Manage client connections
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Manage client connections
To facilitate management of client connections, you can enable delayed cleanup of connections to the virtual server. You can then manage local DNS traffic by configuring DNS policies.
The state of a virtual server depends on the states of the services bound to it, and the state of each service depends on the monitors bound to it. If a server is slow or down, the monitoring probes time out and the service that represents the server is marked as DOWN. A virtual server is marked as DOWN only when all services bound to it are marked as DOWN. You can configure services and virtual servers to either terminate all connections when they go down, or allow the connections to go through. The latter setting is for situations in which a service is marked as DOWN because of a slow server.
When you configure the down state flush option, the Citrix ADC appliance performs a delayed cleanup of connections to a GSLB service that is down.
To enable delayed cleanup of virtual server connections by using the command line interface
At the command prompt, type the following commands to configure delayed connection cleanup and verify the configuration:
set gslb service <name> -downStateFlush (ENABLED | DISABLED) show gslb service <name> <!--NeedCopy-->
set gslb service Service-GSLB-1 -downStateFlush ENABLED Done show gslb service Service-GSLB-1 Done <!--NeedCopy-->
To enable delayed cleanup of virtual server connections by using the configuration utility
- Navigate to Traffic Management > GSLB > Services and double-click the service.
- Click the Other Settings section and select the Down State Flush option.
You can use DNS policies to implement site affinity by directing traffic from the IP address of a local DNS resolver or network to a predefined target GSLB site. This is configured by creating DNS policies with DNS expressions and binding the policies globally on the Citrix ADC appliance.
The Citrix ADC appliance provides certain predefined DNS expressions that can be used for configuring actions specific to a domain. Such actions can, for example, drop certain requests, select a specific view for a specific domain, or redirect certain requests to a specific location.
These DNS expressions (also called rules) are combined to create DNS policies that are then bound globally on the Citrix ADC appliance.
Following is the list of predefined DNS qualifiers available on the Citrix ADC appliance:
The CLIENT.UDP.DNS.DOMAIN DNS expression can be used with string expressions. If you are using domain names as part of the expression, they must end with a period (.). For example, CLIENT.UDP.DNS.DOMAIN.ENDSWITH(“abc.com.”)
To create an expression by using the configuration utility
- Click the icon next to the Expression text box. Click Add. (Leave the Flow Type and Protocol drop-down list boxes empty.) Follow these steps to create a rule.
- In the Qualifier box, select a qualifier (for example, LOCATION).
- In the Operator box, select an operator (for example, ==).
- In the Value box, type a value (for example, Asia, Japan….).
- Click OK. Click Create and click Close. The rule is created.
- Click OK.
Configure DNS actions
A DNS policy includes the name of a DNS action to be performed when the policy rule evaluates to TRUE. A DNS action can do one of the following:
- Send the client an IP address for which you have configured a DNS view. For more information about DNS views, see Adding DNS Views.
- Send the client the IP address of a GSLB service after referring to a list of preferred locations that overrides static proximity behavior. For more information about preferred locations, see Overriding Static Proximity Behavior by Configuring Preferred Locations.
- Send the client a specific IP address as determined by the evaluation of the DNS query or response (DNS response rewrite).
- Forward a request to the name server without performing a lookup in the appliance’s DNS cache.
- Drop a request.
You cannot create a DNS action for dropping a DNS request or for bypassing the DNS cache on the appliance. If you want to drop a DNS request, use the built-in action, dns_default_act_Drop. If you want to bypass the DNS cache, use the built-in action, dns_default_act_Cachebypass. Both actions are available along with custom actions in the Create DNS Policy and the Configure DNS Policy dialog boxes. These built-in actions cannot be modified or removed.
To configure a DNS action by using the command line interface
At the command prompt, type the following commands to configure a DNS action and verify the configuration:
add dns action <actionName> <actionType> (-IPAddress <ip_addr | ipv6_addr> ... | -viewName <string> | -preferredLocList <string> ...) [-TTL <secs>] show dns action [<actionName>] <!--NeedCopy-->
Example 1: Configuring DNS Response Rewrite. The following DNS action sends the client a preconfigured IP address when the policy to which the action is bound evaluates to true:
add dns action dns_act_response_rewrite Rewrite_Response -IPAddress 192.0.2.20 192.0.2.56 198.51.100.10 Done show dns action dns_act_response_rewrite 1) ActionName: dns_act_response_rewrite ActionType: Rewrite_Response TTL: 3600 IPAddress: 192.0.2.20 192.0.2.56 198.51.100.10 Done <!--NeedCopy-->
Example 2: Configuring a DNS-View Based Response. The following DNS action sends the client an IP address for which you have configured a DNS view:
add dns action send_ip_from_view_internal_ip ViewName -viewName view_internal_ip Done show dns action send_ip_from_view_internal_ip 1) ActionName: send_ip_from_view_internal_ip ActionType: ViewName ViewName: view_internal_ip Done <!--NeedCopy-->
Example 3: Configuring a Response Based on a Preferred Location List. The following DNS action sends the client the IP address that corresponds to the preferred location that it selects from the specified list of locations:
add dns action send_preferred_location GslbPrefLoc -preferredLocList NA.tx.ns1.*.*.* NA.tx.ns2.*.*.* NA.tx.ns3.*.*.* Done show dns action send_preferred_location 1) ActionName: send_preferred_location ActionType: GslbPrefLoc PreferredLocList: "NA.tx.ns1.*.*.*" "NA.tx.ns2.*.*.*" "NA.tx.ns3.*.*.*" Done <!--NeedCopy-->
To configure a DNS action by using the Citrix ADC configuration utility
- Navigate to Traffic Management > DNS > Actions, create or edit a DNS action.
- In the Create DNS Action or Configure DNS Action dialog box, set the following parameters:
- Action Name (cannot be changed for an existing DNS action)
- Type (cannot be changed for an existing DNS action)
To set the
Type parameter, do one of the following:
- To create a DNS action that is associated with a DNS view, select View Name. Then, from the View Name list, select the DNS view that you want to use in the action.
- To create a DNS action with a preferred location list, select Preferred Location List. In Preferred Location, enter a location, and then click Add. Add as many DNS locations as you want.
- To configure a DNS action for rewriting a DNS response on the basis of policy evaluation, select Rewrite Response. In IP Address, enter an IP address, and then click Add. Add as many IP addresses as you want.
- TTL (applicable only to the Rewrite Response action type)
Configure DNS policies
DNS policies operate on a location database that uses static and custom IP addresses. The attributes of the incoming local DNS request are defined as part of an expression, and the target site is defined as part of a DNS policy. While defining actions and expressions, you can use a pair of single quotation marks (‘’) as a wildcard qualifier to specify more than one location. When a DNS policy is configured and a GSLB request is received, the custom IP address database is first queried for an entry that defines the location attributes for the source:
- When a DNS query comes from an LDNS, the characteristics of the LDNS are evaluated against the configured policies. If they match, an appropriate action (site affinity) is executed. If the LDNS characteristics match more than one site, the request is load balanced between the sites that match the LDNS characteristics.
- If the entry is not found in the custom database, the static IP address database is queried for an entry, and if there is a match, the above policy evaluation is repeated.
- If the entry is not found in either the custom or static databases, the best site is selected and sent in the DNS response on the basis of the configured load balancing method.
The following restrictions apply to DNS policies created on the Citrix ADC appliance.
A maximum of 64 policies are supported.
DNS policies are global to the Citrix ADC appliance and cannot be applied to a specific virtual server or domain.
Domain or virtual server specific binding of policy is not supported.
You can use DNS policies to direct clients that match a certain IP address range to a specific site. For example, if you have a GSLB setup with multiple GSLB sites that are separated geographically, you can direct all clients whose IP address is within a specific range to a particular data center.
Both TCP-based and UDP-based DNS traffic can be evaluated. Policy expressions are available for UDP-based DNS traffic on the server and for both UDP-based DNS traffic and TCP-based DNS traffic on the client side. Additionally, you can configure expressions to evaluate queries and responses that involve only the following DNS question types (or QTYPE values):
The following response codes (RCODE values) are also supported:
- NOERROR - No error
- FORMERR - Format error
- SERVFAIL - Server failure
- NXDOMAIN - Non-existent domain
- NOTIMP - Query type not implemented
- REFUSED - Query refused
You can configure expressions to evaluate DNS traffic. A DNS expression begins with the DNS.REQ or DNS.RES prefixes. Functions are available for evaluating the queried domain, the query type, and the carrier protocol. For more information about DNS expressions, see “Expressions for Evaluating a DNS Message and Identifying Its Carrier Protocol” in “Policy Configuration and Reference”.
To add a DNS policy by using the command line interface
At the command prompt, type the following commands to create a DNS policy and verify the configuration:
add dns policy <name> <rule> <actionName> show dns policy <name> <!--NeedCopy-->
> add dns policy policy-GSLB-1 'CLIENT.UDP.DNS.DOMAIN.EQ("domainname")' my_dns_action Done > show dns policy policy-GSLB-1 Name: policy-GSLB-1 Rule: CLIENT.UDP.DNS.DOMAIN.EQ("domainname") Action Name: my_dns_action Hits: 0 Undef Hits: 0 Done <!--NeedCopy-->
To remove a configured DNS policy by using the command line interface
At the command prompt, type:
rm dns policy <name> <!--NeedCopy-->
To configure a DNS policy by using the Citrix ADC configuration utility
- Navigate to Traffic Management > DNS > Policies and create a DNS policy.
- In the Create DNS Policy or Configure DNS Policy dialog box, set the following parameters:
- Policy Name (cannot be changed for an existing policy)
To specify an expression, do the following:
- Click Add, and then, in the drop-down box that appears, select the expression element with which you want to begin the expression. A second list appears. The list contains a set of expression elements that you can use immediately after the firs expression element.
- In the second list, select the expression element that you want, and then enter a period.
- After each selection, if you enter a period, the next set of valid expression elements appear in a list. Select expression elements and fill in arguments to functions until you have the expression you want.
- Click Create or OK, and then click Close.
Bind DNS policies
DNS policies are bound globally on the Citrix ADC appliance and are available for all configured GSLB virtual servers. Even though DNS policies are globally bound, policy execution can be limited to a specific GSLB virtual server by specifying the domain in the expression.
Note: Even though the bind dns global command accepts REQ_OVERRIDE and RES_OVERRIDE as valid bind points, those bind points are redundant, because DNS policies can be bound only globally. Bind your DNS policies only to the REQ_DEFAULT and RES_DEFAULT bind points.
To bind a DNS policy globally by using the command line interface
At the command prompt, type the following commands to bind a DNS policy globally and verify the configuration:
bind dns global <policyName> <priority> [-gotoPriorityExpression <string>] [-type <type>] show dns global -type <type> <!--NeedCopy-->
bind dns global policy-GSLB-1 10 -gotoPriorityExpression END Done show dns global -type REQ_DEFAULT 1) Policy Name: policy-GSLB-1 Priority: 10 GotoPriorityExpression: END Done <!--NeedCopy-->
To bind a DNS policy globally by using the configuration utility
- Navigate to Traffic Management > DNS > Policies.
- In the details pane, click Global Bindings.
- In the Bind/Unbind DNS Policy(s) to Global dialog box, click Insert Policy.
- In the Policy Name column, select, from the list, the policy that you want to bind. Alternatively, in the list, click New Policy, and then create a DNS policy by setting parameters in the Create DNS Policy dialog box.
- To modify a policy that is already bound globally, click the name of the policy, and then click Modify Policy. Then, in the Configure DNS Policy dialog box, modify the policy, and then click OK.
- To unbind a policy, click the name of the policy, and then click Unbind Policy.
- To modify the priority assigned to a policy, double-click the priority value, and then enter a new value.
- To regenerate assigned priorities, click Regenerate Priorities. The priority values are modified to begin at 100, with increments of 10, without affecting the order of evaluation.
- Click OK.
To view the global bindings of a DNS policy by using the command line interface
At the command prompt, type:
show dns global
To view the global bindings of a DNS policy by using the configuration utility
- Navigate to Traffic Management > DNS > Policies.
- In the details pane, click Global Bindings. The global bindings of all DNS policies appear in this dialog box.
You can configure DNS views to identify various types of clients and provide an appropriate IP address to a group of clients who query for the same GSLB domain. DNS views are configured by using DNS policies that select the IP addresses sent back to the client.
For example, if you have configured GSLB for your company’s domain and have the server hosted in your company’s network, clients querying for the domain from within your company’s internal network can be provided with the server’s internal IP address instead of the public IP address. Clients that query DNS for the domain from the Internet, on the other hand, can be provided the domain’s public IP address.
To add a DNS view, you assign it a name of up to 31 characters. The leading character must be a number or letter. The following characters are also allowed: @ _ - . (period) : (colon) # and space ( ). After adding the view, you configure a policy to associate it with clients and a part of the network, and you bind the policy globally. To configure and bind a DNS policy, see Managing Local DNS Traffic by Using DNS Policies.
To add a DNS view by using the command line interface
At the command prompt, type the following commands to create a DNS view and verify the configuration:
add dns view <viewName> show dns view <viewName> <!--NeedCopy-->
add dns view PrivateSubnet show dns view PrivateSubnet <!--NeedCopy-->
To remove a DNS view by using the command line interface
At the command prompt, type:
rm dns view <viewName> <!--NeedCopy-->
To add a DNS view by using the configuration utility
Navigate to Traffic Management > DNS > Views and add a DNS view.
For details on how to create a DNS policy and how to bind DNS policies globally, see Managing Local DNS Traffic by Using DNS Policies.
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select Do Not Agree to exit.