Hi Badri,
one follow-up question below:
-----Original Message-----
From: Badri(_dot_)Subramanyan(_at_)ril(_dot_)com
[mailto:Badri(_dot_)Subramanyan(_at_)ril(_dot_)com]
Sent: Friday, March 10, 2017 2:35 AM
<snip>
If the streams are encrypted, then the ALG feature would be rendered
useless. This would limit the capability of any network element to
make smart policing and routing decisions based on application layer
attributes.
Kathleen wrote:
Do you know if these can work with a 2-tuple or 5-tuple? Is there an
impact from encryption via TLS for instance? If so, what is that
impact?
[Badri] The rules in most of the cases is 5-tuple to accurately depict a
flow. Yes, there is an impact from encryption via TLS as most of the
implementations of ALG get information regarding supporting protocols by
parsing data. With TLS encryption, the ALG loses the ability to parse,
hence get information on the supporting protocols.
Kathleen wrote:
What is used by ALG to correlate streams? This would be helpful to
understand if this particular method for ALGs does become 'useless'
and also to figure out if other options may exist to perform the
functions needed.
[Badri] RFC 2663, Section 2.9 gives information about ALG. There isn’t
one defined method to implement it and some of the methods used by
vendors are included below.
1. Parse the content of the primary stream and identify the 5-tuple of
the supporting streams as it is being negotiated.
2. Intercept and modify the 5-tuple information of the supporting stream
as the it is being negotiated on the primary stream. This is a little
more intrusive in nature.
[ACM]
After Src&Dst Address and Port, what is the 5th Element
of the 5-tuple in your experience?
Protocol number and Packet Priority Marking (DSCP) are two candidates...
let us know, thanks!
Al