Support for Cisco NBAR

Many customers have requested support for application recognition based on NBAR. Today NTA simply relies on port numbers, but by leveraging NBAR we would be able to more accurately measure traffic by application.

Here are some thwack threads with this long standing request.

http://thwack.solarwinds.com/message/36593#36593

http://thwack.solarwinds.com/message/103488#103488

http://thwack.solarwinds.com/message/125418#125418

http://thwack.solarwinds.com/message/38672#38672

http://thwack.solarwinds.com/message/10171#10171

Find more posts tagged with

prodfr

Status: None

Comments

sja

Very nice..

but a CISCO only ...

dyogoaj

We need that for big CASE customer.

abaru1

Could somebody provide an update on this feature request? Please, please it's essential to have given the amount of market that Cisco devices with NBAR/NBAR2 present.

oconp1

For our company, this feature is a valuable differentiator that would definitively raise the total SolarWinds Orion offering over and above other similar competitor products.

It would be a very real value-add to enable a surgical understanding of network traffic patterns...

dgrambo

NBAR2 would provide the majority of your enterprise Orion customers with additional options for interpreting collection data. Cisco did the implementation, we paid for the hardware. All you have to do is listen. Why would any business developing a monitoring application ignore such an opportunity?

deverts

I suspect they did listen, and the response is something new we have to purchase:

Beta for SolarWinds "Deep Traffic Analysis" now available

casanave

Good idea, but what I would be careful on is, Cisco NBAR has been infamous for miss-categorizing traffic. If you look under the hood, most NBAR definitions (PLDMs) solely use port numbers for application recognition. This includes NBAR2. Historically, it isn't very good at detecting the network bad boy protocols that mascaraed under well known ports such as 80 and 443. Don't get me wrong, NBAR2 is much improved from the original in accuracy and application library, but it just isn't updated enough to keep up with well crafted network abusing programs for gamers, P2P, and anonymizer applications.

Are you running Flexible NetFlow and sending protocol identifications (using NBAR) within your export to NTA? Obviously, this option doesn't require much on the Solarwinds side since you will be sending them the appropriate information rather than NTA trying to SNMP grab it from the appliance.

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Aug2013/CVD-ApplicationMonitoringUsingNetFlowDesignGuide-AUG13.pdf

dsjaoui

any traction on this?

michal.hrncirik

All, NBAR2 and NTA Beta is ready. I would love to get your feedback so we can keep adding support for vendors and get statics on what protocol pack your devices have. Sign up here: Better application traffic visibility - NTA 4.2 Beta using NBAR2

FormerMember

Does anyone have the status of this moving to a production release?

jeff.stewart

This feature has been added to NTA 4.2.