Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

NBAR x NETFLOW

Today I use NBAR, and it works OK, We will implement the NETFLOW.

Can the Netflow replace the NBAR ?

I mean, will the Netflow show all information about applications that the NBAR shows ? . Or NBAR and NETFLOW are complementary management tools ?

TKS

Alexandre

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: NBAR x NETFLOW

Alexandre,

I was provided with this answer a while ago. Hopefuly it will help you out as much as it helped me:

"NBAR and Netflow are two different tools that were designed for

different purposes. Netflow is a tool used to report traffic flows through

the router to a NETFLOW collector. Netflow is very flexible because it

allows you to update port numbers on the collector to keep up with new

protocols.

NBAR is a tool that was designed to make configuring QOS and policy

based routing easier. It was never meant to be an enterprise level reporting

utility. It allows you to use the "match protocol " command for

matching traffic for QoS classes. It also includes basic reporting, but it

is not nearly as good as Netflow for this duty. The main reason that Neflow

is better is that it is not limited by the number of protocols that it can

match. NBAR can only match protocols defined by Cisco and is not easy for

the customer to update. Netflow reports port numbers and puts the duty on

the Netflow collector to keep track of the protocol information. The good

part about this is that the Netflow collectors are much more up to date on

protocols than NBAR is."

1 REPLY
Bronze

Re: NBAR x NETFLOW

Alexandre,

I was provided with this answer a while ago. Hopefuly it will help you out as much as it helped me:

"NBAR and Netflow are two different tools that were designed for

different purposes. Netflow is a tool used to report traffic flows through

the router to a NETFLOW collector. Netflow is very flexible because it

allows you to update port numbers on the collector to keep up with new

protocols.

NBAR is a tool that was designed to make configuring QOS and policy

based routing easier. It was never meant to be an enterprise level reporting

utility. It allows you to use the "match protocol " command for

matching traffic for QoS classes. It also includes basic reporting, but it

is not nearly as good as Netflow for this duty. The main reason that Neflow

is better is that it is not limited by the number of protocols that it can

match. NBAR can only match protocols defined by Cisco and is not easy for

the customer to update. Netflow reports port numbers and puts the duty on

the Netflow collector to keep track of the protocol information. The good

part about this is that the Netflow collectors are much more up to date on

protocols than NBAR is."

153
Views
0
Helpful
1
Replies
CreatePlease to create content