Friday, August 14, 2009

Update protocol pack and signature using SCABB / SCE

Using Cisco SCE we can manage traffic per application based on protocol that supported by SCE Software. In my lab I use sce 2020, Software 3.1.6. My goal is I want to control or even block the subscribers traffic in accessing bandwidth consuming application such as peer to peer, flash youtube, flash yahoo, video google, http download etc.

First I applied the streaming service to the package and made some rule to control it, then I mapped the subscriber using SM to use that package. Somehow the rule was not working, user could still have an access to the video google, flash youtube etc. Than I checked the reporting in SCABB the user traffic is classified as a browsing. I was thinking that SCE cannot detect those protocol as a flash protocol that is define in its service configuration protocol. I checked at the cisco website than I found that I must upgrade the protocol pack of the existing software. This happen because of there are some of a new update to the protocol in internet, SCE must improve the capabilities in detecting and making classification to the new protocol and signature. The new update of protocol pack now is SCA BB Protocol Pack #17, it resolved some of caveat in the previous protocol pack, such as miss classifying protocol i.e yahoo login, flash etc.

 This is the new update protocol :
• Flash YouTube HD
• Flash YouTube Normal
• Yahoo General Login
• Sky Player - (Supported by 3.5.0 only)

and here is the guide :
1. Download SPQI at cisco.com
2. Extract the SPQI file 3.1.6 Protocol Pack #17 ZIP package
3. install the ProtocolPack using SCABB, right clik on sce, network navigator menu















4. Extract the script.txt file from the 3.1.6 Protocol Pack #17 ZIP package and upload to the SCE platform using FTP.

SCE2020#copy-passive ftp://user:pass@ip-address/script.txt script.txt

5. Open a CLI session in the SCE platform and navigate to the directory where the uploaded script.txt. Using admin user run the script run script.txt.

SCE2020-2#>script run script.txt


configure
interface LineCard 0

lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "Babelgum" value 23
lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "babelgum" value 23
lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "Deluge*" value 9
lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "TVUPlayer*" value 24
lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "PIPIPlayer" value 25
lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "NateOn*" value 26
lookup GT_LUT_HTTP_BASED_PROTOCOLS_UserAgents overwrite-key "ed2k" value 6

lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*.babelgum.com" value 7
lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*.vuze.com" value 8
lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:channel2.tvunetworks.com" value 10
lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "co*:*.tvunetworks.com" value 10
lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:mb.tvunetworks.com" value 10
lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:pages.tvunetworks.com" value 10
lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*mail.google.com" value 11
lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*skype.com" value 12
lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*joost.com" value 13
lookup GT_LUT_HTTP_BASED_PROTOCOLS_HOST overwrite-key "*:*googlevideo.com" value 1

lookup GT_LUT_HTTP_BASED_PROTOCOLS_URL overwrite-key /videoplayback*:* value 2
lookup GT_LUT_HTTP_BASED_PROTOCOLS_URL overwrite-key *:*.hash value 7

lookup GT_LUT_DestPortBasedProtocolsPostMultipleSig overwrite-key "0.6.0.22:0xffffffff" value 16777216

lookup GT_LUT_HTTP_SPLIT_INITIATEE_BASED_PROTOCOLS_Server overwrite-key "AIM*:*" value 7

tunable GT_PL_USE_OLD_BEHAVIORAL_DOWNLOAD value false
tunable PL_AGING_RTMP value 3000
tunable GT_PL_SKYPE_TCP_PRECEDE_PKTS_PAT_MAX value 180

tunable GT_PL_BEHAVIORAL_DOWNLOAD_MIN_AVG_PACKET_SIZE value 700
tunable GT_PL_BEHAVIORAL_DOWNLOAD_MAX_VOLUME_RATIO value 25
tunable GT_PL_BEHAVIORAL_DOWNLOAD_PACKET_DEVIATION_HI_VOL_FACTOR value 50

tunable GT_PL_WINNYP_NUMBER_OF_CHECKED_PACKETS value 5
tunable GT_PL_WINNYP_MAXIMAL_ALLOWED_DIRECTION_CHANGES value 5

tunable GT_QQMaxPacketsInSameDir value 7

exit
exit

copy running-config-application startup-config-application
Writing general configuration file to temporary location...
Removing old application configuration file...
Renaming temporary application configuration file with the final file's name...

SCE2020-1#>
The screenshoot result for successfully blocked youtube and google video.

youtube :




Google Video :



This is only the sample if you want to block google video or youtube, you can control any of protocol as long as is supported by protocol pack.
Posted by at
Labels: , , ,

1 comment:

Subscribe to: Post Comments (Atom)