NetFlow Analyzer and NBAR – A step closer to better Traffic Management

Bandwidth monitoring and traffic analysis is turning out to be more important than ever with growing advances in networking technologies and advent of Web 2.0. It is no more possible to simply let the organization’s traffic network pass through the WAN links, pushing each other for bandwidth. Prioritizing traffic, so that mission-critical applications receive the bandwidth they need, is the key word today.

There is a little feature called NBAR available in many Cisco devices, which lets you do a lot more than it spells and can play a great role in defining the network’s traffic policies.

NBAR or Network-Based Application Recognition is a feature available in Cisco IOS that does a deep packet inspection of traffic passing through an interface and can recognize a wide variety of applications, including applications that dynamically assigns TCP or UDP port numbers or even undesired applications that uses well known port numbers to mask itself.

NBAR will show the details of the applications used on an interface basis. The feature can identify even peer to peer applications like Bit Torrent or applications like Skype which uses random port numbers for connectivity and hogs the organizational bandwidth. The results available from NBAR can also be used to define your QoS policies in a much better manner blocking out the unwanted applications.

NetFlow Analyzer, which uses NetFlow data and other similar flow data to give reports on bandwidth usage by host, port, protocol, applications, DiffServ and conversations, can also report on NBAR statistics from the your devices, making reporting an easy task.

NBAR with its deep packet inspection capability is a great feature for security analysis also. An example is how NBAR helped to identify CODE-RED worm and the related Cisco information can be seen from here. You can even make use of the AutoQoS for the Enterprise feature available in some Cisco devices which can use NBAR data for prioritizing traffic. Do check out how to do this from here.

Since NBAR data help define CBQoS policies, NetFlow Analyzer can also report on the Class Based QoS policies and its pre and post policy traffic usage and drops. Get a first hand experience of the features in NetFlow Analyzer using the 30 day trail.