Configuring Forwarding Session Rules
By default, the Citrix ADC appliance does not create session entries for traffic that it only forwards (L3 mode). For a case in which a client request that the appliance forwards to a server results in a response that has to return by the same path, you can create a forwarding-session rule. A forwarding-session rule creates forwarding-session entries for traffic that originates from or is destined for a particular network and is forwarded by the Citrix ADC. You can create forwarding session rules for IPv4 traffic as well as IPv6 traffic.
When configuring an IPv4 forwarding-session rule, you can specify either an IPv4 network address or an extended ACL as the condition for identifying IPv4 traffic for which to create a forwarding-session entry:
- Network address. When you specify an IPv4 network address, the appliance creates forwarding sessions for IPv4 traffic whose source or destination matches the network address.
- Extended ACL rule. When you specify an extended ACL rule, the appliance creates forwarding sessions for IPv4 traffic that matches the conditions specified in the extended ACL rule.
When configuring an IPv6 forwarding-session rule, you can specify either an IPv6 prefix or an ACL6 as the condition for identifying IPv6 traffic for which to create a forwarding-session entry:
- IPv6 prefix. When you specify an IPv6 prefix, the appliance creates forwarding sessions for IPv6 traffic whose source or destination matches the IPv6 prefix.
- ACL6 rule. When you specify an ACL6 rule, the appliance creates forwarding sessions for IPv6 traffic that matches the conditions specified in the ACL6 rule.
To create an IPv4 forwarding session rule by using the CLI:
At the command prompt, type the following commands to create a forwarding-session rule and verify the configuration:
-
add forwardingSession <name> [<network> <netmask> ] | [-aclname <string>] -connfailover (ENABLED | DISABLED)
-
show forwardingSession
Example:
A network address as the condition:
> add forwardingSession fs-nw-1 10.102.105.51 255.255.255.255
Done
An ACL as the condition:
> add forwardingSession fs-acl-1 acl1
Done
<!--NeedCopy-->
To configure an IPv4 forwarding session rule by using the GUI:
Navigate to System > Network > Forwarding Sessions, add a new IPv4 forwarding session, or edit an existing forwarding session.
To create an IPv6 forwarding session rule by using the CLI:
-
At the command prompt, type the following commands to create a forwarding-session rule and verify the configuration:
- add forwardingSession <name> [<IPv6 prefix>] | [-acl6name <string>]
- show forwardingSession
Example:
An IPv6 prefix as the condition:
> add forwardingSession fsv6-pfx-1 3ffe::/64
Done
An ACL6 rule as the condition:
> add forwardingSession fsv6-acl6-1 –acl6name ACL6-FS
Done
<!--NeedCopy-->
To configure an IPv6 forwarding session rule by using the GUI:
Navigate to System > Network > Forwarding Sessions, add a new IPv6 forwarding session, or edit an existing forwarding session.
Assigning an ACL rule to an Existing Forwarding Session Rule
You can assign an ACL rule to a Network-address/IPv6-prefix based forwarding session rule, in which case it becomes an ACL based forwarding session rule. You can also change an existing ACL rule to another ACL rule in an ACL based forwarding session rule. After the existing related forwarding session entries (if any) have timed out, the rules start using the newly assigned ACL to identify IPv4/IPv6 traffic for which to create a forwarding-session entry.
To assign an extended ACL rule to an existing IPv4 forwarding session rule by using the CLI:
At the command prompt, type
- set forwardingSession <name> [-aclname <string>]
- show forwardingSession <name>
To assign an ACL6 rule to an existing IPv6 forwarding session rule by using the CLI:
At the command prompt, type
- set forwardingSession <name> [-acl6name <string>]
- show forwardingSession <name>
Example:
> add forwardingSession FS-1 -aclname ACL-9
Done
> add forwardingSession FS6-1 –acl6name ACL6-9
Done
Disabling Steering for Forwarding Sessions on a Cluster Setup
The default behavior of a Citrix ADC cluster is for the node that receives traffic (flow receiver) to direct the traffic to another node (flow processor), which processes the traffic. Directing the traffic from flow receiver to flow processor occurs over the cluster backplane and is called steering.
Steering can be an overhead for real-time processing or when the setup includes high-latency links.
Steering for forwarding sessions can now be disabled so that the processing becomes local to the flow receiver. That is, the flow receiver becomes the flow processor.
Before you begin
Note the following points before configuring forwarding session rules in a cluster setup:
- You must configure linksets to be used for forwarding sessions.
- You must enable MAC Based Forwarding (MBF) on the cluster setup.
Configuring Forwarding Session Rules in a Cluster Setup
Disabling steering for forwarding session rules in a cluster setup can be done at the following two levels:
- Specific forwarding session rule level. Enable the Process Local parameter while adding a new forwarding session rule or editing an existing forwarding session rule.
- Global level. Enable the Process Local parameter while adding a new cluster instance or editing an existing cluster instance. The global setting takes precedence over the forwarding session rule setting.
CLI procedures
To disable steering for a forwarding session rule on a cluster setup by using the CLI:
At the command prompt, type one of the following sets of commands:
-
If adding a new forwarding session rule:
- **add forwardingSession** <name> ((<network> [<netmask>]) | -**acl6name** <string> | -**aclname** <string>) -**processLocal ENABLED**
- show forwardingSession <name>
-
If reconfiguring an existing forwarding session rule:
- set forwardingSession <name> -processLocal ENABLED
- show forwardingSession <name>
To disable steering for all (global level) forwarding session rules on a cluster setup by using the CLI:
At the command prompt, type one of the following sets of commands:
-
If adding a new cluster instance:
- add cluster instance <clid> -processLocal Enabled
- show cluster instance <clid>
-
If reconfiguring an existing cluster instance:
- set cluster instance <clid> -processLocal Enabled
- show cluster instance <clid>
Sample configuration:
Following are two examples of disabling steering at the forwarding session rule level, and an example of disabling steering at the global level.
An IPv4 forwarding session rule:
> add forwardingSession FWD-SESSN-PROCSS-LOCL-IPV4-1 10.102.105.51 255.255.255.255 -processLocal Enabled
Done
An IPv6 forwarding session rule:
> add forwardingSession FWD-SESSN-PROCSS-LOCL-IPV6-1 –acl6name ACL6-FWD-SESSN-1 -processLocal Enabled
Done
A cluster setup, with an instance ID 10, has steering disabled at global level:
> set cluster instance 10 -processLocal Enabled
Done
<!--NeedCopy-->
GUI procedures
To disable steering for a forwarding session rule on a cluster setup by using the GUI:
Navigate to System > Network > Forwarding Sessions, select Process Local while adding a new forwarding session rule or editing an existing forwarding session rule.
To disable steering for all (global level) forwarding session rules on a cluster setup by using the GUI:
Navigate to System > Cluster, and select Process Local while adding a cluster configuration or modifying an existing cluster configuration.