Configuring encrypted p2p traffic identification, 1 configuring encrypted p2p traffic identification, Encrypted p2p traffic identification configuration – H3C Technologies H3C SecBlade IPS Cards User Manual

6-1

6

Encrypted P2P Traffic Identification Configuration

Introduction to Encrypted P2P Traffic Identification

With the development and wide application of the Peer to Peer (P2P) technology, P2P traffic is
occupying more and more bandwidth, affecting the normal operation of other services. The bandwidth
management module can identify and control P2P traffic, but it cannot identify encrypted P2P traffic.
This is where the encrypted P2P traffic identification function comes in.

There are three methods available for encrypted P2P traffic identification:

z

Original identification—A P2P system has a relatively large logical network diameter, and each
peer acts as both the client and the server. The original identification method identifies encrypted
P2P traffic by calculating the network diameter and analyzing the roles of the peers.

z

Length serial identification—This method identifies encrypted P2P traffic by identifying the hosts
that are running P2P software based on the plaintext signatures of the P2P software and analyzing
the length serial characteristics of the traffic exchanged among those hosts.

z

Precise identification—This method identifies encrypted P2P traffic precisely by analyzing the P2P
protocol characteristics and identifying the peers.

Among the three methods, the original identification method provides the highest efficiency but its
misidentification rate is the highest, whereas the precise identification method provides the lowest
efficiency but its misidentification rate is zero. The efficiency and misidentification rate of the length
serial method are in between those of the original identification method and those of the precise
identification method.

You can specify one or more methods for the encrypted P2P traffic identification function. When
specified at the same time, the three methods are used in this order: original identification, precise
identification, and length serial identification. If the original identification method considers that a data
flow is an encrypted P2P flow, the inspection of the data flow stops; otherwise, the precise identification
method is used. If the precise identification method considers the data flow an encrypted P2P flow, the
inspection stops. If not, the length serial identification method is used, and whether the flow is an
encrypted P2P flow depends on the inspection result of the length serial identification method.

Configuring Encrypted P2P Traffic Identification

Configuring Encrypted P2P Traffic Identification

Follow these steps to configure encrypted P2P traffic identification:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable the encrypted P2P traffic
identification function and specify
the identification methods to be
used

p2p

{ length-serial | original |

precise

} enable

Required
By default the P2P traffic
identification function is disabled.