NBAR2 Protocol Pack 6.3.0
Release Notes for NBAR2 Protocol Pack 6.3.0
Downloads: This chapterpdf (PDF - 1.13MB) The complete bookPDF (PDF - 8.69MB) | Feedback

Release Notes for NBAR2 Protocol Pack 6.3.0

Supported Platforms

Network-Based Application Recognition (NBAR2) Protocol Pack support is provided for Cisco Wireless LAN Controller platforms, starting with the 7.5 release.


Note


Though the NBAR2 protocol library and the protocol signatures support IPv6 traffic classification, Cisco Wireless LAN Controller platforms currently support only IPv4 traffic classification.


NBAR2 Protocol Pack 6.3.0 is supported on the following Cisco Wireless LAN Controller platforms:

  • Cisco 5508 Wireless Controller
  • Cisco Flex 7500 Series Wireless Controllers
  • Cisco 8510 Wireless Controller
  • Cisco Wireless Services Module 2 (WiSM2)

Note


The Cisco 2504 Wireless Controller supports Application Visibility and Control, but does not support protocol packs.


New Features

The newly added features in this protocol pack are:
  • Microsoft Lync Audio/Video separation
  • Non-encrypted Cisco-Jabber support

New Protocols in NBAR2 Protocol Pack 6.3.0

The following table displays the newly added protocols in NBAR2 Protocol Pack 6.3.0, after NBAR2 Protocol Pack 4.1.1:

Common Name

Syntax Name

Description

Airplay

airplay

AirPlay (previously called AirTunes) is a proprietary protocol stack/suite developed by Apple Inc. that allows wireless streaming of audio, video, and photos, along with related metadata between devices.

Cisco Jabber Audio

cisco-jabber-audio

Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the audio calls part of Cisco Jabber.

Cisco Jabber Control

cisco-jabber-control

Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the control and signaling part of Cisco Jabber.

Cisco Jabber IM

cisco-jabber-im

Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the text messaging part of Cisco Jabber.

Cisco Jabber Video

cisco-jabber-video

Cisco Jabber is a unified communications client application that provides presence, instant messaging (IM), voice, and video calling capabilities on many platforms. This protocol classifies the video calls part of Cisco Jabber.

Dropbox

dropbox

Dropbox is a file hosting service operated by Dropbox Inc., that offers cloud storage, file synchronization, and client software. Dropbox allows users to create a special folder on each of their computers, which Dropbox then synchronizes so that it appears to be the same folder (with the same contents) regardless of which computer is used to view it. Files placed in this folder also are accessible through a website and mobile phone applications.

ESPN Browsing

espn-browsing

ESPN is a global television network focused on sports-related programs. espn-browsing is the protocol used for accessing and browsing the websites and mobile applications of the network for iPhone, iPad, Android, and WinRT.

ESPN Video

espn-video

ESPN is a global television network focused on sports-related programs. espn-video is the protocol used for watching video streams using browser or mobile applications for iPhone, iPad, Android, and WinRT. espn-video is used for video streaming services of the network.

Microsoft Lync Audio

ms-lync-audio

Microsoft Lync Audio is the audio calls support in MS Lync. This protocol classifies the voice part of video calls. The classification is based on STUN and RTP.

Microsoft Lync Video

ms-lync-video

Microsoft Lync video is the video calls support in MS Lync. This protocol classifies the visual part of the video call. The voice in the video call is classified as MS-Lync-Audio. The classification is based on STUN and RTP.

Outlook Web Service

outlook-web-service

Outlook Web Service is a protocol that covers a group of Microsoft's web email services. It includes Outlook email service part of Microsoft Office 365 Business Plan.

QQ Accounts

qq-accounts

QQ general account login and common traffic. The QQ Accounts protocol classifies QQ web login traffic over HTTP and is used by QQ applications that require a login to the QQ accounts via the web browsers such as QQLive.

WhatsApp

whatsapp

WhatsApp Messenger is a proprietary, cross-platform instant messaging application for smartphones. In addition to text messaging, users can send images, location, contacts, and video and audio media messages.

Updated Protocols in NBAR2 Protocol Pack 6.3.0

The following table displays the protocols that have been updated in NBAR2 Protocol Pack 6.3.0, after NBAR2 Protocol Pack 4.1.1:

Protocol

Updates

bittorrent

Updated signatures to allow blocking of the application.

blizwow

Updated signatures.

edonkey

Updated signatures to support eMule 0.51a

encrypted-emule

Updated signatures to support eMule 0.51a

espn-browsing

Updated signatures.

espn-video

Updated signatures.

gtalk-ft

Updated signatures.

hotmail

Updated signatures.

imap

Updated signatures.

itunes

Updated signatures.

ms-lync

Updated signatures to support rtp traffic

netflix

Updated signatures to support netflix apps when the client is behind http proxy

pcoip

Updated signatures.

qqlive

Updated signatures.

rtp

Updated signatures to support dynamic payload types.

sip

Updated signatures.

skype

The following clients are now supported:
  • Skype 6.5.0.158 for Windows
  • Skype 6.5.0.443 for Mac
  • Skype 6.6.0.467 for Mac

ssl

Updated signatures to support sub classification of unique-name.

telnet

Updated signatures.

tor

Updated signatures.

Deprecated Protocols in NBAR2 Protocol Pack 6.3.0

The following table displays the protocols that are deprecated in NBAR2 Protocol Pack 6.3.0:

Protocol

Reason

ghostsurf

Service is no longer available.

guruguru

Service is no longer available.

hotmail

Has been replaced with outlook-web-service.

livemeeting

Has been replaced with ms-lync.

megavideo

Service is no longer available.

ms-lync-media

Have been replaced with ms-lync-audio and ms-lync-video.

Caveats in NBAR2 Protocol Pack 6.3.0


Note


If you have an account on Cisco.com, you can also use the Bug Search Tool to find select caveats of any severity. To reach the Bug Search Tool, log in to Cisco.com and go to https:/​/​tools.cisco.com/​bugsearch/​search . (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)


Resolved Caveats in NBAR2 Protocol Pack 6.3.0

The following table lists the resolved caveats in NBAR2 Protocol Pack 6.3.0, after NBAR2 Protocol Pack 4.1.1:

Resolved Caveat

Description

CSCue08462

Some Xunlei-KanKan traffic may be misclassified as Xunlei.

CSCuh63870

Video traffic generated by some ESPN websites might be misclassified as unknown.

CSCuh63889

Web traffic generated by some ESPN websites might be misclassified as unknown.

CSCue69212

Traffic generated by qqlive might be misclassified as http.

CSCug53325

Bittorrent-networking is not applied to any attributes.

CSCud62120

BitTorrent's traffic is changed when being blocked.

Known Caveats in NBAR2 Protocol Pack 6.3.0

The following table lists the known caveats in NBAR2 Protocol Pack 6.3.0:

Known Caveat

Description

CSCtx65481

Traffic generated by pcAnywhere for mac and pcAnywhere mobile app might be misclassified as unknown

CSCub62860

gtalk-video might be misclassified as rtp

CSCub89835

gbridge pc client might not be blocked

CSCuc43505

Traffic generated by AIM Pro might be misclassified as unknown and webex-meeting

CSCuh95182

Some qqlive traffic may be misclassified as qq-accounts when qqlive is configured under a class-map

CSCui50424

When using Microsoft Lync in Office-365, the traffic might be misclassified as rtp or SSL

CSCui58918

SIP related protocols classification and RTP sub-classification may fail when compact headers are used

CSCui70613

Encrypted Cisco Jabber is not supported

CSCui85573

Cisco-jabber-video and cisco-phone might be misclassified when configured under a class-map

CSCuj07892

Microsoft Lync might be misclassified in certain scenarios

Restrictions and Limitations in NBAR2 Protocol Pack 6.3.0

The following table lists the limitations and restrictions in NBAR2 Protocol Pack 6.3.0:

Protocol

Limitation/Restriction

bittorrent

http traffic generated by the bitcomet bittorrent client might be classified as http

hulu

Encrypted video streaming generated by hulu might be classified as its underlying protocol rtmpe

logmein

Traffic generated by the logmein android app might be misclassified as ssl

ms-lync

Login and chat traffic generated by the ms-lync client might be misclassified as ssl

ms-lync 2013

Traffic generated by the mobile or mac app is not supported. ms-lync 2013 traffic if any, might be misclassified.

qq-accounts

Login to QQ applications which is not via web may not be classified as qq-accounts

secondlife

Voice traffic generated by secondlife might be misclassified as ssl

Recommended Configurations

The following configurations are tested and recommended for blocking the respective traffic.

Recommended Configuration Caveat for reference
To block Picasa traffic, you need to block Google services and the Picasa application, because Google applications share signatures. CSCud40143
To block Gmail traffic, you need to block Google services and the Gmail application, because Google applications share signatures. CSCud43226