LogoLogo
  • Highlight Help & Support
  • Getting Started
    • New User
      • Quick Start Guide
      • Glossary
      • Add Users
      • Terms & Conditions
      • User Authentication
      • User Menu
      • Service Description
    • Useful Information
      • Insight UI
      • Advocacy
      • Browsers Supported
      • Reset Password
      • Favourites
      • Saved Settings
      • AppVis™
      • Flow
      • Domains
      • Network Explorer
      • Searching
    • Release Notes
      • 25.7 - July 2025
      • 25.6 - June 2025
      • 25.5 - May 2025
      • 25.4 - April 2025
      • 25.3 - March 2025
      • 25.2 - February 2025
      • 25.1 - January 2025
      • 24.13 - December-B 2024
      • 24.12 - December-A 2024
      • 24.11 - November 2024
      • 24.10 - October 2024
      • 24.9 - September 2024
    • Contact Us
  • Status
    • Network
      • Heat Tiles
      • Highlight Alerting Mechanism
      • Grid View
      • Watch Status Panel
      • WiFi
      • Hybrid WAN
      • Maintenance Indicators
    • Alerting
      • Alert Management
      • Alert Messages
      • Alert Suppression
      • Alerting - Email
      • Alerting - SNMP Traps
      • Alerting - Webhooks
    • AppVis
      • AppVis™
      • Categories
  • Details
    • Details Page Header
    • Details pages
      • Traffic Load
      • Line Availability
      • Broadband Bandwidth
      • Cellular Clarity
      • Performance Charts
      • Maintenance indicators
    • Bearers - Traffic Analysis
      • NBAR & Flow
      • Flow Specifics
    • WiFi
      • AP Access Point
      • AP Client Count
      • AP Channel Load
      • WiFi by Vendors
    • Other Watch Types
      • SD-WAN Tunnels
      • Performance Agent
      • Switches
  • Reporting
    • Insights
    • Network Reports
      • Setup
      • Suggested Reports
      • Output
      • Graphs
      • Colours
      • Site Availability
    • Inventory
      • Device Info
    • The Reporting API
      • API
    • Audit Log
      • Audit Log
      • Logins Report
    • Alert Log
      • Alert Log
    • Admin Reports
      • User Report
      • Watch Report
  • Admin - Under Construction
    • Admin Tabs
      • Browse
      • Pending
      • Agents
      • Controllers
    • Highlight Tree Structure
      • Create Tree
      • Move
Powered by GitBook
LogoLogo

Highlight (SLM) LTD

On this page
  • Overview
  • Options and colour coding
  • Overview - NBAR and Flow
  • Highlight Flow features
  • Examples of Highlight Application Visibility Graphs

Was this helpful?

  1. Details
  2. Bearers - Traffic Analysis

NBAR & Flow

PreviousBearers - Traffic AnalysisNextFlow Specifics

Last updated 1 month ago

Was this helpful?

Overview

Feature comparison of NBAR (a Cisco Application recognition utility) and Flow (a standards based analysis of data conversations) on the Details page.

A more detailed description of Flow can be found on the page.

Options and colour coding

indicates the Traffic Analysis is Flow based(no Flow in heading) indicates the Traffic Analysis is NBAR based

Options for Flow are explained in

Options for NBAR - for day view only

1 Hour: Show the graphs in hourly intervals (default)

30 Minutes: Show the graphs in half-hourly intervals, this will reset to default (1 hour) when you next log in

Today only

Colour coding applies to all sections on the Details page except Traffic Trend and Traffic Analysis (Flow and NBAR). There are no targets for Traffic Analysis data and thus it does not impact any heat tile colours. The indicator will always be green for today.

Overview - NBAR and Flow

Highlight supports bi-directional application visibility in one of two ways: via NBAR (Network-Based Application Recognition - Cisco only) or by Flow data (IPFIX, Cisco NetFlow v5 or v9, or Juniper J-Flow). These two technologies offer different pros and cons and these should be considered when selecting which application analysis tool to use.

Find out more about

Highlight Flow features

Agent-based, distributed and scalable

Highlight Flow uses distributed agents (collectors) which receive Flow data directly from network devices, store and aggregate the raw data locally, compress it, and send this reduced data stream to the core Highlight platform. By distributing both storage and compression, Highlight Flow can remain accurate but also very scalable. Normally a single agent is placed within an enterprise network, although organisations can deploy multiple agents at strategic locations within large networks or where flow traffic must be kept to an absolute minimum.

The flow collector receives flow data from the customer routers via UDP port 9996 and once processed, posts this data every hour to Highlight, encrypted via HTTPS.

Examples of Highlight Application Visibility Graphs

Flow

NBAR

NBAR does not have a Hosts option, but note the greater granularity of applications. On a day view, you can switch between hourly and 30 minute intervals.

Refer to the page for a full explanation of the Flow Details page.

The flow collector agent can run on a physical or virtual server and the server specification required can be found here: . The minimum specification flow collector is capable of processing flow data from 20 flow sources. The flow collector software is free from Highlight but there may be Highlight licence considerations. for any questions regarding Flow.

Note the option to select Applications or Hosts in the side bar. Refer to the page for more details.

To set up a router for Flow, refer to the page.

Cisco routers can be configured to identify the ‘Unknown’ traffic. See the Highlight Support document for details on

Understanding Flow
Understanding Flow Detail - Top Applications/Top Talkers
Application Awareness.
Understanding Flow
Server Specifications
Contact us
Understanding Flow
Flow Configuration
identifying 'Unknown' Applications