Cisco Cisco ASR 5700
Application Detection and Control Overview
▀ ADC Overview
▄ ADC Administration Guide, StarOS Release 18
12
This section lists the limitations of Dynamic Software Upgrade.
Support for session recovery is limited and there is no support for ICSR in this release.
The system will allow loading two plugins at the most at any point of time. If there is a need to upgrade the
system again, the oldest plugin will be unloaded.
Detection state for a few subscribers may be lost if a plugin is unloaded from the memory.
The newly upgraded plugin will be used for all new calls. The existing calls will continue to use the previous
plugin.
ADC Protocol Group Detection
Application Detection and Control (ADC) performs traffic analysis and classifies flows into applications and its traffic
type. To provide a high-level classification, the protocol grouping feature is implemented to support various
application/protocol groups like gaming, file-sharing, e-mail, communicator, etc. Protocol Grouping is done based on
the functionality provided by the application. For example, applications like Skype and Yahoo are used for VoIP, so
these applications are grouped as Communicator group. The feature is implemented based on the Dynamic Software
Upgrade plugin philosophy.
type. To provide a high-level classification, the protocol grouping feature is implemented to support various
application/protocol groups like gaming, file-sharing, e-mail, communicator, etc. Protocol Grouping is done based on
the functionality provided by the application. For example, applications like Skype and Yahoo are used for VoIP, so
these applications are grouped as Communicator group. The feature is implemented based on the Dynamic Software
Upgrade plugin philosophy.
For configuration-related information, refer to the Configuring P2P Protocol Groups section of the Application
Detection and Control Configuration chapter.
Detection and Control Configuration chapter.
Behavioral Traffic
Behavioral Traffic Analysis is a method to analyze network traffic such that all the traffic is analyzed by the generic
behavior of each flow. ADC supports behavioral traffic analysis for P2P (Peer-to-Peer), Video, VoIP (Voice over IP),
Upload and Download. If the generic behavior of protocols is detected and traffic classified correctly using behavioral
analysis, lesser amount of unknown traffic flows can be seen. These behavioral detections must not be used for charging
purposes. This feature is based on the Dynamic Software Upgrade plugin philosophy.
behavior of each flow. ADC supports behavioral traffic analysis for P2P (Peer-to-Peer), Video, VoIP (Voice over IP),
Upload and Download. If the generic behavior of protocols is detected and traffic classified correctly using behavioral
analysis, lesser amount of unknown traffic flows can be seen. These behavioral detections must not be used for charging
purposes. This feature is based on the Dynamic Software Upgrade plugin philosophy.
Behavioral P2P and behavioral VoIP are meant for zero day detection of P2P/file sharing protocols and VoIP traffic
respectively. Behavioral Video is meant for support of video detection. Behavioral Upload/Download must detect flows
of non-standard ports that cannot be detected by ECS. This is similar to client-server upload/download using
HTTP/FTP/SFTP encrypted download.
respectively. Behavioral Video is meant for support of video detection. Behavioral Upload/Download must detect flows
of non-standard ports that cannot be detected by ECS. This is similar to client-server upload/download using
HTTP/FTP/SFTP encrypted download.
Important:
This feature is disabled by default and meant only for statistical purposes (not for charging purposes).
For configuration-related information, refer to the Configuring Behavioral P2P and VoIP section of the Application
Detection and Control Configuration chapter.
Detection and Control Configuration chapter.
SSL Renegotiation Tracking
SSL Renegotiation flows can be detected by tracking the SSL Session ID and its associated protocol. This feature is
disabled by default. CLI support is added to enable or disable this feature. The maximum entries of SSL Session ID
tracked per Session Manager and the reduce factor can be configured.
disabled by default. CLI support is added to enable or disable this feature. The maximum entries of SSL Session ID
tracked per Session Manager and the reduce factor can be configured.
Certain applications like Facebook, Gmail, Yahoo, Skype, Twitter, iCloud, etc. widely use the SSL Session
Renegotiation feature in their mobile applications to reduce the computational intensive operations involved in a
complete SSL negotiation.
Renegotiation feature in their mobile applications to reduce the computational intensive operations involved in a
complete SSL negotiation.
Limitations: In certain cases, the SSL Renegotiation detection logic does not work if the SSL sessions involved in the
negotiation is spread across more than one subscriber session.
negotiation is spread across more than one subscriber session.