Blog

Uncover CGN Subscriber Patterns with A10 AXAPI Insights.


Whenever we embark on a new project, understanding the behavior of our clients is a crucial analysis. Often, clients lack visibility into their operations with CGN, either because they are unfamiliar with it or lack the necessary tools to create comprehensive subscriber profiles for UDP, TCP, and ICMP port usage. Fortunately, A10 provides a solution to address this challenge.

In today's discussion, we aim to delve into the AXAPI feature, a valuable tool available across A10's ADC, CGN, and CFW products, designed to simplify these tasks. But before we explore further, let's address a fundamental question: What exactly is AXAPI?

aXAPI is a REST-based Application Programming Interface (API) integrated into the A10 ACOS operating system. This interface allows for the deployment of configurations and provides comprehensive monitoring capabilities, enabling swift and secure device management. Moreover, AXAPI introduces an additional abstraction layer, empowering users to leverage their preferred programming language. This flexibility ensures that we can access any information or analyze the behavior of our applications and customers with ease. Pretty cool, isn't it?

Alright, let's lay the groundwork. In this entry, we're rolling with Python, and we've armed ourselves with the essential Python modules.

Now, let's define our main function. This example demonstrates using argparse to allow users to define the Host CGN IP, username, and password. The default username/password axapi/axapi is provided for convenience.

Before embarking on AXAPI interactions, we must authenticate our user credentials. This authentication can be performed either locally using the local credential or remotely utilizing a tacacs+ Radius or LDAP. Notably, it's crucial to ensure that the authenticated user has at least axapi access and read-only attributes to execute the desired actions.

Upon successful authentication, the user will be granted a Signature. This Signature empowers secure interactions with AXAPI, enabling us to make subsequent GET and POST requests without being prompted for re-authentication.

Alright, time for the cool stuff! So, with our signature magic, we're crafting a GET URL to check what user-quota sessions are up and running. Don't forget to toss that signature we snagged from the logon operation into the header. The GET request will grab anything the /axapi/v3/cgnv6/lsn/user-quota-session/oper thingy has got. If you're curious about the response structure, peek at the AXAPI A10 DOCUMENTATION (https://acos.docs.a10networks.com/axapi/521/index.html).

Now, for our gig, we're throwing all that info into a CSV file. Each line keeps track of Time, the subscriber's inside-address, and the protocols-quota. It helps us figure out how many ICMP/UDP/TCP quotas are hanging loose for each subscriber. Quick tip: don't flip the switch on bashed-ports or user-quota for the customer until we've wrapped up our analysis. Safety first!

Got all the info we need? Cool, time to check out. Just hit the logoff button on our ACOS system. Just make a simple POST request to the logoff URL, like the one below. Easy peasy!

The script is straightforward, and if you need to run it periodically, just set up a crontab to handle that for you.

Now that we've got our scripts ready, let's take a peek at the output. Time to uncover our Maximum Sessions per protocol. Let's dive in!

Let's now delve into examining the Maximum TCP, UDP, and ICMP consumption per subscriber across multiple requests. It's crucial to gather as much data as possible throughout the day, especially during peak hours. The analysis is in your hands, but as you can see, it's a powerful way to identify heavy users, assess the homogeneity of subscriber consumption, and gain insights into how to allocate port blocks if needed. Keep those measures coming!

Last but not least, at Auben Networks, we're continually exploring options to help you comprehend your needs and maximize the benefits of your infrastructure based on our experience. We trust that this AXAPI script provides valuable insights into understanding how your subscribers behave. Don't forget, you can always reach out to us for assistance in fulfilling your requirements. Your success is our priority!