Device Manager GUI Guide vA5(1.0) and vA5(1.2), Cisco ACE 4700 Series Application Control Engine Appliance
Configuring Parameter Maps
Downloads: This chapterpdf (PDF - 303.0KB) The complete bookPDF (PDF - 17.26MB) | Feedback

Configuring Parameter Maps

Table Of Contents

Configuring Parameter Maps

Configuring HTTP Parameter Maps

Configuring Connection Parameter Maps

Configuring Optimization Parameter Maps

Configuring Generic Parameter Maps

Configuring RTSP Parameter Maps

Configuring SIP Parameter Maps

Configuring Skinny Parameter Maps

Configuring DNS Parameter Maps

Supported MIME Types

Viewing All Parameter Maps by Context


Configuring Parameter Maps


Parameter maps provide a means of performing actions on traffic received by the ACE, based on certain criteria such as protocol or connection attributes. After you configure a parameter map, you associate it with a policy map to implement configured behavior.

Table 8-1 describes the parameter maps you can configure using the ACE.

Table 8-1 Parameter Map Types 

Parameter Map
Description

Connection

Connection parameter maps combine all IP and TCP connection-related behaviors pertaining to:

TCP normalization, termination, and server reuse

IP normalization, fragmentation, and reassembly

DNS

Domain Name System (DNS) parameter maps configure DNS actions for DNS packet inspection.

Generic

Generic parameter maps combine related generic protocol actions for server load-balancing connections.

HTTP

HTTP parameter maps configure ACE behavior for HTTP load-balanced connections.

Optimization

Optimization parameter maps specify optimization-related commands that pertain to application acceleration and optimization functions performed by the ACE.

RTSP

RTSP parameter maps configure advanced RTSP behavior for server load-balancing connections.

SIP

Session Initiation Protocol (SIP) parameter maps configure SIP deep packet inspection on the ACE.

Skinny

Skinny Client Control Protocol (SCCP) parameter maps configure SCCP packet inspection on the ACE.



Note When you use the ACE CLI to configure named objects (such as a real server, virtual server, parameter map, class map, health probe, and so on), consider that the Device Manager (DM) supports object names with an alphanumeric string of 1 to 64 characters, which can include the following special characters: underscore (_), hyphen (-), dot (.), and asterisk (*). Spaces are not allowed.

If you use the ACE CLI to configure a named object with special characters that the DM does not support, you may not be able to configure the ACE using DM.


Related Topics

Configuring HTTP Parameter Maps

Configuring Connection Parameter Maps

Configuring Optimization Parameter Maps

Configuring Generic Parameter Maps

Configuring RTSP Parameter Maps

Configuring SIP Parameter Maps

Configuring Skinny Parameter Maps

Configuring DNS Parameter Maps

Configuring Traffic Policies

Configuring Parameter Maps

Configuring Virtual Contexts

Configuring HTTP Parameter Maps

Use this procedure to configure an HTTP parameter map for use with a Layer 3/Layer 4 policy map.

Procedure


Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > HTTP Parameter Maps. The HTTP Parameter Maps table appears.

Step 2 Click Add to add a new parameter map, or select an existing parameter map, then click Edit to modify it. The HTTP Parameter Maps configuration screen appears.

Step 3 In the Parameter Name field, enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.

Step 4 Enter the information in Table 8-2.

Table 8-2 HTTP Parameter Map Attributes 

Field
Description

Description

Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A-Z, a-z, 0-9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs.

Case-Insensitive

Check this check box to indicate that the ACE appliance is to be case insensitive. Clear this check box to indicate that the ACE appliance is to be case sensitive. This check box is cleared by default.

Header Modify Per-Request

Check the check box to require SSL information be inserted for every HTTP GET request. Current functionality only requires that the information be inserted at the first GET request.

Exceed Max. Parse Length

Indicate how the ACE appliance is to handle cookies, HTTP headers, and URLs that exceed the maximum parse length:

Continue—Indicates that the ACE appliance is to continue load balancing. When this option is selected, the HTTP Persistence Rebalance option is disabled if the total length of all cookies, HTTP headers, and URLs exceeds the maximum parse value.

Drop—Indicates that the ACE appliance is to stop load balancing and to discard the packet.

HTTP Persistence Rebalance

Check this check box to enabled persistence rebalance. Persistence is sometimes referred to as a connection keepalive.

With persistence rebalance enabled, when successive GET requests result in load balancing that chooses the same policy, the ACE sends the request to the real server used for the last GET request. This behavior prevents the ACE from load balancing every request and recreating the server-side connection on every GET request, producing less overhead and better performance.

Another effect of persistence rebalance is that header insertion and cookie insertion, if enabled, occur for every request instead of only the first request.

By default, persistence rebalance is enabled. Clear this check box to indicate that this option is disabled.

TCP Server Connection Reuse

Check this check box to indicate that the ACE appliance is to reduce the number of open connections on a server by allowing connections to persist and be reused by multiple client connections. If you enable this feature:

Ensure that the ACE appliance maximum segment size (MSS) is the same as the server maximum segment size.

Configure port address translation (PAT) on the interface that is connected to the real server.

Configure on the ACE appliance the same TCP options that exist on the TCP server.

Ensure that each server farm is homogeneous (all real servers within a server farm have identical configurations).

Clear this check box to disable this option.

Content Max. Parse Length (Bytes)

Enter the maximum number of bytes to parse in HTTP content. Valid entries are integers from 1 to 65535, with a default of 4096.

Header Max. Parse Length (Bytes)

Enter the maximum number of bytes to parse for the total length of cookies, HTTP headers, and URLs. Valid entries are integers from 1 to 65535 with a default of 4096.

Secondary Cookie Delimiters

Enter the ASCII-character delimiters to be used to separate cookies in a URL string. Valid entries are unquoted text strings with no spaces and a maximum of 4 characters. The default delimiters are /&#+.

MIME Type To Compress

In the field on the left, enter the Multipurpose Internet Mail Extension (MIME) type to compress, then click Add. The MIME type appears in the column on the right. To remove or change a MIME type, select it in the column on the right, then click Remove. The selected MIME type appears in the field on the left where you can modify or delete it.

To specify the sequence in which compression is to be applied, select MIME types in the column on the right, then click Up or Down to arrange the MIME types.

Supported MIME Types lists the supported MIME types. You can use an asterisk (*) to indicate a wildcard, such as text/*, which would include all text MIME types (text/html, text/plain, and so on).

User Agent Not To Compress

A user agent is a client that initiates a request. Examples of user agents include browsers, editors, and other end-user tools. When you specify a user agent string in this field, the ACE appliance does not compress the response to a request when the request contains the matching user agent string.

In the field on the left, enter the user agent string to be matched, then click Add. The string appears in the column on the right. To remove or change a user agent string, select it in the column on the right, then click Remove. The selected string appears in the field on the left where you can modify or delete it.

To specify the sequence in which strings are to be matched, select strings in the column on the right, then click Up or Down to arrange the strings in the desired sequence.

Valid entries are 64 characters.

Min. Size To Compress (Bytes)

Enter the threshold at which compression is to occur. The ACE appliance compresses files that are the minimum size or larger. Valid entries are integers from 1 to 4096 bytes.


Step 5 Click:

Deploy Now to deploy this configuration on the ACE appliance.

Cancel to exit this procedure without accepting your entries and to return to the Parameter Maps table.

Next to accept your entries and to add another parameter map.


Related Topics

Configuring Parameter Maps

Configuring Traffic Policies

Configuring Optimization Parameter Maps

Configuring Traffic Policies

Configuring Virtual Contexts

Configuring Connection Parameter Maps

Connection parameter maps combine all IP and TCP connection-related behaviors pertaining to:

TCP normalization, termination, and server reuse

IP normalization, fragmentation, and reassembly

Use this procedure to configure a Connection parameter map for use with a Layer 3/Layer 4 policy map.

Procedure


Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > Connection Parameter Maps. The Connection Parameter Maps table appears.

Step 2 Click Add to add a new parameter map, or select an existing parameter map, then click Edit to modify it. The Connection Parameter Maps configuration screen appears.

Step 3 In the Parameter Name field, enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.

Step 4 Enter the information in Table 8-3. Click More Settings to access the additional Connection Parameter Map configuration attributes. By default, ACE appliance Device Manager hides the default Connection Parameter Map configuration attributes and the attributes which are not commonly used.

Table 8-3 Connection Parameter Map Attributes 

Field
Description

Parameter Name

Enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.

Description

Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A-Z, a-z, 0-9). Spaces and special characters are allowed. Enter double quotes as matching pairs.

Inactivity Timeout (Seconds)

Enter the number of seconds that the ACE is to wait before disconnecting idle connections. Valid entries are integers from 0 to 3217203. A value of 0 indicates that ACE is never to time out a TCP connection.

More Settings

Exceeds MSS

Indicate how the ACE is to handle segments that exceed the maximum segment size (MSS):

Allow—The ACE is to permit segments that exceed the configured MSS.

Drop—The ACE is to discard segments that exceed the configured MSS.

Max. Connection Limit

Enter the maximum number of concurrent connections to allow for the parameter map. Valid entries are integers from 0 to4000000.

Nagle

The Nagle algorithm instructs a sender to buffer any data to be sent until all outstanding data has been acknowledged or until there is a full segment of data to send. Enabling the Nagle algorithm increases throughput, but it can increase latency in your TCP connection.

Check the check box to enable the Nagle algorithm. Clear the check box to disable the Nagle algorithm.

Note Disable the Nagle algorithm when you observe unacceptable delays in TCP connections.

Random Sequence Number

Randomizing TCP sequence numbers adds a measure of security to TCP connections by making it more difficult for a hacker to guess or predict the next sequence number in a TCP connection.

Check the check box to enable the use of random TCP sequence numbers. Clear the check box to disable the use of random TCP sequence numbers.

This option is enabled by default.

Bandwidth Rate Limit

Enter the bandwidth-rate limit in bytes per second for the parameter map. Valid entries are integers from 0 to 300000000 bytes.

Connection Rate Limit

Enter the connection-rate limit in connections per second. Valid entries are integers from 0 to350000.

Reserved Bits

Indicate how the ACE is to handle segments with the reserved bits set in the TCP header:

Allow—Segments with the reserved bits are to be permitted.

Drop—Segments with the reserved bits are to be discarded.

Clear—Reserved bits in TCP headers are to be cleared and segments are to be allowed.

Type-of-Service IP Header

The type of service for an IP packet determines how the network handles the packet and balances its precedence, throughput, delay, reliability, and cost.

Enter the type-of-service value to be applied to IP packets. Valid entries are integers from 0 to 255.

For more information about type of service, refer to RFCs 791, 1122, 1349, and 3168.

ACK Delay Time (Milliseconds)

Enter the number of milliseconds that the ACE is to wait before sending an acknowledgement from a client to a server. Valid entries are integers from 0 to 400.

TCP Buffer Share (Bytes)

To improve throughput and overall performance, the ACE buffers the number of bytes you specify before processing received data or transmitting data. Use this option to increase the default buffer size and thereby realize improved network performance.

Enter the maximum size of the TCP buffer in bytes. Valid entries are integers from 8192 to 262143 bytes. Default is 32768.

Note If you enter a value in this field for an ACE device that does not support this option, an error message appears. Leave this field blank when creating or modifying a connection parameter map for devices that do not support this option.

Smallest TCP MSS (Bytes)

Enter the size of the smallest segment of TCP data that the ACE is to accept. Valid entries are integers from 0 to 65535 bytes. The value 0 indicates that the ACE is not to set a minimum limit.

Largest TCP MSS (Bytes)

Enter the size of the largest segment of TCP data that the ACE is to accept. Valid entries are integers from 0 to 65535 bytes. The value 0 indicates that the ACE is not to set a maximum limit.

SYN Retries

Enter the number of attempts that the ACE is to make to transmit a TCP segment when initiating a Layer 7 connection. Valid entries are integers from 1 to 15 with a default of 4.

TCP WAN Optimization RTT

This option specifies how the ACE is to apply TCP optimizations to packets on a connection associated with a Layer 7 policy map using a round-trip time (RTT) value:

An entry of 0 (zero) indicates that the ACE is to apply TCP optimizations to packets for the life of a connection.

An entry of 65535 (the default) indicates that the ACE is to perform normal operations (that is, without optimizations) for the life of a connection.

Entries from 1 to 65534 indicate that the ACE is to use the following guidelines:

If the actual client RTT is less than the configured RTT, the ACE performs normal operations for the life of the connection.

If the actual client RTT is greater than or equal to the configured RTT, the ACE performs TCP optimizations on the packets for the life of a connection.

Valid entries are integers from 0 to 65535.

Timeout For Embryonic Connections (Seconds)

An embryonic connection is a TCP three-way handshake for a connection that does not complete for some reason.

Enter the number of seconds that the ACE is to wait before timing out an embryonic connection. Valid entries are integers from 0 to 4294967295 with a default of 5. A value of 0 indicates that the ACE is never to time out an embryonic connection.

Half Closed Timeout (Seconds)

A half-closed connection is one in which the client or server sends a FIN and the server or client acknowledges the FIN without sending a FIN itself.

Enter the number of seconds the ACE is to wait before closing a half-closed connection. Valid entries are integers from 0 to 4294967295 with a default of 3600 (1 hour). A value of 0 indicates that the ACE is never to time out a half-closed connection.

Slow Start Algorithm

When enabled, the slow start algorithm increases TCP window size as ACK handshakes arrive so that new segments are injected into the network at the rate at which acknowledgements are returned by the host at the other end of the connection.

Check this check box to enable the slow start algorithm, and clear this check box to disable the slow start algorithm. This option is disabled by default.

SYN Segments With Data

Indicate how the ACE is to handle TCP SYN segments that contain data:

Allow—The ACE is to permit SYN segments that contain data and mark them for processing.

Drop—The ACE is to discard SYN segments that contain data.

Urgent Pointer Policy

Urgent data, as indicated by a control bit in the TCP header, indicates that urgent data is to be processed as soon as possible, even before normal data.

Indicate how the ACE is to handle urgent data as identified by the Urgent data control bit:

Allow—The ACE is to permit the status of the Urgent control bit.

Clear—The ACE is to set the Urgent control bit to 0 (zero) and thereby invalidate the Urgent Pointer which provides segment information.

TCP Window Scale Factor

The TCP window scaling extension expands the definition of the TCP window to 32 bits and uses a scale factor to carry the 32-bit value in the 16-bit window of the TCP header. Increasing the window size improves TCP performance in network paths with large bandwidth, long-delay characteristics.

Enter the window scale factor in this field. Valid entries are integers from 0 to 14 (the maximum scale factor).

For more information on TCP window scaling, refer to RFC 1323.

Action For TCP Options Range

Indicate how the ACE is to handle the TCP options:

Selective ACK

Timestamps

Action For TCP Window Scale Factor

by selecting one of the options:

N/A—This option is not set.

Allow—The ACE is to allow any segment with the specified option set.

Drop—The ACE is to discard any segment with the specified option set.

Lower TCP Options

Appears if you select Allow or Drop for the Action For TCP Options Range.

Enter the lower limit of the TCP option range. Valid entries are 6, 7, or an integer from 9 to 255. See Table 8-4 for information on TCP options.

Upper TCP Options

Appears if you select Allow or Drop for the Action For TCP Options Range.

Enter the upper limit of the TCP option range. Valid entries are 6, 7, or an integer from 9 to 255. See Table 8-4 for information on TCP options.

Selective ACK

Indicate how the ACE is to handle the selective ACK option that is specified in SYN segments:

Allow—The ACE is to allow any segment with the specified option set.

Clear—The ACE is to clear the specified option from any segment that has it set and allow the segment.

Timestamps

Indicate how the ACE is to handle the timestamp option that is specified in SYN segments:

Allow—The ACE is to allow any segment with the specified option set.

Clear—The ACE is to clear the specified option from any segment that has it set and allow the segment.

Action For TCP Window Scale Factor

Indicate how the ACE is to handle the TCP window scale factor option that is specified in SYN segments:

Allow—The ACE is to allow any segment with the specified option set.

Clear—The ACE is to clear the specified option from any segment that has it set and allow the segment.

Drop—The ACE is to discard any segment with the specified option set.


Table 8-4 TCP Options for Connection Parameter Maps1  

Kind
Length
Meaning

6

6

Echo (obsoleted by option 8)

7

6

Echo Reply (obsoleted by option 8)

9

2

Partial Order Connection Permitted

10

3

Partial Order Service Profile

11

 

CC

12

 

CC.NEW

13

 

CC.ECHO

14

3

TCP Alternate Checksum Request

15

N

TCP Alternate Checksum Data

16

 

Skeeter

17

 

Bubba

18

3

Trailer Checksum Option

19

18

MD5 Signature Option

20

 

SCPS Capabilities

21

 

Selective Negative Acknowledgements (SNACK)

22

 

Record Boundaries

23

 

Corruption Experienced

24

 

SNAP

25

 

Unassigned (released 12/18/2000)

26

 

TCP Compression Filter

1 For more information on TCP options, refer to the Security Guide, Cisco ACE Application Control Engine.


Step 5 Click:

Deploy Now to deploy this configuration on the ACE appliance.

Cancel to exit this procedure without accepting your entries and to return to the Parameter Maps table.

Next to accept your entries and to add another parameter map.


Related Topics

Configuring Parameter Maps

Configuring Traffic Policies

Configuring Virtual Contexts

Configuring Optimization Parameter Maps

Use this procedure to configure an Optimization parameter map for use with a Layer 3/Layer 4 policy map.

Refer to Configuring Application Acceleration and Optimization or the Application Acceleration and Optimization Guide, Cisco ACE 4700 Series Application Control Engine Appliance for more information about application acceleration and optimization.

Procedure


Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > Optimization Parameter Maps. The Optimization Parameter Maps table appears.

Step 2 Click Add to add a new parameter map, or select an existing parameter map, then click Edit to modify it. The Optimization Parameter Maps configuration screen appears.

Step 3 In the Parameter Name field, enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.

Step 4 Configure the Optimization parameter map using the information in Table 8-5.

Table 8-5 Optimization Parameter Map Attributes 

Field
Description

Description

Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A-Z, a-z, 0-9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs.

Set Browser Freshness Period

Select the method that the ACE is to use to determine the freshness of objects in the client's browser:

N/A—This option is not configured.

Disable Browser Object Freshness Control—Browser freshness control is not to be used

Set Freshness Similar To Flash Forward Objects—The ACE is to set freshness similar to that used for FlashForwarded objects and to use the values specified in the Maximum Time for Cache Time-To-Live and Minimum Time for Cache Time-To-Live fields.

Duration For Browser Freshness (Seconds)

This field appears if the Set Browser Freshness Period option is not configured.

Enter the number of seconds that objects in the client's browser are considered fresh. Valid entries are 0 to 2147483647 seconds.

Response Codes To Ignore (Comma Separated)

Enter a comma-separated list of HTTP response codes for which the response body must not be read. For example, an entry of 302 indicates that the ACE is to ignore the response body of a 302 (redirect) response from the origin server. Valid entries are unquoted text strings with a maximum of 64 alphanumeric characters and integers from 100 to 599, inclusive.

Appscope Optimize Rate (%)

Enter the percentage of all requests or sessions to be sampled for performance with acceleration (or optimization) applied. All applicable optimizations for the class will be performed. Valid entries are from 0 to 100 percent, with a default of 10 percent. The sum of this value and the value entered in the Passthru Rate Percent field must not exceed 100.

Appscope Passthrough Rate (%)

Enter the percentage of all requests or sessions to be sampled for performance without optimization. No optimizations for the class will be performed. Valid entries are from 0 to 100, with a default of 10 percent. The sum of this value and the value entered in the Optimize Rate Percent field must not exceed 100.

Max. Number for Parameter Summary Log (Bytes)

Enter the maximum number of bytes that are to be logged for each parameter value in the parameter summary of a transaction log entry in the statistics log. If a parameter value exceeds this limit, it is truncated at the specified limit. Valid entries are 0 to 10,000 bytes.

Max. For Post Data to Scan for Logging (KBytes)

Enter the maximum number of kilobytes of POST data the ACE is to scan for parameters for the purpose of logging transaction parameters in the statistics log.

Valid entries are 0 to 1000 KB.

String For Grouping Requests

Enter the string the ACE is to use to sort requests for AppScope reporting. The string can contain a URL regular expression that defines a set of URLs in which URLs that differ only by their query parameters are to be treated as separate URLs in AppScope reports.

For example, to define a string that is used to identify the URLs http://server/catalog.asp?region=asia and http://server/catalog.asp?region=america as two separate reporting categories, you would enter http_query_param(region).

Valid entries contain 1 to 255 characters and can contain the parameter expander functions listed in Table 8-6.

Base File Anonymous Level

Information that is common to a large set of users is generally not confidential or user-specific. Conversely, information that is unique to a specific user or a small set of users is generally confidential or user-specific. The anonymous base file feature enables the ACE to create and deliver condensed base files that contain only information that is common to a large set of users. No information unique to a particular user, or across a very small subset of users, is included in anonymous base files.

Enter the value for base file anonymity for the all-user condensation method. Valid entries are integers from 0 to 50; the default value of 0 disables the base file anonymity feature.

Cache-Key Modifier Expression

A cache object key is a unique identifier that is used to identify a cached object to be served to a client, replacing a trip to the origin server. The cache key modifier feature allows you to modify the canonical form of a URL; that is, the portion before "?" in a URL. For example, the canonical URL of "http://www.xyz.com/somepage.asp?action=browse&level=2" is "http://www.xyz.com/somepage.asp".

Enter a regular expression containing embedded variables as described in Table 8-6. The ACE transforms URLs specified in class maps for this virtual server with the expression and variable entered here.

Valid entries are unquoted text strings with no spaces and a maximum of 255 alphanumeric characters. If the string includes spaces, enclose the string with quotation marks (").

Min. Time For Cache Time-To-Live (Seconds)

Enter the minimum number of seconds that an object without an explicit expiration time should be considered fresh in the ACE cache. This value specifies the minimum time that content can be cached. If the ACE is configured for FlashForward optimization, this value should normally be 0. If the ACE is configured for dynamic caching, this value should indicate how long the ACE should cache the page. (See Table 5-16 for information about these configuration options.)

Valid entries are 0 to 2147483647 seconds.

Max. Time For Cache Time-To-Live (Seconds)

Enter the maximum number of seconds that an object without an explicit expiration time should be considered fresh in the ACE cache. Valid entries are 0 to 2147483647 seconds.

Cache Time-To-Live Duration (%)

Enter the percent of an object's age at which an embedded object without an explicit expiration time is considered fresh.

Valid entries are 0 to 100 percent.

Expression To Modify Cache Key Query Parameter

The cache parameter feature allows you to modify the query parameter of a URL; that is, the portion after "?" in a URL. For example, the query parameter portion of "http://www.xyz.com/somepage.asp?action=browse&level=2" is "action=browse&level=2".

Enter a regular expression containing embedded variables as described in Table 8-6. The ACE transforms URLs specified in class maps for this virtual server with the expression and variable entered here. If no string is specified, the query parameter portion of the URL is used as the default value for this portion of the cache key.

Valid entries are unquoted text strings with no spaces and a maximum of 255 alphanumeric characters.

Canonical URL Expressions (Comma Separated)

The ACE uses the canonical URL feature to eliminate the "?" and any characters that follow to identify the general part of the URL. This general URL is then used to create the base file. In this way, the ACE maps multiple URLs to a single canonical URL.

Enter a comma-separated list of parameter expander functions as defined in Table 8-6 to identify the URLs to associate with this parameter map.

Valid entries are unquoted text strings with a maximum of 255 alphanumeric characters.

Enable Cacheable Content Optimization

This feature allows the ACE to detect content that can be cached and perform delta optimization on it.

Check the check box to enable delta optimization of content that can be cached. Clear the check box to disable this feature.

Enable Delta Optimization On First Visit To Web Page

Check the check box to enable condensation on the first visit to a Web page. Clear the check box to disable this feature.

Min. Page Size For Delta Optimization (Bytes)

Enter the minimum page size, in bytes, that can be condensed. Valid entries are integers from 1 to 250000 bytes.

Max. Page Size For Delta Optimization (Bytes)

Enter the maximum page size, in bytes, that can be condensed. Valid entries are integers from 1 to 250000 bytes.

Set Default Client Script

Indicate the scripting language that the ACE is to recognize on condensed content pages:

N/A—This option is not configured.

Javascript—The default scripting language is JavaScript.

Visual Basic Script—The default scripting language is Visual Basic.

Exclude Iframes From Delta Optimization

Check the check box to indicate that delta optimization is not to be applied to IFrames (inline frames). Clear the check box to indicate that delta optimization is to be applied to IFrames.

Exclude Non-ASCII Data From Delta Optimization

Check the check box to indicate that delta optimization is not to be applied to non-ASCII data. Clear the check box to indicate that delta optimization is to be applied to non-ASCII data.

Exclude JavaScripts From Delta Optimization

Check the check box to indicate that delta optimization is not to be applied to JavaScript. Clear the check box to indicate that delta optimization is to be applied to JavaScript.

MIME Types To Exclude From Delta Optimization

1. In the first field, enter a comma-separated list of the MIME (Multipurpose Internet Mail Extension) type messages that are not to have delta optimization applied, such as image/Jpeg, text/html, application/msword, or audio/mpeg. See Supported MIME Types for a list of supported MIME types.

2. Click Add to add the entry to the list box on the right. You can position the entries in the list box by using the Up and Down buttons.

Remove HTML META Elements From Documents

Check the check box to indicate that HTML META elements are to be removed from documents to prevent them from being condensed. Clear the check box to indicate that HTML META elements are not to be removed from documents.

Set Flash Forward Refresh Policy

Select the method the ACE is to use to refresh stale embedded objects:

N/A—This option is not configured.

Allow Flash Forward To Indirect Refresh Of Objects—The ACE is to use FlashForward to indirectly refresh embedded objects.

Bypass Flash Forward To Direct Refresh Of Objects—The ACE is to bypass FlashForward for stale embedded objects so that they are refreshed directly.

Rebase Delta Optimization Threshold (%)

Enter the delta threshold, expressed as a percent, when rebasing is to be triggered. This entry represents the size of a page delta relative to total page size, expressed as a percent. This entry triggers rebasing when the delta response size exceeds the threshold as a percentage of base file size.

Valid entries are 0 to 10000 percent.

Rebase Flash Forward Threshold (%)

Enter the threshold, expressed as a percent, when rebasing is to be triggered based on the percent of FlashForwarded URLs in the response. This entry triggers rebasing when the difference between the percentages of FlashForwarded URLs in the delta response and the base file exceeds the threshold.

Valid entries are 0 to 10000 percent.

Rebase History Size (Pages)

Enter the number of pages to be stored before the ACE resets all rebase control parameters to zero and starts over. This option prevents the base file from becoming too rigid.

Valid entries are 10 to 2147483647.

Rebase Modify Cool-Off Period (Seconds)

Enter the number of seconds after the last modification before performing a rebase.

Valid entries are 1 to 14400 seconds (4 hours).

Rebase Reset Period (Seconds)

Enter the period of time, in seconds, for performing a meta data refresh.

Valid entries are 1 to 900 seconds (15 minutes).

Override Client Request Headers

Indicate how the ACE is to handle client request headers (primarily for embedded objects):

N/A—This feature is not enabled.

All Cache Request Headers Are Ignored—The ACE is to ignore all cache request headers.

Overrides The Cache Control: No Cache HTTP Header From A Request—The ACE is to ignore cache control request headers that state no cache.

Override Server Response Headers

Indicate how the ACE is to handle origin server response headers (primarily for embedded objects):

N/A—This feature is not enabled.

All Cache Request Headers Are Ignored—The ACE is to ignore all response headers.

Overrides The Cache Control: Private HTTP Header From A Response—The ACE is to ignore cache control response headers that state private.

UTF-8 Character Set Threshold

The UTF-8 (8-bit Unicode Transformation Format) character set is an international standard that allows Web pages to display non-ASCII or non-English multibyte characters. It can represent any universal character in the Unicode standard and is backwards compatible with ASCII.

Enter the number of UTF-8 characters that need to appear on a page to constitute a UTF-8 character set page. Valid entries are integers from 1 to 1,000,000.

Server Load Threshold Trigger (%)

The server load threshold trigger indicates that the time-to-live (TTL) period for cached objects is to be based dynamically on server load. With this method, TTL periods increase if the current response time from the origin sever is greater than the average response time and decrease if the current response time from the origin server is less than the average response time when the difference in response times exceeds a specified threshold amount.

Enter the threshold, expressed as a percent, at which the TTL for cached objects is to be changed.

Valid entries are from 0 to 100 percent.

Server Load Time-To-Live Change (%)

This option specifies the percentage by which the cache TTL is increased or decreased in response to a change in server load. For example, if this value is set to 20 and the current TTL for a response is 300 seconds. and if the current server response times exceeds the trigger threshold, the cache TTL for the response is raised to 360 seconds.

Enter the percent by which the cache TTL is to be increased or decreased when the server load threshold trigger is met.

Valid entries are from 0 to 100 percent.

Delta Optimization Mode

Select the method by which delta optimization is to be implemented:

N/A—This option is not configured.

Enable The All-User Mode For Delta Optimization—The ACE is to generate the delta against a single base file that is shared by all users of the URL. This option is usable in most cases if the structure of a page is common across all users, and the disk space overhead is minimal.

Enable The Per-User Mode For Delta Optimization—The ACE is to generate the delta against a base file that is created specifically for that user. This option is useful when page contents, including layout elements, are different for each user, and delivers the highest level of condensation. However, this increases disk space requirements because a copy of the base page that is delivered to each user is cached. This option is useful when privacy is required because base pages are not shared among users.

String To Be Used For Server HTTP Header

Use this option to define a string that is to be sent in the server header for an HTTP response. This option provides you with a method for uniquely tagging the context or URL match statement by setting the server header value to a particular string. The server header string can be used when a particular URL is not being transmitted to the correct target context or match statement.

Enter the string that is to appear in the server header. Valid entries are quoted text strings with a maximum of 64 alphanumeric characters.


Table 8-6 lists the parameter expander functions that you can use.

Table 8-6 Parameter Expander Functions 

Variable
Description

$(number)

Expands to the corresponding matching subexpression (by number) in the URL pattern. Subexpressions are marked in a URL pattern using parentheses (). The numbering of the subexpressions begins with 1 and is the number of the left-parenthesis "(" counting from the left. You can specify any positive integer for the number. $(0) matches the entire URL. For example, if the URL pattern is ((http://server/.*)/(.*)/)a.jsp, and the URL that matches it is http://server/main/sub/a.jsp?category=shoes&session=99999, then the following are correct:

$(0) = http://server/main/sub/a.jsp

$(1) = http://server/main/sub/

$(2) = http://server/main

$(3) = sub

If the specified subexpression does not exist in the URL pattern, then the variable expands to the empty string.

$http_query_string()

Expands to the value of the whole query string in the URL. For example, if the URL is http://myhost/dothis?param1=value1&param2=value2, then the following is correct:

$http_query_string() = param1=value1&param2=value2

This function applies to both GET and POST requests.

$http_query_param(query-param-name)

 
        

The obsolete syntax is also supported:

$param(query-param-name)

Expands to the value of the named query parameter (case-sensitive).

For example, if the URL is http://server/main/sub/a.jsp?category=shoes&session=99999, then the following are correct:

$http_query_param(category) = shoes

$http_query_param(session) = 99999

If the specified parameter does not exist in the query, then the variable expands to the empty string. This function applies to both GET and POST requests.

$http_cookie(cookie-name)

Evaluates to the value of the named cookie. For example, $http_cookie(cookiexyz). The cookie name is case-sensitive.

$http_header(request-header-name)

Evaluates to the value of the specified HTTP request header. In the case of multivalued headers, it is the single representation as specified in the HTTP specification. For example, $http_header(user-agent). The HTTP header name is not case-sensitive.

$http_method()

Evaluates to the HTTP method used for the request, such as GET or POST.

Boolean Functions:

$http_query_param_present(query-param-name)

$http_query_param_notpresent(query-param-name)

$http_cookie_present(cookie-name)

$http_cookie_notpresent(cookie-name)

$http_header_present(request-header-name)

$http_header_notpresent(request-header-name)

$http_method_present(method-name)

$http_method_notpresent(method-name)

Evaluates to a Boolean value: True or False, depending on the presence or absence of the element in the request. The elements are a specific query parameter (query-param-name), a specific cookie (cookie-name), a specific request header (request-header-name), or a specific HTTP method (method-name). All identifiers are case-sensitive except for the HTTP request header name.

$regex_match(param1, param2)

Evaluates to a Boolean value: True if the two parameters match and False if they do not match. The two parameters can be any two expressions, including regular expressions, that evaluate to two strings. For example, this function:

$regex_match($http_query_param(URL), .*Store\.asp.*)
 
        

compares the query URL with the regular expression string .*Store\.asp.*

If the URL matches this regular expression, this function evaluates to True.


Step 5 Click:

Deploy Now to save your entries. The ACE appliance validates the parameter map configuration and deploys it.

Cancel to exit this procedure without accepting your entries and to return to the Parameter Maps table.

Next to accept your entries and to add another parameter map.


Related Topics

Configuring Parameter Maps

Configuring Traffic Policies

Configuring Virtual Contexts

Configuring Generic Parameter Maps

Generic parameter maps allow you to specify nonprotocol-specific behavior for data parsing. Generic parameter maps examine the payload and make decisions regardless of the protocol.

Use this procedure to configure a generic parameter map.

Procedure


Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > Generic Parameter Maps. The Generic Parameter Maps table appears.

Step 2 Click Add to add a new parameter map, or select an existing parameter map, then click Edit to modify it. The Generic Parameter Maps configuration screen appears.

Step 3 Configure the parameter map using the information in Table 8-7.

Table 8-7 Generic Parameter Map Attributes 

Field
Description

Parameter Name

Enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.

Description

Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A-Z, a-z, 0-9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs.

Case-Insensitive

Check this check box to indicate that the ACE is to be case insensitive for this parameter map. Clear this check box to indicate that the ACE is to be case sensitive for this parameter map.

Max. Parse Length (Bytes)

Enter the number of bytes to parse for the total length of all generic headers. Valid entries are integers from 1 to 65535 with a default of 2048 bytes.


Step 4 Click:

Deploy Now to deploy this configuration.

Cancel to exit this procedure without saving your entries and to return to the Generic Parameter Maps table.

Next to deploy your entries and to configure another generic parameter map.


Related Topics

Configuring Parameter Maps

Configuring Traffic Policies

Configuring Virtual Contexts

Configuring RTSP Parameter Maps

RTSP parameter maps allow you to configure advanced RTSP behavior for server load-balancing connections.

Use this procedure to configure an RTSP parameter map.

Procedure


Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > RTSP Parameter Maps. The RTSP Parameter Maps table appears.

Step 2 Click Add to add a new parameter map, or select an existing parameter map, then click Edit to modify it. The RTSP Parameter Maps configuration screen appears.

Step 3 Configure the parameter map using the information in Table 8-8.

Table 8-8 RTSP Parameter Map Attributes 

Field
Description

Parameter Name

Enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.

Description

Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A-Z, a-z, 0-9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs.

Case-Insensitive

Check this check box to indicate that the ACE is to be case insensitive. Clear this check box to indicate that the ACE is to be case sensitive.

Header Max. Parse Length (Bytes)

Enter the number of bytes to parse for the total length of RTSP headers. Valid entries are integers from 1 to 65535 with a default of 2048 bytes.


Step 4 Click:

Deploy Now to deploy this configuration.

Cancel to exit this procedure without saving your entries and to return to the RTSP Parameter Maps table.

Next to deploy your entries and to configure another RTSP parameter map.


Related Topics

Configuring Parameter Maps

Configuring Traffic Policies

Configuring Virtual Contexts

Configuring SIP Parameter Maps

SIP parameter maps allow you to configure SIP deep-packet inspection policy maps on the ACE.

Use this procedure to configure a SIP parameter map.

Procedure


Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > SIP Parameter Maps. The SIP Parameter Maps table appears.

Step 2 Click Add to add a new parameter map, or select an existing parameter map, then click Edit to modify it. The SIP Parameter Maps configuration screen appears.

Step 3 Configure the parameter map using the information in Table 8-9.

Table 8-9 SIP Parameter Map Attributes 

Field
Description

Parameter Name

Enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.

Description

Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A-Z, a-z, 0-9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs.

Instant Messaging

Check the check box to enable instant messaging (IM) over SIP after it has been disabled.

Clear this check box to disable this feature.

Logging All

Check the check box to enable the logging of all received and transmitted packets in the system log (syslog). By default, the ACE disables the logging of these packets, however allows the logging of dropped SIP packets in the syslog.

The ACE allows all headers sent in the SIP packet, including proprietary headers. In the event of a failover for SIP sessions over UDP, the ACE continues to process SIP packets for established SIP sessions.

Clear this check box to disable this feature.

Max. Forward Validation

This option allows you to configure the ACE to validate the value of the Max-Forward header field.

Specify how the ACE is to handle the validation of Max-Forward header fields:

N/A—The ACE is not to validate Max-Forward header fields.

Drop—The ACE is to drop the SIP message if it does not pass Max-Forward header validation.

Reset—The ACE is to reset the SIP connection if it does not pass Max-Forward header validation.

Log Max. Forward Validation Event

Check the check box to indicate that the ACE is to log Max-Forward validation events.

Clear the check box to disable this feature.

Mask UA Software Version

If the software version of a user agent is exposed, that user agent might be vulnerable to attacks from hackers who exploit the security holes present in that particular software version. This option allows you to mask or log the user agent software version so that it is not exposed.

Check the check box to indicate that the ACE is to mask the user agent software version.

Clear the check box to disable this feature.

Log UA Software Version

Check the check box to indicate that the ACE is to log the user agent software version.

Clear the check box to disable this feature.

Strict Header Validation

You can ensure the validity of SIP packet headers by configuring the ACE to check for the presence of the following mandatory SIP header fields:

From

To

Call-ID

CSeq

Via

Max-Forwards

If one of the header fields is missing in a SIP packet, the ACE considers that packet invalid. The ACE also checks for forbidden header fields, according to RFC 3261.

Specify how the ACE is to handle header validation.

N/A—The ACE is not to perform header validation.

Drop—The ACE is to drop the SIP message if the SIP packet does not pass header validation.

Reset—The ACE is to reset the connection if the SIP packet does not pass header validation.

Log Strict Header Validation

Check the check box to indicate that the ACE is to log header validation events.

Clear the check box to disable this feature.

Mask Non SIP URI

This option and the next enable the detection of non-SIP URIs in SIP messages.

Check the check box to indicate that the ACE is to mask non-SIP URIs in SIP messages.

Clear the check box to disable this feature.

Log Non SIP URI

Check the check box to indicate that the ACE is to log non-SIP URIs in SIP messages.

Clear the check box to disable this feature.

SIP Media Pinhole Timeout (Seconds)

Specify the timeout period for SIP media pinhole (secure port) connections in seconds. Valid entries are integers from 1 to 65535 seconds. The default is 5 seconds.


Step 4 Click:

Deploy Now to deploy this configuration.

Cancel to exit this procedure without saving your entries and to return to the SIP Parameter Maps table.

Next to deploy your entries and to configure another SIP parameter map.


Related Topics

Configuring Parameter Maps

Configuring Traffic Policies

Configuring Virtual Contexts

Configuring Skinny Parameter Maps

Skinny Client Control Protocol (SCCP or Skinny) parameter maps allow you to configure SCCP packet inspection on the ACE.

Use this procedure to configure a Skinny parameter map.

Procedure


Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > Skinny Parameter Maps. The Skinny Parameter Maps table appears.

Step 2 Click Add to add a new parameter map, or select an existing parameter map, then click Edit to modify it. The Skinny Parameter Maps configuration screen appears.

Step 3 Configure the parameter map using the information in Table 8-10.

Table 8-10 Skinny Parameter Map Attributes 

Field
Description

Parameter Name

Enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.

Description

Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A-Z, a-z, 0-9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs.

Enforce Registration

You can configure the ACE to allow only registered Skinny clients to make calls. To accomplish this task, the ACE maintains the state of each Skinny client. After a client registers with CCM, the ACE opens a secure port (pinhole) to allow that client to make a call.

Check the check box to enable Skinny registration enforcement.

Clear the check box to disable this feature.

Message Id Max.

Enter the largest value for the station message ID in hexadecimal that the ACE is to accept. Valid entries are hexadecimal values from 0x0 to 0x4000. The default value is 0x181.

Note The Message Id Max. hexadecimal value should always start with 0x or 0X.

If a packet arrives with a station message ID greater than the specified value, the ACE drops the packet and generates a syslog message.

Min. SCCP Prefix Length (Bytes)

By default, the ACE drops SCCP messages that have an SCCP Prefix length that is less than the message ID. The ACE drops Skinny message packets that fail this check and generates a syslog message.

Enter the minimum SCCP prefix length in bytes. Valid entries are integers from 4 to 4000 bytes.

Max. SCCP Prefix Length (Bytes)

This feature allows you to configure the ACE so that it checks the maximum SCCP prefix length. The ACE drops Skinny message packets that fail this check and generates a syslog message.

Enter the maximum SCCP prefix length in bytes. Valid entries are integers from 4 to 4000 bytes.


Step 4 Click:

Deploy Now to deploy this configuration.

Cancel to exit this procedure without saving your entries and to return to the Skinny Parameter Maps table.

Next to deploy your entries and to configure another Skinny parameter map.


Related Topics

Configuring Parameter Maps

Configuring Traffic Policies

Configuring Virtual Contexts

Configuring DNS Parameter Maps

Domain Name System (DNS) parameter maps allow you to configure DNS actions for DNS packet inspection.

Use this procedure to configure a DNS parameter map.

Procedure


Step 1 Select Config > Virtual Contexts > context > Load Balancing > Parameter Maps > DNS Parameter Maps. The DNS Parameter Maps table appears.

Step 2 Click Add to add a new parameter map, or select an existing parameter map, then click Edit to modify it. The DNS Parameter Maps configuration screen appears.

Step 3 Configure the parameter map using the information in Table 8-11.

Table 8-11 DNS Parameter Map Attributes 

Field
Description

Parameter Name

Enter a unique name for the parameter map. Valid entries are unquoted text strings with no spaces and a maximum of 64 alphanumeric characters.

Description

Brief description of the parameter map. Enter a text string with a maximum of 240 alphanumeric characters (A-Z, a-z, 0-9). Spaces and special characters are allowed. Double quotes must be entered as matching pairs.

Timeout (Seconds)

Configure the ACE to time out DNS queries that have no matching server response. Specify the length of time in seconds that the ACE keeps the query entries without answers in the hash table before timing them out. Enter an integer from 2 to 120 seconds. The default is 10 seconds.


Step 4 Click:

Deploy Now to deploy this configuration.

Cancel to exit this procedure without saving your entries and to return to the DNS Parameter Maps table.

Next to deploy your entries and to configure another DNS parameter map.


Related Topics

Configuring Parameter Maps

Configuring Traffic Policies

Configuring Virtual Contexts

Supported MIME Types

The ACE appliance supports following MIME types:

application/msexcel

application/mspowerpoint

application/msword

application/octet-stream

application/pdf

application/postscript

application/\x-gzip

application/\x-java-archive

application/\x-java-vm

application/\x-messenger

application/\zip

audio/*

audio/basic

audio/midi

audio/mpeg

audio/x-adpcm

audio/x-aiff

audio/x-ogg

audio/x-wav

image/*

image/gif

image/jpeg

image/png

image/tiff

image/x-3ds

image/x-bitmap

image/x-niff

image/x-portable-bitmap

image/x-portable-greymap

image/x-xpm

text/*

text/css

text/html

text/plain

text/richtext

text/sgml

text/xmcd

text/xml

video/*

video/flc

video/mpeg

video/quicktime

video/sgi

video/x-fli

Viewing All Parameter Maps by Context

Use this procedure to view all parameter maps associated with a virtual context.

Procedure


Step 1 Select Config > Virtual Contexts. The All Virtual Contexts table appears.

Step 2 Select the virtual context with the parameter maps you want to view, then select Load Balancing > Parameter Maps. The Parameter Maps table appears listing each parameter map and its type.


Related Topics

Configuring Parameter Maps