release notes for nbar2 protocol pack 6.3 - cisco.com · resolved caveat description cscue69212...
TRANSCRIPT
Release Notes for NBAR2 Protocol Pack 6.3.0
• Supported Platforms, page 1
• New Features, page 2
• New Protocols in NBAR2 Protocol Pack 6.3.0, page 2
• Updated Protocols in NBAR2 Protocol Pack 6.3.0, page 4
• Deprecated Protocols in NBAR2 Protocol Pack 6.3.0, page 5
• Caveats in NBAR2 Protocol Pack 6.3.0, page 5
• Restrictions and Limitations in NBAR2 Protocol Pack 6.3.0, page 6
• Recommended Configurations, page 7
Supported PlatformsNetwork-Based Application Recognition (NBAR2) Protocol Pack support is provided for Cisco WirelessLAN Controller platforms, starting with the 7.5 release.
Though the NBAR2 protocol library and the protocol signatures support IPv6 traffic classification, CiscoWireless LAN Controller platforms currently support only IPv4 traffic classification.
Note
NBAR2 Protocol Pack 6.3.0 is supported on the following Cisco Wireless LAN Controller platforms:
• Cisco 5508 Wireless Controller
• Cisco Flex 7500 Series Wireless Controllers
• Cisco 8510 Wireless Controller
• Cisco Wireless Services Module 2 (WiSM2)
The Cisco 2504 Wireless Controller supports Application Visibility and Control, but does not supportprotocol packs.
Note
NBAR2 Protocol Pack 6.3.0 OL-30862-01 1
New FeaturesThe newly added features in this protocol pack are:
• Microsoft Lync Audio/Video separation
• Non-encrypted Cisco-Jabber support
New Protocols in NBAR2 Protocol Pack 6.3.0The following table displays the newly added protocols in NBAR2 Protocol Pack 6.3.0, after NBAR2 ProtocolPack 4.1.1:
DescriptionSyntax NameCommon Name
AirPlay (previously called AirTunes) is a proprietaryprotocol stack/suite developed by Apple Inc. that allowswireless streaming of audio, video, and photos, alongwith related metadata between devices.
airplayAirplay
Cisco Jabber is a unified communications clientapplication that provides presence, instant messaging(IM), voice, and video calling capabilities on manyplatforms. This protocol classifies the audio calls part ofCisco Jabber.
cisco-jabber-audioCisco Jabber Audio
Cisco Jabber is a unified communications clientapplication that provides presence, instant messaging(IM), voice, and video calling capabilities on manyplatforms. This protocol classifies the control andsignaling part of Cisco Jabber.
cisco-jabber-controlCisco Jabber Control
Cisco Jabber is a unified communications clientapplication that provides presence, instant messaging(IM), voice, and video calling capabilities on manyplatforms. This protocol classifies the text messaging partof Cisco Jabber.
cisco-jabber-imCisco Jabber IM
Cisco Jabber is a unified communications clientapplication that provides presence, instant messaging(IM), voice, and video calling capabilities on manyplatforms. This protocol classifies the video calls part ofCisco Jabber.
cisco-jabber-videoCisco Jabber Video
NBAR2 Protocol Pack 6.3.02 OL-30862-01
Release Notes for NBAR2 Protocol Pack 6.3.0New Features
DescriptionSyntax NameCommon Name
Dropbox is a file hosting service operated by DropboxInc., that offers cloud storage, file synchronization, andclient software. Dropbox allows users to create a specialfolder on each of their computers, which Dropbox thensynchronizes so that it appears to be the same folder (withthe same contents) regardless of which computer is usedto view it. Files placed in this folder also are accessiblethrough a website and mobile phone applications.
dropboxDropbox
ESPN is a global television network focused onsports-related programs. espn-browsing is the protocolused for accessing and browsing the websites and mobileapplications of the network for iPhone, iPad, Android,and WinRT.
espn-browsingESPN Browsing
ESPN is a global television network focused onsports-related programs. espn-video is the protocol usedfor watching video streams using browser or mobileapplications for iPhone, iPad, Android, and WinRT.espn-video is used for video streaming services of thenetwork.
espn-videoESPN Video
Microsoft Lync Audio is the audio calls support in MSLync. This protocol classifies the voice part of video calls.The classification is based on STUN and RTP.
ms-lync-audioMicrosoft Lync Audio
Microsoft Lync video is the video calls support in MSLync. This protocol classifies the visual part of the videocall. The voice in the video call is classified asMS-Lync-Audio. The classification is based on STUNand RTP.
ms-lync-videoMicrosoft Lync Video
Outlook Web Service is a protocol that covers a group ofMicrosoft's web email services. It includes Outlook emailservice part of Microsoft Office 365 Business Plan.
outlook-web-serviceOutlook Web Service
QQ general account login and common traffic. The QQAccounts protocol classifies QQ web login traffic overHTTP and is used by QQ applications that require a loginto the QQ accounts via the web browsers such as QQLive.
qq-accountsQQ Accounts
WhatsApp Messenger is a proprietary, cross-platforminstant messaging application for smartphones. In additionto text messaging, users can send images, location,contacts, and video and audio media messages.
whatsappWhatsApp
NBAR2 Protocol Pack 6.3.0 OL-30862-01 3
Release Notes for NBAR2 Protocol Pack 6.3.0New Protocols in NBAR2 Protocol Pack 6.3.0
Updated Protocols in NBAR2 Protocol Pack 6.3.0The following table displays the protocols that have been updated in NBAR2 Protocol Pack 6.3.0, after NBAR2Protocol Pack 4.1.1:
UpdatesProtocol
Updated signatures to allow blocking of the application.bittorrent
Updated signatures.blizwow
Updated signatures to support eMule 0.51aedonkey
Updated signatures to support eMule 0.51aencrypted-emule
Updated signatures.espn-browsing
Updated signatures.espn-video
Updated signatures.gtalk-ft
Updated signatures.hotmail
Updated signatures.imap
Updated signatures.itunes
Updated signatures to support rtp trafficms-lync
Updated signatures to support netflix apps when the client is behind http proxynetflix
Updated signatures.pcoip
Updated signatures.qqlive
Updated signatures to support dynamic payload types.rtp
Updated signatures.sip
The following clients are now supported:
• Skype 6.5.0.158 for Windows
• Skype 6.5.0.443 for Mac
• Skype 6.6.0.467 for Mac
skype
Updated signatures to support sub classification of unique-name.ssl
Updated signatures.telnet
NBAR2 Protocol Pack 6.3.04 OL-30862-01
Release Notes for NBAR2 Protocol Pack 6.3.0Updated Protocols in NBAR2 Protocol Pack 6.3.0
UpdatesProtocol
Updated signatures.tor
Deprecated Protocols in NBAR2 Protocol Pack 6.3.0The following table displays the protocols that are deprecated in NBAR2 Protocol Pack 6.3.0:
ReasonProtocol
Service is no longer available.ghostsurf
Service is no longer available.guruguru
Has been replaced with outlook-web-service.hotmail
Has been replaced with ms-lync.livemeeting
Service is no longer available.megavideo
Have been replaced with ms-lync-audio and ms-lync-video.ms-lync-media
Caveats in NBAR2 Protocol Pack 6.3.0
If you have an account on Cisco.com, you can also use the Bug Search Tool to find select caveats of anyseverity. To reach the Bug Search Tool, log in to Cisco.com and go tohttps://tools.cisco.com/bugsearch/search . (If the defect that you have requested cannot be displayed, thismay be due to one or more of the following reasons: the defect number does not exist, the defect does nothave a customer-visible description yet, or the defect has been marked Cisco Confidential.)
Note
Resolved Caveats in NBAR2 Protocol Pack 6.3.0
The following table lists the resolved caveats in NBAR2 Protocol Pack 6.3.0, after NBAR2 Protocol Pack4.1.1:
DescriptionResolved Caveat
Some Xunlei-KanKan traffic may be misclassified as Xunlei.CSCue08462
Video traffic generated by some ESPN websites might be misclassified asunknown.
CSCuh63870
Web traffic generated by some ESPNwebsites might bemisclassified as unknown.CSCuh63889
NBAR2 Protocol Pack 6.3.0 OL-30862-01 5
Release Notes for NBAR2 Protocol Pack 6.3.0Deprecated Protocols in NBAR2 Protocol Pack 6.3.0
DescriptionResolved Caveat
Traffic generated by qqlive might be misclassified as http.CSCue69212
Bittorrent-networking is not applied to any attributes.CSCug53325
BitTorrent's traffic is changed when being blocked.CSCud62120
Known Caveats in NBAR2 Protocol Pack 6.3.0
The following table lists the known caveats in NBAR2 Protocol Pack 6.3.0:
DescriptionKnown Caveat
Traffic generated by pcAnywhere for mac and pcAnywhere mobile app might bemisclassified as unknown
CSCtx65481
gtalk-video might be misclassified as rtpCSCub62860
gbridge pc client might not be blockedCSCub89835
Traffic generated by AIM Pro might be misclassified as unknown andwebex-meeting
CSCuc43505
Some qqlive traffic may bemisclassified as qq-accountswhen qqlive is configuredunder a class-map
CSCuh95182
When using Microsoft Lync in Office-365, the traffic might be misclassified asrtp or SSL
CSCui50424
SIP related protocols classification and RTP sub-classification may fail whencompact headers are used
CSCui58918
Encrypted Cisco Jabber is not supportedCSCui70613
Cisco-jabber-video and cisco-phone might be misclassified when configuredunder a class-map
CSCui85573
Microsoft Lync might be misclassified in certain scenariosCSCuj07892
Restrictions and Limitations in NBAR2 Protocol Pack 6.3.0The following table lists the limitations and restrictions in NBAR2 Protocol Pack 6.3.0:
Limitation/RestrictionProtocol
http traffic generated by the bitcomet bittorrent client might be classified as httpbittorrent
NBAR2 Protocol Pack 6.3.06 OL-30862-01
Release Notes for NBAR2 Protocol Pack 6.3.0Restrictions and Limitations in NBAR2 Protocol Pack 6.3.0
Limitation/RestrictionProtocol
Encrypted video streaming generated by hulumight be classified as its underlyingprotocol rtmpe
hulu
Traffic generated by the logmein android app might be misclassified as ssllogmein
Login and chat traffic generated by the ms-lync client might be misclassified asssl
ms-lync
Traffic generated by the mobile or mac app is not supported. ms-lync 2013 trafficif any, might be misclassified.
ms-lync 2013
Login to QQ applications which is not via webmay not be classified as qq-accountsqq-accounts
Voice traffic generated by secondlife might be misclassified as sslsecondlife
Recommended ConfigurationsThe following configurations are tested and recommended for blocking the respective traffic.
Caveat for referenceRecommended Configuration
CSCud40143To block Picasa traffic, you need to block Googleservices and the Picasa application, because Googleapplications share signatures.
CSCud43226To block Gmail traffic, you need to block Googleservices and the Gmail application, because Googleapplications share signatures.
NBAR2 Protocol Pack 6.3.0 OL-30862-01 7
Release Notes for NBAR2 Protocol Pack 6.3.0Recommended Configurations
NBAR2 Protocol Pack 6.3.08 OL-30862-01
Release Notes for NBAR2 Protocol Pack 6.3.0Recommended Configurations