What is NBAR (Network Based Application Recognition)?

Network Based Application Recognition (NBAR) is a mechanism that classifies and regulates bandwidth for network applications to ensure that available resources are utilized as efficiently as possible. Cisco Systems developed NBAR as part of its Content Networking platform for implementing intelligent network services.

NBAR allows network routers to recognize programs and take various actions based on that information. For example, a router might allocate all necessary bandwidth for mission-critical applications or flag low-priority, bandwidth-intensive applications for bandwidth throttling. The network administrator can view the mix of applications in use by the network at any given time and decide how much bandwidth to allow each application. (This regulation process is called bandwidth policing.)

Other capabilities of NBAR include:

• Optimizing multiple-service performance.
• Eliminating data-flow bottlenecks.
• Minimizing latency.
• Reducing or blocking spam.
• Detecting and blocking malware.
• Enhancing network security.
• Easy addition of new protocols.
• Reducing expenses and maximizing revenue.

One real-life example of NBAR in use was during the Code Red worm attacks of 2001. Most firewalls couldn't look into the HTTP data stream to identify Code Red traffic. However, implementation of NBAR made it possible to identify the suspect traffic and block access.

17 Sep 2008