Default Service Configuration Reference Tables

This chapter describes the default service configuration provided with the Cisco Service Control Application for Broadband (SCA BB). The default service configuration serves as a starting point for creating a service configuration tailored to customers' needs.

• Filter Rules

• Information About Protocols

Filter Rules

Filter rules allow you to instruct the Service Control Engine (SCE) platform to ignore some types of flow based on the flow's Layer 3 and Layer 4 properties, and transmit the flows unchanged.

The following table lists the filter rules defined in the default service configuration.

Table 1-1 Filter Rules
Flow Filter Name	Default State	Description
ICMP Filter	Active	Applies to ICMP packets, packets bypass the policy engine and are mapped to CoS BE
DNS (to network)	Active	Applies to UDP packets, network-side port is equal to 53, packets bypass the policy engine and are mapped to CoS BE
DNS (to subscriber)	Active	Applies to UDP packets, subscriber-side port is equal to 53, packets bypass the policy engine and are mapped to CoS BE
net-bios (to network)	Active	Applies to UDP packets, network-side port is equal to 137, packets bypass the policy engine and are mapped to CoS BE
net-bios (to subscriber)	Active	Applies to UDP packets, subscriber-side port is equal to 137, packets bypass the policy engine and are mapped to CoS BE
eDonkey UDP (to network)	Active	Applies to UDP packets, network-side ports in the range 4661 to 4665, packets bypass the policy engine and are mapped to CoS BE
eDonkey UDP (to subscriber)	Active	Applies to UDP packets, subscriber-side ports in the range 4661 to 4665, packets bypass the policy engine and are mapped to CoS BE
eMule UDP (to network)	Active	Applies to UDP packets, network-side ports in the range 4670 to 4674, packets bypass the policy engine and are mapped to CoS BE
eMule UDP (to subscriber)	Active	Applies to UDP packets, subscriber-side ports in the range 4670 to 4674, packets bypass the policy engine and are mapped to CoS BE
eMule UDP 2 (to network)	Active	Applies to UDP packets, network-side ports in the range 5670 to 5674, packets bypass the policy engine and are mapped to CoS BE
eMule UDP 2 (to subscriber)	Active	Applies to UDP packets, subscriber-side ports in the range 5670 to 5674, packets bypass the policy engine and are mapped to CoS BE
eMule UDP 3 (to network)	Active	Applies to UDP packets, network-side ports in the range 5780 to 5784, packets bypass the policy engine and are mapped to CoS BE
eMule UDP 3 (to subscriber)	Active	Applies to UDP packets, subscriber-side ports in the range 5780 to 5784, packets bypass the policy engine and are mapped to CoS BE
BGP Filter	Inactive	Applies to TCP packets, network-side port is equal to 179, packets bypass the policy engine and are mapped to CoS BE
DHCP Filter	Inactive	Applies to UDP packets, network-side ports in the range 67 to 68, packets bypass the policy engine and are mapped to CoS BE
OSPF Filter	Inactive	Applies to OSPFIGP packets, packets bypass the policy engine and are mapped to CoS BE
IS-IS Filter	Inactive	Applies to ISIS packets, packets bypass the policy engine and are mapped to CoS BE
IGRP Filter	Inactive	Applies to IGP packets, packets bypass the policy engine and are mapped to CoS BE
EIGRP Filter	Inactive	Applies to EIGRP packets, packets bypass the policy engine and are mapped to CoS BE
HSRP Filter 1	Inactive	Applies to UDP packets, network-side IP is equal to 224.0.0.2, packets bypass the policy engine and are mapped to CoS BE
HSRP Filter 2	Inactive	Applies to UDP packets, network-side port is equal to 1985, packets bypass the policy engine and are mapped to CoS BE
HSRP Filter 3	Inactive	Applies to UDP packets, subscriber-side port is equal to 1985, packets bypass the policy engine and are mapped to CoS BE
RIP Filter 1	Inactive	Applies to UDP packets, network-side IP is equal to 224.0.0.9, packets bypass the policy engine and are mapped to CoS BE
RIP Filter 2	Inactive	Applies to UDP packets, network-side port is equal to 520, packets bypass the policy engine and are mapped to CoS BE
RIP Filter 3	Inactive	Applies to UDP packets, subscriber-side port is equal to 520, packets bypass the policy engine and are mapped to CoS BE
RADIUS Filter	Inactive	Applies to UDP packets, network-side port is equal to 1812, packets bypass the policy engine and are mapped to CoS BE
RADIUS Filter (early deployment)	Inactive	Applies to UDP packets, network-side ports in the range 1645 to 1646, packets bypass the policy engine and are mapped to CoS BE

Information About Protocols

Protocols are divided into four groups:

•Generic Protocols - These protocols are used for transactions that were not mapped to a service by one of the more specific protocol types.

•Signature-Based Protocols - Protocols classified according to a Layer 7 application signature. This group includes the most common protocols, such as HTTP and FTP, and a large group of popular P2P protocols.

•IP Protocols - Protocols (such as ICMP), other than TCP and UDP protocols, identified according to the IP protocol number of the transaction.

•Port-Based Protocols - TCP and UDP protocols that are classified according to their well-known ports. The default configuration includes more than 600 common port-based protocols.

You may add new protocols (for example, to classify a new gaming protocol that uses a specific port) and edit or remove existing ones.

The tables in the following sections list the protocols defined in the default service configuration.

• Generic Protocols

• Signature-Based Protocols

• IP Protocols

• Port-Based Protocols

• Protocols Identified on Unidirectional Flows

• Services

• RDR Settings

• Rules

• System Mode

Generic Protocols

The three generic protocols (IP, TCP, and UDP) serve as default containers for classifying transactions of the relevant type (IP, TCP, or UDP) that were not classified as belonging to a more specific protocol.

A transaction is classified as belonging to one of the generic protocols if it meets both the following conditions:

•It was not classified as belonging to a signature-based protocol.

•It was not classified as belonging to an IP or port-based protocol that is specifically mapped to a service.

Table 1-2 Generic Protocols
Protocol Name	ID	Description
Generic IP	10	Any non-TCP/UDP transaction where the related IP protocol is not specifically mapped to a service.
Generic TCP	0	Any TCP transaction that does not match any signature-based protocol, and where the related port-based protocol (if it exists) is not specifically mapped to a service1.
Generic UDP	1	Any UDP transaction that does not match any signature-based protocol, and where the related port-based protocol (if it exists) is not specifically mapped to a service.

Signature-Based Protocols

A transaction is classified as belonging to one of the signature-based protocols if it is carried on the protocol's well-known port or matches the protocol's signature.

Table 1-3 Signature-Based Protocols
Protocol Name	ID	TCP Ports	UDP Ports
Behavioral P2P	1044
Behavioral Upload/Download (See note following table)	127
CUWorld	117
DHCP Sniff	33
DingoTel	42
DNS	933
Flash	1033
Flash YouTube	1034
Flash MySpace	1035
Flash Yahoo	1036
FTP	4	21
Generic Non-Established TCP (See note following table)	126
GoogleEarth	118
Hopster	115
HTTP Browsing	2	80, 8080
HTTP Tunnel	55
ICQ	119
IRC	62
Jabber	116
MMS	6	1755
Mobile MMS	46
NNTP	15	119
NTP	54
POP3	9	110
QQ	52
RTSP Streaming	5	554, 1554, 7070
Sling	112
SMTP	8	25
STUN	114
Thunder	50
UC	48
Yahoo Messenger	40	5000-5001	5000-5001
imap	59	143	143
radius	738
tftp	60	69	69

•Behavioral Upload/Download—Transactions that have download packet flow characteristics and do not match a more specific signature are classified to this protocol. This protocol applies to downloads both from the network side and from the subscriber side.

•Generic Non-Established TCP—TCP flows that are not established properly (syn-ack is missing) are mapped to this protocol.

Table 1-4 Signature-Based P2P Protocols
Protocol Name	ID	TCP Ports	UDP Ports
AntsP2P	113
BaiBao	43
BitTorrent	24	6881-6889
DHT	106
Dijjer	120
DirectConnect	19	411-413
Entropy	125
Exosee	121
FastTrack KaZaA File Transfer	14
FastTrack KaZaA Networking	13	1214
Filetopia	31
Freenet	107
Furthur	123
Gnutella File Transfer	12
Gnutella Networking	11	6346-6349
Hotline	20
Konspire2b	1031	6085	6085
Kontiki	124
LOCO	5123
Manolito	22
Mute	34
Napster	32
NeoNet	37
NodeZilla	35
PeerEnabler	122
Poco	51
PPLive	44
PPStream	49
QQ-Live	1032
Rodi	111
Share	27
Soulseek	29
SSDP	53
TVAnts	109
Warez/FileCroc	39
Waste	36
WinMX/OpenNap	16	6257, 6699	6257
Winny	17	7742-7745, 7773
eDonkey	18	4661-4665, 4672-4673, 4711, 5662, 5773, 5783	4661-4665, 4672-4673, 4711, 5662, 5773, 5783
eMuleEncrypted	105
guruguru	66
iTunes	30
kuro	67
soribada	69
v-share	71

Table 1-5 Signature-Based VoIP Protocols
Protocol Name	ID	TCP Ports	UDP Ports
H323	28	1720
ICQ VoIP	110
MGCP	38		2427, 2727
Primus	108
PTT Winphoria	61
RTP	57
SIP	23	5060-5061	5060-5061
Skinny	41
Skype	25
Yahoo Messenger VoIP	45	33033
Yahoo VoIP over SIP	1039

IP Protocols

This section lists the IP protocols supported by SCA BB.

Table 1-6 IP Protocols
IP Protocol Number	Protocol Name	Protocol ID
0	HOPOPT	756
1	ICMP	757
2	IGMP	758
3	GGP	759
4	IP	760
5	ST	761
6	Generic TCP	0
7	CBT	762
8	EGP	763
9	IGP	764
10	BBN-RCC-MON	765
11	NVP-II	766
12	PUP	767
13	ARGUS	768
14	EMCON	769
15	XNET	770
16	CHAOS	771
17	Generic UDP	1
18	MUX	772
19	DCN-MEAS	773
20	HMP	774
21	PRM	775
22	XNS-IDP	776
23	TRUNK-1	777
24	TRUNK-2	778
25	LEAF-1	779
26	LEAF-2	780
27	RDP	781
28	IRTP	782
29	ISO-TP4	783
30	NETBLT	784
31	MFE-NSP	785
32	MERIT-INP	786
33	SEP	787
34	3PC	788
35	IDPR	789
36	XTP	790
37	DDP	791
38	IDPR-CMTP	792
39	TP++	793
40	IL	794
41	IPv6-Over-IPv4	795
42	SDRP	796
43	IPv6-Route	797
44	IPv6-Frag	798
45	IDRP	799
46	RSVP	800
47	GRE	801
48	MHRP	802
49	BNA	803
50	ESP	804
51	AH	805
52	I-NLSP	806
53	SWIPE	807
54	NARP	808
55	MOBILE	809
56	TLSP	810
57	SKIP	811
58	IPv6-ICMP	812
59	IPv6-NoNxt	813
60	IPv6-Opts	814
61	any host internal protocol	815
62	CFTP	816
63	any local network	817
64	SAT-EXPAK	818
65	KRYPTOLAN	819
66	RVD	820
67	IPPC	821
68	any distributed file system	822
69	SAT-MON	823
70	VISA	824
71	IPCV	825
72	CPNX	826
73	CPHB	827
74	WSN	828
75	PVP	829
76	BR-SAT-MON	830
77	SUN-ND	831
78	WB-MON	832
79	WB-EXPAK	833
80	ISO-IP	834
81	VMTP	835
82	SECURE-VMTP	836
83	VINES	837
84	TTP	838
85	NSFNET-IGP	839
86	DGP	840
87	TCF	841
88	EIGRP	842
89	OSPFIGP	843
90	Sprite-RPC	844
91	LARP	845
92	MTP	846
93	AX.25	847
94	IPIP	848
95	MICP	849
96	SCC-SP	850
97	ETHERIP	851
98	ENCAP	852
99	any private encryption scheme	853
100	GMTP	854
101	IFMP	855
102	PNNI	856
103	PIM	857
104	ARIS	858
105	SCPS	859
106	QNX	860
107	A/N	861
108	IPComp	862
109	SNP	863
110	Compaq-Peer	864
111	IPX-in-IP	865
112	VRRP	866
113	PGM	867
114	any 0-hop protocol	868
115	L2TP	869
116	DDX	870
117	IATP	871
118	STP	872
119	SRP	873
120	UTI	874
121	SMP	875
122	SM	876
123	PTP	877
124	ISIS	878
125	FIRE	879
126	CRTP	880

Port-Based Protocols

This section lists the TCP/UDP port-based protocols defined in the SCA BB default service configuration.

Table 1-7 Port-Based Protocols (Ports 1 to 400)
IP Protocol Number	Protocol Name	Protocol ID
0	HOPOPT	756
1	ICMP	757
2	IGMP	758
3	GGP	759
4	IP	760
5	ST	761
6	Generic TCP	0
7	CBT	762
8	EGP	763
9	IGP	764
10	BBN-RCC-MON	765
11	NVP-II	766
12	PUP	767
13	ARGUS	768
14	EMCON	769
15	XNET	770
16	CHAOS	771
17	Generic UDP	1
18	MUX	772
19	DCN-MEAS	773
20	HMP	774
21	PRM	775
22	XNS-IDP	776
23	TRUNK-1	777
24	TRUNK-2	778
25	LEAF-1	779
26	LEAF-2	780
27	RDP	781
28	IRTP	782
29	ISO-TP4	783
30	NETBLT	784
31	MFE-NSP	785
32	MERIT-INP	786
33	SEP	787
34	3PC	788
35	IDPR	789
36	XTP	790
37	DDP	791
38	IDPR-CMTP	792
39	TP++	793
40	IL	794
41	IPv6-Over-IPv4	795
42	SDRP	796
43	IPv6-Route	797
44	IPv6-Frag	798
45	IDRP	799
46	RSVP	800
47	GRE	801
48	MHRP	802
49	BNA	803
50	ESP	804
51	AH	805
52	I-NLSP	806
53	SWIPE	807
54	NARP	808
55	MOBILE	809
56	TLSP	810
57	SKIP	811
58	IPv6-ICMP	812
59	IPv6-NoNxt	813
60	IPv6-Opts	814
61	any host internal protocol	815
62	CFTP	816
63	any local network	817
64	SAT-EXPAK	818
65	KRYPTOLAN	819
66	RVD	820
67	IPPC	821
68	any distributed file system	822
69	SAT-MON	823
70	VISA	824
71	IPCV	825
72	CPNX	826
73	CPHB	827
74	WSN	828
75	PVP	829
76	BR-SAT-MON	830
77	SUN-ND	831
78	WB-MON	832
79	WB-EXPAK	833
80	ISO-IP	834
81	VMTP	835
82	SECURE-VMTP	836
83	VINES	837
84	TTP	838
85	NSFNET-IGP	839
86	DGP	840
87	TCF	841
88	EIGRP	842
89	OSPFIGP	843
90	Sprite-RPC	844
91	LARP	845
92	MTP	846
93	AX.25	847
94	IPIP	848
95	MICP	849
96	SCC-SP	850
97	ETHERIP	851
98	ENCAP	852
99	any private encryption scheme	853
100	GMTP	854
101	IFMP	855
102	PNNI	856
103	PIM	857
104	ARIS	858
105	SCPS	859
106	QNX	860
107	A/N	861
108	IPComp	862
109	SNP	863
110	Compaq-Peer	864
111	IPX-in-IP	865
112	VRRP	866
113	PGM	867
114	any 0-hop protocol	868
115	L2TP	869
116	DDX	870
117	IATP	871
118	STP	872
119	SRP	873
120	UTI	874
121	SMP	875
122	SM	876
123	PTP	877
124	ISIS	878
125	FIRE	879
126	CRTP	880

Table 1-8 Port-Based Protocols (Ports 401 to 700)
Protocol Name	ID	TCP Ports	UDP Ports
ups	316	401	401
genie	317	402	402
decap	318	403	403
nced	319	404	404
ncld	320	405	405
imsp	321	406	406
timbuktu	322	407	407
prm-sm	323	408	408
prm-nm	324	409	409
decladebug	325	410	410
rmt	326		411
synoptics-trap	327		412
smsp	328		413
infoseek	329	414	414
bnet	330	415	415
silverplatter	331	416	416
onmux	332	417	417
hyper-g	333	418	418
ariel1	334	419	419
smpte	335	420	420
ariel2	336	421	421
ariel3	337	422	422
opc-job-start	338	423	423
opc-job-track	339	424	424
icad-el	340	425	425
smartsdp	341	426	426
svrloc	342	427	427
ocs_cmu	343	428	428
ocs_amu	344	429	429
utmpsd	345	430	430
utmpcd	346	431	431
iasd	347	432	432
nnsp	348	433	433
mobileip-agent	349	434	434
mobilip-mn	350	435	435
dna-cml	351	436	436
comscm	352	437	437
dsfgw	353	438	438
dasp	354	439	439
sgcp	355	440	440
decvms-sysmgt	356	441	441
cvc_hostd	357	442	442
https	358	443
snpp	359	444	444
microsoft-ds	360	445	445
ddm-rdb	361	446	446
ddm-dfm	362	447	447
ddm-ssl	363	448	448
as-servermap	364	449	449
tserver	365	450	450
sfs-smp-net	366	451	451
sfs-config	367	452	452
creativeserver	368	453	453
contentserver	369	454	454
creativepartnr	370	455	455
scohelp	371	457	457
appleqtc	372	458	458
ampr-rcmd	373	459	459
skronk	374	460	460
datasurfsrv	375	461	461
datasurfsrvsec	376	462	462
alpes	377	463	463
kpasswd	378	464	464
url-rendezvous	379	465	465
digital-vrc	380	466	466
mylex-mapd	381	467	467
photuris	382	468	468
rcp	383	469	469
scx-proxy	384	470	470
mondex	385	471	471
ljk-login	386	472	472
hybrid-pop	387	473	473
tn-tl-w1	388	474
tn-tl-w2	389		474
tn-tl-fd1	390	476	476
ss7ns	391	477	477
spsc	392	478	478
iafserver	393	479	479
iafdbase	394	480	480
ph	395	481	481
bgs-nsi	396	482	482
ulpnet	397	483	483
integra-sme	398	484	484
powerburst	399	485	485
avian	400	486	486
saft	401	487	487
gss-http	402	488	488
nest-protocol	403	489	489
micom-pfs	404	490	490
go-login	405	491	491
ticf-1	406	492	492
ticf-2	407	493	493
pov-ray	408	494	494
intecourier	409	495	495
pim-rp-disc	410	496	496
dantz	411	497	497
siam	412	498	498
iso-ill	413	499	499
isakmp	414	500	500
stmf	415	501	501
asa-appl-proto	416	502	502
intrinsa	417	503	503
citadel	418	504	504
mailbox-lm	419	505	505
ohimsrv	420	506	506
crs	421	507	507
xvttp	422	508	508
snare	423	509	509
fcp	424	510	510
passgo	425	511	511
exec	426	512
biff	427		512
login	428	513
who	429		513
shell	430	514
syslog	431		514
printer	432	515	515
videotex	433	516	516
talk	434	517	517
ntalk	435	518	518
utime	436	519	519
efs	437	520
router	438		520
ripng	439	521	521
ulp	440	522	522
ibm-db2	441	523	523
ncp	442	524	524
timed	443	525	525
tempo	444	526	526
stx	445	527	527
custix	446	528	528
irc-serv	447	529	529
courier	448	530	530
conference	449	531	531
netnews	450	532	532
netwall	451	533	533
mm-admin	452	534	534
iiop	453	535	535
opalis-rdv	454	536	536
nmsp	455	537	537
gdomap	456	538	538
apertus-ldp	457	539	539
uucp	458	540	540
uucp-rlogin	459	541	541
commerce	460	542	542
klogin	461	543	543
kshell	462	544	544
appleqtcsrvr	463	545	545
dhcpv6-client	464	546	546
dhcpv6-server	465	547	547
idfp	466	549	549
new-rwho	467	550	550
cybercash	468	551	551
deviceshare	469	552	552
pirp	470	553	553
remotefs	471	556	556
openvms-sysipc	472	557	557
sdnskmp	473	558	558
teedtap	474	559	559
rmonitor	475	560	560
monitor	476	561	561
chshell	477	562	562
nntps	478	563	563
9pfs	479	564	564
whoami	480	565	565
streettalk	481	566	566
banyan-rpc	482	567	567
ms-shuttle	483	568	568
ms-rome	484	569	569
meter	485	570-571	570-571
sonar	486	572	572
banyan-vip	487	573	573
ftp-agent	488	574	574
vemmi	489	575	575
ipcd	490	576	576
vnas	491	577	577
ipdd	492	578	578
decbsrv	493	579	579
sntp-heartbeat	494	580	580
bdp	495	581	581
scc-security	496	582	582
philips-vc	497	583	583
keyserver	498	584	584
imap4-ssl	499	585	585
password-chg	500	586	586
submission	501	587	587
cal	502	588	588
eyelink	503	589	589
tns-cml	504	590	590
http-alt	505	591	591
eudora-set	506	592	592
http-rpc-epmap	507	593	593
tpip	508	594	594
cab-protocol	509	595	595
smsd	510	596	596
ptcnameservice	511	597	597
sco-websrvrmg3	512	598	598
acp	513	599	599
ipcserver	514	600	600
urm	515	606	606
nqs	516	607	607
sift-uft	517	608	608
npmp-trap	518	609	609
npmp-local	519	610	610
npmp-gui	520	611	611
hmmp-ind	521	612	612
hmmp-op	522	613	613
sshell	523	614	614
sco-inetmgr	524	615	615
sco-sysmgr	525	616	616
sco-dtmgr	526	617	617
dei-icda	527	618	618
digital-evm	528	619	619
sco-websrvrmgr	529	620	620
escp-ip	530	621	621
collaborator	531	622	622
aux_bus_shunt	532	623	623
cryptoadmin	533	624	624
dec_dlm	534	625	625
asia	535	626	626
passgo-tivoli	536	627	627
qmqp	537	628	628
3com-amp3	538	629	629
rda	539	630	630
ipp	540	631	631
bmpp	541	632	632
servstat	542	633	633
ginad	543	634	634
rlzdbase	544	635	635
ldaps	545	636	636
lanserver	546	637	637
mcns-sec	547	638	638
msdp	548	639	639
entrust-sps	549	640	640
repcmd	550	641	641
esro-emsdp	551	642	642
sanity	552	643	643
dwr	553	644	644
pssc	554	645	645
ldp	555	646	646
dhcp-failover	556	647	647
rrp	557	648	648
aminet	558	649	649
obex	559	650	650
ieee-mms	560	651	651
hello-port	561	652	652
repscmd	562	653	653
aodv	563	654	654
tinc	564	655	655
spmp	565	656	656
rmc	566	657	657
tenfold	567	658	658
mac-srvr-admin	568	660	660
hap	569	661	661
pftp	570	662	662
purenoise	571	663	663
secure-aux-bus	572	664	664
sun-dr	573	665	665
doom	574	666	666
disclose	575	667	667
mecomm	576	668	668
meregister	577	669	669
vacdsm-sws	578	670	670
vacdsm-app	579	671	671
vpps-qua	580	672	672
cimplex	581	673	673
acap	582	674	674
dctp	583	675	675
vpps-via	584	676	676
vpp	585	677	677
ggf-ncp	586	678	678
mrm	587	679	679
entrust-aaas	588	680	680
entrust-aams	589	681	681
xfr	590	682	682
corba-iiop	591	683	683
corba-iiop-ssl	592	684	684
mdc-portmapper	593	685	685
hcp-wismar	594	686	686
asipregistry	595	687	687
realm-rusd	596	688	688
nmap	597	689	689
vatp	598	690	690
msexch-routing	599	691	691
hyperwave-isp	600	692	692
connendp	601	693	693
ha-cluster	602	694	694
ieee-mms-ssl	603	695	695
rushd	604	696	696
uuidgen	605	697	697
olsr	606	698	698
accessnetwork	607	699	699

Table 1-9 Port-Based Protocols (Ports 701+)
Protocol Name	ID	TCP Ports	UDP Ports
elcsd	608	704	704
agentx	609	705	705
silc	610	706	706
borland-dsj	611	707	707
entrust-kmsh	612	709	709
entrust-ash	613	710	710
cisco-tdp	614	711	711
netviewdm1	615	729	729
netviewdm2	616	730	730
netviewdm3	617	731	731
netgw	618	741	741
netrcs	619	742	742
flexlm	620	744	744
fujitsu-dev	621	747	747
ris-cm	622	748	748
kerberos-adm	623	749	749
rfile	624	750
kerberos-iv	625		750
pump	626	751	751
qrh	627	752	752
rrh	628	753	753
tell	629	754	754
nlogin	630	758	758
con	631	759	759
ns	632	760	760
rxe	633	761	761
quotad	634	762	762
cycleserv	635	763	763
omserv	636	764	764
webster	637	765	765
phonebook	638	767	767
vid	639	769	769
cadlock	640	770	770
rtip	641	771	771
cycleserv2	642	772	772
submit	643	773
notify	644		773
rpasswd	645	774
acmaint_dbd	646		774
entomb	647	775
acmaint_transd	648		775
wpages	649	776	776
multiling-http	650	777	777
wpgs	651	780	780
concert	652	786	786
qsc	653		787
mdbs_daemon	654	800	800
device	655	801	801
itm-mcell-s	656	828	828
pkix-3-ca-ra	657	829	829
dhcp-failover2	658	847	847
rsync	659	873	873
iclcnet-locate	660	886	886
iclcnet_svinfo	661	887	887
accessbuilder	662	888	888
omginitialrefs	663	900	900
smpnameres	664	901	901
ideafarm-chat	665	902	902
ideafarm-catch	666	903	903
xact-backup	667	911	911
ftps-data	668	989	989
ftps	669	990	990
nas	670	991	991
telnets	671	992	992
imaps	672	993	993
ircs	673	994	994
pop3s	674	995	995
vsinet	675	996	996
maitrd	676	997	997
busboy	677	998
puparp	678		998
garcon	679	999
applix	680		999
surf	681	1010	1010
Need For Speed 3	1018	1030	1030
rmiactivation	682	1098	1098
rmiregistry	683	1099	1099
Westwood Online	1028	1140, 1234	1140, 1234
GLT Poliane	882	1201
ms-sql-s	684	1433	1433
ms-sql-m	685	1434	1434
oracle	690	1521	1521
orasrv	691	1525	1525
tlisrv	692	1527	1527
coauthor	693	1529	1529
micromuse-lm	702	1534	1534
orbixd	703	1570	1570
rdb-dbs-disp	694	1571	1571
oraclenames	695	1575	1575
shockwave	707	1626	1626
oraclenet8cman	696	1630	1630
l2tp	742	1701	1701
pptp	739	1723	1723
net8-cman	697	1830	1830
msnp	713	1836	1836
MSN Messenger	883	1863	1863
gtp-user	740	2152	2152
kali	718	2213	2213
directplay	716	2234	2234
Rainbox six	1026	2346	2346
ms-olap	686	2382-2383, 2393-2394	2382-2383, 2393-2394
groove	715	2492	2492
citrixima	698	2512	2512
citrixadmin	699	2513	2513
worldfusion	719	2595-2596	2595-2596
citriximaclient	701	2598	2598
Black And White	1006	2611-2612
sitaraserver	708	2629	2629
sitaramgmt	709	2630	2630
sitaradir	710	2631	2631
wta-wsp-s	724	2805	2805
citrix-rtmp	700	2897	2897
wap-push	725	2948	2948
wap-pushsecure	726	2949	2949
xbox live	898	3074	3074
orbix-locator	704	3075	3075
orbix-config	705	3076	3076
orbix-loc-ssl	706	3077	3077
xdtp	741	3088	3088
Delta Force	1025	3100, 3999	3100, 3999, 3568, 3569
msft-gc	687	3268	3268
msft-gc-ssl	688	3269	3269
net-assistant	712	3283	3283
mysql	711	3306	3306
directv-web	720	3334	3334
directv-soft	721	3335	3335
directv-tick	722	3336	3336
directv-catlg	723	3337	3337
ms-term-services	689	3389	3389
Myth	1016	3453	3453
Warcraft	1023	3724	3724
Kohan Immortal Sovereigns	1014	3855, 17437	3855, 17437
F16	1011		3862, 3863
F22 Simulator (lightning 3)	1012		3874-3875, 4533, 4534
wap-push-http	727	4035	4035
wap-push-https	728	4036	4036
Ultima	1022	5002-5010, 7775-7777, 8888, 9999, 7875
aim	714	5190-5193
Google Talk	1030	5222
Outlaws	1020	5310	5310
directplay8	717	6073	6073
Konspire2b	1031	6085	6085
fsgs	743	6112	6112
Diablo	1009	6113-6119	6113-6119
game-spy	755	6500, 28900, 29000	6515, 27900
parsec-game	744	6582	6582
ibprotocol	737	6714	6714
Anarchy	1004	7013, 7500-7501	7013, 7500-7501
UnReal_UT	745	7778	7777-7783
Znes	1024		7845
Asherons Call	1005	9000-9013	9000-9013
wap-wsp	729	9200	9200
wap-wsp-wtp	730	9201	9201
wap-wsp-s	731	9202	9202
wap-wsp-wtp-s	732	9203	9203
wap-vcard	733	9204	9204
wap-vcal	734	9205	9205
wap-vcard-s	735	9206	9206
wap-vcal-s	736	9207	9207
Need For Speed	1017	9442	9442
ps2	899	10070-10080	10070
Yahoo Games	1029	11999
Motorhead	1015	16000, 16010-16030	16000, 16010-16030
Swat3	1021	16639	16638
SiN	746	22450	22450
Elite Force	1010		26000, 27500
Dark Reign	1008	26214	26214
Hexen	1013		26900
halflife	747		27015
Counter strike	1007	27020-27039	1200, 27000-27014
quake-server	754	27960	27910, 27960
tribes	748	28001	28001
heretic2	749	28910
Soldier of fortune	1027		28911-28915
starsiege	750		29001-29009
game-search	751	29001
KingPin	752	31510	31510
runescape	753	43594
Operation Flash Point	1019	47624

Protocols Identified on Unidirectional Flows

When asymmetric routing classification mode is enabled, the protocols listed in the following table can be detected on unidirectional flows.

•When a unidirectional flow (inbound or outbound) passes through the SCE platform it is matched against this set of protocol signatures.

•When a bidirectional flow passes through the SCE platform the protocol library tries to match it to one of its standard (bidirectional) protocol signatures.

Table 1-10 Unidirectionally-Detected Protocols
Protocol Name	Protocol ID
AntsP2P	113
BaiBao	43
Behavioral Upload/Download	127
BitTorrent	24
CUWorld	117
Dijjer	120
DingoTel	42
DirectConnect	19
EmuleEncrypted	105
Entropy	125
Exosee	121
FastTrack KaZaA File Transfer	14
Filetopia	31
Flash	1033
Flash MySpace	1035
Flash Yahoo	1036
Flash YouTube	1034
Furthur	123
Generic TCP	0
Gnutella File Transfer	12
Gnutella Networking	11
GoogleEarth	118
HTTP Browsing	2
HTTP Tunnel	55
Hopster	115
Hotline	20
ICQ	119
Jabber	116
Kontiki	124
Manolito	22
Mobile MMS	46
Mute	34
Napster	32
NeoNet	37
NodeZilla	35
POCO	51
PPLive	44
PPStream	49
PeerEnabler	122
QQ-Live	1032
Skype	25
Sling	112
TVAnts	109
Thunder	50
UC	48
Warez/FileCroc	39
WinMX/OpenNap	16
Yahoo Messenger	40
Yahoo Messenger VoIP	45
eDonkey	18
guruguru	66
iTunes	30
soribada	69
v-share	71

Services

Services are the building blocks of service configurations. Classification of a transaction to a service determines the accounting and control that applies to the transaction. Services are organized in a hierarchal structure used for both accounting and control.

The following table lists the services defined in the default service configuration. Both service usage counters, which are used to accumulate information about transactions classified to the service, have the same name.

Table 1-11 Installed Services
Name	ID	Name of Parent Service	Global Usage Counter and Subscriber Usage Counter
Default Service	0		Default Service*
Generic	1	Default Service	Default Service*
Generic TCP	2	Generic	Generic TCP
Generic UDP	3	Generic	Generic UDP
Generic IP	6	Generic	Generic IP
Behavioral Upload/Download	39	Generic	Behavioral Upload/Download
E-Mail	4	Default Service	E-Mail*
POP3	21	E-Mail	E-Mail*
SMTP	22	E-Mail	E-Mail*
IMAP	23	E-Mail	E-Mail*
Browsing	7	Default Service	Browsing*
HTTP	16	Browsing	Browsing*
HTTPS	17	Browsing	Browsing*
Newsgroups	8	Default Service	Newsgroups
P2P	9	Default Service	P2P
eDonkey/eMule	14	P2P	eDonkey/eMule
Kazaa	15	P2P	Kazaa
BitTorrent	24	P2P	BitTorrent
Commercial File Sharing	26	P2P	Commercial File Sharing
Winny	27	P2P	Winny
Gnutella	30	P2P	Gnutella
WinMX	31	P2P	WinMX
VoIP	12	Default Service	VoIP
MGCP	5	VoIP	MGCP
SIP	10	VoIP	SIP
H323	11	VoIP	H323
Vonage	13	VoIP	Vonage
Skype	25	VoIP	Skype
Skinny	35	VoIP	Skinny
DingoTel	36	VoIP	DingoTel
Yahoo Messenger VoIP	37	VoIP	Yahoo Messenger VoIP
ICQ VoIP	40	VoIP	ICQ VoIP
Instant Messaging	28	Default Service	Instant Messaging
Gaming	29	Default Service	Gaming
FTP	32	Default Service	FTP
Net Admin	33	Default Service	Net Admin
Streaming	34	Default Service	Streaming*
Streaming over HTTP	18	Streaming	Streaming*
RTSP	19	Streaming	Streaming*
MMS	20	Streaming	Streaming*
Tunneling	38	Default Service	Tunneling

Note An asterisk is appended to a service usage counter name whenever the counter applies to more than one service.

RDR Settings

SCE platforms generate and transmit Raw Data Records (RDRs) that contain a wide variety of information and statistics, depending on the configuration of the system.

Table 1-12 Default RDR Settings
RDR Family	RDR Name	State	Rate	Rate Limit	Notes
Usage	Link	ON	Every 5 minutes
	Package	ON	Every 5 minutes
	Subscriber	ON	Every 10 minutes	200 per second
	Virtual Links	OFF	Every 10 minutes		Default is ON for service configurations created in Virtual Links mode.
Transaction	Transaction	ON		100 per second	All services have the same relative weight.
Transaction Usage	Transaction Usage (TUR)	OFF			No threshold.
	Interim TUR	OFF
	Media Flow	ON
Quota	Breach	OFF
	Remaining	OFF	Every 5 minutes	100 per second
	Threshold	OFF			Generate RDR when balance goes below 10 MB.
	Restore Quota	OFF			Generated upon subscriber introduction.
Log	Block	ON		20 per second
Real-Time Subscriber	Real-Time Subscriber Usage	ON	Every 1 minutes	100 per second	Enable for each subscriber separately, using CLI.
Real-Time Signaling	Flow Signaling	OFF
	Attack Signaling	OFF
Malicious Traffic	Malicious Traffic	ON

Rules

Rules are set of configurable instructions telling the application how to handle flows classified to a service.

The default service configuration contains a single rule for the default service. Until you create other rules, the default service rule applies to all traffic processed by the SCE platform.

The default service rule places no restrictions on traffic:

•Flows are routed through the default BWCs, which have unlimited BW.

•No quota limitations are applied to the flows and external quota management mode is selected.

System Mode

The default System Operational Mode is Report Only, which means that the system is used for reporting but does not control traffic.

The default System Topological Mode is Duplex, which means that all inbound and outbound traffic goes through the SCE platform.

Note When asymmetric routing classification mode is enabled, there are some changes to the default service configuration:

•There are no predefined flavors.

•No service elements include a specified flavor.

•Periodic quota management mode is selected.

Table Of Contents