Table of Contents
Advertisement
AFP Overview
Using the UNP Mode
Using the Universal Network Profile (UNP) mode also triggers IP packet sampling on the port but first
attempts to see if the ingress traffic is classified into a UNP.
•
If the traffic is assigned to a UNP, the switch then checks if the UNP is associated with an AFP QoS
policy list that contains the AFP policy condition.
•
If the UNP is associated with an AFP QoS policy list, the application group specified in the AFP policy
condition of a rule within that list is used to monitor ingress traffic on the AFP port. Policy actions
associated with the same AFP policy condition rule are applied to matching IP traffic.
•
If there is no matching UNP or the UNP does not use an AFP policy list or condition, then AFP ignores
the traffic; no packet sampling or monitoring is performed.
The UNP QoS policy list for AFP is created in the same manner as how the list used by the QoS mode is
created. The main difference between the UNP and QoS mode is the check for UNP classification before
packet sampling and monitoring is started. In addition the policy list type is set to UNP instead of Applica-
tion Fingerprinting and UNP is enabled on the AFP port. For example, the following QoS policy rule and
policy list configuration is associated with a UNP that is applied to AFP port traffic associated with the
UNP:
-> policy condition c1 appfp-group p2p
-> policy action a1 disposition drop
-> policy rule r1 condition c1 action a1 no default-list
-> policy list list1 type unp
-> policy list list1 rules r1
-> qos apply
-> unp vlan-profile V10_1 vlan 10 qos_policy-list list1
-> unp classification mac-address 00:00:00:00:03:01 vlan-tag 10 vlan-profile
V10_1
-> unp port 1/2/1
-> app-fingerprint port 1/2/1 unp-profile
Using the Application REGEX Signature File
The REGEX signatures that AFP uses to detect and monitor remote applications are stored in an ASCII
text file named "app-regex.txt". This file is located in the "/flash/app-signature/" directory on the local
switch, and the contents of the file is user-configurable.
The application REGEX signature file contains two sections: one section to define application signatures
and the other section to define application groups.
•
The application signatures section defines a name, optional description, and a REGEX signature for
each application.
•
The application group section is used to group application signatures together. Each group is identified
by a name and consists of the names of each application signature that is a member of the group.
An application group name is required when configuring an AFP port to run in monitoring mode and when
creating QoS policy lists that are used when the port is running in the QoS or UNP mode (see
tion Fingerprinting Modes" on page
configuration; specifying a single group name when configuring the AFP operation requires less steps than
having to configure AFP for each individual application.
page 28-8
28-7). Combining multiple application signatures into one group eases
OmniSwitch AOS Release 7 Network Configuration Guide
Configuring Application Fingerprinting
"Applica-
June 2013
- Quick Links:
- Configuring Vlans
Hide quick links:
Advertisement
Table of Contents
