- Auto Traffic Analysis and Protocol Generation
- Classifying Network Traffic Using NBAR
- Enabling Protocol Discovery
- Configuring NBAR Using the MQC
- DSCP-Based Layer 3 Custom Applications
- MQC Based on Transport Hierarchy
- NBAR Categorization and Attributes
- Reporting Extracted Fields Through Flexible NetFlow
- NBAR Protocol Pack
- NBAR Protocol Pack Auto Update
- NBAR2 Custom Protocol
- NBAR2 Protocol Pack Hitless Upgrade
- NBAR Web-based Custom Protocols
- NBAR2 HTTP-Based Visibility Dashboard
- NBAR Coarse-Grain Classification
- SSL Custom Application
- Fine-Grain NBAR for Selective Applications
- NBAR Custom Applications Based on DNS Name
- NBAR Customized Assistance Based on SSL or HTTP
- NBAR Protocol Pack Auto Update Deployment
- Setting Up a Source Server for Protocol Pack Auto Update
- Protocol Pack Auto Update Configuration File
- Enabling Protocol Pack Auto Update
- Disabling Protocol Pack Auto Update
- Initiating Immediate Protocol Pack Update Using Auto Update
- Displaying Protocol Pack Auto Update Information
- Configuring Local Protocol Pack Auto Update Settings on a Router
NBAR Protocol Pack
Auto Update
Cisco provides periodic releases of NBAR protocol packs to improve NBAR traffic recognition capabilities on an ongoing basis. The Protocol Pack Auto Update feature assists in updating any number of routers with the latest compatible protocol pack.
Advantages
-
Automation: When a new protocol pack becomes available, download the protocol pack file to a server reachable by each of the routers, and indicate the file path within a simple configuration file. The routers within your network that have Auto Update enabled will check the server periodically. If a newer protocol pack is available and compatible, the router downloads the protocol pack file and installs it automatically.
-
Centralized System Administration: Protocol Pack Auto Update provides a powerful tool to network administrators. Administrators can control protocol pack deployment on any number of devices, using a single centralized configuration file.
Setting Up Protocol Pack Auto Update
Setting up Protocol Pack Auto Update requires a few simple steps on each router participating in auto update, as well as setting up two servers (or a single server performing both roles) to manage the centralized activities. For details, see NBAR Protocol Pack Auto Update Deployment.
- NBAR Protocol Pack Auto Update Deployment
- Setting Up a Source Server for Protocol Pack Auto Update
- Protocol Pack Auto Update Configuration File
- Enabling Protocol Pack Auto Update
- Disabling Protocol Pack Auto Update
- Initiating Immediate Protocol Pack Update Using Auto Update
- Displaying Protocol Pack Auto Update Information
- Configuring Local Protocol Pack Auto Update Settings on a Router
NBAR Protocol Pack Auto Update Deployment
Elements
Using Protocol Pack Auto Update involves two servers, or a single server providing both functions, and any number of participating routers.
-
Protocol Pack Server: Contains:
-
Source Server: Contains:
-
Routers: One or more routers with Protocol Pack Auto Update enabled (see Enabling Protocol Pack Auto Update)
Deployment Steps
-
Set up a server reachable by all participating routers, to function as the Protocol Pack Server. Download the latest protocol pack files and store the files on the server.
-
Set up a server reachable by all participating routers, to function as the Source Server. On the server, create the JSON-format configuration file specifying the location of the Protocol Pack Server and Auto Update settings.
See Setting Up a Source Server for Protocol Pack Auto Update.
Note
A single server can perform the functions of both the Protocol Pack Server and Source Server.
-
On participating routers, enable Protocol Pack Auto Update.
See Enabling Protocol Pack Auto Update.
Example:
Device#configure terminal Device(config)#ip nbar protocol-pack-auto-update Device(config-pp-auto-update)#source-server tftp://10.20.300.400/NbarAutoUpdate Device(config-pp-auto-update)#exit
-
(Optional) If required, use Protocol Pack Auto Update CLI commands on individual routers to locally override settings specified in the configuration file.
See Configuring Local Protocol Pack Auto Update Settings on a Router.
-
When new protocol pack releases are available, download them to the Protocol Pack Server and add the locations to the configuration file on the Source Server.
Setting Up a Source Server for Protocol Pack Auto Update
To set up a Source Server for Protocol Pack Auto Update, use the following procedure.
-
Set up a server in a network location reachable by all participating routers.
Note
A single server can perform the functions of both the Protocol Pack Server and Source Server.
-
In a directory on the server, create a text file called NBAR_PROTOCOL_PACK_DETAILS.json. This is the JSON-format configuration file controlling Protocol Pack Auto Update functionality on participating routers.
-
Note the network location of the server, and the path to the directory containing the configuration file. Use this location when specifying the Source Server on participating routers. Do not include the configuration filename in the path.
Example: tftp://10.20.300.400/NbarAutoUpdate
Protocol Pack Auto Update Configuration File
The Protocol Pack Auto Update configuration file specifies:
-
Protocol Pack Server location
-
Locations of protocol pack files on the Protocol Pack Server
-
Schedule for participating routers to check the Protocol Pack Server for updates
Configuration File Format and Filename
The configuration file format is JSON. The required filename is: NBAR_PROTOCOL_PACK_DETAILS.json
Specifying Protocol Pack File Locations
The configuration file provides the path for each available protocol pack file. Participating routers use these paths to download and install the protocol pack files automatically.
The complete path is formed by combining the specified Protocol Pack Server location together with the file path. A router downloading the protocol pack uses this complete path to download the file. Example:
Organization of the Configuration File
Within the configuration file, protocol pack file locations are organized by platform and NBAR engine:
Routers of Same Type Operating Different Versions of NBAR
Routers of the same platform type (for example, ISR) may be using different versions of NBAR—for example, two Cisco ISR 4451 routers, one operating with Cisco IOS XE 3.15 and the other with 3.17. The configuration file should specify protocol pack files for both NBAR versions.
Configuration File Parameters
The following parameters are used in the NBAR_PROTOCOL_PACK_DETAILS.json configuration file. Each router using Protocol Pack Auto Update may override these parameters using local CLI commands.
|
Parameter |
Description |
|---|---|
|
protocol-pack-server |
(Mandatory) Location of protocol pack server. Example: tftp://10.20.200.1/NbarAutoUpdate/pp_server/ |
|
nbar_pp_files |
(Mandatory) Provides file locations for protocol pack files for various platforms and NBAR engines, identified by NBAR engine ID. |
|
schedule {daily | weekly: | monthly:} [day] {hh: hh, mm: mm} |
Schedule for the NBAR protocol pack auto-update upgrade interval. Participating routers check regularly for updates at the scheduled time. The actual run time depends on the update-window option. Default: Daily at 00:00 |
|
update-window |
Maintenance window (in minutes) for NBAR protocol pack auto-update to operate within. The maintenance window is scheduled according to the time configured by the schedule parameters. Default: 60 |
|
clear-previous |
enable: Causes unneeded protocol-pack files to be removed after a cool-down period. disable: Configures the feature to not remove any files. Default: enable |
|
force-upgrade |
enable: New protocol pack updates will be applied with the "force" flag. disable: New protocol pack updates will not be applied with the "force" flag. Default: disable |
Configuration Files: Minimal Example
Example of a minimal configuration file, containing only the top-level nbar_auto_update_config, and mandatory fields. Because no schedule is configured, routers use the default schedule of checking daily at 00:00.
{
"nbar_auto_update_config":{
"protocol-pack-server":"tftp://10.20.200.1/NbarAutoUpdate/pp_server/"
},
"nbar_pp_files":{
"ISR":{"25":"/ProtoPack"},
"ASR":{"25":"/ProtoPack"},
"CSR":{"25":"/ProtoPack"},
"OTHER":{"25":"/ProtoPack"}
}
}
Configuration Files: Typical Example
Example of a typical configuration file, containing the top-level nbar_auto_update_config, plus mandatory and optional fields. In this example, the update schedule is weekly on Saturdays at 2:30 AM. Participating routers check for available updates at the scheduled time.
{
"nbar_auto_update_config": {
"protocol-pack-server": "tftp://10.20.200.1/NbarAutoUpdate/pp_server/",
"update-window":0,
"force-upgrade":true,
"clear-previous":true,
"schedule": {
"weekly": 6,
"hh": 02,
"mm": 30
},
},
"nbar_pp_files": {
"ISR": {
"22":"isr_protocolpack_dir/pp22",
"23":"isr_protocolpack_dir/pp23"
},
"ASR": {
"23":"asr_protocolpack_dir/pp23"
},
"CSR": {
"23":["csr_protocolpack_dir/pp23"]
},
"OTHER": {
"23":["other_pp1","other_pp23"]
}
}
}
Enabling Protocol Pack Auto Update
Enabling Protocol Pack Auto Update on a router requires:
1.
configure
terminal
2.
ip
nbar
protocol-pack-auto-update
3.
source-server
server
4.
exit
DETAILED STEPS
Disabling Protocol Pack Auto Update
Disables Protocol Pack Auto Update on a router.
1.
configure
terminal
2.
no
ip
protocol-pack-auto-update
3.
exit
DETAILED STEPS
Initiating Immediate Protocol Pack Update Using Auto Update
Initiates an immediate protocol pack update using the Protocol Pack Auto Update mechanism.
1.
configure
terminal
2.
ip
nbar
protocol-pack-auto-update
now
3.
exit
DETAILED STEPS
Displaying Protocol Pack Auto Update Information
Displays the Protocol Pack Auto Update configuration, copied files, and statistics.
1.
show
ip
nbar
protocol-pack
auto-update
DETAILED STEPS
| Command or Action | Purpose |
|---|
Example
The following example shows the information provided in the output of this command.
Device# show ip nbar protocol-pack-auto-update NBAR Auto-Update: ================= Configuration: ============= force-upgrade : (Default) Enabled clear-previous : (Default) Enabled update-window : (Default) 30 source-server : tftp://10.20.200.1/NbarAutoUpdate/ protocol-pack-directory : (Default) harddisk: schedule : (Default) 03:22 Copied files: ========== File : harddisk:/NbarAutoUpdate/AsrNbarPP Copied : *11:29:11.000 UTC Mon Jan 5 2015 Last run result: SUCCESS Last auto-update run : *11:29:12.000 UTC Mon Jan 5 2015 Last auto-update success : *11:29:12.000 UTC Mon Jan 5 2015 Last auto-update successful update : *11:29:12.000 UTC Mon Jan 5 2015 Last auto-update server-config update : *16:15:13.000 UTC Mon Jan 5 2015 Success count : 3 Failure count : 0 Success rate : 100 percent Next AU maintenance estimated to run at : *17:15:13.000 UTC Mon Jan 5 2015 Next AU update estimated to run at : *03:41:00.000 UTC Tue Jan 6 2015
Configuring Local Protocol Pack Auto Update Settings on a Router
To configure local Protocol Pack Auto Update settings on a router, use the command sub-mode described here. Configuring local settings on the router overrides settings specified in the centralized configuration file.
1.
configure
terminal
2.
ip
nbar
protocol-pack-auto-update
3. Use one or more of the sub-mode commands. Use exit when finished to exit the command sub-mode.
DETAILED STEPS
Protocol Pack Auto Update Sub-mode Commands
Protocol Pack Auto Update sub-mode commands configure local Auto Update settings on a router. For information on entering the command sub-mode, see Configuring Local Protocol Pack Auto Update Settings on a Router.
Use exit when finished to exit the command sub-mode.
|
Command |
Description |
|---|---|
|
clear-previous {enable | disable} |
enable: Causes unneeded protocol-pack files to be removed after a cool-down period. disable: Configures the feature to not remove any files. Default: Enable |
|
force-upgrade {enable | disable} |
enable: New protocol pack updates will be applied with the "force" flag. disable: New protocol pack updates will not be applied with the "force" flag. Default: Disable |
|
protocol-pack-directory directory |
Local directory in which to save new protocol pack files. Default: File system with highest space availability |
|
schedule {daily | weekly | monthly} [day] [hh:mm] |
Schedule the NBAR protocol pack auto-update upgrade interval. The actual run time depends on the update-window option. Default: Daily at 00:00 |
|
update-window minutes |
Maintenance window (in minutes) for NBAR protocol pack auto-update to operate within. The maintenance window occurs according to the time configured by the schedule option. Range: 0 to 60 Default: 60 |
Example: Overriding Update Window
The following command sets the update window to 10 minutes, overriding the setting specified in the Protocol Pack Auto Update configuration file.
Device# configure terminal Device(config)# ip nbar protocol-pack-auto-update Device(config-auto-pp-update)# update-window 10
Feedback