slb common¶
SLB related commands
common Specification¶
Type Configuration Resource Element Name common Element URI /axapi/v3/slb/common Element Attributes common_attributes Operational Data URI /axapi/v3/slb/common/oper Schema common schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/slb/common | ||
Get Object | GET | /axapi/v3/slb/common | ||
Modify Object | POST | /axapi/v3/slb/common | ||
Replace Object | PUT | /axapi/v3/slb/common | ||
Delete Object | DELETE | /axapi/v3/slb/common |
common attributes¶
N5-new
Description HW assisted N5 SSL module with TLS 1.3 and TLS 1.2 support using OpenSSL 1.1.1
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: N5-newsoftware, software-tls13, QAT and N5-old are mutually exclusive
N5-old
Description HW assisted N5 SSL module with TLS 1.2 support using OpenSSL 0.9.7
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: N5-oldsoftware, software-tls13, QAT and N5-new are mutually exclusive
QAT
Description HW assisted QAT SSL module
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: QATsoftware, software-tls13, N5-new and N5-old are mutually exclusive
aflex-table-entry-aging-interval
Description aFleX table entry aging interval in second
Type: number
Range: 1-3600
Default: 1
aflex-table-entry-sync
Description: aflex-table-entry-sync is a JSON Block. Please see below for aflex-table-entry-sync
Type: Object
Reference Object: /axapi/v3/slb/common/aflex-table-entry-sync
after-disable
Description Graceful shutdown after disable server/port and/or virtual server/port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-in-gateway-mode
Description Use source NAT gateway for L3 traffic for gateway mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auto-nat-no-ip-refresh
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
auto-translate-port
Description Auto Translate Port range
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
buff-thresh
Description Set buffer threshold
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
buff-thresh-hw-buff
Description Set hardware buffer threshold
Type: number
Range: 1-2147483647
buff-thresh-relieve-thresh
Description Relieve threshold
Type: number
Range: 0-2147483647
buff-thresh-sys-buff-high
Description Set high water mark of system buffer
Type: number
Range: 0-2147483647
buff-thresh-sys-buff-low
Description Set low water mark of system buffer
Type: number
Range: 0-2147483647
compress-block-size
Description Set compression block size (Compression block size in bytes)
Type: number
Range: 6000-131008
conn-rate-limit
Description: conn-rate-limit is a JSON Block. Please see below for conn-rate-limit
Type: Object
Reference Object: /axapi/v3/slb/common/conn-rate-limit
ddos-pkt-count-thresh
Description Set packet count threshold for DDOS, default is 100
Type: number
Range: 1-256
Default: 100
ddos-pkt-size-thresh
Description Set data packet size threshold for DDOS, default is 64 bytes
Type: number
Range: 1-256
Default: 64
ddos-protection
Description: ddos-protection is a JSON Block. Please see below for ddos-protection
Type: Object
disable-adaptive-resource-check
Description Disable adaptive resource check based on buffer usage
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-persist-scoring
Description Disable Persist Scoring
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-port-masking
Description Disable masking of ports for CPU hashing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-server-auto-reselect
Description Disable auto reselection of server
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cache-age
Description Set DNS cache entry age, default is 300 seconds (1-1000000 seconds, default is 300 seconds)
Type: number
Range: 1-1000000
Default: 300
dns-cache-enable
Description Enable DNS cache
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cache-entry-size
Description Set DNS cache entry size, default is 256 bytes (1-4096 bytes, default is 256 bytes)
Type: number
Range: 1-4096
Default: 256
dns-response-rate-limiting
Description: dns-response-rate-limiting is a JSON Block. Please see below for dns-response-rate-limiting
Type: Object
Reference Object: /axapi/v3/slb/common/dns-response-rate-limiting
dns-vip-stateless
Description Enable DNS VIP stateless mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-icmp-to-vip-when-vip-down
Description Drop ICMP to VIP when VIP down
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dsr-health-check-enable
Description Enable dsr-health-check (direct server return health check)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ecmp-hash
Description ‘system-default’: Use system default ecmp hashing algorithm; ‘connection-based’: Use connection information for hashing;
Type: string
Supported Values: system-default, connection-based
Default: system-default
enable-l7-req-acct
Description Enable L7 request accounting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entity
Description ‘server’: Graceful shutdown server/port only; ‘virtual-server’: Graceful shutdown virtual server/port only;
Type: string
Supported Values: server, virtual-server
exclude-destination
Description ‘local’: Maximum local rate; ‘remote’: Maximum remote rate; (Maximum rates)
Type: string
Supported Values: local, remote
extended-stats
Description Enable global slb extended statistics
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fast-path-disable
Description Disable fast path in SLB processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
gateway-health-check
Description Enable gateway health check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
graceful-shutdown
Description 1-65535, in unit of seconds
Type: number
Range: 1-65535
graceful-shutdown-enable
Description Enable graceful shutdown
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
health-check-to-all-vip
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
honor-server-response-ttl
Description Honor the server reponse TTL
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-fast-enable
Description Enable Http Fast in SLB processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hw-compression
Description Use hardware compression
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hw-syn-rr
Description Configure hardware SYN round robin (range 1-500000)
Type: number
Range: 1-500000
interval
Description Specify the healthcheck interval, default is 5 seconds (Interval Value, in seconds (default 5))
Type: number
Range: 1-180
Default: 5
ipv4-offset
Description IPv4 Octet Offset for Hash
Type: number
Range: 0-3
Default: 0
l2l3-trunk-lb-disable
Description Disable L2/L3 trunk LB
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-for-reset-unknown-conn
Description Log when rate exceed
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
low-latency
Description Enable low latency mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-buff-queued-per-conn
Description Set per connection buffer threshold (Buffer value range 128-4096)
Type: number
Range: 128-4096
Default: 1000
max-http-header-count
Description Set maximum number of HTTP headers allowed
Type: number
Range: 90-255
Default: 90
max-local-rate
Description Set maximum local rate
Type: number
Range: 1-100
Default: 32
max-remote-rate
Description Set maximum remote rate
Type: number
Range: 1-1000000
Default: 15000
msl-time
Description Configure maximum session life, default is 2 seconds (1-39 seconds, default is 2 seconds)
Type: number
Range: 1-39
Default: 2
mss-table
Description Set MSS table (128-750, default is 536)
Type: number
Range: 128-750
Default: 536
no-auto-up-on-aflex
Description Don’t automatically mark vport up when aFleX is bound
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
one-server-conn-hm-rate
Description One Server Conn Health Check Rate
Type: number
Range: 1-60
override-port
Description Enable override port in DSR health check mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
per-thr-percent
Description Percentage of default session count to use for per thread session table size
Type: number
Range: 1-100
ping-sweep-detection
Description ‘enable’: Enable ping sweep detection; ‘disable’: Disable ping sweep detection(default);
Type: string
Supported Values: enable, disable
Default: disable
pkt-rate-for-reset-unknown-conn
Description
Type: number
Range: 1-1048575
player-id-check-enable
Description Enable the Player id check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port-scan-detection
Description ‘enable’: Enable port scan detection; ‘disable’: Disable port scan detection(default);
Type: string
Supported Values: enable, disable
Default: disable
range
Description auto translate port range
Type: number
Range: 1-3
range-end
Description port range end
Type: number
Range: 0-65535
range-start
Description port range start
Type: number
Range: 0-65535
rate-limit-logging
Description Configure rate limit logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
reset-stale-session
Description Send reset if session in delete queue receives a SYN packet
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
resolve-port-conflict
Description Enable client port service port conflicts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
response-type
Description ‘single-answer’: Only cache DNS response with single answer; ‘round-robin’: Round robin;
Type: string
Supported Values: single-answer, round-robin
scale-out
Description Enable SLB scale out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
scale-out-traffic-map
Description Set SLB scaleout traffic-map
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
service-group-on-no-dest-nat-vports
Description ‘allow-same’: Allow the binding service-group on no-dest-nat virtual ports; ‘enforce-different’: Enforce that the same service-group can not be bound on different no-dest-nat virtual ports;
Type: string
Supported Values: allow-same, enforce-different
Default: enforce-different
show-slb-server-legacy-cmd
Description Enable show slb server legacy command
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
show-slb-service-group-legacy-cmd
Description Enable show slb service-group legacy command
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
show-slb-virtual-server-legacy-cmd
Description Enable show slb virtual-server legacy command
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
snat-gwy-for-l3
Description Use source NAT gateway for L3 traffic for transparent mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
snat-on-vip
Description Enable source NAT traffic against VIP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
snat-preserve
Description: snat-preserve is a JSON Block. Please see below for snat-preserve
Type: Object
software
Description Software
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: softwaresoftware-tls13, QAT, N5-new and N5-old are mutually exclusive
software-tls13
Description Software TLS1.3
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: software-tls13software, QAT, N5-new and N5-old are mutually exclusive
sort-res
Description Enable SLB sorting of resource names
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ssli-cert-not-ready-inspect-limit
Description SSLI asynchronized connection max number, default is 2000 (set to 0 for unlimited size)
Type: number
Range: 0-2147483647
Default: 2000
ssli-cert-not-ready-inspect-timeout
Description SSLI asynchronized connection timeout, default is 10 seconds (seconds, set to 0 for never timeout)
Type: number
Range: 0-2147483647
Default: 10
ssli-sni-hash-enable
Description Enable SSLi SNI hash table
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stateless-sg-multi-binding
Description Enable stateless service groups to be assigned to multiple L2/L3 DSR VIPs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stats-data-disable
Description Disable global slb data statistics
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
substitute-source-mac
Description Substitute Source MAC Address to that of the outgoing interface
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
timeout
Description Specify the healthcheck timeout value, default is 15 seconds (Timeout Value, in seconds (default 15))
Type: number
Range: 1-360
Default: 15
traffic-map-type
Description ‘vport’: traffic-map per vport; ‘global’: global traffic-map;
Type: string
Supported Values: vport, global
Default: vport
ttl-threshold
Description Only cache DNS response with longer TTL
Type: number
Range: 1-10000000
use-default-sess-count
Description Use default session count
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
use-mss-tab
Description Use MSS based on internal table for SLB processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
aflex-table-entry-sync¶
Specification Type object aflex-table-entry-sync-enable
Description Enable aflex table sync
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
aflex-table-entry-sync-max-key-len
Description aflex table entry max key length to sync
Type: number
Range: 0-1000
Default: 1000
aflex-table-entry-sync-max-value-len
Description aflex table entry max value length to sync
Type: number
Range: 0-1000
Default: 1000
aflex-table-entry-sync-min-lifetime
Description aflex table entry minimum lifetime to sync
Type: number
Range: 0-65535
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-response-rate-limiting¶
Specification Type object max-table-entries
Description Maximum number of entries allowed
Type: number
Range: 1000-4194304
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
conn-rate-limit¶
Specification Type object src-ip-list
Type: List
Reference Object: /axapi/v3/slb/common/conn-rate-limit/src-ip/{protocol}
conn-rate-limit_src-ip-list¶
Specification Type list Block object keys exceed-action
Description Set action if threshold exceeded
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
limit
Description Set max connections per period
Type: number
Range: 1-1000000
limit-period
Description ‘100’: 100 ms; ‘1000’: 1000 ms;
Type: string
Supported Values: 100, 1000
lock-out
Description Set lockout period in seconds if threshold exceeded
Type: number
Range: 1-3600
log
Description Send log if threshold exceeded
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
protocol
Description ‘tcp’: Set TCP connection rate limit; ‘udp’: Set UDP packet rate limit;
Type: string
Supported Values: tcp, udp
shared
Description Set threshold shared amongst all virtual ports
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ddos-protection¶
Specification Type object ipd-enable-toggle
Description ‘enable’: Enable SLB DDoS protection; ‘disable’: Disable SLB DDoS protection (default);
Type: string
Supported Values: enable, disable
Default: disable
logging
Description: logging is a JSON Block. Please see below for ddos-protection_logging
Type: Object
packets-per-second
Description: packets-per-second is a JSON Block. Please see below for ddos-protection_packets-per-second
Type: Object
ddos-protection_packets-per-second¶
Specification Type object ipd-tcp
Description Configure packets-per-second threshold per TCP port (default: 200)
Type: number
Range: 0-65535
Default: 200
ipd-udp
Description Configure packets-per-second threshold per UDP port (default: 200)
Type: number
Range: 0-65535
Default: 200
ddos-protection_logging¶
Specification Type object ipd-logging-toggle
Description ‘enable’: Enable SLB DDoS protection logging (default); ‘disable’: Disable SLB DDoS protection logging;
Type: string
Supported Values: enable, disable
Default: enable
snat-preserve¶
Specification Type object range
Type: List
snat-preserve_range¶
Specification Type list Block object keys port1
Description start port
Type: number
Range: 1025-65535
Default: 1025
port2
Description end port which is greater than start
Type: number
Range: 1025-65535
Default: 1025
operational data¶
| Counter | Size | Description | |
|---|---|---|---|
| server-auto-reselect | number | server-auto-reselect |