a10_slb_common
Synopsis
SLB related commands
Parameters
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
port_scan_detection str |
‘enable’= Enable port scan detection; ‘disable’= Disable port scan detection(default); |
||
ping_sweep_detection str |
‘enable’= Enable ping sweep detection; ‘disable’= Disable ping sweep detection(default); |
||
extended_stats bool |
Enable global slb extended statistics |
||
stats_data_disable bool |
Disable global slb data statistics |
||
graceful_shutdown_enable bool |
Enable graceful shutdown |
||
graceful_shutdown int |
1-65535, in unit of seconds |
||
entity str |
‘server’= Graceful shutdown server/port only; ‘virtual-server’= Graceful shutdown virtual server/port only; |
||
after_disable bool |
Graceful shutdown after disable server/port and/or virtual server/port |
||
rate_limit_logging bool |
Configure rate limit logging |
||
max_local_rate int |
Set maximum local rate |
||
max_remote_rate int |
Set maximum remote rate |
||
exclude_destination str |
‘local’= Maximum local rate; ‘remote’= Maximum remote rate; (Maximum rates) |
||
auto_translate_port bool |
Auto Translate Port range |
||
range int |
auto translate port range |
||
range_start int |
port range start |
||
range_end int |
port range end |
||
use_default_sess_count bool |
Use default session count |
||
per_thr_percent int |
Percentage of default session count to use for per thread session table size |
||
dsr_health_check_enable bool |
Enable dsr-health-check (direct server return health check) |
||
one_server_conn_hm_rate int |
One Server Conn Health Check Rate |
||
aflex_table_entry_aging_interval int |
aFleX table entry aging interval in second |
||
override_port bool |
Enable override port in DSR health check mode |
||
health_check_to_all_vip bool |
Field health_check_to_all_vip |
||
reset_stale_session bool |
Send reset if session in delete queue receives a SYN packet |
||
dns_negative_cache_enable bool |
Enable DNS negative cache |
||
dns_cache_enable bool |
Enable DNS cache |
||
dns_persistent_cache_enable bool |
Enable persistent DNS cache |
||
max_persistent_cache int |
Define maximum persistent cache (Maximum persistent cache entry) |
||
dns_persistent_cache_ttl_threshold int |
Only save DNS cache with longer TTL (0-10000000 seconds, default is 0 second) |
||
dns_persistent_cache_hit_threshold int |
Only save DNS cache with larger hit count (0-10000000, default is 0) |
||
dns_cache_ttl_adjustment_enable bool |
Enable DNS cache response ttl adjustment |
||
response_type str |
‘single-answer’= Only cache DNS response with single answer; ‘round-robin’= Round robin; |
||
ttl_threshold int |
Only cache DNS response with longer TTL |
||
dns_cache_aging_weight int |
Set DNS cache entry weight, default is 1 |
||
dns_cache_age int |
Set DNS cache entry age, default is 300 seconds (1-1000000 seconds, default is 300 seconds) |
||
dns_cache_age_min_threshold int |
Set DNS cache entry age minimum threshold, default is 0 seconds (1-1000000 seconds, default is 0 seconds) |
||
compress_block_size int |
Set compression block size (Compression block size in bytes) |
||
dns_cache_entry_size int |
Set DNS cache entry size, default is 256 bytes (1-4096 bytes, default is 256 bytes) |
||
dns_cache_sync bool |
Enable DNS cache HA sync |
||
dns_cache_sync_ttl_threshold int |
Only sync DNS cache with longer TTL (0-10000000 seconds, default is 0 second) |
||
dns_cache_sync_entry_size int |
Only sync DNS cache with smaller size (1-4096 bytes, default is 256 bytes) |
||
dns_vip_stateless bool |
Enable DNS VIP stateless mode |
||
honor_server_response_ttl bool |
Honor the server reponse TTL |
||
recursive_ns_cache str |
‘honor-packet-ttl’= Honor the lowest TTL among NS records in the server response; ‘honor-age-config’= Honor the ttl/age settings based on acos dns cache configuration; |
||
buff_thresh bool |
Set buffer threshold |
||
buff_thresh_hw_buff int |
Set hardware buffer threshold |
||
buff_thresh_relieve_thresh int |
Relieve threshold |
||
buff_thresh_sys_buff_low int |
Set low water mark of system buffer |
||
buff_thresh_sys_buff_high int |
Set high water mark of system buffer |
||
max_buff_queued_per_conn int |
Set per connection buffer threshold (Buffer value range 128-4096) |
||
pkt_rate_for_reset_unknown_conn int |
Field pkt_rate_for_reset_unknown_conn |
||
log_for_reset_unknown_conn bool |
Log when rate exceed |
||
gateway_health_check bool |
Enable gateway health check |
||
interval int |
Specify the healthcheck interval, default is 5 seconds (Interval Value, in seconds (default 5)) |
||
timeout int |
Specify the healthcheck timeout value, default is 15 seconds (Timeout Value, in seconds (default 15)) |
||
msl_time int |
Configure maximum session life, default is 2 seconds (1-39 seconds, default is 2 seconds) |
||
fast_path_disable bool |
Disable fast path in SLB processing |
||
odd_even_nat_enable bool |
Enable odd even nat pool allocation in dual blade systems |
||
http_fast_enable bool |
Enable Http Fast in SLB processing |
||
l2l3_trunk_lb_disable bool |
Disable L2/L3 trunk LB |
||
snat_gwy_for_l3 bool |
Use source NAT gateway for L3 traffic for transparent mode |
||
allow_in_gateway_mode bool |
Use source NAT gateway for L3 traffic for gateway mode |
||
disable_server_auto_reselect bool |
Disable auto reselection of server |
||
enable_l7_req_acct bool |
Enable L7 request accounting |
||
enable_ddos bool |
Enable DDoS protection |
||
disable_adaptive_resource_check bool |
Disable adaptive resource check based on buffer usage |
||
ddos_pkt_size_thresh int |
Set data packet size threshold for DDOS, default is 64 bytes |
||
ddos_pkt_count_thresh int |
Set packet count threshold for DDOS, default is 100 |
||
snat_on_vip bool |
Enable source NAT traffic against VIP |
||
low_latency bool |
Enable low latency mode |
||
mss_table int |
Set MSS table (128-750, default is 536) |
||
resolve_port_conflict bool |
Enable client port service port conflicts |
||
no_auto_up_on_aflex bool |
Don’t automatically mark vport up when aFleX is bound |
||
hw_compression bool |
Use hardware compression |
||
hw_syn_rr int |
Configure hardware SYN round robin (range 1-500000) |
||
max_http_header_count int |
Set maximum number of HTTP headers allowed |
||
scale_out bool |
Enable SLB scale out |
||
scale_out_traffic_map bool |
Set SLB scaleout traffic-map |
||
show_slb_server_legacy_cmd bool |
Enable show slb server legacy command |
||
show_slb_service_group_legacy_cmd bool |
Enable show slb service-group legacy command |
||
show_slb_virtual_server_legacy_cmd bool |
Enable show slb virtual-server legacy command |
||
traffic_map_type str |
‘vport’= traffic-map per vport; ‘global’= global traffic-map; |
||
sort_res bool |
Enable SLB sorting of resource names |
||
use_mss_tab bool |
Use MSS based on internal table for SLB processing |
||
auto_nat_no_ip_refresh str |
‘enable’= enable; ‘disable’= disable; |
||
ddos_protection dict |
Field ddos_protection |
||
ipd_enable_toggle str |
‘enable’= Enable SLB DDoS protection; ‘disable’= Disable SLB DDoS protection (default); |
||
logging dict |
Field logging |
||
packets_per_second dict |
Field packets_per_second |
||
ssli_sni_hash_enable bool |
Enable SSLi SNI hash table |
||
clientside_ip str |
Clientside IP address |
||
clientside_ipv6 str |
Clientside IPv6 address |
||
serverside_ip str |
Serverside IP address |
||
serverside_ipv6 str |
Serverside IPv6 address |
||
port int |
Serverside port number for SNI transmission |
||
ssli_cert_not_ready_inspect_timeout int |
SSLI asynchronized connection timeout, default is 10 seconds (seconds, set to 0 for never timeout) |
||
ssli_cert_not_ready_inspect_limit int |
SSLI asynchronized connection max number, default is 2000 (set to 0 for unlimited size) |
||
ssli_silent_termination_enable bool |
Terminate the SSLi sessions silently without sending RST/FIN packet |
||
software bool |
Software |
||
software_tls13 bool |
Software TLS1.3 |
||
QAT bool |
HW assisted QAT SSL module |
||
N5_new bool |
HW assisted N5 SSL module with TLS 1.3 and TLS 1.2 support using OpenSSL 1.1.1 |
||
N5_old bool |
HW assisted N5 SSL module with TLS 1.2 support using OpenSSL 0.9.7 |
||
software_tls13_offload bool |
Software TLS1.3 with CPU Offload Support |
||
ssl_n5_delay_tx_enable bool |
Enable delay transmission for N5-new |
||
ssl_ratelimit_cfg dict |
Field ssl_ratelimit_cfg |
||
disable_rate bool |
Disable HW SSL Rate limit for N5-new |
||
tls12_rate int |
Enabling Rateliming for TLS1.2 HW requests per chip in 1K - default 120 |
||
tls13_rate int |
Enabling Rateliming for TLS1.3 HW requests per chip in 1K - default 72 |
||
ssl_module_usage_enable bool |
Enable SSL module usage calculations for QAT |
||
substitute_source_mac bool |
Substitute Source MAC Address to that of the outgoing interface |
||
drop_icmp_to_vip_when_vip_down bool |
Drop ICMP to VIP when VIP down |
||
player_id_check_enable bool |
Enable the Player id check |
||
stateless_sg_multi_binding bool |
Enable stateless service groups to be assigned to multiple L2/L3 DSR VIPs |
||
ecmp_hash str |
‘system-default’= Use system default ecmp hashing algorithm; ‘connection- based’= Use connection information for hashing; |
||
vport_global int |
Configure periodic showtech vport paging global limit |
||
vport_l3v int |
Configure periodic showtech vport paging l3v limit |
||
service_group_on_no_dest_nat_vports str |
‘allow-same’= Allow the binding service-group on no-dest-nat virtual ports; ‘enforce-different’= Enforce that the same service-group can not be bound on different no-dest-nat virtual ports; |
||
disable_port_masking bool |
Disable masking of ports for CPU hashing |
||
snat_preserve dict |
Field snat_preserve |
||
range list |
Field range |
||
disable_persist_scoring bool |
Disable Persist Scoring |
||
ipv4_offset int |
IPv4 Octet Offset for Hash |
||
ipv6_subnet int |
IPv6 Octet Valid Subnet Length for Hash |
||
pbslb_entry_age int |
Set global pbslb entry age (minute) |
||
pbslb_overflow_glid str |
Apply global limit id to overflow pbslb entry |
||
pre_process_enable bool |
Enable NG-WAF pre-processing |
||
cache_expire_time int |
Cache expiration time, default is 1 minute |
||
attack_resp_code int |
Custom response code |
||
monitor_mode_enable bool |
Enable NG-WAF monitor mode |
||
custom_signal_clist str |
Provide custom signal names |
||
custom_message str |
Block message |
||
custom_page str |
Specify the custom webpage name |
||
use_https_proxy bool |
NG-WAF connects to Cloud through proxy server |
||
ngwaf_proxy_ipv4 str |
IPv4 address |
||
ngwaf_proxy_ipv6 str |
IPv6 address |
||
ngwaf_proxy_port int |
Port |
||
use_mgmt_port bool |
Use management port to connect |
||
multi_cpu int |
Specific NGWAF CPU |
||
enable_fast_path_rerouting bool |
Enable Fast-Path Rerouting |
||
cancel_stream_loop_limit int |
Set global cancel stream loop limit (cancel stream loop limit, default is 5) |
||
redirect_dummy_ethernet str |
Ethernet interface (Ethernet interface number) |
||
redirect_dummy_vlan int |
VLAN Id |
||
uuid str |
uuid of the object |
||
cert_pinning dict |
Field cert_pinning |
||
ttl int |
The ttl of local cert pinning candidate list, multiple of 10 minutes, default is 144 (1440 minutes) |
||
uuid str |
uuid of the object |
||
candidate_list_feedback_opt_in dict |
Field candidate_list_feedback_opt_in |
||
aflex_table_entry_sync dict |
Field aflex_table_entry_sync |
||
aflex_table_entry_sync_enable bool |
Enable aflex table sync |
||
aflex_table_entry_sync_max_key_len int |
aflex table entry max key length to sync |
||
aflex_table_entry_sync_max_value_len int |
aflex table entry max value length to sync |
||
aflex_table_entry_sync_min_lifetime int |
aflex table entry minimum lifetime to sync |
||
uuid str |
uuid of the object |
||
quic dict |
Field quic |
||
cid_len int |
Length of CID |
||
signature str |
Set CID Signature |
||
signature_len int |
Offset for CID Signature |
||
signature_offset int |
Offset for CID Signature |
||
cpu_offset int |
Offset for Encoded CPU |
||
quic_lb_offset int |
Offset for QUIC-LB |
||
enable_hash bool |
Enable CID Hashing |
||
enable_signature bool |
Enable CID Signature Validation |
||
uuid str |
uuid of the object |
||
conn_rate_limit dict |
Field conn_rate_limit |
||
src_ip_list list |
Field src_ip_list |
||
dns_response_rate_limiting dict |
Field dns_response_rate_limiting |
||
max_table_entries int |
Maximum number of entries allowed |
||
uuid str |
uuid of the object |
||
global_dns_cache dict |
Field global_dns_cache |
||
uuid str |
uuid of the object |
||
class_list dict |
Field class_list |
||
oper dict |
Field oper |
||
server_auto_reselect int |
Field server_auto_reselect |
||
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.