Applies To:
Show Versions
BIG-IP AAM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP APM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP GTM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP Link Controller
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP LTM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP AFM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP PEM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
BIG-IP ASM
- 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
General Configuration Properties
TMOS general configuration properties
Part of managing the BIG-IP® system involves configuring and maintaining a set of global system properties. These properties allow you to configure:
- General device features, such as NTP and DNS
- General local traffic features, including some global persistence settings
- General global traffic features, including load balancing and metric collection
When you configure general device properties, you are affecting the operation of the BIG-IP system as a whole, rather than just one aspect of it. Similarly, when you configure the general properties related to local traffic or global traffic, you are globally affecting the operation of the local traffic management and global traffic management systems.
About general device properties
The BIG-IP® system general device properties that you can view or configure are:
- The host name
- The BIG-IP software version number
- The number of CPUs available
- The number of CPUs that are active
Other BIG-IP system general device properties that you can configure are:
- Network boot
- Quiet boot
You can also perform operations such as reboot or force the system into an OFFLINE state, and reload the default geolocation data files that the BIG-IP system uses to source the origin of a name resolution request.
Updates to the IP geolocation database
The BIG-IP® system uses an IP geolocation database to determine the origin of a name resolution request. The default database provides geolocation data for IPv4 addresses at the continent, country, state, ISP, and organization levels. The state-level data is worldwide, and thus includes designations in other countries that correspond to the U.S. state-level in the geolocation hierarchy, for example, provinces in Canada. The default database also provides geolocation data for IPv6 addresses at the continent and country levels.
You can download a monthly update to the IP geolocation database from F5 Networks.
About network time protocol (NTP)
Network Time Protocol (NTP) is a protocol that synchronizes the clocks on a network. Because, by default, DHCP is enabled for the BIG-IP® system, on the first boot, the BIG-IP system contacts your DHCP server and obtains the IP address of your NTP server. If the DHCP server provides this IP address, the NTP Device Configuration screen displays the NTP server information. If you do not have a DHCP server on your network, or if the DHCP server does not return the IP address of your NTP server, you can manually add the IP address of the NTP server to the BIG-IP system using the BIG-IP Configuration utility.
About DNS configuration
Domain Name System (DNS) is an industry-standard distributed internet directory service that resolves domain names to IP addresses. When you enable DHCP, the system contacts your DHCP server to obtain the IP addresses of your local DNS servers and the domain names that the system searches to resolve local host names. If the DHCP server provides this information, the DNS Device Configuration screen displays the information in the DNS Lookup Server List and the DNS Search Domain List.
If you do not have a DHCP server on your network, or if the DHCP server does not supply the information, you can manually create the two lists. The DNS Lookup Server List allows BIG-IP® system users to use IP addresses, host names, or fully-qualified domain names (FQDNs) to access virtual servers, nodes, or other network objects. The DNS Search Domain List allows BIG-IP system to search for local domain lookups to resolve local host names.
Additionally, you can manually configure the BIND Forwarder Server List that provides DNS resolution for servers and other equipment load balanced by the BIG-IP system, that is, for the servers that the BIG-IP system uses for DNS proxy services.
About local-traffic properties
The BIG-IP® system includes a set of properties that apply globally to the local traffic management system. These properties fall into two main categories: general local-traffic properties, and persistence properties. You can use the BIG-IP Configuration utility to configure and maintain these properties.
General local traffic properties
This table lists and describes global properties that you can configure to manage the behavior of the local traffic management system.
| Property | Default Value | Description |
|---|---|---|
| Auto Last Hop | Enabled (checked) | Specifies, when checked (enabled), that the system automatically maps the last hop for pools. |
| Maintenance Mode | Disabled (unchecked) | Specifies, when checked (enabled), that the unit is in maintenance mode. In maintenance mode, the system stops accepting new connections and slowly completes the processing of existing connections. |
| VLAN-Keyed Connections | Enabled (checked) | Check this setting to enable VLAN-keyed connections. VLAN-keyed connections are used when traffic for the same connection must pass through the system several times, on multiple pairs of VLANs (or in different VLAN groups). |
| Path MTU Discovery | Enabled (checked) | Specifies, when checked (enabled), that the system discovers the maximum transmission unit (MTU) that it can send over a path without fragmenting TCP packets. |
| Reject Unmatched Packets | Enabled (checked) | Specifies that the BIG-IP system sends a TCP RST packet in response to a non-SYN packet that matches a virtual server address and port or self IP address and port, but does not match an established connection. The BIG-IP system also sends a TCP RST packet in response to a packet matching a virtual server address or self IP address but specifying an invalid port. The TCP RST packet is sent on the client-side of the connection, and the source IP address of the reset is the relevant BIG-IP LTM object address or self IP address for which the packet was destined. If you disable this setting, the system silently drops unmatched packets. |
| Reaper High-water Mark | 95 | Specifies, in percent, the memory usage at which the system silently purges stale connections, without sending reset packets (RST) to the client. If the memory usage remains above the low-water mark after the purge, then the system starts purging established connections closest to their service timeout. To disable the adaptive reaper, set the high-water mark to 100. |
| Reaper Low-water Mark | 85 | Specifies, in percent, the memory usage at which the system starts establishing new connections. Once the system meets the reaper high-water mark, the system does not establish new connections until the memory usage drops below the reaper low-water mark. To disable the adaptive reaper, set the low-water mark to 100. This setting helps to mitigate the effects of a denial-of-service attack. |
| SYN Check™ Activation Threshold | 16384 | Specifies the number of new or untrusted TCP connections that can be established before the system activates the SYN Cookies authentication method for subsequent TCP connections. |
| Layer 2 Cache Aging Time | 300 | Specifies, in seconds, the amount of time that records remain in the Layer 2 forwarding table, when the MAC address of the record is no longer detected on the network. |
| Share Single MAC Address | Disabled (unchecked) | When this setting is unchecked (disabled), the BIG-IP system assigns to each VLAN a unique MAC address that comes from a pool of available MAC addresses. If you create enough VLANs to exceed the number of MAC addresses available, the system then begins to assign the same MAC address to multiple VLANs. This is the default value and the most common configuration. When this setting is checked (enabled), the BIG-IP system causes all VLANs to share a single MAC address (global). This setting is equivalent to the BigDB variable vlan.macassignment and has two values, unique and global. |
| SNAT Packet Forwarding | TCP and UDP Only | Specifies the type of traffic for which the system attempts to forward (instead of reject) Any-IP packets, when the traffic originates from a member of a SNAT. There are two possible values: TCP and UDP Only specifies that the system forwards, for TCP and UDP traffic only, Any-IP packets originating from a SNAT member. All Traffic specifies that the system forwards, for all traffic types, Any-IP packets originating from a SNAT member. |
