Professional Documents
Culture Documents
AX aFleX Ref v2 4 3-20100621
AX aFleX Ref v2 4 3-20100621
AX aFleX Ref v2 4 3-20100621
b y
D e s i g n
Headquarters A10 Networks, Inc. 2309 Bering Dr. San Jose, CA 95131-1125 USA Tel: +1-408-325-8668 (main) Tel: +1-408-325-8676 (support - worldwide) Tel: +1-888-822-7210 (support - toll-free in USA) Fax: +1-408-325-8666 www.a10networks.com
Information in this document is subject to change without notice. Trademarks: A10 Networks, the A10 logo, ACOS, aFleX, aXAPI, IDaccess, IDsentrie, IP-to-ID, SoftAX, Virtual Chassis, and VirtualN are trademarks or registered trademarks of A10 Networks, Inc. All other trademarks are property of their respective owners. Patents Protection: A10 Networks products including all AX Series products are protected by one or more of the following US patents and patents pending: 7716378, 7675854, 7647635, 7552126, 20090049537, 20080229418, 20080040789, 20070283429, 20070271598, 20070180101 A10 Networks Inc. software license and end users agreement Software for all AX Series products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Software as confidential information. Anyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not: 1) reverse engineer, reverse compile, reverse de-assemble or otherwise translate the Software by any means 2) sublicense, rent or lease the Software. Disclaimer The information presented in this document describes the specific products noted and does not imply nor grant a guarantee of any technical performance nor does it provide cause for any eventual claims resulting from the use or misuse of the products described herein or errors and/or omissions. A10 Networks, Inc. reserves the right to make technical and other changes to their products and documents at any time and without prior notification. No warranty is expressed or implied; including and not limited to warranties of noninfringement, regarding programs, circuitry, descriptions and illustrations herein. Environmental Considerations Some electronic components may possibly contain dangerous substances. For information on specific component types, please contact the manufacturer of that component. Always consult local authorities for regulations regarding proper disposal of electronic components in your area. Further Information For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks, Inc. location which can be found by visiting www.a10networks.com.
Corporate Headquarters A10 Networks, Inc. 2309 Bering Dr. San Jose, CA 95131-1125 USA Tel: +1-408-325-8668 (main) Tel: +1-888-822-7210 (support toll-free in USA) Tel: +1-408-325-8676 (support direct dial) Fax: +1-408-325-8666 www.a10networks.com
P e r f o r m a n c e
b y
3 of 166
4 of 166
P e r f o r m a n c e
b y
D e s i g n
The AX Series is the industrys best performing application acceleration switch that helps organizations scale and maximize application availability through the worlds most advanced application delivery platform. The AX Series Advanced Core Operating System (ACOS) accelerates and secures critical business applications, provides the highest performance and
P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y
5 of 166
Audience
This document is intended for use by system administrators for provision and maintenance of the A10 Networks AX Series; specifically for reference in authoring and implementing aFleX policy scripts and using aFleX Policy Editor.
6 of 166
P e r f o r m a n c e
b y
D e s i g n
aFleX Basics
15
Overview................................................................................................................................................ 15 Advantages of Using aFleX Policies ........................................................................................... 16 Example: a Simple aFleX Script .................................................................................................. 16 aFleX Policy Editor ....................................................................................................................... 16 aFleX Configuration Prerequisites .............................................................................................. 17 aFleX Processing Order ............................................................................................................... 17 When aFleX Policy Changes Take Effect ................................................................................... 18 Maximum Filesize of aFleX Scripts ............................................................................................. 18 aFleX Syntax ......................................................................................................................................... 19 Tcl Symbols ................................................................................................................................... 19 Disabled Tcl Commands .............................................................................................................. 19 aFleX Context Clientside or Serverside ................................................................................... 20 aFleX Script Components .................................................................................................................... 21 aFleX Events ................................................................................................................................. 21 aFleX Operators ............................................................................................................................ 23 aFleX Commands .......................................................................................................................... 24 Examples ..................................................................................................................................... 24 Command Summary by Type ...................................................................................................... 26
39
Overview................................................................................................................................................ 39 aFleX Policy Editor ....................................................................................................................... 39 Scripting Functions ...................................................................................................................... 40 Installing and Starting aFleX Policy Editor ................................................................................ 41 aFleX Policy Editor Features ....................................................................................................... 42 Editing aFleX Scripts Getting Started.............................................................................................. 42 Create an aFleX Script .................................................................................................................. 42 aFleX Templates ......................................................................................................................... 43
P e r f o r m a n c e
b y
7 of 166
Connect to an AX Device aFleX File Transfer ......................................................................... 45 View aFleX Scripts ....................................................................................................................... 45 Menu Functions.....................................................................................................................................47 Overview ....................................................................................................................................... 47 File Functions ............................................................................................................................... 47 Connect AX / Disconnect AX ...................................................................................................... 47 New aFleX .................................................................................................................................. 48 Upload ......................................................................................................................................... 48 Download .................................................................................................................................... 48 Delete Rule ................................................................................................................................. 49 Save ............................................................................................................................................ 49 Import .......................................................................................................................................... 49 Export .......................................................................................................................................... 49 Rename ...................................................................................................................................... 49 Reset ........................................................................................................................................... 50 Exit .............................................................................................................................................. 50 Edit Menu Functions .................................................................................................................... 50 Undo / Redo ................................................................................................................................ 50 Cut / Copy / Paste / Delete .......................................................................................................... 50 Select All ..................................................................................................................................... 50 Search Menu Functions ............................................................................................................... 51 Find / Find Next / Find Previous .................................................................................................. 51 Replace ....................................................................................................................................... 51 Go to Line ................................................................................................................................... 52 View Menu Functions ................................................................................................................... 53 View Line Number ....................................................................................................................... 53 View Indention Guides ................................................................................................................ 53 View Margin ................................................................................................................................ 53 View Fold Margin ........................................................................................................................ 53 View Word Wrap ......................................................................................................................... 53 View White Space ....................................................................................................................... 54 View End of Line ......................................................................................................................... 54 View Book Marks ........................................................................................................................ 54 View Status Bar .......................................................................................................................... 54 View Output Window ................................................................................................................... 54 Options Menu Functions ............................................................................................................. 55 Font ............................................................................................................................................. 55 Set Line Number Color ................................................................................................................ 55 Set Comment Color ..................................................................................................................... 55 Set Text Color ............................................................................................................................. 55 Set Keyword Color ...................................................................................................................... 55 Set Background Color ................................................................................................................. 55 My Last Setting ........................................................................................................................... 55 8 of 166
P e r f o r m a n c e b y D e s i g n
Help Menu Functions ........................................................................................................................... 56 About aFleX Editor ....................................................................................................................... 56 Other aFleX Policy Editor Functions .................................................................................................. 56 Drag and Drop File Function ....................................................................................................... 56 Status Window .............................................................................................................................. 56
57
63
Command Reference
67
Events.................................................................................................................................................... 67 Global Events ................................................................................................................................ 67 RULE_INIT .................................................................................................................................. 67 HTTP Events .................................................................................................................................. 68 HTTP_REQUEST ........................................................................................................................ 68 HTTP_REQUEST_DATA ............................................................................................................ 69 HTTP_REQUEST_SEND ............................................................................................................ 69 HTTP_RESPONSE ..................................................................................................................... 70 HTTP_RESPONSE_CONTINUE ................................................................................................ 70 HTTP_RESPONSE_DATA ......................................................................................................... 70 IP, TCP, and UDP Events ............................................................................................................. 71 CLIENT_ACCEPTED .................................................................................................................. 71 CLIENT_CLOSED ....................................................................................................................... 72 CLIENT_DATA ............................................................................................................................ 72 LB_FAILED ................................................................................................................................. 73 LB_SELECTED ........................................................................................................................... 74 SERVER_CLOSED ..................................................................................................................... 74 SERVER_CONNECTED ............................................................................................................. 74 SERVER_DATA .......................................................................................................................... 74 SSL Events .................................................................................................................................... 75 CLIENTSSL_CLIENTCERT ........................................................................................................ 75 CLIENT_HANDSHAKE ............................................................................................................... 75
P e r f o r m a n c e
b y
9 of 166
Operators ...............................................................................................................................................76 Relational Operators .................................................................................................................... 76 contains ....................................................................................................................................... 76 ends_with .................................................................................................................................... 76 equals ......................................................................................................................................... 77 matches ...................................................................................................................................... 77 matches_regex ........................................................................................................................... 78 starts_with ................................................................................................................................... 78 switch .......................................................................................................................................... 79 Logical Operators ......................................................................................................................... 81 and .............................................................................................................................................. 81 not ............................................................................................................................................... 81 or ................................................................................................................................................. 82 Commands.............................................................................................................................................83 GLOBAL Commands .................................................................................................................... 83 active_members .......................................................................................................................... 83 b64decode .................................................................................................................................. 83 b64encode .................................................................................................................................. 84 clientside ..................................................................................................................................... 84 client_addr .................................................................................................................................. 84 client_port ................................................................................................................................... 85 cpu .............................................................................................................................................. 85 detach ......................................................................................................................................... 86 discard ........................................................................................................................................ 86 dnat ............................................................................................................................................. 86 domain ........................................................................................................................................ 87 drop ............................................................................................................................................. 87 encoding ..................................................................................................................................... 88 event ........................................................................................................................................... 88 findstr .......................................................................................................................................... 88 getfield ........................................................................................................................................ 89 htonl ............................................................................................................................................ 90 htons ........................................................................................................................................... 90 http_cookie .................................................................................................................................. 91 http_header ................................................................................................................................. 91 http_host ..................................................................................................................................... 91 http_method ................................................................................................................................ 92 http_uri ........................................................................................................................................ 92 http_version ................................................................................................................................ 92 ip_protocol .................................................................................................................................. 92 ip_tos .......................................................................................................................................... 93 local_addr ................................................................................................................................... 93 log ............................................................................................................................................... 93 10 of 166
P e r f o r m a n c e b y D e s i g n
md5 ............................................................................................................................................. 94 node ............................................................................................................................................ 95 ntohl ............................................................................................................................................. 95 ntohs ............................................................................................................................................ 95 persist .......................................................................................................................................... 96 pool .............................................................................................................................................. 98 redirect ........................................................................................................................................ 99 reject ............................................................................................................................................ 99 remote_addr .............................................................................................................................. 100 serverside .................................................................................................................................. 100 server_addr ............................................................................................................................... 100 server_port ................................................................................................................................ 101 session ...................................................................................................................................... 101 set encode ................................................................................................................................. 102 sha1 ........................................................................................................................................... 102 snatpool ..................................................................................................................................... 103 substr ......................................................................................................................................... 104 virtual ......................................................................................................................................... 105 when .......................................................................................................................................... 105 LB Commands ............................................................................................................................ 106 LB::down ................................................................................................................................... 106 LB::reselect ............................................................................................................................... 106 LB::status node ......................................................................................................................... 110 LB::status pool ........................................................................................................................... 111 HTTP Commands ........................................................................................................................ 112 HTTP::close ............................................................................................................................... 112 HTTP::collect ............................................................................................................................. 112 HTTP::cookie ............................................................................................................................. 114 HTTP::fallback ........................................................................................................................... 117 HTTP::header ............................................................................................................................ 117 HTTP::host ................................................................................................................................ 119 HTTP::is_keepalive ................................................................................................................... 119 HTTP::is_redirect ...................................................................................................................... 119 HTTP::method ........................................................................................................................... 120 HTTP::path ................................................................................................................................ 120 HTTP::payload .......................................................................................................................... 121 HTTP::query .............................................................................................................................. 122 HTTP::redirect ........................................................................................................................... 123 HTTP::release ........................................................................................................................... 123 HTTP::request ........................................................................................................................... 124 HTTP::request_num .................................................................................................................. 124 HTTP::respond .......................................................................................................................... 125 HTTP::retry ................................................................................................................................ 126 HTTP::status ............................................................................................................................. 126
P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y
11 of 166
HTTP::uri ................................................................................................................................... 127 HTTP::version ........................................................................................................................... 128 IP Commands ............................................................................................................................. 128 IP::addr ..................................................................................................................................... 128 IP::client_addr ........................................................................................................................... 129 IP::local_addr ............................................................................................................................ 129 IP::protocol ................................................................................................................................ 130 IP::remote_addr ........................................................................................................................ 131 IP::server_addr ......................................................................................................................... 131 IP::stats ..................................................................................................................................... 132 IP::tos ........................................................................................................................................ 133 IP::ttl .......................................................................................................................................... 133 IP::version ................................................................................................................................. 134 SIP Commands ........................................................................................................................... 134 SIP::call_id ................................................................................................................................ 134 SIP::from ................................................................................................................................... 135 SIP::header ............................................................................................................................... 135 SIP::header insert ..................................................................................................................... 135 SIP::method .............................................................................................................................. 136 SIP::respond ............................................................................................................................. 136 SIP::response ........................................................................................................................... 137 SIP::to ....................................................................................................................................... 137 SIP::uri ...................................................................................................................................... 137 SIP::via ...................................................................................................................................... 138 SIP Command Examples .......................................................................................................... 139 Policy-Based SLB Commands .................................................................................................. 145 POLICY::bwlist id ...................................................................................................................... 145 SSL and X509 Commands ......................................................................................................... 145 SSL::cert ................................................................................................................................... 145 SSL::cert count ......................................................................................................................... 146 SSL::cert issuer ......................................................................................................................... 146 SSL::cert mode ......................................................................................................................... 147 SSL::sessionid .......................................................................................................................... 147 SSL::verify_result ...................................................................................................................... 148 X509::issuer .............................................................................................................................. 148 X509::not_valid_after ................................................................................................................ 149 X509::not_valid_before ............................................................................................................. 149 X509::serial_number ................................................................................................................. 150 X509::subject ............................................................................................................................ 150 X509::verify_cert_error_string ................................................................................................... 151 X509::version ............................................................................................................................ 151
12 of 166
P e r f o r m a n c e
b y
D e s i g n
STATS Commands ..................................................................................................................... 152 STATS::clear ............................................................................................................................. 152 STATS::get ................................................................................................................................ 153 TCP Commands .......................................................................................................................... 155 TCP::client_port ......................................................................................................................... 155 TCP::close ................................................................................................................................. 155 TCP::collect ............................................................................................................................... 156 TCP::local_port .......................................................................................................................... 156 TCP::mss ................................................................................................................................... 157 TCP::offset ................................................................................................................................ 157 TCP::payload ............................................................................................................................. 158 TCP::release ............................................................................................................................. 158 TCP::remote_port ...................................................................................................................... 159 TCP::server_port ....................................................................................................................... 159 TIME Commands ......................................................................................................................... 160 TIME::clock ................................................................................................................................ 160 use ............................................................................................................................................. 160 UDP Commands .......................................................................................................................... 161 UDP::client_port ........................................................................................................................ 161 UDP::local_port ......................................................................................................................... 161 UDP::mss .................................................................................................................................. 162 UDP::payload ............................................................................................................................ 163 UDP::remote_port ..................................................................................................................... 163 UDP::server_port ....................................................................................................................... 164
P e r f o r m a n c e
b y
13 of 166
14 of 166
P e r f o r m a n c e
b y
D e s i g n
aFleX Basics
Overview
The aFleX scripting language is a powerful inline custom scripting engine that provides in-depth, granular control of inspection and redirection policies (filter, drop, redirect). The aFleX scripting language is based on the Tool Command Language (Tcl) programming standard for simplicity and familiarity. For an aFleX policy to work, it must be bound to a virtual port on the AX device. Then the aFleX policy can make policy decisions by inspecting the payload packets from all traffic going through the virtual port. FIGURE 2 aFleX overview
P e r f o r m a n c e
b y
15 of 166
tual port, to one specific server in a pool (service group), or to individual ports and URIs on a specific pool member (server).
aFleX policies provide complete flexibility, supporting both simple and
can be easily converted into aFleX scripts, providing backwards compatibility for customized solutions.
16 of 166
P e r f o r m a n c e
b y
D e s i g n
the AX device.
The virtual port must be processing the application type that the Event
Declaration in the aFleX policy is triggering on. Example: If the aFleX policy includes an event declaration for HTTP_REQUEST, then the policy can only bind to the virtual port that can process HTTP traffic. In other words, the virtual ports service type must be fast-http or http.
If no aFleX policy is assigned to the virtual port, the AX device will
continue to redirect traffic to the default server pool (SLB service group) assigned to the virtual port.
Once an aFleX policy is bound to a virtual port, the policy is triggered
whenever the AX device encounters the Event Declaration. Example: If an aFleX policy includes the event declaration CLIENT_ACCEPTED, then the policy is triggered whenever the AX device accepts a client request. Note: For virtual port type fast-HTTP, aFleX commands that change the HTTP header or payload are not supported.
P e r f o r m a n c e
b y
17 of 166
18 of 166
P e r f o r m a n c e
b y
D e s i g n
aFleX Syntax
An aFleX script is a Tcl-like script.
Tcl Symbols
The Tcl symbols listed in Table 1 have special meanings. TABLE 1
Delimiter $ [ ] { } \ # ; : :
For information about standard Tcl syntax, see the following: http://tmml.sourceforge.net/doc/tcl/index.html http://en.wikibooks.org/wiki/Programming:Tcl
19 of 166
text. Example: This aFleX script uses the default CLIENT side association to the REMOTE_ADDR. Because CLIENT_ACCEPTED has a default context of clientside, the remote_addr field is automatically assigned to clientside.
when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 10.1.1.80 ] pool my_pool } } } {
To change the default context of any aFleX script, use the clientside or serverside key words. Example: This aFleX policy switches the remote_addr field to the clientside from the default serverside association with the SERVER_CONNECTED event.
when CLIENT_ACCEPTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10.1.1.80 ] } { pool my_pool2 } }
20 of 166
P e r f o r m a n c e
b y
D e s i g n
aFleX Events
aFleX scripts are event-driven. The AX device triggers an aFleX policy based on a specified event. For example, if an aFleX policy is configured to be triggered by the HTTP_REQUEST event, the AX device triggers the aFleX policy when an HTTP request is received. Event declarations are made with the when keyword followed by the event name. Example:
} when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 10.1.1.80 ] pool my_pool } }
} {
P e r f o r m a n c e
b y
21 of 166
RULE_INIT
Triggered when used in an aFleX policy.
CLIENT_ACCEPTED
Triggered when a client establishes a connection.
CLIENT_DATA
Triggered when a client receives new data while the connection is in collect state.
LB_FAILED
Triggered when the AX device can not select a node (server) for the incoming request; for example, if all nodes in the pool are down or all their connection limits have been reached.
LB_SELECTED
Triggered when the system selects a pool member.
CLIENT_CLOSED
Triggered when the client-side connection closes.
SERVER_CLOSED
Triggered when the server side connection closes.
SERVER_CONNECTED
Triggered when the AX device establishes a connection with the target node.
SERVER_DATA
Triggered when the AX device has received new data from the target node while the connection is in hold state. HTTP
HTTP_REQUEST
Triggered when the AX device fully parses a complete client request header.
HTTP_RESPONSE
Triggered when the AX device parses all of the response status and header lines from the server response.
HTTP_RESPONSE_CONTINUE
Triggered whenever the AX device receives a 100 Continue response from the server.
HTTP_REQUEST_DATA
Triggered whenever the request receives new HTTP content data.
HTTP_RESPONSE_DATA
Triggered whenever the AX device receives new HTTP content data from the response.
HTTP_REQUEST_SEND
Triggered immediately before a request is sent to a server. Server-side event.
22 of 166
P e r f o r m a n c e
b y
D e s i g n
CLIENTSSL_CLIENTCERT
Triggered when an SSL client certificate is received.
CLIENTSSL_HANDSHAKE
Triggered when an SSL handshake on the client side is completed.
LB_FAILED
Triggered when the AX device can not select a node (server) for the incoming request; for example, if all nodes in the pool are down or all their connection limits have been reached.
aFleX Operators
aFleX policies use operators to compare operands in an expression. Table 3 lists the operators supported in aFleX policies. TABLE 3 aFleX Operators
Operator Name and Description
contains
Tests whether one string (string1) contains another string (string2).
ends_with
Tests whether one string (string1) ends with another string (string2).
equals
Tests whether one string equals another string.
matches
Tests whether one string matches another string.
matches_regex
Tests whether one string matches a regular expression.
starts_with
Tests whether one string (string1) starts with another string (string2).
switch
Built-in Tcl command. Evaluates one of several scripts, depending on a given value. Logical
and
Performs a logical and comparison between two values.
or
Performs a logical or comparison between two values.
not
Performs a logical not on a value.
P e r f o r m a n c e
b y
23 of 166
aFleX Commands
aFleX commands can perform the following types of operations:
Global Performs actions such as selecting a pool (SLB service group)
or node (server).
Query commands: IP packet header query Returns information from the IP header. IP, TCP, or UDP packet data query Returns information from the payload. HTTP packet header or content query Returns information from the HTTP header or payload. Header and content manipulation: HTTP cookie manipulation Changes cookies. TCP header and content manipulation Changes TCP headers or content. HTTP header and content manipulation Changes HTTP headers or content. SSL and X.509 query Returns information from or about certificates. Deep packet inspection Returns strings from packets.
Examples
Example: Pool Selection This aFleX script uses the if command to determine which pool to send traffic to based on the file type gif or jpg.
when HTTP_REQUEST { if { [HTTP::uri] ends_with ".gif" } { pool gif_pool } elseif { [HTTP::uri] ends_with ".jpg" } { pool jpg_pool } }
24 of 166
P e r f o r m a n c e
b y
D e s i g n
Example: IP Packet Header Query Protocol Number This example shows the protocol field being inspected for clientside protocol value of 6.
when CLIENT_ACCEPTED{ if { [IP::protocol] == 6 } { pool tcp_pool } else { pool slow_pool } } }
Example: IP Packet Header Query ToS Level This example shows the ToS field being inspected for clientside ToS value of 16.
when CLIENT_ACCEPTED { if { [IP::tos] == 16 } { pool tos16_pool } else { pool other_pool }}
Example: TCP Query This aFleX script uses the payload field to check for the words XYZ or ABC to properly redirect traffic.
P e r f o r m a n c e
b y
25 of 166
aFleX Commands
Command Name and Description active_members <pool_name> [partition shared] Returns the number of active members in the pool. By default, this command acts upon the service groups (pools) located in the partition that contains the aFleX policy. The partition shared option causes the aFleX policy to act upon service groups in the shared partition instead. This option is useful in aFleX policies that are located in a private partition, when you want the aFleX policy to act upon service groups in the shared partition instead. b64decode <string> Returns the specified string, decoded from base-64. Returns NULL if there is an error. b64encode <string> Returns the specified string, encoded as base-64. Returns NULL if there is an error. clientside {<aFleX commands>} Causes the specified aFleX commands to be evaluated under the client-side context. This command has no effect if the aFleX policy is already being evaluated under the client-side context. cpu usage [1sec | 5secs | 15secs | 1min | 5mins | 15mins | all_seconds | all_minutes] Returns the average CPU load for the given interval. All averages are exponential weighted moving averages over the interval. detach Discontinues evaluating the aFleX event on a connection. However, the aFleX policy continues to run. discard Causes the current packet or connection (depending on the context of the event) to be discarded. This statement must be conditionally associated with an if statement. dnat {disable | enable} Disables or enables destination NAT for the current connection. The command overrides the behavior set by the no-dest-nat CLI command or equivalent GUI option on the virtual port.
26 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
27 of 166
Time Commands
28 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
29 of 166
30 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
31 of 166
32 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
33 of 166
34 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
35 of 166
36 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
37 of 166
38 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
39 of 166
Scripting Functions
Edit Functions Cut, Copy, Paste, Delete, Select All, Undo, Redo Search Functions Find, Find Next, Find Previous, Replace, Go To Line View Functions Line Numbers, Indentation Guide, Margin, Fold Margin, Word
Wrap White Space, End of Line, Bookmarks, Auto Complete, Hot Spots Status Bar, Output Window
40 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
41 of 166
Below the menu and icons, the aFleX Policy Editor window has the following main parts:
Menu bar to select menu-based aFleX Policy Editor commands Icon bar to select icon-based aFleX Policy Editor commands Download Files (top-left frame) to access aFleX files on an AX device Local Files (lower-left frame) to access aFleX files on a workstation Editor (top-right frame) panel in which to edit aFleX files Output (lower-right frame) shows the status of file transfers and more Status bar (bottom bar) shows the current aFleX Policy Editor status
42 of 166
P e r f o r m a n c e
b y
D e s i g n
aFleX Templates
The aFleX Template window offers a list of aFleX templates. These templates offer pre-configured aFleX command modules required for typical AX Series applications and are named accordingly. With the addition of parameters for your specific AX Series application, an aFleX policy can be quickly constructed. To use a template to create a new aFleX policy, enter a unique name into the name field of the aFleX Template window, select a template from the list below the name field, and click the OK button.
P e r f o r m a n c e
b y
43 of 166
Need a function not shown in the aFleX Templates? You can create a custom aFleX script. Enter a unique name for the new script, select the BLANK template, and then click OK. The new script is added to the Local Files list and is opened in the Editor frame. The new script will be empty because the BLANK template was selected. You can then begin scripting using the aFleX commands. The rest of this chapter explains how to use the editor itself. To better understand templates, open one and look up its commands in the reference chapter: Command Reference on page 67.
44 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
45 of 166
46 of 166
P e r f o r m a n c e
b y
D e s i g n
Menu Functions
Overview
This section provides a list of all menu items. Detailed descriptions of the functions follow. File Menu The editor includes the following script handling functions in the File menu:
Connect/Disconnect, New aFleX, Upload, Download, Delete aFleX,
Save, Import aFleX, Export aFleX, Rename, Reset, Exit Edit Menu
Undo, Redo, Cut, Copy, Paste, Delete, Select All
Search Menu
Find, Find Next, Find Previous, Replace, Go To Line
View Menu
Line Numbers, Indentation Guides, Margin, Fold Margin, Word Wrap,
White Space, End of Line, Book Marks, Auto Complete, Status Bar, Output Window Options Menu
Font, Set Line Number Color, Set Comment Color, Set Text Color, Set
File Functions
Connect AX / Disconnect AX
If you select File > Connect AX, a window pops up and asks you to enter the hostname or IP address, and admin username and password. After you click OK, the connection status changes to Connected and all the aFleX policies on the AX device are automatically shown in the Download Files
P e r f o r m a n c e
b y
47 of 166
New aFleX
File > New aFleX Note: For information on aFleX scripts and commands, see aFleX Policy Examples on page 63 and Command Reference on page 67. Using an aFleX Template
If you click the New icon, a window will pop up where you can select an
aFleX Template. (See Figure 5 on page 43.) After you select a template, type the new aFleX policy name and click OK. The Local Files window generates the new file and opens it in the editor frame. Using the BLANK aFleX Template
You can also create aFleX scripts from the BLANK template. Enter a
unique name for the new aFleX, select the BLANK template from the list of templates, then click OK. The new aFleX policy is added to the Local Files list and is opened in the editor frame.
Upload
File > Upload If you click Upload, the currently selected Local File is uploaded to the AX device and listed in the AX Files frame. If the AX device is disconnected, the Upload menu item is disabled.
Download
File > Download If you click Download and the AX device is disconnected, a window pops up to ask you to input the hostname or IP address, and username and password, to re-establish the connection to the AX. If the current status of the AX is Connected, no window will pop up. The file list in the Local Files frame is updated.
48 of 166
P e r f o r m a n c e
b y
D e s i g n
Delete Rule
File > Delete Rule If no aFleX file is currently selected, nothing is deleted. If an aFleX file is currently selected within the Local Files frame, the selected file is deleted from the local workstation, and the next item in the list is automatically selected. If an aFleX file is currently selected in the AX Files frame, it is deleted from the AX file list. If the response message from the AX system indicates success, the file will also be deleted from the Local Files.
Save
File > Save If a currently selected aFleX file is located in the AX Files frame, it is saved to the AX device. If a currently selected aFleX file is located in the Local Files frame, it is saved to the local workstation.
Import
File > Import If you click Import, a window pops up where you can select a file and import it into the aFleX Policy Editor. The Local Files frame adds the file and opens it in the Editor frame.
Export
File > Export If you click Export, a window pops up where you can select a local path to which to export the currently selected file.
Rename
File > Rename If you click Rename, the currently selected aFleX file can be renamed. The new name should not be equal to the existing name shown in the aFleX Policy Editor, or equal to the name of another file.
P e r f o r m a n c e
b y
49 of 166
Reset
File > Reset Restores the currently selected file to its state before user modifications. If the currently selected file is located in the AX Files frame, the Reset command resets it to the initial file state when last downloaded. If the currently selected file is located in the Local Files frame, it resets to the initial file state just generated through the New action.
Exit
File > Exit If you click File > Exit, an alert window pops up.
To exit aFleX Policy Editor, click Yes. To continue working in aFleX Policy Editor, click No.
Select All
Edit > Select All Select Edit > Select All or ctrl+A to select all text in the Editor frame.
50 of 166
P e r f o r m a n c e
b y
D e s i g n
The find window will close. If you want to find the next occurrence of the string, press F3. To find the previous occurrence of the string, press shift+F3. FIGURE 10 Search > Find
Replace
Search > Replace If you select Search > Replace, the Search and Replace window pops up. In the Search for field, type the string you want to replace. In the Replace with field, type the new string. You can click the Next match or the Previous match button to locate another occurrence of the string to be replaced.
P e r f o r m a n c e
b y
51 of 166
Replace All.
If the term can not be found, an alert indicates that no match could be
Go to Line
Search > Go To Line If you select Go To Line, a window pops up where you can type a line number into the Go To Line field. Click OK to navigate to that line in the currently open file.
52 of 166
P e r f o r m a n c e
b y
D e s i g n
View Margin
View > Margin Use this menu command to display or hide the Editor frame Margin between the Editor frames Line Numbers column and its Fold Margin column.
53 of 166
54 of 166
P e r f o r m a n c e
b y
D e s i g n
My Last Setting
Options > My Last Setting This menu command restores your last setting from your previous session.
P e r f o r m a n c e
b y
55 of 166
Status Window
When you perform an action such as Download, Upload, Delete, or Reset, the status bar displays a status message to indicate the result of that action.
56 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
57 of 166
no
no
no
no
58 of 166
P e r f o r m a n c e
b y
D e s i g n
6. Use the import command to import the aFleX policy (test.afx) onto the AX device and rename it my_aflex:
AX(config)#import aflex my_aflex scp://192.168.1.118/aflex/test.afx User name []?*** Password []?*** Importing ... Done. AX(config)#
While importing the aFleX policy, the AX device checks for syntax errors. If any syntax errors are found, error messages are displayed. You can modify an aFleX policy and import it again until it passes the syntax check. 7. Use the show aflex command to list the aFleX policies imported onto the AX device:
AX(config)#show aflex Total aFleX number: 1 Name Syntax Virtual port -----------------------------------------------------------my_aflex Check No
8. To display the aFleX policy, use the show aflex aflex-name command:
AX(config)#show aflex my_aflex when HTTP_REQUEST { if {[HTTP::uri] contains business} { pool http-sg1 } elseif {[HTTP::uri] contains sports} { Pool http-sg2 } }
P e r f o r m a n c e
b y
59 of 166
10. Show the aFleX policy list again to verify that the aFleX policy is now bound to a virtual port:
AX(config)#show aflex Total aFleX number: 1 Name Syntax Virtual port -----------------------------------------------------------my_aflex Check Yes
60 of 166
P e r f o r m a n c e
b y
61 of 166
62 of 166
P e r f o r m a n c e
b y
D e s i g n
This aFleX policy uses the default CLIENT side association to the REMOTE_ADDR. Because the CLIENT_ACCEPTED event has a default context of clientside, the IP::remote_addr field is automatically assigned to clientside.
P e r f o r m a n c e
b y
63 of 166
Example: This aFleX script presents an apology page if a 404 error occurs.
when HTTP_RESPONSE { if { [HTTP::status] contains "404"} { HTTP::respond 200 content "<html><head><title>Apology Page</title></ head><body>We are sorry, but the site you are looking for is temporarily out of service.<br>If you feel you have reached this page in error, please try again.<p></body></html>" } }
64 of 166
P e r f o r m a n c e
b y
D e s i g n
Data Persistence
when HTTP_REQUEST { if {[HTTP::cookie exists "CustomerIP"] and [HTTP::cookie exists "CustomerPort"]} { set cookie_not_exist 0 # Direct traffic by the cookie node [HTTP::cookie "CustomerIP"] [HTTP::cookie "CustomerPort"] } else { set cookie_not_exist 1 # Save the cookie path and direct the traffic by URI if {[HTTP::uri] contains "/myweb/"} { set cookie_path "/myweb" pool http-sg1 } elseif {[HTTP::uri] contains "/myprint/ "} { set cookie_path "/myprint" pool http-sg2 } else { set cookie_path "/unexpected" pool http-sg3 } } } when HTTP_RESPONSE { if {$cookie_not_exist} { # Add path to the persistent cookie HTTP::cookie insert name "CustomerIP" value [IP::server_addr] path $cookie_path HTTP::cookie insert name "CustomerPort" value [TCP::server_port] path $cookie_path } }
P e r f o r m a n c e
b y
65 of 166
66 of 166
P e r f o r m a n c e
b y
D e s i g n
Command Reference
aFleX scripts consist of three basic elements:
Events Operators on page 76 Commands on page 83
Events
The following subsections describe the aFleX events.
Global Events
RULE_INIT
Initializes global system variables. Within an aFleX policy, the RULE_INIT event can initialize a system variable on a global basis for all aFleX policies, or exclusively for that particular aFleX policy. The prefix placed before RULE_INIT specifies whether to initialize the variable for all aFleX policies, or only the current aFleX policy. Prefix :: Scope
Applies only to the current aFleX policy. This variable cannot be set or read by any other aFleX policies. Once the variable is defined, it can be removed only by an unset command.
::global::
Applies to all aFleX policies. This variable can be set or read by all aFleX policies on the AX device.
Note:
P e r f o r m a n c e
b y
67 of 166
HTTP Events
HTTP_REQUEST
Triggered when the system fully parses a complete client request header (that is, the method, URI, version, and all headers, not including the body). Example:
when HTTP_REQUEST { if { [HTTP::uri] contains "secure"} { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }
Example:
If a client request URI contains the string "secure", redirect to the client to HTTPS.
68 of 166
P e r f o r m a n c e
b y
D e s i g n
when HTTP_REQUEST { if { [HTTP::uri] contains "Webdir" } { pool app-pool } elseif { [HTTP::uri] contains "Docdir" } { pool doc-pool } }
Related Information Available Commands HTTP::cookie, HTTP::disable, HTTP::fallback, HTTP::header, HTTP::host, HTTP::is_keepalive, HTTP::is_redirect, HTTP::method, HTTP::path, HTTP::payload, HTTP::query, HTTP::redirect, HTTP::release, HTTP::request, HTTP::request_num, HTTP::respond, HTTP::uri, HTTP::version, pool, URI::query
HTTP_REQUEST_DATA
Triggered whenever an HTTP::collect command finishes processing, after collecting the requested amount of request data. Related Information Available Commands HTTP::fallback, HTTP::host, HTTP::is_keepalive, HTTP::is_redirect, HTTP::method, HTTP::path, HTTP::query, HTTP::redirect, HTTP::release, HTTP::request, HTTP::request_num, HTTP::respond, HTTP::uri, HTTP::version
HTTP_REQUEST_SEND
Triggered immediately before a request is sent to a server. This is a serverside event. Example:
when HTTP_REQUEST_SEND { HTTP::collect 12 }
P e r f o r m a n c e
b y
69 of 166
HTTP_RESPONSE
Triggered when the system parses all of the response status and header lines from the server response. Note: HTTP_RESPONSE is specific to a SERVER response passing through the load balancer, and is not triggered for locally-generated responses.
Example:
when HTTP_RESPONSE { if { [HTTP::status] contains "404"} { HTTP::redirect "http://www.siterequest.com/" } }
Related Information Available Commands: HTTP::cookie, HTTP::header, HTTP::host, HTTP::is_keepalive, HTTP::is_redirect, HTTP::payload, HTTP::redirect, HTTP::release, HTTP::request_num, HTTP::respond, HTTP::retry, HTTP::status, HTTP::version, IP::local_addr, IP::server_addr, URI::query
HTTP_RESPONSE_CONTINUE
Triggered whenever the system receives a 100 Continue response from the server.
HTTP_RESPONSE_DATA
Triggered whenever an HTTP::collect command finishes processing on the server side of a connection, after collecting the requested amount of response data. Also triggered if the server closes the connection before the HTTP:collect command finishes processing.
70 of 166
P e r f o r m a n c e
b y
D e s i g n
Example:
when HTTP_RESPONSE { HTTP::collect [HTTP::header Content-Length] } when HTTP_RESPONSE_DATA { set clen [HTTP::payload length] set newdata "Sorry, This website is temporarily unavailable." HTTP::payload replace 0 $clen $newdata HTTP::respond 200 content [HTTP::payload] }
Related Information Available Commands HTTP::is_keepalive, HTTP::is_redirect, HTTP::redirect, HTTP::release, HTTP::request_num, HTTP::respond, HTTP::retry, HTTP::status, HTTP::version
Example:
when CLIENT_ACCEPTED { set curtime [TIME::clock seconds] set formattedtime [clock format $curtime -format {%H:%S} ] log "the time is: $formattedtime" }
P e r f o r m a n c e
b y
71 of 166
Related Information Available Commands IP::client_addr, IP::local_addr, IP::protocol, IP::remote_addr, IP::server_addr, IP::tos, pool, serverside, TCP::collect
CLIENT_CLOSED
This event is triggered at the end of any client connection, regardless of protocol. Example:
when CLIENT_CLOSED { if { [info exists ::active_clients($client_ip)] } { incr ::active_clients($client_ip) -1 if { $::active_clients($client_ip) <= 0 } { unset ::active_clients($client_ip) } } }
CLIENT_DATA
Triggered when new data is received from the client while the connection is in a collect state. Note: For UDP (and only UDP), the CLIENT_DATA event is automatically triggered for each UDP packet received.
72 of 166
P e r f o r m a n c e
b y
D e s i g n
Example:
If a DNS request contains "abc", select service group abc-dns. If the request contains "xyz", select service group xyz-dns.
when CLIENT_DATA { log "UDP::payload 12 12 = [UDP::payload 12 12]" if { [UDP::payload 12 12] contains "abc" } { pool abc-dns log " select pool abc-dns" } elseif { [UDP::payload 12 12] contains "xyz" } { pool xyz-dns log " select pool xyz-dns" } }
LB_FAILED
This Event is triggered when the AX device can not select a node for the incoming request; for example, if all nodes in the pool are down or all their connection limits have been reached. Example:
when LB_FAILED { pool errorPool }
P e r f o r m a n c e
b y
73 of 166
LB_SELECTED
This Event is triggered when the system selects a pool member. Example:
when LB_SELECTED { if { [IP::addr [IP::remote_addr] equals "10.0.0.1"] } { snat VIPsnat } }
SERVER_CLOSED
This Event is triggered when the Server side connection closes. Example:
when SERVER_CLOSED { log local0. "Server [IP::server_addr] has closed the connection" }
SERVER_CONNECTED
Triggered when a connection has been established with the target node. Related Information Available Commands: IP::local_addr, IP::server_addr
SERVER_DATA
Triggered when new data is received from the target node while the connection is in a hold state.
74 of 166
P e r f o r m a n c e
b y
D e s i g n
SSL Events
CLIENTSSL_CLIENTCERT
Triggered when the AX device receives an SSL client certificate. Example:
when CLIENTSSL_CLIENTCERT { set cert [SSL::cert 0] set subject [X509::subject $cert] }
CLIENT_HANDSHAKE
Triggered when an SSL handshake on the client side is completed. Example:
when CLIENTSSL_HANDSHAKE { set cert [SSL::cert 0] set subject {X509::subject $cert] }
P e r f o r m a n c e
b y
75 of 166
Operators
The following subsections describe the FleX operators.
Relational Operators
contains
Tests whether one string (string1) contains another string (string2). Syntax <string1> contains <string2> Example:
when HTTP_REQUEST { if { [HTTP::uri] contains "aol" } { pool aol_pool } else { pool all_pool } }
ends_with
Tests whether one string (string1) ends with another string (string2). Syntax <string1> ends_with <string2> Example:
when HTTP_REQUEST { set uri [HTTP::uri] if { $uri ends_with ".gif" } { pool my_pool } elseif { $uri ends_with ".jpg" } { pool your_pool } }
76 of 166
P e r f o r m a n c e
b y
D e s i g n
equals
Tests whether one string equals another string. Syntax <string1> equals <string2> Related Information Valid Events: ALL
matches
Tests whether one string matches another string. Syntax <string1> matches <string2> Note: The "matches" operator uses the same comparison as the Tcl "string match" command, which functions like a cut-down regular expression. For the two strings to match, their contents must be identical except that the following special sequences may appear in the pattern:
* Matches any sequence of characters in string, including a null string. ? Matches any single character in string. [chars] Matches any character in the set given by chars. If a sequence
of the form x-y appears in chars, then any character between x and y, inclusive, will match. When used with -nocase, the end points of the range are converted to lower case first. Whereas {[A-z]} matches '_' when matching case-sensitively ('_' falls between the 'Z' and 'a'), with -nocase this is considered to be like {[A-Za-z]}. (This is probably what was meant in the first place).
\x Matches the single character x. This provides a way of avoiding the
P e r f o r m a n c e
b y
77 of 166
matches_regex
Tests whether one string matches a regular expression. Syntax <string1> matches_regex <regex> <string1> matches_regex <string2> Tests if string2 is contained within string1. Example:
when HTTP_REQUEST { if { [HTTP::host] matches_regex "www\.([\w]*)\.com" } { pool com_pool } elseif { [HTTP::host] matches_regex "www\.([\w]*)\.edu" } { pool edu_pool } }
starts_with
Tests whether one string (string1) starts with another string (string2). Syntax <string1> starts_with <string2> Example:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/news" } { pool news_pool } elseif { [HTTP::uri] starts_with "/sports" } { pool sports_pool } }
78 of 166
P e r f o r m a n c e
b y
D e s i g n
switch
Built-in TCL command. Evaluates one of several scripts, depending on a given value. Syntax switch ?options? string {pattern body ?pattern body ...?} Matches its string argument against each of the pattern arguments in order. As soon as it finds a pattern that matches string, it evaluates the following body argument by passing it recursively to the Tcl interpreter and returns the result of that evaluation. If the last pattern argument is "default", then it matches anything. If no pattern argument matches string and no default is given, then the command returns an empty string. If the initial arguments start with "-", then they are treated as options. The following options are currently supported:
-exact Use exact matching when comparing string to a pattern. This is
the default.
-glob When matching string to the patterns, use glob-style matching
treated as string even if it starts with a "-". Two syntaxes are provided for the pattern and body arguments. The first uses a separate argument for each of the patterns and commands; this form is convenient if substitutions are desired on some of the patterns or commands. The second form places all of the patterns and commands together into a single argument; the argument must have proper list structure, with the elements of the list being the patterns and commands. The second form makes it easy to construct multi-line commands, since the braces around the whole list make it unnecessary to include a backslash at the end of each line. Since the pattern arguments are in braces in the second form, no command or variable substitutions are performed on them; this makes the behavior of the second form different than the first form in some cases.
P e r f o r m a n c e
b y
79 of 166
This example will send traffic with host header "www.domain.com" to pool www, host header "www.domain2.com" will cause header manipulation & URI rewriting to take place first, and requests with any other host header will be discarded:
switch [string tolower [HTTP::host]] { www.domain.com { pool www } www.domain2.com { HTTP::header insert Header1 domain2 HTTP::header replace Host www.domain.com [HTTP::uri] "/domain2[HTTP::uri]" pool www } default { discard } }
80 of 166
P e r f o r m a n c e
b y
D e s i g n
Logical Operators
and
Performs a logical and comparison between two values. Syntax <value1> and <value2> Example:
when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/abc") and ([HTTP::host] equals "www.company.com") } { pool pool1 } else { pool pool2 } }
not
Performs a logical not on a value. Syntax not <value> Example:
when HTTP_REQUEST { if { not ([HTTP::uri] starts_with "/abc") } { pool pool1 } else { pool pool2 } }
P e r f o r m a n c e
b y
81 of 166
or
Performs a logical or comparison between two values. Syntax <value1> or <value2> Example:
when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/abc") or ([HTTP::uri] starts_with "/cde") } { pool pool1 } else { pool pool2 } }
82 of 166
P e r f o r m a n c e
b y
D e s i g n
Commands
The following subsections describe the aFleX commands.
GLOBAL Commands
active_members
Returns number of active members in the pool. Syntax active_members <pool_name> Example:
when HTTP_REQUEST { if {[active_members pool1] >= 5} { pool big_pool } }
b64decode
Returns the specified string, decoded from base-64. Returns NULL if there is an error. Syntax b64decode <string> Example:
when HTTP_REQUEST { set encrypted [HTTP::cookie "EncryptedCookie"] set decrypted [b64decode $encrypted] HTTP::cookie insert name "MyCookie" value $decrypted }
P e r f o r m a n c e
b y
83 of 166
b64encode
Returns the specified string, encoded as base-64. Returns NULL if there is an error. Syntax b64encode <string> Example:
when HTTP_REQUEST { set cert [SSL::cert 0] HTTP::header insert SSLCERT [b64encode $cert] }
clientside
Causes the specified aFleX commands to be evaluated under the client-side context. This command has no effect if the aFleX command is already being evaluated under the client-side context. Syntax clientside {<aFleX commands>} Example:
when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10.1.1.80] } { discard } }
client_addr
Returns the client IP address of a connection. This is provided for backward compatibility. A10 Networks recommends using IP::client_addr instead.
84 of 166
P e r f o r m a n c e
b y
D e s i g n
client_port
Returns the TCP port number/service of the specified client. This is provided for backward compatibility. A10 Networks recommends using TCP::client_port instead. Syntax client_port Related Information Valid Events: See TCP::client_port on page 155.
cpu
The cpu usage command returns the average CPU load for the given interval. All averages are exponential weighted moving averages over the interval. Syntax cpu usage [1sec | 5secs | 15secs | 1min | 5mins | 15mins | all_seconds | all_minutes] Example:
when HTTP_REQUEST { if { [cpu usage 5secs] <= 1} { pool1 } else { HTTP::redirect "http://anotherpool.com" } }
P e r f o r m a n c e
b y
85 of 166
detach
Discontinue evaluating the aFleX event on a connection. The aFleX policy continues to run. Syntax detach
discard
Causes the current packet or connection (depending on the context of the event) to be discarded. This statement must be conditionally associated with an if statement. This command performs the same function as the drop command. Syntax discard Example:
when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10.1.1.80] } { discard } }
dnat
Disables or enables destination NAT for the current connection. The command overrides the behavior set by the no-dest-nat CLI command or equivalent GUI option on the virtual port. Note: Generally, disabling destination NAT is applicable only to Layer 4 traffic. Disabling destination NAT is applicable to Layer 7 traffic only for service type HTTP, on wildcard VIP used for Transparent Cache Switching (TCS). For an example, see the Service Type HTTP Without URL Switching Rules section in the Transparent Cache Switching chapter of the AX Series Configuration Guide. Syntax dnat {disable | enable}
86 of 166
P e r f o r m a n c e
b y
D e s i g n
domain
Parses the specified string as a dotted domain name and returns the last <count> portions of the domain name. Syntax domain <string> <count> Related Information Valid Events: ALL
drop
Causes the current packet or connection (depending on the context of the event) to be discarded. This command must be conditionally associated with an if command. This command performs the same function as the discard command. Syntax drop
P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y
87 of 166
encoding
Convert the character encoding of a payload to the specified encodiing. Syntax encoding {convertfrom | convertto} <encoding> Example: See set encode on page 102.
event
Discontinue evaluating the specified aFleX event, or all aFleX events, on this connection. However, the aFleX script continues to run. Syntax event [<name>] [enable | disable] | [enable all | disable all] Related Information Valid Events: ALL
findstr
Find a string within another string and return the string starting at the offset specified from the match. Syntax findstr <string> <search_string> [<skip_count> [<terminator>]
88 of 166
P e r f o r m a n c e
b y
D e s i g n
the string.
This command, without <skip_count> or <terminator>, is equivalent to
the following Tcl command: string range <string> [string first <string> <search_string>] end Example:
when HTTP_REQUEST { if { [findstr [HTTP::uri] "type=" 5 "&"] eq "cgi" } { pool cgi_servers } else { pool web_servers } }
getfield
Splits a string on a character or string, and returns the string corresponding to the specific field. Syntax getfield <string> <split> <field_number> Example: To extract only the hostname from the host header (strips any trailing ":###" port specification)
when HTTP_REQUEST { [getfield [HTTP::host] ":" 1] }
P e r f o r m a n c e
b y
89 of 166
htonl
Convert the unsigned integer from host byte order to network byte order. Syntax htonl <hostlong> Example:
when HTTP_REQUEST { set hostlong 12345678 set netlong [htonl $hostlong] }
htons
Convert the unsigned short integer from host byte order to network byte order. Syntax htons <hostshort> Example:
when HTTP_REQUEST { set hostshort 1234 set netshort [htons $hostshort] }
90 of 166
P e r f o r m a n c e
b y
D e s i g n
http_cookie
Specifies the value in the Cookie: header for the specified cookie name. This is provided for backward-compatibility. A10 Networks recommends using HTTP::cookie instead. Syntax http_cookie <cookie_name> Related Information Valid Events: See HTTP::cookie on page 114.
http_header
Evaluates the string following an HTTP header tag that you specify. This command is provided for backward-compatibility. A10 Networks recommends using HTTP::header instead. Syntax http_header(header_tag_string) Related Information Valid Events: See HTTP::header on page 117.
http_host
Specifies the value in the Host: header of the HTTP request. This is provided for backward-compatibility. A10 Networks recommends using HTTP::host instead. Syntax http_host Related Information Valid Events: See HTTP::host on page 119.
P e r f o r m a n c e
b y
91 of 166
http_method
Specifies the action of the HTTP request. Common values are GET and POST. This command is provided for backward-compatibility. A10 Networks recommends using HTTP::method instead. Syntax http_method Related Information Valid Events: See HTTP::method on page 120.
http_uri
Specifies a URL, but does not include the protocol and the fully qualified domain name (FQDN). For example, if the URL is http://www.mysite.com/ buy.asp, then the URI is /buy.asp. This command is provided for backwardcompatibility. A10 Networks recommends using HTTP::uri instead. Syntax http_uri Related Information Valid Events: See HTTP::uri on page 127.
http_version
Specifies the HTTP protocol version. Possible values are "HTTP/1.0" or "HTTP/1.1". This is provided for backward compatibility. A10 Networks recommends using HTTP::version instead. Syntax http_version Related Information Valid Events: See HTTP::version on page 128.
ip_protocol
Selects a pool based on an IP protocol number. A10 Networks recommends using IP::protocol instead.
92 of 166
P e r f o r m a n c e
b y
D e s i g n
ip_tos
Sends the traffic to a different pool of servers based on the ToS level within a packet. The Type of Service (ToS) standard is a means by which network equipment can identify and treat traffic differently based on an identifier. As traffic enters the site, the AX device can apply a rule that sends the traffic to different pools of servers based on the ToS level within a packet. This is provided for backward-compatibility. A10 Networks recommends using IP::tos instead. Syntax ip_tos Related Information Valid Events: See IP::tos on page 133.
local_addr
Selects a pool based on a clients local IP address. For example, you can load balance traffic based on part of the clients IP address. A10 Networks recommends using IP::local_addr instead. Syntax IP::local_addr Related Information Valid Events: See IP::local_addr on page 129.
log
Generates and logs the specified message to the Syslog utility. This command works by performing variable expansion on the message as defined for the HTTP profile Header Insert setting.
P e r f o r m a n c e
b y
93 of 166
Note:
Example:
log local0. "Found $isCard $type CC# $card_number" log local0.0 "Fatal error" log local0.DEBUG "This is log message from facility local0 and level DEBUG"
md5
Returns the RSA MD5 Message Digest Algorithm message digest of the specified string. Syntax md5 <string> Related Information Valid Events: All
94 of 166
P e r f o r m a n c e
b y
D e s i g n
node
Causes the specified server node (that is, IP address and port number) to be used directly, thus bypassing any load-balancing. Syntax node <addr> [<port>] Note: The node command requires that the real server (node) and service port already be configured. They also must be configured as a member of a service group. Connection limiting and connection rate limiting are not applied to a node if it is selected by this command.
Note:
Example:
when HTTP_REQUEST { if { [HTTP::uri] ends_with ".gif" } { node 10.1.2.200 80 } }
ntohl
Convert the unsigned integer from network byte order to host byte order. Syntax ntohl <netlong> Example:
when HTTP_REQUEST{ set netlong 12345678 set hostlong [ntohl $netlong] }
ntohs
Convert the unsigned short integer from network byte order to host byte order.
P e r f o r m a n c e
b y
95 of 166
persist
Set client persistence based on any value you choose. Syntax persist uie <string> [<timeout>] Sets the key for an entry on the persistence table, which maps the client to an SLB resource (real server, real server port, or service group). If the persistence table contains the specified key, the AX device uses the SLB resource that key is mapped to in the table. Otherwise, the AX device uses SLB to select a resource but does not create a persistence table entry. The uie option stands for Universal Inspection Engine, indicating that you can set persistence based on any key. The <timeout> specifies how many seconds the persistence entry can remain in the table after the last time traffic from the client is sent to the server. The default is 1800 seconds. Internally, the timeout is converted to minutes and is decremented one minute at a time. persist add uie <key> [timeout] Adds an entry to the persistence table. This command differs from the command above in that it does not first check the persistence table for an existing entry for the key. The persist add form of the command is useful for setting persistence based on data that is set on the server and is therefore first observed by the AX device in the server response, rather than in the client request.
96 of 166
P e r f o r m a n c e
b y
D e s i g n
Example:
when HTTP_RESPONSE { set IP [IP::client_addr] persist add uie $IP 1800 } when HTTP_REQUEST { set IP [IP::client_addr] persist uie $IP }
P e r f o r m a n c e
b y
97 of 166
pool
Causes the system to load balance traffic to the specified pool or pool member. Note: Pool / member may be selected conditionally. If multiple conditions match, the last match will determine the pool/member to which this traffic is load balanced. Syntax pool <pool_name> pool <pool_name> [member <addr> [<port>] ] pool <pool_name> Example:
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { pool my_pool } }
98 of 166
P e r f o r m a n c e
b y
D e s i g n
redirect
Redirects an HTTP request to a specific location. The location can be either a host name or a URI. A10 Networks recommends using HTTP::redirect instead. Syntax redirect [<host_name> | <URI>] Related Information Valid Events: See HTTP::redirect on page 123.
reject
Causes the connection to be rejected, returning a reset as appropriate for the protocol. Syntax reject Example:
when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10.1.1.80] } { drop } }
99 of 166
remote_addr
Selects a pool based on part of the clients IP address. A10 Networks recommends using IP::remote_addr instead. Syntax remote_addr Related Information Valid Events: See IP::remote_addr on page 131.
serverside
Causes the specified aFleX command or commands to be evaluated under the server-side context. This command has no effect if the aFleX policy is already being evaluated under the server-side context. Syntax serverside { <aFleX command> } Example:
when CLIENT_ACCEPTED { if {[IP::addr [serverside {IP::remote_addr}] equals 10.1.1.80] } { discard } }
server_addr
Returns the IP address of the server. A10 Networks recommends using IP::server_addr instead. Syntax IP::server_addr Related Information Valid Events: See IP::server_addr on page 131.
100 of 166
P e r f o r m a n c e
b y
D e s i g n
server_port
Returns the TCP port/service number of the specified server. A10 Networks recommends using TCP::server_port instead. Syntax TCP::server_port Related Information Valid Events: See TCP::server_port on page 159.
session
Manage SSL sessions. Syntax session add ssl <key> <data> [<timeout>] session lookup ssl <key> session delete <mode> <key> The session add ssl command creates a table to store SSL information. If an SSL table already exists, the command adds an entry to the table. Generally, the <key> is the session ID and the data is the SSL verify_result or the SSL certificate. The session lookup ssl command Searches the SSL table for information about the specified key. The session delete command deletes an SSL entry. Example:
when CLIENTSSL_HANDSHAKE { set cert1 [SSL::cert 0] session add ssl [SSL::sessionid] $cert1 300 } when } HTTP_REQUEST {
P e r f o r m a n c e
b y
101 of 166
set encode
Set the character encoding for data payloads.
Syntax
set encode "<encoding>"
Example: Here is an example of an aFleX policy that converts payload data into Japanese encoding Shift_JIS:
when HTTP_RESPONSE { if { [HTTP::header "Content-Type"] contains "Shift_JIS" } { set encode "shiftjis" HTTP::collect } } when HTTP_RESPONSE_DATA { set hoge [HTTP::payload length] set payload [encoding convertfrom $encode [HTTP::payload]] regsub -all "abc" $payload "xyz" newdata set newdata3 [encoding convertto $encode $newdata] HTTP::payload replace 0 $hoge $newdata3 HTTP::release }
Related Information Valid Events: The set encode command is valid with all events. The payload replace command (used in the example below) is valid only with the HTTP_RESPONSE_DATA event.
sha1
Returns the Secure Hash Algorithm version 1.0 (SHA1) message digest of the specified string.
102 of 166
P e r f o r m a n c e
b y
D e s i g n
snatpool
Uses the specified pool of IP addresses as translation addresses to create a SNAT. The command uses the specified NAT pool instead of the NAT pool that is already bound to the virtual port in the AX configuration. Syntax snatpool <snatpool_name> The <snatpool_name> option specifies the name of a configured IP address pool. Note: A NAT pool must already be bound to virtual port in the AX configuration. This is the virtual ports default NAT pool. The IP type (IPv4 or IPv6) of the pool must be the same as the IP type of the real servers.
Note:
Example:
when CLIENT_ACCEPTED { if { [IP::addr [IP::local_addr] equals 10.0.0.35] } { snatpool snat_a } else { snatpool snat_b } }
Related Information Valid Events: CLIENT_ACCEPTED, HTTP_REQUEST, LB_SELECTED For Layer 4 virtual ports, the snatpool command must be triggered by a CLIENT_ACCEPTED or LB_SELECTED event. For Layer 7 ports, the snatpool command must be triggered by a HTTP_REQUEST event.
P e r f o r m a n c e
b y
103 of 166
substr
Returns a sub-string named <string>, based on the values of the <skip_count> and <terminator> arguments. Syntax substr <string> <skip_count> [<terminator>] substr <string> <skip_count> [<terminator>] Note the following:
The <skip_count> and <terminator> arguments are used in the same
the value of the <terminator> argument may be either a character or a count. Example:
when HTTP_REQUEST { set uri [substr $uri 1 "?"] log local0. "Uri Part = $uri" } log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2
104 of 166
P e r f o r m a n c e
b y
D e s i g n
virtual
Return the name of the associated virtual server that the connection is flowing through. Syntax virtual name Example:
when HTTP_REQUEST { log local0. "Virtual Server: [virtual name]" }
when
Specify an event in an aFleX script. All aFleX events begin with a when command. You can specify multiple when commands within a single aFleX script. Syntax when <event_name> Example:
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { pool my_pool } }
P e r f o r m a n c e
b y
105 of 166
LB Commands
LB::down
Temporarily marks the current real port down for 30 seconds. Syntax: LB::down Valid Events: LB_FAILED, LB_SELECTED Example: See Example 2 in LB::reselect on page 106.
LB::reselect
Reperforms server selection. Syntax: LB::reselect [pool <pool-name> [<member>]] If you use the command without any of the optional parameters, SLB selects the next available member (server and port) from the same service group used for the initial server selection. To specify the service group to use, use the pool <pool-name> option. If you also use the <member> option, the specified member is selected from the specified service group. Note: This command applies to Layer 7 traffic only for HTTP and HTTPS. Valid Events: LB_FAILED, LB_SELECTED Example 1: In this aFleX policy, the HTTP::retry command retries sending a clients request to a service port that replies with an HTTP 5xx status code. If the first server continues to reply with a 5xx status code after 3 retries, the LB::reselect command reassigns the client request to another server.
106 of 166
P e r f o r m a n c e
b y
D e s i g n
Example 2: This aFleX policy is similar to the one above, except the LB::down command in the policy marks the service port down for 30 seconds.
when CLIENT_ACCEPTED { set retry 0 set max_retry 3 } when HTTP_REQUEST { log "In HTTP_REQUEST: $retry" log "End HTTP_REQUEST" }
P e r f o r m a n c e
b y
107 of 166
Example 3: This aFleX policy uses the STATS::get command to retrieve total connection statistics two service groups, then select the service group with fewer total connections. After a service group is selected, the policy selects a server from the group. If a retry occurs, the LB::reselect command selects another server from the same service group. If the maximum number of retries has already been reached, the other service group is selected. If both service groups have reached the maximum number of retries, a third service group is used.
when CLIENT_ACCEPTED { #set initial retires count equal to 0 set retries 0 # variable for the first time set first 0 # number of retry per pool set retry_cnt_per_pool 0 # max. number of retry per pool set max_retry_per_pool 6
108 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
109 of 166
LB::status node
Returns the health check status of a node. Syntax LB::status node <ipaddr> [port <port-num> {tcp | udp}] If you specify the node IP address only, the Layer 3 health status of the server is returned. If you also specify a protocol port and its transport protocol, the health status of the port is also returned. If you use the port option, the port number and the transport protocol (tcp or udp) also are required. The health status returned by the command is Up or Down.
110 of 166
P e r f o r m a n c e
b y
D e s i g n
LB::status pool
Returns the health check status of a pool. Syntax LB::status pool <pool_name> [member <ipaddr> [<port_num>]] [partition shared] If you specify the pool name only, the health status of the group is returned. If you also specify a member (node) IP address and, optionally, service port number, the health status of the specified member or port is returned. The health status returned by the command is Up or Down. Example:
when HTTP_REQUEST { if { [LB::status pool svcgroup-1 member 10.1.100.222 7000] == "up"} { log "member 10.1.100.222 port 7000 of service group svcgroup-1 is UP!" } else { log "member 10.1.100.222 port 7000 of service group svcgroup-1 is DOWN!" } }
P e r f o r m a n c e
b y
111 of 166
HTTP Commands
HTTP::close
Inserts a Connection: close header and closes the HTTP connection. Syntax HTTP::close Example:
when HTTP_RESPONSE { HTTP::version "0.9" HTTP::close }
HTTP::collect
Collects the amount of data that you specify with the <length> argument. When the system collects the specified amount of HTTP content data, it triggers aFleX event HTTP_REQUEST_DATA or HTTP_RESPONSE_DATA depending on the data coming from. You can use this command with the HTTP::request or HTTP::payload <size> command. Syntax HTTP::collect Collects data. Use caution when omitting the value of the content length. Doing so can stall the connection. HTTP::collect [<length>] Collects the amount of data that you specify with the <length> argument. Use caution when specifying a value larger than the size of the actual length. Doing so can stall the connection. Note: If you specify length 0, the HTTP_RESPONSE_DATA event is not triggered since no data is collected.
P e r f o r m a n c e b y D e s i g n
112 of 166
lects as much data as specified by the header, up to the maximum allowed, 1.25 MB.
If the packet does not have an HTTP Content-Length header, the AX
device will keep collecting data until one of the following occurs: 1.25 MB of data is collected (This is the maximum amount that can be collected.) A zero-size chunk-encoded packet is received RST is received from the server FIN is received from the server Generally, a packet without a Content-Length header will be a chunkencoded packet. Notes: The AX device buffers the entire payload before replying to the client. If the object to be collected is very large, performance can be affected. The HTTP::collect command is not supported if RAM caching is enabled. If the HTTP::payload replace command is used in the same aFleX policy as the HTTP::collect command:
For packets that do not contain chuck-encoded data, the AX device will
first, by removing the chunk header and assembling the packet. The AX will then replace the content with the new string. The AX will not rechunk the payload. The packet received by the client will not be chunkencoded.
In the current release, the HTTP::payload replace command only sup-
ports clear text replacement. If the server response is compressed (transfer-encoded, tar, gz, bz, and so on), this feature will not work properly.
P e r f o r m a n c e
b y
113 of 166
Example:
when HTTP_RESPONSE { if {[HTTP::status] == 205}{ HTTP::collect [HTTP::header Content-Length] } }
HTTP::cookie
Queries for or manipulates cookies in HTTP requests and responses. This command replaces the http_cookie command. Syntax HTTP::cookie names HTTP::cookie count HTTP::cookie [value] <name> [<string>] HTTP::cookie version <name> [version] HTTP::cookie path <name> [path] HTTP::cookie domain <name> [domain] HTTP::cookie ports <name> [portlist] HTTP::cookie insert name <name> value <value> [path <path>] [domain <domain>] [version <0 | 1 | 2>] HTTP::cookie remove <name>
P e r f o r m a n c e b y D e s i g n
114 of 166
P e r f o r m a n c e
b y
115 of 166
116 of 166
P e r f o r m a n c e
b y
D e s i g n
HTTP::fallback
Specifies or overrides the fallback host specified in the HTTP profile. Syntax HTTP::fallback <host> Example:
when LB_FAILED { HTTP::fallback "http://siteunavailable.mysite.com/" }
HTTP::header
Queries for or manipulates an HTTP header. Syntax HTTP::header [value] <name> Returns the value of the HTTP header named <name>. You can omit the <value> argument if the header name does not collide with any of the subcommands. HTTP::header names Returns a list of all the headers present on the request or response. HTTP::header count Returns the number of HTTP headers present in the request or response. HTTP::header at <index> Returns the HTTP header that the AX device finds at the zero-based index value. HTTP::header exists <name> Returns true if the named header is present on the request or response. HTTP::header insert ["lws"] <name> <value> Inserts the named HTTP header and its value into the end of the HTTP request or response. If you specify "lws", the AX device adds linear white space to long header values.
P e r f o r m a n c e
b y
117 of 166
118 of 166
P e r f o r m a n c e
b y
D e s i g n
HTTP::host
Returns the host name (and port, if specified) of the HTTP request. This command replaces the http_host command. Syntax HTTP::host Example:
when HTTP_REQUEST { if { [HTTP::uri] contains "secure"} { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }
HTTP::is_keepalive
Returns a true value if this is a Keep-Alive connection. Syntax HTTP::is_keepalive Example:
when HTTP_RESPONSE { if {[HTTP::is_keepalive]}{ HTTP::close } }
HTTP::is_redirect
Returns a true value if the response is a certain type of redirect.
P e r f o r m a n c e
b y
119 of 166
HTTP::method
Returns the type of HTTP request method. This command replaces the http_method command. Syntax HTTP::method Example:
when HTTP_REQUEST { log local0. "HTTP Method: [HTTP::method]" }
HTTP::path
Returns the path part of the HTTP request. Syntax HTTP::path [<string>]
120 of 166
P e r f o r m a n c e
b y
D e s i g n
Webmail redirect example: https://webmail.company.com is redirected to https://webmail.company.com/exchange. This is the correct path for exchange. Redirected traffic then passes to the webmail pool.
when HTTP_REQUEST { if { [HTTP::path] equals "/" } { HTTP::redirect "https://[HTTP::host]/exchange/" #log local0. "redirect" } else { pool pool_webmail #log local0. "using pool " } }
HTTP::payload
Queries for or replaces content information. With this command, you can retrieve content, query for content size, or replace a certain amount of content. Syntax HTTP::payload [<size>] HTTP::payload length HTTP::payload <offset> <size> HTTP::payload replace <offset> <size> <data> HTTP::payload [<size>] Returns the content that the HTTP::collect command has collected thus far. If you do not specify a size, the system returns the collected content.
P e r f o r m a n c e
b y
121 of 166
HTTP::query
Returns the query part of the HTTP request. Syntax HTTP::query Example:
when HTTP_REQUEST { log local0. "http_path [HTTP::path]" log local0. "http_query [HTTP::query]" }
122 of 166
P e r f o r m a n c e
b y
D e s i g n
HTTP::redirect
Redirects an HTTP request or response to the specified URL. Note: This command sends the response to the client immediately. Therefore, you cannot specify this command multiple times in an aFleX script, nor can you specify any other commands that modify header or content, after you specify this command. Syntax HTTP::redirect <url> Example:
when HTTP_RESPONSE { if { [HTTP::status] contains "404"} { HTTP::redirect "http://www.siterequest.com/" } }
HTTP::release
Releases the collected data. Unless a subsequent HTTP::collect command was issued, there is no need to use the HTTP::release command inside of the HTTP_REQUEST_DATA and HTTP_RESPONSE_DATA events, since in these cases, the data is implicitly released. Syntax HTTP::release
P e r f o r m a n c e
b y
123 of 166
HTTP::request
Returns the raw request header string. You can access the request payload using the HTTP::collect command. Syntax HTTP::request Example:
when HTTP_REQUEST { # save original request set req [HTTP::request] # flag as new request needing lookup set lookup 1 # inject lookup URI in place of original request HTTP::uri "/page.aspx?ip=[IP::client_addr]" # set pool to lookup server pool pool lookup_server }
HTTP::request_num
Returns the number of HTTP requests that a client made on the connection. Syntax HTTP::request_num
124 of 166
P e r f o r m a n c e
b y
D e s i g n
HTTP::respond
Allows users to generate or rewrite a client request or a server response. This is a powerful API that allows users to generate or rewrite a client request or a server response. When the system runs the command on the client side, it sends the response to the client without any load balancing taking place. If the system runs the command on the server side, the content from the actual server is discarded and replaced with the information provided to this API. Note: The maximum size response that can be sent using this command is 64 KB. Because the system sends the response data immediately after this aFleX script runs, A10 Networks recommends that you not run any more aFleX scripts after this API. Syntax HTTP::respond <status code> [content <content Value>] [<Header name> <Header Value>]+ Example: To send a redirect with a cookie set.
when HTTP_REQUEST { set ckname "app" set ckvalue "893" set cookie [format "%s=%s; path=/; domain=%s" $ckname $ckvalue ".domain.org"] HTTP::respond 302 Location "http://www.domain.org" "Set-Cookie" $cookie }
Note:
P e r f o r m a n c e
b y
125 of 166
HTTP::retry
Resends an HTTP request to the server. Note: This command is supported only for virtual port types HTTP and HTTPS. They are not supported for fast-HTTP or any of the other virtual port types. Syntax: HTTP:retry Valid Events: HTTP_RESPONSE, HTTP_RESPONSE_DATA Example: See the first example in LB::reselect on page 106.
HTTP::status
Returns the response status code. Syntax HTTP::status
126 of 166
P e r f o r m a n c e
b y
D e s i g n
HTTP::uri
Returns or sets the URI of the request. This command replaces the http_uri command. Syntax HTTP::uri <string> The URI string does not include the protocol (http or https) or hostname, just the path, starting with the slash after the hostname. HTTP::uri <string> Changes the URI passed to the server. It should always start with a slash. Example:
when HTTP_REQUEST { if { [HTTP::uri] ends_with "cgi" } { pool cgi_pool } elseif { [HTTP::uri] starts_with "/abc" } { pool abc_servers } }
127 of 166
HTTP::version
Returns or sets the HTTP version of the request or response. This command replaces the http_version command. Syntax HTTP::version ["0.9" | "1.0" | "1.1"] Example:
when HTTP_RESPONSE { HTTP::version "1.1" }
IP Commands
IP::addr
Performs comparison of IP address/subnet/supernet to IP address/subnet/ supernet. Returns 0 if no match, 1 for a match. Note: This command does NOT perform a string comparison. To perform a literal string comparison, simply compare the 2 strings with the appropriate operator (equals, contains, starts_with, and so on) rather than using the IP::addr comparison. Syntax IP::addr <addr1>[/<mask>] equals <addr2>[/<mask>] IP::addr Example: To perform comparison of IP address 10.10.10.1 with subnet 10.0.0.0/8. (Will return 1, since it is a match.) [IP::addr 10.10.10.1 equals 10.0.0.0/8]
128 of 166
P e r f o r m a n c e
b y
D e s i g n
IP::client_addr
Returns the client IP address of a connection. This command is equivalent to the command clientside { IP::remote_addr }. Syntax IP::client_addr Example:
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { pool my_pool } }
Related Information Valid Events: CLIENT_ACCEPTED, CLIENT_CLOSED, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, LB_SELECTED, SERVER_CONNECTED
IP::local_addr
This command is primarily useful for generic rules that are re-used. Also, it is useful in reusing the connected endpoint in another statement or to make routing type decisions. You can also specify the IP::client_addr and IP::server_addr commands.
P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y
129 of 166
Related Information Valid Events: CLIENT_ACCEPTED, CLIENT_CLOSED, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, LB_SELECTED, SERVER_CLOSED, SERVER_CONNECTED
IP::protocol
Returns the IP protocol value. Syntax IP::protocol Example:
when CLIENT_ACCEPTED { if { [IP::protocol] == 6 } { pool tcp_pool } else { pool slow_pool } }
130 of 166
P e r f o r m a n c e
b y
D e s i g n
IP::remote_addr
Returns the IP address of the host on the far end of the connection. In the clientside context, this is the client IP address. In the serverside context this is the node IP address. You can also specify the IP::client_addr and IP::server_addr commands, respectively. Syntax IP::remote_addr Example:
when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 206.0.0.0/255.0.0.0] } { pool clients_from_206 } else { pool other_clients_pool } } when SERVER_CONNECTED { log local0. "Node IP address is: [IP::remote_addr]" }
Related Information Valid Events: CLIENT_ACCEPTED, CLIENT_CLOSED, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, LB_SELECTED, SERVER_CLOSED, SERVER_CONNECTED
IP::server_addr
Returns the servers (nodes) IP address, once a serverside connection has been established. This command is equivalent to the command serverside {IP::remote_addr}. The command returns 0 if the serverside connection has not been made. Syntax IP::server_addr
P e r f o r m a n c e
b y
131 of 166
IP::stats
Supplies information about the number of packets or bytes being sent or received in a given connection. Syntax IP::stats pkts in IP::stats pkts out IP::stats pkts IP::stats bytes in IP::stats bytes out IP::stats bytes IP::stats age
IP::stats pkts in Returns number of packets received IP::stats pkts out Returns number of packets sent IP::stats pkts Returns a Tcl list of packets in and packets out IP::stats bytes in Returns number of bytes received IP::stats bytes out Returns number of bytes sent IP::stats bytes Returns Tcl list of bytes in and bytes out
132 of 166
P e r f o r m a n c e
b y
D e s i g n
IP::tos
Selects a different pool of servers based on the ToS level within a packet. The Type of Service (ToS) standard is a means by which network equipment can identify and treat traffic differently based on an identifier. As traffic enters the site, the AX device can apply a rule that sends the traffic to different pools of servers based on the ToS level within a packet. Note: This command replaces the ip_tos command. Syntax IP::tos Selects a different pool of servers based on the ToS level within a packet. Example:
when CLIENT_ACCEPTED { if { [IP::tos] == 16 } { pool telnet_pool } else { pool slow_pool } }
IP::ttl
Returns the TTL of the current packet being acted upon. Syntax IP::ttl Example:
when CLIENT_ACCEPTED { if { [IP::ttl] < 3 } { drop } } P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y
133 of 166
IP::version
Returns the version of the current packet being acted upon. Syntax IP::version Example:
when CLIENT_ACCEPTED { if {[IP::version] eq 6} { pool ipv6_pool } else { pool ipv4_pool } }
SIP Commands
SIP::call_id
Returns the value of the Call-ID header in a SIP request. Syntax SIP::call_id Example: See SIP Command Examples on page 139. Related Information Valid Events: SIP_REQUEST, SIP_REQUEST_SEND, SIP_RESPONSE
134 of 166
P e r f o r m a n c e
b y
D e s i g n
SIP::from
Returns the value of the From header in a SIP request. Syntax SIP::from Example: See SIP Command Examples on page 139. Related Information Valid Events: SIP_REQUEST, SIP_REQUEST_SEND, SIP_RESPONSE
SIP::header
Returns SIP header header-name. Syntax SIP::header [<value>] header-name [<index>] The <value> option specifies the header value. The <index> option indicates the header to act upon, in cases where there are multiple header levels. Without the <index> option, the first instance of the header is acted upon by the aFleX policy. Example: See SIP Command Examples on page 139. Related Information Valid Events: SIP_REQUEST, SIP_REQUEST_SEND, SIP_RESPONSE
SIP::header insert
Inserts the specified SIP header-name:header-value pair at position <index>. Syntax SIP::header insert header-name header-value <index>
P e r f o r m a n c e
b y
135 of 166
SIP::method
Returns the type of the SIP request method. Syntax SIP::method Example: See SIP Command Examples on page 139. Related Information Valid Events: SIP_REQUEST, SIP_REQUEST_SEND, SIP_RESPONSE
SIP::respond
Sends back a response with the specified code, phrase, and headername:header-value pair. Syntax SIP::respond code <"phrase" <"header-name" "header-value">> Example: See SIP Command Examples on page 139. Related Information Valid Events: SIP_REQUEST, SIP_REQUEST_SEND, SIP_RESPONSE
136 of 166
P e r f o r m a n c e
b y
D e s i g n
SIP::response
Gets the SIP response code or response phrase, or rewrites the response code and phrase, if specified. Syntax SIP::response code Gets the SIP response code. SIP::response phrase Gets the response phrase. SIP::response rewrite code <phrase> Rewrites the response code and phrase, if specified. Example: See SIP Command Examples on page 139. Related Information Valid Events: SIP_REQUEST, SIP_REQUEST_SEND, SIP_RESPONSE
SIP::to
Returns the value of the To header in the SIP request. Syntax SIP::to Example: See SIP Command Examples on page 139. Related Information Valid Events: SIP_REQUEST, SIP_REQUEST_SEND, SIP_RESPONSE
SIP::uri
Returns the complete URI of the request. Syntax SIP::uri
P e r f o r m a n c e
b y
137 of 166
SIP::via
Gets SIP via information. Syntax SIP::via [<index>] Gets the information in the SIP via header. If you specify the <index>, only the information at the specified index level is returned. SIP::via proto [<index>] Gets the protocol part of the SIP via at the specified index level. If you specify the <index>, only the information at the specified index level is returned. SIP::via sent_by [<index>] Gets the sent_by part of the SIP via at the specified index level. If you specify the <index>, only the information at the specified index level is returned. SIP::via received [<index>] Gets the retrieved attribute of the SIP via at the specified index level. If you specify the <index>, only the information at the specified index level is returned. SIP::via branch [<index>] Gets the branch attribute of the SIP via at the specified index level. If you specify the <index>, only the information at the specified index level is returned. SIP::via maddr [<index>] Gets the maccadr attribute of the SIP via at the specified index level. SIP::via ttl [<index>]
138 of 166
P e r f o r m a n c e
b y
D e s i g n
log "SIP::call_id is [SIP::call_id]" log "---------------------------------------------------" log "SIP::from is [SIP::from]" log "---------------------------------------------------" log "SIP::header Via [SIP::header Via]" log "SIP::header Via value index0 [SIP::header value Via 0]" log "SIP::header Via index9 [SIP::header Via 9]" log "SIP::header From [SIP::header From]" log "SIP::header value From index0 [SIP::header value From 0]" log "SIP::header From index9 <not exist> [SIP::header From 9]" log "SIP::header To [SIP::header To]" log "SIP::header To index0 [SIP::header To 0]" log "SIP::header value To index9 <not exist> [SIP::header value To 9]" log "SIP::header Call-ID [SIP::header Call-ID]" log "SIP::header value Call-ID index0 [SIP::header value Call-ID 0]" log "SIP::header value Call-ID index9 <not exist> [SIP::header value CallID 9]" log "SIP::header CSeq [SIP::header CSeq]" log "SIP::header CSeq value index0 [SIP::header value CSeq 0]" log "SIP::header CSeq index9 <not exist> [SIP::header CSeq 9]" log "SIP::header Contact [SIP::header Contact]" P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y
139 of 166
log "---------------------------------------------------"
log "SIP::header Via 0 (request) [SIP::header Via 0]" log "SIP::response code [SIP::response code]" SIP::header insert Via "SIP/10.0/UDP ss.under.test.com:5070;maddr=3ffe:501:ffff:50::51;ttl=1;branch=z9hG4bK721e418c 4.1" 10
SIP::header insert event "SIP/2.0/UDP ss.under.test.com:5070;maddr=3ffe:501:ffff:50::51;ttl=1;branch=z9hG4bK721e418c 4.1;received=3ffe:501:ffff:50::50" 1 # log "Event 0 is [SIP::header event]" SIP::header insert From "<sip:218@mysip.com>;tag=1043119751" log "SIP::header insert From index1 [SIP::header From]" log "SIP::header From [SIP::header From]" SIP::header insert Via "SIP/2.0/UDP 171.1.1.217:5060;rport;branch=z9hG4bk11229103" log "SIP::header insert Via [SIP::header Via]" log "SIP::header From(2) [SIP::header From]"
140 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
141 of 166
Example 3:
when SIP_REQUEST_SEND { if { [SIP::method] contains "SUBSCRIBE" } { log "***************** SIP-REQUEST-SEND *******************"
log "SIP::call_id is [SIP::call_id]" log "---------------------------------------------------" log "SIP::from is [SIP::from]" log "---------------------------------------------------" log "SIP::header Via [SIP::header Via]" log "SIP::header Via value index0 [SIP::header value Via 0]" log "SIP::header Via index9 [SIP::header Via 9]" log "SIP::header From [SIP::header From]" log "SIP::header value From index0 [SIP::header value From 0]" log "SIP::header From index9 <not exist> [SIP::header From 9]" log "SIP::header To [SIP::header To]" log "SIP::header To index0 [SIP::header To 0]"
142 of 166
P e r f o r m a n c e
b y
D e s i g n
SIP::header remove From log "SIP::header remove From [SIP::header From]" SIP::header remove From log "SIP::header remove From [SIP::header From]" SIP::header remove abc log "SIP::header remove index To [SIP::header abc]"
log "---------------------------------------------------" SIP::header insert From "<sip:218@mysip.com>;tag=1043119751" log "SIP::header insert From index1 [SIP::header From]" log "SIP::header From [SIP::header From]" SIP::header insert Via "SIP/2.0/UDP 171.1.1.217:5060;rport;branch=z9hG4bk11229103"
P e r f o r m a n c e
b y
143 of 166
144 of 166
P e r f o r m a n c e
b y
D e s i g n
145 of 166
Related Information Valid Events CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, HTTP_RESPONSE_CONTINUE
SSL::cert count
Returns the number of certificates in the certificate chain. Syntax SSL::cert count Example: See the example for SSL::cert on page 145. Related Information Valid Events: See SSL::cert on page 145.
SSL::cert issuer
Returns the issuer of the certificate with the specified level. Syntax SSL::cert issuer <index> Example: See the example for SSL::cert on page 145.
P e r f o r m a n c e b y D e s i g n
146 of 166
SSL::cert mode
Sets the certificate mode. This setting overrides the mode setting in the template. Syntax SSL::cert mode <request | require | ignore | auto> Example: See the example for SSL::cert on page 145. Related Information Valid Events: See SSL::cert on page 145.
SSL::sessionid
Returns the current SSL session ID. Syntax SSL::sessionid Note: Example:
when CLIENTSSL_HANDSHAKE { set cert [SSL::cert 0] session add ssl [SSL::sessionid] $cert 300 }
Related Information Valid Events CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, HTTP_RESPONSE_CONTINUE
P e r f o r m a n c e
b y
147 of 166
SSL::verify_result
If <result_code> is not specified, returns the result code of the peer certification verification. If <result_code> is specified, sets the result code of the peer certification verification. Syntax SSL::verify_result [<result_code>] Example:
when CLIENTSSL_HANDSHAKE { set result [ X509::verify_cert_error_string [SSL::verify_result]] log "Result is $result" }
Related Information Valid Events CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, HTTP_RESPONSE_CONTINUE
X509::issuer
Returns the issuer of the X.509 certificate. Syntax X509::issuer Example:
when CLIENTSSL_HANDSHAKE { set issuer [X509::issuer [SSL::cert 0]] log "Issuer: $issuer" }
Related Information Valid Events: CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, HTTP_RESPONSE_CONTINUE
P e r f o r m a n c e b y D e s i g n
148 of 166
X509::not_valid_after
Returns the not-valid-after date of an X.509 certificate. Syntax X509::not_valid_after Example:
when CLIENTSSL_HANDSHAKE { set not_valid_after [X509::not_valid_after [SSL::cert 0]] log "Not Valid After: $not_valid_after" }
Related Information Valid Events: CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, HTTP_RESPONSE_CONTINUE
X509::not_valid_before
Returns the not-valid-before date of an X.509 certificate. Syntax X509::not_valid_before Example:
when CLIENTSSL_HANDSHAKE { set not_valid_before [X509::not_valid_before [SSL::cert 0]] log "Not Valid Before: $not_valid_before" }
Related Information Valid Events: CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, HTTP_RESPONSE_CONTINUE
P e r f o r m a n c e
b y
149 of 166
X509::serial_number
Returns the serial number of an X.509 certificate. Syntax X509::serial_number Example:
when CLIENTSSL_HANDSHAKE { set serial_number [X509::serial_number [SSL::cert 0]] log "Serial Number: $serial_number" }
Related Information Valid Events: CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, HTTP_RESPONSE_CONTINUE
X509::subject
Returns the subject of an X.509 certificate. Syntax SSL::verify_result [<result_code>] Example:
when CLIENTSSL_HANDSHAKE { set subject [X509::subject [SSL::cert 0]] log "subject $subject" }
Related Information Valid Events CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, HTTP_RESPONSE_CONTINUE
150 of 166
P e r f o r m a n c e
b y
D e s i g n
X509::verify_cert_error_string
Returns the error string as an OpenSSL X.509 error string. Syntax X509::verify_cert_error_string <error_code> Example:
when CLIENTSSL_HANDSHAKE { set result [X509::verify_cert_error_string [SSL::verify_result]] log "result $result" }
Related Information Valid Events CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, HTTP_RESPONSE_CONTINUE
X509::version
Returns the version number of an X.509 certificate. Syntax X509::version Example:
when CLIENTSSL_HANDSHAKE { set version [X509::version [SSL::cert 0]] log "Version Number: $version" }
Related Information Valid Events: CLIENTSSL_CLIENTCERT, CLIENTSSL_HANDSHAKE, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_DATA, HTTP_RESPONSE_CONTINUE
P e r f o r m a n c e
b y
151 of 166
STATS Commands
STATS::clear
Clears statistics for a real server (node), virtual server, or service group (pool). Syntax Clear Real Server Statistics: To clear statistics for a real server, use the following command:
STATS::clear server <server-name | ipaddr> [<port-num> <tcp | udp>] current-connection | total-connection | request-pkt | response-pkt [partition shared]
Syntax Clear Virtual Server Statistics: To clear statistics for a virtual server, use the following command:
STATS::clear virtual-server <vip-name| vipaddr> [<port-num> <service-type>] current-connection | total-connection | request-pkt | response-pkt [partition shared]
Syntax Clear Service Group Statistics: To clear statistics for a service group, use the following command:
STATS::clear pool <pool-name> [member <ipaddr> <port-num>] current-connection | total-connection | request-pkt | response-pkt [partition shared]
152 of 166
P e r f o r m a n c e
b y
D e s i g n
STATS::get
Retrieves statistics for a real server (node), virtual server, or service group (pool). Syntax Get Real Server Statistics: To retrieve statistics from a real server, use the following command:
STATS::get server <server-name | ipaddr> [<port-num> <tcp | udp>] current-connection | total-connection | request-pkt | response-pkt [partition shared]
You can specify the server by its name or IP address (<server-name> or <ipaddr>). Optionally, you can specify an individual port by its port number (0-65535) and Layer 4 protocol (tcp or udp). By default, statistics for all the servers real ports are returned. To specify the types of statistics to return, use one of the following options:
current-connection total-connection request-pkt response-pkt
The shared partition option applies the command to real servers in the shared partition. By default, the STATS::get command acts only upon the real servers located in the Role-Based Administration (RBA) partition that contains the aFleX policy. Syntax Get Virtual Server Statistics: To retrieve statistics from a virtual server, use the following command:
STATS::get virtual-server <vip-name| vipaddr> [<port-num> <service-type>] current-connection | total-connection | request-pkt | response-pkt [partition shared]
You can specify the virtual server by its name or VIP address (<vip-name> or <vipaddr>).
P e r f o r m a n c e
b y
153 of 166
Specify the service group by its name (pool-name). Optionally, you can specify an individual member (server and port) by the real server IP address and protocol port number. By default, statistics for all the service groups members are returned. The other options are the same as those for real servers and virtual servers. Valid Events: All events Example: The following policy will select a real server based on the current connection counter:
when CLIENT_ACCEPTED { set total1 [STATS::get server 10.10.10.10 current-connection] set total2 [STATS::get server 10.10.10.20 current-connection] if { $total1 > $total2 } { node 10.10.10.20 80 } else } } { node 10.10.10.10 80
154 of 166
P e r f o r m a n c e
b y
D e s i g n
TCP Commands
TCP::client_port
Returns the TCP port/service number of the specified client. This command is equivalent to the command clientside { TCP::remote_port } and to client_port. Syntax TCP::client_port Example:
when CLIENT_ACCEPTED { if { [TCP::client_port] > 1000 } { pool slow_pool } else { pool fast_pool } }
TCP::close
Closes the TCP connection. Syntax TCP::close Example:
when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if {[TCP::payload] contains "abc"} { pool abc_pool TCP::release } else { TCP::close } }
P e r f o r m a n c e
b y
155 of 166
TCP::collect
Causes TCP to start collecting the specified amount of content data. Syntax TCP::collect <length> The <length> parameter specifies the minimum number of bytes to collect. Example:
when CLIENT_ACCEPTED { TCP::collect 15 } when CLIENT_DATA { if { [TCP::payload 15] contains "XYZ" } { pool xyz_servers } else { pool web_servers } }
TCP::local_port
Returns the local TCP port/service number. This command is equivalent to the variable local_port. Syntax TCP::local_port
156 of 166
P e r f o r m a n c e
b y
D e s i g n
TCP::mss
Returns the on-wire Maximum Segment Size (MSS) for a TCP connection. Syntax TCP::mss Example: when CLIENT_ACCEPTED { log "MSS is [TCP::mss]" }
TCP::offset
Returns the position in the TCP data stream in which the collected TCP data starts. Syntax TCP::offset Example:
when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if {[TCP::offset] > 1000} { TCP::release } } P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y
157 of 166
TCP::payload
Returns the accumulated TCP data content, or replaces collected payload with the specified data. Syntax TCP::payload [<size>] TCP::payload <offset> <size> TCP::payload length TCP::payload [<size>] Returns the accumulated TCP data content. TCP::payload <offset> <size> Returns the accumulated TCP data content start from <offset>. TCP::payload length Returns the amount of accumulated TCP data content in bytes. Example:
when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if { [TCP::payload] contains "flower" } { pool http-sg2 } else { pool http-sg3 } }
TCP::release
Causes TCP to resume processing the connection and flush collected data. Syntax TCP::release
158 of 166
P e r f o r m a n c e
b y
D e s i g n
TCP::remote_port
Returns the remote TCP port/service number. When used with the clientside command (that is, clientside TCP::remote_port), the TCP::remote_port command is equivalent to the TCP::client_port command. When used with the serverside command (that is, serverside TCP::remote_port), the TCP::remote_port command is equivalent to the TCP::server_port command. Note: This command replaces the remote_port command. Syntax TCP::remote_port Example:
when SERVER_CONNECTED { log "server TCP port = [TCP::remote_port]" }
TCP::server_port
Returns the TCP port/service number of the specified server. This command is equivalent to the command serverside { TCP::remote_port } and to the BIG-IP 4.x variable server_port. Syntax TCP::server_port
P e r f o r m a n c e
b y
159 of 166
TIME Commands
TIME::clock
Return the system time, in seconds or milliseconds.
use
This command is provided for backwards compatibility. The use statement must be paired with certain commands such as node, and pool. However, A10 Networks recommends using the commands node and pool directly. Syntax use <object> <object_name> Example:
when HTTP_REQUEST { if { [HTTP::uri] contains "aol" } { use pool aol_pool } else { use pool all_pool } }
160 of 166
P e r f o r m a n c e
b y
D e s i g n
UDP Commands
UDP::client_port
Returns the UDP port/service number of the client system. This command is equivalent to the command clientside { UDP::remote_port }. Syntax UDP::client_port Example:
when CLIENT_ACCEPTED { if { [UDP::client_port] equals 80 } { pool pool-80 } }
Related Information Valid Events CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, SERVER_CONNECTED, SERVER_CLOSED, SERVER_DATA
UDP::local_port
Returns the local UDP port/service number. Syntax UDP::local_port
P e r f o r m a n c e
b y
161 of 166
Related Information Valid Events CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, SERVER_CONNECTED, SERVER_CLOSED, SERVER_DATA
UDP::mss
Returns the on-wire Maximum Segment Size (MSS) for a UDP connection. Syntax UDP::mss Example:
when CLIENT_ACCEPTED { log "MSS is [UDP::mss]" }
Related Information Valid Events CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, SERVER_CONNECTED, SERVER_CLOSED, SERVER_DATA
162 of 166
P e r f o r m a n c e
b y
D e s i g n
UDP::payload
Returns the content or length of the current UDP payload. Syntax UDP::payload [<size>] UDP::payload length UDP::payload offset size UDP::payload [<size>] Returns the content of the current UDP payload. UDP::payload length Returns the length, in bytes, of the current UDP payload. UDP::payload offset size Returns the content of the current UDP payload from <offset>. Example:
when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if { [UDP::payload 12 20] contains "a10networks" } { pool dns-sg1 } else { pool dns-sg2 } }
Related Information Valid Events CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, SERVER_CONNECTED, SERVER_CLOSED, SERVER_DATA
UDP::remote_port
Returns the remote UDP port/service number. Syntax UDP::remote_port
P e r f o r m a n c e
b y
163 of 166
Related Information Valid Events CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, SERVER_CONNECTED, SERVER_CLOSED, SERVER_DATA
UDP::server_port
Returns the UDP port/service number of the server. This command is equivalent to the command serverside { UDP::remote_port }. Syntax UDP::server_port Example:
when SERVER_CONNECTED { if { [UDP::server_port] equals 80 } { log "Port 80 was selected" } }
Related Information Valid Events CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, SERVER_CONNECTED, SERVER_CLOSED, SERVER_DATA
164 of 166
P e r f o r m a n c e
b y
D e s i g n
P e r f o r m a n c e
b y
D e s i g n
166
P e r f o r m a n c e
b y
D e s i g n
Corporate Headquarters A10 Networks, Inc. 2309 Bering Dr. San Jose, CA 95131-1125 USA Tel: +1-408-325-8668 (main) Tel: +1-408-325-8676 (support - worldwide) Tel: +1-888-822-7210 (support - toll-free in USA) Fax: +1-408-325-8666 www.a10networks.com
166