Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

User-Defined Variables in Dynamic Profiles

 

User-Defined Variables

In dynamic service profiles, the Junos OS enables you to configure custom variables at the [edit dynamic-profiles profile-name variables] hierarchy level and use those variables in the [edit dynamic-profiles] hierarchy. The dynamic profile obtains and replaces data for these variables from an external server (for example, RADIUS) during the subscriber authentication process. At run time, the variables are replaced by actual values and used to configure subscriber interfaces.

You can use any of the following statements to configure user-defined variables:

  • default-value—Configure a default value for a user-defined variable in a dynamic profile. The values that the system uses for these variables are applied when the subscriber authenticates. Specifying a default value provides a standalone configuration for the associated statement or a backup for the statement configuration if the external server is inaccessible or does not contain a value for the variable.

  • equals—Configure an expression for a user-defined variable that is evaluated at run time and returned as the variable value.

  • mandatory—Specify that an external server (for example, RADIUS) must return a value for the user-defined variable. If the external server does not return a value for the variable, the dynamic profile fails.

    Note

    The order in which you define how variables are obtained is important. To ensure that you obtain any mandatory variables from an external server, and not derive values from defaults or through variable expressions, you must define any mandatory variables first.

  • uid—Configure a unique ID for parameterized filters and CoS in a dynamic profile created for services.

  • uid-reference—Configure a variable that references a unique ID for parameterized filters or CoS in a dynamic profile created for services.

Configuring User-Defined Dynamic Variables in Dynamic Profiles

This topic discusses how to configure a user-defined dynamic variable in a dynamic service profile. You can define a variable at the [edit dynamic-profiles profile-name variables] hierarchy level that is used elsewhere in the dynamic service profile. You can optionally specify a default value for any dynamic variable that appears in the body of the dynamic profile. The default variable values are used in the event the router is unable to access an external server (for example, RADIUS) or otherwise obtain a value for use as the dynamic variable. Alternatively, you can specify that using a RADIUS-returned value is mandatory; if that value is not received, then the profile fails.

Before you configure any dynamic variable default values:

  1. Create a basic dynamic profile.

    See Configuring a Basic Dynamic Profile.

  2. Ensure that the router is configured to enable communication between the client and the RADIUS server.

    See Specifying the Authentication and Accounting Methods for Subscriber Access.

  3. Configure all RADIUS values that you want the profiles to use when validating subscribers.

    See RADIUS Servers and Parameters for Subscriber Access

To configure variables in a dynamic service profile:

  1. Access the variables stanza in the desired dynamic service profile.
  2. Define the variable.
  3. (Optional) Specify a default value for use by the variable in the event the router cannot contact the external server or if the external server does not contain a value for the assigned attribute.
  4. (Optional) Specify that the external server must return a value for a user-defined variable.
    Note

    When you include the mandatory statement, if the external server does not return a value for the variable, the dynamic service profile fails.

Using Variable Expressions in User-Defined Variables

Junos OS enables you to create expressions—groups of arithmetic operators, string operators, and operands—for use as variables within dynamic profiles. You configure variable expressions at the [dynamic-profiles profile-name variables] hierarchy level. At run time, the variable expressions are calculated and used as variable values to configure dynamic subscriber interfaces.

When configuring expressions in dynamic profiles, you must adhere to the following rules:

  • You can configure expressions only within a variable stanza of a dynamic profile.

    Note

    Starting in Junos OS Release 19.3R1, you can configure expressions in the predefined-variable-defaults statement in a dynamic profile. See Predefined Variable Defaults for Dynamic Client Profiles.

  • Dynamic profiles that contain expressions for user-defined variables must be used only for service activation.

  • You generally assign expressions only to user-defined variables. You cannot assign expressions to internal variables or predefined variables.

    Note

    Starting in Junos OS Release 19.3R1, you can configure a limited number of expressions to establish default values for predefined variables. See Predefined Variable Defaults for Dynamic Client Profiles.

  • Expression values are given precedence over default values.

  • Entire expressions must be contained within quotation marks (“ ”).

  • Strings within the expressions must be quoted within single quotation marks (’ ’) and the single quotation marks can contain only strings.

  • White space is treated as a delimiter for all operands and operators. Strings containing spaces that you create within expressions are treated as single strings and include any leading or trailing white space. For example:

  • The expression must be either all arithmetic operators or all string operators; mixing arithmetic operators and string operators is not allowed unless properly converted to the correct type.

  • Expressions can refer to other system predefined variables or other user-defined variables. However, no circular referencing between variables is allowed. For example, the following reference is incorrect:

  • Any mandatory variable that does not contain a “default” value or an “equals” expression must contain a value as a part of service activation. For example, a RADIUS service VSA like “service-video( value1, value2)” that contains two or fewer mandatory variables in the dynamic service profile definition “service-video” succeeds. The service activation fails if at least one mandatory variable does not have any value associated with it, either through “default” or “equals” attribute evaluation.

Table 1 lists supported operators and functions you can use to create expressions.

Note

Precedence 5 is the highest level.

Table 1: Operators and Functions

Operation

Operator

Associativity

Precedence

Action

Arithmetic Addition

+

Left

1

Adds the elements to the right and left of the operator together.

Arithmetic Subtraction

-

Left

1

Subtracts the element to the right of the operator from the element to the left of the operator.

Arithmetic Multiplication

*

Left

2

Multiplies the element to the left of the operator by the element to the right of the operator.

Arithmetic Division

/

Left

2

Divides the element to the left of the operator by the element to the right of the operator.

Arithmetic Modulo

%

Left

2

Divides the element to the left of the operator by the element to the right of the operator and returns the integer remainder. If the element to the left of the operator is less than the element to the right of the operator, the result is the element to the left of the operator.

Concatenation

##

Left

3

Creates a new string by joining the string values to the left of the operator and the values to the right of the operator together.

Maximum

max(param1,param2)

Left

4

Takes the maximum of the two values passed as parameters.

Minimum

min(param1,param2)

Left

4

Takes the minimum of the two values passed as parameters.

Round

round(param1)

-

4

Rounds the value to the nearest integer.

Truncate

trunc(param1)

-

4

Truncates a non-integer value to the value left of the decimal point.

Convert to String

toStr(param1)

-

4

Converts the variable inside the parentheses to a null terminated string.

Convert to Integer

toInt(param1)

-

4

Converts the parameter to an integer. A single string or variable is allowed as a parameter.

Random

rand()

-

4

Generates a random numerical value.

If Not Zero

ifNotZero(param1, param2)

Left

4

Returns the second parameter if the first parameter is not zero. Returns NULL if first parameter is zero.

Parentheses

( )

-

5

Groups operands and operators to achieve results different from simple precedence; effectively has the highest precedence.

Expressions are evaluated after variables are populated with values. The evaluation is conducted immediately before profile instantiation and includes value checking. If the computed values are not acceptable, or rules governing expression syntax are broken, the expression evaluation fails, profile instantiation does not occur, and messages are logged to describe the errors.

Table 2 lists the possible expression error scenarios and the action taken by the router software.

Table 2: Expression Errors and Actions

Error

Occurance

Action

Variable Value

Parsing error

Commit check phase

Commit fails

not applicable

Circular variable dependency error

Commit check phase

Commit fails

not applicable

Variables inside the expressions are not defined

Commit check phase

Commit fails

not applicable

Divide by zero

Profile Instantiation

Profile instantiation fails

Zero (0)

Adding string to a number

Profile Instantiation

Profile instantiation fails

Zero (0)

Overflow error

Profile Instantiation

Profile instantiation fails

Undefined

Underflow error

Profile Instantiation

Profile instantiation fails

Undefined

You can also configure the user-defined variables with a default value. The default value provides a standalone configuration for the associated statement or a backup for the statement configuration if the RADIUS server is inaccessible or the VSA attribute does not contain a value.

Configuring Variable Expressions in Dynamic Profiles

You can create expressions—groups of arithmetic operators, string operators, and operands—for use as variables within dynamic profiles. These expressions are used as variable values to configure dynamic subscriber interfaces.

To configure dynamic profile variable expressions:

  1. Access the dynamic profile for which you want to create variable expressions.
  2. Access the variables hierarchy for the dynamic profile.
  3. Define the variable using the expression operators and operands described in Using Variable Expressions in User-Defined Variables.

Table 3 provides several examples of expressions that you can create using the supported operators and functions.

Table 3: Expression Examples

Example

Description

video-filter equals “’ Filter1’ ”

Assigns the string “ Filter1” to the dynamic $video-filter variable.

video-filter2 equals “$video-filter ## ‘ Filter2’ ”

Converts dynamic variable “$video-filter” to a string and concatenates the new string with the string “ Filter2”. The result is the string “$video-filter Filter2” assigned to the $video-filter2 variable.

tempvar equals “120”

Converts “120” to an integer and assigns the integer to the $tempvar variable.

transmit-rate2 equals “ ( $transmit-rate1 * 2)/3 + $tempvar)”

Multiplies the “transmit-rate1” variable by 2 and divides that value by the sum of 3 and the value of “$tempvar”. The result is assigned to the $transmit-rate2 variable.

host-ip equals “ ’203.0.113.2’ ”

Assigns the string “203.0.113.2” to the $host-ip variable.

max-val “max($max1,$max2)”

Assigns the greater of value “max1” or “max2” to the $max-val variable.

min-val “$min($var1,30)”

Assign the smaller of value “var1” and “30” to the $min-val variable.

rounded-var equals “round($var1 )”

Rounds off the value of the variable “$var1” to the nearest integer and assigns the value to the $rounded-var variable.

trunc-var equals “trunc(1234.5)”

Truncates the value in parentheses to the left side of the decimal and assigns the resulting value to the $trunc-var variable.

bwg-shaping-rate equals “$ancp-downstream - ($ancp-downstream % 2 * (1 - $sp-qos-cell-mode))”

Evaluates the expression as per the precedence set in the parentheses.

temp-filter1 equals “ ’Filter1’ ## toStr($filter)”

Converts the “$filter” variable to a string value and concatenates the converted string to the string “Filter1”. The resulting combined string is assigned to the $temp-filter1 variable.

Conditional Configuration for Dynamic Profile Overview

You can configure conditional configuration statements for dynamic profiles to dynamically obtain subscriber information for a client or service.

Conditional configuration involves two main steps:

  1. Defining the conditional variable

  2. Referencing the conditional variable in a configuration statement

A conditional variable is defined as an expression ifNotZero (param1, param2). In this expression, param1 is a user-defined variable whose value is derived from an external server such as RADIUS and param2 can be a user-defined variable, a function, operation, number, or string. A conditional variable can be user-defined or Unique ID (UID) reference variable. It cannot be a predefined or UID variable. In Junos OS, conditional variables are supported only for the service dynamic profiles.

The configuration statements in which the conditional variables are referenced are called conditional configuration statements. After the conditional variable are defined, they are referenced in dynamic-profiles configuration statements and are processed when the service profile is instantiated. The following service profile configuration statements support conditional variables:

  • dynamic-profiles profile-name interfaces interface-name unit unit-no family type filter input filter-name

  • dynamic-profiles profile-name interfaces interface-name unit unit-no family type filter output filter-name

  • dynamic-profiles profile-name firewall family type filter filter-name term term-name

  • dynamic-profiles profile-name firewall family type filter filter-name term term-name then policer policer-name

  • dynamic-profiles profile-name firewall family type filter filter-name term term-name then hierarchical-policer policer-name

  • dynamic-profiles profile-name class-of-service scheduler-maps map-name forwarding-class class-name scheduler scheduler-name

The system follows the following set of rules while evaluating the conditional variables and conditional configuration statements during service profile instantiation:

  • In the function ifNotZero(param1, param2), if the value of a param1 is not received from an external server and if the default value is not configured, the value of the variable is treated as non-zero and param2 is evaluated.

  • If the value of param1 in the function ifNotZero(param1, param2) is 0, then NULL is returned as the value of the expression and param2 is not evaluated. In this case, the value of the conditional variable becomes NULL and the configuration statement in which the conditional variable is referenced is ignored.

  • If the value of param1 is non-zero, then param2 is evaluated and its value is returned as the value of the expression.

The following filter-service and cos-service configuration examples show how the rules are applied:

Filter Service Configuration Example

In the filter-service configuration example, input-filter-ref, output-filter-ref, policer1-ref, and term1 are conditional variables while input "$input-filter-ref" precedence 50, output "$output-filter-ref" precedence 50, term $term1, and policer "$policer1-ref" are conditional configuration statements. In this example, if the value of input-filter-var is 0, the value of the conditional variable input-filter-ref becomes NULL. Thus the entire configuration statement, input “$input-filter-ref” precedence 50, in which the conditional variable is referenced, is ignored. If , however, the value of the variable is non-zero, the configuration statement is processed during the service profile instantiation.

CoS Service Configuration Example

In the cos-service configuration example, sch1_ref and sch2_ref are conditional variables while forwarding-class best-effort scheduler "$sch1_ref" and forwarding-class assured-forwarding scheduler "$sch2_ref" are conditional configuration statements. Similar to the evaluation in the filter-service configuration example, if the value of any variable, referenced in a conditional variable is 0, the configuration statement in which the conditional variable is referenced is ignored and not processed during CoS service profile instantiation.