Traffic Classification Using Service Configuration Editor

Traffic Classification Using Service Configuration Editor
TrafficClassificationUsingServiceConfiguration
Editor
Traffic classification is the first step in creating a Cisco SCA BB service configuration. Traffic is classified
according to services.
For each commercial service that providers offer to their subscribers, a corresponding service is defined in
the Cisco Service Control solution. You can use this service to classify and identify the traffic, report on its
usage, and control it.
This module explains how to work with services and their elements and subelements:
• Searching Traffic Classification Settings, page 1
• Introduction to Managing Services , page 2
• Introduction to Managing Protocols , page 21
• Introduction to Managing Zones, page 33
• Introduction to Managing Protocol Signatures , page 45
• Introduction to Managing Flavors , page 58
• Introduction to Managing Content Filtering, page 71
• OS Fingerprinting Overview, page 86
Searching Traffic Classification Settings
You can search for any classification detail by name or numeric ID, such as services, protocols, port number,
or counter assignments. You can also search for protocols or signatures that are not assigned to a service.
Procedure
Step 1
In the Classification tab, click the Search Classification Settings (
) icon.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
1
Traffic Classification Using Service Configuration Editor
Introduction to Managing Services
The Search Classification Settings dialog box appears.
Figure 1: Search Classification Settings
Step 2
Enter the text to search.
You can include the following wildcards in the search:
• ?—any character
• *—any string
The dialog box is populated with the search results.
Step 3
Double-click the item to take you to the screen where you can edit it.
Example:
For example, if you double-click a protocol, the protocol dialog box opens on the selected protocol.
Introduction to Managing Services
Services are used to classify controlled traffic.
A service consists of one or more service elements; different network traffic transaction types are mapped to
different service elements.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
2
OL-31849-01
Traffic Classification Using Service Configuration Editor
Service Parameters
Traffic is classified based on some or all of the following:
• Protocol—The protocol used by the transaction, as identified by the Cisco Service Control Engine (Cisco
SCE) platform
• Initiating side—Where the transaction was initiated
• Zone—IP address of the network-side host of the transaction
• Flavor—Specific Layer 7 properties of the transaction; for example, host names of the network-side
host of the transaction
A service configuration can contain up to 500 services and 10,000 service elements. Every service element
in a service configuration must be unique.
Service Parameters
A service is defined by the following parameters:
• General parameters:
◦Name—A unique name
◦Description—(Optional) A description of the service
• Hierarchy parameters:
◦Parent Service
The default service, which is the base of the service hierarchy, does not have a parent.
Note
The parent service is important when services share usage counters (see next parameter).
◦Service Usage Counters—Used by the system to generate data about the total use of each service.
A service can use either its own usage counters, or those of the parent service.
Each usage counter has:
◦A name assigned by the system (based on the service name).
Note
An asterisk is appended to a service usage counter name whenever the counter applies
to more than one service.
◦A unique counter index—A default value of the counter index provided by the system. Do
not modify this value.
• Advanced parameter:
◦Service Index—A unique number by which the system recognizes the service (changing the service
name does not affect Cisco SCE platform activity). The system provides a default value of the
service index. Do not modify this value.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
3
Traffic Classification Using Service Configuration Editor
How to Add and Define Services
These parameters are defined when you add a new service (see Adding a Service to a Service Configuration
, on page 4 section). You can modify them at any time (see Editing Services , on page 9 section).
How to Add and Define Services
A number of services are predefined in the Console installation. You can add additional services to a service
configuration, subject to the limit of 500 services (including predefined services) per service configuration.
After you have added and defined a new service, you can add service elements to the service (see the Adding
Service Elements section).
This section contains the following topics:
Adding a Service to a Service Configuration
Procedure
Step 1
Step 2
In the Services tab, select a service from the service tree. This service is the parent of the service you are
adding.
In the left pane, click the Add Service (
The Service Settings dialog box appears.
) icon.
Figure 2: Service Settings
Step 3
Step 4
In the Name field, enter a unique and relevant name for the service.
In the Description field, enter a meaningful and useful description of the service.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
4
OL-31849-01
Traffic Classification Using Service Configuration Editor
How to Add and Define Services
Step 5
Step 6
Step 7
To set exclusive usage counters for this service, or to change the parent service you selected when adding the
service, continue with the instructions in the Defining Hierarchical Settings for a Service , on page 5 section.
(Optional) To specify an index for this service, continue with the instructions in the Setting the Service Index
, on page 6 section.
Note
The system automatically assigns a free number for the new service. Modify this number only where
a specific index value must be assigned to a specific service.
Click OK.
The Service Settings dialog box closes.
The service is added to the service tree as a child to the service you selected in the hierarchy.
Defining Hierarchical Settings for a Service
Procedure
Step 1
In the Service Settings dialog box, click the Hierarchy tab.
The Hierarchy tab opens.
Figure 3: Hierarchy Tab
Step 2
Step 3
To set a different parent service, select the desired parent from the Parent Service drop-down list.
By default, a new service uses the global usage counter of its parent service. To define an exclusive global
usage counter, check the Map this Service to an exclusive Global usage counter check box.
The name in the read-only Global counter of this service field changes to reflect your choice.
The Counter Index drop-down list is enabled.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
5
Traffic Classification Using Service Configuration Editor
How to Add and Define Services
(Optional) Select a value for the counter index from the Counter Index drop-down list. You can select upto
256 counter index values.
Note
Step 4
The system provides a default value of the counter index. Do not modify this value.
By default, a new service uses the subscriber usage counter of its parent service. To define an exclusive
subscriber usage counter, check the Map this Service to an exclusive Subscriber usage counter check box.
The name in the read-only Subscriber counter of this service field changes to reflect your choice.
The Counter Index drop-down list is enabled.
(Optional) Select a value for the counter index from the Counter Index drop-down list. You can select upto
64 counter index values.
Note
Step 5
Step 6
The system provides a default value of the counter index. Do not modify this value.
To specify an index for this service, continue with the instructions in the Setting the Service Index , on page
6 section.
Note
The system automatically assigns a free number for the new service. Modify this number only where
a specific index value must be assigned to a specific service.
Click OK.
The Service Settings dialog box closes.
The service is added to the service tree as a child to the service selected in the Parent Service drop-down list.
Setting the Service Index
Procedure
Step 1
In the Service Settings dialog box, click the Advanced tab.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
6
OL-31849-01
Traffic Classification Using Service Configuration Editor
How to Add and Define Services
The Advanced tab opens.
Figure 4: Advanced Tab
Step 2
From the Set the Index for this Service drop-down list, select a service index.
The service index must be an integer in the range from 1 to 499; zero is reserved for the default service.
The system automatically assigns a free number for the new service. Modify this number only where
a specific index value must be assigned to a specific service.
Click OK.
The Service Settings dialog box closes.
Note
Step 3
The service is added to the service tree as a child to the service selected in the Parent Service drop-down list.
Viewing Services
You can view a hierarchy tree of all existing services and see their associated service elements.
Procedure
Step 1
In the current service configuration, click the Classification tab.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
7
Traffic Classification Using Service Configuration Editor
How to Add and Define Services
The Classification tab appears.
Figure 5: Classification Tab
A list of all services is displayed in the service tree (left pane).
Step 2
Click a service in the hierarchy to display its service elements.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
8
OL-31849-01
Traffic Classification Using Service Configuration Editor
Editing Services
A list of all service elements defined for this service is displayed in the right (Service Elements) pane.
Figure 6: Service Elements
Step 3
To view more information about a service, select a service from the service tree and click the Edit Service
(
) icon.
The Service Settings dialog box appears.
Step 4
Click OK.
The Service Settings dialog box closes.
Editing Services
You can modify the parameters of a service, even those parameters included in the Console installation.
To add, modify, or delete service elements, see Introduction to Managing Service Elements , on page 11
section.
Procedure
Step 1
Step 2
In the Services tab, select a service from the service tree.
Step 3
(Optional) Give a new name to the service.
Enter a new name in the Name field.
(Optional) Give a new description for the service.
Step 4
In the left pane, click the Edit Service (
) icon.
The Service Settings dialog box appears.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
9
Traffic Classification Using Service Configuration Editor
Deleting Services
Enter a new description in the Description field.
Step 5
To change hierarchical settings, click the Hierarchy tab.
The Hierarchy tab opens.
Step 6
Step 7
To set a different parent service, select the desired service from the Parent Service drop-down list.
To share a global usage counter with the parent service, uncheck the Map this Service to an exclusive Global
usage counter check box.
The name of the parent service’s counter is displayed in the Global counter used by this service field.
Step 8
To define an exclusive global usage counter, check the Map this Service to an exclusive Global usage
counter check box.
The name in the read-only Global counter of this service field changes to reflect your choice.
The Counter Index drop-down list is enabled.
Note
Step 9
The system provides a default value of the counter index. Do not modify this value.
To share a subscriber usage counter with the parent service, uncheck the Map this Service to an exclusive
Subscriber usage counter check box.
The name of the parent service’s counter is displayed in the Subscriber counter used by this service field.
Step 10 To define an exclusive subscriber usage counter, check the Map this Service to an exclusive Subscriber usage
counter check box.
The name in the read-only Subscriber counter of this service field changes to reflect your choice.
The Counter Index drop-down list is enabled.
Note
The system provides a default value of the counter index. Do not modify this value.
Step 11 Change the service index. To change the service index:
a) In the Service Settings dialog box, click the Advanced tab.
b) The Advanced tab opens.
Step 12 From the Set the Index for this Service drop-down list, select a service index.
The service index must an integer in the range from 1 to 499; zero is reserved for the default service.
Note
The system provides a default value of the service index. Do not modify this value.
Step 13 Click OK .
The Service Settings dialog box closes.
The changes to the service are saved.
Deleting Services
You can delete all services, even those services in the Console installation, except for the default service.
Procedure
Step 1
In the Services tab, select a service from the service tree.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
10
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Service Elements
Step 2
In the left pane, click the Delete Service (
A Service Warning message appears.
) icon.
Figure 7: Service Warning
Step 3
Click Yes.
If any package has a rule for this service (see Introduction to Managing Rules section), a second Service
Warning message appears.
Figure 8: Service Warning
Step 4
Click Yes.
The service is deleted and is no longer displayed in the service tree. Any rules for the service are also deleted.
Children of the deleted service are not deleted; they move up one level in the service tree.
Introduction to Managing Service Elements
A service is a collection of service elements; to complete the definition of a service, you must define its service
elements. A service element maps a specific protocol, initiating side, zone, and flavor to the selected service.
For more information, see Introduction to Managing Protocols , on page 21 section , Introduction to Managing
Zones, on page 33 section , and Introduction to Managing Flavors , on page 58 section .
A service configuration can contain up to 10,000 service elements. Every service element must be unique.
A service element maps a traffic flow, that meets all the following criteria, to its service:
• The flow uses the specified protocol of the service element.
• The flow is initiated by the side (network, subscriber, or either) specified for the service element.
• The destination of the flow is an address that belongs to the specified zone of the service element.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
11
Traffic Classification Using Service Configuration Editor
Introduction to Managing Service Elements
• The flow matches the specified flavor of the service element.
• The service element is the most specific service element satisfying the first four criteria.
Adding Service Elements
When necessary, you can add new service elements to a service. (The most useful service elements are included
in the Console installation.) A service may have any number of service elements (subject to the limit of 10,000
service elements per service configuration).
Note
Every service element must be unique. If, at any stage, the new service element is the same as an existing
one, an error message is displayed in the dialog box, and the Finish button is dimmed. To proceed, modify
the value in at least one field.
Procedure
Step 1
Step 2
In the Services tab, select a service from the service tree.
In the right (Service Elements) pane, click the Add Service Element (
The New Service Element dialog box appears.
).
Figure 9: New Service Element
Step 3
To change the service to which this service element is assigned, click the Select button next to the Service
field.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
12
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Service Elements
The Select a Service dialog box appears, displaying a list of all services.
Figure 10: Select a Service
Step 4
Step 5
Select a service from the list.
Click OK.
The Select a Service dialog box closes.
The selected service is displayed in the Service field of the New Service Element dialog box.
Step 6
Click the Select button next to the Protocol field.
Note
The default value (an asterisk, *) means that no protocol checking is performed when testing whether
a flow maps to this service element.
The Select a Protocol dialog box appears, displaying a list of all protocols.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
13
Traffic Classification Using Service Configuration Editor
Introduction to Managing Service Elements
Note
If you select a flavor (Step 15) before you select a protocol, only protocols relevant to the selected
flavor are displayed.
Figure 11: Select a Protocol
Step 7
Step 8
Select a protocol from the list. You can type in the field at the top of the dialog box to help locate the desired
protocol.
Click OK.
The Select a Protocol dialog box closes.
The selected protocol is displayed in the Protocol field of the New Service Element dialog box.
Step 9
In the Initiating Side field, click the drop-down arrow.
Figure 12: Initiating Side Field
Step 10 Select the appropriate initiating side from the drop-down list.
The following options are available:
• Subscriber-Initiated —Transactions are initiated at the subscriber side towards (a server at) the network
side.
• Network-Initiated —Transactions are initiated at the network side towards (a server at) the subscriber
side.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
14
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Service Elements
• Initiated by either side.
Step 11 Click the Select button next to the Zone field.
Note
The default value (an asterisk, *) means that no zone checking is performed when testing whether a
flow maps to this service element.
The Select a Zone dialog box appears ( Figure 7-13 ), displaying a list of all zones.
Figure 13: Select a Zone
Step 12 Select a zone from the list.
Step 13 Click OK.
The Select a Zone dialog box closes.
The selected zone is displayed in the Zone field of the New Service Element dialog box.
If you select a zone in which data flows are classified using zones only, the Protocol, Initiating Side,
and Flavor fields are disabled.
Step 14 Click the Select button next to the Flavor field.
Note
The default value (an asterisk, *) means that no flavor checking is performed when testing whether
a flow maps to this service element.
The Select a Flavor dialog box appears, displaying a list of all flavors relevant to the protocol selected in Step
7.
Note
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
15
Traffic Classification Using Service Configuration Editor
Introduction to Managing Service Elements
Note
You can only select a ToS flavor if you select the default value (*, meaning any protocol) for the
protocol.
Figure 14: Select a Flavor
Step 15 Select a flavor from the list.
Step 16 Click OK.
The Select a Flavor dialog box closes.
The selected flavor is displayed in the Flavor field of the New Service Element dialog box.
Step 17 Click Finish.
The New Service Element dialog box closes.
The new service element is added to the service.
A new row, representing the service element, is added to the service element list in the Service Elements pane.
Duplicating Service Elements
Duplicating an existing service element is a useful way to add a new service element similar to an existing
service element. It is faster to duplicate a service element and then modify it than to define the service element
from beginning.
Note
Every service element must be unique. If, at any stage, the new service element is the same as an existing
one, an error message is displayed in the dialog box, and the Finish button is dimmed. To proceed, modify
the value in at least one field.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
16
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Service Elements
Procedure
Step 1
In the Services tab, select a service from the service tree.
A list of associated service elements is displayed in the Service Elements pane.
Step 2
Step 3
In the Service Elements pane, select a service element to duplicate.
Click the Duplicate Service Element (
) icon.
The Copy Service Element dialog box appears.
Figure 15: Copy Service Element
Step 4
Modify the service element
(see Editing Service Elements , on page 17 section).
Note
Before you can save the new service element, you must change the value in at least one field.
Editing Service Elements
You can modify all service elements, even those service elements that are included in the Console installation.
Note
Every service element must be unique. If, at any stage, the modified service element is the same as an
existing one, an error message is displayed in the dialog box, and the Finish button is dimmed. To proceed,
modify the value in at least one field.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
17
Traffic Classification Using Service Configuration Editor
Introduction to Managing Service Elements
Procedure
Step 1
In the Services tab, select a service from the service tree.
A list of associated service elements is displayed in the Service Elements pane.
Step 2
Step 3
In the Service Elements pane, select a service element to edit.
In the Service Elements pane, click the Edit Service Element (
The Edit Service Element dialog box appears.
) icon.
Figure 16: Edit Service Element
Step 4
To change the service to which this service element is assigned, click the Select button next to the Service
field.
The Select a Service dialog box appears, displaying a list of all services.
Step 5
Step 6
Select a service from the list.
Click OK.
The Select a Service dialog box closes.
The selected service is displayed in the Service field of the Edit Service Element dialog box.
Step 7
To change the protocol of this service element, click the Select button next to the Protocol field.
Note
An asterisk (*) means that no protocol checking is performed when testing whether a flow maps to
this service element.
The Select a Protocol dialog box appears, displaying a list of all protocols.
Step 8
Select a protocol from the list; you can type in the field at the top of the dialog box to help locate the desired
protocol.
Click OK.
The Select a Protocol dialog box closes.
Step 9
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
18
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Service Elements
The selected protocol is displayed in the Protocol field of the Edit Service Element dialog box.
Step 10 To change the initiating side of this service element, click the drop-down arrow in the Initiating Side field.
Step 11 Select the appropriate initiating side from the drop-down list.
• Subscriber-Initiated —Transactions are initiated at the subscriber side towards (a server at) the network
side.
• Network-Initiated —Transactions are initiated at the network side towards (a server at) the subscriber
side.
• Initiated by either side
Step 12 To change the zone of this service element, click the Select button next to the Zone field.
Note
An asterisk (*) means that no zone checking is performed when testing whether a flow maps to this
service element.
The Select a Zone dialog box appears, displaying a list of all zones.
Step 13 Select a zone from the list.
Step 14 Click OK.
The Select a Zone dialog box closes.
The selected zone is displayed in the Zone field of the Edit Service Element dialog box.
Step 15 To change the flavor of this service element, click the Select button next to the Flavor field.
Note
An asterisk (*) means that no flavor checking is performed when testing whether a flow maps to this
service element.
The Select a Flavor dialog box appears, displaying a list of all flavors.
Step 16 Select a flavor from the list.
Step 17 Click OK.
The Select a Flavor dialog box closes.
The selected flavor is displayed in the Flavor field of the Edit Service Element dialog box.
Step 18 Click Finish.
The Edit Service Element dialog box closes.
The changes to the service element are saved.
The changes to the service element appear in the service element list in the Service Elements pane.
Deleting a Service Element
You can delete all service elements, even those service elements that are included in the Console installation.
Procedure
Step 1
In the Services tab, select a service from the service tree.
A list of associated service elements is displayed in the Service Elements pane.
Step 2
In the Service Elements pane, select a service element to delete.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
19
Traffic Classification Using Service Configuration Editor
Introduction to Managing Service Elements
Step 3
In the Service Elements pane, click the Delete Service Element (
A Service Warning message appears.
) icon.
Figure 17: Service Warning
Step 4
Click Yes.
The service element is deleted and is no longer part of the selected service.
Moving Service Elements
You can move an existing service element from one service to a different service.
Procedure
Step 1
In the Services tab, select a service from the service tree.
A list of associated service elements is displayed in the Service Elements pane.
Step 2
Step 3
In the Service Elements pane, select a service element to move.
Click the Move Service Element to Another Service (
) icon.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
20
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Protocols
The Move Service Element dialog box appears, displaying the complete service tree.
Figure 18: Move Service Element
Step 4
Step 5
From the service tree, select a service.
Click OK.
The Move Service Element dialog box closes.
The service element is moved to the selected service.
Introduction to Managing Protocols
A protocol is composed of an application protocol signature, the destination port or ports, a unique name, and
an optional description.
Protocols are used to define service elements (see the Introduction to Managing Service Elements , on page
11 section).
You can add new protocols (for example, to classify a new gaming protocol that uses a specific port). You
can also edit or delete existing ones.
A service configuration can contain up to 10,000 protocols.
Cisco SCA BB supports many commercial and common protocols.
For a complete list of protocols included with the current release of Cisco SCA BB, see the “Information
About Protocols” section in the “Default Service Configuration Reference Tables” chapter of Cisco Service
Control Application for Broadband Reference Guide.
This section explains the following procedures:
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
21
Traffic Classification Using Service Configuration Editor
Viewing Protocols
As new protocols are released, Cisco provides files containing the new protocol signatures so that you can
add the signatures to your service configuration. See the Importing a Dynamic Signature Script into a Service
Configuration , on page 50.
Viewing Protocols
You can view a list of all protocols and their associated protocol elements.
The protocols are listed in ASCII sort order (that is, 0... 9, A... Z, a... z).
The protocol elements are not sorted; they are listed in the order in which they were added to the protocol.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Protocols .
The Protocol Settings dialog box appears.
Figure 19: Protocol Settings
The Protocols tab displays a list of existing protocols.
Step 2
Double-click a protocol to view its description and ID.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
22
OL-31849-01
Traffic Classification Using Service Configuration Editor
Filtering a Protocols List
The Protocol Settings dialog box appears, displaying the protocol name, description, and ID.
Figure 20: Protocol Settings
Step 3
Click Cancel.
The Protocol Settings dialog box closes.
Step 4
To view a list of protocol elements, select a protocol in the list in the Protocol Settings dialog box.
Protocol elements are displayed in the Protocol Elements tab.
Step 5
Click Close .
The Protocol Settings dialog box closes.
Filtering a Protocols List
You can filter the protocols by type, so that the Protocols tab displays only the selected type of protocol.
The categories of protocols include:
• Generic Protocols—Generic IP, Generic TCP, and Generic UDP protocols, used for transactions that
are not specifically mapped to a protocol by any other protocol type.
• IP Protocols—Protocols (such as ICMP), other than TCP and UDP protocols, identified according to
the IP protocol number of the transaction.
• Port-Based Protocols—TCP and UDP protocols, classified according to their well-known ports. The
default service configuration includes more than 750 common port-based protocols.
• Signature-Based Protocols—Protocols classified according to a Layer 7 application signature. Includes
the most common protocols, such as HTTP and FTP, and a large group of popular P2P protocols.
• P2P Protocols—Peer-to-peer file-sharing application protocols, classified according to a Layer 7
application signature.
• VoIP Protocols—Voice-over-IP application protocols, classified according to a Layer 7 application
signature.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
23
Traffic Classification Using Service Configuration Editor
Adding Protocols to a Service Configuration
• SIP Protocols—Protocols classified according to a Layer 7 application signature that is SIP or has SIP
characteristics.
• Worm Protocols—Protocols classified according to a Layer 7 application signature that is based on
traffic patterns of internet worms.
• Packet Stream Pattern Based Protocols—Protocols classified according to a Layer 7 application signature
that is based on the pattern of the packet stream (for example, the stream’s symmetry, average packet
size, and rate) rather than on the payload content of the packet.
• Unidirectionally Detected Protocols—Protocols having a unidirectional signature.
• Behavioral Protocols
• E-Mail and Newsgroup Protocols
• Gaming Protocols
• HTTP Protocols
• Instant Messaging Protocols
• Net Admin Protocols
• Video Protocols
• Tunneling Protocols
• ClickStream Protocols
Note
Some protocols belong to more than one category. In particular, all predefined P2P, VoIP, SIP, Worm,
and Packet Stream Pattern-Based Protocols are also defined as Signature-Based Protocols.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Protocols .
The Protocol Settings dialog box appears.
Step 2
From the drop-down list in the Protocols tab, select the type of protocol to display.
The protocols of the selected type appear in the Protocols tab.
Step 3
Click Close.
The Protocol Settings dialog box closes.
Note
The setting in the drop-down list is not saved. The next time you open the Protocol Settings dialog
box, all protocols are displayed.
Adding Protocols to a Service Configuration
You can add new protocols to a service configuration, subject to the limit of 10,000 protocols per service
configuration.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
24
OL-31849-01
Traffic Classification Using Service Configuration Editor
Editing Parameters of a Protocol
Procedure
Step 1
Step 2
From the Classification tab in the left pane, choose Configuration > Classification > Protocols .
The Protocol Settings dialog box appears.
In the Protocols tab, click the Add Protocol (
The Protocol Settings dialog box appears.
) icon.
Figure 21: Protocol Settings
Step 3
Step 4
In the Name field, enter a unique name for the new protocol.
(Optional) From the Protocol ID drop-down list, select an ID for the protocol.
The protocol ID must be an integer in the range from 5000 to 9998; lower values are reserved for protocols
provided by Cisco SCA BB.
Note
Step 5
The system provides the value of the protocol ID. Do not modify this field.
Click OK.
The Protocol Settings dialog box closes.
The new protocol is displayed in the Protocols tab. You can now add protocol elements to it. See Adding
Protocol Elements , on page 28 section.
Editing Parameters of a Protocol
You can modify the parameters of a protocol, even those for those protocols that are included in the Console
installation.
To add, modify, or delete protocol elements, see Introduction to Managing Protocol Elements , on page 27
section.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
25
Traffic Classification Using Service Configuration Editor
Deleting Protocols
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Protocols .
The Protocol Settings dialog box appears.
Step 2
In the Protocols tab, double-click a protocol.
A second Protocol Settings dialog box appears.
Figure 22: Protocol Settings
Step 3
Modify fields in the Protocol Settings dialog box.
a) In the Name field, enter a new name for the protocol.
b) From the Protocol ID drop-down list, select an ID for the protocol.
The protocol ID must be an integer in the range from 5000 to 9998; lower values are reserved for protocols
provided by Cisco SCA BB.
Note
Step 4
The system provides the protocol ID. Do not modify this field.
Click OK.
The Protocol Settings dialog box closes.
The new values of the protocol parameters are saved.
Step 5
Click Close.
The Protocol Settings dialog box closes.
Deleting Protocols
You can delete all protocols, even those protocols that are included in the Console installation.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
26
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Protocol Elements
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Protocols .
The Protocol Settings dialog box appears.
Step 2
Step 3
In the Protocols tab, select a Protocol.
In the Protocols tab, click the Delete Protocol (
A Protocol Warning message appears.
) icon.
Figure 23: Protocol Warning
Step 4
Click Yes .
If any service element maps the selected protocol to a service (see Moving Service Elements , on page 20
section), a second Protocol Warning message appears (even if the service is not used by any package).
Figure 24: Protocol Warning
Step 5
Click Yes.
The Protocol is deleted from the Protocols tab.
Step 6
Click Close.
The Protocol Settings dialog box closes.
Introduction to Managing Protocol Elements
A protocol is a collection of protocol elements.
To complete the definition of a protocol, you must define its protocol elements. A protocol element maps a
specific signature, IP protocol, and port range to the selected protocol. Every protocol element in a service
configuration must be unique.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
27
Traffic Classification Using Service Configuration Editor
Introduction to Managing Protocol Elements
If a traffic flow meets all of the following four criteria, it is mapped to a specific protocol:
• The flow belongs to the specified signature of the protocol element.
• The flow protocol is the specified IP protocol of the protocol element.
• (If the IP protocol is TCP or UDP) The destination port is within the specified port range of the protocol
element.
• The protocol element is the most specific protocol element satisfying the first three criteria.
Adding Protocol Elements
You can add any number of protocol elements to a protocol.
Note
When you set the parameters of the protocol element, the values of the parameters are saved as you enter
them.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Protocols .
The Protocol Settings dialog box appears.
Step 2
Step 3
In the Protocols tab, select a protocol.
In the Protocol Elements tab, click the Add Protocol Element (
A protocol element is added to the protocol.
) icon.
A new row, representing the protocol element, is added to the protocol element list in the Protocol Element
tab.
Step 4
Click in the Signature cell of the protocol element, and then click the Browse button that appears in the cell.
Note
The default value (an asterisk, *) means that no signature checking is performed when testing whether
a flow maps to this protocol element.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
28
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Protocol Elements
The Select a Signature dialog box appears, displaying a list of all signatures.
Figure 25: Select a Signature
Step 5
Step 6
Select a signature from the list.
Note
Select the Generic signature to allow a flow that has no matching signature in the protocol signature
database to be mapped to this protocol element (if the flow also matches the IP protocol and port
range of the protocol element).
Click OK.
The Select a Signature dialog box closes.
The selected signature is displayed in the Signature cell of the Protocol Settings dialog box.
Step 7
Click in the IP Protocol cell of the protocol element, and then click the Browse button that appears in the cell.
Note
The default value (an asterisk, *) means that no IP protocol checking is performed when testing
whether a flow maps to this protocol element.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
29
Traffic Classification Using Service Configuration Editor
Introduction to Managing Protocol Elements
The Select an IP Protocol dialog box appears, displaying a list of all IP protocols.
Figure 26: Select an IP Protocol
Step 8
Step 9
Select an IP protocol from the list.
Click OK.
The Select an IP Protocol dialog box closes
The selected IP protocol is displayed in the IP Protocol cell of the Protocol Settings dialog box.
Step 10 In the Port Range cell, enter a port or range of ports.
For a range of ports, use a hyphen between the first and last ports in the range.
Note
Specifying a port range is only possible when the specified IP protocol is either TCP or UDP (or
undefined, taking the wild-card value, *).
Only a flow whose port matches one of these ports are mapped to this protocol element.
The protocol element is defined.
Step 11 Click Close.
The Protocol Settings dialog box closes.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
30
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Protocol Elements
Instead, if the protocol element that you have defined is not unique in this service configuration, a Protocol
Error message appears.
Figure 27: Protocol Error
Step 12 Click OK.
Step 13 Modify or delete the protocol element.
Step 14 Click Close.
The Protocol Settings dialog box closes.
Editing Protocol Elements
You can modify all protocol elements, even those protocol elements that are included in the Console installation.
Note
All changes to the protocol element are saved as you make them.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Protocols .
The Protocol Settings dialog box appears.
Step 2
Step 3
Step 4
In the Protocols tab, select a protocol.
In the Protocol Elements tab, select a protocol element.
Click in the Signature cell of the protocol element, and then click the Browse button that appears in the cell.
The Select a Signature dialog box appears.
Step 5
Step 6
Select a signature from the list.
Click OK.
The Select a Signature dialog box closes.
Step 7
Click in the IP Protocol cell of the protocol element, and then click the Browse button that appears in the cell.
The Select an IP Protocol dialog box appears.
Step 8
Step 9
Select an IP protocol from the list.
Click OK.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
31
Traffic Classification Using Service Configuration Editor
Introduction to Managing Protocol Elements
The Select an IP Protocol dialog box closes.
Step 10 In the Port Range cell of the protocol element, enter a port or range of ports.
Changes to the protocol element are saved as you make them.
Step 11 Click Close.
The Protocol Settings dialog box closes.
Instead, if the protocol element that you have modified is not unique in this service configuration, a Protocol
Error message appears.
Step 12 Click OK.
Step 13 Modify or delete the protocol element.
Step 14 Click Close.
The Protocol Settings dialog box closes.
Deleting Protocol Elements
You can delete all protocol elements, even those protocol elements that are included in the Console installation.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Protocols .
The Protocol Settings dialog box appears.
Step 2
Step 3
Step 4
Select a protocol in the Protocols tab.
In the Protocol Elements tab, select a protocol element.
In the Protocol Elements tab, click the Delete Protocol Element (
A Protocol Warning message appears.
) icon.
Figure 28: Protocol Warning
Step 5
Click Yes.
The protocol element is deleted from the Protocol Elements tab.
Step 6
Click Close .
The Protocol Settings dialog box closes.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
32
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Zones
Introduction to Managing Zones
A zone is a collection of destination IP addresses; usually the addresses in one zone are related in some way.
Zones are used to classify network sessions; each network session is assigned to a service element based on
its destination IP address.
A service configuration can contain up to 40,000 zone items on Cisco SCE 10,000 device. The maximum
allowed size for IPv4 is 32,000 and 8000 for IPv6. IPv4 and IPv6 are each addresses for individual unique
ports.
This section explains the following procedures:
BGP Autonomous System Dynamic Detection
The BGP Autonomous System (BGP AS) Dynamic Detection feature enables you to provision the BGP
autonomous system as IP prefixes to the Cisco SCE zones.
With the BGP AS Dynamic Detection feature, you can:
• Add the complete AS number node and all the IP prefixes under it to a new zone.
• Add the IP Prefixes obtained from the AS number nodes to an existing zone.
• Add IP prefixes to a new zone.
• Delete IP prefixes from a zone.
For details, see the following sections:
• BGP AS Dynamic Detection Workflow, on page 40
• Enabling BGP AS Dynamic Detection, on page 41
• Collecting and Storing the BGP Autonomous System Details, on page 41
• Creating a New Zone with Select BGP AS Numbers and Prefixes, on page 42
• BGP AS Numbers and Prefixes Color Schema, on page 44
• Updating a Zone with Select BGP AS Numbers and Prefixes, on page 44
• Deleting IP Prefixes from a Zone, on page 44
Viewing Zones
You can view a list of all zones and their associated zone items.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Zones .
The Zone Settings dialog box appears.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
33
Traffic Classification Using Service Configuration Editor
Adding Zones
The Zones tab displays a list of all zones. The first zone in the list is selected, and its zone items are displayed
in the Zone Items tab.
Figure 29: Zone Settings
Step 2
Click a zone in the list to display its zone items.
The zone items of the selected zone are displayed in the Zone Items tab.
Step 3
Click Close .
Timesaver
If you enable the automatic zone provisioning, an Advanced Import button will be available.
Click the Advanced Import button to import the BGP AS numbers and prefixes to create Zones.
See the Creating a New Zone with Select BGP AS Numbers and Prefixes, on page 42 section.
Adding Zones
Procedure
Step 1
Step 2
From the Classification tab in the left pane, choose Configuration > Classification > Zones.
The Zone Settings dialog box appears.
In the Zones tab, click the Add Zone (
) icon.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
34
OL-31849-01
Traffic Classification Using Service Configuration Editor
Adding Zones
The Zone Settings dialog box appears.
Figure 30: Zone Settings
Step 3
Step 4
In the Name field, enter a unique name for the new zone.
From the Advanced tab, from the Zone Index drop-down list, select an ID for the zone.
The zone ID must be a positive integer in the range from 1 to 32767.
Note
The system provides the value of the zone ID. Do not modify this field.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
35
Traffic Classification Using Service Configuration Editor
Adding Zones
Figure 31: Zone Settings - Advanced Tab
Step 5
Step 6
Step 7
Step 8
(Optional) Check the Classify using zones only check box. Click Yes in the pop up window to confirm. If
you enable this option, the Cisco SCE classifies the data flows based on the zone to which the data flows
belong.
Note
If you enable this option on an existing zone, every service element that references the selected zone
is deleted.
Check the Map this Zone to exclusive zone usage counters check box to map the Zone to exclusive zone usage
counters, or share default counter with other zones.
The Zone Settings dialog box appears.
From the Counter Index drop-down list, select an index for the zone.
The Counter Index must be a positive integer in the range from 1 to 1023.
Click OK.
The Zone Settings dialog box closes.
What to Do Next
The new zone is added to the Zones tab. You can now add zone items. (See Adding Zone Items, on page
38 section.)
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
36
OL-31849-01
Traffic Classification Using Service Configuration Editor
Editing Zones
Editing Zones
You can modify zone parameters at any time.
To add, modify, or delete zone items, see Introduction to Managing Zone Items , on page 38 section.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Zones.
The Zone Settings dialog box appears.
Step 2
Step 3
In the Zones tab, select a zone.
Step 4
Modify fields in the dialog box.
a) In the Name field, enter a new name for the zone.
b) From the Zone Index drop-down list, select an ID for the zone.
The zone ID must be a positive integer in the range from 1 to 32767.
Click the Edit Zone (
) icon.
The Zone Settings dialog box appears.
Note
Step 5
The system provides the value of the zone ID. Do not modify this field.
Click OK.
The Zone Settings dialog box closes.
The new values of the zone parameters are saved.
Step 6
Click Close.
The Zone Settings dialog box closes.
Deleting Zones
You can delete any or all zones.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Zones .
The Zone Settings dialog box appears.
Step 2
Step 3
In the Zones tab, select a zone.
In the Zones tab, click the Delete Zone (
) icon.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
37
Traffic Classification Using Service Configuration Editor
Introduction to Managing Zone Items
A Zone Warning message appears.
Figure 32: Zone Warning
Step 4
Click OK.
If any service element references the selected zone, a second Zone Warning message appears.
Figure 33: Zone Warning
Step 5
Click Yes.
Every service element that references the selected zone is deleted.
The zone is deleted and is no longer displayed in the Zones tab.
Step 6
Click Close.
The Zone Settings dialog box closes.
Introduction to Managing Zone Items
A zone is a collection of related zone items. A zone item is an IP address or a range of IP addresses.
A service configuration can contain up to 40,000 zone items on Cisco SCE 10,000 device. The maximum
allowed size for IPv4 is 32,000 and 8000 for IPv6. IPv4 and IPv6 are each addresses for individual unique
ports.
Adding Zone Items
You can add several zone items to a zone. The maximum allowed size for IPv4 is 32000 and 8000 for IPv6.
IPv4 and IPv6 are each addresses for individual unique ports.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
38
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Zone Items
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Zones.
The Zone Settings dialog box appears.
Step 2
Step 3
In the Zones tab, select a zone.
Step 4
Double-click the new list item and enter a valid value.
A valid value is either a single IP address (for example, 63.111.106.7 or
ABCD:1111:97EF:F641:0F2A:ABCD:1111:97EF) or a range of IP addresses (for example, 194.90.12.0/24
or ABCD:1111:97EF:F641:0F2A:ABCD:1111:97EF/128). For IPv6 zones, the valid range is from 0 to 128.
Step 5
Step 6
Repeat Steps 3 and 4 for other IP addresses that are part of this zone.
Click Close.
The Zone Settings dialog box closes.
In the Zone Items tab, click the Add Zone Item (
A new line is added to the Zone Items table.
) icon.
Instead, if the zone item that you have defined is not unique in this service configuration, a Zone Error message
appears.
Figure 34: Zone Error
Step 7
Step 8
Step 9
Click OK.
Modify or delete the zone item.
Click Close.
The Zone Settings dialog box closes.
Editing Zone Items
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Zones .
The Zone Settings dialog box appears.
Step 2
In the Zones tab, select a zone.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
39
Traffic Classification Using Service Configuration Editor
Introduction to Managing Zone Items
Step 3
Step 4
In the Zone Items tab, double-click a zone item.
Enter a new value for the zone item.
A valid value is either a single IP address (for example, 63.111.106.7 or
ABCD:1111:97EF:F641:0F2A:ABCD:1111:97EF) or a range of IP addresses (for example, 194.90.12.0/24
or ABCD:1111:97EF:F641:0F2A:ABCD:1111:97EF/128). For IPv6 zones, the valid range is from 0 to 128.
Step 5
Click Close.
The Zone Settings dialog box closes.
Instead, if the zone item that you have modified is not unique in this service configuration, a Zone Error
message appears.
Step 6
Step 7
Step 8
Click OK.
Modify or delete the zone item.
Click Close.
The Zone Settings dialog box closes.
Deleting Zone Items
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Zones .
The Zone Settings dialog box appears.
Step 2
Step 3
Step 4
In the Zones tab, select a zone.
In the Zone Items tab, select a zone item.
Step 5
Click Close .
The Zone Settings dialog box closes.
In the Zone Items tab, click the Delete Zone Item (
The zone item is deleted.
) icon.
BGP AS Dynamic Detection Workflow
This section provides details on the BGP AS Dynamic Detection workflow:
1 When you run the asFetch.bat script, the script downloads the AS number and IP prefixes from the
configured BGP router using the SNMP MIBs
2 The script converts the prefixes to IP ranges and stores the details in a local file. If you configure a scheduler
to run the script periodically, during each run, the IP file gets overwritten with a new one.
3 Cisco SCA BB:
a Maps each zone name to the parameter of SCA BB zone configuration, such as Zone Index.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
40
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Zone Items
b Pushes parameters such as zone and zone items (BGP routes) to the Cisco SCE while applying the
configuration.
c Configures the Services configured on various zones and pushes the configuration to the Cisco SCE.
4 Cisco SCE controls the service bandwidth based on the services configured on various zones.
Enabling BGP AS Dynamic Detection
By default, BGP AS Dynamic Detection is disabled on Cisco SCA BB.
Procedure
Step 1
Step 2
Step 3
Step 4
Choose Windows > Preferences.
In the Preferences window, expand the Service Configuration.
Step 5
Step 6
Click Apply.
Click OK.
Click Automatic Zone Provisioning.
Check the Enable Automatic Zone Provisioning check box.
Collecting and Storing the BGP Autonomous System Details
The Cisco SCA BB asFetch script uses SNMP MIBs to fetch the BGP Autonomous System (BGP AS) numbers
and prefixes.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
41
Traffic Classification Using Service Configuration Editor
Introduction to Managing Zone Items
The routerInfo.properties file, asFetch.bat, and asFetch.sh are in the sca_bb_util\bin folder.
Procedure
Step 1
Enter the router IP and SNMP community string in the routerInfo.properties file.
If AS numbers and IP prefixes have to be generated for more than one router IP, enter the router IP address
of the community string separated by a comma (,) in the routerInfo.properties file.
Step 2
Run the asFetch.bat script.
You can run the script manually or use a scheduler to run the script periodically.
Run the asFetch.bat file to generate the BGPRouter<number>.csv files based on the number of IP addresses
entered in the properties file. For example, if two IP addresses are specified in the properties file, The
BGPRouter1.csv and BGPRouter2.csv files get generated.These .csv files contain the AS number and IP
prefix details. These files can be imported from the Zone settings window.
The script fetches the AS number and IP prefix details and saves them in the BGPRouter<number>.csv file
that is present in the same folder in which you have extracted the asFetch script.
Creating a New Zone with Select BGP AS Numbers and Prefixes
Before You Begin
Before attempting to add the BGP AS numbers and prefixes to zones, enable automatic zone provisioning
and run the asFetch script to get the BGP AS details into the BGPRouter<number>.csv file.
Procedure
Step 1
Step 2
Step 3
Step 4
From the Service Configuration Editor window, choose Configuration > Classification > Zones.
In the Zone Settings window, click Advanced Import.
Browse to the folder in which the BGPRouter<number>.csv file is saved, and select the
BGPRouter<number>.csv file.
Click Open.
The AS No & Prefixes dialog box appears.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
42
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Zone Items
Step 5
Step 6
Step 7
Step 8
Step 9
Select the corresponding AS Number.
Click Add.
Enter a New Zone Name.
Click OK.
Click OK.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
43
Traffic Classification Using Service Configuration Editor
Introduction to Managing Zone Items
BGP AS Numbers and Prefixes Color Schema
The AS Number and Prefixes dialog box uses various colors to indicate new prefixes, prefixes added to a
zone, or changes to the AS Number to which the prefix belongs.
Green color indicates a new prefix that does not belong to any zone. After you add the prefix to a zone, the
color of the prefix in the prefix list and the zone changes to black. If you remove the prefix from the zone,
the color of the prefix in the prefix list changes to green again.
Blue color indicates that the prefix has moved from one AS to another. This helps you decide whether to move
the prefix to another zone.
Red color indicates that the prefix is not a part of the AS Numbers and Prefixes list.
Updating a Zone with Select BGP AS Numbers and Prefixes
Procedure
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
From the Service Configuration Editor window, choose Configuration > Classification > Zones .
In the Zone Settings window, click Advanced Import .
Browse to the folder in which the BGPRouter<number>.csv file is saved and select the
BGPRouter<number>.csv file.
Click Open.
The AS No & Prefixes dialog box appears.
Select the corresponding AS Number.
Click Update.
Choose a zone from the drop-down list.
Click OK.
Click OK.
Timesaver
From the AS No & Prefixes dialog box, you can drag and drop the required AS numbers and
IP prefixes to the required zones.
Deleting IP Prefixes from a Zone
You can delete IP prefixes only from a zone and not from the AS Numbers and Prefixes list.
Procedure
Step 1
Step 2
Select the prefixes you want to delete.
Click Delete .
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
44
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Protocol Signatures
Introduction to Managing Protocol Signatures
A protocol signature is a set of parameters that uniquely identify a protocol.
Viewing Protocol Signatures
You can view a list of all signatures and the protocol to which each is assigned.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Signatures Settings .
The Signatures Settings dialog box appears.
Figure 35: Signatures Settings
Step 2
Click Close.
The Signatures Settings dialog box closes.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
45
Traffic Classification Using Service Configuration Editor
Filtering the Protocol Signatures List
Filtering the Protocol Signatures List
You can filter the signature by type, so that the Signatures Settings dialog box lists only the selected type of
signature.
The signature categories are:
• DSS Contributed Signatures
• Not Assigned to any Protocol
• P2P Signatures
• VoIP Signatures
• SIP Signatures
• Worm Signatures
• Packet Stream Pattern Based Protocols Signatures
• Unidirectionally Detected Signatures
• Behavioral Signatures
• E-Mail and Newsgroups Signatures
• Gaming Signatures
• HTTP Signatures
• Instant Messaging Signatures
• Net Admin Signatures
• Video Signatures
• Tunneling Signatures
• ClickStream Signatures
Note
Some signatures belong to more than one category.
Procedure
Step 1
From the Console main menu, choose Configuration > Classification > Signatures Settings .
The Signatures Settings dialog box appears.
Step 2
From the drop-down list, select the type of signature to display.
The signatures of the selected type appear in the dialog box.
Step 3
Click Close.
The Signatures Settings dialog box closes.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
46
OL-31849-01
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
Dynamic Signatures
New protocols are being introduced all the time. Dynamic signatures is a mechanism that allows new protocols
to be added to the protocol list and, from there, to service configurations. Dynamic Signature is especially
useful for classifying the traffic of a new protocol (for example, a new P2P protocol in a P2P-Control solution).
• Installing new signatures to an active service configuration is described in Working with Protocol Packs.
• Creating and modifying signatures is described in The Signature Editor Overview.
• Using servconf, the Cisco SCA BB Server Configuration Utility, to apply signatures is described in
The Cisco SCA BB Service Configuration Utility.
The following sections describe working with dynamic signatures in the Service Configuration Editor.
• Dynamic Signature Script Files , on page 47.
• The Default DSS File , on page 48 The Default DSS File.
Dynamic Signature Script Files
Dynamic signatures are provided in special Dynamic Signatures Script (DSS) files that you can add to a
service configuration using either the Console or the Service Configuration API. After a DSS file is imported
into a service configuration, the new protocols it describes:
• Appear in the protocol list.
• May be added to services.
• Are used when viewing reports.
To simplify the configuration of new protocols added by a DSS, the DSS may specify a Buddy Protocol for
a new protocol. If, when loading a DSS, the application encounters the Buddy Protocol, it automatically
duplicates the set of service elements that use the Buddy Protocol, and replaces all references to the Buddy
Protocol with references to the new protocol. The association of the new protocol to services matches that of
the Buddy Protocol.
The following configuration actions are performed automatically when you import a DSS into a service
configuration:
• Signatures are updated and new signatures are loaded.
• Protocol elements are created for new signatures of existing protocols.
• New protocols are added to the protocol list, and protocol elements are created for them.
• Service elements are created for new protocols according to the configuration of Buddy Protocols.
The import procedure preserves all service and protocol settings.
Note
After importing a DSS, associate the newly added protocols with services.
Cisco or its partners releases DSS files periodically in accordance with customer requirements and market
needs.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
47
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
DSS files contain new protocols and signatures, and update previously defined signatures. Updating a service
configuration with the new DSS is explained in Importing a Dynamic Signature Script into a Service
Configuration , on page 50.
Note
You can create your own DSS files or modify the Cisco release DSS file using the Signature Editor tool
(see Managing DSS Files Overview section).
• Viewing Information About the Current Dynamic Signatures, on page 48
• Importing a Dynamic Signature Script into a Service Configuration , on page 50
• Removing Dynamic Protocol Signatures , on page 57
The Default DSS File
Whenever a protocol pack becomes available from Cisco (or one of its partners), you should update offline
service configurations (stored as PQB files on the workstation). The protocol pack (see Protocol Packs section)
is provided as either an SPQI file or a DSS file.
You can either offer updates automatically to every service configuration created or edited at the workstation,
or apply them from the workstation to the Cisco SCE platform. You make the latest update available by
installing the most recent DSS or SPQI file as the default DSS file. You can install the file on the workstation
either from the Console or by using The Cisco SCA BB Signature Configuration Utility.
• The default DSS file is automatically offered for import when you perform any service configuration
operation (such as creating a new service configuration or editing an existing one) from the Console on
a service configuration that was not yet updated.
• The default DSS file is imported by default when any service configuration operation (such as applying
an existing service configuration) is performed using servconf, The Cisco SCA BB Signature
Configuration Utility. You can disable this option.
Note
Users are expected to update the default DSS on their management workstation whenever they obtain a
new protocol pack, as explained in the following section.
• Introduction to Setting and Clearing the Default DSS File, on page 54
• Introduction to Importing Dynamic Signatures from the Default DSS File, on page 51
Viewing Information About the Current Dynamic Signatures
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Signatures Settings .
The Signatures Settings dialog box appears.
Step 2
Click the Signatures Script tab.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
48
OL-31849-01
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
The Signatures Script tab opens.
• If no DSS file was imported into the current service configuration, the Signatures Settings dialog box
displays a message informing you of this.
Figure 36: Signature Settings
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
49
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
• If a DSS file was imported into the current service configuration, the Signatures Settings dialog box
displays information about the current dynamic signatures and the DSS file from which they were
imported.
Figure 37: Signature Settings
Step 3
Click Close.
The Signatures Settings dialog box closes.
Importing a Dynamic Signature Script into a Service Configuration
You can import signatures into a service configuration from a DSS file provided by Cisco or one of its partners
(described in this section), or from a DSS file that you have created or modified using the Signature Editor
tool (see Managing DSS Files Overview section).
Note
It is recommended that you import the latest default DSS file (see Importing the Default DSS File
Automatically , on page 52 section) when creating a service configuration, and that you use this option
only to apply a new DSS to existing service configuration.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
50
OL-31849-01
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Signatures Settings.
The Signatures Settings dialog box appears.
Step 2
Click the Signatures Script tab.
The Signatures Script tab opens.
Step 3
Click Import from File.
An Import Warning message appears.
Figure 38: Import Warning
Step 4
Click Yes.
The Import from file dialog box appears.
Step 5
Browse to the DSS file and click Open .
The Import from file dialog box closes.
The signatures in the DSS file are imported into the service configuration.
Information about the imported signatures and their DSS file is displayed in the Signatures Settings dialog
box.
Step 6
Click Close.
The Signatures Settings dialog box closes.
Introduction to Importing Dynamic Signatures from the Default DSS File
If a default DSS file is installed, the application offers to import the dynamic signatures from the file when
you create a new service configuration or when you open an existing service configuration that has not imported
the signatures. Alternatively, you can manually import the dynamic signatures.
• Importing the Default DSS File Automatically , on page 52
• Importing the Default DSS File Manually, on page 52
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
51
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
Importing the Default DSS File Automatically
Procedure
Step 1
Open an existing service configuration or create a new one.
A Default Signature message appears.
Figure 39: Default Signature
Step 2
Click Yes to import the default DSS file; click No to continue without importing the default DSS file.
Importing the Default DSS File Manually
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Signatures Settings .
The Signatures Settings dialog box appears.
Step 2
Click the Signatures Script tab.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
52
OL-31849-01
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
The Signatures Script tab opens, with the Import Default DSS button enabled.
Figure 40: Signatures Settings
Step 3
Click Import Default DSS.
An Import Warning message appears.
Figure 41: Import Warning
Step 4
Click Yes .
The signatures in the default DSS file are imported into the service configuration.
The Import Default DSS button is dimmed.
Information about the imported signatures and the default DSS file is displayed in the Signatures Settings
dialog box.
Step 5
Click Close.
The Signatures Settings dialog box closes.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
53
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
Introduction to Setting and Clearing the Default DSS File
The default DSS file should normally be the latest protocol pack provided by Cisco (or one of its partners).
If necessary, modify the protocol pack using the Signature Editor tool (see Editing DSS Files section) to add
signatures of new protocols until they become available from Cisco.
Whenever a new protocol pack becomes available, set it as the default DSS file. There is no need to clear the
current default DSS file; it is overwritten by the new protocol pack.
• Setting a Protocol Pack as the Default DSS File , on page 54
• Clearing the Default DSS File , on page 56
Setting a Protocol Pack as the Default DSS File
Procedure
Step 1
From the Console main menu, choose Window > Preferences .
The Preferences dialog box appears.
Step 2
From the menu tree in the left pane of the dialog box, choose Service Configuration > Default DSS .
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
54
OL-31849-01
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
The Default DSS area opens in the right pane of the dialog box.
Figure 42: Preferences
Step 3
Click Choose File.
An Open dialog box appears.
Step 4
Step 5
Step 6
From the Files of type drop-down list, select the file type of the protocol pack.
Browse to the protocol pack.
Click Open.
The Open dialog box closes.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
55
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
Information about the default DSS file is displayed in the Default DSS area of the Preferences dialog box.
Figure 43: Preferences - Default DSS
Step 7
Click OK.
The DSS file is copied to C:\Documents and Settings\<username>\.p-cube\default3.6.5.dss as the default DSS
file. In Windows 7, the DSS file is copied to C:\Users\<username>\.p-cube\.
The Preferences dialog box closes.
Clearing the Default DSS File
Procedure
Step 1
From the Console main menu, choose Window > Preferences .
The Preferences dialog box appears.
Step 2
From the menu tree in the left pane of the dialog box, choose Service Configuration > Default DSS.
The Default DSS area opens in the right pane of the dialog box.
Step 3
Click Clear Default DSS.
The default DSS file, C:\Documents and Settings\<username>\.p-cube\default4.1.0.dss, is deleted. In Windows
7, the default DSS file is C:\Users\<username>\.p-cube\default4.1.0.dss.
All information is deleted from the Default DSS area.
Deleting the default DSS file does not remove the imported dynamic signatures from the current
service configuration.
Click OK.
Note
Step 4
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
56
OL-31849-01
Traffic Classification Using Service Configuration Editor
Dynamic Signatures
The Preferences dialog box closes.
Removing Dynamic Protocol Signatures
You can remove the installed dynamic signatures from a service configuration.
Note
The DSS file is not deleted.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Signatures Settings .
The Signatures Settings dialog box appears.
Step 2
Click the Signatures Script tab.
The Signatures Script tab opens.
Step 3
Click Remove .
A Dynamic Signature Script Confirmation message appears.
Figure 44: Dynamic Signature Script Confirmation
Step 4
Click OK.
If any service element references a protocol whose signature is included in the imported DSS file, a Dynamic
Signature Script Removal Error message appears.
Figure 45: Dynamic Signature Script Removal Error
Step 5
Click Yes
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
57
Traffic Classification Using Service Configuration Editor
Introduction to Managing Flavors
Every service element that references a protocol whose signature is included in the imported DSS file is
deleted.
The dynamic signatures are removed from the service configuration.
The Remove button is dimmed.
If the dynamic signatures were imported from the default DSS file, the Import Default DSS button is enabled.
Step 6
Click Close.
The Signatures Settings dialog box closes.
Introduction to Managing Flavors
Flavors are advanced classification elements that are used to classify network sessions.
Flavors are based on specific Layer 7 properties. For example, users can associate an HTTP flow with a service
based on different parts of the destination URL of the flow.
Note
When you configure flavors, you cannot configure < and > symbols to be part of a URL.
Flavors are supported only for small number of protocols, and for each such protocol there are different
applicable flavor types. Flavor types are listed in the table in the following section.
There is a maximum number of flavor items for each flavor type (see Maximum Number of Flavor Items per
Flavor Type , on page 66 section). For each flavor type, every flavor item must be unique.
Note
If unidirectional classification is enabled in the active service configuration, flavors are not used for traffic
classification.
Flavor Types and Parameters
Flavors are advanced classification elements that classify network sessions according to signature-specific
Layer 7 properties.
When Layer 7 application properties are used as session parameters, such as with an HTTP User Agent, They
are treated as character strings.
Layer 7 parameter-based flavor items may apply to the Layer 7 prefix (parameter beginning), Layer 7 suffix
(parameter end), or a combination of Layer 7 prefixes and suffixes. A partial string must be followed by “*”
in a prefix and preceded by “*” in a suffix.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
58
OL-31849-01
Traffic Classification Using Service Configuration Editor
Flavor Types and Parameters
Table 1: Cisco SCABB Flavors
Flavor Type
Matched Session Parameters
Valid Values
HTTP Composite
HTTP User Agent, HTTP URL,
<HTTP User Agent flavor, HTTP
HTTP Cookie and HTTP Referer URL flavor, HTTP Cookie flavor,
flavors serve as session parameters. HTTP Referer flavor>
• The flavors can be chosen
using flavor browsing.
HTTP User Agent
HTTP URL
HTTP User-Agent retrieved from <User-Agent prefix>
the HTTP <User-Agent prefix>
Examples:
Request header field, from the
beginning of the Request header
• <Moz*> matches all HTTP
sessions with User-Agent
until the first “/”.
field starting with “Moz”.
For example, if the HTTP Request
header field is Mozilla/4.0, the
HTTP User Agent retrieved is
Mozilla.
• <Mozilla> matches all HTTP
sessions with User-Agent
field equal to “Mozilla”.
If you want to configure the HTTP
User Agent flavor with a Forward
slash (/), set the value of the
GT_CLS_ENABLE_FULL_USER_AGENT_BASED_FLA
VOR_CALCULATO
IN
tunable to True.
• The maximum key length is
32 characters.
<host suffix, path prefix, path
• Host—Retrieved either from suffix, URL parameters prefix>>
the HTTP Host header field
or from the Request URL. In
• At least one parameter must
be specified.
the latter case, the section
from the beginning of the
• For example:
URL until the first “/” is
<*cisco.com,*,*,*> matches
considered the Host.
all HTTP sessions with the
Host ending with
• Path—Retrieved from the
“cisco.com”, regardless of the
HTTP URL, the section from
values of Path and
the first “/” to the “?”.
Parameters.
• URL parameters—Any string
• The maximum key length for
following the “?” (You do not
all keys is 512 characters.
need to start the params with
“?”).
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
59
Traffic Classification Using Service Configuration Editor
Flavor Types and Parameters
Flavor Type
Matched Session Parameters
Valid Values
HTTP Cookie
Cookie “Key-Value” pairs that are <key prefix, value prefix>
retrieved from the HTTP Request
• For example: <act*,*>
header Cookie field.
matches any Cookie pair
A Cookie may consist of many
where the Key begins with
“Key-Value” pairs; however, only
“act”, regardless of the Value.
the first three pairs are calculated.
• A flavor can be configured
The Cookie flavor calculation stops
so that the Value field is
when one of the “Key-Value” pairs
required to be empty. In this
matches the specification, or when
case, this field should be left
it has exceeded the three pair limit.
empty in the flavor item.
• White spaces are not allowed,
“=” is not allowed, and “*” is
only allowed at the end of the
Key or Value.
• The maximum key length is
100 characters for both the
Key and Value fields
HTTP Referer
Similar to HTTP URL, but the
parameters are retrieved from the
Referer HTTP header field.
<host suffix, path prefix, path
suffix, URL parameters prefix>>
• At least one parameter must
be specified.
• For example:
<*cisco.com,*,*,*> matches
all HTTP sessions with the
Host ending with
“cisco.com”, regardless of the
values of Path and
Parameters.
• The maximum key length for
all keys is 512 characters.
HTTP Content Category
Content Categories can be
Value selected from Select a
imported using the Import dialog Content Category dialog box.
box or the HTTP Content Filtering
Settings dialog box.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
60
OL-31849-01
Traffic Classification Using Service Configuration Editor
Flavor Types and Parameters
Flavor Type
Matched Session Parameters
Valid Values
RTSP User Agent
RTSP User-Agent field that is
<RTSP User Agent prefix>
retrieved from the RTSP message
• For example: <abc*>
header.
matches all RTSP sessions
where the User-Agent starts
with “abc”.
• The maximum key length is
128 characters
RTSP Host Name
RTSP Host field that is retrieved
from the RTSP message header.
<RTSP Host suffix>
• For example: <*abc>
matches all RTSP sessions
where the Host ends with
“abc”.
• The maximum key length is
128 characters
RTSP Composite
RTSP User Agent and RTSP Host <RTSP User Agent flavor, RTSP
Name flavors serve as session
Host Name flavor>
parameters.
SIP Source Domain
SIP Source Host field that is
retrieved from the SIP message
header.
<SIP Host suffix>
• For example: <*abc>
• The maximum key length is
128 characters
SIP Composite
SIP Source Host and SIP
Destination Host serve as session
parameters.
<SIP source domain, SIP
destination domain>
SIP Destination Domain
SIP Destination Host field that is
retrieved from the SIP message
header.
<SIP Host suffix>
• For example: <*abc>
• The maximum key length is
128 characters
SMTP Host Name
SMTP Host field that is retrieved
from the SMTP message header
• <SMTP Host suffix>
• For example: <*abc>
• The maximum key length is
128 characters
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
61
Traffic Classification Using Service Configuration Editor
Viewing Flavors
Note
Flavor Type
Matched Session Parameters
Valid Values
ToS
DSCP value extracted from the IP DSCP ToS (integer from 0 through
header
63)
Composite Flavors are pairs of two defined flavors.
Viewing Flavors
You can view a list of all flavors and their associated flavor items.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Flavors .
The dialog box appears.
Figure 46: Flavor Settings
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
62
OL-31849-01
Traffic Classification Using Service Configuration Editor
Adding Flavors
The left area displays a tree showing all flavors of each flavor type.
Step 2
Click a flavor in the tree to display its flavor items.
Figure 47: Flavor Settings
The flavor items are displayed in the right area.
Step 3
Click OK.
The Flavor Settings dialog box closes.
Adding Flavors
You can import flavors from a CSV file. CSV files can be created by exporting flavors or created manually
as described in the “CSV File Formats” chapter of Cisco Service Control Application Suite for Broadband
Reference Guide .
You can add any number of flavors to a service configuration.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Flavors .
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
63
Traffic Classification Using Service Configuration Editor
Editing Flavors
The Flavor Settings dialog box appears.
Step 2
Step 3
In the flavor tree, select a flavor type.
Click the Add Flavor (
) icon.
A new flavor of the selected type is added to the flavor tree.
Figure 48: Flavor Settings - Adding Flavors
Step 4
In the Name field, enter a name for the new flavor.
Note
You can use the default name for the flavor. It is recommended that you enter a meaningful name.
Step 5
(Optional) In the Index field, enter a unique integer value.
Note
Cisco SCA BB provides a value for the Index. There is no need to change
it.
The flavor index must be a positive integer in the range from 1 to 2147483647.
You have defined the flavor. You can now add flavor items. (See Adding Flavor Items, on page 67 section.)
Editing Flavors
You can modify flavor parameters at any time.
To add, modify, or delete flavor items, see Introduction to Managing Flavor Items, on page 66 section .
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
64
OL-31849-01
Traffic Classification Using Service Configuration Editor
Deleting Flavors
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Flavors .
The Flavor Settings dialog box appears.
Step 2
In the flavor tree, select a flavor.
The name and index of the flavor (and its flavor items) are displayed in the right area.
Step 3
Modify fields in the dialog box:
a) In the Name field, enter a new name for the flavor.
b) In the Index field, enter a new, unique index for the flavor.
The flavor index must be a positive integer in the range from 1 to 2147483647.
Step 4
Click OK.
The Flavor Settings dialog box closes.
Deleting Flavors
You can delete any or all flavors.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Flavors .
The Flavor Settings dialog box appears.
Step 2
In the flavor tree, right-click a flavor.
A popup menu appears.
Step 3
Click the Delete (
) icon.
A Confirm Delete message appears.
Figure 49: Confirm Delete
Step 4
Click OK.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
65
Traffic Classification Using Service Configuration Editor
Introduction to Managing Flavor Items
If any service element references the selected flavor, a Confirm References Delete message appears.
Figure 50: Confirm References Deletion
Step 5
Click Yes.
Every service element that references the selected flavor is deleted.
The flavor is deleted and is no longer displayed in the flavor tree.
Step 6
Click Close.
The Flavor Settings dialog box closes.
Introduction to Managing Flavor Items
A flavor is a collection of related flavor items.
A flavor item is a value of a property or properties of a flow. These properties depend on the flavor type (see
Flavor Types and Parameters , on page 58 section).
There is a maximum number of flavor items for each flavor type. For each flavor type, every flavor item must
be unique.
Maximum Number of Flavor Items per Flavor Type
Table 2: Maximum Number of Flavor Items per Flavor Type
Flavor Type
Maximum No. of Flavor Items
HTTP Composite
10,000
HTTP User Agent
128
HTTP URL
100,000
HTTP Cookie
100
HTTP Referer
100
HTTP Content Category
—
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
66
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Flavor Items
Flavor Type
Maximum No. of Flavor Items
RTSP Composite
10,000
RTSP User Agent
128
RTSP Host Name
10,000
SIP Composite
10,000
SIP Source Domain
128
SIP Destination Domain
128
SMTP Host Name
10,000
ToS
64
Adding Flavor Items
You can add any number of flavor items to a flavor (subject to the limitation of the total number of each type
of flavor item per service configuration, as listed in the previous section).
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Flavors .
The Flavor Settings dialog box appears.
Step 2
In the flavor tree, click a flavor.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
67
Traffic Classification Using Service Configuration Editor
Introduction to Managing Flavor Items
Step 3
Above the flavor item list, click the Create New Flavor Item (
) icon.
Figure 51: Flavor Settings
A new flavor item is added to the flavor item list. The number and type of parameters in the flavor item depend
on the flavor type (see Flavor Types and Parameters , on page 58 section).
The new flavor item has a default value of all wild cards (*, asterisks).
Step 4
For each cell of the new flavor item, click the asterisk and then enter an appropriate value.
For composite flavors and for the HTTP Content Category flavor:
a) Click the asterisk.
A Browse button is displayed in the cell.
b) Click the Browse button.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
68
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Flavor Items
A Select dialog box appears, displaying all valid values for the parameter.
Figure 52: Select an HTTP User Agent
c) Select an appropriate value from the list.
d) Click OK.
The Select dialog box closes.
The selected value is displayed in the cell.
Step 5
Step 6
Repeat Steps 3 and 4 for other flavor items.
Click OK.
The Flavor Settings dialog box closes.
Editing Flavor Items
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Flavors .
The Flavor Settings dialog box appears.
Step 2
Step 3
Step 4
In the flavor tree, select a flavor.
In the flavor item list, select a flavor item.
For each cell of the selected flavor item, click the asterisk and then enter an appropriate value.
For composite flavors and for the HTTP Content Category flavor:
a) Click the asterisk.
A Browse button is displayed in the cell.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
69
Traffic Classification Using Service Configuration Editor
Example on How to Import a List of URLs and Block Them
b) Click the Browse button.
A Select dialog box appears, displaying all valid values for the parameter.
c) Select an appropriate value from the list.
d) Click OK.
The Select dialog box closes.
The selected value is displayed in the cell.
Step 5
Click OK.
The Flavor Settings dialog box closes.
Deleting Flavor Items
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Flavors .
The Flavor Settings dialog box appears.
Step 2
Step 3
In the flavor tree, select a flavor.
In the flavor item list, right-click anywhere in a flavor item.
A popup menu appears.
Step 4
Step 5
Click the Delete (
) icon.
The flavor item is deleted and is no longer displayed in the flavor item list.
Click Close .
The Flavor Settings dialog box closes.
Example on How to Import a List of URLs and Block Them
The following example shows how to import a URL file and configure the Cisco SCE to block these URLs
Procedure
Step 1
Step 2
Create a new flavor under the HTTP URL flavor type.
For details, see the Adding Flavors, on page 63 section.
Import a CSV file containing the URLS you wish to block.
For further information, see Importing Service Configuration Data section.
The CSV file formats are described in the “CSV File Formats” chapter of Cisco Service Control
Application Suit for Broadband Reference Guide .
Define a Service.
Note
Step 3
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
70
OL-31849-01
Traffic Classification Using Service Configuration Editor
Introduction to Managing Content Filtering
For further information, see Adding a Service to a Service Configuration , on page 4 section.
Step 4
Within the defined Service, add a service element that uses the new Flavor.
For further information, see Adding Service Elements , on page 12 section.
Step 5
Add a rule to the package in which you want to block the URLs, and associate it with the new Service.
For further information, see Adding Rules to a Package section.
Step 6
Configure the rule to block the flow.
For further information, see Defining Per-Flow Actions for a Rule section.
Introduction to Managing Content Filtering
Content filtering involves classification and control of HTTP flows according to the requested URL. The
classification of the URL is performed by accessing an external database.
Cisco SCA BB provides content filtering by integrating with a SurfControl Content Portal Authority (CPA)
server.
Note
Content filtering is not supported when unidirectional classification is enabled.
• Information About Content Filtering, on page 71
• The Content Filtering CLI, on page 72
• Configuring the RDR Formatter , on page 74
• Entering Line Interface Configuration Mode , on page 74
• Managing Content Filtering Settings, on page 74
Information About Content Filtering
The Cisco HTTP Content Filtering solution consists of:
• The Cisco SCE application
• The Cisco CPA client
• The SurfControl CPA server
The Cisco SCE application classifies each HTTP flow according to the category returned by the CPA server.
This classification is then used for Cisco SCA BB traffic control and reporting. For example, you can define
a rule to block browsing of the “Adult/Sexually Explicit” category or to generate reports on the volume
consumed by browsing the “Kids” or “Shopping” categories.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
71
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
The Cisco SCE Application
The Cisco service control application runs on the Cisco SCE platform. It forwards HTTP URLs that it extracts
from traffic to the CPA client and uses the categorization results to classify the original HTTP flow to a service.
This classification is then used for normal Cisco SCA BB traffic control and reporting.
The Cisco SCE application communicates with the CPA client using Raw Data Records (RDRs). See
Configuring the RDR Formatter , on page 74 section.
The Cisco CPA Client
The Cisco CPA client runs on the Cisco SCE platform. It sends URL queries to the CPA server for
categorization, and updates Cisco SCA BB with the categorization results.
The CPA client is installed as part of the Cisco SCA BB application (PQI) installation. Use the Cisco SCE
platform Command-Line Interface (CLI) (see The Content Filtering CLI, on page 72 section) to configure
and monitor the client.
The SurfControl CPA Server
The CPA server runs on a dedicated machine. It receives categorization requests from the CPA client, connects
to the SurfControl Content Database, and responds with the category ID of the queried URL.
The SurfControl CPA Server is installed on a separate server that must be accessible from the Cisco SCE
platform. Details of the installation are not within the scope of this document.
The Content Filtering CLI
Use the Cisco SCE platform Command-Line Interface (CLI) to configure and monitor content filtering using
SurfControl CPA. For more information about the Cisco SCE platform CLI, see the Cisco SCE10000 CLI
Command Reference.
CPA Client CLI Commands
The commands listed here are explained in the following section.
• Use the following CLI line interface configuration commands in line interface configuration mode to
configure the Cisco CPA client:
[[no]] cpa-client cpa-client destination address [port port] cpa-client retries number_of_retries
For details on entering the line interface configuration mode, see Entering Line Interface Configuration Mode
, on page 74 section).
• Use the following CLI command in EXEC mode to monitor the status of the Cisco CPA client:show
interface LineCard slot cpa-client
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
72
OL-31849-01
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
Description of CPA Client CLI Commands
Table 3: CPA Client CLI Commands
Command
Description
Default Value
[no] cpa-client
Enables or disables the CPA client Disabled
cpa-client destination <address> Enables the CPA client and sets the
CPA server IP address and port
[ port <port>]
• Address—not defined
• Port—9020
cpa-client retries
<number_of_retries>
Sets the number of retries to send
to the CPA server
3
show interface LineCard <slot> Monitors the CPA client status (See —
the following table)
cpa-client
Table 4: CPA Client: Monitored Parameters
Parameter
Description
Mode
Enabled or disabled
CPA Address
—
CPA Port
—
CPA Retries
—
Status
(If enabled) Active or error (and last error description)
Counters
• Number of successful queries
• Number of queries that failed because of no
server response
• Number of pending queries
• Rate of queries per second (average over the
last 5 seconds)
Timestamps
• CPA started
• Last query
• Last response
• Last error
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
73
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
Configuring the RDR Formatter
To enable the RDR formatter to issue HTTP categorization requests, configure the RDR formatter on the
Cisco SCE platform.
Procedure
Step 1
Step 2
Run the appropriate CLI commands on Cisco SCE platform.
Example:
#>RDR-formatter destination 127.0.0.1 port 33001 category number 4 priority 100
What to Do Next
For more information about configuring the RDR formatter, see either the “Raw Data Formatting: The RDR
Formatter” chapter of Cisco SCE10000 Software Configuration Guide .
Entering Line Interface Configuration Mode
To run line interface configuration commands you must enter line interface configuration mode and see the
SCE(config if)# prompt displayed.
Procedure
Step 1
Step 2
At the Cisco SCE platform CLI prompt (SCE#), type configure .
Press Enter.
The SCE(config)# prompt appears.
Step 3
Type interface LineCard 0.
Step 4
Press Enter.
The SCE(config if)# prompt appears.
Managing Content Filtering Settings
Applying HTTP URL content filtering requires the following steps in the Service Configuration Editor:
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
74
OL-31849-01
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
Procedure
Command or Action
Purpose
Step 1
Import the content filtering configuration file into
your service configuration.
By default, Cisco SCA BB creates a
separate flavor (of type HTTP Content
Category) for each content category
and a service element for each new
flavor. A new top-level service, “HTTP
Browsing with Categories”, is created,
comprising these service elements.
Step 2
Create new services and map the new category flavors
to them.
Step 3
Create additional rule entries for ClickStream services
for each flavor.
Step 4
Configure ClickStream Services with the HTTP
Browsing services for optimal HTTP content filtering.
Step 5
Add content filtering rules to existing packages or
create new packages that include content filtering
rules.
Step 6
Enable content filtering for selected packages.
Step 7
Apply the service configuration.
What to Do Next
1
2
3
4
5
Importing Content Filtering Categories, on page 75
Enabling Content Filtering, on page 82
Viewing Content Filtering Settings , on page 83
Configuring Content Filtering, on page 84
Removing Content Filtering Settings, on page 85
Importing Content Filtering Categories
Before you can control HTTP flows based on content, you must import an XML file provided with the
installation.
Note
You cannot import content filtering categories when unidirectional classification is enabled.
Procedure
Command or Action
Step 1
Purpose
Unzip the installation package.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
75
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
Command or Action
Step 2
Purpose
Open the URL Filtering subfolder.
What to Do Next
• HTTP Content Category Flavors, on page 76
• HTTP Browsing with Categories Service Elements, on page 77
• Importing Content Filtering Categories Using the Import Dialog Box, on page 77
• Importing Content Filtering Categories Using the HTTP Content Filtering Settings Dialog Box, on page
81
HTTP Content Category Flavors
By default, Cisco SCA BB creates a separate flavor (of type HTTP Content Category) for each content category
when importing the XML file.
Figure 53: Flavor Settings
You can create additional HTTP Content Category Flavors that include two or more content categories. (See
Adding Flavors, on page 63 section.)
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
76
OL-31849-01
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
HTTP Browsing with Categories Service Elements
By default, Cisco SCA BB creates a service element for each flavor created when importing the XML file. A
new top-level service, HTTP Browsing with Categories, is created, comprising these service elements.
Figure 54: Service Configuration Editor
Note
To view this new service, you must save and close the service configuration and then reopen it.
Importing Content Filtering Categories Using the Import Dialog Box
You can import content filtering categories using either the File > Import menu option or the Configuration
> Classification > Content Filtering menu option.
This procedure explains how to import using the File > Import menu option.
Note
This is equivalent to the following procedure.
Procedure
Step 1
From the Console main menu, choose File > Import .
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
77
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
The Import dialog box appears.
Figure 55: Import
Step 2
Step 3
From the import source list, select Import content filtering database settings from an XML file.
Click Next.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
78
OL-31849-01
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
The Import Content Filtering Database Settings dialog box appears.
Figure 56: Import Content Filtering Database Settings
Step 4
Click the Browse button next to the Select an XML file field.
An Open dialog box appears.
Step 5
Browse to the folder containing the file to import, and select it.
Note
For CPAof SurfControl, the file is named surfcontrol.xml.
Step 6
Click Open to select the file.
The Open dialog box closes.
Information about the content of the XML file is displayed in the Database Settings pane of the Import Content
Filtering Database Settings dialog box.
By default, Cisco SCA BB creates a separate flavor (of type HTTP Content Category) for each content category
when importing the XML file.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
79
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
By default, Cisco SCA BB creates a service element for each flavor created in the previous Step. A new
top-level service, HTTP Browsing with Categories, is created, comprising these service elements.
Step 7
(Optional) To disable the default behavior of creating a separate flavor for each content category, uncheck
the Create a distinct Flavor for each Content Category check box.
Note
It is recommended that you do not disable this option.
Step 8
(Optional) To disable the default behavior of creating service element for each flavor, uncheck the Create a
Service Element for each Content Category Flavor in Service ‘HTTP Browsing with Categories’ check box.
Note
It is recommended that you do not disable this option.
Step 9
Click Finish.
The Import Content Filtering Database Settings dialog box closes.
Information from the imported file is displayed in the Database Settings tab of the HTTP Content Filtering
Settings dialog box.
Figure 57: HTTP Content Filtering Settings
Step 10 Click OK.
The HTTP Content Filtering Settings dialog box closes.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
80
OL-31849-01
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
Importing Content Filtering Categories Using the HTTP Content Filtering Settings Dialog Box
You can import content filtering categories using either the File > Import menu option or the Configuration
> Classification > Content Filtering menu option.
This procedure explains how to import using the Configuration > Classification > Content Filtering menu
option.
Note
This is equivalent to the Importing Content Filtering Categories Using the Import Dialog Box, on page
77 procedure.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Content Filtering .
The HTTP Content Filtering Settings dialog box appears.
Step 2
Click the Database Settings tab.
The Database Settings tab opens.
Step 3
Click Import.
The Import Content Filtering Database Settings dialog box appears.
Step 4
Click the Browse button next to the Select an XML file field.
An Open dialog box appears.
Step 5
Browse to the folder containing the file to import, and select it.
Note
For the CPA of SurfControl, the file is named surfcontrol.xml.
Step 6
Click Open to select the file.
The Open dialog box closes.
Information about the content of the XML file is displayed in the Database Settings pane of the Import Content
Filtering Database Settings dialog box.
By default, Cisco SCA BB creates a separate flavor (of type HTTP Content Category) for each content category
when importing the XML file.
By default, Cisco SCA BB creates a service element for each flavor created in the previous Step. A new
top-level service, HTTP Browsing with Categories, is created, comprising these service elements.
Step 7
(Optional) To disable the default behavior of creating a separate flavor for each content category, uncheck
the Create a distinct Flavor for each Content Category check box.
Note
It is recommended that you do not disable this option.
Step 8
(Optional) To disable the default behavior of creating a service element for each flavor, uncheck the Create
a Service Element for each Content Category Flavor in Service ‘HTTP Browsing with Categories’ check box.
Note
It is recommended that you do not disable this option.
Step 9
Click Finish.
The Import Content Filtering Database Settings dialog box closes.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
81
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
Information from the imported file is displayed in the Database Settings tab of the HTTP Content Filtering
Settings dialog box.
Figure 58: HTTP Content Filtering Settings
Step 10 Click OK.
The HTTP Content Filtering Settings dialog box closes.
Enabling Content Filtering
You can specify the packages where content filtering is enabled. For packages where content filtering is
disabled, HTTP flows are classified normally.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Content Filtering.
The HTTP Content Filtering Settings dialog box appears.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
82
OL-31849-01
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
The Package Settings tab displays a list of all packages defined for the current service configuration.
Figure 59: HTTP Content Filtering Settings
Step 2
Step 3
Step 4
Check the Enable HTTP content filtering check box.
Check the check box next to each package for which content filtering is to be applied.
Click OK.
The HTTP Content Filtering Settings dialog box closes.
Viewing Content Filtering Settings
You can view whether content filtering is enabled and to which packages content filtering is applied, and
information about the content filtering vendor and the content categories of the vendor.
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Content Filtering .
The HTTP Content Filtering Settings dialog box appears.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
83
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
The Package Settings tab displays a list of all packages defined for the current service configuration, and
shows for which packages content filtering is enabled.
Step 2
Click the Database Settings tab.
The Database Settings tab opens.
This tab displays information about the content filtering vendor and the content categories of the vendor.
Step 3
Click OK .
The HTTP Content Filtering Settings dialog box closes.
Configuring Content Filtering
While configuring Content Filtering, you must enter the ClickStream-New Page and ClickStream-New Site
services along with HTTP Browsing protocol services for optimal HTTP content filtering.
The term ClickStream refers to all events generated by user clicks, including enter. If configured, Cisco SCE
identifies the HTTP transactions on the flows that were initialized due to direct user actions such as click on
a link, enter a URL in the browser address bar and press enter.
Procedure
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Open Cisco SCA BB Service Configuration Editor with the default content filtering file (PQB).
Add a new service Service1.
Verify that you do not have duplicate service elements. Cisco SCA BB does not allow duplicate service
elements.
Move the desired service element from HTTP Browsing with Categories to Service1.
In Service1 , add a service element using protocol ClickStream–New Page and with the same Flavor selected
in Step 4.
In Service1, add a service element using protocol ClickStream–New Site and with the same Flavor selected
in Step 4.
Save the service configuration file (PQB).
Use the service to create rules in the desired package.
Example for How to Configure Content Filtering for Web Based E-mail
To configure content filtering for Web Based E-mail, complete the following steps:
Procedure
Step 1
Step 2
Step 3
Step 4
Open Cisco SCA BB Service Configuration Editor with the default content filtering file (PQB).
Add a new service Service1.
Move the service element Category.Web-based E-mail from HTTP Browsing with Categories to Service1.
In Service1 , add a service element using protocol ClickStream–New Page and Flavor Category.Web-based
E-mail .
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
84
OL-31849-01
Traffic Classification Using Service Configuration Editor
Information About Content Filtering
Step 5
Step 6
In Service1 , add a service element using protocol ClickStream–New Site and Flavor Category.Web-based
E-mail .
Save the service configuration file (PQB) and use the service to create rules in the desired package.
Removing Content Filtering Settings
You can remove all content filtering settings at any time.
Removing the settings:
• Removes content category flavor items from flavors
• Deletes all the content category flavor items
• Disables content filtering
Procedure
Step 1
From the Classification tab in the left pane, choose Configuration > Classification > Content Filtering .
The HTTP Content Filtering Settings dialog box appears.
Step 2
Click the Database Settings tab.
The Database Settings tab opens.
Step 3
Click Remove .
A Confirm Content Filtering Settings Removal dialog box appears.
Figure 60: Confirm Content Filtering Settings Removal
Step 4
Click OK.
All content filtering settings are removed.
Vendor Name, Vendor Information, and Content Categories are deleted from the HTTP Content Filtering
Settings dialog box.
Step 5
Click OK.
The HTTP Content Filtering Settings dialog box closes.
• Generic Protocols—Generic IP, Generic TCP, and Generic UDP protocols, used for transactions that
are not specifically mapped to a protocol by any other protocol type.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
85
Traffic Classification Using Service Configuration Editor
OS Fingerprinting Overview
• IP Protocols—Protocols (such as ICMP), other than TCP and UDP protocols, identified according to
the IP protocol number of the transaction.
• Port-Based Protocols—TCP and UDP protocols, classified according to their well-known ports. The
default service configuration includes more than 750 common port-based protocols.
• Signature-Based Protocols—Protocols classified according to a Layer 7 application signature. Includes
the most common protocols, such as HTTP and FTP, and a large group of popular P2P protocols.
• P2P Protocols—Peer-to-peer file-sharing application protocols classified according to a Layer 7 application
signature.
• VoIP Protocols—Voice-over-IP application protocols classified according to a Layer 7 application
signature.
• SIP Protocols—Protocols classified according to a Layer 7 application signature that is SIP or has SIP
characteristics.
• Worm Protocols—Protocols classified according to a Layer 7 application signature that is based on
traffic patterns of Internet worms.
• Packet Stream Pattern Based Protocols—Protocols classified according to a Layer 7 application signature
that is based on the pattern of the packet stream (for example, the stream’s symmetry, average packet
size, and rate) rather than on the packet’s payload content.
• Unidirectionally Detected Protocols—Protocols having a unidirectional signature.
Some protocols belong to more than one category. In particular, all predefined P2P, VoIP, SIP, Worm,
and Packet Stream Pattern-Based Protocols are also defined as Signature-Based Protocols.
From the Classification tab in the left pane, choose Configuration > Classification > Protocols .
The Protocol Settings dialog box appears.
Note
Step 6
Step 7
From the drop-down list in the Protocols tab, select the type of protocol to display.
The protocols of the selected type appear in the Protocols tab.
Step 8
Click Close .
The Protocol Settings dialog box closes.
Note
The setting in the drop-down list is not saved. The next time you open the Protocol Settings dialog
box, all protocols are displayed.
OS Fingerprinting Overview
Cisco SCE detects the operating system (OS) used by a subscriber by using the passive OS Fingerprinting.
In passive OS fingerprinting, TCP and IP header received from target host is analyzed to identify the OS.
Cisco SCE uses OS fingerprinting signatures to identify the subscriber OS. By default, Cisco SCOS contains
a signature file that contains a default set of OS. Details of unknown OS may be added to the signature files
using the Cisco SCA BB Console.
Cisco SCE also determines whether the subscriber is behind a NAT and whether the same subscriber is
connecting using multiple OS. If multiple OS is detected for the same subscriber, Cisco SCE considers the
subscriber as using a NAT.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
86
OL-31849-01
Traffic Classification Using Service Configuration Editor
Enabling OS Fingerprinting
From the Cisco SCA BB Console, you can also configure Cisco SCE to send the OS information of the
subscriber in Gx messages.
Note
The OS Fingerprinting feature is supported only on Cisco SCE 10000 devices.
Limitations:
• OS information is available only for logged-in or active subscribers.
• The signature database is built based on the default settings used by various OS. If the user changes the
default parameters like TCP window size through registries, it would not be possible or may lead to
wrong classification of the OS.
• If the subscriber has only one flow, then OS type is be detected. Subscribers that have only UDP flows
are not detected
• If all users behind a NAT use the same OS, it will not be possible to identify NAT.
• If a subscriber runs multiple OS using VMWare, it may be detected as NAT even though the subscriber
is not in a NAT environment
• OS finger printing is not done continuously for any subscriber. So, if a subscriber changes OS or moves
to a NAT environment during the time when he is not sampled, OS Information and NAT cannot be
detected.
Enabling OS Fingerprinting
Procedure
Step 1
In Service Configuration Editor, select Configuration > OS Finger Print... .
The OS Fingerprinting Settings dialog box appears.
Step 2
Check the Enable OS Finger Printing check box.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
87
Traffic Classification Using Service Configuration Editor
Enabling OS Fingerprinting
Figure 61: OS Finger Print Settings Dialog Box
Step 3
Enable Flush with Interval—Check the Enable Flush with Interval check box and enter the interval in days
to configure the interval after which the OS information will be reset.
Step 4
(Optional) Enable NAT Detection with Interval—Check the Enable NAT Detection with Interval check box
and enter the interval in seconds to configure the time period with-in which multiple OS detection will trigger
NAT identification. Default value is 10 seconds.
Step 5
(Optional) Enable Gx Report—Check the Enable Gx Report check box to enable Gx Reports.
Step 6
Configure Sampling Period (sec)—Configure how long flows from a subscriber will finger-printed. Default
is 10 seconds. Check the Use default check box to use the default period.
Step 7
Configure Sampling Interval (min)—Enter the time in minutes to configure the frequency at which flows will
be finger-printed. Default is 10 minutes. Check the Use default check box to use default interval.
Step 8
(Optional) Scan Port—Enter a value for Scan Port used for opening OS finger printing flows. Check the Use
default check box to use the default port—port 80—for the flows. Ports 20, 21, 69, and 5060 are not allowed.
Click Ok.
Step 9
What to Do Next
Note
After enabling OSFP in Cisco SCE using Cisco SCA BB console, enable the OSFP Reports in Cisco
Service Control Collection Manager. For details on enabling the OSFP Reports in Cisco Service Control
Collection Manager, see the Cisco Service Control Collection Manager User Guide.
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
88
OL-31849-01
Traffic Classification Using Service Configuration Editor
Installing OS Fingerprinting Signatures
Installing OS Fingerprinting Signatures
Procedure
Step 1
Step 2
Step 3
Step 4
Step 5
(Optional) Using Network Navigator, add the device on which you need to install the signatures.
Enable OS Fingerprinting.
See the Enabling OS Fingerprinting, on page 87 section.
Apply the configuration to the device.
In the Site Manager tree, right-click a Cisco SCE device.
A popup menu appears.
From the menu, select Install OS Finger Printing Signature... .
246780.jpg
The Password Management dialog box appears. For details on password management, see the Password
Management section.
Step 6
Enter the User Name and Password, and click Update.
The Update OSFP Signature window appears.
Step 7
Step 8
Enter the path to signature file in the Select OSFP Signature File field or Browse to the signature file.
Click Finish.
A confirmation message appears in the Console.
Viewing Subscriber OS Information
Procedure
Step 1
Step 2
Step 3
Enable OS Fingerprinting. See the Enabling OS Fingerprinting, on page 87 section.
Apply the configuration to the device.
From Subscriber Manager, view the Subscriber list..
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
OL-31849-01
89
Traffic Classification Using Service Configuration Editor
Disabling OS Fingerprinting
Step 4
Right-click on the device, and select View Online Status .
The online status of the subscriber appears near the console panel with the OS information. The OS
Fingerprinting is available for Anonymous Groups through Anonymous Group Manager GUI Tool.
Disabling OS Fingerprinting
Procedure
Step 1
In the Service Configuration Editor, select Configuration > OS Finger Print... .
The OS Finger Printing Settings dialog box appears.
Step 2
Uncheck the Enable OS Finger Printing check box.
The OS Fingerprinting CLI
Use the following CLI command in EXEC mode to monitor the OS details of the subscriber:
show os-fingerprinting subscriber-name
In this example, Cisco SCE has detected a NAT and behind the NAT two OS. One is iOS with an index
number 65 and another OS that is not known to Cisco SCE:
SCE10000#> show os-fingerprinting subscriber-name 192.168.0.5@testofp
Subscriber 192.168.0.5@testofp OS-Info:
IP Address:192.168.0.5
OS-INFO:
1. INDEX: 65
OS Name: iOS
UNKNOWN OS FOUND
NAT DETECTED
Cisco Service Control Application for Broadband (Cisco SCA BB) User Guide
90
OL-31849-01
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising