ADC CLI Commands

lb-profile

The following operations can be performed on “lb-profile”:

show set add unset rm

show lb profile

Displays the list of lb profile/s in the device

Synopsis

show lb profile []

Arguments

lbprofilename Name of the LB profile.

Output

dbsLb Enable database specific load balancing for MySQL and MSSQL service types.

processLocal By turning on this option packets destined to a vserver in a cluster will not under go any steering. Turn this option for single pa cket request response mode or when the upstream device is performing a proper RSS for connection based distribution.

httpOnlyCookieFlag Include the HttpOnly attribute in persistence cookies. The HttpOnly attribute limits the scope of a cookie to HTTP requests and helps mitigate the risk of cross-site scripting attacks.

cookiePassphrase Use this parameter to specify the passphrase used to generate secured persistence cookie value. It specifies the passphrase with a maximum of 31 characters.

useSecuredPersistenceCookie Encode persistence cookie values using SHA2 hash.

useEncryptedPersistenceCookie Encode persistence cookie values using SHA2 hash.

vsvrcount Total number of vservers , the profile is bound to

stateflag Flags controlling the display.

LiteralADCCookieAttribute String configured as LiteralADCCookieAttribute will be appended as attribute for Citrix ADC cookie (for example: LB cookie persistence , GSLB site persistence, CS cookie persistence, LB group cookie persistence).

Sample usage - add lb profile lbprof -LiteralADCCookieAttribute “;SameSite=None”

ComputedADCCookieAttribute ComputedADCCookieAttribute accepts ns variable as input in form of string starting with $ (to understand how to configure ns variable, please check man add ns variable). policies can be configured to modify this variable for every transaction and the final value of the variable after policy evaluation will be appended as attribute to Citrix ADC cookie (for example: LB cookie persistence , GSLB sitepersistence, CS cookie persistence, LB group cookie persistence). Only one of ComputedADCCookieAttribute, LiteralADCCookieAttribute can be set.

Sample usage - add ns variable lbvar -type TEXT(100) -scope Transaction add ns assignment lbassign -variable $lbvar -set “\“;SameSite=Strict\”” add rewrite policy lbpol lbassign bind rewrite global lbpol 100 next -type RES_OVERRIDE add lb profile lbprof -ComputedADCCookieAttribute "$lbvar" For incoming client request, if above policy evaluates TRUE, then SameSite=Strict will be appended to ADC generated cookie

ADCCookieAttributeWarningMsg Used to describe any configuration issue with respect to ns variable configured as part of add/set lb profile

storeMqttClientidAndUsername This option allows to store the MQTT clientid and username in transactional logs

lbHashAlgoWinSize This options allows to increase window size used in LB hashing algorithm(DEFAULT).

lbHashAlgorithm This option dictates the hashing algorithm used for hash based LB methods (URLHASH, DOMAINHASH, SOURCEIPHASH, DESTINATIONIPHASH, SRCIPDESTIPHASH, SRCIPSRCPORTHASH, TOKEN, USER_TOKEN, CALLIDHASH).

lbHashFingers This option is used to specify the number of fingers to be used in PRAC and JARH algorithms for hash based LB methods. Increasing the number of fingers might give better distribution of traffic at the expense of additional memory.

proximityFromSelf Use the ADC location instead of client IP for static proximity LB or GSLB decision.

devno count

set lb profile

Modify the specific parameters of LB profile.

Synopsis

set lb profile \[-dbsLb \( ENABLED | DISABLED )] \[-processLocal \( ENABLED | DISABLED )] \[-httpOnlyCookieFlag \( ENABLED | DISABLED )] \[-cookiePassphrase ] \[-useEncryptedPersistenceCookie \( ENABLED | DISABLED )] \[-LiteralADCCookieAttribute | -ComputedADCCookieAttribute ] \[-storeMqttClientidAndUsername \( YES | NO )] \[-lbHashAlgorithm ] \[-lbHashFingers <positive\_integer>] \[-proximityFromSelf \( YES | NO )]

Arguments

lbprofilename Name of the LB profile.

dbsLb Enable database specific load balancing for MySQL and MSSQL service types.

Possible values: ENABLED, DISABLED Default value: DISABLED

processLocal By turning on this option packets destined to a vserver in a cluster will not under go any steering. Turn this option for single pa cket request response mode or when the upstream device is performing a proper RSS for connection based distribution.

Possible values: ENABLED, DISABLED Default value: DISABLED

httpOnlyCookieFlag Include the HttpOnly attribute in persistence cookies. The HttpOnly attribute limits the scope of a cookie to HTTP requests and helps mitigate the risk of cross-site scripting attacks.

Possible values: ENABLED, DISABLED Default value: ENABLED

cookiePassphrase Use this parameter to specify the passphrase used to generate secured persistence cookie value. It specifies the passphrase with a maximum of 31 characters.

useEncryptedPersistenceCookie Encode persistence cookie values using SHA2 hash.

Possible values: ENABLED, DISABLED Default value: DISABLED

LiteralADCCookieAttribute String configured as LiteralADCCookieAttribute will be appended as attribute for Citrix ADC cookie (for example: LB cookie persistence , GSLB site persistence, CS cookie persistence, LB group cookie persistence).

Sample usage - add lb profile lbprof -LiteralADCCookieAttribute “;SameSite=None”

ComputedADCCookieAttribute ComputedADCCookieAttribute accepts ns variable as input in form of string starting with $ (to understand how to configure ns variable, please check man add ns variable). policies can be configured to modify this variable for every transaction and the final value of the variable after policy evaluation will be appended as attribute to Citrix ADC cookie (for example: LB cookie persistence , GSLB sitepersistence, CS cookie persistence, LB group cookie persistence). Only one of ComputedADCCookieAttribute, LiteralADCCookieAttribute can be set.

Sample usage - add ns variable lbvar -type TEXT(100) -scope Transaction add ns assignment lbassign -variable $lbvar -set “\“;SameSite=Strict\”” add rewrite policy lbpol lbassign bind rewrite global lbpol 100 next -type RES_OVERRIDE add lb profile lbprof -ComputedADCCookieAttribute "$lbvar" For incoming client request, if above policy evaluates TRUE, then SameSite=Strict will be appended to ADC generated cookie

storeMqttClientidAndUsername This option allows to store the MQTT clientid and username in transactional logs

Possible values: YES, NO Default value: NO

lbHashAlgorithm This option dictates the hashing algorithm used for hash based LB methods (URLHASH, DOMAINHASH, SOURCEIPHASH, DESTINATIONIPHASH, SRCIPDESTIPHASH, SRCIPSRCPORTHASH, TOKEN, USER_TOKEN, CALLIDHASH).

Possible values: DEFAULT, PRAC, JARH Default value: DEFAULT

lbHashFingers This option is used to specify the number of fingers to be used in PRAC and JARH algorithms for hash based LB methods. Increasing the number of fingers might give better distribution of traffic at the expense of additional memory. Default value: 256 Minimum value: 1 Maximum value: 1024

proximityFromSelf Use the ADC location instead of client IP for static proximity LB or GSLB decision.

Possible values: YES, NO Default value: NO

add lb profile

Creates a LB profile.

Synopsis

add lb profile \[-dbsLb \( ENABLED | DISABLED )] \[-processLocal \( ENABLED | DISABLED )] \[-httpOnlyCookieFlag \( ENABLED | DISABLED )] \[-cookiePassphrase ] \[-useEncryptedPersistenceCookie \( ENABLED | DISABLED )] \[-LiteralADCCookieAttribute | -ComputedADCCookieAttribute ] \[-storeMqttClientidAndUsername \( YES | NO )] \[-lbHashAlgorithm ] \[-lbHashFingers <positive\_integer>] \[-proximityFromSelf \( YES | NO )]

Arguments

lbprofilename Name of the LB profile.

dbsLb Enable database specific load balancing for MySQL and MSSQL service types.

Possible values: ENABLED, DISABLED Default value: DISABLED

processLocal By turning on this option packets destined to a vserver in a cluster will not under go any steering. Turn this option for single pa cket request response mode or when the upstream device is performing a proper RSS for connection based distribution.

Possible values: ENABLED, DISABLED Default value: DISABLED

httpOnlyCookieFlag Include the HttpOnly attribute in persistence cookies. The HttpOnly attribute limits the scope of a cookie to HTTP requests and helps mitigate the risk of cross-site scripting attacks.

Possible values: ENABLED, DISABLED Default value: ENABLED

cookiePassphrase Use this parameter to specify the passphrase used to generate secured persistence cookie value. It specifies the passphrase with a maximum of 31 characters.

useEncryptedPersistenceCookie Encode persistence cookie values using SHA2 hash.

Possible values: ENABLED, DISABLED Default value: DISABLED

LiteralADCCookieAttribute String configured as LiteralADCCookieAttribute will be appended as attribute for Citrix ADC cookie (for example: LB cookie persistence , GSLB site persistence, CS cookie persistence, LB group cookie persistence).

Sample usage - add lb profile lbprof -LiteralADCCookieAttribute “;SameSite=None”

ComputedADCCookieAttribute ComputedADCCookieAttribute accepts ns variable as input in form of string starting with $ (to understand how to configure ns variable, please check man add ns variable). policies can be configured to modify this variable for every transaction and the final value of the variable after policy evaluation will be appended as attribute to Citrix ADC cookie (for example: LB cookie persistence , GSLB sitepersistence, CS cookie persistence, LB group cookie persistence). Only one of ComputedADCCookieAttribute, LiteralADCCookieAttribute can be set.

Sample usage - add ns variable lbvar -type TEXT(100) -scope Transaction add ns assignment lbassign -variable $lbvar -set “\“;SameSite=Strict\”” add rewrite policy lbpol lbassign bind rewrite global lbpol 100 next -type RES_OVERRIDE add lb profile lbprof -ComputedADCCookieAttribute "$lbvar" For incoming client request, if above policy evaluates TRUE, then SameSite=Strict will be appended to ADC generated cookie

storeMqttClientidAndUsername This option allows to store the MQTT clientid and username in transactional logs

Possible values: YES, NO Default value: NO

lbHashAlgorithm This option dictates the hashing algorithm used for hash based LB methods (URLHASH, DOMAINHASH, SOURCEIPHASH, DESTINATIONIPHASH, SRCIPDESTIPHASH, SRCIPSRCPORTHASH, TOKEN, USER_TOKEN, CALLIDHASH).

Possible values: DEFAULT, PRAC, JARH Default value: DEFAULT

lbHashFingers This option is used to specify the number of fingers to be used in PRAC and JARH algorithms for hash based LB methods. Increasing the number of fingers might give better distribution of traffic at the expense of additional memory. Default value: 256 Minimum value: 1 Maximum value: 1024

proximityFromSelf Use the ADC location instead of client IP for static proximity LB or GSLB decision.

Possible values: YES, NO Default value: NO

unset lb profile

Use this command to remove lb profile settings.Refer to the set lb profile command for meanings of the arguments.

Synopsis

unset lb profile [-dbsLb] [-processLocal] [-httpOnlyCookieFlag] [-cookiePassphrase] [-useEncryptedPersistenceCookie] [-LiteralADCCookieAttribute] [-ComputedADCCookieAttribute] [-storeMqttClientidAndUsername] [-lbHashAlgorithm] [-lbHashFingers] [-proximityFromSelf]

rm lb profile

Removes a LB profile from the device.

Synopsis

rm lb profile

Arguments

lbprofilename Name of the LB profile.

lb-profile