Applies To:
Show Versions
BIG-IP versions 1.x - 4.x
- 2.1.4 PTF-01, 2.1.4, 2.1.3 PTF-04, 2.1.3 PTF-03, 2.1.3 PTF-02, 2.1.3 PTF-01, 2.1.3, 2.1.2 PTF-02, 2.1.2 PTF-01, 2.1.2, 2.1.1, 2.1.0
B
BIG/pipe Command Reference
BIG/pipe commands
This appendix lists the various BIG/pipe commands with descriptions. Some entries contain additional information about using the command. At the end of the appendix is a list of commands from previous versions of the BIG/pipe utility.
Command | Description | Page |
-? | Displays online help for an individual bigpipe command. | B-4 |
alias | Defines an IP alias to be pinged on behalf of a specific group of nodes. | B-5 |
configsync | Synchronizes the /etc/bigip.conf between the two BIG/ip Controller units in a redundant system. | B-7 |
conn | Shows information about current connections such as the source IP address, virtual server and port, and node connected to. | B-8 |
-d | Verifies command syntax for the specified command without executing a command. | B-9 |
-f | Resets the BIG/ip Controller and loads a specified configuration file. | B-10 |
failover | Sets the BIG/ip Controller as active or standby. | B-11 |
gateway | Turns the gateway fail-safe feature on and off. | B-12 |
-h and -help | Displays online help for BIG/pipe command syntax. | B-13 |
interface | Sets options on individual interfaces. | B-14 |
lb | Sets the load balancing mode. | B-19 |
maint | Toggles the BIG/ip Controller into and out of maintenance mode. | B-20 |
mirror | Sets mirroring of the active BIG/ip Controller to the standby controller. | B-21 |
nat | Defines external network address translations for nodes. | B-22 |
node | Defines node property settings. | B-24 |
persist | Defines and displays persistence settings for simple TCP and UDP persistence. | B-27 |
port | Defines properties for virtual ports. | B-29 |
-r | Clears the BIG/ip Controller define and counter values. | B-31 |
ratio | Sets load-balancing weights and priority levels used in the Ratio and Priority load balancing modes. | B-32 |
-s | Writes the current configuration to a configuration file. | B-34 |
snat | Defines and sets options for SNAT (Secure NAT). | B-35 |
summary | Displays summary statistics for the BIG/ip Controller. | B-40 |
timeout_node | Sets the amount of time node addresses have to respond to a ping issued by the BIG/ip Controller. | B-43 |
timeout_svc | Sets the amount of time services have to respond to a service check issued by the BIG/ip Controller. | B-45 |
tping_node | Sets the interval at which the BIG/ip Controller pings node addresses to determine node status. | B-47 |
tping_svc | Sets the interval at which the BIG/ip Controller issues service checks to nodes to determine node status. | B-48 |
treaper | Sets the timeout for idle TCP connections on ports. | B-50 |
udp | Enables UDP traffic on ports, and sets the timeout for idle UDP connections. | B-52 |
-v | Displays the BIG/pipe utility version number. | B-54 |
version | Displays the BIG/ip Controller software version number. | B-55 |
vip | Defines virtual servers, virtual server mappings, and virtual server properties. | B-56 |
Backward-compatible commands | Lists the commands from previous versions of the BIG/ip Controller that are compatible with this version. | B-68 |
-?
bigpipe <command> -?
Description
For certain commands, displays online help, including complete syntax, description, and other related information. For example, to see online help for the bigpipe port command, enter:
bigpipe port -?
alias
bigpipe alias [<node addr> [...<node addr>] ] show
bigpipe alias <node addr> [...<node addr>] delete
bigpipe alias <node addr> [...<node addr>] pingnode <pingnode addr>
Description
Defines a single node address to represent a group of node addresses which are actually IP aliases on the same physical server. To determine if the nodes associated with the representative node alias are available, the BIG/ip Controller sends a single node ping to the node alias, rather than an individual ping to each node address.
Note that you may also find this feature useful for nodes that are configured for service check, as long as each node uses the same port number.
Defining a node alias
Use the following syntax to define the node alias for one or more node addresses, where <pingnode addr> is the node alias (the node address that represents the group):
bigpipe alias <node addr> [...<node addr>] pingnode <pingnode addr>
Note: The address that serves as the node alias (<pingnode addr>) must be a node address that is already defined in one or more virtual server mappings.
The following command defines a node alias for two node addresses, 192.168.42.2 and 192.168.42.3. The BIG/ip Controller performs node pings on the alias address 192.168.42.1 to determine the availability of 192.168.42.2 and 192.168.42.3.
bigpipe alias 192.168.42.2 192.168.42.3 pingnode 192.168.42.1
Deleting a node alias
The following command deletes the node alias defined for the specific node:
bigpipe alias <node addr> delete
Displaying current node aliases
The following command displays all node aliases defined on the BIG/ip Controller:
bigpipe alias show
The following command displays the node alias defined for a specific node:
bigpipe alias <node addr> show
configsync
bigpipe configsync [all]
Description
Synchronizes configurations of two BIG/ip Controllers in a redundant system by copying the configuration file(s) from the active system to the standby system.
Using the configsync command without the all option synchronizes only the boot configuration file /etc/bigip.conf.
The all option changes the set of configuration files modified when the command is executed. When you synchronize a configuration using configsync all command, the following configuration files are copied to the other BIG/ip Controller:
- /etc/bigip.conf
- /etc/bigd.conf
- /etc/bigip.interfaces
- /etc/hosts.allow
- /etc/netstart
- /etc/ipfw.conf
- /etc/rateclass.conf
- /etc/ipfwrate.conf
- /etc/snmpd.conf
Be sure to save the current configuration to the /etc/bigip.conf file before you use the config sync feature.
Warning: If you are synchronizing a standby controller that already has configuration information defined, we recommend that you back up that controller's original configuration file(s).
conn
bigpipe conn [ <virt addr>[:<port>] ] dump
Description
Displays information about current client connections to virtual addresses and virtual servers.
The following command displays all current client connections:
bigpipe conn dump
The output shows the source IP, virtual server and port, and node connected to.
bigip conn dump
from vip node
100.100.100.30:49152 -> 100.100.100.100:23 -> 200.200.200.10:23
100.100.101.90:49153 -> 100.100.100.100:80 -> 200.200.200.10:80
...
Figure B.1 Formatted output of the conn command
-d
bigpipe -d [-]
bigpipe -d -f <filename>
Description
Parses the command line and checks syntax without executing the specified command.
This distinguishes between valid and invalid commands, and is particularly useful with the -f option, to validate the configuration file.
Use the -d command followed by a command that you want to validate:
bigpipe -d vip 10.10.10.100:80 define 192.168.195.2:80
The command checks the syntax and logic, reporting any errors that would be encountered if the command executed.
Use the -d command together with the -f <filename> command to validate and load the specified configuration file. For example, to check the syntax of the configuration file /etc/altbigpipe.conf, use the following command:
bigpipe -d -f /etc/altbigip.conf
-f
bigpipe -f <filename>
Description
Resets all of the BIG/ip Controller settings and then loads the configuration settings from the specified file, typically /etc/bigip.conf file, or another file you specify.
bigpipe -f /etc/bigip.conf
For testing purposes, you can save a test configuration by renaming it to avoid confusion with the boot configuration file. To load a test configuration, use the -f command with the <filename> parameter. For example, if you renamed your configuration file to /etc/bigtest.conf, the test command would be:
bigpipe -f /etc/bigtest.conf
failover
bigpipe failover active | standby | show
Description
Switches the BIG/ip Controller to be the active or the standby unit in a redundant system. The BIG/ip Controller automatically switches between active and standby modes, without operator intervention.
Show the status of the controller with the following command:
bigpipe failover show
Warning: A standby controller that has been put into active mode with this command is not fully configured for operation as the active controller in a redundant system. Important fail-over processes that properly handle an actual fail-over are not invoked by the failover command.
gateway
bigpipe gateway failsafe arm | disarm | show
Description
Turns the gateway fail-safe feature on and off. This command is supported only for redundant systems.
The typical use of gateway fail-safe is where active and standby BIG/ip Controllers use different routers as gateways to the internet. Fail-over is triggered if the gateway for the active controller is unreachable. Note that this is not a condition that is reliably detected by the interface fail-safe feature, but is reliably detected by gateway fail-safe.
To arm fail-safe on the gateway:
bigpipe gateway failsafe arm
To disarm fail-safe on the gateway, enter the following command:
bigpipe gateway failsafe disarm
To see the current fail-safe status for the gateway, enter the following command:
bigpipe gateway failsafe show
-h and -help
bigpipe [-h | -help ]
Description
Displays the bigpipe command syntax or usage text for all current commands.
Note: More detailed man pages are available for some individual bigpipe commands. To display detailed online help for the bigpipe command, type: man bigpipe
interface
bigpipe interface <ifname> internal | external | show
bigpipe interface <ifname> failsafe arm | disarm | show
bigpipe interface <ifname> timeout <seconds> | show
bigpipe interface <ifname> mac_masq <mac_addr> | show
bigpipe interface <ifname> vlans enable | disable | show
Description
Displays names of installed network interface cards and allows you to set properties for each network interface card.
Note: Interface fail-safe is not designed for gateway or node failure detection, as it cannot detect router or node failures in instances where other sources of Ethernet traffic are active on the interface.
Designating an internal or external interface
Use the following syntax to designate an interface as an internal or external interface.
bigpipe interface <ifname> internal | external
The <ifname> parameter takes a valid interface name such as:
- exp0
This is an Intel NIC on interface 0 - fpa1
This is an FDDI NIC on interface 1 - de2
This is a DEC/SMC NIC on interface 2 - hmc0
This is a Gigabit Ethernet NIC on interface 0The following example configures multiple (2) internal and one external interface on the BIG/ip Controller:
bigpipe interface de2 internal
bigpipe interface fpa1 internal
bigpipe interface exp0 external
Warning: Use caution when redefining internal and external interfaces. When you reconfigure interfaces, make sure that you have set up the interfaces you need for operation. It is possible to accidently take the controller out of network service by redefining interfaces.
Displaying status for interfaces
Use the following syntax to display the current status and the settings for all installed interface cards:
bigpipe interface show
Use the following syntax to display the current status and the setting for a specific interface.
bigpipe interface <ifname> show
Arming and disarming the fail-safe mode
Use the following command to activate the BIG/ip Controller interface fail-safe mode.
bigpipe interface <ifname> failsafe arm
When armed, the active controller automatically fails over to the standby controller whenever the active controller detects that there is no activity on the specified interface, and subsequently detects no activity on the interface in response to ARP requests. The default fail-safe mode is set to disarm.
Warning: You should arm the fail-safe mode only after you configure the BIG/ip Controller, and both the active and standby units are ready to be placed into a production environment.
Note that you must specify a default route before using the bigpipe interface failsafe command. You specify the default route in the /etc/hosts and /etc/netstart files.
Use the following command to deactivate the BIG/ip Controller interface fail-safe mode.
bigpipe interface <ifname> failsafe disarm
Setting the fail-safe timeout
Use the following syntax to set the amount of time, in seconds, that an interface will be monitored for activity in response to a BIG/ip Controller ARP request, in order to be designated operational.
bigpipe interface <ifname> timeout <seconds>
If no activity is detected on the interface within the specified time, the BIG/ip Controller assumes that the interface is down. Note that the default setting is 30 seconds.
Warning messages are generated after half of the specified timeout period. In the case of an armed BIG/ip Controller in a BIG/ip redundant system, traffic is switched from the active unit to the standby unit at the end of the timeout period. Note that the fail-safe timeout is used only if the fail-safe option is armed on the interface.
Viewing the timeout setting
Use the following syntax to view the fail-over timeout setting for a specific interface:
bigpipe interface <ifname> timeout show
Displaying the current fail-safe status
Use the following syntax to display the current status and settings for the BIG/ip Controller fail-safe mode:
bigpipe interface failsafe show
Setting the MAC masquerade address
Sharing the MAC masquerade address makes it possible to use BIG/ip Controllers in a network topology using secure hubs. You can view the media access control (MAC) address on a given controller using the following command:
/sbin/ifconfig -a
Use the following syntax to set the MAC masquerade address that will be shared by both BIG/ip Controllers in the redundant system.
bigpipe interface <ifname> mac_masq <MAC addr>
Warning: You must specify a default route before using the mac_masq command. You specify the default route in the /etc/hosts and /etc/netstart files.
Find the MAC address on both the active and standby units and choose one that is similar but unique. A safe technique for choosing the shared MAC address follows:
Suppose you want to set up mac_masq on the external interfaces. Using the ifconfig -a command on the active and standby units, you note that their MAC addresses are:
Active: exp0 = 0:0:0:ac:4c:a2
Standby: exp0 = 0:0:0:ad:4d:f3
In order to avoid packet collisions, you now must choose a unique MAC address. The safest way to do this is to select one of the addresses and logically OR the first byte with 0x40. This makes the MAC address a locally administered MAC address.
In this example, either 40:0:0:ac:4c:a2 or 40:0:0:ad:4d:f3 would be a suitable shared MAC address to use on both BIG/ip Controllers in the redundant system.
The shared MAC address is used only when the BIG/ip Controller is in active mode. When the unit is in standby mode, the original MAC address of the network card is used. On startup, or when transitioning from standby mode to active mode, the BIG/ip Controller sends gratuitous ARP requests to notify the default router and other machines on the local Ethernet segment that its MAC address has changed. See RFC 826 for more details on ARP.
Note: You can use the same technique to configure an internal interface MAC address.
Enabling VLAN communication for an interface
If you want to use IEEE 802.1q VLAN Trunk mode, then VLAN tags must be enabled on the BIG/ip Controller internal interface using the bigpipe interface command.
Use the following syntax to enable, disable or show the VLAN status of the specified interface:
bigpipe interface <ifname> vlans enable | disable | show
lb
bigpipe lb show
bigpipe lb round_robin
bigpipe lb ratio
bigpipe lb priority
bigpipe lb fastest
bigpipe lb least_conn
bigpipe lb predictive
bigpipe lb observed
Description
Sets the load balancing mode for all virtual servers.
Setting the load balancing mode
Use the following syntax to set the load balancing mode:
bigpipe lb <mode name>
The mode names allowed are displayed in the syntax section above.
The command below sets the load balancing mode to Least Connections, which routes new connections to the node which currently maintains the least number of connections.
bigpipe lb least_conn
Viewing the currently selected load balancing mode
The following command displays the currently selected load balancing mode.
bigpipe lb show
maint
bigpipe maint
Description
Toggles a BIG/ip Controller into and out of Maintenance mode. When in Maintenance mode, a BIG/ip Controller accepts no new connections, but it does allow existing connections to complete.
The maint command interactively prompts you to enter or exit the maintenance mode.
bigpipe maint
If the BIG/ip Controller is already in maintenance mode, the maint command takes the BIG/ip Controller out of maintenance mode. If the BIG/ip Controller is in maintenance mode for more than 20 minutes, the BIG/ip Controller immediately begins to accept new connection requests.
If the BIG/ip Controller has been in maintenance mode for more than 20 minutes, it automatically updates all network ARP caches; this process normally takes a few seconds. However, you can speed the process up by reloading the configuration file, using the following command:
bigpipe -f /etc/bigip.conf
mirror
bigpipe mirror enable | disable | show
Description
Enables and disables mirroring between active and standby BIG/ip Controllers. Mirroring ensures that persistence and connection information on the active controller is duplicated on the standby controllers. This command enables and disables mirroring for all virtual servers.
To enable mirroring on a redundant system:
bigpipe mirror enable
To disable mirroring on a redundant system:
bigpipe mirror disable
To show the current status of mirroring on a redundant system:
bigpipe mirror show
nat
bigpipe nat <node addr> to <NAT addr>[/<bitmask>] [<ifname>]
bigpipe nat <node addr> to <NAT addr> netmask <netmask> \
[broadcast <broadcast_ip>] [<ifname>]
bigpipe nat <node addr> [...<node addr>] delete
bigpipe nat <NAT addr> [...<NAT addr>] delete
bigpipe nat [<NAT addr> [...NAT addr>] ] show
bigpipe nat [<node addr> [...<node addr>] ] show
Description
Defines an IP address, routable on the external network, that a node can use to initiate connections to hosts on the external network and receive direct connections from clients on the external network. The NAT command defines a mapping between the IP address of a server behind the BIG/ip Controller <node addr> and an unused routable address on the network in front of the BIG/ip Controller <NAT addr>.
Defining a NAT
A NAT definition maps the IP address of a node <node addr> to a routable address on the external interface <NAT addr>, and can include an optional interface and netmask specification. Use the following syntax to define a NAT:
bigpipe nat <node addr> to <NAT addr>[/<bitmask>] [<ifname>]
The <ifname> parameter is the internal interface of the BIG/ip Controller through which packets must pass to get to the destination internal address. The BIG/ip Controller can determine the interface to configure for the NAT in most cases. The <ifname> parameter is useful, for example, where there is more than one internal interface.
The following example shows a NAT definition:
bigpipe nat 10.10.10.10 to 10.12.10.10/24 exp1
Deleting NATs
Use the following syntax to delete one or more NATs from the system:
bigpipe nat <node addr> [...<node addr>] delete
Displaying status of NATs
Use the following command to display the status of all NATs included in the configuration:
bigpipe nat show
Use the following syntax to display the status of one or more selected NATs:
bigpipe nat <node addr> [...<node addr>] show
NAT { 10.10.10.3 to 9.9.9.9 }
(pckts,bits) in = (0, 0), out = (0, 0)
NAT { 10.10.10.4 to 12.12.12.12
netmask 255.255.255.0 broadcast 12.12.12.255 }
(pckts,bits) in = (0, 0), out = (0, 0)
Additional Restrictions
The nat command has the following additional restrictions:
- The IP address defined in the <node addr> parameter must be routable to a specific server behind the BIG/ip Controller.
- You must delete a NAT before you can redefine it.
- The interface for a NAT may only be configured when the NAT is first defined.
node
bigpipe node <node addr>[:<port>][...<node addr>[:<port>]] \
enable | disable
bigpipe node [<node addr>[:<port>][...<node addr>[:<port>]] ] show
bigpipe node <node addr>[:<port>][...<node addr>[:<port>]] \
limit <max conn>
Description
Displays information about nodes and allows you to set properties for nodes, and node addresses.
Enabling and disabling nodes and node addresses
To enable a node address, use the node command with a node address and the enable option:
bigpipe node 192.168.21.1 enable
To disable a node address, use the node command with the disable option:
bigpipe node 192.168.21.1 disable
To enable a node address, use the node command with a node address and port, and the enable option:
bigpipe node 192.168.21.1:80 enable
To disable one or more node addresses, use the node command with disable option:
bigpipe node 192.168.21.1:80 disable
Setting connection limits for nodes
Use the following command to set the maximum number of concurrent connections allowed on a node:
bigpipe node 192.168.21.1:80 limit 100
Note that to remove a connection limit, you also issue the preceding command, but set the <max conn> variable to 0 (zero):
Setting connection limits for node addresses
Use the following command to set the maximum number of concurrent connections allowed for a node addresses:
bigpipe node 192.168.21.1 limit 100
To remove a connection limit, you also issue the above command, but set the <max conn> variable to 0 (zero).
Displaying status of all nodes
bigpipe node show
When you issue the node show command, the BIG/ip Controller displays the node status (up or down), and a node summary of connection statistics, which is further broken down to show statistics by port. The report shows the following information:
- current number of connections
- total number of connections made to the node since last boot
- maximum number of concurrent connections since the last boot
- concurrent connection limit on the node
- the total number of connections made to the node since last boot
- total number of inbound and outbound packets and bits
Figure B.2 shows the output of this command:
bigpipe node 192.168.200.50:20
NODE 192.168.200.50 UP
| (cur, max, limit, tot) = (0, 0, 0, 0)
| (pckts,bits) in = (0, 0), out = (0, 0)
+- PORT 20 UP
(cur, max, limit, tot) = (0, 0, 0, 0)
(pckts,bits) in = (0, 0), out = (0, 0)
Displaying the status of individual nodes and node addresses
Use the following command to display status and statistical information for a node addresses:
bigpipe node 192.168.21.1 show
The command reads the status of each node address, the number of current connections, total connections, and connections allowed, and the number of cumulative packets and bits sent and received.
Use the following command to display status and statistical information for one or more specific nodes:
bigpipe node 192.168.21.1:80 show
Setting connection limits for individual nodes and node addresses
Use the following command to set the maximum number of concurrent connections allowed for one or more nodes:
bigpipe node 192.168.21.1:80 limit <max conn>
Note that to remove a connection limit, you also issue the above command, but you set the <max conn> variable to 0 (zero).
Use the following command to set the maximum number of connections allowed for a node addresses:
bigpipe node <192.168.21.1> limit <max conn>
Note that to remove a connection limit, you also issue the above command, but you set the <max conn> variable to 0 (zero).
persist
bigpipe persist <port> [...<port>] <seconds>
bigpipe persist [<port> [...<port>] ] show | dump
Description
Enables or disables simple persistence on one or more virtual ports. Persistence tracks the source IP addresses and ports of all incoming requests, and the nodes and ports that hosted the request. It forces new connections from the source address to use the same node as used by the prior connection from that source IP address and port. A configurable time limit determines how long the BIG/ip Controller retains persistent connection information. By default, persistence is disabled on all ports. Persistence is affected by certain system control variables.
Setting a persistence timeout
Use the following syntax to set the number of seconds for which the BIG/ip Controller maintains persistent connection information on a specific virtual port:
bigpipe persist <port> <seconds>
Set <seconds> to 0 to turn persistence off for a specific virtual port.
Displaying persistence settings for virtual ports
Use the following syntax to display the number of seconds for which the BIG/ip Controller maintains persistent connection information for all virtual ports that have persistence turned on:
bigpipe persist show
Use the following syntax to display persistence settings for a specific virtual port:
bigpipe persist <port> show
Displaying persistent connections on a virtual port
Use the following syntax to display information about current persistent connections on a virtual port:
bigpipe persist [<port>] [...port] dump
port
bigpipe port <port> [...<port>] limit <max conn>
bigpipe port <port> [...<port>] enable | disable | show
Description
Enables and disables network traffic on virtual ports, and also sets connection limits on ports. You can use standard port numbers, service or port names (for example, www, http, or 80) for the <port> parameter. Note that the port settings you define with this command control the port service for all virtual servers that use the port. By default, all ports are disabled.
A port is any valid port number, between 0 and 65535, inclusive, or any valid service name in the /etc/services file.
Allowing and denying virtual ports
You can enable or disable traffic to specific virtual ports. The default setting for all virtual ports is disabled. Use the following syntax to allow one or more virtual ports:
bigpipe port <port> [...<port>] enable
To deny access to one or more virtual ports:
bigpipe port <port> [...<port>] disable
Setting connection limits on ports
Use the following syntax to set the maximum number of concurrent connections allowed on a virtual port. Note that you can configure this setting for one or more virtual ports.
bigpipe port <port> [...<port>] limit <max conn>
To turn off a connection limit for one or more ports, use the preceding command, setting the <max conn> parameter to 0 (zero):
bigpipe port <port> [...<port>] limit 0
Displaying the status of all virtual ports
Use the following syntax to display the status of virtual ports included in the configuration:
bigpipe port show
Displaying the status for specific virtual ports
Use the following syntax to display the status of one or more virtual ports:
bigpipe port <port> [...<port>] show
Figure B.3 shows a sample of formatted output of the port command.
bigpipe port telnet show
PORT 23 telnet enable
(cur, max, limit, tot, reaped) = (37,73,100,691,29)
(pckts,bits) in = (2541, 2515600), out = (2331, 2731687)
Figure B.3 Formatted output of port command showing the Telnet port statistics
-r
bigpipe -r
Description
Use the following syntax to clear the defined kernel and counter values from memory:
bigpipe -r
Warning: This command should be used with caution. All throughput is stopped when you run this command.
Typically, this command is used on a standby BIG/ip Controller prior to loading a new /etc/bigip.conf file that contains new tping and treaper values.
For example, you can execute the following commands on a standby BIG/ip Controller:
bigpipe -r
bigpipe -f <filename>
This sequence of commands ensures that only the values set in the <filename> specified are in use.
ratio
bigpipe ratio [<node addr>] [node addr> ...] show
bigpipe ratio <node addr> [<node addr>...] <weight>
Description
This command provides two functions related to load balancing:
- For the Ratio load balancing mode, the command sets the weight or proportions for one or more node addresses.
- For the Priority load balancing mode, the command sets the priority level. Note that multiple node addresses can have the same priority level setting.
Setting ratio weight for one or more node addresses
The default ratio setting for any node address is 1. If you use the Ratio or Priority load balancing modes, you must set a ratio other than 1 for at least one node address in the configuration. If you do not change at least one ratio setting, the load balancing modes have the same affect as the Round Robin load balancing mode.
Use the following syntax to set the ratio for one or more node addresses:
bigpipe ratio <node addr> [...<node addr>] <weight>
For example, the following command sets the ratio weight to 3 for a specific node address:
bigpipe ratio 192.168.103.20 3
Displaying the ratio weights for node addresses
The following command displays the current ratio weight settings for all node addresses.
bigpipe ratio show
The command displays the following output:
192.168.200.51 ratio = 3
192.168.200.52 ratio = 1
Displaying ratio weight for specific node addresses
Use the following syntax to display the ratio setting for one or more node addresses:
bigpipe ratio <node addr> [...<node addr>] show
Note: The <weight> parameter must be a whole number, greater than or equal to 1.
-s
bigpipe -s [ <filename> | - ]
Description
Writes the current BIG/ip Controller configuration settings from memory to the default boot configuration file named /etc/bigip.conf.
You can use a hyphen character ("-") in place of a file name to display the configuration on the standard output device.
bigpipe -s -
If you are testing and integrating BIG/ip Controllers into a network, you may want to use multiple test configuration files. Use the following syntax to write the current configuration to a filename that you specify:
bigpipe -s <filename>
For example, the following command saves the current configuration from memory to an alternate configuration file named /etc/bigip.conf2 .
bigpipe -s /etc/bigip.conf2
snat
bigpipe snat map default to <SNAT addr> [<ifname>] [netmask <ip>]
bigpipe snat map <node addr> [...<node addr>] to \
<SNAT addr> [netmask <ip>]
bigpipe snat <SNAT addr> [...<SNAT addr>] delete
bigip snat default delete
bigpipe snat default dump [verbose]
bigpipe snat [<node addr> [...<node addr>] ] dump [verbose]
bigpipe snat globals show
bigpipe snat default show
bigpipe snat [<node addr> [...<node addr>] ] show
bigpipe snat limit <max conn>
bigpipe snat default limit <max conn>
bigpipe snat <node addr> [...<node addr>] limit \
<max conn>
bigpipe snat <node addr> [...<node addr>] mirror \
enable | disable
bigpipe snat default mirror enable | disable
bigpipe snat <node addr> [...<node addr>] timeout tcp | udp \
<seconds>
bigpipe snat [default] timeout tcp | udp <seconds>
bigpipe snat <SNAT addr> [...<SNAT addr>] stats reset
bigpipe snat default stats reset
Description
Defines one or more addresses that nodes can use as a source IP address when initiating connections to hosts on the external network. Note that clients cannot use SNAT addresses to connect directly to nodes.
Defining the default SNAT
Use the following syntax to define the default SNAT. If you use the netmask parameter and it is different from the external interface default netmask, the command sets the netmask and derives the broadcast address.
bigpipe snat map default to <SNAT addr> [<ifname>] [netmask <ip>]
Creating individual SNAT addresses
The following bigpipe command creates a SNAT mapping:
bigpipe snat map <node addr> [...<node addr>] to \
<SNAT addr> [<ifname>] [netmask <ip>]
If the netmask is different from the external interface default netmask, the command sets the netmask and derives the broadcast address.
Deleting SNAT Addresses
The following syntax deletes a specific SNAT:
bigpipe snat <SNAT addr> | default delete
Showing SNAT mappings
The following bigpipe command shows mappings:
bigpipe snat [<SNAT addr>] [...<SNAT addr>] show
bigpipe snat default show
The following command shows the current SNAT connections:
bigpipe snat [<SNAT addr>] [...<SNAT addr>] dump [ verbose ]
bigpipe snat default dump [ verbose ]
The optional verbose keyword provides more detailed output.
The following command prints the global SNAT settings:
bigpipe snat globals show
Limiting connections
Use the following commands to set the maximum number of concurrent connections allowed for one or more SNAT addresses. Zero indicates no limit.
bigpipe snat 192.168.12.3 limit <max conn>
The default SNAT address connection limit is set with the following command:
bigpipe snat default limit <max conn>
Set global concurrent connection limit:
bigpipe snat limit <max conn>
Enabling mirroring for redundant systems
The following example sets SNAT mirroring for all SNAT connections originating at 192.168.225.100 :
bigpipe snat 192.168.225.100 mirror enable
Setting idle connection timeouts
Use the following command to set the timeout for idle TCP connections:
bigpipe snat timeout tcp <seconds>
Use the following command to set the timeout for idle UDP connections. Note that you must have a timeout set for UDP connections; zero is not allowed:
bigpipe snat timeout udp <seconds>
Use the following command to set the timeout for idle TCP connections originating at this node address. Set <seconds> to 0 (zero) to disable TCP timeout for these nodes.
bigpipe snat <node addr> [...<node addr>] timeout tcp <seconds>
Use the following command to set the timeout for idle TCP connections originating at the default node address. Set <seconds> to 0 (zero) to disable TCP timeout for these nodes.
bigpipe snat default timeout tcp <seconds>
Use the following syntax to set the timeout for idle UDP connections originating at this node address. Note that you must have a timeout set for UDP connections; zero is not allowed:
bigpipe snat <node addr> [...<node addr>] timeout udp <seconds>
Use the following syntax to set the timeout for idle UDP connections originating at the default SNAT address. Note that you must have a timeout set for UDP connections; zero is not allowed:
bigpipe snat default timeout udp <seconds>
Clearing statistics
You can reset statistics by node or by SNAT address. Use the following syntax to clear all statistics for one or more nodes:
bigpipe snat <node addr> [ ...<node addr> ] stats reset
Use the following syntax to clear all statistics for one or more SNAT addresses:
bigpipe snat <SNAT addr> [ ...<SNAT addr> ] stats reset
Use the following command to reset the statistics to zero for the default:
bigpipe snat default stats reset
summary
bigpipe summary
Description
Displays a summary of current usage statistics.
The output display format for the summary command is shown in Figure B.4.
BIG/ip total uptime = 1 (day) 4 (hr) 40 (min) 8 (sec)
BIG/ip total uptime (secs) = 103208
BIG/ip total # connections = 0
BIG/ip total # pkts = 0
BIG/ip total # bits = 0
BIG/ip total # pkts(inbound) = 0
BIG/ip total # bits(inbound) = 0
BIG/ip total # pkts(outbound) = 0
BIG/ip total # bits(outbound) = 0
BIG/ip error no nodes available = 0
BIG/ip tcp port deny = 0
BIG/ip udp port deny = 0
BIG/ip vip tcp port deny = 0
BIG/ip vip udp port deny = 0
BIG/ip max connections deny = 0
BIG/ip vip duplicate syn ssl = 0
BIG/ip vip duplicate syn wrong dest = 0
BIG/ip vip duplicate syn node down = 0
BIG/ip vip maint mode deny = 0
BIG/ip virtual addr max connections deny = 0
BIG/ip virtual path max connections deny = 0
BIG/ip vip non syn = 0
BIG/ip error not in out table = 0
BIG/ip error not in in table = 0
BIG/ip error vip fragment no port = 0
BIG/ip error vip fragment no conn = 0
BIG/ip error standby shared drop = 0
BIG/ip dropped inbound = 0
BIG/ip dropped outbound = 0
BIG/ip reaped = 0
BIG/ip ssl reaped = 0
BIG/ip persist reaped = 0
BIG/ip udp reaped = 0
BIG/ip malloc errors = 0
BIG/ip bad type = 0
BIG/ip mem pool total 96636758 mem pool used 95552 mem percent used 0.10
Figure B.4 Summary output display
For detailed descriptions of each of statistic displayed by the summary command, refer to Using the BIG/pipe command utility as a monitoring tool, on page 6-3.
timeout_node
bigpipe timeout_node show
bigpipe timeout_node <seconds>
bigpipe timeout_node 0
Description
Sets the amount of time that a server has to respond to a BIG/ip Controller ping in order for the server to be marked up. If a server fails to respond within the specified time, the BIG/ip Controller assumes that the server is down, and the BIG/ip Controller no longer sends requests to the services hosted by the server. If the server responds to the next ping, or to subsequent pings, the BIG/ip Controller then marks the server up, and resumes sending requests to those services.
The default is 15 seconds.
Displaying the current timeout value
Use the following command to display the current timeout setting for node ping:
bigpipe timeout_node show
Setting a timeout value for node ping
Use the following syntax to set the timeout setting for node ping:
bigpipe timeout_node <seconds>
The sample command below sets the time-out to 33 seconds.
bigpipe timeout_node 33
Disabling node ping
To disable node ping, you simply set the node ping timeout value to 0 (zero):
bigpipe timeout_node 0
Warning: Node ping is the only form of verification that the BIG/ip Controller uses to determine status on node addresses. If you turn node ping off while one or more node addresses are currently down, the node addresses remain marked down until you turn node ping back on and allow the BIG/ip Controller to verify the node addresses again.
timeout_svc
bigpipe timeout_svc [<port>] show
bigpipe timeout_svc <port> <seconds>
bigpipe timeout_svc <port> 0
Description
Sets the amount of time that a specific node has to respond to a service check issued by the BIG/ip Controller. There are three types of service checks, each of which is affected by this setting:
- Simple Service check where the BIG/ip Controller attempts to establish a connection to the service hosted by the node
- Extended content verification where the BIG/ip Controller requests specific content from the node
- Extended application verification where the BIG/ip Controller executes an external service check program that verifies whether or not specific content is available on the node
If a node fails to respond to any type of service check within the specified time, the BIG/ip Controller assumes that the service is down and no longer sends client requests to the service. If the node responds to the next service check, or to subsequent service checks, the BIG/ip Controller marks the service up, and resumes sending requests to the service.
Warning: The BIG/ip Controller does not attempt to detect the status of a node if node ping is turned off (bigd -n) and the timeout_svc and tping_svc values are set to 0 for a particular node.
The timeout_svc default for each port is set to 0, which disables service checks on the port.
Note that the BIG/ip Controller monitors only those services that have a timeout_svc value greater than 0.
Setting the service check timeout
Use the following syntax to set the service check timeout for a specific node port. Note that this setting applies to all nodes that use the port.
bigpipe timeout_svc <port> <seconds>
For example, the following command sets the service check timeout on port 80 to 120 seconds:
bigpipe timeout_svc 80 120
Disabling the service check
To disable service check on a specific port, use the above command, but set the <seconds> parameter to zero:
bigpipe timeout_svc <port> 0
Displaying service check timeouts
Use the following command to display the current service check timeout settings for all ports:
bigpipe timeout_svc show
The system displays the following output:
port 80 timeout after 120 seconds
The system only displays ports that have a timeout set to a value other than 0.
Use the following syntax to display the current service check timeout setting for a specific port:
bigpipe timeout_svc <port> [show]
tping_node
bigpipe tping_node show
bigpipe tping_node <seconds>
Description
Sets the interval (in seconds) at which a BIG/ip Controller issues a ping to each server managed by the BIG/ip Controller. If a specific server responds to the ping within a set time, the server is marked up and the BIG/ip Controller sends connections to the services hosted by that server. If a server fails to respond to a ping within the specified time, the BIG/ip Controller assumes that the server is no longer available, and it marks the node down.
Note that the timeout_node setting determines the number of seconds that a server has to respond to the ping issued by the BIG/ip Controller.
The default setting for tping_node is 5 seconds.
Setting a node ping interval
Use the following syntax to set the number of seconds which a server has to respond to a ping issued by the BIG/ip Controller:
bigpipe tping_node <seconds>
Disabling node ping
To turn node ping off, simply set the interval to 0 seconds:
bigpipe tping_node 0
Displaying the current node ping setting
Use the following command to display the current node ping setting:
bigpipe tping_node show
tping_svc
bigpipe tping_svc show
bigpipe tping_svc <port> <seconds>
bigpipe tping_svc <port> 0
Description
Sets the interval (in seconds) at which BIG/ip Controller issues a service check to one or more specific nodes included in the configuration. There are three types of service check, each of which is affected by this setting:
- Simple Service check where the BIG/ip Controller attempts to establish a connection to the service hosted by the node
- Extended content verification where the BIG/ip Controller requests specific content from the node
- Extended application verification where the BIG/ip Controller executes an external service check program that verifies whether or not specific content is available on the node
If a node fails to respond to a service check within the time specified by the timeout_svc setting, the BIG/ip Controller marks the service down, and no longer routes client requests to it.
Warning: The BIG/ip Controller does not attempt to detect the status of a node if node ping is turned off (bigd -n) and the timeout_svc and tping_svc values are set to 0 for a node.
Setting global service check intervals for a node port
Use the following syntax to set a service check interval for a specific node port.
bigpipe tping_svc <port> <seconds>
Use the following syntax to turn service check off for a specific node port.
bigpipe tping_svc <port> 0
Displaying the current service check interval
Use the following syntax to display the intervals at which the BIG/ip Controller issues service checks to all nodes configured for service check:
bigpipe tping_svc show
treaper
bigpipe treaper show
bigpipe treaper <port> <seconds>
bigpipe treaper <port> 0
Description
Sets the expiration time for idle TCP connections on a specific port. An idle connection is one in which no data has been received or sent for the number of seconds specified by the treaper command. The treaper default value is 0 seconds, meaning that no idle connections are terminated. For treaper to be effective, you should set its value to be greater than the configured timeout for the service daemons installed on your nodes.
The treaper command clears the connection tables, avoiding memory problems due to the accumulation of dead, but not terminated, connections.
Setting the idle TCP connection timeout for a virtual port
Use the following syntax to set an inactive connection timeout for one or more virtual ports:
treaper <port> <seconds>
To turn inactive connection timeout off, use the same command but set the number of seconds to zero:
treaper <port> 0
Note: Typical settings include 120s for 25/SMTP, 120s for 80/www, 300- 600 for 20/ftp-data and 21/ftp-data.
Displaying the current inactive connection timeout
Use the following syntax to display the current number of seconds that connections are allowed to remain idle before being dropped:
bigpipe treaper show
udp
bigpipe udp [<port> [...port] ] show
bigpipe udp <port> [...<port>] <seconds>
bigpipe udp <port> 0
Description
The udp command enables UDP traffic on virtual ports and also sets a timeout for idle UDP connections. UDP traffic is enabled only when the timeout is set to a value greater than 0 (zero). You can disable UDP traffic on a port by setting the idle connection timeout to 0 (zero). By default, UDP is disabled on all ports.
Setting the idle connection timeout for UDP traffic
Use the following syntax to set the UDP timeout on one or more virtual ports, where the <seconds> parameter is the number of seconds before an idle connection is dropped:
bigpipe udp <port> <seconds>
For example, the following command sets the UDP timeout to 300 seconds for port 53:
bigpipe udp 53 300
To turn UDP timeout off for a virtual port, use the above command, setting the <seconds> parameter to zero:
bigpipe udp <port> 0
Displaying UDP settings
Use the following command to display the UDP timeout setting for all ports that allow UDP:
bigpipe udp show
Use the following syntax to display the timeout setting for a specific virtual port that allows UDP:
bigpipe udp <port> show
The system displays the output:
port 53 idle udp connections expire after 300 seconds
-v
bigpipe -v
Description
Displays version number of the BIG/pipe command utility.
For example, bigpipe -v displays the following output:
bigpipe: 2.1
version
bigpipe version
Description
Displays the version number of the BIG/ip Controller's operating system.
The bigpipe version command outputs the following version information:
BIG/ip: version 2.1
vip
vip <virt addr>[:<port>] [/<bitmask>] [<ifname> | none ] define \
<node addr>[:<port>] [...<node addr>[:<port>] ] [special ssl \ <seconds> <seconds>]
vip <virt addr>[:<port>] netmask <ip> [broadcast <ip>] \
[<ifname> | none ] define <node addr>[:<port>] \
[...<node addr>[:<port>] ] [special ssl <seconds> <seconds>]
vip [<virt addr>[:<port>]] [...<virt addr>[:<port>] ] show
vip <virt addr>[:<port>] [<ifname>] [ ... <virt addr>[:<port>] ] \
enable | disable | delete
vip <virt addr>[:<port>] [... <virt addr>[:<port>]] limit \
<max conn>
vip <virt addr>:<port> mirror conn enable | disable | show
vip <virt addr>:<port> mirror persist enable | disable | show
vip <virt addr>:<port> persist show | dump | value
vip <virt addr>:<port> persist mask <ip> | none | show
vip 0.0.0.0:<port> sticky [ enable | disable | show | clear | dump ]
vip 0.0.0.0:<port> sticky mask [ <ip> | none | show ]
vip sticky dump
vip sticky clear
Description
Creates, deletes, and displays information about virtual servers. This command also sets mirroring, persistence, connection limits, and timeouts on a virtual server.
Defining a virtual server
Virtual servers are port-specific, and if you are configuring a site that supports more than one service, you need to configure one virtual server for each service offered by the site. Use the following syntax to define an individual virtual server and the node or nodes to which the virtual server maps:
bigpipe vip <virt addr>:[<port>] define <node addr>[:<port>] \
[...<node addr>[:<port>] ]
For example, the following command configures a virtual server that uses three nodes. In the example, two of the nodes do not use port 80, the standard HTTP port. Node port numbers do not necessarily have to match the virtual server's port number.
bigpipe vip 192.168.140.100:80 define 192.168.11.22:80 \ 192.158.11.23:8080 192.168.11.23:8050
Note that if you want to add or remove a node from a virtual server, you must redefine the virtual server. You cannot add or remove individual nodes from a virtual server mapping without redefining the virtual server itself.
The following example shows a similar definition where host names are used in place of IP addresses, and service names are used in place of port numbers. Note that if you use service names, the default port number associated with that service is used.
bigpipe vip www.SiteOne.com:http define NodeOne:http NodeTwo:http \ NodeThree:http
If you are using non-default ports to host a specific service, you should use the port number in the definition rather than the service name.
Displaying information about virtual servers
Use the following syntax to display information about all virtual servers included in the configuration:
bigpipe vip show
Use the following syntax to display information about one or more virtual servers included in the configuration:
bigpipe vip <virt addr>:<port> [...<virt addr>:<port>] show
The command displays information such as the nodes associated with each virtual server, the nodes' status, and the current, total, and maximum number of connections managed by the virtual server since the BIG/ip Controller was last rebooted.
Defining an interface for a virtual server
If you have multiple external interfaces, you can specify one of them when you define a virtual server. If you specify an interface name, the BIG/ip Controller responds to ARP requests for the virtual address. If you do not specify an interface name, the BIG/ip Controller responds to ARP requests for the virtual server only on the default interface. If you do not want the BIG/ip Controller to respond to ARP requests on any interface, use the option none in place of the an <ifname> parameter.
(Use the bigpipe interface show command to see a list of interfaces).
All virtual servers that share a virtual address must use the same external interface. Changing the interface for a virtual server changes the interface for all virtual servers having the same virtual address.
Setting a user-defined netmask and broadcast
The default netmask for a virtual address, and for each virtual server hosted by that virtual address, is determined by the network class of the IP address entered for the virtual server. The default broadcast is automatically determined by the BIG/ip Controller, and it is based on the virtual address and the current netmask. You can override the default netmask and broadcast for any virtual address.
All virtual servers hosted by the virtual address use the netmask and broadcast of the virtual address, whether they are default values or they are user-defined values.
Note that if you want to use a custom netmask and broadcast, you define both when you define the virtual server:
bigpipe vip <virt addr>[:<port>] netmask <ip> [broadcast <ip>] \ [<ifname>] define <node addr>[:<port>] [... <node addr> \
[:<port>] ]
Note: For most configurations, the BIG/ip Controller correctly calculates the broadcast based on the IP address and the netmask. A user- defined broadcast address is not necessary.
Again, even when you define a custom netmask and broadcast in a specific virtual server definition, the settings apply to all virtual servers that use the same virtual address. The following sample command shows a user-defined netmask and broadcast:
bigpipe vip www.SiteOne.com:http netmask 255.255.0.0 \
broadcast 10.0.140.255 define NodeOne:http NodeTwo:http
The /bitmask option shown in the following example applies network and broadcast address masks. In this example, a 24-bit bitmask sets the network mask and broadcast address for the virtual server:
bigpipe vip 206.168.225.1:80/24 define 192.198.255.1
You can generate the same broadcast address by applying the 255.255.255.0 netmask. The effect of the bitmask is the same as applying the 255.255.255.0 netmask. The broadcast address is derived as 206.168.225.255 from the network mask for this virtual server.
Setting properties on a virtual server
You can set the following properties on a virtual server:
- Cookie persistence
- A connection limit
- An SSL persistence timeout and an SSL session ID record timeout
- Mirroring persistence and connection state information from active controller to standby controller.
To activate HTTP cookie persistence from the command line
To activate HTTP cookie persistence from the command line, use the following syntax:
bigpipe vip <virt addr>:<service> define <node addr> [...<node addr>] special cookie <mode name> <timeout>
For the <mode name>, type Insert, Rewrite, or Passive. The <timeout> value for the cookie is written using the following format:
<days>d hh:mm:ss
Setting a connection limit
The default setting is to have no limit to the number of concurrent connections allowed on a virtual server. You can set a concurrent connection limit on one or more virtual servers using the following command:
bigpipe vip <virt addr>[:<port>] [...<virt addr>[:<port>] ] limit \ <max conn>
The following example shows two virtual servers set to have a concurrent connection limit of 5000 each:
bigpipe vip www.SiteOne.com:http www.SiteTwo.com:ssl limit 5000
To turn the limit off, set the <max conn> variable to zero:
bigpipe vip <virt addr>[:<port>] [...<virt addr>[:<port>] ] limit 0
Defining SSL persistence settings
You can turn on SSL persistence for a virtual server when you define the virtual server. The command includes parameters for setting the persistence timeout, as well as an inactive connection timeout for SSL session ID records:
bigpipe vip <virt addr>[:<port>] define <node addr>[:<port>] \
[...<node addr>[:<port>] ] [special ssl <persistence timeout> \
<ssl session id timeout>]
Note that if you want to change SSL settings on an existing virtual server, you must redefine the virtual server, including the nodes to which the virtual server maps and the SSL persistence settings. To turn SSL persistence off, use the above command, setting both the <persistence timeout> and <ssl session id timeout> parameters to 0:
bigpipe vip <virt addr>[:<port>] define <node addr>[:<port>] \
[...<node addr>[:<port>] ] special ssl 0 0
The following example shows a virtual server set to use SSL persistence where SSL persistence is maintained by the BIG/ip Controller for 36000 seconds, and SSL session id records are maintained for 60000 seconds:
bigpipe vip 210.12.140.11:443 define NodeOne:ssl NodeTwo:ssl \
special ssl 36000 60000
Setting sticky persistence for Transparent Node Mode
BIG/ip Controllers are enhanced with special persistence features for balancing caching proxy server load. This special persistence, called sticky persistence, is configurable to let you designate a proxy server in an array to cache content from a specified IP address range. The BIG/ip Controller can send all packets within the IP range to the proxy server where it is cached. The connections are directed to the proxy where the destination is cached.
To further optimize a proxy array using sticky persistence, you can partition the global internet address space across the array of proxy servers. A sticky mask can be defined for each virtual server.
Sticky entries do not timeout, so traffic goes to the same firewall indefinitely. A limiting mechanism is built into the BIG/ip Controller to control the amount of memory consumed by sticky entries. Once the limit is reached, further attempts to write new sticky entries fail, and are logged ("bigip: Reached maximum # of sticky entries. Entry not added."). In this case, instead of reaping useless entries, make the sticky mask less specific so it groups more addresses together. Since sticky entries do not time out, use the clear command to delete all the entries.
As with other methods of persistence, sticky persistence can be configured using sysctl variables bigip.persist_any_port_same_vip and bigip.persist_any_vip. These define whether each virtual server maintains its own list of persistence entries, or whether the entries are shared among virtual servers. The sticky pesistence uses these settings as they are documented for simple persistence.
Use the following command to turn sticky feature on for the virtual server:
bigpipe vip 0.0.0.0:<port> sticky enable
Use the following command to turn sticky feature off for the virtual server:
bigpipe vip 0.0.0.0:<port> sticky disable
Use the following command to show whether sticky is on or off for the virtual server:
bigpipe vip 0.0.0.0:<port> sticky show
Use the following command to list sticky entries for the virtual server:
bigpipe vip 0.0.0.0:<port> sticky dump
Figure B.5 displays the output of a sticky dump for a virtual server with a sticky mask of 192.0.0.0:
Sticky Address Firewall/Node
0.0.0.0 10.1.1.1
64.0.0.0 10.1.1.2
128.0.0.0 10.1.1.3
192.0.0.0 10.1.1.4
Figure B.5 Formatted output of sticky dump.
Use the following syntax to delete sticky entries for the virtual server:
bigpipe vip <virt addr>:<port> sticky clear
Use the following syntax to define the sticky mask for the virtual server:
bigpipe vip <virt addr>:<port> sticky mask <mask>
Use the following syntax to remove the sticky mask from a virtual server:
bigpipe vip <virt addr>:<port> sticky mask none
Use the following syntax to show the sticky mask for the virtual server:
bigpipe vip <virt addr>:<port> sticky mask show
Use the following command to clear all sticky connections on a BIG/ip issue the following bigpipe command:
bigpipe sticky clear
Setting persistence timeout on virtual ports
The bigpipe persist and bigpipe persist mask commands set persistence properties on virtual ports.
Use the following syntax to set the persistence duration, that is, the length of time in seconds that persistence information about a connection is stored.
bigpipe vip <virt addr>:<port> persist <value>
For example, the following command sets persistence to 100 minutes on the http port:
bigpipe vip 192.168.100.1:80 6000
Showing persistence timeout on virtual ports
Use the following syntax to show the persistence duration on a virtual port:
bigpipe vip <virt addr>:<port> persist show
Use the following syntax to display information about current persistence connections on a virtual port:
bigpipe vip <virt addr>:<port> persist dump
The output of persist dump lists client address, virtual path, or node/alive time.
Applying a persist mask
Use the following command to specify a range of IP addresses to be included in persistence of the specified virtual port. The command adds a persist mask to a port, where <mask> is an IP address:
bigpipe vip <virt addr>:<port> persist mask <mask>
For example, the following command would set persistence for the specified port on all addresses in the subnetwork 192.168.100.0:
bigpipe vip <virt addr>:80 persist mask 192.168.100.0
Mirroring active to standby controllers
Mirroring provides seamless recovery for current connections and persistence information when a BIG/ip Controller fails. When you use the mirroring feature, the standby controller maintains the same current connection and persistence information as the active controller. Transactions such as FTP file transfers continue as though uninterrupted.
To control mirroring for a virtual server, use the mirror command to enable or disable mirroring of persistence information, or connections, or both. The syntax of the command is:
bigpipe vip <virt addr>:<port> mirror [ persist | conn ] \
enable | disable
To print the current mirroring setting for a virtual server:
bigpipe vip <virt addr>:<port> mirror [ persist | conn ] show
If you do not specify either persist or conn, the BIG/ip Controller displays connection information for both.
Note: If you set up mirroring on a virtual server that supports FTP connections, you need to mirror the control port virtual server, and the data port virtual server.
The following example shows the two commands used to enable mirroring for virtual server v1 on the FTP control and data ports:
bigpipe vip v1:21 mirror conn enable
bigpipe vip v1:20 mirror conn enable
Removing and returning a virtual server to service
You can remove an existing virtual server from network service, or return the virtual server to service, using the disable and enable keywords. When you disable a virtual server, the virtual server no longer accepts new connection requests, but it allows current connections to finish processing before the virtual server goes down. Use the following syntax to remove a virtual server from network service:
bigpipe vip <virt addr>:<port>
[ ... <virt addr>:<port>] disable
Use the following syntax to return a virtual server to network service:
bigpipe vip <virt addr>:<port> enable
Removing and returning a virtual address to service
You can remove an existing virtual address from network service, or return the virtual address to service, using the disable and enable keywords. Note that when you enable or disable a virtual address, you inherently enable or disable all of the virtual servers that use the virtual address.
bigpipe vip <virt addr> disable
Use the following syntax to return a virtual address to network service:
bigpipe vip <virt addr> enable
Displaying information about virtual addresses
You can also display information about the virtual addresses that host individual virtual servers. Use the following syntax to display information about one or more virtual addresses included in the configuration:
bigpipe vip <virt addr> [... <virt addr> ] show
The command displays information such as the virtual servers associated with each virtual address, the status, and the current, total, and maximum number of connections managed by the virtual address since the BIG/ip Controller was last rebooted, or since the BIG/ip Controller became the active unit (redundant configurations only).
Deleting a virtual server
Use the following syntax to permanently delete one or more virtual servers from the BIG/ip Controller configuration:
bigpipe vip <virt addr>:<port> [... <virt addr>:<port>] delete
Backward compatible commands
The following BIG/pipe commands have been included for users of previous versions.
dt [<ip>[:<port> ] ]
port <port> [<port>... ] [allow | deny] [ limit <limit> ]
vip <virt addr>:<port> persistmask [ <IP address mask> ]
vip <virt addr>:<port> persistmask [ none | show ]
vip <virt addr>[:<port>] [<ifname>] netmask <ip> \
[ broadcast <ip> ] define <node addr>[:<port> \
[ <node addr>[:<port>... ] [ special ssl <value> <value> ]
nat <node addr> to <NAT addr> [<ifname>] netmask <ip> \
[ broadcast <ip> ]
fo [ master | slave ]