AA HTTP enrichment functionality has the following exceptions:
To handle the case of TCP retransmission, AA ISA implements an enrichment window of size = 5. If a retransmission of a packet occurs outside the last five enriched packets, no enrichment takes place.
Corrupted packets; AA ISA-cut-through and out-of-order fragments are not enriched.
Out-of-sequence packets are not enriched. For example, if AA –ISA receives out-of-sequence HTTP requests: REQ2,REQ1,REQ3; only REQ2 and REQ3 can be enriched.
No enrichment takes place if, by enriching, the resulting packet size exceeds the configured MTU size. AA ISA does not perform fragmentation.
The length of an encrypted header is directly analogous to the length of the encryption key. If a 2048-bit key is used, the encrypted header becomes 512 bytes long. Operators must be cautious when defining the key length and selecting which fields are encrypted and enriched to ensure that the configured MTU size is not exceeded.
AA ISA does not support header enrichment for WAP1.x, RTSP or SIP headers.
AA ISA does not support header enrichment for L2 services.
AA TCP performance measurements cannot coexist with HTTP enrichment. Enriched flows are ineligible for TCP performance sampling. If a flow is selected for TCP performance measurements and is later enriched, then TCP performance measurements cease to continue.
Enrichment can be applied as an action to any AQP entry, subject to the following conditions:
The matching conditions for the AQPs cannot include a specific HTTP protocol (such as, protocol eq HTTP_video). In other words, applications that require a specific HTTP protocol type (such as video or Flash) are not considered for enrichment.
Within the same AQP entry, the enrichment action cannot coexist with any other AQP action (such as mark or police).
The AQP hit counter is not updated based on executing an HTTP enrichment action of an AQP.
If it cannot extract the APN Network Identifier (APN-NI), AA performs enrichment using the entire APN string.