Applies To:
Show VersionsBIG-IP versions 1.x - 4.x
- 4.6.4, 4.6.3, 4.6.2
9
Services
Introducing services
The BIG-IP system supports a variety of services that are standard Internet applications, such as HTTP, HTTPs, FTP, and POP3. Each service is known by its name and also by its well-known or reserved port number such as 80 or 443. (Specifically, a service is any valid service name in the /etc/services file or any valid port number between 0 and 65535.) The bigpipe service command allows you to enable and disable network traffic on services, and also to set connection limits and timeouts. You can use the service name or the port number for the <service> parameter. Note that the settings you define with this command control the service for all virtual servers that use it. By default, access to all services is disabled.
Virtual servers using the same service actually share a port on the BIG-IP system. Because this command is global, you need to open access to a service only once; you do not need to open access to a service for each instance of a virtual server that uses it.
Configuration options
You can set a number of attributes on a service, such as allowing access to a service and setting the number of conncurrent connections that a service will allow. You can set these services using the bigpipe service command.
Any time you create a virtual server and define a service with the Configuration utility or the bigpipe command, network traffic is automatically enabled for that service.
Table 9.1 lists the attributes you can configure for a service.
Attributes |
Description |
---|---|
Allow access to services |
As a security measure, all services are locked down on the BIG-IP system. In order for the BIG-IP system to load balance traffic, you must enable access to the service on which the BIG-IP system will receive traffic. |
Set connection limits |
You can define a connection limit for a service so that a flood of connections does not overload the BIG-IP system. |
Enable and disable TCP and UDP |
You can enable or disable TCP and UDP for specific services. |
Set idle connection timeouts |
You can set the idle connection timeout to close idle connections. |
Display service settings |
You can issue a command to display the settings for any of the above options that you have configured. |
Allowing access to services
Setting this attribute allows the specified service to accept network connections.
To allow access to services from the command line
Using the bigpipe service command, you can allow access to one or more services at a time.
b service <service>...<service> <protocol> [tcp|udp] enable
For example, in order to enable HTTP (service 80) and Telnet (service 23) services, you can type the following bigpipe service command:
b service 80 23 443 tcp enable
Setting connection limits on services
You can set the maximum number of concurrent connections allowed on a service. Note that you can configure this setting for one or more services.
To set connection limits on services
To set a limit on the number of connections that a node will accept, use the following command line syntax:
b service <service> [...<service>] limit <max conn>
To turn off a connection limit for one or more services, use the same command, setting the <max conn> parameter to 0 (zero) like this:
b service <service> [...<service>] limit 0
Enabling and disabling TCP and UDP for services
You can enable or disable TCP or UDP for specific services.
To enable or disable TCP for services
The default setting for all TCP services is enabled. Use the following syntax to disable TCP for one or more services:
b service <service> [...<service>] tcp disable
To re-enable TCP, use this syntax:
b service <service> [...<service>] tcp enable
To enable or disable UDP for services
The default setting for all UDP services is disabled. Use the following syntax to enable UDP for one or more services:
b service <service> [...<service>] udp enable
To disable UDP, use this syntax:
b service <service> [...<service>] udp disable
Setting the idle connection timeout
The idle connection timeout attribute specifies, for TCP or UDP services, the number of seconds that transpires before an idle connection is dropped.
To set the idle connection timeout for TCP traffic
To set the TCP timeout on one or more services, where the <seconds> parameter is the number of seconds before an idle connection is dropped, use the following syntax:
b service <service> [<service>...] timeout tcp <seconds>
For example, the following command sets the TCP timeout to 300 seconds for port 53:
b service 53 timeout tcp 300
To turn off TCP timeout for a service, use the above command, setting the <seconds> parameter to zero:
b service 53 timeout tcp 0
To set the idle connection timeout for UDP traffic
To set the UDP timeout on one or more services, where the <seconds> parameter is the number of seconds before an idle connection is dropped, use the following syntax:
b service <service> [<service>...] timeout udp <seconds>
For example, the following command sets the UDP timeout to 300 seconds for port 53:
b service 53 timeout udp 300
To turn off UDP timeout for a service, use the above command, setting the <seconds> parameter to zero:
b service 53 timeout udp 0
Displaying service settings
You can display the settings that you specified for the available service attributes. Thus, this display shows the maximum number of concurrent connections that each service allows, whether TCP or UDP is enabled on each service, and their idle connection timeout values.
To display service settings
Use the following command to display the settings for all services:
b service show
Use the following syntax to display the settings for a specific service or services:
b service <service> [...<service>] show
For example, the command b service http show displays the output shown in Figure 9.1 .