Application Fingerprinting Modes - OmniSwitch os6900 Network Configuration Manual

Configuring Application Fingerprinting

Application Fingerprinting Modes

The Application Fingerprinting process is enabled on a per-port basis. When configuring a port or link
aggregate as an AFP port, the user must also specify one of three operational modes for the port: monitor-
ing, QoS, or UNP.
All three of these modes will monitor ingress traffic on the AFP port to detect any IP packets that match
REGEX signatures. When a match occurs identifying information is scanned from the packets and logged
into a local database on the switch. However, the three modes differ when it comes to determining which
group of REGEX signatures to monitor and if any QoS actions are applied to the matching traffic.
REGEX signatures can be grouped into an application group; the selected AFP mode specifies which
application group to monitor (see
policies are applied through policy lists associated with the AFP port or through lists associated with a
Universal Network Profile (UNP).
Note. Configuring more than one operating mode type for the same port is allowed, but using a different
application group for each mode configured on the port is highly recommended. One advantage to using
different groups for different modes on the same port is that you can have one group of applications that
are just monitored and another group of applications to which QoS is applied.
Using the Monitoring Mode
When a port is configured to operate in AFP monitoring mode, the name of an application group of signa-
tures is specified. This triggers the switch to sample ingress IP packets on that port and compare the pack-
ets to the signatures in the specified application group. After an application is identified and logged into
the local database, no further action is taken and monitoring of the matching traffic continues.
The monitoring mode is particularly useful to initially identify and monitor remote applications entering
the network. The administrator can use the information gathered during monitoring to determine if any
subsequent QoS actions are needed.
Using the QoS Mode
Using the QoS mode is similar to using the monitoring mode in that both modes trigger the sampling of IP
packets on the port. The difference is that configuring QoS mode specifies a QoS policy list name instead
of an application group name. The policy list specifies the application group to monitor.
The policy list assigned to the AFP port must contain a policy rule with a policy condition that specifies
the name of an application group to monitor. The rule can also contain policy actions to apply to the
matching application traffic.
The appfp-group policy condition and appfp policy list type are used to configure QoS policies for
matching application traffic.The following is an example QoS policy rule and policy list configuration that
is associated with an AFP port that is configured to run in the QoS mode:
-> policy condition c1 appfp-group my-p2p
-> policy action a1 disposition drop
-> policy rule r1 condition c1 action a1 no default-list
-> policy list drop_my-p2p type appfp
-> policy list afp-p2p rule r1
OmniSwitch AOS Release 7 Network Configuration Guide
"Using the Application REGEX Signature File" on page
June 2013
AFP Overview
28-8). QoS
page 28-7