Oaa collaboration, Acfp management, Configuring oaa client – H3C Technologies H3C SecBlade IPS Cards User Manual
Page 77
70
•
Interface-connecting component: It connects the interface of the routing/switching component to
that of the independent service component, allowing the devices of two manufacturers to be
interconnected.
OAA Collaboration
OAA collaboration means that the independent service component can send instructions to the
routing/switching component to change its functions. OAA collaboration is mainly implemented through
the Simple Network Management Protocol (SNMP). Acting as a network management system, the
independent service component sends various SNMP commands to the routing/switching component,
which can then execute the instructions received because it supports SNMP agent. In this process, the
cooperating MIB is the key to associating the two components with each other.
ACFP Management
ACFP collaboration provides a mechanism, which enables the ACFP client (the independent service
component in
) to control the traffic on the ACFP server (the routing/switching component in
) by implementing the following functions:
•
Mirroring and redirecting the traffic on the ACFP server to the ACFP client
•
Permitting/denying the traffic from the ACFP server
•
Carrying the context ID in a packet to enable the ACFP server and ACFP client to communicate the
packet context with each other. The detailed procedure is as follows: The ACFP server maintains a
context table that can be queried with context ID. Each context ID corresponds with an ACFP
collaboration policy that contains information including inbound interface and outbound interface
of the packet, and collaboration rules. When the packet received by the ACFP server is redirected
or mirrored to the ACFP client after matching a collaboration rule, the packet carries the context ID
of the collaboration policy to which the collaboration rule belongs. When the redirected packet is
returned from the ACFP client, the packet also carries the context ID. With the context ID, the ACFP
server knows that the packet is returned after being redirected and then forwards the packet
normally.
For the ACFP client to better control traffic, a two-level structure of the collaboration policy and
collaboration rules is set in the collaboration to manage the traffic matching the collaboration rule based
on the collaboration policy, implementing flexible traffic management.
To better support the Client/Server collaboration mode and granularly and flexibly set different rules, the
collaboration content is divided into four parts: ACFP server information, ACFP client information, ACFP
collaboration policy and ACFP collaboration rules. These four parts of information are saved in the ACFP
server.
An ACFP server supports multiple ACFP clients. Therefore, ACFP client information, ACFP collaboration
policy, and ACFP collaboration rules are organized in the form of tables.
ACFP server information is generated by the ACFP server itself. ACFP client information, ACFP
collaboration policy, and ACFP collaboration rules are generated on the ACFP client and sent to the
ACFP server through the collaboration MIB or collaboration protocol.
Configuring OAA Client
Select System Management > Device Management > OAA Configuration to enter the OAA configuration
page, as shown in