Leverage Application-Fingerprinting to detect iPerf TCP/UDP traffic

This TechTip describes how to leverage „Application-Fingerprinting“ (AppFP) to detect iPerf traffic (UDP/TCP) in your network and e.g. apply a bandwidth shaping policy.

To detect „iPerf“ you first need to create an REGEX (Regular Expression) and apply it.

AOS R7 comes with pre-defined signatures, which are stored in „/flash/app-signature/app-regex.txt“.

Modify or add the following to your file:

App-name: iperf-udp
Description: iPerf UDP-based transfer
App-name: iperf-tcp
Description: iPerf TCP-based transfer
App-group: iperf = iperf-udp iperf-tcp

Once you saved the file, you need to instruct the OmniSwitch to reload it:

OmniSwitch-> app-fingerprint reload-signature-file 

Now that you can detect the application (in this case iPerf) you need to define a policy set:

! QOS:
policy condition c4 appfp-group iperf 
policy action a4 maximum bandwidth 10.0M 
policy rule r4 condition c4 action a4 no default-list  
policy list iperf type appfp
policy list iperf rules r4  
qos apply

In this step you'll tell the OmniSwitch on which port it should apply the Application-Fingerprinting (+ instruct to send an SNMP trap if done):

app-fingerprint trap enable
app-fingerprint port 1/11 policy-list-name iperf

This REGEX is far from being optimal (especially for TCP), it was created for a simple POC.

english/application-fingerprinting-iperf.txt · Zuletzt geändert: 2014/06/19 15:18 von benny

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki