Classification

The classification system allows more fine-grained control over the handling of traffic passing through bonds. Specifically, once traffic is classified, according to a packet filter match, it may be directed to either the bonded tunnel, or directly into a provider circuit.

Note

Traffic classification is only available on bonders running version 6.2 or later.

Profiles

Classification profiles define the behavior of the classification system for a bond. Each profile may be used on one or more bonders. When a profile is changed, the profile settings are automatically applied to all bonds configured to use the profile.

To see the list of profiles, select the Classification menu item in the Policies menu at the top of the administration interface. The profiles from the current space, as well as child spaces, are listed in the Classification Profiles tab, while profiles from parent spaces that are available to the current space, are listed in the Inherited Classification Profiles tab. Inherited profiles are read-only and may not be edited.

Adding a profile

To add a profile, click Add Classification Profile.

add-classification-profile

See the Profile parameters section below for a description of the profile parameters.

Editing a profile

To edit a profile, click the profile in the list and click the pencil icon of the Details section.

edit-classification-profile

See the Profile parameters section below for a description of the profile parameters.

Deleting a profile

To delete a profile, click the profile in the list and click the Delete button near the top of the page.

delete-classification-profile

Copying a profile

To copy a profile, click the profile in the list and click the Copy button near the top of the page.

copy-classification-profile

A new classification profile will be created with a unique name based on the original one. Other parameters and packet filters will be copied.

Profile parameters

Name
The name of the profile.
Space
The space for the profile. The profile will be available to bonds in this space, as well as child spaces, if the child spaces have the Use classification profiles from parent space parameter enabled.
Default target
If none of the defined packet filters match the traffic, this will be used as the target.

Targets

There are two targets available: tunnel and tunnel bypass.

Tunnel

Traffic sent to this target will be routed through the bonded tunnel, which will in turn be routed through an aggregator or private WAN router. This is the policy when no classification profile is in place, or for bonders running software older than 6.2.

Tunnel Bypass

Traffic sent to this target will be routed directly to a provider on a leg interface, bypassing the tunnel. For more detail about this target, see Tunnel Bypass

Packet filters

The packet filters for a profile are listed below the profile details. The filters are processed in order; the first matching one will determine the target. Classification is only performed on traffic entering the bonder from its LAN interfaces, so downstream traffic cannot be classified.

Adding a packet filter

To add a packet filter, click the Add filter button at the bottom of the classification profile page.

add-packet-filter

See the Packet filter parameters section below for a description of the parameters.

Editing a packet filter

To edit a packet filter, click the pencil button to the right of the packet filter on its classification profile page.

edit-packet-filter

See the Packet filter parameters section below for a description of the parameters.

Changing the order of packet filters

To change the order of packet filters for a profile, click and hold the arrows button to the right of the packet filter on its classification profile page, then drag the packet filter to the desired location within the list.

order-packet-filter

Once the desired order of the packet filters is shown, click the Save order button to save the changes.

save-packet-filter-order

Deleting a packet filter

To delete a packet filter, click the X button to the right of the packet filter on its classification profile page.

delete-packet-filter

Packet filter parameters

Comment
A short description of the filter.
Target
The target to use for traffic matching the filter. See the Targets section for more info on the available targets.
Protocol
The layer-3 protocol to match. Use Any to match all protocols.
DSCP (Type of Service)
The differentiated services type to match. If this is not Any the filter will match the specific value.
Source network
The source network to match, given in CIDR format. This will match any packet with the source IP in the given network.
Source ports
The source port or ports to match. Multiple ports may be specified by separating values with commas (eg: 80,443), while ranges may be specified by separating two values with a colon (eg: 5060:5080). This is only available if the Protocol parameter is set and the given protocol has ports, such as TCP, UDP, or SCTP.
Destination network
The destination network to match, given in CIDR format. This will match any packet with the source IP in the given network.
Destination ports
The destination port or ports to match. Multiple ports may be specified by separating values with commas (eg: 80,443), while ranges may be specified by separating two values with a colon (eg: 5060:5080). This is only available if the Protocol parameter is set and the given protocol has ports, such as TCP, UDP, or SCTP.