slb common

SLB related commands. Access the configuration level for system-wide SLB parameters.

Server Load Balancing (SLB) is a suite of resource management features that make server farms more reliable and efficient.

You can easily grow server farms in response to changing traffic flow, while protecting the servers behind a common virtual IP address. From the perspective of a client who accesses services, requests go to and arrive from a single IP address. The client is unaware that the server is in fact muliple servers managed by an ACOS device. The client simply receives faster, more reliable service.

Moreover, you do not need to wait for DNS entries to propagate for new servers. To add a new server, you simply add it to the configuration for the virtual server, and the new real server becomes accessible immediately.

Intelligent Server Selection

The services managed by the ACOS device are controlled by service groups. A service group is a set of real servers. The ACOS device selects a real server for a client’s request based on a set of tunable criteria including server health, server response time, and server load. These criteria can be tuned for individual servers and even individual service ports.

The ACOS device provides a robust set of configurable health monitors for checking the health (availability) of servers and individual services.

common Specification

Type Configuration Resource
Element Name common
Element URI /axapi/v3/slb/common
Element Attributes common_attributes
Schema common schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/slb/common

common Attributes

Get Object

GET

/axapi/v3/slb/common

common Attributes

Modify Object

POST

/axapi/v3/slb/common

common Attributes

Replace Object

PUT

/axapi/v3/slb/common

common Attributes

Delete Object

DELETE

/axapi/v3/slb/common

common Attributes

common Attributes

after-disable

Description: Applies graceful shutdown to disabled servers and service ports, as well as deleted servers. Without this option, graceful shutdown applies only to deleted servers.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

buff-thresh

Description: Fine-tune thresholds for SLB buffer queues.

CAUTION! Do not use this command except under advisement by A10 Networks.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

buff-thresh-hw-buff

Description: Specifies IO buffer threshold. For each CPU, if the number of queued entries in the IO buffer reaches this threshold, fast aging is enabled and no more IO buffer entries are allowed to be queued on the CPU’s IO buffer.

CAUTION! Do not use this command except under advisement by A10 Networks.

Type: number

Range: 1-2147483647

buff-thresh-relieve-thresh

Description: Specifies threshold at which fast aging is disabled, to allow IO buffer entries to be queued again.

CAUTION! Do not use this command except under advisement by A10 Networks.

Type: number

Range: 0-2147483647

buff-thresh-sys-buff-high

Description: Threshold of queued system buffer entries at which the ACOS device drops a connection whenever a packet is received for that connection.

CAUTION! Do not use this command except under advisement by A10 Networks.

Type: number

Range: 0-2147483647

buff-thresh-sys-buff-low

Description: Threshold of queued system buffer entries at which ACOS begins refusing new incoming connections.

CAUTION! Do not use this command except under advisement by A10 Networks.

Type: number

Range: 0-2147483647

compress-block-size

Description: Change the default compression block size used for SLB. The bytes option specifies the default compression block size.

Type: number

Range: 6000-131008

conn-rate-limit

Description: conn-rate-limit is a JSON Block . Please see below for conn-rate-limit

Type: Object

Reference Object: /axapi/v3/slb/common/conn-rate-limit

disable-adaptive-resource-check

Description: Disable adaptive resource check based on buffer usage

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

disable-server-auto-reselect

Description: Disables server auto-reselection, by default auto reselection is enabled. When this command is used, if the selected server fails to respond to AX SYN, AX will not auto select another server. It will indicate connection failure after due ‘SYN Retries’.

To re-enable it use “no slb disable-server-auto-reselect”.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-cache-age

Description: Specifies the amount of time (in seconds) the ACOS device locally caches DNS replies.

Type: number

Range: 1-1000000

Default: 300

dns-cache-enable

Description: Globally enables caching of replies to DNS queries.

When DNS caching is enabled, the ACOS device sends the first request for a given name (hostname, fully-qualified domain name, URL, and so on) to the DNS server. The ACOS device caches the reply from the DNS server, and sends the cached reply in response to the next request for the same name.

The ACOS device continues to use the cached DNS reply until the reply times out. After the reply times out, the ACOS device sends the next request for that URL to the DNS server, and caches the reply, and so on

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-cache-entry-size

Description: Sets the maximum size in bytes for DNS cache entries.

Type: number

Range: 1-4096

Default: 256

dns-vip-stateless

Description: Enable DNS VIP stateless mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-icmp-to-vip-when-vip-down

Description: Drops ICMP traffic to a VIP if the VIP is down, even if the VIP address is also used by NAT.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dsr-health-check-enable

Description: Enable health checking of the virtual server IP addresses instead of the real server IP addresses in Direct Server Return (DSR) configurations.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-l7-req-acct

Description: Globally enables Layer 7 request accounting.

If you use the least-request load-balancing method in a service group, Layer 7 request accounting is automatically enabled for the service group’s members, and for the virtual vice ports that are bound to the service group’s members. To display Layer 7 request statistics, use the show slb service-group group-name command.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entity

Description: Specifies graceful-shutdown for server port only or virtual server/port only.

Type: string

Supported Values: server, virtual-server

exclude-destination

Description: Excludes logging to the specified destination, local or remote. By default, logging to both destinations is enabled.

Type: string

Supported Values: local, remote

extended-stats

Description: Globally enable or disable collection of extended SLB statistics, including peak connection statistics.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fast-path-disable

Description: Disable fast-path packet inspection.

Fast processing of packets maximizes performance by using all the underlying hardware assist facilities. Typically, the feature should remain enabled. The option to disable it is provided only for troubleshooting, in case it is suspected that the fast processing logic is causing an issue. If you disable fast-path processing, ACOS does not perform a deep inspection of every field within a packet.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

gateway-health-check

Description: Enable gateway health monitoring. Gateway health monitoring uses ARP to test the availability of nexthop gateways. When the ACOS device needs to send a packet through a gateway, the ACOS device begins sending ARP requests to the gateway.

  • If the gateway replies to any ARP request within a configurable timeout, the ACOS device forwards the packet to the gateway.
  • The ARP requests are sent at a configurable interval. The ACOS device waits for a configurable timeout for a reply to any request. If the gateway does not respond to any request before the timeout expires, the ACOS device selects another gateway and begins the health monitoring process again.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

graceful-shutdown

Description: Specifies time in seconds to terminate normally before shutting down a service when you delete or disable the real or virtual server or port providing the service.

Type: number

Range: 1-65535

graceful-shutdown-enable

Description: Allow currently active sessions time to terminate normally before shutting down a service when you delete or disable the real or virtual server or port providing the service.

When graceful shutdown is enabled, the ACOS device stops accepting new sessions on a disabled or deleted port, but waits for the specified grace period before moving active sessions to the delete queue.

  • server - Limits the graceful shutdown to real servers only.
  • virtual-server- Limits the graceful shutdown to virtual servers only.
  • after-disable- Applies graceful shutdown to disabled servers and service ports, as well as deleted servers. Without this option, graceful shutdown applies only to deleted servers.

When You delete a real or virtual service port, the ACOS device places all the port’s sessions in the delete queue, and stops accepting new sessions on the port.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hw-compression

Description: Enables hardware-based compression.

When you enable hardware-based compression, all compression settings configured in HTTP templates, except the compression level, are used. Hardware-based compression always uses the same compression level, regardless of the compression level configured in an HTTP template.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hw-syn-rr

Description: Enable distribution of client SYNs across multiple CPUs. This feature protects against CPU overload due to SYN floods, a common symptom of DDoS attacks.

Type: number

Range: 1-500000

interval

Description: Specifies in seconds the amount of time between health check attempts. The default is 5 seconds.

Type: number

Range: 1-180

Default: 5

l2l3-trunk-lb-disable

Description: Disable or re-enable trunk load balancing.

When trunk load balancing is enabled, the ACOS device load balances outbound Layer 2/3 traffic among all the ports in a trunk. The round-robin method is used to load balance the traffic. For example, in a trunk containing ports 1-4, the first Layer 2/3 packet is sent on port 1. The second packet is sent on port 2. The third packet is sent on port 3, and so on.

If you disable trunk load balancing, the lead port was always used for outbound traffic. The other ports were standby ports in case the lead port went down. Trunk load balancing applies only to Layer 2/3 traffic, and is enabled by default. However, the CLI provides a command to disable trunk load balancing, in case there is a need to do so. Disabling trunk load balancing causes the ACOS device to use only the lead port for outbound traffic.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-buff-queued-per-conn

Description: Specifies per connection buffer threshold.

Type: number

Range: 128-4096

Default: 1000

max-http-header-count

Description: Increases the number of headers supported in an HTTP request.

Type: number

Range: 90-255

Default: 90

max-local-rate

Description: Specifies the maximum number of messages per second that can be sent to the local log buffer. The default is 32 messages per second.

Type: number

Range: 1-100

Default: 32

max-remote-rate

Description: Specifies the maximum number of messages per second that can be sent to remote log servers. The default is 15000 messages per second.

Type: number

Range: 1-1000000

Default: 15000

msl-time

Description: Configure the maximum session life for client sessions. The maximum session life controls how long the ACOS device maintains a session table entry for a client-server session after the session ends.

The maximum session life allows time for retransmissions from clients or servers, which can occur if there is an error in a transmission. If a retransmission occurs while the ACOS device still has a session entry for the session, the ACOS device is able to forward the retransmission. However, if the session table entry has already aged out, the ACOS device drops the mission instead.

Type: number

Range: 1-40

Default: 2

mss-table

Description: Configures the TCP Maximum Segment Size (MSS) allowed for client traffic. Clients who can only transmit TCP segments that are smaller than the MSS are enable to reach servers.

Type: number

Range: 128-750

Default: 536

no-auto-up-on-aflex

Description: Disable automatic setting of an aFleX-bound virtual port’s state to Up

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

range

Description: auto translate port range

Type: number

Range: 1-3

range-end

Description: port range end

Type: number

Range: 0-65535

range-start

Description: port range start

Type: number

Range: 0-65535

rate-limit-logging

Description: Configures rate limiting settings for system logging.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reset-stale-session

Description: Send reset if session in delete queue receives a SYN packet.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

response-type

Description: Specifies DNS response type when DNS caching is enabled.

  • round-robin:* DNS replies that contain multiple IP address in the ANSWER section, the ACOS device rotates the addresses when replying to client requests
  • single-answer:* Caches only replies that have a single IP address in the ANSWER section.

Enabling the single-answer option prevents the caching of DNS replies that have multiple IP addresses. For example, if a DNS response to a query for “www.example1.com” and the DNS reply has only one IP address (1.1.1.1), then the reply will be cached on the ACOS device. However, if the DNS response to a query for “www.example2.com” has two IP addresses (2.2.2.2 and 3.3.3.3), then the entry would not be cached on the ACOS device.

Type: string

Supported Values: single-answer, round-robin

scale-out

Description: Enables the scale-out option for Layer 3 Direct Server Return (DSR).

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

snat-gwy-for-l3

Description: Use an IP pool’s default gateway to forward traffic from a real server.

When this feature is enabled, ACOS checks the server IP subnet against the IP NAT pool subnet. If they are on the same subnet, then ACOS uses the gateway as defined in the IP NAT pool for Layer 2 / Layer 3 forwarding. This feature is useful if the server does not have its own upstream router and ACOS can leverage the same upstream router for Layer 2 / Layer 3.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

snat-on-vip

Description: Globally enables IP NAT support for VIPs.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

software

Description: This is a hidden command. When common.software is set, we use software based SSL instead of hardware SSL. Disables or re-enables the SSL acceleration module, if the device has one. Disabling the SSL acceleration module reverts SSL processing to software.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sort-res

Description: Enables the sort display option for SLB configuration. When this option is enabled, SLB resources in the configuration are listed in alphabetical order.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

stats-data-disable

Description: Globally disables or re-enables collection of statistical data for system resources and for load-balancing resources.
Note: Statistical data collection for load-balancing resources also must be enabled on the individual resources.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

timeout

Description: Specifies in seconds how long the ACOS device waits for a reply to any of the ARP requests. The default is 15 seconds.

Type: number

Range: 1-60

Default: 15

ttl-threshold

Description: Specifies the minimum Time-To-Live (TTL) a reply from the DNS server must have, in order for the ACOS device to cache the reply.

Type: number

Range: 1-10000000

use-mss-tab

Description: Configures the minimum number of TCP Maximum Segment Size (MSS) allowed for client traffic. Clients who can only transmit TCP segments that are smaller than the MSS are unable to reach servers. This command globally changes the MSS. You also can change the MSS in individual TCP-proxy templates.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description: uuid of the object

Type: string

conn-rate-limit

Specification
Type object

src-ip-list

Description: src-ip-list is a JSON List . Please see below for l253_src-ip-list

Type: List

Reference Object: /axapi/v3/slb/common/conn-rate-limit/src-ip/{protocol}

conn-rate-limit.src-ip-list

Specification
Type list
Block object keys

exceed-action

Description: Set action if threshold exceeded

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

limit

Description: Set max connections per period

Type: number

Range: 1-1000000

limit-period

Description: ‘100’: 100 ms; ‘1000’: 1000 ms;

Type: string

Supported Values: 100, 1000

lock-out

Description: Set lockout period in seconds if threshold exceeded

Type: number

Range: 1-3600

log

Description: Send log if threshold exceeded

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

protocol

Description: ‘tcp’: Set TCP connection rate limit; ‘udp’: Set UDP packet rate limit;

Type: string

Supported Values: tcp, udp

shared

Description: Set threshold shared amongst all virtual ports

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description: uuid of the object

Type: string