Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Application Identification Overview

 

Application Identification is an infrastructure plug-in on MS-MPC service PICs that provides information to clients about application protocol bundles based on Deep Packet Inspection (DPI) of application signatures. These clients can be any of the plug-ins in the Service Control Gateway (SCG) service chain, such as traffic detection function (TDF), that request application classification data.

In application identification, you can apply application signatures as follows:

  • Predefined signatures—The Service Control Gateway comes with a bundle of predefined, preinstalled application signatures, but Juniper Networks recommends that you download and install the latest version of predefined signatures. As new sets of signatures are supported, they are compiled and made available for you to download.

  • Custom application signatures—For any application signatures that are not predefined, you can create custom signatures for HTTP, SSL, and stream signature contexts and install them for application identification. After you have configured and committed custom signatures, they are serialized and merged with the predefined application signatures. You can specify the following types of custom application signatures:

    • Address based—You can define an application identification based on a specific IP address, or port, or both where a source IP address, destination IP address, or both are used for a known application in a customer's network. This is useful, for example, when a Session Initiation Protocol (SIP) server initiates a session from its well known port, 5060. The customer can put the SIP server IP address and port 5060 as source IP/port for the SIP application. This method provides efficiency and accuracy of application identification for customer's network.

    • Internet Control Message Protocol (ICMP) based—Application identification based on types of ICMP messages.

    • IP protocol based—Application identification based on IP protocol. TCP, UDP, and ICMP are not supported for this method of signature creation.

    • Pattern-matching signatures—Application based on pattern matching combined with Layer 7 protocol identification.