ADC Administration Guide, Staros Release 21.14
Total Page:16
File Type:pdf, Size:1020Kb
ADC Administration Guide, StarOS Release 21.14 First Published: 2019-06-27 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version. Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) © 2019 Cisco Systems, Inc. All rights reserved. CONTENTS PREFACE About this Guide vii Conventions Used vii Supported Documents and Resources viii Related Common Documentation viii Related Product Documentation viii Obtaining Documentation ix Contacting Customer Support ix CHAPTER 1 Application Detection and Control Overview 1 ADC Overview 1 Qualified Platforms 2 License Requirements 2 Dynamic Software Upgrade 2 Overview 2 ADC Protocol Group Detection 3 Behavioral Traffic 4 SNI Detection 4 SSL Renegotiation Tracking 4 Analyzer Interworking 5 Traffic Sub-classification 5 ADC Support for TRM/FP 5 ADC Support for FAPA 5 ADC Support over Gx 7 Limitations 9 Dynamic Advertisement Server Correlation 9 Bulk Statistics Support 10 ADC Administration Guide, StarOS Release 21.14 iii Contents How ADC Works 11 Limitations 11 CHAPTER 2 Application Detection and Control Configuration 13 Configuring Dynamic Software Upgrade 13 How to perform Dynamic Software Upgrade 13 Configuring System for ADC 15 Initial Configuration 16 Enabling Enhanced Charging 16 Modifying the Local Context 16 ADC Configuration 17 Creating the Active Charging Service 17 Configuring ADC Rules 18 Configuring P2P Protocol Groups 19 Configuring Behavioral Detection 20 Configuring P2P Advertisement server 21 Configuring SSL Renegotiation 21 Configuring Analyzers 22 Configuring the Charging Action 22 Configuring the Rulebase 23 Setting EDR Formats 24 Configuring IP Protocol and Server port mapping 24 Configuring EDR for P2P Events 25 Gathering ADC Statistics 26 Supported Bulk Statistics 27 P2P Reports 27 CHAPTER 3 App-based Tethering Detection 29 Feature Information 29 Feature Description 30 How It Works 30 Licensing 30 Configuring App-based Tethering Detection 30 Enabling App-based Tethering Detection at Rulebase Level 30 ADC Administration Guide, StarOS Release 21.14 iv Contents Enabling App-based Tethering Detection at Ruledef Level 31 Enabling App-based Tethering Detection at Rule-variable 31 Monitoring and Troubleshooting the App-based Tethering Detection 32 Show Commands and Outputs 32 CHAPTER 4 Peer-to-Peer Protocol and Application Detection Support 35 Supported Protocols and Applications 35 New in this Release 35 All Supported Protocols and Applications 36 Port-based Protocols 104 IP Protocols 132 CHAPTER 5 Reporting SSL Parameters in EDR 139 Feature Summary and Revision History 139 Feature Description 140 How It Works 140 EDR 140 Configuring SSL Parameters in EDR 142 Enabling SSL Parameters 142 Monitoring and Troubleshooting 142 Show Commands and/or Outputs 142 CHAPTER 6 Support for SNI Detection 145 Feature Description 145 QUIC SNI Detection 145 Relationships to Other Features 146 Configuring SNI Detection 147 Configuring SNI in Ruledef 147 Configuring SNI rule variable 148 Enabling HTTPS Analyzer Interworking 149 Verifying the SNI Configuration 149 Monitoring and Troubleshooting the SNI Detection 149 SNI Detection Show Command(s) and/or Outputs 149 show active-charging analyzer statistics name cdp 149 ADC Administration Guide, StarOS Release 21.14 v Contents show active-charging flows type cdp 150 Bulk Statistics 150 ADC Administration Guide, StarOS Release 21.14 vi About this Guide This preface describes the ADC Administration Guide, how it is organized and its document conventions. Application Detection and Control (ADC) is a StarOS™ in-line service application that runs on Cisco® ASR 5500 platform. The ADC in-line service makes use of innovative and highly accurate protocol behavioral detection techniques to reliably detect protocols and applications in the network. ADC is mainly used to detect Peer-to-Peer protocols by analyzing traffic, and can also detect network traffic created by audio and video clients. • Conventions Used, on page vii • Supported Documents and Resources, on page viii • Contacting Customer Support , on page ix Conventions Used The following tables describe the conventions used throughout this documentation. Notice Type Description Information Note Provides information about important features or instructions. Caution Alerts you of potential damage to a program, device, or system. Warning Alerts you of potential personal injury or fatality. May also alert you of potential electrical hazards. Typeface Conventions Description Text represented as a screen display This typeface represents displays that appear on your terminal screen, for example: Login: ADC Administration Guide, StarOS Release 21.14 vii About this Guide Supported Documents and Resources Typeface Conventions Description Text represented as commands This typeface represents commands that you enter, for example: show ip access-list This document always gives the full form of a command in lowercase letters. Commands are not case sensitive. Text represented as a command variable This typeface represents a variable that is part of a command, for example: show card slot_number slot_number is a variable representing the desired chassis slot number. Text represented as menu or sub-menu names This typeface represents menus and sub-menus that you access within a software application, for example: Click the File menu, then click New Supported Documents and Resources Related Common Documentation The following common documents are available: • AAA Interface Administration and Reference • Command Line Interface Reference • GTPP Interface Administration and Reference • Installation Guide (platform dependant) • Release Change Reference • SNMP MIB Reference • Statistics and Counters Reference • System Administration Guide (platform dependant) • Thresholding Configuration Guide Related Product Documentation The most up-to-date information for this product is available in the product Release Notes provided with each product release. The following product documents are also available and work in conjunction with ADC: • ECS Administration Guide • GGSN Administration Guide • PDSN Administration Guide • P-GW Administration Guide ADC Administration Guide, StarOS Release 21.14 viii About this Guide Obtaining Documentation Obtaining Documentation The most current Cisco documentation is available on the following website: http://www.cisco.com/cisco/web/psa/default.html Use the following path selections to access the ADC documentation: Products > Wireless > Mobile Internet > In-Line Services > Cisco Peer-to-Peer Contacting Customer Support Use the information in this section to contact customer support. Refer to the support area of http://www.cisco.com for up-to-date product documentation or to submit a service request. A valid username and password are required to access this site. Please