Configuring Application Fingerprinting AFP Overview
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 30-6
Application Fingerprinting Modes
The Application Fingerprinting process is enabled on a per-port basis. When configuring a port or link
aggregate as an AFP port, the user must also specify one of three operational modes for the port:
monitoring, QoS, or UNP.
All three of these modes will monitor ingress traffic on the AFP port to detect any IP packets that match
REGEX signatures. When a match occurs identifying information is scanned from the packets and logged
into a local database on the switch. However, the three modes differ when it comes to determining which
group of REGEX signatures to monitor and if any QoS actions are applied to the matching traffic.
REGEX signatures can be grouped into an application group; the selected AFP mode specifies which
application group to monitor (see “Using the Application REGEX Signature File” on page 30-7). QoS
policies are applied through policy lists associated with the AFP port or through lists associated with a
Universal Network Profile (UNP).
Using the Monitoring Mode
When a port is configured to operate in AFP monitoring mode, the name of an application group of
signatures is specified. This triggers the switch to sample ingress IP packets on that port and compare the
packets to the signatures in the specified application group. After an application is identified and logged
into the local database, no further action is taken and monitoring of the matching traffic continues.
The monitoring mode is particularly useful to initially identify and monitor remote applications entering
the network. The administrator can use the information gathered during monitoring to determine if any
subsequent QoS actions are needed.
Using the QoS Mode
Using the QoS mode is similar to using the monitoring mode in that both modes trigger the sampling of IP
packets on the port. The difference is that configuring QoS mode specifies a QoS policy list name instead
of an application group name. The policy list specifies the application group to monitor.
The policy list assigned to the AFP port must contain a policy rule with a policy condition that specifies
the name of an application group to monitor. The rule can also contain policy actions to apply to the
matching application traffic.
The appfp-group policy condition and appfp policy list type are used to configure QoS policies for
matching application traffic.The following is an example QoS policy rule and policy list configuration that
is associated with an AFP port that is configured to run in the QoS mode:
-> policy condition c1 appfp-group my-p2p
-> policy action a1 disposition drop
-> policy rule r1 condition c1 action a1 no default-list
-> policy list drop_my-p2p type appfp
-> policy list drop_my-p2p rule r1
-> app-fingerprint port 1/2/5 policy-list-name drop-p2p
Note. Configuring more than one operating mode type for the same port is allowed, but using a different
application group for each mode configured on the port is highly recommended. One advantage to using
different groups for different modes on the same port is that you can have one group of applications that are
just monitored and another group of applications to which QoS is applied.
To Next Page
Loading...
