NBAR2 Protocol Pack 13.0.0

Overview

NBAR2 Protocol Pack 13.0.0 contains the Enhanced Web Classification feature that supports multi-transactions export of URLs. For more information on this feature, see Classifying Network Traffic Using NBAR

Supported Platforms

NBAR2 Protocol Pack 13.0.0 is supported on the following platforms:

Cisco ASR 1000 Series Aggregation Services Routers
Cisco Integrated Services Router Generation 2 (Cisco ISR G2)

New Protocols in NBAR2 Protocol Pack 13.0.0

The following protocols have been added to NBAR2 Protocol Pack 13.0.0

Protocol Name	Common Name	Long Description
citrix-audio	Citrix Audio	Citrix-Audio refers to all audio traffic in Citrix multistream configuration..
mpeg2-ts	MPEG-2 Transport Stream	MPEG2-TS (MPEG2 transport stream, MTS or TS), is a standard format for transmission and storage of audio, video, and Program and System Information Protocol (PSIP) data. It is used in broadcast systems such as DVB, ATSC and IPTV.
cisco-phone-audio	Cisco Phone Audio	Cisco Phone Audio is a VoIP telephone used mainly in corporations and can be used on or off site. This is the audio part of Cisco-Phone calls when the signaling is over SIP and the media is over RTP.
cisco-phone-video	Cisco Phone Video	Cisco Phone Video is a VoIP telephone used mainly in corporations and can be used on or off site. This is the video part of Cisco-Phone calls when the signaling is over SIP and the media is over RTP.
mail-ru	Mail.ru	mail.ru, Russian communication web portal, Email and cloud storage services.

Updated Protocols in NBAR2 Protocol Pack 13.0.0

The following protocols are updated in NBAR2 Protocol Pack 13.0.0:

Protocol	Updates
skype	Updated signatures (to support Skype version 6.21.0.x)
ms-lync-video	Updated signatures.
youtube	Updated signatures.
sip	Updated signatures.
telepresence-control	Updated signatures to support Tandberg product family.
cisco-jabber-control	Updated signatures to support Android client.
ms-sms	Updated signatures.
dns	Updated signatures.
netflix	Updated signatures.
cisco-phone	Updated signatures.

Caveats in NBAR2 Protocol Pack 13.0.0

Note

If you have an account on Cisco.com, you can also use the Bug Search Tool to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and go to https://tools.cisco.com/bugsearch/bug/<BUGID>. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)

Resolved Caveats in NBAR2 Protocol Pack 13.0.0

The following table lists the resolved caveats in NBAR2 Protocol Pack 13.0.0:

Resolved Caveat	Description
CSCuq06934	NBAR - Protocol ms-sms - missing signatures
CSCuq84570	MS-lync-video traffic being classified as rtp traffic using NBAR

Known Caveats in NBAR2 Protocol Pack 13.0.0

The following table lists the known caveats in NBAR2 Protocol Pack 13.0.0:

Known Caveat	Description
CSCuh49380	PCoIP session-priority configuration limitation
CSCuh53623	Segmented packets are not classified when using NBAR sub classification
CSCun61772	IPv4 bundles might be used in IPv6 traffic

Restrictions and Limitations in NBAR2 Protocol Pack 13.0.0

The following table lists the limitations and restrictions in NBAR2 Protocol Pack 13.0.0:

Protocol

Limitation/Restriction

apple-app-store

Login and a few encrypted sessions are classified as iTunes

bittorrent

http traffic generated by the bitcomet bittorrent client might be classified as http

capwap-data

For capwap-data to be classified correctly, capwap-control must also be enabled

cisco-jabber

Encrypted cisco jabber might be classified as unknown.

ftp

During configuring QoS class-map with ftp-data, the ftp protocol must be selected. As an alternative, the ftp application group can be selected.

hulu

Encrypted video streaming generated by hulu might be classified as its underlying protocol rtmpe

logmein

Traffic generated by the logmein android app might be misclassified as ssl

ms-lync

Login and chat traffic generated by the ms-lync client might be misclassified as ssl

pcanywhere

Traffic generated by pcanywhere for mac might be classified as unknown

perfect-dark

Some perfect-dark sessions might be classified as unknown

qq-accounts

Login to QQ applications which is not via web may not be classified as qq-accounts

secondlife

Voice traffic generated by secondlife might be misclassified as ssl

ssl

Sub Classification (SC) mechanism was modified to include search for wildcard.

Note

SC rule for the part of the Server Name Indication (SNI) or the common name (CN) can now include a wildcard. If a wildcard is not used, the complete SNI or the CN is required.

For example, you can either use, "*.pqr.com" or "abc.pqr.com" to classify abc.pqr.com.

Downloading NBAR2 Protocol Pack 13.0.0

NBAR2 Protocol Packs are available for download as Software Type 'NBAR2 Protocol Pack' on cisco.com software download page (http://www.cisco.com/cisco/software/navigator.html).

Additional References

Related Documents

Related Topic	Document Title
Application Visibility and Control	Cisco Application Visibility and Control User Guide for IOS Release 15.4(1)T and IOS XE Release 3.11S Cisco Application Visibility and Control User Guide for Cisco IOS Release 15.4(2)T and Cisco IOS XE Release 3.12S
Classifying Network Traffic Using NBAR	Classifying Network Traffic Using NBAR module
NBAR Protocol Pack	NBAR Protocol Pack module
QoS: NBAR Configuration Guide	QoS: NBAR Configuration Guide
QoS Command Reference	Quality of Service Solutions Command Reference

Bias-Free Language

Book Title

NBAR2 Protocol Pack 13.0.0

Chapter Title