Enabling Intelligent Traffic Analysis for UDP Flows

Prerequisites

Before enabling intelligent UDP traffic analysis, run the acl command in the system to create an ACL. The intelligent UDP traffic analysis supports only the permit parameter in the rule command for UDP traffic. In addition, you can specify the source IP address, destination IP address, source port number, destination port number, or any combination using the rule [ rule-id ] permit udp [ source { source-ip-address { 0 | source-wildcard } | destination { destination-ip-address { 0 | destination-wildcard } | source-port eq port | destination-port eq port ] ^* command.

In intelligent traffic analysis for UDP flows, the permit action specified in the ACL rule takes effect. As long as service flows match any of the preceding advanced ACL rules, they are sent to the TAP for processing.

Context

After intelligent traffic analysis for UDP flows is enabled, the device can perform in-depth analysis on specified UDP flows and send analysis results to the analyzer for further analysis and graphical display.

Intelligent traffic analysis for UDP flows is performed on a per-block basis. Therefore, after enabling this function, configure the number of blocks in a UDP flow to be intelligently analyzed.

Procedure

Enter the system view.
system-view
Enable the intelligent traffic ACL function.
traffic-analysis acl [ number ]

By default, the intelligent traffic ACL function is disabled.
(Optional) Configure the number of blocks (block granularity) for segment-based UDP flow analysis in intelligent traffic analysis.
traffic-analysis udp identification block number

By default, a UDP flow is divided into 256 blocks for intelligent traffic analysis.