CH logo® Knowledge Base
Contents Search
   

 

Interface Classification

Note: These settings are accessed via the Admin menu, which is displayed to Admin users only (hidden from Member users).

Interface Classification is an automated process that enables your organization to quickly and easily understand the types of interfaces through which your traffic enters and leaves the network, giving you the ability to optimize your network for cost and performance. The management and use of Interface Classification in the Kentik Detect portal is covered in the following topics:

Notes:
- For general information about what interface classification is, see Classification Overview.
- For a look at some specific use cases for interface classification, see Using Interface Classification.

 

 
 top

Interface Classification Page

Interface Classification is configured via the Interface Classification page of the Kentik Detect portal (Admin » Interface Classification). That page and its associated dialogs are covered in the following topics:

 

 
 top  |  section

Interface Classification UI

The Interface Classification page contains the following UI elements:

  • Add Rule button: Opens the Add Rule dialog (see Rule Dialogs).
  • Configure Interface Classification link: Opens the Configure Interface Classification dialog.
  • Rules List: Contains a list of the current interface classification rules; see Rules List.
  • Classified Devices pane: Displays the current classification status of interfaces on the devices your organization has registered with Kentik; see Classified Devices Pane.

 

 
 top  |  section

Rules List

Once a rule has been defined in the Add Rule dialog, it appears at the bottom of the Rules List on the main Interface Classification page. Rules are evaluated in order of the list (see Applying Classification Rules), which can be changed by dragging the handle that appears at the left of each row when you hover over it.

Each row in the list includes the following elements (left to right) some of which are visible only when you hover over a given row:

  • Number: The order in which the rule will be executed.
  • Drag handle: Click and drag the handle at left to move a rule higher or lower in the list. Visible (instead of the rule number) only when you hover over the row.
  • Rule statement: A summary of the rule as defined with the settings in the Add Rule dialog, e.g. “If description contains Server NIC then classify as Host | Internal.”
    Note: If the rule includes Provider Classification then the statement will also include “to Provider” and the provider value.
  • Disable/enable: A toggle switch to disable or enable the rule. Visible only when you hover over the row.
  • Remove (trash icon): Opens a confirming dialog that allows you to delete the rule from the rules engine.

 

Manual Rules Evaluation

The following Rules List events will cause an alert to appear at the top of the list, indicating that your rules need to be evaluated (manually applied) and displaying the Run Evaluation button; the alert disappears after the evaluation is run:

  • Change the order of the rules.
  • Disable or re-enable a rule.
  • Remove a rule.

 

View Rule Details

You can click on any row in the Rules List to open the corresponding rule in an Edit Rule dialog (see Rule Dialogs). The dialog opens pre-populated with the current settings of the rule.

 

 
 top  |  section

Classified Devices Pane

The Classified Devices pane (right sidebar) of the Interface Classification page includes the following elements:

  • Percent classified indicator: A ring diagram at the top of the pane showing the percent of your interfaces that have been successfully classified by the interface classification rules engine.
    Note: High classification ratios are usually achieved by applying a rigorously consistent interface description naming system and IP addressing system across your entire infrastructure.
  • Number classified indicators: A set of three indicators showing:
    - Devices: The number of devices on which the rules engine attempted interface classification.
    - Interfaces: The number of interfaces on which the rules engine attempted classification.
    - Classified: The number of interfaces that are classified.
  • Unclassified Interfaces (only if there are unclassified interfaces): A button that indicates the number of interfaces that are not yet classified, and opens the Unclassified Interfaces Dialog.
  • Device filter: A filter field for narrowing, by name, the devices displayed in the list of classified devices.
  • Sort button: Toggles the sort order (ascending or descending) of the listed devices (by name).
  • Device list: A list of the devices on which the rules engine attempted interface classification. Clicking on a device in the list will open, in a separate window or tab, the Device Interfaces Dialog for that device.

 

 
 top

Device Interfaces Dialog

The Device Interfaces Dialog is covered in the following topics:

 

 
 top  |  section

About the Device Interfaces Dialog

The Device Interfaces Dialog is a condensed version of the Interfaces Page. The dialog contains a table that lists all of the interfaces on a given device, but unlike the Interfaces Page it doesn’t include status information. To show the dialog for a given device, click on that device’s row in the device list of the Classified Devices Pane at the right of the Interface Classification page.

 

 
 top  |  section

Device Interfaces Dialog UI

The Device Interfaces dialog contains the following UI elements:

  • Close button: Click the X in the upper right corner to close the dialog.
  • Interfaces classified: Indicates, by fraction and by percent, the proportion of interfaces on the device that have been classified.
  • Filter field: Filters the Interface List to show only rows containing the entered text in any of the table columns.
  • Classification status selector: Filters the Device Interfaces List based on classification status:
    - All: Show all interfaces.
    - Classified: Show only interfaces that have been classified.
    - Unclassified: Show only interfaces that haven’t been classified.
  • Device Interfaces List: A list of interfaces on the device (see Device Interfaces List).
  • View Traffic on Interfaces with No Description button: Opens Data Explorer, with sidebar controls set to show the interfaces on the device that have traffic but have no SNMP description (filtered to match Interface Description equals empty string).

 

 
 top  |  section

Device Interfaces List

The Device Interfaces List is a table whose rows each represent an interface that has been classified on the device (unclassified interfaces are not listed). Each row includes the following columns:

  • Name: The interface’s name string defined in the device itself and retrieved via SNMP.
  • Description: The description string defined in the device itself and retrieved via SNMP.
  • IP: The IP address for this interface.
    Note: The IP address is not reported for manually created interfaces.
  • Boundary ASNs: The ASNs of the autonomous systems to which — so far as Kentik is able to determine based on traffic and BGP data — an edge (External) interface is connected. If there’s more than one AS, the percent of traffic for each is also indicated.
  • Capacity: The maximum capacity in mbps as reported by SNMP.
  • Network Boundary: The network boundary value assigned to the interface by interface classification (see Network Boundary Attribute).
  • Connectivity Type: The network boundary value assigned to the interface by interface classification (see Connectivity Type Attribute).
  • Provider: The provider value associated with the interface (see Provider Classification).
  • View Interface Chart: Opens a modal with a multi-axis chart showing the traffic across the interface (top source AS number vs. top dest AS number) ranked by max bits/second:
    - Use the display type drop-down at upper right to change the type of chart.
    - Click the View in Explorer button to open the chart in Data Explorer for further exploration of that traffic.

Click on a column heading to sort the list (ascending or descending).

Note: When a value in the Name, Description, IP, or Capacity columns of the Device Interfaces List has been specified manually (rather than SNMP-discovered) it will be underlined in red. If you hover over a red-underlined value a popup will be displayed that includes the manually specified value and the SNMP-discovered value (if any).

 

 
 top

Unclassified Interfaces Dialog

The Unclassified Interfaces dialog, which opens from the Unclassified Interfaces button in the Classified Devices Pane, is covered in the following topics:

 

 
 top  |  section

Unclassified Interfaces UI

The Unclassified Interfaces dialog contains the following UI elements:

  • Close button: Click the X in the upper right corner to close the dialog.
  • Filter field: Filters the Interface List to show only rows containing the entered text in any of the table columns.
  • Group-by selector: Groups the interfaces in the table:
    - None: No subgroups within the Unclassified Interfaces List.
    - Device: Groups the interfaces by device, inserting a heading row for each device with an indicator of the number of unclassified interfaces on that device.
  • Unclassified Interfaces List: A list of unclassified interfaces grouped by device (see Unclassified Interfaces List).

 

 
 top  |  section

Unclassified Interfaces List

The Unclassified Interfaces List is a table showing the interfaces that remain unclassified. The table has a row for each interface, plus heading rows for each device that allow you to show/hide the rows for the interfaces of that device. The interface rows include the following columns (click on a column heading to sort ascending or descending):

  • Name: The interface’s name string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden; see Add or Edit Interface).
  • Description: The description string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden).
  • IP: The IP address for this interface.
    Note: The IP address is not reported for manually created interfaces.
  • Capacity: The capacity of the interface in Mbps.
  • Boundary ASNs: The ASNs of the autonomous systems to which — so far as Kentik is able to determine based on traffic and BGP data — an edge (External) interface is connected. If there’s more than one AS, the percent of traffic for each is also indicated.
  • View Interface Chart (icon): Opens a modal with a chart showing the traffic across the interface ranked by max bits/second to each destination AS:
    - Use the display type drop-down at upper right to change the type of chart.
    - Click the View in Explorer button to open the chart in Data Explorer for further exploration of that traffic.

Note: When a value in the list has been specified manually (rather than SNMP-discovered) it will be underlined in red. If you hover over a red-underlined value a popup will be displayed that includes the manually specified value and the SNMP-discovered value (if any).

 

 
 top

Rule Dialogs

Adding or editing an interface classification rule involves specifying information in the rule dialogs, which are covered in the following topics.

 

 
 top  |  section

About Rule Dialogs

The Kentik portal uses rule dialogs to define interface classification. The information required to define a rule is entered in either of the following dialogs:

  • Add Rule when creating a new rule.
  • Edit Rule when editing an existing rule.

The UI of these two dialogs is identical, except that the Unclassified Interfaces view appears only in the Add Rule dialog.

 

 
 top  |  section

Rule Dialogs UI

The rule dialogs include the following UI elements:

  • Close button: Click the X in the upper right corner to close the dialog without saving any changes.
  • Set Rule Conditions: Configure a rule using the controls described in Rule IF Settings and Rule THEN Settings.
  • Test or Save: Enables testing a rule or saving it to the Rules List on the main Interface Classification page.
  • Main Pane: Contains one or the other of the following:
    - Unclassified Interfaces (initial state): A list of unclassified interfaces (see Unclassified Interfaces View).
    - Analyze Results: (after rule is tested): information about the result of testing a rule (see Analyze Results View).

 

 
 top  |  section

Rule IF Settings

The dialog’s IF controls specify the match condition that the rules engine will look for:

  • Interface field: The SNMP-polled interface field in which to look for a match, which will be one of the following:
    - Interface description;
    - IP address.
  • Match clause: The operator used to evaluate the interface field for a match, which depends on which field type will be evaluated:
    - Interface description: equals, contains, or matches regex;
    - IP address: is contained in subnet, is public IP address, is private IP address, has no IP address.
  • Pattern field: The string or IP address to try to match (not present when the match clause is “has no IP address”).

The controls above allow various ways to build a rule depending on the SNMP field to match on and the match clause. As discussed in Connectivity Type Attribute, a match can be based on one of two SNMP fields:

  • Interface description: Base the match on interface description, which might be stated as something like: “if description contains peering: PI then classify the interface as free private peering.” In this case peering: PI would be a string that you provide based on your knowledge of the interface description protocol used on your network, and free private peering would be selected from the connectivity type drop-down.
  • IP address: Base the match on IP, which might be stated as something like: “if IP address is in subnet 123.456.78.90 then classify the interface as host.”

The following table gives an idea of the types of matching that you can currently use in your rules:

Interface Attribute Match clause Matches when...
Description Equals Provided string is an exact match with the description (case sensitive).
Description Contains Provided string is found in the description (case insensitive).
Description Matches Regex Provided string is found in the description with Standard Regex match.
IP Address is contained in subnet Interface’s IP address is within the user-provided CIDR.
IP Address is a Public IP Address Interface’s IP address is a publicly routable IP address.
IP Address is a Private IP Address Interface’s IP address is reserved (e.g. RFC1918, test-net, doc-net, apipa, cgn, etc.).
IP Address has no IP address Interface has no IP address.

 

 
 top  |  section

Rule THEN Settings

The dialog’s THEN controls specify the interface classification attribute values that will be applied by the rules engine if a match is found:

  • Connectivity type: Set the connectivity type value that will be applied if the rule is matched (see Connectivity Type Attribute).
  • Network boundary: Set the network boundary value (Internal or External) that will be applied if the rule is matched (see Network Boundary Attribute).
  • Provider: A provider value, expressed as a literal string or as regex, used for Provider Classification.

By default, the network boundary classification is automatically determined by the connectivity type. You can override the automatic correspondence between network boundary and connectivity type in either of two ways:

  • To change the boundary value that will be applied for an individual rule, toggle the Auto button to off, then choose a value (Internal or External) from the drop-down list.
  • To change the boundary value that will be applied automatically for a given connectivity type, see Configure Interface Classification.

 

 
 top  |  section

Test or Save Controls

The Test or Save section of the rules dialogs includes two buttons for applying the IF and THEN settings:

  • Test Rule: Allows you to see the effect of applying the rule. An Evaluating Rules alert will appear, after which the right side of the dialog will switch to Analyze Results View.
  • Add Rule (Add Rule dialog only): Adds the rule to your set of interface classification rules, classifies your interfaces, and closes the dialog, leaving you back on the Interface Classification page with the new rule now shown at the end of the Rules List.
  • Save Changes (Edit Rule dialog only): Saves any changes to the rule, classifies your interfaces, and closes the dialog, leaving you back on the Interface Classification.

 

 
 top  |  section

Unclassified Interfaces View

In its initial state, the main area of the Add Rule dialog displays a table whose rows each represent an unclassified interface. The table has a row for each interface, and heading rows for each device that allow you to show/hide all rows corresponding to the interfaces for that device. A filter field is provided to show only rows containing the entered text in any of the table columns.

The interface rows of the table include the following columns:

  • Name: The interface’s name string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden; see Add or Edit Interface).
  • Description: The description string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden).
  • IP: The IP address for this interface.
    Note: The IP address is not reported for manually created interfaces.
  • Boundary ASNs: The ASNs of the autonomous systems to which — so far as Kentik is able to determine based on traffic and BGP data — an edge (External) interface is connected. If there’s more than one AS, the percent of traffic for each is also indicated.
  • View Interface Chart (icon): Opens a modal with a chart showing the traffic across the interface ranked by max bits/second to each destination AS:
    - Use the display type drop-down at upper right to change the type of chart.
    - Click the View in Explorer button to open the chart in Data Explorer for further exploration of that traffic.

Note: When a value in the list has been specified manually (rather than SNMP-discovered) it will be underlined in red. If you hover over a red-underlined value a popup will be displayed that includes the manually specified value and the SNMP-discovered value (if any).

 

 
 top  |  section

Analyze Results View

The rules dialogs allow you to test, without actually applying a new or edited rule, what the currently configured rule settings would do. If you click the Test Rule button at the lower left of the dialog (see Test or Save Controls), the rule will be evaluated, and the main area of the Add Rule dialog will display the Analyze Results view, which includes two panes that provide information about the current state of interface classification across your organization’s Kentik-registered devices.

 

Unclassified Interfaces

This pane presents a summary of the test results:

  • The percent of interfaces classified (by all enabled rules).
  • A show/hide toggle link (default is hidden) for a table listing the devices that still aren’t classified.
  • The table itself.

The table has a row for each interface, and heading rows for each device that allow you to show/hide all rows corresponding to the interfaces for that device. The interface rows include the following columns:

  • Name: The interface’s name string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden; see Add or Edit Interface).
  • Description: The description string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden).
  • IP: The IP address for this interface.
    Note: The IP address is not reported for manually created interfaces.
  • Capacity: Interface capacity, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden).
  • Boundary ASNs: The ASNs of the autonomous systems to which — so far as Kentik is able to determine based on traffic and BGP data — an edge (External) interface is connected. If there’s more than one AS, the percent of traffic for each is also indicated.

Note: When a value in the table has been specified manually (rather than SNMP-discovered) it will be underlined in red. If you hover over a red-underlined value a popup will be displayed that includes the manually specified value and the SNMP-discovered value (if any).

 

Device Matches

This pane presents classification status by device in the form of a Device Matches list. The list shows how many interfaces per device, by percent and number, are classified by the current rule and all other enabled rules, so you can see if the current rule is having any effect on overall classification. A toggle link is provided to hide/show the list.

Each row in the list includes the following:

  • The device name.
  • A horizontal bar showing the percent of classified interfaces on the device.
  • The number of interfaces matched and classified by the current rule (left half of lozenge, on blue background).
  • The number of interfaces classified by other rules (right half of lozenge).
  • The percent of interfaces classified.

When you click on a row in the breakdown, an Interfaces Classified Dialog will appear that shows the classification status of the interfaces on the device corresponding to that row.

 

 
 top

Interfaces Classified Dialog

The Interfaces Classified dialog, reached by clicking a row in the Device Matches list in the Add Rule or Edit Rule dialog, shows the classification status of the interfaces on an individual device. The dialog is covered in the following topics:

Note: The information available in this dialog is partially but not entirely the same as the information in the Device Interfaces Dialog reached from the Classified Devices pane on the Interface Classification page. The Interfaces Classified dialog includes classification status for each interface, but not other information such as capacity, network boundary, and connectivity type.

 

 
 top  |  section

Interfaces Classified UI

The Interfaces Classified dialog includes the following UI elements:

  • Device name: Shown in title bar at upper left.
  • Close button: Click the X in the upper right corner to close the dialog without saving any changes.
  • Interfaces Classified indicator: a collection of elements indicating:
    - The percent of classified interfaces on the device, shown as a horizontal bar with the percent stated at right.
    - The number of interfaces classified.
    - The total number of interfaces on the device.
  • Filter field: Filters the Interfaces Classified List to show only rows containing the entered text in any of the table columns.
  • Match indicator: States the IF condition defined in the rule (see Rule IF Settings) and the position of the rule in the Rules List.
  • Classification key: A key explaining the icons used in the left-hand column of the Interfaces Classified List, which cover the following cases:
    - The interface was matched and classified by this rule.
    - The interface matched this rule, but was already classified by prior rule (higher in the Rules List).
    - The interface did not match this rule, but was classified by another rule.
    - The interface matched no rules.
  • Interfaces Classified List: A list of interfaces on the device (see Interfaces Classified List).
  • View Traffic on Interfaces with No Description button: Opens Data Explorer, with sidebar controls set to show the interfaces on the device that have traffic but have no SNMP description (filtered to match Interface Description equals empty string).

 

 
 top  |  section

Interfaces Classified List

The Interfaces Classified List includes the following columns:

  • Match: An icon indicating the interface’s classification status. Possible values are described in the classification key (see Interfaces Classified UI).
  • Name: The interface’s name string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (i.e. overridden; see Add or Edit Interface).
  • Description: The description string, either defined in the device itself and retrieved via SNMP or manually specified in Kentik (overridden).
  • IP: The IP address for this interface.
    Note: The IP address is not reported for manually created interfaces.
  • Provider: The provider value associated with the interface (see Provider Classification).

Click on a heading to sort the list (ascending or descending).

 

 
 top

Applying Classification Rules

Interface classification involves applying the current rules in the rules list to your organization’s interfaces. The classification process is initiated in response to the following:

  • Automatic evaluation in response to:
    - Adding a new rule with the Add Rule button in the Add Rule dialog.
    - Saving an edited rule with the Save Changes button in the Edit Rule dialog.
  • Manual evaluation as described in Manual Rules Evaluation.

When the classification process is initiated the engine works through the interfaces on all of your registered devices. Classification is applied based on the first (top-most) match condition (“if”) that results in a match.

When an interface is classified, the values of the two attributes (connectivity type and network boundary) are written to your organization’s devices database in Kentik Detect, which is updated every three hours. From there the values are applied to incoming flow records as they are processed by our ingest layer.

If no rule is matched for a given interface, that interface won’t be classified. Information about how many interfaces were classified and which devices they were from is shown as part of the Classified Devices Pane.

 

 
 top

Configure Interface Classification

The Configure Interface Classification link on the main Interface Classification page takes you to the Configure Interface Classification dialog. This dialog consists of general UI elements (see Configure Interface Classification Dialog UI) as well as the following panes:

  • General Settings: Exclude interfaces from classification based on specific properties of the interface; see IC General Settings.
  • Default Network Boundaries: Set the boundary value (Internal or External) that is currently associated by default with each of the supported connectivity types; see Setting Default Network Boundaries.

 

Configure IC Dialog UI

The Configure Interface Classification dialog consists of the following general UI elements as well as the panes listed above:

  • Close button: Click the X in the upper right corner to close the dialog without saving changes to the settings.
  • Cancel button: Close the dialog without saving changes. All elements will be restored to their values at the time the dialog was opened.
  • Save button: Save changes to settings and exit the dialog.

 

IC General Settings

The interface classification settings in this pane enable you to exclude interfaces from classification based on specific interface properties. The pane includes the following controls:

  • Exclude interfaces with no Description: A switch that excludes from interface classification any interface for which a description is not found.
  • Exclude interfaces with no IP Address: A switch that excludes from interface classification any interface for which an IP address is not found.
  • OR | AND button (shown only if the above switches are both on):
    - If OR, an interface will be excluded if either condition is true.
    - If AND, an interface will be excluded only if both conditions are true.
  • View in Explorer button (chart icon): Opens Data Explorer, with sidebar controls set to show interfaces that have traffic but have no description (filtered to match Interface Description equals empty string).
  • Exclude host (nProbe/kProbe) interfaces: A switch that excludes from interface classification any interface on a device whose type is host (see Host Configuration).

 

Setting Default Network Boundaries

The Default Network Boundaries pane enables you to change the default network boundary values associated with connectivity types (see Connectivity Type Attribute). The values are set with the drop-down selector below each type. When your interface classification rules are run, the engine will apply the settings in this pane to every interface that is classified by a rule whose network boundary is set to Auto in the THEN pane of the Add Rule or Edit Rule dialog (see Rule THEN Settings).

 

 
 top

Using Interface Classification

The use of Interface Classification is covered in the following series of steps:

  1. Check device SNMP fields: Interface classification works best when the following is applied across your entire infrastructure:
    - a rigorously consistent interface description naming system;
    - a rigorously consistent IP addressing system.
  2. Create and test rules: Based on your knowledge of the descriptions and IP addresses for the interfaces in your network, create a set of classification rules using the IF and THEN sections of the Rule Dialogs:
    - The IF section sets what will be matched to determine if the rule will be applied to a give interface (see Rule IF Settings).
    - The THEN section sets what connectivity type and network boundary values will be assigned to an interface that is matched by the rule (see Rule THEN Settings).
    - A rule can be tested as it is developed to see how many (and which) interfaces would be classified by the rule if the rule were applied (see Test Rule in Test or Save Controls).
  3. Apply classification rules: Initiate classification (see Applying Classification Rules), which results in applying the current set of rules in the rules list. Rules are evaluated in order of the list.
  4. Query based on classifications: Use the classification values as source or destination group-by or filter dimensions in Data Explorer, in Dashboards, in Alerting, and via the Kentik V5 Query API:
    - Dimensions for network boundary: src_interface_network_boundary, dst_interface_network_boundary.
    - Dimensions for connectivity type: src_interface_connectivity_type, dst_interface_connectivity_type.

 

 
 top

Provider Classification

Provider classification is covered in the following topics:

 

 
 top  |  section

About Provider Classification

Provider classification extends interface classification to enable you to query based on the provider via which traffic from a given externally facing interface reaches the Internet. This feature enables classification by provider to be automated as part of the interface classification process, and it frees up a custom dimension that might otherwise be used for that purpose.

Notes:
- Provider classification depends on the application of consistent, well-structured interface description strings to all externally facing interfaces.
- While developed to associate externally facing interfaces with specific providers, provider classification can also be though of more broadly as enabling queries based on a tag whose value is set via interface classification (as distinct from tags applied at flow ingest).

 

Provider Scope

For the purpose of provider classification, the term “provider” typically refers to one of the following types of external connections:

  • A transit provider.
  • A private peer (whether paid or free).
  • An Internet Exchange (typically made up of multiple ASNs).
  • A customer (only if you are a transit provider).

 

Provider Classification Implementation

Provider classification involves operations at two distinct stages in Kentik Detect:

  • Interface classification: Steps involving interface classification rules:
    - Before classification, the provider name is specified by the user in the THEN settings of a rule (see Configuring Provider Classification). The name may be specified as a literal or using regex.
    - When the rule is run the name is extracted from the interface description and stored in the same Devices database that is used for interface classification (see Applying Classification Rules).
  • Query run-time: The source and destination interfaces associated with each flow record in the KDE are looked up in the Devices database, and the provider information (if any) for the interfaces is associated with that flow record using two virtual columns that function as group-by or filtering dimensions in the query: Source Provider and Destination Provider.
    Note: Because the provider values for each interface are derived at run time, the provider associated with traffic on a given interface will always be that interface’s current provider (rather than the provider in effect when the flow was collected).

 

 
 top  |  section

Configuring Provider Classification

Provider classification is configured in the IF and THEN panes at the left of the Rule Dialogs (Add Rule and Edit Rule) of the Interface Classification page (Admin » Interface Classification).

 

Provider IF Configuration

In the IF pane (see Rule IF Settings), specify conditions that will match all of the interfaces that you wish to label with a provider value. As with any interface classification, basic IF settings are as follows:

  • Set the interface field to IP Address or Interface Description.
  • Set the match clause to equals, contains, or matches regex.
  • In the pattern field, enter the literal or regex string to match.
    Note: Use of regex for provider classification is covered in Provider Classification with Regex.

 

Provider THEN Configuration

In the THEN pane (see Rule THEN Settings), specify the classification that will occur when the conditions in the IF pane are matched:

  • Set the connectivity type (e.g. Transit, IX Peering, Free Private Peering, or Paid Private Peering) that will be associated with the interface.
  • If desired, change the default network boundary (see Network Boundary Attribute) that will be associated with the interface.
  • In the Provider field, enter a literal or regex string for the provider value.
    Note: Use of regex for provider classification is covered in Provider Classification with Regex.

 

 
 top  |  section

Provider Classification with Regex

Assuming that your organization’s interface descriptions are consistent and well-structured, provider classification with regex can be far more efficient than classification with a literal string. This form of provider classification uses the “capture group” feature of regex.

 

About Regex Capture Groups

A regex capture group allows you to designate part of a string as a substring that can be referenced by its ordinal position in the string:

  • A substring (or multiple substrings) in a regex string can be designated as a capture group by surrounding the substring with parentheses. For example, the following regex contains two capture groups:
    Capture (group)s are (power)ful
  • The contents of a capture group can be matched by referring to its index (1-based) in the collection of capture groups in the string, with $1 referring to the first capture group, $2 referring to the second, etc. In the example string above, the value of $1 is group and the value of $2 is power.
  • The use of a capture group allows you to refer to the same part of multiple source strings even if the value of that part is different in each string. For instance if we evaluate a different string from our original example, e.g. Structured (descriptions) are the (key), the value of $1 would be descriptions and the value of $2 would be key.

 

Regex Provider Settings

For provider classification with regex, use the following settings:

  • In the IF pane:
    - Set the interface field to Interface Description.
    - Set the match clause to matches regex.
    - In the pattern field, enter the regex string to match. The substring that you want to use as the provider value should be designated as a capture group.
  • In the THEN pane:
    - Set the connectivity type (e.g. Transit, IX Peering, Free Private Peering, or Paid Private Peering) that will be associated with the interface.
    - If desired, change the default network boundary.
    - In the Provider field, enter a reference to the capture group that identifies the part of the regex string that you want to use as the provider value.

To see how the above regex matching would work, let’s suppose that the purpose of the rule is to assign a provider value to interfaces whose connectivity type is peering:

  • In the IF pane, specify the pattern field as ^PEERING(\w*):.
  • In the THEN pane, specify the connectivity type as Free Private Peering and the Provider field as $1.

When interface classification is run and the rule is applied, if an interface’s description starts with “PEERING” (case insensitive) followed immediately with a capture group then:

  • The connectivity type of the interface will be stored in the devices database as Free Private Peering.
  • The substring in the capture group will be stored in the devices database as the provider value for that interface.
 

In this article: