ADC

Customizing the basic content switching configuration

After you configure a basic content switching setup, you might need to customize it to meet your requirements. If your web servers are UNIX-based and rely on case sensitive pathnames, you can configure case sensitivity for policy evaluation. You can also set precedence for evaluation of the content switching policies that you configured. You can configure HTTP and SSL content switching virtual servers to listen on multiple ports instead of creating separate virtual servers. If you want to configure content switching for a specific a virtual LAN, you can configure a content switching virtual server with a listen policy.

Configuring case sensitivity for policy evaluation

You can configure the content switching virtual server to treat URLs as case sensitive in URL-based policies. When case sensitivity is configured, the Citrix ADC appliance considers the case when evaluating policies. For example, if case sensitivity is off, the URLs /a/1.htm and /A/1.HTM are treated as identical. If case sensitivity is on, those URLs are treated as separate and can be switched to different targets.

To configure case sensitivity by using the command line interface

At the command prompt, type:

set cs vserver <name> -caseSensitive (ON|OFF)

Example:

set cs vserver Vserver-CS-1 -caseSensitive ON
<!--NeedCopy-->

To configure case sensitivity by using the configuration utility

  1. Navigate to Traffic Management > Content Switching > Virtual Servers, and open a virtual server.
  2. In Advanced Settings, select Traffic Settings, and then select Case Sensitive.

Setting the Precedence for Policy Evaluation

Precedence refers to the order in which policies that are bound to a virtual server are evaluated. You need not configure precedence. The default precedence often works correctly.

You can configure either URL-based precedence or rule-based precedence in the following scenarios:

  • One policy or set of policies must be applied first
  • Another policy or set of policies is applied only if the first set does not match a request.

Precedence with URL-Based Policies

If there are multiple matching URLs for the incoming request, the precedence (priority) for URL-based policies is:

  1. Domain and exact URL
  2. Domain, prefix, and suffix
  3. Domain and suffix
  4. Domain and prefix
  5. Domain only
  6. Exact URL
  7. Prefix and suffix
  8. Suffix only
  9. Prefix only
  10. Default

If you configure precedence based on URL, the request URL is compared to the configured URLs. If none of the configured URLs match the request URL, then rule-based policies are checked. If the request URL does not match any rule-based policies, or if the content group selected for the request is down, then the request is processed as follows:

  • If you configure a default group for the content switching virtual server, then the request is forwarded to the default group.
  • If the configured default group is down or if no default group is configured, then an “HTTP 404 Not Found” error message is sent to the client.

Note

You must configure URL-based precedence if the content type (for example, images) is the same for all clients. However, if different types of content must be served based on client attributes (such as Accept-Language), you must use rule-based precedence.

Precedence with Rule-Based Policies

If you configure precedence based on rules, which is the default setting, the request is tested based on the rule-based policies you have configured. If the request does not match any rule-based policies, or if the content group selected for the incoming request is down, the request is processed in the following manner:

  • If a default group is configured for the content switching virtual server, the request is forwarded to the default group.
  • If the configured default group is down or if no default group is configured, an “HTTP 404 Not Found” error message is sent to the client.

To configure precedence by using the command line interface

At the command prompt, type:

set cs vserver <name> -precedence ( RULE | URL )

Example:

set cs vserver Vserver-CS-1 -precedence RULE

To configure precedence by using the configuration utility

  1. Navigate to Traffic Management > Content Switching > Virtual Servers, and open a virtual server.
  2. In Advanced Settings, select Traffic Settings, and then specify Precedence.

Support for Multiple Ports for HTTP and SSL Type Content Switching Virtual Servers

You can configure the Citrix ADC so that HTTP and SSL content switching virtual servers listen on multiple ports, without having to configure separate virtual servers. This feature is especially useful if you want to base a content switching decision on a part of the URL and other L7 parameters. Instead of configuring multiple virtual servers with the same IP address and different ports, you can configure one IP address and specify the port as *. As a result, the configuration size is also reduced.

To configure an HTTP or SSL content switching virtual server to listen on multiple ports by using the command line

At the command prompt, type:

add cs vserver <name> <serviceType> <IPAddress> Port *

Example

> add cs vserver cs1 HTTP 10.102.92.215 *
 Done
> sh cs vserver cs1
        cs1 (10.102.92.215:*) - HTTP    Type: CONTENT
        State: UP
        Last state change was at Tue May 20 01:15:49 2014
        Time since last state change: 0 days, 00:00:03.270
        Client Idle Timeout: 180 sec
        Down state flush: ENABLED
        Disable Primary Vserver On Down : DISABLED
        Appflow logging: ENABLED
        Port Rewrite : DISABLED
        State Update: DISABLED
        Default:        Content Precedence: RULE
        Vserver IP and Port insertion: OFF
        L2Conn: OFF     Case Sensitivity: ON
        Authentication: OFF
        401 Based Authentication: OFF
        Push: DISABLED  Push VServer:
        Push Label Rule: none
        IcmpResponse: PASSIVE
        RHIstate:  PASSIVE
        TD: 0
 Done
<!--NeedCopy-->

To configure an HTTP or SSL content switching virtual server to listen on multiple ports by using the configuration utility

  1. Navigate to Traffic Management > Content Switching > Virtual Servers, and create a virtual server of type HTTP or SSL.
  2. Use an asterisk (*) to specify the port.

Configuring per-VLAN Wildcard Virtual Servers

If you want to configure content switching for traffic on a specific VLAN, you can create a wildcard virtual server with a listen policy that restricts it to processing traffic only on the specified VLAN.

To configure a wildcard virtual server that listens to a specific VLAN by using the command line interface

At the command prompt, type:

add cs vserver <name> <serviceType> IPAddress `* Port *` -listenpolicy <expression> [-listenpriority <positive_integer>]
<!--NeedCopy-->

Example:

add cs vserver Vserver-CS-vlan1 ANY * *
-listenpolicy "CLIENT.VLAN.ID.EQ(2)"  -listenpriority 10
<!--NeedCopy-->

To configure a wildcard virtual server that listens to a specific VLAN by using the configuration utility

Navigate to Traffic Management > Content Switching > Virtual Servers, and configure a virtual server. Specify a listen policy that restricts it to processing traffic only on the specified VLAN.

After you have created this virtual server, you bind it to one or more services as described in Setup basic load balancing.

Configuring the Microsoft SQL Server Version Setting

You can specify the version of Microsoft® SQL Server® for a content switching virtual server that is of type MSSQL. The version setting is recommended if you expect some clients to not be running the same version as your Microsoft SQL Server product. The version setting provides compatibility between the client-side and server-side connections by ensuring that all communication conforms to the server’s version.

To set the Microsoft SQL Server version parameter by using the command line interface

At the command prompt, type the following commands to set the Microsoft SQL Server version parameter for a content switching virtual server and verify the configuration:

  • set cs vserver <name> -mssqlServerVersion <mssqlServerVersion>
  • show cs vserver <name>

Example

> set cs vserver myMSSQLcsvip -mssqlServerVersion 2008R2 Done > show cs vserver myMSSQLcsvip myMSSQLcsvip (192.0.2.13:1433) - MSSQL Type: CONTENT State: UP . . . . . . MSsql Server Version: 2008R2 . . . . . . Done >
<!--NeedCopy-->

To set the Microsoft SQL Server version parameter by using the configuration utility

  1. Navigate to Traffic Management > Content Switching > Virtual Servers, configure a virtual server, and specify the protocol as MSSQL.
  2. In Advanced Settings, specify the Server Version.

Enable external TCP health check for UDP virtual servers

In public clouds, you can use the Citrix ADC appliance as a second-tier load balancer when the native load balancer is used as a first tier. The native load balancer can be an application load balancer (ALB) or a network load balancer (NLB). Most of the public clouds do not support UDP health probes in their native load balancers. To monitor the health of the UDP application, public clouds recommend adding a TCP-based endpoint to your service. The endpoint reflects the health of the UDP application.

The Citrix ADC appliance supports the external TCP-based health check for a UDP virtual server. This feature introduces a TCP listener on the VIP of the content switching virtual server and the configured port. The TCP listener reflects the status of the virtual server.

To enable external TCP health check for UDP virtual servers by using CLI

At the command prompt, type the following command to enable an external TCP health check with the tcpProbePort option:

add cs vserver <name> <protocol> <IPAddress> <port> -tcpProbePort <tcpProbePort>
<!--NeedCopy-->

Example:

add cs vserver Vserver-CS-1 UDP 10.102.29.161 5002 -tcpProbePort 5000
<!--NeedCopy-->

To enable external TCP health check for UDP virtual servers by using GUI

  1. Navigate to Traffic Management > Content Switching > Virtual Servers, and then create a virtual server.
  2. Click Add to create a virtual server.
  3. In the Basic Settings pane, add the port number in the TCP Probe Port field.
  4. Click OK.