Release Notes for NBAR2 Protocol Pack 8.0.0

• Release Notes for NBAR2 Protocol Pack 8.0.0, page 1

Release Notes for NBAR2 Protocol Pack 8.0.0

Overview NBAR2 Protocol Pack 8.0.0 contains the Enhanced Web Classification feature that supports multi-transactions export of URLs. For more information on this feature, see Classifying Network Traffic Using NBAR.

Supported Platforms Network Based Application Recognition (NBAR) Protocol Pack 8.0.0 is supported on Cisco ASR 1000 Series Aggregation Services Routers and Cisco ISR G2 Series Integrated Services Routers.

Supported Releases Network Based Application Recognition (NBAR) Protocol Pack 8.0.0 is supported on the following releases: • Cisco IOS XE Release 3.10.0S Version 15.3(3)S • Cisco IOS XE Release 3.11.0S Version 15.4(1)S • Cisco IOS Release Version 15.3(3)M2 - loading NBAR2 Protocol Pack 8.0.0 on previous releases of this train may result in unexpected behavior and possibly crash (CSCuj40124).

New Protocols in NBAR2 Protocol Pack 8.0.0 The following protocols are added to NBAR2 Protocol Pack 8.0.0:

NBAR2 Protocol Pack 8.0.0 1 Release Notes for NBAR2 Protocol Pack 8.0.0 Updated Protocols in NBAR2 Protocol Pack 8.0.0

Common Name Syntax Name Description Ares ares Ares is a P2P network which was originally operating on the Gnutella network. After that, it switched to its own network with a leaves-and-super nodes architecture. Ares Galaxy, which is an open source P2P software, is the main client which makes use of Ares network.

iCloud icloud iCloud is Apple's cloud computing and storage service. It provides data storage (such as music, files and iOS applications) over remote computer servers and enables downloading stored data to multiple devices.

NetBIOS's Datagram netbios-dgm NetBIOS's datagram distribution service is the part of the Distribution Service NetBIOS-over-TCP/UDP protocol suite for connectionless communication. NetBIOS provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. NetBIOS's datagram distribution service provides a connectionless service which means that the error detection and recovery are the application responsibility.

NetBIOS's Session netbios-ssn NetBIOS's session service is the part of the Service NetBIOS-over-TCP/UDP protocol suite for connection oriented communication. NetBIOS provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. NetBIOS's session service allows two machines to form a connection, mechanisms for error detection and recovery and multiple packets messages.

Orbix 2000 Config over orbix-cfg-ssl Orbix is a CORBA ORB (Object Request Broker) from SSL Micro Focus which helps programmers build distributed applications. Orbix cfg (config) works over SSL typically on port 3078.

Secure Simple Mail secure-smtp Simple Mail Transfer Protocol (SMTP) is an Internet Transfer Protocol standard for electronic mail transmission across networks. Secure-smtp refers to a method for securing SMTP with transport layer security, typically works on TCP port 461.

Updated Protocols in NBAR2 Protocol Pack 8.0.0 The following protocols are updated in NBAR2 Protocol Pack 8.0.0:

Protocol Updates corba-iiop-ssl Updated signatures.

NBAR2 Protocol Pack 8.0.0 2 Release Notes for NBAR2 Protocol Pack 8.0.0 Deprecated Protocols in NBAR2 Protocol Pack 8.0.0

Protocol Updates ddm-ssl Updated signatures.

Exchange Updated signatures to support encrypted exchange traffic.

ftps-data Updated signatures.

h323 Updated signatures.

ieee-mms-ssl Updated signatures.

msft-gc-ssl Updated signatures.

Netflix Updated signatures to support Netflix in set-top-boxes, media streamers, game consoles and latest Windows, Apple and Android OSs.

nsiiops Updated signatures.

orbix-loc-ssl Updated signatures.

secure-ftp Updated signatures.

secure-imap Updated signatures.

secure-irc Updated signatures.

secure-ldap Updated signatures.

secure-nntp Updated signatures.

secure-pop3 Updated signatures.

secure-telnet Updated signatures.

sshell Updated signatures.

Deprecated Protocols in NBAR2 Protocol Pack 8.0.0

The predefined custom protocols (named custom-01, custom-02…custom-10) have been deprecated in this protocol pack. In order to define custom protocols, users are advised to use the user-defined custom protocols. Note that in Cisco IOS Release 15.3(3)S and Cisco IOS Release 15.3(3)M, the ip nbar port-map command has been deprecated and therefore, users cannot use the predefined custom protocols anyway. For more information about custom protocols see: http://www.cisco.com/en/US/docs/ios-xml/ios/qos_nbar/configuration/xe-3s/asr1000/clsfy-traffic-nbar.html.

NBAR2 Protocol Pack 8.0.0 3 Release Notes for NBAR2 Protocol Pack 8.0.0 Caveats in NBAR2 Protocol Pack 8.0.0

Caveats in NBAR2 Protocol Pack 8.0.0

Note If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and go to http://www.cisco.com/pcgi-bin/Support/ Bugtool/launch_bugtool.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)

Resolved Caveats in NBAR2 Protocol Pack 8.0.0 The following table lists the resolved caveats in NBAR2 Protocol Pack 8.0.0:

Resolved Caveat Description CSCuh48686 ASR1k/03.09.00.S NBAR doesn't recognize h323 protocol traffic.

CSCui72228 Matching under ms-office-web-apps attributes might be misclassified.

CSCui93597 MS-Lync traffic on Mac and mobile devices may be misclassified.

CSCuj14380 VNC sub-classification doesn't work when protocol-discovery is enabled.

CSCuj40124 Loading NBAR2 Protocol Pack 8.0.0 on Cisco IOS Releases 15.3(3)M or 15.3(3)M1 may result in unexpected behavior and possibly crash.

CSCuj40958 PCoIP with no TH signature performance improvement.

CSCuj58064 Field-extraction for ssl may not work in some cases.

CSCuj67799 Video traffic generated by the webex-meeting iPhone app might be misclassified as video-over-http.

CSCuj76966 NetBIOS traffic might be misclassified as unknown.

CSCul02147 Some cisco-jabber traffic might be misclassified as webex-meeting.

CSCul02157 Some cisco-jabber traffic might be misclassified as ssl.

CSCul18924 Some ms-lync-video traffic via mobile classified as rtp.

Known Caveats in NBAR2 Protocol Pack 8.0.0 The following table lists the known caveats in NBAR2 Protocol Pack 8.0.0:

Known Caveat Description CSCub62860 gtalk-video might be misclassified as rtp.

NBAR2 Protocol Pack 8.0.0 4 Release Notes for NBAR2 Protocol Pack 8.0.0 Restrictions and Limitations in NBAR2 Protocol Pack 8.0.0

Known Caveat Description CSCub89835 gbridge pc client might not be blocked.

CSCuc43505 Traffic generated by AIM Pro might be misclassified as unknown and webex-meeting.

CSCuh49380 PCoIP session-priority configuration limitation.

CSCuh53623 Segmented packets are not classified when using NBAR sub classification.

CSCui50424 When using Microsoft Lync in Office-365, the traffic might be misclassified as rtp or SSL.

CSCum17899 Traffic generated by realmedia might be misclassified as http. The CSCum17899 caveat is specific to Cisco ISR G2 series Integrated Services Routers only.

CSCum95591 Traffic generated by Netflix might be misclassified as http. The CSCum95591 caveat is specific to Cisco ISR G2 series Integrated Services Routers only.

CSCum97248 Traffic generated by xunlei-kanan might be misclassified as http. The CSCum97248 caveat is specific to Cisco ISR G2 series Integrated Services Routers only.

CSCum97251 Traffic generated by gotomypc might be misclassified as http. The CSCum97251 caveat is specific to Cisco ISR G2 series Integrated Services Routers only.

CSCum97253 Traffic generated by oracle-e-business-suite might be misclassified. The CSCum97253 caveat is specific to Cisco ISR G2 series Integrated Services Routers only.

Restrictions and Limitations in NBAR2 Protocol Pack 8.0.0 The following table lists the limitations and restrictions in NBAR2 Protocol Pack 8.0.0:

Protocol Limitation/Restriction bittorrent http traffic generated by the bitcomet bittorrent client might be classified as http

capwap-data For capwap-data to be classified correctly, capwap-control must also be enabled

cisco-jabber Encrypted cisco jabber might be classified as unknown.

ftp During configuring QoS class-map with ftp-data, the ftp protocol must be selected. As an alternative, the ftp application group can be selected.

hulu Encrypted video streaming generated by hulu might be classified as its underlying protocol rtmpe

NBAR2 Protocol Pack 8.0.0 5 Release Notes for NBAR2 Protocol Pack 8.0.0 Downloading NBAR2 Protocol Packs

Protocol Limitation/Restriction logmein Traffic generated by the logmein android app might be misclassified as ssl

ms-lync Login and chat traffic generated by the ms-lync client might be misclassified as ssl

pcanywhere Traffic generated by pcanywhere for mac might be classified as unknown.

qq-accounts Login to QQ applications which is not via web may not be classified as qq-accounts

secondlife Voice traffic generated by secondlife might be misclassified as ssl

Downloading NBAR2 Protocol Packs NBAR2 Protocol Packs are available for download as Software Type 'NBAR2 Protocol Pack' on cisco.com software download page (http://www.cisco.com/cisco/software/navigator.html).

NBAR2 Protocol Pack 8.0.0 6 Release Notes for NBAR2 Protocol Pack 8.0.0 Additional References

Additional References Related Documents

Related Topic Document Title Application Visibility and Control Application Visibility and Control Configuration Guide

Classifying Network Traffic Using NBAR Classifying Network Traffic Using NBAR module

NBAR Protocol Pack NBAR Protocol Pack module

QoS: NBAR Configuration Guide QoS: NBAR Configuration Guide

QoS Command Reference Quality of Service Solutions Command Reference

NBAR2 Protocol Pack 8.0.0 7 Release Notes for NBAR2 Protocol Pack 8.0.0 Additional References

NBAR2 Protocol Pack 8.0.0 8