beautypg.com

Configuring acfp, Acfp overview – H3C Technologies H3C SR8800 User Manual

Page 14

background image

8

Configuring ACFP

NOTE:

In this documentation, SPC cards refer to the interface cards prefixed with SPC, for example, SPC-GT48L.
SPE cards refer to the base cards prefixed with SPE, for example, SPE-1020-E.

ACFP overview

Basic data communication networks comprise of routers and switches, which forward data packets. As

data networks develop, more and more services run on them. It has become inappropriate to use legacy
routers for handling some new services. Therefore, some security products such as firewalls, Intrusion

Detection System (IDS), and Intrusion Prevention System (IPS), and voice and wireless products are

designed to handle specific services.
For better support of new services, manufacturers of legacy networking devices (routers and switches in
this document) have developed various dedicated service boards (cards) to specifically handle these

services. Some manufacturers of legacy networking devices provide a set of software/hardware

interfaces to allow the boards (cards) or devices of other manufacturers to be plugged or connected to

these legacy networking devices for cooperating to handle these services. This gives full play to the

advantages of respective manufacturers for better support of new services while reducing user
investments.
The open application architecture (OAA) is an open service architecture developed with this concept. It

integrates routers and software produced by different manufacturers, making them function as one router,

and thus providing integrated resolutions for the customers.
The Application Control Forwarding Protocol (ACFP) is developed based on the OAA architecture. For

example, collaborating IPS/IDS cards or IPS/IDS devices acting as ACFP clients run software packages

developed by other manufacturers to support the IPS/IDS services. A router or switch mirrors or redirects

the received packets to an ACFP client after matching the ACFP collaboration rules. The software running
on the ACFP client monitors and detects the packets. Based on the monitoring and detection results, the

ACFP client sends back responses to the router or switch through collaboration Management Information

Bases (MIBs) to instruct the router or switch to process the results, such as filtering out the specified

packets.

NOTE:

Only IM-IPS and IM-ACG cards support ACFP.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: