AA protocol signatures
Protocol signature set
The NFM-P generates a set of signatures that identify AA protocols.
The signature set includes:
-
protocol support summary—list of protocols that can be identified with the load using a combination of pattern and behavioral techniques. The protocols are used to generate statistics by protocol and as input in combination with other information to identify applications.
-
pattern signatures—set of pattern-match signatures used in analysis
-
behavior signatures—set of diagnostic techniques used in analysis
Because protocol signatures are intended to be the most basic block of application identification, other AA components, such as application filters, are provided to further customize protocol signatures. Customization reduces the need for a new protocol signature load when a new application may need to be identified.
Each protocol can be referenced in the definition of one or more applications by the application filter definition. The assignment of each supported protocol to an application filter or application is optional, and allows the addition of new signature protocols without the need to update the application filter and applications.
Protocol signature upgrades
The NFM-P supports protocol signature upgrades without affecting policy behavior. You can obtain new protocol signatures by dynamically upgrading only the ISA-AA MDA software on an NE, if the new software is from the same major release. All new signatures in R2 or later of a major release are disabled during an upgrade to ensure that policies and services are not affected. See To upgrade the ISA-AA MDA software for information about how to upgrade the ISA-AA MDA software.
If the software is from a different major release, you must upgrade the entire device to obtain the new signatures. See NE software upgrade overview for information about performing device software upgrades.
The protocols in R1 of a release are designated as parent signatures and cannot be disabled. The protocols must be enabled on a per-protocol basis to take effect. See To enable an AA protocol signature for information about enabling AA protocols.