applications based on static port numbers, NBAR is easier to configure and can provide classification statistics. Figure shows some of the protocols NBAR supports. The following tables provide more detailed and complete lists. Static TCP and UDP NBAR Supported Protocols Protocol Network Protocol Protocol ID Description BGP TCP/UDP 179 Border Gateway Protocol CU-SeeMe TCP/UDP 7648, 7649 Desktop videoconferencing CU-SeeMe UDP 24032 Desktop videoconferencing DHCP/ BOOTP UDP 67, 68 DHCP, Bootstrap Protocol DNS TCP/UDP 53 Domain Name System Finger TCP 79 Finger user information protocol Gopher TCP/UDP 70 Internet Gopher protocol HTTP TCP 80 HTTP HTTPS TCP 443 Secure HTTP IMAP TCP/UDP 143, 220 Internet Message Access Protocol IRC TCP/UDP 194 Internet Relay Chat Kerberos TCP/UDP 88, 749 Kerberos Network Authentication Service L2TP UDP 1701 Layer 2 Tunneling Protocol LDAP TCP/UDP 389 Lightweight Directory Access Protocol MS-PPTP TCP 1723 Microsoft Point-to-Point Tunneling Protocol for VPN MS-SQLServer TCP 1433 Microsoft SQL Server Desktop Videoconferencing NetBIOS TCP 137, 139 NetBIOS over IP (Microsoft Windows) NetBIOS UDP 137, 138 NetBIOS over IP (Microsoft Windows) NFS TCP/UDP 2049 Network File System NNTP TCP/UDP 119 Network News Transfer Protocol Notes TCP/UDP 1352 Lotus Notes Novadigm TCP/UDP 3460–3465 Novadigm Enterprise Desktop Manager (EDM) NTP TCP/UDP 123 Network Time Protocol PCAnywhere TCP 5631, 65301 Symantec PCAnywhere PCAnywhere UDP 22, 5632 Symantec PCAnywhere POP3 TCP/UDP 110 Post Office Protocol Printer TCP/UDP 515 Printer RIP UDP 520 Routing Information Protocol RSVP UDP 1698,17 Resource Reservation Protocol SFTP TCP 990 Secure FTP SHTTP TCP 443 Secure HTTP (see also HTTPS) SIMAP TCP/UDP 585, 993 Secure IMAP SIRC TCP/UDP 994 Secure IRC SLDAP TCP/UDP 636 Secure LDAP SNNTP TCP/UDP 563 Secure NNTP SMTP TCP 25 Simple Mail Transfer Protocol SNMP TCP/UDP 161, 162 Simple Network Management Protocol SOCKS TCP 1080 Firewall security protocol SPOP3 TCP/UDP 995 Secure POP3 SSH TCP 22 Secured Shell Protocol STELNET TCP 992 Secure Telnet Syslog UDP 514 System logging utility Telnet TCP 23 Telnet protocol X Window TCP 6000-6003 X11, X Window The table lists the non-TCP and non-UDP protocols supported by NBAR. Non-TCP and Non-UDP NBAR Supported Protocols
Protocol Network Protocol Protocol ID Description EGP IP 8 Exterior Gateway Protocol GRE IP 47 Generic Routing Encapsulation ICMP IP 1 Internet Control Message Protocol IPIP IP 4 IP in IP IPsec IP 50, 51 IP Encapsulating Security Payload (ESP = 50) and Authentication Header (AH = 51) EIGRP IP 88 Enhanced Interior Gateway Routing Protocol The table lists the dynamic (or stateful) protocols supported by NBAR. Stateful NBAR Supported Protocols
Stateful Protocol Transport Protocol Description FTP TCP File Transfer Protocol Exchange TCP MS-RPC for Microsoft Exchange HTTP TCP HTTP with URL, MIME, or host classification NetShow TCP/UDP Microsoft NetShow RealAudio TCP/UDP RealAudio streaming protocol r-commands TCP rsh, rlogin, rexec StreamWorks UDP Xing Technology StreamWorks audio and video SQL*NET TCP/UDP SQL*NET for Oracle SunRPC TCP/UDP Sun Remote Procedure Call TFTP UDP Trivial File Transfer Protocol VDOLive TCP/UDP VDOLive streaming video
Content 4.2 Using NBAR for Classification 4.2.3 Packet Description Language Module NBAR supports dynamic upgrades without having to change the Cisco IOS version or restart a router. Packet Description Language Modules (PDLM) contain the rules that are used by NBAR to recognize an application by matching text patterns in data packets, and they can be used to bring new or changed functionality to NBAR. Figure lists some of the features PDLMs provide. An external PDLM can be loaded at run time to extend the NBAR list of recognized protocols. Use PDLMs to enhance an existing protocol-recognition capability. PDLMs allow NBAR to recognize new protocols without requiring a new Cisco IOS image or a router reload. Note
New PDLMs are released only by Cisco Systems and are available from local Cisco representatives. The PDLMs can be loaded from flash memory. Registered users can find the PDLMs at http://www.cisco.com/cgi-bin/tablebuild.pl/pdlm. To extend or enhance the list of protocols recognized by NBAR through a PDLM provided by Cisco, use the ip nbar pdlm global configuration command shown in Figure . The pdlm-file parameter should be in the URL format and can point to the flash where Cisco IOS software is stored (for example, flash://citrix.pdlm). The file can also be located on a TFTP server (for example, tftp://10.1.1.1/nbar.pdlm). Use the no form of the following command to unload a PDLM if it was previously loaded. ip nbar pdlm pdlm-name ip nbar pdlm Parameter
Parameter Description pdlm-name The URL where the PDLM can be found on the flash card To configure NBAR to search for a protocol or protocol name using a port number other than the well-known port, use the ip nbar port-map global configuration command as shown in Figure . ip nbar port-map protocol-name [tcp | udp] port-number ip nbar port-map Parameter
Parameter Description protocol-name Name of protocol known to NBAR. tcp (Optional) Specifies that a TCP port will be searched for the specified protocol-name argument. udp (Optional) Specifies that a UDP port will be searched for the specified protocol-name argument. port-number Assigned port for named protocol. The port-number argument is either a UDP or a TCP port number, depending on which protocol is specified in this command line. Up to 16 port-number arguments can be specified in one command line. Port number values can range from 0 to 65,535. Use the show ip nbar port-map command to display the current protocol-to-port mappings in use by NBAR. The protocol-name argument can also be used to limit the display to a specific protocol. Figure shows the command syntax. After the ip nbar port-map command has been used, the show ip nbar port-map command displays the ports assigned by the administrator to the protocol. If no ip nbar port-map command has been used, the show ip nbar port-map command displays the default ports.
Content 4.2 Using NBAR for Classification 4.2.4 Protocol Discovery To develop and apply QoS policies, NBAR includes a protocol-discovery feature that provides an easy way to discover application protocols that are transiting an interface. The feature discovers any protocol traffic supported by NBAR. Features are listed in Figure . NBAR Protocol Discovery captures key statistics associated with each protocol in a network (packet counts, byte counts, and bit rates) on a per interface basis. These statistics define traffic classes and QoS policies for each traffic class. GUI based management tools can graphically display this information, by polling Simple Network Management Protocol (SNMP) statistics from the NBAR Protocol Discovery (PD) Management Information Base (MIB). NBAR Protocol Discovery can be applied to interfaces and can be used to monitor both input and output traffic. In addition, it shows the mix of applications currently running on the network. This information helps in defining QoS classes and policies, such as how much bandwidth to provide to mission-critical applications, and in determining which protocols should be policed.
Content 4.2 Using NBAR for Classification 4.2.5 Configuring and Monitoring NBAR Protocol Discovery The NBAR feature has two components: To monitor applications traversing a network, NBAR Protocol Discovery must be enabled. The ability to classify traffic by protocol using NBAR and then