Configuring Apr - HPE FlexNetwork MSR Series Configuration Manual

Configuring APR

Overview
The application recognition (APR) feature recognizes application protocols of packets for features
such as QoS, ASPF, and bandwidth management.
APR uses the following methods to recognize an application protocol:
•
Port-based application recognition (PBAR).
•
Network-based application recognition (NBAR).
PBAR
PBAR maps a port to an application protocol and recognizes packets of the application protocol
according to the port-protocol mapping.
PBAR supports the following port-protocol mappings:
•
Predefined—An application protocol uses the port defined by the system.
•
User-defined—An application protocol uses the port defined by the user.
PBAR offers the following mappings to maintain and apply user-defined port configuration:
•
General port mapping—Maps a user-defined port to an application protocol. All packets
destined for that port are regarded as packets of the application protocol. For example, if port
2121 is mapped to FTP, all packets destined for that port are regarded as FTP packets.
•
Host-port mapping—Maps a user-defined port to an application protocol for packets to or from
some specific hosts. For example, you can establish a host-port mapping so that all packets
destined for the network segment 10.110.0.0/16 on port 2121 are regarded as FTP packets. To
define the range of the hosts, you can specify the ACL, the host IP address range, or the
subnet.
Host-port mapping can be further divided into the following categories:
ACL-based host-port mapping—Maps a port to an application protocol for the packets

matching the specified ACL.
Subnet-based host-port mapping—Maps a port to an application protocol for the packets

sent to the specified subnet.
IP address-based host-port mapping—Maps a port to an application protocol for the

packets destined for the specified IP addresses.
NBAR
NBAR uses predefined or user-defined NBAR rules to match packet contents to recognize the
application protocols of packets that match the applied object policy. Predefined NBAR rules are
automatically generated from the APR signature database.
Application group
You can add application protocols that have similar signatures or restrictions to an application group.
APR recognizes packets of the application protocols by matching the packet contents with the
signatures or restrictions. If a packet is recognized as the packet of an application protocol in the
application group, the packet is considered to be the packet of the application group. Features such
as QoS and ASPF can handle packets belonging to the same group in batch.
527