Leverage Application-Fingerprinting to detect iPerf TCP/UDP traffic
This TechTip describes how to leverage „Application-Fingerprinting“ (AppFP) to detect iPerf traffic (UDP/TCP) in your network and e.g. apply a bandwidth shaping policy.
To detect „iPerf“ you first need to create an REGEX (Regular Expression) and apply it.
AOS R7 comes with pre-defined signatures, which are stored in „/flash/app-signature/app-regex.txt“.
Modify or add the following to your file:
- app-regex.txt
App-name: iperf-udp Description: iPerf UDP-based transfer \.?.?\xff\xff\xfc\x18\x36\x37\x38\x39\x30 App-name: iperf-tcp Description: iPerf TCP-based transfer \x32\x33\x34\x35\x36\x37\x38\x39\x30\x31 App-group: iperf = iperf-udp iperf-tcp
Once you saved the file, you need to instruct the OmniSwitch to reload it:
OmniSwitch-> app-fingerprint reload-signature-file
Now that you can detect the application (in this case iPerf) you need to define a policy set:
! QOS: policy condition c4 appfp-group iperf policy action a4 maximum bandwidth 10.0M policy rule r4 condition c4 action a4 no default-list policy list iperf type appfp policy list iperf rules r4 qos apply
In this step you'll tell the OmniSwitch on which port it should apply the Application-Fingerprinting (+ instruct to send an SNMP trap if done):
! APP-FINGERPRINT: app-fingerprint trap enable app-fingerprint port 1/11 policy-list-name iperf
This REGEX is far from being optimal (especially for TCP), it was created for a simple POC.