You can use the Policy Enforcement Manager to set up the BIG-IP system to classify and intelligently steer traffic on the network. The system automatically sets up virtual servers for TCP and UDP traffic so that the BIG-IP system can classify the traffic and direct it to one or more steering endpoints based on traffic characteristics.
Policy Enforcement Manager provides the ability to intelligently steer traffic based on policy decision made using classification criteria, URL category, flow information, or custom criteria (iRule events). Steering, also called traffic forwarding, can help you police, control and optimize traffic. You can forward a particular type of traffic to a pool of one or more servers designed to handle that type of traffic, or to a location closer to clients requesting a service. For example, you can send HTTP video traffic to a pool of video delivery optimization servers. You can have one policy option to classify each transaction which allows transaction aware steering. This ability to classify traffic for every transaction is called transactional policy enforcement. The classification per transaction is for HTTP traffic only.
You set up steering by creating an enforcement policy that defines the traffic that you want to send to a particular location or endpoint. Rules in the enforcement policy specify conditions that the traffic must match, and actions for what to do with that traffic. One of the actions you can take is to forward the traffic to a particular endpoint, called a forwarding endpoint.
You can create listeners to set up virtual servers and associate the enforcement policies with the traffic that is sent to them. The system also creates a Policy Enforcement profile that specifies the enforcement policy that the system uses, among other uses, for traffic steering.
|Preserve||Maintains the value configured for the source port, unless the source port from a particular SNAT is already in use.|
|Preserve Strict||Maintains the value configured for the source port. If the port is in use, the system does not process the connection. Use this setting only when (1) the port is configured for UDP traffic; (2) the system is configured for nPath routing or running in transparent mode; or (3) a one-to-one relationship exists between virtual IP addresses and node addresses, or clustered multi-processing (CMP) is disabled.|
|Change||Specifies that the system changes the source port.|
|Source Address||Map the source IP address to a specific pool member so that subsequent traffic from this address is directed to the same pool member.|
|Destination Address||Map the destination IP address to a specific pool member so that subsequent traffic from this address is directed to the same pool member.|
|Match||Select whether you want to perform actions on traffic that matches (select Match) or does not match (select No Match) the criteria specified.|
|DSCP Marking||To match incoming traffic based on a DSCP value, type an integer from 0 to 63.|
|Protocol||To specify the applicable traffic by protocol, select UDP, TCP, or leave the default value of Any.|
|Source Address/Mask||To match incoming traffic based on the address or network it is coming from, type the source IP address/netmask of the network you want the rule to affect. The default value is 0.0.0.0/32.|
|Source Port||To match incoming traffic based on the port it is coming from, type the port number you want the rule to affect. The default value (empty) matches traffic from all ports.|
|Source VLAN||To match incoming traffic based on the VLAN, select a previously configured VLAN.|
|Destination Address/Mask||To match traffic based on the address or network it is directed to, type the source IP address/netmask of the network you want the rule to affect. The default value is 0.0.0.0/32.|
|Destination Port||To match incoming traffic based on the port it is directed to, type the port number you want the rule to affect. The default value (empty) matches traffic headed to all ports.|