Manual Chapter :
General Configuration Properties
Applies To:
Show VersionsBIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
BIG-IP Analytics
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
BIG-IP Link Controller
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
BIG-IP LTM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
BIG-IP PEM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
BIG-IP AFM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
BIG-IP DNS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
BIG-IP ASM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0
General Configuration Properties
About BIG-IP system general configuration properties
Part of managing the BIG-IP system involves configuring
and maintaining a set of global system properties. These properties enable you
to configure:
- General device features, such as NTP and DNS
- General local traffic features, including some global persistence settings
- General global traffic features, including load balancing and metric collection
When you configure general device properties, you are affecting the operation
of the BIG-IP system as a whole, rather than just one aspect of it. Similarly,
when you configure the general properties related to local traffic or global
traffic, you are globally affecting the operation of the local traffic
management and global traffic management systems.
About general device properties
The BIG-IP system general device properties
that you can view or configure are:
- Host name
- Chassis serial number
- BIG-IP software version number
- Number of available CPUs
- Number of active CPUs
Other BIG-IP system general device properties that you can configure
are:
- Network boot
- Quiet boot
- Display of the LCD system menu
You can also perform operations, such as reboot, or force the system into an OFFLINE state and
reload the default geolocation data files that the BIG-IP system uses to source the
origin of a name resolution request.
About IP geolocation database updates
The BIG-IP system uses an IP geolocation
database to determine the origin of a name resolution request. The
default database provides geolocation data for IPv4 addresses at the
continent, country, state, ISP, and organization levels. The
state-level data is worldwide and includes designations in other
countries that correspond to the U.S. state-level in the geolocation
hierarchy, for example, provinces in Canada. The default database
also provides geolocation data for IPv6 addresses at the continent
and country levels.
You can access the ISP-level and organization-level geolocation
data for IPv4 and IPv6 addresses using the iRules®
whereis
command.If you require geolocation data at the city-level, contact your
F5 Networks sales representative to purchase additional
database files.
You can download a monthly update to the IP geolocation database from F5
Networks.
About Network Time Protocol (NTP)
Network Time Protocol
(NTP
) is a protocol that
synchronizes the clocks on a network. Because DHCP is enabled for the BIG-IP system by default, on the first boot, the BIG-IP
system contacts your DHCP server and obtains the IP address of your NTP
server. If the DHCP server provides this IP address, the NTP Device
Configuration screen displays the NTP server information. If you do not have a
DHCP server on your network, or if the DHCP server does not return the IP
address of your NTP server, you can manually add the IP address of a NTP
server to the BIG-IP system using the BIG-IP Configuration utility.Configure
the NTP time server list
You can use the Configuration utility to specify a list of IP addresses
of the servers that you want the BIG-IP system to use
when updating the time on network systems. You can also edit or delete the
entries in the server list.
- On the Main tab, click.The NTP screen opens.
- For theTime Server Listsetting, to add an IP address to the list:
- Type the IP address or host name of a time server in theAddressfield.
- ClickAdd.
- For theTime Server Listsetting, to edit an IP address in the list:
- From the Time Server List, select an IP address.The IP address appears in theAddressfield.
- In theAddressfield, change the IP address.
- ClickEdit.
- For theTime Server Listsetting, to delete an IP address from the list:
- From the Time Server List, select an IP address.The IP address appears in theAddressfield.
- ClickDelete.
- ClickUpdate.
About DNS configuration
Domain Name System (DNS) is an industry-standard, distributed Internet
directory service that resolves domain names to IP addresses. When you enable
DHCP, the system contacts your DHCP server to obtain the IP addresses of your
local DNS servers and the domain names that the system searches to resolve
local host names. If the DHCP server provides this information, the DNS Device
Configuration screen displays the information in the DNS Lookup Server List
and the DNS Search Domain List.
If you do not have a DHCP server on your network, or if the DHCP server does
not supply the information, you can manually create the two lists:
- The DNS Lookup Server List enables BIG-IP system users to use IP addresses, host names, or fully-qualified domain names (FQDNs) for accessing virtual servers, nodes, or other network objects.
- The DNS Search Domain List enables BIG-IP systems to search for local domain lookups to resolve local host names.
Additionally, you can manually configure the
BIND Forwarder Server
List
that provides DNS resolution for servers and other equipment
load-balanced by the BIG-IP system (for the servers that the BIG-IP system
uses for DNS proxy services).To use DNS Proxy services, you must enable the named
service.
About local traffic properties
The BIG-IP system includes a set of properties that apply
globally to the local traffic management system. There are two categories of
local traffic properties: General and Persistence. You can use the BIG-IP
Configuration utility to configure and maintain these properties.
General local traffic properties
This table lists and describes global properties that you can configure to manage the behavior of the local traffic management system.
Property | Default value | Description |
---|---|---|
Auto Last Hop | Enabled (check box selected) | When selected (enabled), specifies that the system automatically maps the last hop for pools. |
Maintenance Mode | Disabled (check box cleared) | When selected (enabled), specifies that the unit is in maintenance mode. In maintenance mode, the system stops accepting new connections and slowly completes the processing of existing connections. |
VLAN-Keyed Connections | Enabled (check box selected) | Select this check box setting to enable VLAN-keyed connections. VLAN-keyed connections are used when traffic for the same connection must pass through the system several times, on multiple pairs of VLANs (or in different VLAN groups). |
Path MTU Discovery | Enabled (check box selected) | When selected (enabled), specifies that the system discovers the maximum transmission unit (MTU) that it can send over a path without fragmenting TCP packets. |
Reject Unmatched Packets | Enabled (check box selected) | Specifies that the BIG-IP system sends a TCP RST packet in response to a non-SYN packet that matches a virtual server address and port or self IP address and port, but does not match an established connection. The BIG-IP system also sends a TCP RST packet in response to a packet matching a virtual server address or self IP address but specifying an invalid port. The TCP RST packet is sent on the client-side of the connection, and the source IP address of the reset is the relevant BIG-IP LTM object address or self IP address for which the packet was destined. If you disable this setting, the system silently drops unmatched packets. |
Eviction Policy | default-eviction-policy | Specifies the eviction policy for the system, which provides the system with guidelines for how aggressively it discards flows from the flow table. You can customize the eviction policy to prevent flow table attacks, where a large number of slow flows are used to negatively impact system resources. You can also set how the system responds to such flow problems in an eviction policy, and attach such eviction policies globally, to route domains, and to virtual servers, to protect the system, applications and network segments with a high level of customization. |
Default Per Virtual Server SYN Check™ Threshold | 0 | Specifies the default value of per-virtual server SYN Cookie
activation threshold per chassis. The valid range is 128 - 1024K or infinite (encoded as 0).
|
Global SYN Check™ Activation Threshold | 64000 | Specifies the default value of the global SYN Cookie activation
threshold per TMM. The valid range is 2048 - 4096K or infinite (encoded as 0).
|
Layer 2 Cache Aging Time | 300 | Specifies, in seconds, the amount of time that records remain in the Layer 2 forwarding table, when the MAC address of the record is no longer detected on the network. |
Share Single MAC Address | Disabled (check box cleared) | When this check box setting is cleared (disabled), the BIG-IP system assigns to each VLAN a unique MAC address that comes from a pool of available MAC addresses. If you create enough VLANs to exceed the number of MAC addresses available, the system then begins to assign the same MAC address to multiple VLANs. This is the default value and the most common configuration. When this check box setting is selected (enabled), the BIG-IP system causes all VLANs to share a single MAC address (global). This setting is equivalent to the BigDB variable vlan.macassignment and has two values, unique and global . |
SNAT Packet Forwarding | TCP and UDP Only | Specifies the type of traffic for which the system attempts to forward (instead of reject) Any-IP packets, when the traffic originates from a member of a SNAT. There are two possible values: TCP and UDP Only specifies that the system forwards, for TCP and UDP traffic only, Any-IP packets originating from a SNAT member. All Traffic specifies that the system forwards, for all traffic types, Any-IP packets originating from a SNAT member. |
Hardware VLAN SYN Cookie Protection | Enabled (check box selected) | Enables SYN cookie protection, which allows the BIG-IP system to maintain connections when the SYN queue begins to fill during a SYN flood attack. |
General local
traffic multicast properties
This table lists and describes multicast properties that
you can configure to manage the behavior of the local traffic management system.
Property |
Default
value |
Description |
---|---|---|
Route Lookup
Timeout |
2 |
Specifies maximum lifetime, in seconds, of an incomplete
MFC entry. |
Maximum Pending
Routes |
256 |
Specifies the number of incomplete MFC entries each TMM
will allow to exist at one time. |
Maximum Pending
Packets |
16 |
Specifies the maximum number of packet queued on behalf of
a single incomplete MFC entry. |
Maximum Multicast
Rate |
Enabled (check box
selected) |
Enables or disables the maximum multicast rate. |