PolicyLbVirtualServer handling connections over HTTP or HTTPS
Virtual server acts as a facade to an application, receives all client
connections over a specified protocol and distributes them among the backend
servers. This custom type allows for more complex settings than the
simplified PolicyLbVirtualServer types. This object allows for complex
configurations for PolicyLbVirtualServers of all types. All HTTP
specific inputs will be rejected when combined with TPC or UDP protocols.
Name | Description | Type | Notes |
---|---|---|---|
_create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
_create_user | ID of the user who created this resource | string | Readonly |
_last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
_last_modified_user | ID of the user who last modified this resource | string | Readonly |
_links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
_protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
_revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
_schema | Schema for this resource | string | Readonly |
_self | Link to this resource | SelfResourceLink | Readonly |
_system_owned | Indicates system owned resource | boolean | Readonly |
access_log_enabled | Access log enabled setting If access log is enabled, all HTTP requests sent to an L7 virtual server are logged to the access log file. Both successful requests (backend server returns 2xx) and unsuccessful requests (backend server returns 4xx or 5xx) are logged to access log, if enabled. |
boolean | Default: "False" |
app_protocol | Application protocol for receiving client connections As the custom type allows for more complex settings than the simplified PolicyLbVirtualServer types, also specify the desired protocol for receiving all client connections. |
string | Required Enum: TCP, UDP, HTTP, HTTPS |
children | subtree for this type within policy tree subtree for this type within policy tree containing nested elements. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
client_ssl_certificate_ids | ssl certificates Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. The setting is used when load balancer acts as an SSL server and terminating the client SSL connection |
array of string | |
client_ssl_settings | Security profile setting Security settings representing various security settings when the VirtualServer acts as an SSL server - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 |
string | Enum: BASE_SECURE_111317, MODERATE_SECURE_111317, HIGH_SECURE_111317 Default: "HIGH_SECURE_111317" |
default_client_ssl_certificate_id | ssl certificate The setting is used when load balancer acts as an SSL server and terminating the client SSL connection. A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. |
string | |
description | Description of this resource | string | Maximum length: 1024 Sortable |
display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
id | Unique identifier of this resource | string | Sortable |
insert_client_ip_header | Relative path of this object Backend web servers typically log each request they handle along with the requesting client IP address. These logs are used for debugging, analytics and other such purposes. If the deployment topology requires enabling SNAT on the load balancer, then server will see the client as the SNAT IP which defeats the purpose of logging. To work around this issue, load balancer can be configured to insert XFF HTTP header with the original client IP address. Backend servers can then be configured to log the IP address in XFF header instead of the source IP address of the connection. If XFF header is not present in the incoming request, load balancer inserts a new XFF header with the client IP address. |
boolean | Default: "False" |
ip_address | IP address of the PolicyLbVirtualServer Configures the IP address of the PolicyLbVirtualServer where it receives all client connections and distributes them among the backend servers. |
IPAddress | Required |
lb_persistence_profile | Persistence Profile used by PolicyLbVirtualServer Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is disabled by default. |
string | |
marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
parent_path | Path of its parent Path of its parent |
string | Readonly |
path | Absolute path of this object Absolute path of this object |
string | Readonly |
ports | Virtual server port number(s) or port range(s) Ports contains a list of at least one port or port range such as "80", "1234-1236". Each port element in the list should be a single port or a single port range. |
array of PortElement | Required |
relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
resource_type | Must be set to the value CustomPolicyLbVirtualServer | string | Required Enum: TcpPolicyLbVirtualServer, UdpPolicyLbVirtualServer, HttpPolicyLbVirtualServer, HttpsPolicyLbVirtualServer, CustomPolicyLbVirtualServer |
router_path | Path to router type object for PolicyLbVirtualServer Path to router type object that PolicyLbVirtualServer connects to. The only supported router object is Network. |
string | Required |
server_auth_ca_certificate_ids | ssl certificate To support client authentication (load balancer acting as a client authenticating to the backend server), server_ssl_certificate_id can be specified. When supplied, the backend server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. This setting is only applicable for L7 protocols and will be rejected in combination with TCP or UDP. |
array of string | |
server_ssl_settings | Security profile setting Indicates whether to enable server side SSL. Server side SSL will be enabled when a specific security setting is selected. The selected security setting or profile represents various configurations related to SSL when the VirtualServer acts as a client connecting over SSL to the backend server. This setting is only applicable for L7 protocols and will be rejected in combination with TCP or UDP. - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 - DISABLED |
string | Enum: BASE_SECURE_111317, MODERATE_SECURE_111317, HIGH_SECURE_111317, DISABLED Default: "DISABLED" |
tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
traffic_source | string | ||
unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |