Manual Chapter : Creating Custom Classifications

Applies To:

Show Versions Show Versions

BIG-IP PEM

  • 13.0.1, 13.0.0
Manual Chapter

Overview: Creating custom classifications

Traffic Intelligence analyzes and identifies higher level protocols and applications. It has the ability to detect applications and protocols in Service Provider networks, for example, HTTP, popular P2P, and top categories (Audio/Video, File Transfer, Instant Messaging, Mail, P2P, Web). It provides an application update mechanism, which in turn, provides the ability to keep up with new, modified, or obsolete applications without going through software release upgrades. IP traffic classifications are based on the IP protocol field of the IP header (IANA protocol).

Note: You can update the library (so) and signature definitions for web traffic (cpm) with hitless upgrade in Policy Enforcement Manager™ (PEM™).

Task summary

Determining and adjusting traffic classifications

The BIG-IP® system classifies many categories of traffic and specific applications within those categories. You can determine which categories and applications of traffic the system can classify, and find out information about them such as their application or category ID.
  1. On the Main tab, click Traffic Intelligence > Applications > Application List .
    The Applications screen displays a list of the supported classification categories.
  2. To view the applications in each category, click the + icon next to the category.
  3. To view or edit the properties of the application or category, click the name to open its properties screen.
    Tip: Here you can view the application or category ID number.
  4. Click Update to save any changes.

Creating a category

On the BIG-IP® system, you can create customized categories for classifying traffic if the predefined categories are not sufficient for your needs. For example, if you plan to create new application types unique to your organization, you can create a category to group them together.
  1. On the Main tab, click Traffic Intelligence > Applications > Application List .
    The Applications screen displays a list of the supported classification categories.
  2. Click Create.
    The New Application screen opens.
  3. From the Type list, select Category.
  4. In the Name field, type a name for the classification category.
  5. In the Description field, type optional descriptive text for the classification presets.
  6. In the Category ID field, type an identifier for this category, a unique number.
  7. For the Application List setting, move applications that you want to associate with this category from the Unknown list to the Selected list.
    If the applications are not listed yet, you can associate the applications with the category when you create them.
  8. Click Finished.
You have created custom applications to handle traffic.

Creating classification presets

On the BIG-IP® system, you can create classification preset settings for a classification policy that you have previously created.
  1. On the Main tab, click Traffic Intelligence > Presets .
    The Presets screen displays a list of the supported classification categories.
  2. Click Create.
    The New Presets screen opens.
  3. In the Name field, type a name for the application.
  4. In the Description field, type optional descriptive text for the classification presets.
  5. For the Policy setting, move the classification policies from Available list to the Selected list, to create a new preset.
  6. In the Allow Reclassification list, Enabled is the default selection.
  7. In the Flow Bundling list, Enabled is the default selection.
  8. In the Cache Results list, Enabled is the default selection.
  9. Click Finished.

Creating a custom URL database

You can create a customized URL database that can be used for adding custom URLs and categories.
  1. On the Main tab, click Traffic Intelligence > Categories > Feed Lists .
    The URL DB feed list screen opens.
  2. Click Create.
    The New Feed List screen opens.
  3. In the Name field, type a unique name for the URL feed list.
  4. In the Description field, type optional descriptive text for the URL feed list.
  5. In the Category ID field, select a category name from the drop-down list.
  6. In the URL DB Location area, select the appropriate option for URL DB location.
    Option Description
    File Click the Browse button, and select the customdb file. The customdb file should be present on your machine, and is not present on the BIG-IP system. The customdb file is a CSV file of the format. The format is: URL/IPv4 [,cat1] [,cat2]...
    Note: The non-IP URL should have a IANA registered top level domain. The URL category ID should be in the form of integer and the range is 24576 to 32767.
    For example, sample lines of customdb entry is:
                          weather.gov, 28678
                          pconline.com.cn, 28679
                          kannadaprabha.com, 28680
                          yandex.ru, 28677, 28676, 28681
                          pitt.edu,28682 
    FTP Type the ftp location and the User and Password.
    HTTP Type the HTPP location and the User and Password.
    HTTPS Type the HTPPS location and the User and Password.
  7. In the Poll Interval field, type the time interval in seconds at which the url needs to be polled.
  8. On the Main tab, click Traffic Intelligence > Policies .
    The Policy list opens.
  9. Click Create.
    The New Policy screen opens.
  10. In the Name field, type a unique name for the URL category policy.
  11. In the Description field, type optional descriptive text for the URL category policy.
  12. In the Feed List area, select the feed list that you created to attach to the policy.
  13. Click Finished.
The category lookup is done in the custom database, and the URL list is loaded into the custom database through file input. You can also perform URL categorization by looking up the server name indication (SNI) in SSL traffic.

Using iRules with classification categories and applications

If you are using custom classification categories or applications, you can use iRules® to identify the traffic for the custom classifications, or you can initiate an action based on how the traffic is classified.
  1. On the Main tab, click Local Traffic > iRules .
  2. Click Create.
  3. In the Name field, type a 1- to 31-character name.
  4. In the Definition field, type the syntax for the iRule using Tool Command Language (Tcl) syntax.
    For example, to classify traffic as xxx_app, a custom classification application that you created, you can use this iRule:
    when HTTP_REQUEST {
                            if { [HTTP::header "Host"] contains "xxx" }  {  
                            CLASSIFY::application set xxx_app 
                            }  
                            }  
                            } 
                        
    For example, to perform an action (in this case, drop) on traffic classified as xxx_app, you can use this iRule:
    when CLASSIFICATION_DETECTED {
                            if { [CLASSIFICATION::APP == "xxx_app"]}  {  
                            drop 
                            }  
                            } 
                        
    For complete and detailed information about iRules syntax, see the F5 Networks DevCentral web site http://devcentral.f5.com.
  5. Click Finished.
After creating the iRules, you must assign them as resources for each relevant virtual server on the BIG-IP® system.

Modifying iRule event for URL categories

On the BIG-IP® system, you can modify iRules® Event settings for URL categories.
  1. On the Main tab, click Traffic Intelligence > Categories > Category List .
  2. Select a URL category.
    The URL Properties screen opens.
  3. In the Name field, type a unique name for the URL category policy.
  4. In the Description field, type optional descriptive text for the classification presets.
  5. In the Category ID field, type an identifier for this category, a unique number.
  6. For the Application List setting, move applications that you want to associate with this category from the Unknown list to the Selected list.
    If the applications are not listed yet, you can associate the applications with the category when you create them.
  7. Click Finished.
  8. On the Main tab, click Local Traffic > Profiles > Classification .
    The Classification screen opens.
  9. Select a classification profile or create one.
  10. From the URL Categorization field, select Enabled from the drop-down list.
  11. In the iRule Event field, select the appropriate setting.
    • To trigger an iRule event for this category of traffic, select Enabled. You can then create an iRule that performs an action on this type of traffic.
    • If you do not need to trigger an iRule event for this category of traffic, select Disabled.
    Note: CLASSIFICATION::DETECTED is the only event that is supported.
You have modified an iRule event setting for an existing URL category.

Classification iRule commands

When the BIG-IP® system identifies a specific type of traffic with iRules® enabled, it triggers a CLASSIFICATION_DETECTED event. You can use the commands within iRules for additional system flexibility to classify the flow as one or more of the application or category classifications. The CLASSIFY commands are available from the HTTP_REQUEST or HTTP_RESPONSE iRule events.

iRule Command Description
CLASSIFICATION::app Gets the name of the classified application (the most explicit classified application).
CLASSIFICATION::category Gets the category of the application.
CLASSIFICATION::disable Disables the classification for a flow.
CLASSIFICATION::enable Enables the classification for a flow.
CLASSIFICATION::protocol Gets the name of the classified protocol (the least explicit classified application).
CLASSIFY::application set appname Classifies the flow as appname and associates the category that appname belongs to.
CLASSIFY::category set catname Classifies the flow as catname and also associates the flow with the unknown category.
CLASSIFY::application add appname Adds the application appname to the classification statistics.
CLASSIFY::category add catname Adds the category catname to the classification statistics.