Server and Port Templates

This chapter describes how to configure parameters for multiple servers and service ports using server and port templates.

The following topics are covered:

     Overview

     Configuring Server and Port Templates

     Applying a Server or Service Port Template

     Connection Limiting

     Connection Rate Limiting

     Slow-Start

     Request Rate Limiting

     Graceful Shutdown

     Gratuitous ARPs for Subnet VIPs

     aFlow Request Queuing

     TCP Reset Option for Session Mismatch

     Client Port Preservation

Overview

ACOS supports the following types of templates for configuration of SLB servers and ports:

     Server – Contains configuration parameters for real servers

     Port – Contains configuration parameters for real service ports

     Virtual-server – Contains configuration parameters for virtual servers

     Virtual-port – Contains configuration parameters for virtual service ports

These template types provide the same benefit as other template types. They allow you to configure a set of parameter val­ues and apply the set of values to multiple configuration items. In this case, you can configure sets of parameters (templates) for SLB assets (servers and service ports) and apply the parameters to multiple servers or ports.

Some of the parameters that can be set using a template can also be set or changed on the individual server or port.

     If a parameter is set (or changed from its default) in both a template and on the individual server or port, the setting on the individual server or port takes precedence.

     If a parameter is set (or changed from its default) in a template but is not set or changed from its default on the indi­vidual server or port, the setting in the template takes precedence.

Default Server and Port Templates

ACOS has a default template for each of these template types. If you do not explicitly bind a server or service port template to a server or service port, the default template is automatically applied. For example, when you create a real server, the parameter settings in the default real server template are automatically applied to the new server, unless you bind a different real server template to the server.

The default server and port templates are each named “default”. The default settings in the templates are the same as the default settings for the parameters that can be set in the templates.

If you are upgrading an ACOS device that has a configuration saved under a previous release, the default server and port templates are automatically bound (applied to) the servers and ports in the configuration. This does not change the configu­ration or operation of the servers and ports themselves, since the default server and port templates use the default settings for all parameters, unless overridden by parameter settings on the individual servers and ports.

Modifying a Default Template

You can modify a default template by creating a new one named “default” and modifying the settings you want to change. The new template replaces the previous one.

NOTE:                               In addition to configuring custom server, port, virtual-server, or virtual-port templates, you can modify the default templates.

CAUTION:                     Before changing a default template, make sure the changes you plan to make are appli­cable to all servers or ports that use the template.

Parameters That Can Be Configured Using Server and Port Templates

TABLE 12    describes the server and port parameters you can configure using templates.

TABLE 12    SLB Port and Server Template Parameters

Template Type

Parameter

Description

Real Server

Health monitor

Assigns a configured Layer 3 health monitor to all servers that use the template. (See Configuring and Applying a Health Method.)

Connection limit

Specifies the maximum number of connections allowed on any server that uses the template. (See Connection Limiting.)

Connection rate
limiting

Limits the rate of new connections the ACOS is allowed to send to any server that uses the template. (See Connection Rate Limiting.)

Slow start

Provides time for servers that use the template to ramp-up after TCP/UDP service is enabled, by temporarily limiting the number of new connections on the server. (See Slow-Start.)

Load-balancing weight

Biases load-balancing selection of this server. A higher weight gives more favor to the server relative to the other servers.

For an example of weighted SLB, see FTP Load Balancing. (The example configures weights directly on the real ser­vice ports rather than using templates, but still illustrates how the weight option works.)

Note: This option option applies only to the service-weighted-least-connection load-balancing method. This option does not apply to the weighted-least-connection or weighted-round-robin load-balancing methods.

Statistics collection

Enables or disables collection of statistical data for the server.

Extended statistics

Enables collection of peak connection statistics.

Spoofing cache support

Enables support for a spoofing cache server. A spoofing cache server uses the client’s IP address instead of its own as the source address when obtaining content requested by the client.

This option applies to the Transparent Cache Switching (TCS) fea­ture. (See Transparent Cache Switching.)

Real Server

(cont.)

Logging for server-selection failures

Generates log messages to indicate server selection failures. (See Real-Time Logging for Failed Server Selection.)

Dynamic server creation using DNS

The following parameters apply to dynamic server creation using DNS. (For more information about this feature, see Dynamic Real Server Creation Using DNS.)

DNS query interval

Specifies how often the ACOS device sends DNS queries for the IP addresses of dynamic real servers.

Dynamic server prefix

Changes the prefix added to the front of dynamically created serv­ers.

Minimum TTL ratio

Specifies the minimum initial value for the TTL of dynamic real servers.

Maximum dynamic servers

Specifies the maximum number of dynamic real servers that can be created for a given hostname.

Real Server Port

Health monitor

Assigns a configured Layer 4-7 health monitor to all service ports that use the template. (See Configuring and Applying a Health Method.)

In-band health monitor

Provides rapid server status change and reassignment based on cli­ent-server traffic.

This is an enhanced health check mechanism that works inde­pendently of the standard out-of-band health mechanism. See In-Band Health Monitoring.

Connection limit

Specifies the maximum number of connections allowed on any real port that uses the template. (See Connection Limiting.)

Connection rate
limiting

Limits the rate of new connections the ACOS is allowed to send to any real port that uses the template. (See Connection Rate Limiting.)

Destination NAT

Enables destination Network Address Translation (NAT).

Destination NAT is enabled by default, but is disabled in Direct Server Return (DSR) configurations.

You can re-enable destination NAT on individual ports for deploy­ment of mixed DSR configurations. See Direct Server Return in Mixed Layer 2/Layer 3 Environment.

Member priority for dynamically created servers

Sets the initial TTL for dynamically created service-group members. (See Dynamic Real Server Creation Using DNS.)

Real Server Port

(cont.)

Source NAT

Specifies the IP NAT pool to use for assigning a source IP address to client traffic addressed to the port. For information about NAT, see the “Network Address Translation” chapter in the System Configura­tion and Administration Guide. Also see Network Address Translation for SLB.

Slow start

Provides time for real ports that use the template to ramp-up after TCP/UDP service is enabled, by temporarily limiting the number of new connections on the ports. (See Slow-Start.)

Down grace period

Specifies the number of seconds the ACOS device will continue to forward packets to a Down port. This option is useful for taking servers down for maintenance without immediately impacting existing sessions on the servers. (See Graceful Shutdown.)

Weight

Biases load-balancing selection of this port. A higher weight gives more favor to the server and port relative to the other servers and ports.

SSL support

Disables SSL for server-side connections. This option is useful if a server-SSL template is bound to the virtual port that uses this real port, and you want to disable encryption on this real port.

DSCP

Sets the differentiated services code point (DSCP) value in the IP header of a client request before sending the request to a server.

Request rate limit

Limits the number of new requests that can be received by the vir­tual port. (See Request Rate Limiting.)

Statistics collection

Enables or disables collection of statistical data for the server.

Extended statistics

Enables collection of peak connection statistics.

Virtual Server

Connection limit

Specifies the maximum number of connections allowed on any VIP that uses the template. (See Connection Limiting.)

Connection rate
limiting

Limits the rate of new connections the ACOS is allowed to send to any VIP that uses the template. (See Connection Rate Limiting.)

ICMP/ICMPv6 rate limit­ing

Limits the rate at which ICMP packets can be sent to the VIP. (See the DDoS Mitigation Guide (for ADC).)

Gratuitous ARPs for sub­net VIPs

Enables gratuitous ARPs for all VIPs in a subnet VIP. (See Gratuitous ARPs for Subnet VIPs.)

Virtual Server Port

Connection limit

Specifies the maximum number of connections allowed on any vir­tual service port that uses the template. (See Connection Limiting.)

Connection rate
limiting

Limits the rate of new connections the ACOS is allowed to send to any virtual service port that uses the template. (See Connection Rate Limiting.)

aFlow request queuing

Avoids packet drops and retransmissions when a real server port reaches its configured connection limit.

(See aFlow Request Queuing.)

Reset unknown
connections

Enables sending of a TCP Reset (RST) in response to a session mis­match. (See TCP Reset Option for Session Mismatch.)

Ignore TCP MSL

Immediately reuses TCP sockets after session termination, without waiting for the SLB maximum Session Life (MSL) time to expire.

Source-NAT MSL

Sets the TCP MSL for virtual port NAT sessions. (See Virtual-port TCP Maximum Segment Life for NATted Sessions.)

DSCP

Sets the Differentiated Services Code Point (DSCP) value in client requests before forwarding them to the server.

Client port preserva­tion for source NAT

Preserves the client’s source port for the traffic destined to the vir­tual port. (See Client Port Preservation.)

Layer 7 reset upon failover.

Sends a reset to the Layer 7 client and the server upon a failover.

Allow other flags in TCP-SYN packets.

Allows initial SYN packets to contain other flags.

Allow VIP-to-real-port mapping

Allows mapping the VIP-to-real-port mapping. (See Mapping Virtual IP Addresses and Real Ports.)

Configuring Server and Port Templates

To configure a server or port template, use either of the following methods.

Using the GUI

1.     Select ADC > Templates.

2.     Click Create, then select one of the following from the drop-down menu:

     Port

     Server

     Virtual Port

     Virtual Server

3.     The configuration page for the specified template appears. Enter a name for the template (if the template is new).

4.     Enter or edit the other settings. (See the descriptions in the sections below for information.)

5.     When finished, click OK to create a new template for the port, server, virtual port, or virtual server.

6.     Click the Save icon at the upper right-most corner of the GUI window.

Using the CLI

To configure server and service-port templates, use the following commands at the global configuration level of the CLI:

[no] slb template server template-name

[no] slb template port template-name

[no] slb template virtual-server template-name

[no] slb template virtual-port template-name

The template name can be 1-31 characters. These commands change the CLI to the configuration level for the template. To modify the default template, specify the name “default” (without the quotation marks).

To display the settings in a template, use one of the following commands:

show slb template server template-name

show slb template port template-name

show slb template virtual-server template-name

show slb template virtual-port template-name

CLI Example

The following commands configure a new real server template and bind the template to two real servers:

ACOS(config)# slb template server rs-tmplt1

ACOS(config-rserver)# health-check ping2

ACOS(config-rserver)# conn-limit 500000

ACOS(config-rserver)# exit

ACOS(config)# slb server rs1 10.1.1.99

ACOS(config-real server)# template server rs-tmplt1

ACOS(config-real server)# exit

ACOS(config)# slb server rs2 10.1.1.100

ACOS(config-real server)# template server rs-tmplt1

This example includes the commands to bind the template to real servers. For information about binding the templates, see Applying a Server or Service Port Template.

Applying a Server or Service Port Template

If you modify a “default” server or port template, the changes are automatically applied to any servers or ports that are not bound to another server or port template.

If you create a new server or port template, the template takes effect only after you bind it to servers or ports.

TABLE 13    lists the types of bindings that are supported for server and port templates.

TABLE 13    Server and Port Template Bindings

Template Type

Can Be Bound To...

Server

Real servers

Port

Real server ports

You can apply them to real server ports directly or in a service group.

Note: Binding a server port template to a service port within a service group provides a finer level of control than binding the template directly to a port. When the template is bound to the port only within a service group, and not bound to the port directly, the template settings apply to the port only when the port is used by the service group.

The settings do not apply to the same port if used in other service groups.

Virtual Server

Virtual servers

Virtual Server Port

Virtual server ports

The following subsections describe how to bind server and port templates to servers, ports, and service group members. For configuration examples, see the feature sections referred to in TABLE 12   .

Binding a Server Template to a Real Server

Using the GUI

1.     Hover over ADC in the menu bar, then select SLB.

2.     Click on the Servers tab.

3.     Click the Edit link in the Action column for a configured real server.

4.     Expand the Advanced Fields section.

5.     In the Template Server field, select the server template from the drop-down list. You can also click the Add link to create a new server template.

6.     Click Update.

Using the CLI

The following example shows how to bind the server template sv_template1 to a real server:

ACOS(config)# slb server rs1

ACOS(config-real server)# template server sv_template1

Binding a Server Port Template to a Real Server Port

Using the GUI

1.     Hover over ADC in the menu bar, then select SLB.

2.     Click on the Servers tab.

3.     Click the Edit link in the Action column for a configured real server.

4.     In the Port section, click on the Edit link for a configured port.

5.     Expand the Advanced Fields section.

6.     In the Template Port field, select the server port template from the drop-down list.

7.     Click Update.

Using the CLI

The following example shows how to bind the port template pt_template1 to a real server port:

ACOS(config)# slb server rs1

ACOS(config-real server)# port 80 tcp

ACOS(config-real server-node port)# template port pt_template1

 

Binding a Virtual Server Template to a Virtual Server

Using the GUI

1.     Hover over ADC in the menu bar, then select SLB.

2.     Click on the Virtual Servers tab.

3.     Click the Edit link in the Action column for a configured virtual server.

4.     Expand the Advanced Fields section.

5.     In the Virtual Server Template field, select the virtual server template from the drop-down list. You can also click the Add link to create a new template.

6.     Click Update.

Using the CLI

The following example shows how to bind the virtual server template vs_template1 to a virtual server:

ACOS(config)# slb virtual-server vs1

ACOS(config-slb vserver)# template virtual server vs_template1

 

Binding a Virtual Server Port Template to a Virtual Service Port

Using the GUI

1.     Hover over ADC in the menu bar, then select SLB.

2.     Click on the Virtual Services tab.

3.     Click the Edit link in the Action column for a configured virtual server.

4.     Expand the Templates section at the bottom of the page.

5.     In the Template Virtual Port field, select the virtual server port template from the drop-down list.

6.     Click Update.

Using the CLI

The following example shows how to bind the default virtual port template to a virtual service port:

ACOS(config)# slb virtual-servers vs1

ACOS(config-slb vserver)# port 80 tcp

ACOS(config-slb vserver-vport)# template virtual-port default

 

[no] template virtual-port template-name

Binding a Server Port Template to a Service Group

Using the GUI

1.     Hover over ADC in the menu bar, then select SLB.

2.     Select the Service Groups tab.

3.     Click the Edit link in the Action column for a configured service group.

4.     In the Member pane, select the Edit link for the configured real server.

5.     In the Template field, select the server port template from the drop-down list.

6.     Click Update.

Using the CLI

The following commands bind the server port template rsp_template to rs1 in service group sg1:

ACOS(config)# slb service-group sg1 tcp

ACOS(config-slb svc group)# member rs1 80

ACOS(config-slb svc group-member:80)# template rsp_template

 

Connection Limiting

By default, the ACOS device does not limit the number of concurrent connections on a server or service port. If certain serv­ers or services are becoming oversaturated, you can set a connection limit. the ACOS device stops sending new connection requests to a server or port when that server or port reaches its maximum allowed number of concurrent connections.

Connection Limit Parameters

To configure connection limits, you can set the following parameters :

     Connection limit – Specifies the maximum number of concurrent connections allowed on a server or port. You can specify 0-8000000 (8 million). By default, the connection limit is 8000000 (8 million).

     Connection resume threshold (real servers or ports only) – Specifies the maximum number of connections the server or port can have before the ACOS device resumes use of the server or port. You can specify 1-1048575 connections.

     Reset or Drop (virtual servers or virtual server ports only) – Specifies the action to take for connections after the con­nection limit is reached on the virtual server or virtual server port. By default, excess connections are dropped. If you change the action to reset, the connections are reset instead.

     Logging – By default, the ACOS device generates a log message when the connection limit is exceeded.

Connection limiting can be set in real server templates, real port templates, virtual server templates, and virtual port tem­plates.

NOTE:                               If you change the connection limiting configuration on a virtual port or virtual server that has active sessions, or in a virtual-port or virtual-server template bound to the vir­tual server or virtual port, the current connection counter for the virtual port or server in show command output and in the GUI may become incorrect. To avoid this, do not change the connection limiting configuration until the virtual server or port does not have any active connections.

Setting a Connection Limit

To set a connection limit in a server or port template, use either of the following methods.

Using the GUI

In the configuration section for the template:

1.     Select one of the following:

     ADC >> Templates, click Create and select Server.

     ADC >> Templates, click Create and select Port.

2.     In the Connection Limit field, enter the maximum number of concurrent connections to allow on the server or port.

3.     In the Resume field, enter the maximum number of connections the server or port can have before the ACOS device resumes use of the server or port.

4.     Click OK.

Using the CLI

The following commands set the connection limit to 500,000 concurrent connections in a real server template, then bind the template to real servers:

ACOS(config)# slb template server rs-tmplt1

ACOS(config-rserver)# conn-limit 500000

ACOS(config-rserver)# exit

ACOS(config)# slb server rs1 10.1.1.99

ACOS(config-real server)# template server rs-tmplt1

ACOS(config-real server)# exit

ACOS(config)# slb server rs2 10.1.1.100

ACOS(config-real server)# template server rs-tmplt1

 

Connection Rate Limiting

You can limit the rate at which the ACOS device is allowed to send new connections to servers or service ports.

NOTE:                               Connection rate limiting is different from slow-start, which temporarily limits the num­ber of new connections per second when TCP/UDP service comes up on a service port. See Slow-Start.

Connection Rate Limiting Parameters

When you configure connection rate limiting, you can set the following parameters:

     Connection rate limit – The connection rate limit specifies the maximum of new connections allowed on a server or service port. You can specify 1-1048575 connections. By default, the connection rate limit is not set.

     Interval – The interval specifies whether the connection rate limit applies to one-second intervals or 100-ms intervals. The default is one-second intervals.

     Action for excess connections (virtual servers or virtual server ports only) – The action specifies how the ACOS device responds to connection requests after the connection rate has been exceeded. The action can be to silently drop excess connections or to send a reset (RST) to client requesting the connection. The default action is to silently drop the excess connection requests.

     Logging – By default, the ACOS device generates a log message when the connection rate limit is exceeded.

When a server or service port reaches its connection limit, the ACOS device stops using the server or service port.

Using the GUI

In the configuration section for the template:

1.     Select one of the following:

     ADC >> Templates, click Create and select Server.

     ADC >> Templates, click Create and select Port.

2.     In the Connection Rate Limit field, enter the desired connection rate limit.

3.     In the Per field, select the sampling interval: 100ms or 1 second.

4.     Click OK.

Using the CLI

The following commands configure connection rate limiting in a real server template, then bind the template to real servers.

The commands below configure a connection rate limit of 50000 per 100ms:

ACOS(config)# slb template server rs-tmplt1

ACOS(config-rserver)# conn-rate-limit 50000 per 100ms

ACOS(config-rserver)# exit

 

If you configure a limit for a server and also for an individual port, the ACOS device uses the lower limit. For example, if you limit new TCP connections to a real server to 5000 per second and also limit new HTTP connections to 1200 per second, the ACOS device limits connections to TCP port HTTP to 1200 per second.

The commands below bind this template with the configured rate limit to real servers rs1 and rs2:

ACOS(config)# slb server rs1 10.1.1.99

ACOS(config-real server)# template server rs-tmplt1

ACOS(config-real server)# exit

ACOS(config)# slb server rs2 10.1.1.100

ACOS(config-real server)# template server rs-tmplt1

 

Slow-Start

The slow-start feature allows time for a server or real service port to ramp up after TCP/UDP service on a server is enabled, by temporarily limiting the total concurrent connections on the server or port.

You can configure the slow-start parameters described in this section in real server templates and real port templates.

NOTE:                               The slow-start feature is not used for a port if the real-port template is applied to the port as part of the member configuration in a service group. In this case, if slow-start is configured in the port template, the slow-start settings are ignored for that service-group member.

Ramp-Up Parameters

By default, slow-start allows a maximum of 128 new connections during the first interval (anywhere between 0 and 10 sec­onds). During each subsequent 10-second interval, the total number of concurrent connections allowed to the server is dou­bled. Thus, during the first 20 seconds, the server is allowed to have a total of 256 concurrent connections. After 59 seconds, slow-start ends the ramp-up and no longer limits the number of concurrent connections. TABLE 14    shows the default ramp-up.

TABLE 14    Default Slow-Start Ramp-Up

Number of Seconds After Server Restart

Total maximum Concurrent Connections Allowed After Server Restart

0-9

128

10-19

256

20-29

512

30-39

1024

40-49

2048

50-59

4096

60+

Slow-start ends – No limit

NOTE:                               The initial ramp-up interval can be any duration from 0 up to the configured interval (10 seconds by default). After the initial ramp up, each subsequent ramp-up occurs at the end of the configured interval.

You can configure the following ramp-up parameters:

     Starting connection limit – The starting connection limit is the maximum number of concurrent connections to allow on the server or service port after it first comes up. You can specify from 1-4095 concurrent connections. The default is 128.

     Connection increment – The connection increment specifies the amount by which to increase the maximum num­ber of concurrent connections allowed. You can use one of the following methods to specify the increment:

     Scale factor (This is the default.) – The scale factor is the number by which to multiply the starting connection limit. For example, if the scale factor is 2 and the starting connection limit is 128, the ACOS device increases the connec­tion limit to 256 after the first ramp-up interval. The scale factor can be 2-10. The default is 2.

     Connection addition – As an alternative to specifying a scale factor, you can instead specify how many more con­current connections to allow. You can specify 1-4095 new connections.

     Ramp-up interval – The ramp-up interval specifies the number of seconds between each increase of the number of concurrent connections allowed. For example, if the ramp-up interval is 10 seconds, the number of concurrent con­nections to allow is increased every 10 seconds. The ramp-up interval can be 1-60 seconds. The default is 10 seconds.

     Ending connection limit – The ending connection limit is the maximum number of concurrent connections to allow during the final ramp-up interval. After the final ramp-up interval, the slow start is over and does not limit further con­nections to the server. You can specify from 1-65535 connections. The default is 4096.

NOTE:                               For the connection increment, you can specify a scale factor or a connection addition. The ending connection limit must be higher than the starting connection limit.

If a normal runtime connection limit is also configured on the server or port (for exam­ple, by Connection Limiting), and the normal connection limit is smaller than the slow-start ending connection limit, the ACOS device limits slow-start connec­tions to the maximum allowed by the normal connection limit.

Behavior When Slow Start Is Also Configured on the Real Server Itself

Alternatively, you can enable slow-start on individual real servers. However, the ramp-up settings on individual servers are not configurable. The settings are the same as the default ramp-up settings in server and port templates. It is recommended to configure slow start only in a server template or port template, not on the real server.

If you do configure slow-start both on the real server itself and in a real server template or real port template, the actual slow-start behavior can differ from the behavior configured in the template.

     If slow start is configured on the real server and in a real server template, the slow-start settings on the real server are used and the settings in the template are ignored. It is recommended to configure slow start only in a real server tem­plate or real port template.

     If slow start is configured on the real server and in a real port template, the lower number of connections allowed by either of the configurations at a given interval is used.

Using the GUI

In the configuration section for the real server template or real port template:

1.     Select one of the following:

     ADC >> Templates, click Create and select Server.

     ADC >> Templates, click Create and select Port.

2.     Select the Slow Start checkbox to activate the configuration fields.

3.     In the From field, enter the starting connection limit.

4.     In the Choose Operator field, select either Add or Times from the drop-down list, then enter the value you want to add or multiply by in the Add or Times field, respectively.

5.     Enter the connection increment in the field next to the increment method you selected.

6.     In the Every field, enter the desired ramp-up interval.

7.     In the Till field, enter the ending connection limit.

8.     Click OK.

Using the CLI

To configure slow-start, use the slow-start command at the configuration level for a real server or real service port:

The following commands enable slow start in a real server template, using the default settings, and bind the template to real servers.

ACOS(config)# slb template server rs-tmplt1

ACOS(config-rserver)# slow-start

ACOS(config-rserver)# exit

ACOS(config)# slb server rs1 10.1.1.99

ACOS(config-real server)# template server rs-tmplt1

ACOS(config-real server)# exit

ACOS(config)# slb server rs2 10.1.1.100

ACOS(config-real server)# template server rs-tmplt1

 

Request Rate Limiting

You can limit the number of new requests that can be received by a real port.

NOTE:                               In the current release, this option applies only to configurations that use an external-ser­vice template.

Using the GUI

On the configuration page for the real port template:

1.     Hover over ADC in the menu bar, then select Templates.

2.     Click Create and select Port from the drop-down list.

3.     In the Request Rate Limit field, enter the number of requests.

4.     In the Request Rate Per field, select the sampling interval (per 100ms, or per second).

5.     Click OK.

Using the CLI

To configure request rate limiting for real ports, use the request-rate-limit command at the configuration level for the real port template.

The following example configures a request rate limit of 5000 requests per 100 milliseconds. The reset option sends a RST to a client that sends a new request during an interval in which the request rate has been exceeded. By default, requests that are received after the limit is exceeded are dropped with no RST.

ACOS(config)# slb template port default

ACOS(config-rport)# request-rate-limit 500- per 100ms reset

 

Graceful Shutdown

You can configure a grace period for Down servers. ACOS will continue to forward packets to Down ports for the duration of the grace period.

This option is useful for taking servers down for maintenance without immediately impacting existing sessions on the serv­ers. The grace period can be 1-86400 seconds.

Notes:

     The service group must contain 2 or more servers for this feature to work.

     This feature supports stateless and stateful load balancing. However, the feature is not supported for stateful hash load-balancing methods, such as source-IP-based or destination-IP-based hashing.

Using the GUI

1.     Hover over ADC in the menu bar, then select Templates.

2.     Click Create and select Port from the drop-down list.

3.     Enter the desired grace period in the Down Grace Period field.

4.     Click OK.

Using the CLI

To configure the grace period, use the down-grace-period command at the configuration level for the real port template. For example:

ACOS(config)# slb template port default

ACOS(config-rport)# down-grace-period 5000

 

Gratuitous ARPs for Subnet VIPs

Virtual server templates have an option to enable gratuitous ARPs for all VIPs in a subnet VIP. (A subnet VIP is a range of VIPs created from a range of IP addresses within a subnet.)

By default, the ACOS device sends gratuitous ARPs for only the first IP address in a subnet VIP. You can enable the ACOS device to send gratuitous ARPs for all the IP addresses within a subnet VIP.

NOTE:                               This option applies only to VIPs that are created using a range of subnet IP addresses. The option has no effect on VIPs created with a single IP address.

Using the GUI

1.     Hover over ADC in the menu bar, then select Templates.

2.     Click Create and select Virtual Server from the drop-down list.

3.     Select the Subnet Gratuitous ARP checkbox.

4.     Click OK.

Using the CLI

To enable gratuitous ARPs for all VIPs in subnet VIPs, use the subnet-gratuitous-arp command at the configuration level for the virtual server template used to configure the VIPs.

The following commands modify the default virtual server template to enable gratuitous ARPs for subnet VIPs. The change applies to all subnet VIPs that use the default template for virtual server configuration.

ACOS(config)# slb template virtual-server default

ACOS(config-vserver)# subnet-gratuitous-arp

aFlow Request Queuing

aFlow helps avoid packet drops and retransmissions when a real server port reaches its configured connection limit.

When aFlow is enabled, the ACOS device queues HTTP/HTTPS packets from clients when a server port reaches a configured connection limit, instead of dropping them. ACOS then monitors the port, and begins forwarding the queued packets when connections become available again. To prevent flooding of the port, the ACOS device forwards the queued packets at a steady rate.

aFlow applies to HTTP and HTTPS virtual ports.

NOTE:                               Earlier releases provide this capability with the SmartFlow option in connection-reuse templates. The aFlow feature in ACOS Release 2.6 does not require use of a connection-reuse template. You can enable aFlow in a virtual port template instead.

For backwards compatibility, you still can enable aFlow using a connection-reuse tem­plate. However, only one implementation, either in a virtual server template or in a con­nection-reuse template, is supported. If you change from one implementation to the other, a reload or reboot is required to place the change into effect.

aFlow Control Operation

aFlow control is triggered when either of the following occurs:

     If connection limit is configured on the real server or real port – The backend real server or real port reaches its config­ured connection limit.

     If connection limit is not configured on the real server or real port – The response time of the backend real server or real port increases dramatically. The response time is the time between when the ACOS device forwards a request to the server, when the ACOS device receives the first reply packet from the server.

When aFlow control is triggered, the ACOS device queues request packets instead of forwarding them to the server. After the response time returns to normal, the ACOS device sends the queued packets to the server.

NOTE:                               In the current release, it is recommended to use the first method for triggering aFlow, by configuring connection limits on the real servers or real ports. The second method of triggering aFlow is still being refined and is considered to be in Beta status.

NOTE:                               If you change the aFlow setting for a virtual port, or the connection limit or connection rate limit of a real server or port used by the virtual port, you must reload the ACOS device to place the change into effect. Otherwise, the changed setting might not work correctly.

Using the GUI

1.     Hover over ADC in the menu bar, the select Templates.

2.     Select the SLB tab from the menu bar, if not already displayed.

3.     Click Create, then select Virtual Port from the drop-down list.

4.     Click the checkbox in the aFlow field.

5.     Click Create.

6.     If the template is not already bound to the virtual port, select the template from the Template Type drop-down list on the configuration page for the virtual port. Click Bind when finished.

Using the CLI

The following commands enable aFlow control for an HTTP virtual port:

ACOS(config)# slb template virtual-port afc

ACOS(config-vport)# aflow

ACOS(config-vport)# exit

 

The following commands bind the virtual-port template to the HTTP or HTTPS virtual port:

ACOS(config)# slb virtual-server vs1 10.1.1.1

ACOS(config-slb vserver)# port 80 http

ACOS(config-slb vserver-vport)# template virtual-port afc

TCP Reset Option for Session Mismatch

Virtual port templates have an option that enables sending of a TCP Reset (RST) in response to a session mismatch. A session mismatch occurs when the ACOS device receives a TCP packet for a TCP session that is not in the active session table on the ACOS device.

This option is useful in cases where a session ages out or is deleted on the ACOS device, but the client does not receive a RST or FIN for the session. In this case, without a RST, the session could remain open on the client until the session ages out. When this option is enabled, TCP RSTs are sent in the cases listed in TABLE 15   .

TABLE 15    Processing When Session Is To Be Deleted

Session Termination Method

Packet Type Sent by Client or Server After Session Termination

ACOS Response

Session is terminated by FINs from client and server

Any packet type other than SYN

Maintain connection as long as there is traffic. When there is no traffic, remove the connection one sec­ond later.

Session ages out

Any packet type other than SYN

Move session from delete queue back into active session table.

The option is disabled by default, which means the ACOS device does not send a RST in response to a session mismatch. You can enable the option in individual virtual port templates.

NOTE:                               This option does not apply to sessions that are in the delete queue. If the ACOS device receives a packet for a session that has been moved to the delete queue, the ACOS device does not send a TCP RST. Instead, the ACOS device reactivates the session and allows it to age out normally.

Using the GUI

1.     Hover over ADC in the menu bar, the select Templates.

2.     Select the SLB tab from the menu bar, if not already displayed.

3.     Click Create, then select Virtual Port from the drop-down list.

4.     Click the checkbox in the Reset Unknown Connection field.

5.     Click Create.

Using the CLI

To enable sending of TCP RSTs in response to a session mismatch, use the following command at the configuration level for a virtual port template:

ACSOS(config)# slb template virtual-port default

ACOS(config-vport)# reset-unknown-conn

 

Client Port Preservation

Virtual-port templates have an option that attempts to preserve the client’s source port for the traffic destined to the virtual port.

This option is disabled by default.

Notes

     Port preservation is not always guaranteed and is performed on a best-effort basis.

     Port preservation does not work for FTP active mode sessions.

     Port preservation works only if source NAT is enabled for the virtual port.

Using the GUI

1.     Hover over ADC in the menu bar, the select Templates.

2.     Select the SLB tab from the menu bar, if not already displayed.

3.     Click Create, then select Virtual Port from the drop-down list.

4.     Select the checkbox in the SNAT Port Preserve field.

5.     Click Create.

Using the CLI

The following command configures a NAT pool:

ACOS(config)# ip nat pool mypool 30.30.30.40 30.30.30.42 netmask 255.255.255.0

 

The following commands configure the virtual-port template:

ACOS(config)# slb template virtual-port vport

ACOS(config-vport)# snat-port-preserve

 

The following commands configure the virtual port:

ACOS(config-vport)# slb virtual-server vip1 192.168.25.25

ACOS(config-slb vserver)# port 80 tcp

ACOS(config-slb vserver-vport)# source-nat pool mypool

ACOS(config-slb vserver-vport)# service-group sg1-http

ACOS(config-slb vserver-vport)# template virtual-port vport

 

 

Table of Contents

Index

Glossary

-Search-

Back