Cisco Cisco Packet Data Gateway (PDG)
ADC Changes in Release 17
▀ ADC Enhancements for 17.5
▄ Release Change Reference, StarOS Release 17
88
ADC Enhancements for 17.5
This section identifies all of the ADC enhancements included in this release:
Feature Changes - new or modified features or behavior changes. For details, refer to the ADC Administration Guide
for this release.
for this release.
Command Changes - changes to any of the CLI command syntax. For details, refer to the Command Line Interface
Reference for this release.
Reference for this release.
Performance Indicator Changes - new, modified, and deprecated bulk statistics, disconnect reasons, counters and/or
fields in new or modified schema and/or show command output. For details, refer to the Statistics and Counters
Reference for this release.
fields in new or modified schema and/or show command output. For details, refer to the Statistics and Counters
Reference for this release.
CSCuu71291 - Develop rule matching capability for ssl sni feature
Applicable Products: GGSN, IPSG, PDSN, P-GW
Related IDs: CSCuu67445, CSCuu71216, CSCuu71264, CSCuu71316, CSCuv37026, CSCuv64469, CSCuv65109,
CSCuv76197, CSCuv88857
CSCuv76197, CSCuv88857
Feature Changes
SNI Detection Support
Server Name Indication (SNI) is an extension of the Transport Layer Security (TLS) protocol that allows multiple
secure (HTTPS) websites (or any other service over TLS) to be served from the same IP address without requiring all
those sites to use the same certificate. SNI provides a mechanism for the client to tell the server which hostname it is
trying to connect to.
secure (HTTPS) websites (or any other service over TLS) to be served from the same IP address without requiring all
those sites to use the same certificate. SNI provides a mechanism for the client to tell the server which hostname it is
trying to connect to.
ADC detects encrypted traffic using the SNI field (signatures) of TLS/SSL (Secure Sockets Layer) traffic. These
signatures are added along with other detection mechanisms and delivered as a plugin. If there are new SNI fields either
in the already detected applications or new applications, then these new fields are added to the plugin and a new version
of the plugin is released. This results in frequent releases of plugin versions causing delay in upgrading the new plugin
in the network and leading to revenue leak to the operator. Due to increased number of applications moving towards
TLS/SSL, an option is provided to configure the SNI in ruledef and classify traffic based on the configured SNI with
this release.
signatures are added along with other detection mechanisms and delivered as a plugin. If there are new SNI fields either
in the already detected applications or new applications, then these new fields are added to the plugin and a new version
of the plugin is released. This results in frequent releases of plugin versions causing delay in upgrading the new plugin
in the network and leading to revenue leak to the operator. Due to increased number of applications moving towards
TLS/SSL, an option is provided to configure the SNI in ruledef and classify traffic based on the configured SNI with
this release.
Important:
The SNI Detection feature requires a valid Application Detection and Control license. Contact your
Cisco Account representative for more information.
Previous Behavior: There was no provision to configure a custom defined protocol (CDP) in previous releases. Only
protocols as part of the ADC plugin were populated as part of bulk statistics in P2P schema.
protocols as part of the ADC plugin were populated as part of bulk statistics in P2P schema.
New Behavior: An option to configure the SNI and the corresponding custom defined protocol (CDP) name in a ruledef
is added. CDP names defined in TLS ruledef will be populated as part of the P2P schema.
is added. CDP names defined in TLS ruledef will be populated as part of the P2P schema.