.. _slb_common: slb common ========== SLB related commands common Specification -------------------- ===================================== =================================================== ===================================== =================================================== **Type** *Configuration Resource* **Element Name** common **Element URI** /axapi/v3/slb/common **Element Attributes** common_attributes **Operational Data URI** /axapi/v3/slb/common/oper **Schema** :download:`common schema ` ===================================== =================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/slb/common .. raw:: html :ref:`1635_common_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/slb/common .. raw:: html :ref:`1635_common_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/slb/common .. raw:: html :ref:`1635_common_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/slb/common .. raw:: html :ref:`1635_common_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/slb/common .. raw:: html :ref:`1635_common_attributes` .. raw:: html
.. _1635_common_attributes: common attributes ----------------- **N5-new** **Description** HW assisted N5 SSL module with TLS 1.3 and TLS 1.2 support using OpenSSL 1.1.1 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** N5-newsoftware, software-tls13, QAT and N5-old are mutually exclusive **N5-old** **Description** HW assisted N5 SSL module with TLS 1.2 support using OpenSSL 0.9.7 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** N5-oldsoftware, software-tls13, QAT and N5-new are mutually exclusive **QAT** **Description** HW assisted QAT SSL module **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** QATsoftware, software-tls13, N5-new and N5-old are mutually exclusive **aflex-table-entry-aging-interval** **Description** aFleX table entry aging interval in second **Type:** number **Range:** 1-3600 **Default:** 1 **aflex-table-entry-sync** **Description:** aflex-table-entry-sync is a **JSON Block**. Please see below for :ref:`1635_aflex-table-entry-sync` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/common/aflex-table-entry-sync ` **after-disable** **Description** Graceful shutdown after disable server/port and/or virtual server/port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-in-gateway-mode** **Description** Use source NAT gateway for L3 traffic for gateway mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auto-nat-no-ip-refresh** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **auto-translate-port** **Description** Auto Translate Port range **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **buff-thresh** **Description** Set buffer threshold **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **buff-thresh-hw-buff** **Description** Set hardware buffer threshold **Type:** number **Range:** 1-2147483647 **buff-thresh-relieve-thresh** **Description** Relieve threshold **Type:** number **Range:** 0-2147483647 **buff-thresh-sys-buff-high** **Description** Set high water mark of system buffer **Type:** number **Range:** 0-2147483647 **buff-thresh-sys-buff-low** **Description** Set low water mark of system buffer **Type:** number **Range:** 0-2147483647 **compress-block-size** **Description** Set compression block size (Compression block size in bytes) **Type:** number **Range:** 6000-131008 **conn-rate-limit** **Description:** conn-rate-limit is a **JSON Block**. Please see below for :ref:`1635_conn-rate-limit` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/common/conn-rate-limit ` **ddos-pkt-count-thresh** **Description** Set packet count threshold for DDOS, default is 100 **Type:** number **Range:** 1-256 **Default:** 100 **ddos-pkt-size-thresh** **Description** Set data packet size threshold for DDOS, default is 64 bytes **Type:** number **Range:** 1-256 **Default:** 64 **ddos-protection** **Description:** ddos-protection is a **JSON Block**. Please see below for :ref:`1635_ddos-protection` **Type:** Object **disable-adaptive-resource-check** **Description** Disable adaptive resource check based on buffer usage **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-persist-scoring** **Description** Disable Persist Scoring **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-port-masking** **Description** Disable masking of ports for CPU hashing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-server-auto-reselect** **Description** Disable auto reselection of server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cache-age** **Description** Set DNS cache entry age, default is 300 seconds (1-1000000 seconds, default is 300 seconds) **Type:** number **Range:** 1-1000000 **Default:** 300 **dns-cache-enable** **Description** Enable DNS cache **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cache-entry-size** **Description** Set DNS cache entry size, default is 256 bytes (1-4096 bytes, default is 256 bytes) **Type:** number **Range:** 1-4096 **Default:** 256 **dns-response-rate-limiting** **Description:** dns-response-rate-limiting is a **JSON Block**. Please see below for :ref:`1635_dns-response-rate-limiting` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/common/dns-response-rate-limiting ` **dns-vip-stateless** **Description** Enable DNS VIP stateless mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-icmp-to-vip-when-vip-down** **Description** Drop ICMP to VIP when VIP down **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dsr-health-check-enable** **Description** Enable dsr-health-check (direct server return health check) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ecmp-hash** **Description** 'system-default': Use system default ecmp hashing algorithm; 'connection-based': Use connection information for hashing; **Type:** string **Supported Values:** system-default, connection-based **Default:** system-default **enable-l7-req-acct** **Description** Enable L7 request accounting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **entity** **Description** 'server': Graceful shutdown server/port only; 'virtual-server': Graceful shutdown virtual server/port only; **Type:** string **Supported Values:** server, virtual-server **exclude-destination** **Description** 'local': Maximum local rate; 'remote': Maximum remote rate; (Maximum rates) **Type:** string **Supported Values:** local, remote **extended-stats** **Description** Enable global slb extended statistics **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fast-path-disable** **Description** Disable fast path in SLB processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **gateway-health-check** **Description** Enable gateway health check **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **graceful-shutdown** **Description** 1-65535, in unit of seconds **Type:** number **Range:** 1-65535 **graceful-shutdown-enable** **Description** Enable graceful shutdown **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **health-check-to-all-vip** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **honor-server-response-ttl** **Description** Honor the server reponse TTL **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-fast-enable** **Description** Enable Http Fast in SLB processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hw-compression** **Description** Use hardware compression **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hw-syn-rr** **Description** Configure hardware SYN round robin (range 1-500000) **Type:** number **Range:** 1-500000 **interval** **Description** Specify the healthcheck interval, default is 5 seconds (Interval Value, in seconds (default 5)) **Type:** number **Range:** 1-180 **Default:** 5 **ipv4-offset** **Description** IPv4 Octet Offset for Hash **Type:** number **Range:** 0-3 **Default:** 0 **l2l3-trunk-lb-disable** **Description** Disable L2/L3 trunk LB **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-for-reset-unknown-conn** **Description** Log when rate exceed **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **low-latency** **Description** Enable low latency mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-buff-queued-per-conn** **Description** Set per connection buffer threshold (Buffer value range 128-4096) **Type:** number **Range:** 128-4096 **Default:** 1000 **max-http-header-count** **Description** Set maximum number of HTTP headers allowed **Type:** number **Range:** 90-255 **Default:** 90 **max-local-rate** **Description** Set maximum local rate **Type:** number **Range:** 1-100 **Default:** 32 **max-remote-rate** **Description** Set maximum remote rate **Type:** number **Range:** 1-1000000 **Default:** 15000 **msl-time** **Description** Configure maximum session life, default is 2 seconds (1-39 seconds, default is 2 seconds) **Type:** number **Range:** 1-39 **Default:** 2 **mss-table** **Description** Set MSS table (128-750, default is 536) **Type:** number **Range:** 128-750 **Default:** 536 **no-auto-up-on-aflex** **Description** Don't automatically mark vport up when aFleX is bound **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **one-server-conn-hm-rate** **Description** One Server Conn Health Check Rate **Type:** number **Range:** 1-60 **override-port** **Description** Enable override port in DSR health check mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **per-thr-percent** **Description** Percentage of default session count to use for per thread session table size **Type:** number **Range:** 1-100 **ping-sweep-detection** **Description** 'enable': Enable ping sweep detection; 'disable': Disable ping sweep detection(default); **Type:** string **Supported Values:** enable, disable **Default:** disable **pkt-rate-for-reset-unknown-conn** **Description** **Type:** number **Range:** 1-1048575 **player-id-check-enable** **Description** Enable the Player id check **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **port-scan-detection** **Description** 'enable': Enable port scan detection; 'disable': Disable port scan detection(default); **Type:** string **Supported Values:** enable, disable **Default:** disable **range** **Description** auto translate port range **Type:** number **Range:** 1-3 **range-end** **Description** port range end **Type:** number **Range:** 0-65535 **range-start** **Description** port range start **Type:** number **Range:** 0-65535 **rate-limit-logging** **Description** Configure rate limit logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **reset-stale-session** **Description** Send reset if session in delete queue receives a SYN packet **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **resolve-port-conflict** **Description** Enable client port service port conflicts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **response-type** **Description** 'single-answer': Only cache DNS response with single answer; 'round-robin': Round robin; **Type:** string **Supported Values:** single-answer, round-robin **scale-out** **Description** Enable SLB scale out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **scale-out-traffic-map** **Description** Set SLB scaleout traffic-map **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **service-group-on-no-dest-nat-vports** **Description** 'allow-same': Allow the binding service-group on no-dest-nat virtual ports; 'enforce-different': Enforce that the same service-group can not be bound on different no-dest-nat virtual ports; **Type:** string **Supported Values:** allow-same, enforce-different **Default:** enforce-different **show-slb-server-legacy-cmd** **Description** Enable show slb server legacy command **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **show-slb-service-group-legacy-cmd** **Description** Enable show slb service-group legacy command **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **show-slb-virtual-server-legacy-cmd** **Description** Enable show slb virtual-server legacy command **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **snat-gwy-for-l3** **Description** Use source NAT gateway for L3 traffic for transparent mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **snat-on-vip** **Description** Enable source NAT traffic against VIP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **snat-preserve** **Description:** snat-preserve is a **JSON Block**. Please see below for :ref:`1635_snat-preserve` **Type:** Object **software** **Description** Software **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** softwaresoftware-tls13, QAT, N5-new and N5-old are mutually exclusive **software-tls13** **Description** Software TLS1.3 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** software-tls13software, QAT, N5-new and N5-old are mutually exclusive **sort-res** **Description** Enable SLB sorting of resource names **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssli-cert-not-ready-inspect-limit** **Description** SSLI asynchronized connection max number, default is 2000 (set to 0 for unlimited size) **Type:** number **Range:** 0-2147483647 **Default:** 2000 **ssli-cert-not-ready-inspect-timeout** **Description** SSLI asynchronized connection timeout, default is 10 seconds (seconds, set to 0 for never timeout) **Type:** number **Range:** 0-2147483647 **Default:** 10 **ssli-sni-hash-enable** **Description** Enable SSLi SNI hash table **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **stateless-sg-multi-binding** **Description** Enable stateless service groups to be assigned to multiple L2/L3 DSR VIPs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **stats-data-disable** **Description** Disable global slb data statistics **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **substitute-source-mac** **Description** Substitute Source MAC Address to that of the outgoing interface **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **timeout** **Description** Specify the healthcheck timeout value, default is 15 seconds (Timeout Value, in seconds (default 15)) **Type:** number **Range:** 1-360 **Default:** 15 **traffic-map-type** **Description** 'vport': traffic-map per vport; 'global': global traffic-map; **Type:** string **Supported Values:** vport, global **Default:** vport **ttl-threshold** **Description** Only cache DNS response with longer TTL **Type:** number **Range:** 1-10000000 **use-default-sess-count** **Description** Use default session count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **use-mss-tab** **Description** Use MSS based on internal table for SLB processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1635_aflex-table-entry-sync: aflex-table-entry-sync ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **aflex-table-entry-sync-enable** **Description** Enable aflex table sync **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **aflex-table-entry-sync-max-key-len** **Description** aflex table entry max key length to sync **Type:** number **Range:** 0-1000 **Default:** 1000 **aflex-table-entry-sync-max-value-len** **Description** aflex table entry max value length to sync **Type:** number **Range:** 0-1000 **Default:** 1000 **aflex-table-entry-sync-min-lifetime** **Description** aflex table entry minimum lifetime to sync **Type:** number **Range:** 0-65535 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1635_dns-response-rate-limiting: dns-response-rate-limiting ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **max-table-entries** **Description** Maximum number of entries allowed **Type:** number **Range:** 1000-4194304 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1635_conn-rate-limit: conn-rate-limit ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **src-ip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/common/conn-rate-limit/src-ip/{protocol} ` .. _1635_conn-rate-limit_src-ip-list: conn-rate-limit_src-ip-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **exceed-action** **Description** Set action if threshold exceeded **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **limit** **Description** Set max connections per period **Type:** number **Range:** 1-1000000 **limit-period** **Description** '100': 100 ms; '1000': 1000 ms; **Type:** string **Supported Values:** 100, 1000 **lock-out** **Description** Set lockout period in seconds if threshold exceeded **Type:** number **Range:** 1-3600 **log** **Description** Send log if threshold exceeded **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **protocol** **Description** 'tcp': Set TCP connection rate limit; 'udp': Set UDP packet rate limit; **Type:** string **Supported Values:** tcp, udp **shared** **Description** Set threshold shared amongst all virtual ports **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1635_ddos-protection: ddos-protection ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ipd-enable-toggle** **Description** 'enable': Enable SLB DDoS protection; 'disable': Disable SLB DDoS protection (default); **Type:** string **Supported Values:** enable, disable **Default:** disable **logging** **Description:** logging is a **JSON Block**. Please see below for :ref:`1635_ddos-protection_logging` **Type:** Object **packets-per-second** **Description:** packets-per-second is a **JSON Block**. Please see below for :ref:`1635_ddos-protection_packets-per-second` **Type:** Object .. _1635_ddos-protection_packets-per-second: ddos-protection_packets-per-second ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ipd-tcp** **Description** Configure packets-per-second threshold per TCP port (default: 200) **Type:** number **Range:** 0-65535 **Default:** 200 **ipd-udp** **Description** Configure packets-per-second threshold per UDP port (default: 200) **Type:** number **Range:** 0-65535 **Default:** 200 .. _1635_ddos-protection_logging: ddos-protection_logging ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ipd-logging-toggle** **Description** 'enable': Enable SLB DDoS protection logging (default); 'disable': Disable SLB DDoS protection logging; **Type:** string **Supported Values:** enable, disable **Default:** enable .. _1635_snat-preserve: snat-preserve ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **range** **Type:** List .. _1635_snat-preserve_range: snat-preserve_range ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **port1** **Description** start port **Type:** number **Range:** 1025-65535 **Default:** 1025 **port2** **Description** end port which is greater than start **Type:** number **Range:** 1025-65535 **Default:** 1025 .. _1635_oper_data: operational data ---------------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - server-auto-reselect - number - server-auto-reselect