NBAR Coarse-Grain Classification

NBAR provides two levels of application recognition—coarse-grain and fine-grain. By default, NBAR operates in coarse-grain mode.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Information About NBAR Coarse-Grain Classification

Overview of NBAR Coarse-Grain Classification

NBAR provides two levels of application recognition-coarse-grain and fine-grain. By default NBAR operates in the coarse-grain mode.

By minimizing deep packet inspection, coarse-grain mode offers a performance advantage and reduces memory resource demands. This mode is useful in scenarios where the full power of fine-grain classification is not required.

Simplified Classification

Coarse-grain mode employs a simplified mode of classification, minimizing deep packet inspection. NBAR caches classification decisions made for earlier packets, then classifies later packets from the same server similarly.

Limitations of Coarse-Grain Mode

Coarse-grain mode has the following limitations in metric reporting detail:

  • Granularity: Caching may result in some reduction in the granularity. For example, NBAR might classify some traffic as ms-office-365 instead of as the more specific ms-office-web-apps.

  • Evasive applications: Classification of evasive applications, such as BitTorrent, eMule, and Skype, may be less effective than in fine-grain mode. Consequently, blocking or throttling may not work as well for these applications.

Comparison of Fine-grain and Coarse-grain Modes

Coarse-grain mode has the following limitations in metric reporting detail:

Fine-Grain Mode

Coarse-Grain Mode

Classification

Full-power of deep packet inspection

Simplified classification

Some classification according to similar earlier packets.

Performance

Slower

Faster

Memory Resources

Higher memory demands

Lower memory demands

Sub-classification

Full supported

Partial support

Field Extraction

Full supported

Partial support

Ideal usage

Per-packet policy

Example:

class-map that looks for specific url

When there is no requirement for specific per-packet operations.

Additional References for NBAR Coarse-Grain Classification

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Command List, All Releases

AVC information

AVC User Guide

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

https://www.cisco.com/c/en/us/support/index.html

Feature Information for NBAR Coarse-Grain Classification

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for NBAR Coarse-Grain Classification

Feature Name

Releases

Feature Information

NBAR Coarse-Grain Classification

Cisco IOS XE Release 3.14S

Network Based Application Recognition (NBAR) provides two levels of application recognition—coarse-grain and fine-grain. By default NBAR operates in the fine-grain mode, offering NBAR's full application recognition capabilities. By minimizing deep packet inspection, coarse-grain mode offers a performance advantage and reduces memory resource demands.

The following command was introduced or modified:

ip nbar classification granularity and show ip nbar classification granularity .

NBAR Coarse-Grain Classification

Cisco IOS XE Release 3.16S

Cisco IOS XE 16.x releases

Default mode changed to coarse-grain.