Product Documentation

Configuring a Policy Label or Virtual Server Policy Bank

May 25, 2015

After you have created policies, and created policy banks by binding the policies, you can perform additional configuration of polices within a label or policy bank. For example, before you configure invocation of an external policy bank, you might want to wait until you have configured that policy bank.

This document includes the following details:

Configuring a Policy Label

Updated: 2013-11-14

A policy label consists of a set of policies and invocations of other policy labels and virtual server-specific policy banks. An Invoke parameter enables you to invoke a policy label or a virtual server-specific policy bank from any other policy bank. A special-purpose NoPolicy entry enables you to invoke an external bank without processing an expression (a rule). The NoPolicy entry is a “dummy” policy that does not contain a rule.

For configuring policy labels from the NetScaler command line, note the following elaborations of the command syntax:

  • gotoPriorityExpression is configured as described in "Entries in a Policy Bank."
  • The type argument is required. This is unlike binding a conventional policy, where this argument is optional.
  • You can invoke the bank of policies that are bound to a virtual server by using the same method as you use for invoking a policy label.

To configure a policy label by using the command line interface

At the command prompt, type the following commands to configure a policy label and verify the configuration:
  • bind cache|rewrite|responder policylabel <policylabelName> -policyName <policyName> -priority <priority> [-gotoPriorityExpression <gotopriorityExpression>] [-invoke reqvserver|resvserver|policylabel <policyLabelName>|<vserverName>]
  • show cache|rewrite|responder policylabel <policylabelName>

    Example

     bind cache policylabel _reqBuiltinDefaults -policyName  _nonGetReq -priority 100 
     Done 
     show cache policylabel _reqBuiltinDefaults 
            Label Name: _reqBuiltinDefaults 
            Evaluates: REQ 
            Number of bound policies: 3 
            Number of times invoked: 0 
    1)      Policy Name: _nonGetReq 
            Priority: 100 
            GotoPriorityExpression: END 
    2)      Policy Name: _advancedConditionalReq 
            Priority: 200 
            GotoPriorityExpression: END 
     
    3)      Policy Name: _personalizedReq 
            Priority: 300 
            GotoPriorityExpression: END 
     Done
    

To invoke a policy label from a Rewrite policy bank with a NOPOLICY entry by using the command line interface

At the command prompt, type the following commands to invoke a policy label from a Rewrite policy bank with a NOPOLICY entry and verify the configuration:
  • bind rewrite global <policyName> <priority> <gotoPriorityExpression> -type REQ_OVERRIDE|REQ_DEFAULT|RES_OVERRIDE|RES_DEFAULT -invoke reqvserver|resvserver|policylabel <policyLabelName>|<vserverName>
  • show rewrite global

    Example

    > bind rewrite global NOPOLICY 100 -type REQ_DEFAULT -invoke policylabel lbl-rewrt-pol 
     Done 
    > show rewrite global 
    1)      Global bindpoint: REQ_DEFAULT 
            Number of bound policies: 1 
     
    2)      Global bindpoint: REQ_OVERRIDE 
            Number of bound policies: 1 
     Done
    

To invoke a policy label from an Integrated Caching policy bank by using the command line interface

At the command prompt, type the following commands to invoke a policy label from an Integrated Caching policy bank and verify the configuration:
  • bind cache global NOPOLICY -priority <priority> -gotoPriorityExpression <gotopriorityExpression> -type REQ_OVERRIDE|REQ_DEFAULT|RES_OVERRIDE|RES_DEFAULT -invoke reqvserver|resvserver|policylabel <policyLabelName>|<vserverName>
  • show cache global

    Example

     bind cache global NOPOLICY -priority 100 -gotoPriorityExpression END -type REQ_DEFAULT -invoke policylabel lbl-cache-pol 
     Done 
    > show cache global 
    1)      Global bindpoint: REQ_DEFAULT 
            Number of bound policies: 2 
     
    2)      Global bindpoint: RES_DEFAULT 
            Number of bound policies: 1 
     
     Done
    

To invoke a policy label from a Responder policy bank by using the command line interface

At the command prompt, type the following commands to invoke a policy label from a Responder policy bank and verify the configuration:
  • bind responder global NOPOLICY <priority> <gotopriorityExpression> -type OVERRIDE|DEFAULT -invoke vserver|policylabel <policyLabelName>|<vserverName>
  • show responder global

    Example

    > bind responder global NOPOLICY 100 NEXT -type DEFAULT -invoke policylabel lbl-respndr-pol 
     Done 
    > show responder global 
    1)      Global bindpoint: REQ_DEFAULT 
            Number of bound policies: 2 
     
     Done
    

To configure a policy label by using the configuration utility

  1. In the navigation pane, expand the feature for which you want to configure a policy label, and then click Policy Labels. The choices are Integrated Caching, Rewrite, or Responder.
  2. In the details pane, double-click the label that you want to configure.
  3. If you are adding a new policy to this policy label, click Insert Policy, and in the Policy Name field, select New Policy. For more information about adding a policy, see "Creating or Modifying a Policy." Note that if you are invoking a policy bank, and do not want a rule to be evaluated prior to the invocation, click Insert Policy, and in the Policy Name field select NOPOLICY.
  4. For each entry in this policy label, configure the following:
    Policy Name:
    This is already determined by the Policy Name, new policy, or NOPOLICY entry that you inserted in this bank.
    Priority:
    A numeric value that determines either an absolute order of evaluation within the bank, or is used in conjunction with a Goto expression.
    Expression:
    The policy rule. Policy expressions are described in detail in the following chapters. For an introduction, see "Configuring Default Syntax Expressions: Getting Started."
    Action:
    The action to be taken if this policy evaluates to TRUE.
    Goto Expression:
    Optional. Used to augment the Priority level to determine the next policy or policy bank to evaluate. For more information on possible values for a Goto expression, see the table "Entries in a Policy Bank."
    Invoke:
    Optional. Invokes another policy bank.
  5. Click Ok. A message in the status bar indicates that the policy label is configured successfully.

Configuring a Policy Bank for a Virtual Server

Updated: 2013-09-02

You can configure a bank of policies for a virtual server. The policy bank can contain individual policies, and each entry in the policy bank can optionally invoke a policy label or a bank of policies that you configured for another virtual server. If you invoke a policy label or policy bank, you can do so without triggering an expression (a rule) by selecting a NOPOLICY “dummy” entry instead of a policy name.

To add policies to a virtual server policy bank by using the command line interface

At the command prompt, type the following commands to add policies to a virtual server policy bank and verify the configuration:
  • bind lb|cs vserver <virtualServerName> <serviceType> [-policyName <policyName>] [-priority <positiveInteger>] [-gotoPriorityExpression <expression>] [-type REQUEST|RESPONSE]
  • show lb|cs vserver <virtualServerName>

    Example

     add lb vserver vs-cont-sw TCP 
     Done 
     show lb vserver vs-cont-sw 
            vs-cont-sw (0.0.0.0:0) - TCP    Type: ADDRESS 
            State: DOWN 
            Last state change was at Wed Aug 19 10:04:02 2009 (+279 ms) 
            Time since last state change: 0 days, 00:02:14.420 
            Effective State: DOWN 
            Client Idle Timeout: 9000 sec 
            Down state flush: ENABLED 
            Disable Primary Vserver On Down : DISABLED 
            No. of Bound Services :  0 (Total)       0 (Active) 
            Configured Method: LEASTCONNECTION 
            Mode: IP 
            Persistence: NONE 
            Connection Failover: DISABLED 
     Done
    

To invoke a policy label from a virtual server policy bank with a NOPOLICY entry by using the command line interface

At the command prompt, type the following commands to invoke a policy label from a virtual server policy bank with a NOPOLICY entry and verify the configuration:
  • bind lb|cs vserver <virtualServerName> -policyName NOPOLICY_REWRITE|NOPOLICY_CACHE|NOPOLICY_RESPONDER -priority <integer> -type REQUEST|RESPONSE -gotoPriorityExpression <gotopriorityExpression> -invoke reqVserver|resVserver|policyLabel <vserverName>|<labelName>
  • show lb vserver

    Example

    > bind lb vserver vs-cont-sw -policyname NOPOLICY-REWRITE -priority 200 -type REQUEST -gotoPriorityExpression NEXT -invoke policyLabel lbl-rewrt-pol 
     Done
    

To configure a virtual server policy bank by using the configuration utility

  1. In the left navigation pane, expand Traffic Management > Load Balancing, Traffic Management > Content Switching, Traffic Management > SSL Offload, Security > AAA - Application Traffic, or NetScaler Gateway, as appropriate, and then click Virtual Servers.
  2. In the details pane, select the virtual server that you want to configure, and then click Open.
  3. In the Configure Virtual Server dialog box click the Policies tab.
  4. To create a new policy in this bank, click the icon for the type of policy or policy label that you want to add to the virtual server’s bank of policies, click Insert Policy. Note that if you want to invoke a policy label without evaluating a policy rule, select the NOPOLICY “dummy” policy.
  5. To configure an existing entry in this policy bank, enter the following:
    Priority:
    A numeric value that determines either an absolute order of evaluation within the bank or is used in conjunction with a Goto expression.
    Expression:
    The policy rule. Policy expressions are described in detail in the following chapters. For an introduction, see "Configuring Default Syntax Expressions: Getting Started."
    Action: on:
    The action to be taken if this policy evaluates to TRUE.
    Goto Expression:
    Optional. Determines the next policy or policy bank to evaluate. For more information on possible values for a Goto expression, see "Entries in a Policy Bank."
    Invoke:
    Optional. To invoke another policy bank, select the name of the policy label or virtual server policy bank that you want to invoke.
  6. When you are done, click OK. A message in the status bar indicates that the policy is configured successfully.