nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

Re: Does NTA understand NBAR?

a1ex

If I turn on NBAR on my routers, will NTA understand what i's getting and list the applications correctly?

Find more posts tagged with

Accepted answers

mcbridea

We are presently examining some options for NBAR monitoring. No dates to share at this point.

All comments

SamuelB

Short answer: No

Long answer: It isn't that NTA doesn't understand NBAR. It is that the the netflow protocol doesn't recognize/send NBAR information to NTA.

FormerMember

Samuel's correct. NBAR is a completely separate technology with some obvious overlap with NetFlow. We at SolarWinds have seen a few requests for NBAR, but the interest has been mild.

a1ex

How does ManageEngine work it in then (www.adventnet.com/.../netflow-cisco.html)

Do they poll via SNMP and then mash the data together somehow?

I'd be very interested in something that gave me a bit more visibility into the 50GB of port 80 traffic we seem to plough through in a day.

SamuelB

I believe that they poll the CISCO-NBAR-PROTOCOL-DISCOVERY-MIB via SNMP and correlate the data somehow.

FormerMember

It's definitely something we could do. It's not difficult, but as with anything, it takes time, and we would do that instead of something else. When we've interviewed users about NBAR, most folks don't know much about it. The few who do are under the impression that it's a big hit on router resources (esp. CPU, if I recall) and hence don't have any great desire to deploy it. If any of that changes and we have a groundswell of interest in NBAR, we will be responsive.

brn5336

I would like to request native NBAR support be added to either Orion NPM and/or the Netflow Traffic Analyzer. It is very valuable to be able to see Layer 7 data via NBAR in addition to the Netflow data. It will provide more visibility into what is going on in the network, and more visibilty is always a good thing!

Netflow monitors the data in Layer 2 through 4 only and is only able to determine applications by port. This of course is not useful for applications that use dynamic ports. NBAR completes the view by examining the data from Layer 3 through 7. It uses layer 3 & 4 PLUS deep packet inspection (layer 7) for traffic classification. This is useful for statefull inspection of dynamic port traffic. NBAR is a nice feature already built into most Cisco routers that just needs to be collected and presented in a useful way by a good tool such as NTA.

•

mcbridea

Thanks for the post. I am doing some more fact finding now on NBAR deployment so it is very timely. We don't have NBAR built in today but is you set it up manually you can use Orion's Universal Device Poller to poll the NBAR MIB for results.

honey007

FYI... i was looking for this information . thanks

mcbridea

Do you use NBAR today?

KevinMcKloud

Please please ADD NBAR !!! Technology to Orion NPM ... I have been requesting it since long time ago...

Currently I monitor it with Universal Custom Pollers...

(As a fact: NBAR it is NOT cpu intensive at all.. nothing, nada.. im a cisco engineer and there is enough documentation on cisco site about it already... It does not add even 2% of cpu.. I have it running on production at&t routers: 800's, 2600's, 2800's, 3800's, 4500, 6500, 7200, and so on.. without a problem)

My current issue is that the Counters of every protocol are in a Different Table! that the Names of each protocol... So, I can not "join" them with a Universal Custom Poller.. So I have to Guess which one I want to monitor.. also sql table "custompollerstatistics_detail" increases size since it keeps all the records of the nbar mib table. (I know I could monitor the exact oid), but since they change from IOS to IOS.. it is kind of difficult.. It would be Wayyyy Easier! to have that "Names" table joined with Nbar counters table.. So.. I could select to monitor ONLY a few: http, ftp, exchange...

My guess is that there is some Lack of Marketing about NBAR: (Im very sure that a lot of ppl here would like it to troubleshoot and have more useful Reports... and in case of a problem THEN you could use Netflow to identify the root cause)

FYI... NBAR will tell you the traffic of Each Protocol in your network: Web (http), FTP, Netbios, SAP, Exchange, smtp, etc etc.. WITHOUT the detail of Netflow (which consumes A LOT of DB Space).

Let's say there are 4 levels of granularity in a Network Traffic:

1) Orion NPM Interface Traffic <--- Without detail.

2) NBAR [By protocol: static ports (like www, exchange) or stateful/dynamic ports (like Kazaa) ] <-- Protocol-detailed

3) NetFlow (Detailed By IP address, ToS, Src/Dst Ports, etc) <-- IP-detailed

4) Sniffer (Detail of Each packet) <-- Lowest Level of detail

....... At least add it to Orion Wish List and assign it a number =] in APM or NPM

achrich

Just added my name the list of people who would like to see NBAR in Solarwinds in some form...no brainer I would have thought.

mcbridea

Thanks - Kevin and achrich!

This is very valuable information. I'm always looking to see which technologies are being adpoted by the engineers out there. NBAR is on my road map but like a good little Product Manager, I can't share which product it will be in or any dates at this point. Actually I'm not all that little but they would still kill me if I did!

Andy

schwit

Same here for NBAR.

nickirwin

I would like to see NBAR support added as well.

LesOkrasa

Please please add NBAR support to Orion! I tried the ManageEngine product and the NBAR support is great. This would be great in Orion.

GZhytar

LesOkrasa,

thanks for your feedback.

Please use this thread to vote for your feature: http://thwack.com/forums/73.aspx This will help to rise its priority in PM's feature list.

thanks

jskelton

Add me as another requestor for NBAR. We owned ManageEngine and would like to use NTA, but the lack of NBAR is a killer.

jskelton

NBAR supporters for NTA reply to the thread below so we can get Solarwinds to add this feature to NTA!

jacob_beucler

Hello J,

NBAR is definitely being considered here at SolarWinds, I really appreciate the fact that you brought this up on the forum again. It is has been long discussed and is currently the #1 most voted feature request in the Idea's and Feature Request section. Your feedback is valued and we are listening. The requests for NBAR support have certainly become more frequent. Please make sure that you visit the linked section above and up-vote existing or create new idea's / features requests.

-Jacob

michal.hrncirik

NBAR2 beta ready: Better application traffic visibility - NTA 4.2 Beta using NBAR2

daniel.polaske

Just wanted to let you know that NTA 4.2 is now in general availability and NBAR2 is implemented!

Netflow Traffic Analyzer 4.2 is Now Available

Here are the two key Success Center documents you will want to reference to start using NBAR2.

Set up NBAR2 on Cisco devices - SolarWinds Worldwide, LLC. Help and Support

NBAR2 Advanced Applications - SolarWinds Worldwide, LLC. Help and Support