Creating Applications
Adding an Application
In the Application Group window, click the content of the Applications column for the selected Application Group. You can add an application in three different ways:
| • | searching for a recognized application in the default application dictionary |
| • | adding a custom DPI application |
| • | adding a SaaS application |
A default Application Dictionary is available for each configuration. You can also access this Dictionary through Settings -> Application Dictionary where you can also add, modify or delete recognized applications.
The system recognizes about 200 protocols (HTTP, ICMP, FTP, RTP/RTCP, H.225, SAP, Citrix, Skype, VMware, SaaS....; refer to "Application Recognition".
Note: Applications that are not recognized by appliances and not explicitly named and enabled in the Application Dictionary are implicitly grouped on the lower layer protocol (e.g. TCP or UDP).
New applications can be created, described by a protocol plus an attribute, possibly on certain subnets or hosts specifically.
Adding a custom DPI Application
| 1 | Click Add New Application and define the following parameters: |
| • | Application Name |
| • | Description |
| • | Application Category: select it from the drop-down list |
| • | Protocol: select a protocol from the drop-down list |
| • | Attribute: depends on the protocol; this field is enabled or not and provides access to a list or free fields |
| • | for TCP or UDP - Port(s): port numbers as they appear in the Server port fields of TCP/UDP headers (either source or destination). This field can contain several ports, separated by a ; or a range of ports, separated by a -. |
| • | for HTTP - URL (www.extremenetworks.com for example) |
Do not start the URL by http://.
You can put a URL like *.extremenetworks.* (see below).
|
Syntax: |
|
|
? |
a unique character |
|
* |
any character string (included empty) |
|
% |
shortest word (non empty, separated by spaces) |
|
$ |
longest word (non empty, separated by spaces) |
|
; |
separator in a list |
|
Examples: |
|
|
www.google.fr |
any URL of the site |
|
www.google.* |
all google incarnations (.fr, .com, .de .... ) |
|
www.google.*/*.gif |
all .gif documents in any page of any google |
|
*/*.gif |
all .gif documents in any page of any server |
|
Specific cases: |
|
|
host/* |
"any" URI |
|
host/ |
empty URI |
|
*/full/uri |
"any" HOST |
|
/full/uri |
empty HOST |
| • | for HTTPS - Common Name (usually the FQDN (Fully Qualified Domain Name) of the web site; it is displayed in the Certificate) |
| • | for Citrix - Application(s): name of published applications (Word, Excel for example) when the applications are not multiplexed in the same TCP session |
| • | for RTP/RTCP - Predefined codecs: name of an audio or video codec, to be selected from a drop-down list |
Codec: name of an audio or video codec, to be written with the following syntax: audio/<audio codec name> or video/<video codec name> (for instance, to create the speex codec, enter audio/speex).
To be able to recognize the dynamic codecs (as per RTP), SIP application recognition must be enabled for SIP signalling to be decoded.
| • | for SaaS, select a SaaS application from the SaaS dictionary |
| • | for other protocols, no further information is required. |
| • | Subnet Filter: this optional parameter can be used to identify an application by the IP address of a server or client, or a list of servers or clients (up to 30). It is possible to choose the server or client from a drop-down list of User subnets, or directly: |
| • | Prefix/Length: set the subnet with the following notation X.X.X.X/Y where X.X.X.X is the IP address and Y the length integer between 0 and 32; a list of IP addresses can be configured (; separator). |
| • | Client/Server: specify if the application must be recognized on the server side or on the client side (it is recognized on the Server side by default). |
| 2 | Click Done. |
Order of recognition
When describing different applications using the same protocol (e.g. for HTTP: Intranet (= intranet.company.com), Internet corporate (= *.company.com) and Internet (= the rest of http)), place the more specific applications first (the Intranet, then Internet corporate in the example) and finally the generic one (the Internet), so that the specific ones can be recognized as such.
Adding a SaaS Application
| 1 | Click Add New SaaS Application and select the application(s) from the dictionary list. |
| 2 | Click Done. |
The ExtremeCloud SD-WAN System recognizes application flows using the opening negotiations of the client/server session conversation (SYN, SYN-ACK, ACK, i.e. layers 3 and 4 information), then it checks the syntax of the application (layer 7 information) thanks to a syntax engine to uniquely identify it without any possible error, regardless the ports being used; this also allows to classify particular applications (such as Codecs, published application names, peer-to-peer applications, URLs or URIs, etc.)
The SD-WAN Appliance engine uses DPI (deep packet inspection) to detect application signatures data patterns that uniquely identify a particular application. (Mechanisms such as this are also commonly used for virus recognition.) We are inspecting the start of the conversation (and only the start) to detect these patterns to classify the applications.
It is also possible to declare applications on the ports being used (you have defined an application as traffic on a specific port/server); in this case, it is the port number that prevails to regnosize the application.
When a SD-WAN Appliance has not observed this start of the conversation, or if the application cannot be recognized thanks to its syntax or declared port number, it falls back to RFC1700 ("well known ports" definition).
The order of recognition of applications is as follows:
| 1 | Declared Port (you have defined an application as traffic on a specific port/server) |
| 2 | Syntax engine (the SD-WAN System uses its inbuilt application detection capabilities) |
| 3 | Well known port (RFC 1700) |
Applications that are not recognized or enabled in the dictionary are implicitly grouped on their lower layer protocol (e.g. TCP or UDP).
Recognized applications, by type
|
Anti-Virus |
AVG, Avira, Bitdefender, F-Secure, Kaspersky, McAfee, NOD32, Norton, Panda, TrendMicro |
|
Application Services |
End Point Mapper, Microsoft Office Groove, NSPI, Port Mapper, SrvLoc, SSDP |
|
Authentication Authorization Accounting |
Diameter, Identification Protocol, ISAKMP, Kerberos, LDAP, LDAPS, OCSP, RADIUS, YPPasswd, YPServ |
|
Cloud Protocols |
HTTP, HTTPS, RSS, XML-RPC |
|
Database |
DRDA, IBM-DB2, IBM Informix, MobiLink, MySQL, Oracle, Postgres, Sybase, TDS (= MS SQL) |
|
Deprecated |
Audiogalaxy, DICT, ICQ, Load Balancing, MCS, Napster, OpenFT, Quake |
|
Enterprise Apps |
SAP, Siebel |
|
Mail Services |
DIMP, IMAP, IMAPS, Lotus Notes, MAPI (MS Exchange), POP3, POP3S, SMTP, SMTPS |
|
Middleware |
GIOP, GIOPS, RPC, SOAP, TIBCO-RV |
|
Network Services |
COTP, DHCP, DNS, EIGRP, HSRP, ICMP, IGMP, NARP, Netbios, Netflow, NTP, RLP, RSVP, SNMP, Syslog, SVN, T38, VRRP |
|
Peer to Peer |
Applejuice, Ares, BitTorrent, DirectConnect, Edonkey, Filetopia, Foxy, GNUnet, Gnutella, GoBoogy, iMesh, Kazaa, KuGou, Manolito (MP2P), Mute, Pando, SopCast, Soulseek, WINMX, uTP (Torrent) |
|
Routing Protocols |
BGP, OSPF, PIM, RIP v1, RIP v2, RIPng |
|
SaaS Applications |
At the same location as the SaaS Dictionary, the complete list of recognized SaaS applications is available on Extreme Portal. |
|
Streaming |
BBC iPlayer, Flash, Icecast, Silverlight, Voddler |
|
Thin Client |
Citrix (possibility to recognize Citrix published applications), PC Anywhere, Radmin, RDP, Remote Shell, RFB (VNC), Rlogin, SSH, Telnet, TelnetS, TNVIP, VMWare, X.11 |
|
Transferring and Sharing |
AIM Transfer, Altiris, CUPS, DCERPC, FTP, FTPS, IPP, JetDirect, LPR, Mainframe CFT, Microsoft ActiveSync, Mount, NFS, NLockMgr, RQuota, RStat, RSync, RUsers, SharePoint, SMB, Sync, TFTP, WINS, YPUpdate |
|
Transport Layer Protocols |
DTLS, IPComp, SCTP, SSL, TCP, UDP, WTP |
|
Tunneling |
EtherIP, GRE, GTP, GTPv2, HTTP tunnel, IPsec, L2TP, openVPN, PPP, PPTP, Socks, STUN, XoT |
|
Unified Communications |
Adobe Connect, AIM Express, AOL Instant Messenger, Cisco Unified MeetingPlace, Gizmo, H.225, H.245, IAX, IBM Lotus Sametime, iCall, IRC, IRCS, Jabber, MGCP, MMS, MPEG-TS, MS Communicator, MSN Messenger, NNTP, NNTPS, ooVoo, PalTalk, Q.931, RDT, RTMP, RTSP, RTP/RTCP (G.711a, G.711u, G.723, G.729), Secure AIM, SHOUTcast, SIP, Skinny Client Control Protocol, Skype, UCP, Webex, Yahoo Messenger. Dynamic Codecs (Audio and Video, such as H.264, Speex, etc., by inspection of SIP signalling), Voddler, BBC Player, Inter Asterisk eXchange |
Note: you can also add applications from the Settings -> Application Dictionary window.