Appendix-oaa configuration, Overview, Acfp architecture – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 76
69
Appendix-OAA Configuration
NOTE:
The OAA client and the OAA server mentioned in the following configuration procedure and
configuration examples indicate the ACFP client and the ACFP server in the OAA architecture.
Overview
Basic data communication networks comprise of routers and switches, which forward data packets. As
data networks develop, more and more services run on them. It has become inappropriate to use legacy
devices for handling some new services. Therefore, some security products such as firewalls, Intrusion
Detection System (IDS), and Intrusion Prevention System (IPS), and voice and wireless products are
designed to handle specific services.
For better support of new services, manufacturers of legacy networking devices (routers and switches in
this document) have developed various dedicated service boards (cards) to specifically handle these
services. Some manufacturers of legacy networking devices provide a set of software/hardware
interfaces to allow the boards (cards) or devices of other manufacturers to be plugged into or connected
to these legacy networking devices to handle these services. This gives full play to the advantages of
respective manufacturers for better support of new services while reducing user investments.
The open application architecture (OAA) is an open service architecture developed with this concept.
The Application Control Forwarding Protocol (ACFP) is developed based on the OAA architecture. For
example, collaborating IPS/IDS cards or IPS/IDS devices acting as ACFP clients run software packages
developed by other manufacturers to support the IPS/IDS services. A router or switch mirrors or redirects
the received packets to an ACFP client after matching the ACFP collaboration rules. The software running
on the ACFP client monitors and detects the packets. Based on the monitoring and detection results, the
ACFP client sends back responses to the router or switch through collaboration Management Information
Bases (MIBs) to instruct the router or switch to process the results, such as filtering out the specified
packets.
ACFP Architecture
Figure 52 Diagram for ACFP architecture
As shown in
, the ACFP architecture consists of:
•
Routing/switching component: As the main part of a router and a switch, it performs complete
router/switch functions and is also the core of user management control.
•
Independent service component: It is also known as the Open Application Platform (OAP), the main
part open for development by a third party and is mainly used to provide various unique service
functions.