ADC Administration Guide, StarOS Release 21.5 First Published: 2017-11-30 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) © 2017 Cisco Systems, Inc. All rights reserved. CONTENTS Preface About this Guide vii Conventions Used vii Supported Documents and Resources viii Related Common Documentation viii Related Product Documentation viii Obtaining Documentation ix Contacting Customer Support ix CHAPTER 1 App-based Tethering Detection 1 Feature Information 1 Feature Description 2 How It Works 2 Licensing 2 Configuring App-based Tethering Detection 2 Enabling App-based Tethering Detection at Rulebase Level 2 Enabling App-based Tethering Detection at Ruledef Level 3 Enabling App-based Tethering Detection at Rule-variable 3 Monitoring and Troubleshooting the App-based Tethering Detection 4 Show Commands and Outputs 4 CHAPTER 2 Application Detection and Control Overview 7 ADC Overview 7 Qualified Platforms 8 License Requirements 8 Dynamic Software Upgrade 8 Overview 8 Limitations for DSU 9 ADC Administration Guide, StarOS Release 21.5 iii Contents ADC Protocol Group Detection 9 Behavioral Traffic 10 SNI Detection 10 SSL Renegotiation Tracking 10 Analyzer Interworking 11 Traffic Sub-classification 11 ADC Support for TRM/FP 11 ADC Support for FAPA 11 ADC Support over Gx 13 Limitations 15 Dynamic Advertisement Server Correlation 16 Bulk Statistics Support 16 How ADC Works 17 Limitations 18 CHAPTER 3 Application Detection and Control Configuration 19 Configuring Dynamic Software Upgrade 19 How to perform Dynamic Software Upgrade 19 Configuring System for ADC 21 Initial Configuration 21 Enabling Enhanced Charging 22 Modifying the Local Context 22 ADC Configuration 23 Creating the Active Charging Service 23 Configuring ADC Rules 23 Configuring ADC Ruledef Types 24 Sample Ruledef Configuration for Windows Updates 25 Configuring P2P Protocol Groups 25 Configuring Behavioral Detection 26 Configuring P2P Advertisement server 27 Configuring SSL Renegotiation 27 Configuring Analyzers 28 Configuring the Charging Action 28 Configuring the Rulebase 28 Setting EDR Formats 29 ADC Administration Guide, StarOS Release 21.5 iv Contents Configuring IP Protocol and Server port mapping 30 Configuring EDR for P2P Events 30 Gathering ADC Statistics 31 Supported Bulk Statistics 33 P2P Reports 33 CHAPTER 4 Peer-to-Peer Protocol and Application Detection Support 35 Supported Protocols and Applications 35 New in this Release 35 All Supported Protocols and Applications 37 Port-based Protocols 92 IP Protocols 124 CHAPTER 5 Reporting SSL Parameters in EDR 131 Feature Summary and Revision History 131 Feature Description 132 How It Works 132 EDR 132 Configuring SSL Parameters in EDR 134 Enabling SSL Parameters 134 Monitoring and Troubleshooting 134 Show Commands and/or Outputs 134 CHAPTER 6 Support for SNI Detection 137 Feature Description 137 QUIC SNI Detection 138 Relationships to Other Features 138 Configuring SNI Detection 139 Configuring SNI in Ruledef 139 Configuring SNI rule variable 140 Enabling HTTPS Analyzer Interworking 141 Verifying the SNI Configuration 141 Monitoring and Troubleshooting the SNI Detection 141 SNI Detection Show Command(s) and/or Outputs 141 show active-charging analyzer statistics name cdp 141 ADC Administration Guide, StarOS Release 21.5 v Contents show active-charging flows type cdp 142 Bulk Statistics 142 ADC Administration Guide, StarOS Release 21.5 vi About this Guide This preface describes the ADC Administration Guide, how it is organized and its document conventions. Application Detection and Control (ADC) is a StarOS™ in-line service application that runs on Cisco® ASR 5500 platform. The ADC in-line service makes use of innovative and highly accurate protocol behavioral detection techniques to reliably detect protocols and applications in the network. ADC is mainly used to detect Peer-to-Peer protocols by analyzing traffic, and can also detect network traffic created by audio and video clients. • Conventions Used, page vii • Supported Documents and Resources, page viii • Contacting Customer Support , page ix Conventions Used The following tables describe the conventions used throughout this documentation. Notice Type Description Information Note Provides information about important features or instructions. Caution Alerts you of potential damage to a program, device, or system. Warning Alerts you of potential personal injury or fatality. May also alert you of potential electrical hazards. Typeface Conventions Description Text represented as a screen This typeface represents displays that appear on your terminal display screen, for example: Login: ADC Administration Guide, StarOS Release 21.5 vii About this Guide Supported Documents and Resources Typeface Conventions Description Text represented as commands This typeface represents commands that you enter, for example: show ip access-list This document always gives the full form of a command in lowercase letters. Commands are not case sensitive. Text represented as a command variable This typeface represents a variable that is part of a command, for example: show card slot_number slot_number is a variable representing the desired chassis slot number. Text represented as menu or sub-menu This typeface represents menus and sub-menus that you access names within a software application, for example: Click the File menu, then click New Supported Documents and Resources Related Common Documentation The following common documents are available: • AAA Interface Administration and Reference • Command Line Interface Reference • GTPP Interface Administration and Reference • Installation Guide (platform dependant) • Release Change Reference • SNMP MIB Reference • Statistics and Counters Reference • System Administration Guide (platform dependant) • Thresholding Configuration Guide Related Product Documentation The most up-to-date information for this product is available in the product Release Notes provided with each product release. The following product documents are also available and work in conjunction with ADC: ADC Administration Guide, StarOS Release 21.5 viii About this Guide Contacting Customer Support • ECS Administration Guide • GGSN Administration Guide • PDSN Administration Guide • P-GW Administration Guide Obtaining Documentation The most current Cisco documentation is available on the following website: http://www.cisco.com/cisco/web/psa/default.html Use the following path selections to access the ADC documentation: Products > Wireless > Mobile Internet > In-Line Services > Cisco Peer-to-Peer Contacting Customer Support Use the information in this section to contact customer support. Refer to the support area of http://www.cisco.com for up-to-date product documentation or to submit a service request. A valid username and password are required to access this site. Please contact your Cisco sales or service representative for additional information. ADC Administration Guide, StarOS Release 21.5 ix About this Guide Contacting Customer Support ADC