==============
Classification
==============

The classification system allows more fine-grained control over the handling
of traffic passing through bonds. Specifically, once traffic is classified,
according to a packet filter match, it may be directed to either the bonded
tunnel, or directly into a provider circuit.

.. contents:: :depth: 2

.. note::
    Traffic classification is only available on bonders running version 6.2 or
    later.


Profiles
========

Classification profiles define the behavior of the classification system for
a bond. Each profile may be used on one or more bonders. When a profile is
changed, the profile settings are automatically applied to all bonds
configured to use the profile.

To see the list of profiles, select the *Classification* menu item in the
*Policies* menu at the top of the administration interface. The profiles from
the current space, as well as child spaces, are listed in the *Classification
Profiles* tab, while profiles from parent spaces that are available to the
current space, are listed in the *Inherited Classification Profiles* tab.
Inherited profiles are read-only and may not be edited.

Adding a profile
----------------

To add a profile, click *Add Classification Profile*.

 |add-classification-profile|

See the *Profile parameters* section below for a description of the profile
parameters.

Editing a profile
-----------------

To edit a profile, click the profile in the list and click the pencil icon of
the *Details* section.

 |edit-classification-profile|

See the *Profile parameters* section below for a description of the profile
parameters.

Deleting a profile
------------------

To delete a profile, click the profile in the list and click the *Delete*
button near the top of the page.

 |delete-classification-profile|

Copying a profile
-----------------

To copy a profile, click the profile in the list and click the *Copy*
button near the top of the page.

 |copy-classification-profile|

A new classification profile will be created with a unique name based on the
original one. Other parameters and packet filters will be copied.

Profile parameters
------------------

Name
    The name of the profile.

Space
    The space for the profile. The profile will be available to bonds in this
    space, as well as child spaces, if the child spaces have the *Use
    classification profiles from parent space* parameter enabled.

Default target
    If none of the defined packet filters match the traffic, this will be used
    as the target.


Targets
=======

There are two targets available: *tunnel* and *tunnel bypass*.

Tunnel
------

Traffic sent to this target will be routed through the bonded tunnel, which
will in turn be routed through an aggregator or private WAN router. This is
the policy when no classification profile is in place, or for bonders running
software older than 6.2.

Tunnel Bypass
-------------

Traffic sent to this target will be routed directly to a provider on a leg
interface, bypassing the tunnel. For more detail about this target, see
`Tunnel Bypass <../bonds/tunnel-bypass.html>`__


Packet filters
==============

The packet filters for a profile are listed below the profile details. The
filters are processed in order; the first matching one will determine the
target. Classification is only performed on traffic entering the bonder from
its LAN interfaces, so downstream traffic cannot be classified.

Adding a packet filter
----------------------

To add a packet filter, click the *Add filter* button at the bottom of the
classification profile page.

 |add-packet-filter|

See the *Packet filter parameters* section below for a description of the
parameters.

Editing a packet filter
-----------------------

To edit a packet filter, click the pencil button to the right of the packet
filter on its classification profile page.

 |edit-packet-filter|

See the *Packet filter parameters* section below for a description of the
parameters.

Changing the order of packet filters
------------------------------------

To change the order of packet filters for a profile, click and hold the arrows
button to the right of the packet filter on its classification profile page,
then drag the packet filter to the desired location within the list.

 |order-packet-filter|

Once the desired order of the packet filters is shown, click the *Save order*
button to save the changes.

 |save-packet-filter-order|

Deleting a packet filter
------------------------

To delete a packet filter, click the X button to the right of the packet
filter on its classification profile page.

 |delete-packet-filter|

Packet filter parameters
------------------------

Comment
    A short description of the filter.

Target
    The target to use for traffic matching the filter. See the *Targets*
    section for more info on the available targets.

Protocol
    The layer-3 protocol to match. Use *Any* to match all protocols.

DSCP (Type of Service)
    The differentiated services type to match. If this is not *Any* the filter
    will match the specific value.

Source network
    The source network to match, given in CIDR format. This will match any
    packet with the source IP in the given network.

Source ports
    The source port or ports to match. Multiple ports may be specified by
    separating values with commas (eg: 80,443), while ranges may be specified
    by separating two values with a colon (eg: 5060:5080). This is only
    available if the *Protocol* parameter is set and the given protocol has
    ports, such as TCP, UDP, or SCTP.

Destination network
    The destination network to match, given in CIDR format. This will match
    any packet with the source IP in the given network.

Destination ports
    The destination port or ports to match. Multiple ports may be specified by
    separating values with commas (eg: 80,443), while ranges may be specified
    by separating two values with a colon (eg: 5060:5080). This is only
    available if the *Protocol* parameter is set and the given protocol has
    ports, such as TCP, UDP, or SCTP.


.. |add-classification-profile| image:: ./add-classification-profile.png
.. |edit-classification-profile| image:: ./edit-classification-profile.png
.. |delete-classification-profile| image:: ./delete-classification-profile.png
.. |copy-classification-profile| image:: ./copy-classification-profile.png
.. |add-packet-filter| image:: ./add-packet-filter.png
.. |edit-packet-filter| image:: ./edit-packet-filter.png
.. |order-packet-filter| image:: ./order-packet-filter.png
.. |save-packet-filter-order| image:: ./save-packet-filter-order.png
.. |delete-packet-filter| image:: ./delete-packet-filter.png
