a10_slb_common

Synopsis

SLB related commands

Parameters

Parameters

Choices/Defaults

Comment

state

str/required

[‘noop’, ‘present’, ‘absent’]

State of the object to be created.

ansible_host

str/required

Host for AXAPI authentication

ansible_username

str/required

Username for AXAPI authentication

ansible_password

str/required

Password for AXAPI authentication

ansible_port

int/required

Port for AXAPI authentication

a10_device_context_id

int

[‘1-8’]

Device ID for aVCS configuration

a10_partition

str

Destination/target partition for object/command

port_scan_detection

str

‘enable’= Enable port scan detection; ‘disable’= Disable port scan detection(default);

ping_sweep_detection

str

‘enable’= Enable ping sweep detection; ‘disable’= Disable ping sweep detection(default);

extended_stats

bool

Enable global slb extended statistics

stats_data_disable

bool

Disable global slb data statistics

graceful_shutdown_enable

bool

Enable graceful shutdown

graceful_shutdown

int

1-65535, in unit of seconds

entity

str

‘server’= Graceful shutdown server/port only; ‘virtual-server’= Graceful shutdown virtual server/port only;

after_disable

bool

Graceful shutdown after disable server/port and/or virtual server/port

rate_limit_logging

bool

Configure rate limit logging

max_local_rate

int

Set maximum local rate

max_remote_rate

int

Set maximum remote rate

exclude_destination

str

‘local’= Maximum local rate; ‘remote’= Maximum remote rate; (Maximum rates)

auto_translate_port

bool

Auto Translate Port range

range

int

auto translate port range

range_start

int

port range start

range_end

int

port range end

use_default_sess_count

bool

Use default session count

per_thr_percent

int

Percentage of default session count to use for per thread session table size

dsr_health_check_enable

bool

Enable dsr-health-check (direct server return health check)

one_server_conn_hm_rate

int

One Server Conn Health Check Rate

aflex_table_entry_aging_interval

int

aFleX table entry aging interval in second

override_port

bool

Enable override port in DSR health check mode

health_check_to_all_vip

bool

Field health_check_to_all_vip

reset_stale_session

bool

Send reset if session in delete queue receives a SYN packet

dns_negative_cache_enable

bool

Enable DNS negative cache

dns_cache_enable

bool

Enable DNS cache

dns_persistent_cache_enable

bool

Enable persistent DNS cache

max_persistent_cache

int

Define maximum persistent cache (Maximum persistent cache entry)

dns_persistent_cache_ttl_threshold

int

Only save DNS cache with longer TTL (0-10000000 seconds, default is 0 second)

dns_persistent_cache_hit_threshold

int

Only save DNS cache with larger hit count (0-10000000, default is 0)

dns_cache_ttl_adjustment_enable

bool

Enable DNS cache response ttl adjustment

response_type

str

‘single-answer’= Only cache DNS response with single answer; ‘round-robin’= Round robin;

ttl_threshold

int

Only cache DNS response with longer TTL

dns_cache_aging_weight

int

Set DNS cache entry weight, default is 1

dns_cache_age

int

Set DNS cache entry age, default is 300 seconds (1-1000000 seconds, default is 300 seconds)

dns_cache_age_min_threshold

int

Set DNS cache entry age minimum threshold, default is 0 seconds (1-1000000 seconds, default is 0 seconds)

compress_block_size

int

Set compression block size (Compression block size in bytes)

dns_cache_entry_size

int

Set DNS cache entry size, default is 256 bytes (1-4096 bytes, default is 256 bytes)

dns_cache_sync

bool

Enable DNS cache HA sync

dns_cache_sync_ttl_threshold

int

Only sync DNS cache with longer TTL (0-10000000 seconds, default is 0 second)

dns_cache_sync_entry_size

int

Only sync DNS cache with smaller size (1-4096 bytes, default is 256 bytes)

dns_vip_stateless

bool

Enable DNS VIP stateless mode

honor_server_response_ttl

bool

Honor the server reponse TTL

recursive_ns_cache

str

‘honor-packet-ttl’= Honor the lowest TTL among NS records in the server response; ‘honor-age-config’= Honor the ttl/age settings based on acos dns cache configuration;

buff_thresh

bool

Set buffer threshold

buff_thresh_hw_buff

int

Set hardware buffer threshold

buff_thresh_relieve_thresh

int

Relieve threshold

buff_thresh_sys_buff_low

int

Set low water mark of system buffer

buff_thresh_sys_buff_high

int

Set high water mark of system buffer

max_buff_queued_per_conn

int

Set per connection buffer threshold (Buffer value range 128-4096)

pkt_rate_for_reset_unknown_conn

int

Field pkt_rate_for_reset_unknown_conn

log_for_reset_unknown_conn

bool

Log when rate exceed

gateway_health_check

bool

Enable gateway health check

interval

int

Specify the healthcheck interval, default is 5 seconds (Interval Value, in seconds (default 5))

timeout

int

Specify the healthcheck timeout value, default is 15 seconds (Timeout Value, in seconds (default 15))

msl_time

int

Configure maximum session life, default is 2 seconds (1-39 seconds, default is 2 seconds)

fast_path_disable

bool

Disable fast path in SLB processing

odd_even_nat_enable

bool

Enable odd even nat pool allocation in dual blade systems

http_fast_enable

bool

Enable Http Fast in SLB processing

l2l3_trunk_lb_disable

bool

Disable L2/L3 trunk LB

snat_gwy_for_l3

bool

Use source NAT gateway for L3 traffic for transparent mode

allow_in_gateway_mode

bool

Use source NAT gateway for L3 traffic for gateway mode

disable_server_auto_reselect

bool

Disable auto reselection of server

enable_l7_req_acct

bool

Enable L7 request accounting

enable_ddos

bool

Enable DDoS protection

disable_adaptive_resource_check

bool

Disable adaptive resource check based on buffer usage

ddos_pkt_size_thresh

int

Set data packet size threshold for DDOS, default is 64 bytes

ddos_pkt_count_thresh

int

Set packet count threshold for DDOS, default is 100

snat_on_vip

bool

Enable source NAT traffic against VIP

low_latency

bool

Enable low latency mode

mss_table

int

Set MSS table (128-750, default is 536)

resolve_port_conflict

bool

Enable client port service port conflicts

no_auto_up_on_aflex

bool

Don’t automatically mark vport up when aFleX is bound

hw_compression

bool

Use hardware compression

hw_syn_rr

int

Configure hardware SYN round robin (range 1-500000)

max_http_header_count

int

Set maximum number of HTTP headers allowed

scale_out

bool

Enable SLB scale out

scale_out_traffic_map

bool

Set SLB scaleout traffic-map

show_slb_server_legacy_cmd

bool

Enable show slb server legacy command

show_slb_service_group_legacy_cmd

bool

Enable show slb service-group legacy command

show_slb_virtual_server_legacy_cmd

bool

Enable show slb virtual-server legacy command

traffic_map_type

str

‘vport’= traffic-map per vport; ‘global’= global traffic-map;

sort_res

bool

Enable SLB sorting of resource names

use_mss_tab

bool

Use MSS based on internal table for SLB processing

auto_nat_no_ip_refresh

str

‘enable’= enable; ‘disable’= disable;

ddos_protection

dict

Field ddos_protection

ipd_enable_toggle

str

‘enable’= Enable SLB DDoS protection; ‘disable’= Disable SLB DDoS protection (default);

logging

dict

Field logging

packets_per_second

dict

Field packets_per_second

ssli_sni_hash_enable

bool

Enable SSLi SNI hash table

clientside_ip

str

Clientside IP address

clientside_ipv6

str

Clientside IPv6 address

serverside_ip

str

Serverside IP address

serverside_ipv6

str

Serverside IPv6 address

port

int

Serverside port number for SNI transmission

ssli_cert_not_ready_inspect_timeout

int

SSLI asynchronized connection timeout, default is 10 seconds (seconds, set to 0 for never timeout)

ssli_cert_not_ready_inspect_limit

int

SSLI asynchronized connection max number, default is 2000 (set to 0 for unlimited size)

ssli_silent_termination_enable

bool

Terminate the SSLi sessions silently without sending RST/FIN packet

software

bool

Software

software_tls13

bool

Software TLS1.3

QAT

bool

HW assisted QAT SSL module

N5_new

bool

HW assisted N5 SSL module with TLS 1.3 and TLS 1.2 support using OpenSSL 1.1.1

N5_old

bool

HW assisted N5 SSL module with TLS 1.2 support using OpenSSL 0.9.7

software_tls13_offload

bool

Software TLS1.3 with CPU Offload Support

ssl_n5_delay_tx_enable

bool

Enable delay transmission for N5-new

ssl_ratelimit_cfg

dict

Field ssl_ratelimit_cfg

disable_rate

bool

Disable HW SSL Rate limit for N5-new

tls12_rate

int

Enabling Rateliming for TLS1.2 HW requests per chip in 1K - default 120

tls13_rate

int

Enabling Rateliming for TLS1.3 HW requests per chip in 1K - default 72

ssl_module_usage_enable

bool

Enable SSL module usage calculations for QAT

substitute_source_mac

bool

Substitute Source MAC Address to that of the outgoing interface

drop_icmp_to_vip_when_vip_down

bool

Drop ICMP to VIP when VIP down

player_id_check_enable

bool

Enable the Player id check

stateless_sg_multi_binding

bool

Enable stateless service groups to be assigned to multiple L2/L3 DSR VIPs

ecmp_hash

str

‘system-default’= Use system default ecmp hashing algorithm; ‘connection- based’= Use connection information for hashing;

vport_global

int

Configure periodic showtech vport paging global limit

vport_l3v

int

Configure periodic showtech vport paging l3v limit

service_group_on_no_dest_nat_vports

str

‘allow-same’= Allow the binding service-group on no-dest-nat virtual ports; ‘enforce-different’= Enforce that the same service-group can not be bound on different no-dest-nat virtual ports;

disable_port_masking

bool

Disable masking of ports for CPU hashing

snat_preserve

dict

Field snat_preserve

range

list

Field range

disable_persist_scoring

bool

Disable Persist Scoring

ipv4_offset

int

IPv4 Octet Offset for Hash

ipv6_subnet

int

IPv6 Octet Valid Subnet Length for Hash

pbslb_entry_age

int

Set global pbslb entry age (minute)

pbslb_overflow_glid

str

Apply global limit id to overflow pbslb entry

pre_process_enable

bool

Enable NG-WAF pre-processing

cache_expire_time

int

Cache expiration time, default is 1 minute

attack_resp_code

int

Custom response code

monitor_mode_enable

bool

Enable NG-WAF monitor mode

custom_signal_clist

str

Provide custom signal names

custom_message

str

Block message

custom_page

str

Specify the custom webpage name

use_https_proxy

bool

NG-WAF connects to Cloud through proxy server

ngwaf_proxy_ipv4

str

IPv4 address

ngwaf_proxy_ipv6

str

IPv6 address

ngwaf_proxy_port

int

Port

use_mgmt_port

bool

Use management port to connect

multi_cpu

int

Specific NGWAF CPU

enable_fast_path_rerouting

bool

Enable Fast-Path Rerouting

cancel_stream_loop_limit

int

Set global cancel stream loop limit (cancel stream loop limit, default is 5)

uuid

str

uuid of the object

cert_pinning

dict

Field cert_pinning

ttl

int

The ttl of local cert pinning candidate list, multiple of 10 minutes, default is 144 (1440 minutes)

uuid

str

uuid of the object

candidate_list_feedback_opt_in

dict

Field candidate_list_feedback_opt_in

aflex_table_entry_sync

dict

Field aflex_table_entry_sync

aflex_table_entry_sync_enable

bool

Enable aflex table sync

aflex_table_entry_sync_max_key_len

int

aflex table entry max key length to sync

aflex_table_entry_sync_max_value_len

int

aflex table entry max value length to sync

aflex_table_entry_sync_min_lifetime

int

aflex table entry minimum lifetime to sync

uuid

str

uuid of the object

quic

dict

Field quic

cid_len

int

Length of CID

signature

str

Set CID Signature

signature_len

int

Offset for CID Signature

signature_offset

int

Offset for CID Signature

cpu_offset

int

Offset for Encoded CPU

quic_lb_offset

int

Offset for QUIC-LB

enable_hash

bool

Enable CID Hashing

enable_signature

bool

Enable CID Signature Validation

uuid

str

uuid of the object

conn_rate_limit

dict

Field conn_rate_limit

src_ip_list

list

Field src_ip_list

dns_response_rate_limiting

dict

Field dns_response_rate_limiting

max_table_entries

int

Maximum number of entries allowed

uuid

str

uuid of the object

oper

dict

Field oper

server_auto_reselect

int

Field server_auto_reselect

Examples


Return Values

modified_values (changed, dict, )

Values modified (or potential changes if using check_mode) as a result of task operation

axapi_calls (always, list, )

Sequential list of AXAPI calls made by the task

endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])

The AXAPI endpoint being accessed.

http_method (, str, [‘POST’, ‘GET’])

HTTP method being used by the primary task to interact with the AXAPI endpoint.

request_body (, complex, )

Params used to query the AXAPI

response_body (, complex, )

Response from the AXAPI

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • A10 Networks