The Python policy represents a general framework to support all existing and new python features. A Python policy allows users to configure a Python script for a specified ESM packet type (such as DHCP and RADIUS) in a specified direction (ingress or egress). The system executes the configured script when sending or receiving the specified type of packet.
The corresponding original packet is used as input within the script. The user can use the system-provided API to manipulate the input packet (such as add, change, remove option or attribute). The changed packet is used as the output for further ESM processing. With a DHCP transaction cache, the script can return ESM attributes.
Python policies support the following ESM packet types and applications:
DHCP Transaction Cache on CPM
DHCPv4 on CPM
DHCPv6 on CPM
Diameter on CPM
GTPv1-C/GTPv2-C
Python cache on CPM
RADIUS on CPM
RADIUS on ISA
There are two types of Python policies:
Centralized: Runs on the CPM and handles above protocol packets processed on the CPM.
Distributed: Runs on the ISA and handles packets processed locally on the ISA (such as the DSM). Currently in RADIUS only.
The user must specify the type when creating the Python policy.
The following is an example configuration of a specified group interface. The system executes cf1:/dhcpv4.py after receiving DHCPv4 discovery and before the system forwards a DHCPv4 request packet.
config>python# info
----------------------------------------------
python-script "dhcpv4" create
primary-url "cf1:/dhcpv4.py"
no shutdown
exit
python-policy "dhcp" create
dhcp discover direction ingress script "dhcpv4"
dhcp request direction egress script "dhcpv4"
exit
---------------------------------------------
config>service>vprn>sub-if>grp-if>dhcp# info
----------------------------------------------
python-policy "dhcp"
server 10.9.9.9
lease-populate 100
gi-address 192.168.100.1
no shutdown
----------------------------------------------