Classifying applications sounds like a simple task, but it is often a hard undertaking. The difficulty is that today's Internet-based and client-server applications make it difficult for the network to identify and provide the proper level of control needed.
NBAR, Network Based Application Recognition, developed by the assignee of the present patent application, solves this problem by adding intelligent network classification to a network infrastructure. NBAR is a new classification engine that can recognize a wide variety of applications, including Web-based and client/server applications that dynamically assign Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port numbers.
Once the application is recognized, the network can invoke specific services for that particular application. NBAR currently works with Quality of Service (QoS) features to ensure that the network bandwidth is best used to fulfill customer objectives. These features include the ability to guarantee bandwidth to critical applications, limit bandwidth to other applications, drop selective packets to avoid congestion, and mark packets appropriately so that the customer's network and the service provider's network can provide the proper QoS from end to end.
NBAR, as currently implemented, supports a wide range of network protocols, including these stateful protocols that were once difficult to classify, including:                HTTP classification by URL, Host and MIME type        Citrix published application        Oracle SQL*NET        Sun RPC        Microsoft Exchange        UNIX r commands        VDOLive        RealAudio        Microsoft Netshow        File Transfer Protocol (FTP)        StreamWorks        Trivial File Transfer Protocol (TFTP)        
NBAR can also classify static-port protocols such as those currently classifiable with access control lists (ACLs).
New protocol support can be quickly and easily added via packet description language modules (PDLMs). PDLMs contain the rules used by NBAR to recognize an application and in most cases can be loaded without the need for a new OS software image or even a reboot.
Thus, the currently implemented Network Based Application Recognition (NBAR) is a classification mechanism that uses Protocol Discovery Language (.pdl) files to recognize what application is contained in the payload of a packet. The system is modular, being initially configured to recognize a standard set of widely used important protocols and capable of being selectively expanded by adding PDLMs to enable recognition of selected additional protocols not included in the standard set.
To create one of these .pdl files requires a network trace and a design engineer. NBAR uses a flexible packet description language that facilitates the quick and easy addition of support for new applications. Once the file is done the customer must load the file into the router and restart NBAR. Because of the speed that new applications hit the market, the time and money to extend the NBAR capability to recognize the new applications is substantial.