Expressions for identifying the protocol in an incoming IP packet
The following table lists the expressions that you can use to identify the protocol in an incoming packet.
|CLIENT.IP.PROTOCOL||Identifies the protocol in IPv4 packets sent by clients.|
|CLIENT.IPV6.PROTOCOL||Identifies the protocol in IPv6 packets sent by clients.|
|SERVER.IP.PROTOCOL||Identifies the protocol in IPv4 packets sent by servers.|
|SERVER.IPV6.PROTOCOL||Identifies the protocol in IPv6 packets sent by servers.|
Arguments to the PROTOCOL function
You can pass the Internet Assigned Numbers Authority (IANA) protocol number to the PROTOCOL function. For example, if you want to determine whether the protocol in an incoming packet is TCP, you can use CLIENT.IP.PROTOCOL.EQ(6), where 6 is the IANA-assigned protocol number for TCP. For some protocols, you can pass an enumeration value instead of the protocol number. For example, instead of CLIENT.IP.PROTOCOL.EQ(6), you can use CLIENT.IP.PROTOCOL.EQ(TCP). The following table lists the protocols for which you can use enumeration values, and the corresponding enumeration values for use with the PROTOCOL function.
|Transmission Control Protocol (TCP)||TCP|
|User Datagram Protocol (UDP)||UDP|
|Internet Control Message Protocol (ICMP)||ICMP|
|IP Authentication Header (AH), for providing authentication services in IPv4 and IPv6||AH|
|Encapsulating Security Payload (ESP) protocol||ESP|
|General Routing Encapsulation (GRE)||GRE|
|IP-within-IP Encapsulation Protocol||IPIP|
|Internet Control Message Protocol for IPv6 (ICMPv6)||ICMPv6|
|Fragment Header for IPv6||FRAGMENT|
Use case scenarios
The protocol expressions can be used in both request-based and response-based policies. You can use the expressions in various Citrix ADC features, such as load balancing, WAN optimization, content switching, rewrite, and listen policies. You can use the expressions with functions such as EQ() and NE(), to identify the protocol in a policy and perform an action.
Following are some use cases for the expressions:
- In Branch Repeater load balancing configurations, you can use the expressions in a listen policy for the wildcard virtual server. For example, you can configure the wildcard virtual server with the listen policy CLIENT.IP.PROTOCOL.EQ(TCP) so that the virtual server processes only TCP traffic and simply bridges all non-TCP traffic. Even though you can use an Access Control List instead of the listen policy, the listen policy provides better control over what traffic is processed.
- For content switching virtual servers of type ANY, you can configure content switching policies that switch requests on the basis of the protocol in incoming packets. For example, you can configure content switching policies to direct all TCP traffic to one load balancing virtual server and all non-TCP traffic to another load balancing virtual server.
- You can use the client-based expressions to configure persistence based on the protocol. For example, you can use CLIENT.IP.PROTOCOL to configure persistence on the basis of the protocols in incoming IPv4 packets.