2-4
2
ACFP Configuration
This chapter includes these sections:
z
z
z
z
Enabling the ACFP Trap Function
z
Displaying and Maintaining ACFP
z
Introduction to ACFP
Basic data communication networks comprise of routers and switches, which forward data packets. As
data networks develop, more and more services run on them. It has become inappropriate to use
legacy devices for handling some new services. Therefore, some security products such as firewalls,
Intrusion Detection System (IDS), and Intrusion Prevention System (IPS), and voice and wireless
products are designed to handle specific services.
For better support of new services, manufacturers of legacy networking devices (routers and switches
in this document) have developed various dedicated service boards (service cards) to specifically
handle these services. Some manufacturers of legacy networking devices provide a set of
software/hardware interfaces to allow the boards (cards) or devices of other manufacturers to be
plugged or connected to these legacy networking devices for cooperating to handle these services.
This gives full play to the advantages of respective manufacturers for better support of new services
while reducing user investments.
The open application architecture (OAA) is an open service architecture developed with this concept. It
integrates devices and software produced by different manufacturers, making them function as one
device, and thus providing integrated resolutions for the customers.
The Application Control Forwarding Protocol (ACFP) is developed based on the OAA architecture. For
example, collaborating IPS/IDS cards or IPS/IDS devices acting as ACFP clients run software
packages developed by other manufacturers to support the IPS/IDS services. A router or switch mirrors
or redirects the received packets to an ACFP client after matching the ACFP collaboration rules. The
software running on the ACFP client monitors and detects the packets. Based on the monitoring and
detection results, the ACFP client sends back responses to the router or switch through collaboration
Management Information Bases (MIBs) to instruct the router or switch to process the results, such as
filtering out the specified packets.