NBAR Dynamic Protocol Pack Upgrade
Protocol packs are software packages that update the Network-Based Application Recognition (NBAR) engine protocol support on a device without replacing the Cisco software on the device. A protocol pack contains information on applications that are officially supported by NBAR, and are compiled and packed together. In each application, the protocol pack includes information on application signatures and application attributes. Each software release has a built-in protocol pack bundled with it.
The Application Visibility and Control (AVC) feature (used for deep-packet inspection [DPI]) supports wireless products using a distributed approach that benefits from NBAR running on the access points (AP) or controller whose goal is to run DPI and report the result using NetFlow messages.
The AVC DPI technology supports the ability to update recognized traffic and to define the custom type of traffic (known as custom applications). The NBAR runs on the controller in local mode, and on the APs in Flex and Fabric modes. In local mode, all the traffic coming from the APs are tunneled towards the wireless controller.
Protocol packs provide the following features:
They can be loaded easily and quickly.
They can be upgraded to a later version protocol pack or revert to an earlier version protocol pack.
Device reload is not required.
They do not disrupt any service.
Protocol Pack Upgrade
Using protocol pack upgrades, you can update the NBAR engine to recognize new types of protocols or traffic without updating the entire switch or appliance image. It also eliminates the need to restart the entire system.
NBAR protocol packs are available for download from Cisco Software Center: https://software.cisco.com/download/navigator.html
Using custom applications, you can force the NBAR engine to recognize traffic based on a set of custom rules, for example, destination IP, hostname, URL, and so on.
The custom application names then appear in the web UI or in the NetFlow collector.