ADC CLI Commands

lb-vserver

The following operations can be performed on “lb-vserver”:

bind lb vserver

Binds a service, service group, or policy to a virtual server.

Synopsis

bind lb vserver @ \(\(@ \[-weight <positive\_integer>] \[-order <positive\_integer>]) | @ | \(-policyName @ \[-priority <positive\_integer>] \[-gotoPriorityExpression ] \[-type ] \[-invoke \( ) ] ) | -analyticsProfile @)

Arguments

name Name for the virtual server. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at sign (@), equal sign (=), and hyphen (-) characters. Can be changed after the virtual server is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my vserver” or ‘my vserver’).

serviceName Name of the service.

weight Integer specifying the weight of the service. A larger number specifies a greater weight. Defines the capacity of the service relative to the other services in the load balancing configuration. Determines the priority given to the service in load balancing decisions. Default value: 1 Minimum value: 1 Maximum value: 100

serviceGroupName Name of the service group.

policyName Name of the policy to bind to the virtual server.

priority Integer specifying the policy’s priority. The lower the priority number, the higher the policy’s priority. Minimum value: 1 Maximum value: 2147483647

gotoPriorityExpression Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE. Specify one of the following values:

  • NEXT - Evaluate the policy with the next higher priority number.
  • END - End policy evaluation.
  • USE_INVOCATION_RESULT - Applicable if this policy invokes another policy label. If the final goto in the invoked policy label has a value of END, the evaluation stops. If the final goto is anything other than END, the current policy label performs a NEXT.
  • An expression that evaluates to a number. If you specify an expression, the number to which it evaluates determines the next policy to evaluate, as follows:
  • If the expression evaluates to a higher numbered priority, the policy with that priority is evaluated next.
  • If the expression evaluates to the priority of the current policy, the policy with the next higher numbered priority is evaluated next.
  • If the expression evaluates to a priority number that is numerically higher than the highest numbered priority, policy evaluation ends. An UNDEF event is triggered if:
  • The expression is invalid.
  • The expression evaluates to a priority number that is numerically lower than the current policy’s priority.
  • The expression evaluates to a priority number that is between the current policy’s priority number (say, 30) and the highest priority number (say, 100), but does not match any configured priority number (for example, the expression evaluates to the number 85). This example assumes that the priority number increments by 10 for every successive policy, and therefore a priority number of 85 does not exist in the policy label.

type Bind point to which to bind the policy.

Possible values: REQUEST, RESPONSE, MQTT_JUMBO_REQ

invoke Invoke policies bound to a virtual server or policy label.

labelType Type of policy label to invoke. Applicable only to rewrite, videooptimization and cache policies. Available settings function as follows:

  • reqvserver - Evaluate the request against the request-based policies bound to the specified virtual server.
  • resvserver - Evaluate the response against the response-based policies bound to the specified virtual server.
  • policylabel - invoke the request or response against the specified user-defined policy label.

Possible values: reqvserver, resvserver, policylabel

labelName Name of the virtual server or user-defined policy label to invoke if the policy evaluates to TRUE.

analyticsProfile bind lb vserver -analyticsProfile .

order Integer specifying the order of the service. A larger number specifies a lower order. Defines the order of the service relative to the other services in the load balancing vserver’s bindings. Determines the priority given to the service among all the services bound. Minimum value: 1 Maximum value: 8192

Example

bind lb vserver http_vip http_svc To bind a service to multiple vservers use the following command: bind lb vs http_vip[1-3] http_svc To bind multiple services to a vserver use the following command: bind lb vs http_vip http_svc[1-3]

add lb vserver

Creates a load balancing virtual server.

Synopsis

add lb vserver @ \[\(@ \(-ipset | -range <positive\_integer>) ) | \(-IPPattern -IPMask )] \[-persistenceType ] \[-timeout ] \[-persistenceBackup \( SOURCEIP | NONE )] \[-backupPersistenceTimeout ] \[-lbMethod \[-hashLength <positive\_integer>] \[-netmask ] \[-v6netmasklen <positive\_integer>] \[-dataLength <positive\_integer>] \[-dataOffset <positive\_integer>]] \[-backupLBMethod ] \[-cookieName ] \[-rule ] \[-Listenpolicy \[-Listenpriority <positive\_integer>]] \[-resRule ] \[-persistMask ] \[-v6persistmasklen <positive\_integer>] \[-rtspNat \( ON | OFF )] \[-m ] \[-tosId <positive\_integer>] \[-sessionless \( ENABLED | DISABLED )] \[-trofsPersistence \( ENABLED | DISABLED )] \[-state \( ENABLED | DISABLED )] \[-connfailover ] \[-redirectURL ] \[-cacheable \( YES | NO )] \[-cltTimeout ] \[-soMethod ] \[-soPersistence \( ENABLED | DISABLED )] \[-soPersistenceTimeOut <positive\_integer>] \[-healthThreshold <positive\_integer>] \[-soThreshold <positive\_integer>] \[-soBackupAction ] \[-redirectPortRewrite \( ENABLED | DISABLED )] \[-downStateFlush \( ENABLED | DISABLED )] \[-backupVServer ] \[-disablePrimaryOnDown \( ENABLED | DISABLED )] \[-insertVserverIPPort \[] ] \[-AuthenticationHost ] \[-Authentication \( ON | OFF )] \[-authn401 \( ON | OFF )] \[-authnVsName ] \[-push \( ENABLED | DISABLED )] \[-pushVserver ] \[-pushLabel ] \[-pushMultiClients \( YES | NO )] \[-tcpProfileName ] \[-httpProfileName ] \[-dbProfileName ] \[-comment ] \[-l2Conn \( ON | OFF )] \[-oracleServerVersion \( 10G | 11G )] \[-mssqlServerVersion ] \[-mysqlProtocolVersion <positive\_integer>] \[-mysqlServerVersion ] \[-mysqlCharacterSet <positive\_integer>] \[-mysqlServerCapabilities <positive\_integer>] \[-appflowLog \( ENABLED | DISABLED )] \[-netProfile ] \[-icmpVsrResponse \( PASSIVE | ACTIVE )] \[-RHIstate \( PASSIVE | ACTIVE )] \[-newServiceRequest <positive\_integer> \[]] \[-newServiceRequestIncrementInterval <positive\_integer>] \[-minAutoscaleMembers <positive\_integer>] \[-maxAutoscaleMembers <positive\_integer>] \[-persistAVPno <positive\_integer> ...] \[-skippersistency ] \[-td <positive\_integer>] \[-authnProfile ] \[-macmodeRetainvlan \( ENABLED | DISABLED )] \[-dbsLb \( ENABLED | DISABLED )] \[-dns64 \( ENABLED | DISABLED )] \[-bypassAAAA \( YES | NO )] \[-RecursionAvailable \( YES | NO )] \[-processLocal \( ENABLED | DISABLED )] \[-dnsProfileName ] \[-lbprofilename ] \[-redirectFromPort <port|\*> \[-httpsRedirectUrl ]] \[-retainConnectionsOnCluster \( YES | NO )] \[-adfsProxyProfile ] \[-quicProfileName ] \[-quicBridgeProfilename ] \[-probeProtocol \( TCP | HTTP ) \[-probeSuccessResponseCode ]] \[-probePort <port|\*>] \[-toggleorder \( ASCENDING | DESCENDING )] \[-orderthreshold <positive\_integer>]

Arguments

name Name for the virtual server. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at sign (@), equal sign (=), and hyphen (-) characters. Can be changed after the virtual server is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my vserver” or ‘my vserver’).

serviceType Protocol used by the service (also called the service type).

Possible values: HTTP, FTP, TCP, UDP, SSL, SSL_BRIDGE, SSL_TCP, DTLS, NNTP, DNS, DHCPRA, ANY, SIP_UDP, SIP_TCP, SIP_SSL, DNS_TCP, RTSP, PUSH, SSL_PUSH, RADIUS, RDP, MYSQL, MSSQL, DIAMETER, SSL_DIAMETER, TFTP, ORACLE, SMPP, SYSLOGTCP, SYSLOGUDP, FIX, SSL_FIX, PROXY, USER_TCP, USER_SSL_TCP, QUIC, IPFIX, LOGSTREAM, MONGO, MONGO_TLS, MQTT, MQTT_TLS, QUIC_BRIDGE, HTTP_QUIC

IPAddress IPv4 or IPv6 address to assign to the virtual server.

IPPattern IP address pattern, in dotted decimal notation, for identifying packets to be accepted by the virtual server. The IP Mask parameter specifies which part of the destination IP address is matched against the pattern. Mutually exclusive with the IP Address parameter. For example, if the IP pattern assigned to the virtual server is 198.51.100.0 and the IP mask is 255.255.240.0 (a forward mask), the first 20 bits in the destination IP addresses are matched with the first 20 bits in the pattern. The virtual server accepts requests with IP addresses that range from 198.51.96.1 to 198.51.111.254. You can also use a pattern such as 0.0.2.2 and a mask such as 0.0.255.255 (a reverse mask). If a destination IP address matches more than one IP pattern, the pattern with the longest match is selected, and the associated virtual server processes the request. For example, if virtual servers vs1 and vs2 have the same IP pattern, 0.0.100.128, but different IP masks of 0.0.255.255 and 0.0.224.255, a destination IP address of 198.51.100.128 has the longest match with the IP pattern of vs1. If a destination IP address matches two or more virtual servers to the same extent, the request is processed by the virtual server whose port number matches the port number in the request.

IPMask IP mask, in dotted decimal notation, for the IP Pattern parameter. Can have leading or trailing non-zero octets (for example, 255.255.240.0 or 0.0.255.255). Accordingly, the mask specifies whether the first n bits or the last n bits of the destination IP address in a client request are to be matched with the corresponding bits in the IP pattern. The former is called a forward mask. The latter is called a reverse mask.

port Port number for the virtual server.

ipset The list of IPv4/IPv6 addresses bound to ipset would form a part of listening service on the current lb vserver

range Number of IP addresses that the appliance must generate and assign to the virtual server. The virtual server then functions as a network virtual server, accepting traffic on any of the generated IP addresses. The IP addresses are generated automatically, as follows:

  • For a range of n, the last octet of the address specified by the IP Address parameter increments n-1 times.
  • If the last octet exceeds 255, it rolls over to 0 and the third octet increments by 1. Note: The Range parameter assigns multiple IP addresses to one virtual server. To generate an array of virtual servers, each of which owns only one IP address, use brackets in the IP Address and Name parameters to specify the range. For example: add lb vserver my_vserver[1-3] HTTP 192.0.2.[1-3] 80 Default value: 1 Minimum value: 1 Maximum value: 254

persistenceType Type of persistence for the virtual server. Available settings function as follows:

  • SOURCEIP - Connections from the same client IP address belong to the same persistence session.
  • COOKIEINSERT - Connections that have the same HTTP Cookie, inserted by a Set-Cookie directive from a server, belong to the same persistence session.
  • SSLSESSION - Connections that have the same SSL Session ID belong to the same persistence session.
  • CUSTOMSERVERID - Connections with the same server ID form part of the same session. For this persistence type, set the Server ID (CustomServerID) parameter for each service and configure the Rule parameter to identify the server ID in a request.
  • RULE - All connections that match a user defined rule belong to the same persistence session.
  • URLPASSIVE - Requests that have the same server ID in the URL query belong to the same persistence session. The server ID is the hexadecimal representation of the IP address and port of the service to which the request must be forwarded. This persistence type requires a rule to identify the server ID in the request.
  • DESTIP - Connections to the same destination IP address belong to the same persistence session.
  • SRCIPDESTIP - Connections that have the same source IP address and destination IP address belong to the same persistence session.
  • CALLID - Connections that have the same CALL-ID SIP header belong to the same persistence session.
  • RTSPSID - Connections that have the same RTSP Session ID belong to the same persistence session.
  • FIXSESSION - Connections that have the same SenderCompID and TargetCompID values belong to the same persistence session.
  • USERSESSION - Persistence session is created based on the persistence parameter value provided from an extension.

Possible values: SOURCEIP, COOKIEINSERT, SSLSESSION, RULE, URLPASSIVE, CUSTOMSERVERID, DESTIP, SRCIPDESTIP, CALLID, RTSPSID, DIAMETER, FIXSESSION, USERSESSION, NONE

timeout Time period for which a persistence session is in effect. Default value: 2 Maximum value: 1440

persistenceBackup Backup persistence type for the virtual server. Becomes operational if the primary persistence mechanism fails.

Possible values: SOURCEIP, NONE

backupPersistenceTimeout Time period for which backup persistence is in effect. Default value: 2 Minimum value: 2 Maximum value: 1440

lbMethod Load balancing method. The available settings function as follows:

  • ROUNDROBIN - Distribute requests in rotation, regardless of the load. Weights can be assigned to services to enforce weighted round robin distribution.
  • LEASTCONNECTION (default) - Select the service with the fewest connections.
  • LEASTRESPONSETIME - Select the service with the lowest average response time.
  • LEASTBANDWIDTH - Select the service currently handling the least traffic.
  • LEASTPACKETS - Select the service currently serving the lowest number of packets per second.
  • CUSTOMLOAD - Base service selection on the SNMP metrics obtained by custom load monitors.
  • LRTM - Select the service with the lowest response time. Response times are learned through monitoring probes. This method also takes the number of active connections into account. Also available are a number of hashing methods, in which the appliance extracts a predetermined portion of the request, creates a hash of the portion, and then checks whether any previous requests had the same hash value. If it finds a match, it forwards the request to the service that served those previous requests. Following are the hashing methods:
  • URLHASH - Create a hash of the request URL (or part of the URL).
  • DOMAINHASH - Create a hash of the domain name in the request (or part of the domain name). The domain name is taken from either the URL or the Host header. If the domain name appears in both locations, the URL is preferred. If the request does not contain a domain name, the load balancing method defaults to LEASTCONNECTION.
  • DESTINATIONIPHASH - Create a hash of the destination IP address in the IP header.
  • SOURCEIPHASH - Create a hash of the source IP address in the IP header.
  • TOKEN - Extract a token from the request, create a hash of the token, and then select the service to which any previous requests with the same token hash value were sent.
  • SRCIPDESTIPHASH - Create a hash of the string obtained by concatenating the source IP address and destination IP address in the IP header.
  • SRCIPSRCPORTHASH - Create a hash of the source IP address and source port in the IP header.
  • CALLIDHASH - Create a hash of the SIP Call-ID header.
  • USER_TOKEN - Same as TOKEN LB method but token needs to be provided from an extension.

Possible values: ROUNDROBIN, LEASTCONNECTION, LEASTRESPONSETIME, URLHASH, DOMAINHASH, DESTINATIONIPHASH, SOURCEIPHASH, SRCIPDESTIPHASH, LEASTBANDWIDTH, LEASTPACKETS, TOKEN, SRCIPSRCPORTHASH, LRTM, CALLIDHASH, CUSTOMLOAD, LEASTREQUEST, AUDITLOGHASH, STATICPROXIMITY, USER_TOKEN Default value: LEASTCONNECTION

hashLength Number of bytes to consider for the hash value used in the URLHASH and DOMAINHASH load balancing methods. Default value: 80 Minimum value: 1 Maximum value: 4096

netmask IPv4 subnet mask to apply to the destination IP address or source IP address when the load balancing method is DESTINATIONIPHASH or SOURCEIPHASH. Default value: 0xFFFFFFFF

v6netmasklen Number of bits to consider in an IPv6 destination or source IP address, for creating the hash that is required by the DESTINATIONIPHASH and SOURCEIPHASH load balancing methods. Default value: 128 Minimum value: 1 Maximum value: 128

backupLBMethod Backup load balancing method. Becomes operational if the primary load balancing me thod fails or cannot be used. Valid only if the primary method is based on static proximity.

Possible values: ROUNDROBIN, LEASTCONNECTION, LEASTRESPONSETIME, SOURCEIPHASH, LEASTBANDWIDTH, LEASTPACKETS, CUSTOMLOAD Default value: ROUNDROBIN

cookieName Use this parameter to specify the cookie name for COOKIE peristence type. It specifies the name of cookie with a maximum of 32 characters. If not specified, cookie name is internally generated.

rule Expression, or name of a named expression, against which traffic is evaluated. The following requirements apply only to the Citrix ADC CLI:

  • If the expression includes one or more spaces, enclose the entire expression in double quotation marks.
  • If the expression itself includes double quotation marks, escape the quotations by using the \ character.
  • Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks. Default value: “none”

Listenpolicy Expression identifying traffic accepted by the virtual server. Can be either an expression (for example, CLIENT.IP.DST.IN_SUBNET(192.0.2.0/24) or the name of a named expression. In the above example, the virtual server accepts all requests whose destination IP address is in the 192.0.2.0/24 subnet. Default value: “NONE”

Listenpriority Integer specifying the priority of the listen policy. A higher number specifies a lower priority. If a request matches the listen policies of more than one virtual server the virtual server whose listen policy has the highest priority (the lowest priority number) accepts the request. Default value: 101 Minimum value: 0 Maximum value: 101

resRule Expression specifying which part of a server’s response to use for creating rule based persistence sessions (persistence type RULE). Can be either an expression or the name of a named expression. Example: HTTP.RES.HEADER(“setcookie”).VALUE(0).TYPECAST_NVLIST_T(‘=’,’;’).VALUE(“server1”). Default value: “none”

persistMask Persistence mask for IP based persistence types, for IPv4 virtual servers. Default value: 0xFFFFFFFF

v6persistmasklen Persistence mask for IP based persistence types, for IPv6 virtual servers. Default value: 128 Minimum value: 1 Maximum value: 128

rtspNat Use network address translation (NAT) for RTSP data connections.

Possible values: ON, OFF Default value: OFF

m Redirection mode for load balancing. Available settings function as follows:

  • IP - Before forwarding a request to a server, change the destination IP address to the server’s IP address.
  • MAC - Before forwarding a request to a server, change the destination MAC address to the server’s MAC address. The destination IP address is not changed. MAC-based redirection mode is used mostly in firewall load balancing deployments.
  • IPTUNNEL - Perform IP-in-IP encapsulation for client IP packets. In the outer IP headers, set the destination IP address to the IP address of the server and the source IP address to the subnet IP (SNIP). The client IP packets are not modified. Applicable to both IPv4 and IPv6 packets.
  • TOS - Encode the virtual server’s TOS ID in the TOS field of the IP header. You can use either the IPTUNNEL or the TOS option to implement Direct Server Return (DSR).

Possible values: IP, MAC, IPTUNNEL, TOS Default value: IP

tosId TOS ID of the virtual server. Applicable only when the load balancing redirection mode is set to TOS. Minimum value: 1 Maximum value: 63

dataLength Length of the token to be extracted from the data segment of an incoming packet, for use in the token method of load balancing. The length of the token, specified in bytes, must not be greater than 24 KB. Applicable to virtual servers of type TCP. Minimum value: 1 Maximum value: 100

dataOffset Offset to be considered when extracting a token from the TCP payload. Applicable to virtual servers, of type TCP, using the token method of load balancing. Must be within the first 24 KB of the TCP payload. Minimum value: 0 Maximum value: 25400

sessionless Perform load balancing on a per-packet basis, without establishing sessions. Recommended for load balancing of intrusion detection system (IDS) servers and scenarios involving direct server return (DSR), where session information is unnecessary.

Possible values: ENABLED, DISABLED Default value: DISABLED

trofsPersistence When value is ENABLED, Trofs persistence is honored. When value is DISABLED, Trofs persistence is not honored.

Possible values: ENABLED, DISABLED Default value: ENABLED

state State of the load balancing virtual server.

Possible values: ENABLED, DISABLED Default value: ENABLED

connfailover Mode in which the connection failover feature must operate for the virtual server. After a failover, established TCP connections and UDP packet flows are kept active and resumed on the secondary appliance. Clients remain connected to the same servers. Available settings function as follows:

  • STATEFUL - The primary appliance shares state information with the secondary appliance, in real time, resulting in some runtime processing overhead.
  • STATELESS - State information is not shared, and the new primary appliance tries to re-create the packet flow on the basis of the information contained in the packets it receives.
  • DISABLED - Connection failover does not occur.

Possible values: DISABLED, STATEFUL, STATELESS Default value: DISABLED

redirectURL URL to which to redirect traffic if the virtual server becomes unavailable. WARNING! Make sure that the domain in the URL does not match the domain specified for a content switching policy. If it does, requests are continuously redirected to the unavailable virtual server.

cacheable Route cacheable requests to a cache redirection virtual server. The load balancing virtual server can forward requests only to a transparent cache redirection virtual server that has an IP address and port combination of *:80, so such a cache redirection virtual server must be configured on the appliance.

Possible values: YES, NO Default value: NO

cltTimeout Idle time, in seconds, after which a client connection is terminated. Default value: -1 Maximum value: 31536000

soMethod Type of threshold that, when exceeded, triggers spillover. Available settings function as follows:

  • CONNECTION - Spillover occurs when the number of client connections exceeds the threshold.
  • DYNAMICCONNECTION - Spillover occurs when the number of client connections at the virtual server exceeds the sum of the maximum client (Max Clients) settings for bound services. Do not specify a spillover threshold for this setting, because the threshold is implied by the Max Clients settings of bound services.
  • BANDWIDTH - Spillover occurs when the bandwidth consumed by the virtual server’s incoming and outgoing traffic exceeds the threshold.
  • HEALTH - Spillover occurs when the percentage of weights of the services that are UP drops below the threshold. For example, if services svc1, svc2, and svc3 are bound to a virtual server, with weights 1, 2, and 3, and the spillover threshold is 50%, spillover occurs if svc1 and svc3 or svc2 and svc3 transition to DOWN.
  • NONE - Spillover does not occur.

Possible values: CONNECTION, DYNAMICCONNECTION, BANDWIDTH, HEALTH, NONE

soPersistence If spillover occurs, maintain source IP address based persistence for both primary and backup virtual servers.

Possible values: ENABLED, DISABLED Default value: DISABLED

soPersistenceTimeOut Timeout for spillover persistence, in minutes. Default value: 2 Minimum value: 2 Maximum value: 1440

healthThreshold Threshold in percent of active services below which vserver state is made down. If this threshold is 0, vserver state will be up even if one bound service is up. Default value: 0 Minimum value: 0 Maximum value: 100

soThreshold Threshold at which spillover occurs. Specify an integer for the CONNECTION spillover method, a bandwidth value in kilobits per second for the BANDWIDTH method (do not enter the units), or a percentage for the HEALTH method (do not enter the percentage symbol). Minimum value: 1 Maximum value: 4294967287

soBackupAction Action to be performed if spillover is to take effect, but no backup chain to spillover is usable or exists

Possible values: DROP, ACCEPT, REDIRECT

redirectPortRewrite Rewrite the port and change the protocol to ensure successful HTTP redirects from services.

Possible values: ENABLED, DISABLED Default value: DISABLED

downStateFlush Flush all active transactions associated with a virtual server whose state transitions from UP to DOWN. Do not enable this option for applications that must complete their transactions.

Possible values: ENABLED, DISABLED Default value: ENABLED

backupVServer Name of the backup virtual server to which to forward requests if the primary virtual server goes DOWN or reaches its spillover threshold.

disablePrimaryOnDown If the primary virtual server goes down, do not allow it to return to primary status until manually enabled.

Possible values: ENABLED, DISABLED Default value: DISABLED

insertVserverIPPort Insert an HTTP header, whose value is the IP address and port number of the virtual server, before forwarding a request to the server. The format of the header is : _, where vipHeader is the name that you specify for the header. If the virtual server has an IPv6 address, the address in the header is enclosed in brackets ([ and ]) to separate it from the port number. If you have mapped an IPv4 address to a virtual server's IPv6 address, the value of this parameter determines which IP address is inserted in the header, as follows:

  • VIPADDR - Insert the IP address of the virtual server in the HTTP header regardless of whether the virtual server has an IPv4 address or an IPv6 address. A mapped IPv4 address, if configured, is ignored.
  • V6TOV4MAPPING - Insert the IPv4 address that is mapped to the virtual server’s IPv6 address. If a mapped IPv4 address is not configured, insert the IPv6 address.
  • OFF - Disable header insertion.

Possible values: OFF, VIPADDR, V6TOV4MAPPING

vipHeader Name for the inserted header. The default name is vip-header.

AuthenticationHost Fully qualified domain name (FQDN) of the authentication virtual server to which the user must be redirected for authentication. Make sure that the Authentication parameter is set to ENABLED.

Authentication Enable or disable user authentication.

Possible values: ON, OFF Default value: OFF

authn401 Enable or disable user authentication with HTTP 401 responses.

Possible values: ON, OFF Default value: OFF

authnVsName Name of an authentication virtual server with which to authenticate users.

push Process traffic with the push virtual server that is bound to this load balancing virtual server.

Possible values: ENABLED, DISABLED Default value: DISABLED

pushVserver Name of the load balancing virtual server, of type PUSH or SSL_PUSH, to which the server pushes updates received on the load balancing virtual server that you are configuring.

pushLabel Expression for extracting a label from the server’s response. Can be either an expression or the name of a named expression. Default value: “none”

pushMultiClients Allow multiple Web 2.0 connections from the same client to connect to the virtual server and expect updates.

Possible values: YES, NO Default value: NO

tcpProfileName Name of the TCP profile whose settings are to be applied to the virtual server.

httpProfileName Name of the HTTP profile whose settings are to be applied to the virtual server.

dbProfileName Name of the DB profile whose settings are to be applied to the virtual server.

comment Any comments that you might want to associate with the virtual server.

l2Conn Use Layer 2 parameters (channel number, MAC address, and VLAN ID) in addition to the 4-tuple (::::) that is used to identify a connection. Allows multiple TCP and non-TCP connections with the same 4-tuple to co-exist on the Citrix ADC.

Possible values: ON, OFF

oracleServerVersion Oracle server version

Possible values: 10G, 11G Default value: 10G

mssqlServerVersion For a load balancing virtual server of type MSSQL, the Microsoft SQL Server version. Set this parameter if you expect some clients to run a version different from the version of the database. This setting provides compatibility between the client-side and server-side connections by ensuring that all communication conforms to the server’s version.

Possible values: 70, 2000, 2000SP1, 2005, 2008, 2008R2, 2012, 2014 Default value: 2008R2

mysqlProtocolVersion MySQL protocol version that the virtual server advertises to clients. Default value: NSA_MYSQL_PROTOCOL_VER_DEFAULT Minimum value: 0

mysqlServerVersion MySQL server version string that the virtual server advertises to clients. Default value: NSA_MYSQL_SERVER_VER_DEFAULT

mysqlCharacterSet Character set that the virtual server advertises to clients. Default value: NSA_MYSQL_CHAR_SET_DEFAULT Minimum value: 0

mysqlServerCapabilities Server capabilities that the virtual server advertises to clients. Default value: NSA_MYSQL_SVR_CAPABILITIES_DEFAULT Minimum value: 0

appflowLog Apply AppFlow logging to the virtual server.

Possible values: ENABLED, DISABLED Default value: ENABLED

netProfile Name of the network profile to associate with the virtual server. If you set this parameter, the virtual server uses only the IP addresses in the network profile as source IP addresses when initiating connections with servers.

icmpVsrResponse How the Citrix ADC responds to ping requests received for an IP address that is common to one or more virtual servers. Available settings function as follows:

  • If set to PASSIVE on all the virtual servers that share the IP address, the appliance always responds to the ping requests.
  • If set to ACTIVE on all the virtual servers that share the IP address, the appliance responds to the ping requests if at least one of the virtual servers is UP. Otherwise, the appliance does not respond.
  • If set to ACTIVE on some virtual servers and PASSIVE on the others, the appliance responds if at least one virtual server with the ACTIVE setting is UP. Otherwise, the appliance does not respond. Note: This parameter is available at the virtual server level. A similar parameter, ICMP Response, is available at the IP address level, for IPv4 addresses of type VIP. To set that parameter, use the add ip command in the CLI or the Create IP dialog box in the GUI.

Possible values: PASSIVE, ACTIVE Default value: PASSIVE

RHIstate Route Health Injection (RHI) functionality of the NetSaler appliance for advertising the route of the VIP address associated with the virtual server. When Vserver RHI Level (RHI) parameter is set to VSVR_CNTRLD, the following are different RHI behaviors for the VIP address on the basis of RHIstate (RHI STATE) settings on the virtual servers associated with the VIP address:

  • If you set RHI STATE to PASSIVE on all virtual servers, the Citrix ADC always advertises the route for the VIP address.
  • If you set RHI STATE to ACTIVE on all virtual servers, the Citrix ADC advertises the route for the VIP address if at least one of the associated virtual servers is in UP state.
  • If you set RHI STATE to ACTIVE on some and PASSIVE on others, the Citrix ADC advertises the route for the VIP address if at least one of the associated virtual servers, whose RHI STATE set to ACTIVE, is in UP state.

Possible values: PASSIVE, ACTIVE Default value: PASSIVE

newServiceRequest Number of requests, or percentage of the load on existing services, by which to increase the load on a new service at each interval in slow-start mode. A non-zero value indicates that slow-start is applicable. A zero value indicates that the global RR startup parameter is applied. Changing the value to zero will cause services currently in slow start to take the full traffic as determined by the LB method. Subsequently, any new services added will use the global RR factor. Default value: 0 Minimum value: 0

newServiceRequestUnit Units in which to increment load at each interval in slow-start mode.

Possible values: PER_SECOND, PERCENT Default value: PER_SECOND

newServiceRequestIncrementInterval Interval, in seconds, between successive increments in the load on a new service or a service whose state has just changed from DOWN to UP. A value of 0 (zero) specifies manual slow start. Default value: 0 Minimum value: 0 Maximum value: 3600

minAutoscaleMembers Minimum number of members expected to be present when vserver is used in Autoscale. Default value: 0 Minimum value: 0 Maximum value: 5000

maxAutoscaleMembers Maximum number of members expected to be present when vserver is used in Autoscale. Default value: 0 Minimum value: 0 Maximum value: 5000

persistAVPno Persist AVP number for Diameter Persistency. In case this AVP is not defined in Base RFC 3588 and it is nested inside a Grouped AVP, define a sequence of AVP numbers (max 3) in order of parent to child. So say persist AVP number X is nested inside AVP Y which is nested in Z, then define the list as Z Y X Minimum value: 1

skippersistency This argument decides the behavior incase the service which is selected from an existing persistence session has reached threshold.

Possible values: Bypass, ReLb, None Default value: None

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value: 0 Maximum value: 4094

authnProfile Name of the authentication profile to be used when authentication is turned on.

macmodeRetainvlan This option is used to retain vlan information of incoming packet when macmode is enabled

Possible values: ENABLED, DISABLED Default value: DISABLED

dbsLb Enable database specific load balancing for MySQL and MSSQL service types.

Possible values: ENABLED, DISABLED Default value: DISABLED

dns64 This argument is for enabling/disabling the dns64 on lbvserver

Possible values: ENABLED, DISABLED

bypassAAAA If this option is enabled while resolving DNS64 query AAAA queries are not sent to back end dns server

Possible values: YES, NO Default value: NO

RecursionAvailable When set to YES, this option causes the DNS replies from this vserver to have the RA bit turned on. Typically one would set this option to YES, when the vserver is load balancing a set of DNS servers thatsupport recursive queries.

Possible values: YES, NO Default value: NO

processLocal By turning on this option packets destined to a vserver in a cluster will not under go any steering. Turn this option for single packet request response mode or when the upstream device is performing a proper RSS for connection based distribution.

Possible values: ENABLED, DISABLED Default value: DISABLED

dnsProfileName Name of the DNS profile to be associated with the VServer. DNS profile properties will be applied to the transactions processed by a VServer. This parameter is valid only for DNS and DNS-TCP VServers.

lbprofilename Name of the LB profile which is associated to the vserver

redirectFromPort Port number for the virtual server, from which we absorb the traffic for http redirect Minimum value: 1

httpsRedirectUrl URL to which all HTTP traffic received on the port specified in the -redirectFromPort parameter is redirected.

retainConnectionsOnCluster This option enables you to retain existing connections on a node joining a Cluster system or when a node is being configured for passive timeout. By default, this option is disabled.

Possible values: YES, NO Default value: NO

adfsProxyProfile Name of the adfsProxy profile to be used to support ADFSPIP protocol for ADFS servers.

quicProfileName Name of QUIC profile which will be attached to the VServer.

quicBridgeProfilename Name of the QUIC Bridge profile whose settings are to be applied to the virtual server.

probeProtocol Citrix ADC provides support for external health check of the vserver status. Select HTTP or TCP probes for healthcheck

Possible values: TCP, HTTP

probeSuccessResponseCode HTTP code to return in SUCCESS case. Default value: “200 OK”

probePort Citrix ADC provides support for external health check of the vserver status. Select port for HTTP/TCP monitring Default value: 0

toggleorder Configure this option to toggle order preference

Possible values: ASCENDING, DESCENDING Default value: ASCENDING

orderthreshold This option is used to to specify the threshold of minimum number of services to be UP in an order, for it to be considered in Lb decision. Default value: 0 Minimum value: 0 Maximum value: 100

Example

add lb vserver http_vsvr http 10.102.1.10 80 To add multiple vservers at once use the following command: add lb vs http_vsvr[1-4] http 10.102.27.[115-118] 80 This command adds the vserver http_vsvr1 with the IP address 10.102.27.115, http_vsvr2 with 10.102.27.116, http_vsvr3 with 10.102.27.117 and http_vsvr4 with 10.102.27.118

unbind lb vserver

Unbinds a service, service group, or policy from a virtual server.

Synopsis

unbind lb vserver @ \(@ | @ | \(-policyName @ \[-type ])) \[-priority <positive\_integer>] \[-analyticsProfile @]

Arguments

name Name for the virtual server. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at sign (@), equal sign (=), and hyphen (-) characters. Can be changed after the virtual server is created.

CLI Users: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my vserver” or ‘my vserver’).

serviceName Name of the service.

serviceGroupName The name of the service group that is unbound.

policyName Name of the policy to bind to the virtual server.

type Bind point from which to unbind the policy label.

Possible values: REQUEST, RESPONSE, MQTT_JUMBO_REQ

priority Priority number of the policy. Minimum value: 1 Maximum value: 2147483647

analyticsProfile unbind lb vserver -analyticsProfile .

Example

unbind lb vserver http_vip http_svc To unbind a service from multiple vservers use the following command: unbind lb vs http_vip[1-3] http_svc To unbind multiple services from a vserver use the following command: unbind lb vs http_vip http_svc[1-3]

disable lb vserver

Disables a virtual server.

Synopsis

disable lb vserver @

Arguments

name Name of the virtual server.

Example

disable vserver lb_vip To disable multiple vservers at once use the following command: disable vserver lb_vip[1-3]

set lb vserver

Modifies the specified parameters of a load balancing virtual server.

Synopsis

set lb vserver @ \[-IPAddress <ip\_addr|ipv6\_addr|\*>@] \[-ipset ] \[-IPPattern ] \[-IPMask ] \[@ \[-weight <positive\_integer>] \[-order <positive\_integer>]] \[-persistenceType ] \[-timeout ] \[-persistenceBackup \( SOURCEIP | NONE )] \[-backupPersistenceTimeout ] \[-lbMethod \[-hashLength <positive\_integer>] \[-netmask ] \[-v6netmasklen <positive\_integer>] ] \[-backupLBMethod ] \[-rule ] \[-cookieName ] \[-resRule ] \[-persistMask ] \[-v6persistmasklen <positive\_integer>] \[-rtspNat \( ON | OFF )] \[-m ] \[-tosId <positive\_integer>] \[-dataLength <positive\_integer>] \[-dataOffset <positive\_integer>] \[-sessionless \( ENABLED | DISABLED )] \[-trofsPersistence \( ENABLED | DISABLED )] \[-connfailover ] \[-backupVServer ] \[-redirectURL ] \[-cacheable \( YES | NO )] \[-cltTimeout ] \[-soMethod ] \[-soThreshold <positive\_integer>] \[-soPersistence \( ENABLED | DISABLED )] \[-soPersistenceTimeOut <positive\_integer>] \[-healthThreshold <positive\_integer>] \[-soBackupAction ] \[-redirectPortRewrite \( ENABLED | DISABLED )] \[-downStateFlush \( ENABLED | DISABLED )] \[-insertVserverIPPort \[] ] \[-disablePrimaryOnDown \( ENABLED | DISABLED )] \[-AuthenticationHost ] \[-Authentication \( ON | OFF )] \[-authn401 \( ON | OFF )] \[-authnVsName ] \[-push \( ENABLED | DISABLED )] \[-pushVserver ] \[-pushLabel ] \[-pushMultiClients \( YES | NO )] \[-Listenpolicy ] \[-Listenpriority <positive\_integer>] \[-tcpProfileName ] \[-httpProfileName ] \[-dbProfileName ] \[-comment ] \[-l2Conn \( ON | OFF )] \[-oracleServerVersion \( 10G | 11G )] \[-mssqlServerVersion ] \[-mysqlProtocolVersion <positive\_integer>] \[-mysqlServerVersion ] \[-mysqlCharacterSet <positive\_integer>] \[-mysqlServerCapabilities <positive\_integer>] \[-appflowLog \( ENABLED | DISABLED )] \[-netProfile ] \[-icmpVsrResponse \( PASSIVE | ACTIVE )] \[-RHIstate \( PASSIVE | ACTIVE )] \[-newServiceRequest <positive\_integer>] \[] \[-newServiceRequestIncrementInterval <positive\_integer>] \[-minAutoscaleMembers <positive\_integer>] \[-maxAutoscaleMembers <positive\_integer>] \[-persistAVPno <positive\_integer> ...] \[-skippersistency ] \[-authnProfile ] \[-macmodeRetainvlan \( ENABLED | DISABLED )] \[-dbsLb \( ENABLED | DISABLED )] \[-dns64 \( ENABLED | DISABLED )] \[-bypassAAAA \( YES | NO )] \[-RecursionAvailable \( YES | NO )] \[-processLocal \( ENABLED | DISABLED )] \[-dnsProfileName ] \[-lbprofilename ] \[-redirectFromPort <port|\*>] \[-httpsRedirectUrl ] \[-retainConnectionsOnCluster \( YES | NO )] \[-adfsProxyProfile ] \[-quicProfileName ] \[-quicBridgeProfilename ] \[-probePort <port|\*>] \[-probeProtocol \( TCP | HTTP ) \[-probeSuccessResponseCode ]] \[-toggleorder \( ASCENDING | DESCENDING )] \[-orderthreshold <positive\_integer>]

Arguments

name Name of the virtual server.

IPAddress IPv4 or IPv6 address to assign to the virtual server.

ipset The list of IPv4/IPv6 addresses bound to ipset would form a part of listening service on the current lb vserver

IPPattern IP address pattern, in dotted decimal notation, for identifying packets to be accepted by the virtual server. The IP Mask parameter specifies which part of the destination IP address is matched against the pattern. Mutually exclusive with the IP Address parameter. For example, if the IP pattern assigned to the virtual server is 198.51.100.0 and the IP mask is 255.255.240.0 (a forward mask), the first 20 bits in the destination IP addresses are matched with the first 20 bits in the pattern. The virtual server accepts requests with IP addresses that range from 198.51.96.1 to 198.51.111.254. You can also use a pattern such as 0.0.2.2 and a mask such as 0.0.255.255 (a reverse mask). If a destination IP address matches more than one IP pattern, the pattern with the longest match is selected, and the associated virtual server processes the request. For example, if virtual servers vs1 and vs2 have the same IP pattern, 0.0.100.128, but different IP masks of 0.0.255.255 and 0.0.224.255, a destination IP address of 198.51.100.128 has the longest match with the IP pattern of vs1. If a destination IP address matches two or more virtual servers to the same extent, the request is processed by the virtual server whose port number matches the port number in the request.

IPMask IP mask, in dotted decimal notation, for the IP Pattern parameter. Can have leading or trailing non-zero octets (for example, 255.255.240.0 or 0.0.255.255). Accordingly, the mask specifies whether the first n bits or the last n bits of the destination IP address in a client request are to be matched with the corresponding bits in the IP pattern. The former is called a forward mask. The latter is called a reverse mask.

serviceName Service to bind to the virtual server.

weight Weight to assign to the specified service. Minimum value: 1 Maximum value: 100

order Order number to be assigned to the service when it is bound to the lb vserver. Minimum value: 1 Maximum value: 8192

persistenceType Type of persistence for the virtual server. Available settings function as follows:

  • SOURCEIP - Connections from the same client IP address belong to the same persistence session.
  • COOKIEINSERT - Connections that have the same HTTP Cookie, inserted by a Set-Cookie directive from a server, belong to the same persistence session.
  • SSLSESSION - Connections that have the same SSL Session ID belong to the same persistence session.
  • CUSTOMSERVERID - Connections with the same server ID form part of the same session. For this persistence type, set the Server ID (CustomServerID) parameter for each service and configure the Rule parameter to identify the server ID in a request.
  • RULE - All connections that match a user defined rule belong to the same persistence session.
  • URLPASSIVE - Requests that have the same server ID in the URL query belong to the same persistence session. The server ID is the hexadecimal representation of the IP address and port of the service to which the request must be forwarded. This persistence type requires a rule to identify the server ID in the request.
  • DESTIP - Connections to the same destination IP address belong to the same persistence session.
  • SRCIPDESTIP - Connections that have the same source IP address and destination IP address belong to the same persistence session.
  • CALLID - Connections that have the same CALL-ID SIP header belong to the same persistence session.
  • RTSPSID - Connections that have the same RTSP Session ID belong to the same persistence session.
  • FIXSESSION - Connections that have the same SenderCompID and TargetCompID values belong to the same persistence session.
  • USERSESSION - Persistence session is created based on the persistence parameter value provided from an extension.

Possible values: SOURCEIP, COOKIEINSERT, SSLSESSION, RULE, URLPASSIVE, CUSTOMSERVERID, DESTIP, SRCIPDESTIP, CALLID, RTSPSID, DIAMETER, FIXSESSION, USERSESSION, NONE

timeout Time period for which a persistence session is in effect. Default value: 2 Maximum value: 1440

persistenceBackup Backup persistence type for the virtual server. Becomes operational if the primary persistence mechanism fails.

Possible values: SOURCEIP, NONE

backupPersistenceTimeout Time period for which backup persistence is in effect. Default value: 2 Minimum value: 2 Maximum value: 1440

lbMethod Load balancing method. The available settings function as follows:

  • ROUNDROBIN - Distribute requests in rotation, regardless of the load. Weights can be assigned to services to enforce weighted round robin distribution.
  • LEASTCONNECTION (default) - Select the service with the fewest connections.
  • LEASTRESPONSETIME - Select the service with the lowest average response time.
  • LEASTBANDWIDTH - Select the service currently handling the least traffic.
  • LEASTPACKETS - Select the service currently serving the lowest number of packets per second.
  • CUSTOMLOAD - Base service selection on the SNMP metrics obtained by custom load monitors.
  • LRTM - Select the service with the lowest response time. Response times are learned through monitoring probes. This method also takes the number of active connections into account. Also available are a number of hashing methods, in which the appliance extracts a predetermined portion of the request, creates a hash of the portion, and then checks whether any previous requests had the same hash value. If it finds a match, it forwards the request to the service that served those previous requests. Following are the hashing methods:
  • URLHASH - Create a hash of the request URL (or part of the URL).
  • DOMAINHASH - Create a hash of the domain name in the request (or part of the domain name). The domain name is taken from either the URL or the Host header. If the domain name appears in both locations, the URL is preferred. If the request does not contain a domain name, the load balancing method defaults to LEASTCONNECTION.
  • DESTINATIONIPHASH - Create a hash of the destination IP address in the IP header.
  • SOURCEIPHASH - Create a hash of the source IP address in the IP header.
  • TOKEN - Extract a token from the request, create a hash of the token, and then select the service to which any previous requests with the same token hash value were sent.
  • SRCIPDESTIPHASH - Create a hash of the string obtained by concatenating the source IP address and destination IP address in the IP header.
  • SRCIPSRCPORTHASH - Create a hash of the source IP address and source port in the IP header.
  • CALLIDHASH - Create a hash of the SIP Call-ID header.
  • USER_TOKEN - Same as TOKEN LB method but token needs to be provided from an extension.

Possible values: ROUNDROBIN, LEASTCONNECTION, LEASTRESPONSETIME, URLHASH, DOMAINHASH, DESTINATIONIPHASH, SOURCEIPHASH, SRCIPDESTIPHASH, LEASTBANDWIDTH, LEASTPACKETS, TOKEN, SRCIPSRCPORTHASH, LRTM, CALLIDHASH, CUSTOMLOAD, LEASTREQUEST, AUDITLOGHASH, STATICPROXIMITY, USER_TOKEN Default value: LEASTCONNECTION

hashLength Number of bytes to consider for the hash value used in the URLHASH and DOMAINHASH load balancing methods. Default value: 80 Minimum value: 1 Maximum value: 4096

netmask IPv4 subnet mask to apply to the destination IP address or source IP address when the load balancing method is DESTINATIONIPHASH or SOURCEIPHASH. Default value: 0xFFFFFFFF

v6netmasklen Number of bits to consider in an IPv6 destination or source IP address, for creating the hash that is required by the DESTINATIONIPHASH and SOURCEIPHASH load balancing methods. Default value: 128 Minimum value: 1 Maximum value: 128

backupLBMethod Backup load balancing method. Becomes operational if the primary load balancing me thod fails or cannot be used. Valid only if the primary method is based on static proximity.

Possible values: ROUNDROBIN, LEASTCONNECTION, LEASTRESPONSETIME, SOURCEIPHASH, LEASTBANDWIDTH, LEASTPACKETS, CUSTOMLOAD Default value: ROUNDROBIN

rule Expression, or name of a named expression, against which traffic is evaluated. The following requirements apply only to the Citrix ADC CLI:

  • If the expression includes one or more spaces, enclose the entire expression in double quotation marks.
  • If the expression itself includes double quotation marks, escape the quotations by using the \ character.
  • Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks. Default value: “none”

cookieName Use this parameter to specify the cookie name for COOKIE peristence type. It specifies the name of cookie with a maximum of 32 characters. If not specified, cookie name is internally generated.

resRule Expression specifying which part of a server’s response to use for creating rule based persistence sessions (persistence type RULE). Can be either an expression or the name of a named expression. Example: HTTP.RES.HEADER(“setcookie”).VALUE(0).TYPECAST_NVLIST_T(‘=’,’;’).VALUE(“server1”). Default value: “none”

persistMask Persistence mask for IP based persistence types, for IPv4 virtual servers. Default value: 0xFFFFFFFF

v6persistmasklen Persistence mask for IP based persistence types, for IPv6 virtual servers. Default value: 128 Minimum value: 1 Maximum value: 128

rtspNat Use network address translation (NAT) for RTSP data connections.

Possible values: ON, OFF Default value: OFF

m Redirection mode for load balancing. Available settings function as follows:

  • IP - Before forwarding a request to a server, change the destination IP address to the server’s IP address.
  • MAC - Before forwarding a request to a server, change the destination MAC address to the server’s MAC address. The destination IP address is not changed. MAC-based redirection mode is used mostly in firewall load balancing deployments.
  • IPTUNNEL - Perform IP-in-IP encapsulation for client IP packets. In the outer IP headers, set the destination IP address to the IP address of the server and the source IP address to the subnet IP (SNIP). The client IP packets are not modified. Applicable to both IPv4 and IPv6 packets.
  • TOS - Encode the virtual server’s TOS ID in the TOS field of the IP header. You can use either the IPTUNNEL or the TOS option to implement Direct Server Return (DSR).

Possible values: IP, MAC, IPTUNNEL, TOS Default value: IP

tosId TOS ID of the virtual server. Applicable only when the load balancing redirection mode is set to TOS. Minimum value: 1 Maximum value: 63

dataLength Length of the token to be extracted from the data segment of an incoming packet, for use in the token method of load balancing. The length of the token, specified in bytes, must not be greater than 24 KB. Applicable to virtual servers of type TCP. Minimum value: 1 Maximum value: 100

dataOffset Offset to be considered when extracting a token from the TCP payload. Applicable to virtual servers, of type TCP, using the token method of load balancing. Must be within the first 24 KB of the TCP payload. Minimum value: 0 Maximum value: 25400

sessionless Perform load balancing on a per-packet basis, without establishing sessions. Recommended for load balancing of intrusion detection system (IDS) servers and scenarios involving direct server return (DSR), where session information is unnecessary.

Possible values: ENABLED, DISABLED Default value: DISABLED

trofsPersistence When value is ENABLED, Trofs persistence is honored. When value is DISABLED, Trofs persistence is not honored.

Possible values: ENABLED, DISABLED Default value: ENABLED

connfailover Mode in which the connection failover feature must operate for the virtual server. After a failover, established TCP connections and UDP packet flows are kept active and resumed on the secondary appliance. Clients remain connected to the same servers. Available settings function as follows:

  • STATEFUL - The primary appliance shares state information with the secondary appliance, in real time, resulting in some runtime processing overhead.
  • STATELESS - State information is not shared, and the new primary appliance tries to re-create the packet flow on the basis of the information contained in the packets it receives.
  • DISABLED - Connection failover does not occur.

Possible values: DISABLED, STATEFUL, STATELESS Default value: DISABLED

backupVServer Name of the backup virtual server to which to forward requests if the primary virtual server goes DOWN or reaches its spillover threshold.

redirectURL URL to which to redirect traffic if the virtual server becomes unavailable. WARNING! Make sure that the domain in the URL does not match the domain specified for a content switching policy. If it does, requests are continuously redirected to the unavailable virtual server.

cacheable Route cacheable requests to a cache redirection virtual server. The load balancing virtual server can forward requests only to a transparent cache redirection virtual server that has an IP address and port combination of *:80, so such a cache redirection virtual server must be configured on the appliance.

Possible values: YES, NO Default value: NO

cltTimeout Idle time, in seconds, after which a client connection is terminated. Default value: -1 Maximum value: 31536000

soMethod Type of threshold that, when exceeded, triggers spillover. Available settings function as follows:

  • CONNECTION - Spillover occurs when the number of client connections exceeds the threshold.
  • DYNAMICCONNECTION - Spillover occurs when the number of client connections at the virtual server exceeds the sum of the maximum client (Max Clients) settings for bound services. Do not specify a spillover threshold for this setting, because the threshold is implied by the Max Clients settings of bound services.
  • BANDWIDTH - Spillover occurs when the bandwidth consumed by the virtual server’s incoming and outgoing traffic exceeds the threshold.
  • HEALTH - Spillover occurs when the percentage of weights of the services that are UP drops below the threshold. For example, if services svc1, svc2, and svc3 are bound to a virtual server, with weights 1, 2, and 3, and the spillover threshold is 50%, spillover occurs if svc1 and svc3 or svc2 and svc3 transition to DOWN.
  • NONE - Spillover does not occur.

Possible values: CONNECTION, DYNAMICCONNECTION, BANDWIDTH, HEALTH, NONE

soThreshold Threshold at which spillover occurs. Specify an integer for the CONNECTION spillover method, a bandwidth value in kilobits per second for the BANDWIDTH method (do not enter the units), or a percentage for the HEALTH method (do not enter the percentage symbol). Minimum value: 1 Maximum value: 4294967287

soPersistence If spillover occurs, maintain source IP address based persistence for both primary and backup virtual servers.

Possible values: ENABLED, DISABLED Default value: DISABLED

soPersistenceTimeOut Timeout for spillover persistence, in minutes. Default value: 2 Minimum value: 2 Maximum value: 1440

healthThreshold Threshold in percent of active services below which vserver state is made down. If this threshold is 0, vserver state will be up even if one bound service is up. Default value: 0 Minimum value: 0 Maximum value: 100

soBackupAction Action to be performed if spillover is to take effect, but no backup chain to spillover is usable or exists

Possible values: DROP, ACCEPT, REDIRECT

redirectPortRewrite Rewrite the port and change the protocol to ensure successful HTTP redirects from services.

Possible values: ENABLED, DISABLED Default value: DISABLED

downStateFlush Flush all active transactions associated with a virtual server whose state transitions from UP to DOWN. Do not enable this option for applications that must complete their transactions.

Possible values: ENABLED, DISABLED Default value: ENABLED

insertVserverIPPort Insert an HTTP header, whose value is the IP address and port number of the virtual server, before forwarding a request to the server. The format of the header is : _, where vipHeader is the name that you specify for the header. If the virtual server has an IPv6 address, the address in the header is enclosed in brackets ([ and ]) to separate it from the port number. If you have mapped an IPv4 address to a virtual server's IPv6 address, the value of this parameter determines which IP address is inserted in the header, as follows:

  • VIPADDR - Insert the IP address of the virtual server in the HTTP header regardless of whether the virtual server has an IPv4 address or an IPv6 address. A mapped IPv4 address, if configured, is ignored.
  • V6TOV4MAPPING - Insert the IPv4 address that is mapped to the virtual server’s IPv6 address. If a mapped IPv4 address is not configured, insert the IPv6 address.
  • OFF - Disable header insertion.

Possible values: OFF, VIPADDR, V6TOV4MAPPING

vipHeader Name for the inserted header. The default name is vip-header.

disablePrimaryOnDown If the primary virtual server goes down, do not allow it to return to primary status until manually enabled.

Possible values: ENABLED, DISABLED Default value: DISABLED

AuthenticationHost Fully qualified domain name (FQDN) of the authentication virtual server to which the user must be redirected for authentication. Make sure that the Authentication parameter is set to ENABLED.

Authentication Enable or disable user authentication.

Possible values: ON, OFF Default value: OFF

authn401 Enable or disable user authentication with HTTP 401 responses.

Possible values: ON, OFF Default value: OFF

authnVsName Name of an authentication virtual server with which to authenticate users.

push Process traffic with the push virtual server that is bound to this load balancing virtual server.

Possible values: ENABLED, DISABLED Default value: DISABLED

pushVserver Name of the load balancing virtual server, of type PUSH or SSL_PUSH, to which the server pushes updates received on the load balancing virtual server that you are configuring.

pushLabel Expression for extracting a label from the server’s response. Can be either an expression or the name of a named expression. Default value: “none”

pushMultiClients Allow multiple Web 2.0 connections from the same client to connect to the virtual server and expect updates.

Possible values: YES, NO Default value: NO

Listenpolicy Expression identifying traffic accepted by the virtual server. Can be either an expression (for example, CLIENT.IP.DST.IN_SUBNET(192.0.2.0/24) or the name of a named expression. In the above example, the virtual server accepts all requests whose destination IP address is in the 192.0.2.0/24 subnet. Default value: “NONE”

Listenpriority Integer specifying the priority of the listen policy. A higher number specifies a lower priority. If a request matches the listen policies of more than one virtual server the virtual server whose listen policy has the highest priority (the lowest priority number) accepts the request. Default value: 101 Minimum value: 0 Maximum value: 101

tcpProfileName Name of the TCP profile whose settings are to be applied to the virtual server.

httpProfileName Name of the HTTP profile whose settings are to be applied to the virtual server.

dbProfileName Name of the DB profile whose settings are to be applied to the virtual server.

comment Any comments that you might want to associate with the virtual server.

l2Conn Use Layer 2 parameters (channel number, MAC address, and VLAN ID) in addition to the 4-tuple (::::) that is used to identify a connection. Allows multiple TCP and non-TCP connections with the same 4-tuple to co-exist on the Citrix ADC.

Possible values: ON, OFF

oracleServerVersion Oracle server version

Possible values: 10G, 11G Default value: 10G

mssqlServerVersion For a load balancing virtual server of type MSSQL, the Microsoft SQL Server version. Set this parameter if you expect some clients to run a version different from the version of the database. This setting provides compatibility between the client-side and server-side connections by ensuring that all communication conforms to the server’s version.

Possible values: 70, 2000, 2000SP1, 2005, 2008, 2008R2, 2012, 2014 Default value: 2008R2

mysqlProtocolVersion MySQL protocol version that the virtual server advertises to clients. Default value: NSA_MYSQL_PROTOCOL_VER_DEFAULT Minimum value: 0

mysqlServerVersion MySQL server version string that the virtual server advertises to clients. Default value: NSA_MYSQL_SERVER_VER_DEFAULT

mysqlCharacterSet Character set that the virtual server advertises to clients. Default value: NSA_MYSQL_CHAR_SET_DEFAULT Minimum value: 0

mysqlServerCapabilities Server capabilities that the virtual server advertises to clients. Default value: NSA_MYSQL_SVR_CAPABILITIES_DEFAULT Minimum value: 0

appflowLog Apply AppFlow logging to the virtual server.

Possible values: ENABLED, DISABLED Default value: ENABLED

netProfile Name of the network profile to associate with the virtual server. If you set this parameter, the virtual server uses only the IP addresses in the network profile as source IP addresses when initiating connections with servers.

icmpVsrResponse How the Citrix ADC responds to ping requests received for an IP address that is common to one or more virtual servers. Available settings function as follows:

  • If set to PASSIVE on all the virtual servers that share the IP address, the appliance always responds to the ping requests.
  • If set to ACTIVE on all the virtual servers that share the IP address, the appliance responds to the ping requests if at least one of the virtual servers is UP. Otherwise, the appliance does not respond.
  • If set to ACTIVE on some virtual servers and PASSIVE on the others, the appliance responds if at least one virtual server with the ACTIVE setting is UP. Otherwise, the appliance does not respond. Note: This parameter is available at the virtual server level. A similar parameter, ICMP Response, is available at the IP address level, for IPv4 addresses of type VIP. To set that parameter, use the add ip command in the CLI or the Create IP dialog box in the GUI.

Possible values: PASSIVE, ACTIVE Default value: PASSIVE

RHIstate Route Health Injection (RHI) functionality of the NetSaler appliance for advertising the route of the VIP address associated with the virtual server. When Vserver RHI Level (RHI) parameter is set to VSVR_CNTRLD, the following are different RHI behaviors for the VIP address on the basis of RHIstate (RHI STATE) settings on the virtual servers associated with the VIP address:

  • If you set RHI STATE to PASSIVE on all virtual servers, the Citrix ADC always advertises the route for the VIP address.
  • If you set RHI STATE to ACTIVE on all virtual servers, the Citrix ADC advertises the route for the VIP address if at least one of the associated virtual servers is in UP state.
  • If you set RHI STATE to ACTIVE on some and PASSIVE on others, the Citrix ADC advertises the route for the VIP address if at least one of the associated virtual servers, whose RHI STATE set to ACTIVE, is in UP state.

Possible values: PASSIVE, ACTIVE Default value: PASSIVE

newServiceRequest Number of requests, or percentage of the load on existing services, by which to increase the load on a new service at each interval in slow-start mode. A non-zero value indicates that slow-start is applicable. A zero value indicates that the global RR startup parameter is applied. Changing the value to zero will cause services currently in slow start to take the full traffic as determined by the LB method. Subsequently, any new services added will use the global RR factor. Default value: 0 Minimum value: 0

newServiceRequestUnit Units in which to increment load at each interval in slow-start mode.

Possible values: PER_SECOND, PERCENT Default value: PER_SECOND

newServiceRequestIncrementInterval Interval, in seconds, between successive increments in the load on a new service or a service whose state has just changed from DOWN to UP. A value of 0 (zero) specifies manual slow start. Default value: 0 Minimum value: 0 Maximum value: 3600

minAutoscaleMembers Minimum number of members expected to be present when vserver is used in Autoscale. Default value: 0 Minimum value: 0 Maximum value: 5000

maxAutoscaleMembers Maximum number of members expected to be present when vserver is used in Autoscale. Default value: 0 Minimum value: 0 Maximum value: 5000

persistAVPno Persist AVP number for Diameter Persistency. In case this AVP is not defined in Base RFC 3588 and it is nested inside a Grouped AVP, define a sequence of AVP numbers (max 3) in order of parent to child. So say persist AVP number X is nested inside AVP Y which is nested in Z, then define the list as Z Y X Minimum value: 1

skippersistency This argument decides the behavior incase the service which is selected from an existing persistence session has reached threshold.

Possible values: Bypass, ReLb, None Default value: None

authnProfile Name of the authentication profile to be used when authentication is turned on.

macmodeRetainvlan This option is used to retain vlan information of incoming packet when macmode is enabled

Possible values: ENABLED, DISABLED Default value: DISABLED

dbsLb Enable database specific load balancing for MySQL and MSSQL service types.

Possible values: ENABLED, DISABLED Default value: DISABLED

dns64 This argument is for enabling/disabling the dns64 on lbvserver

Possible values: ENABLED, DISABLED

bypassAAAA If this option is enabled while resolving DNS64 query AAAA queries are not sent to back end dns server

Possible values: YES, NO Default value: NO

RecursionAvailable When set to YES, this option causes the DNS replies from this vserver to have the RA bit turned on. Typically one would set this option to YES, when the vserver is load balancing a set of DNS servers thatsupport recursive queries.

Possible values: YES, NO Default value: NO

processLocal By turning on this option packets destined to a vserver in a cluster will not under go any steering. Turn this option for single packet request response mode or when the upstream device is performing a proper RSS for connection based distribution.

Possible values: ENABLED, DISABLED Default value: DISABLED

dnsProfileName Name of the DNS profile to be associated with the VServer. DNS profile properties will be applied to the transactions processed by a VServer. This parameter is valid only for DNS and DNS-TCP VServers.

lbprofilename Name of the LB profile which is associated to the vserver

redirectFromPort Port number for the virtual server, from which we absorb the traffic for http redirect Minimum value: 1

httpsRedirectUrl URL to which all HTTP traffic received on the port specified in the -redirectFromPort parameter is redirected.

retainConnectionsOnCluster This option enables you to retain existing connections on a node joining a Cluster system or when a node is being configured for passive timeout. By default, this option is disabled.

Possible values: YES, NO Default value: NO

adfsProxyProfile Name of the adfsProxy profile to be used to support ADFSPIP protocol for ADFS servers.

quicProfileName Name of QUIC profile which will be attached to the VServer.

quicBridgeProfilename Name of the QUIC Bridge profile whose settings are to be applied to the virtual server.

probePort Citrix ADC provides support for external health check of the vserver status. Select port for HTTP/TCP monitring Default value: 0

probeProtocol Citrix ADC provides support for external health check of the vserver status. Select HTTP or TCP probes for healthcheck

Possible values: TCP, HTTP

probeSuccessResponseCode HTTP code to return in SUCCESS case. Default value: “200 OK”

toggleorder Configure this option to toggle order preference

Possible values: ASCENDING, DESCENDING Default value: ASCENDING

orderthreshold This option is used to to specify the threshold of minimum number of services to be UP in an order, for it to be considered in Lb decision. Default value: 0 Minimum value: 0 Maximum value: 100

Example

set lb vserver http_vip -lbmethod LEASTRESPONSETIME To set the load balancing method for multiple vserver use the following command: set lb vserver http_vip[1-3] -lbmethod LEASTRESPONSETIME

enable lb vserver

Enables a virtual server.

Synopsis

enable lb vserver @

Arguments

name Name of the virtual server.

Example

enable vserver lb_vip To enable multiple vservers at once use the following command: enable vserver lb_vip[1-3]

show lb vserver

Displays the statistical data collected for a load balancing virtual server.

Synopsis

show lb vserver [] show lb vserver stats - alias for 'stat lb vserver'

Arguments

name Name of the virtual server. If no name is provided, statistical data of all configured virtual servers is displayed.

Output

insertVserverIPPort The virtual IP and port header insertion option for the vserver.

vipHeader Name for the inserted header. The default name is vip-header.

value SSL status.

stateflag appfwPolicyFlag IPAddress The IP address of the virtual server.

IPAddress IPv4 or IPv6 address to assign to the virtual server.

IPPattern The IP pattern of the virtual server.

IPMask The IP address mask of the virtual server.

Listenpolicy The string is listenpolicy configured for lb vserver

Listenpriority This parameter is the priority for listen policy of LB Vserver.

IPMapping The permanent mapping for the V6 Address

port Port number for the virtual server.

ipset The list of IPv4/IPv6 addresses bound to ipset would form a part of listening service on the current lb vserver

range Number of IP addresses that the appliance must generate and assign to the virtual server. The virtual server then functions as a network virtual server, accepting traffic on any of the generated IP addresses. The IP addresses are generated automatically, as follows:

  • For a range of n, the last octet of the address specified by the IP Address parameter increments n-1 times.
  • If the last octet exceeds 255, it rolls over to 0 and the third octet increments by 1. Note: The Range parameter assigns multiple IP addresses to one virtual server. To generate an array of virtual servers, each of which owns only one IP address, use brackets in the IP Address and Name parameters to specify the range. For example: add lb vserver my_vserver[1-3] HTTP 192.0.2.[1-3] 80

serviceType Protocol used by the service (also called the service type).

ngname Nodegroup name to which this lbvsever belongs to

type Type of LB vserver.

state Current LB vserver state.

effectiveState Effective state of the LB vserver , based on the state of backup vservers.

status Current status of the lb vserver. During the initial phase if the configured lb method is not round robin , the vserver will adopt round robin to distribute traffic for a predefined number of requests.

lbrrreason Reason why a vserver is in RR. The following are the reasons: 1 - MEP is DOWN (GSLB) 2 - LB method has changed 3 - Bound service’s state changed to UP 4 - A new service is bound 5 - Startup RR factor has changed 6 - LB feature is enabled 7 - Load monitor is not active on a service 8 - Vserver is Enabled 9 - SSL feature is Enabled 10 - All bound services have reached threshold. Using effective state to load balance (GSLB) 11 - Primary state of bound services are not UP. Using effective state to load balance (GSLB) 12 - No LB decision can be made as all bound services have either reached threshold or are not UP (GSLB) 13 - All load monitors are active

cacheType Cache type.

redirect Cache redirect type.

precedence Precedence.

redirectURL The redirect URL.

Authentication Authentication.

authn401 HTTP 401 response based authentication.

authnVsName Name of an authentication virtual server with which to authenticate users.

homePage Home page.

dnsVserverName DNS vserver name.

domain Domain.

policyName Name of the policy bound to the LB vserver.

serviceName Service to bind to the virtual server.

serviceGroupName The service group name bound to the selected load balancing virtual server.

weight Weight to assign to the specified service.

dynamicWeight Dynamic weight

cacheVserver Cache virtual server.

backupVServer Name of the backup virtual server to which to forward requests if the primary virtual server goes DOWN or reaches its spillover threshold.

priority Priority.

cltTimeout The client timeout in seconds.

soMethod The spillover method to be in effect.

soPersistence State of spillover persistence.

soPersistenceTimeOut The maximum time persistence is in effect for a specific client on a spillover vserver.

healthThreshold Threshold in percent of active services below which vserver state is made down.

soThreshold Threshold at which spillover occurs. Specify an integer for the CONNECTION spillover method, a bandwidth value in kilobits per second for the BANDWIDTH method (do not enter the units), or a percentage for the HEALTH method (do not enter the percentage symbol).

soBackupAction Action to be performed if spillover is to take effect, but no backup chain to spillover is usable or exists

lbMethod The load balancing method to be in effect

backupLBMethod Indicates the backup method in case the primary fails

hashLength The hash length.

dataOffset The data offset length for TOKEN load balancing method.

health Health of vserver based on percentage of weights of active svcs/all svcs. This does not consider administratively disabled svcs

dataLength The data length for TOKEN load balancing method.

netmask The netmask of the destination network.

v6netmasklen The netmask of the destination network.

rule Rule type.

resRule Use this parameter to specify the expression to be used in response for RULE persistence type. The string is an in-line expression with a maximum of 1499 characters.

gotoPriorityExpression Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

ruleType Rule type.

groupName LB group to which the lb vserver is to be bound.

m The LB mode.

tosId TOS ID

persistenceType The persistence type for the specified virtual server

timeout The maximum time persistence is in effect for a specific client.

cookieDomain Domain name to be used in the set cookie header in case of cookie persistence.

persistMask The persistence mask for v4 traffic

v6persistmasklen The persistence mask for v6 traffic.

persistenceBackup The maximum time backup persistence is in effect for a specific client.

backupPersistenceTimeout Time period for which backup persistence is in effect.

cacheable The state of caching.

rtspNat Use network address translation (NAT) for RTSP data connections.

sessionless To enable sessionless load balancing, enable this option

trofsPersistence When value is ENABLED, Trofs persistence is honored. When value is DISABLED, Trofs persistence is not honored.

map Map.

connfailover The connection failover mode of the virtual server

redirectPortRewrite Rewrite the port and change the protocol to ensure successful HTTP redirects from services.

downStateFlush Flush all active transactions associated with a virtual server whose state transitions from UP to DOWN. Do not enable this option for applications that must complete their transactions.

disablePrimaryOnDown Tells whether traffic will continue reaching backup vservers even after primary comes UP from DOWN state.

gt2GB Allow for greater than 2 GB transactions on this vserver.

consolidatedLConn Use consolidated stats for LeastConnection.

consolidatedLConnGbl Fetches Global setting.

thresholdValue Tells whether threshold exceeded for this service participating in CUSTOMLB

type The bindpoint to which the policy is bound

invoke Invoke policies bound to a virtual server or policy label.

labelType The invocation type.

labelName Name of the label invoked.

cookieIpPort Encryped Ip address and port of the service that is inserted into the set-cookie http header

cookieName Use this parameter to specify the cookie name for COOKIE peristence type. It specifies the name of cookie with a maximum of 32 characters. If not specified, cookie name is internally generated.

vserverId Vserver Id

version Cookie version

totalServices Total number of services bound to the vserver.

activeServices Total number of active services bound to the vserver.

stateChangeTimeSec Time when last state change happened. Seconds part.

stateChangeTimeSeconds Time when last state change happened. Seconds part.

stateChangeTimemSec Time at which last state change happened. Milliseconds part.

ticksSinceLastStateChange Time in 10 millisecond ticks since the last state change.

hits Number of hits.

piPolicyhits Number of hits.

AuthenticationHost Fully qualified domain name (FQDN) of the authentication virtual server to which the user must be redirected for authentication. Make sure that the Authentication parameter is set to ENABLED.

push Process traffic with the push virtual server that is bound to this load balancing virtual server.

pushVserver Name of the load balancing virtual server, of type PUSH or SSL_PUSH, to which the server pushes updates received on the load balancing virtual server that you are configuring.

pushLabel Expression for extracting a label from the server’s response. Can be either an expression or the name of a named expression.

pushMultiClients Allow multiple Web 2.0 connections from the same client to connect to the virtual server and expect updates.

tcpProfileName Name of the TCP profile whose settings are to be applied to the virtual server.

httpProfileName Name of the HTTP profile whose settings are to be applied to the virtual server.

dbProfileName Name of the DB profile whose settings are to be applied to the virtual server.

comment Any comments that you might want to associate with the virtual server.

flag flags policySubType l2Conn Use Layer 2 parameters (channel number, MAC address, and VLAN ID) in addition to the 4-tuple (::::) that is used to identify a connection. Allows multiple TCP and non-TCP connections with the same 4-tuple to co-exist on the Citrix ADC.

oracleServerVersion Oracle server version

mssqlServerVersion For a load balancing virtual server of type MSSQL, the Microsoft SQL Server version. Set this parameter if you expect some clients to run a version different from the version of the database. This setting provides compatibility between the client-side and server-side connections by ensuring that all communication conforms to the server’s version.

mysqlProtocolVersion MySQL protocol version that the virtual server advertises to clients.

mysqlServerVersion MySQL server version string that the virtual server advertises to clients.

mysqlCharacterSet Character set that the virtual server advertises to clients.

mysqlServerCapabilities Server capabilities that the virtual server advertises to clients.

appflowLog Apply AppFlow logging to the virtual server.

netProfile Name of the network profile to associate with the virtual server. If you set this parameter, the virtual server uses only the IP addresses in the network profile as source IP addresses when initiating connections with servers.

isGslb This field is set to true if it is a GSLBVserver.

icmpVsrResponse How the Citrix ADC responds to ping requests received for an IP address that is common to one or more virtual servers. Available settings function as follows:

  • If set to PASSIVE on all the virtual servers that share the IP address, the appliance always responds to the ping requests.
  • If set to ACTIVE on all the virtual servers that share the IP address, the appliance responds to the ping requests if at least one of the virtual servers is UP. Otherwise, the appliance does not respond.
  • If set to ACTIVE on some virtual servers and PASSIVE on the others, the appliance responds if at least one virtual server with the ACTIVE setting is UP. Otherwise, the appliance does not respond. Note: This parameter is available at the virtual server level. A similar parameter, ICMP Response, is available at the IP address level, for IPv4 addresses of type VIP. To set that parameter, use the add ip command in the CLI or the Create IP dialog box in the GUI.

RHIstate Route Health Injection (RHI) functionality of the NetSaler appliance for advertising the route of the VIP address associated with the virtual server. When Vserver RHI Level (RHI) parameter is set to VSVR_CNTRLD, the following are different RHI behaviors for the VIP address on the basis of RHIstate (RHI STATE) settings on the virtual servers associated with the VIP address:

  • If you set RHI STATE to PASSIVE on all virtual servers, the Citrix ADC always advertises the route for the VIP address.
  • If you set RHI STATE to ACTIVE on all virtual servers, the Citrix ADC advertises the route for the VIP address if at least one of the associated virtual servers is in UP state.
  • If you set RHI STATE to ACTIVE on some and PASSIVE on others, the Citrix ADC advertises the route for the VIP address if at least one of the associated virtual servers, whose RHI STATE set to ACTIVE, is in UP state.

newServiceRequest Number of requests, or percentage of the load on existing services, by which to increase the load on a new service at each interval in slow-start mode. A non-zero value indicates that slow-start is applicable. A zero value indicates that the global RR startup parameter is applied. Changing the value to zero will cause services currently in slow start to take the full traffic as determined by the LB method. Subsequently, any new services added will use the global RR factor.

newServiceRequestUnit Units in which to increment load at each interval in slow-start mode.

newServiceRequestIncrementInterval Interval, in seconds, between successive increments in the load on a new service or a service whose state has just changed from DOWN to UP. A value of 0 (zero) specifies manual slow start.

vsvrcfgflags Contains the config info of vserver to be used at validation

vsvrbindsvcip used for showing the ip of bound entities

vsvrbindsvcport used for showing ports of bound entities

preferredLocation Used for displaying the location of bound services.

persistAVPno Persist AVP number for Diameter Persistency. In case this AVP is not defined in Base RFC 3588 and it is nested inside a Grouped AVP, define a sequence of AVP numbers (max 3) in order of parent to child. So say persist AVP number X is nested inside AVP Y which is nested in Z, then define the list as Z Y X

state State of the load balancing virtual server.

skippersistency This argument decides the behavior incase the service which is selected from an existing persistence session has reached threshold.

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0.

minAutoscaleMembers Minimum number of members expected to be present when vserver is used in Autoscale.

maxAutoscaleMembers Maximum number of members expected to be present when vserver is used in Autoscale.

authnProfile Name of the authentication profile to be used when authentication is turned on.

macmodeRetainvlan This option is used to retain vlan information of incoming packet when macmode is enabled

dbsLb Enable database specific load balancing for MySQL and MSSQL service types.

dns64 This argument is for enabling/disabling the dns64 on lbvserver

bypassAAAA If this option is enabled while resolving DNS64 query AAAA queries are not sent to back end dns server

RecursionAvailable When set to YES, this option causes the DNS replies from this vserver to have the RA bit turned on. Typically one would set this option to YES, when the vserver is load balancing a set of DNS servers thatsupport recursive queries.

processLocal By turning on this option packets destined to a vserver in a cluster will not under go any steering. Turn this option for single packet request response mode or when the upstream device is performing a proper RSS for connection based distribution.

vsvrdynconnsothreshold Spillover threshold for dynamic connection

backupVserverStatus Staus of BackUp Vserver .

dnsProfileName Name of the DNS profile to be associated with the VServer. DNS profile properties will be applied to the transactions processed by a VServer. This parameter is valid only for DNS and DNS-TCP VServers.

lbprofilename Name of the LB profile which is associated to the vserver

redirectFromPort Port number for the virtual server, from which we absorb the traffic for http redirect

httpsRedirectUrl URL to which all HTTP traffic received on the port specified in the -redirectFromPort parameter is redirected.

retainConnectionsOnCluster This option enables you to retain existing connections on a node joining a Cluster system or when a node is being configured for passive timeout. By default, this option is disabled.

analyticsProfile Name of the analytics profile bound to the LB vserver.

noDefaultBindings to determine if the configuration will have default ssl CIPHER and ECC curve bindings

adfsProxyProfile Name of the adfsProxy profile to be used to support ADFSPIP protocol for ADFS servers.

tcpProbePort Port number for external TCP probe. NetScaler provides support for external TCP health check of the vserver status over the selected port. This option is only supported for vservers assigned with an IPAddress or ipset.

isFirstGracefulMember Used for display purpose to find whether this is first binding of service group.

quicBridgeProfilename Name of the QUIC Bridge profile whose settings are to be applied to the virtual server.

probeProtocol Citrix ADC provides support for external health check of the vserver status. Select HTTP or TCP probes for healthcheck

probePort Citrix ADC provides support for external health check of the vserver status. Select port for HTTP/TCP monitring

probeSuccessResponseCode HTTP code to return in SUCCESS case.

quicProfileName Name of QUIC profile which will be attached to the VServer.

order Order number to be assigned to the service when it is bound to the lb vserver.

order Order in string form assigned to the service when it is bound to the lb vserver.

toggleorder Configure this option to toggle order preference

orderthreshold This option is used to to specify the threshold of minimum number of services to be UP in an order, for it to be considered in Lb decision.

CurrentActiveOrder current order that takes the traffic in case service or servicegroup is bound with order

devno count

rename lb vserver

Renames a load balancing virtual server.

Synopsis

rename lb vserver @ @

Arguments

name Existing name of the virtual server.

newName New name for the virtual server.

Example

rename lb vserver http_vsvr http_vsvr_new

rm lb vserver

Removes a virtual server from the Citrix ADC.

Synopsis

rm lb vserver @ ...

Arguments

name Name of the virtual server.

Example

rm vserver lb_vip To remove multiple vservers use the following command: rm vserver lb_vip[1-3]

unset lb vserver

Removes the specified parameter settings from the virtual server..Refer to the set lb vserver command for meanings of the arguments.

Synopsis

unset lb vserver @ [-backupVServer] [-cltTimeout] [-redirectURL] [-authn401] [-Authentication] [-AuthenticationHost] [-authnVsName] [-pushVserver] [-pushLabel] [-tcpProfileName] [-httpProfileName] [-dbProfileName] [-rule] [-l2Conn] [-mysqlProtocolVersion] [-mysqlServerVersion] [-mysqlCharacterSet] [-mysqlServerCapabilities] [-appflowLog] [-netProfile] [-icmpVsrResponse] [-skippersistency] [-minAutoscaleMembers] [-maxAutoscaleMembers] [-authnProfile] [-macmodeRetainvlan] [-dbsLb] [-dnsProfileName] [-lbprofilename] [-redirectFromPort] [-httpsRedirectUrl] [-adfsProxyProfile] [-quicProfileName] [-quicBridgeProfilename] [-probeProtocol] [@ [-order]] [-ipset] [-persistenceType] [-timeout] [-persistenceBackup] [-backupPersistenceTimeout] [-lbMethod] [-hashLength] [-netmask] [-v6netmasklen] [-backupLBMethod] [-cookieName] [-resRule] [-persistMask] [-v6persistmasklen] [-rtspNat] [-m] [-tosId] [-dataLength] [-dataOffset] [-sessionless] [-trofsPersistence] [-connfailover] [-cacheable] [-soMethod] [-soPersistence] [-soPersistenceTimeOut] [-healthThreshold] [-soBackupAction] [-redirectPortRewrite] [-downStateFlush] [-insertVserverIPPort] [-vipHeader] [-disablePrimaryOnDown] [-push] [-pushMultiClients] [-Listenpolicy] [-Listenpriority] [-comment] [-oracleServerVersion] [-mssqlServerVersion] [-RHIstate] [-newServiceRequest] [-newServiceRequestUnit] [-newServiceRequestIncrementInterval] [-persistAVPno] [-RecursionAvailable] [-retainConnectionsOnCluster] [-probeSuccessResponseCode] [-toggleorder] [-orderthreshold]

Example

unset lb vserver lb_vip -backupVServer To unset the backup virtual server for multiple vservers use the following command: unset lb vserver lb_vip[1-3] -backupVServer

stat lb vserver

Displays the statistical data collected for a load balancing virtual server.

Synopsis

stat lb vserver [] \[-detail] \[-fullValues] \[-ntimes <positive\_integer>] \[-logFile <input\_filename>] \[-clearstats \( basic | full )] \[-sortBy \( Hits | CPU-PM ) \[]]

Arguments

name Name of the virtual server. If no name is provided, statistical data of all configured virtual servers is displayed.

detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0

logFile The name of the log file to be used as input.

clearstats Clear the statsistics / counters

Possible values: basic, full

sortBy use this argument to sort by specific key

Possible values: Hits, CPU-PM

sortOrder use this argument to specify sort order

Possible values: ascending, descending Default value: SORT_DESCENDING

Output

count devno stateflag

Counters

Average client TTLB (cltTTLB) Average TTLB between the client and the server. TTLB is the time interval between sending the request packet to a service and receiving the ACK for response from client.

Apdex for client response times. (cltResponseTimeApdex) Vserver APDEX index based on client response times.

Requests in vserver’s surgeQ (vSurgeQ) Number of requests waiting on this vserver.

Current Client Est connections (ClntEstConn) Number of client connections in ESTABLISHED state.

Number of Bytes processed by ADS Service Total IP payload sent and received

total INACTIVE services (inactSvcs) number of INACTIVE services bound to a vserver

Vserver Health (Health) Health of the vserver. This gives percentage of UP services bound to this vserver.

Vserver IP address (vsvrIP) IP address of the vserver

Port (port) The port on which the service is running.

Vserver protocol (Protocol) Protocol associated with the vserver

State Current state of the server. There are seven possible values: UP(7), DOWN(1), UNKNOWN(2), BUSY(3), OFS(Out of Service)(4), TROFS(Transition Out of Service)(5), TROFS_DOWN(Down When going Out of Service)(8)

total ACTIVE services (actSvcs) number of ACTIVE services bound to a vserver

CPU Use(per-mille) (CPU-PM) Vserver CPU usage in per-mille(parts per thousand)

Vserver hits (Hits) Total vserver hits

Requests (Req) Total number of requests received on this service or virtual server. (This applies to HTTP/SSL services and servers.)

Responses (Rsp) Number of responses received on this service or virtual server. (This applies to HTTP/SSL services and servers.)

Request bytes (Reqb) Total number of request bytes received on this service or virtual server.

Response bytes (Rspb) Number of response bytes received by this service or virtual server.

Http2 Requests (H2Req) Total number of Http2 requests received on this service or virtual server. (This applies to HTTP/SSL services and servers.)

Http2 Responses (H2Rsp) Number of Http2 responses received on this service or virtual server. (This applies to HTTP/SSL services and servers.)

Total Packets rcvd (PktRx) Total number of packets received by this service or virtual server.

Total Packets sent (PktTx) Total number of packets sent.

Current client connections (ClntConn) Number of current client connections.

Current server connections (SvrConn) Number of current connections to the actual servers behind the virtual server.

Current Persistence Sessions (PersistenceSessions) current vserver owned persistence sessions

Current Backup Persistence Sessions (BackupPersistenceSessions) current vserver owned backup persistence sessions

Requests in surge queue (SurgeQ) Number of requests in the surge queue.

Requests in service’s surgeQs (SvcSurgeQ) Total number of requests in the surge queues of all the services bound to this LB-vserver.

Spill Over Threshold (SOThresh) Spill Over Threshold set on the VServer.

Spill Over Hits (NumSo ) Number of times vserver experienced spill over.

Labeled Connection (LblConn) Number of Labeled connection on this vserver

Push Labeled Connection (PushLbl) Number of labels for this push vserver.

Deferred Request (DefReq) Number of deferred request on this vserver

Invalid Request/Response (IvldReqRsp) Number invalid requests/responses on this vserver

Invalid Request/Response Dropped (IvldReqRspDrp) Number invalid requests/responses dropped on this vserver

Vserver Down Backup Hits (VserverDownBackupHits ) Number of times traffic was diverted to backup vserver since primary vserver was DOWN.

Current Multipath TCP sessions (MptcpSess) Current Multipath TCP sessions

Current Multipath TCP subflows (subflowConn) Current Multipath TCP subflows

No of TCPConn ReasmQ 75% reached (ReassQ75) Total no of connections with 75% TCP reassembly queue

No of TCPConn ReasmQ Flushed (ReassQFlush) Total no of connections incurred TCP reassembly queue flush

No of Server Busy Error (totalSvrBusyErr) Total no of server busy error

Request retry count (RequestRetryCount) Number of times request has been retried due to server failure.

Maximum retry count exceeded (RequestRetryCountExceeded) Number of times Maximum retry count threshold is exceeded and error returned to client.

No of http max header size packet parsing failures (httpMaxHdrSzPkts) Number of http max header size packet parsing failures

Number of HTTP requests exceeding max header field length (httpMaxHdrFldLenPkts) Number of HTTP requests exceeding max header field length

max ooo packets threshold hits (tcpMaxoooPkts) No of times max out of order packets reached

Total transactions for Client TTLB (totCltTTLBTransactions) Total transactions where client TTLB is calculated.

Tolerating TTLB Transactions (toleratingTTLBTransactions) Tolerable transactions based on APDEX threshold (>T && <4T).

Frustrating TTLB Transactions (frustratingTTLBTransactions) Frustrating transactions based on APDEX threshold (>4T).

Current Server Est connections (SvrEstConn) Number of server connections in ESTABLISHED state.

lb-vserver