Shulou(Shulou.com)05/31 Report--

This article introduces how to effectively identify and block network applications for NBAR. The content is very detailed. Interested friends can refer to it for reference. I hope it can help you.

I. Know NBAR

NBAR (Network-Based Application Recognition) stands for Network Application Recognition. NBAR is a technology that dynamically finds protocols at layers four to seven. It is different from ACL, which only depends on the port number to judge the application service. More accurately, it can be identified and judged by the description of the packet itself, which service the data belongs to. NBAR makes network analysis more graphical and logical, and more intuitive to show the proportion of bandwidth occupied by various applications in your network.

In fact, the application principle of NBAR lies in the monitoring of network application level, and code matching can be carried out to identify the specific application of datagrams, such as FTP, WEB, BT, eDonkey, etc. NBAR can identify specific services even if the applied service ports change. NBAR can first be applied to network monitoring to determine which services occupy the most traffic in your network, so as to coordinate with QOS to do traffic shaping.

NBAR may use third-party software to graphically interpret data. For example, Concord, infovista and other manufacturers:

NBAR discovery protocol activation method:

Router(config)#Ip nbar protocol-discovery

Use the show command to view NBAR information:

Router#Show ip nbar protocol-discovery

Second, NBAR identification network application basis: PDLM

PDLM is a packet description language module. It is the main identification principle of NBAR for high-level network applications. PDLM is divided into many types. PDLM for various network applications can be found on CISCO's website. Each PDLM is aimed at a service. It records the key matching code for distinguishing an application service. Frequent downloading of PDLM is more effective for NBAR's understanding of network applications. And you can also use QOS as standard PDLM to block services you don't want to let through.

III. Use NBAR to block in-network application services more accurately

Take BT and electric donkey as examples:

1. Download bittorrent.pdlm and use it to send it to the router

2. Open, is no longer able to work in non-exchange

3. Enable and donkey recognition:

Router(config)#ip nbar pdlm flash://bittorrent.pdlm

Router(config)#ip nbat pdlm flash://Here depends on where you download to decide whether to use

4. Definition class-map match-any vfast

match protocol bittorrent

mathc protocol eDonkey

5. Create a policy-map and discard information that matches BT and eDonkey

6. Apply the policy to the port: service-policy output vfast-bit-deo

About how to carry out NBAR effective identification and blocking network applications to share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.