Developer Documentation


Virtual server acts as a facade to an application, receives all client connections over a specified protocol and distributes them among the backend servers. This custom type allows for more complex settings than the simplified PolicyLbVirtualServer types. This object allows for complex configurations for PolicyLbVirtualServers of all types. All HTTP specific inputs will be rejected when combined with TPC or UDP protocols.


Required Property Name Type Description
optional _create_time integer

Timestamp of resource creation

optional _create_user string

ID of the user who created this resource

optional _last_modified_time integer

Timestamp of last modification

optional _last_modified_user string

ID of the user who last modified this resource

optional _links array of ResourceLink

The server will populate this field when returing the resource. Ignored on PUT and POST.

optional _protection string

Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.

optional _revision integer

The _revision property describes the current revision of the resource. To prevent clients from overwriting each other’s changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.

optional _schema string

Schema for this resource

optional _self SelfResourceLink

Link to this resource

optional _system_owned boolean

Indicates system owned resource

optional access_log_enabled boolean

If access log is enabled, all HTTP requests sent to an L7 virtual server are logged to the access log file. Both successful requests (backend server returns 2xx) and unsuccessful requests (backend server returns 4xx or 5xx) are logged to access log, if enabled.

optional app_protocol string

As the custom type allows for more complex settings than the simplified PolicyLbVirtualServer types, also specify the desired protocol for receiving all client connections.

optional children array of ChildPolicyConfigResource

subtree for this type within policy tree containing nested elements.

optional client_ssl_certificate_ids array of string

Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. The setting is used when load balancer acts as an SSL server and terminating the client SSL connection

optional client_ssl_settings string

Security settings representing various security settings when the VirtualServer acts as an SSL server - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317

optional default_client_ssl_certificate_id string

The setting is used when load balancer acts as an SSL server and terminating the client SSL connection. A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension.

optional description string

Description of this resource

optional display_name string

Defaults to ID if not set

optional id string

Unique identifier of this resource

optional insert_client_ip_header boolean

Backend web servers typically log each request they handle along with the requesting client IP address. These logs are used for debugging, analytics and other such purposes. If the deployment topology requires enabling SNAT on the load balancer, then server will see the client as the SNAT IP which defeats the purpose of logging. To work around this issue, load balancer can be configured to insert XFF HTTP header with the original client IP address. Backend servers can then be configured to log the IP address in XFF header instead of the source IP address of the connection. If XFF header is not present in the incoming request, load balancer inserts a new XFF header with the client IP address.

optional ip_address string

Configures the IP address of the PolicyLbVirtualServer where it receives all client connections and distributes them among the backend servers.

optional lb_persistence_profile string

Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is disabled by default.

optional marked_for_delete boolean

Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.

optional parent_path string

Path of its parent

optional path string

Absolute path of this object

optional ports array of string

Ports contains a list of at least one port or port range such as “80”, “1234-1236”. Each port element in the list should be a single port or a single port range.

optional relative_path string

Path relative from its parent

optional resource_type string

The type of this resource.

optional router_path string

Path to router type object that PolicyLbVirtualServer connects to. The only supported router object is Network.

optional server_auth_ca_certificate_ids array of string

To support client authentication (load balancer acting as a client authenticating to the backend server), server_ssl_certificate_id can be specified. When supplied, the backend server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. This setting is only applicable for L7 protocols and will be rejected in combination with TCP or UDP.

optional server_ssl_settings string

Indicates whether to enable server side SSL. Server side SSL will be enabled when a specific security setting is selected. The selected security setting or profile represents various configurations related to SSL when the VirtualServer acts as a client connecting over SSL to the backend server. This setting is only applicable for L7 protocols and will be rejected in combination with TCP or UDP. - BASE_SECURE_111317 - MODERATE_SECURE_111317 - HIGH_SECURE_111317 - DISABLED

optional tags array of Tag

Opaque identifiers meaningful to the API user

optional traffic_source string Not available

Was this page helpful?