NBAR Protocol Discovery
The existing Network-Based Application Recognition(NBAR) feature of Cisco is used to identify protocols so traffic can be classified appropriately for Quality of Service purposes. NBAR also contains a Protocol Discovery (NBARPD) feature that record the number of packets/bytes of any NBAR-supported protocol traffic traversing an interface. This program is using this feature by reading out the counters by SNMP and displays this by graph and numbers. Also these counters are recorded in RRD database for a week.
The NBARPD counters on the nodes are collected by SNMP using nbarpdd.pl which is running as a daemon. This daemon will be automatically started within nmis.pl. Configuration of the daemon options and displaying of the data will be done by html. The daemon will collect every minute the NBARPD counters and store these in RRD. The number of node::interfaces that can be active is limited to the runtime of one minute. Exceeding this time will be logged in nmis.log. So the collection should only be run when you require the information for individual nodes.
The IOS of the Cisco router contains a list of protocols and applications that NBAR is capable of recognizing. It is important to note that a user can add support for additional NBAR protocols and applications by downloading Packet Description Language Modules (PDLMs) or upgrading to an IOS that has added support for additional NBAR protocols or applications; therefore, this table will not be identical on all routers. Also it is possible to define a new protocol name (of your own choice) connect with one or more port numbers. This makes NBARPD very dynamic.
Some IOS commands are: router# sho ip nbar port-map gives you a list of protocol names and their ports for data transfer which are not recognizes by NBAR you can use the debugger router# debug ip nbar unclassified-port-stats wait a minute ... router# sho ip nbar unclassified-port-stats and router# undebug all now you can map an unclassified port to a new protocol name router# configure terminal router(config)#ip nbar custom protocol_name tcp 1234 4321 Don't forget to enable "ip cef" in global and "ip route-cache cef" in interface configuration mode at the router.
The web page consist of a menu section for configuring of the daemon and a graph section for displaying of the collected information. There are fields for selecting node and interface. NBARPD can be (permanently) enabled by configuring the interface by IOS command. If not, NBARPD must be enabled on the selected interface by the daemon and you must fill in the community field. After button 'Start' it will take a minute or so before data will be displayed. The web page will refresh every minute. Beside the graphs for processor load and memory using you can select a graph for protocols consisting of Pie, Bar and Chart. Pie and Bar displays the last minute counters. Chart displays default to the last day and display of the last week by clicking on the graph. Also one protocol can be selected for displaying.
Node
This select box gives you the choice of node. The table of this box is generated by running nmis.pl type=update. Normaly this will be done by Cron. Only nodes which support NBARPD are selectable.
Interface
This select box gives you the interface choice. The interface must be active.
SNMP community R/W
If NBARPD is not enabled on this interface by configuration of IOS then it is enabled here.
History of values
This select box gives you a choice for how many weeks you register the values in RRD. This results also in the size of the RRD database file.
View node charts
For displaying the node charts or not.
Discovery
Button for Start / Stop or Remove of discovery. With button Start a RRD database will be created for the selected node::interface, with Stop or Remove this database will be deleted.
Library GD::Graph is required. You can download this from CPAN.
Library SNMP_Session version 1.08 is required to work properly.
This program is using the next files:
bin/nbarpdd.pl for daemon cgi-bin/nbarpd.pl for web page var/nbarpdinfo.nmis for names of nbarpd nodes, generated by nmis.pl type=update var/nbarpdcfg.nmis for configuration of daemon, generated by web page var/nbarpddata.nmis for graph data of pie and bar var/nbarpd-nodename-interface.rrd for RRD database var/nbarpdd.pid for pid info of daemon
More information about NBARPD can be found at URL
http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1839/products_feature_guide09186a0080153efc.html#wp1044928 http://www.cisco.com/en/US/customer/tech/tk543/tk757/technologies_tech_note09186a0080094ac5.shtml