- Auto Traffic Analysis and Protocol Generation
- Classifying Network Traffic Using NBAR
- Enabling Protocol Discovery
- Configuring NBAR Using the MQC
- DSCP-Based Layer 3 Custom Applications
- MQC Based on Transport Hierarchy
- NBAR Categorization and Attributes
- Reporting Extracted Fields Through Flexible NetFlow
- NBAR Protocol Pack
- NBAR Protocol Pack Auto Update
- NBAR2 Custom Protocol
- NBAR2 Protocol Pack Hitless Upgrade
- NBAR Web-based Custom Protocols
- NBAR2 HTTP-Based Visibility Dashboard
- NBAR Coarse-Grain Classification
- SSL Custom Application
- Fine-Grain NBAR for Selective Applications
- NBAR Custom Applications Based on DNS Name
- NBAR Customized Assistance Based on SSL or HTTP
- Finding Feature Information
- Prerequisites for Enabling Protocol Discovery
- Restrictions for Enabling Protocol Discovery
- Information About Protocol Discovery
Enabling Protocol Discovery
Network-Based Application Recognition (NBAR) includes a feature called Protocol Discovery. Protocol discovery provides an easy way to discover the application protocol packets that are passing through an interface. When you configure NBAR, the first task is to enable protocol discovery.
This module contains concepts and tasks for enabling the Protocol Discovery feature.
- Finding Feature Information
- Prerequisites for Enabling Protocol Discovery
- Restrictions for Enabling Protocol Discovery
- Information About Protocol Discovery
- How to Enable Protocol Discovery
- Configuration Examples for Protocol Discovery
- Additional References
- Feature Information for Enabling Protocol Discovery
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Enabling Protocol Discovery
Before enabling Protocol Discovery, read the information in the "Classifying Network Traffic Using NBAR" module.
Restrictions for Enabling Protocol Discovery
NBAR protocol discovery does not support the following:
 Note | In the NBAR context, asymmetric flows are the flows in which different packets of the flow go through different routers, for reasons such as load balancing implementation or asymmetric routing where packets flow through different routes to different directions. |
NBAR processing. By design, NBAR processing is temporarily disabled during the In-Service Software Upgrade (ISSU). The following syslog message indicates restart of NBAR classification once ISSU is complete.
"%NBAR_HA-5-NBAR_INFO: NBAR sync DONE!"
Multicast packet classification.
Multiprotocol Label Switching (MPLS)-labeled packets. NBAR classifies IP packets only. You can, however, use NBAR to classify IP traffic before the traffic is handed over to MPLS. Use the modular quality of service (QoS) CLI (MQC) to set the IP differentiated services code point (DSCP) field on the NBAR-classified packets and make MPLS map the DSCP setting to the MPLS experimental (EXP) setting inside the MPLS header.
Non-IP traffic.
Packets that originate from or that are destined to the router running NBAR.
NBAR is not supported on the following logical interfaces:
Dialer interfaces
Dynamic tunnels such as Dynamic Virtual Tunnel Interface (DVTI)
Fast Etherchannels
IPv6 tunnels that terminate on the device
MPLS
Overlay Transport Virtualization (OTV) overlay interfaces
Note | In cases where encapsulation is not supported by NBAR on some links, you can apply NBAR on other interfaces of the device to perform input classification. For example, you can configure NBAR on LAN interfaces to classify output traffic on the WAN link. |
Note | NBAR requires more CPU power when NBAR is enabled on tunneled interfaces. |
If protocol discovery is enabled on both the tunnel interface and the physical interface on which the tunnel interface is configured, the packets that are designated to the tunnel interface are counted on both interfaces. On the physical interface, the packets are classified and are counted based on the encapsulation. On the tunnel interface, packets are classified and are counted based on the Layer 7 protocol.
Note | You cannot use NBAR to classify output traffic on a WAN link where tunneling or encryption is used. Therefore, you should configure NBAR on other interfaces of the router (such as a LAN link) to perform input classification before the traffic is switched to the WAN link. |
Information About Protocol Discovery
Protocol Discovery Overview
The Protocol Discovery feature of NBAR provides an easy way of discovering the application protocols passing through an interface so that appropriate QoS features can be applied.
NBAR determines which protocols and applications are currently running on your network. Protocol discovery provides an easy way of discovering the application protocols that are operating on an interface so that appropriate QoS features can be applied. With protocol discovery, you can discover any protocol traffic that is supported by NBAR and obtain statistics that are associated with that protocol.
Protocol discovery maintains the following per-protocol statistics for enabled interfaces:
Total number of input packets and bytes
Total number of output packets and bytes
Input bit rates
Output bit rates
These statistics can be used when you define classes and traffic policies (sometimes known as policy maps) for each traffic class. The traffic policies (policy maps) are used to apply specific QoS features and functionality to the traffic classes.
Interface Scalability
Depending on your release, there is a limit on the number of interfaces on which protocol discovery can be enabled.
The following table provides the details of the protocol discovery supported interface and the release number:
|
Release |
Number of Interfaces Supported with Protocol Discovery |
|---|---|
Releases prior to Cisco IOS XE Release 2.5 |
No restriction |
|
Cisco IOS XE Release 2.5 |
128 |
|
Cisco IOS XE Release 2.6 |
256 |
|
Cisco IOS XE Release 2.7 |
32 |
|
Cisco IOS XE Release 3.2S and later |
32 |
How to Enable Protocol Discovery
Enabling Protocol Discovery on an Interface
Perform this task to enable protocol discovery on an interface.
1.
enable
2.
configure
terminal
3.
interface
type
number
[name-tag]
4.
ip
nbar
protocol-discovery
[ipv4 | ipv6]
5.
end
DETAILED STEPS
Reporting Protocol Discovery Statistics
Perform this task to display a report of the protocol discovery statistics per interface.
1.
enable
2.
show
policy-map
interface
type
number
3.
show
ip
nbar
protocol-discovery
[interface
type
number] [stats {byte-count |
bit-rate |
packet-count|
max-bit-rate}] [protocol
protocol-name |
top-n
number]
4.
exit
DETAILED STEPS
Configuration Examples for Protocol Discovery
- Example: Enabling Protocol Discovery on an Interface
- Example: Reporting Protocol Discovery Statistics
Example: Enabling Protocol Discovery on an Interface
In the following sample configuration, protocol discovery is enabled on Fast Ethernet interface 1/1/1:
Router> enable
Router# configure terminal
Router(config)# interface fastethernet1/1/1
Router(config-if)# ip nbar protocol-discovery
Router(config-if)# end
In the following sample configuration, protocol discovery is enabled on Fast Ethernet interface 1/1/2 for IPv6 packets:
Router> enable
Router# configure terminal
Router(config)# interface fastethernet1/1/2
Router(config-if)# ip nbar protocol-discovery ipv6
Router(config-if)# end
In the following sample configuration, protocol discovery is enabled on Fast Ethernet interface 1/1/2 for IPv6 packets. Later, the protocol discovery is enabled for IPv4 packets and this does not require the no form for the ipv6 keyword.
Router> enable
Router# configure terminal
Router(config)# interface fastethernet1/1/2
Router(config-if)# ip nbar protocol-discovery ipv6
Router(config-if)# ip nbar protocol-discovery ipv4
Router(config-if)# end
Example: Reporting Protocol Discovery Statistics
The following sample output from the show ip nbar protocol-discovery command displays the five most active protocols on the Fast Ethernet interface 2/0/1:
Router# show ip nbar protocol-discovery top-n 5
FastEthernet2/0/1
Input Output
----- ------
Protocol Packet Count Packet Count
Byte Count Byte Count
30sec Bit Rate (bps) 30sec Bit Rate (bps)
30sec Max Bit Rate (bps) 30sec Max Bit Rate (bps)
--------------------------- ------------------------ ------------------------
rtp 3272685 3272685
242050604 242050604
768000 768000
2002000 2002000
gnutella 513574 513574
118779716 118779716
383000 383000
987000 987000
ftp 482183 482183
37606237 37606237
121000 121000
312000 312000
http 144709 144709
32351383 32351383
105000 105000
269000 269000
netbios 96606 96606
10627650 10627650
36000 36000
88000 88000
unknown 1724428 1724428
534038683 534038683
2754000 2754000
4405000 4405000
Total 6298724 6298724
989303872 989303872
4213000 4213000
8177000 8177000
Additional References
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
Cisco IOS commands |
|
|
QoS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples |
Cisco IOS Quality of Service Solutions Command Reference |
|
Concepts and information about NBAR |
"Classifying Network Traffic Using NBAR" module |
|
MQC |
"Applying QoS Features Using the MQC" module |
Standards
|
Standard |
Title |
|---|---|
|
No new or modified standards are supported, and support for existing standards has not been modified. |
-- |
MIBs
|
MIB |
MIBs Link |
|---|---|
|
No new or modified MIBs are supported, and support for existing MIBs has not been modified. |
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: |
Technical Assistance
|
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for Enabling Protocol Discovery
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
Protocol Discovery |
Cisco IOS XE 2.1 Cisco IOS XE 3.3S |
This feature was introduced on Cisco ASR 1000 Series Routers. The following sections provide information about this feature: The following commands were introduced: ip nbar protocol discovery, show ip nbar protocol discovery. |
Feedback