No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
NetEngine AR V300R019 CLI-based Configuration Guide - QoS
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring an FPI Application

(Optional) Configuring an FPI Application

Context

In some cases, if an application fails to be identified upon its first packet, packets of the application may be transmitted along different routes. Packets forwarded through different routes may fail to be forwarded if some routes are unreachable. As a result, a communication failure occurs. To prevent communication failures, you can configure FPI on a device to identify an application based on its first packet and forward the subsequent packets of the application along the same route.

Configuring a User-Defined FPI Application Based on 5-Tuple and/or DSCP Information

Context

Generally, the SA signature database of the system contains signatures of common FPI applications, which can be used to identify various FPI applications. If the built-in predefined FPI applications of the system do not have the signatures of the application to be identified, you can configure a new user-defined FPI application based on its signatures. If you know the 5-tuple and/or DSCP information about the application to be identified, you can configure a user-defined FPI application based on the information to easily identify applications.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run sa first-packet

    The SA-FPI view is displayed.

  3. Run user-defined-application name name

    The user-defined FPI application is created, and the user-defined FPI application view is displayed.

    By default, no user-defined FPI application is created on a device.

  4. Run rule rule-id [ tcp | udp ] { source source-address source-mask | source-port range sou-port-start sou-port-end | destination destination-address destination-mask | destination-port range des-port-start des-port-end | dscp dscp } *

    A rule based on 5-tuple and/or DSCP information is configured for a user-defined FPI application.

    By default, no rule is configured based on 5-tuple and/or DSCP information for a user-defined FPI application.

Configuring a User-Defined or Predefined FPI Application Based on the DNS Domain Name

Context

Generally, the SA signature database of the system contains DNS domain names of common FPI applications, which can be used to identify various FPI applications. If the DNS domain name of the application to be identified is present in the predefined SA signature database, you can configure a predefined FPI application based on the DNS domain name to identify applications. If the DNS domain name is not present in the predefined SA signature database, you can configure a user-defined FPI application based on the DNS domain name to identify applications.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Configure a user-defined FPI application based on the DNS domain name as follows:
    1. Run sa first-packet

      The SA-FPI view is displayed.

    2. Run user-defined-application name name

      The user-defined FPI application is created, and the user-defined FPI application view is displayed.

      By default, no user-defined FPI application is created on a device.

    3. Run advanced-rule disable

      The device is disabled from identifying user-defined FPI applications based on advanced ACL rules.

      By default, a device is enabled to identify user-defined FPI applications based on advanced ACL rules.

    4. Run rule rule-id domain domain-name

      A DNS domain name rule is configured for the user-defined FPI application.

      By default, no DNS domain name rule is configured for a user-defined FPI application.

    5. Run quit

      Exit the user-defined FPI application view.

    6. Run quit

      Exit the SA-FPI view.

  3. Run sa first-packet dns-associated enable

    The device is enabled to identify FPI applications through association with the DNS function.

    By default, a device is disabled from identifying FPI applications through association with the DNS function.

  4. (Optional) Run sa first-packet dns-aging-time aging-time

    The aging time for DNS mapping entries is configured.

    By default, the aging time for DNS mapping entries is 86,400 seconds (24 hours).

Configuring a User-Defined or Predefined FPI Application Based on the Protocol and Port Number

Context

Generally, the SA signature database of the system contains the protocols and port numbers of common FPI applications, which can be used to identify various FPI applications. If the protocol and port number of the application to be identified are present in the predefined SA signature database, you can configure a predefined FPI application based on the protocol and port number to identify applications. If not, you can configure a user-defined FPI application based on the protocol and port number to identify applications.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run the display first-packet application pre-defined { port | protocol }command to check whether the protocol and port number of the application to be identified are present in the predefined SA signature database. If so, go to 3. If not, configure a user-defined FPI application based on the protocol and port number as follows:
    1. Run sa first-packet

      The SA-FPI view is displayed.

    2. Run user-defined-application name name

      The user-defined FPI application is created, and the user-defined FPI application view is displayed.

      By default, no user-defined FPI application is created on a device.

    3. Run advanced-rule disable

      The device is disabled from identifying user-defined FPI applications based on advanced ACL rules.

      By default, a device is enabled to identify user-defined FPI applications based on advanced ACL rules.

    4. Run rule rule-id { tcp | udp } destination-port range des-port-start des-port-end

      A rule combining the protocol and port number is configured for a user-defined FPI application.

      By default, no rule combining the protocol and port number is configured for a user-defined FPI application.

    5. Run quit

      Exit the user-defined FPI application view.

    6. Run quit

      Exit the SA-FPI view.

  3. Run sa first-packet port enable

    The device is enabled to identify FPI applications based on the protocol and port number.

    By default, a device is disabled from identifying FPI applications based on the protocol and port number.

Translation
简体中文
Download
Updated: 2023-05-18

Document ID: EDOC1100112355

Views: 152431

Downloads: 279

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :