Avec l'AOS 6.2/6.3, AppRF 1.0 avait été introduit. Il se basait sur 4 méthodes différentes pour classifier les apps
LAYER 4 SERVICE INFORMATION
The most basic level of application information comes from the configured layer 4 services on the controller. See the ArubaOS User Guide for a complete list of these services. Customers can add their own custom services if desired.
VOICE ALGS
The next source of application information is the voice ALGs. AppRF will use these ALGs to precisely classify what type of voice traffic is on the network. As of this writing, we currently support SIP, H.323, SCCP, Vocera, and UA ALGs.
HEURISTIC METHODS – PEER TO PEER
Using analysis of traffic patterns, we are able to identify certain types of peer-to-peer applications. Today, these include Skype and Bittorent.
Note that the current beta version does not identify Bittorent when it is running in "Leaching" mode, but it will in "Seeding" mode.
Also, please note that both Skype and Bittorent will be classified as "Peer-to-Peer". We use the exact same heuristics to detect them, and can't distinguish between them at this time.
WEB APPLICATIONS
The final source of information about application type comes from analysis of web traffic. The strategy is to determine the difference between generic web traffic and traffic destined for specific web sites or web applications. For the top 90 web applications, we will classify any traffic to/from these domains as members of that application. These web applications are grouped into catagories:
Misc:
wikipedia, wikimedia, amazon, taobao, tbcdn, sina, wordpress, ebay, yandex, tudo, scorecardresearch, quantserve
Streaming video:
youtube, tdimg, youku, cnbc, msnbc, cnn, abc, bbc, cnbc, nbc, netflix
IM and Email:
gmail, Microsoft live mail, Microsoft messenger, Yahoo mail, Yahoo Messenger, gravatar
Social networking sites:
facebook, twitter, linkedIn, bebo, myspace, habbo, badoo, orkut, hi5, tagged, friendster, flixter, meebo
File sharing services:
4shared, badongo, mediafire, megashare, megaupload, rapidshare, depositfiles, zshare, taringa, usenet, filefactory, easy-share, divshare, gigasize, sharedzilla, yourfilehost, asapload, taringa, divshare, sendspace, yousendit, letitbit, filesurf, hotshare, usaupload, savefile, bigupload, up-file, hyperfileshare, zippyshare, uploading, sharebee, rapidspread
Ad networks:
doubleclick, hiro, adtally, zedo, mediastrike, adword, volomedia, hydra, nuffnang, realtechnetwork, valueclick, adblade, admeld, admob, adshuffle, adstil, adnxs, adimages, advertising, adadvisior, adfusion, adxpose, flashtalking, fastclick, adbrite, adchina, admagnet, bidclix, clickbooth, exoclick, casalemedia, kontera, rightmedia
Cette classification était activée par la commande
firewall-visibility
AOS 6.4 supporte maintenant une analyse (AppRF 2.0) de type Deep Packet Inspection permettant de reconnaître les signatures de plusieurs milliers d'application.
Cette fonctionnalité est activée par la commande
firewall dpi