Worm Detection Using Cisco NBAR

Recently I came across a interesting article about NBAR, that is it can classify Worms on the network. In most of the case, worms spread in to the network through email attachment or infected web browser. Email attachment can be filtered setting appropriate rules on the SMTP server (Mail Server), But the worms spread also through Web browser. This we can be filtered based on NBAR classification. What is NBAR? Network Based Application Recognition, a classification engine in Cisco IOS, has the ability to detect a wide variety of applications via deep packet inspection using PDLMs (Packet Description Language Module – The PDLMs contain the rules used by NBAR to recognize an application.). NBAR is a more of an…

The zettabyte boomerang and its impact on QoS

We grew up in the times of bits, bytes, kilobytes and megabytes. In the last decade we got amazingly familiar with GBs and TBs. In today’s world, we no longer talk in terms of KBs or MBs. It did take ten long years for our minds to get used to GBs from MBs. But, it is not going to be the same anymore. In three years, we would be talking casually about zettabytes. The rise in the usage of non-PC devices like smartphones, tablets and smart TVs, IP traffic would grow at an exponential rate and touch the zettabyte mark by 2015. The demand for HD and 3D is on the rise too and is expected to contribute to more than 70% of total video traffic by 2015 which means more demand for bandwidth. All of this puts immense pressure on the administ…

Policing Live video traffic and monitoring using NetFlow Analyzer

I hope everyone who had attended our joint webinar with Cisco about QoS Design and validation, would have got a better idea on how to design a network with effective QoS policing. For those who missed the Webinar, you can find the video presentation here. In continuation to our Webinar, this blogs helps you in setting up QoS policies for Live Video Traffic and monitor them using NetFlow Analyzer. On a network the Video traffic spread in three format:
  1. Video Conferencing
  2. Video On Demand
  3. Video Broadcast
Video traffic has very high and extremely variable packets rate with a much higher average maximum transmission unit (MTU) when comparing to Voice. QoS Treatment:- For classifying the Video traffic to appropriat…

Understanding IP Precedence, TOS & DSCP

People using NetFlow Analyzer wonder, what these reports DSCP, TOS actually means ? Here is the blog which explain more detail about these fields. The NetFlow packets exported from the device originally contains ToS value on each flow. From the ToS value, the analyzing software derives the DSCP. Type of Service (TOS):- The Type of Service field is present in IP Header and it was originally defined in RFC 791. The Type of Service octet consists of three fields. The last 3 bits ( 7,6,5) are for the first field, labeled “Precedence” , intended to denote the importance or priority of the datagram. The second field, labeled “TOS” , denotes how the network should make tradeoffs between thro…

Joint Webinar from Cisco & ManageEngine on QoS

Enterprises as well as service providers typically use a single IP network to carry data, voice and video traffic, be it business critical or otherwise. When different applications, which include mission critical, bulk data, scavenger traffic and latency sensitive applications like voice and video, converge over the same link, application delivery takes a hit. Congestion, delay and packet loss seriously impacts the performance of your business applications and affects the quality of your voice and video calls. A well designed Quality of Service (QoS) is a key factor in ensuring optimal application performance and service delivery in converged networks. QoS, available in almost all Cisco switching

March Madness is here. Will your Enterprise Network remain sane?

The annual NCAA Men’s Basketball Championship season has started and we will soon see the frenzy reaching its peak with the regional semifinals scheduled for 22nd, Thursday and 23rd, Friday of this month. March Madness causes a decrease in enterprise productivity with employees watching streaming videos (including High Definition), reading or checking game stats online. Add to this, employees updating their opinion or commenting on someone else’s through social media tools like Facebook and Twitter, and your network is bound to see a lot more madness. According to a Fox Sports survey, “More than 50 million Americans participate in March Madness office pools, leading to estimated annual lo

Better QoS policies: Better Cost savings

Costeffectiveness is the common term that we are hearing or seeing nowadays and this exists in all forms on the globe, In this tough economic situation the motive of Network Administrator should be optimizing the current infrastructure for future accommodation. Optimization plays a major role when it comes to distributed network architecture or MPLS network. Most of the complaints from users at each location , Application usage is very slow at business hours, Ofcourse the possible reason might be due to other unwanted traffic consuming large amount of bandwidth over the business critical application. We will have scenario based explanation to elaborate this problem of Network Administrator:

Effective Voice Traffic Analysis using NetFlow Analyzer

Voice traffic has spread its presence everywhere right from SMBs to large enterprises. Communication happens through VoIP at different levels right from customer support to teleconferencing to internal communication etc. VoIP has a major role in ensuring business continuity & it thus becomes a critical application that requires constant monitoring & control. NetFlow Analyzer makes monitoring VoIP traffic and analyzing VoIP Link capability very easy. There are two things that we need to analyze while monitoring VoIP traffic on a network:
  • Performance of Link (Traditional IP SLA technology). 
  • Monitoring QoS Policies for VoIP.
Performance of Link (Cisco IP SLA):- If  the network…

NBAR and HTTP Traffic Classification

When I was thinking of next blog, I got an idea to do a deeper study on NBAR traffic classification and share some valuables over here. In this blog, I am going to concentrate on some Advanced section of NBAR classifications. NBAR (Network Based Application Recognization): NBAR is a Cisco technology, is an intelligent classification engine in Cisco IOS Software that can recognize web based applications and client/server applications by doing a deep packet inspection. Classification of traffic by NBAR is done by doing a deep packet inspection for each packet as defined in the PDLM for the application (PDLMs contain the rules used by NBAR to recognize an application and is defined by Cisco) and not on the port in…

Prioritizing VOIP traffic in your Network

When there are no QOS polices applied on a network, there is equal priority for all traffic passing through the network. This is when congestion occur. Configuring QOS helps select a specific traffic to be prioritized, which makes this traffic to be delivered on time and thus improving the performance. In this blog we can see how we can mark the VOIP traffic with a DSCP value and send this traffic through the network with priority. We have taken two ways of Prioritizing.

1) Prioritizing using ACL: Create your access list according to your network, based on the VOIP traffic. For eg: If the VOIP traffic will be from a particular Ip address or IP range. Create an Access group with the concerned IP address or the IP range.