Guest

Cisco SCE 1000 Series Service Control Engine

Field Notice: FN - 62617 - SCE SCAS BB - SCA-BB 3.0.5 - Problem in Port-based Protocol Classification


December 4, 2006

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Products Affected

Comments

SCE SCAS BB - 3.0.5

Service Control Engine Service Control Application System

Problem Description

In SCAS-BB Release 3.0.5, the port-based protocols classification is using the port number of the flow's network side, instead of using the flow destination port number, also known as the server side port. The difference occurs in flows that are initiated from the network toward the subscriber host. For those flows, the source port number will be used instead of the destination port number. This port number is then being matched against the port-based protocols defined in the Service Configuration file (PQB) and may cause protocol misclassification followed by a wrong service classification.

Background

Port-based protocols are part of the SCA-BB protocol and service classification mechanism. In many cases, port-based protocols are used with servers located in the network. For this kind of traffic, this defect has no impact. Signature based protocols, like HTTP and many P2P are also not effected by this problem.

Problem Symptoms

Port-based classification will not work for flows initiated from the network toward the subscribers. Signature based classification is not impacted and are classified as in previous releases.

For example:

In the default service configuration file (PQB) there is a definition of SSH as a port-based protocol. Any SSH session initiated from the network side toward a subscriber host will be classified as Generic TCP/UDP instead of being classified to the service set for the SSH protocol. The same applies to many gaming protocols. Traffic initiated toward port-based gaming servers located on the subscriber side of the SCE will be wrongly classified.

Workaround/Solution

Solution:

The next SCA-BB release with a fix will be available within the December 2006 timeframe.

Workaround:

No workaround has been identified for this problem.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsg88916 (registered customers only)

Approach to the Protocol ID with network side IP instead of server side IP.

Revision History

Revision

Date

Comment

1.0

04-DEC-2006

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.