Application Filtering Intelligence
Application Filtering Intelligence functionality on GigaSMART allows filtering of traffic based on the application (such as YouTube, NetFlix, Sophos, or Facebook) or application family (such as antivirus, web, erp, or instant-messaging).
Application Filtering Intelligence (AFI) supports filtering over 3200 applications. When filtering encrypted applications, GigaVUE‑FM will add eight applications (SSH, SSL, IPSEC, ISAKMP, TOR, TOR2WEB etc.) by default as a filtering criterion. These application works as base of top-level applications like HTTPS. Application Filtering Intelligence will filter all valid applications which have either of the eight applications in their protocol path.
You can create Application Filtering Intelligence (AFI) in GigaVUE‑FM by following either of the two ways:
You can upgrade the protocol signature by upgrading the image file on the GigaSMART card, and by uploading the GigaSMART card image to GigaVUE-FM from the Internal Server or External Server. To select the image, follow the steps:
- Internal Server—Upload the GigaSMART card image to GigaVUE-FM from the internal server and select the image that you need to upgrade from the selected GigaSMART card.
- External Server—Provide the location of the image in the external server that you need to upgrade from the GigaSMART card.
For more information on upgrading the image, refer to the following topics:
Elephant Flows in Application Filtering Intelligence
An elephant data flow is a single session (TCP Session) with a relatively long-running network connection that consumes a large or disproportionate amount of bandwidth, buffers, and queues. Because of this nature, elephant flows can cause packet drops in other traffic and significantly increase the mean-time-to-completion (mttc) of smaller flows (mouse flows).
Elephant flows are considered to affect the traffic in the following ways:
|
■
|
Disproportionately affects mouse data flows mean-time-to-completion (mttc). |
|
■
|
Causes significant issues to tools, detecting problems with applications and next-generation firewall (NGFW), as it causes high CPU spikes and bandwidth consumption. |
|
■
|
Elephant flows are often related to high use low inspection traffic, for example, backups, database replication, VM migrations, data migrations, etc., inside the data centers that impact network bandwidth for minutes or hours or more. |
Handling Elephant Flows
Application Filtering Intelligence detects and handles the elephant flows in the traffic. This feature helps to optimize the performance of the following GigaSMART cards when elephant flows are present in the traffic:
In tunneled traffic, this feature detects the elephant flows, but it doesn’t involve in optimizing the performance of the GigaSMART engine.
To detect the elephant flows in the traffic, do the following in the GigaVUE-FM:
|
1.
|
On the left navigation pane, click on  , go to Physical > Nodes. |
|
2.
|
Click on the required Cluster ID. |
|
3.
|
From the device view, go to System > GigaSMART > GigaSMART Groups. |
|
4.
|
Click New to create a new GigaSMART Group for detecting the traffic with elephant flow. |
|
a.
|
Enter the name of the group in the Alias field. |
|
b.
|
Select the ports in the Port List. |
You can also include the detection of elephant flow in a existing GigaSMART group.
|
5.
|
In the GigaSMART Parameters > Eflow section, enable the Eflow checkbox to enable the detection of elephant flow. |
|
6.
|
Enable the Log check box to print the parameters of the elephant flow including the 5-tuple information into the GigaSMART logs. |
Note: It is recommended to disable the check box after collecting the required parameters.
|
7.
|
Enter the following parameters to identify the elephant flow: |
|
a.
|
Interval — The interval within which packet-count and packet-ratio for a traffic flow are examined. The interval should be specified in seconds. The range lies between 0 to 3600. Specify the interval as 0 to ignore this parameter. The default value is 2 secs. |
|
b.
|
Packet Count— Enter the maximum number of packets to be received by the flow within the given interval to categorize the flow as an elephant flow. The default value is 10,000. |
|
c.
|
Packet Ratio — Enter the packet ratio, which is the percentage concentration of the packets in the flow to the packets seen overall by the gsgroup. Specify 0 to ignore this parameter. The default value is 0. |
You can handle the elephant flows in Application Filtering Intelligence Solution by using the gsgroup created to detect the elephant flow.
Refer to the GigaVUE-OS CLI Reference Guide to learn about the commands that must be configured to detect and handle the elephant flow of traffic.
