F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP Policy Enforcement Manager: Implementations
  3. Creating Custom Classifications
Manual Chapter : Creating Custom Classifications

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0

BIG-IP PEM

  • 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Manual Chapter

Creating Custom Classifications

Overview: Creating custom classifications

Traffic Intelligence analyzes and identifies higher level protocols and applications. It has the ability to detect applications and protocols in Service Provider networks, for example, HTTP, popular P2P, and top categories (Audio/Video, File Transfer, Instant Messaging, Mail, P2P, Web). It provides an application update mechanism, which in turn, provides the ability to keep up with new, modified, or obsolete applications without going through software release upgrades. IP traffic classifications are based on the IP protocol field of the IP header (IANA protocol).
You can update the library (so) and signature definitions for web traffic (cpm) with hitless upgrade in Policy Enforcement Manager (PEM).

Task summary

Determining and adjusting traffic classifications

The BIG-IP system classifies many categories of traffic and specific applications within those categories. You can determine which categories and applications of traffic the system can classify, and find out information about them such as their application or category ID.
  1. On the Main tab, click
    Traffic Intelligence
    Applications
    Application List
    .
    The Applications screen displays a list of the supported classification categories.
  2. To view the applications in each category, click the
    +
     icon next to the category.
  3. To view or edit the properties of the application or category, click the name to open its properties screen.
    Here you can view the application or category ID number.
  4. Click
    Update
     to save any changes.

Creating a category

On the BIG-IP system, you can create customized categories for classifying traffic if the predefined categories are not sufficient for your needs. For example, if you plan to create new application types unique to your organization, you can create a category to group them together.
  1. On the Main tab, click
    Traffic Intelligence
    Applications
    Application List
    .
    The Applications screen displays a list of the supported classification categories.
  2. Click
    Create
    .
    The New Application screen opens.
  3. From the
    Type
     list, select
    Category
    .
  4. In the
    Name
     field, type a name for the classification category.
  5. In the
    Description
     field, type optional descriptive text for the classification presets.
  6. In the
    Category ID
     field, type an identifier for this category, a unique number.
  7. For the
    Application List
     setting, move applications that you want to associate with this category from the
    Unknown
     list to the
    Selected
     list.
    If the applications are not listed yet, you can associate the applications with the category when you create them.
  8. Click
    Finished
    .
You have created custom applications to handle traffic.

Creating classification presets

On the BIG-IP system, you can create classification preset settings for a classification policy that you have previously created.
  1. On the Main tab, click
    Traffic Intelligence
    Presets
    .
    The Presets screen displays a list of the supported classification categories.
  2. Click
    Create
    .
    The New Presets screen opens.
  3. In the
    Name
     field, type a name for the application.
  4. In the
    Description
     field, type optional descriptive text for the classification presets.
  5. For the
    Policy
     setting, move the classification policies from
    Available
     list to the
    Selected
     list, to create a new preset.
  6. In the
    Allow Reclassification
     list,
    Enabled
     is the default selection.
  7. In the
    Flow Bundling
     list,
    Enabled
     is the default selection.
  8. In the
    Cache Results
     list,
    Enabled
     is the default selection.
  9. Click
    Finished
    .

Creating a custom URL database

You can create a customized URL database that can be used for adding custom URLs and categories.
  1. On the Main tab, click
    Traffic Intelligence
    Categories
    Feed Lists
    .
    The URL DB feed list screen opens.
  2. Click
    Create
    .
    The New Feed List screen opens.
  3. In the
    Name
     field, type a unique name for the URL feed list.
  4. From the
    State
     list, select
    Enabled
    .
  5. In the
    Description
     field, type optional descriptive text for the URL feed list.
  6. In the
    Category ID
     field, select a category name from the drop-down list.
  7. In the URL DB Location area, select the appropriate option for URL DB location.
    Option
    Description
    File
    Click the
    Browse
     button, and select the
    customdb
     file. The
    customdb
     file should be present on your machine and not present on the BIG-IP system. The
    customdb
     file is a CSV file of the format: URL/IPv4 [,cat1] [,cat2]...
    The non-IP URL should have an IANA-registered top level domain.
    For example, sample lines of a
    customdb
     entry are: 
    
                weather.gov, 28678
                pconline.com.cn, 28679
                kannadaprabha.com, 28680
                yandex.ru, 28677, 28676, 28681
                pitt.edu,28682
    Entries in feed lists must consist of all lowercase characters. Also, any entry of the form www.
    tld
     or www.
    domain
    .com will not match.
    FTP
    Type the ftp location and the
    User
     and
    Password
    .
    HTTP
    Type the HTTP location and the
    User
     and
    Password
    .
    HTTPS
    Type the HTTPS location and the
    User
     and
    Password
    .
  8. In the
    Poll Interval
     field, type the time interval in hours at which the url needs to be polled.
  9. Click
    Finished
    .
The category lookup is done in the custom database, and the URL list is loaded into the custom database through file input. You can also perform URL categorization by looking up the server name indication (SNI) in SSL traffic.

Using iRules with classification categories and applications

If you are using custom classification categories or applications, you can use iRules to identify the traffic for the custom classifications, or you can initiate an action based on how the traffic is classified.
  1. On the Main tab, click
    Local Traffic
    iRules
    .
  2. Click
    Create
    .
  3. In the
    Name
     field, type a 1- to 31-character name.
  4. In the
    Definition
     field, type the syntax for the iRule using Tool Command Language (Tcl) syntax.
    For example, to classify traffic as
    xxx_app
    , a custom classification application that you created, you can use this iRule:
    when HTTP_REQUEST {
                        if { [HTTP::header "Host"] contains "xxx" }  {  
                        CLASSIFY::application set xxx_app 
                        }  
                        }  
                        }
    For example, to perform an action (in this case, drop) on traffic classified as
    xxx_app
    , you can use this iRule: 
    when CLASSIFICATION_DETECTED {
                        if { [CLASSIFICATION::APP == "xxx_app"]}  {  
                        drop 
                        }  
                        }
    For complete and detailed information about iRules syntax, see the F5 Networks DevCentral web site
    http://devcentral.f5.com
    .
  5. Click
    Finished
    .
After creating the iRules, you must assign them as resources for each relevant virtual server on the BIG-IP system.

Modifying iRule event for URL categories

On the BIG-IP system, you can modify iRules Event settings for URL categories.
  1. On the Main tab, click
    Traffic Intelligence
    Categories
    Category List
    .
  2. Select a URL category.
    The URL Properties screen opens.
  3. In the
    Name
     field, type a unique name for the URL category policy.
  4. In the
    Description
     field, type optional descriptive text for the classification presets.
  5. In the
    Category ID
     field, type an identifier for this category, a unique number.
  6. For the
    Application List
     setting, move applications that you want to associate with this category from the
    Unknown
     list to the
    Selected
     list.
    If the applications are not listed yet, you can associate the applications with the category when you create them.
  7. Click
    Finished
    .
  8. On the Main tab, click
    Local Traffic
    Profiles
    Classification
    .
    The Classification screen opens.
  9. Select a classification profile or create one.
  10. From the
    URL Categorization
     field, select
    Enabled
     from the drop-down list.
  11. In the
    iRule Event
     field, select the appropriate setting.
    • To trigger an iRule event for this category of traffic, select
      Enabled
      . You can then create an iRule that performs an action on this type of traffic.
    • If you do not need to trigger an iRule event for this category of traffic, select
      Disabled
      .
    CLASSIFICATION::DETECTED
     is the only event that is supported.
You have modified an iRule event setting for an existing URL category.

Classification iRule commands

When the BIG-IP system identifies a specific type of traffic with iRules enabled, it triggers a
CLASSIFICATION_DETECTED
 event. You can use the commands within iRules for additional system flexibility to classify the flow as one or more of the application or category classifications. The
CLASSIFY
 commands are available from the
HTTP_REQUEST
 or
HTTP_RESPONSE
 iRule events.
iRule Command
Description
CLASSIFICATION::app
Gets the name of the classified application (the most explicit classified application).
CLASSIFICATION::category
Gets the category of the application.
CLASSIFICATION::disable
Disables the classification for a flow.
CLASSIFICATION::enable
Enables the classification for a flow.
CLASSIFICATION::protocol
Gets the name of the classified protocol (the least explicit classified application).
CLASSIFY::application set
appname
Classifies the flow as
appname
 and associates the category that
appname
 belongs to.
CLASSIFY::category set
catname
Classifies the flow as
catname
 and also associates the flow with the unknown category.
CLASSIFY::application add
appname
Adds the application
appname
 to the classification statistics.
CLASSIFY::category add
catname
Adds the category
catname
 to the classification statistics.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information