ADC

Create policy labels

In addition to the built-in bind points where you set up policy banks, you can also configure user-defined policy labels and associate policies with them.

Within a policy label, you bind policies and specify the order of evaluation of each policy relative to others in the bank of policies for the policy label. The Citrix ADC also permits you to define an arbitrary evaluation order as follows:

  • You can use “goto” expressions to point to the next entry in the bank to be evaluated after the current one.
  • You can use an entry in a policy bank to invoke another bank.

Each feature determines the type of policy that you can bind to a policy label, the type of load balancing virtual server that you can bind the label to, and the type of content switching virtual server from which the label can be invoked. For example, a TCP policy label can only be bound to a TCP load balancing virtual server. You cannot bind HTTP policies to a policy label of this type. And you can invoke a TCP policy label only from a TCP content switching virtual server.

After configuring a new policy label, you can invoke it from one or more banks for the built-in bind points.

Create a caching policy label by using the CLI

At the command prompt, type the following commands to create a Caching policy label and verify the configuration:

-  add cache policylabel <labelName> -evaluates req|res  

-  show cache policylabel<labelName>  
<!--NeedCopy-->

Example:

> add cache policylabel lbl-cache-pol -evaluates req
Done

> show cache policylabel lbl-cache-pol
            Label Name: lbl-cache-pol
            Evaluates: REQ
            Number of bound policies: 0
            Number of times invoked: 0
Done
<!--NeedCopy-->

Create a content switching policy label by using the CLI

At the command prompt, type the following commands to create a Content Switching policy label and verify the configuration:

-  add cs policylabel <labelName> http|tcp|rtsp|ssl  

-  show cs policylabel <labelName>  
<!--NeedCopy-->

Example:

> add cs policylabel lbl-cs-pol http
Done
> show cs policylabel lbl-cs-pol
            Label Name: lbl-cs-pol
            Label Type: HTTP
            Number of bound policies: 0
            Number of times invoked: 0
Done
<!--NeedCopy-->

Create a rewrite policy label by using the CLI

At the command prompt, type the following commands to create a Rewrite policy label and verify the configuration:

-  add rewrite policylabel <labelName> http_req|http_res|url|text|clientless_vpn_req|clientless_vpn_res  

-  show rewrite policylabel <labelName>  
<!--NeedCopy-->

Example:

> add rewrite policylabel lbl-rewrt-pol http_req
Done

> show rewrite policylabel lbl-rewrt-pol
            Label Name: lbl-rewrt-pol
            Transform Name: http_req
            Number of bound policies: 0
            Number of times invoked: 0
Done
<!--NeedCopy-->

Create a responder policy label by using the CLI

At the command prompt, type the following commands to create a Responder policy label and verify the configuration:

-  add responder policylabel <labelName>  

-  show responder policylabel <labelName>  
<!--NeedCopy-->

Example:

> add responder policylabel lbl-respndr-pol
Done

> show responder policylabel lbl-respndr-pol
            Label Name: lbl-respndr-pol
            Number of bound policies: 0
            Number of times invoked: 0
Done
<!--NeedCopy-->

Note: Invoke this policy label from a policy bank. For more information, see the “Binding a Policy to a Policy Label” section.

Create a policy label by using the GUI

  1. In the navigation pane, expand the feature for which you want to create a policy label, and then click Policy Labels. The choices are Integrated Caching, Rewrite, Content Switching, or Responder.
  2. In the details pane, click Add.
  3. In the Name box, enter a unique name for this policy label.
  4. Enter feature-specific information for the policy label. For example, for Integrated Caching, in the Evaluates drop-down menu, you would select REQ if you want this policy label to contain request-time policies, or select RES if you want this policy label to contain response-time policies. For Rewrite, you would select a Transform name.
  5. Click Create.
  6. Configure one of the built-in policy banks to invoke this policy label. For more information, see the “Binding a Policy to a Policy Label” section. A message in the status bar indicates that the policy label is created successfully.

Bind a policy to a policy label

As with policy banks that are bound to the built-in bind points, each entry in a policy label is a policy that is bound to the policy label. As with policies that are bound globally or to a vserver, each policy that is bound to the policy label can also invoke a policy bank or a policy label that is evaluated after the current entry has been processed. The following table summarizes the entries in a policy label.

  • Name. The name of a policy, or, to invoke another policy bank without evaluating a policy, the “dummy” policy name NOPOLICY.

    You can specify NOPOLICY more than once in a policy bank, but you can specify a named policy only once.

  • Priority. An integer. This setting can work with the Goto expression.

  • Goto Expression. Determines the next policy to evaluate in this bank. You can provide one of the following values:

    • NEXT. Go to the policy with the next higher priority.
    • END. Stop evaluation.
    • USE_INVOCATION_RESULT. Applicable if this entry invokes another policy bank. If the final Goto in the invoked bank has a value of END, evaluation stops. If the final Goto is anything other than END, the current policy bank performs a NEXT.
    • Positive number: The priority number of the next policy to be evaluated.
    • Numeric expression. An expression that produces the priority number of the next policy to be evaluated.

    The Goto can only proceed forward in a policy bank.

    If you omit the Goto expression, it is the same as specifying END.

  • Invocation Type. Designates a policy bank type. The value can be one of the following:

    • Request Vserver. Invokes request-time policies that are associated with a virtual server.
    • Response Vserver. Invokes response-time policies that are associated with a virtual server.
    • Policy label. Invokes another policy bank, as identified by the policy label for the bank.
  • Invocation Name. The name of a virtual server or a policy label, depending on the value that you specified for the Invocation Type.

Create policy labels