Notes
Outline
Chapter 22

NBAR
NBAR
Network-Based Application Recognition
Available in Cisco IOS
Monitors traffic at layers 4 through 7
Can be used to provide QOS to time-sensitive applications
Can be used to do traffic shaping or bandwidth management
Can be used to identify and control attacks
Classification of Traffic
static TCP or UDP port number
Dynamic TCP or UDP port number
Non-TCP and non-UDP IP traffic
Deep packet inspection
Differentiates approximately 100 protocols and applications
NBAR Packet Inspection
Using NBAR
Define a traffic class using “class-map”
Create a traffic policy for class using “policy-map”
Apply traffic policy to network interface using “service-policy”
NBAR configuration on IOS router to block Code Red Worm
NBAR configuration on IOS router to block Kazaa traffic