NBAR x NETFLOW

Answered Question
Jul 22nd, 2008
User Badges:

Today I use NBAR, and it works OK, We will implement the NETFLOW.

Can the Netflow replace the NBAR ?

I mean, will the Netflow show all information about applications that the NBAR shows ? . Or NBAR and NETFLOW are complementary management tools ?

TKS

Alexandre

Correct Answer by garytayl about 9 years 21 hours ago

Alexandre,



I was provided with this answer a while ago. Hopefuly it will help you out as much as it helped me:


"NBAR and Netflow are two different tools that were designed for

different purposes. Netflow is a tool used to report traffic flows through

the router to a NETFLOW collector. Netflow is very flexible because it

allows you to update port numbers on the collector to keep up with new

protocols.

NBAR is a tool that was designed to make configuring QOS and policy

based routing easier. It was never meant to be an enterprise level reporting

utility. It allows you to use the "match protocol " command for

matching traffic for QoS classes. It also includes basic reporting, but it

is not nearly as good as Netflow for this duty. The main reason that Neflow

is better is that it is not limited by the number of protocols that it can

match. NBAR can only match protocols defined by Cisco and is not easy for

the customer to update. Netflow reports port numbers and puts the duty on

the Netflow collector to keep track of the protocol information. The good

part about this is that the Netflow collectors are much more up to date on

protocols than NBAR is."

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
garytayl Tue, 07/22/2008 - 08:44
User Badges:
  • Silver, 250 points or more

Alexandre,



I was provided with this answer a while ago. Hopefuly it will help you out as much as it helped me:


"NBAR and Netflow are two different tools that were designed for

different purposes. Netflow is a tool used to report traffic flows through

the router to a NETFLOW collector. Netflow is very flexible because it

allows you to update port numbers on the collector to keep up with new

protocols.

NBAR is a tool that was designed to make configuring QOS and policy

based routing easier. It was never meant to be an enterprise level reporting

utility. It allows you to use the "match protocol " command for

matching traffic for QoS classes. It also includes basic reporting, but it

is not nearly as good as Netflow for this duty. The main reason that Neflow

is better is that it is not limited by the number of protocols that it can

match. NBAR can only match protocols defined by Cisco and is not easy for

the customer to update. Netflow reports port numbers and puts the duty on

the Netflow collector to keep track of the protocol information. The good

part about this is that the Netflow collectors are much more up to date on

protocols than NBAR is."

Actions

This Discussion