Manual Chapter : Creating Custom Classifications

Applies To:

Show Versions Show Versions

BIG-IP PEM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter

Overview: Creating custom classifications

The Policy Enforcement Manager (PEM) includes predefined classification signatures for many standard categories and applications. If the predefined signatures are not sufficient for classifying your traffic, you can create custom categories and applications. To use the custom categories and applications, you need to create iRules to classify the traffic and act on the traffic.

Task summary

Determining and adjusting traffic classifications

The BIG-IP system classifies many categories of traffic and specific applications within those categories. You can determine which categories and applications of traffic the system can classify, and find out information about them such as their application or category ID.
  1. On the Main tab, click Policy Enforcement > Classification. The Classification screen opens showing a list of the supported classification categories.
  2. To view the applications in each category, click the + icon next to the category.
  3. To view or edit the properties of the application or category, click the name to open its properties screen.
    Tip: Here you can view the application or category ID number.
  4. Adjust the properties of the application or category, if necessary.
    • In the Description field, you can add text to describe the application or category.
    • Set State to Enabled to use this classification, or to Disabled not to use it.
    • For categories only, set iRule Eventto Enabled if you want the system to trigger an iRule event when it recognizes traffic in this category, or set to Disabled if you do not.
    • In the Category or Application List field, you can change which category an application is in, or which applications are in the category.
  5. Click Update to save any changes.

Creating custom classification categories

On the BIG-IP system, you can create customized categories for classifying traffic if the predefined categories are not sufficient for your needs. For example, if you plan to create new application types unique to your organization, you can create a category to group them together.
  1. On the Main tab, click Policy Enforcement > Classification. The Classification screen opens showing a list of the supported classification categories.
  2. Click Create. The New Classification screen opens.
  3. From the Type list, select Category.
  4. In the Name field, type a name for the classification category.
  5. In the Description field, type optional descriptive text for the category.
  6. In the Category ID field, type an identifier for this category, a unique number in the range between 20480 and 24576, inclusive.
  7. For the State setting, select the appropriate value from the list.
    • If you want the system to recognize this classification, select Enabled.
    • If you do not need this classification, select Disabled.
  8. In the iRule Event field, select the appropriate setting.
    • To trigger an iRule event for this category of traffic, select Enabled. You can then create an iRule that performs an action on this type of traffic.
    • If you do not need to trigger an iRule event for this category of traffic, select Disabled.
    Note: CLASSIFICATION::DETECTED is the only event that is supported.
  9. For the Application List setting, move applications that you want to associate with this category from the Unknown list to the Selected list. If the applications are not listed yet, you can associate the applications with the category when you create them.
  10. Click Finished.
You can create new application types to put into this classification category.

Creating custom classification applications

On the BIG-IP system, you can create customized applications for classifying traffic if the predefined applications are not sufficient for your needs. You can add applications to existing categories or to customized categories that you have previously created.
  1. On the Main tab, click Policy Enforcement > Classification. The Classification screen opens showing a list of the supported classification categories.
  2. Click Create. The New Classification screen opens.
  3. From the Type list, select Application.
  4. In the Name field, type a name for the classification category.
  5. In the Description field, type optional descriptive text for the category.
  6. In the Application ID field, type an identifier for this application, a unique number in the range between 8192 and 16383, inclusive.
  7. For the State setting, select the appropriate value from the list.
    • If you want the system to recognize this classification, select Enabled.
    • If you do not need this classification, select Disabled.
  8. From the Category list, select the category into which to place this application.
  9. Click Finished.

Using iRules with classification categories and applications

If you are using custom classification categories or applications, you can use iRules to identify the traffic for the custom classifications, or you can initiate an action based on how the traffic is classified.
  1. On the Main tab, click Local Traffic > iRules.
  2. Click Create.
  3. In the Name field, type a 1- to 31-character name.
  4. In the Definition field, type the syntax for the iRule using Tool Command Language (Tcl) syntax. For example, to classify traffic as xxx_app, a custom classification application that you created, you can use this iRule:when HTTP_REQUEST { if { [HTTP::header "Host"] contains "xxx" } { CLASSIFY::application set xxx_app } } } For example, to perform an action (in this case, drop) on traffic classified as xxx_app, you can use this iRule: when CLASSIFICATION_DETECTED { if { [CLASSIFICATION::APP == "xxx_app"]} { drop } } For complete and detailed information about iRules syntax, see the F5 Networks DevCentral web site http://devcentral.f5.com.
  5. Click Finished.
After creating the iRules, you must assign them as resources for each relevant virtual server on the BIG-IP system.

Modifying iRule event for URL categories

On the BIG-IP system, you can modify iRules Event settings for URL categories.
  1. On the Main tab, click Policy Enforcement > Classification. The Classification screen opens showing a list of the supported classification categories.
  2. Select an URL category. The URL Properties screen opens.
  3. In the Description field, type optional descriptive text for the category.
  4. In the iRule Event field, select the appropriate setting.
    • To trigger an iRule event for this category of traffic, select Enabled. You can then create an iRule that performs an action on this type of traffic.
    • If you do not need to trigger an iRule event for this category of traffic, select Disabled.
    Note: CLASSIFICATION::DETECTED is the only event that is supported.
You have modified an iRule event setting for an existing URL category.

Classification iRule commands

When the BIG-IP system identifies a specific type of traffic with iRules enabled, it triggers a CLASSIFICATION_DETECTED event. You can use the commands within iRules for additional system flexibility to classify the flow as one or more of the application or category classifications. The CLASSIFY commands are available from the HTTP_REQUEST or HTTP_RESPONSE iRule events.

iRule Command Description
CLASSIFICATION::app Gets the name of the classified application (the most explicit classified application).
CLASSIFICATION::category Gets the category of the application.
CLASSIFICATION::disable Disables the classification for a flow.
CLASSIFICATION::enable Enables the classification for a flow.
CLASSIFICATION::protocol Gets the name of the classified protocol (the least explicit classified application).
CLASSIFY::application set appname Classifies the flow as appname and associates the category that appname belongs to.
CLASSIFY::application set appname Classifies the flow as appname and associates the category that appname belongs to.
CLASSIFY::category set catname Classifies the flow as catname and also associates the flow with the unknown category.
CLASSIFY::application add appname Adds the application appname to the classification statistics.
CLASSIFY::category add catname Adds the category catname to the classification statistics.