# protocols monitored via AVC per HiveOS device?

  • 1
  • Question
  • Updated 4 years ago
  • Answered
How many protocols can I police simultaneously per HiveOS device via AVC?

Rogelio
rogelio @ rndmedia.com
Photo of Rogelio

Rogelio

  • 22 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
HiveOS comes with over 700 application signatures built in. You can also create your own custom signatures.
Photo of Rogelio

Rogelio

  • 22 Posts
  • 0 Reply Likes
Thank you, Andrew.

Sorry for my question being worded so awkwardly, but what I meant was how many protocols can an AP simultaneously queue up for users? (Trying to get an idea of QoS bottleneck numbers).

I know that each user has 8 queues, and that protocols can fit into those queues according to the policy I push down. But in the end, how many users at how many L3/L7 protocol filtering sessions can one AP reasonably handle?

I would imagine it would be something like

a number of L7 protocols for b number of users (fully loaded AP)
x number of L3 protocols for y number of users (fully loaded AP)

Some APs I am planning will be used heavily for things like UC (WebRTC, Lync, etc) and others will be all HTTP(s) that punt all torrents. I'm worried about how this will scale when certain APs are filtering too much L7 traffic.

Make sense? (Sorry if my English is awkward)

Rogelio
rogelio @ rndmedia . com
Photo of Rogelio

Rogelio

  • 22 Posts
  • 0 Reply Likes
Also, what is the process of creating customer signatures?

I'm assuming that it is some sort of heuristic based solution? Just run an application, grab some sort of fingerprint, and then record that somewhere on HiveManager so that other traffic that looks similar will be tagged accordingly?

Rogelio
rogelio @ rnd media. com
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
The custom signature capability is based on administrator-defined rules that are created in HiveManager and pushed to the APs. The rules can be based on the Port and/or IP address, HTTP or HTTPS to a hostname, etc. You can define up to 100 custom applications, with up to 64 rules in each application.
Photo of Rogelio

Rogelio

  • 22 Posts
  • 0 Reply Likes
This is very helpful. Thank you.

So if I understand correctly, I have 100 applications I can make rules for (out of about 700), and with each application, I can have up to 64 rules. Each of these rules fits into one of 8 QoS queues per user?

If this is true, this is much better than other vendors!

Rogelio
rogelio @rnd media . com
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
No, that is not correct. You've got two questions going in this thread, and the previous answer only pertains to the one about custom rules.

To clarify: We have 700+ built in signatures. You can add up to 100 more custom signatures (that can be comprised of up to 64 rules each). Each signature has its own application ID number (so a custom signature consisting of 60 rules has 1 APP ID).

Application signatures are used for detection - taking a flow, analyzing it, and applying the application ID on that flow.

Once the traffic flows are identified, using the classifier map, you can then map flows marked with the application identifiers you care about into one of the 8 QoS buckets. A classifier map lets you perform 100 application ID to QoS bucket mapping assignments.

It is worth noting that you can use different classifier maps for different network policies. So if you know one segment of your APs will see vastly different traffic than others (you indicate as much in an earlier post), you can put those APs in different network policies in order to use different classifier maps. You can clone your existing network policy, reuse all the SSIDs you have already created, and just change the classifier map to apply different APPID to QoS bucket mappings.
Photo of Rogelio

Rogelio

  • 22 Posts
  • 0 Reply Likes
This is great. Thank you!

With the custom rules, I'm assuming that I make this for some sort of characteristic of the application traffic, such as port number or something like that?

I ask because some of these applications may very well be POS scanning at restaurants (likely not in the current database) and others will be video on universities (e.g. WebRTC-based).

Any additional info on how I might filter for these sorts of "one off" scenarios would be greatly appreciated.

Rogelio
rogelio @ rnd media . com