Product Documentation

Default Syntax Expressions: IP and MAC Addresses, Throughput, VLAN IDs

Sep 27, 2017

You can use default syntax expression prefixes that return IPv4 and IPv6 addresses, MAC addresses, IP subnets, useful client and server data such as the throughput rates at the interface ports (Rx, Tx, and RxTx), and the IDs of the VLANs through which packets are received. You can then use various operators to evaluate the data that is returned by these expression prefixes.

This document includes the following details:

Expressions for IP Addresses and IP Subnets

Updated: 2013-09-02

You can use default syntax expressions to evaluate addresses and subnets that are in Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) format. Expression prefixes for IPv6 addresses and subnets include IPv6 in the prefix. Expression prefixes for IPv4 addresses and subnets include IP in the prefix. Following is an example of an expression that identifies whether a request has originated from a particular IPv4 subnet.

``` pre codeblock client.ip.src.in_subnet(147.1.0.0/16)


Following are two examples of Rewrite policies that examine the subnet from which the packet is received and perform a rewrite action on the Host header. With these two policies configured, the rewrite action that is performed depends on the subnet in the request. These two policies evaluate IP addresses that are in the IPv4 address format.

``` pre codeblock
add rewrite action URL1-rewrite-action replace "http.req.header(\"Host\")" "\"www.mycompany1.com\""
add rewrite policy URL1-rewrite-policy "http.req.header(\"Host\").contains(\"www.test1.com\") && client.ip.src.in_subnet(147.1.0.0/16)" URL1-rewrite-action
add rewrite action URL2-rewrite-action replace "http.req.header(\"Host\")" "\"www.mycompany2.com\""
add rewrite policy URL2-rewrite-policy "http.req.header(\"Host\").contains(\"www.test2.com\") && client.ip.src.in_subnet(10.202.0.0/16)" URL2-rewrite-action

Note: The preceding examples are commands that you type at the NetScaler command-line interface (CLI) and, therefore, each quotation mark must be preceded by a backslash (\). For more information, see “ Configuring Default Syntax Expressions in a Policy.”

Prefixes for IPV4 Addresses and IP Subnets

Updated: 2013-09-02

The following table describes prefixes that return IPv4 addresses and subnets, and segments of IPv4 addresses. You can use numeric operators and operators that are specific to IPv4 addresses with these prefixes. For more information about numeric operations, see “Basic Operations on Expression Prefixes” and “Compound Operations for Numbers.

Prefix Description
CLIENT.IP.SRC Returns the source IP of the current packet as an IP address or as a number.
CLIENT.IP.DST Returns the destination IP of the current packet as an IP address or as a number.
SERVER.IP.SRC Returns the source IP of the current packet as an IP address or as a number.
SERVER.IP.DST Returns the destination IP of the current packet as an IP address or as a number.

Table 1. Prefixes That Evaluate IP and MAC Addresses

Operations for IPV4 Addresses

The following table describes the operators that can be used with prefixes that return an IPv4 address.

Table 2. Operations on IPV4 Addresses

Prefix

Description

<ip address>.EQ(<address>)

Returns a Boolean TRUE if the IP address value is same as the <address> argument. The following example checks whether the client's destination IP address is equal to 10.100.10.100:

client.ip.dst.eq(10.100.10.100)

<ip address>.GET1. . .GET4

Returns a portion of an IP address as a numeric value. For example, if the IP address value is 10.100.200.1, the following is returned:

client.ip.src.get1 Returns 10

client.ip.src.get2 returns 100

client.ip.src.get3 returns 200

<ip address>.IN_SUBNET(<subnet>)

Returns a Boolean TRUE if the <subnet> argument matches the subnet of the IP address value. For example, the following determines whether the client's destination IP address subnet is 10.100.10.100/18:

client.ip.dst.eq(10.100.10.100/18)

<ip address>.SUBNET(<n>)

Returns the IP address after applying the subnet mask specified as the argument. The subnet mask can take values between 0 and 32.

For example:

CLIENT.IP.SRC.SUBNET(24) returns 192.168.1.0 if the IP address represented by the prefix is 192.168.1.[0-255].

<ip address>.IS_IPV6

Returns a Boolean TRUE if this is an Internet Protocol version 6 (IPv6) host for the client or server. Following is an example:

client.ip.src.is_ipv6

<ip address>.MATCHES(<hostname>)

Returns a Boolean TRUE if the IP address for the host specified in <hostname> matches the current IP address. The <hostname> cannot exceed 255 characters.

<ip address>.MATCHES_LOCATION(<location>)

Returns a Boolean TRUE if the location of the IP address matches the <location> argument. The Location string can take the following form: qual1.qual2.qual3.qual4.qual5.qual6,

for example: NorthAmeria.CA.*

Following is an example:

client.ip.src.matches_location(\"Europe.GB.17.London.*.*\")

About IPv6 Expressions

The IPv6 address format allows more flexibility than the older IPv4 format. IPv6 addresses are in the hexadecimal format (RFC 2373). In the following examples, Example 1 is an IPv6 address, Example 2 is a URL that includes the IPv6 address, and Example 3 includes the IPv6 address and a port number.

Example 1:

``` pre codeblock 9901:0ab1:22a2:88a3:3333:4a4b:5555:6666


**Example 2:**

``` pre codeblock
http://[9901:0ab1:22a2:88a3:3333:4a4b:5555:6666]/

Example 3:

``` pre codeblock https://[9901:0ab1:22a2:88a3:3333:4a4b:5555:6666]:8080/


In Example 3, the brackets separate the IP address from the port number (8080).

Note that you can only use the '+' operator to combine IPv6 expressions with other expressions. The output is a concatenation of the string values that are returned from the individual expressions. You cannot use any other arithmetic operator with an IPv6 expression. The following syntax is an example:

``` pre codeblock
client.ipv6.src + server.ip.dst

For example, if the client source IPv6 address is ABCD:1234::ABCD, and the server destination IPv4 address is 10.100.10.100, the preceding expression returns “ABCD:1234::ABCD10.100.10.100”.

Note that when the NetScaler appliance receives an IPv6 packet, it assigns a temporary IPv4 address from an unused IPv4 address range and changes the source address of the packet to this temporary address. At response time, the outgoing packet’s source address is replaced with the original IPv6 address.

Note: You can combine an IPv6 expression with any other expression except an expression that produces a Boolean result.

Expression Prefixes for IPv6 Addresses

The IPv6 addresses that are returned by the expression prefixes in the following table can be treated as text data. For example, the prefix client.ipv6.dst returns the destination IPv6 address as a string that can be evaluated as text.

The following table describes expression prefixes that return an IPv6 address.

Table 3. IPv6 Expression Prefixes That Return Text

Prefix

Description

CLIENT.IPV6

Operates on the IPv6 address in with the current packet.

CLIENT.IPV6.DST

Returns the IPv6 address in the destination field of the IP header.

CLIENT.IPV6.SRC

Returns the IPv6 address in the source field of the IP header. Following are examples:

client.ipv6.src.in_subnet(2007::2008/64)

client.ipv6.src.get1.le(2008)

SERVER.IPV6

Operates on the IPv6 address in with the current packet.

SERVER.IPV6.DST

Returns the IPv6 address in the destination field of the IP header.

SERVER.IPV6.SRC

Returns the IPv6 address in the source field of the IP header. Following are examples:

server.ipv6.src.in_subnet(2007::2008/64)

server.ipv6.src.get1.le(2008)

Operations for IPV6 Prefixes

The following table describes the operators that can be used with prefixes that return an IPv6 address:

Table 4. Operations That Evaluate IPv6 Addresses

IPv6 Operation

Description

<ipv6>.EQ(<IPv6_address> )

Returns a Boolean TRUE if the IP address value is same as the <IPv6_address> argument.

Following is an example:

client.ipv6.dst.eq(ABCD:1234::ABCD)

<ipv6>.GET1. . .GET8

Returns a segment of an IPv6 address as a number.

The following example expressions retrieve segments from the ipv6 address 1000:1001:CD10:0000:0000:89AB:4567:CDEF:

  • client.ipv6.dst.get5 extracts 0000, which is the fifth set of bits in the address.
  • client.ipv6.dst.get6 extracts 89AB.
  • client.ipv6.dst.get7 extracts 4567.

You can perform numeric operations on these segments. Note that you cannot perform numeric operations when you retrieve an entire IPv6 address. This is because expressions that return an entire IPv6 address, such as CLIENT.IPV6.SRC, return the address in text format.

<ipv6>.IN_SUBNET(<subnet>)

Returns a Boolean TRUE if the IPv6 address value is in the subnet specified by the <subnet> argument.

Following is an example:

client.ipv6.dst.eq(1000:1001:CD10:0000:0000:89AB:4567:CDEF/60)

<ipv6>.IS_IPV4

Returns a Boolean TRUE if this is an IPv4 client, and returns a Boolean FALSE if it is not.

<ipv6>.SUBNET(<n>)

Returns the IPv6 address after applying the subnet mask specified as the argument. The subnet mask can take values between 0 and 128.

For example:

CLIENT.IPV6.SRC.SUBNET(24)

Expressions for MAC Addresses

A MAC address consists of colon-delimited hexadecimal values in the format ##:##:##:##:##:##, where each “#” represents either a number from 0 through 9 or a letter from A through F. Default syntax expression prefixes and operators are available for evaluating source and destination MAC addresses.

Prefixes for MAC Addresses

The following table describes prefixes that return MAC addresses.

Prefix Description
client.ether.dstmac Returns the MAC address in the destination field of the Ethernet header.
client.ether.srcmac Returns the MAC address in the source field of the Ethernet header.

Table 5. Prefixes That Evaluate MAC Addresses

Operations for MAC Addresses

The following table describes the operators that can be used with prefixes that return a MAC address.

Table 6. Operations on MAC Addresses

Prefix

Description

<mac address>.EQ(<address>)

Returns a Boolean TRUE if the MAC address value is same as the <address> argument.

<mac address>.GET1. . .GET4

Returns a numeric value extracted from the segment of the MAC address that is specified in the GET operation.

For example, if the MAC address is 12:34:56:78:9a:bc, the following returns 34:

client.ether.dstmac.get2

Expressions for Numeric Client and Server Data

The following table describes prefixes for working with numeric client and server data, including throughput, port numbers, and VLAN IDs.

Prefix Description
client.interface.rxthroughput Returns an integer representing the raw received traffic throughput in kilobytes per second (KBps) for the previous seven seconds.
client.interface.txthroughput Returns an integer representing the raw transmitted traffic throughput in KBps for the previous seven seconds.
client.interface.rxtxthroughput Returns an integer representing the raw received and transmitted traffic throughput in KBps for the previous seven seconds.
server.interface.rxthroughput Returns an integer representing the raw received traffic throughput in KBps for the previous seven seconds.
server.interface.txthroughput Returns an integer representing the raw transmitted traffic throughput in KBps for the previous seven seconds.
server.interface.rxtxthroughput Returns an integer representing the raw received and transmitted traffic throughput in KBps for the previous seven seconds.
server.vlan.id Returns a numeric ID of the VLAN through which the current packet entered the NetScaler.
client.vlan.id Returns a numeric ID for the VLAN through which the current packet entered the NetScaler.

Table 7. Prefixes That Evaluate Numeric Client and Server Data