ADC

Using NULL Policy Based Routes to Drop Outgoing Packets

Some situations might demand that the Citrix ADC appliance drops specific outgoing packets instead of routing them, for example, in testing cases and during deployment migration.

NULL policy based routes can be used to drop specific outgoing packets. A NULL PBR is a type of PBR that has the nexthop parameter set to NULL. The Citrix ADC appliance drops outgoing packets that match a NULL PBR.

Configuring NULL PBRs for IPv4 Packets

To create a NULL PBR by using the CLI:

At the command prompt, type:

  • **add ns pbr** <name> ALLOW [**-td** <positive_integer>] [-**srcIP** [<operator>] <srcIPVal>] [-**srcPort** [<operator>] <srcPortVal>] [-**destIP** [<operator>] <destIPVal>] [-**destPort** [<operator>] <destPortVal>] (-**nextHop NULL**) [**srcMac** <mac_addr> [-**srcMacMask** <string>]] [-**protocol** <protocol> | -**protocolNumber** <positive_integer>] [-**vlan** <positive_integer> | -**vxlan** <positive_integer>] [-**interface** <interface_name>] [-**priority** <positive_integer>] [-**msr** ( **ENABLED** | **DISABLED** ) [**-monitor** <string>]] [-**state** ( **ENABLED** | **DISABLED** )[-**ownerGroup** <string>]

  • apply ns pbrs
  • show ns pbr<id>

To configure a NULL PBR by using the GUI:

Navigate to System > Network> PBRs, on the PBRs tab, add a new NULL PBR, or edit an existing NULL PBR.

Sample configuration

In the following sample configuration, NULL PBR6 PBR6-NULL-EXAMPLE-1 is configured for dropping any outgoing IPv6 packets from interface 1/5.

> add ns pbr PBR6-NULL-EXAMPLE-1 ALLOW –nextHop NULL -interface 1/5
 Done

> apply ns pbr6
 Done
Using NULL Policy Based Routes to Drop Outgoing Packets