Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Custom Application Signatures

Note:

Starting in Junos OS Release 19.3R2 and 19.4R1, application identification is also supported for Broadband Subscriber Management if you have enabled Next Gen Services on the MX240, MX480 or MX960 router with the MX-SPC3 card.

You can configure custom application definitions using custom signatures. These definitions enable identification of protocol bundles through deep packet inspection (DPI) for use by interested services in the service chain.

Before you configure custom application signatures, ensure that jservices-jdpi is configured on all required interfaces of your MS-MPC, or of your MX-SPC3 services card if you have enabled Next Gen Services on the MX240, MX480, or MX960. To review how to configure the package on your MS-MPC or MX-SPC3 services card:

To configure one or more custom application signatures:

  1. Specify a name for the application.

    For example:

  2. Specify a description for the application.

    For example:

  3. Specify an alternative name for the application.

    For example:

  4. Enable saving of the application system cache (ASC).
  5. Specify the name of the Junos OS release for compatibility.

    For example:

  6. Specify any desired application tags, consisting of a user-defined name and value.

    For example:

  7. Specify one or more address-based signatures.
    • Specify a destination address and destination port-range.

  8. Specify an ICMP-based signature.
    1. Specify ICMP type and code.

      For example:

  9. Specify an IP protocol-based signature.
    1. Specify the IP protocol by protocol number.

      For example:

      All ip-protocol-mappings are allowed except Protocol numbers 1,6,17 are not allowed to be configured under ip-protocol based signatures. If you try to configure protocols 1,6,17 under ip-protocol-mapping you will get commit errors.

  10. Specify one or more Layer 4 and Layer 7 signatures using pattern matching in conjunction with a Layer 4 protocol.
    1. Specify a name for the Layer 4 and Layer 7 signature.

      For example:

    2. Specify the order to be used if conflicts occur during the application classification. In such a case, the application with lowest order is classified.

      For example:

    3. Specify the priority for using this signature instead of using any matched predefined signatures.

      For example:

    4. (Optional) Specify the protocol. If you are using Next Gen Services with the MX-SPC3 services card, do not perform this step.

      For example:

    5. (Optional) Specify that members are to be matched in order.

    6. Specify a member. You can repeat this step to define up to four members.

      For example:

    7. Specify the member’s identifying pattern.

      For example:

    8. Specify the direction of flows to which pattern matching is applied.

      For example:

    9. Specify the number of check-bytes. This option applies to TCP and UDP only.

      For example:

  11. (For Next Gen Services with the MX-SPC3 services card only) After you have committed your changes, you can check the status of the custom signature commitment.