Product Documentation
ADC
14.1 - Current Release 13.1 13.0 12.1
View PDF

Configure a data set

December 21, 2023
Contributed by: 
C S

To configure a data set, you must specify the strings that server as a pattern, assign a type (number, IPv4 address, or IPv6 address) and configure the dataset range. You can manually assign a unique index value to the pattern, or you can allow the index values to be assigned automatically. Dataset is not related to HTTP or any 7-layer protocol. It works only on text or string. There are different types of dataset such as NUM, ULONG, IPv4, IPv6, MAC, DOUBLE. You can select a type and define the dataset range based on the specified type.

Note:

Policy data sets are case sensitive (unless you specify the expression to ignore case). Therefore, the MAC address ff:ff:ff:ff:ff:ff for example, is not the same as the MAC address FF:FF:FF:FF:FF:FF.

The rules applied for index values of data sets are similar to pattern sets. For information about index values, see Configuring a Pattern Set.

Starting with NetScaler release 14.1-12.x, in addition to using a static string, you can use an expression to bind a data set with a policy. The data set name is dynamically derived from the expression and therefore reduces the number of policies that must be created for multiple data sets. By creating a dynamic data set, you can avoid repetitive configuration.

Example: In releases prior to NetScaler 14.1-12.x release, if there are four data sets, you have to create four policies to bind the four data sets. From the release NetScaler 14.1-12.x onwards, you can use an expression instead of the data set name to bind with the policy. As part of the expression evaluation, all four data sets are evaluated and the data set name is derived. So, all the four data sets are bound to one policy using the expression.

The expression evaluation process of dynamic data sets is similar to that of pattern sets. For more information about expression evaluation, see Configuring a Pattern Set.

Configure a data set

Complete the following steps to configure a data set:

  1. Add a policy dataset
  2. Bind pattern to a policy dataset
  3. Add a policy expression
  4. Verify the policy configuration

Add a policy dataset

At the command prompt, do the following:

add policy dataset <name> <type>

Example:

add policy dataset ds1 ipv4 -comment numbers

Bind a pattern to the data set

At the command prompt, type:

bind policy dataset <name> <value> [-index <positive_integer>] [-endRange <string>] [-comment <string>]

Example:

bind policy dataset ds1 1.1.1.1 -endRange 1.1.1.10 -comment short description about the pattern bound to the data set

Note:

You must repeat this step for all the patterns you want to bind to the data set. You can bind only up to 5000 patterns to a dataset.

And, a dataset range must not overlap with other ranges bound to a dataset and cannot include single values bound to the dataset. If you bind a dataset with an overlapping range results in an error.

Example:

add policy dataset ip_set ipv4
 Done
bind policy dataset ip_set 2.2.2.25
 Done
bind policy dataset ip_set 2.2.2.20 -endRange 2.2.2.30
ERROR: The range overlaps an existing range or includes a value bound to the dataset.
<!--NeedCopy-->

A value is considered to be in the dataset if it is either equal to a single value bound to the data set or is between the lower-value and upper-value (lower-value <= value && value <- upper-value), for a range bound to the data set.

Use policy expression in a policy data set

At the command prompt, type:

add policy expression exp1 http.req.body(100).contains_any("ds1")

Where, The expression checks whether there is any pattern (or pattern within the range) bound to the dataset ds1 is present in the first 100 bytes of the HTTP request body.

Verify dataset configuration

At the command prompt, type:

show policy dataset ds1

Example:

> show policy dataset ds1
       Dataset:        ds1
        Type:   IPV4
1)      Bound Dataset Range from: 1.1.1.1       through: 1.1.1.10       Index:  1
<!--NeedCopy-->

Configure a dynamic data set

Configure a dynamic data set using the CLI

At the command prompt, type the following commands:

  1. Create data sets.

    add policy dataset <name> - dynamic yes

    Example:

    add policy dataset CompA_data -dynamic yes
add policy dataset CompB_data -dynamic yes
<!--NeedCopy-->

  2. Bind the data set to a policy.

    bind policy dataset <name> <string>

    Example:

    bind policy dataset CompA_data stringA
bind policy patset CompB_data string B
<!--NeedCopy-->

  3. Add a policy and use an expression instead of a data set name.

    add responder policy <name> <rule> <action>

    Example:

    add responder policy samplepolicy1 http.req.hostname.contains_any("Comp" + http.req.url.path.get(1) + "_pat") reset
<!--NeedCopy-->

  4. Verify the configuration.

    > show dataset -dynamicOnly

    Example:

    > show dataset -dynamicOnly
1) Dataset: CompA_data
2) Dataset: CompB_data
Done
<!--NeedCopy-->

Configure a dynamic data set using the GUI

  1. Navigate to AppExpert > Data Sets.
  2. Click Add to open the Create Data Set dialog box.
  3. Specify a name for the data set in the Name text box.
  4. Click Insert and specify a value in the Data field. 1. Optionally, specify an Index. Index is a user assigned value, from 1 through 4294967290.
  5. Verify that you have entered the correct characters, and then click Insert.
  6. Repeat steps 4 and 5 to add more values.
  7. Select the Dynamic check-box and then click Create.
  8. Navigate to AppExpert > Responder > Policies > Add.
  9. Create an expression that can derive the data set.
  10. Add detail in the other mandatory fields and click Create.

Set, unset, or remove a dynamic data set

To set a data set as dynamic:

> set dataset <name> -dynamic yes

Example:

> set dataset CompA_data -dynamic yes

To unset a data set as dynamic:

> unset dataset <name> -dynamic

Example:

> unset dataset CompA_data -dynamic
Warning: [Dynamic attribute turned off. Expressions using this patset or dataset dynamically will not work.]
 Done
<!--NeedCopy-->

To remove a dynamic pattern set:

> rm dataset <name>

Example:

> rm dataset CompA_pat
Warning: [Dynamic patset or dataset removed. Expressions using this patset or dataset dynamically will not work.]
 Done
<!--NeedCopy-->

Note:

When you unset or remove a dynamic data set, the expression that is using the data set does not work.

Configure a data set by using the configuration utility

Follow the steps given below to configure a policy dataset:

  1. Navigate to AppExpert > Data Sets.
  2. In the details pane, under Data Sets, click Add.

  3. In the Configure Data Set page, set the following parameters.

    1. Name. Name of the policy data set.
    2. Type. Type of value to bind to the dataset.

    Configuring data set

  4. Click Insert to bind the dataset value of specific type.
    1. Value. Value of the specified type associated with the dataset.
    2. Index. The index value of the dataset.
    3. End range. The dataset entry. This is a range <value> to <end_range>.
    4. Comments. A short description about the data set.

    dataset binding

  5. Click Insert and Close.
  6. Enter comments.
  7. Click Create and Close.

CIDR subnet notation in IPv4 and IPv6 addresses for policy dataset

The Policy datasets for IPv4 and IPv6 address allow the bound value to be subnets using the CIDR notation. The CIDR notation specifies the address and the range of the subnet. CIDR notation <address>/<n>, where <address> is the first address in the subnet and <n> is an integer specifying the number of left-most bits set in the subnet mask, which defines the range of the subnet.

For example, 192.128.0.0/10 represents an IPv4 subnet starting at address 192.129.0.0 with a mask 0xFFC0000 (255.192.0.0).

Example:

add policy dataset ds1 ipv4
bind policy dataset ds1 192.128.0.0/10
show policy dataset ds1
    Dataset: ds1
    Type: IPV4
Bound Dataset Value: 192.128.0.0/10 Index: 1 Comment: Subnet range from 192.128.0.0 through 192.191.255.255
<!--NeedCopy-->

An example to use this dataset in an expression:

add responder policy resp_ipv4_pol client.ip.src.typecast_text_t.equals_any("ds1") drop
<!--NeedCopy-->

Example of an IPv6 subnet:

An example of an IPv6 subnet would be 2001:db8:123::/56, which starts at address 2001:db8:123:: with a mask FFFF:FFFF:FFFF:FF00::

add policy dataset ds2 ipv6
bind policy dataset ds2 2001:db8:123::/56
show policy dataset ds2
    Dataset: ds2
    Type: IPV61
Bound Dataset Value: 2001:db8:123::/56 Index: 1 Comment: Subnet range from 2001:db8:123:: through 2001:db8:123:ff:ffff:ffff:ffff:ffff
<!--NeedCopy-->

The starting address of the subnet will be determined by the specified address masked by the subnet mask. A warning is issued if the specified address does not match the resulting starting address.

Example:

bind policy dataset ds1 192.168.0.0/10
Warning: Starting subnet address masked using subnet mask to create new starting address [192.128.0.0]
show policy dataset ds1
    Dataset: ds1
    Type: IPV4
Bound Dataset Value:192.168.0.0/10 Index: 1 Comment: Subnet range from 192.128.0.0 through 192.191.255.255
<!--NeedCopy-->

An example to use this dataset in an expression:

add responder policy resp_ipv6_pol client.ipv6.src.typecast_text_t.equals_any("ds2") drop
<!--NeedCopy-->
Configure a data set
December 21, 2023
Contributed by: 
C S
December 21, 2023
Contributed by: 
C S

In this article

Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.