App-based Tethering Detection

Feature Information

Summary Data

Status

New Feature

Introduced-In Release

21.2

Modified-In Release(s)

Not Applicable

Applicable Product(s)

P-GW

Applicable Platform(s)

ASR 5500

Default Setting

Disabled

Related CDETS ID(s)

CSCvd65410

Related Changes in This Release

Not Applicable

Related Documentation

ADC Administration Guide

Command Line Interface Reference

Revision History


Important

Revision history details are not provided for features introduced before release 21.2.


Revision Details

Release

Release Date

New in this release.

21.2

April 27, 2017

Feature Description

The tethering of IPv4 and IPv6 traffic has increased, and the native device recognition techniques are less viable with the advent of proxy tethering Apps on smartphones.

A new App-based Tethering Detection is introduced with this release. This solution interwork with other existing Tethering Detection techniques.

How It Works

This solution is built around the existing ADC plugins for App identifications. Tethering specific patterns are added on top of recognized App plugins. These plugins successively return if the App flow is tethered or not.

Important

With this release, App-based Tethering Detection is introduced only for Netflix and YouTube.


Licensing

This feature requires both ADC, and Tethering Detection License. Contact your Cisco account representative for detailed information on specific licensing requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration Guide.

Configuring App-based Tethering Detection

This section describes how to enable support for App-based Tethering Detection.

Enabling App-based Tethering Detection at Rulebase Level

Use the following commands to enable App-based Tethering Detection for ADC traffic under ACS Rulebase Configuration Mode:

configure 
   active-charging service service_name 
      rulebase rulebase_name 
         tethering-detection application 
      			exit 
      exit 
   exit 
Notes:
  • The default tethering-detection command configures its default setting.

    Default: By default, the Tethering Detection feature is disabled. When enabled, unless a specific database is specified to be used, tethering detection will make use of both the databases by default.

  • If previously configured, use the no tethering-detection command to remove the tethering detection configuration from the rulebase.

Enabling App-based Tethering Detection at Ruledef Level

Use the following commands to enable App-based Tethering Detection for ADC traffic under ACS Ruledef Configuration Mode:

configure 
   active-charging service service_name 
      ruledef ruledef_name 
         tethering-detection application flow-tethered 
      			exit 
      exit 
   exit 
Notes:
  • If previously configured, use the no tethering-detection command to remove the tethering detection configuration from the ruledef.

Enabling App-based Tethering Detection at Rule-variable

Use the following commands to enable App-based Tethering Detection field in EDRs under EDR Format Configuration Mode:

configure 
   active-charging service service_name 
      edr-format format_name 
         rule-variable flow tethered-application priority priority 
      			exit 
      exit 
   exit 
Notes:
  • flow tethered-application : The flow specifies Flow related fields. tethered-application specifies application based tethering detected on flow.

  • priority priority : Specifies the CSV position of the field (protocol rule) in the EDR. priority must be an integer from 1 through 65535.

  • If previously configured, use the no rule-variable rule_variable [ priority priority ] command to remove the specified rule variable configuration.

Monitoring and Troubleshooting the App-based Tethering Detection

This section provides information regarding commands available to monitor and troubleshoot the App-based Tethering Detection.

Show Commands and Outputs

This section provides information regarding show commands and their outputs in support of this enhancement.

show active-charging tethering-detection statistics

The following fields are available in the output of this show command in support of this enhancement:

Current Tethered Subscribers:  0 
Total flows scanned:           0 
Total Tethered flows detected: 0 
Total Tethered flows recovered:     0 
Total flows bypassed for scanning : 0 
 
Tethering Detection Statistics (os-ua): 
  TAC ID lookups:              0 
  TAC ID matches:              0 
  OS signature lookups:        0 
  OS signature matches:        0 
  IPv6 OS signature lookups:   0 
  IPv6 OS signature matches:   0 
  UA signature lookups:        0 
  UA signature matches:        0 
  Total flows scanned:         0 
  Tethered flows detected:     0 
  Non-tethered flows detected: 0 
  Tethered Uplink Packets:     0 
  Tethered Downlink Packets:   0 
  Current tethering-detected indications sent:   0 
  Total tethering-detected indications sent:     0 
 
Tethering Detection Statistics (ip-ttl): 
  Total flows scanned:                  0 
  Tethered flows detected:              0 
  Tethered uplink packets:              0 
  Tethered downlink packets:            0 
 
Tethering Detection Statistics (DNS Based): 
  Total flows scanned:                  0 
  Tethered flows detected:              0 
  Tethered uplink packets:              0 
  Tethered downlink packets:            0 
 
Tethering Detection Statistics (Application): 
  Total flows scanned:                  0 
  Tethered flows detected:              0 
  Tethered uplink packets:              0 
  Tethered downlink packets:            0 
 
Change Statistics for Multiple SYN in Flow: 
  Tethered to Non-Tethered:                               0 
  Non-Tethered to Tethered:                               0 
  Tethered to Tethered:                                   0 
  Non-Tethered to Non-Tethered:                           0 

show active-charging rulebase statistics

The following fields are available in the output of this show command in support of this enhancement:

Tethering Detection: 
     TAC ID lookups:                                       0 
     TAC ID matches:                                       0 
     OS signature lookups:                                 0 
     OS signature matches:                                 0 
     IPv6 OS signature lookups:                            0 
     IPv6 OS signature matches:                            0 
     UA signature lookups:                                 0 
     UA signature matches:                                 0 
     Total flows scanned:                                  0 
     Tethered flows detected:                              0 
     Tethered uplink packets:                              0 
     Tethered downlink packets:                            0 
 
     Tethering Detection (ip-ttl): 
     Total flows scanned:                                  0 
     Tethered flows detected:                              0 
     Tethered uplink packets:                              0 
     Tethered downlink packets:                            0 
 
     Tethering Detection (DNS Based): 
     Total flows scanned:                                  0 
     Tethered flows detected:                              0 
     Tethered uplink packets:                              0 
     Tethered downlink packets:                            0 
 
     Tethering Detection (Application): 
     Total flows scanned:                                  0 
     Tethered flows detected:                              0 
     Tethered uplink packets:                              0 
     Tethered downlink packets:                            0