Application Mapping, Application Group, DSCP Mapping and DSCP Group


Application Mapping

The Application Mapping option lets you configure the applications identified by NetFlow Analyzer. You can add new applications, modify existing ones, or delete them. Please see the Additional Notes on Application Mapping section to understand this feature more clearly. Also it is possible to associate an IP address with an application.

Adding an Application

Follow the steps below to add a new application:

  1. Click the Add button to add a new application
  2. Enter the port number of the new application. To enter a port range, separate the start and end points of the range with a hyphen. (eg.) 1400-1700
  3. Choose the protocol from the list of protocols
  4. Choose one of the options from IP Address / IP Network / IP Range. Depending on what you opt a set of fields are enabled and should be filled.
  5. The Application Name has to be entered finally by which the IP address is associated with an application.
Attention

Ensure that the combination of port number and protocol is unique. If not, the older application mapping will be deleted.

 

Once you are done, click the Update button to save your changes.

Modifying an Application

Select an application and click the Modify button to modify its properties

 

Note You can only change the name of the application. If you need to change the port or the protocol, you have to delete the application, and add it as a new application.

 

Once you are done, click the Update button to save your changes.

Deleting an Application

Select an application and click the Delete button to delete it. The application is permanently deleted, the corresponding port is freed, and can be assigned to another application

Additional Notes on Application Mapping

Applications are categorized based on the source address, destination address, source port, destination port and protocol values in the flow record. These values are matched with the list of applications in the Application Mapping.

 

The check is done first with the smaller of the 2 ports (source port / destination port), and if no match is found the bigger of the 2 ports is mapped

 

Application mappings created with specific IP address / IP Range / IP Network is given higher priority over applications mappings with no IP address. For example assume you have 2 application mappings as below:

 
 
Port Protocol IP Address / IP Range Application
80 TCP 10.10.1.0( 255.255.255.0) APP1
80 TCP Any APP2

 

 

 

If a flow is received with source address 10.10.10.10 and Port as TCP-80 then it is classified as APP1. Only TCP-80 flows from non-10.10.10.0 network will be classified as APP2.

 

 

Application mappings created with single port is given higher priority over applications mappings with port range. For example assume you have application mappings as below:

 
 
Port Protocol IP Address / IP Range Application
80 TCP any APP1
70 - to - 90 TCP any APP2

 

 

If a flow is received with Port as TCP-80 then it is classified as APP1.

 

Applications are categorized based on the source address, destination address, source port, destination port and protocol values in the flow record.

 

The smaller of the 2 ports (source port / destination port) and protocol is matched with the port-protocol in the application mapping list

 

If no match is found, the bigger of the 2 ports (source port / destination port) and protocol is matched with the port-protocol in the application mapping list.

 

If no match is found, the smaller of the 2 ports (source port / destination port) and protocol is matched with the port range-protocol in the application mapping list.

 

If no match is found, the bigger of the 2 ports (source port / destination port) and protocol is matched with the port range-protocol in the application mapping list.

 

If no match is found, the application is categorized as protocol_App (as in TCP_App or UDP_App)

 

In case the protocol is not available in the application mapping list, the application is categorized as Unknown_App

 

The sequence in which the mappings are checked is as follows:

1. Application mapping with specific IP address / IP Range / IP Network is matched.
2. Application mapping with no IP address and single port number / port range.

Application Group

Application Groups allow you to define your own class of applications by including one or more applications. For example, you might want to classify all your database applications like Oracle, MySql, MS-Sql in to one group called the DataBase group. Initially when no application groups have been created a message to that effect is displayed. The Application Group report can be viewed on the Application tab for each interface.

 

Adding an Application Group

Follow the steps below to add a new application group:

  1. Click the Add button to proceed to the Add Group Screen
  2. Enter the Group Name and the Group Description (eg.) DataBase Group - Contains the Oracle DB and MySql DB
  3. Choose the applications from the list of applications in the left pane
  4. Click on update for the application group to be created with the list of applications you had selected.

You may create additional Application Groups by clicking on the Add button and following the above steps.

 

Modifying an Application Group

 

Select the Application Group you wish to modify and click on the "Modify" button.

 
Note You can only change the Application Group description and the list of selected applications. It is not possible to change the application group name.
 

Once you are done, click the Save button to save your changes.

 

Deleting an Application Group

 

Select the application group you want to delete and click on the "Delete" button. You are asked for a confirmation to delete and if you confirm the group is deleted.

 
 

DSCP Mapping

 

The DiffServ model for DSCP Mapping was developed to differentiate IP traffic so that the traffic's relative priority could be determined on a per-hop basis. Using DSCP Mapping you can name the DiffServ code points and monitor their traffic in troubleshooting reports under the DSCP tab. Note that the DSCP reports can be viewed on the Troubleshooting page by clicking on the DSCP tab.

 

Adding a new DSCP Mapping

 

Click on the Add button to create a new DSCP Mapping. A window pops out where you may enter the Group Name and the Code Point ( a six-digit Binary Number). For Example: Data Centre devices - 001001. Click on the "Add" button to add this mapping.

 

Modifying a DSCP Mapping

Note
Please note that it is not possible to modify a DSCP Mapping.

Deleting a DSCP Mapping

 

Select the DSCP Mapping ( the combination of QoS Group Name and Code Points) you want to delete and click on the Delete button.

DSCP Group

Quality of Service is used to measure, improve and guarantee transmission rates, error rates and other characteristics in a networkes setting. The DiffServ model for DSCP Mapping was developed to differentiate IP traffic so that the traffic's relative priority could be determined on a per-hop basis. Using DSCP Mapping you can name the DiffServ code points and monitor their traffic in troubleshooting reports under the DSCP tab. Note that the DSCP reports can be viewed on the Troubleshooting page by clicking on the DSCP tab.The DCSP group is very valuable in the deployment of QoS.

 

Adding a new DSCP Group

 

Follow the steps below to add a new application group:

  1. Click the Add button to proceed to the Add Group Screen
  2. Enter the Group Name and the Group Description (eg.) DataBase Group - Contains the Oracle DB and MySql DB
  3. Choose the DSCP Names from the list of names in the left pane
  4. Click on Save for the DSCP Group to be created with the list of DSCP Names you had selected.

You may create additional DSCP Group by clicking on the Add button and following the above steps.

 

Modifying a DSCP Group

 

Select the DSCP Group you wish to modify and click on the "Modify" button.

 
Note You can only change the Group description and the list of selected applications. It is not possible to change the DSCP group name.
 

Once you are done, click the Save button to save your changes.

Deleting a DSCP Group

 

Select the DSCP Group you want to delete and click on the Delete button.

 

Top Sites

The Top Sites report displays the applications contributing to the maximum network traffic.The top sites option maps application to the resolved DNS names. Using this option you can now Add, Modify or Delete the pre-defined IP addresses and its corresponding application.

 

Adding a Top Site

To add a top site follow the steps given below:

  1. Click "Add"
  2. In the pop-up screen that appears, Select the IP Address, IP Network or Ip range you wish to map
  3. Specify the details
  4. Select the application name
  5. Click "add" to save the changes

Now the Application has been succesfully mapped to the IP address

Modifying a Top Site

To Modify a top site follow the steps given below:

  1. Select the Site Name you want to modify
  2. Click "Modify"
  3. In the pop-up that appears, specify the new site name
  4. Click Update to save the changes

Now the site name has been succesfully changed

 

Deleting a Top Site

To Delete a top site follow the steps given below:

  1. Select the Site Name you want to modify
  2. Click "Delete"
  3. In the pop-up that appears, Click "OK" to delete the site name
Now the site name has been permanently deleted.
Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine