This release provides many enhancements to the policy infrastructure, including:
• Policies for analyzing the traffic rate
• Policies for sending queries to an external application
• Graphical tools for easier creation of policies (see the enclosed video tip for a demo)
• Configuration of policy labels and policy banks
• Policy expression parameters for analyzing new types of data, including IPv6 addresses.
• New documentation for policies and expressions.
Policies to Analyze the Traffic Rate
You can configure policies that parse the request rate or bandwidth usage. The most popular uses for policies based on traffic rate include limiting access to virtual servers or any other user-defined entity, and preventing network overload. You can configure NetScaler features to perform any other supported action based on the traffic rate, for example, redirecting traffic if the rate exceeds a particular threshold.
In this release, you can configure rate-based policies based on the following:
• The number of HTTP requests that the NetScaler intercepts.
• The number of DNS requests that the NetScaler intercepts.
• The bandwidth usage.
Policies to Send HTTP Requests to Remote Applications
You can configure HTTP callout policies to obtain information from external applications and parse the responses. For example, if a server makes a request, you can use an HTTP callout request to determine if this server is on a “deny access” list. The HTTP callout request can send the requesting server’s domain to an application that looks up bad domains from a list. When the application sends a response to the NetScaler, the HTTP callout policy can extract the “allowed” or “denied” determination from the response.
To deploy the HTTP callout policy, you also create an agent in front of the application to format the HTTP callout request for the application. When the application returns a response, the agent formats the response for the NetScaler, so that the callout policy can extract data of interest from the response.
You can invoke HTTP callout policies from any other type of NetScaler advanced policy using the expression prefix SYS.HTTP_CALLOUT. For example, you can invoke an HTTP callout policy from a rewrite action and insert the value that is returned by the callout in an HTTP response header.
Policy Banks and Policy Labels
This release introduces new methods for configuring collections of advanced policies known as policy banks. Policy banks are groups of polices that share the same bind point:
• Built-in bind points are global or specific to a virtual server.
• A user-defined bind point is known as a policy label.
After you create a policy label and bind policies to it, you invoke the policy label (and its associated policies) from one of the built-in bind points. If you bind policies to a virtual server, you can also invoke the virtual server’s policy bank from any other policy bank. You can invoke a policy label or policy bank using when binding a policy or by specifying a new “NOPOLICY” place-holder that performs invocation without processing a rule.
As part of policy bank configuration you can also create an arbitrary evaluation order by specifying Goto expressions.
A new graphical tool called the Policy Manager simplifies configuration of policy banks and invocation of policy labels.
Policy Manager and Other Usability Enhancements
In this release, some applications provide a specialized Policy Manager in the NetScaler configuration utility to simplify the binding of policies to an invocation point or a user-defined policy label, assigning policy priorities to policies, viewing the different policy banks that are configured in the feature. The Policy Manager also enables you to find and delete policies and actions that are not being used. As of release 9.0, the Policy Manager is available for the Rewrite, Integrated Caching, and Responder features.
In addition, the configuration utility simplifies the task of viewing policy bindings to vservers. A Visualizer in the Load Balancing and Content Switching features enables you to view policy bindings as well as service and monitor bindings.
See the enclosed video tip for a demo of the Policy Manager.
New Parameters for Classic and Advanced Expressions
New expression parameters have been provided for parsing additional types of data, including:
• IPv6 addresses
• String sets (comparisons with any or all strings in a set)
• Caching headers
• Dates and times
• File system information (files, directories, file system commands)
Policy Configuration and Reference Guide
A new policy guide provides comprehensive information on all the available parameters for advanced and classic policies and configuration instructions. This guide is available from the Documentation tab in the NetScaler configuration utility.
Video tip 1: Using the Policy Manager to add the first policy in a policy bank:
Video tip 2: Using the Policy Manager to add a second policy and order the policies in the bank: