Release Notes for NBAR2 Protocol Pack 8.0.0

• Release Notes for NBAR2 Protocol Pack 8.0.0, page 1

Release Notes for NBAR2 Protocol Pack 8.0.0

OverviewNBAR2 Protocol Pack 8.0.0 contains the EnhancedWeb Classification feature that supports multi-transactionsexport of URLs. For more information on this feature, see Classifying Network Traffic Using NBAR.

Supported PlatformsNetwork Based Application Recognition (NBAR) Protocol Pack 8.0.0 is supported on Cisco ASR 1000 SeriesAggregation Services Routers and Cisco ISR G2 Series Integrated Services Routers.

Supported ReleasesNetwork Based Application Recognition (NBAR) Protocol Pack 8.0.0 is supported on the following releases:

• Cisco IOS XE Release 3.10.0S Version 15.3(3)S

• Cisco IOS XE Release 3.11.0S Version 15.4(1)S

• Cisco IOS Release Version 15.3(3)M2 - loading NBAR2 Protocol Pack 8.0.0 on previous releases ofthis train may result in unexpected behavior and possibly crash (CSCuj40124).

New Protocols in NBAR2 Protocol Pack 8.0.0The following protocols are added to NBAR2 Protocol Pack 8.0.0:

NBAR2 Protocol Pack 8.0.0 1

DescriptionSyntax NameCommon Name

Ares is a P2P network which was originally operating onthe Gnutella network. After that, it switched to its ownnetwork with a leaves-and-super nodes architecture. AresGalaxy, which is an open source P2P software, is themain client which makes use of Ares network.

aresAres

iCloud is Apple's cloud computing and storage service.It provides data storage (such as music, files and iOSapplications) over remote computer servers and enablesdownloading stored data to multiple devices.

icloudiCloud

NetBIOS's datagram distribution service is the part of theNetBIOS-over-TCP/UDPprotocol suite for connectionlesscommunication. NetBIOS provides services related tothe session layer of the OSI model allowing applicationson separate computers to communicate over a local areanetwork. NetBIOS's datagram distribution serviceprovides a connectionless service which means that theerror detection and recovery are the applicationresponsibility.

netbios-dgmNetBIOS's DatagramDistribution Service

NetBIOS's session service is the part of theNetBIOS-over-TCP/UDP protocol suite for connectionoriented communication. NetBIOS provides servicesrelated to the session layer of the OSI model allowingapplications on separate computers to communicate overa local area network. NetBIOS's session service allowstwomachines to form a connection, mechanisms for errordetection and recovery and multiple packets messages.

netbios-ssnNetBIOS's SessionService

Orbix is a CORBA ORB (Object Request Broker) fromMicro Focus which helps programmers build distributedapplications. Orbix cfg (config) works over SSL typicallyon port 3078.

orbix-cfg-sslOrbix 2000 Config overSSL

Simple Mail Transfer Protocol (SMTP) is an Internetstandard for electronicmail transmission across networks.Secure-smtp refers to a method for securing SMTP withtransport layer security, typically works on TCP port 461.

secure-smtpSecure Simple MailTransfer Protocol

Updated Protocols in NBAR2 Protocol Pack 8.0.0The following protocols are updated in NBAR2 Protocol Pack 8.0.0:

UpdatesProtocol

Updated signatures.corba-iiop-ssl

NBAR2 Protocol Pack 8.0.02

Release Notes for NBAR2 Protocol Pack 8.0.0Updated Protocols in NBAR2 Protocol Pack 8.0.0

UpdatesProtocol

Updated signatures.ddm-ssl

Updated signatures to support encrypted exchange traffic.Exchange

Updated signatures.ftps-data

Updated signatures.h323

Updated signatures.ieee-mms-ssl

Updated signatures.msft-gc-ssl

Updated signatures to support Netflix in set-top-boxes, media streamers, gameconsoles and latest Windows, Apple and Android OSs.

Netflix

Updated signatures.nsiiops

Updated signatures.orbix-loc-ssl

Updated signatures.secure-ftp

Updated signatures.secure-imap

Updated signatures.secure-irc

Updated signatures.secure-ldap

Updated signatures.secure-nntp

Updated signatures.secure-pop3

Updated signatures.secure-telnet

Updated signatures.sshell

Deprecated Protocols in NBAR2 Protocol Pack 8.0.0The predefined custom protocols (named custom-01, custom-02…custom-10) have been deprecated in thisprotocol pack. In order to define custom protocols, users are advised to use the user-defined custom protocols.Note that in Cisco IOS Release 15.3(3)S and Cisco IOS Release 15.3(3)M, the ip nbar port-map commandhas been deprecated and therefore, users cannot use the predefined custom protocols anyway. For moreinformation about custom protocols see:http://www.cisco.com/en/US/docs/ios-xml/ios/qos_nbar/configuration/xe-3s/asr1000/clsfy-traffic-nbar.html.

NBAR2 Protocol Pack 8.0.0 3

Release Notes for NBAR2 Protocol Pack 8.0.0Deprecated Protocols in NBAR2 Protocol Pack 8.0.0

Caveats in NBAR2 Protocol Pack 8.0.0

If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of anyseverity. To reach the Bug Toolkit, log in to Cisco.com and go to http://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl. (If the defect that you have requested cannot be displayed, this may be dueto one or more of the following reasons: the defect number does not exist, the defect does not have acustomer-visible description yet, or the defect has been marked Cisco Confidential.)

Note

Resolved Caveats in NBAR2 Protocol Pack 8.0.0

The following table lists the resolved caveats in NBAR2 Protocol Pack 8.0.0:

DescriptionResolved Caveat

ASR1k/03.09.00.S NBAR doesn't recognize h323 protocol traffic.CSCuh48686

Matching under ms-office-web-apps attributes might be misclassified.CSCui72228

MS-Lync traffic on Mac and mobile devices may be misclassified.CSCui93597

VNC sub-classification doesn't work when protocol-discovery is enabled.CSCuj14380

Loading NBAR2 Protocol Pack 8.0.0 on Cisco IOS Releases 15.3(3)M or15.3(3)M1 may result in unexpected behavior and possibly crash.

CSCuj40124

PCoIP with no TH signature performance improvement.CSCuj40958

Field-extraction for ssl may not work in some cases.CSCuj58064

Video traffic generated by the webex-meeting iPhone app might be misclassifiedas video-over-http.

CSCuj67799

NetBIOS traffic might be misclassified as unknown.CSCuj76966

Some cisco-jabber traffic might be misclassified as webex-meeting.CSCul02147

Some cisco-jabber traffic might be misclassified as ssl.CSCul02157

Some ms-lync-video traffic via mobile classified as rtp.CSCul18924

Known Caveats in NBAR2 Protocol Pack 8.0.0

The following table lists the known caveats in NBAR2 Protocol Pack 8.0.0:

DescriptionKnown Caveat

gtalk-video might be misclassified as rtp.CSCub62860

NBAR2 Protocol Pack 8.0.04

Release Notes for NBAR2 Protocol Pack 8.0.0Caveats in NBAR2 Protocol Pack 8.0.0

DescriptionKnown Caveat

gbridge pc client might not be blocked.CSCub89835

Traffic generated by AIM Pro might be misclassified as unknown andwebex-meeting.

CSCuc43505

PCoIP session-priority configuration limitation.CSCuh49380

Segmented packets are not classified when using NBAR sub classification.CSCuh53623

When using Microsoft Lync in Office-365, the traffic might be misclassified asrtp or SSL.

CSCui50424

Traffic generated by realmedia might be misclassified as http. The CSCum17899caveat is specific to Cisco ISR G2 series Integrated Services Routers only.

CSCum17899

Traffic generated by Netflix might be misclassified as http. The CSCum95591caveat is specific to Cisco ISR G2 series Integrated Services Routers only.

CSCum95591

Traffic generated by xunlei-kanan might be misclassified as http. TheCSCum97248 caveat is specific to Cisco ISRG2 series Integrated Services Routersonly.

CSCum97248

Traffic generated by gotomypc might be misclassified as http. The CSCum97251caveat is specific to Cisco ISR G2 series Integrated Services Routers only.

CSCum97251

Traffic generated by oracle-e-business-suite might be misclassified. TheCSCum97253 caveat is specific to Cisco ISRG2 series Integrated Services Routersonly.

CSCum97253

Restrictions and Limitations in NBAR2 Protocol Pack 8.0.0The following table lists the limitations and restrictions in NBAR2 Protocol Pack 8.0.0:

Limitation/RestrictionProtocol

http traffic generated by the bitcomet bittorrent client might be classified as httpbittorrent

For capwap-data to be classified correctly, capwap-control must also be enabledcapwap-data

Encrypted cisco jabber might be classified as unknown.cisco-jabber

During configuring QoS class-map with ftp-data, the ftp protocol must be selected.As an alternative, the ftp application group can be selected.

ftp

Encrypted video streaming generated by hulumight be classified as its underlyingprotocol rtmpe

hulu

NBAR2 Protocol Pack 8.0.0 5

Release Notes for NBAR2 Protocol Pack 8.0.0Restrictions and Limitations in NBAR2 Protocol Pack 8.0.0

Limitation/RestrictionProtocol

Traffic generated by the logmein android app might be misclassified as ssllogmein

Login and chat traffic generated by the ms-lync client might be misclassified asssl

ms-lync

Traffic generated by pcanywhere for mac might be classified as unknown.pcanywhere

Login to QQ applications which is not via webmay not be classified as qq-accountsqq-accounts

Voice traffic generated by secondlife might be misclassified as sslsecondlife

Downloading NBAR2 Protocol PacksNBAR2 Protocol Packs are available for download as Software Type 'NBAR2 Protocol Pack' on cisco.comsoftware download page (http://www.cisco.com/cisco/software/navigator.html).

NBAR2 Protocol Pack 8.0.06

Release Notes for NBAR2 Protocol Pack 8.0.0Downloading NBAR2 Protocol Packs

Additional ReferencesRelated Documents

Document TitleRelated Topic

Application Visibility and Control Configuration GuideApplication Visibility and Control

Classifying Network Traffic Using NBAR moduleClassifying Network Traffic Using NBAR

NBAR Protocol Pack moduleNBAR Protocol Pack

QoS: NBAR Configuration GuideQoS: NBAR Configuration Guide

Quality of Service Solutions Command ReferenceQoS Command Reference

NBAR2 Protocol Pack 8.0.0 7

Release Notes for NBAR2 Protocol Pack 8.0.0Additional References

NBAR2 Protocol Pack 8.0.08

Release Notes for NBAR2 Protocol Pack 8.0.0Additional References