Before we get into the information on how to add a PDLM for NBAR, let me give you the shortest possible introduction to Network-Based Application Recognition (NBAR) and Packet Description Language Modules (PDLMs).

NBAR is a Cisco IOS technology that does deep packet inspection of network traffic to find the applications involved. NBAR can be used for Layer 7 traffic analytics as it goes through the whole packet, including header and some payload, to classify an application. At the same time, it works along with the quality of service (QoS) by helping the network provide differentiated services to each application. Call it traffic monitoring and management in one.

Now, how does NBAR classify its applications? Enter PDLMs. A PDLM contains the rules by which NBAR technology recognizes an application during its packet inspection. NBAR analyzes the packets and compares them to a set of rules in the PDLM. If the rules mentioned in the PDLM are met, NBAR recognizes and classifies the application. Complete payload inspection gives NBAR its greatest advantage: the ability to recognize a large number of applications, including those using random port numbers as well as those using well-known port numbers.

To see the list of IOS technologies and platforms that support NBAR, check the Q&A section on NBAR:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6612/ps6653/prod_qas09186a00800a3ded_ps6616_Products_Q_and_A_Item.html

For details on specific IOS technologies that support each NBAR protocol, check here:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html

I also suggest using the Cisco feature navigator’s Search By Feature option to learn more about platforms that support NBAR:
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

Cisco has included default PDLMs to identify a large set of commonly used business-critical and non-critical applications. The default PDLMs can recognize peer-to-peer applications, VoIP protocols, TCP and UDP stateful and static port protocols, as well as non-TCP/UDP protocols. Newer PDLMs introduced are made available in subsequent IOS releases but can also be added to a device without an IOS upgrade, ensuring less downtime.

To add a newly released PDLM to a Cisco IOS, download the PDLM and follow the steps below.

  1. Locate and download the NBAR PDLM from the Software Download page (for registered customers only) by downloading the custom.pdlm file.
  2. Load the PDLM onto a flash memory device and use the command below from the global config mode, entering the location of the PDLM:
    Cisco2800(config)# ip nbar pdlm flash://Netshow.pdlm
    Cisco2800(config)# end
  3. Verify the loaded PDLM using the command below from the privileged mode:
    Cisco2800# show ip nbar pdlm

For information on how to download a PDLM, check out this link:
http://www.ciscopowerednetwork.net/en/US/docs/ios/qos/configuration/guide/nbar_app_recog_mods.html#wp1027195

The default PDLMs provided will not always meet your requirements. You may want to add support for a network-specific protocol that needs to be classified for QoS markings or custom monitoring purposes. This is solved with the custom PDLM.

In the past, the process of adding a custom PDLM or adding support for a new protocol involved downloading a custom file called custom.pdlm, which then had to be loaded and then modified as per the custom protocol requirements. But a search for custom.pdlm will not yield any results. So where do we go next?

The later IOS versions had something called “the custom feature” built-in. Around IOS version 12.x or so, Cisco introduced the custom feature where, by using the ip nbar custom NAME [parameters] command, you could define your custom protocols. For those of you who want to learn how the custom.pdlm file worked or was loaded, check out this link:
http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080094ac5.shtml

We will explain more about the NBAR custom feature and how to add new protocol support to NBAR in our next blog. Meanwhile, try the fully-featured trial of NetFlow Analyzer to see how useful NetFlow and NBAR data can be. We even have a live, online demo running for those who do not want to spend five minutes installing NetFlow Analyzer.

Download | Interactive demo | Customers