Applies To:Show Versions
BIG-IP versions 1.x - 4.x
- 3.0 PTF-04, 3.0 PTF-03, 3.0 PTF-02, 3.0 PTF-01, 3.0.0
BIG/ip System Control Variables
Setting BIG/ip system control variables
The BIG/ip Controller hardware and software boot up with a configuration specified, in part, by the system control variables stored in the /etc/rc.sysctl file. Most of these variables are standard BSD UNIX system control variables, while some are used exclusively by the BIG/ip Controller. In most cases, a variable is just toggled off (0) or on (1), but some variables may also store specific values, such as a port number.
You can use three methods to set system control variables affecting the BIG/ip Controller:
- The F5 Configuration utility
Navigate to a system control variable and edit it in the browser with the F5 Configuration utility.
- sysctl command
Write system control variable values directly to /etc/rc.sysctl using this command line utility.
- vi or pico
Use a text editor, such as vi or pico, to edit /etc/rc.sysctl directly.
sysctl <variable name>
sysctl -w <variable name>=<value>
Displaying current system control variable settings
To display the settings of all system control variables, use the following syntax:
To display the current setting for an individual variable, use the following command syntax:
sysctl <variable name>
Setting a system control variable
Use the following syntax to write a value for a system control variable in /etc/rc.sysctl:
sysctl -w <variable name>=<value>
For example, the following command sets vipnoarp mode to on at boot:
sysctl -w bigip.vipnoarp=1
To turn vipnoarp mode off at boot, you would write the setting to /etc/rc.sysctl using the following command:
sysctl -w bigip.vipnoarp=0
bigip.vipnoarp=1 Prevents the BIG/ip Controller from issuing ARP requests when rebooted. This is useful for configurations that contain 1,000 or more virtual servers. This setting also prevents you from configuring virtual servers as IP addresses on the BIG/ip Controller external interface.
bigip.vipnoarp=0 The default setting for this variable is 0. The BIG/ip Controller issues ARP requests on reboot.
bigip.bonfire_mode=1 Sets the BIG/ip Controller to operate in Transparent Node mode, where it can perform load balancing on routers and router-like devices, such as transparent firewalls.
bigip.bonfire_mode=0 (Default) Transparent Node Mode is off.
Note: With this version of the BIG/ip Controller, Transparent Node Mode is no longer necessary. You do not need to set this variable. This variable only exists for backward compatibility. You can define a virtual server with address translation turned on or off at any time. For more information about address translation, see the BIG/ip Administrator Guide.
bigip.bonfire_compatibility_mode=1 Turns off port translation on the BIG/ip Controller. This is useful if a node port is only being used to specify a service check port.
bigip.bonfire_compatibility_mode=0 (Default) Port translation is on.
Note: With this version of the BIG/ip Controller, Transparent Node Mode is no longer necessary. You do not need to set this variable. This variable only exists for backward compatibility. You can define a virtual server with port translation turned on or off at any time. For more information about port translation, see the BIG/ip Administrator Guide.
bigip.fastest_max_idle_time=<seconds> Sets the number of seconds a node can be left idle by the fastest load balancing mode. This forces the BIG/ip Controller to send fewer connections to a node that is responding slowly. This allows the BIG/ip Controller to periodically recalculate the response time of the slow node.
bigip.max_sticky_entries=2048 This is the maximum number of sticky entries allowed to accumulate on the BIG/ip Controller when using destination address affinity (sticky persistence). When the maximum value is reached, the BIG/ip Controller stops accumulating sticky entries. The default value for this entry is 2048.
net.inet.ip.forwarding=1 Exposes node IP addresses on the internal network, allowing clients to connect directly to nodes, and also allows nodes to initiate connections with computers external to the BIG/ip Controller. Typically, this setting is used only on systems that cannot use NATs (for example, a network that uses CORBA or the NT Domain).
net.inet.ip.forwarding=0 (Default) IP forwarding is off.
bigip.halt_reboot_timeout=2 This value is the number of seconds the BIG/ip Controller can stop during boot up before the watchdog card hard reboots the controller. The default value for this setting is 2 seconds.
net.inet.ip.sourcecheck=1 This setting enables the BIG/ip Controller to check the source IP address of incoming packets before it checks the packet for other information (for example, the virtual server).
Source checking tries to allocate a route back to the source of the packet, and if the route cannot be found, or if the route of the interface is on an interface different from the interface from which the packet was received, the packet is discarded. Each time a packet is discarded, the bad source interface counter is incremented.
net.inet.ip.sourcecheck=0 The default setting for this variable is IP source checking is 0 (off).
bigip.webadmin_port=443 Specifies the port number used for administrative web access. The default port for web administration is port 443.
bigip.persist_map_proxies=1 The default setting for the map proxies for persistence variable is on. The AOL proxy addresses are hard-coded in this release. This enables you to use client IP address persistence with a simple persist mask, but forces all AOL clients to persist to the same server. All AOL clients will persist to the node that was picked for the first AOL client connection received.
The class B networks, 195.93 and 205.188, are mapped to 152.163 for persistence. For example, client 184.108.40.206 would map to 220.127.116.11 for persistence records only. This mapping is done prior to applying the persist mask. Use bigpipe vip persist dump to verify the mapping is working.
We recommend in addition to setting this sysctl variable, that you set a persist mask of 255.255.0.0 so that all the AOL addresses map to a common address. For example, Table 5.1 is an example of how setting this variable and a persist mask of 255.255.0.0, would map a sample set of client addresses.
Address mapping of sample clients
|Sample Client Address||Persist Address|
|18.104.22.168||22.214.171.124 (non AOL address is not mapped)|
bigip.persist_map_proxies=0 Set this variable to 0 to turn this variable off.
bigip.persist_time_used_as_limit=0 (Default) Forces the persistent connection timer to reset on each packet for persistent sessions.
bigip.persist_time_used_as_limit=1 Resets timer only when the persistent connection is initiated.
Note: For SSL persistence, the timer is always reset on each packet.
bigip.persist_on_any_vip=1 All simple persistent connections from the same client IP address are sent to the same node (matches the client IP address but not the virtual address or virtual port the client is using).
bigip.persist_on_any_vip=0 The default setting for this variable is off.
bigip.persist_on_any_port_same_vip=1 All simple persistent connections from a client IP address that go to the same virtual address also go to the same node (matches the client address and the virtual IP address but not the virtual port).
bigip.persist_on_any_port_same_vip=0 The default setting for this variable is off.
bigip.open_3dns_lockdown_ports=0 (default) This variable is only required when running a 3DNS Controller. This variable is set to 0 on the BIG/ip Controller when the 3DNS Controller is not present in the network configuration. (See the 3DNS Administrator Guide for more information.)
bigip.tcphps_mss_override=(<1460) Allows you to decrease the default maximum segment size (MSS) from 1460 to a smaller value. This is the value announced to clients by the TCP server proxy on the BIG/ip Controller in the SYN/ACK packet.
bigip.tcphps_mss_override=0 (Default) The BIG/ip Controller requests the MSS from the node when negotiating connections on the node's behalf.
bigip.open_telnet_port=1 Opens the telnet port (23) to allow administrative Telnet connections (useful for an international BIG/ip Controller, or for a US controller that needs to communicate with international 3DNS Controllers).
bigip.open_telnet_port=0 Opens the telnet port to allow administrative Telnet connections (useful for international BIG/ip Controllers).
bigip.open_ftp_ports=1 Opens the FTP ports (20 and 21) to allow administrative FTP connections (useful for international BIG/ip Controllers).
bigip.open_ftp_ports=0 The default setting for this variable is 0. The FTP port does not allow administrative FTP connections.
bigip.open_ssh_port=1 Opens the SSH port (22) to allow administrative connections (useful only for US BIG/ip Controllers).
bigip.open_ssh_port=0 The default setting for this variable is 0. The SSH port does not allow administrative connections.
bigip.open_rsh_ports=1 Opens the RSH ports (512, 513, and 514) to allow RSH connections (useful for international BIG/ip Controllers, or on US controllers that need to communicate with international 3DNS Controllers).
bigip.open_rsh_ports=0 The default setting for this variable is 0. The RSH port does not allow RSH connections.
bigip.verbose_log_level=0 Turns port denial logging off. No messages are logged.
bigip.verbose_log_level=1 Turns UDP port denial logging on. This logs UDP port denials to the BIG/ip Controller address.
bigip.verbose_log_level=2 Turns TCP port denial logging on. This logs TCP port denials to the BIG/ip Controller address.
bigip.verbose_log_level=4 Turns virtual UDP port denial logging on. This logs UDP port denials to the virtual server address.
bigip.verbose_log_level=8 Turns virtual TCP port denial logging on. This logs TCP port denials to the virtual server address.
bigip.verbose_log_level=15 Turns TCP and UDP port denial logging on. This logs TCP and UDP port denials to the virtual server address and the BIG/ip Controller address. Setting this variable to 15 turns on logging levels 1, 2, 4, and 8.