Manual Chapter :
Creating Custom Classifications
Applies To:
Show VersionsBIG-IP LTM
- 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
BIG-IP PEM
- 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0
Creating Custom Classifications
Overview: Creating custom classifications
Traffic Intelligence analyzes and identifies higher level protocols and applications. It has
the ability to detect applications and protocols in Service Provider networks, for example, HTTP,
popular P2P, and top categories (Audio/Video, File Transfer, Instant Messaging, Mail, P2P, Web).
It provides an application update mechanism, which in turn, provides the ability to keep up with
new, modified, or obsolete applications without going through software release upgrades. IP
traffic classifications are based on the IP protocol field of the IP header (IANA protocol).
You can update the library (so) and signature definitions for web traffic (cpm)
with hitless upgrade in Policy Enforcement Manager™ (PEM™).
Task summary
Determining and adjusting traffic classifications
The BIG-IP system classifies many categories of traffic and
specific applications within those categories. You can determine which categories and
applications of traffic the system can classify, and find out information about them
such as their application or category ID.
- On the Main tab, click.The Applications screen displays a list of the supported classification categories.
- To view the applications in each category, click the+icon next to the category.
- To view or edit the properties of the application or category, click the name to open its properties screen.Here you can view the application or category ID number.
- ClickUpdateto save any changes.
Creating a
category
On the BIG-IP system, you can create customized
categories for classifying traffic if the predefined categories are not sufficient for
your needs. For example, if you plan to create new application types unique to your
organization, you can create a category to group them together.
- On the Main tab, click.The Applications screen displays a list of the supported classification categories.
- ClickCreate.The New Application screen opens.
- From theTypelist, selectCategory.
- In theNamefield, type a name for the classification category.
- In theDescriptionfield, type optional descriptive text for the classification presets.
- In theCategory IDfield, type an identifier for this category, a unique number.
- For theApplication Listsetting, move applications that you want to associate with this category from theUnknownlist to theSelectedlist.If the applications are not listed yet, you can associate the applications with the category when you create them.
- ClickFinished.
You have created custom applications to handle traffic.
Creating classification presets
On the BIG-IP system, you can create classification preset
settings for a classification policy that you have previously created.
- On the Main tab, click.The Presets screen displays a list of the supported classification categories.
- ClickCreate.The New Presets screen opens.
- In theNamefield, type a name for the application.
- In theDescriptionfield, type optional descriptive text for the classification presets.
- For thePolicysetting, move the classification policies fromAvailablelist to theSelectedlist, to create a new preset.
- In theAllow Reclassificationlist,Enabledis the default selection.
- In theFlow Bundlinglist,Enabledis the default selection.
- In theCache Resultslist,Enabledis the default selection.
- ClickFinished.
Creating a custom URL database
You can create a customized URL database that can be used for adding custom URLs
and categories.
- On the Main tab, click.The URL DB feed list screen opens.
- ClickCreate.The New Feed List screen opens.
- In theNamefield, type a unique name for the URL feed list.
- From theStatelist, selectEnabled.
- In theDescriptionfield, type optional descriptive text for the URL feed list.
- In theCategory IDfield, select a category name from the drop-down list.
- In the URL DB Location area, select the appropriate option for URL DB location.OptionDescriptionFileClick theBrowsebutton, and select thecustomdbfile. Thecustomdbfile should be present on your machine and not present on the BIG-IP system. Thecustomdbfile is a CSV file of the format: URL/IPv4 [,cat1] [,cat2]...For example, sample lines of aThe non-IP URL should have an IANA-registered top level domain.customdbentry are:weather.gov, 28678 pconline.com.cn, 28679 kannadaprabha.com, 28680 yandex.ru, 28677, 28676, 28681 pitt.edu,28682Entries in feed lists must consist of all lowercase characters. Also, any entry of the form www.tldor www.domain.com will not match.FTPType the ftp location and theUserandPassword.HTTPType the HTTP location and theUserandPassword.HTTPSType the HTTPS location and theUserandPassword.
- In thePoll Intervalfield, type the time interval in hours at which the url needs to be polled.
- ClickFinished.
The category lookup is done in the custom database, and the URL list is loaded into
the custom database through file input. You can also perform URL categorization by
looking up the server name indication (SNI) in SSL traffic.
Using iRules with classification categories and applications
If you are using custom classification categories or applications, you can use iRules to identify the traffic for the custom classifications, or
you can initiate an action based on how the traffic is classified.
- On the Main tab, click.
- ClickCreate.
- In theNamefield, type a 1- to 31-character name.
- In theDefinitionfield, type the syntax for the iRule using Tool Command Language (Tcl) syntax.For example, to classify traffic asxxx_app, a custom classification application that you created, you can use this iRule:when HTTP_REQUEST { if { [HTTP::header "Host"] contains "xxx" } { CLASSIFY::application set xxx_app } } }For example, to perform an action (in this case, drop) on traffic classified asxxx_app, you can use this iRule:when CLASSIFICATION_DETECTED { if { [CLASSIFICATION::APP == "xxx_app"]} { drop } }For complete and detailed information about iRules syntax, see the F5 Networks DevCentral web sitehttp://devcentral.f5.com.
- ClickFinished.
After creating the iRules, you must assign them as resources for each relevant
virtual server on the BIG-IP system.
Modifying iRule event for URL
categories
On the BIG-IP
system, you can modify iRules Event settings for URL
categories.
- On the Main tab, click.
- Select a URL category.The URL Properties screen opens.
- In theNamefield, type a unique name for the URL category policy.
- In theDescriptionfield, type optional descriptive text for the classification presets.
- In theCategory IDfield, type an identifier for this category, a unique number.
- For theApplication Listsetting, move applications that you want to associate with this category from theUnknownlist to theSelectedlist.If the applications are not listed yet, you can associate the applications with the category when you create them.
- ClickFinished.
- On the Main tab, click.The Classification screen opens.
- Select a classification profile or create one.
- From theURL Categorizationfield, selectEnabledfrom the drop-down list.
- In theiRule Eventfield, select the appropriate setting.
- To trigger an iRule event for this category of traffic, selectEnabled. You can then create an iRule that performs an action on this type of traffic.
- If you do not need to trigger an iRule event for this category of traffic, selectDisabled.
CLASSIFICATION::DETECTEDis the only event that is supported.
You have modified an iRule event
setting for an existing URL category.
Classification iRule commands
When the BIG-IP system identifies a specific type of traffic with
iRules enabled, it triggers a
CLASSIFICATION_DETECTED
event. You can use the commands within iRules for additional system flexibility to classify the
flow as one or more of the application or category classifications. The
CLASSIFY
commands are available from the HTTP_REQUEST
or
HTTP_RESPONSE
iRule events.iRule Command |
Description |
---|---|
CLASSIFICATION::app |
Gets the name of the classified application (the most explicit classified
application). |
CLASSIFICATION::category |
Gets the category of the application. |
CLASSIFICATION::disable |
Disables the classification for a flow. |
CLASSIFICATION::enable |
Enables the classification for a flow. |
CLASSIFICATION::protocol |
Gets the name of the classified protocol (the least explicit classified
application). |
CLASSIFY::application set
appname |
Classifies the flow as appname and associates the category
that appname belongs to. |
CLASSIFY::category set
catname |
Classifies the flow as catname and also associates the flow with the unknown category. |
CLASSIFY::application add
appname |
Adds the application appname to the classification statistics. |
CLASSIFY::category add
catname |
Adds the category catname to the classification statistics. |