Forum Discussion

Humair_167681's avatar
Humair_167681
Icon for Nimbostratus rankNimbostratus
Dec 16, 2015

How to remove config from LTM policy using CLI?

Hi all,

 

We have following policy on one of our LTMs.

 

ltm policy /Common/Test { controls { forwarding } requires { http } rules { Test-Client1 { actions { 0 { forward select pool /Common/CLient1_Pool } } conditions { 0 { http-uri contains values { 0099/ } } } ordinal 1 }

 

We need to remove the "ordinal 1" part of the config from this policy. We can't find any option in GUI. How do we remove this using the CLI?

 

Thanks,

 

  • The rules were configured via tmsh.

     

    Thank you very much for your help Pete.

     

    Much appreciated!

     

  • OK, I see that there are a number of rules and only one has an ordinal set which seems strange. Did you configure them via the GUI or via tmsh?

    As far as I understand, you need to have an ordinal set per rule, hence why you have the option to reorder them in the GUI. I'd be inclined to go to the GUI, hit Reorder then Update and it should setthe ordinal based on the order of the rules in the GUI. Or use tmsh:

    modify ltm policy /Common/Test rules modify { Client6 { ordinal 6 } Client1 { ordinal 1 } Client2 { ordinal 2 } Client3 { ordinal 3 } Client4 { ordinal 4 } Client5 { ordinal 5 } }

  • Hi Pete,

     

    Please have a look at the config below.

     

    ltm policy /Common/Test {

     

    controls { forwarding }

     

    requires { http }

     

    rules {

     

    Client6 {

     

    actions {

     

    0 {

     

    forward

     

    select

     

    pool /Common/Client6

     

    }

     

    }

     

    conditions {

     

    0 {

     

    http-uri

     

    contains

     

    values { 0062/ }

     

    }

     

    }

     

    ordinal 1

     

    }

     

    Client1 {

     

    actions {

     

    0 {

     

    forward

     

    select

     

    pool /Common/Client1

     

    }

     

    }

     

    conditions {

     

    0 {

     

    http-uri

     

    contains

     

    values { 0007/ }

     

    }

     

    }

     

    }

     

    Client2 {

     

    actions {

     

    0 {

     

    forward

     

    select

     

    pool /Common/Client2

     

    }

     

    }

     

    conditions {

     

    0 {

     

    http-uri

     

    contains

     

    values { 0053/ }

     

    }

     

    }

     

    }

     

    Client3 {

     

    actions {

     

    0 {

     

    forward

     

    select

     

    pool /Common/Client3

     

    }

     

    }

     

    conditions {

     

    0 {

     

    http-uri

     

    contains

     

    values { 0061/ }

     

    }

     

    }

     

    }

     

    Client4 {

     

    actions {

     

    0 {

     

    forward

     

    select

     

    pool /Common/Client4

     

    }

     

    }

     

    conditions {

     

    0 {

     

    http-uri

     

    contains

     

    values { 0040/ }

     

    }

     

    }

     

    }

     

    Client5 {

     

    actions {

     

    0 {

     

    forward

     

    select

     

    pool /Common/Client5

     

    }

     

    }

     

    conditions {

     

    0 {

     

    http-uri

     

    contains

     

    values { 0044/ }

     

    }

     

    }

     

    }

     

    }

     

    strategy /Common/first-match

     

  • You can see here that there are 2 rules but rule 2 has 2 conditions/actions:

    ltm policy Test {
    controls { forwarding }
    requires { http }
    rules {
        1 {
            actions {
                0 {
                    forward
                    select
                    pool dns
                }
            }
            conditions {
                0 {
                    http-uri
                    values { /1 }
                }
            }
            ordinal 1
        }
        2 {
            actions {
                0 {
                    forward
                    select
                    pool syslog
                }
                1 {
                    forward
                    select
                    pool dns
                }
            }
            conditions {
                0 {
                    http-uri
                    values { 2 }
                }
                1 {
                    http-uri
                    values { 3 }
                }
            }
            ordinal 2
        }
    }
    strategy first-match
    }
    
  • Thanks Pete.

     

    Basically we have 5 functions/rules in the policy and only one of them has ordinal value set. The rest of them do not have any ordinal value set. All the other 4 rules match the traffic and send it to pools configured but the rule that has extra config of "ordinal 1" just drops the traffic. Is it mandatory to have "ordinal" value for each rule? Is there any way we can remove the "ordinal" config from the policy.

     

    Thanks,

     

    Humair

     

    • PeteWhite's avatar
      PeteWhite
      Icon for Employee rankEmployee
      I suspect you have an issue with your config, can you PM me with your actual config so I can take a look.Each rule has an ordinal set, but each rule can have a number of matches/actions.
  • The rules are given an ordinal value when they are added. See below - a single policy with two rules. "rule2" is matched first and "Test-Client2" is matched second. These can be reordered via the GUI or by setting the ordinal value.

    root@(B3600-R20-S13)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm policy Test
    ltm policy Test {
        controls { forwarding }
        requires { http }
        rules {
            Test-Client1 {
                actions {
                    0 {
                        forward
                        select
                        pool test_pool
                    }
                }
                ordinal 2
            }
            rule2 {
                actions {
                    0 {
                        log
                        write
                        message test
                    }
                }
                ordinal 1
            }
        }
        strategy first-match
    }
    

    I can then change this using modify:

    root@(B3600-R20-S13)(cfg-sync Standalone)(Active)(/Common)(tmos) modify ltm policy Test rules modify { rule2 { ordinal 3 } }

    Which gives me this: root@(B3600-R20-S13)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm policy Test { controls { forwarding } requires { http } rules { Test-Client1 { actions { 0 { forward select pool test_pool } }

    ordinal 2
    } rule2 { actions { 0 { log write message test } }
    ordinal 3
    } } strategy first-match }

  • Hi Pete,

     

    We need to remove it because there are other rules in the same policy but they do not have any ordinal value set.

     

    Test-Client2 { actions { 0 { forward select pool /Common/Client2_Pool } } conditions { 0 { http-uri contains values { 0098/ } } } }

     

    Hope this makes sense.

     

  • This is added automatically when you add the entry to your policy. Why do you want to remove it?