In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)05/31 Report--
This article introduces how to effectively identify and block network applications for NBAR. The content is very detailed. Interested friends can refer to it for reference. I hope it can help you.
I. Know NBAR
NBAR (Network-Based Application Recognition) stands for Network Application Recognition. NBAR is a technology that dynamically finds protocols at layers four to seven. It is different from ACL, which only depends on the port number to judge the application service. More accurately, it can be identified and judged by the description of the packet itself, which service the data belongs to. NBAR makes network analysis more graphical and logical, and more intuitive to show the proportion of bandwidth occupied by various applications in your network.
In fact, the application principle of NBAR lies in the monitoring of network application level, and code matching can be carried out to identify the specific application of datagrams, such as FTP, WEB, BT, eDonkey, etc. NBAR can identify specific services even if the applied service ports change. NBAR can first be applied to network monitoring to determine which services occupy the most traffic in your network, so as to coordinate with QOS to do traffic shaping.
NBAR may use third-party software to graphically interpret data. For example, Concord, infovista and other manufacturers:
NBAR discovery protocol activation method:
Router(config)#Ip nbar protocol-discovery
Use the show command to view NBAR information:
Router#Show ip nbar protocol-discovery
Second, NBAR identification network application basis: PDLM
PDLM is a packet description language module. It is the main identification principle of NBAR for high-level network applications. PDLM is divided into many types. PDLM for various network applications can be found on CISCO's website. Each PDLM is aimed at a service. It records the key matching code for distinguishing an application service. Frequent downloading of PDLM is more effective for NBAR's understanding of network applications. And you can also use QOS as standard PDLM to block services you don't want to let through.
III. Use NBAR to block in-network application services more accurately
Take BT and electric donkey as examples:
1. Download bittorrent.pdlm and use it to send it to the router
2. Open, is no longer able to work in non-exchange
3. Enable and donkey recognition:
Router(config)#ip nbar pdlm flash://bittorrent.pdlm
Router(config)#ip nbat pdlm flash://Here depends on where you download to decide whether to use
4. Definition class-map match-any vfast
match protocol bittorrent
mathc protocol eDonkey
5. Create a policy-map and discard information that matches BT and eDonkey
6. Apply the policy to the port: service-policy output vfast-bit-deo
About how to carry out NBAR effective identification and blocking network applications to share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.