NBAR Dynamic Protocol Pack Upgrade

Network-based application recognition protocol pack upgrade

A protocol pack is a software module for Network-Based Application Recognition (NBAR) that:

  • adds or updates support for application protocols without replacing the Cisco software on the device

  • comes as a built-in component for each Cisco software release, and

  • allows easy version upgrades and reversion without service disruption or device reload.

Protocol packs contain:

  • application protocols that are compiled and officially supported by NBAR, and

  • information on the signatures and attributes of the application.

Protocol packs offer these features:

  • They can be loaded easily and quickly.

  • You can upgrade to a later version protocol pack or revert to an earlier version.

  • Device reload is not required.

  • No service disruption occurs.

Application visibility controls with DPI

A deep packet inspection (DPI) is a method that

  • inspects data packets for detailed application visibility,

  • allows for custom traffic definitions, and

  • supports distributed analysis for wireless networks.

Wireless products use the Application Visibility and Control feature through a distributed system where Network-Based Application Recognition (NBAR) runs on controllers or access points, performs deep packet inspection, and reports via NetFlow messages.

Deployment mode

Although NBAR is supported in all the modes, protocol pack upgrade and custom applications are only supported in local mode (central switching) and in FlexConnect mode (central switching).


Important

When you upgrade the AVC protocol pack:

  • Copy it to both route processors (RPs), active and standby.

  • Otherwise, the standby protocol pack upgrade will fail and cause a synchronization failure crash.

NBAR limitations

NBAR struggles to classify traffic when SaaS applications use certain technologies, impacting traffic classification.

  • End-to-end encryption.

  • Quick UDP Internet Connections (QUIC) protocol.

  • DNS over HTTPS (DoH) protocol.


    Note

    In such a case, the encrypted traffic, including DoH and QUIC without SNI, limits the ability of NBAR to send the correct Protocol ID, causing issues with traffic classification.

Protocol pack upgrades and custom application configuration

Optimize network management by implementing protocol pack upgrades and customizing application recognition rules to meet specific traffic analysis needs.

Protocol pack upgrade

  • Protocol pack upgrades allow the update of the NBAR engine to recognize new types of protocols or traffic without requiring an update to the entire switch or appliance image.

  • This process eliminates the need to restart the entire system after the upgrade.

  • NBAR protocol packs can be downloaded from Cisco Software Center.

Custom applications

  • Configure the NBAR engine to recognize traffic based on custom rules, such as destination IP, hostname, or URL.

  • The web UI and NetFlow collector display custom application names, allowing for easier identification and management.

Upgrade the NBAR2 protocol pack (CLI)

The purpose of this task is to upgrade the NBAR2 protocol pack on your network device. By upgrading, you enhance the application's recognition capabilities, allowing for more effective network management and traffic classification.

Upgrade the NBAR2 protocol pack by completing these steps

Before you begin

Download the protocol pack from the Software Download page and copy it into the bootflash.

Procedure

Step 1

Enter the global configuration mode.

Example:

Device# configure terminal

Step 2

Load the protocol pack.

Example:

Device(config)# ip nbar protocol-pack bootflash:mypp.pack

Upgrading the protocol pack successfully ensures that your device can recognize a wider range of applications, enhancing traffic monitoring and classification.