Manual Chapter : Accelerating Traffic with a Local Traffic Policy

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0
Manual Chapter

About classifying types of HTTP traffic with a local traffic policy

An application that runs on a virtual server accelerates all HTTP traffic. You can, however, use a local traffic policy to classify types of HTTP traffic for the BIG-IP® system to accelerate, by specifying hosts, paths, headers, and cookies.

Important: Although you can use a local traffic policy to classify the types of HTTP traffic to accelerate, the local traffic policy overrides the Web Acceleration profile on the virtual server. Acceleration of HTTP traffic with the BIG-IP system should primarily be configured through a Web Acceleration profile, instead of a local traffic policy.

Local traffic policy matching Strategies settings

This table summarizes the strategies used for traffic policy matching.

Matching strategy Description
First-match strategy A first-match strategy executes the actions for the first rule in the Rules list that matches.
Best-match strategy A best-match strategy selects and executes the actions of the rule in the Rules list with the best match, as determined by the following factors.
  • The number of conditions and operands that match the rule.
  • The length of the matched value for the rule.
  • The priority of the operands for the rule.
Note: In a best-match strategy, when multiple rules match and specify an action, conflicting or otherwise, only the action of the best-match rule is executed. A best-match rule can be the lowest ordinal, the highest priority, or the first rule that matches in the Rules list.
All-match strategy An all-match strategy executes the actions for all rules in the Rules list that match.
Note: In an all-match strategy, when multiple rules match, but specify conflicting actions, only the action of the best-match rule is executed. A best-match rule can be the lowest ordinal, the highest priority, or the first rule that matches in the Rules list.

Local traffic policy matching Requires profile settings

This table summarizes the profile settings that are required for local traffic policy matching.

Requires Setting Description
http Specifies that the policy matching requires an HTTP profile.
ssl Specifies that the policy matching requires a Client SSL profile.
tcp Specifies that the policy matching requires a TCP profile.

Local traffic policy matching Controls settings

This table summarizes the controls settings that are required for local traffic policy matching.

Controls Setting Description
acceleration Provides controls associated with acceleration functionality.
caching Provides controls associated with caching functionality.
classification Provides controls associated with classification.
compression Provides controls associated with HTTP compression.
forwarding Provides controls associated with forwarding functionality.
persistence Provides controls associated with persistence functionality.
request-adaptation Provides controls associated with request-adaptation functionality.
response-adaptation Provides controls associated with response-adaptation functionality.
server-ssl Provides controls associated with server-ssl functionality.

Local traffic policy matching condition types

This table summarizes the types of conditions used in policy matching.

Condition Type Selectors and Parameters Valid Events Options
Client SSL
  • cipher
  • cipher-bits
  • protocol
  • response
  • request
  • Skip this condition if it is missing from the request
  • Use case sensitive string comparison
CPU Usage
  • 15 seconds
  • 1 minute
  • 5 minutes
  • response
  • request
  • ssl client hello
  • ssl server handshake
  • ssl server hello
 
Geo. IP
  • continent
  • country code
  • country name
  • isp
  • organization
  • region code
  • region name
  • response
  • request
  • ssl client hello
  • ssl server handshake
  • ssl server hello
  • Apply to traffic on remote or local side of external or internal interface.
  • Skip this condition if it is missing from the request
  • Use case sensitive string comparison
HTTP Basic Auth.
  • password
  • username
 
  • Skip this condition if it is missing from the request
  • Use case sensitive string comparison
HTTP Cookie named  
  • Skip this condition if it is missing from the request
  • Use case sensitive string comparison
HTTP Header named
  • response
  • request
  • Skip this condition if it is missing from the request
  • Use case sensitive string comparison
HTTP Host
  • host
  • port
  • full string
 
  • Skip this condition if it is missing from the request
  • Use case sensitive string comparison
HTTP Method (Specify the string for the method.)  
  • Skip this condition if it is missing from the request
  • Use case sensitive string comparison
HTTP Referer
  • all
  • extension
  • host
  • path
  • path-segment
  • port
  • query-parameter
  • query-string
  • scheme
  • unnamed-query- parameter
  • full string
  • request
  • Skip this condition if it is missing from the request
  • Use case sensitive string comparison
HTTP Set Cookie named
  • domain
  • expiry
  • path
  • value
  • version
 
  • Skip this condition if it is missing from the request
  • Use case sensitive string comparison
HTTP Status
  • code
  • text
  • full string
   
HTTP URI
  • extension
  • host
  • path
  • path-segment
  • port
  • query-parameter
  • query-string
  • scheme
  • unnamed-query- parameter
  • full string
 
  • Skip this condition if it is missing from the request
  • Use case sensitive string comparison
HTTP Version
  • major
  • minor
  • protocol
  • full string
 
  • Use case-sensitive string comparison
SSL Certificate with index  
  • Skip this condition if it is missing from the sslServerHandshake.
  • Use case-sensitive string comparison
SSL Extension
  • alpn
  • npn
  • server name
  • ssl client hello
  • ssl server hello
  • Skip this condition if it is missing from the sslClientHello.
  • Use case-sensitive string comparison
TCP
  • address
  • mss
  • port
  • route-domain
  • rtt
  • vlan
  • vlan-id
  • response
  • request
  • ssl client hello
  • ssl server handshake
  • ssl server hello
  • Apply to traffic on remote or local side of external or internal interface.
  • Use case sensitive string comparison
WebSocket
  • extension
  • key
  • protocol
  • version
  • websocket request
  • websocket response
  • Skip this condition if it is missing from the sslClientHello.
  • Use case-sensitive string comparison

Local traffic policy matching Actions operands

This table summarizes the actions associated with the conditions of the rule used in policy matching.

Target Type Valid Events Action
acceleration string/number
  • request
  • disable
  • enable
cache string
  • request
  • response
  • disable
  • enable
    • pin true
compress string
  • request
  • response
  • disable
  • enable
decompress string
  • request
  • response
  • disable
  • enable
forward string
  • request
  • reset
  • select
    • clone-pool
    • member
    • nexthop
    • node
    • pool
    • rateclass
    • snat
    • snatpool
    • vlan
    • vlan-id
http-cookie string
  • request
  • insert
    • name (required)
    • value (required)
      Note: This parameter supports Tcl expressions.
  • remove
    • name (required)
http-header string/number
  • request
  • response
  • insert
    • name (required)
    • value (required)
      Note: This parameter supports Tcl expressions.
  • remove
    • name (required)
  • replace
    • name (required)
    • value (required)
      Note: This parameter supports Tcl expressions.
http-host string
  • request
  • replace
    • value
      Note: This parameter supports Tcl expressions.
http-referer string
  • request
  • insert
    • value (required)
      Note: This parameter supports Tcl expressions.
  • remove
  • replace
    • value
      Note: This parameter supports Tcl expressions.
http-reply string
  • request
  • response
  • redirect
    • location (required)
      Note: This parameter supports Tcl expressions.
http-set-cookie string/number
  • response
  • insert
    • name (required)
    • domain
      Note: This parameter supports Tcl expressions.
    • path
      Note: This parameter supports Tcl expressions.
    • value (required)
      Note: This parameter supports Tcl expressions.
  • remove
    • name (required)
http-uri string/number
  • response
  • replace
    • path
      Note: This parameter supports Tcl expressions.
    • query-string
      Note: This parameter supports Tcl expressions.
    • value
      Note: This parameter supports Tcl expressions.
log string/number
  • request
  • response
  • write
    • message (required)
      Note: This parameter supports Tcl expressions.
pem string/number
  • request
  • response
  • classify
    • application
    • category
    • defer
    • protocol
persist string/number
  • request
  • response
  • disable
  • source-address
    • carp
      Note: This parameter supports Tcl expressions.
    • cookie-hash
    • cookie-insert
    • cookie-passive
    • cookie-rewrite
    • destination-address
    • disable
    • hash
      Note: This parameter supports Tcl expressions.
    • source-address
    • universal
      Note: This parameter supports Tcl expressions.
request-adapt string/number
  • request
  • response
  • disable
  • enable
response-adapt string/number
  • request
  • response
  • disable
  • enable
server-ssl string/number
  • request
  • disable
  • enable
tcl string/number
  • request
  • response
  • set-variable
    • name (required)
    • expression (required)
      Note: This parameter supports Tcl expressions.
tcp-nagle string/number
  • request
  • disable
  • enable