0% found this document useful (0 votes)
194 views

Qos Nbar Xe 2 Book

Uploaded by

Hugues ADDIH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
194 views

Qos Nbar Xe 2 Book

Uploaded by

Hugues ADDIH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 112

QoS: NBAR Configuration Guide, Cisco

IOS XE Release 2

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED
WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED
WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL
FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE
PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR
ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output,
network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content
is unintentional and coincidental.

© 2011 Cisco Systems, Inc. All rights reserved.


CONTENTS

Classifying Network Traffic Using NBAR in Cisco IOS XE Software 1


Finding Feature Information 1
Restrictions for Classifying Network Traffic Using NBAR 1
Information About Classifying Network Traffic Using NBAR 3
NBAR Functionality 3
NBAR Benefits 4
NBAR and Classification of HTTP Traffic 4
Classification of HTTP Traffic by URL Host or MIME 4
Classification of HTTP Traffic Using HTTP Header Fields 5
Combinations of Classification of HTTP Headers and URL Host or MIME Type to
Identify HTTP Traffic 6
NBAR and Classification of Citrix ICA Traffic 6
Classification of Citrix ICA Traffic by Published Application Name 7
Citrix ICA Client Modes 7
Classification of Citrix ICA Traffic by ICA Tag Number 8
Citrix ICA Packet Tagging 8
NBAR and RTP Payload Type Classification 9
NBAR and Classification of Custom Protocols and Applications 9
NBAR and Classification with Dynamic PDLMs 10
NBAR and Classification of Peer-to-Peer File-Sharing Applications 10
NBAR Scalability 11
Interface Scalability 11
Flow Scalability 11
Flow Table Sizing 12
NBAR-Supported Protocols 13
NBAR Protocol Discovery 80
NBAR Protocol Discovery MIB 80
NBAR Configuration Processes 80
Restarting NBAR 81

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


iii
Contents

NBAR Protocol Pack 81


NBAR and Multipacket Classification 81
NBAR on VRF Interfaces 82
NBAR and IPv6 82
NBAR Support for IPv6 from Cisco IOS XE Release 3.5S and Later Releases 82
NBAR Categorization and Attributes 82
How to Configure Attribute-Based Protocol Match 83
Configuring Attribute-Based Protocol Match 83
Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE
Software 86
Example: Classification of HTTP Traffic Using the HTTP Header Fields 86
Example: Combinations of Classification of HTTP Headers and URL Host or MIME Type
to Identify HTTP Traffic 87
Example: NBAR and Classification of Custom Protocols and Applications 87
Example: NBAR and Classification of Peer-to-Peer File-Sharing Applications 88
Example: Configuring Attribute-Based Protocol Match 89
Additional References 90
Feature Information for Classifying Network Traffic Using NBAR 94
Glossary 96
Enabling Protocol Discovery 99
Finding Feature Information 99
Prerequisites for Enabling Protocol Discovery 99
Restrictions for Enabling Protocol Discovery 99
Information About Protocol Discovery 100
Protocol Discovery Overview 100
Interface Scalability 101
How to Enable Protocol Discovery 101
Enabling Protocol Discovery on an Interface 102
Reporting Protocol Discovery Statistics 103
Configuration Examples for Protocol Discovery 104
Example: Enabling Protocol Discovery on an Interface 104
Example: Reporting Protocol Discovery Statistics 105
Additional References 106
Feature Information for Enabling Protocol Discovery 107

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


iv
Classifying Network Traffic Using NBAR in
Cisco IOS XE Software
Network-Based Application Recognition (NBAR) is a classification engine that recognizes and classifies
a wide variety of protocols and applications. When NBAR recognizes and classifies a protocol or
application, the network can be configured to apply the appropriate quality of service (QoS) for that
application or traffic with that protocol.
This module contains an overview of classifying network traffic using NBAR in Cisco IOS XE software.

• Finding Feature Information, page 1


• Restrictions for Classifying Network Traffic Using NBAR, page 1
• Information About Classifying Network Traffic Using NBAR, page 3
• Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software,
page 86
• Additional References, page 90
• Feature Information for Classifying Network Traffic Using NBAR, page 94
• Glossary, page 96

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest feature
information and caveats, see the release notes for your platform and software release. To find information
about the features documented in this module, and to see a list of the releases in which each feature is
supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Restrictions for Classifying Network Traffic Using NBAR


NBAR does not support the following applications:
• Non-IP traffic.
• Multiprotocol Label Switching (MPLS)-labeled packets. NBAR classifies IP packets only. You can,
however, use NBAR to classify IP traffic before the traffic is handed over to MPLS. Use the modular
QoS CLI (MQC) to set the IP differentiated services code point (DSCP) field on the NBAR-classified
packets and make MPLS map the DSCP setting to the MPLS experimental (EXP) setting inside the
MPLS header.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


1
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Restrictions for Classifying Network Traffic Using NBAR

• NBAR processing. By design, NBAR processing is temporarily disabled during the In-Service
Software Upgrade (ISSU). The following syslog message indicates the restart of the NBAR
classification once ISSU is complete: "%NBAR_HA-5-NBAR_INFO: NBAR sync DONE!".
• Multicast packet classification.
• Asymmetric flows with stateful protocols.
• Packets that originate from or destined to the router running NBAR.

Note In the NBAR context, asymmetric flows are flows in which different packets of the flow go through
different routers, for reasons such as load balancing implementation or asymmetric routing, where packets
flow through different routes in different directions.

NBAR is not supported on the following logical interfaces:


• Dialer interfaces
• Dynamic tunnels such as Dynamic Virtual Tunnel Interface (DVTI)
• Fast Etherchannels
• IPv6 tunnels that terminate on the router
• Multilink interfaces such as Multilink Point-to-Point Protocol (MLPPP) and Multilink Frame Relay
(MLFR)
• MPLS
• Overlay Transport Virtualization (OTV) overlay interfaces
• Port channels
• VRF-Aware Service Infrastructure (VASI)

Note In cases where encapsulation is not supported by NBAR on some of the links, you can apply NBAR on
other interfaces of the router to perform input classification. For example, you can configure NBAR on
LAN interfaces to classify output traffic on the WAN link.

The following virtual interfaces are supported in Cisco IOS XE Release 3.5S and later releases:
• Generic routing encapsulation (GRE)
• IPsec IPv4 tunnel (including tunneled IPv6) in protocol discovery mode and MQC mode (cryptomap
mode is not supported)
• IPsec IPv6 tunnel in protocol discovery mode but not in MQC mode (cryptomap mode is not
supported)
• Multipoint GRE/Dynamic Multipoint VPN in protocol discovery mode

Note NBAR requires more CPU power when NBAR is enabled on tunneled interfaces.

If protocol discovery is enabled on both the tunnel interface and the physical interface on which the tunnel
interface is configured, the packets that are designated to the tunnel interface are counted on both
interfaces. On the physical interface, the packets are classified and are counted based on the encapsulation.
On the tunnel interface, the packets are classified and are counted based on the L7 protocol.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


2
NBAR Functionality
Information About Classifying Network Traffic Using NBAR

Information About Classifying Network Traffic Using NBAR


• NBAR Functionality, page 3
• NBAR Benefits, page 4
• NBAR and Classification of HTTP Traffic, page 4
• NBAR and Classification of Citrix ICA Traffic, page 6
• NBAR and RTP Payload Type Classification, page 9
• NBAR and Classification of Custom Protocols and Applications, page 9
• NBAR and Classification with Dynamic PDLMs, page 10
• NBAR and Classification of Peer-to-Peer File-Sharing Applications, page 10
• NBAR Scalability, page 11
• NBAR-Supported Protocols, page 13
• NBAR Protocol Discovery, page 80
• NBAR Protocol Discovery MIB, page 80
• NBAR Configuration Processes, page 80
• Restarting NBAR, page 81
• NBAR Protocol Pack, page 81
• NBAR and Multipacket Classification, page 81
• NBAR on VRF Interfaces, page 82
• NBAR and IPv6, page 82
• NBAR Categorization and Attributes, page 82
• How to Configure Attribute-Based Protocol Match, page 83

NBAR Functionality
NBAR is a classification engine that recognizes and classifies a wide variety of protocols and applications,
including web-based and other difficult-to-classify applications and protocols that use dynamic TCP/UDP
port assignments.
When NBAR recognizes and classifies a protocol or application, the network can be configured to apply
the appropriate QoS for that application or traffic with that protocol. The QoS is applied using the MQC.

Note For more information about the MQC, see the "Applying QoS Features Using the MQC" module.

NBAR introduces several classification features that identify applications and protocols from Layer 4
through Layer 7. These classification features are as follows:
• Statically assigned TCP and UDP port numbers.
• Non-TCP and non-UDP IP protocols.
• Dynamically assigned TCP and UDP port numbers. This kind of classification requires stateful
inspection, that is, the ability to inspect a protocol across multiple packets during packet classification.
• Subport classification or classification based on deep packet inspection, that is, classification
inspecting the packets.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


3
NBAR Benefits
Classification of HTTP Traffic by URL Host or MIME

Note Access Control Lists (ACLs) can also be used for classifying static port protocols. However, NBAR is
easier to configure and can provide classification statistics that are not available when ACLs are used.

NBAR includes a Protocol Discovery feature that provides an easy way to discover application protocols
that are operating on an interface. For more information about Protocol Discovery, see the "Enabling
Protocol Discovery" module.

Note NBAR classifies network traffic by application or protocol. Network traffic can be classified without using
NBAR. For information about classifying network traffic without using NBAR, see the "Classifying
Network Traffic" module.

NBAR includes the Protocol Pack feature that provides an easy way to load protocols and helps NBAR
recognize additional protocols for network traffic classification. A protocol pack is set a of protocols
developed and packed together. A new protocol pack can be loaded on the router to replace the default IOS
protocol pack that is already present in the router.

NBAR Benefits
Identifying and classifying network traffic is an important first step in implementing QoS. A network
administrator can more effectively implement QoS in a networking environment after identifying the
number and types of applications and protocols that are running on a network.
NBAR gives network administrators the ability to see the different types of protocols and the amount of
traffic generated by each protocol. After NBAR gathers this information, users can organize traffic into
classes. These classes can then be used to provide different levels of service for network traffic, thereby
allowing better network management by providing the appropriate level of network resources for the
network traffic.

NBAR and Classification of HTTP Traffic


This section includes information about the following topics:
• Classification of HTTP Traffic by URL Host or MIME, page 4
• Classification of HTTP Traffic Using HTTP Header Fields, page 5
• Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify HTTP
Traffic, page 6

Classification of HTTP Traffic by URL Host or MIME


NBAR can classify application traffic by looking beyond the TCP/UDP port numbers of a packet. This is
called subport classification. NBAR looks into the TCP/UDP payload itself and classifies packets based on
content within the payload such as the transaction identifier, message type, or other similar data.
Classification of HTTP traffic by URL, host, or Multipurpose Internet Mail Extension (MIME) type is an
example of subport classification. NBAR classifies HTTP traffic by text within the URL or host fields of a
request using regular expression matching. HTTP client request matching in NBAR supports most HTTP
request methods such as GET, PUT, HEAD, POST, DELETE, OPTIONS, CONNECT, and TRACE. The
NBAR engine then converts the specified match string into a regular expression.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


4
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Classification of HTTP Traffic Using HTTP Header Fields

The figure below illustrates a network topology with NBAR in which Router Y is the NBAR-enabled
router.

When specifying a URL for classification, include only the portion of the URL that follows the
www.hostname.domain in the match statement. For example, for the URL www.cisco.com/latest/
whatsnew.html, include only /latest/whatsnew.html with the match statement (for instance, match
protocol http url /latest/whatsnew.html).
Host specifications are identical to URL specifications. NBAR performs a regular expression match on the
host field contents inside an HTTP packet and classifies all packets from that host. For example, for the
URL www.cisco.com/latest/whatsnew.html, include only www.cisco.com.
For MIME type matching, the MIME type can contain any user-specified text string. A list of the Internet
Assigned Numbers Authority (IANA) supported MIME types can be found at the following URL:
http://www.iana.org/assignments/media-types/
When matching by MIME type, NBAR matches a packet containing the MIME type and all subsequent
packets until the next HTTP transaction.
NBAR supports URL and host classification in the presence of persistent HTTP. NBAR does not classify
packets that are part of a pipelined request. With pipelined requests, multiple requests are pipelined to the
server before previous requests are serviced. Pipelined requests are not supported with subclassification and
tunneled protocols that use HTTP as the transport protocol.
The NBAR Extended Inspection for HTTP Traffic feature allows NBAR to scan TCP ports that are not
well known and to identify HTTP traffic that traverses these ports. HTTP traffic classification is no longer
limited to the well-known and defined TCP ports.

Classification of HTTP Traffic Using HTTP Header Fields


NBAR introduces expanded ability for users to classify HTTP traffic using information in the HTTP header
fields.
HTTP works using a client/server model. HTTP clients open connections by sending a request message to
an HTTP server. The HTTP server then returns a response message to the HTTP client (this response
message is typically the resource requested in the request message from the HTTP client). After delivering
the response, the HTTP server closes the connection and the transaction is complete.
HTTP header fields are used to provide information about HTTP request and response messages. HTTP has
numerous header fields. For additional information on HTTP headers, see section 14 of RFC 2616:
Hypertext Transfer Protocol--HTTP/1.1. This RFC can be found at the following URL:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
NBAR is able to classify the following HTTP header fields:
• For request messages (client to server), the following HTTP header fields can be identified using
NBAR:

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


5
NBAR and Classification of Citrix ICA Traffic
Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify HTTP Traffic

◦ User-Agent
◦ Referer
◦ From
• For response messages (server to client), the following HTTP header fields can be identified using
NBAR:
◦ Server
◦ Location
◦ Content-Base
◦ Content-Encoding

Note In Cisco IOS XE Release 3.1S and later releases, up to 56 parameters or subclassifications per protocol per
router can be specified with the match protocol http command. These parameters or subclassifications can
be a combination of any of the available match choices, such as host matches, MIME matches, server
matches, and URL matches. For other Cisco IOS XE releases and platforms, the maximum is 24 parameters
or subclassifications per protocol per router.

Within NBAR, the match protocol http c-header-field command is used to specify that NBAR identify
request messages (the "c" in the c-header-field portion of the command is for client). The match protocol
http s-header-field command is used to specify response messages (the "s" in the s-header-field portion of
the command is for server).

Note In Cisco IOS XE Release 3.1S and later releases, the c-header-field and s-header-field keywords and
associated arguments in the match protocol http command are not available. The same functionality is
achieved by using the individual keywords and arguments. For more information, see the syntax of the
match protocol http command in the Cisco IOS Quality of Service Solutions Command Reference.

Note The c-header-field performs subclassifications based on a single value in the user-agent, the referrer, or
from header field values. The s-header-field performs subclassifications based on a single value in the
server, location, content-encoding, or content-base header field values. These header field values are not
related to each other. Hence, the c-header and s-header fields are replaced by the user-agent, referrer,
from, server, content-base, content-encoding, and location parameters as per the intent and need of HTTP
subclassification.

Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify
HTTP Traffic
Note that combinations of URL, Host, MIME type, and HTTP headers can be used during NBAR
configuration. These combinations provide customers with more flexibility to classify specific HTTP traffic
based on their network requirements.

NBAR and Classification of Citrix ICA Traffic


NBAR can classify Citrix Independent Computing Architecture (ICA) traffic and perform subport
classification of Citrix traffic based on the published application name or ICA tag number.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


6
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Classification of Citrix ICA Traffic by Published Application Name

This section includes information about the following topics:


• Classification of Citrix ICA Traffic by Published Application Name, page 7
• Classification of Citrix ICA Traffic by ICA Tag Number, page 8

Classification of Citrix ICA Traffic by Published Application Name


NBAR can monitor Citrix ICA client requests for a published application destined to a Citrix ICA Master
browser. After the client requests the published application, the Citrix ICA Master browser directs the
client to the server with the most available memory. The Citrix ICA client then connects to this Citrix ICA
server for the application.

Note For Citrix to monitor and classify traffic by the published application name, Server Browser Mode on the
Master browser must be used.

In Server Browser Mode, NBAR statefully tracks and monitors traffic and performs a regular expression
search on the packet contents for the published application name specified by the match protocol citrix
command. The published application name is specified by using the app keyword and the application-
name-string argument of the match protocol citrix command. For more information about the match
protocol citrix command, see the Cisco IOS Quality of Service Solutions Command Reference.
The Citrix ICA session triggered to carry the specified application is cached, and traffic is classified
appropriately for the published application name.
• Citrix ICA Client Modes, page 7

Citrix ICA Client Modes


Citrix ICA clients can be configured in various modes. NBAR cannot distinguish among Citrix applications
in all modes of operation. Therefore, network administrators might need to collaborate with Citrix
administrators to ensure that NBAR properly classifies Citrix traffic.
A Citrix administrator can configure Citrix to publish Citrix applications individually or as the entire
desktop. In the Published Desktop mode of operation, all applications within the published desktop of a
client use the same TCP session. Therefore, differentiation among applications is impossible, and NBAR
can be used to classify Citrix applications only as aggregates (by looking at port 1494).
The Published Application mode for Citrix ICA clients is recommended when you use NBAR. In Published
Application mode, a Citrix administrator can configure a Citrix client in either seamless or nonseamless
(windows) modes of operation. In nonseamless mode, each Citrix application uses a separate TCP
connection, and NBAR can be used to provide interapplication differentiation based on the name of the
published application.
Seamless mode clients can operate in one of two submodes: session sharing or nonsession sharing. In
seamless session sharing mode, all clients share the same TCP connection, and NBAR cannot differentiate
among applications. Seamless sharing mode is enabled by default in some software releases. In seamless
nonsession sharing mode, each application for each particular client uses a separate TCP connection.
NBAR can provide interapplication differentiation in seamless nonsession sharing mode.

Note NBAR operates properly in Citrix ICA secure mode. Pipelined Citrix ICA client requests are not supported.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


7
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Classification of Citrix ICA Traffic by ICA Tag Number

Classification of Citrix ICA Traffic by ICA Tag Number


Citrix uses one TCP session each time an application is opened. In the TCP session, a variety of Citrix
traffic may be intermingled in the same session. For example, print traffic may be intermingled with
interactive traffic, causing interruption and delay for a particular application. Most users likely would
prefer that printing be handled as a background process and that printing not interfere with the processing
of higher-priority traffic.
To accommodate this preference, the Citrix ICA protocol includes the ability to identify Citrix ICA traffic
based on the ICA tag number of the packet. The ability to identify, tag, and prioritize Citrix ICA traffic is
referred to as ICA Priority Packet Tagging. With ICA Priority Packet Tagging, Citrix ICA traffic is
categorized as high, medium, low, and background, depending on the ICA tag of the packet.
When ICA traffic priority tag numbers are used, and the priority of the traffic is determined, QoS features
can be implemented to determine how the traffic will be handled. For example, QoS traffic policing can be
configured to transmit or drop packets with a specific priority.
• Citrix ICA Packet Tagging, page 8

Citrix ICA Packet Tagging


The Citrix ICA tag is included in the first two bytes of the Citrix ICA packet, after the initial negotiations
are completed between the Citrix client and server. These bytes are not compressed or encrypted.
The first two bytes of the packet (byte 1 and byte 2) contain the byte count and the ICA priority tag
number. Byte 1 contains the low-order byte count, and the first two bits of byte 2 contain the priority tags.
The other six bits contain the high-order byte count.
The ICA priority tag value can be a number from 0 to 3. The number indicates the packet priority, with 0
being the highest priority and 3 being the lowest priority.
To prioritize Citrix traffic by the ICA tag number of the packet, you must specify the tag number using the
ica-tag keyword and the ica-tag-value argument of the match protocol citrix command. For more
information about the match protocol citrix command, see the Cisco IOS Quality of Service Solutions
Command Reference .
The table below contains information about different Citrix traffic and the respective priority tags.

Table 1 Citrix ICA Packet Tagging

Priority ICA Bits (decimal) Sample Virtual Channels


High 0 Video, mouse, and keyboard
screen updates

Medium 1 Program neighborhood,


clipboard, audio mapping, and
license management

Low 2 Client common equipment


(COM) port mapping and client
drive mapping

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


8
NBAR and RTP Payload Type Classification
Citrix ICA Packet Tagging

Priority ICA Bits (decimal) Sample Virtual Channels


Background 3 Auto client update, client printer
mapping, and original equipment
manufacturers (OEM) channels

NBAR and RTP Payload Type Classification


Real-time Transport Protocol (RTP) is a packet format for multimedia data streams. It can be used for
media-on-demand and for interactive services such as Internet telephony. RTP consists of a data part and a
control part. The control part is called Real-Time Transport Control Protocol (RTCP). RTCP is a separate
protocol that is supported by NBAR. It is important to note that the NBAR RTP Payload Type
Classification feature does not identify RTCP packets and that RTCP packets run on odd-numbered ports
and RTP packets run on even-numbered ports.
The data part of RTP is a thin protocol that provides support for applications with real-time properties such
as continuous media (audio and video), which includes timing reconstruction, loss detection, and security
and content identification. RTP is discussed in RFC 1889 (A Transport Protocol for Real-Time
Applications)and RFC 1890 (RTP Profile for Audio and Video Conferences with Minimal Control).
The RTP payload type is the data transported by RTP in a packet, for example audio samples or
compressed video data.
NBAR RTP Payload Type Classification feature not only allows real-time audio and video traffic to be
statefully identified, but can also differentiate on the basis of audio and video codecs to provide more
granular QoS. The RTP Payload Type Classification feature, therefore, looks deep into the RTP header to
classify RTP packets.
For more information on the classification of RTP with NBAR, see http://www.cisco.com/en/US/products/
ps6616/products_white_paper09186a0080110040.shtml

NBAR and Classification of Custom Protocols and Applications


NBAR supports the use of custom protocols to identify custom applications. Custom protocols support
static port-based protocols and applications that NBAR does not currently support. You can add to the set
of protocols and application types that NBAR recognizes by creating custom protocols.
Custom protocols extend the capability of NBAR Protocol Discovery to classify and monitor additional
static port applications and allow NBAR to classify nonsupported static port traffic.
Once the custom protocols are defined, you can then use them with the help of NBAR Protocol Discovery
and the MQC to classify the traffic.
With NBAR supporting the use of custom protocols, NBAR can map static TCP and UDP port numbers to
the custom protocols.
There are two types of custom protocols:
• Predefined custom protocols
• User-defined custom protocols
NBAR includes the following features related to predefined custom protocols and applications:
• Custom protocols have to be named custom-xx, with xx being a number.
• Ten custom applications can be assigned using NBAR, and each custom application can have up to 16
TCP and 16 UDP ports each mapped to an individual custom protocol. The real-time statistics of each
custom protocol can be monitored using Protocol Discovery.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


9
NBAR and Classification with Dynamic PDLMs
Citrix ICA Packet Tagging

• When you create a custom protocol after creating a variable, you can use the match protocol
command to classify traffic on the basis of a specific value in the custom protocol.
NBAR includes the following features related to user-defined custom protocols and applications:
• The ability to inspect the payload for certain matching string patterns at a specific offset.
• The ability to allow users to define the names of their custom protocol applications. The user-named
protocol can then be used by Protocol Discovery, the Protocol Discovery MIB, the match protocol
command, and the ip nbar port-map command as an NBAR-supported protocol.
• The ability of NBAR to inspect custom protocols specified by traffic direction (that is, traffic heading
toward a source or destination rather than traffic in both directions), if desired by the user.
• CLI support that allows a user configuring a custom application to specify a range of ports rather than
to specify each port individually.
• The variable keyword, the field-name argument, and the field-length argument were added to the ip
nbar custom command.
This additional keyword and two additional arguments allow for creation of more than one custom protocol
based on the same port numbers.

Note Defining a user-defined custom protocol restarts the NBAR feature, whereas defining predefined custom
protocol does not restart the NBAR feature.

NBAR and Classification with Dynamic PDLMs


Dynamic Packet Description Language Modules (PDLM) allow new protocol support or enhance existing
protocol support for NBAR without the requirement of a Cisco IOS XE release upgrade and router reload.
If the support is for enhancing protocols for NBAR, then the module version of the PDLM should be
greater than the existing version of the PDLM. Subsequent Cisco IOS XE releases incorporate support for
these new protocols.

Note PDLMs must be loaded on both Route Processors (RPs) when using the ASR 1006 redundant hardware
setup.

Dynamic PDLMs are platform-specific and have Software Family Identifier (SFI) embedded in them.
Dynamic PDLMs of other platforms cannot be loaded on Cisco ASR 1000 Series Routers.

NBAR and Classification of Peer-to-Peer File-Sharing Applications


The following applications are the most common peer-to-peer file-sharing applications supported by
NBAR:
• BitTorrent
• DirectConnect
• eDonkey
• eMule
• FastTrack
• KazaA (and KazaA Lite and KazaA Lite Resurrection)
• Win MX
• POCO

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


10
NBAR Scalability
Interface Scalability

In Cisco IOS XE Release 2.5 the DirectConnect and the eDonkey P2P protocols support the following
subclassifications:
• eDonkey supports the following subclassification options:
◦ file-transfer
◦ search-file-name
◦ text-chat
• KazaA, FastTrack, and Gnuetella support the file-transfer subclassification.
The Gnutella file sharing became classifiable using NBAR in Cisco IOS XE Release 2.5.
Applications that use the Gnutella protocol are Bearshare, Gnewtellium, Gnucleus, Gtk-Gnutella,
Limewire, Mutella, Phex, Qtella, Swapper, and Xolo. The traffic from the applications that use the Gnutella
protocol will be classified as Gnutella and not as the respective application.

NBAR Scalability
• Interface Scalability, page 11
• Flow Scalability, page 11
• Flow Table Sizing, page 12

Interface Scalability
In Cisco IOS XE Release 2.4 and earlier releases, there is no limit on the number of interfaces on which
protocol discovery can be enabled.
The table below provides the details of the protocol discovery supported interface and the release number.

Table 2 Release and Protocol Discovery Interface Support

Release Number of Interfaces Supported with Protocol Discovery


Cisco IOS XE Release 2.5 128

Cisco IOS XE Release 2.6 256

Cisco IOS XE Release 2.7 32

Cisco IOS XE Release 3.2S and later releases 32

Flow Scalability
In Cisco IOS XE Release 2.5, the following flows are supported:
• A maximum of 250K bidirectional flows on Edge Services Processor (ESP)10 and ESP20 hardware.
• A maximum of 125K bidirectional flows on ESP5.
If this limit is exceeded or there is a flow memory constraint, new flows will be classified as Unknown.
In Cisco IOS XE Release 3.1, the following flows are supported:
• A maximum of 125K bidirectional flows on Forwarding Processor (FP)5 platform.
• A maximum of 250K bidirectional flows on FP10, FP20, and FP40 platform.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


11
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

If this limit is exceeded or there is a flow memory constraint, new flows will be classified as Unknown.
In Cisco IOS XE Release 3.2, the following flows are supported:
• A maximum of 500K bidirectional flows on FP5/1Rack Units (RU) platform.
• A maximum of 1M bidirectional flows on 10/10/40 platform.
If this limit is exceeded or there is a flow memory constraint, new flows will be classified as Unknown.
In Cisco IOS XE Release 3.3S, the number of bidirectional flows and the platforms supported are the same
as in Cisco IOS XE Release 3.2. A new method to reduce the number of active flows based on quick aging
is introduced.
Quick aging occurs under the following conditions:
• TCP flows that do not reach the established state.
• UDP flows with fewer than five packets that are not classified within the specified quick aging
timeout.
• Flows that are not classified within the specified quick aging timeout.
The quick aging method reduces the number of flows required for NBAR operation up to three times or
more depending on the network behavior.
In Cisco IOS XE Release 3.4S, the following flows are supported:
• A default flow capacity of 500K bidirectional flows on ESP5/1Rack Units (RU) platform.
• A default flow capacity of 1M bidirectional flows on 10/20/40 platform.

Flow Table Sizing


The ip nbar resources flow max-sessions command provides the option to override the default maximum
flow sessions to be allowed in a flow table. The performance of the router with the NBAR feature depends
on the memory size and the number of flows configured for the flow table. The flexibility to change the
number of flows helps in increasing the performance of the system depending on the capacity of the router.
To verify the NBAR flow statistics, use the show ip nbar resources flow command.
The following table provides the details of the platform and the flow size limits.

Table 3 Platform and Flow Size Details

Platform Maximum number of flows Default number of flows Memory upper limit [MB] (70% of
platform memory)
ESP5/1RU 750,000 500,000 179

ESP10 1,650,000 1,000,000 358

ESP20 3,500,000 1,000,000 716

ESP40 3,500,000 1,000,000 716

The recommended number of flow configuration on all the platforms is 50,000 flows.

Note The flow size cannot be increased if the overall system memory usage is already 90%.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


12
NBAR-Supported Protocols
Flow Table Sizing

NBAR-Supported Protocols
The match protocol(NBAR) command is used to classify traffic on the basis of protocols supported by
NBAR. NBAR can classify the following types of protocols:
• Non-UDP and non-TCP IP protocols
• TCP and UDP protocols that use statically assigned port numbers
• TCP and UDP protocols that use statically assigned port numbers, but still require stateful inspection.
• TCP and UDP protocols that dynamically assign port numbers and therefore require stateful inspection
The table below lists the NBAR-supported protocols available in Cisco IOS XE software, sorted by
category. The table also provides information about the protocol type, the well-known port numbers (if
applicable), the syntax for entering the protocol in NBAR, and the Cisco IOS XE software release in which
the protocol was initially supported. This table is updated when a protocol becomes supported in Cisco IOS
XE software.

Table 4 NBAR-Supported Protocols

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Enterprise Novadigm TCP/ UDP 3460-346 Novadigm novadigm Cisco IOS XE
Application 5 Enterprise Release 2.3
s Desktop
Manager (EDM)

Citrix (ICA, TCP/ UDP TCP: Citrix ICA citrix Cisco IOS XE
CGP, IMA, 1494, traffic Release 2.5
citrix app
SB) 2512,
2513, citrix ica-tag
2598
UDP:
1604

Oracle TCP 1525 Oracle ora-srv Cisco IOS XE


Release 2.3

PCAnywhere TCP/UDP TCP: Symantic pcanywhere Cisco IOS XE


5631, PCAnywhere Release 2.3
65301
UDP: 22,
5632

SAP TCP 3300-331 SAP Systems sap Cisco IOS XE


5 Applications Release 2.5
3200-321 Product in Data
5 processing
3600-361
5

Exchange 1 TCP 135 MS-RPC for exchange Cisco IOS XE


Exchange Release 2.5

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


13
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Routing BGP TCP/ UDP 179 Border Gateway bgp Cisco IOS XE
Protocols Protocol Release 2.3

EGP IP 8 Exterior egp Cisco IOS XE


Gateway Release 2.3
Protocol

EIGRP IP 88 Enhanced eigrp Cisco IOS XE


Interior Gateway Release 2.3
Routing Protocol

OSPF IP 89 Open Shortest ospf Cisco IOS XE


Path First Release 2.3

RIP UDP 520 Routing rip Cisco IOS XE


Information Release 2.3
Protocol

STUN-NAT TCP/UDP 3478 Session stun-nat Cisco IOS XE


Traversal Release 3.5S
Utilities for
NAT (STUN)

Database SQL-exec TCP/UDP 9088 SQL Exec sqlexec Cisco IOS XE


Release 2.3

SQL*NET TCP/ UDP 1521 SQL*NET for sqlnet Cisco IOS XE


Oracle Release 2.5

Financial FIX TCP Heuristic Financial fix Cisco IOS XE


Information Release 2.5
Exchange

Security GRE IP 47 Generic Routing gre Cisco IOS XE


and Encapsulation Release 2.3
Tunneling
IPINIP IP 4 IP in IP ipinip Cisco IOS XE
Release 2.3

IPsec IP/TCP 50, 51 IP Encapsulating ipsec Cisco IOS XE


TCP- Security Release 2.3 Cisco
Heuristic Payload/ IOS XE Release
Authentication- 3.3S
Header

L2TP UDP 1701 L2F/L2TP l2tp Cisco IOS XE


Tunnel Release 2.3

1 For Cisco IOS XE Release 2.5, Cisco supports Exchange 03 and 07 only. MS client access is recognized, but web client access is not recognized.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


14
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
PPTP TCP 1723 Point-to-Point pptp Cisco IOS XE
Tunneling Release 2.3
Protocol for
VPN

SFTP TCP 990 Secure FTP secure-ftp Cisco IOS XE


Release 2.3

SHTTP TCP 443 Secure HTTP secure-http Cisco IOS XE


Release 2.1

SIMAP TCP/ UDP 585, 993 Secure Internet secure-imap Cisco IOS XE
Message Access Release 2.3
Protocol

SIRC TCP/ UDP 994 Secure Internet secure-irc Cisco IOS XE


Relay Chat Release 2.3

SLDAP TCP/ UDP 636 Secure secure-ldap Cisco IOS XE


Lightweight Release 2.3
Directory
Access Protocol

SNNTP TCP/ UDP 563 Secure Network secure-nntp Cisco IOS XE


News Transfer Release 2.3
Protocol

SOCKS TCP 1080 Firewall socks Cisco IOS XE


Security Release 2.3
Protocol

SPOP3 TCP/ UDP 995 Secure POP3 secure-pop3 Cisco IOS XE


Release 2.3

SSH TCP 22 Secured Shell ssh Cisco IOS XE


Release 2.3

STELNET TCP 992 Secure Telnet secure-telnet Cisco IOS XE


Release 2.3

Network ICMP IP 1 Internet Control icmp Cisco IOS XE


Manageme Message Release 2.3
nt Protocol

SNMP TCP/ UDP 161, 162 Simple Network snmp Cisco IOS XE
Management Release 2.3
Protocol

Syslog UDP 514 System Logging syslog Cisco IOS XE


Utility Release 2.3

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


15
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Network Gmail Gmail and gmail | chat Cisco IOS XE
Mail Gmail-chat Release 3.5S
Services traffic

IMAP TCP/ UDP 143, 220 Internet Message imap Cisco IOS XE
Access Protocol Release 2.3

Notes TCP/ UDP 1352 Lotus Notes notes Cisco IOS XE


Release 2.3
Cisco IOS XE
Release 2.3

POP3 TCP/ UDP 110, Post Office pop3 Cisco IOS XE


Heuristic Protocol Release 2.1

SMTP TCP 25, Simple Mail smtp Cisco IOS XE


Heuristic Transfer Release 2.3
Protocol

Directory DHCP/ UDP 67, 68 Dynamic Host dhcp Cisco IOS XE


BOOTP Configuration Release 2.1
Protocol/
Bootstrap
Protocol

DNS TCP/ UDP 53 Domain Name dns Cisco IOS XE


System Release 2.1

Finger TCP 79 Finger User finger Cisco IOS XE


Information Release 2.3
Protocol

Kerberos TCP/ UDP 88, 749 Kerberos kerberos Cisco IOS XE


Network Release 2.3
Authentication
Service

LDAP TCP/ UDP 389 Lightweight ldap Cisco IOS XE


Directory Release 2.3
Access Protocol

Internet FTP TCP 21, 21000, File Transfer ftp Cisco IOS XE
Heuristic Protocol Release 2.3

Gopher TCP/ UDP 70 Internet Gopher gopher Cisco IOS XE


Protocol Release 2.3

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


16
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
HTTP TCP 80, Hypertext http Cisco IOS XE
Heuristic Transfer Release 2.1
Protocol Cisco IOS XE
Release 2.5

IRC TCP/ UDP 194 Internet Relay irc Cisco IOS XE


Chat Release 2.3

NNTP TCP/ UDP 119, Network News nntp Cisco IOS XE


Heuristic Transfer Release 2.3
Protocol

Telnet TCP 23 Telnet Protocol telnet Cisco IOS XE


Release 2.1

TFTP UDP 69 Trivial File tftp Cisco IOS XE


Transfer Release 2.5
Protocol

Signaling AppleQTC TCP/UDP 458 Apple Quick appleqtc Cisco IOS XE


Time Release 2.3

Chargen TCP/UDP 19 Character chargen Cisco IOS XE


Generator Release 2.3

ClearCase TCP/UDP 371 Clear Case clearcase Cisco IOS XE


Protocol Release 2.3
Software
Informer

Corba TCP/UDP 683, 684 Corba Internet corba-iiop Cisco IOS XE


Inter-Orb Release 2.3
Protocol (IIOP)

Daytime TCP/UDP 13 Daytime daytime Cisco IOS XE


Protocol Release 2.3

Doom TCP/UDP 666 Doom doom Cisco IOS XE


Release 2.3

Echo TCP/UDP 7 Echo Protocol echo Cisco IOS XE


Release 2.3

IBM DB2 TCP/UDP 523 IBM ibm-db2 Cisco IOS XE


Information Release 2.3
Management

IPX TCP/UDP 213 Internet Packet server-ipx Cisco IOS XE


Exchange Release 2.3

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


17
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
ISAKMP TCP/UDP 500 Internet Security isakmp Cisco IOS XE
Association and Release 2.3
Key
Management
Protocol

ISI-GL TCP/UDP 55 Interoperable isi-gl Cisco IOS XE


Self Installation Release 2.3
Graphics
Language

KLogin TCP 543 KLogin klogin Cisco IOS XE


Release 2.3

KShell TCP 544 KShell kshell Cisco IOS XE


Release 2.3

LockD TCP/UDP 4045 LockD lockd Cisco IOS XE


Release 2.3

MSSQL TCP 1433 Microsoft mssql Cisco IOS XE


Structured Release 2.3
Query Language
(SQL) Server

RSVP IP/ UDP IP: 46 Resource rsvp Cisco IOS XE


UDP: Reservation Release 2.3
1698, Protocol
1699

RPC NFS TCP/UDP 2049 Network File nfs Cisco IOS XE


System Release 2.3

Sunrpc TCP/ UDP 111, Sun Remote sunrpc Cisco IOS XE


Heuristic Procedure Call Release 2.5

Non-IP and NetBIOS TCP/ UDP TCP-137, NetBIOS over IP netbios Cisco IOS XE
LAN/ 138 (MS Windows) Release 2.3
Legacy UDP-137,
139

Nickname TCP/UDP 43 Nickname nicname Cisco IOS XE


Release 2.3

NPP TCP/UDP 92 Network npp Cisco IOS XE


Payment Release 2.3
Protocol

Voice H.323 TCP Heuristic H.323 h323 Cisco IOS XE


Teleconferencin Release 2.1
g Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


18
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
SIP TCP/UPD 5060 Session sip Cisco IOS XE
Initiation Release 2.1
Protocol

Skype2 TCP/UDP TCP-80, VoIP Client skype Cisco IOS XE


Heuristic Software Release 2.1
Cisco IOS XE
Release 2.5

RTP TCP/ UDP Heuristic Real-Time rtp Cisco IOS XE


Transport Release 2.5
Protocol Payload
Classification

Desktop CUSeeMe TCP/UDP TCP: CU-SeeMe cuseeme Cisco IOS XE


Media 7648, Desktop Video Release 2.3
7649 Conference
UDP:
24032

Streaming RTSP TCP 554, 8554 Real-Time rtsp Cisco IOS XE


Media Streaming Release 2.3
Protocol

Peer-to- BitTorrent3 TCP Heuristic, BitTorrent File bittorrent Cisco IOS XE


Peer File- or Transfer Traffic Release 2.5
Sharing 6881-688
Application 9
s
DirectConne TCP 80, Direct Connect directconnect Cisco IOS XE
ct 411-413, File Transfer Release 2.5
Heuristic Traffic

eDonkey/ TCP 80, 4662, eDonkey File- edonkey Cisco IOS XE


eMule4 Heuristic Sharing Release 2.5
Application
eMule traffic is
also classified as
eDonkey traffic
in NBAR.

eDonkey- TCP 80, 4662 Classifies some edonkey-static Cisco IOS XE


static of the edonkey Release 3.3S
traffic based on
WKP only.

2 Cisco software supports Skype 1.0, 2.5, 3.0, and 4.0. In Skype 4.0, the classification may not be complete.
3 BitTorrent classifies only unencrypted traffic.
4 eDonkey classifies only unencrypted traffic.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


19
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Encrypted TCP Heuristic P2P file sharing encrypted-emule Cisco IOS XE
Emule encrypted Release 3.4S
protocol

FastTrack N/A Heuristic FastTrack traffic fasttrack Cisco IOS XE


Release 2.5

FastTrack N/A Heuristic FastTrack Static fasttrack-static Cisco IOS XE


Static Release 3.3S

Gnutella TCP/UDP Heuristic, Gnutella traffic gnutella Cisco IOS XE


or Release 2.5
TCP-80,
6346-634
9,
6355,5634
UDP-634
6-6348

Gnutella TCP/UDP Heuristic, Gnutella networking- Cisco IOS XE


Networking or Networking gnutella Release 3.4S
UDP-634 traffic
6-6348

KaZaA TCP/ UPD Heuristic KaZaA kazaa2 Cisco IOS XE


Release 2.5
Note that earlier
KaZaA version 1
traffic can be
classified using
FastTrack.

WinMX TCP 6699 WinMX Peer-to- winmx Cisco IOS XE


Peer File- Release 2.5
Sharing

Voice and cisco-ip- Cisco Video cisco-ip-camera Cisco IOS XE


Video camera Surveillance Release 3.5S
Camera

gtalk-video Google Talk gtalk-video Cisco IOS XE


Video Call Release 3.5S

gtalk-voip Google Talk gtalk-voip Cisco IOS XE


Voice Release 3.5S

livemeeting Microsoft Office livemeeting Cisco IOS XE


Live Meeting Release 3.5S

megavideo Video Hosting megavideo Cisco IOS XE


Service Release 3.5S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


20
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
netflix Netflix Video netflix Cisco IOS XE
Release 3.5S

rtmpe Real Time rtmpe Cisco IOS XE


Messaging Release 3.5S
Protocol

viber Viber VoIP is an viber Cisco IOS XE


iPhone voice Release 3.5S
communication
application

Miscellaneo 3Com AMP3 TCP/UDP 629 3Com AMP3 3com-amp3 Cisco IOS XE
us Release 3.1S

3Com TCP/UDP 106 3Com TSMUX 3com-tsmux Cisco IOS XE


TSMUX Release 3.1S

3PC TCP/UDP 34 Third Party 3pc Cisco IOS XE


Connect Release 3.1S
Protocol

914 C/G TCP/UDP 211 Texas 914c/g Cisco IOS XE


Instruments 914 Release 3.1S
Terminal

9PFS TCP/UDP 564 Plan 9 file 9pfs Cisco IOS XE


service Release 3.1S

ACAP TCP/UDP 674 ACAP acap Cisco IOS XE


Release 3.1S

ACAS TCP/UDP 62 ACA Services acas Cisco IOS XE


Release 3.1S

AccessBuild TCP/UDP 888 Access Builder accessbuilder Cisco IOS XE


er Release 3.1S

AccessNetw TCP/UDP 699 Access Network accessnetwork Cisco IOS XE


ork Release 3.1S

ACP TCP/UDP 599 Aeolon Core acp Cisco IOS XE


Protocol Release 3.1S

ACR-NEMA TCP/UDP 104 ACR-NEMA acr-nema Cisco IOS XE


Digital Img Release 3.1S

AED-512 TCP/UDP 149 AED 512 aed-512 Cisco IOS XE


Emulation Release 3.1S
service

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


21
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Agentx TCP/UDP 705 AgentX agentx Cisco IOS XE
Release 3.1S

Alpes TCP/UDP 463 Alpes alpes Cisco IOS XE


Release 3.1S

AMInet TCP/UDP 2639 AMInet aminet Cisco IOS XE


Release 3.1S

AN TCP/UDP 107 Active Networks an Cisco IOS XE


Release 3.1S

ANET TCP/UDP 212 ATEXSSTR anet Cisco IOS XE


Release 3.1S

ANSANotify TCP/UDP 116 ANSA REX ansanotify Cisco IOS XE


Notify Release 3.1S

ANSATrader TCP/UDP 124 ansatrader ansatrader Cisco IOS XE


Release 3.1S

AODV TCP/UDP 654 AODV aodv Cisco IOS XE


Release 3.1S

Apertus-LDP TCP/UDP 539 Apertus Tech apertus-ldp Cisco IOS XE


Load Release 3.1S
Distribution

AppleQTC TCP/UDP 458 apple quick time appleqtc Cisco IOS XE


Release 3.1S

AppleQTSR TCP/UDP 545 appleqtcsrvr appleqtcsrvr Cisco IOS XE


VR Release 3.1S

Applix TCP/UDP 999 Applix ac applix Cisco IOS XE


Release 3.1S

ARCISDMS TCP/UDP 262 arcisdms arcisdms Cisco IOS XE


Release 3.1S

ARGUS TCP/UDP 13 ARGUS argus Cisco IOS XE


Release 3.1S

Ariel2 TCP/UDP 419 Ariel1 ariel1 Cisco IOS XE


Release 3.1S

Ariel2 TCP/UDP 421 Ariel2 ariel2 Cisco IOS XE


Release 3.1S

Ariel3 TCP/UDP 422 Ariel3 ariel3 Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


22
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
ARIS TCP/UDP 104 ARIS aris Cisco IOS XE
Release 3.1S

ARNS TCP/UDP 384 A remote arns Cisco IOS XE


network server Release 3.1S
system

ASA TCP/UDP 386 ASA Message asa Cisco IOS XE


router object def Release 3.1S

ASA-Appl- TCP/UDP asa-appl-proto asa-appl-proto Cisco IOS XE


502
Proto Release 3.1S

ASIPRegistr TCP/UDP 687 asipregistry asipregistry Cisco IOS XE


y Release 3.1S

ASIP- TCP/UDP 311 asip-webadmin Cisco IOS XE


AppleShare IP
Webadmin Release 3.1S
WebAdmin

AS- TCP/UDP 449 AS Server as-servermap Cisco IOS XE


Servermap Mapper Release 3.1S

AT-3 TCP/UDP 203 AppleTalk at-3 Cisco IOS XE


Unused Release 3.1S

AT-5 TCP/UDP 205 AppleTalk at-5 Cisco IOS XE


Unused Release 3.1S

AT-7 TCP/UDP AppleTalk at-7 Cisco IOS XE


207
Unused Release 3.1S

TCP/UDP 208 AppleTalk at-8 Cisco IOS XE


AT-8
Unused Release 3.1S

AT-Echo TCP/UDP 204 AppleTalk Echo at-echo Cisco IOS XE


Release 3.1S

TCP/UDP 202 at-nbp Cisco IOS XE


AT-NBP AppleTalk
Release 3.1S
Name Binding

AT-RTMP TCP/UDP 201 AppleTalk at-rtmp Cisco IOS XE


Routing Release 3.1S
Maintenance

AT-ZIS TCP/UDP 206 AppleTalk Zone at-zis Cisco IOS XE


Information Release 3.1S

TCP/UDP Unisys Audit audit Cisco IOS XE


Audit 182
SITP Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


23
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Auditd TCP/UDP 48 auditd Cisco IOS XE
Digital Audit
Release 3.1S
daemon

Aurora- TCP/UDP 364 Aurora CMGR aurora-cmgr Cisco IOS XE


CMGR Release 3.1S

AURP TCP/UDP 387 Appletalk aurp Cisco IOS XE


Update-Based Release 3.1S
Routing Protocol

AUTH TCP/UDP 113 auth Cisco IOS XE


Authentication
Release 3.1S
Service

Avian TCP/UDP 486 avian Cisco IOS XE


avian
Release 3.1S

TCP/UDP 93 AX.25 Frames ax25 Cisco IOS XE


AX25
Release 3.1S

Banyan-RPC TCP/UDP 567 Banyan-RPC banyan-rpc Cisco IOS XE


Release 3.1S

Banyan-VIP TCP/UDP 573 Banyan-VIP banyan-vip Cisco IOS XE


Release 3.1S

BBNRCCM TCP/UDP 10 BBN RCC bbnrccmon Cisco IOS XE


ON Monitoring Release 3.1S

BDP TCP/UDP 581 Bundle bdp Cisco IOS XE


Discovery Release 3.1S
protocol

BFTP TCP/UDP 152 Background File bftp Cisco IOS XE


Transfer Release 3.1S
Program

BGMP TCP/UDP 264 Border Gateway bgmp Cisco IOS XE


Multicast Release 3.1S
Protocol

BGP TCP/UDP 179 Border Gateway bgp Cisco IOS XE


Protocol Release 3.1S

BGS-NSI TCP/UDP 482 BGS-NSI bgs-nsi Cisco IOS XE


Release 3.1S

Bhevent TCP/UDP 357 Bhevent bhevent Cisco IOS XE


Release 3.1S

BHFHS TCP/UDP 248 BHFHS bhfhs Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


24
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
BHMDS TCP/UDP 310 BHMDS bhmds Cisco IOS XE
Release 3.1S

BL-IDM TCP/UDP 142 Britton Lee IDM bl-idm Cisco IOS XE


Release 3.1S

BMPP TCP/UDP 632 BMPP bmpp Cisco IOS XE


Release 3.1S

BNA TCP/UDP 49 BNA bna Cisco IOS XE


Release 3.1S

Bnet TCP/UDP 415 BNET bnet Cisco IOS XE


Release 3.1S

Borland-DSJ TCP/UDP 707 Borland-dsj borland-dsj Cisco IOS XE


Release 3.1S

BR-SAT- TCP/UDP 76 Backroom br-sat-mon Cisco IOS XE


Mon SATNET Release 3.1S
Monitoring

Cableport- TCP/UDP 282 Cable Port A/X cableport-ax Cisco IOS XE


AX Release 3.1S

Cab-Protocol TCP/UDP 595 CAB Protocol cab-protocol Cisco IOS XE


Release 3.1S

Cadlock TCP/UDP 770 Cadlock cadlock Cisco IOS XE


Release 3.1S

CAIlic TCP/UDP 216 Computer CAIlic Cisco IOS XE


Associates Intl Release 3.1S
License Server

CBT TCP/UDP 7 CBT cbt Cisco IOS XE


Release 3.1S

CDC TCP/UDP 223 Certificate cdc Cisco IOS XE


Distribution Release 3.1S
Center

CFDPTKT TCP/UDP 120 cfdptkt cfdptkt Cisco IOS XE


Release 3.1S

CFTP TCP/UDP 62 CFTP cftp Cisco IOS XE


Release 3.1S

CHAOS TCP/UDP 16 Chaos chaos Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


25
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
CharGen TCP/UDP 19 Character chargen Cisco IOS XE
Generator Release 3.1S

Cisco IOS XE Release ChShell TCP/UDP 562 ch chshell


3.1S cm
d

Cimplex TCP/UDP 673 Cimplex cimplex Cisco IOS XE


Release 3.1S

Cisco-FNA TCP/UDP 130 Cisco FNATIVE cisco-fna Cisco IOS XE


Release 3.1S

Cisco-SYS TCP/UDP 132 Cisco cisco-sys Cisco IOS XE


SYSMAINT Release 3.1S

Cisco-TDP TCP/UDP 711 Cisco TDP cisco-tdp Cisco IOS XE


Release 3.1S

Cisco-TNA TCP/UDP 131 Cisco TNATIVE cisco-tna Cisco IOS XE


Release 3.1S

Clearcase TCP/UDP 371 Clearcase clearcase Cisco IOS XE


Release 3.1S

Cloanto- TCP/UDP 356 Cloanto-net-1 cloanto-net-1 Cisco IOS XE


Net-1 Release 3.1S

CMIP-Agent TCP/UDP 164 CMIP/TCP cmip-agent Cisco IOS XE


Agent Release 3.1S

CMIP-Man TCP/UDP 163 CMIP/TCP cmip-man Cisco IOS XE


Manager Release 3.1S

Coauthor TCP/UDP 1529 Oracle coauthor Cisco IOS XE


Release 3.1S

Codaauth2 TCP/UDP 370 Codaauth2 codaauth2 Cisco IOS XE


Release 3.1S

Collaborator TCP/UDP 622 Collaborator collaborator Cisco IOS XE


Release 3.1S

Commerce TCP/UDP 542 Commerce commerce Cisco IOS XE


Release 3.1S

Compaq- TCP/UDP 110 Compaq Peer compaq-peer Cisco IOS XE


Peer Protocol Release 3.1S

Compressnet TCP/UDP 2 Management compressnet Cisco IOS XE


Utility Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


26
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
COMSCM TCP/UDP 437 COMSCM comscm Cisco IOS XE
Release 3.1S

CON TCP/UDP 759 Con con Cisco IOS XE


Release 3.1S

Conference TCP/UDP 531 Chat conference Cisco IOS XE


Release 3.1S

Connendp TCP/UDP 693 Almanid connendp Cisco IOS XE


Connection Release 3.1S
Endpoint

ContentServ TCP/UDP 3365 Contentserver contentserver Cisco IOS XE


er Release 3.1S

CoreRJD TCP/UDP 284 Corerjd corerjd Cisco IOS XE


Release 3.1S

Courier TCP/UDP 530 RPC courier Cisco IOS XE


Release 3.1S

Covia TCP/UDP 64 Communications covia Cisco IOS XE


Integrator Release 3.1S

CPHB TCP/UDP 73 Computer cphb Cisco IOS XE


Protocol Heart Release 3.1S
Beat

CPNX TCP/UDP 72 Computer cpnx Cisco IOS XE


Protocol Release 3.1S
Network
Executive

Creativepart TCP/UDP 455 Creativepartnr creativepartnr Cisco IOS XE


nr Release 3.1S

Creativeserv TCP/UDP 453 Creativeserver creativeserver Cisco IOS XE


er Release 3.1S

CRS TCP/UDP 507 CRS crs Cisco IOS XE


Release 3.1S

CRTP TCP/UDP 126 Combat Radio crtp Cisco IOS XE


Transport Release 3.1S
Protocol

CRUDP TCP/UDP 127 Combat Radio crudp Cisco IOS XE


User Datagram Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


27
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
CryptoAdmi TCP/UDP 624 Crypto Admin cryptoadmin Cisco IOS XE
n Release 3.1S

CSI-SGWP TCP/UDP 348 Cabletron csi-sgwp Cisco IOS XE


Management Release 3.1S
Protocol

CSNET-NS TCP/UDP 105 Mailbox Name csnet-ns Cisco IOS XE


Nameserver Release 3.1S

CTF TCP/UDP 84 Common Trace ctf Cisco IOS XE


Facility Release 3.1S

CUSTIX TCP/UDP 528 Customer custix Cisco IOS XE


Ixchange Release 3.1S

CVC_Hostd TCP/UDP 442 CVC_Hostd cvc_hostd Cisco IOS XE


Release 3.1S

Cybercash TCP/UDP 551 Cybercash cybercash Cisco IOS XE


Release 3.1S

Cycleserv TCP/UDP 763 Cycleserv cycleserv Cisco IOS XE


Release 3.1S

Cycleserv2 TCP/UDP 772 Cycleserv2 cycleserv2 Cisco IOS XE


Release 3.1S

Dantz TCP/UDP 497 Dantz dantz Cisco IOS XE


Release 3.1S

DASP TCP/UDP 439 Dasp dasp Cisco IOS XE


Release 3.1S

DataSurfSR TCP/UDP 461 DataRamp Svr datasurfsrv Cisco IOS XE


V Release 3.1S

DataSurfSR TCP/UDP 462 DataRamp Svr datasurfsrvsec Cisco IOS XE


VSec svs Release 3.1S

Datex-ASN TCP/UDP 355 datex-asn datex-asn Cisco IOS XE


Release 3.1S

Daytime TCP/UDP 13 Daytime (RFC daytime Cisco IOS XE


867) Release 3.1S

Dbase TCP/UDP 217 dBASE Unix dbase Cisco IOS XE


Release 3.1S

DCCP TCP/UDP 33 Datagram dccp Cisco IOS XE


Congestion Release 3.1S
Control Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


28
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
DCN-Meas TCP/UDP 19 DCN dcn-meas Cisco IOS XE
Measurement Release 3.1S
Subsystems

DCP TCP/UDP 93 Device Control dcp Cisco IOS XE


Protocol Release 3.1S

DCTP TCP/UDP 675 DCTP dctp Cisco IOS XE


Release 3.1S

DDM-DFM TCP/UDP 447 DDM ddm-dfm Cisco IOS XE


Distributed File Release 3.1S
management

DDM-RDB TCP/UDP 446 DDM-Remote ddm-rdb Cisco IOS XE


Relational Release 3.1S
Database Access

DDM-SSL TCP/UDP 448 DDM-Remote ddm-ssl Cisco IOS XE


DB Access Release 3.1S
Using Secure
Sockets

DDP TCP/UDP 37 Datagram ddp Cisco IOS XE


Delivery Release 3.1S
Protocol

DDX TCP/UDP 116 D-II Data ddx Cisco IOS XE


Exchange Release 3.1S

DEC_DLM TCP/UDP 625 dec_dlm dec_dlm Cisco IOS XE


Release 3.1S

Decap TCP/UDP 403 Decap decap Cisco IOS XE


Release 3.1S

Decauth TCP/UDP 316 Decauth decauth Cisco IOS XE


Release 3.1S

Decbsrv TCP/UDP 579 Decbsrv decbsrv Cisco IOS XE


Release 3.1S

Decladebug TCP/UDP 410 DECLadebug decladebug Cisco IOS XE


Remote Debug Release 3.1S
Protocol

Decvms- TCP/UDP 441 Decvms-sysmgt decvms-sysmgt Cisco IOS XE


sysmgt Release 3.1S

DEI-ICDA TCP/UDP 618 dei-icda dei-icda Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


29
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
DEOS TCP/UDP 76 Distributed deos Cisco IOS XE
External Object Release 3.1S
Store

Device TCP/UDP 801 Device device Cisco IOS XE


Release 3.1S

DGP TCP/UDP 86 Dissimilar dgp Cisco IOS XE


Gateway Release 3.1S
Protocol

DHCP- TCP/UDP 647 DHCP Failover dhcp-failover Cisco IOS XE


Failover Release 3.1S

DHCP- TCP/UDP 847 dhcp-failover2 dhcp-failover2 Cisco IOS XE


Failover2 Release 3.1S

DHCPv6- TCP/UDP 546 DHCPv6 Client dhcpv6-client Cisco IOS XE


client Release 3.1S

DHCPv6- TCP/UDP 547 DHCPv6 Server dhcpv6-server Cisco IOS XE


server Release 3.1S

Dicom TCP/UDP Heuristic Digital Imaging dicom Cisco IOS XE


and Release 3.3S
Communications
in Medicine

Digital-VRC TCP/UDP 466 digital-vrc digital-vrc Cisco IOS XE


Release 3.1S

Directplay TCP/UDP 2234 DirectPlay directplay Cisco IOS XE


Release 3.1S

Directplay8 TCP/UDP 6073 DirectPlay8 directplay8 Cisco IOS XE


Release 3.1S

Directv- TCP/UDP 3337 Direct TV Data directv-catlg Cisco IOS XE


Catlg Catalog Release 3.1S

Directv-Soft TCP/UDP 3335 Direct TV directv-soft Cisco IOS XE


Software Release 3.1S
Updates

Directv-Tick TCP/UDP 3336 Direct TV directv-tick Cisco IOS XE


Tickers Release 3.1S

Directv-Web TCP/UDP 3334 Direct TV directv-web Cisco IOS XE


Webcasting Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


30
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Discard TCP/UDP 9 Discard discard Cisco IOS XE
Release 3.1S

Disclose TCP/UDP 667 campaign disclose Cisco IOS XE


contribution Release 3.1S
disclosures

Dixie TCP/UDP 96 DIXIE Protocol dixie Cisco IOS XE


Specification Release 3.1S

DLS TCP/UDP Directory dls Cisco IOS XE


Location Service Release 3.1S

DLS-Mon TCP/UDP 198 Directory dls-mon Cisco IOS XE


Location Service Release 3.1S
Monitor

DN6-NLM- TCP/UDP 195 DNSIX Network dn6-nlm-aud Cisco IOS XE


AUD Level Module Release 3.1S
Audit

DNA-CML TCP/UDP 436 DNA-CML dna-cml Cisco IOS XE


Release 3.1S

DNS TCP/UDP 53 Domain Name dns Cisco IOS XE


Server lookup Release 3.1S

DNSIX TCP/UDP 90 DNSIX Security dnsix Cisco IOS XE


Attribute Token Release 3.1S
Map

DOOM TCP/UDP 666 Doom Id doom Cisco IOS XE


Software Release 3.1S

DPSI TCP/UDP 315 DPSI dpsi Cisco IOS XE


Release 3.1S

DSFGW TCP/UDP 438 DSFGW dsfgw Cisco IOS XE


Release 3.1S

DSP TCP/UDP 33 Display Support dsp Cisco IOS XE


Protocol Release 3.1S

DSP3270 TCP/UDP 246 Display Systems dsp3270 Cisco IOS XE


Protocol Release 3.1S

DSR TCP/UDP 48 Dynamic Source dsr Cisco IOS XE


Routing Protocol Release 3.1S

DTAG-DTE- TCP/UDP 352 DTAG dtag-ste-sb Cisco IOS XE


SB Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


31
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Cisco IOS XE Release DTK TCP/UDP 365 DT dtk
3.1S K

DWR TCP/UDP 644 DWR dwr Cisco IOS XE


Release 3.1S

Echo TCP/UDP 7 Echo echo Cisco IOS XE


Release 3.1S

EGP TCP/UDP 8 Exterior egp Cisco IOS XE


Gateway Release 3.1S
Protocol

EIGRP TCP/UDP 88 Enhanced eigrp Cisco IOS XE


Interior Gateway Release 3.1S
Routing Protocol

ELCSD TCP/UDP 704 errlog copy/ elcsd Cisco IOS XE


server daemon Release 3.1S

EMBL-NDT TCP/UDP 394 EMBL Nucleic embl-ndt Cisco IOS XE


Data Transfer Release 3.1S

EMCON TCP/UDP 14 EMCON emcon Cisco IOS XE


Release 3.1S

EMFIS- TCP/UDP 141 EMFIS Control emfis-cntl Cisco IOS XE


CNTLl Service Release 3.1S

EMFIS-Data TCP/UDP 140 EMFIS Data emfis-data Cisco IOS XE


Service Release 3.1S

Encap TCP/UDP 98 Encapsulation encap Cisco IOS XE


Header Release 3.1S

Encrypted TCP Heuristic Encrypted encrypted- Cisco IOS XE


BitTorrent BitTorrent bittorrent Release 3.4S

Entomb TCP/UDP 775 Entomb entomb Cisco IOS XE


Release 3.1S

Entrust- TCP/UDP 680 Entrust-aaas entrust-aaas Cisco IOS XE


AAAS Release 3.1S

Entrust- TCP/UDP 681 Entrust-aams entrust-aams Cisco IOS XE


AAMS Release 3.1S

Entrust-ASH TCP/UDP 710 Entrust entrust-ash Cisco IOS XE


Administration Release 3.1S
Service Handler

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


32
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Entrust- TCP/UDP 709 Entrust Key entrust-kmsh Cisco IOS XE
KMSH Management Release 3.1S
Service Handler

Entrust-SPS TCP/UDP 640 entrust-sps entrust-sps Cisco IOS XE


Release 3.1S

ERPC TCP/UDP 121 Encore erpc Cisco IOS XE


Expedited Release 3.1S
Remote Pro.Call

ESCP-IP TCP/UDP 621 escp-ip escp-ip Cisco IOS XE


Release 3.1S

ESRO-GEN TCP/UDP 259 Efficient Short esro-gen Cisco IOS XE


Remote Release 3.1S
Operations

ESRP- TCP/UDP 642 ESRO-EMSDP esro-emsdp Cisco IOS XE


EMSDP V1.3 Release 3.1S

EtherIP TCP/UDP 97 Ethernet-within- etherip Cisco IOS XE


IP Encapsulation Release 3.1S

Eudora-Set TCP/UDP 592 Eudora Set eudora-set Cisco IOS XE


Release 3.1S

EXEC TCP/UDP 512 remote process exec Cisco IOS XE


execution Release 3.1S

Fatserv TCP/UDP 347 Fatmen Server fatserv Cisco IOS XE


Release 3.1S

FC TCP/UDP 133 Fibre Channel fc Cisco IOS XE


Release 3.1S

FCP TCP/UDP 510 FirstClass fcp Cisco IOS XE


Protocol Release 3.1S

Finger TCP/UDP 79 Finger finger Cisco IOS XE


Release 3.1S

FIRE TCP/UDP 125 FIRE fire Cisco IOS XE


Release 3.1S

FlexLM TCP/UDP 744 Flexible License flexlm Cisco IOS XE


Manager Release 3.1S

FLN-SPX TCP/UDP 221 Berkeley rlogind fln-spx Cisco IOS XE


with SPX auth Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


33
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
FTP-Agent TCP/UDP 574 FTP Software ftp-agent Cisco IOS XE
Agent System Release 3.1S

FTP-Data TCP/UDP 20 FTP-Data ftp-data Cisco IOS XE


Release 3.1S

FTPS-Data TCP/UDP 989 ftp protocol, ftps-data Cisco IOS XE


data, over Release 3.1S
TLS/SSL

Fujitsu-Dev TCP/UDP 747 Fujitsu Device fujitsu-dev Cisco IOS XE


Control Release 3.1S

GACP TCP/UDP 190 Gateway Access gacp Cisco IOS XE


Control Protocol Release 3.1S

GDOMAP TCP/UDP 538 gdomap gdomap Cisco IOS XE


Release 3.1S

Genie TCP/UDP 402 Genie Protocol genie Cisco IOS XE


Release 3.1S

Genrad- TCP/UDP 176 Genrad-mux genrad-mux Cisco IOS XE


MUX Release 3.1S

GGF-NCP TCP/UDP 678 GNU Generation ggf-ncp Cisco IOS XE


Foundation NCP Release 3.1S

GGP TCP/UDP 3 Gateway-to- ggp Cisco IOS XE


Gateway Release 3.1S

Ginad TCP/UDP 634 ginad ginad Cisco IOS XE


Release 3.1S

GMTP TCP/UDP 100 GMTP gmtp Cisco IOS XE


Release 3.1S

Go-Login TCP/UDP 491 Go-login go-login Cisco IOS XE


Release 3.1S

Gopher TCP/UDP 70 Gopher gopher Cisco IOS XE


Release 3.1S

Graphics TCP/UDP 41 Graphics graphics Cisco IOS XE


Release 3.1S

GRE TCP/UDP 47 General Routing gre Cisco IOS XE


Encapsulation Release 3.1S

GRIDFTP - - File Transfer gridftp Cisco IOS XE


Protocol over the Release 3.5S
Grid

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


34
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Groove TCP/UDP 2492 Groove groove Cisco IOS XE
Release 3.1S

GSS-HTTP TCP/UDP 488 gss-http gss-http Cisco IOS XE


Release 3.1S

GSS- TCP/UDP 128 GNU Generation gss-xlicen Cisco IOS XE


XLICEN Foundation NCP Release 3.1S

gtalk-chat - - Instant gtalk-chat Cisco IOS XE


messaging Release 3.5S
between Google
Talk servers and
its clients

GTP-User TCP/UDP 2152 GTP-User Plane gtp-user Cisco IOS XE


Release 3.1S

HA-Cluster TCP/UDP 694 ha-cluster ha-cluster Cisco IOS XE


Release 3.1S

HAP TCP/UDP 661 hap hap Cisco IOS XE


Release 3.1S

Hassle TCP/UDP 375 Hassle hassle Cisco IOS XE


Release 3.1S

HCP- TCP/UDP 686 Hardware hcp-wismar Cisco IOS XE


Wismar Control Protocol Release 3.1S
Wismar

HDAP TCP/UDP 263 hdap hdap Cisco IOS XE


Release 3.1S

Hello-port TCP/UDP 652 HELLO_PORT hello-port Cisco IOS XE


Release 3.1S

HEMS TCP/UDP 151 hems hems Cisco IOS XE


Release 3.1S

HIP TCP/UDP 139 Host Identity hip Cisco IOS XE


Protocol Release 3.1S

HMMP-IND TCP/UDP 612 HMMP hmmp-ind Cisco IOS XE


Indication Release 3.1S

HMMP-OP TCP/UDP 613 HMMP hmmp-op Cisco IOS XE


Operation Release 3.1S

HMP TCP/UDP 20 Host Monitoring hmp Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


35
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
HOPOPT TCP/UDP 0 IPv6 Hop-by- hopopt Cisco IOS XE
Hop Option Release 3.1S

Hostname TCP/UDP 101 NIC Host Name hostname Cisco IOS XE


Server Release 3.1S

HP-Alarm- TCP/UDP 383 HP performance hp-alarm-mgr Cisco IOS XE


Mgr data alarm Release 3.1S
manager

HP-Collector TCP/UDP 381 HP performance hp-collector Cisco IOS XE


data collector Release 3.1S

HP- TCP/UDP 382 HP performance hp-managed-node Cisco IOS XE


Managed- data managed Release 3.1S
Node node

HTTP-ALT TCP/UDP 8080 HTTP Alternate http-alt Cisco IOS XE


Release 3.1S

HTTP-Mgmt TCP/UDP 280 http-mgmt http-mgmt Cisco IOS XE


Release 3.1S

HTTP-RPC- TCP/UDP 593 HTTP RPC Ep http-rpc-epmap Cisco IOS XE


EPMAP Map Release 3.1S

Hybrid-POP TCP/UDP 473 Hybrid-pop hybrid-pop Cisco IOS XE


Release 3.1S

Hyper-G TCP/UDP 418 Hyper-g hyper-g Cisco IOS XE


Release 3.1S

Hyperwave- TCP/UDP 692 Hyperwave-isp hyperwave-isp Cisco IOS XE


ISP Release 3.1S

IAFDBase TCP/UDP 480 iafdbase iafdbase Cisco IOS XE


Release 3.1S

IAFServer TCP/UDP 479 iafserver iafserver Cisco IOS XE


Release 3.1S

IASD TCP/UDP 432 iasd iasd Cisco IOS XE


Release 3.1S

IATP TCP/UDP 117 Interactive iatp Cisco IOS XE


Agent Transfer Release 3.1S
Protocol

IBM-App 385 IBM Application ibm-app Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


36
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
IBM-DB2 TCP/UDP 523 IBM-DB2 ibm-db2 Cisco IOS XE
Release 3.1S

IBProtocol TCP/UDP 6714 Internet ibprotocol Cisco IOS XE


Backplane Release 3.1S
Protocol

ICLCNet- TCP/UDP 886 ICL coNETion iclcnet-locate Cisco IOS XE


Locate locate server Release 3.1S

ICLNet_SVI TCP/UDP 887 ICL coNETion iclcnet_svinfo Cisco IOS XE


nfo server info Release 3.1S

ICMP TCP/UDP 1 Internet Control icmp Cisco IOS XE


Message Release 3.1S

IDFP TCP/UDP 549 idfp idfp Cisco IOS XE


Release 3.1S

IDPR TCP/UDP 35 Inter-Domain idpr Cisco IOS XE


Policy Routing Release 3.1S
Protocol

IDPRr- TCP/UDP 38 IDPR Control idpr-cmtp Cisco IOS XE


CMTP Message Release 3.1S
Transport
Protocol

IDRP TCP/UDP 45 Inter-Domain idrp Cisco IOS XE


Routing Protocol Release 3.1S

IEEE-MMS TCP/UDP 651 ieee-mms ieee-mms Cisco IOS XE


Release 3.1S

IEEE-MMS- TCP/UDP 695 ieee-mms-ssl ieee-mms-ssl Cisco IOS XE


SSL Release 3.1S

IFMP TCP/UDP 101 Ipsilon Flow ifmp Cisco IOS XE


Management Release 3.1S
Protocol

IGRP TCP/UDP 9 Cisco interior igrp Cisco IOS XE


gateway Release 3.1S

IIOP TCP/UDP 535 iiop iiop Cisco IOS XE


Release 3.1S

IL TCP/UDP 40 IL Transport il Cisco IOS XE


Protocol Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


37
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
IMSP TCP/UDP 406 Interactive Mail imsp Cisco IOS XE
Support Protocol Release 3.1S

InBusiness TCP/UDP 244 Inbusiness inbusiness Cisco IOS XE


Release 3.1S

Infoseek TCP/UDP 414 InfoSeek infoseek Cisco IOS XE


Release 3.1S

Ingres-Net TCP/UDP 134 INGRES-NET ingres-net Cisco IOS XE


Service Release 3.1S

I-NLSP TCP/UDP 52 Integrated Net i-nlsp Cisco IOS XE


Layer Security Release 3.1S
TUBA

Intecourier TCP/UDP 495 Intecourier intecourier Cisco IOS XE


Release 3.1S

Integra-SME TCP/UDP 484 Integra Software integra-sme Cisco IOS XE


Management Release 3.1S
Environment

Intrinsia TCP/UDP 503 intrinsa intrinsa Cisco IOS XE


Release 3.1S

IPCD TCP/UDP 576 ipcd ipcd Cisco IOS XE


Release 3.1S

IPComp TCP/UDP 108 IP Payload ipcomp Cisco IOS XE


Compression Release 3.1S
Protocol

IPCServer TCP/UDP 600 Sun IPC server ipcserver Cisco IOS XE


Release 3.1S

IPCV TCP/UDP 71 Internet Packet ipcv Cisco IOS XE


Core Utility Release 3.1S

IPDD TCP/UDP 578 ipdd ipdd Cisco IOS XE


Release 3.1S

IPINIP TCP/UDP 4 IP in IP ipinip Cisco IOS XE


Release 3.1S

IPIP TCP/UDP 94 IP-within-IP ipip Cisco IOS XE


Encapsulation Release 3.1S
Protocol

IPLT TCP/UDP 129 IPLT iplt Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


38
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
IPP TCP/UDP 631 Internet Printing ipp Cisco IOS XE
Protocol Release 3.1S

IPPC TCP/UDP 67 Internet Pluribus ippc Cisco IOS XE


Packet Core Release 3.1S

Ipv6-Frag TCP/UDP 44 Fragment ipv6-frag Cisco IOS XE


Header for IPv6 Release 3.1S

Ipv6-ICMP TCP/UDP 58 ICMP for IPv6 ipv6-icmp Cisco IOS XE


Release 3.1S

Ipv6INIP TCP/UDP 41 Ipv6 ipv6inip Cisco IOS XE


encapsulated Release 3.1S

ipv6-NonXT TCP/UDP 59 No Next Header ipv6-nonxt Cisco IOS XE


for IPv6 Release 3.1S

Ipv6-OPTS TCP/UDP 60 Destination ipv6-opts Cisco IOS XE


Options for IPv6 Release 3.1S

Ipv6-Route TCP/UDP 43 Routing Header ipv6-route Cisco IOS XE


for IPv6 Release 3.1S

IRC TCP/UDP 194 Internet Relay irc Cisco IOS XE


Chat Release 3.1S

IRC-SERV TCP/UDP 529 IRC-SERV irc-serv Cisco IOS XE


Release 3.1S

IRTP TCP/UDP 28 Internet Reliable irtp Cisco IOS XE


Transaction Release 3.1S

IS99C TCP/UDP 379 TIA/EIA/IS-99 is99c Cisco IOS XE


modem client Release 3.1S

IS99S TCP/UDP 380 TIA/EIA/IS-99 is99s Cisco IOS XE


modem server Release 3.1S

ISAKMP UDP 500, 4500 Internet Security isakmp Cisco IOS XE


Association & Release 3.1S
Key
Management
Protocol

ISI-GI TCP/UDP 55 ISI Graphics isi-gl Cisco IOS XE


Language Release 3.1S

ISIS TCP/UDP 124 ISIS over IPv4 isis Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


39
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
ISO-ILL TCP/UDP 499 ISO ILL iso-ill Cisco IOS XE
Protocol Release 3.1S

ISO-IP TCP/UDP 147 iso-ip iso-ip Cisco IOS XE


Release 3.1S

ISO-TP0 TCP/UDP 146 iso-tp0 iso-tp0 Cisco IOS XE


Release 3.1S

ISO-TP4 TCP/UDP 29 ISO Transport iso-tp4 Cisco IOS XE


Protocol Class 4 Release 3.1S

ISO-TSAP TCP/UDP 102 ISO-TSAP Class iso-tsap Cisco IOS XE


0 Release 3.1S

ISO-TSAP- TCP/UDP 399 ISO Transport iso-tsap-c2 Cisco IOS XE


C2 Class 2 Non- Release 3.1S
Control

ITM- TCP/UDP 828 itm-mcell-s itm-mcell-s Cisco IOS XE


MCELL-S Release 3.1S

IXP-IN-IP TCP/UDP 111 IPX in IP ixp-in-ip Cisco IOS XE


Release 3.1S

Jargon TCP/UDP 148 Jargon jargon Cisco IOS XE


Release 3.1S

Kali TCP/UDP 2213 Kali kali Cisco IOS XE


Release 3.1S
K-Block TCP/UDP 287 K-block k-block Cisco IOS XE
Release 3.1S

Keyserver TCP/UDP 584 Key Server keyserver Cisco IOS XE


Release 3.1S

KIS TCP/UDP 186 KIS Protocol kis Cisco IOS XE


Release 3.1S

Klogin TCP/UDP 543 klogin klogin Cisco IOS XE


Release 3.1S

Knet-CMP TCP/UDP 157 KNET/VM knet-cmp Cisco IOS XE


Command/ Release 3.1S
Message
Protocol

Konspire2b TCP/UDP 6085 Konspire2b p2p Konspire2b Cisco IOS XE


network Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


40
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Kpasswd TCP/UDP 464 Kpasswd kpasswd Cisco IOS XE
Release 3.1S

Kryptolan TCP/UDP 398 Kryptolan kryptolan Cisco IOS XE


Release 3.1S

Kshell TCP/UDP 544 Kshell kshell Cisco IOS XE


Release 3.1S

L2TP TCP/UDP 1701 l2tp l2tp Cisco IOS XE


Release 3.1S

LA-Maint TCP/UDP 51 IMP Logical la-maint Cisco IOS XE


Address Release 3.1S
Maintenance

LANServer TCP/UDP 637 lanserver lanserver Cisco IOS XE


Release 3.1S

LARP TCP/UDP 91 Locus Address larp Cisco IOS XE


Resolution Release 3.1S
Protocol

LDAP TCP/UDP 389 Lightweight ldap Cisco IOS XE


Directory Release 3.1S
Access Protocol

LDP TCP/UDP 646 LDP ldp Cisco IOS XE


Release 3.1S

Leaf-1 TCP/UDP 25 Leaf-1 leaf-1 Cisco IOS XE


Release 3.1S

Leaf-2 TCP/UDP 26 Leaf-2 leaf-2 Cisco IOS XE


Release 3.1S

Legent-1 TCP/UDP 373 Legent legent-1 Cisco IOS XE


Corporation Release 3.1S

Legent-2 TCP/UDP 374 Legent legent-2 Cisco IOS XE


Corporation Release 3.1S

LJK-Login TCP/UDP 472 ljk-login ljk-login Cisco IOS XE


Release 3.1S

Lockd TCP/UDP 4045 NFS Lock lockd Cisco IOS XE


Daemon Release 3.1S
Manager

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


41
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Locus-Con TCP/UDP 127 Locus PC- locus-con Cisco IOS XE
Interface Conn Release 3.1S
Server

Locus-Map TCP/UDP 125 Locus PC- locus-map Cisco IOS XE


Interface Net Release 3.1S
Map Ser

MAC- TCP/UDP 660 MacOS Server mac-srvr-admin Cisco IOS XE


SRVR- Admin Release 3.1S
Admin

Magenta- TCP/UDP 313 Magenta-logic magenta-logic Cisco IOS XE


Logic Release 3.1S

Mailbox-LM TCP/UDP 505 Mailbox-lm mailbox-lm Cisco IOS XE


Release 3.1S

Mailq TCP/UDP 174 MAILQ mailq Cisco IOS XE


Release 3.1S

Maitrd TCP/UDP 997 Maitrd maitrd Cisco IOS XE


Release 3.1S

MANET TCP/UDP 138 MANET manet Cisco IOS XE


Protocols Release 3.1S

MasqDialer TCP/UDP 224 Masqdialer masqdialer Cisco IOS XE


Release 3.1S

Matip-Type- TCP/UDP 350 MATIP Type A matip-type-a Cisco IOS XE


A Release 3.1S

Matip-Type- TCP/UDP 351 MATIP Type B matip-type-b Cisco IOS XE


B Release 3.1S

MCIDAS TCP/UDP 112 McIDAS Data mcidas Cisco IOS XE


Transmission Release 3.1S
Protocol

MCNS-Sec TCP/UDP 638 mcns-sec mcns-sec Cisco IOS XE


Release 3.1S

MDC- TCP/UDP 685 mdc-portmapper mdc-portmapper Cisco IOS XE


Portmapper Release 3.1S

MeComm TCP/UDP 668 MeComm mecomm Cisco IOS XE


Release 3.1S

MeRegister TCP/UDP 669 MeRegister meregister Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


42
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Merit-INP TCP/UDP 32 MERIT merit-inp Cisco IOS XE
Internodal Release 3.1S
Protocol

Meta5 TCP/UDP 393 Meta5 meta5 Cisco IOS XE


Release 3.1S

Metagram TCP/UDP 99 Metagram metagram Cisco IOS XE


Release 3.1S

Meter TCP/UDP 570 Meter meter Cisco IOS XE


Release 3.1S

Mfcobol TCP/UDP 86 Micro Focus mfcobol Cisco IOS XE


Cobol Release 3.1S

MFE-NSP TCP/UDP 31 MFE Network mfe-nsp Cisco IOS XE


Services Release 3.1S
Protocol

MFTP TCP/UDP 349 mftp mftp Cisco IOS XE


Release 3.1S

Micom-PFS TCP/UDP 490 Micom-pfs micom-pfs Cisco IOS XE


Release 3.1S

MICP TCP/UDP 95 Mobile micp Cisco IOS XE


Internetworking Release 3.1S
Control Pro.

Micromuse- TCP/UDP 1534 micromuse-lm micromuse-lm Cisco IOS XE


LM Release 3.1S

MIT-DOV TCP/UDP 91 MIT Dover mit-dov Cisco IOS XE


Spooler Release 3.1S

MIT-ML- TCP/UDP 83 MIT ML Device mit-ml-dev Cisco IOS XE


Dev Release 3.1S

Mobile TCP/UDP 55 IP Mobility mobile Cisco IOS XE


Release 3.1S

MobileIP- TCP/UDP 434 mobileip-agent mobileip-agent Cisco IOS XE


Agent Release 3.1S

MobilIP-MN TCP/UDP 435 mobilip-mn mobilip-mn Cisco IOS XE


Release 3.1S

Mondex TCP/UDP 471 Mondex mondex Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


43
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Monitor TCP/UDP 561 Monitor monitor Cisco IOS XE
Release 3.1S

Mortgagewar TCP/UDP 367 Mortgageware mortgageware Cisco IOS XE


e Release 3.1S

MPLS-IN-IP TCP/UDP 137 MPLS-in-IP mpls-in-ip Cisco IOS XE


Release 3.1S

MPM TCP/UDP 45 Message mpm Cisco IOS XE


Processing Release 3.1S
Module

MPM-Flags TCP/UDP 44 MPM FLAGS mpm-flags Cisco IOS XE


Protocol Release 3.1S

MPM-SND TCP/UDP 46 MPM [default mpm-snd Cisco IOS XE


send] Release 3.1S

MPP TCP/UDP 218 Netix Message mpp Cisco IOS XE


Posting Protocol Release 3.1S

MPTN TCP/UDP 397 Multi Protocol mptn Cisco IOS XE


Transport Release 3.1S
Network

MRM TCP/UDP 679 mrm mrm Cisco IOS XE


Release 3.1S

MSDP TCP/UDP 639 msdp msdp Cisco IOS XE


Release 3.1S

MSExch- TCP/UDP 691 MS Exchange msexch-routing Cisco IOS XE


Routing Routing Release 3.1S

MSFT-GC TCP/UDP 3268 Microsoft msft-gc Cisco IOS XE


Global Catalog Release 3.1S

MSFT-GC- TCP/UDP 3269 Microsoft msft-gc-ssl Cisco IOS XE


SSL Global Catalog Release 3.1S
with LDAP/SSL

MSG-AUTH TCP/UDP 31 msg-auth msg-auth Cisco IOS XE


Release 3.1S

MSG-ICP TCP/UDP 29 msg-icp msg-icp Cisco IOS XE


Release 3.1S

MSNP TCP/UDP 1863 msnp msnp Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


44
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
MS-OLAP TCP/UDP 2393 Microsoft OLAP ms-olap Cisco IOS XE
Release 3.1S

MSP TCP/UDP 18 Message Send msp Cisco IOS XE


Protocol Release 3.1S

MS-Rome TCP/UDP 569 Microsoft rome ms-rome Cisco IOS XE


Release 3.1S

MS-Shuttle TCP/UDP 568 Microsoft shuttle ms-shuttle Cisco IOS XE


Release 3.1S

MS-wbt TCP 3389/ Microsoft ms-wbt Cisco IOS XE


Heuristic Windows-based Release 3.4S
Terminal
Services

MS-SQLl-M TCP/UDP 1434 Microsoft-SQL- ms-sql-m Cisco IOS XE


Monitor Release 3.1S

MTP TCP/UDP 92 Multicast mtp Cisco IOS XE


Transport Release 3.1S
Protocol

Multiling- TCP/UDP 777 Multiling HTTP multiling-http Cisco IOS XE


HTTP Release 3.1S

Multiplex TCP/UDP 171 Network multiplex Cisco IOS XE


Innovations Release 3.1S
Multiplex

Mumps TCP/UDP 188 Plus Fives mumps Cisco IOS XE


MUMPS Release 3.1S

MUX TCP/UDP 18 Multiplexing mux Cisco IOS XE


Release 3.1S

Mylex- TCP/UDP 467 mylex-mapd mylex-mapd Cisco IOS XE


MAPD Release 3.1S

MySQL TCP/UDP 3306 MySQL mysql Cisco IOS XE


Release 3.1S

Name TCP/UDP 42 Host Name name Cisco IOS XE


Server Release 3.1S

NAMP TCP/UDP 167 namp namp Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


45
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
NARP TCP/UDP 54 NBMA Address narp Cisco IOS XE
Resolution Release 3.1S
Protocol

NAS TCP/UDP 991 Netnews nas Cisco IOS XE


Administration Release 3.1S
System

NCED TCP/UDP 404 nced nced Cisco IOS XE


Release 3.1S

NCLD TCP/UDP 405 ncld ncld Cisco IOS XE


Release 3.1S

NCP TCP/UDP 524 NCP ncp Cisco IOS XE


Release 3.1S

NDSAuth TCP/UDP 353 NDSAUTH ndsauth Cisco IOS XE


Release 3.1S

Nest- TCP/UDP 489 Nest-protocol nest-protocol Cisco IOS XE


Protocol Release 3.1S

Net8-CMAN TCP/UDP 1830 Oracle Net8 net8-cman Cisco IOS XE


CMan Admin Release 3.1S

Net- TCP/UDP 3283 net-assistant net-assistant Cisco IOS XE


Assistant Release 3.1S

Netblt TCP/UDP 30 Bulk Data netblt Cisco IOS XE


Transfer Release 3.1S
Protocol

NetGW TCP/UDP 741 netgw netgw Cisco IOS XE


Release 3.1S

NetNews TCP/UDP 532 readnews netnews Cisco IOS XE


Release 3.1S

NetRCS TCP/UDP 742 Network based netrcs Cisco IOS XE


RCS Release 3.1S

NetRJS-1 TCP/UDP 71 Remote Job netrjs-1 Cisco IOS XE


Service Release 3.1S

NetRJS-2 TCP/UDP 72 Remote Job netrjs-2 Cisco IOS XE


Service Release 3.1S

NetRJS-3 TCP/UDP 73 Remote Job netrjs-3 Cisco IOS XE


Service Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


46
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
NetRJS-4 TCP/UDP 74 Remote Job netrjs-4 Cisco IOS XE
Service Release 3.1S

NETSC-Dev TCP/UDP 155 NETSC netsc-dev Cisco IOS XE


Release 3.1S

NETSC-Prod TCP/UDP 154 NETSC netsc-prod Cisco IOS XE


Release 3.1S

NetViewDM TCP/UDP 729 IBM NetView M netviewdm1 Cisco IOS XE


1 Release 3.1S

NetviewDM TCP/UDP 730 IBM NetView netviewdm2 Cisco IOS XE


2 DM Release 3.1S

NetviewDM TCP/UDP 731 IBM NetView netviewdm3 Cisco IOS XE


3 DM Release 3.1S

Netwall TCP/UDP 533 for emergency netwall Cisco IOS XE


broadcasts Release 3.1S

Netware-IP TCP/UDP 396 Novell Netware netware-ip Cisco IOS XE


over IP Release 3.1S

New-RWHO TCP/UDP 550 new who new-rwho Cisco IOS XE


Release 3.1S

NextStep TCP/UDP 178 NextStep nextstep Cisco IOS XE


Window Server Release 3.1S

NFS TCP/UDP 2049 Network File nfs Cisco IOS XE


System Release 3.1S

NicName TCP/UDP 43 Who Is nicname Cisco IOS XE


Release 3.1S

NI-FTP TCP/UDP 47 NI FTP ni-ftp Cisco IOS XE


Release 3.1S

NI-Mail TCP/UDP 61 NI MAIL ni-mail Cisco IOS XE


Release 3.1S

Nlogin TCP/UDP 758 nlogin nlogin Cisco IOS XE


Release 3.1S

NMAP TCP/UDP 689 nmap nmap Cisco IOS XE


Release 3.1S

NMSP TCP/UDP 537 Networked nmsp Cisco IOS XE


Media Release 3.1S
Streaming
Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


47
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
NNSP TCP/UDP 433 nnsp nnsp Cisco IOS XE
Release 3.1S

Notes TCP/UDP 1352 Lotus Notes(R) notes Cisco IOS XE


Release 3.1S

NovaStorBa TCP/UDP 308 Novastor novastorbakcup Cisco IOS XE


kcup Backup Release 3.1S

NPMP-GUI TCP/UDP 611 npmp-gui npmp-gui Cisco IOS XE


Release 3.1S

NPMP-Local TCP/UDP 610 npmp-local npmp-local Cisco IOS XE


Release 3.1S

NPMP-Trap TCP/UDP 609 npmp-trap npmp-trap Cisco IOS XE


Release 3.1S

NPP TCP/UDP 92 Network npp Cisco IOS XE


Printing Protocol Release 3.1S

NQS TCP/UDP 607 nqs nqs Cisco IOS XE


Release 3.1S

NS TCP/UDP 760 ns ns Cisco IOS XE


Release 3.1S

NSFNET- TCP/UDP 85 NSFNET-IGP nsfnet-igp Cisco IOS XE


IGP Release 3.1S

NSIIOPS TCP/UDP 261 IIOP Name nsiiops Cisco IOS XE


Service over Release 3.1S
TLS/SSL

NSRMP TCP/UDP 359 Network nsrmp Cisco IOS XE


Security Risk Release 3.1S
Management
Protocol

NSS-Routing TCP/UDP 159 NSS-Routing nss-routing Cisco IOS XE


Release 3.1S

NSW-FE TCP/UDP 27 NSW User nsw-fe Cisco IOS XE


System FE Release 3.1S

Ntalk TCP/UDP 518 Ntalk ntalk Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


48
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
NTP TCP/UDP 123 Network Time ntp Cisco IOS XE
Protocol Release 2.3 Cisco
IOS XE Release
3.1S

Cisco IOS XE Release NVP-II TCP/UDP 11 Ne nvp-ii


3.1S tw
ork
Vo
ice
Pr
oto
col

NXEdit TCP/UDP 126 nxedit nxedit Cisco IOS XE


Release 3.1S

OBCBinder TCP/UDP 183 ocbinder ocbinder Cisco IOS XE


Release 3.1S

OBEX TCP/UDP 650 obex obex Cisco IOS XE


Release 3.1S

ObjCall TCP/UDP 94 Tivoli Object objcall Cisco IOS XE


Dispatcher Release 3.1S

OCS_AMU TCP/UDP 429 ocs_amu ocs_amu Cisco IOS XE


Release 3.1S

OCS_CMU TCP/UDP 428 ocs_cmu ocs_cmu Cisco IOS XE


Release 3.1S

OCServer TCP/UDP 184 ocserver ocserver Cisco IOS XE


Release 3.1S

ODMR TCP/UDP 366 odmr odmr Cisco IOS XE


Release 3.1S

OHIMSRV TCP/UDP 506 ohimsrv ohimsrv Cisco IOS XE


Release 3.1S

OLSR TCP/UDP 698 olsr olsr Cisco IOS XE


Release 3.1S

OMGInitialR TCP/UDP 900 omginitialrefs omginitialrefs Cisco IOS XE


efs Release 3.1S

OMServ TCP/UDP 764 omserv omserv Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


49
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
ONMUX TCP/UDP 417 onmux onmux Cisco IOS XE
Release 3.1S

Opalis-RDV TCP/UDP 536 Opalis-rdv opalis-rdv Cisco IOS XE


Release 3.1S

Opalis-Robot TCP/UDP 314 Opalis-robot opalis-robot Cisco IOS XE


Release 3.1S

OPC-Job- TCP/UDP 423 IBM Operations opc-job-start Cisco IOS XE


Start Planning and Release 3.1S
Control Start

OPC-Job- TCP/UDP 424 IBM Operations opc-job-track Cisco IOS XE


Track Planning and Release 3.1S
Control Track

Openport TCP/UDP 260 Openport openport Cisco IOS XE


Release 3.5S

OpenVMS- TCP/UDP 557 Openvms-sysipc openvms-sysipc Cisco IOS XE


Sysipc Release 3.1S

Open VPN - - Open VPN openvpn Cisco IOS XE


Protocol Release 3.5S

OracleName TCP/UDP 1575 Oraclenames oraclenames Cisco IOS XE


s Release 3.1S

OracleNet8C TCP/UDP 1630 Oracle Net8 oraclenet8cman Cisco IOS XE


MAN Cman Release 3.1S

ORA-Srv TCP/UDP 1525 Oracle TCP/IP ora-srv Cisco IOS XE


Listener Release 3.1S

Orbix- TCP/UDP 3076 Orbix 2000 orbix-config Cisco IOS XE


Config Config Release 3.1S

Orbix- TCP/UDP 3075 Orbix 2000 orbix-locator Cisco IOS XE


Locator Locator Release 3.1S

Orbix-Loc- TCP/UDP 3077 Orbix 2000 orbix-loc-ssl Cisco IOS XE


SSL Locator SSL Release 3.1S

OSPF TCP/UDP 89 Open Shortest ospf Cisco IOS XE


Path First Release 3.1S

OSU-NMS TCP/UDP 192 OSU Network osu-nms Cisco IOS XE


Monitoring Release 3.1S
System

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


50
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Parsec-Game TCP/UDP 6582 Parsec parsec-game Cisco IOS XE
Gameserver Release 3.1S

Passgo TCP/UDP 511 Passgo passgo Cisco IOS XE


Release 3.1S

Passgo- TCP/UDP 627 Passgo-tivoli passgo-tivoli Cisco IOS XE


Tivoli Release 3.1S

Password- TCP/UDP 586 Password password-chg Cisco IOS XE


Chg Change Release 3.1S

Pawserv TCP/UDP 345 Perf Analysis pawserv Cisco IOS XE


Workbench Release 3.1S

PCMail-SRV TCP/UDP 158 PCMail Server pcmail-srv Cisco IOS XE


Release 3.1S

PDAP TCP/UDP 344 Prospero Data pdap Cisco IOS XE


Access Protocol Release 3.1S

Personal-link TCP/UDP 281 Personal-link personal-link Cisco IOS XE


Release 3.1S

PFTP TCP/UDP 662 Parallel File pftp Cisco IOS XE


Transfer Release 3.1S
Protocol

PGM TCP/UDP 113 PGM Reliable pgm Cisco IOS XE


Transport Release 3.1S
Protocol

Philips-VC TCP/UDP 583 Philips Video- philips-vc Cisco IOS XE


Conferencing Release 3.1S

Phonebook TCP/UDP 767 Phone phonebook Cisco IOS XE


Release 3.1S

Photuris TCP/UDP 468 Photuris photuris Cisco IOS XE


Release 3.1S

PIM TCP/UDP 103 Protocol pim Cisco IOS XE


Independent Release 3.1S
Multicast

PIM-RP- TCP/UDP 496 PIM-RP-DISC pim-rp-disc Cisco IOS XE


DISC Release 3.1S

PIP TCP/UDP 1321 pip pip Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


51
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
PIPE TCP/UDP 131 Private IP pipe Cisco IOS XE
Encapsulation Release 3.1S
within IP

PIRP TCP/UDP 553 pirp pirp Cisco IOS XE


Release 3.1S

PKIX-3-CA- TCP/UDP 829 PKIX-3 CA/RA pkix-3-ca-ra Cisco IOS XE


RA Release 3.1S

PKIX- TCP/UDP 318 pkix-timestamp pkix-timestamp Cisco IOS XE


Timestamp Release 3.1S

PNNI TCP/UDP 102 PNNI over IP pnni Cisco IOS XE


Release 3.1S

Pop2 TCP/UDP 109 Post Office pop2 Cisco IOS XE


Protocol - Release 3.1S
Version 2

Pop3 TCP/UDP 110, Post Office pop3 Cisco IOS XE


Heuristic Protocol 3 Release 3.1S

POV-Ray TCP/UDP 494 pov-ray pov-ray Cisco IOS XE


Release 3.1S

Powerburst TCP/UDP 485 Air Soft Power powerburst Cisco IOS XE


Burst Release 3.1S

PPStream TCP/UDP Heuristic P2P TV ppstream Cisco IOS XE


Application Release 3.1S

PPTP TCP/UDP 1723 Point-to-Point pptp Cisco IOS XE


Tunneling Release 3.1S
Protocol

Cisco IOS XE Release Printer TCP/UDP 515 sp printer


3.1S ool
er

Print-SRV TCP/UDP 170 Network print-srv Cisco IOS XE


PostScript Release 3.1S

PRM TCP/UDP 21 Packet Radio prm Cisco IOS XE


Measurement Release 3.1S

PRM-NM TCP/UDP 409 Prospero prm-nm Cisco IOS XE


Resource Release 3.1S
Manager Node
Man

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


52
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
PRM-SM TCP/UDP 408 Prospero prm-sm Cisco IOS XE
Resource Release 3.1S
Manager Sys.
Man

Profile TCP/UDP 136 PROFILE profile Cisco IOS XE


Naming System Release 3.1S

Prospero TCP/UDP 191 Prosper prospero Cisco IOS XE


Directory Release 3.1S
Service

PTCNameSe TCP/UDP 597 PTC Name ptcnameservice Cisco IOS XE


rvice Service Release 3.1S

PTP TCP/UDP 123 Performance ptp Cisco IOS XE


Transparency Release 3.1S
Protocol

PTP-Event TCP/UDP 319 PTP Event ptp-event Cisco IOS XE


Release 3.1S

PTP-General TCP/UDP 320 PTP General ptp-general Cisco IOS XE


Release 3.1S

Pump TCP/UDP 751 Pump pump Cisco IOS XE


Release 3.1S

PUP TCP/UDP 12 PUP pup Cisco IOS XE


Release 3.1S

Purenoise TCP/UDP 663 purenoise purenoise Cisco IOS XE


Release 3.1S

PVP TCP/UDP 75 Packet Video pvp Cisco IOS XE


Protocol Release 3.1S

PWDGen TCP/UDP 129 Password pwdgen Cisco IOS XE


Generator Release 3.1S
Protocol

QBIKGDP TCP/UDP 368 qbikgdp qbikgdp Cisco IOS XE


Release 3.1S

QFT TCP/UDP 189 Queued File qft Cisco IOS XE


Transport Release 3.1S

QMQP TCP/UDP 628 qmqp qmqp Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


53
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
QMTP TCP/UDP 209 The Quick Mail qmtp Cisco IOS XE
Transfer Release 3.1S
Protocol

QNX TCP/UDP 106 QNX qnx Cisco IOS XE


Release 3.1S

QoTD TCP/UDP 17 Quote of the qotd Cisco IOS XE


Day Release 3.1S

QRH TCP/UDP 752 qrh qrh Cisco IOS XE


Release 3.1S

QUOTD TCP/UDP 762 quotad quotad Cisco IOS XE


Release 3.1S

RAP TCP/UDP 38 Route Access rap Cisco IOS XE


Protocol Release 3.1S

RCMD TCP 512-514 BSD r- rcmd Cisco IOS XE


commands Release 3.3S

RCP TCP/UDP 469 Radio Control rcp Cisco IOS XE


Protocol Release 2.3 Cisco
IOS XE Release
3.1S

RDA TCP/UDP 630 rda rda Cisco IOS XE


Release 3.1S

RDB-DBS- TCP/UDP 1571 Oracle Remote rdb-dbs-disp Cisco IOS XE


DISP Data Base Release 3.1S

RDP TCP/UDP 27 Reliable Data rdp Cisco IOS XE


Protocol Release 3.1S

Realm- TCP/UDP 688 ApplianceWare realm-rusd Cisco IOS XE


RUSD managment Release 3.1S
protocol

RE-Mail-CK TCP/UDP 50 Remote Mail re-mail-ck Cisco IOS XE


Checking Release 3.1S
Protocol

RemoteFS TCP/UDP 556 rfs server remotefs Cisco IOS XE


Release 3.1S

Remote-KIS TCP/UDP 185 Remote-kis remote-kis Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


54
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
REPCMD TCP/UDP 641 repcmd repcmd Cisco IOS XE
Release 3.1S

REPSCMD TCP/UDP 653 repscmd repscmd Cisco IOS XE


Release 3.1S

RESCAP TCP/UDP 283 rescap rescap Cisco IOS XE


Release 3.1S

RIP TCP/UDP 520 Routing rip Cisco IOS XE


Information Release 3.1S
Protocol

RIPING TCP/UDP 521 ripng ripng Cisco IOS XE


Release 3.1S

RIS TCP/UDP 180 Intergraph ris Cisco IOS XE


Release 3.1S

RIS-CM TCP/UDP 748 Russell Info Sci ris-cm Cisco IOS XE


Calendar Release 3.1S
Manager

RJE TCP/UDP 5 Remote Job rje Cisco IOS XE


Entry Release 3.1S

RLP TCP/UDP 39 Resource rlp Cisco IOS XE


Location Release 3.1S
Protocol

RLZDBASE TCP/UDP 635 rlzdbase rlzdbase Cisco IOS XE


Release 3.1S

RMC TCP/UDP 657 rmc rmc Cisco IOS XE


Release 3.1S

RMIActivati TCP/UDP 1098 rmiactivation rmiactivation Cisco IOS XE


on Release 3.1S

RMIRegistry TCP/UDP 1099 rmiregistry rmiregistry Cisco IOS XE


Release 3.1S

RMonitor TCP/UDP 560 Rmonitord rmonitor Cisco IOS XE


Release 3.1S

RMT TCP/UDP 411 Remote MT rmt Cisco IOS XE


Protocol Release 3.1S

RPC2Portma TCP/UDP 369 rpc2portmap rpc2portmap Cisco IOS XE


p Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


55
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
RRH TCP/UDP 753 rrh rrh Cisco IOS XE
Release 3.1S

RRP TCP/UDP 648 Registry rrp Cisco IOS XE


Registrar Release 3.1S
Protocol

RSH-SPX TCP/UDP 222 Berkeley rshd rsh-spx Cisco IOS XE


with SPX auth Release 3.1S

RSVD TCP/UDP 168 rsvd rsvd Cisco IOS XE


Release 3.1S

RSVP_Tunn TCP/UDP 363 rsvp_tunnel rsvp_tunnel Cisco IOS XE


el Release 3.1S

RSVP-E2E- TCP/UDP 134 RSVP-E2E- rsvp-e2e-ignore Cisco IOS XE


Ignore IGNORE Release 3.1S

Rsync TCP/UDP 873 Rsync rsync Cisco IOS XE


Release 3.1S

RTelnet TCP/UDP 107 Remote Telnet rtelnet Cisco IOS XE


Service Release 2.3 Cisco
IOS XE Release
3.1S

RTIP TCP/UDP 771 rtip rtip Cisco IOS XE


Release 3.1S

RTMP TCP Heuristic Real Time rtmp Cisco IOS XE


Messaging Release 3.4S
Protocol

RTSPS TCP/UDP 322 RTSPS rtsps Cisco IOS XE


Release 3.1S

Rushd TCP/UDP 696 Rushd rushd Cisco IOS XE


Release 3.1S

RVD TCP/UDP 66 MIT Remote rvd Cisco IOS XE


Virtual Disk Release 3.1S
Protocol

RXE TCP/UDP 761 rxe rxe Cisco IOS XE


Release 3.1S

SAFT TCP/UDP 487 saft Simple saft Cisco IOS XE


Asynchronous Release 3.1S
File Transfer

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


56
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Sanity TCP/UDP 643 Sanity sanity Cisco IOS XE
Release 3.1S

SAT- TCP/UDP 64 SATNET and sat-expak Cisco IOS XE


EXPAK Backroom Release 3.1S
EXPAK

SAT-Mon TCP/UDP 69 SATNET sat-mon Cisco IOS XE


Monitoring Release 3.1S

SCC- TCP/UDP 582 scc-security scc-security Cisco IOS XE


Security Release 3.1S

SCC-SP TCP/UDP 96 Semaphore scc-sp Cisco IOS XE


Communications Release 3.1S
Sec. Pro.

SCO-DTMgr TCP/UDP 617 SCO Desktop sco-dtmgr Cisco IOS XE


Administration Release 3.1S
Server

SCOHELP TCP/UDP 457 scohelp scohelp Cisco IOS XE


Release 3.1S

SCOI2ODial TCP/UDP 360 scoi2odialog scoi2odialog Cisco IOS XE


og Release 3.1S

SCO- TCP/UDP 615 Internet sco-inetmgr Cisco IOS XE


Inetmgr Configuration Release 3.1S
Manager

SCO- TCP/UDP 616 SCO System sco-sysmgr Cisco IOS XE


SysMgr Administration Release 3.1S
Server

SCO- TCP/UDP 598 SCO Web sco-websrvrmg3 Cisco IOS XE


WebsrvrMg3 Server Manager Release 3.1S
3

SCO- TCP/UDP 620 SCO WebServer sco-websrvrmgr Cisco IOS XE


WebsrvrMgr Manager Release 3.1S

SCPS TCP/UDP 105 SCPS scps Cisco IOS XE


Release 3.1S
SCTP TCP/UDP 132 Stream Control sctp Cisco IOS XE
Transmission Release 3.1S
Protocol

SCX-Proxy TCP/UDP 470 scx-proxy scx-proxy Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


57
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
SDNSKMP TCP/UDP 558 SDNSKMP sdnskmp Cisco IOS XE
Release 3.1S

SDRP TCP/UDP 42 Source Demand sdrp Cisco IOS XE


Routing Protocol Release 3.1S

Secure-ftp TCP/UDP 990 ftp protocol, secure-ftp Cisco IOS XE


control, over Release 3.1S
TLS/SSL

Secure-IRC TCP/UDP 994 irc protocol over secure-irc Cisco IOS XE


TLS Release 3.1S

Secure- TCP/UDP 636 ldap protocol secure-ldap Cisco IOS XE


LDAP over TLS Release 3.1S

Secure- TCP/UDP 563 nntp protocol secure-nntp Cisco IOS XE


NNTP over TLS Release 3.1S

Secure-Pop3 TCP/UDP 995 pop3 protocol secure-pop3 Cisco IOS XE


over TLS Release 3.1S

Secure- TCP/UDP 992 telnet protocol secure-telnet Cisco IOS XE


Telnet over TLS Release 3.1S

Secure- TCP/UDP 82 SECURE- secure-vmtp Cisco IOS XE


VMTP VMTP Release 3.1S

Semantix TCP/UDP 361 Semantix semantix Cisco IOS XE


Release 3.1S

Send TCP/UDP 169 SEND send Cisco IOS XE


Release 3.1S

Server-IPX TCP/UDP 213 Internetwork server-ipx Cisco IOS XE


Packet Exchange Release 3.1S
Protocol

Servstat TCP/UDP 633 Service Status servstat Cisco IOS XE


update Release 3.1S

SET TCP/UDP 257 Secure set Cisco IOS XE


Electronic Release 3.1S
Transaction

SFS-Config TCP/UDP 452 Cray SFS config sfs-config Cisco IOS XE


server Release 3.1S

SFS-SMP- TCP/UDP 451 Cray Network sfs-smp-net Cisco IOS XE


Net Semaphore Release 3.1S
server

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


58
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
SFTP TCP/UDP 115 Simple File sftp Cisco IOS XE
Transfer Release 3.1S
Protocol

SGCP TCP/UDP 440 sgcp sgcp Cisco IOS XE


Release 3.1S

SGMP TCP/UDP 153 sgmp sgmp Cisco IOS XE


Release 3.1S

SGMP-Traps TCP/UDP 160 sgmp-traps sgmp-traps Cisco IOS XE


Release 3.1S

Shockwave TCP/UDP 1626 Shockwave shockwave Cisco IOS XE


Release 3.1S

Shrinkwrap TCP/UDP 358 Shrinkwrap shrinkwrap Cisco IOS XE


Release 3.1S

SIAM TCP/UDP 498 siam siam Cisco IOS XE


Release 3.1S

SIFT-UFT TCP/UDP 608 Sender-Initiated/ sift-uft Cisco IOS XE


Unsolicited File Release 3.1S
Transfer

SILC TCP/UDP 706 silc silc Cisco IOS XE


Release 3.1S

SitaraDir TCP/UDP 2631 Sitaradir sitaradir Cisco IOS XE


Release 3.1S

SitaraMgmt TCP/UDP 2630 Sitaramgmt sitaramgmt Cisco IOS XE


Release 3.1S

Sitaraserver TCP/UDP 2629 sitaraserver sitaraserver Cisco IOS XE


Release 3.1S

SKIP TCP/UDP 57 SKIP skip Cisco IOS XE


Release 3.1S

SKRONK TCP/UDP 460 skronk skronk Cisco IOS XE


Release 3.1S

SM TCP/UDP 122 SM sm Cisco IOS XE


Release 3.1S

Smakynet TCP/UDP 122 Smakynet smakynet Cisco IOS XE


Release 3.1S

SmartSDP TCP/UDP 426 Smartsdp smartsdp Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


59
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
SMP TCP/UDP 121 Simple Message smp Cisco IOS XE
Protocol Release 3.1S

SMPNameR TCP/UDP 901 smpnameres smpnameres Cisco IOS XE


es Release 3.1S

SMSD TCP/UDP 596 smsd smsd Cisco IOS XE


Release 3.1S

SMSP TCP/UDP 413 Storage smsp Cisco IOS XE


Management Release 3.1S
Services
Protocol

SMUX TCP/UDP 199 SMUX smux Cisco IOS XE


Release 3.1S

SNAGas TCP/UDP 108 SNA Gateway snagas Cisco IOS XE


Access Server Release 3.1S

Snare TCP/UDP 509 Snare snare Cisco IOS XE


Release 3.1S

S-Net TCP/UDP 166 Sirius Systems s-net Cisco IOS XE


Release 3.1S

SNP TCP/UDP 109 Sitara Networks snp Cisco IOS XE


Protocol Release 3.1S

SNPP TCP/UDP 444 Simple Network snpp Cisco IOS XE


Paging Protocol Release 3.1S

SNTP- TCP/UDP 580 SNTP sntp-heartbeat Cisco IOS XE


Heartbeat HEARTBEAT Release 3.1S

SoftPC TCP/UDP 215 Insignia softpc Cisco IOS XE


Solutions Release 3.1S

Sonar TCP/UDP 572 Sonar sonar Cisco IOS XE


Release 3.1S

SPMP TCP/UDP 656 spmp spmp Cisco IOS XE


Release 3.1S

Sprite-RPC TCP/UDP 90 Sprite RPC sprite-rpc Cisco IOS XE


Protocol Release 3.1S

SPS TCP/UDP 130 Secure Packet sps Cisco IOS XE


Shield Release 3.1S

SPSC TCP/UDP 478 spsc spsc Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


60
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
SQL*Net TCP/UDP 66 Oracle sql*net Cisco IOS XE
SQL*NET Release 3.1S

SQLExec TCP/UDP 9088 SQL Informix sqlexec Cisco IOS XE


Release 3.1S

SQL-Net TCP/UDP 150 SQL-NET sql-net Cisco IOS XE


Release 3.1S

Cisco IOS XE Release SQLServ TCP/UDP 118 SQ sqlserv


3.1S L
Ser
vic
es

SQLServer TCP/UDP 1433 Microsoft-SQL- sqlserver Cisco IOS XE


Server Release 3.1S

SRC TCP/UDP 200 IBM System src Cisco IOS XE


Resource Release 3.1S
Controller

SRMP TCP/UDP 193 Spider Remote srmp Cisco IOS XE


Monitoring Release 3.1S
Protocol

SRP TCP/UDP 119 SpectraLink srp Cisco IOS XE


Radio Protocol Release 3.1S

SRSSend TCP/UDP 362 srssend srssend Cisco IOS XE


Release 3.1S

SS7NS TCP/UDP 477 ss7ns ss7ns Cisco IOS XE


Release 3.1S

SSCOPMCE TCP/UDP 128 SSCOPMCE sscopmce Cisco IOS XE


Release 3.1S

SSH TCP/UDP 22 Secure Shell ssh Cisco IOS XE


Protocol Release 3.1S

Sshell TCP/UDP 614 SSLshell sshell Cisco IOS XE


Release 3.1S

SSL - - Secure Socket ssl Cisco IOS XE


Layer Protocol Release 3.5S

SST TCP/UDP 266 SCSI on ST sst Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


61
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
ST TCP/UDP 5 Stream st Cisco IOS XE
Release 3.1S

StatSRV TCP/UDP 133 Statistics Service statsrv Cisco IOS XE


Release 3.1S

STMF TCP/UDP 501 stmf stmf Cisco IOS XE


Release 3.1S

STP TCP/UDP 118 Schedule stp Cisco IOS XE


Transfer Release 3.1S
Protocol

StreetTalk TCP/UDP 566 Streettalk streettalk Cisco IOS XE


Release 3.1S

Stun-NAT TCP/UDP 3478 STUN stun-nat Cisco IOS XE


Release 3.1S

STX TCP/UDP 527 Stock IXChange stx Cisco IOS XE


Release 3.1S

Submission TCP/UDP 587 Submission submission Cisco IOS XE


Release 3.1S

Subntbcst_T TCP/UDP 247 subntbcst_tftp subntbcst_tftp Cisco IOS XE


FTP Release 3.1S

SU-MIT- TCP/UDP 89 SU/MIT Telnet su-mit-tg Cisco IOS XE


TG Gateway Release 3.1S

Sun-DR TCP/UDP 665 sun-dr sun-dr Cisco IOS XE


Release 3.1S

Sun-ND TCP/UDP 77 SUN ND sun-nd Cisco IOS XE


PROTOCOL- Release 3.1S
Temporary

SupDup TCP/UDP 95 SUPDUP supdup Cisco IOS XE


Release 3.1S

Surf TCP/UDP 1010 Surf surf Cisco IOS XE


Release 3.1S

Sur-Meas TCP/UDP 243 Survey sur-meas Cisco IOS XE


Measurement Release 3.1S

Svrloc TCP/UDP 427 Server Location svrloc Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


62
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Swift-RVF TCP/UDP 97 Swift Remote swift-rvf Cisco IOS XE
Virtural File Release 3.1S
Protocol

Swipe TCP/UDP 53 IP with swipe Cisco IOS XE


Encryption Release 3.1S

Synoptics- TCP/UDP 412 Trap Convention synoptics-trap Cisco IOS XE


Trap Port Release 3.1S

Synotics- TCP/UDP 392 SynOptics Port synotics-broker Cisco IOS XE


Broker Broker Port Release 3.1S

Synotics- TCP/UDP 391 SynOptics synotics-relay Cisco IOS XE


Relay SNMP Relay Release 3.1S
Port

Systat TCP/UDP 11 Active Users systat Cisco IOS XE


Release 2.3 Cisco
IOS XE Release
3.1S

TACACS TCP/UDP 49, 65 Terminal Access tacacs Cisco IOS XE


Controller Release 2.3 Cisco
Access Control IOS XE Release
System 3.1S

TAC News TCP/UDP 98 TAC News tacnews Cisco IOS XE


Release 3.1S

Talk TCP/UDP 517 Talk talk Cisco IOS XE


Release 3.1S

TCF TCP/UDP 87 TCF tcf Cisco IOS XE


Release 3.1S

Cisco IOS XE Release TD- TCP/UDP 268 To td-replica


3.1S Replica bit
Da
vid
Re
pli
ca

TD-Service TCP/UDP 267 Tobit David td-service Cisco IOS XE


Service Layer Release 3.1S

Teedtap TCP/UDP 559 Teedtap teedtap Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


63
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Tell TCP/UDP 754 Send tell Cisco IOS XE
Release 3.1S

Telnet TCP/UDP 23 Telnet telnet Cisco IOS XE


Release 3.1S

Tempo TCP/UDP 526 newdate tempo Cisco IOS XE


Release 3.1S

Tenfold TCP/UDP 658 Tenfold tenfold Cisco IOS XE


Release 3.1S

Texar TCP/UDP 333 Texar Security texar Cisco IOS XE


Port Release 3.1S

TICF-1 TCP/UDP 492 Transport ticf-1 Cisco IOS XE


Independent Release 3.1S
Convergence for
FNA

TICF-2 TCP/UDP 493 Transport ticf-2 Cisco IOS XE


Independent Release 3.1S
Convergence for
FNA

Timbuktu TCP/UDP 407 Timbuktu timbuktu Cisco IOS XE


Release 3.1S

Time TCP/UDP 37 Time time Cisco IOS XE


Release 2.3 Cisco
IOS XE Release
3.1S

Timed TCP/UDP 525 Timeserver timed Cisco IOS XE


Release 3.1S

TINC TCP/UDP 655 tinc tinc Cisco IOS XE


Release 3.1S

TLISRV TCP/UDP 1527 Oracle tlisrv Cisco IOS XE


Release 3.1S

TLSP TCP/UDP 56 Transport Layer tlsp Cisco IOS XE


Security Release 3.1S
Protocol

TNETOS TCP/UDP 377 NEC tnETOS Cisco IOS XE


Corporation Release 3.1S

TNS-CML TCP/UDP 590 tns-cml tns-cml Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


64
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
TN-TL-FD1 TCP/UDP 476 tn-tl-fd1 tn-tl-fd1 Cisco IOS XE
Release 3.1S

TOR - - TOR Anonymity tor Cisco IOS XE


Online Release 3.5S

TP++ TCP/UDP 39 TP++ Transport tp++ Cisco IOS XE


Protocol Release 3.1S

TPIP TCP/UDP 594 tpip tpip Cisco IOS XE


Release 3.1S

Trunk-1 TCP/UDP 23 Trunk-1 trunk-1 Cisco IOS XE


Release 3.1S

Trunk-2 TCP/UDP 24 Trunk-2 trunk-2 Cisco IOS XE


Release 3.1S

TServer TCP/UDP 450 Computer tserver Cisco IOS XE


Supported Release 3.1S
Telecomunicatio
n Applications

TTP TCP/UDP 84 TTP ttp Cisco IOS XE


Release 3.1S

UAAC TCP/UDP 145 UAAC Protocol uaac Cisco IOS XE


Release 3.1S

UARPs TCP/UDP 219 Unisys ARPs uarps Cisco IOS XE


Release 3.1S

UDPLite TCP/UDP 136 UDPLite udplite Cisco IOS XE


Release 3.1S

UIS TCP/UDP 390 uis uis Cisco IOS XE


Release 3.1S

uLISTProc TCP/UDP 372 List Processor ulistproc Cisco IOS XE


Release 3.1S

ULP TCP/UDP 522 ulp ulp Cisco IOS XE


Release 3.1S

ULPNet TCP/UDP 483 ulpnet ulpnet Cisco IOS XE


Release 3.1S

Unidata- TCP/UDP 388 Unidata LDM unidata-ldm Cisco IOS XE


LDM Release 3.1S

Unify TCP/UDP 181 Unify unify Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


65
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
UPS TCP/UDP 401 Uninterruptible ups Cisco IOS XE
Power Supply Release 3.1S

URM TCP/UDP 606 Cray Unified urm Cisco IOS XE


Resource Release 3.1S
Manager

UTI TCP/UDP 120 UTI uti Cisco IOS XE


Release 3.1S

Utime TCP/UDP 519 Unixtime utime Cisco IOS XE


Release 3.1S

UTMPCD TCP/UDP 431 utmpcd utmpcd Cisco IOS XE


Release 3.1S

UTMPSD TCP/UDP 430 utmpsd utmpsd Cisco IOS XE


Release 3.1S

UUCP TCP/UDP 540 uucpd uucp Cisco IOS XE


Release 3.1S

UUCP-Path TCP/UDP 117 UUCP Path uucp-path Cisco IOS XE


Service Release 3.1S

UUCP- TCP/UDP 541 uucp-rlogin uucp-rlogin Cisco IOS XE


rLogin Release 3.1S

UUIDGEN TCP/UDP 697 UUIDGEN uuidgen Cisco IOS XE


Release 3.1S

VACDSM- TCP/UDP 671 VACDSM-APP vacdsm-app Cisco IOS XE


App Release 3.1S

VACDSM- TCP/UDP 670 VACDSM-SWS vacdsm-sws Cisco IOS XE


SWS Release 3.1S

VATP TCP/UDP 690 Velazquez vatp Cisco IOS XE


Application Release 3.1S
Transfer
Protocol

VEMMI TCP/UDP 575 vemmi vemmi Cisco IOS XE


Release 3.1S

VID TCP/UDP 769 vid vid Cisco IOS XE


Release 3.1S

Videotex TCP/UDP 516 videotex videotex Cisco IOS XE


Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


66
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
VISA TCP/UDP 70 VISA Protocol visa Cisco IOS XE
Release 3.1S

VNC TCP/UDP 5800, Virtual Network vnc Cisco IOS XE


5900, Computing Release 2.3S
5901

VMNet TCP/UDP 175 vmnet vmnet Cisco IOS XE


Release 3.1S

VMPWSCS TCP/UDP 214 vmpwscs vmpwscs Cisco IOS XE


Release 3.1S

VMTP TCP/UDP 81 VMTP vmtp Cisco IOS XE


Release 3.1S

VNAS TCP/UDP 577 vnas vnas Cisco IOS XE


Release 3.1S

VPP TCP/UDP 677 Virtual Presence vpp Cisco IOS XE


Protocol Release 3.1S

VPPS-QUA TCP/UDP 672 vpps-qua vpps-qua Cisco IOS XE


Release 3.1S

VPPS-VIA TCP/UDP 676 vpps-via vpps-via Cisco IOS XE


Release 3.1S

VRRP TCP/UDP 112 Virtual Router vrrp Cisco IOS XE


Redundancy Release 3.1S
Protocol

VSINet TCP/UDP 996 vsinet vsinet Cisco IOS XE


Release 3.1S

VSLMP TCP/UDP 312 vslmp vslmp Cisco IOS XE


Release 3.1S

WAP-Push TCP/UDP 2948 WAP PUSH wap-push Cisco IOS XE


Release 3.1S

WAP-Push- TCP/UDP 4035 WAP Push wap-push-http Cisco IOS XE


HTTP OTA-HTTP port Release 3.1S

WAP-Push- TCP/UDP 4036 WAP Push wap-push-https Cisco IOS XE


HTTPS OTA-HTTP Release 3.1S
secure

WAP- TCP/UDP 2949 WAP PUSH wap-pushsecure Cisco IOS XE


Pushsecure SECURE Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


67
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
WAP- TCP/UDP 9207 WAP vCal wap-vcal-s Cisco IOS XE
VACL-S Secure Release 3.1S

WAP-VCAL TCP/UDP 9205 WAP vCal wap-vcal Cisco IOS XE


Release 3.1S

WAP- TCP/UDP 9204 WAP vCard wap-vcard Cisco IOS XE


VCARD Release 3.1S

WAP- TCP/UDP 9206 WAP vCard wap-vcard-s Cisco IOS XE


VCARD-S Secure Release 3.1S

WAP-WSP TCP/UDP 9200 WAP wap-wsp Cisco IOS XE


connectionless Release 3.1S
session service

WAP-WSP- TCP/UDP 9202 WAP secure wap-wsp-s Cisco IOS XE


S connectionless Release 3.1S
session service

WAP-WSP- TCP/UDP 9201 WAP session wap-wsp-wtp Cisco IOS XE


WTP service Release 3.1S

WAP-WSP- TCP/UDP 9203 WAP secure wap-wsp-wtp-s Cisco IOS XE


WTP-S session service Release 3.1S

WB-Expak TCP/UDP 79 WIDEBAND wb-expak Cisco IOS XE


EXPAK Release 3.1S

WB-Mon TCP/UDP 78 WIDEBAND wb-mon Cisco IOS XE


Monitoring Release 3.1S

Webster TCP/UDP 765 Webster webster Cisco IOS XE


Release 3.1S

Webex TCP Heuristic Webex Meeting webex-meeting Cisco IOS XE


Meeting Release 3.4S

WhoAmI TCP/UDP 565 whoami whoami Cisco IOS XE


Release 3.1S

Whois++ TCP/UDP 63 whois++ Service whois++ Cisco IOS XE


Release 2.3 Cisco
IOS XE Release
3.1S

Winny - - winny2 and winny Cisco IOS XE


winnyP traffic Release 3.5S

Windows TCP 80, 443, Windows windows-update Cisco IOS XE


Update Heuristic Update Release 3.4S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


68
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
WorldFusion TCP/UDP 2595 World Fusion worldfusion Cisco IOS XE
Release 3.1S

WPGS TCP/UDP 780 wpgs wpgs Cisco IOS XE


Release 3.1S

WSN TCP/UDP 74 Wang Span wsn Cisco IOS XE


Network Release 3.1S

XAct- TCP/UDP 911 Xact-backup xact-backup Cisco IOS XE


Backup Release 3.1S

X-Bone-CTL TCP/UDP 265 Xbone CTL x-bone-ctl Cisco IOS XE


Release 3.1S

XDMCP TCP/UDP 177 X Display xdmcp Cisco IOS XE


Manager Control Release 2.3 Cisco
Protocol IOS XE Release
3.1S

XDTP TCP/UDP 3088 eXtensible Data xdtp Cisco IOS XE


Transfer Release 3.1S
Protocol

XFER TCP/UDP 82 XFER Utility xfer Cisco IOS XE


Release 3.1S

XMPP - - XMPP Client xmpp-client Cisco IOS XE


Client Connection Release 3.5S

XNET TCP/UDP 15 Cross Net xnet Cisco IOS XE


Debugger Release 3.1S

XNS-Auth TCP/UDP 56 XNS xns-auth Cisco IOS XE


Authentication Release 3.1S

XNS-CH TCP/UDP 54 XNS xns-ch Cisco IOS XE


Clearinghouse Release 3.1S

XNS-Courier TCP/UDP 165 Xerox xns-courier Cisco IOS XE


Release 3.1S

XEROX NS XNS-IDP 22 XEROX NS IDP xns-idp Cisco IOS XE


IDP Release 3.1S

XNS-Mail TCP/UDP 58 XNS mail xns-mail Cisco IOS XE


Release 3.1S

XNS-Time TCP/UDP 52 XNS Time xns-time Cisco IOS XE


Protocol Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


69
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
XTP TCP/UDP 36 XTP xtp Cisco IOS XE
Release 3.1S

XVTTP TCP/UDP 508 xvttp xvttp Cisco IOS XE


Release 3.1S

XYPlex- TCP/UDP 173 Xyplex xyplex-mux Cisco IOS XE


Mux Release 3.1S

X Windows TCP 6000-600 X Window xwindows Cisco IOS XE


3 System Release 2.3 Cisco
IOS XE Release
3.1S

z39.50 TCP/UDP 210 ANSI Z39.50 z39.50 Cisco IOS XE


Release 3.1S

Zannet TCP/UDP 317 Zannet zannet Cisco IOS XE


Release 3.1S

ZServ TCP/UDP 346 Zebra zserv Cisco IOS XE


server Release 3.1S

AN IP 107 Active an Cisco IOS XE


Networks Release 3.1S

AOL- Cisco IOS XE Release


Protocol5 3.3S TCP 5190 A aol-protocol
me
ric
a
On
Li
ne
Pr
oto
col

ARGUS IP 13 ARGUS argus Cisco IOS XE


Release 3.1S
ARIS IP 104 ARIS aris Cisco IOS XE
Release 3.1S
AX25 IP 93 AX.25 Frames ax25 Cisco IOS XE
Release 3.1S
BBNR IP 10 BBN RCC bbnrccmon Cisco IOS XE
RCC Mon Monitoring Release 3.1S

5 AOL-Protocol classifies traffic shared between ICQ and AOL clients.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


70
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
BLIZWOW TCp, UDP 3724 World of blizwow Cisco IOS XE
Warcraft Release 3.1S
Gaming Protocol

BNA IP 49 BNA bna Cisco IOS XE


Release 3.1S
BR-SAT- IP 76 Backroom br-sat-mon Cisco IOS XE
Mon SATNET Release 3.1S
Monitoring

CBT IP 7 CBT cbt Cisco IOS XE


Release 3.1S
CFTP IP 62 CFTP cftp Cisco IOS XE
Release 3.1S

Choas IP 16 Chaos chaos Cisco IOS XE


Release 3.1S

Compaq- IP 110 Compaq compaq-peer Cisco IOS XE


Peer Peer Release 3.1S
Protocol

CPHB IP 73 Computer cphb Cisco IOS XE


Protocol Release 3.1S
Heart Beat

CPNX IP 72 Computer cpnx Cisco IOS XE


Protocol Release 3.1S
Network
Executive

CRTP IP 126 Combat crtp Cisco IOS XE


Radio Release 3.1S
Transport
Protocol

CRUDP IP 127 Combat crudp Cisco IOS XE


Radio Release 3.1S
User
Datagram

DCCP IP 33 Datagram dccp Cisco IOS XE


Congestio Release 3.1S
n Control
Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


71
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
DCN-Meas IP 19 DCN dcn-meas Cisco IOS XE
Measurem Release 3.1S
ent
Subsyste
ms

DDP IP 37 Datagram ddp Cisco IOS XE


Delivery Release 3.1S
Protocol

DDX IP 116 D-II Data ddx Cisco IOS XE


Exchange Release 3.1S

DGP IP 86 Dissimilar dgp Cisco IOS XE


Gateway Release 3.1S
Protocol

DSR IP 48 Dynamic dsr Cisco IOS XE


Source Release 3.1S
Routing
Protocol

EGP IP 8 Exterior egp Cisco IOS XE


Gateway Release 3.1S
Protocol

EIGRP IP 88 Enhanced eigrp Cisco IOS XE


Interior Release 3.1S
Gateway
Routing
Protocol

EMCON IP 14 EMCON emcon Cisco IOS XE


Release 3.1S

Encap IP 98 Encapsula encap 15.1(3)T


tion
Header

EtherIP IP 97 Ethernet- etherip Cisco IOS XE


within-IP Release 3.1S
Encapsula
tion

FC IP 133 Fibre Channel fc Cisco IOS XE


Release 3.1S
FIRE IP 125 FIRE fire Cisco IOS XE
Release 3.1S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


72
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
GGP IP 3 Gateway- ggp Cisco IOS XE
to- Release 3.1S
Gateway

GMTP IP 100 GMTP gmtp Cisco IOS XE


Release 3.1S

GRE IP 47 General gre Cisco IOS XE


Routing Release 3.1S
Encapsula
tion

HIP IP 139 Host hip Cisco IOS XE


Identity Release 3.1S
Protocol

HMP IP 20 Host hmp Cisco IOS XE


Monitorin Release 3.1S
g

HopOpt IP 0 IPv6 Hop- hopopt Cisco IOS XE


by-Hop Release 3.1S
Option

ICQ TCP 80, I seek you icq Cisco IOS XE


Heuristic Instant Release 3.3S
Messagin
g Protocol

IATP IP 117 Interactive iatp Cisco IOS XE


Agent Release 3.1S
Transfer
Protocol

ICMP IP 1 Internet icmp Cisco IOS XE


Control Release 3.1S
Message

IDPR IP 35 Inter- idpr Cisco IOS XE


Domain Release 3.1S
Policy
Routing
Protocol

IDPR- IP 38 IDPR idpr-cmtp Cisco IOS XE


CMTP Control Release 3.1S
Message
Transport
Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


73
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
IDRP IP 45 Inter- idrp Cisco IOS XE
Domain Release 3.1S
Routing
Protocol

IFMP IP 101 Ipsilon ifmp Cisco IOS XE


Flow Release 3.1S
Managem
ent
Protocol

IGRP IP 9 Cisco igrp Cisco IOS XE


interior Release 3.1S
gateway

IL IP 40 IL il Cisco IOS XE
Transport Release 3.1S
Protocol

I-NLSP IP 52 Integrated i-nlsp Cisco IOS XE


Net Layer Release 3.1S
Security
TUBA

IMPCOMP IP 108 IP ipcomp Cisco IOS XE


Payload Release 3.1S
Compressi
on
Protocol

IPCU IP 71 Internet Packet ipcu Cisco IOS XE


Core Utility Release 3.1S

IPinIP IP 4 IP in IP ipinip Cisco IOS XE


Release 3.1S

IPIP IP 94 IP-within- ipip Cisco IOS XE


IP Release 3.1S
Encapsula
tion
Protocol

IPLT IP 129 IPLT iplt Cisco IOS XE


Release 3.1S

IPPC IP 67 Internet ippc Cisco IOS XE


Pluribus Release 3.1S
Packet
Core

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


74
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
IPv6-Frag IP 44 Fragment ipv6-frag Cisco IOS XE
Header for Release 3.1S
IPv6

IPv6-ICMP IP 58 ICMP for ipv6-icmp Cisco IOS XE


IPv6 Release 3.1S

IPv6INIP IP 41 Ipv6 ipv6inip Cisco IOS XE


encapsulat Release 3.1S
ed

IPv6- IP 59 No Next ipv6-nonxt Cisco IOS XE


NONXT Header for Release 3.1S
IPv6

IPv6-Opts IP 60 Destinatio ipv6-opts Cisco IOS XE


n Options Release 3.1S
for IPv6

IPv6-Route IP 43 Routing ipv6-route Cisco IOS XE


Header for Release 3.1S
IPv6

IRTP IP 28 Internet irtp Cisco IOS XE


Reliable Release 3.1S
Transactio
n

ISIS IP 124 ISIS over isis Cisco IOS XE


IPv4 Release 3.1S

ISO-TP4 IP 29 ISO iso-tp4 Cisco IOS XE


Transport Release 3.1S
Protocol
Class 4

IXP-in-IP IP 111 IPX in IP ixp-in-ip Cisco IOS XE


Release 3.1S

LARP IP 91 Locus larp Cisco IOS XE


Address Release 3.1S
Resolutio
n Protocol

Leaf-1 IP 25 Leaf-1 leaf-1 Cisco IOS XE


Release 3.1S

6to4 IPv6 L3 Protocol -- 6to4 IPv6 6to4 IPv6 Cisco IOS XE


Tunneled Tunneled Tunneled Release 3.2S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


75
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
AYIYA IPv6 UDP 5072 IPv6 Tunneled AYIYA IPv6 Cisco IOS XE
Tunneled based on Tunneled Release 3.2S
AYIYA traffic

BabelGum TCP, UDP 80 + BabelGum BabelGum Cisco IOS XE


Heuristic Release 3.2S

Baidu TCP, UDP 80 + Baidu Baidu Movie Cisco IOS XE


Movie Heuristic Movie Release 3.2S

DHCP UDP 67,68 Dynamic dhcp Cisco IOS XE


Host Release 3.2S
Configura
tion
Protocol

DHT UDP Heuristic Distribute DHT Cisco IOS XE


d sloppy Release 3.2S
Hash
Table
Protocol

Filetopia TCP Heuristic Filetopia filetopia Cisco IOS XE


P2P file Release 3.2S
sharing

Fring-VoIP UDP Heuristic Fring fring-voip Cisco IOS XE


VoIP Release 3.3S

GoogleEart TCP 80 + GoogleEa GoogleEarth Cisco IOS XE


h Heuristic rth Release 3.2S

Guruguru TCP Heuristic Guruguru guruguru Cisco IOS XE


Release 3.2S

IMAP TCP 143,220 Internet imap Cisco IOS XE


Mail Release 3.2S
Access
Protocol

IRC TCP 80 + IRC IRC Cisco IOS XE


Heuristic Release 3.2S

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


76
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
ISATAP L3 Protocol Intra-Site ISATAP IPv6 Cisco IOS XE
IPv6 Automatic Tunneled Release 3.2S
Tunneled Tunnel
Addressin
g Protocol
(ISATAP)
IPv6
Tunneled

iTunes TCP 80 + iTunes iTunes Cisco IOS XE


Heuristic Release 3.2S

Kuro TCP Heuristic Kuro kuro Cisco IOS XE


Release 3.3S

Manolito TCP, UDP TCP - Manolito manolito Cisco IOS XE


Heuristic P2P music Release 3.2S
port, UDP sharing
- 41170 protocol

MapleStory TCP Heuristic Maple MapleStory Cisco IOS XE


Story Release 3.2S
Gaming
Protocol

Cisco IOS XE Release MGCP TCP, UDP UDP 2427/2727 - Me mgcp


3.2S TCP dia
2427/2428/2727 + Ga
Heuristic te
wa
y
Co
ntr
ol
Pr
oto
col

Microsoftds TCP, UDP 445 Microsoft-ds microsoftds Cisco IOS XE


Release 3.3S
MSN TCP 1080,1863 MSN Messenger msn-messenger Cisco IOS XE
Messenger , 80, Release 3.3S
Hueristic

MyJabber TCP Heuristic MyJabber MyJabber File Cisco IOS XE


File File Transfer Release 3.2S
Transfer Transfer

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


77
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Napster TCP 80 + Napster napster Cisco IOS XE
Heuristic Release 3.2S

Netshow TCP 1755 + Netshow netshow Cisco IOS XE


Heuristic Release 3.2S

NNTP TCP TCP - 119 Network NNTP Cisco IOS XE


+ News Release 3.2S
Heuristic, Transfer
UDP -119 Protocol

NTP UDP 123 Network NTP Cisco IOS XE


Time Release 3.2S
Protocol

Pando TCP,UDP TCP - 80 + Pando Pando Cisco IOS XE


Heuristic, Release 3.2S
UDP -
Heuristic

POCO TCP, UDP Heuristic POCO POCO Cisco IOS XE


File- Release 3.2S
Sharing
Applicatio
n

POP3 TCP 110, POP3 POP3 Cisco IOS XE


Heuristic Release 3.2S

PPTP TCP 1723 Point-to- pptp Cisco IOS XE


Point Release 3.2S
Tunneling
Protocol

RADIUS UDP 1812, 1813 Remote radius Cisco IOS XE


Authentic Release 3.3S
ation Dial
In User
Service
protocol

Cisco IOS XE Release SIP TCP, UDP TCP/UDP - 5060 Se sip


3.1S + Heuristic ssi
on
Ini
tiat
ion
Pr
oto
col

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


78
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Skinny TCP 2000-200 Skinny Call skinny Cisco IOS XE
2 Control Protocol Release 3.3S

Soribada TCP TCP - 80 Soribada, soribada Cisco IOS XE


+ Korean P2P Release 3.2S
Heuristic, music sharing
UDP - Protocol
Heuristic

Soulseek TCP Heuristic SoulSeek soulseek Cisco IOS XE


internet Release 3.3S
download
manager
Protocol

TeamSpeak UDP Heuristic TeamSpea TeamSpeak Cisco IOS XE


k internet Release 3.2S
based
voice-
conferenci
ng
Protocol

Telepresenc TCP,UDP TCP- Teleprese telepresence- Cisco IOS XE


e-control 5060, nce- control Release 3.2S
UDP- control
Heuristic

Teredo TCP,UDP TCP- Teredo teredo-ipv6- Cisco IOS XE


IPv6 Heuristic, IPv6 tunneled Release 3.2S
Tunneled UDP - Tunneled
3544 +
Heuristic

TFTP UDP 69 Trivial tftp Cisco IOS XE


File Release 3.2S
Transfer
Protocol

TomatoPan TCP Heuristic TomatoPa TomatoPang Cisco IOS XE


g ng P2P Release 3.2S
Sharing
Protocol

Tunnel- TCP 80 + HTTP tunnel-http Cisco IOS XE


HTTP Heuristic Tunneling Release 3.2S

Ventrilo TCP, UDP Heuristic Ventrilo Ventrilo Cisco IOS XE


VoIP Release 3.2S
Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


79
NBAR Protocol Discovery
Flow Table Sizing

Category Protocol Type WKP/IP Description Syntax Cisco IOS XE


Protocol Release
Waste TCP/UDP Heuristic Waste waste Cisco IOS XE
Release 3.3S

WebThund TCP, UDP TCP-80, WebThun WebThunder Cisco IOS XE


er UDP- der Peer- Release 3.2S
Heuristic to-Peer
File
Sharing

Yahoo- TCP TCP-5050/ Yahoo yahoo- Cisco IOS XE


Messenger 5101/1080/ Messenge messenger Release 3.3S
119/80 / r
Heuristic

Yahoo- TCP/UDP Heuristic Yahoo yahoo-voip- Cisco IOS XE


Messenger- Messenger VoIP messenger Release 3.3S
VoIP
Yahoo- TCP/UDP 5060/ Yahoo VoIP yahoo-voip-over- Cisco IOS XE
Messenger- Heuristic over SIP sip Release 3.4S
VoIP
Yahoo-
VoIP-over-
SIP

NBAR Protocol Discovery


NBAR includes a feature called Protocol Discovery. Protocol discovery provides an easy way to discover
protocol packets passing through an interface. For more information about Protocol Discovery, see the
"Enabling Protocol Discovery" module.

NBAR Protocol Discovery MIB


The NBAR Protocol Discovery MIB expands the capabilities of NBAR Protocol Discovery by providing
the following new functionality through Simple Network Management Protocol (SNMP):
• Enable or disable Protocol Discovery per interface.
• Display Protocol Discovery statistics.
• Configure and display multiple top-n tables that list protocols by bandwidth usage.
• Configure thresholds based on traffic of particular NBAR-supported protocols or applications that
report breaches and send notifications when these thresholds are exceeded.
For more information about the NBAR Protocol Discovery MIB, see the "Network-Based Application
Recognition Protocol Discovery Management Information Base" module.

NBAR Configuration Processes


You can configure NBAR in the following two ways:

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


80
Restarting NBAR
Flow Table Sizing

• Configuring NBAR using the MQC


• Enabling Protocol Discovery
For more information about the NBAR configuration, see the Cisco IOS XE QoS Configuration Guide.

Restarting NBAR
NBAR is restarted under the following circumstances.
• Custom protocol addition via CLI
• PDLM load
• RP switchover
• FP switchover
• Protocol pack installation
• Link-age change
Restart involves deactivating and reactivating NBAR. During this time, all packets are classified as
‘Unknown’ by NBAR. Once NBAR is reactivated, classification is activated.

Note Protocol Discovery statistics will be lost with RP Switchover.

NBAR Protocol Pack


The NBAR Protocol Pack provides an easy way to update protocols supported by NBAR without replacing
the base IOS image that is already present in the router. A protocol pack is a set of protocols developed and
packed together. For more information about the NBAR Protocol Pack, see the NBAR Protocol Pack
feature document in Cisco IOS XE QoS Configuration Guide.

NBAR and Multipacket Classification


In Cisco IOS XE Release 3.3S, NBAR provides the ability to search large number of multipacket
signatures simultaneously. This new technique is supported for many of the new protocols in Cisco IOS XE
Release 3.3S and later releases. This technique also provides improved performance and accuracy for other
protocols. Along with the support for new signatures, the multipacket classification capabilities change
NBAR behavior in the following ways:
1 NBAR classification requires any number of payload packets between 1 and 15 packets in a flow
depending on the protocol. Retransmitted packets are not counted in this process of calculation.
2 NBAR will not classify flows without any payload packets or any TCP payload packet with a wrong
sequence number even if there are 15 payload packets for classification.
3 TCP retransmitted packets are not counted as valid packets for classification in the Multipacket Engine
module. These type of packets can delay the classification until a sufficient number of valid payload
packets are accumulated.
4 Payload packets with only static signatures in NBAR are classified after the single-packet and
multipacket protocols are processed and failed. Therefore, a maximum of 15 payload packets can be
classified as unknown until the final (static) classification decision is taken.
5 Due to these restrictions, custom protocols can be used to force the classification of the first packet,
ignoring the existence of payload or correct sequence numbers in the port-based classification.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


81
NBAR on VRF Interfaces
NBAR Support for IPv6 from Cisco IOS XE Release 3.5S and Later Releases

NBAR on VRF Interfaces


In Cisco IOS XE Release 3.3S and later releases, the NBAR IPv4 and IPv6 classification on VRF interfaces
is supported.

Note Classification for Citrix protocol with "app" subclassification is not guaranteed on VRF interfaces when
NBAR is enabled on VRF interfaces.

NBAR and IPv6


In Cisco IOS XE Release 3.3S and later releases, the following types of classification are supported:
• NBAR provides static port-based classification and IP protocol-based classification for IPv6 packets.
• NBAR supports IPv6 classification in protocol discovery mode, but not in MQC mode.
• NBAR always reads the next header field in the fixed IPv6 header to determine the transport layer
protocol used by the packet’s payload for IPv6 packets. If an IPv6 packet contains one or more
extension headers, NBAR will not skip to the last IPv6 extension header to read the actual protocol
type instead, NBAR classifies the packet as an IPv6 extension header packet.
• NBAR Support for IPv6 from Cisco IOS XE Release 3.5S and Later Releases, page 82

NBAR Support for IPv6 from Cisco IOS XE Release 3.5S and Later Releases
In Cisco IOS XE Release 3.5S and later releases, NBAR supports the following types of classification:
• Native IPv6 classification.
• Classification of IPv6 traffic flows inside tunneled IPv6 over IPv4 and teredo.
• IPv6 classification in protocol discovery mode and in MQC mode.
• Static and stateful classification.
• Flexible NetFlow with NBAR based fields on IPv6.
NBAR supports IPv6 in IPv4 (6to4, 6rd, and ISATAP), and teredo tunneled classification. The ip nbar
classification tunneled-traffic command is used to enable the tunneled traffic classification. When the
tunneled traffic classification is enabled, NBAR performs an application classification of the IPv6 packets
carried inside IPv4 traffic. If the ip nbar classification tunneled-traffic command is disabled, the tunneled
IPv6 packets are handled as IPv4 packets.
NBAR supports the capture of IPv6 fields and allows the creation of IPv6 traffic-based flow monitors.
When you enable the ipv6 flow monitor command, the monitor is bound to the interface, NBAR
classification is applied to the IPv6 traffic type, and Flexible NetFlow captures the application IDs in the
IPv6 traffic flow.

NBAR Categorization and Attributes


The NBAR Categorization and Attributes feature provides the mechanism to match protocols or
applications based on certain attributes. As there are many protocols and applications, categorizing them
into different groups will help with reporting as well as performing group actions, such as applying QoS
policies, on them. Attributes are statically assigned to each protocol or application, and they are not

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


82
How to Configure Attribute-Based Protocol Match
Configuring Attribute-Based Protocol Match

dependent on the traffic. The following attributes are available to configure the match criteria using the
match protocol attribute command. They are:
• application-group: The application-group attribute allows the configuration of applications grouped
together based on the same networking application as the match criteria. For example, Yahoo-
Messenger, Yahoo-VoIP-messenger, and Yahoo-VoIP-over-SIP are grouped together under the yahoo-
messenger-group.
• category: The category attribute allows you to configure applications that are grouped together based
on the first level of categorization for each protocol as the match criteria. Similar applications are
grouped together under one category. For example, the email category contains all email applications
such as, Internet Mail Access Protocol (IMAP), Simple Mail Transfer Protocol (SMTP), Lotus Notes,
and so forth.
• sub-category: The sub-category attribute provides the option to configure applications grouped
together based on the second level of categorization for each protocol as the match criteria. For
example, clearcase, dbase, rda, mysql and other database applications are grouped under the database
group.
• encrypted: The encrypted attribute provides the option to configure applications grouped together
based on whether the protocol is an encrypted protocol or not as the match criteria. Applications are
grouped together based on whether they are encrypted and non-encrypted status of the applications.
Protocols for which the NBAR does not provide any value are categorized under the unassigned
encrypted group.
• tunnel: The tunnel attribute provides the option to configure protocols based on whether or not a
protocol tunnels the traffic of other protocols. Protocols for which the NBAR does not provide any
value are categorized under the unassigned tunnel group. For example, Layer 2 Tunneling Protocols
(L2TP).

Note Attribute-based protocol match configuration does not impact the granularity of classification either in
reporting or in the protocol discovery information.

How to Configure Attribute-Based Protocol Match


• Configuring Attribute-Based Protocol Match, page 83

Configuring Attribute-Based Protocol Match


Perform this task to configure the attribute-based protocol match.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


83
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Configuring Attribute-Based Protocol Match

SUMMARY STEPS

1. enable
2. configure terminal
3. class-map [type] [match-all | match-any] class-map-name
4. match protocol attribute application-group application-group [application-name]
5. match protocol attribute category application-category [application-name]
6. match protocol attribute encrypted {encrypted-no | encrypted-unassigned | encrypted-yes}
[application-name]
7. match protocol attribute sub-category application-category [application-name]
8. match protocol attribute tunnel {tunnel-no | tunnel-unassigned | tunnel-yes} [application-name]
9. end

DETAILED STEPS

Step 1 enable

Example:
Router> enable

Enables privileged EXEC mode.


• Enter your password if prompted.
Step 2 configure terminal

Example:
Router# configure terminal

Enters global configuration mode.


Step 3 class-map [type] [match-all | match-any] class-map-name

Example:
Router(config)# class-map cmap1

Creates a class map to be used for matching packets to a specified class and enters class-map configuration mode.
• Enter the name of the class map.
Step 4 match protocol attribute application-group application-group [application-name]

Example:
Router(config-cmap)# match protocol attribute application-group skype

Configures the specified application group as the match criterion.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


84
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Configuring Attribute-Based Protocol Match

• (Optional) Use the application-name attribute to configure the application and not the application group as the
match criterion. The configuration is saved as match protocol application-name instead of match protocol
attribute application-group application-group.
Step 5 match protocol attribute category application-category [application-name]

Example:
Router(config-cmap)# match protocol attribute category email

Configures the specified category as the match criteria attribute.


• (Optional) Use the application-name attribute to configure a specific application, and not the application
category, as the match criterion. The configuration is saved as match protocol application-name instead of
match protocol attribute category application-category.
Step 6 match protocol attribute encrypted {encrypted-no | encrypted-unassigned | encrypted-yes} [application-name]

Example:
Router(config-cmap)# match protocol attribute encrypted encrypted-yes

Configures the specified encryption status as the match criterion.


• Enter the encrypted-yes keyword to match all encrypted applications.
or
Enter the encrypted-no keyword to match all nonencrypted applications.
or
Enter the encrypted-unassigned keyword to match all applications that are not assigned any encryption status.
• (Optional) Use the application-name attribute to configure application within the specified encrypted status as the
match criterion. The configuration is saved as match protocol application-name instead of match protocol
attribute encrypted {encrypted-no | encrypted-unassigned | encrypted-yes}.
Step 7 match protocol attribute sub-category application-category [application-name]

Example:
Router(config-cmap)# match protocol attribute sub-category client-server

Configures the specified sub-category as the match criteria attribute.


• (Optional) Use the application-name attribute to configure a specific application, and not the sub-category, as the
match criterion. The configuration is saved as match protocol application-name instead of match protocol
attribute sub-category application-category.
Step 8 match protocol attribute tunnel {tunnel-no | tunnel-unassigned | tunnel-yes} [application-name]

Example:
Router(config-cmap)# match protocol attribute tunnel tunnel-yes

Configures the specified encryption status as the match criterion.


• Enter the tunnel-no keyword to specify the applications that are not tunneled as the match criterion.
or

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


85
Example: Classification of HTTP Traffic Using the HTTP Header Fields
Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software

Enter the tunnel-unassigned keyword to specify the applications that are unassigned for tunneling as the match
criterion.
or
Enter the tunnel-yes keyword to specify the tunneled applications as the match criterion.
• (Optional) Use the application-name attribute to configure a specific application within the specified tunneling
status as the match criterion. The configuration is saved as match protocol application-name instead of match
protocol attribute tunnel {tunnel-no | tunnel-unassigned | tunnel-yes}.
Step 9 end

Example:
Router(config-cmap)# end

Exits class-map configuration mode and returns to privileged EXEC mode.

Configuration Examples for Classifying Network Traffic Using


NBAR in Cisco IOS XE Software
• Example: Classification of HTTP Traffic Using the HTTP Header Fields, page 86
• Example: Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify
HTTP Traffic, page 87
• Example: NBAR and Classification of Custom Protocols and Applications, page 87
• Example: NBAR and Classification of Peer-to-Peer File-Sharing Applications, page 88
• Example: Configuring Attribute-Based Protocol Match, page 89

Example: Classification of HTTP Traffic Using the HTTP Header Fields


In the following example, any request message that contains "[email protected]" in the User-Agent,
Referer, or From field will be classified by NBAR. Typically, a term with a format similar to
"[email protected]" would be found in the From header field of the HTTP request message.

class-map match-all class1


match protocol http from "[email protected]"

In the following example, any request message that contains "http://www.cisco.com/routers" in the User-
Agent, Referer, or From field will be classified by NBAR. Typically, a term with a format similar to "http://
www.cisco.com/routers" would be found in the Referer header field of the HTTP request message.

class-map match-all class2


match protocol http referer "http://www.cisco.com/routers"

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


86
Example: Combinations of Classification of HTTP Headers and URL Host or MIME Type to Identify HTTP Traffic
Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software

In the following example, any request message that contains "CERN-LineMode/2.15" in the User-Agent,
Referer, or From header field will be classified by NBAR. Typically, a term with a format similar to
"CERN-LineMode/2.15" would be found in the User-Agent header field of the HTTP request message.

class-map match-all class3


match protocol http user-agent "CERN-LineMode/2.15"

In the following example, any response message that contains "CERN/3.0" in the Content-Base (if
available), Content-Encoding, Location, or Server header field will be classified by NBAR. Typically, a
term with a format similar to "CERN/3.0" would be found in the Server header field of the response
message.

class-map match-all class4


match protocol http server "CERN/3.0"

In the following example, any response message that contains "http://www.cisco.com/routers" in the
Content-Base (if available), Content-Encoding, Location, or Server header field will be classified by
NBAR. Typically, a term with a format similar to "http://www.cisco.com/routers" would be found in the
Content-Base (if available) or Location header field of the response message.

class-map match-all class5


match protocol http location "http://www.cisco.com/routers"

In the following example, any response message that contains "gzip" in the Content-Base (if available),
Content-Encoding, Location, or Server header field will be classified by NBAR. Typically, the term "gzip"
would be found in the Content-Encoding header field of the response message.

class-map match-all class6


match protocol http content-encoding "gzip"

Example: Combinations of Classification of HTTP Headers and URL Host or


MIME Type to Identify HTTP Traffic
In the following example, HTTP header fields are combined with a URL to classify traffic. In this example,
traffic with a User-Agent field of "CERN-LineMode/3.0" and a Server field of "CERN/3.0," along with
URL "www.cisco.com/routers," will be classified using NBAR:

class-map match-all c-http


match protocol http user-agent "CERN-LineMode/3.0"
match protocol http server "CERN/3.0"
match protocol http url "www.cisco.com/routers"

Example: NBAR and Classification of Custom Protocols and Applications


In the following example, the custom protocol app-sales1 will identify TCP packets that have a source port
of 4567 and that contain the term "SALES" in the fifth byte of the payload:

Router(config)# ip nbar custom app-sales1 5 ascii SALES source tcp 4567

In the following example, the custom protocol virus-home will identify UDP packets that have a
destination port of 3000 and that contain "0x56" in the seventh byte of the payload:

Router(config)# ip nbar custom virus-home 7 hex 0x56 destination udp 3000

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


87
Example: NBAR and Classification of Peer-to-Peer File-Sharing Applications
Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software

In the following example, the custom protocol media_new will identify TCP packets that have a destination
or source port of 4500 and that have a value of 90 at the sixth byte of the payload:

Router(config)# ip nbar custom media_new 6 decimal 90 tcp 4500

In the following example, the custom protocol msn1 will look for TCP packets that have a destination or
source port of 6700:

Router(config)# ip nbar custom msn1 tcp 6700

In the following example, the custom protocol mail_x will look for UDP packets that have a destination
port of 8202:

Router(config)# ip nbar custom mail_x destination udp 8202

In the following example, the custom protocol mail_y will look for UDP packets that have destination ports
between 3000 and 4000 inclusive:

Router(config)# ip nbar custom mail_y destination udp range 3000 4000

Example: NBAR and Classification of Peer-to-Peer File-Sharing


Applications
The match protocol gnutella file-transfer regular-expression and match protocol fasttrack file-transfer
regular-expression commands are used to enable Gnutella and FastTrack classification in a traffic class.
The file-transfer keyword indicates that a regular expression variable will be used to identify specific
Gnutella or FastTrack traffic. The regular-expression variable can be expressed as "*" to indicate that all
FastTrack or Gnutella traffic be classified by a traffic class.
In the following example, all FastTrack traffic is classified into class map nbar:

class-map match-all nbar


match protocol fasttrack file-transfer "*"

Similarly, all Gnutella traffic is classified into class map nbar in the following example:

class-map match-all nbar


match protocol gnutella file-transfer "*"

Wildcard characters in a regular expression can also be used to identify specified Gnutella and FastTrack
traffic. These regular expression matches can be used to match on the basis of a filename extension or a
particular string in a filename.
In the following example, all Gnutella files that have the .mpeg extension will be classified into class map
nbar:

class-map match-all nbar


match protocol gnutella file-transfer "*.mpeg"

In the following example, only Gnutella traffic that contains the characters "cisco" is classified:

class-map match-all nbar


match protocol gnutella file-transfer "*cisco*"

The same examples can be used for FastTrack traffic:

class-map match-all nbar


match protocol fasttrack file-transfer "*.mpeg"

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


88
Example: Configuring Attribute-Based Protocol Match
Configuration Examples for Classifying Network Traffic Using NBAR in Cisco IOS XE Software

or

class-map match-all nbar


match protocol fasttrack file-transfer "*cisco*"

Example: Configuring Attribute-Based Protocol Match


The match protocol attributes command is used to configure different attributes as the match criteria for
application recognition.
In the following example, the email-related applications category is configured as the match criterion:
Router# configure terminal
Router(config)# class-map mygroup
Router(config-cmap)# match protocol attribute category email

In the following example, skype-group applications are configured as the match criterion:
Router# configure terminal
Router(config)# class-map apps
Router(config-cmap)# match protocol attribute application-group skype-group

In the following example, encrypted applications are configured as the match criterion:
Router# configure terminal
Router(config)# class-map my-class
Router(config-cmap)# match protocol encrypted encrypted-yes

In the following example, Client-server subcategory applications are configured as the match criterion:
Router# configure terminal
Router(config)# class-map newmap
Router(config-cmap)# match protocol attribute sub-category client-server

In the following example, tunneled applications are configured as the match criterion:
Router# configure terminal
Router(config)# class-map mygroup
Router(config-cmap)# match protocol attribute tunnel tunnel-yes

The following sample output from the show ip nbar attribute command displays the details of all the
attributes:
Router# show ip nbar attribute
Name : category
Help : category attribute
Type : group
Groups : email, newsgroup, location-based-services, instant-messaging, netg
Need : Mandatory
Default : other

Name : sub-category
Help : sub-category attribute
Type : group
Groups : routing-protocol, terminal, epayement, remote-access-terminal, nen
Need : Mandatory
Default : other

Name : application-group
Help : application-group attribute
Type : group
Groups : skype-group, wap-group, pop3-group, kerberos-group, tftp-group, bp
Need : Mandatory
Default : other

Name : tunnel
Help : Tunnelled applications
Type : group
Groups : tunnel-no, tunnel-yes, tunnel-unassigned
Need : Mandatory
Default : tunnel-unassigned

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


89
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Additional References

Name : encrypted
Help : Encrypted applications
Type : group
Groups : encrypted-yes, encrypted-no, encrypted-unassigned
Need : Mandatory
Default : encrypted-unassigned

The following sample output from the show ip nbar protocol-attribute command displays the details of
the protocols:
Router# show ip nbar protocol-attribute

Protocol Name : ftp


category : file-sharing
sub-category : client-server
application-group : ftp-group
tunnel : tunnel-no
encrypted : encrypted-no

Protocol Name : http


category : browsing
sub-category : other
application-group : other
tunnel : tunnel-no
encrypted : encrypted-no

Protocol Name : egp


category : net-admin
sub-category : routing-protocol
application-group : other
tunnel : tunnel-no
encrypted : encrypted-no

Protocol Name : gre


category : net-admin
sub-category : tunneling-protocols
application-group : other
tunnel : tunnel-yes
encrypted : encrypted-no

Additional References
Related Documents

Related Topic Document Title


Cisco IOS commands Cisco IOS Master Commands List, All Releases

QoS commands: complete command syntax, Cisco IOS Quality of Service Solutions Command
command modes, command history, defaults, usage Reference
guidelines, and examples

Classifying network traffic if not using NBAR "Classifying Network Traffic" module

Marking network traffic "Marking Network Traffic" module

MQC "Applying QoS Features Using the MQC" module

Protocol Discovery "Enabling Protocol Discovery" module

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


90
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Additional References

Standards

Standard Title
ISO 0009 File Transfer Protocol (FTP)

ISO 0013 Domain Names - Concepts and Facilities

ISO 0033 The TFTP Protocol (Revision 2)

ISO 0034 Routing Information Protocol

ISO 0053 Post Office Protocol - Version 3

ISO 0056 RIP Version 2

MIBs

MIB MIBs Link


No new or modified MIBs are supported, and To locate and download MIBs for selected
support for existing MIBs has not been modified. platforms, Cisco software releases, and feature sets,
use Cisco MIB Locator found at the following
URL:
http://www.cisco.com/go/mibs

RFCs

RFC Title
RFC 742 NAME/FINGER Protocol

RFC 759 Internet Message Protocol

RFC 768 User Datagram Protocol

RFC 792 Internet Control Message Protocol

RFC 793 Transmission Control Protocol

RFC 821 Simple Mail Transfer Protocol

RFC 827 Exterior Gateway Protocol

RFC 854 Telnet Protocol Specification

RFC 888 "STUB" Exterior Gateway Protocol

RFC 904 Exterior Gateway Protocol Formal Specification

RFC 951 Bootstrap Protocol

RFC 959 File Transfer Protocol

RFC 977 Network News Transfer Protocol

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


91
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Additional References

RFC Title
RFC 1001 Protocol Standard for a NetBIOS Service on a
TCP/UDP Transport: Concepts and Methods

RFC 1002 Protocol Standard for a NetBIOS Service on a


TCP/UDP Transport: Detailed Specifications

RFC 1057 RPC: Remote Procedure Call

RFC 1094 NFS: Network File System Protocol Specification

RFC 1112 Host Extensions for IP Multicasting

RFC 1157 Simple Network Management Protocol

RFC 1282 BSD Rlogin

RFC 1288 The Finger User Information Protocol

RFC 1305 Network Time Protocol

RFC 1350 The TFTP Protocol (Revision 2)

RFC 1436 The Internet Gopher Protocol

RFC 1459 Internet Relay Chat Protocol

RFC 1510 The Kerberos Network Authentication Service

RFC 1542 Clarifications and Extensions for the Bootstrap


Protocol

RFC 1579 Firewall-Friendly FTP

RFC 1583 OSPF Version 2

RFC 1657 Definitions of Managed Objects for the Fourth


Version of the Border Gateway Protocol

RFC 1701 Generic Routing Encapsulation

RFC 1730 Internet Message Access Protocol--Version 4

RFC 1771 A Border Gateway Protocol 4 (BGP-4)

RFC 1777 Lightweight Directory Access Protocol

RFC 1831 RPC: Remote Procedure Call Protocol


Specification Version 2

RFC 1889 A Transport Protocol for Real-Time Applications

RFC 1890 RTP Profile for Audio and Video Conferences with
Minimal Control

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


92
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Additional References

RFC Title
RFC 1928 SOCKS Protocol Version 5

RFC 1939 Post Office Protocol--Version 3

RFC 1945 Hypertext Transfer Protocol--HTTP/1.0

RFC 1964 The Kerberos Version 5 GSS-API Mechanism

RFC 2045 Multipurpose Internet Mail Extension (MIME) Part


One: Format of Internet Message Bodies

RFC 2060 Internet Message Access Protocol--Version 4 rev1

RFC 2068 Hypertext Transfer Protocol--HTTP/1.1

RFC 2131 Dynamic Host Configuration Protocol

RFC 2205 Resource ReSerVation Protocol (RSVP)--Version 1


Functional Specification

RFC 2236 Internet Group Management Protocol, Version 2

RFC 2251 Lightweight Directory Access Protocol (v3)

RFC 2252 Lightweight Directory Access Protocol (v3):


Attribute Syntax Definitions

RFC 2253 Lightweight Directory Access Protocol (v3): UTF-8


String Representation of Distinguished Names

RFC 2401 Security Architecture for the Internet Protocol

RFC 2406 IP Encapsulating Security Payload

RFC 2453 RIP Version 2

RFC 2616 Hypertext Transfer Protocol--HTTP/1.1


Note This RFC updates RFC 2068.

Technical Assistance

Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/
provides online resources to download index.html
documentation, software, and tools. Use these
resources to install and configure the software and
to troubleshoot and resolve technical issues with
Cisco products and technologies. Access to most
tools on the Cisco Support and Documentation
website requires a Cisco.com user ID and
password.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


93
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Feature Information for Classifying Network Traffic Using NBAR

Feature Information for Classifying Network Traffic Using


NBAR
The following table provides release information about the feature or features described in this module.
This table lists only the software release that introduced support for a given feature in a given software
release train. Unless noted otherwise, subsequent releases of that software release train also support that
feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 5 Feature Information for Classifying Network Traffic Using NBAR in Cisco IOS XE software

Feature Name Releases Feature Information


Additional PDL Support for Cisco IOS XE Release 3.1S The additional PDL Support for
NBAR NBAR feature provides support
for additional PDLs.
The following section provides
information about this feature:
NBAR and Classification of
HTTP Traffic, page 4

Enhanced NBAR Cisco IOS XE Release 3.2S The Enhanced NBAR feature
provides additional PDLs for
Cisco IOS XE Release 3.2S.
The following section provides
information about this feature:
NBAR-Supported Protocols,
page 13

NBAR Categorization and Cisco IOS XE Release 3.4S The NBAR Categorization and
Attributes Attributes feature provides the
mechanism of matching the
protocols grouped under specific
categories based on the attributes.
These categories are available for
Class-Based Policy Language
(CPL) as a match criteria for
application recognition.
The following section provides
information about this feature:
NBAR Categorization and
Attributes, page 82

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


94
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Feature Information for Classifying Network Traffic Using NBAR

Feature Name Releases Feature Information


NBAR Classification Cisco IOS XE Release 3.5S The NBAR Classification
Enhancements for IOS-XE3.5 Enhancements feature provides
additional classification support
for native IPv6 classification and
classification of flows inside
tunneled IPv6 over IPv4.
The following section provides
information about this feature:
NBAR Support for IPv6 from
Cisco IOS XE Release 3.5S and
Later Releases, page 82
The following commands were
introduced or modified: ip nbar
classification tunneled-traffic,
option (FNF).

NBAR PDLM Supported in ASR Cisco IOS XE Release 2.5 This feature was integrated into
1000 Release 2.5 Cisco IOS XE Release 2.5.
Cisco IOS XE Release 3.1S
NBAR-supported protocols were
Cisco IOS XE Release 3.3S added for this release.
The following section provides
information about this feature:
NBAR-Supported Protocols,
page 13
The following command was
modified: match protocol
(NBAR).

NBAR Protocols Cisco IOS XE Release 2.3 This feature was integrated into
Cisco IOS XE Release 2.3.
NBAR-supported protocols were
added for this release.
The following section provides
information about this feature:
NBAR-Supported Protocols,
page 13
The following command was
modified: match
protocol(NBAR).

NBAR Real-time Transport Cisco IOS XE Release 2.1 This feature was introduced on
Protocol Payload Classification Cisco ASR 1000 Series
Aggregation Services Routers.
The following section provides
information about this feature:
NBAR-Supported Protocols,
page 13

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


95
Classifying Network Traffic Using NBAR in Cisco IOS XE Software
Glossary

Feature Name Releases Feature Information


NBAR Static IPv4 IANA Cisco IOS XE Release 3.1S This feature was introduced on
Protocols Pack1 Cisco ASR 1000 Series
Aggregation Services Routers.
The following section provides
information about this feature:
NBAR-Supported Protocols,
page 13

NBAR VRF aware Cisco IOS XE Release 3.3S This feature was introduced on
Cisco ASR 1000 Series
Aggregation Services Routers.
The following section provides
information about this feature:
NBAR Scalability, page 11

Glossary
Encryption—Encryption is the application of a specific algorithm to data so as to alter the appearance of
the data, making it incomprehensible to those who are not authorized to see the information.
HTTP —Hypertext Transfer Protocol. The protocol used by web browsers and web servers to transfer
files, such as text and graphic files.
IANA —Internet Assigned Numbers Authority. An organization operated under the auspices of the Internet
Society (ISOC) as a part of the Internet Architecture Board (IAB). IANA delegates authority for IP
address-space allocation and domain-name assignment to the InterNIC and other organizations. IANA also
maintains a database of assigned protocol identifiers used in the TCP/IP stack, including autonomous
system numbers.
LAN —Local-area network. A high-speed, low-error data network that covers a relatively small geographic
area (up to a few thousand meters). LANs connect workstations, peripherals, terminals, and other devices in
a single building or other geographically limited area. LAN standards specify cabling and signaling at the
physical and data link layers of the Open System Interconnection (OSI) model. Ethernet, FDDI, and Token
Ring are widely used LAN technologies.
MIME —Multipurpose Internet Mail Extension. The standard for transmitting nontext data (or data that
cannot be represented in plain ASCII code) in Internet mail, such as binary, foreign language text (such as
Russian or Chinese), audio, and video data. MIME is defined in RFC 2045, Multipurpose Internet Mail
Extension (MIME) Part One: Format of Internet Message Bodies .
MPLS —Multiprotocol Label Switching. A switching method that forwards IP traffic using a label. This
label instructs the routers and the switches in the network where to forward the packets based on
preestablished IP routing information.
MQC —Modular quality of service command-line interface. A CLI that allows you to define traffic
classes, create and configure traffic policies (policy maps), and then attach the policy maps to interfaces.
Policy maps are used to apply the appropriate quality of service (QoS) to network traffic.
Protocol Discovery —A feature included with NBAR. Protocol Discovery provides a way to discover the
application protocols that are operating on an interface.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


96
Classifying Network Traffic Using NBAR in Cisco IOS XE Software

QoS —Quality of service. A measure of performance for a transmission system that reflects its
transmission quality and service availability.
RTCP —RTP Control Protocol. A protocol that monitors the QoS of an IPv6 Real-Time Transport
Protocol (RTP) connection and conveys information about the ongoing session.
Stateful protocol —A protocol that uses TCP and UDP port numbers that are determined at connection
time.
Static protocol —A protocol that uses well-defined (predetermined) TCP and UDP ports for
communication.
Subport classification —The classification of network traffic by information that is contained in the
packet payload, that is, information found beyond the TCP or UDP port number.
TCP —Transmission Control Protocol. A connection-oriented transport layer protocol that provides
reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack.
Tunneling —Tunneling is an architecture that is designed to provide the services necessary to implement
any standard point-to-point encapsulation scheme.
UDP —User Datagram Protocol. A connectionless transport layer protocol in the TCP /IP protocol stack.
UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery,
requiring that error processing and retransmission be handled by other protocols. UDP is defined in RFC
768, User Datagram Protocol .
WAN —Wide-area network. A data communications network that serves users across a broad geographic
area and often uses transmission devices provided by common carriers.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S.
and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be
actual addresses and phone numbers. Any examples, command display output, network topology diagrams,
and other figures included in the document are shown for illustrative purposes only. Any use of actual IP
addresses or phone numbers in illustrative content is unintentional and coincidental.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


97
Example: Configuring Attribute-Based Protocol Match

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


98
Enabling Protocol Discovery
Network-Based Application Recognition (NBAR) includes a feature called Protocol Discovery. Protocol
discovery provides an easy way to discover the application protocol packets that are passing through an
interface. When you configure NBAR, the first task is to enable protocol discovery.
This module contains concepts and tasks for enabling the Protocol Discovery feature.

• Finding Feature Information, page 99


• Prerequisites for Enabling Protocol Discovery, page 99
• Restrictions for Enabling Protocol Discovery, page 99
• Information About Protocol Discovery, page 100
• How to Enable Protocol Discovery, page 101
• Configuration Examples for Protocol Discovery, page 104
• Additional References, page 106
• Feature Information for Enabling Protocol Discovery, page 107

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest feature
information and caveats, see the release notes for your platform and software release. To find information
about the features documented in this module, and to see a list of the releases in which each feature is
supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Prerequisites for Enabling Protocol Discovery


Before enabling Protocol Discovery, read the information in the "Classifying Network Traffic Using
NBAR" module.

Restrictions for Enabling Protocol Discovery


NBAR protocol discovery does not support the following:
• Asymmetric flows with stateful protocols.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


99
Protocol Discovery Overview
Information About Protocol Discovery

Note In the NBAR context, asymmetric flows are the flows in which different packets of the flow go through
different routers, for reasons such as load balancing implementation or asymmetric routing where packets
flow through different routes to different directions.

• NBAR processing. By design, NBAR processing is temporarily disabled during the In-Service
Software Upgrade (ISSU). The following syslog message indicates restart of NBAR classification
once ISSU is complete.
"%NBAR_HA-5-NBAR_INFO: NBAR sync DONE!"
• Multicast packet classification.
• Multiprotocol Label Switching (MPLS)-labeled packets. NBAR classifies IP packets only. You can,
however, use NBAR to classify IP traffic before the traffic is handed over to MPLS. Use the modular
quality of service (QoS) CLI (MQC) to set the IP differentiated services code point (DSCP) field on
the NBAR-classified packets and make MPLS map the DSCP setting to the MPLS experimental
(EXP) setting inside the MPLS header.
• Non-IP traffic.
• Packets that originate from or that are destined to the router running NBAR.
NBAR is not supported on the following logical interfaces:
• Dialer interfaces
• Fast Etherchannel
• Interfaces where tunneling or encryption is used
• Multilink Point-to-Point Protocol (MLPPP)
• Multiprotocol Label Switching (MPLS) VPN Routing and Forwarding (VRF)
• Port channel
• Tunneled interfaces (Generic Router Encapsulation [GRE], IP-IP, Layer 2 Tunneling Protocol [L2TP])

Note You cannot use NBAR to classify output traffic on a WAN link where tunneling or encryption is used.
Therefore, you should configure NBAR on other interfaces of the router (such as a LAN link) to perform
input classification before the traffic is switched to the WAN link.

Information About Protocol Discovery


• Protocol Discovery Overview, page 100

Protocol Discovery Overview


The Protocol Discovery feature of NBAR provides an easy way of discovering the application protocols
passing through an interface so that appropriate QoS features can be applied.
NBAR determines which protocols and applications are currently running on your network. Protocol
discovery provides an easy way of discovering the application protocols that are operating on an interface
so that appropriate QoS features can be applied. With protocol discovery, you can discover any protocol
traffic that is supported by NBAR and obtain statistics that are associated with that protocol.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


100
Enabling Protocol Discovery
Interface Scalability

Protocol discovery maintains the following per-protocol statistics for enabled interfaces:
• Total number of input packets and bytes
• Total number of output packets and bytes
• Input bit rates
• Output bit rates
These statistics can be used when you define classes and traffic policies (sometimes known as policy maps)
for each traffic class. The traffic policies (policy maps) are used to apply specific QoS features and
functionality to the traffic classes.
• Interface Scalability, page 101

Interface Scalability
In Cisco IOS XE Release 2.4 and earlier releases, there is no limit on the number of interfaces on which
protocol discovery can be enabled.
The table below provides the details of the protocol discovery supported interface and the release number.

Table 6 Release and Protocol Discovery Interface Support

Release Number of Interfaces Supported with Protocol Discovery


Cisco IOS XE Release 2.5 128

Cisco IOS XE Release 2.6 256

Cisco IOS XE Release 2.7 32

Cisco IOS XE Release 3.2S 32

Cisco IOS XE Release 3.3S 32

In Cisco IOS XE Release 3.3S and later releases, NBAR supports the following classification:
• Static port-based classification and IP protocol-based classification for IPv6 packets.
• IPv4 and IPv6 classification for IPv4 and IPv6 VPN Routing and Forwarding (VRF) interfaces.

Note The NBAR Protocol Discovery MIB is not supported for the ip nbar protocol-discovery ipv4 and ip nbar
protocol-discovery ipv6 commands.

How to Enable Protocol Discovery


• Enabling Protocol Discovery on an Interface, page 102
• Reporting Protocol Discovery Statistics, page 103

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


101
Enabling Protocol Discovery on an Interface
How to Enable Protocol Discovery

Enabling Protocol Discovery on an Interface


Perform this task to enable protocol discovery on an interface.

SUMMARY STEPS

1. enable
2. configure terminal
3. interface type number [name-tag]
4. ip nbar protocol-discovery [ipv4 | ipv6]
5. end

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:

Router> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Router# configure terminal

Step 3 interface type number [name-tag] Configures an interface type and enters interface configuration mode.
• Enter the interface type and the interface number.
Example:

Router(config)# interface
fastethernet1/1/1

Step 4 ip nbar protocol-discovery [ipv4 | ipv6] Configures NBAR to discover traffic for all protocols that are known to
NBAR on a particular interface.
• (Optional) Enter the ipv4 keyword to enable protocol discovery
Example:
statistics collection for IPv4 packets, or enter the ipv6 keyword to
Router(config-if)# ip nbar protocol- enable protocol discovery statistics collection for IPv6 packets.
discovery
• Specifying either of these keywords enables the protocol discovery
statistics collection for the specified IP version only. If neither
keywords is specified, statistics collection is enabled for both IPv4 and
IPv6.
• The no form of this command is not required to disable a keyword
because the statistics collection is enabled for the specified keyword
only.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


102
Reporting Protocol Discovery Statistics
How to Enable Protocol Discovery

Command or Action Purpose


Step 5 end (Optional) Exits interface configuration mode.

Example:

Router(config-if)# end

Reporting Protocol Discovery Statistics


Perform this task to display a report of the protocol discovery statistics per interface.

SUMMARY STEPS

1. enable
2. show policy-map interface type number
3. show ip nbar protocol-discovery [interface type number] [stats {byte-count | bit-rate | packet-
count| max-bit-rate}] [protocol protocol-name | top-n number]
4. exit

DETAILED STEPS

Command or Action Purpose


Step 1 enable Enables privileged EXEC mode.
• Enter your password if prompted.
Example:

Router> enable

Step 2 show policy-map interface type number (Optional) Displays the packet and class statistics for all policy
maps on the specified interface.
• Enter the interface type and interface number.
Example:

Router# show policy-map interface FastEthernet


1/1/1

Step 3 show ip nbar protocol-discovery [interface type Displays the statistics gathered by the NBAR Protocol
number] [stats {byte-count | bit-rate | packet-count| Discovery feature.
max-bit-rate}] [protocol protocol-name | top-n
• (Optional) Enter keywords and arguments to fine-tune the
number]
statistics displayed. For more information on each of the
keywords, refer to the show ip nbar protocol-discovery
command in Cisco IOS Quality of Service Solutions
Example:
Command Reference.
Router# show ip nbar protocol-discovery
interface Fastethernet1/1/1

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


103
Example: Enabling Protocol Discovery on an Interface
Configuration Examples for Protocol Discovery

Command or Action Purpose


Step 4 exit (Optional) Exits privileged EXEC mode.

Example:

Router# exit

Configuration Examples for Protocol Discovery


• Example: Enabling Protocol Discovery on an Interface, page 104
• Example: Reporting Protocol Discovery Statistics, page 105

Example: Enabling Protocol Discovery on an Interface


In the following sample configuration, protocol discovery is enabled on Fast Ethernet interface 1/1/1:

Router> enable

Router# configure terminal

Router(config)# interface fastethernet1/1/1

Router(config-if)# ip nbar protocol-discovery

Router(config-if)# end

In the following sample configuration, protocol discovery is enabled on Fast Ethernet interface 1/1/2 for
IPv6 packets:

Router> enable

Router# configure terminal

Router(config)# interface fastethernet1/1/2

Router(config-if)# ip nbar protocol-discovery ipv6

Router(config-if)# end

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


104
Example: Reporting Protocol Discovery Statistics
Configuration Examples for Protocol Discovery

In the following sample configuration, protocol discovery is enabled on Fast Ethernet interface 1/1/2 for
IPv6 packets. Later, the protocol discovery is enabled for IPv4 packets and this does not require the no
form for the ipv6 keyword.

Router> enable

Router# configure terminal

Router(config)# interface fastethernet1/1/2

Router(config-if)# ip nbar protocol-discovery ipv6

Router(config-if)# ip nbar protocol-discovery ipv4

Router(config-if)# end

Example: Reporting Protocol Discovery Statistics


The following sample output from the show ip nbar protocol-discovery command displays the five most
active protocols on the Fast Ethernet interface 2/0/1:

Router# show ip nbar protocol-discovery top-n 5

FastEthernet2/0/1
Input Output
----- ------
Protocol Packet Count Packet Count
Byte Count Byte Count
30sec Bit Rate (bps) 30sec Bit Rate (bps)
30sec Max Bit Rate (bps) 30sec Max Bit Rate (bps)
--------------------------- ------------------------ ------------------------
rtp 3272685 3272685
242050604 242050604
768000 768000
2002000 2002000
gnutella 513574 513574
118779716 118779716
383000 383000
987000 987000
ftp 482183 482183
37606237 37606237
121000 121000
312000 312000
http 144709 144709
32351383 32351383
105000 105000
269000 269000
netbios 96606 96606
10627650 10627650
36000 36000
88000 88000
unknown 1724428 1724428
534038683 534038683
2754000 2754000
4405000 4405000
Total 6298724 6298724
989303872 989303872
4213000 4213000
8177000 8177000

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


105
Enabling Protocol Discovery
Additional References

Additional References
Related Documents

Related Topic Document Title


Cisco IOS commands Cisco IOS Master Commands List, All Releases

QoS commands: complete command syntax, Cisco IOS Quality of Service Solutions Command
command modes, command history, defaults, usage Reference
guidelines, and examples

Concepts and information about NBAR "Classifying Network Traffic Using NBAR"
module

MQC "Applying QoS Features Using the MQC" module

Standards

Standard Title
No new or modified standards are supported, and --
support for existing standards has not been
modified.

MIBs

MIB MIBs Link


No new or modified MIBs are supported, and To locate and download MIBs for selected
support for existing MIBs has not been modified. platforms, Cisco software releases, and feature sets,
use Cisco MIB Locator found at the following
URL:
http://www.cisco.com/go/mibs

Technical Assistance

Description Link
The Cisco Support and Documentation website http://www.cisco.com/cisco/web/support/
provides online resources to download index.html
documentation, software, and tools. Use these
resources to install and configure the software and
to troubleshoot and resolve technical issues with
Cisco products and technologies. Access to most
tools on the Cisco Support and Documentation
website requires a Cisco.com user ID and
password.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


106
Enabling Protocol Discovery
Feature Information for Enabling Protocol Discovery

Feature Information for Enabling Protocol Discovery


The following table provides release information about the feature or features described in this module.
This table lists only the software release that introduced support for a given feature in a given software
release train. Unless noted otherwise, subsequent releases of that software release train also support that
feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 7 Feature Information for Enabling Protocol Discovery

Feature Name Releases Feature Information


Protocol Discovery Cisco IOS XE 2.1 Cisco IOS XE This feature was introduced on
3.3S Cisco ASR 1000 Series Routers.
The following sections provide
information about this feature:
The following commands were
introduced: ip nbar protocol
discovery, show ip nbar
protocol discovery.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S.
and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner
does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be
actual addresses and phone numbers. Any examples, command display output, network topology diagrams,
and other figures included in the document are shown for illustrative purposes only. Any use of actual IP
addresses or phone numbers in illustrative content is unintentional and coincidental.

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


107
Example: Reporting Protocol Discovery Statistics

QoS: NBAR Configuration Guide, Cisco IOS XE Release 2


108

You might also like