ltm policy-strategy
ltm policy-strategy(1) BIG-IP TMSH Manual ltm policy-strategy(1)
NAME
policy-strategy - Configures policy-strategy for Centralized Policy
Manager.
MODULE
ltm
DESCRIPTION
The policy-strategy component stores the different matching strategies
employed by LTM Policy engine. Strategy comes into play when a policy
has multiple rules, and the behavior of the policy can be customized as
the situation requires.
There are 3 pre-defined matching strategies: "first-match",
"all-match", and "best-match". A "first-match" strategy terminates the
matching engine on the first condition that matches and executes that
rule's actions. An "all-match" strategy will execute the actions for
all conditions that match.
The "best-match" strategy is intended for situations when multiple
conditions match simultaneously, and allows for the more specific match
to win. For example, one rule may match the http-uri hostname while
another may match the http-uri extension. The system has a built-in
table defining combinations of event, operand, and selector, and an
associated precedence value for each combination. When multiple rules
match in a "best-match" situation, then the condition with the lowest
ordinal value of event-operand-selector precendence is declared to be
the most specific, and its actions are executed.
Generally policy-strategy should not require additions or changes.
However, it could make sense to create user-defined policy-strategy
when a "best-match" strategy is desired, but the built-in precedence
table does not reflect the organization's idea of which operand-
selector combinations are most specific.
For additional details, refer to Local Traffic Policy documentation on
the AskF5 knowledge base at http://support.f5.com.
CREATE/MODIFY
create policy-strategy [name]
modify policy-strategy [name]
options:
[ strategy | [ all-match | best-match | first-match ] ]
operands [add | delete | modify | replace-all-with] {
ORDINAL {
[OPERAND] [EVENT] [SELECTOR]
}
}
[ app-service [VALUE | none]]
[ partition VALUE ]
where
strategy
Specifies the match method: all-match, best-match, or first-match.
operands
Define a combination of event, operand, selector, and associate it
with an ordinal precedence value.
ORDINAL
Integer precedence value, lower value indicates a higher
precedence.
OPERAND
Entity to compare, see some examples in Precedence Table below, or
ltm_policy documentation for list with descriptions.
EVENT
Framework event like request or response, default is "request" if
not specified.
SELECTOR
More specific part of operand, default is "all" if not specified.
See some examples in the Precedence Table below, or ltm_policy
documentation for list and descriptions.
app-service
Specifies the name of the application service to which the policy
strategy belongs. The default value is "none" if not specified.
Note: If the strict-updates option is enabled on the application
service that owns the object, you cannot modify or delete the
policy strategy. Only the application service can modify or delete
the policy strategy.
DISPLAY
list policy-strategy
list policy-strategy [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
DELETE
delete policy-strategy [name]
EXAMPLES
create policy-strategy my_strategy strategy first-match
Creates the policy strategy my_strategy which matches the first rule
selected.
Precedence Table
Ordinal Event Operand Selector
-------- --------------- -------------------- --------------------
1 request tcp port
2 request tcp vlan-id
3 request tcp vlan
4 request tcp route-domain
5 request tcp rtt
6 request tcp mss
7 request client-ssl cipher
8 request client-ssl cipher-bits
9 request http-host host
10 request http-host port
11 request http-host all
12 request http-version all
13 request http-version major
14 request http-version minor
15 request http-method all
16 request http-uri scheme
17 request http-uri host
18 request http-uri port
19 request http-uri path-segment
20 request http-uri extension
21 request http-uri path
22 request http-uri query-parameter
23 request http-uri unnamed-query-parameter
24 request http-uri query-string
25 request http-uri all
26 request http-cookie all
27 request http-basic-auth username
28 request http-basic-auth password
29 request http-referer all
30 request http-referer scheme
31 request http-referer host
32 request http-referer port
33 request http-referer path-segment
34 request http-referer path
35 request http-referer extension
36 request http-referer query-parameter
37 request http-referer unnamed-query-parameter
38 request http-referer query-string
39 request http-header all
40 response http-version all
41 response http-version major
42 response http-version minor
43 response http-status all
44 response http-status code
45 response http-status text
46 response http-header all
47 request geoip org
48 request geoip isp
49 request geoip region-code
50 request geoip region-name
51 request geoip country-code
52 request geoip country-name
53 request geoip continent
54 request cpu-usage last-15secs
55 request cpu-usage last-1min
56 request cpu-usage last-5mins
57 request http-user-agent device-make
58 request http-user-agent device-model
59 request http-user-agent browser-type
60 request http-user-agent browser-version
61 request http-user-agent user-agent-token
SEE ALSO
ltm policy, create, delete, edit, glob, list, modify, regex, reset-
stats, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2016. All rights
reserved.
BIG-IP 2016-03-14 ltm policy-strategy(1)