[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Overview of Classification Scripts

The SAE uses classification scripts to determine whether it manages router interfaces, to select default policies, to find subscriber profiles, and to choose DHCP profiles. The SAE has three classification scripts:

How Classification Scripts Work

Classification scripts are organized into rules. Each rule has a target and one or more match conditions.

Each script can have multiple targets, and each target can have multiple conditions. When an object needs classification, the script processes the targets in turn. Within each target, the script processes conditions sequentially. When it finds that the classification conditions for a target match, it returns the target to the SAE. If the script does not find any targets that can be matched, the classifier engine returns a no-match message to the SAE.

Because classification scripts examine conditions sequentially as the conditions appear in the script, you should put more specific conditions at the beginning of the script and less specific conditions at the end of the script.

Interface Classification Scripts

When a subscriber's IP interface comes up on the router, the router sends the subscriber's login and interface information to the SAE. For example, the router might send the following information:

IP address=0.0.0.0
Virtual router name=default@erx5_ssp58 
Interface name=FastEthernet3/1.1
PPP login name (PPP)=pebbles@virneo.net
User IP address (PPP)=192.168.55.5
Interface speed=100000000
Interface description=P3/1.1
Interface alias=1st pppoe int
RADIUS class=null

The SAE invokes the interface classification script and provides to the script the information that it received from the router. The script engine matches the information sent from the router to the conditions in the interface classification script. The script examines each condition in sequential order to find a match.

Subscriber Classification Scripts

When the SAE begins managing an interface, it determines whether a subscriber is associated with the interface by running the subscriber classification script. The SAE also runs the subscriber classification script when certain login events occur. See SRC-PE Subscribers and Subscriptions Guide, Chapter 3, Subscriber Logins and Service Activation for a description of login event types.

To find the matching subscriber profile, the SAE uses interface information that it received from the router when the interface became operational (for example, virtual router name, interface name, interface alias). It also uses login information that it received from the router or the portal application when the subscriber attempted to log in (for example, subscriber IP address, login name, or login event type).

When the SAE runs the subscriber classification script, the script engine matches the information sent from the router to the conditions in the subscriber classification script. The script examines each condition in sequential order to find a match.

DHCP Classification Scripts

Classification Targets

A target is the result of the classification script that gets returned to the SAE. There are two special types of targets:

Because script targets use * (asterisks), you cannot use * in other types of targets.

Target Expressions

A target can contain expressions. These expressions can refer to an object in the SAE's memory or configuration, to specific matching conditions, or to another function or script.

Suppose the classification object in a subscriber classifier contains a field called userName. The classifier target uniqueId=<- userName -> is expanded to contain the actual content of the userName field before it is returned to the SAE; for example, for userName=juser, uniqueId=juser is returned.

Target expressions are enclosed in angle brackets and hyphens; for example, <-retailerDn->. The classifier expands expressions before it returns the target to the SAE. The expression is interpreted by an embedded Python interpreter and can contain variables and Python operations. In the simplest case an expression can be a single variable that is replaced with its current contents. Available variable names are all fields of the object passed to the classifier and names created with regular expression matching.

Because a scripting interpreter interprets expressions, more complex operations are possible. Examples are:

Classification Conditions

You can configure multiple classification conditions for a rule. For example:

rule rule-2 {
  target /ent/EntDefault;
  condition {
    "pppLoginName=\"\"";
    "&interfaceName!=\"fastEthernet0*\"";
    "&interfaceName!=\"null*\"";
    "&interfaceName!=\"loopback*\"";

If you prefix a condition with an & (ampersand) character, the condition is examined only if the previous condition matches.

If you prefix a condition with a | (pipe) character, the condition is examined only if the previous conditions have not produced a positive match.

You can use glob or regular expression matching to configure each target's conditions.

Glob Matching

Glob matches are of the form:

field = match 
or 
field != match

where match is a pattern similar to UNIX filename matching. Glob matches are case insensitive. "field != match" is true, if field=match is not true.

The available field names are described for the specific classifiers. Examples are:

Regular Expression Matching

Regular expression matches are of the form:

field =~ re 
or 
field !~ re 

where field !~ re is true if field =~ re is not true. The regular expression is re. For a complete description of the syntax, see: http://www.python.org/doc/2.0/lib/re-syntax.html

You can group regular expressions with pairs of parentheses. If such an expression matches, the contents of the groups are made available for target expressions. Group number n is available as G[n], where n is the number of the opening parenthesis of the group. You can also name groups by using the special notation (?P<name>...).

Examples:

ifAlias =~ "SSP(.*)    " 
# match a string starting with "SSP". The remainder is stored 

# in the variable "G[1]"

ifAlias =~ (?P<dn>name=(?P<name>[^,]*).*)

        # match a string starting with "name=". The whole match is

        # stored in the variable "dn". A submatch which does not

        # contain any ","-characters and starts after "name="

        # is stored in variable "name"

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]