Manual Chapter : General Configuration Properties

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP Analytics

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP Link Controller

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP LTM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP PEM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP AFM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP DNS

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0

BIG-IP ASM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
Manual Chapter

General Configuration Properties

About BIG-IP system general configuration properties

Part of managing the BIG-IP system involves configuring and maintaining a set of global system properties. These properties enable you to configure:
  • General device features, such as NTP and DNS
  • General local traffic features, including some global persistence settings
  • General global traffic features, including load balancing and metric collection
When you configure general device properties, you are affecting the operation of the BIG-IP system as a whole, rather than just one aspect of it. Similarly, when you configure the general properties related to local traffic or global traffic, you are globally affecting the operation of the local traffic management and global traffic management systems.

About general device properties

The BIG-IP system general device properties that you can view or configure are:
  • Host name
  • Chassis serial number
  • BIG-IP software version number
  • Number of available CPUs
  • Number of active CPUs
Other BIG-IP system general device properties that you can configure are:
  • Network boot
  • Quiet boot
  • Display of the LCD system menu
You can also perform operations, such as reboot, or force the system into an OFFLINE state and reload the default geolocation data files that the BIG-IP system uses to source the origin of a name resolution request.

About IP geolocation database updates

The BIG-IP system uses an IP geolocation database to determine the origin of a name resolution request. The default database provides geolocation data for IPv4 addresses at the continent, country, state, ISP, and organization levels. The state-level data is worldwide and includes designations in other countries that correspond to the U.S. state-level in the geolocation hierarchy, for example, provinces in Canada. The default database also provides geolocation data for IPv6 addresses at the continent and country levels.
You can access the ISP-level and organization-level geolocation data for IPv4 and IPv6 addresses using the iRules®
whereis
command.
If you require geolocation data at the city-level, contact your F5 Networks sales representative to purchase additional database files.
You can download a monthly update to the IP geolocation database from F5 Networks.

About Network Time Protocol (NTP)

Network Time Protocol
(
NTP
) is a protocol that synchronizes the clocks on a network. Because DHCP is enabled for the BIG-IP system by default, on the first boot, the BIG-IP system contacts your DHCP server and obtains the IP address of your NTP server. If the DHCP server provides this IP address, the NTP Device Configuration screen displays the NTP server information. If you do not have a DHCP server on your network, or if the DHCP server does not return the IP address of your NTP server, you can manually add the IP address of a NTP server to the BIG-IP system using the BIG-IP Configuration utility.

Configure the NTP time server list

You can use the Configuration utility to specify a list of IP addresses of the servers that you want the BIG-IP system to use when updating the time on network systems. You can also edit or delete the entries in the server list.
  1. On the Main tab, click
    System
    Configuration
    Device
    NTP
    .
    The NTP screen opens.
  2. For the
    Time Server List
    setting, to add an IP address to the list:
    1. Type the IP address or host name of a time server in the
      Address
      field.
    2. Click
      Add
      .
  3. For the
    Time Server List
    setting, to edit an IP address in the list:
    1. From the Time Server List, select an IP address.
      The IP address appears in the
      Address
      field.
    2. In the
      Address
      field, change the IP address.
    3. Click
      Edit
      .
  4. For the
    Time Server List
    setting, to delete an IP address from the list:
    1. From the Time Server List, select an IP address.
      The IP address appears in the
      Address
      field.
    2. Click
      Delete
      .
  5. Click
    Update
    .

About DNS configuration

Domain Name System (DNS) is an industry-standard, distributed Internet directory service that resolves domain names to IP addresses. When you enable DHCP, the system contacts your DHCP server to obtain the IP addresses of your local DNS servers and the domain names that the system searches to resolve local host names. If the DHCP server provides this information, the DNS Device Configuration screen displays the information in the DNS Lookup Server List and the DNS Search Domain List.
If you do not have a DHCP server on your network, or if the DHCP server does not supply the information, you can manually create the two lists:
  • The DNS Lookup Server List enables BIG-IP system users to use IP addresses, host names, or fully-qualified domain names (FQDNs) for accessing virtual servers, nodes, or other network objects.
  • The DNS Search Domain List enables BIG-IP systems to search for local domain lookups to resolve local host names.
Additionally, you can manually configure the
BIND Forwarder Server List
that provides DNS resolution for servers and other equipment load-balanced by the BIG-IP system (for the servers that the BIG-IP system uses for DNS proxy services).
To use DNS Proxy services, you must enable the named service.

About local traffic properties

The BIG-IP system includes a set of properties that apply globally to the local traffic management system. There are two categories of local traffic properties: General and Persistence. You can use the BIG-IP Configuration utility to configure and maintain these properties.

General local traffic properties

This table lists and describes global properties that you can configure to manage the behavior of the local traffic management system.
Property
Default value
Description
Auto Last Hop
Enabled (check box selected)
When selected (enabled), specifies that the system automatically maps the last hop for pools.
Maintenance Mode
Disabled (check box cleared)
When selected (enabled), specifies that the unit is in maintenance mode. In maintenance mode, the system stops accepting new connections and slowly completes the processing of existing connections.
VLAN-Keyed Connections
Enabled (check box selected)
Select this check box setting to enable VLAN-keyed connections. VLAN-keyed connections are used when traffic for the same connection must pass through the system several times, on multiple pairs of VLANs (or in different VLAN groups).
Path MTU Discovery
Enabled (check box selected)
When selected (enabled), specifies that the system discovers the maximum transmission unit (MTU) that it can send over a path without fragmenting TCP packets.
Reject Unmatched Packets
Enabled (check box selected)
Specifies that the BIG-IP system sends a TCP RST packet in response to a non-SYN packet that matches a virtual server address and port or self IP address and port, but does not match an established connection. The BIG-IP system also sends a TCP RST packet in response to a packet matching a virtual server address or self IP address but specifying an invalid port. The TCP RST packet is sent on the client-side of the connection, and the source IP address of the reset is the relevant BIG-IP LTM object address or self IP address for which the packet was destined. If you disable this setting, the system silently drops unmatched packets.
Eviction Policy
default-eviction-policy
Specifies the eviction policy for the system, which provides the system with guidelines for how aggressively it discards flows from the flow table. You can customize the eviction policy to prevent flow table attacks, where a large number of slow flows are used to negatively impact system resources. You can also set how the system responds to such flow problems in an eviction policy, and attach such eviction policies globally, to route domains, and to virtual servers, to protect the system, applications and network segments with a high level of customization.
Default Per Virtual Server SYN Check Threshold
0
Specifies the default value of per-virtual server SYN Cookie activation threshold per chassis. The valid range is 128 - 1024K or infinite (encoded as 0).
Global SYN Check Activation Threshold
64000
Specifies the default value of the global SYN Cookie activation threshold per TMM. The valid range is 2048 - 4096K or infinite (encoded as 0).
Layer 2 Cache Aging Time
300
Specifies, in seconds, the amount of time that records remain in the Layer 2 forwarding table, when the MAC address of the record is no longer detected on the network.
Share Single MAC Address
Disabled (check box cleared)
When this check box setting is cleared (disabled), the BIG-IP system assigns to each VLAN a unique MAC address that comes from a pool of available MAC addresses. If you create enough VLANs to exceed the number of MAC addresses available, the system then begins to assign the same MAC address to multiple VLANs. This is the default value and the most common configuration. When this check box setting is selected (enabled), the BIG-IP system causes all VLANs to share a single MAC address (global). This setting is equivalent to the BigDB variable
vlan.macassignment
and has two values,
unique
and
global
.
SNAT Packet Forwarding
TCP and UDP Only
Specifies the type of traffic for which the system attempts to forward (instead of reject) Any-IP packets, when the traffic originates from a member of a SNAT. There are two possible values:
TCP and UDP Only
specifies that the system forwards, for TCP and UDP traffic only, Any-IP packets originating from a SNAT member.
All Traffic
specifies that the system forwards, for all traffic types, Any-IP packets originating from a SNAT member.
Hardware VLAN SYN Cookie Protection
Enabled (check box selected)
Enables SYN cookie protection, which allows the BIG-IP system to maintain connections when the SYN queue begins to fill during a SYN flood attack.

General local traffic multicast properties

This table lists and describes multicast properties that you can configure to manage the behavior of the local traffic management system.
Property
Default value
Description
Route Lookup Timeout
2
Specifies maximum lifetime, in seconds, of an incomplete MFC entry.
Maximum Pending Routes
256
Specifies the number of incomplete MFC entries each TMM will allow to exist at one time.
Maximum Pending Packets
16
Specifies the maximum number of packet queued on behalf of a single incomplete MFC entry.
Maximum Multicast Rate
Enabled (check box selected)
Enables or disables the maximum multicast rate.