6.2.b [ii] Network based application recognition [NBAR]
NBAR is a classification engine that recognizes and classifies a wide variety of protocols and applications, including web-based and other difficult-to-classify applications and protocols that use dynamic TCP/ UDP port assignments.
When NBAR recognizes and classifies a protocol or an application, the network can be configured to apply the appropriate QoS for that application or traffic with that protocol. The QoS is applied using the MQC.
NBAR introduces several classification features that identify applications and protocols from Layer 4 through Layer 7. These classification features are as follows:
● Statically assigned TCP and UDP port numbers.
● Non-TCP and non-UDP IP protocols.
● Dynamically assigned TCP and UDP port numbers. This kind of classification requires stateful inspection, that is, the ability to inspect a protocol across multiple packets during packet classification.
● Subport classification or classification based on deep packet inspection, that is, classification for inspecting packets.
NBAR includes the Protocol Pack feature that provides an easy way to load protocols and helps NBAR recognize additional protocols for network traffic classification. A protocol pack is set a of protocols developed and packed together. A new protocol pack can be loaded on the device to replace the default IOS protocol pack that is already present in the device.
Adam, Paul (2014-07-12). All-in-One CCIE V5 Written Exam Guide (Kindle Locations 5670-5684). . Kindle Edition.