name Name of the content switching virtual server for which to display statistics. To display statistics for all configured Content Switching virtual servers, do not specify a value for this parameter.

detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0

logFile The name of the log file to be used as input.

clearstats Clear the statsistics / counters

Possible values: basic, full

Output

count devno stateflag

Counters

Average client TTLB (cltTTLB) Average TTLB between the client and the server. TTLB is the time interval between sending the request packet to a service and receiving the ACK for response from client.

Apdex for client response times. (cltResponseTimeApdex) Vserver APDEX index based on client response times.

Current Client Est connections (ClntEstConn) Number of client connections in ESTABLISHED state.

IP address (IP) The IP address on which the service is running.

Port (port) The port on which the service is running.

Vserver protocol (Protocol) Protocol associated with the vserver

State Current state of the server. There are seven possible values: UP(7), DOWN(1), UNKNOWN(2), BUSY(3), OFS(Out of Service)(4), TROFS(Transition Out of Service)(5), TROFS_DOWN(Down When going Out of Service)(8)

Vserver hits (Hits) Total vserver hits

Requests (Req) Total number of requests received on this service or virtual server. (This applies to HTTP/SSL services and servers.)

Responses (Rsp) Number of responses received on this service or virtual server. (This applies to HTTP/SSL services and servers.)

Request bytes (Reqb) Total number of request bytes received on this service or virtual server.

Response bytes (Rspb) Number of response bytes received by this service or virtual server.

Total Packets rcvd (PktRx) Total number of packets received by this service or virtual server.

Total Packets sent (PktTx) Total number of packets sent.

Current client connections (ClntConn) Number of current client connections.

Current server connections (SvrConn) Number of current connections to the actual servers behind the virtual server.

Spill Over Threshold (SOThresh) Spill Over Threshold set on the VServer.

Spill Over Hits (NumSo ) Number of times vserver experienced spill over.

Labeled Connection (LblConn) Number of Labeled connection on this vserver

Push Labeled Connection (PushLbl) Number of labels for this push vserver.

Deferred Request (DefReq) Number of deferred request on this vserver

Invalid Request/Response (IvldReqRsp) Number invalid requests/responses on this vserver

Invalid Request/Response Dropped (IvldReqRspDrp) Number invalid requests/responses dropped on this vserver

Vserver Down Backup Hits (VserverDownBackupHits ) Number of times traffic was diverted to backup vserver since primary vserver was DOWN.

Current Multipath TCP sessions (MptcpSess) Current Multipath TCP sessions

Current Multipath TCP subflows (subflowConn) Current Multipath TCP subflows

Total transactions for Client TTLB (totCltTTLBTransactions) Total transactions where client TTLB is calculated.

Tolerating TTLB Transactions (toleratingTTLBTransactions) Tolerable transactions based on APDEX threshold (>T && <4T).

Frustrating TTLB Transactions (frustratingTTLBTransactions) Frustrating transactions based on APDEX threshold (>4T).

Current Server Est connections (SvrEstConn) Number of server connections in ESTABLISHED state.

unset cs vserver

Unset the parameters of a content switching virtual server..Refer to the set cs vserver command for meanings of the arguments.

Synopsis

unset cs vserver [-caseSensitive] [-backupVServer] [-cltTimeout] [-redirectURL] [-authn401] [-Authentication] [-AuthenticationHost] [-authnVsName] [-pushVserver] [-pushLabel] [-tcpProfileName] [-httpProfileName] [-dbProfileName] [-l2Conn] [-mysqlProtocolVersion] [-mysqlServerVersion] [-mysqlCharacterSet] [-mysqlServerCapabilities] [-appflowLog] [-netProfile] [-icmpVsrResponse] [-authnProfile] [-dnsProfileName] [-ipset] [-stateupdate] [-precedence] [-cacheable] [-soMethod] [-soPersistence] [-soPersistenceTimeOut] [-soBackupAction] [-redirectPortRewrite] [-downStateFlush] [-disablePrimaryOnDown] [-insertVserverIPPort] [-vipHeader] [-rtspNat] [-Listenpolicy] [-Listenpriority] [-push] [-pushMultiClients] [-comment] [-mssqlServerVersion] [-oracleServerVersion] [-RHIstate] [-dnsRecordType] [-persistenceId]

show cs policy

add cs vserver

Creates a content switching virtual server.

Synopsis

add cs vserver \[-td <positive\_integer>] \(\( \[-range <positive\_integer>] \[-ipset ]) | -targetType GSLB | \(-IPPattern -IPMask )) \[-dnsRecordType ] \[-persistenceId <positive\_integer>] \[-state \( ENABLED | DISABLED )] \[-stateupdate \( ENABLED | DISABLED )] \[-cacheable \( YES | NO )] \[-redirectURL ] \[-cltTimeout ] \[-precedence \( RULE | URL )] \[-caseSensitive \( ON | OFF )] \[-soMethod ] \[-soPersistence \( ENABLED | DISABLED )] \[-soPersistenceTimeOut <positive\_integer>] \[-soThreshold <positive\_integer>] \[-soBackupAction ] \[-redirectPortRewrite \( ENABLED | DISABLED )] \[-downStateFlush \( ENABLED | DISABLED )] \[-backupVServer ] \[-disablePrimaryOnDown \( ENABLED | DISABLED )] \[-insertVserverIPPort \[] ] \[-rtspNat \( ON | OFF )] \[-AuthenticationHost ] \[-Authentication \( ON | OFF )] \[-Listenpolicy \[-Listenpriority <positive\_integer>]] \[-authn401 \( ON | OFF )] \[-authnVsName ] \[-push \( ENABLED | DISABLED )] \[-pushVserver ] \[-pushLabel ] \[-pushMultiClients \( YES | NO )] \[-tcpProfileName ] \[-httpProfileName ] \[-dbProfileName ] \[-oracleServerVersion \( 10G | 11G )] \[-comment ] \[-mssqlServerVersion ] \[-l2Conn \( ON | OFF )] \[-mysqlProtocolVersion <positive\_integer>] \[-mysqlServerVersion ] \[-mysqlCharacterSet <positive\_integer>] \[-mysqlServerCapabilities <positive\_integer>] \[-appflowLog \( ENABLED | DISABLED )] \[-netProfile ] \[-icmpVsrResponse \( PASSIVE | ACTIVE )] \[-RHIstate \( PASSIVE | ACTIVE )] \[-authnProfile ] \[-dnsProfileName ]

Arguments

name Name for the content switching virtual server. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at sign (@), equal sign (=), and hyphen (-) characters. Cannot be changed after the CS virtual server is created. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, my server or my server).

td Integer value that uniquely identifies the traffic domain in which you want to configure the entity. If you do not specify an ID, the entity becomes part of the default traffic domain, which has an ID of 0. Minimum value: 0 Maximum value: 4094

serviceType Protocol used by the virtual server.

Possible values: HTTP, SSL, TCP, FTP, RTSP, SSL_TCP, UDP, DNS, SIP_UDP, SIP_TCP, SIP_SSL, ANY, RADIUS, RDP, MYSQL, MSSQL, DIAMETER, SSL_DIAMETER, DNS_TCP, ORACLE, SMPP, PROXY

IPAddress IP address of the content switching virtual server.

targetType Virtual server target type.

Possible values: GSLB Default value: VAL_NOT_SET

dnsRecordType persistenceId IPPattern IP address pattern, in dotted decimal notation, for identifying packets to be accepted by the virtual server. The IP Mask parameter specifies which part of the destination IP address is matched against the pattern. Mutually exclusive with the IP Address parameter. For example, if the IP pattern assigned to the virtual server is 198.51.100.0 and the IP mask is 255.255.240.0 (a forward mask), the first 20 bits in the destination IP addresses are matched with the first 20 bits in the pattern. The virtual server accepts requests with IP addresses that range from 198.51.96.1 to 198.51.111.254. You can also use a pattern such as 0.0.2.2 and a mask such as 0.0.255.255 (a reverse mask). If a destination IP address matches more than one IP pattern, the pattern with the longest match is selected, and the associated virtual server processes the request. For example, if the virtual servers, vs1 and vs2, have the same IP pattern, 0.0.100.128, but different IP masks of 0.0.255.255 and 0.0.224.255, a destination IP address of 198.51.100.128 has the longest match with the IP pattern of vs1. If a destination IP address matches two or more virtual servers to the same extent, the request is processed by the virtual server whose port number matches the port number in the request.

IPMask IP mask, in dotted decimal notation, for the IP Pattern parameter. Can have leading or trailing non-zero octets (for example, 255.255.240.0 or 0.0.255.255). Accordingly, the mask specifies whether the first n bits or the last n bits of the destination IP address in a client request are to be matched with the corresponding bits in the IP pattern. The former is called a forward mask. The latter is called a reverse mask.

range Number of consecutive IP addresses, starting with the address specified by the IP Address parameter, to include in a range of addresses assigned to this virtual server. Default value: 1 Minimum value: 1 Maximum value: 254

port Port number for content switching virtual server. Minimum value: 1

ipset The list of IPv4/IPv6 addresses bound to ipset would form a part of listening service on the current cs vserver

state Initial state of the load balancing virtual server.

Possible values: ENABLED, DISABLED Default value: ENABLED

stateupdate Enable state updates for a specific content switching virtual server. By default, the Content Switching virtual server is always UP, regardless of the state of the Load Balancing virtual servers bound to it. This parameter interacts with the global setting as follows: Global Level | Vserver Level | Result ENABLED ENABLED ENABLED ENABLED DISABLED ENABLED DISABLED ENABLED ENABLED DISABLED DISABLED DISABLED If you want to enable state updates for only some content switching virtual servers, be sure to disable the state update parameter.

Possible values: ENABLED, DISABLED Default value: DISABLED

cacheable Use this option to specify whether a virtual server, used for load balancing or content switching, routes requests to the cache redirection virtual server before sending it to the configured servers.

Possible values: YES, NO Default value: NO

redirectURL URL to which traffic is redirected if the virtual server becomes unavailable. The service type of the virtual server should be either HTTP or SSL. Caution: Make sure that the domain in the URL does not match the domain specified for a content switching policy. If it does, requests are continuously redirected to the unavailable virtual server.

cltTimeout Idle time, in seconds, after which the client connection is terminated. The default values are: 180 seconds for HTTP/SSL-based services. 9000 seconds for other TCP-based services. 120 seconds for DNS-based services. 120 seconds for other UDP-based services. Default value: -1 Maximum value: 31536000

precedence Type of precedence to use for both RULE-based and URL-based policies on the content switching virtual server. With the default (RULE) setting, incoming requests are evaluated against the rule-based content switching policies. If none of the rules match, the URL in the request is evaluated against the URL-based content switching policies.

Possible values: RULE, URL Default value: RULE

caseSensitive Consider case in URLs (for policies that use URLs instead of RULES). For example, with the ON setting, the URLs /a/1.html and /A/1.HTML are treated differently and can have different targets (set by content switching policies). With the OFF setting, /a/1.html and /A/1.HTML are switched to the same target.

Possible values: ON, OFF Default value: ON

soMethod Type of spillover used to divert traffic to the backup virtual server when the primary virtual server reaches the spillover threshold. Connection spillover is based on the number of connections. Bandwidth spillover is based on the total Kbps of incoming and outgoing traffic.

Possible values: CONNECTION, DYNAMICCONNECTION, BANDWIDTH, HEALTH, NONE

soPersistence Maintain source-IP based persistence on primary and backup virtual servers.

Possible values: ENABLED, DISABLED Default value: DISABLED

soPersistenceTimeOut Time-out value, in minutes, for spillover persistence. Default value: 2 Minimum value: 2 Maximum value: 1440

soThreshold Depending on the spillover method, the maximum number of connections or the maximum total bandwidth (Kbps) that a virtual server can handle before spillover occurs. Minimum value: 1 Maximum value: 4294967287

soBackupAction Action to be performed if spillover is to take effect, but no backup chain to spillover is usable or exists

Possible values: DROP, ACCEPT, REDIRECT

redirectPortRewrite State of port rewrite while performing HTTP redirect.

Possible values: ENABLED, DISABLED Default value: DISABLED

downStateFlush Flush all active transactions associated with a virtual server whose state transitions from UP to DOWN. Do not enable this option for applications that must complete their transactions.

Possible values: ENABLED, DISABLED Default value: ENABLED

backupVServer Name of the backup virtual server that you are configuring. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at sign (@), equal sign (=), and hyphen (-) characters. Can be changed after the backup virtual server is created. You can assign a different backup virtual server or rename the existing virtual server. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks.

disablePrimaryOnDown Continue forwarding the traffic to backup virtual server even after the primary server comes UP from the DOWN state.

Possible values: ENABLED, DISABLED Default value: DISABLED

insertVserverIPPort Insert the virtual server’s VIP address and port number in the request header. Available values function as follows: VIPADDR - Header contains the vserver’s IP address and port number without any translation. OFF - The virtual IP and port header insertion option is disabled. V6TOV4MAPPING - Header contains the mapped IPv4 address corresponding to the IPv6 address of the vserver and the port number. An IPv6 address can be mapped to a user-specified IPv4 address using the set ns ip6 command.

Possible values: OFF, VIPADDR, V6TOV4MAPPING

vipHeader Name of virtual server IP and port header, for use with the VServer IP Port Insertion parameter.

rtspNat Enable network address translation (NAT) for real-time streaming protocol (RTSP) connections.

Possible values: ON, OFF Default value: OFF

AuthenticationHost FQDN of the authentication virtual server. The service type of the virtual server should be either HTTP or SSL.

Authentication Authenticate users who request a connection to the content switching virtual server.

Possible values: ON, OFF Default value: OFF

Listenpolicy String specifying the listen policy for the content switching virtual server. Can be either the name of an existing expression or an in-line expression. Default value: “NONE”

Listenpriority Integer specifying the priority of the listen policy. A higher number specifies a lower priority. If a request matches the listen policies of more than one virtual server the virtual server whose listen policy has the highest priority (the lowest priority number) accepts the request. Default value: 101 Minimum value: 0 Maximum value: 100

authn401 Enable HTTP 401-response based authentication.

Possible values: ON, OFF Default value: OFF

authnVsName Name of authentication virtual server that authenticates the incoming user requests to this content switching virtual server.

push Process traffic with the push virtual server that is bound to this content switching virtual server (specified by the Push VServer parameter). The service type of the push virtual server should be either HTTP or SSL.

Possible values: ENABLED, DISABLED Default value: DISABLED

pushVserver Name of the load balancing virtual server, of type PUSH or SSL_PUSH, to which the server pushes updates received on the client-facing load balancing virtual server.

pushLabel Expression for extracting the label from the response received from server. This string can be either an existing rule name or an inline expression. The service type of the virtual server should be either HTTP or SSL. Default value: “none”

pushMultiClients Allow multiple Web 2.0 connections from the same client to connect to the virtual server and expect updates.

Possible values: YES, NO Default value: NO

tcpProfileName Name of the TCP profile containing TCP configuration settings for the virtual server.

httpProfileName Name of the HTTP profile containing HTTP configuration settings for the virtual server. The service type of the virtual server should be either HTTP or SSL.

dbProfileName Name of the DB profile.

oracleServerVersion Oracle server version

Possible values: 10G, 11G Default value: 10G

comment Information about this virtual server.

mssqlServerVersion The version of the MSSQL server

Possible values: 70, 2000, 2000SP1, 2005, 2008, 2008R2, 2012, 2014 Default value: 2008R2

l2Conn Use L2 Parameters to identify a connection

Possible values: ON, OFF

mysqlProtocolVersion The protocol version returned by the mysql vserver. Default value: 10 Minimum value: 0

mysqlServerVersion The server version string returned by the mysql vserver. Default value: NSA_MYSQL_SERVER_VER_DEFAULT

mysqlCharacterSet The character set returned by the mysql vserver. Default value: 8 Minimum value: 0

mysqlServerCapabilities The server capabilities returned by the mysql vserver. Default value: 41613 Minimum value: 0

appflowLog Enable logging appflow flow information

Possible values: ENABLED, DISABLED Default value: ENABLED

netProfile The name of the network profile.

icmpVsrResponse Can be active or passive

Possible values: PASSIVE, ACTIVE Default value: PASSIVE

RHIstate A host route is injected according to the setting on the virtual servers * If set to PASSIVE on all the virtual servers that share the IP address, the appliance always injects the hostroute. * If set to ACTIVE on all the virtual servers that share the IP address, the appliance injects even if one virtual server is UP. * If set to ACTIVE on some virtual servers and PASSIVE on the others, the appliance, injects even if one virtual server set to ACTIVE is UP.

Possible values: PASSIVE, ACTIVE Default value: PASSIVE

authnProfile Name of the authentication profile to be used when authentication is turned on.

dnsProfileName Name of the DNS profile to be associated with the VServer. DNS profile properties will applied to the transactions processed by a VServer. This parameter is valid only for DNS and DNS-TCP VServers.

Example

1.You can use precedence when certain client attributes (e.g., browser type) require to be served with different content. All other clients can then be served from content distributed among the servers. If the precedence is configured as URL, the incoming request URL is evaluated against the content switching policies created with the -url argument. If none of the policies match, the request is applied against the content any switching policies created with the -rule argument. 2.Precedence can also be used when certain content (such as images) is the same for all clients, but other content (such as text) is different for different clients. In this case, the images will be served to all clients, but the text will be served to specific clients based on attributes such as Accept-Language.

add cs policy

enable cs vserver

Enables a content switching virtual server.

Synopsis

enable cs vserver @

Arguments

name Name of the content switching virtual server to enable. Note: Virtual servers, when added, are enabled by default.

Example

enable vserver cs_vip

rm cs vserver

Removes a content switching virtual server.

Synopsis

rm cs vserver @ ...

Arguments

name Name of the virtual server to be removed.

Example

rm vserver cs_vip

show cs vserver

Displays all existing content switching virtual servers, or just the specified virtual server.

Synopsis

show cs vserver [] show cs vserver stats - alias for 'stat cs vserver'

Arguments

name Name of a content switching virtual server for which to display information, including the policies bound to the virtual server. To display a list of all configured Content Switching virtual servers, do not specify a value for this parameter.

Output

insertVserverIPPort The virtual IP and port header insertion option for the vserver.

vipHeader The name of virtual IP and port header.

IPAddress The IP address of the virtual server.

IPAddress IP address of the content switching virtual server.

IPPattern The IP address of the virtual server.

IPMask The IP address mask of the virtual server.

stateflag value The ssl card status for the transparent ssl cs vserver.

port Port number for content switching virtual server.

ipset The list of IPv4/IPv6 addresses bound to ipset would form a part of listening service on the current cs vserver

range Number of consecutive IP addresses, starting with the address specified by the IP Address parameter, to include in a range of addresses assigned to this virtual server.

serviceType Protocol used by the virtual server.

ngname Nodegroup devno to which this csvserver belongs to

type Virtual server type.

vsvrcfgflags Contains the config info of vserver to be used at validation

state The state of the cs vserver.

sc The state of SureConnect the specified virtual server.

status Status.

cacheType Cache type.

redirect Redirect URL string.

redirectURL The redirect URL for content switching.

Authentication Authentication.

authn401 HTTP 401 response based authentication.

authnVsName Name of authentication virtual server that authenticates the incoming user requests to this content switching virtual server.

homePage Home page.

dnsVserverName DNS vserver name.

domain Domain.

rule Rule.

policyName Policies bound to this vserver.

hits Number of hits.

piPolicyhits Number of hits.

serviceName Service name.

weight Weight for this service.

cacheVserver Cache vserver name.

targetVserver target vserver name.

priority Priority for the policy.

Listenpolicy The string is listenpolicy configured for lb vserver

Listenpriority This parameter is the priority for listen policy of LB Vserver.

soPersistence Maintain source-IP based persistence on primary and backup virtual servers.

soPersistenceTimeOut Time-out value, in minutes, for spillover persistence.

soThreshold Depending on the spillover method, the maximum number of connections or the maximum total bandwidth (Kbps) that a virtual server can handle before spillover occurs.

soBackupAction Action to be performed if spillover is to take effect, but no backup chain to spillover is usable or exists

cacheable The state of caching.

url URL string.

gotoPriorityExpression Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

redirectPortRewrite Redirect port rewrite.

disablePrimaryOnDown Tells whether traffic will continue reaching backup vservers even after primary comes UP from DOWN state.

type The bindpoint to which the policy is bound

invoke Invoke flag.

labelType The invocation type.

labelName Name of the label invoked.

gt2GB This argument has no effect.

stateChangeTimeSec Time when last state change happened. Seconds part.

stateChangeTimemSec Time at which last state change happened. Milliseconds part.

ticksSinceLastStateChange Time in 10 millisecond ticks since the last state change.

rtspNat Enable network address translation (NAT) for real-time streaming protocol (RTSP) connections.

AuthenticationHost FQDN of the authentication virtual server. The service type of the virtual server should be either HTTP or SSL.

pushVserver Name of the load balancing virtual server, of type PUSH or SSL_PUSH, to which the server pushes updates received on the client-facing load balancing virtual server.

pushMultiClients Allow multiple Web 2.0 connections from the same client to connect to the virtual server and expect updates.

tcpProfileName Name of the TCP profile containing TCP configuration settings for the virtual server.

httpProfileName Name of the HTTP profile containing HTTP configuration settings for the virtual server. The service type of the virtual server should be either HTTP or SSL.

dbProfileName Name of the DB profile.

comment Information about this virtual server.

appfwPolicyFlag flags policySubType oracleServerVersion Oracle server version

mssqlServerVersion The version of the MSSQL server

l2Conn Use L2 Parameters to identify a connection

ruleType Rule type.

mysqlProtocolVersion The protocol version returned by the mysql vserver.

mysqlServerVersion The server version string returned by the mysql vserver.

mysqlCharacterSet The character set returned by the mysql vserver.

mysqlServerCapabilities The server capabilities returned by the mysql vserver.

appflowLog Enable logging appflow flow information

netProfile The name of the network profile.

state Initial state of the load balancing virtual server.

icmpVsrResponse Can be active or passive

lbvserver Name of the default lb vserver bound. Use this param for Default binding only. For Example: bind cs vserver cs1 -lbvserver lb1

vServer Name of the default gslb or vpn vserver bound to CS vserver of type GSLB/VPN. For Example: bind cs vserver cs1 -vserver gslb1 or bind cs vserver cs1 -vserver vpn1

targetLBVserver target vserver name.

contentVsvrFlag authnProfile Name of the authentication profile to be used when authentication is turned on.

targetType Virtual server target type.

domainName Domain name for which to change the time to live (TTL) and/or backup service IP address.

TTL backupIP cookieDomain cookieTimeout sitedomainTTL dnsRecordType persistenceId analyticsProfile Name of the analytics profile bound to the LB vserver.

noDefaultBindings to determine if the configuration will have default ssl CIPHER and ECC curve bindings

devno count

show cs policy

bind cs vserver

Binds a content switching virtual server to a content switching policy.

Synopsis

bind cs vserver \(-lbvserver | -vServer | \(-policyName \[-targetLBVserver ] \[-priority <positive\_integer>] \[-gotoPriorityExpression ] \[-type ] \[-invoke \( ) ] ) | \(-domainName \[-TTL ] \[-backupIP <ip\_addr|ipv6\_addr|\*>] \[-cookieDomain ] \[-cookieTimeout ] \[-sitedomainTTL ]) | -analyticsProfile @)

Arguments

name Name of the content switching virtual server to which the content switching policy applies.

lbvserver Name of the default Load Balancing vserver bound. If for a particular content none of the Content Switching policies is evaluated to TRUE, that traffic is switched to default Load Balancing vserver. . Example: bind cs vserver cs1 -lbvserver lb1 Note: Use this parameter for default binding only.

vServer Name of the default gslb or vpn vserver bound to CS vserver of type GSLB/VPN. For Example: bind cs vserver cs1 -vserver gslb1 or bind cs vserver cs1 -vserver vpn1

policyName Name of the content switching policy to bind to the content switching virtual server Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at sign (@), equal sign (=), and hyphen (-) characters. Cannot be changed after a policy is created. To bind a content switching policy, you need a content-based virtual server (content switching virtual server) and an address-based virtual server (load balancing virtual server). You can assign multiple policies to the virtual server pair. Note: When binding a CS virtual server to a default LB virtual server, the Policy Name parameter is optional. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my policy” or ‘my policy’).

targetLBVserver Name of the Load Balancing virtual server to which the content is switched, if policy rule is evaluated to be TRUE. Example: bind cs vs cs1 -policyname pol1 -priority 101 -targetLBVserver lb1 Note: Use this parameter only in case of Content Switching policy bind operations to a CS vserver

priority Unsigned integer that determines the priority of the policy relative to other policies in this policy label (bound to the same bind point). A lower number specifies a higher priority. Priority cannot be specified if the Content Switching policy is URL based. Priority is mandatory for Advanced Content Switching Policies. The maximum value of priority for a default-syntax content switching policy is 2147483647. The maximum value for a classic content switching policy is 4294967295. Minimum value: 0

gotoPriorityExpression Expression or other value specifying the next policy to be evaluated if the current policy evaluates to TRUE. Specify one of the following values:

NEXT - Evaluate the policy with the next higher priority number.
END - End policy evaluation.
USE_INVOCATION_RESULT - Applicable if this policy invokes another policy label. If the final goto in the invoked policy label has a value of END, the evaluation stops. If the final goto is anything other than END, the current policy label performs a NEXT.
An expression that evaluates to a number. If you specify an expression, the number to which it evaluates determines the next policy to evaluate, as follows:
If the expression evaluates to a higher numbered priority, the policy with that priority is evaluated next.
If the expression evaluates to the priority of the current policy, the policy with the next higher numbered priority is evaluated next.
If the expression evaluates to a priority number that is numerically higher than the highest numbered priority, policy evaluation ends. An UNDEF event is triggered if:
The expression is invalid.
The expression evaluates to a priority number that is numerically lower than the current policy’s priority.
The expression evaluates to a priority number that is between the current policy’s priority number (say, 30) and the highest priority number (say, 100), but does not match any configured priority number (for example, the expression evaluates to the number 85). This example assumes that the priority number increments by 10 for every successive policy, and therefore a priority number of 85 does not exist in the policy label.

type For a rewrite policy, the bind point to which to bind the policy. Note: This parameter applies only to rewrite policies, because content switching policies are evaluated only at request time.

Possible values: REQUEST, RESPONSE, ICA_REQUEST, OTHERTCP_REQUEST

invoke Invoke a policy label if this policy’s rule evaluates to TRUE (valid only for default-syntax policies such as application firewall, transform, integrated cache, rewrite, responder, and content switching).

labelType Type of label to be invoked.

Possible values: reqvserver, resvserver, policylabel

labelName Name of the label to be invoked.

domainName Domain name for which to change the time to live (TTL) and/or backup service IP address.

TTL backupIP cookieDomain cookieTimeout sitedomainTTL analyticsProfile bind cs vserver -analyticsProfile .

Example

i) bind cs vserver csw-vip1 -policyname csw-policy1 -priority 13 ii) bind cs vserver csw-vip2 -policyname csw-ape-policy2 -priority 14 -gotoPriorityExpression NEXT iii) bind cs vserver csw-vip3 -policyname rewrite-policy1 -priority 17 -gotoPriorityExpression ‘HTTP.REQ.HEADER(“a”).COUNT’ -flowtype REQUEST -invoke policylabel label1

show cs policy

set cs vserver

Modifies the configuration of a content switching virtual server.

Synopsis

set cs vserver \[-IPAddress <ip\_addr|ipv6\_addr|\*>] \[-ipset ] \[-IPPattern ] \[-IPMask ] \[-stateupdate \( ENABLED | DISABLED )] \[-precedence \( RULE | URL )] \[-caseSensitive \( ON | OFF )] \[-backupVServer ] \[-redirectURL ] \[-cacheable \( YES | NO )] \[-cltTimeout ] \[-soMethod ] \[-soPersistence \( ENABLED | DISABLED )] \[-soPersistenceTimeOut <positive\_integer>] \[-soThreshold <positive\_integer>] \[-soBackupAction ] \[-redirectPortRewrite \( ENABLED | DISABLED )] \[-downStateFlush \( ENABLED | DISABLED )] \[-disablePrimaryOnDown \( ENABLED | DISABLED )] \[-insertVserverIPPort \[] ] \[-rtspNat \( ON | OFF )] \[-AuthenticationHost ] \[-Authentication \( ON | OFF )] \[-Listenpolicy ] \[-Listenpriority <positive\_integer>] \[-authn401 \( ON | OFF )] \[-authnVsName ] \[-push \( ENABLED | DISABLED )] \[-pushVserver ] \[-pushLabel ] \[-pushMultiClients \( YES | NO )] \[-tcpProfileName ] \[-httpProfileName ] \[-dbProfileName ] \[-comment ] \[-l2Conn \( ON | OFF )] \[-mssqlServerVersion ] \[-mysqlProtocolVersion <positive\_integer>] \[-oracleServerVersion \( 10G | 11G )] \[-mysqlServerVersion ] \[-mysqlCharacterSet <positive\_integer>] \[-mysqlServerCapabilities <positive\_integer>] \[-appflowLog \( ENABLED | DISABLED )] \[-netProfile ] \[-authnProfile ] \[-icmpVsrResponse \( PASSIVE | ACTIVE )] \[-RHIstate \( PASSIVE | ACTIVE )] \[-dnsProfileName ] \[-dnsRecordType ] \[-persistenceId <positive\_integer>] \[-domainName \[-TTL ] \[-backupIP <ip\_addr|ipv6\_addr|\*>] \[-cookieDomain ] \[-cookieTimeout ] \[-sitedomainTTL ]]

Arguments

name Identifies the virtual server name (created with the add cs vserver command).

IPAddress The new IP address of the virtual server.

ipset The list of IPv4/IPv6 addresses bound to ipset would form a part of listening service on the current cs vserver

IPPattern IP address pattern, in dotted decimal notation, for identifying packets to be accepted by the virtual server. The IP Mask parameter specifies which part of the destination IP address is matched against the pattern. Mutually exclusive with the IP Address parameter. For example, if the IP pattern assigned to the virtual server is 198.51.100.0 and the IP mask is 255.255.240.0 (a forward mask), the first 20 bits in the destination IP addresses are matched with the first 20 bits in the pattern. The virtual server accepts requests with IP addresses that range from 198.51.96.1 to 198.51.111.254. You can also use a pattern such as 0.0.2.2 and a mask such as 0.0.255.255 (a reverse mask). If a destination IP address matches more than one IP pattern, the pattern with the longest match is selected, and the associated virtual server processes the request. For example, if the virtual servers, vs1 and vs2, have the same IP pattern, 0.0.100.128, but different IP masks of 0.0.255.255 and 0.0.224.255, a destination IP address of 198.51.100.128 has the longest match with the IP pattern of vs1. If a destination IP address matches two or more virtual servers to the same extent, the request is processed by the virtual server whose port number matches the port number in the request.

Possible values: ENABLED, DISABLED Default value: DISABLED

precedence The precedence on the content switching virtual server between rule-based and URL-based policies. The default precedence is set to RULE. If the precedence is configured as RULE, the incoming request is applied against the content switching policies created with the -rule argument. If none of the rules match, then the URL in the request is applied against the content switching policies created with the -url option. For example, this precedence can be used if certain client attributes (such as a specific type of browser) need to be served different content and all other clients can be served from the content distributed among the servers. If the precedence is configured as URL, the incoming request URL is applied against the content switching policies created with the -url option. If none of the policies match, then the request is applied against the content switching policies created with the -rule option. Also, this precedence can be used if some content (such as images) is the same for all clients, but other content (such as text) is different for different clients. In this case, the images will be served to all clients, but the text will be served to specific clients based on specific attributes, such as Accept-Language.

Possible values: RULE, URL Default value: RULE

caseSensitive The URL lookup case option on the content switching vserver. If case sensitivity of a content switching virtual server is set to ‘ON’, the URLs /a/1.html and /A/1.HTML are treated differently and may have different targets (set by content switching policies). If case sensitivity is set to ‘OFF’, the URLs /a/1.html and /A/1.HTML are treated the same, and will be switched to the same target.

Possible values: ON, OFF Default value: ON

redirectURL The redirect URL for content switching.

cacheable The option to specify whether a virtual server used for content switching will route requests to the cache redirection virtual server before sending it to the configured servers.

Possible values: YES, NO Default value: NO

cltTimeout Client timeout in seconds. Default value: -1 Maximum value: 31536000

soMethod The spillover factor. When traffic on the main virtual server reaches this threshold, additional traffic is sent to the backupvserver.

Possible values: CONNECTION, DYNAMICCONNECTION, BANDWIDTH, HEALTH, NONE

soPersistence Maintain source-IP based persistence on primary and backup virtual servers.

Possible values: ENABLED, DISABLED Default value: DISABLED

soPersistenceTimeOut The spillover persistency entry timeout. Default value: 2 Minimum value: 2 Maximum value: 1440

soBackupAction Action to be performed if spillover is to take effect, but no backup chain to spillover is usable or exists

Possible values: DROP, ACCEPT, REDIRECT

redirectPortRewrite SSL redirect port rewrite.

Possible values: ENABLED, DISABLED Default value: DISABLED

Possible values: ENABLED, DISABLED Default value: ENABLED

disablePrimaryOnDown Continue forwarding the traffic to backup virtual server even after the primary server comes UP from the DOWN state.

Possible values: ENABLED, DISABLED Default value: DISABLED

insertVserverIPPort The virtual IP and port header insertion option for the vserver.

VIPADDR - Header contains the vserver’s IP address and port number without any translation.
OFF - The virtual IP and port header insertion option is disabled.
V6TOV4MAPPING - Header contains the mapped IPv4 address that corresponds to the IPv6 address of the vserver and the port number. An IPv6 address can be mapped to a user-specified IPv4 address using the set ns ip6 command.

Possible values: OFF, VIPADDR, V6TOV4MAPPING

vipHeader The name of virtual IP and port header.

rtspNat Enable network address translation (NAT) for real-time streaming protocol (RTSP) connections.

Possible values: ON, OFF Default value: OFF

AuthenticationHost FQDN of the authentication virtual server. The service type of the virtual server should be either HTTP or SSL.

Authentication Authenticate users who request a connection to the content switching virtual server.

Possible values: ON, OFF Default value: OFF

Listenpolicy String specifying the listen policy for the content switching virtual server. Can be either the name of an existing expression or an in-line expression. Default value: “NONE”

authn401 Enable HTTP 401-response based authentication.

Possible values: ON, OFF Default value: OFF

authnVsName Name of authentication virtual server that authenticates the incoming user requests to this content switching virtual server.

Possible values: ENABLED, DISABLED Default value: DISABLED

pushVserver Name of the load balancing virtual server, of type PUSH or SSL_PUSH, to which the server pushes updates received on the client-facing load balancing virtual server.

pushMultiClients Allow multiple Web 2.0 connections from the same client to connect to the virtual server and expect updates.

Possible values: YES, NO Default value: NO

tcpProfileName Name of the TCP profile containing TCP configuration settings for the virtual server.

httpProfileName Name of the HTTP profile containing HTTP configuration settings for the virtual server. The service type of the virtual server should be either HTTP or SSL.

dbProfileName Name of the DB profile.

comment Information about this virtual server.

l2Conn Use L2 Parameters to identify a connection

Possible values: ON, OFF

mssqlServerVersion The version of the MSSQL server

Possible values: 70, 2000, 2000SP1, 2005, 2008, 2008R2, 2012, 2014 Default value: 2008R2

mysqlProtocolVersion The protocol version returned by the mysql vserver. Default value: 10 Minimum value: 0

oracleServerVersion Oracle server version

Possible values: 10G, 11G Default value: 10G

mysqlServerVersion The server version string returned by the mysql vserver. Default value: NSA_MYSQL_SERVER_VER_DEFAULT

mysqlCharacterSet The character set returned by the mysql vserver. Default value: 8 Minimum value: 0

mysqlServerCapabilities The server capabilities returned by the mysql vserver. Default value: 41613 Minimum value: 0

appflowLog Enable logging appflow flow information

Possible values: ENABLED, DISABLED Default value: ENABLED

netProfile The name of the network profile.

authnProfile Name of the authentication profile to be used when authentication is turned on.

icmpVsrResponse Can be active or passive

Possible values: PASSIVE, ACTIVE Default value: PASSIVE

dnsRecordType persistenceId domainName Domain name for which to change the time to live (TTL) and/or backup service IP address.

TTL backupIP cookieDomain cookieTimeout sitedomainTTL

show cs policy

unbind cs vserver

Unbinds the virtual server from the content switching policy.

Synopsis

unbind cs vserver \(-vServer | \(-policyName \[-type ] \[-priority <positive\_integer>]) | -domainName | -lbvserver | -analyticsProfile @)

Arguments

name Name of the virtual server to unbind from the policy.

vServer Name of the default gslb or vpn vserver bound to CS vserver of type GSLB/VPN. For Example: bind cs vserver cs1 -vserver gslb1 or bind cs vserver cs1 -vserver vpn1

policyName Name of the policy from which to unbind the content switching virtual server. Note: To unbind the content switching virtual server from the default policy, do not specify a value for this parameter.

type For rewrite policies, the traffic flow to which the policy applies. Note: This parameter applies only to rewrite policies, because content switching policies are evaluated only at request time.

Possible values: REQUEST, RESPONSE, ICA_REQUEST, OTHERTCP_REQUEST

priority Priority number of the policy from which to unbind the content switching virtual server. Minimum value: 1

domainName Domain name for which to change the time to live (TTL) and/or backup service IP address.

lbvserver Name of the default lb vserver bound. Use this param for Default binding only. For Example: bind cs vserver cs1 -lbvserver lb1 Default value: “default_lb”

analyticsProfile unbind cs vserver -analyticsProfile .

rename cs vserver

Renames a content switching virtual server.

Synopsis

rename cs vserver @ @

Arguments

name Existing name of the content switching virtual server.

newName New name for the virtual server. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at sign (@), equal sign (=), and hyphen (-) characters. The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my name” or ‘my name’).

Example

rename cs vserver cs1 cs2

disable cs vserver

Disables a content switching virtual server.

Synopsis

disable cs vserver @

Arguments

name Name of the virtual server to be disabled.

Example

disable vserver cs_vip

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

cs-vserver

June 28, 2023

Contributed by:

June 28, 2023

Contributed by:

cs-vserver

stat cs vserver

Synopsis

Arguments

Output

Counters

unset cs vserver

Synopsis

Related Commands

add cs vserver

Synopsis

Arguments

Example

Related Commands

enable cs vserver

Synopsis

Arguments

Example

rm cs vserver

Synopsis

Arguments

Example

show cs vserver

Synopsis

Arguments

Output

Related Commands

bind cs vserver

Synopsis

Arguments

Example

Related Commands

set cs vserver

Synopsis

Arguments

Related Commands

unbind cs vserver

Synopsis

Arguments

rename cs vserver

Synopsis

Arguments

Example

disable cs vserver

Synopsis

Arguments

Example

In this article