Setting up Cisco NBAR in Highlight
Overview
NBAR is a smart technology available in Cisco devices to analyse network traffic. It can determine which applications are present and how much bandwidth they are using.
NBAR comes pre-installed with most versions of Cisco software from 12.2 onwards, so is likely to already be available in your switches or routers. Read Cisco's own overview.
NBAR is a key component of Cisco’s technology strategy, and is the basis for a number of processes such as classifying traffic for applying Class-Of-Service (CoS) rules, filtering, etc.
Highlight can collect NBAR statistics periodically using SNMP and report on the applications present on a given circuit, as in this example:
NBAR is a powerful technology, similar to Flow in some respects, better at recognising different applications although ignoring the "Who sent it?" (addressing) aspects of network traffic that Flow picks up. Find out more about the differences between NBAR and Flow.
Device pre-requisites
To see traffic breakdown by application, NBAR must first be enabled on the router. Find out more about device Configuration for NBAR
Devices also need to be configured to allow SNMP read-only access from the IP addresses of the Highlight data collectors. Details can be found in the SNMP Configuration page
These pages describe how to set up NBAR on a Cisco router to work with Highlight. If you are an end-user organisation taking Highlight through a Service Provider partner, they would normally carry out this work.
Highlight configuration steps for NBAR
This section describes how bearer watches are configured on Highlight to provide NBAR graphics and data.
- Select the location containing the device on which to configure NBAR and select Admin tab. Click the bearer watch to be edited. Note: Step 1 is not shown in the images above.
- Select the Applications tab on the Edit Watch dialog
- Ensure Collection enabled (green toggle showing)
- Ensure Collect NBAR is selected
- Use to test for the interface and the appropriate one from the list in the Device Technical Test dialog
If NBAR is not monitoring the interface used in the Main tab
Traffic Analysis in Highlight assumes that the interface selected for NBAR is the same as the one on the Main tab, so the Traffic Analysis OUT/IN volumes correlate with the Traffic Load graphs.
If NBAR is set to report on a different interface then the "Swap I/O" box in the Applications tab may need to be ticked.
An example of this might be when Highlight monitors a Wide Area Network bearer interface which uses encryption, so Applications are monitored using NBAR on the Local Area Network interface.