Showing results for 
Search instead for 
Did you mean: 
Create Post

Support for Cisco NBAR

Support for Cisco NBAR

Many customers have requested support for application recognition based on NBAR. Today NTA simply relies on port numbers, but by leveraging NBAR we would be able to more accurately measure traffic by application.

Here are some thwack threads with this long standing request.

Tags (1)
Level 13

YEs I really need this feature

here are a few screen shots from a recent NBAR slide deck at cisco live 2013 in OrlandoNBAR is the engine-still need a driver.pngwhat is NBAR.png

what is NBAR2- Next Gen NBAR.png

flexible netflow-nbar integration.png

Level 16

Very nice..

but   a CISCO only ...

Level 9

We need that for big CASE customer.

Level 8

Could somebody provide an update on this feature request? Please, please it's essential to have given the amount of market that Cisco devices with NBAR/NBAR2 present.

Level 13

yes i agree, cisco has the largest market share,

any update from the DEV team

Level 8

For our company, this feature is a valuable differentiator that would definitively raise the total SolarWinds Orion offering over and above other similar competitor products.

It would be a very real value-add to enable a surgical understanding of network traffic patterns...

Level 7

NBAR2 would provide the majority of your enterprise Orion customers with additional options for interpreting collection data. Cisco did the implementation, we paid for the hardware. All you have to do is listen. Why would any business developing a monitoring application ignore such an opportunity?

Level 14

I suspect they did listen, and the response is something new we have to purchase:

Beta for SolarWinds "Deep Traffic Analysis" now available


Level 9

Good idea, but what I would be careful on is, Cisco NBAR has been infamous for miss-categorizing traffic.  If you look under the hood, most NBAR definitions (PLDMs) solely use port numbers for application recognition.  This includes NBAR2.  Historically, it isn't very good at detecting the network bad boy protocols that mascaraed under well known ports such as 80 and 443.  Don't get me wrong, NBAR2 is much improved from the original in accuracy and application library, but it just isn't updated enough to keep up with well crafted network abusing programs for gamers, P2P, and anonymizer applications. 

Are you running Flexible NetFlow and sending protocol identifications (using NBAR) within your export to NTA?  Obviously, this option doesn't require much on the Solarwinds side since you will be sending them the appropriate information rather than NTA trying to SNMP grab it from the appliance.

Level 9

any traction on this?