The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Network Based Application Recognition (NBAR) Protocol Pack 6.2.0 is supported on Cisco ASR 1000 Series Aggregation Services Routers.
The following protocols are added to NBAR2 Protocol Pack 6.2.0:
Common Name |
Syntax Name |
Description |
---|---|---|
Cisco Jabber Audio |
cisco-jabber-audio |
Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the audio calls part of Cisco Jabber. |
Cisco Jabber Control |
cisco-jabber-control |
Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the control and signaling part of Cisco Jabber. |
Cisco Jabber IM |
cisco-jabber-im |
Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the text messaging part of Cisco Jabber. |
Cisco Jabber Video |
cisco-jabber-video |
Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the video calls part of Cisco Jabber. |
Microsoft Lync Audio |
ms-lync-audio |
Microsoft Lync Audio is the audio calls support in MS Lync. This protocol classifies the voice part of video calls. The classification is based on STUN and RTP. |
Microsoft Lync Video |
ms-lync-video |
Microsoft Lync video is the video calls support in MS Lync. This protocol classifies the visual part of the video call. The voice in the video call is classified as MS-Lync-Audio. The classification is based on STUN and RTP. |
In this protocol pack, a new sub-classification parameter called 'unique-name' is introduced for SSL. The unique-name parameter can be used to match SSL sessions of servers that are not known globally, or are not yet supported by NBAR. The unique-name will match the server name indication (SNI) field in the client request if the SNI field exists, or it will match the common name (CN) field in the first certificate of the server's response.
The feature also supports cases of SSL sessions that use session-id than the SSL sessions that use handshake.
The following example shows how an SSL based service with the server name as 'finance.cisco.com' is matched using unique-name:
class-map match-any cisco-finance
match protocol ssl unique-name finance.cisco.com
Note |
The SSL sub-classification parameters have priority over the built in signatures. Therefore, when a 'unique-name' defined by a user matches a known application such as Facebook, it will not match the built in protocol but will match SSL with the configured sub-classification. |
Note |
Similar to the other sub-classification features, the classification result (for example, as seen in protocol-discovery), does not change and will remain as SSL. However, the flows matching the class maps (as shown in the leading example) will receive the services such as QoS and Performance monitor configured for them. To view the detailed matching statistics, refer to the policy map counters. |
Reference: http://tools.ietf.org/html/rfc6101
RTP Dynamic Payload Type Sub-classificationIn this protocol pack, the existing sub-classification parameters for 'RTP audio' and 'RTP video' are enhanced to detect RTP flows that use dynamic payload types (PT). Dynamic PTs are PTs in the dynamic range from 96 to 127 as defined in RTP RFC, and are selected online through the signaling protocols such as SIP and RTSP, for each session. In this protocol pack, only RTP sessions initiated using SIP will match by dynamic payload type.
There is no change in usability of the feature.
The following example shows how to detect RTP audio flows that include both static and dynamic PT:
class-map match-any generic-rtp-audio
match protocol rtp audio
Note |
The RTP audio/video sub-classification parameters are generic in nature and will match only on generic RTP traffic. More specific classification such as ms-lync-audio, cisco-jabber-audio, facetime, and cisco-phone will not match as RTP, and therefore will not match the audio/video sub-classification. |
Reference: http://tools.ietf.org/html/rfc3551
The following protocols are updated in NBAR2 Protocol Pack 6.2.0:
Protocol |
Updates |
---|---|
blizwow |
Updated signatures. |
espn-browsing |
Updated signatures. |
espn-video |
Updated signatures. |
imap |
Updated signatures. |
rtp |
Updated signatures to support dynamic payload types. |
sip |
Updated signatures. |
ssl |
Updated signatures to support sub classification of unique-name |
telnet |
Updated signatures. |
Note |
If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and go to http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.) |
The following table lists the resolved caveats in NBAR2 Protocol Pack 6.2.0:
Resolved Caveat |
Description |
---|---|
CSCue08462 |
Some Xunlei-KanKan traffic may be misclassified as Xunlei. |
CSCuh63870 |
Video traffic generated by some ESPN websites might be misclassified as unknown. |
CSCuh63889 |
Web traffic generated by some ESPN websites might be misclassified as unknown. |
The following table lists the known caveats in NBAR2 Protocol Pack 6.2.0:
Known Caveat |
Description |
---|---|
CSCtx65481 |
Traffic generated by pcAnywhere for mac and pcAnywhere mobile app might be misclassified as unknown |
CSCub62860 |
gtalk-video might be misclassified as rtp |
CSCub89835 |
gbridge pc client might not be blocked |
CSCuc43505 |
Traffic generated by AIM Pro might be misclassified as unknown and webex-meeting |
CSCug12174 |
Under heavy SSL traffic, the following error message my appear: ": %STILE_CLIENT-4-MAX_LINK_TOUCH_WARN: F0: cpp_cp: NBAR number of flow-slinks threshold is reached, can't allocate more memory for flow-slinks" |
CSCuh49380 |
PCoIP session-priority configuration limitation |
CSCuh53623 |
Segmented packets are not classified when using NBAR sub classification |
CSCuh95182 |
Some qqlive traffic may be misclassified as qq-accounts when qqlive is configured under a class-map |
CSCui50424 |
When using Microsoft Lync in Office-365, the traffic might be misclassified as rtp or SSL |
CSCui53625 |
SSL sub classification will not be matched if a built-in protocol was matched in the SSL client-hello message |
CSCui58918 |
SIP related protocols classification and RTP sub-classification may fail when compact headers are used |
CSCui58922 |
SIP related protocols classification and RTP sub-classification may fail when field extraction is activated and the 'contact' or 'from' fields do not contain '@'. |
CSCui70613 |
Encrypted Cisco Jabber is not supported |
CSCui85573 |
Cisco-jabber-video and cisco-phone might be misclassified when configured under a class-map |
CSCuj07892 |
Microsoft Lync might be misclassified in certain scenarios |
Protocol |
Limitation/Restriction |
---|---|
bittorrent |
http traffic generated by the bitcomet bittorrent client might be classified as http |
capwap-data |
For capwap-data to be classified correctly, capwap-control must also be enabled |
ftp |
During configuring QoS class-map with ftp-data, the ftp protocol must be selected. As an alternative, the ftp application group can be selected. |
hulu |
Encrypted video streaming generated by hulu might be classified as its underlying protocol rtmpe |
logmein |
Traffic generated by the logmein android app might be misclassified as ssl |
ms-lync |
Login and chat traffic generated by the ms-lync client might be misclassified as ssl |
ms-lync 2013 |
Traffic generated by the mobile or mac app is not supported. ms-lync 2013 traffic if any, might be misclassified. |
qq-accounts |
Login to QQ applications which is not via web may not be classified as qq-accounts |
secondlife |
Voice traffic generated by secondlife might be misclassified as ssl |
NBAR2 Protocol Packs are available for download as Software Type 'NBAR2 Protocol Pack' on cisco.com software download page (http://www.cisco.com/cisco/software/navigator.html).
Related Documents
Related Topic |
Document Title |
---|---|
Application Visibility and Control |
|
Classifying Network Traffic Using NBAR |
|
NBAR Protocol Pack |
NBAR Protocol Pack module |
QoS: NBAR Configuration Guide |
|
QoS Command Reference |
Quality of Service Solutions Command Reference |