-
NBAR2 Protocol Pack 9.0.0
-
Release Notes for NBAR2 Protocol Pack 9.0.0
-
3COM-AMP3 through AYIYA-IPV6-TUNNELED
-
BABELGUM through BR-SAT-MON
-
CABLEPORT through CYCLESERV2
-
DASP through DWR
-
ECHO through EXEC
-
FACEBOOK through FUJITSU-DEV
-
GACP through GTP-USER
-
H323 through HYPERWAVE-ISP
-
IAFDBASE through JARGON
-
KALI through LWAPP
-
MAC-SRVR-ADMIN through MYSQL
-
NAME through NXEDIT
-
OBEX through OSU-NMS
-
P10 through PWDGEN
-
QBIKGDP through RXE
-
SAFT through SYSTAT
-
TACACS through TWITTER
-
UAAC through VSLMP
-
WAP-PUSH through ZSERV
-
Index
-
Feedback
Contents
Release Notes for NBAR2 Protocol Pack 9.0.0
- Overview
- Supported Platforms
- New Protocols in NBAR2 Protocol Pack 9.0.0
- New Categories and Sub-categories for QoS and Reporting in NBAR2 Protocol Pack 9.0.0
- Examples: Mapping Traffic to a Class
- Categories and Sub-categories Supported in NBAR2 Protocol Pack 9.0.0
- Updated Protocols in NBAR2 Protocol Pack 9.0.0
- Deprecated Protocols in NBAR2 Protocol Pack 9.0.0
- Caveats in NBAR2 Protocol Pack 9.0.0
- Restrictions and Limitations in NBAR2 Protocol Pack 9.0.0
- Downloading NBAR2 Protocol Packs
- Additional References
Overview
NBAR2 Protocol Pack 9.0.0 contains the Enhanced Web Classification feature that supports multi-transactions export of URLs. For more information on this feature, see Classifying Network Traffic Using NBAR.
NBAR2 Protocol Pack 9.0.0 also contains new categories and sub-categories that make QoS configuration easier and allow more granularity in AVC reports.
Supported Platforms
Network Based Application Recognition (NBAR) Protocol Pack 9.0.0 is supported on Cisco ASR 1000 Series Aggregation Services Routers.
New Protocols in NBAR2 Protocol Pack 9.0.0
The following protocols are added to NBAR2 Protocol Pack 9.0.0:
Common Name
Syntax Name
Description
Apple services
apple-services
apple-services is a set of tools and APIs, such as AppStore and apple website, used by Apple applications.
Internet Audio Streaming Web Apps
internet-audio-streaming
The internet audio streaming protocol gathers the top websites and web applications such as SoundCloud and Grooveshark for audio streaming on the internet .
Internet Video Streaming Web Apps
Internet-video-streaming
The internet video streaming protocol gathers the top websites and web applications such as Ustream and DailyMotion for video streaming on the internet.
iTunes-Audio
itunes-audio
iTunes is a media player and media library application developed by Apple Inc. It is used to play, download, and organize digital audio and video on personal computers running the OS X and Microsoft Windows operating systems. Through the iTunes Store, users can purchase and download music, music videos, television shows, audiobooks, podcasts, movies, etc. on their MAC/Win PC/iDevices running iTunes. iTunes-audio refers to all audio streaming media services generated by iTunes such as play music, podcasts, and audiobooks.
iTunes-Video
itunes-video
iTunes is a media player and media library application developed by Apple Inc. It is used to play, download, and organize digital audio and video on personal computers running the OS X and Microsoft Windows operating systems. Through the iTunes Store, users can purchase and download music, music videos, television shows, audiobooks, podcasts, movies, etc. on their MAC/Win PC/iDevices running iTunes. iTunes-video refers to all video streaming media services generated by iTunes such as play movies, TV shows, videocasts and videos.
Naver Line
naver-line
Naver-line is a Japanese proprietary application for instant messaging on smartphones and PCs. Naver-Line users exchange text messages, graphics, video and audio media, make free VoIP calls, and hold free audio or video conferences.
QQ Instant Messenger
qq-im
QQ instant messenger is the most popular IM software service in China. QQ IM was developed by Tencent Holding LTD. and has clients for Windows, Mac, Android, and iPhone. A Chinese version is available as well as an English version (QQ International).
Share
share
Share is a closed-source P2P application being developed in Japan by an anonymous author. It was developed as the successor of Winny and focuses on higher security. Share uses encrypted caches, file names and IP addresses, and is based on node-organized architecture.
New Categories and Sub-categories for QoS and Reporting in NBAR2 Protocol Pack 9.0.0
In NBAR2 Protocol Pack 9.0.0, there are new categories and sub-categories which make QOS configuration easier and AVC reports more meaningful. Therefore, the category and sub-category assignments of many protocols have been updated to better reflect their categorization in enterprise networks.
The new categories allow more granularity in reports that are based on Category.
The new sub-categories can be used for generating even more granular reports, and are very useful for implementing QOS policies, following the Cisco SRND QOS model. The new sub-categories divide applications into business and consumer, as well as the different media types so that it is easy to build an MQC class map to map a specific sub-category to the desired SRND class of service and apply QOS. For more information about SRND, see http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSIntro_40.html#wp61104.
It is also easier to customize the QOS definitions, without changing the MQC class map but rather using attribute-maps and reassigning a specific application to a different sub-category than it is assigned by default.
For a complete list of protocols and their mappings, refer to the specific protocols in the protocol book, or use the show ip nbar attribute category or the show ip nbar attribute sub-category command.
Examples: Mapping Traffic to a Class
The following example shows how to map the multimedia conferencing to the MULTIMEDIA-CONFERENCING SRND class:
Device> enable Device# configure terminal Device(config)# class-map match-any MULTIMEDIA-CONFERENCING Device(config-cmap)# match protocol attribute sub-category ent-multimedia-conferencingThe following example shows how to map the control and signaling traffic (SIP, RTSP etc.) to the SIGNALING SRND class:
Device> enable Device# configure terminal Device(config)# class-map match-any SIGNALING Device(config-cmap)# match protocol attribute sub-category control-and-signalingCategories and Sub-categories Supported in NBAR2 Protocol Pack 9.0.0
The following is the list of Categories supported in NBAR2 Protocol Pack 9.0.0:
- anonymizers
- backup-and-storage
- browsing
- business-and-productivity-tools
- database
- epayment
- file-sharing
- gaming
- industrial-protocols
- instant-messaging
- internet-security
- inter-process-rpc
- layer3-over-ip
- location-based-services
- net-admin
- newsgroup
- other
- social-networking
- software-updates
- trojan
- voice-and-video
The following is the list of Sub-categories supported in NBAR2 Protocol Pack 9.0.0:
- authentication-services
- backup-systems
- consumer-audio-streaming
- consumer-cloud-storage
- consumer-multimedia-messaging
- consumer-video-streaming
- consumer-web-browsing
- control-and-signaling
- desktop-virtualization
- enterprise-cloud-data-storage
- enterprise-data-center-storage
- enterprise-data-center-storage
- enterprise-multimedia-conferencing
- enterprise-realtime-applications
- enterprise-rich-media-content
- enterprise-software-deployment-tools
- enterprise-transactional-applications
- enterprise-video-broadcast
- enterprise-voice-collaboration
- file-transfer
- naming-services
- network-management
- os-updates
- other
- p2p-file-transfer
- p2p-networking
- remote-access-terminal
- routing-protocol
- tunneling-protocols
NoteIn this update, some categories and sub-categories that are not in common use have been removed, or renamed. Some values have moved from sub-category to Category to provide better granularity at the category level. Therefore existing class-maps that contain matches based on removed or renamed values would be automatically removed when the protocol is installed, but the command would not be replaced. Refer to the list of removed/renamed values below to verify that none of the existing policies is affected by the change.
The following categories are removed in NBAR2 Protocol Pack 9.0.0:
The following sub-categories are removed in NBAR2 Protocol Pack 9.0.0:
Updated Protocols in NBAR2 Protocol Pack 9.0.0
The following protocols are updated in NBAR2 Protocol Pack 9.0.0:
Protocol
Updates
aim
Updated signatures to support t AIM pro client.
baidu-movie
Updated signatures.
gbridge
Updated signatures.
google-services
Updated signatures.
google-talk
Updated signatures to support Japanese client.
itunes
Updated signatures to support iTunes 11.
ms-lync
Updated signatures to support lync in office-365.
oracle-sqlnet
Updated signatures.
yahoo-im
Updated signatures to support Japanese client.
youtube
Updated signatures.
Caveats in NBAR2 Protocol Pack 9.0.0
NoteIf you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and go to http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)
Resolved Caveats in NBAR2 Protocol Pack 9.0.0
The following table lists the resolved caveats in NBAR2 Protocol Pack 9.0.0:
Restrictions and Limitations in NBAR2 Protocol Pack 9.0.0
The following table lists the limitations and restrictions in NBAR2 Protocol Pack 9.0.0:
Protocol
Limitation/Restriction
bittorrent
http traffic generated by the bitcomet bittorrent client might be classified as http
capwap-data
For capwap-data to be classified correctly, capwap-control must also be enabled
cisco-jabber
Encrypted cisco jabber might be classified as unknown.
ftp
During configuring QoS class-map with ftp-data, the ftp protocol must be selected. As an alternative, the ftp application group can be selected.
hulu
Encrypted video streaming generated by hulu might be classified as its underlying protocol rtmpe
logmein
Traffic generated by the logmein android app might be misclassified as ssl
ms-lync
Login and chat traffic generated by the ms-lync client might be misclassified as ssl
pcanywhere
Traffic generated by pcanywhere for mac might be classified as unknown.
qq-accounts
Login to QQ applications which is not via web may not be classified as qq-accounts
secondlife
Voice traffic generated by secondlife might be misclassified as ssl
Downloading NBAR2 Protocol Packs
NBAR2 Protocol Packs are available for download as Software Type 'NBAR2 Protocol Pack' on cisco.com software download page (http://www.cisco.com/cisco/software/navigator.html).
Additional References
Related Documents
Related Topic
Document Title
Application Visibility and Control
Classifying Network Traffic Using NBAR
NBAR Protocol Pack
NBAR Protocol Pack module
QoS: NBAR Configuration Guide
QoS Command Reference
