Hi Badri, one follow-up question below: > -----Original Message----- > From: Badri.Subramanyan@xxxxxxx [mailto:Badri.Subramanyan@xxxxxxx] > Sent: Friday, March 10, 2017 2:35 AM <snip> > > If the streams are encrypted, then the ALG feature would be rendered > > > useless. This would limit the capability of any network element to > > > make smart policing and routing decisions based on application layer > attributes. > > > Kathleen wrote: > Do you know if these can work with a 2-tuple or 5-tuple? Is there an > impact from encryption via TLS for instance? If so, what is that > impact? > > [Badri] The rules in most of the cases is 5-tuple to accurately depict a > flow. Yes, there is an impact from encryption via TLS as most of the > implementations of ALG get information regarding supporting protocols by > parsing data. With TLS encryption, the ALG loses the ability to parse, > hence get information on the supporting protocols. > > > Kathleen wrote: > What is used by ALG to correlate streams? This would be helpful to > understand if this particular method for ALGs does become 'useless' > and also to figure out if other options may exist to perform the > functions needed. > > [Badri] RFC 2663, Section 2.9 gives information about ALG. There isn’t > one defined method to implement it and some of the methods used by > vendors are included below. > > 1. Parse the content of the primary stream and identify the 5-tuple of > the supporting streams as it is being negotiated. > > 2. Intercept and modify the 5-tuple information of the supporting stream > as the it is being negotiated on the primary stream. This is a little > more intrusive in nature. > > [ACM] After Src&Dst Address and Port, what is the 5th Element of the 5-tuple in your experience? Protocol number and Packet Priority Marking (DSCP) are two candidates... let us know, thanks! Al