TECHNICAL DATA

CISCO NBAR

Offering support for Cisco NBAR (Network-Based Application Recognition), ENA helps ensure the quality of application performance.

What is Cisco NBAR?

NBAR gives you visibility into the mix of applications flowing in and out of the ports on your devices. This empowers you to specify which business-critical applications are to be guaranteed bandwidth on your network, as best suits you and your business.

In doing so, NBAR helps solve the problem of bandwidth being consumed by multiple services and applications, some of which might not be business-critical. NBAR achieves this by intelligently classifying applications so that you can provide differentiated services to each application. Once you have classified your business-critical applications, they can be guaranteed a minimum amount of bandwidth.

NBAR is a Cisco-exclusive technology.

In order to monitor NBAR, a device must support NBAR/NBAR-2 and must have had that feature turned on at the CLI.

Save on costs and improve performance

Data is the lifeblood of your business, which means you need to ensure the network can provide the necessary bandwidth to maintain quality of service. ENA gives you the power to specify which applications are to be guaranteed bandwidth at the expense of others, as best suits your business.

Reduce WAN expense

Discover how your bandwidth is being used, and which lower priority applications are generating more traffic than higher priority applications. Restricting bandwidth for less business-critical applications means you don’t have to unnecessarily purchase more bandwidth in times of high traffic.

Improve application response

Ensure business-critical applications perform to SLAs and your user’s expectations. Critical site pages can be given priority, so customers can effortlessly complete crucial online actions and transactions without frustration, for example on a sales page. Or give priority to video conferencing so meetings are not impacted by poor audio and video quality. 

Easy-to-use functionality

Enable and disable NBAR polling and blacklisting from dashlets, wherever you are in the network.

Enforce IT policy

Use ENA’s blacklisting technology to blacklist specific applications that might be prohibited or otherwise use valuable bandwidth and affect network and business performance. Receive alerts when traffic from those applications are detected.

Improve VPN performance

Free your employees to work remotely and wherever they want and need to, whilst still having effective access to business-critical applications. NBAR identifies traffic that is crucial to the business before it is encrypted, enabling the network to apply appropriate QoS controls.

Improve multiservice performance

Enhance the multiservice network experience that you provide with NBAR. Data, voice and video packets can each be identified and provided with the correct network characteristics. This way, you can ensure that lower priority traffic, such as email, do not eat into the bandwidth use for streaming a training video, for instance.

Monitor NBAR-enabled devices

ENA has been designed so you can manage the network in the way that suits you. Polling NBAR via SNMP and monitoring through dedicated dashboards and dashlets across View, device and component levels, we provide all the functionality needed to fully understand your NBAR traffic. The Blacklisted Application Detected event and incident keeps you up to date on any traffic that shouldn’t be there.

NBAR Summary

The NBAR Summary dashlet displays how many applications on a device or port are polling; polling and blacklisted; or not polling.

NBAR Applications

The NBAR Applications dashlet lists supported NBAR applications on a device or port. Use this dashlet to change the polling and blacklisted status of applications.

NBAR Application Traffic

The NBAR Application Traffic dashlet displays a chart and/or table of NBAR application traffic on the selected device or port over a specified period of time, and a breakdown of blacklisted vs. non-blacklisted traffic. Use this dashlet to change the polling and blacklisted status of applications.

NBAR Blacklisted Traffic

The NBAR Blacklisted Traffic dashlet displays the total traffic volume, over 24 hours, of NBAR traffic that is blacklisted on the selected View, Subview, device or port.

NBAR-Enabled Devices

The NBAR-Enabled Devices dashlet displays a summary of NBAR information of the ports on the selected device.

NBAR In/Out Coverage

The NBAR In/Out Coverage dashlet displays the percentage of traffic being analyzed by the NBAR protocols that are being polled.

NBAR Objects

The NBAR Objects dashlet displays a summary of NBAR-enabled objects on the selected managed object.

NBAR Port Info

The NBAR Port Info dashlet displays the available NBAR protocols for ports on the selected device; protocols that are polling for NBAR; blacklisted protocols; and the percentage of traffic that is blacklisted.

NBAR TopN Summary

The NBAR TopN Summary dashlet topN information for NBAR-enabled objects, including In Bytes, Out Bytes, In Packets, Out Packets, In Bit Rate and Out Bit Rate.

Receive alerts on undesirable traffic

With ENA, you can blacklist protocols that you don’t want to see on a port. This is an ability that Entuity provides on top of NBAR’s functionality. Any blacklisted traffic will automatically raise an event, immediately telling you when undesirable traffic is present or if someone is doing something they shouldn’t.

This helps you reinforce IT policy and ensure bandwidth remains available for the applications most crucial to your business success. Configure backlisting on a device or port level, allowing you to set individual port settings that differ from device-wide parameters.

Check your monitoring coverage

Stay updated as to how much of your traffic is being analyzed by the NBAR protocols with ENA’s In/Out coverage, so you have an indicator of how complete your NBAR monitoring is. 100% on a selected device or port means that every single packet on the applications specified to be monitored are being classified. If it drops below 100%, some of the traffic is in protocols that are not being monitored.

Complement flow technology

ENA supports both NBAR and flow technologies. Whilst flow identifies the source and destination of every conversation, it does not tell you the makeup of those conversations. So, when network traffic flows through an interface, flow controllers will see the protocol used (e.g. HTTPS), but will not tell you the applications using that HTTPS (e.g. Slack, Skype, Office365).

Harnessing NBAR’s potential, ENA helps you categorize the traffic across an interface, showing you which applications are using each protocol. This breaks down traffic sharing the same TCP or UDP port, and uses deep packet inspection to identify different characteristics of this traffic. NBAR is lightweight with little management traffic, enhancing flow to give you complete visibility of your bandwidth.