical Presentation, 1/ © 2002, Cisco Systems, Inc. All rights reserved. AutoQoS.
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public ROUTE v6 Chapter 5 1 Chapter 5: Implement Path Control CCNP ROUTE: Implementing IP.
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public ROUTE v6 Chapter 1 1 Chapter 1: Routing Services CCNP ROUTE: Implementing IP Routing.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Its a Network Introduction to Networking 11.0.
Wireless Products Division Wi-Fi™ Module Product Training April, 2012.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco PublicSCTE_IP_Basics 1 Dan Baum Systems Engineer Cisco [date] Understanding the Internet Protocol.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Its a Network Introduction to Networking.
For trusted, first class interactive communications.
1 Distance Vector Link State Hybrid Distance Vector vs. Link State Route table Topology Incremental Update Periodic UpdateRouting by rumor A BCD X E.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 8 City College.
Copyright 2011 John Wiley & Sons, Inc Business Data Communications and Networking 11th Edition Jerry Fitzgerald and Alan Dennis John Wiley & Sons, Inc.
Multimedia Networking10-1 Real-Time Protocol (RTP) r RTP specifies a packet structure for packets carrying audio and video data r RFC r RTP packet.
Copyright 2011 John Wiley & Sons, Inc5 - 1 Business Data Communications and Networking 11th Edition Jerry Fitzgerald and Alan Dennis John Wiley & Sons,
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Command View XP 2.0 HP Restricted.
BAI613 Packet Telephony Module 6 Enterprise IP telephony.
UNIT 2: Firewalls Content : Firewalls in general basic operation and architecture Main border firewalls using stateful inspection Screening firewalls.
1 © 2001, Cisco Systems, Inc. All rights reserved. SEC _05_2001_c1 VoIP over IPSec VPNs.. and some general Security tips Kjetil Berge Systems Engineer.
Copyright© 2005 Avaya Inc. All rights reserved Integrated Management Overview February, 2006.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4 Sandra Coleman, CCNA, CCAI.
Branch Repeater 5.6, 5.7 & VPX Technical Presentation.
© 1999, Cisco Systems, Inc. 1-1 Securing Routers Against Hackers and Denial of Service Attacks Lou Ronnau
1. 2 Layer 2 Switching Switching breaks up large collision domains into smaller ones Collision domain is a network segment with two or more devices sharing.
QoS Management in the Internet Dr. Marcus Brunner Network Laboratories NEC Europe Ltd. Heidelberg, Germany
© 2016 SlidePlayer.com Inc. All rights reserved.