Một ranh giới tin tưởng là điểm trong hệ thống trong đó các dấu hiệu như CoS hoặc DSCP bắt đầu được chấp nhận. Vì lý do khả năng mở rộng, phân loại và đánh dấu được thực hiện càng gần tới mép xâm nhập của mạng càng tốt, tùy thuộc vào khả năng của các thiết bị cạnh, hệ thống cuối cùng, lớp truy cập, | Chapter 3 331 9. A trust boundary is the point within the network in which markings such as CoS or DSCP begin to be accepted. For scalability reasons classification and marking should be done as close to the ingress edge of the network as possible depending on the capabilities of the edge devices at the end system access layer or distribution layer. 10. Network Based Application Recognition NBAR is a classification and protocol discovery tool or feature. You can use NBAR to perform three tasks Protocol discovery Traffic statistics collection Traffic classification 11. NBAR has several limitations NBAR does not function on Fast EtherChannel and on interfaces that are configured to use encryption or tunneling. NBAR can only handle up to 24 concurrent URLs hosts or MIME types. NBAR analyzes only the first 400 bytes of the packet. NBAR supports only CEF and does not work if another switching mode is used. Multicast packets fragmented packets and packets that are associated with secure HTTP URL host or MIME classification are not supported. NBAR does not analyze or recognize the traffic that is destined to or emanated from the router running NBAR. 12. You can use NBAR to recognize packets that belong to different types of applications applications that use static well-known TCP or UDP port numbers applications that use dynamic negotiated during control session port numbers and some non-IP protocols. NBAR also can do deep-packet inspection and classify packets based on information stored beyond the IP TCP or UDP headers for example NBAR can classify HTTP sessions based on requested URL MIME type or hostname. 13. Packet Description Language Modules PDLM allow NBAR to recognize new protocols matching text patterns in data packets without requiring a new Cisco IOS software image or a router reload. PDLMs can also enhance an existing protocol recognition capability. 14. NBAR offers audio video and CODEC-type RTP payload classifications. 15. match protocol fasttrack .