Python support

A user-defined Python script can customize the MAG-c behavior.

Python scripts

Sending or receiving specific control protocol packets can trigger a user-defined Python script. The packet is the input of the script. Using a set of Nokia API calls, the script can inspect and modify the packet. The output of the script is the modified packet.

The direction of the triggering protocol message defines when the Python script runs:

  • ingress – before the subscriber management processing
  • egress – after the subscriber management processing

For example, when the MAG-c receives a RADIUS Access-Accept message, a user-defined Python script can update the Alc-SLA-Prof-Str attribute in the message to a new SLA profile name. The system processes the modified packet and creates the session with the new SLA profile.

Python version and libraries

MAG-c Python support is based on MicroPython version 3.4. The SW includes Nokia-provided APIs and the following standard libraries:

  • MicroPython libraries
    • sys
    • uarray
    • ubinascii
    • ucollections
    • uhashlib
    • uio
    • ure
    • ustruct
    • utime
      Note: Nokia modified the implementation of this module. For more information about the use of this module, see 7750 SR pySROS API documentation.
  • standard libraries
    • datetime
    • ipaddress

For more information about the Nokia-provided APIs, see CUPS BNG TPSDA Python3 API documentation.

Supported protocol messages

The following tables list the supported protocol message types and direction.

Table 1. Supported direction for RADIUS messages
Message type Ingress Egress
Access-Request
Access-Accept
Access-Reject
Account-Request
Account-Response
Access-Challenge
Table 2. Supported direction for RADIUS CoA messages
Message type Ingress Egress
CoA Request
DM Request
CoA/DM Reply
Table 3. Supported direction for PPPoE messages
Message type Ingress Egress
PADI
PADO
PADR
PADS
PADT
LCP
PAP
CHAP
IPCP
IPv6CP

Operational commands

To check if a Python script is in service, use the python-script command in the show>python context.

To enable debugging for Python, enable the bng command in the debug>mobile>call-insight context and the python-script command in the debug>python>python-script context.

To bring a modified script in service, reload it using one of the following options:
  • the reload command in the tools>perform>python-script context
  • the shutdown and no shutdown commands for the modified Python script
Note: When you modify a signed script, you also need to sign it again using the protect command in the tools>perform>python-script context.

Configuring a Python script

You can customize the MAG-c behavior with a Python script.

  1. Create a Python script file. Save the file on local storage or a FTP server.
  2. Configure the URL of the script file.
    Use the python-script command in the config>python context.
    Note: Because the MAG-c supports only Python 3, you need to specify version python3 when you configure the Python script.
  3. Specify the trigger packet type, the direction, and the corresponding Python script in a Python policy.
    Use the python-policy command in the config>python context.
  4. Reference the Python policy in the corresponding protocol configuration; for example, inside the RADIUS group for the RADIUS messages.

The following example configures to run the cf3:/test.py Python script file upon sending the RADIUS Access-Request message.

config>python# info
----------------------------------------------
        python-script "test" create version python3
            primary-url "cf3:/test.py"
            no shutdown
        exit
        python-policy "test" create
            radius access-request direction egress script "test"
        exit
----------------------------------------------
config>mobile>profile>radius-group
----------------------------------------------
                server-type both
                interface "toRADIUS"
                radius-profile "default"
                python-policy "test"
                peer 172.16.20.100
                    secret "KrbVPnF6Dg13PM/biw6ErJsxP6jP" hash2
                    no shutdown
                exit
                supported-features
                exit
----------------------------------------------

Protecting a Python script file

You can use a password to protect a Python script file against unauthorized changes. Only a user with the password can load the Python script file.

This procedure provides integrity protection for a Python script. It does not provide confidentiality, that is, a signed file is not encrypted.
  1. Create a plain Python script file.
  2. Sign the Python script file using the HMAC-SHA-256 algorithm.
    Use the protect command in the tools>perform>python-script context.
    Note:
    • Remember the chosen password for the following step and to update the script later.
    • If you later modify the script, you must sign the updated script again using this command, and you need to reload the script to bring it in service.
  3. Use the signed script file.
    Use the protection command in the config>python>python-script context with the output file and password of the preceding step.