User-Defined Variables in Dynamic Profiles
User-Defined Variables
In dynamic service profiles, the Junos OS enables you to configure
custom variables at the [edit dynamic-profiles profile-name variables]
hierarchy level and use those variables in the [edit dynamic-profiles]
hierarchy. The dynamic profile obtains
and replaces data for these variables from an external server (for
example, RADIUS) during the subscriber authentication process. At
run time, the variables are replaced by actual values and used to
configure subscriber interfaces.
You can use any of the following statements to configure user-defined variables:
default-value
—Configure a default value for a user-defined variable in a dynamic profile. The values that the system uses for these variables are applied when the subscriber authenticates. Specifying a default value provides a standalone configuration for the associated statement or a backup for the statement configuration if the external server is inaccessible or does not contain a value for the variable.equals
—Configure an expression for a user-defined variable that is evaluated at run time and returned as the variable value.mandatory
—Specify that an external server (for example, RADIUS) must return a value for the user-defined variable. If the external server does not return a value for the variable, the dynamic profile fails.Note:The order in which you define how variables are obtained is important. To ensure that you obtain any mandatory variables from an external server, and not derive values from defaults or through variable expressions, you must define any mandatory variables first.
uid
—Configure a unique ID for parameterized filters and CoS in a dynamic profile created for services.uid-reference
—Configure a variable that references a unique ID for parameterized filters or CoS in a dynamic profile created for services.
Configuring User-Defined Dynamic Variables in Dynamic Profiles
This topic discusses
how to configure a user-defined dynamic variable in a dynamic service
profile. You can define a variable at the [edit dynamic-profiles profile-name variables]
hierarchy level that is
used elsewhere in the dynamic service profile. You can optionally
specify a default value for any dynamic variable that appears in the
body of the dynamic profile. The default variable values are used
in the event the router is unable to access an external server (for
example, RADIUS) or otherwise obtain a value for use as the dynamic
variable. Alternatively, you can specify that using a RADIUS-returned
value is mandatory; if that value is not received, then the profile
fails.
Before you configure any dynamic variable default values:
Create a basic dynamic profile.
Ensure that the router is configured to enable communication between the client and the RADIUS server.
See Specifying the Authentication and Accounting Methods for Subscriber Access.
Configure all RADIUS values that you want the profiles to use when validating subscribers.
To configure variables in a dynamic service profile:
Using Variable Expressions in User-Defined Variables
Junos OS enables you to create expressions—groups of arithmetic
operators, string operators, and operands—for use as variables
within dynamic profiles. You configure variable expressions at the [dynamic-profiles profile-name variables]
hierarchy level. At run time, the variable expressions are calculated
and used as variable values to configure dynamic subscriber interfaces.
When configuring expressions in dynamic profiles, you must adhere to the following rules:
You can configure expressions only within a variable stanza of a dynamic profile.
Note:Starting in Junos OS Release 19.3R1, you can configure expressions in the
predefined-variable-defaults
statement in a dynamic profile. See Predefined Variable Defaults for Dynamic Client Profiles.Dynamic profiles that contain expressions for user-defined variables must be used only for service activation.
You generally assign expressions only to user-defined variables. You cannot assign expressions to internal variables or predefined variables.
Note:Starting in Junos OS Release 19.3R1, you can configure a limited number of expressions to establish default values for predefined variables. See Predefined Variable Defaults for Dynamic Client Profiles.
Expression values are given precedence over default values.
Entire expressions must be contained within quotation marks (“ ”).
Strings within the expressions must be quoted within single quotation marks (’ ’) and the single quotation marks can contain only strings.
White space is treated as a delimiter for all operands and operators. Strings containing spaces that you create within expressions are treated as single strings and include any leading or trailing white space. For example:
dynamic-profiles { service profile { variables { scheduler-name; video-filter equals “ ‘ Filter 1 ’ ” # Everything within the single quotation marks is considered a string, including the leading and trailing white space } } }
The expression must be either all arithmetic operators or all string operators; mixing arithmetic operators and string operators is not allowed unless properly converted to the correct type.
Expressions can refer to other system predefined variables or other user-defined variables. However, no circular referencing between variables is allowed. For example, the following reference is incorrect:
dynamic-profiles { Service_Profile_1 { variables { scheduler-name; transmit-rate2 equals “ ( $transmit-rate1 * 2)/3” # refers to transmit-rate1 transmit-rate1 equals “ ( $transmit-rate2 * 2)/3” # refers to transmit-rate2 } } }
Any mandatory variable that does not contain a “default” value or an “equals” expression must contain a value as a part of service activation. For example, a RADIUS service VSA like “service-video( value1, value2)” that contains two or fewer mandatory variables in the dynamic service profile definition “service-video” succeeds. The service activation fails if at least one mandatory variable does not have any value associated with it, either through “default” or “equals” attribute evaluation.
Table 1 lists supported operators and functions you can use to create expressions.
Precedence 5 is the highest level.
Operation |
Operator |
Associativity |
Precedence |
Action |
---|---|---|---|---|
Arithmetic Addition |
+ |
Left |
1 |
Adds the elements to the right and left of the operator together. |
Arithmetic Subtraction |
- |
Left |
1 |
Subtracts the element to the right of the operator from the element to the left of the operator. |
Arithmetic Multiplication |
* |
Left |
2 |
Multiplies the element to the left of the operator by the element to the right of the operator. |
Arithmetic Division |
/ |
Left |
2 |
Divides the element to the left of the operator by the element to the right of the operator. |
Arithmetic Modulo |
% |
Left |
2 |
Divides the element to the left of the operator by the element to the right of the operator and returns the integer remainder. If the element to the left of the operator is less than the element to the right of the operator, the result is the element to the left of the operator. |
Concatenation |
## |
Left |
3 |
Creates a new string by joining the string values to the left of the operator and the values to the right of the operator together. |
Maximum |
max(param1,param2) |
Left |
4 |
Takes the maximum of the two values passed as parameters. |
Minimum |
min(param1,param2) |
Left |
4 |
Takes the minimum of the two values passed as parameters. |
Round |
round(param1) |
- |
4 |
Rounds the value to the nearest integer. |
Truncate |
trunc(param1) |
- |
4 |
Truncates a non-integer value to the value left of the decimal point. |
Convert to String |
toStr(param1) |
- |
4 |
Converts the variable inside the parentheses to a null terminated string. |
Convert to Integer |
toInt(param1) |
- |
4 |
Converts the parameter to an integer. A single string or variable is allowed as a parameter. |
Random |
rand() |
- |
4 |
Generates a random numerical value. |
If Not Zero |
ifNotZero(param1, param2) |
Left |
4 |
Returns the second parameter if the first parameter is not zero. Returns NULL if first parameter is zero. |
Parentheses |
( ) |
- |
5 |
Groups operands and operators to achieve results different from simple precedence; effectively has the highest precedence. |
Expressions are evaluated after variables are populated with values. The evaluation is conducted immediately before profile instantiation and includes value checking. If the computed values are not acceptable, or rules governing expression syntax are broken, the expression evaluation fails, profile instantiation does not occur, and messages are logged to describe the errors.
Table 2 lists the possible expression error scenarios and the action taken by the router software.
Error |
Occurance |
Action |
Variable Value |
---|---|---|---|
Parsing error |
Commit check phase |
Commit fails |
not applicable |
Circular variable dependency error |
Commit check phase |
Commit fails |
not applicable |
Variables inside the expressions are not defined |
Commit check phase |
Commit fails |
not applicable |
Divide by zero |
Profile Instantiation |
Profile instantiation fails |
Zero (0) |
Adding string to a number |
Profile Instantiation |
Profile instantiation fails |
Zero (0) |
Overflow error |
Profile Instantiation |
Profile instantiation fails |
Undefined |
Underflow error |
Profile Instantiation |
Profile instantiation fails |
Undefined |
You can also configure the user-defined variables with a default value. The default value provides a standalone configuration for the associated statement or a backup for the statement configuration if the RADIUS server is inaccessible or the VSA attribute does not contain a value.
Configuring Variable Expressions in Dynamic Profiles
You can create expressions—groups of arithmetic operators, string operators, and operands—for use as variables within dynamic profiles. These expressions are used as variable values to configure dynamic subscriber interfaces.
To configure dynamic profile variable expressions:
Table 3 provides several examples of expressions that you can create using the supported operators and functions.
Example |
Description |
---|---|
video-filter equals “’ Filter1’ ” |
Assigns the string “ Filter1” to the dynamic $video-filter variable. |
video-filter2 equals “$video-filter ## ‘ Filter2’ ” |
Converts dynamic variable “$video-filter” to a string and concatenates the new string with the string “ Filter2”. The result is the string “$video-filter Filter2” assigned to the $video-filter2 variable. |
tempvar equals “120” |
Converts “120” to an integer and assigns the integer to the $tempvar variable. |
transmit-rate2 equals “ ( $transmit-rate1 * 2)/3 + $tempvar)” |
Multiplies the “transmit-rate1” variable by 2 and divides that value by the sum of 3 and the value of “$tempvar”. The result is assigned to the $transmit-rate2 variable. |
host-ip equals “ ’203.0.113.2’ ” |
Assigns the string “203.0.113.2” to the $host-ip variable. |
max-val “max($max1,$max2)” |
Assigns the greater of value “max1” or “max2” to the $max-val variable. |
min-val “$min($var1,30)” |
Assign the smaller of value “var1” and “30” to the $min-val variable. |
rounded-var equals “round($var1 )” |
Rounds off the value of the variable “$var1” to the nearest integer and assigns the value to the $rounded-var variable. |
trunc-var equals “trunc(1234.5)” |
Truncates the value in parentheses to the left side of the decimal and assigns the resulting value to the $trunc-var variable. |
bwg-shaping-rate equals “$ancp-downstream - ($ancp-downstream % 2 * (1 - $sp-qos-cell-mode))” |
Evaluates the expression as per the precedence set in the parentheses. |
temp-filter1 equals “ ’Filter1’ ## toStr($filter)” |
Converts the “$filter” variable to a string value and concatenates the converted string to the string “Filter1”. The resulting combined string is assigned to the $temp-filter1 variable. |
Conditional Configuration for Dynamic Profile Overview
You can configure conditional configuration statements for dynamic profiles to dynamically obtain subscriber information for a client or service.
Conditional configuration involves two main steps:
Defining the conditional variable
Referencing the conditional variable in a configuration statement
A conditional variable is defined as an expression ifNotZero (param1, param2). In this expression, param1 is a user-defined variable whose value is derived from an external server such as RADIUS and param2 can be a user-defined variable, a function, operation, number, or string. A conditional variable can be user-defined or Unique ID (UID) reference variable. It cannot be a predefined or UID variable. In Junos OS, conditional variables are supported only for the service dynamic profiles.
The configuration statements in which the conditional variables are referenced are called conditional configuration statements. After the conditional variable are defined, they are referenced in dynamic-profiles configuration statements and are processed when the service profile is instantiated. The following service profile configuration statements support conditional variables:
dynamic-profiles profile-name interfaces interface-name unit unit-no family type filter input filter-name
dynamic-profiles profile-name interfaces interface-name unit unit-no family type filter output filter-name
dynamic-profiles profile-name firewall family type filter filter-name term term-name
dynamic-profiles profile-name firewall family type filter filter-name term term-name then policer policer-name
dynamic-profiles profile-name firewall family type filter filter-name term term-name then hierarchical-policer policer-name
dynamic-profiles profile-name class-of-service scheduler-maps map-name forwarding-class class-name scheduler scheduler-name
The system follows the following set of rules while evaluating the conditional variables and conditional configuration statements during service profile instantiation:
In the function
ifNotZero
(param1, param2), if the value of a param1 is not received from an external server and if the default value is not configured, the value of the variable is treated as non-zero and param2 is evaluated.If the value of param1 in the function
ifNotZero
(param1, param2) is 0, then NULL is returned as the value of the expression and param2 is not evaluated. In this case, the value of the conditional variable becomes NULL and the configuration statement in which the conditional variable is referenced is ignored.If the value of param1 is non-zero, then param2 is evaluated and its value is returned as the value of the expression.
The following filter-service and cos-service configuration examples show how the rules are applied:
Filter Service Configuration Example
filter-service { variables { input-filter-var mandatory; output-filter-var mandatory; bw-limit-var mandatory; term1-var default-value term1; input-filter-ref { equals "ifNotZero($input-filter-var,$input-filter-var)"; uid-reference; } output-filter-ref { equals "ifNotZero($output-filter-var,$output-filter-var)"; uid-reference; } policer1-ref { equals "ifNotZero($bw-limit-var,'policer1')"; uid-reference; } term1 equals "ifNotZero($term1-var,$term1-var)"; input-filter uid; output-filter uid; policer1 uid; } interfaces { pp0 { unit "$junos-interface-unit" { family inet { filter { input "$input-filter-ref" precedence 50; output "$output-filter-ref" precedence 50; } } } } } firewall { family inet { filter "$input-filter" { interface-specific; term $term1 { then { policer "$policer1-ref"; service-accounting; } } term rest { then accept; } } filter "$output-filter" { interface-specific; term rest { then accept; } } } policer "$policer1" { if-exceeding { bandwidth-limit "$bw-limit-var"; burst-size-limit 15k; } then discard; } } }
In the filter-service configuration
example, input-filter-ref
, output-filter-ref
, policer1-ref
, and term1
are conditional variables
while input "$input-filter-ref" precedence 50
, output
"$output-filter-ref" precedence 50
, term $term1
,
and policer "$policer1-ref"
are conditional configuration
statements. In this example, if the value of input-filter-var
is 0, the value of the conditional variable input-filter-ref
becomes NULL. Thus the entire configuration statement, input
“$input-filter-ref” precedence 50
, in which the
conditional variable is referenced, is ignored. If , however, the
value of the variable is non-zero, the configuration statement is
processed during the service profile instantiation.
CoS Service Configuration Example
cos-service { variables { sch1_var mandatory; sch2_var mandatory; sch1_ref { equals "ifNotZero($sch1_var,$sch1_var)"; uid-reference; } sch2_ref { equals "ifNotZero($sch2_var,$sch2_var)"; uid-reference; } smap1 uid; sch1 uid; sch2 uid; } class-of-service { scheduler-maps { "$smap1" { forwarding-class best-effort scheduler "$sch1_ref"; forwarding-class assured-forwarding scheduler "$sch2_ref"; } } schedulers { "$sch1" { transmit-rate percent 30; buffer-size percent 30; priority low; } "$sch2" { transmit-rate percent 10; buffer-size percent 10; priority high; } } } }
In the cos-service configuration
example, sch1_ref
and sch2_ref
are conditional
variables while forwarding-class best-effort scheduler "$sch1_ref"
and forwarding-class assured-forwarding scheduler "$sch2_ref"
are conditional configuration statements. Similar to the evaluation
in the filter-service configuration example,
if the value of any variable, referenced in a conditional variable
is 0, the configuration statement in which the conditional variable
is referenced is ignored and not processed during CoS service profile
instantiation.