Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
381382383384385386387388389390
372
Configuring APR
Overview
The application recognition (APR) feature enables QoS and ASPF to recognize application protocols of
packets sent on ports that are not well known. APR separately counts the number of packets or bytes that
an interface has received or sent based on application protocols. It also calculates the transmission rates
of the interface at the same time.
APR uses the following methods to recognize an application protocol:
Port-based application recognition (PBAR).
Group-based application recognition.
PBAR
PBAR maps a port to an application protocol and recognizes packets of the application protocol
according to the port-protocol mapping.
The port-protocol mapping include the following types:
Pre-defined—An application protocol uses the port defined by the system.
User-defined—An application protocol uses the port defined by the user.
PBAR offers the following mappings to maintain and apply user-defined port configuration:
General port mapping—Maps a user-defined port to an application protocol. All packets destined
for that port are regarded as packets of the application protocol. For example, if port 2121 is
mapped to FTP, all packets destined for that port are regarded as FTP packets.
Host-port mapping—Maps a user-defined port to an application protocol for packets to or from
some specific hosts. For example, you can establish a host-port mapping so that all packets
destined for the network segment 10.110.0.0/16 on port 2121 are regarded as FTP packets. To
define the range of the hosts, you can specify the ACL, the host IP address range, or the subnet.
Host-port mapping can be further divided into the following categories:
{ ACL-based host-port mapping—Maps a port to an application protocol for the packets
matching against the specified ACL.
{ Subnet-based host-port mapping—Maps a port to an application protocol for the packets sent
to the specified subnet.
{ IP address-based host-port mapping—Maps a port to an application protocol for the packets
destined for the specified IP addresses.
Group-based application recognition
Group-based application recognition adds an application protocol to an application group and gets the
unique properties (for example, the mapped port) of the application protocol. APR recognizes packets of
the application protocol by matching the packet contents with the unique properties.
You can add application protocols with the same properties to one application group, or copy
application protocols from one application group to another.