Manual Chapter : Creating Custom Classifications

Applies To:

Show Versions Show Versions

BIG-IP PEM

  • 15.0.1, 15.0.0, 14.1.0
Manual Chapter

Creating Custom Classifications

Overview: Creating custom classifications

Traffic Intelligence analyzes and identifies higher level protocols and applications. It has the ability to detect applications and protocols in Service Provider networks, for example, HTTP, popular P2P, and top categories (Audio/Video, File Transfer, Instant Messaging, Mail, P2P, Web). It provides an application update mechanism, which in turn, provides the ability to keep up with new, modified, or obsolete applications without going through software release upgrades. IP traffic classifications are based on the IP protocol field of the IP header (IANA protocol).
You can update the library (so) and signature definitions for web traffic (cpm) with hitless upgrade in Policy Enforcement Manager (PEM).

Determining and adjusting traffic classifications

The BIG-IP system classifies many categories of traffic and specific applications within those categories. You can determine which categories and applications of traffic the system can classify, and find out information about them such as their application or category ID.
  1. On the Main tab, click
    Traffic Intelligence
    Applications
    Application List
    .
    The Applications screen displays a list of the supported classification categories.
  2. To view the applications in each category, click the
    +
    icon next to the category.
  3. To view or edit the properties of the application or category, click the name to open its properties screen.
    Here you can view the application or category ID number.
  4. Click
    Update
    to save any changes.

Creating a category

On the BIG-IP system, you can create customized categories for classifying traffic if the predefined categories are not sufficient for your needs. For example, if you plan to create new application types unique to your organization, you can create a category to group them together.
  1. On the Main tab, click
    Traffic Intelligence
    Applications
    Application List
    .
    The Applications screen displays a list of the supported classification categories.
  2. Click
    Create
    .
    The New Application screen opens.
  3. From the
    Type
    list, select
    Category
    .
  4. In the
    Name
    field, type a name for the classification category.
  5. In the
    Description
    field, type optional descriptive text for the classification presets.
  6. In the
    Category ID
    field, type an identifier for this category, a unique number.
  7. For the
    Application List
    setting, move applications that you want to associate with this category from the
    Unknown
    list to the
    Selected
    list.
    If the applications are not listed yet, you can associate the applications with the category when you create them.
  8. Click
    Finished
    .
You have created custom applications to handle traffic.

Creating classification presets

On the BIG-IP system, you can create classification preset settings for a classification policy that you have previously created.
  1. On the Main tab, click
    Traffic Intelligence
    Presets
    .
    The Presets screen displays a list of the supported classification categories.
  2. Click
    Create
    .
    The New Presets screen opens.
  3. In the
    Name
    field, type a name for the application.
  4. In the
    Description
    field, type optional descriptive text for the classification presets.
  5. For the
    Policy
    setting, move the classification policies from
    Available
    list to the
    Selected
    list, to create a new preset.
  6. In the
    Allow Reclassification
    list,
    Enabled
    is the default selection.
  7. In the
    Flow Bundling
    list,
    Enabled
    is the default selection.
  8. In the
    Cache Results
    list,
    Enabled
    is the default selection.
  9. Click
    Finished
    .

Creating a custom URL database

You can create a customized URL database that can be used for adding custom URLs and categories.
  1. On the Main tab, click
    Traffic Intelligence
    Categories
    Feed Lists
    .
    The URL DB feed list screen opens.
  2. Click
    Create
    .
    The New Feed List screen opens.
  3. In the
    Name
    field, type a unique name for the URL feed list.
  4. From the
    State
    list, select
    Enabled
    .
  5. In the
    Description
    field, type optional descriptive text for the URL feed list.
  6. In the
    Category ID
    field, select a category name from the drop-down list.
  7. In the URL DB Location area, select the appropriate option for URL DB location.
    Option
    Description
    File
    Click the
    Browse
    button, and select the
    customdb
    file. The
    customdb
    file should be present on your machine and not present on the BIG-IP system. The
    customdb
    file is a CSV file of the format: URL/IPv4 [,cat1] [,cat2]...
    The non-IP URL should have an IANA-registered top level domain.
    For example, sample lines of a
    customdb
    entry are:
    weather.gov, 28678 pconline.com.cn, 28679 kannadaprabha.com, 28680 yandex.ru, 28677, 28676, 28681 pitt.edu,28682
    Entries in feed lists must consist of all lowercase characters. Also, any entry of the form www.
    tld
    or www.
    domain
    .com will not match.
    FTP
    Type the ftp location and the
    User
    and
    Password
    .
    HTTP
    Type the HTTP location and the
    User
    and
    Password
    .
    HTTPS
    Type the HTTPS location and the
    User
    and
    Password
    .
  8. In the
    Poll Interval
    field, type the time interval in hours at which the url needs to be polled.
  9. Click
    Finished
    .
The category lookup is done in the custom database, and the URL list is loaded into the custom database through file input. You can also perform URL categorization by looking up the server name indication (SNI) in SSL traffic.

Using iRules with classification categories and applications

If you are using custom classification categories or applications, you can use iRules to identify the traffic for the custom classifications, or you can initiate an action based on how the traffic is classified.
  1. On the Main tab, click
    Local Traffic
    iRules
    .
  2. Click
    Create
    .
  3. In the
    Name
    field, type a 1- to 31-character name.
  4. In the
    Definition
    field, type the syntax for the iRule using Tool Command Language (Tcl) syntax.
    For example, to classify traffic as
    xxx_app
    , a custom classification application that you created, you can use this iRule:
    when HTTP_REQUEST { if { [HTTP::header "Host"] contains "xxx" } { CLASSIFY::application set xxx_app } } }
    For example, to perform an action (in this case, drop) on traffic classified as
    xxx_app
    , you can use this iRule:
    when CLASSIFICATION_DETECTED { if { [CLASSIFICATION::APP == "xxx_app"]} { drop } }
    For complete and detailed information about iRules syntax, see the F5 Networks DevCentral web site
    http://devcentral.f5.com
    .
  5. Click
    Finished
    .
After creating the iRules, you must assign them as resources for each relevant virtual server on the BIG-IP system.

Modifying iRule event for URL categories

On the BIG-IP system, you can modify iRules Event settings for URL categories.
  1. On the Main tab, click
    Traffic Intelligence
    Categories
    Category List
    .
  2. Select a URL category.
    The URL Properties screen opens.
  3. In the
    Name
    field, type a unique name for the URL category policy.
  4. In the
    Description
    field, type optional descriptive text for the classification presets.
  5. In the
    Category ID
    field, type an identifier for this category, a unique number.
  6. For the
    Application List
    setting, move applications that you want to associate with this category from the
    Unknown
    list to the
    Selected
    list.
    If the applications are not listed yet, you can associate the applications with the category when you create them.
  7. Click
    Finished
    .
  8. On the Main tab, click
    Local Traffic
    Profiles
    Classification
    .
    The Classification screen opens.
  9. Select a classification profile or create one.
  10. From the
    URL Categorization
    field, select
    Enabled
    from the drop-down list.
  11. In the
    iRule Event
    field, select the appropriate setting.
    • To trigger an iRule event for this category of traffic, select
      Enabled
      . You can then create an iRule that performs an action on this type of traffic.
    • If you do not need to trigger an iRule event for this category of traffic, select
      Disabled
      .
    CLASSIFICATION::DETECTED
    is the only event that is supported.
You have modified an iRule event setting for an existing URL category.

Classification iRule commands

When the BIG-IP system identifies a specific type of traffic with iRules enabled, it triggers a
CLASSIFICATION_DETECTED
event. You can use the commands within iRules for additional system flexibility to classify the flow as one or more of the application or category classifications. The
CLASSIFY
commands are available from the
HTTP_REQUEST
or
HTTP_RESPONSE
iRule events.
iRule Command
Description
CLASSIFICATION::app
Gets the name of the classified application (the most explicit classified application).
CLASSIFICATION::category
Gets the category of the application.
CLASSIFICATION::disable
Disables the classification for a flow.
CLASSIFICATION::enable
Enables the classification for a flow.
CLASSIFICATION::protocol
Gets the name of the classified protocol (the least explicit classified application).
CLASSIFY::application set
appname
Classifies the flow as
appname
and associates the category that
appname
belongs to.
CLASSIFY::category set
catname
Classifies the flow as
catname
and also associates the flow with the unknown category.
CLASSIFY::application add
appname
Adds the application
appname
to the classification statistics.
CLASSIFY::category add
catname
Adds the category
catname
to the classification statistics.