using NBAR for classifying traffic

Unanswered Question
Nov 17th, 2008

Is configuring NBAR on a Cisco router the same as using a separate appliance (for example Packeteer) to perform traffic shaping and prioritization?

Also how is NBAR different than QoS?

Than DiffServ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Istvan_Rabai Tue, 11/18/2008 - 09:40

Hi Kevin,

NBAR does not perfom traffic shaping and prioritization. It is the job of the QoS policy applied to the interface.

- NBAR can be used to discover existing traffic flowing through an interface, using the "ip nbar protocol-discovery" interface command and the "show ip nbar protocol-discovery" exec command.

Based on the protocol and traffic statistics discovered by NBAR, you can classify your traffic into classes based on the requirements of your business and you can configure a QoS policy to tell the router how to treat the different classes of traffic.

- You actually use NBAR within class-maps when classifying traffic with the "match protocol" command.

- When you use the Auto QoS feature, it uses NBAR as well for protocol discovery, and it generates the class-maps and the policy-map based on Cisco best practices for QoS.

So NBAR can be used as useful QoS tool within the DiffServ model

Does this answer your question?



Kevin Melton Tue, 11/18/2008 - 11:37

Those are fine answers. I applied it to my 3825 router,and when I perform the "show ip nbar protocol-discovery" exec command, I see alot of data about all the protocols/classes of traffic running thru our router.

How is this similar to and then in turn different from Netflow?

Istvan_Rabai Sat, 11/22/2008 - 22:22

Hi Kevin,

I found a good document for you on the Cisco website explaining Netflow and the relationship between NBAR and Netflow:

They state the following here:

"This feature requires the classification of packets in a variety of ways: IP source and destination addresses, Layer 4 protocol and port numbers, incoming interface, MAC address, IP Precedence, DSCP value, Layer 2 information (such as Frame-Relay DE bits or Ethernet 802.1p bits), and NBAR (Network-Based Application Recognition)information."




This Discussion