Академический Документы
Профессиональный Документы
Культура Документы
Beijing Teamsun Technology Co., Ltd. (hereinafter referred to as: Teamsun) is China's leader-class
integrated IT service provider, is the first domestic service
Network covering the entire Greater China region and part of the local IT service provider in Southeast
Asia. Owns two listed companies: Teamsun (on the Shanghai Stock Exchange
City Company: 600410), the Hong Kong ASL Company (Hong Kong Stock Exchange listed companies:
00,771). Headquartered in Beijing, and Hong Kong and in mainland China
Macao and Taiwan, Southeast Asia and other regions with more than 40 branches and employs more
than 5000, either directly or indirectly controlled subsidiaries have more than twenty. Huasheng
Tiancheng listed since 2004, the scale of business CAGR (CAGR) of more than 30%, are business scale
more than 5 billion yuan.
Teamsun business direction involving cloud computing, mobile Internet, networking, information
security and other areas, business areas of IT products and services covered by the application software
Pieces of the development, a variety of IT services such as systems integration and value-added
resellers, the company is China's first IT service products made of. Based on "customer-oriented" by
Business philosophy and the "cooperation and win-win" development strategy, Teamsun based on the
Greater China market, that corporate and government clients improve IT core capabilities for the
mission,
Excellent solution for customers as well as a deep understanding of the business throughout Greater
China and some Southeast Asian region densely efficient service delivery network for our customers
IT provides construction throughout its entire life cycle of the "one-stop" service. Companies in the
telecommunications, postal services, financial services, government, education, manufacturing, energy,
transportation,
Military and other fields have a lot of success stories.
Contact us:
Beijing Teamsun Technology Co., Ltd.
BeiJing Teamsun Technology Co.Ltd.
Headquarters Address: A Block Technology Fortune Center on the 8th Xueqing Road, Haidian District,
Beijing, 10-11
Zip: 100192 Tel: 010-8273988 Fax: 8610-82733999
Pre-sales advice: 010-82733908
Official Website: http: //www.teamsun.com.cn
Microblogging: Teamsun official microblogging V catalog
2013 Teamsun
All rights reserved
III
Table of Contents
About Teamsun: ............................................. .................................................. .............................. II
Contact us: ............................................... .................................................. .................................... II
Table of Contents ................................................. ..................................................
............................................. III
Chapter 1 CLI-based ............................................. .................................................. .............................. 1
1.1 Login AS equipment .............................................. .................................................. ................. 1
1.2 Global access control levels ............................................. .................................................. ......... 2
1.3 Shortcuts ............................................... .................................................. ........................... 2
Chapter 2 Basic System Operation ............................................ ..................................................
...................... 4
Chapter 3 Advanced System Operation ............................................ ..................................................
.................... twenty four
Chapter 4 Link Aggregation ............................................ .................................................. ............................
35
Chapter 5 clusters .............................................. .................................................. .................................. 37
Chapter 6, High Availability (HA) .......................................... .................................................. ................. 46
Chapter 7 server load balancing (SLB) ......................................... .................................................. .. 68
7.1 SLB basic commands .............................................. .................................................. .............. 68
7.2 add real service .............................................. .................................................. .............. 70
7.3 add items and health check health check list of items ........................................ .......................... 83
7.4 Adding virtual services .............................................. .................................................. .............. 93
7.5 Adding a virtual service port range ........................................... ............................................. 100
7.6 Add SLB Groups service ............................................ .................................................. ..... 102
7.7 Adding IP address pool ............................................. .................................................. ........... 121
7.8 for the group to add real service ........................................... .................................................. ... 122
7.9 Other SLB group command ............................................ .................................................. ..... 123
The tail portion is not included. Then, press the "Enter" key. Chapter 1 CLI-based
2013 Teamsun
All rights reserved
2
7 user name "admin" corresponding password will be reset to the default "admin".
Note: If the "admin" user is deleted, "username recovery" function will fail.
1.2 Global access control levels
AS equipment and NetFOS access global configuration provides three levels or modes. Each mode,
respectively, with a particular cursor prompt. CLI mention
AS symbol contains the host name shows the device, followed by ">", "#" or "(config) #".
de
The first level is the user-mode (User Mode). In this mode,
The user is only entitled to perform some very basic operations and non-critical functions. Users
Mode prompt is displayed as "TS>" in the CLI.
NetFOS design process using a shortcut key features to ensure the quality of user-friendly interaction
interface. Users simply enter the first few CLI commands
Letters, AS device can very intuitively complete command. Listed below are shortcuts to other user
actions:
CLI shortcuts
^ a / ^ e use ^ a / ^ e, move the cursor to the beginning or end of the line.
^ f / ^ b using ^ f / ^ b, move the cursor to the previous character or the characters.
Esc-f using the Esc-f, move the cursor one character to move forward.
Esc-b using the Esc-b, move the cursor back one character.
^ d use ^ d, delete the character under the cursor. Chapter 1 CLI-based
2013 Teamsun
All rights reserved
3
CLI shortcuts
Use ^ k ^ k, delete from the cursor to the end of the line.
^ u use ^ u, delete the entire line.
Description: The "^" means press the Control key (Ctrl), simultaneously press the symbol behind the
letters. Chapter 2 Basic System Operation
2013 Teamsun
All rights reserved
4
Chapter 2 Basic System Operation
System Operation section CLI, do not focus on specific details of the AS device. This chapter command
for the device to assign IP address and subnet mask, you can
View current network interfaces and software parameters.
help
Help command displays all commands and functions under the current level. During the AS device
configuration, the user can always call this command at any level.
enable [recovery]
This command is used to enter the Enable level NetFOS's. After the CLI command line enter the
command, the system prompts the user to enter Enable level
This command allows the user to view real-time system warning messages.
If any of the following hardware error occurs, the yellow LED lights will light up on the device. At this
point, the user can run this command to check whether there is
The following hardware error:
1. CPU fan stopped working;
2. CPU overheating (over 85 );
3 system to overheat (1U of devices exceeds 75 , or 2U of devices exceeds 85 );
Among all the way to 4 dual power supply fails (for devices with redundant power supply situation).
Note: If the error elimination, warning information is also cleared. However, users can still view the
related records in the system log.
ip address {system_ifname | mnet_ifname | vlan_ifname | bond_ifname} <ip_address>
{netmask | prefix} [overlap]
This command allows the user to set the IP address, subnet mask, system interface prefix length, MNET
interface, VLAN interface or aggregate interface.
system_ifname system interface name is specified, the default is port1, port2, port3, port4
And so on. (Administrators can use "interface name" command, self-designated Department
System interface name. )
mnet_ifname MNET interface name is specified, the string should be composed of letters and numbers.
vlan_ifname specified VLAN interface name, the string should be composed of letters and numbers.
bond_ifname aggregation interface name is specified, the string should be composed of letters and
numbers. Mo
Recognize aggregate interface name bond1, bond2, bond3, bond4 so on.
ip_address IP address of the specified interface. Can be IPv4 or IPv6 address.
netmask | prefix and prefix length subnet mask specified interface IP addresses.
2013 Teamsun
All rights reserved
6
Address, it can be an integer. If it is an integer, its value
Should be between 0-32.
refix" for an IPv6 address, and its value should be between 0-128.
overlap optional command. Typically, a need to increase the subnet interface is subject to any
Subnet overlapping existing interface, so it is not necessary to specify this parameter. But
Yes, need to be arranged NUMA SLB (single VIP, reverse mode), while
And the need to increase the interface subnet need to overlap with any existing interface subnet
This parameter needs to be specified as "overlap".
This parameter is not used for VLAN interfaces.
For example:
no ip address <interface_name>
This command is used to delete the specified IP address from the configuration.
show ip address
This command is used to display the system's IP address and subnet mask assignment.
clear ip address
This command is used to delete the IP address has been configured.
interface mac <interface_name> <mac_address>
This command is used to configure the MAC address of the interface specified system.
interface_name Specifies the system interface name. The interface can not be VLAN, MNET and poly
Combined interface. If the interface IP address is already in VLAN, MNET, polymerization
Or the SLB virtual service configuration, its MAC address can not be changed.
mac_address specified system interface MAC address.
no interface mac <interface_name>
This command is used to specify the MAC address of the system interface to their default values.
Chapter 2 Basic System Operation
2013 Teamsun
All rights reserved
7
interface_name Specifies the system interface name.
This command allows the user to set the default gateway IP address in the AS device configuration. Only
allows you to configure a default route. IPv4 default gateway IP can be
Or IPv6 addresses.
ip route static <destination_ip> {netmask | prefix} <gateway>
This command is used to configure a static route network. The user can configure multiple static routes.
Specify the destination IP address destination_ip static route. IPv4 or IPv6 address can be
Address. Typically, the IP address is a network address.
netmask | prefix and prefix length subnet mask specified destination IP address.
============================================ ====================
This command will clear the statistics for a specified IP address. If you do not specify an IP address, the
command will clear all the statistics.
ip_address Specifies the IP address to clear statistical information. The address can be an IPv4 or
IPv6 addresses.
interface mtu <interface_id> <mtu_size>
This command allows the user to set up the network can transmit the maximum frame size. Chapter 2
Basic System Operation
2013 Teamsun
All rights reserved
10
On interface_id NetFOS aggregation interface name or the default Ethernet physical interface ID
(Port1, port2, port3, port4 ...). Physical interface device supports AS
The number of ports depends on the device model.
mtu_size maximum transmission unit (MTU) size. The most it is the network that can be transmitted
Large frame sizes. The default is 1500 bytes. TCP / IP uses each one by
Mouth may have different MTU values.
interface name <interface_id> <interface_name>
This command allows the user to set the interface name.
interface_id NetFOS physical interface the default interface ID (port1, port2, port3,
port4 ...). AS the number of physical interfaces supported by the device depends on the device type
Number.
interface_name specify a unique name for the physical interface, by numbers and letters, up to 31
Characters. The default name for the system interface port1, port2, port3, port4
And so on.
interface speed <interface_id> <speed_option>
This command allows the user to set the interface speed. Interface speed 10G ports can only be set to
"adaptive."
The default port ID interface_id NetFOS physical interfaces (port1, port2, port3,
port4 ...). AS the number of physical interfaces supported by the device depends on the device type
Number.
speed_option speed can be divided into 10 MB half duplex, half duplex 100 megabytes, 100 megabytes
whole
Duplex, full-duplex or adaptive 1000 megabytes.
Description: NetFOS default interface speed is set to adaptive. If you pick
Port connected to a device, such as a specific speed and duplex mode
Routes or switches, the user needs to set AS equipment to meet these requirements.
Users can use the "show interface" command to view the current speed setting
Position.
show interface [interface_name]
This command is used to display the current configuration of all system interfaces and VLAN interfaces
have statistics. If developed an interface name, the system will display only Chapter 2 Basic System
Operation
2013 Teamsun
All rights reserved
11
Shows the interface statistics.
interface_name Specifies the system interface or VLAN interface name, composed of letters and
numbers,
Up to 31 characters. The default name for the system interface port1, port2,
port3, port4 so on.
Description:
If the number of packets IP statistics function is disabled, "show interface" command output results
WebWall allowed or discarded are 0. Default
State, IP statistics function is disabled, you can also "ip statistics off" command to disable it.
All virtual IP address in the IP address pool defined output will be displayed in the "show interface"
command which.
clear interface name
This command is used to name all the interfaces to their default values.
clear interface speed {interface_id | all}
This command is used to restore the specified interface speed and duplex mode. "All" means all
interfaces.
This command is used to enable or disable the NIC hardware verification. The default setting is enabled.
This configuration can be used for IPv4 and IPv6 packets. Command "no system
tune hwcksum "is used to restore the default settings of hardware verification.
[no] system tune tcpidle <max_idle_time>
This command allows the user to set the maximum TCP connection idle time (in seconds). Once you
reach the idle time, TCP connection is terminated. Idle
Time range is 60-7200 seconds, the default value is 300 seconds.
no system tune tcpidle command to restore the default maximum idle time value.
[no] system tune attackfilter {level_0 | 1 | 2}
This command is used to set the filter some invalid IP packet level. "Level_0 | 1 | 2" equipment system
parameters for AS level. The default value is 0.
0 disables the internal IP packet filtering. In other words, this parameter allows any
Packets via the Ethernet card into our system.
1 AS device discards the packet meets the following conditions:
Source or destination IP of 0.0.0.0
Source IP is 255.255.255.255
Source IP for 224.x.x.x
TCP port or UDP port is 0.5 which requires the development of a port using fire
Wall.
2 AS device drops packets that meet the following criteria:
Source or destination IP is 0.0.0.0. Chapter 2 Basic System Operation
2013 Teamsun
All rights reserved
13
Source IP is 255.255.255.255.
Source IP for 224.x.x.x.
TCP port or UDP port is 0. This requires the development of an interface to open fire
Wall.
Source IP is the local IP address, but the data packet is received via an Ethernet interface.
system tune tcp retransmit timeout <timeout>
This command allows the user to set data retransmission timeout. The default setting is 1000
milliseconds. In the absence of access to NetF technical support, it is recommended
Do not modify the default settings.
system tune tcp retransmit dupacks <dupacks>
This command allows the user to set the start TCP fast transmission received much duplicate ACK. The
default setting is 3 in the case did not get NetF supported under
Not recommended to modify the default settings.
system tune tcp retransmit policy {newreno | adaptive}
This command allows the user to enable the rapid transmission of the default algorithm TCP NewReno
to shift from Adaptive. Without obtaining technical support NetF
Under the circumstances, it is recommended not to change the default settings.
system tune tcp slowstart {on | off}
In the absence of access to NetF technical support, it is recommended not to change the default
settings. The default state is enabled.
system tune tcp delack count <count>
This command is used to configure the ACK maximum delay count. "Count" is defined maximum data
can be delayed ACK packet. The default value is 4.0, indicating no delay
ACK.
system tune tcp delack timeout <timeout>
The command to configure the maximum delay ACK timeout (in milliseconds). "Timeout" to define the
maximum delay ACK timeout (in milliseconds), the value must
Is a multiple of 10. The default is 100 milliseconds.
system tune tcp syntimeout <min_timeout>
The minimum timeout This command is used to set TCP SYN packets, in seconds. The default is 60
seconds.
no system tune tcp delack
This command is used to restore the TCP delayed ACK to the default settings. Chapter 2 Basic System
Operation
2013 Teamsun
All rights reserved
14
no system tune tcp retransmit {timeout | dupacks | policy}
This command is used to specify the TCP re-transmission settings (timeout period, repeated
confirmation and policies) revert to the default settings.
no system tune tcp slowstart
This command is used to slowstart set back to the default (enabled).
system tune tcp zwdefend {on | off}
This command is used to enable or disable the zero window probe timer. The default is disabled.
system tune ip randomid {on | off}
This command allows the user to enable or disable the feature set of random numbers for an IP packet.
By default, this feature is disabled, an IP packet
The numbers increase sequentially. If you enable "randomid", IP packet numbers will be randomly
generated.
system tune tcp pktdropopt <packet_drop_option>
When the TCP packet in a closed TCP port accepts and discards, this command to control the discarding
of packets. This feature is beneficial to prevent
Port scan on the system or trying to detect system vulnerabilities service behavior. In addition, it can
stop trying to implement a DoS attack behavior.
packet_drop_option optional values have 0,1,2 default is 2.
P packets.
no system tune tcp pktdropop
This command is used to discard TCP packets return to the default behavior. Chapter 2 Basic System
Operation
2013 Teamsun
All rights reserved
15
no system tune udp pktdropop
This command is used to discard UDP packet back to the default behavior.
[no] system tune accel {oa | mq}
This command is used to enable the AS device load balancing acceleration. To enable this feature, the
administrator must first "slb directfwd on" command to enable
DirectFWD function. No system tune accel AS device used to disable load balancing acceleration.
oa | mq This parameter is used to specify the load balancing accelerated mode.
oa: AS device only when the configuration of a VIP, parameter "oa" to start
By deploying Layer 4 SLB arm acceleration.
mq: When multiple VIP on the AS, the parameter "mq" is used to enable the 4th
Layer SLB and LLB acceleration.
Description: When load balancing acceleration through the "system tune accel mq" command is
enabled, the data can not be in 10G NIC AS equipment and
Transmission between 1G NIC. When the "system tune accel mq" and "system tune dispatcher numa"
commands are configured, systemic
Can be substantially reduced. Therefore, only one configuration command.
NetFOS TM8.4 optimized TCP options. Added three TCP options: Window Scale, Timestamp, and
Selective
Acknowledgment (SACK). NetFOS TM8.4 fully support these three TCP options, the system's MSS
options and SLB virtual service functions
Energy. The following new command to configure these TCP options.
system tune tcp option wscale on [shift_count]
This command is used to enable the Window Scale option system. The default is disabled.
shift_count optional. This parameter specifies the system to change the window size by right shift key
when
Number of bits. This parameter is in the range of 0-14. The default is 3. This parameter
Disable Timestamp.
slb tcpoption sack <virtual_service> {on | off}
This command is used to enable or disable the SACK option of a virtual service. The default is disabled.
virtual_service specify a virtual service.
on | off If this parameter is set to "on", to enable SACK Option specified virtual services
If this parameter is set to "off", disabling specified virtual service SACK; items
Option.
slb tcpoption mss <virtual_service> [size]
Maximum segment size of this command is used to set a virtual service (MSS).
virtual_service specify a virtual service.
size is optional. This parameter specifies the MSS size in bytes. This parameter Chapter 2 Basic System
Operation
2013 Teamsun
All rights reserved
18
In the range of 536-1460. Default value is 0, indicating that MSS option
Current virtual service disabled. Otherwise, said the MSS option is enabled.
ip nameserver <ip>
This command allows the user to add three name servers. The user can only enter a domain name
server IP address, the standard dotted format. If you use
Households trying to add a fourth name servers, AS device will alert the user to first remove a domain
name server address of the original set, and then can receive
New data.
show ip nameserver
This command allows the user to display the name server IP address.
no ip nameserver <ip>
This command allows the user to delete a domain name server from the configuration protocol.
[no] fwd mode {nontransparent | transparent}
This command allows the user to set the operating mode. AS device will use NetF management IP (nontransparent) or customer IP (transparent) even as port forwarding
show date
This command allows the user to view the date and time to run the equipment.
system time <hour> <minute> <second>
If a network does not rely on an NTP server, the user can use this command to set the time for the AS
inside the device. The value of each parameter can be
According need to enter one or two figures (Note: AS device uses a 24 hour clock / military standard
clock). For example, if a user wants to enter in the afternoon
11:33:51 This time, according to the following steps to enter:
2013 Teamsun
All rights reserved
20
NG: 0
Output compared with the "show memory", "TIME_WAIT" value and "USED" TCP small pcb same. All
other items, from the "LISTEN"
Value to "FIN_WAIT", adding equal USED "TCP pcb items.
hostname <host_name>
This command allows the user to set or change the name of an AS device, even when specifying the
device has not been running this operation can be carried out (device name
Will be saved in the running configuration among all the other, named after the new equipment added
to the system and run, machine tools tell new machines will be notified of its new distribution
Name). The device name can be a string of alphanumeric combinations sustained, may also be a string
of double quotes alphanumeric combinations. Currently, the host name of the
Great length is 64 characters.
show hostname
This command is used to display the host name of a AS device.
no hostname
This command is used to delete the host name of a AS device. After the host name deleted, the host
name to the default value "TS" replaced.
[no] system mail from <from_string>
This command is used to configure the log messages sent from the AS device sender e-mail address. For
some events configuration (for example, URL filtering and logging
Reminders), AS device will use this address as the sender address configured to send log messages to
the administrator. No system mail from command to remove hair
Piece people e-mail address configuration.
For example:
According to the above command configuration, the administrator receives an email, the sender will be
displayed as "online@teamsun.com.cn".
Following string support "from_string" parameter configuration:
% h "hostname" command to define the host full name. Chapter 2 Basic System Operation
2013 Teamsun
All rights reserved
Twenty one
% q If you want to enter the double brackets, please "% q" instead. For example, to enter "" an ""
When should type "% qan% q".
%% If you want to enter the percent sign, type "%%."
(In the above string, the first character "%" is an escape character which can be used to configure a
separate process.)
"From_string" The default value is "% h alert@log.domain".
[no] system mail hostname <host_string>
This command is used to configure the device to send log messages AS host name. For some events
configuration (for example, URL filtering and logging reminders), AS
Device will use this host name in the log messages sent to the administrator of the. No system mail
hostname command to remove the host name configuration.
For example:
With the above command configuration, when the administrator receives an e-mail, e-mail header
information in the host name appears as "AS01":
-Uidl: AAAxppMAAAQQC9mCRRdJp + 0gm9UwkbuD && mail.teamsun.com.cn
AS device will use "relay.com" and the host name "teamsun.com.cn" send a message. However, we
must first ensure that the device can find AS
To the relay server "relay .com", or to ensure that DNS to find it.
show system relay
This command is used to display the configuration and status of relay services.
clear system relay
This command is used to delete all the relay server, or disable mail relay service.
no system mail relay server <host_name>
This command is used to delete the system mail relay server configuration records.
system interactive on
This command is used to enable the CLI commands in interactive mode. If you use this command, the
system will display the results of the command more information.
system interactive off
This command is used to enable the CLI command active mode. After executing the command, the
system will reduce the command results are displayed. This is the default setting.
show system interactive
This command is used to interact with the reality of the current system settings (on | off).
system command timeout <timeout>
System startup or user executes | when "config file config memory" command, this command is used to
set the execute command timeout. Fastlog and Chapter 2 Basic System Operation
2013 Teamsun
All rights reserved
Twenty three
syslog records timeout command to use when troubleshooting.
timeout Specifies the timeout value (30-65535 seconds). The default value is 120 seconds.
show system command timeout
Run this command timeout values for display.
setup
This command allows the user to log wizard navigation mode, the user can set up to guide the next
steps AS device in the system.
switch weblink <url>
This command is used to configure the management URL AS-device switch. By specifying a URL, you can
page through the AS WebUI configuration switches.
Description: This command is only used AS35xx and AS4600 Chapter 3 Advanced system operation.
2013 Teamsun
All rights reserved
Twenty four
Chapter 3 Advanced System Operation
Implementation of object address translation is IPv4 packets. However, if the first condition is met, the
address conversion data packets will be IPv6 packet.
vip a virtual IP address is provided. Can be IPv4 or IPv6 address.
Note: If you configure the VIP address with other systems interface IP address is not
On the same network segment, VIP address by default bound to port1 interface. Chapter 3 Advanced
System Operation
2013 Teamsun
All rights reserved
29
Thus, the interface port1 must be pre-configured with an IP address.
network_ip implementation of network switching network IP. Can be an IPv4 or IPv6 address
Address.
timeout timeout value (in seconds); default is 60 seconds.
Gateway IP address gateway packet routing actions of converted after. This address can be
Be IPv4 or IPv6. The default value of IPv4 address 0.0.0.0, IPv6
Address can be specified only ::.
Description description "nat static" configuration, or as a reminder memo recording. Description
Said content should be placed within double quotes, the maximum length is 31 characters.
Description: L2 SLB configuration does not work with "nat static" configuration. When "nat static" and a
system interface has been configured with SLB
, You can not take effect.
no nat static <vip>
This command is used to delete the specified virtual IP address from a static NAT configuration.
show nat static
This command is used to display all the static NAT configuration.
clear nat static
This command is used to stop or delete static NAT configuration.
nat protocol pptp [port]
This command is used to enable NAT traversal function PPTP tunnel. This feature is enabled by default.
PPTP server port specified port number. The default is 1723.
rip version {1 | 2}
This command is used to RIP version is set to RIPv1 or RIPv2.
[no] rip network <ip_address> <netmask>
This command is used to enable or disable the RIP interface, such an interface address and parameters
"ip_address" match.
show rip status
This command is used to display the RIP status.
show rip settings
This command displays the current settings RIP.
ospf {on | off} Chapter 3 Advanced System Operation
2013 Teamsun
All rights reserved
31
This command is used to enable or disable OSPF. OSPF feature is disabled by default.
Note: When OSPF is enabled, the system will analyze OSPF routing. However, after the OSPF routing
analysis does not take effect immediately. They will
Take effect within 30 seconds.
[no] ospf network <ip_address> <netmask> <area_id>
This command is used to enable or disable the OSPF interface, and defines an area ID for those
interfaces.
area_id assigned identification number (0-4294967295) interface.
show ospf status
This command is used to display OSPF running.
show ospf settings
This command displays the current settings for OSPF.
ipv6 ospf {on | off}
This command is used to enable or disable the OSPFv3 feature (IPv6 OSPF). This feature is disabled by
default.
ipv6 ospf routerid <id>
This command is used to set the address format dotted IPv4 OSPF routing ID.
6 ospf on
Description: AS equipment manufacturers can configure multiple IP address pool, an IP address pool can
add up to 256 IP addresses. The largest pool of IP addresses
Varies with changes in the number of system memory. Details refer to the following table.
The maximum number of IP addresses of system memory pool
4GB 32
8GB 64
16GB 128
32GB 256
no ip pool <pool_name> [start_ip]
This command is used to delete an IP network segment from the specified IP address pool.
pool_name IP address pool name.
Start IP address to be deleted start_ip IP segment. For the initial configuration
IP, IP network in order to start the IP address will be deleted.
Optional. If not specified, the specified IP address pool will be deleted.
clear ip pool [pool_name]
This command is used to delete the specified IP address pool. If you do not specify "pool_name"
parameter, this command will delete all the IP address pool. Chapter 3 Advanced System Operation
2013 Teamsun
All rights reserved
34
show ip pool [pool_name]
This command is used to display the specified IP address pool configuration information. If you do not
specify "pool_name" parameter, this command will display all IP address pools
Configuration information. Chapter 4 Link Aggregation
2013 Teamsun
All rights reserved
35
Chapter 4 Link Aggregation
Link aggregation configuration commands are designed to help the user to set the key parameters to
use this new feature.
2013 Teamsun
All rights reserved
36
clear bond [bond_name]
This command is used to aggregate interface configuration to its default value. If you do not specify an
aggregate interface name, all aggregation interface configuration will be deleted.
Chapter 5 clusters
2013 Teamsun
All rights reserved
37
Chapter 5 clusters
This chapter describes the commands to configure the cluster function.
show cluster virtual status [interface_name]
This command is used to output AS device features a cluster state (including on or off), the status of
each virtual cluster configuration (incomplete state, initialization,
Backup or primary device status), as well as interface name and link status assigned to each virtual
cluster.
If you specify an interface name, the system will display only the cluster status information for the
interface.
interface_name Specifies the interface name, can be a system interface, aggregate interfaces, VLAN
access
Mouth or MNET interface.
For example:
3 will pull control cable from the control port, insert FFO port.
Press the Enter key to see whether the system prompts for any information:
6. execute "system test failover port off" on the terminal software, disable test mode.
show cluster virtual config [interface_name]
Chapter 5 clusters
2013 Teamsun
All rights reserved
39
This command is used to display the current virtual cluster configuration or all interfaces virtual cluster
configuration. If you specify an interface name, the system will only display the
Interface cluster status information.
interface_name Specifies the interface name, can be a system interface, aggregate interfaces, VLAN
access
Mouth or MNET interface. The default is All.
For example:
(config) #show cluster virtual config port2
2013 Teamsun
All rights reserved
40
clear cluster virtual {interface_name | all} {cluster_id | 0}
This command is used to delete the virtual cluster from the specified system interface.
interface_name | all specified interface name, can be a system interface, aggregate interfaces, VLAN
access
Mouth or MNET interface. "All" means all existing interfaces.
cluster_id | 0 specified to be deleted virtual cluster ID, in the range of 1-255. "0" means
With all the virtual cluster.
cluster virtual vip <interface_name> <cluster_id> <vip>
This command is used to configure virtual IP address for specifying a virtual cluster interface.
interface_name Specifies the interface name, can be a system interface, aggregate interfaces, VLAN
access
Mouth or MNET interface.
cluster_id a virtual cluster ID, the minimum decimal value of a maximum of 255. A
A cluster ID can contain up to 255 virtual IP addresses. Located in different
Virtual ID interface is the same as different virtual ID. With the same virtual
All virtual IP address ID have the same status (primary and backup).
vip a valid virtual IP address, which can limit the IP address of the alternate functions,
For example loopback, multicast, and other common specific range. Input
Each virtual IP address must be unique and can be IPv4 or IPv6
Address.
cluster virtual auth <interface_name> <cluster_id> {0 | 1} [password]
This command is used to configure the virtual cluster authentication.
interface_name Specifies the interface name, can be a system interface, aggregate interfaces, VLAN
access
Mouth or MNET interface.
cluster_id a virtual cluster ID, the minimum decimal value of a maximum of 255.
0 | 1 value of "0" without using a password authentication type represents a value of "1"
This command is used to set up a virtual cluster priority. Priority number is 1-255, where 255 is the most
advanced.
interface_name Specifies the interface name, can be a system interface, aggregate interfaces, VLAN
access
Mouth or MNET interface.
Chapter 5 clusters
2013 Teamsun
All rights reserved
42
cluster_id virtual clusters assigned identification number.
priority to configure this parameter to determine the redundancy priority. The larger the value of the
parameter, the priority
Higher. In the range of 1-255.
synconfig_peer_name optional parameters. The default value is "Primary". In addition to the default
value ("Primary"),
This parameter can be "synconfig peer <peer_name>
<peer_ip> "command defines the configuration of the end of any synchronization when the value is
When the "Primary", this command applies to the local node. When the parameter is set to a
Actual synchronization configuration client name, client name synchronization configuration command
applies the corresponding
Node. It can also be configured to synchronize the local client node definition. This
, The command applies to the local node.
no cluster virtual vip <interface_name> <cluster_id> <vip>
This command is used to remove the VIP from the specified cluster ID and interface name.
Description:
When the master or a virtual cluster on the standby node is deleted, the primary and standby nodes
state immediately switched to "INIT". At the same time,
Cluster standby node will replace the master node to become the new master with node.
If the virtual cluster on the primary and backup node configuration is different, the two state nodes may
become "MAST", thus leading to an IP address conflict. Therefore,
Before changing the master node configuration, it is strongly recommended that you disable the cluster
function on the standby node, and then after the completion of the master node configuration changes
for the standby node
Synchronized standby node configuration.
no cluster virtual auth <interface_name> <cluster_id>
This command is used to restore the default settings cluster certification (false).
no cluster virtual interval <interface_name> <cluster_id>
This command is used to advertise the interval to restore the default value (5 seconds).
no cluster virtual preempt <interface_name> <cluster_id>
This command is used to restore the cluster preemptive mode to the default value (true).
no cluster virtual priority <interface_name> <cluster_id> [synconfig_peer_name]
This command is used to restore the cluster priority to the default value (100), or delete the cluster
priority information specified by this parameter.
Chapter 5 clusters
2013 Teamsun
All rights reserved
43
interface_name Specifies the interface name, can be a system interface, aggregate interfaces, VLAN
access
Mouth or MNET interface.
cluster_id designated identification number assigned to the virtual cluster.
synconfig_peer_name optional. The default value is "Primary". In addition to the default value
("Primary"),
The value can be "synconfig peer <peer_name> <peer_ip>"
Order any synchronization configuration end definition. When this value is set to "Primary"
When the local node synchronization settings or client name, this command will local node cluster
Priority revert to the default value (100). When this value is set to other synchronization
When configuring the client name, this command only from the local node cluster removes the cluster
priority
Level information.
cluster virtual discreet {on | off}
This command is used to enable or disable the discrete cluster standby mode (Discreet Backup). In this
mode, the system through one mind jumper
Main (Heartbeat cable) collected from the device status information to determine the status of the
master and slave devices, and ultimately determine whether you need to switch the master and slave
device status.
In this mode, the status of the device to switch between more secure, VRRP packet loss does not cause
double the host state. By default, this mode
For the disabled. Note: In the discrete standby mode, the system collects status information via
heartbeat, and therefore should ensure that between master and slave devices correct heartbeat
Connection, and through "cluster virtual ffo on" command first enable heartbeat (heartbeat and FFO
line is a line).
show cluster virtual discreet
This command is used to display the configuration of discrete standby mode.
For example:
- receive none VRRP advertisements from master for two intervals while in
backup state, but receive a valid VRRP advertisement before timeout (three intervals)
lower priority)
Note: The content above in brackets are for output explanation.
clear statistics cluster virtual [interface_name] [cluster_id]
This command is used to delete a cluster statistics for the specified interface, including the designation
of the virtual cluster and all the virtual cluster. By default, all cluster
Use "interface_name" argument, delete the cluster statistics for all interfaces. By default, the parameter
"cluster_id" is set to 0,
Deletes cluster statistics for all virtual cluster.
Chapter 5 clusters
2013 Teamsun
All rights reserved
Forty five
cluster virtual arp interval [seconds]
This command is used to set the master device broadcasts a gratuitous ARP interval.
seconds time interval can be any integer from 0, or between 30-65535,
In seconds. The default is 60 seconds. 0 indicates that the device used to convert to the main form
After the state broadcasting only gratuitous ARP messages.
Chapter 6 line availability (HA)
2013 Teamsun
All rights reserved
46
Chapter 6, High Availability (HA)
This chapter describes the function of HA configuration commands.
ha on
This command is used to enable the HA feature.
Description: IP address pool must be configured to use HA HA enabled before. If the IP address pool
configuration after HA is enabled, you will need to reStart HA function, it will first disable and then enable the feature.
ha off [force]
This command is used to disable the HA feature. By default, HA feature is disabled.
When the force when a unit device joins HA domain and appears to hang, this parameter is used
Disable HA functionality.
ha unit <unit_name> <ip_address> [port]
This command is used to join a domain HA HA units. An HA domain allows a maximum of 32 units.
unit_name designated HA unit name, case sensitive, letters and numbers,
Up to 8 characters. The name of each unit in an HA domain should be independent
One goes for.
ip_address HA units specified IP address used for communication with the other main link unit.
Can be IPv4 or IPv6 address.
port is optional. Specify the port to communicate with other units using the main link. The default value
To 65521.
Note: Before you configure the local unit, you must first configure the IP address of the local unit of the
interface. Otherwise, the local unit HA domain and can not be identified.
An IP address HA field units must be all IPv4 or IPv6.
By "ha unit" command to add multiple domains after an HA unit, the system will automatically create a
master link connection between the two units.
no ha unit <unit_name>
This command is used to remove a unit from HA HA domain. Chapter 6 line availability (HA)
2013 Teamsun
All rights reserved
47
Note: If the local unit is removed from the HA domain, all "ha hc ..." to configure the local unit will be
deleted, "ha hc peerunit" configuration will be restored
Complex as the default.
ha link network secondary <unit_name> <link_id> <ip_address> [port]
This command is used to configure a backup link an HA unit. Between the two HA units can be
configured with up to 31 standby link.
unit_name designated HA unit name.
link_id specify an alternate link ID. This parameter ranges between 1-31. two units
Each backup link ID should be unique.
ip_address HA units specified IP address, which is used to communicate with the other units
Backup link. The address can be an IPv4 or IPv6.
port is optional. Specify the port to communicate with other units to use an alternate link. Default
Value of 65521.
Please note that when creating a backup link between the two units, you should have two units decibels
configure a backup link the same ID.
For example, two HA units "u1" and "u2" the IP address of 192.168.1.1 and 192.168.1.2. Were prepared
in order to establish a unit between the two
With link two units must perform the following two commands:
ha link ffo on
This command is used to enable FFO linked HA functionality. FFO for the HA domain links only two units.
FFO is disabled by default link.
ha link ffo off
This command is used to disable the HA feature FFO link.
ha group id <group_id>
This command is used to define the local unit of a floating IP group. Each unit can define up to 256
groups.
group_id specified floating IP group ID, in the range of 0-255.
no ha group id <group_id>
This command is used to delete the local unit of the floating IP group.
clear ha group id
This command is used to delete the local unit all floating IP group.
ha group fip <group_id> <floating_ip> [interface_name]
This command is used to specify the IP group to configure a floating floating IP address. The total
number of floating IP address and a floating floating IP IP group configuration
Range must not exceed 16.
group_id specified for floating IP group ID, in the range of 0-255.
floating_ip specify the floating IP address can be an IPv4 or IPv6 address.
interface_name optional. This parameter specifies the interface needs to be bound to a floating IP
address.
no ha group fip <group_id> <floating_ip>
This command is used to delete the specified IP group in a floating floating IP address.
clear ha group fip <group_id> Chapter 6 rows high availability (HA)
2013 Teamsun
All rights reserved
49
This command is used to delete the specified floating IP in the group all floating IP addresses.
ha group fiprange <group_id> <start_floating_ip> <end_floating_ip> [interface_name]
This command is used to configure a floating IP range for the specified floating IP group, and then bind
to a specific system interface. Each float
IP ranges contain up to 256 IP addresses. A floating IP group floating floating IP address range of IP
addresses and configuration can not total more than 16
Months.
group_id specified floating IP group ID, in the range of 0-255.
start_floating_ip floating starting IP address specified IP addresses can be IPv4 or IPv6.
end_floating_ip specify the IP address of the end of the floating IP addresses can be IPv4 or IPv6
Address.
interface_name Specifies an interface bound to a floating IP address segment.
Note: All IP addresses contained in the floating IP addresses, including the start IP and end IP, can not be
"ip address" command to assign specific access
Mouth.
Floating range of IP addresses must be greater than or equal to any existing IP address pool range.
no ha group fiprange <group_id> <start_floating_ip> <end_floating_ip>
This command is used to delete the specified IP group in a floating floating IP addresses.
clear ha group fiprange <group_id>
This command is used to delete the specified IP addresses for all floating floating IP group.
ha floatmac on
This command is used to enable the floating MAC function of HA. After enabling this feature, floating
MAC address (via "ha floatmac mac" setting) is cut
Unit interface change to the group status is "Active" is. Thus, when the group state switch, the customer
does not realize that provide application services equipment occurred
Changes in the group because the state before switching to provide application services device's MAC
address has not changed.
By default, the floating MAC feature is disabled. Before enabling this feature, HA function must first
perform "ha off" command to disable HA features.
Note: If the primary link between the unit and only available, it is recommended not to enable the
floating MAC functions, in the group fails, it could lead to float
IP Group abnormal state.
Chapter 6 ha floatmac off-line availability (HA)
2013 Teamsun
2013 Teamsun
All rights reserved
51
group_id specified floating IP group ID.
priority specify a priority on specific cell-specific floating IP group. Value
Range is 0-255. The larger the value, the higher the priority.
Note: Administrators can modify the unit floating IP group priority by this command. If one unit of a
floating IP group priority
Is not specified, the reorganization will not take effect in this unit, group status will always remain "Init".
no ha group priority <unit_name> <group_id>
This command is used to delete a specific IP group floating on a specified unit priority.
ha group preempt on <group_id>
This command is used to enable a specific floating IP group preemption mode. Preemption mode is
enabled, the group with the highest priority on the available floating unit
IP Group will always remain "Active" status. By default, the floating IP groups to enable preemptive
mode.
group_id specified floating IP group ID, in the range of 0-256. "256" represents
Enable preemption mode for all floating IP group.
Note: To ensure preemptive mode to specify the floating IP group into effect, to ensure that all
elements of this group has been in force preemption mode is enabled.
ha group preempt off <group_id>
This command is used to disable a specified group of floating IP preemption mode.
group_id specified floating IP group ID, in the range of 0-256. "256" indicates
All floating IP group only preemption mode.
ha group enable <group_id>
This command is used to enable the local unit to specify a floating IP group. By default, IP Group Disable
All. If a floating IP group in more than one
Yuan is enabled, only the group status is "Active" in the unit in order to provide services at the time of
the reorganization. By performing "ha group fip" and "ha group
fiprange "command, floating IP and application services group can establish contact.
group_id specified floating IP group ID, in the range of 0-256. "256" means
Yuan.
gateway_ip specify the gateway IP address for a particular HA units. It can be IPv4
Or IPv6 addresses.
condition_name health check conditions specified name. This parameter ranges
GATEWAY_1 to GATEWAY_32.
interval is optional. This parameter specifies the time interval of health checks, the unit is milli
Seconds. This parameter is the range 1000-10000 milliseconds. The default value Chapter 6 rows high
availability (HA)
2013 Teamsun
All rights reserved
53
1000 milliseconds.
up_check_times optional. Specifies the health check results of this parameter is used for the "Up"
duration
Value. This parameter ranges from 3-10. Default value is 3.
down_check_times optional. This parameter specifies the number of times continued health inspection
results for "Down" in
Value. This parameter ranges from 3-10. Default value is 3.
Description: On the local unit, although you can configure the gateway health check conditions on other
units, but only the local unit gateway health check condition
To take effect.
no ha hc gateway <unit_name> <gateway_ip>
This command is used to delete a specified HA unit of a gateway health check condition.
clear ha hc gateway
This command is used to delete all the HA unit configured gateway health check condition.
ha hc cpu overheat <temperature> [interval] [up_check_times] [down_check_times]
This command is used to configure a CPU local HA units overheating health check condition.
temperature for the CPU overheat threshold set temperature, unit . This parameter ranges
1-100.
interval is optional. This parameter specifies the health check interval, in milliseconds. The
fatal_percent set a threshold for a specified ATCP region memory applications. The parameter values
Fan
Wai is 1-100, in percent.
condition_name health check conditions specified name. This parameter ranges
ATCPZONE_1 to ATCPZONE_64.
up_check_times optional. This parameter specifies the ATCP area does not exceed the threshold of
memory applications hold
Duration values. This parameter ranges from 3-10, the default value is 3.
down_check_times optional. This parameter is specified ATCP memory applications exceeds the
threshold region continued
The value of time. This parameter ranges from 3-10, the default value is 3.
no ha hc memory atcpzone <zone_name> <condition_name>
This command is used to delete a specific local HA unit ATCP zone configuration memory application
health check condition.
clear ha hc memory atcpzone
This command is used to delete all local HA unit ATCP zone configuration memory application health
check condition.
ha hc memory mbuf <fatal_percent> [up_check_times] [down_check_times]
This command is used to configure a Mbuf application health check conditions for local HA units.
Chapter 6 line availability (HA)
2013 Teamsun
All rights reserved
57
fatal_percent for Mbuf application specified threshold. This parameter ranges from 1-100, single
Position as a percentage.
up_check_times optional. This parameter specifies the application is not Mbuf threshold duration
exceeds
Value. This parameter ranges from 3-10, the default value is 3.
down_check_times optional. This parameter specifies the duration of the value exceeding the threshold
Mbuf application.
The range of this parameter is 3-10. The default value is 3.
no ha hc memory mbuf
This command is used to delete a local HA unit configured Mbuf application health check condition.
ha hc memory mpool <mpool_name> <fatal_percent> <condition_name> [up_check_times]
[down_check_times]
The command for the local HA units of a particular memory pool (mpool) to configure a memory
application health check condition.
mpool_name for a mpool specified name. Enter the name to distinguish the size mpool
Writing, and must be enclosed in double quotes. It only supports the following predefined name
Said:
ache Transactions
2013 Teamsun
All rights reserved
58
ePolicy_group
fatal_percent specified threshold for a particular mpool memory applications. This parameter ranges
100, in units of percentage.
condition_name specify a name for a health check condition. This parameter ranges
MPOOL_1 to MPOOL_16.
up_check_times optional. The parameters for a specific application mpool memory duration does not
exceed the threshold
Values between. This parameter ranges from 3-10, the default is 3.
down_check_times optional. This parameter is application-specific memory mpool duration exceeds the
threshold value
Between set value. This parameter ranges from 3-10. The default value is 3.
no ha hc memory mpool <mpool_name> <condition_name>
This command is used to remove the local HA unit configured to develop a memory applications mpool
health check condition.
clear ha hc memory mpool
This command is used to delete all mpool local HA unit configured memory application health check
condition.
ha hc memory system [free_space_threshold] [used_swap_threshold] [up_check_times]
[down_check_times]
This command is used to configure the system memory health checks conditions for local HA units. HA
unit will also check the system is less than the available memory space available
Thresholds, as well as swap space has been used exceeds the threshold. In the health check process, if
the system is less than the available memory space available threshold or
Who has exceeded the threshold value with the swap space, the health check result is "Down".
free_space_threshold optional parameters. This parameter specifies the system free space threshold,
the unit MB.
This parameter ranges 50-8192MB. The default 50MB.
used_swap_threshold optional parameters. This parameter specifies the threshold of swap space has
been used, the unit MB.
This parameter ranges from 0-8192. Default is 0, indicating that the system does not
Check with the swap space exceeds the threshold.
up_check_times optional parameters. This parameter specifies the health inspection results for "Up"
duration
Value. This parameter ranges from 3-10, the default is 3.
down_check_times optional parameters. This parameter specifies the check result is "Down" the
duration of a few lines in Chapter 6 High Availability (HA)
2013 Teamsun
All rights reserved
59
Value. This parameter ranges from 3-10, the default is 3.
no ha hc memory system
This command is used to delete a local HA unit configured system health check memory conditions.
ha hc memory interval [interval]
This command is used to configure the HA unit in the local implementation of all types of memory
interval health check. The time interval for the following types of memory health check
Entry into force:
interval optional parameters. This parameter specifies the time to implement memory health check
interval,
Milliseconds. This parameter ranges 5,000-1,000,000 ms
The default 5000 milliseconds.
clear ha hc memory all
This command is used to remove the local HA unit health checks for all types of memory configurations.
ha hc process <process_name> <condition_name>
This command is run for the local unit of an HA configuration health check process conditions.
process_name specified process name. Enter the name of the process is case-sensitive, and only
supports
The following predefined names:
emon
2013 Teamsun
All rights reserved
60
condition_name health check conditions specified process name. This parameter ranges
PROCESS_1 to PROCESS_32.
no ha hc process <process_name> <condition_name>
Health check conditions of this command to delete a particular process running locally HA unit
configuration.
clear ha hc process
This command is used to remove the local HA unit all processes running health check condition
configuration.
ha hc vcondition name <vcondition_name> <condition_name> <logic>
This command is used to configure a health check condition group (vcondition) for local HA units.
Vcondition can nest multiple child health check of
Pieces. Child health check condition can be real health check condition, may also be another nested
more child health check condition vcondition.
vcondition_name designated vcondition name. The maximum length of the name is 128 Vcondition
Characters.
condition_name designated vcondition associated with the predefined condition name. This parameter
takes
Values range V_1 to V_32.
logic to specify the logical relationship between vcondition multiple sub-conditions can be
"TSD" or "OR". When the specified logical relationship is "TSD", only the
There are sub-conditions are met, vcondition to meet. When the specified logical
Series relationship is "OR", as long as any one sub-conditions are met, vcondition
Able to meet.
no ha hc vcondition name <vcondition_name>
This command is used to remove the local unit specified vcondition. Chapter 6 line availability (HA)
2013 Teamsun
All rights reserved
61
Note: When performing "no ha hc vcondition name" command to delete the specified vcondition,
vcondition associated with this configuration is also
Deleted, including sub-failure conditions and related rules.
clear ha hc vcondition all
This command is used to delete all local units vcondition.
ha hc vcondition member <vcondition_name> <subcondition_name>
This command is used to add a child to a specified condition vcondition in. A vcondition can be nested
up to 16 sub-criteria.
vcondition_name vcondition specify a name.
subcondition_name specify the name of a sub-condition, which can be a real health check of
Pieces, it can be a vcondition.
no ha hc vcondition member <vcondition_name> <subcondition_name>
This command is used to delete a specified vcondition condition of a child.
clear ha hc vcondition member <vcondition_name>
This command is used to delete a specified vcondition in all sub-conditions.
show ha condition [unit_name]
This command is used to display a specified HA unit's health status.
2013 Teamsun
All rights reserved
62
Pieces.
TEWAY_32: Gateway health check condition.
memory
Health check condition.
Pieces.
ck condition.
When action_name certain designated health inspection results for "Down", designated it to be
executed
Impaired operation. The parameter values can be "Unit_Failover",
"Group_Failover" or "Reboot".
Floating group_id specify an expiration rules in force IP group ID. Only
When "action_name" parameter is set to "Group_Failover", this parameter
To take effect.
Description:
To ensure that each unit can get running other peer units, failure to configure the rules must be the
same for all units.
The system provides predefined rules fail. You can run "show ha decision" command to view these
predefined rules. These predefined rules
"Condition_name" is PORT_1 ~ PORT_32, the corresponding "action_name" is all "Group_Failover". You
can run
"Ha decision rule" command to modify these predefined rules "action_name".
no ha decision rule <condition_name> <action_name> <group_id>
This command is used to delete a specified group of a floating IP fail rules.
Note: If the parameter "condition_name" is set to a value from "PORT_1" to "PORT_32" in the system
will be
"Action_name" restore "Group_Failover". Chapter 6 line availability (HA)
2013 Teamsun
All rights reserved
63
clear ha decision rule
This command is used to remove all the invalid rule floating IP group.
Description: The execution of this command does not delete the predefined rules fail. However, the
predefined rules "action_name" will return to the
"Group_Failover".
show ha decision
This command is used to display the local unit all the rules floating IP group all failures, including
predefined rules and custom rules.
For example:
ha synconfig bootup on
This command is used to enable the bootup synconfig function. This feature is enabled by default.
Description:
In bootup synconfig mode, the local unit only synchronous execution "write memory" command will
save the configuration and other units to the contents of memory.
After enabling bootup synconfig function with all statistics relating SLB will be cleared.
To perform bootup synconfig, we should first remove the "synconfig peer ..."; otherwise, bootup
synconfig function will fail.
During the execution bootup synconfig, are not allowed to implement any configuration to add, modify,
or delete operation.
ha synconfig bootup off
This command is used to disable the bootup synconfig function.
ha synconfig runtime on
This command is used to enable the runtime synconfig function. After only two units to enable runtime
synconfig, both to real-time synchronization with each other
Position. This feature is disabled by default.
ha synconfig runtime off
This command is used to disable the run-time synchronization.
show ha status
This command is used to display the status of all units HA domain, including domain status, group status,
synchronization status, run-time synchronization whitelist and blacklist, chain
Unit 2:
This command is used for a specified virtual service disabled SSF function. If you do not specify the
parameters of "virtual_service", will be disabled globally SSF
Function.
ha ssf on nat
This command is used to enable the SSF function for NAT. Default settings, NAT's SSF function is
disabled.
ha ssf off nat
This command is used to disable NAT SSF function.
show ha ssf session Chapter 6 line availability (HA)
2013 Teamsun
All rights reserved
66
This command is used to display all session information and SSF related functions.
show ha ssf settings
This command displays information about all the settings and functions related to SSF.
For example:
ha log off
This command is used to disable HA log function.
ha log level <level>
This command is used to set the system to produce the level of HA logs.
HA level specified log level. "Level" Valid values emerg, alert, crit,
err, warning, notice, info and debug. The default value is info. A
Once designated HA log level, below the level of information will be ignored.
show ha log [line_number]
This command is used to display the HA logs. Chapter 6 line availability (HA)
2013 Teamsun
All rights reserved
67
line_number optional parameters. This parameter specifies the number of rows displayed log HA. The
default is
100, said display system has recently produced 100 lines HA logs.
clear ha log
This command is used to clear all of the HA logs.
show ha config
This command is used to display all the configuration information associated with the HA functionality.
For example:
config bootup on
clear ha all
This command is used to delete all configuration information associated with the HA functionality.
Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
68
Chapter 7 server load balancing (SLB)
SLB designed to improve server utilization performance, scalability, and failover redundancy. AS
equipment available to monitor the content server, and according to several
Available algorithms require the transfer of customers to the most appropriate server.
7.1 SLB basic commands
show slb all
This command is used to display the entire SLB configuration, including real and virtual services, policies,
groups and group members.
clear slb all
This command is used to remove the SLB configuration.
slb timeout <virtual_name> <timeout>
This command is used for all connections to the virtual service specify custom TCP connection timeout
value. Under default settings, connecting virtual services using TCP
Timeout standard value.
virtual_name virtual service name.
timeout TCP timeout value, in seconds. The maximum value is 199,999,999 seconds.
slb mode ircookie {plainname | hexname | ip}
This command is used to set the SLB insertion, replication, built-in cache mode.
plainname | hexname | ip insertion, replication, built-in model. This mode can be carried out by the
following steps
Settings:
If set to "plainname" mode, ASCII value of the real server names were
Set cookie value, for example: name = aTc8acd 9!?.
If set to "hexname" mode, the hexadecimal value of real servers were set up
For the cookie value, for example, name = 456143!? 04.
If set to "ip" mode, the real server IP address in hexadecimal were set to
cookie value, for example, insert cookie for name = 0A010203, replication, and the
Set cookie to "name = 0A010203!? 9". Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
69
Description: "!?" is the end of the character Replication section.
slb mode icookie {always | onlyone}
This command is used to control the SLB insert cookie behavior to suit different needs of the client
browser. If the mode is set to "always", regardless of passenger
Whether the request has been included households insert cookie content, AS device will always insert
cookie. If the mode is set to "onlyone", when a customer please
When seeking to insert cookie does not contain content, AS device into only one cookie.
[no] slb mode packetbased <virtual_name>
This command is used for a specified virtual service configuration UDP packets based load balancing
requirements. In this configuration, SLB according to the specified algorithm,
A client connection packets transmitted will be scattered in several different servers.
No slb mode packetbased command to delete a specified virtual service packet-based load balancing
configuration.
virtual_name virtual service name.
clear slb mode packetbased
This command is used to delete all configuration packet-based load balancing.
slb directfwd {on | off}
This command is used to enable or disable DirectFWD function. Under default settings, this feature is
disabled. DirectFWD feature can work in IPv6 environments
To make.
slb directfwd statistics {on | off}
This command is used to enable or disable SLB statistics DirectFWD mode. Enabled by default. When
enabled, the system will DirectFWD
Collect statistics SLB mode.
slb directfwd syncache {on | off}
This command is used to enable or disable DirectFWD module syncache function. This function can
effectively avoid synflood attacks. When the initial configuration,
This feature is disabled.
slb mode activeclose {on | off}
This command is used to enable or disable the Active Layer 4 TCP connection shutdown function. This
feature is off by default. When this feature is enabled, if the IP, TCP
And TCPS actual service stops, the system closes the TCP connection associated with the first four layers.
When this feature is disabled before connection timeout, 4th floor
TCP connection is not closed. Although the original actual service has stopped, client requests for the
current connection continues to send. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
70
AS device supports two modes closed Layer 4 TCP connections:
connection. Promptly closed for a long time
Connection is beneficial, you can enable or disable the corresponding connection through this
command.
sive shutdown: For TCP connections, AS device is turned on by checking the actual service to send
each packet, check the actual
Health services. If the actual service has been terminated, AS device will reset the connection.
Moreover, both active off mode
Whether it is turned on, this feature would have been implemented.
slb mode regexcase {on | off} [virtual_service | vlink_name]
This command is used to enable or disable SLB regescase mode, which specifies certain specific SLB user
input device is configured to distinguish between AS string
The uppercase and lowercase letters. The default is "off" state, that device will distinguish between
uppercase and lowercase letters AS (case-sensitive).
on | off If this parameter is "off", AS device is case-sensitive letters
(Case-sensitive).
If this parameter is "on", AS device does not distinguish between uppercase and lowercase letters
(Case-insensitive). AS device in a string uppercase
Automatically converted to lowercase.
virtual_service | vlink_na
me
Optional. This parameter is used to enable or disable a specified virtual service
Or vlink of SLB regexcase mode.
If this parameter is null, SLB regexcase mode for all virtual
All services and vlink enabled or disabled. That is, this is a global set
Position.
If this parameter for a particular virtual service or vlink set for this item
Vlink virtual services or global settings will be ignored.
Description: This function following command to take effect: "slb policy regex", "slb policy header",
"http rewrite request url", "http
rewrite response url "and" slb policy redirect ". SLB regexcase mode is not set before executing these
commands if, the whole
Bureau settings to take effect.
7.2 Adding real service
slb real http <real_name> <ip> [port] [max_conn]
[http | tcp | icmp | script-tcp | script-udp | sip-tcp | sip-udp | dns | none] [hc_up] [hc_down]
slb real tcp <real_name> <ip> <port> [max_conn] Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
71
[http | tcp | icmp | script-tcp | script-udp | sip-tcp | sip-udp | dns | ldap | none] [hc_up] [hc_down]
slb real ftp <real_name> <ip> [port] [max_conn]
[tcp | icmp | script-tcp | script-udp | sip-tcp | sip-udp | dns | none] [hc_up] [hc_down]
slb real udp <real_name> <ip> <port> [max_conn] [hc_up] [hc_down] [timeout]
[icmp | script-tcp | script-udp | radius-auth | radius-acct | sip-tcp | sip-udp | dns | none]
slb real https <real_name> <ip> [port] [max_conn]
[https | tcp | tcps | icmp | script-tcp | script-udp | script-tcps | sip-tcp | sip-udp | dns | none] [hc_up]
[hc_down]
slb real tcps <real_name> <ip> <port> [max_conn]
[tcp | tcps | icmp | script-tcp | script-udp | script-tcps | sip-tcp | sip-udp | dns | none] [hc_up]
[hc_down]
slb real dns <real_name> <ip> <port> [max_conn]
[dns | icmp | script-tcp | script-udp | sip-tcp | sip-udp | dns | none] [hc_up] [hc_down] [timeout]
slb real siptcp <real_name> <ip> [port] [max_conn]
[http | tcp | icmp | script-tcp | script-udp | sip-tcp | sip-udp | dns | none] [hc_up] [hc_down]
slb real sipudp <real_name> <ip> [port] [max_conn]
[icmp | script-tcp | script-udp | radius-auth | radius-acct | sip-tcp | sip-udp | dns | none] [hc_up]
[hc_down]
[timeout]
slb real rtsp <real_name> <ip> [port] [max_conn]
[rtsp-tcp | tcp | icmp | script-tcp | script-udp | dns | none] [hc_up] [hc_down] [timeout]
slb real rdp <real_name> <ip> [port] [maxconn] [tcp | icmp | none] [hc_up] [hc_down]
slb real radauth <real_name> <ip> [port] [max_conn]
[icmp | script-tcp | script-udp | radius-auth | radius-acct | dns | none] [hc_up] [hc_down] [timeout]
slb real radacct <real_name> <ip> [port] [max_conn]
[icmp | script-tcp | script-udp | radius-auth | radius-acct | dns | none] [hc_up] [hc_down] [timeout]
These commands allow the user to configure specific parameters for the actual service. Does not allow
two different services with the same name actually. Must first establish a true
Service before they join the SLB group.
real_name real alphanumeric service name, and supports up to 40 characters.
If the name of the configuration starts with a number, the string should be enclosed in double quotes
The. Whether it is uppercase or lowercase, real service name is not entered Chapter 7 server load
balancing (SLB)
2013 Teamsun
All rights reserved
72
Could be reserved for the system word - "default", "all" or "global".
ip specify the actual server's IP address can be an IPv4 or IPv6 address.
In addition to RDP, SIPUDP and SIPTCP outside, IPv6 addresses applies to all
Type SLB configuration.
port real answer incoming requests for service port number, this parameter takes
Value range is 0-65535. The default value is HTTP 80, FTP default
Value is 21, the default value is 53 DNS, HTTPS the default value is 443,
The default value is 554 RTSP, RADIUS authentication default value is 1812,
RADIUS accounting default value is 1813, the default value is 3389 RDP,
The default value SIP TCP and SIP UDP is 5060. TCP or UDP
There is no default port settings. If the port is 0:00, it is a port Fan
Wai real service, its port range is considered to be all-port.
max_conn set the maximum number of open connections for each real server. The default value
1000. The maximum number affected by the real server performance. If that
Given the maximum number of servers can support more than real level, even supplement
Access will not be established.
http | tcp | icmp | tcps
| dns | srcipt-tcp | script-u
dp
| radius-auth | radius-acc
t
| sip-tcp | sip-udp | rtsp-tc
p
This command is used to delete the specified real service name. If true service is a member of any group,
the service will be removed from these groups.
show slb real {http | tcp | ftp | udp | tcps | https | dns | siptcp | sipudp | rtsp | rdp | radauth | radacct}
[real_name]
This command is used to display the specified real service name and protocol. If you do not specify the
actual service, this command will display all the real service specified protocol
Works.
show slb real all
This command displays all defined services and all related real parameters.
clear slb real {http | tcp | ftp | udp | tcps | https | dns | siptcp | sipudp | rtsp | rdp | radauth | radacct}
This command is used to delete all the real service has been configured under the specified protocol.
no slb real ip <real_name>
This command is used to remove the layer 3 real service specified name. If the actual service is a
member of any group, it will be deleted from all groups
In addition.
show slb real ip [real_name]
This command displays all defined Layer 3 services or designated real real service.
clear slb real ip
This command is used to delete all the true definition of Layer 3 services.
no slb real l2ip <real_name>
This command is used to delete based on Layer 2 IP and specify the actual service name. If the actual
service is a member of any group, it will be from
These groups removed.
no slb real l2mac <real_name> Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
76
This command is used to delete the specified name, and based on real service Layer 2 MAC addresses. If
the actual service is a member of any groups, the
Service will remove these groups.
max_cps This parameter is used to specify the maximum number of connections per second input
ranges
To 1-4294967295.
Note: Currently, only TCP / TCPS, HTTP / HTTPS, FTP / FTPS, UDP and RDP types of real services and
virtual service to
CPS set limit. In addition, if the real server pc, ph, pi, pu, sslsid, chi, sipcid, sipuid, chh and rdprt
Groups methods are configured, they set the CPS does not recommend restrictions.
no slb real application cps <real_name> Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
78
This command is used to delete the specified real service allows the maximum number of connections
per second.
show slb real application cps [real_name]
The command on a specified maximum number of connections per second real service configuration for
display. If you do not specify the actual service, the command will display all true service
The maximum number of connection configuration.
clear slb real application cps
This command is used to delete all the real service maximum number of connections per second
configuration.
slb real disable <real_name>
This command is used to disable a real service.
In the default setting, when a real service is disabled or deleted, SLB AS device will not be sent to a real
service has been disabled
If the request. However, for use cookie-based real service group method and load balancing strategies,
for example Persistent Cookie (PC),
Insert Cookie (IC), Rewrite Cookie (RC), SLB will still match an existing session cookie request to disable
the real service,
In order to ensure continuity of service. However, the new session request will be sent to other real
service in working condition. This feature is called "Graceful
Shutdown ".
The following is an example of Graceful Shutdown of:
After disabling the name of "service" real service, users can "show statistics slb real" command to check
the real status of the service.
DOWN
s
The above output information indicates that, "service" is displayed as "INACTIVE (waiting)" represents
the true service is still processing connection requests, that it is still
In "Graceful Shutdown" stage. In this process, the session request matches the cookie will continue to
be forwarded to the actual service, and from new customers
Connection requests were forwarded to other real service in working condition.
After a period of time, the user can run "show statistics slb real" command to check the real status of
the service again. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
79
Specify "request_index" parameter or specify it as 65535, then Chapter 7 server load balancing (SLB)
"200 OK" response to a list of strings have been placed in the first five rows.
no health response <response_index>
This command is used to respond to a list of specified index health check health check response to reset
to the default response status, namely "200 OK".
show health response [response_index]
This command specifies the entire health check respond or to respond to a list of health checks for
display.
response_index optional parameters. In response index value must be between 0-999. If you do not
refer to
Fixed "response_index" parameter or specify 65535, the command
Show all Health Response Form content.
clear health response
This command is used to respond to the health of the table all the health response to revert to the
default response, namely "200 OK".
health server {real_name | add_hc_name} <req_index> <res_index>
This command is used to respond to the real server and request a specific index matching table
(request_index and response_index). For this true service
The HTTP health check will receive a request to respond to respond to these requests in the table index.
This command is only attached to the real service and http / https type
Plus health checks take effect. Otherwise, this configuration will not work.
real_name | add_hc_na real server name. Name a maximum length of 40 characters. Chapter 7 server
load balancing (SLB)
2013 Teamsun
All rights reserved
81
me
request_index request in response to a specific request for a table row index.
response_index request to respond to the table in response to a specific row index.
no health server {real_name | add_hc_name}
This command will specify the request and respond to health checks server back to the default state,
including redundant server health checks.
show health server [server_name]
This command is used to display all ACTIVE real server health. "Server_name" is an optional parameter.
If you specify a server name
That displays the specified real server health. If by "slb real disable" command to disable a real service,
its health status
Will not be displayed by this command.
For example:
health server
----------------------------------- Server Status ------------ --------------
----------------------------------- Health Check ------------ --------------port status hct rqr rpr checklist
------------------------------------------------- ---------------------------
"Binary" format.
no health import request <index>
This command is used to import the request to delete the specified index file.
no health import response <index> Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
83
This command is used to delete the specified index of the import response document.
clear health import request
This command is used to clear all imported request file.
clear health import response
This command is used to clear all imported response file.
7.3 add items and health check health check list of items
health {on | off}
This command allows the user to enable or disable the health check. Enabled by default.
Note: When you disable the health check feature, run "health on" command to reset the counter health
checks for early warning.
health checker <checker_name> <request_index> <response_index> [timeout] [flag]
This command allows the user to create a health check items.
checker_name item name to check the configuration. The maximum length of the name is 40
characters.
If the name begins with a number, then the name should be enclosed in double quotes.
index table elements request_index request contains information to be sent, ranging
0-999.
response_index respond table element index contains the expected response to patterns, ranging from
0-999.
The health check item timeout timeout interval, the default value is 3 seconds.
flag success or failure flag, binary or ASCII flag. Ranges from 0,
1,2,3. The default setting is 1.
0 indicates when the response to a string containing the "health response" preWhen defined string matching, HC server will be marked as DOWN.
Requests and responses string should be entered in ASCII format.
1 In response should match the expectations expressed in response mode, HC smoothly, requesting
Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
84
And respond should be entered in ASCII format.
2 shows the response to a string containing the command "health
response "predefined string match, HC will mark the server
Is DOWN. Requests and responses should be entered in HEX format string.
3 shows the response to be expected to respond to pattern matching, HC smoothly, please
Sum respond to HEX format should be entered.
no health checker <checker_name>
This command allows the user to clear the specified health checks.
checker_name for health check items specified name. If the name begins with a number, the name
Said should be placed in double quotes.
show health checker [checker_name]
HC inspection items specified in this command is used to display. If you do not specify the HC to check
the entry name, then display all of the HC checks.
clear health checker
This command is used to clear all configurations HC checks.
slb real health <add_hc_name> <real_name> <ip> <port>
[http | https | tcp | icmp | dns | ldap | script-tcp | script-udp | script-tcps | sip-tcp | sip-udp | rtsp-tcp]
[hc_up]
[hc_down]
This command defines additional health checks for existing real server.
add_hc_name additional health checks names. Whether it is attached to uppercase or lowercase input
Plus health check is the system name can not be reserved words - "default",
"All" or "global".
real_name represents the name of the real service, is a string of letters and numbers.
If the specified name from the beginning of the number, the string should be enclosed in double quotes
The.
IP address ip additional health check. Can be IPv4 or IPv6 format. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
85
Additional health checks port port number to use. For Layer 2 SLB health check
Check or "icmp" health check type, port number must be set to 0.
http | tcp | icmp | tcps | dns |
ladp | srcipt-tcp | script-u
dp
| radius-auth | radius-acc
t
| sip-tcp | sip-udp | rtsp-tc
p
| https | script-tcps
Additional health check type, default is tcp.
ldap additional health checks can be configured for TCP real service.
If the "ip" parameter is assigned an IPv6 address, additional health checks category
Type is not supported TCPS, RADIUS-AUTH,
RADIUS-ACCT, SIP-TCP, SIP-UDP and RTSP-TCP.
hc_up service marked as "up" before the required number of successful health checks carried out. Mo
Default is 3.
hc_down service marked as failed health checks required before the number of "down" conducted.
The default is 3 times.
no slb real health <add_hc_name>
This command is used to clear the specified additional health check configuration.
"Place index", the HC HC check items will be added to the list of the last inspection; number of items if
the "place index" is greater than the check list of items, the
The HC check items will be added to the HC to check the list of items last; otherwise, HC check items will
be added to specify the location of HC check list of items.
list_name HC checklist for a specified name. Check the list of the biggest names
Length of 40 characters. If the name check list of items to start with a number,
The name should be enclosed in double quotes.
checker_name to check items specified name. The maximum length of the name check items for 40
Characters. If the name begins with a number, it must be placed within double quotes.
place_index optional parameters, check the list of specified location. The default setting is 0. Value
In the range of 0-10. If this parameter is not specified, the new entry will be added to check
HC final checklist. Users can use the "show health list" command,
See HC order to check the list of items. Note: "place index" parameter
The value is not saved in the configuration.
no health member <list_name> <checker_name>
This command is used to specify the HC check items removed from the list of HC AppHC check items
specify. Check the items are cleared after HC, HC behind it
Check the items will automatically forward a. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
87
clear health member <list_name>
The command to remove a check list of items HC HC check all items.
show health list [list_name]
Check the list of items specified list of items and the inspection of all checked items HC This command
displays. If the HC check item list name is not specified, explicit
Shows a list of all checked items in the list and all the check items in all HC checks.
health app {real_name | add_hc_name} <list_name> [frequency] [hc_localip] [hc_localport]
This command allows the user to check the items specified in the list of HC added a health check items.
If a health check (by "slb real" configuration) is a
HC non-empty list item checked, then check the items in the list by HC term health checks. Otherwise,
the command will be "health server" command
Order or configure the default request request and respond and restore health checks. This order
applies only real service or with a script attached health checks,
Such as script-tcp, script-udp and script-tcps. Otherwise, this configuration will not work.
real_name | add_hc_na
me
The names of actual server or additional health check items, the maximum length of 40
Characters.
Specify the name list_name HC check list of items. The maximum length of a list of names of 40
Characters.
frequency optional parameter that specifies the frequency of health check HC. The default frequency is
2,
In seconds.
hc_localip &
hc_localport
Optional. Local IP and port health checks to use. As
Fruit "hc localip" and / or "hc localport" is not specified, the system will indeed
Fixed local IP and port.
If multiple health checks to the same IP and port to be configured, some
Health checks will not work. NetFOS will provide the following information: "Warning:
The local port may have been other health checks using the health check may
Can not be normal. "
no health app {real_name | add_hc_name} <list_name>
This command allows the user to delete the specified list of items associated with health screening and
health checks between.
show health app [real_name | add_hc_name]
This command is used to display information about a specified health check. Chapter 7 server load
balancing (SLB)
2013 Teamsun
Can be used to determine the health of the Radius server. The default value is 5.
5: Radius accounting response. The "resp_code" is set to 5:00, if
Radius server returns a response mode 5, Radius server is
Is marked as UP, otherwise it is marked as DOWN.
no health radius acct {real_name | add_hc_name}
This command is used to clear the specified Radius accounting health check configuration.
clear health radius acct
This command is used to clear all Radius accounting health check configuration.
show health radius acct [real_name | add_hc_name] Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
90
This command is configured for Radius accounting health check display. If the actual service name or
additional health check name is not specified, then display all
Radius accounting health check configuration.
clear health radius all
This command is used to clear all billing and Radius authentication health check configuration.
health ldap {real_name | add_hc_name} [bind_dn] [password] [search_dn] [filter_keyword]
This command is used to add LDAP health check configuration to the specified real server. LDAP
supports TCP additional health checks only real service. In addition,
This order applies only real service or ldap type of additional health checks. Otherwise, this
configuration will not work correctly.
real_name | add_hc_na
me
Real server name or additional health check item name, maximum length of
40 characters.
LDAP distinguished name (DN) bind_dn used to bind operation, the maximum length of 255
Characters.
DN password password Specifies the maximum length of 255 characters.
search_dn implementation DN search to be used, the maximum length of 255 characters.
filter_keyword filter for searching password, maximum length of 255 characters. Use
Password configured filtering, LDAP server returns that match the filter set
Set results. If you do not search your password, then returns all matches
"Search_dn" results. Recommended to specify more accurate "search_dn"
Parameters related to reduce network traffic.
no health ldap {real_name | add_hc_name}
This command is used to clear the specified LDAP health check configuration.
real_name | add_hc_na
me
Real server or additional health check item name.
clear health ldap
This command is used to clear all LDAP health check configuration.
show health ldap [real_name | add_hc_name] Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
91
This command is used to display the LDAP health check configuration. If the actual service name or
additional checks name is not specified, then all current LDAP display
Configuration.
real_name | add_hc_na
me
Real server or additional health check item name.
health relation <real_name> <relationship>
This command is used to set the relationship between different health check configuration. When TSD
when the logical relationship, if any of the failed health check in (package
Including basic and additional health check configuration), the real service will fail. When the logical
relationship for OR and only when all health checks fail, really
Real service will fail. For a new real service, the default health check relationship TSD.
real_name real service name, string type.
Check the configuration of the relationship between health relationship is different, can be TSD or OR.
1 only when the record value of the real server response time duration exceeds a threshold power of 2
(1,2,4,8 ......), AS device will record "Warning"
Log. Once the response time of return to normal levels, i.e., does not exceed the threshold value, the
original record will be cleared. Counter starts again record.
2 counter can store up to 1,024 records. If the record number of more than 1,024, the counter is reset to
0, and start counting.
clear health earlywarning
This command is used to reset the early warning threshold, while early warning counter is reset.
show health earlywarning
This command is used to display the setting early warning threshold.
Description: After disabling health check function, run "health on" early warning command will reset the
counter.
show statistics health [real_name]
This command is used to display a specified service SLB real basic and additional health check statistics.
If "real_name" parameter is not specified, explicit
Statistics show that all health checks SLB real service.
For example:
2013 Teamsun
All rights reserved
93
The maximum number of connections per second, this command configured for the specified virtual
service for display. If the virtual service is not specified, then the best display of all virtual services
A large number of connections.
clear slb virtual application cps
This command is used to clear all configuration largest virtual service connections per second.
slb virtual health {on | off}
This command is used to enable or disable the virtual server health checks. Check function is enabled, all
real services associated with the virtual service if both fail,
AS device will reset input connection.
show slb summary [virtual_name | vlink_name]
This command displays the settings for a specified virtual service or vlink's. If you do not specify
"virtual_name | vlink_name" parameter will be displayed
Vlink all virtual services and related settings.
For example:
.235 80 arp 0
2013 Teamsun
All rights reserved
98
imes
ACTIVE
2013 Teamsun
All rights reserved
100
hits: 0
Note: If all "policy hits" (for example, "default hits") is not a non-zero value, then displays information
about the shooting, that virtual services, group
Groups and true service information.
7.5 Adding a port range for virtual service
slb virtual portrange <virtual_name> <min_port> <max_port> [protocol] [dst | src]
This command is used to "virtual name" parameter specifies the virtual service definition port range.
The port range is from "min_port" to "max_port". A
Repeatability port range of IP is not allowed. This order also applies Layer 2 and SLB port range. If a port
range is attached to a
SLB virtual service, only the network traffic within the port range to achieve balance. Otherwise, the
flow through only as traffic routes.
virtual_name name specified for the virtual service, in the form of a string. Note: If you mean
Given name begins with a number, the string should be enclosed in double quotes.
protocol optional parameters. This parameter can be selected from "all | udp | tcp" in. The default is
"all".
Only when the virtual service belongs to the second layer, this parameter is valid.
dst | src optional parameters. Refers to the destination port or source port. The default is "dst" port.
no slb virtual portrange <virtual_name> <min_port> <max_port> [protocol]
This command allows the user to clear the filter port range from the second layer virtual service.
ftp passive portrange <start_port> <end_port>
This command allows the user to passive FTP / FTPS data connection settings for the port range. Start
and end port should be located between 1024-65535, the user
20-1000 ports can be defined as a range of ports. Port range is globally available for FTP / FTPS virtual
services. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
101
start_port starting port number.
end_port end port number.
Please note that the end of the port, and the difference between the starting port number should be
greater than 19, less than
999. For example, if the starting port number is 2000, the end of the port Code
Number. The default value is "rr". According to the algorithm may be, some algorithms may need to
specify
Additional parameters. The following are marked with an "*" parameter should specify additional
parameters.
i maintain IP *
2013 Teamsun
All rights reserved
103
Header *
104
add_path Cookie path attribute. The "add_path" is set to 1 will ensure that the insert
The cookie has a path attribute "/", 0 indicates cookie does not contain
Paths. The default setting is 0.
rr | sr | lc "rr | sr | lc" parameter refers to the "first choice method". If a customer please
Corresponding to the specified requirements of actual service yet, then according to a method adapted
to the group requested
Seeking nature of this algorithm will be used to serve customers choose real. The default value
As "rr".
threshold only when the "first choice method" is lc when to use
"Threshold" parameter, this situation is the same in the group method lc applicable
The threshold parameter.
slb group option ic <group_name> {expires | path | domain | secure | httponly}
The method allows to insert cookie AS has been associated with the server. This command is used to
define the nature of the cookie, including the "expires", "path",
"Domain", "secure" and "httponly" and so on.
To configure this command, the parameter "expires | path | domain | secure | httponly" must be
placed in double brackets and separated by commas; Otherwise, the command
Not run.
group_name Specifies the name of the group's services, can support up to 40 characters. Said
Description: If the group name starts with a number or non-alphabetic character string should
In double brackets.
expires | path | domain | s
ecure | httponly
Cooki properties.
e cookie, ranging
0 to 5.256 million, in minutes, that is 3,650 days. "Expires"
The format is: "expires = day: hour: minute". For example:
"Expires = 3" represents the effective period of the cookie for 3 minutes;
"Expires = 2: 3" represents the effective period of the cookie for two hours and three
2 If the "slb group option ic" undefined "path", the path value will not insert cookie, the command "slb
group method
Path <group_name> ic "definition will be ignored.
no slb group option ic <group_name>
This command is used to clear the specified group cookie feature, the algorithm is set to ic.
show slb group option ic [group_name]
This command is used to display the cookie feature designated group configuration, the group method
ic. If the group name is not specified, it will display algorithm for ic's
All Groups cookie feature configuration.
clear slb group option ic [group_name]
This command is used to clear the algorithm specified group ic cookie feature. If the group is not
specified, the display algorithm cookie ic of all groups
Feature configuration.
slb group method <group_name> rc [cookie_name] [offset] [rr | sr | lc] [threshold]
When rewriting cookie, need to use the command structure in which "cookie_name" is necessary
"offset" value ("offset" value refers to the backend server generates Chapter 7 server load balancing
(SLB)
2013 Teamsun
All rights reserved
106
the number of bytes in the cookie in need of protection). The user must ensure that the backend server
cookie in the remaining space of four (4) bytes to ensure that AS set
Equipment capable of performing this task. Default "offset" parameter is 0. "Rr | sr | lc | lb" parameter
is called the "first choice method." If the customer requests yet
There are specific real service, the algorithm will choose a real service to customers using the group
method according to the characteristics of the request. The default value is rr.
"Threshold" parameter only in the "first choice method" is "lc" situation applies, with the same group of
law lc the "threshold" parameter is set.
slb group method <group_name> pc [option]
For SLB method Persistent Cookie (pc), "option" parameter corresponds to the offset value of the
cookie. The default value is offset Cookie
0. Groups using this algorithm cookie policy must remain associated with the use of virtual services.
sh Header (hh)
If AS equipment specified "idle" period did not receive the customer sent
To the new request, AS equipment will end the session and clears its customers off
Given "session time" is terminated, regardless of whether you receive a new session request, Chapter 7
server load balancing (SLB)
2013 Teamsun
All rights reserved
108
AS devices are the end customer session and clear the associated session ID.
Note: If you do not specify a timeout value for a single group, the group is using the global timeout
value. Otherwise, a single set of timeouts
Values will take effect in the group.
no slb persistence timeout [group_name]
This command is used to clear the use of the timeout parameter "pi", "ph", "hc", "hh" or "hq" algorithm
configured group settings. If you do not specify "group_name",
The system will delete the global timeout. If you specify "group_name", only to delete the specified
timeout setting group.
show slb persistence timeout [group_name]
This command displays the timeout parameter passed "pi", "ph", "hc", "hh" or "hq" algorithm to
configure a group setting. If you do not specify "group_name",
Global timeout configuration is displayed. If you specify "group_name", only the display timeout
configuration specified group.
slb group method <group_name> ph [rr | sr | lc] [threshold]
This command allows the user to specify the name of the method to configure the host continued. "Rr |
sr | lc" parameter can be called "the preferred method." If a client request is not yet
Specify the actual service, the present method can be used for services based on the customer's
selection of a request for the matching of the group properties and methods. The default value is rr.
"Threshold" parameter applies only to "first choice method" is lc circumstances, and with the same
group method lc threshold parameter set of circumstances.
slb group method <group_name> hi [hash_bits]
This command is used to add SLB groups, and assign Hash IP (hi) method. Hi method based on traffic
source IP will receive traffic is mapped to the real service
On. Hash IP algorithm AS consistent across multiple devices, provided that the Hash IP Group AS
configuration on the device are not the same.
group_name Specifies the name of the group's services, can support up to 40 characters.
If the group name starts with a number or non-alphabetic character string should be placed
Double quotes.
hash_bits optional parameters. This parameter specifies how many digits the source IP address can be
used
To generate the hash data. The range of this parameter is 0-32. The default is
32. If SLB group of a real service failure, the current continuous
Communication will be aborted.
Description: This parameter work for IPv6 addresses ineffective.
slb group method <group_name> hh <header_name> [rr | sr | lc] [threshold] [prefix] [delimiter]
This command is used to enable the Hash Header (HH) for a specified load balancing method SLB group.
Hh approach allows the system to the entire HTTP headers
String or part of the HTTP header field header field string (determined by the "prefix" and "delimiter")
hash, and true to our clients in Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
109
Session lasts between real servers. If both parameters are specified, and the HTTP request header field
with two parameters set match,
The system will HTTP header field "prefix" and "delimiter" setting hashes. If the request HTTP header
field only with "prefix" setting
Match, the system will hash string HTTP header field "prefix" setting after. Occur if the "prefix" is set in
the HTTP header field several times,
Only the first HTTP header field "prefix" setting will match.
In the following cases, the system will hash the entire HTTP header fields:
group_name Specifies the name of the group's services, can support up to 40 characters. Description:
If the group name starts with a number or non-alphabetic character, the string should be placed
In double quotes.
header_name specified HTTP header name. The header name is case sensitive, you can pack
Containing ASCII printable characters (ASCII encoding 33-126), but not including empty
Grid, double quotes and colon. The parameter values can be:
-Charset,
Accept-Language, Referer, User-Agent, or
X-Forwarded-For.
: any non-standard header name.
String.
For example: If the hash HTTP request URL "path + query" string
Can run the command "slb group method 'group_name' hh URL".
rr | sr | lc designated "first choice method". The default value is rr.
threshold only choice "lc" method, the parameter to take effect. The default value is 10. As
If the "first choice method" for "rr" or "sr", you must enter a Sui
Machine integers, in order to continue to complete subsequent setup parameters.
prefix optional parameters. This parameter specifies the HTTP header field will be hashed character
String starting position. The parameter values are case-sensitive, if non-alphabetic open
Head, should be placed in double quotes.
delimiter optional parameters. This parameter is used to specify a character that represents HTTP
Header field will be the starting and ending location hash string. The character Chapter 7 server load
balancing (SLB)
2013 Teamsun
All rights reserved
110
Case sensitive, if not the letter, it must be placed in double quotes.
Note: The parameter "prefix" and "delimiter" must be configured together. If you specify a "prefix", the
"delimiter" must be specified at the same time.
For example:
For the string "= 1386666888" hash for HTTP header string "callid = 13866668888; ber = 12", needs to be
"prefix" is set to
"Callid", "delimiter" is set to ";."
For the string "= 1386666888" hash for HTTP header string "username = abc; callid = 13866668888; ber
= 12", needs to be
"Prefix" is set to "callid", "delimiter" is set to ";."
However, if the HTTP header string is "mcallid = 13866668888; ber = 12", regardless of the "prefix" and
"delimiter" how to set up, the Department of
There was no system of the hash string "= 13,866,668,888."
slb group method <group_name> chi [hash_bits]
This command is used to add SLB groups, and assign Consistent Hash IP (chi) method. Chi square
method by hashing the source IP address of the request
Type mapping client requests to the server.
group_name Specifies the name of the group's services, can support up to 40 characters.
If the group name starts with numeric or non-alphabetic characters, the string should be placed
In double quotes.
hash_bits optional parameters. This parameter specifies the source IP address bits are used to generate
a number of minority
Hash data. The range of this parameter is 0-32. The default value is 32.
If SLB real service group fails, the existing will be in constant communication
Only.
Description: This parameter for IPv6 address poor performance.
slb group method <group_name> prox [rr | sr | lc] [threshold]
This command can be used to specify the group name to create Proximity (prox) group. "Rr | sr | lc"
parameter may be referred to as "the preferred method." If the customer did not request
SDNS proximity rules that meet the real service, this approach will choose a real service to customers
upon request characteristics corresponding group methods.
The default value is rr. "Threshold" parameter applies only to "first choice method" is lc circumstances,
as the threshold parameter method is applicable only group lc Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
111
The case.
slb group method <group_name> snmp [weight | cpu] [community] [oidcount] [oid1]
[oidweight1] [oid2] [oidweight2] [check_interval]
This command creates SLB group using snmp group methods.
group_name Specifies the name of the group's services, can support up to 40 characters. Description:
If the group name starts with a number or non-alphabetic character, the string should be placed
In double parentheses.
weight | cpu mode value. CPU mode can meet most customer requirements; weight mode
Supports custom OID and inspection intervals. In the CPU mode, only
There are community parameters (community) needs to be set, check interval to be fixed
For 60 seconds.
community SNMP Community field server.
oidcount 1 or 2, with the number of weight mode specified OID.
The first OID oid1 weighting pattern.
oidweight1 weight mode Dir an OID weight.
The second OID oid2 weighting pattern.
oidweight2 weight mode second OID weight.
interval check interval weight mode SNMP inspection.
slb group method <group_name> ec <cookie_name> [rr | sr | lc] [threshold]
The first HTTP request without cookie may access the associated default policy groups, and AS device
may by selecting a "rr | lc | sr" method
Real service. When ASE device to get a response from the configuration of the server name of the
cookie, AS device will contain a real server information
String embedded cookie header. Then, after a revised response will be forwarded to the client.
Subsequent client request will contain the modified
cookie value, AS will be able to identify the device through its continuous real service. AS device
embedded real service will be removed from the cookie value information,
The original cookie value to forward the request to the server. Therefore, only the exchange occurs and
the cookie value on the client device between the AS, AS apparatus
And cookie values between services and no real change. "Rr | sr | lc" parameter can be called "first
choice method". The default value is rr.
"Threshold" parameter applies only to first choice method "is lc of the situation, with a threshold
parameter applies only group method is the same as the case lc.
slb group method <group_name> {sipcid | sipuid} [rr | sr | lc] [threshold] Chapter 7 server load
balancing (SLB)
2013 Teamsun
All rights reserved
112
This command is used to configure the SIP server SLB groups, including SIP Call ID persistence
(disaggregated Call ID header) or SIP user ID persistence
(Breakdown of user ID header) is a must. Please note: In addition to sipcid and sipuid methods outside,
SLB Group SIP real service may use other
Layer 4 methods, such as rr, lc, sr, etc. However, the group is not true for the SIP service can not be used
sipcid and sipuid methods.
group_name Specifies the name of the group's services, can support up to 40 characters. Description:
If the group name starts with a number or non-alphabetic character, the string should be placed
Within double quotes.
rr | sr | lc for SIP call ID or user ID ongoing balance. "Rr | sr | lc" parameter
Can be called "first choice method". If the client request does not mean
Given actual service, the method will be used in accordance with the characteristics of the group
request method
Clients choose applicability for real services. The default value is rr.
threshold This parameter applies only to "first_choice_method" lc is the case with
Threshold parameter approach is the same situation applies to the group lc's.
slb group method <group_name> chh <header_name>
This command is used to add consistency hash header (chh) SLB group. "Chh" approach through the
application of the specified HTTP request header hash function to maintain
Continuity. "Chh" up to the specified HTTP request header three times Harry processing until a select
group of available real service. In case
Three hash value represents the real service is unavailable, you should use polling to choose a healthy
real service.
group_name Specifies the name of the group's services, can support up to 40 characters. Description:
If the group name starts with a number or non-alphabetic character, the string should be placed
Hashes.
For example, the hash HTTP request "path + query" string of the URL,
Need to run the command "slb group method 'group_name' chh Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
113
URL ".
slb group method <group_name> hq [rr | sr | lc]
This command is used to create a hash query (hq) SLB group. "Hq" HTTP query method specified by the
hash tag value way to maintain the consistency of the request.
This method must be used together with the consistency of a URL policy. Label defined within the
duration specified URL strategy. Parameters "rr | sr | lc" can be called
"First_choice_method", the default value is rr.
slb group method <group_name> hip [hash_bits]
This command is used to add SLB group, and specify the hash IP + port (hip) method for it. Hip method
by hashing the source IP address and port traffic
Receiving traffic mapped onto real service.
group_name Specifies the real service group name, which can support up to 40 characters.
If the group name starts with a number or non-alphabetic character, the string should be placed
In double quotes.
hash_bits optional parameters. This parameter specifies the number of digits for the source IP address
of Health
To hash data. The range of this parameter is 0-32, the default value is 32.
If a real service SLB group fails, the existing continuing to be
Aborted.
Description: This parameter work on IPv6 address poor performance.
slb group method <group_name> rdprt [rr | sr | lc]
This command is used to create using "rdprt" (RDP routing token) algorithm SLB group.
group_name Specifies the name of the group's services, can support up to 40 characters. Description:
If the group name starts with numeric or non-alphabetic characters, the string should be placed
In double quotes.
rr | sr | lc This parameter can also be called "first choice method". If a customer
Request does not contain the specified real service, this method will be used for the election for the
client
Choose a real service. The default value is rr.
The following commands are used to set the Layer 2 SLB group. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
114
slb group method <group_name> {hi | rr | chi} [route | direct]
This command defines a Layer 2 SLB group. Layer 2 SLB supports three types of group methods: poll (rr),
hash IP (hi) and consistent hashing
IP (chi).
group_name Specifies the name of the group's services, can support up to 40 characters. Description:
If the group name starts with a number or non-alphabetic character, the string should be placed
In double quotes.
route | direct specified route mode, which determines initiated by the real server data stream
How the amount is routed.
If the group name starts with a number or non-alphabetic character, the string should be placed
In double quotes.
header_name specified HTTP header name. HTTP header name is case sensitive, can
To contain printable ASCII characters (ASCII codes 33-126), but does not include
Enclosed spaces, double quotes and colon. This parameter can be chosen as follows:
Standard header name: Accept, Accept-Charset,
Accept-Language, Referer, User-Agent, and
X-Forwarded-For.
Any non-standard header name.
prefix optional parameters. This parameter specifies the HTTP header field will be hashed characters
String starting position. The parameter values contain up to 32 case-sensitive characters
Character, must be placed within double quotes. If this parameter value contains a double quote, the
Replaced with% q.
delimiter optional parameters. This parameter is used to specify a character that represents HTTP
Header fields start and end of the string. The parameter values to distinguish between large
Lowercase, must be placed within double quotes. If this parameter value contains a double quote,
Then use% q instead.
If you specify the parameter "prefix", and the parameter "flag" is 0, it must mean
Fixed "delimiter".
flag optional parameters. When the "prefix" is specified, this parameter value determines whether you
need
"Delimiter" parameter. The value can be 0 or 1. The default value is 0. Chapter 7 server load balancing
(SLB)
2013 Teamsun
All rights reserved
116
0 indicates the parameter "delimiter" is necessary parameters. However, when the parameter "prefix"
When directly with the HTTP header behind the name, the parameter "delimiter" can
Is an optional parameter.
l, the
HTTP request can be matched
"Prefix" specified string.
parameter specifies the request,
The string "prefix" and "delimiter" will be used between the session ID.
ID. This rule applies only to
"Slb group persistence request header" and "slb group persistence response header" command.
only a "prefix", and that match the specified HTTP request string and "prefix", then
"prefix" behind the word
String will be used as the session ID.
no slb group persistence request header <group_name>
This command is used to delete the specified group from the HTTP request header to get the
configuration session ID.
show slb group persistence request header [group_name]
This command is used to display the specified group from the HTTP request header to get the
configuration session ID. If the group is not specified, all groups will be displayed configuration.
clear slb group persistence request header
This command is used to clear all configurations to obtain the session ID from the HTTP request header.
slb group persistence request urlquery <group_name> <query_name>
This command is used for the session lasts from the HTTP request URL Query get the session ID. Chapter
7 server load balancing (SLB)
2013 Teamsun
All rights reserved
117
group_name Specifies the name of the group's services, can support up to 40 characters. Said
Description: If the group name starts with a number or non-alphabetic character, the string
Should be placed within double quotes.
query_name specify the URL Query name.
no slb group persistence request urlquery <group_name>
This command is used to delete a specified group from the HTTP request URL Query obtain
configuration session ID.
show slb group persistence request urlquery [group_name]
This command is used to display for a given group from the HTTP request URL Query obtain
configuration session ID. If the group is not specified, displays the
There are a group configuration.
clear slb group persistence request urlquery
This command is used to clear all configuration requests from HTTP Query URL to obtain the session ID.
slb group persistence request cookie <group_name> <cookie_name>
This command is used for the session cookie from the HTTP request to obtain continuous session ID.
group_name Specifies the name of the group's services, can support up to 40 characters. Said
Description: If the group name starts with a number or non-alphabetic character, the string
Should be placed within double quotes.
cookie_name specify the cookie name.
no slb group persistence request cookie <group_name>
This command is used to delete the specified group from the HTTP request to get the configuration
session ID cookie.
show slb group persistence request cookie [group_name]
This command is used to display for a given group from the HTTP request to get the configuration
session ID cookie. If the group is not specified, displays all groups
Group configuration.
clear slb group persistence request cookie
This command is used to clear all configuration from the HTTP request to obtain the session ID cookie.
Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
118
slb group persistence request body <group_name> <prefix> <delimiter> [flag]
This command is used for the session lasts from HTTP request body to obtain the session ID.
For the parameter description, refer to the command "slb group persistence request header
<group_name> <header_name> [prefix]
[delimiter] [flag] "description.
Description: When it only to follow the specified value "delimiter" If this command parameter "flag" is
set to 0, then the parameter value "prefix" setting
Will match.
no slb group persistence request body <group_name>
This command is used to delete a specified group from the HTTP request body to get the configuration
session ID.
show slb group persistence request body [group_name]
This command is used to display for a given group from the HTTP request body to get the configuration
session ID. If the group is not specified, all groups will be displayed
Configuration.
clear slb group persistence request body
This command is used to clear all configuration from the HTTP request body to obtain the session ID.
slb group persistence response header <group_name> <header_name> [prefix] [delimiter]
[flag]
This command is used for the session continued access to the session ID from the HTTP response
header.
For the parameter description, refer to the "slb group persistence request header <group_name>
<header_name> [prefix]
[delimiter] [flag] "command description.
no slb group persistence response header <group_name>
This command is used to delete a specified group for a response from the HTTP header to get the
configuration session ID.
Statistics.
clear statistics slb proxyip [group_name]
This command is used to clear the specified group IP address pool statistics. If the group name is not
specified, it will clear all SLB group's IP address pool
Statistics.
7.8 for the group to add real service
slb group member <group_name> <real_name> [weight | cookie | url] [priority]
This command is used to add a real service to the SLB group.
group_name designated SLB group for real services.
real_name specify the actual service name.
weight | cookie | url Weight: Specify weights. The default value is 1. "Weight" parameter only when the
group
When you use the following method to be effective: rr, lc, hi, chi, pi, ph, hh,
hq, hc, ic, rc, ec, sslsid, radchs, radchu. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
123
Cookie: Specifies the cookie in the association continued cookie (PC) Strategy
Name (see "slb policy persistent cookie" command). "Cookie"
Groups using parameters only when sustained cookie (pc) method will be effective.
Url: In association "url-tag", specify "<tag> =" string after (cf.
See "slb policy persistent url" command). Only when the group continued to use
When url (pu) method, "url" parameter is valid.
priority Specifies the priority group members. The value of this parameter, the higher the priority.
The default value is 0.
The parameter "slb group activation <group_name>
<num_of_rs> "used in conjunction. If the parameter" less num_of_rs "value
Real number of groups in the health service, the highest priority of the N
Health real service will be enabled (N is determined by the "num_of_rs" parameter value).
This command allows the user to enable health check real service in a group according to priority. In an
actual service group health check, only the
Actual service with the highest priority in order to be enabled. If you have the highest priority health
checks will be less than the true number of services to enable real service
Quantity, the second highest priority health check actual service is enabled.
group_name service name specified for the group, specifically in the form of a string. Note: If
If the configuration name beginning with numbers or other non-alphabetic character, the string will
Shall be placed within double quotes.
the true number of services num_of_rs need to enable. If this parameter is set to 2, then a
Having the highest priority service to the two's health check within a group
Is enabled, the received request can be assigned to both the true service activities
Works.
no slb group activation <group_name>
This command allows the user to cancel the opening of the real number of services configuration.
show slb group activation <group_name>
This command is used to display the opening of the group's services and specify all the real status of the
service.
For example:
The cookie, cookie rewriting, etc.) needs to be specified as the default group to configure a group, so
that the cookie can be set to an initial request for a client.
Multiple SLB policy priorities can be set. The default order between policy type as follows (italics order
strategy can be configured):
1. redirect
2. static
3. qos client port
4. qos network
5. persistent url
6. rewrite cookie
7. insert cookie
8. persistent cookie
9. qos cookie
10. qos hostname
11. qos url
12. qos body
13. regex
14. header
15. hash url
16. radius session id
17. radius user name
18. default
19. backup
When viewing a designated VIP strategies for each type in the order given above to be checked. For
each type, the system will collect for the Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
126
All possible matches situation. Match has the highest priority within this group will be used as an
associated group. Given below is used to configure the AS device built
2013 Teamsun
All rights reserved
127
"Global" and so on.
show slb vlink [vlink_name]
This command is used to display one or all of the defined vlink.
no slb vlink <vlink_name>
This command is used to clear the specified vlink.
clear slb vlink
This command is used to delete all vlink already defined.
show statistics slb vlink [vlink_name]
This command is used to display statistics or all defined a vlink vlink's.
clear statistics slb vlink [vlink_name]
This command is used to clear statistical information or a vlink vlink of all defined.
slb policy static <virtual_name> <real_name>
This command allows the user to create a static connection between virtual services and real service, so
any request for access to virtual services will be transferred to the appropriate
The real service. You can both create a static policy for each virtual service.
virtual_name virtual server name.
real_name real server name.
For example:
me
The name of the virtual service or vlink. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
129
group_name The group should use Rewrite Cookie (rc) method and Embed
Cookie (ec) method configuration.
between a value precedence 0-65535 (including both endpoints). Order strategy
Correspondence with other Rewrite Cookie Policy.
no slb policy rcookie <policy_name>
This command is used to clear the specified SLB policy from the running configuration.
show slb policy rcookie [policy_name]
This command is used to display the current running configuration for all Rewrite Cookie policy
definitions.
clear slb policy rcookie
This command is used to clear all Rewrite Cookie policy from the current running SLB configuration.
slb policy icookie <policy_name> {virtual_name | vlink_name} <group_name> <precedence>
This command allows the user to set the Insert Cookie policy, or the virtual service vlink associated with
a group.
policy_name user-specified name for the policy being configured.
virtual_name | vlink_na
me
The name of the virtual service or vlink.
group_name The group must be configured with Insert Cookie (ic) method.
between a value precedence 0-65535 (with two endpoints). The sequence strategy
Insert Cookie associated with other strategies.
no slb policy icookie <policy_name>
This command is used to clear the specified SLB policy from the current running configuration.
show slb policy icookie [policy_name]
This command is used to create the QoS Client Port Strategy, the associated virtual service or vlink to a
group or another vlink. When a data packet
Enabling a virtual service, the source IP port and source packets are checked. If the source IP subnets are
defined, and the source port falls within the definition of the end
Port range, the packet will enable the policy.
policy_name user-specified name for the policy being configured. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
131
virtual_name | vlink_na
me
The name of the virtual service or vlink.
group_name | vlink_na
me
The name of the group or vlink.
network_ip specified network IP address. Can be IPv4 or IPv6 address format.
netmask | prefix length prefix subnet mask, or specify the network IP addresses.
-128.
low_port port range low.
high_port port range of high value.
between a value precedence 0-65535 (including both endpoints). Order strategy
And other policies related to QoS Client Port.
no slb policy qos clientport <policy_name>
This command is used to delete the specified QoS Client Port strategies.
show slb policy qos clientport [policy_name]
QoS Client Port strategies associated with this command is used to display.
clear slb policy qos clientport
This command is used to clear all QoS Client Port policy configuration.
delimiter character is specified HTTP body field to be hashed string that represents
Start and end position of the string. The parameter values are case-sensitive, must put
Within double quotes. If this parameter value contains a double quote, then use to replace% q.
If you specify a "prefix", and "flag" is 0, you must specify the parameters
Number of "delimiter" value.
This parameter value determines the flag when the "prefix" is specified, "delimiter" whether
Necessary parameters. The value can be 0 or 1. The default value is 0.
y the parameters "delimiter". Only when the HTTP request with the
With the string "prefix" value to match and directly with the
After the "delimiter" specified string, HTTP request parameters before and
"Prefix" match.
sary parameters.
When precedence when multiple QoS main policy exists, then specify a QoS policy body
Abbreviated sequence. Parameter value is an integer between 0-65535. Parameter values
, The lower order.
show slb policy qos body [policy_name]
This command is used to configure QoS policies body display. If you do not specify the policy name, then
display the configuration of all the main QoS policies.
policy_name Specifies the policy name, can be a letter from 1-20 characters
Numeric string. If the first character of the policy name is a number, the word
String must be enclosed in double quotes. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
136
no slb policy qos body <policy_name>
This command is used to remove the QoS main strategy.
policy_name Specifies the policy name, can be a by-character alphanumeric 1-20
String form. If the first character of the policy name is a number, the word
String must be enclosed in double quotes.
This command is used to display the specified statistical information "raduname" strategy. If you do not
specify the policy name, displays statistics for all "raduname" strategy
Information.
show statistics slb policy radsid [policy_name]
This command is used to display the specified statistical information "radsid" strategy. If you do not
specify the policy name, the statistics about all the "radsid" strategy.
slb policy default {virtual_name | vlink_name} {group_name | vlink_name}
This command allows users to set the default policy, the virtual service or vlink associate with one group
or another vlink. For virtual services or
vlink, can set a default policy. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
140
virtual_name | vlink_na
me
The name of the virtual service or vlink.
group_name | vlink_na
me
The name of the group or vlink. Persistent Cookie (pc) and
Persistent URL (pu) method can not be specified as the default group policy.
no slb policy default {virtual_name | vlink_name}
This command is used to specify the default policy removed from the virtual service.
show slb policy default [virtual_name | vlink_name]
This command is used to display the default group of virtual services.
clear slb policy default
This command is used to clear the default policy from all the virtual service.
slb policy backup {virtual_name | vlink_name} {group_name | vlink_name}
This command allows the user to set a backup strategy, the virtual service or vlink with a group or
another vlink associate. For each virtual server
Service or vlink, you can only specify a backup strategy. When using a backup policy to assign a group of
virtual services or vlink, there is at least one of the priority policy
A successful match, but all matches are all true service failure or overflow.
virtual_name | vlink_na
me
The name of the virtual service or vlink.
group_name | vlink_na
me
The name of the group or vlink.
no slb policy backup {virtual_name | vlink_name}
This command is used to clear a backup policy from the virtual service.
show slb policy backup [virtual_name | vlink_name]
This command is used to display the backup group for a virtual service.
clear slb policy backup
This command is used to clear all backup strategy. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
141
slb policy redirect <policy_name> <virtual_name> <group_name> <redirected_from_host>
This command allows the user to create redirection policies between virtual services and groups. URL
redirection policy for the host receiving process HTTP requests.
If redirection policy of "redirected_from_host" parameter with the same host name of the HTTP request
URL, the redirection policy matches the request.
policy_name policy name. The name is an alphanumeric string from 1 to 20 form. As
If the first character of the name is a number, the name must be placed in double quotes
The number.
virtual_name virtual service name.
group_name group name.
redirected_from_host HTTP request from the host name of the URL.
Description: This string is case sensitive. Administrators can "slb mode
This command is used to clear the association between the virtual service and configure the order
specified policy template. If the order template name is not specified, remove from the system
All associated virtual service between the template and order.
slb policy filetype <policy_name> <vs_name> <group> <filetype>
This command allows the user to establish policy or file types rules.
policy_name user-specified name for the policy being configured.
vs_name virtual name of the service.
group_name Name of the group.
filetype file extension.
no slb policy filetype <policy_name>
This command is used to specify the name of the file type clear strategy.
show slb policy filetype [policy_name]
Specify the name of the file type strategies of the command displays. If you do not specify a file name,
file type display all defined strategy.
7.11 Other SIP command
sip nat <virtual_ip> <virtual_port> <real_ip> <real_port> [udp | tcp] [timeout]
[persistence_mode]
This command allows the user to configure the SIP NAT rules for SIP real service. All packets from the
real services were to convert to the virtual service to
Address.
virtual_ip source IP will be transferred to the IP. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
143
virtual_port source port will be transferred to this port. 0 using the original source port.
Source IP real_ip packet.
Source port real_port packets, 0 means all ports.
udp | tcp packet protocol to be converted. Optional parameter, the default value is "udp".
timeout timeout parameter value in seconds. Optional parameter, the default value is 60.
persistence_mode SIP NAT session persistence mode. Can be "callid" or "userid". Can
For example:
This command is used to display the current compatible with the specified group all virtual services. If
the virtual service is compatible with the SLB group, it can pass certain classes
SLB type of strategy to establish a connection with the group.
show slb real compatible healthcheck <real_type>
This command is compatible with a given type of real service health check type for display. If the
parameter "real_type" is set to "all", then natal
Order will display the actual service is compatible with all types of health check type AS device supports.
For example:
-tcp / none
cript-tcps / none
-tcp / none
-tcps / none
-udp / none
-tcp / none
-udp / radius-auth / radius-acct / none
{dns | ftp | ftps | http | https | ip | l2ip | rdp | rtsp | siptcp | sipudp | tcp | tcps | udp | all}
[virtual_name]
This command is used to display the statistics of one or more virtual services.
clear statistics slb virtual
{dns | ftp | ftps | http | https | ip | l2ip | rdp | rtsp | siptcp | sipudp | tcp | tcps | udp | all}
[virtual_name]
This command is used to clear one or all of the statistics defined virtual services.
show statistics slb policy static [virtual_name]
This command is used to display a static policy specifies the number of matches a virtual service
requests. If the virtual service name is not specified, this command displays
Number of matches all configured static virtual services strategy. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
147
show statistics slb policy virtual [virtual_name | vlink_name]
All statistical information policy virtual service or Vlink This command is used to display and define the
association.
show statistics slb policy filetype [policy_name]
RTSP request certain file types policy matches the number specified by this command is used to display.
If you do not specify the policy name, the command will display
RTSP file type matching the number of all defined policies.
clear statistics slb policy filetype [policy_name]
RTSP file types policy matches the number specified by this command is used to reset. If the specified
policy name, the command will reset all set
RTSP defined strategy to match the number of file types.
show statistics slb policy header [policy_name]
show statistics slb policy redirect [policy_name]
show statistics slb policy default [virtual_name]
show statistics slb policy backup [virtual_name]
show statistics slb policy persistent url [policy_name]
show statistics slb policy persistent cookie [policy_name]
response_code return required to respond to HTTP status code, which can be 301 or 302.
For example:
10 "www.teamsun.com.cn" "/ market" https
"Teamsun.com.cn" "/ support" 301
In this command, the matching substring is "/ market", replace the string "/ support". Thus, the end of
the original URL,
http://www.teamsun.com.cn/market/faq/index.html will be redirected to https: //
teamsun.com.cn/support/faq/index.html.
no http redirect url <virtual_name> <policy_name>
This command is used to clear the specified HTTP redirection policy from the HTTP virtual service
configuration.
show http redirect url [virtual_name]
This command is used to display a specified virtual service or all virtual services HTTP redirection policy.
clear http redirect url <virtual_name> Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
150
This command is used for a specified virtual service to clear all HTTP redirection policy, or clear all HTTP
redirection policy.
http redirect https <virtual_name>
This command is used to configure virtual HTTP to HTTPS redirection service. It allows the user to any
virtual service requests are redirected to "http" is
"Https" instead of the URL. Redirect by generating 301 or 302 response to be achieved, in response to
the address in the header contains a modified URL. Full
Ministry redirection rule does not exist restrictions, but the number of virtual services is limited.
no http redirect https <virtual_name>
This command is used to clear the specified HTTP-HTTPS redirection policy from the configuration HTTP
virtual service.
show http redirect https
HTTP-HTTPS This command is used to display all virtual service redirection policy.
clear http redirect https
Specify this parameter, the original URL will be displayed in uncoded form.
Note: If the HTTP 1.0 client request does not contain a host of information, the HTTP redirect error
setting does not work.
no http redirect error <error_code> <vs_name>
This command clears the redirection settings specified virtual services according to the specified error
code.
show http redirect error [vs_name]
This command is used to display error redirection settings specified virtual service. If the parameter
"vs_name" is not specified, an error is displayed for all virtual services reDirectional setting.
clear http redirect error [vs_name]
This command is used to clear the error specified virtual service redirection settings. If "vs_name"
parameter is not specified, then remove all the virtual service errors heavy
Directional setting.
http rewrite request url <virtual_name> <policy_name> <priority> <orig_host> <path_regex>
<new_host> <path_replacement>
This command allows the user to modify the "Host:" header and the HTTP method line path, which
would be in the request is sent back to rewrite the request stage.
The maximum number of HTTP requests to rewrite the rules change with the system memory: 1G or 2G
memory devices can configure up to 200 rules; memory
To 4G or 8G devices can configure up to 400 rules.
virtual_name name specified for the virtual service.
policy_name HTTP rewrite policy name. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
152
priority rule priority, the greater the value, the higher the priority.
original_host "Host:" header string intact. This parameter supports partial match mode,
That is, users simply enter the part of the host name. For example, if the user of this reference
The number is set to "example", the request (to respond to) contain "example" word
All host names are strings will be replaced. This parameter supports wildcard
"^", "*" And "$" to match the host name. "^" Matches the host name
Beginning, "*" matches any sequence of zero or more characters, "$" matches the host
The end of the name.
path_regex request path matching regular expression.
Description: This string is case sensitive. Administrators can run "slb mode
regexcase {on | off} "command to configure whether to distinguish between the size of the command
Write.
string matches the host name portion of the requested new_host replacement. The "% r" as the new
Host name, said the request for a partial match the host name will be rewritten as selected
The real service "ip: port". If the selected service is a real port Fan
Wai real service (port number is 0), then the device will use the end of the AS
Port is connected to the real service.
path_replacement replacement string Path Regex partial match.
no http rewrite request url <virtual_name> <policy_name>
This command is used to clear the specified HTTP request URL rewrite policy from the HTTP virtual
service configuration.
show http rewrite request url [virtual_name]
This command is used to display the specified virtual service or all virtual services HTTP request URL
rewriting strategies.
clear http rewrite request url <virtual_name>
All HTTP rewrite this command clears the specified virtual service request URL policy, or clear all HTTP
request URL rewriting strategies.
http rewrite response url <virtual_name> <policy_name> <priority> <orig_protocol>
<orig_host> <path_regex> <new_protocol> <new_host> <path_replacement>
This command allows the user to get the "Location:" header from backstage content, or be rewritten.
Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
153
The maximum number of rewrite rules allow HTTP response with the system memory size and change:
the device memory is 1G or 2G, the maximum configuration of 200; set
Preparation for 4G or 8G memory, the maximum configuration 400.
Virtual Service Name virtual_name configuration.
policy_name HEEP redirection policy name.
priority rule priority, the greater the value, the higher the priority.
original_protocol original response to the program, which can be http, https or both.
original_host responded "Location:" header complete string. This parameter supports partial matches
Mode, that is, users simply enter the part of the host name. For example, if the user
This parameter is set to "example", the request (to respond to) contain
"Example" all the host name of the string will be replaced. This parameter
Supports wildcards "^", "*" and "$" to match the host name. "^"
Matches the beginning of a host name, the "*" matches any sequence of zero or more characters,
"$" Matches the host name ending.
Description: This parameter does not accept regular expressions, which do not need to configure the
port number.
path_regex match "Location:" header path regular expression.
Description: This string is case sensitive. Administrators can "slb mode
regexcase {on | off} "command to configure whether to distinguish between command-sensitive.
new_protocol redirect response to the program, which can be http or https.
new_host redirect response to the host part. The use of special format "% h" indicates that the client
Requesting host.
path_replacement replacement string Path Regex partial match.
For example:
154
show http rewrite response url [virtual_name]
This command is used to display the specified virtual service or all virtual services HTTP rewrite response
strategy.
clear http rewrite response url <virtual_name>
This command is used to clear all HTTP virtual service specified URL rewriting strategies to respond, or to
respond to clear all HTTP URL rewriting strategies.
http rewrite response https <virtual_name>
This command is used to override the virtual service configuration from HTTP to HTTPS redirection. Each
will respond to rewrite this as a virtual service
HTTPS response, HTTPS response to each one will be rewritten as HTTP response.
no http rewrite response https <virtual_name>
This command is used to remove from the HTTP virtual service configuration specified HTTP-HTTPS
rewrite strategy.
show http rewrite https
HTTP-HTTPS This command is used to display all virtual service rewrite strategy.
clear http rewrite https
This command is used to clear all HTTP-HTTPS rewrite strategy.
http rewrite request removeheader <virtual_service> <header_name>
This command is used to add HTTP rewrite policies for all client requests services from the specified
virtual cleared HTTP header field.
virtual_service HTTP or HTTPS virtual service.
header_name header fields will be cleared. Header names are not case sensitive.
no http rewrite request removeheader <virtual_service>
This command is used to clear the Override policy HTTP header field from the specified virtual service.
show http rewrite request removeheader [virtual_service]
This command is used to display the virtual service from a designated clearing all HTTP client request
HTTP header field rewrite strategy. If the parameter
"Virtual_service" is empty, it shows all the virtual services from all client HTTP requests to clear a HTTP
header field rewrite strategy.
clear http rewrite request removeheader [virtual_service] Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
155
This command is used to clear the HTTP request header field of an HTTP rewrite policy from a specified
virtual service all clients. If the parameter
"Virtual_service" is empty, all client requests from all virtual services in a clear HTTP rewrite HTTP
header field strategy.
http rewrite response removeheader <virtual_service> <header_name>
This command is used to add HTTP rewrite policy for the specified virtual service to clear a HTTP header
field from all the server response.
virtual_service HTTP or HTTPS virtual service.
header_name header field to be deleted. Header names are not case sensitive.
no http rewrite response removeheader <virtual_service>
This command is used to specify the virtual service from all servers in response to delete HTTP header
field of HTTP rewrite policies.
show http rewrite response removeheader [virtual_service]
This command is used to display a specified virtual service from all servers HTTP response to delete an
HTTP header field rewrite strategy. If the parameter
"Virtual_service" is empty, then displays all HTTP server to respond to delete an HTTP header field to
rewrite the policy from all the virtual services.
clear http rewrite response removeheader [virtual_service]
This command is used to delete all servers HTTP response header field of an HTTP rewrite policy from a
specified virtual service. If not specified
"Virtual_service", then delete all virtual services to all HTTP header field in a HTTP server response
rewrite strategy.
7.16 URL Filtering
NetFOS also provides additional security mechanisms, including URL filtering, buffer overflow attack
protection, the parser escape attacks, directory traversal attacks,
And other hacker protection strategy. Execution NetFOS URL filtering protocol commands listed below.
Note: URL filtering mechanism must Layer 7
SLB co-operation.
filter vip [virtual_service_name]
This command allows the user to create URL filtering function for a specified virtual service. Parameters
"virtual_service_name" The default value is "global",
Said the global setting.
virtual_service_name specify a URL filtering applies virtual services. By default, the
Parameter is set to "global", said URL filtering applies to all virtual services.
filter mode {passive | active} [virtual_service_name]
This command allows the user to set if NetFOS receive a bad URL request, AS device what action to take.
"Passive" setting allows your Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
156
Seeking through this device, while retaining an illegal communication records. "Active" setting will guide
device according to user-configured URL filtering protocol violations, please discard
Requirements. Default active mode. Parameters "virtual_service_name" The default setting is "global",
said the global setting.
[no] filter url character <start_ascii_value> <end_ascii_value> [virtual_service_name]
This command allows the user to set various ASCII value, refused to back-end server access. Parameters
"virtual_service_name" The default setting is
"Global", said the global setting.
filter url keyword match <string> [virtual_service_name]
N This command is used to check whether the string and URL filtering rules configured regular
expression matching. The configuration parameters to ensure the rule of writing regular expressions
Correctly matched string is indeed deny or allow the customer wants. Parameters
"virtual_service_name" The default value is "global", said the whole
Bureau settings.
filter url keyword default {permit | deny} [virtual_service_name]
This command allows the user to set the default virtual service URL filtering rules. If you specify a virtual
service is denied access, the AS will return "403
Forbidden "message. Combined" filter url keyword "command, this command provides a flexibility to
define a blacklist of URL keyword filtering
And whitelists. As the command to "filter url keyword" command is based, when users modify the
default filtering settings (the default permission), shall not start
By URL keyword filtering to deny or allow rules. Parameters "virtual_service_name" The default value is
"global", said the global settings.
permit | deny to specify the default URL filtering rules.
virtual_service_name specify the applicable virtual URL filtering service. By default, this parameter
Is set to "global", said the URL is set to global settings.
[no] filter url keyword {permit | deny} <string> [virtual_service_name]
This command allows the user to set a specific keyword or string to remind AS equipment beware of
potential accidents server requests. The command and "filter url
keyword default "command with the work.
"deny" option. This
A configuration will reject the configuration keyword matching URL requests.
"permit" option.
Unless specified URL and keyword matching, otherwise, all requests will be rejected.
permit | deny to allow or deny a specific keyword.
string parameter "string" can accept PERL compatible regular expressions. Said
Ming: "*" indicates subexpression matches 0 or n times, and wildcard expressions
The "*" is different. If you need to match the "*" character, "\ *" to meet the requirements of Chapter 7
server load balancing (SLB)
2013 Teamsun
All rights reserved
157
"\ *" Is used to turn back. A typical format is: "/ upload /" matches any include
"/ Upload /" keyword in URL, "\. Exe" match all exe files
"/image/.""*\.jpg" Match "/ image /." All jpg files directory.
If two or more matching rules match the same URL, cache too
The most frequently selected filter matching rule.
Description: URL parameter can only support compatible with PERL regular expressions.
Regular "*" "*" meaning different expressions and wildcard expressions. In
Cache filter must avoid a single "*." A single "*" in regular expressions
Has no meaning. (Example: cache filter rules www.sina.com.cn, "*",
"Cache = yes" is not allowed). In NetFOS system. "*" Is
As a wildcard, matching all URL. Regular expressions. "*" Means
The same meaning as the expression wildcard "*" is.
virtual_service_name virtual name of the service. The default is "global", said the global setting.
[no] filter type {integer | string} <variable_name> [virtual_service_name]
This command allows the user to press the URL query variable types (URL in the "?" Later in this section)
to configure filtering requests. AS device will be based on parameters
URL query variable "variable_name" whether the value provided for "integer" or "string", to allow or
disallow the request. Parameters
"Virtual_service_name" The default value is "global", said the global settings.
filter length {url | query | queryvariable | querydata | header | request} <length>
[virtual_service_name]
This command allows the user to set various filter parameters from different aspects of the request for
access to the network. Parameters "virtual_service_name" default value
"Global", said the global settings. The default length of the filter as follows:
158
Process the number of requests to be dropped. Parameters "virtual_service_name" The default value is
"global", said the global settings.
filter request controlchar {on | off}
This command is used to enable or disable the control character filtering features. By default, the
control character filtering function is enabled. When this feature is enabled,
All characters back with "%" (the escape character) will be converted. However, if the conversion fails,
the entire URL will be rejected. When this function is disabled,
Followed by '%' (the escape character) All characters must be converted. And "on" mode is different
when the conversion fails, the conversion will be ignored, the entire URL
Be accepted.
Allows the use of the escape mode include:
% XX: XX is 00 ~ FF, but does not include the 00 ~ 1F and 7F
% uXXXX: XXXX is 0000 ~ FFFF
The following table provides some conversion examples:
URL \ Mode On Off
http://abc.com http://abc.com http://abc.com
http://abc.com/%30 http://abc.com/0 (successful conversion) http://abc.com/0 (successful conversion)
http://abc.com/%00
......
http://abc.com/%1F
Deny. (Conversion failed because% 00 ~% 1F
A control character)
http://abc.com/%00
http://abc.com/%1F
(Conversion failed, but retains the character)
http://abc.com/%7F Deny. (conversion failed because% 7F is controlled
System character)
http://abc.com/%7F (conversion loss
Defeat, but to save the character)
This command is used to display to the protocol, content type and IP address filtering criteria for a
positive connection.
protocol positive connection protocol type: TCP, UDP, or All (containing both TCP
And UDP). This parameter is optional and defaults to "all".
content_type data or count. Data are expressed connection details match. Count indicates
The number of mating connector to display.
ip IP address matches the local or remote IP address of the active connection.
For example:
------------------------------------------------- ----------------------
2013 Teamsun
All rights reserved
161
no connection <protocol> [local_ip] [local_port] [remote_ip] [remote_port]
This command is used to clear the configuration of the active connection protocol, IP and port filtering:
protocol TCP, UDP, or All (TCP and UDP both).
local_ip local IP. Optional parameter, the default value is 0.0.0.0, this means all the IP
Address.
local_port local port. Optional parameter, the default value is 0, indicating that all port values.
remote_ip remote IP. Optional parameter, the default value is 0.0.0.0, this means all the IP
Address.
remote_port remote port. Optional parameter, the default value is 0, indicating that all port values.
Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
162
ICMP
Additional
Script
FTP traffic
Layer 7 SIP 2
IP + Port
+ Proto
(SIP-TCP
,
SIP-UDP
)
IP + Port +
proto
(SIP-TCP,
SIP-UDP)
None
TCP
TCPS
ICMP
Additional
Script
SIP-TCP
SIP-UDP
VOIP flow balance
Layer 7
RTSP 2
IP + Port
+ Proto
(RTSP)
IP + Port +
proto
(RTSP)
None
TCP
ICMP
Additional
Script
RTSP-TCP
Real-time media flow balance.
Layer 4 2 IP + port IP + Port
None
TCP
TCPS
ICMP
Additional
Script
1 based on TCP / UDP standard
Head balance traffic.
2 Specify the TCP port or
UDP port decides that a
Specific services.
Port range
(for Layer 7) 3
Layer 7
VS + Port
range
Layer 7 RS
Layer 7 RS
(0 port)
Non-zero
port RS:
Layer 7
health
In addition to Layer 7 SLB, also support
Holding cross-port and dynamic port
Application traffic balancing. Chapter 7 server load balancing (SLB)
2013 Teamsun
All rights reserved
163
SLB Type Priority
(1 is highest)
Virtual
Service
Real
Service
Health
check Scenarios
check
Zero port
RS:
ICMP
Additional
Port range
(for Layer 4) 3
Layer 4
VS + Port
range
Layer 4 RS
Layer 4 RS
(0 port)
Non-zero
port RS:
Layer 4
health
check
Zero port
RS:
ICMP
Additional
In addition to Layer 4 SLB, also supports
Holding cross-port and dynamic port
Application traffic balancing.
Layer 3 4 IP IP
None
ICMP
Additional
In addition to a range of ports SLB, also
Support cross-protocol application traffic
Balance. Currently, only
TCP and UDP protocols.
Layer 2 1 IP + port
ranges IP, MAC
ARP
Additional
(only
ICMP)
virtual_service optional parameters. This parameter specifies the HTTP caching feature to enable or
disable virtual
Proposed service. By default, the global HTTP caching feature is enabled or disabled.
show cache status
The current status (enabled or disabled) This command is used to display the cache function.
cache settings objectsize <size>
This command is used as the object of a need to set the maximum cache buffer value. Cache values
must be specified in kilobytes. The default is 5120KB. The minimum value is
1KB. The maximum value depends AS device memory size.
Maximum system memory cache object
4GB 10240KB (10MB)
8GB 20480KB (20MB)
16GB 40960KB (40MB)
cache settings expire {hh: mm: ss | seconds}
This command is used to set the global failure time (all cached objects). The default is 82,800 seconds
(23 hours). Must be specified expiration time, format
Be "hh: mm: ss", or enclosed in double quotes.
Only in the use of Section 13.2 RFC2616 specified expiration time Expiration Model can not be
calculated, to be used as a global failure time
Failure time an object.
If the expiration time, in seconds, allowed values 0-2147483646 seconds. "0" indicates that failure
immediately after the object is stored in the cache. Chapter 8 reverse proxy cache
2013 Teamsun
All rights reserved
166
Cache design process three types of cache expiration time:
1. "cache filter rule" was first used to configure the expiration time.
2 If you do not specify the "ttl" parameter, will use the global specified by the "cache settings expire"
expiration time.
3 For any cache does not cache content filtering rule matching for HTTP header defined expiration time.
4 If the HTTP header is not used to define the expiration time of "Expires" field, press the "cache settings
expire" Configuration
Carried out.
show cache settings
This command displays the current configuration of the cache, including the expiration time of the
cached object (cache configuration failure) and the maximum number of cached objects (object
The size of the cache configuration).
show statistics cache [virtual_service]
This command is used to display all current statistics HTTP cache. If you specify a virtual service, display
cache statistics of the virtual service
Information.
Description: Cache statistics apply only to HTTP and HTTPS virtual services.
For example:
ts redirected to HTTPS: 0
2013 Teamsun
All rights reserved
167
gex match: 0
-cache": 0
-cache": 0
o IMS mismatched: 0
d caching: 0
-store": 0
2013 Teamsun
All rights reserved
168
nd url and host: 0
-store": 0
-cookie": 0
Number of open client connections and opening up the total number of client connections.
Number of open server connections open server connection totals.
Requests with PURGE method AS PURGE total number of requests received by the device.
Requests with POST method AS POST total number of requests received by the device.
Requests with HEAD method AS HEAD total number of requests received by the device. Chapter 8
reverse proxy cache
2013 Teamsun
All rights reserved
169
Output Item Description
Requests redirected based on regex
match requested by the user to configure the rules redirection.
Requests forwarded with rewritten url rewrite request URL
Cache miss, new entry created.
The number of cache table to be searched and found no matching entry, create a
New entry. However, please note that sometimes creates an entry only temporary
(I.e., is used as IMS (if_modified-source) the request, generates a
A 304 results), is deleted (delay after sending data to the client
Later deleted).
Cache miss, noncacheable requests
Request does not result in the cache table search. Request certain parameters allow AS
Equipment considers the request does not have the cache (ie, very long URL,
"Cache-Control: no-store" standard first class. )
Cache revalidate
Request object has been found in the cache. However, the request for re-examination request
Card (due to re-authenticate the client to produce re-inspection agents produced
Forced generated proxy card or deletions).
Cache hit, reply using cache
AS equipment is required to find the URL in the cache. Object for the new,
New.
Cache miss, HTTP version mismatch of the counter is always zero.
Cache miss, IMS mismatch
AS device receives a request that contains a IMS
(If_modified-source) header. AS equipment validation stamp,
A copy of the object to determine whether the client is expired. AS device will turn this request
Sent to the backend server (importantly, we will this event as a
A cache miss). Chapter 8 reverse proxy cache
2013 Teamsun
All rights reserved
171
Output Item Description
Cache miss, server driven negotiation
The requested object has been found in the cache. However, the package cache Reply
Containing a "vary" header, hydroxyl value of certain request headers for comparison.
If the comparison fails, AS equipment will lack the event as a cache
Loss. AS device forwards the request to the backend server. Cache not more
New.
Cache miss, negative entry hit
Request results in a negative cache click. AS said negative caching device
HTTP error code cache responses, for example, 404,302,503
And so on.
Requests redirected to HTTPS has been redirected to HTTPS requests.
Requset with "maxage = 0" contain "maxage = 0" request field.
Cached object had "no-cache" contains the request "no-cache" field.
Cache object expired cache file failure.
Cache was filling when request was
When made the request is issued, the cache is filled.
Revalidation failed due to IMS
mismatched
If IMS data on the client device is greater than the LM AS date, the Department of
The system will force the manufacturer once cache is missing.
Client has newer copy, can not send
from cache
From the last-modified header judgment, the client copy than the cache time to
Early, so it will not send a cached copy.
Object in cache is chunked, can not
give to 1.0 client
Cache to cache block in the form of preservation, is compatible with HTTP 1.1 protocol, not
1.0 clients can access.
Network memory utilization was too
mbuf high enough allocated to the cache.
Cache filter denied caching cache filter refused cache.
Requests with "no-store" contains the request "no-store" field. Chapter 8 reverse proxy cache
2013 Teamsun
All rights reserved
172
Output Item Description
Requests with "authorization" request containing "authorization" field.
Requests with cookies contain a cookie request fields.
Requests with range contains the request "range" field.
Requests non GET, non HEAD does not contain all remaining requests "GET" or "HEAD" field.
Requests URL too long URL is too long a request.
Host Name Requests host too long a request is too long.
Network memory shortage when cache
hit (200, 304) cache memory shortage hits (200,304)
Cache was not accessible buffer cache module is not ready to do.
Fail to send cache lookup to the communication between the client cache and cache module fails.
Fail to find url and host logic errors, host or URL information can not be extracted from the buffer.
Fail to parse cache specific http
request headers cache module error occurred while trying to analyze a request.
Fail to create a new cache object internal logic error, you can not add the cache object.
Noncacheble requests due to other
errors are not listed due to an error, the request can not perform caching operations.
HTTP response code not 200, 300 or
301 HTTP response code is not 200, 300 or 301. Chapter 8 reverse proxy cache
2013 Teamsun
All rights reserved
173
Output Item Description
Response had a "no-store" reply contains "no-store" field.
Response had a "private" reply contains "private" field.
Response had a "set-cookie" response contains "set-cookie" field.
Response had a "vary" reply contains "vary" field.
We got cache miss for HEAD or
PURGE method HEAD or PURGE request will not be cached.
Could not revalidate with HEAD or
PURGE method can not be re-verified HEAD or PURGE Act request.
Response noncacheable too big files too large to be cached.
Cache storage limit exceeded based
on header data processing headers, mbuf inadequate.
Cache storage limit exceeded based
When on payload processing Replies subject, mbuf inadequate.
Network memory shortage when
When storing response body storage Reply body, insufficient network memory.
Cache object was deleted before
response arrived
When replying to feedback, the cache entry is deleted. Normal procedural requirements, first
Delete the cache entry, and then receive information.
Fail to parse cache specific http
When the response headers Analysis reply header, an error occurred.
Fail to store response headers in
cache to cache failed to send reply header.
Cache object was aborted due to
connection reset connection reset, causing the cache aborted. Chapter 8 reverse proxy cache
2013 Teamsun
All rights reserved
174
Output Item Description
Noncacheble responses due to other
error due to not enumerated error, reply cache operation can not be performed.
Fail to store response body in cache to cache the body fails to send a reply.
clear statistics cache [virtual_service | all]
This command is used to clear the cache statistics, including the number of cache hits and the number of
requests. If you specify a virtual service, ease of the virtual service
Keep statistics will be cleared. If you use the keyword "all", will clear the virtual service statistics for all
HTTP and HTTPS. If not specified
Virtual services, clear the global cache statistics.
show cache content <host_name> <url_regex>
This command is used to cache object information display with the specified host name and URL regular
expression matching.
host_name Specifies the host name of the object.
url_regex specified object URL regex.
clear cache content
This command is used to clear all cached objects from the cache. The operating system does not change
the current cache configuration.
cache filter {on | off}
This command is used to enable or disable the cache filtering. By default, the cache filter off.
cache filter rule <host_name> <url> {cache | urlquery | ttl}
This command is used to create a cache filter rules that define AS equipment for "host name" and "url"
matching object caching behavior. Parameters "host
name "and" url "define the host and URL address, and runs on cache filter host name does not accept
regular expressions, and must be a complete
Keywords. In the "url" parameter, you can use any suitable PERL compatible regular expressions, and
create a more powerful regular expressions.
Parameters "cache" request "cache = yes" or "cache = no" type of input to determine whether the cache
matching object. Parameters "urlquery" requirements
"Urlquery = yes" or "urlquery = no" input, to decide whether to ignore the user requests the URL query
string. Parameters "ttl" (Time to
Live) The length of time the cache object.
host_name parameter "host_name" and "url" is used to define us want to run slow
Memory address filtering rules. Chapter 8 reverse proxy cache
"Cache = no", said regardless of whether the header allows objects to be cached, the user can force the
object will not be cached.
If you do not specify a "cache", cache filter will cache control field configuration execution.
In the cache filtering, TTL can use the following two forms:
e
2013 Teamsun
All rights reserved
177
In this example, the host name and the object of all matching URL regular expression will be forced
caching TTL seconds. TTL in seconds after arrival, AS equipment
Must refresh or validate the object again, and then in order to be used again.
In this example, if the object contains a TTL control instructions relating to all objects matching the host
name and URL regular expression should first comply with
Object refresh time. Otherwise, the object will use the TTL value specified in the rule.
For example:
1 cache specified file type; other documents to comply with the instruction cache server.
filter rule www.xyz.com ". * \. Jpg" "cache = yes"
2 for the host www.xyz.com cache all "jpg" file.
\. Gif" "cache = yes" "ttl = 200000"
Host www.xyz.com cache all "gif" file. Its TTL value is rewritten as 200,000 seconds.
3 cache specified type of file; other documents should not be cached.
\. Jpg" "cache = yes"
\. Gif" "cache = yes" "ttl = 200000"
S (config) #cache filter rule www.xyz.com ". * \. Html" "cache = yes" "ttl = 200000"
4 Do not specify the type of file caching; other documents executed by the server's cache directive.
(config) #cache filter rule www.xyz.com ". * \. Jpg" "cache = no"
\. Gif" "cache = no"
5 Do not cache specific types of files; other files should be cached.
. * \. Jpg" "cache = no"
\. Gif" "cache = no"
6 Specify a file type. This type of file cache filter will comply with the definition of GGL; other types of
files will comply
TTL cache control header definition.
\. Jpg" "ttl = 200000"
\. Gif" "ttl = 200000"
.xyz.com "/" "cache = yes"
7 Specify a file type. This type of file will ignore cache query string of the URL; other files using the entire
URL.
Some commands can be configured AS equipment HTTP traffic and how to deal with special requests.
The first function processor "X-Forwarding", in the process
Users can configure an option, an "X-Forwarded-For" header insert all HTTP and HTTPS requests. This
allows the client IP
Can be displayed in real server. The second function is to allow users to configure an option for NetFOS,
resolve non-ASCII characters or more than in words
Festival of similar character. Xforwardedfor command support HTTP header, URL parameters, or both,
will be transferred to the client IP address backstage clothes Chapter 8 reverse proxy cache
2013 Teamsun
All rights reserved
179
Service unit. Based on the implementation of virtual service configuration process. Details of the two
commands are described below:
http xforwardedfor on [vs_name] [mode] [customized_name]
This command is used to enable the host IP address into the HTTP header of the function, as well as the
URL request or HTTPcookie forwarded to the backend server
Function. Command parameter is optional. If no argument, this command is global. For this function, the
default setting, the whole
Council set to disable, configure each virtual service was enabled.
Setting behavior
http xforwardedfor off
http xforwardedfor on vs1
(Which is the default setting)
When the global setting is disabled, the host IP address does not insert vsl of HTTP headers
Head, forwarded to the backend server URL requests and HTTPcookie.
http xforwardedfor on
http xforwardedfor on vs1
The host IP address will be inserted vsl HTTP headers, forwarded to the background
URL requests to the server and HTTPcookie. Only when global settings and
Each virtual service settings enabled, the host's IP address to be inserted vsl
HTTP header, URL request and HTTP cookie.
http xforwardedfor on
http xforwardedfor off vs1
When a single virtual service settings to disable the host IP address will not insert vsl
HTTP headers, forwarded to the backend server and HTTP URL request
cookie.
vs_name SLB virtual service name.
mode can be a header, url, cookie or all. All said the HTTP header,
URL request and HTTP cookie will contain the client IP address.
customized_name HTTP header for the IP address, URL request and HTTP cookie
Specify a new name.
http xforwardedfor off [vs_name]
This command is used to disable the host's IP address into the HTTP header, URL request and forwarded
to the backend server's HTTP cookie. If there is no means
Given parameter, the command will be global.
show http xforwardedfor
This command is used to display the Insert forwarded to the backend server request X-Forwarded-For
header current status (enabled or disabled).
http xclientcert virtual <virtual_service> [insert_mode] [content_type]
When you enable SSL client authentication, AS device can use this command to client certificates
received by the HTTP header or HTTP cookie
Forwarded to the backend server. Only "ssl settings clientauth" command has been successfully
configured after, AS device to the client certificate forwarded to the background in Chapter 8 reverse
proxy cache
2013 Teamsun
All rights reserved
180
Server.
insert_mode This parameter includes two modes: "header" and a "cookie". In case
"Insert_mode" is the header, the client certificate will be forwarded to the server is inserted
Header request. The default insert mode "header".
content_type The command has two certificates encoded content format: "PEM" and "body".
"Body" said AS device BASE64 encoded value of digital certificates forwarded
To the backend server, and "PEM" said AS device client certificate
The encoded value is forwarded to the backend server to OpenSSL internal code form.
OpenSSL internal code format has a header row start and abort
("----- BEGIN CERTIFICATE -----" and "----- END
CERTIFICATE ----- "), each have a 64 digit separator";. "
This parameter defaults to "body". (Note: OpenSSL internal code format allows
By ";" as a separator, cookie also to ";" as separator, so make sure
AS encoding device can use the certificate is forwarded to the backend server. )
show http xclientcert virtual
This command displays the server forwards the request to enable insertion X-Client-Cert header
features all the virtual services.
no http xclientcert virtual <virtual_service>
This command is used to enable the X-Client-Cert header at the specified virtual service forwards
requests to the server insertion.
clear http xclientcert virtual
This command is used to disable all virtual services X-Client-Cert header insert function when forwarding
the request to the server.
http xclientcert header [header_name]
This command is used to configure the client certificate header name. The default name is X-Client-Cert.
show http xclientcert header
This command is used to display the name of the client certificate header.
http xclientcert plaintext <mode> <field_name> <virtual_service> [customized_name]
[format_opt]
This command is used to enable or disable the insert certificate fields in the HTTP header, URL request
and HTTP cookie, and then to customize the header name Chapter 8 reverse proxy cache
2013 Teamsun
All rights reserved
181
Specify the certificate will be forwarded to the backend server field functions. Administrators can use
the "customized_name" option to customize the backend server can be accepted
The field name. If a custom name is empty, the system will use the default value of the field. Supported
fields include: subject (theme), issuer (hair
Sender), validity (validity), serial (serial number), NotBefore (start date), NotAfter (termination date),
CommonName
(Common name), PublicKey (public key) and custom RDN.
mode client certificate information transmission methods; supports the following methods:
Servers.
Server.
ission format is
Hexadecimal. For example, public key "0x00 0x43 0x78 0xed" to "0043
78 ed "form (ASCII value) is transferred to the backend server. Says
Description: When the file name specified in the way public key, only the public key modulus
emailAddress=online@teamsun.com.cn
Backend server receives the following cookie:
proxy cache
2013 Teamsun
All rights reserved
184
Subject formatting options, for example:
If a client certificate with the following topics DN:
ss=online@teamsun.com.cn
If "format_opt" to "positive", the theme will be delivered in the following order:
EmailAddress = online @ teamsun.com.cn, CN = abc, OU = NetF, O =
Teamsun, ST = BJ, C = CN
If "format_opt" to "reverse", the theme will be delivered in the following order:
C = CN, ST = BJ, O = Teamsun, OU = TM, CN = abc, EmailAddress = on
line@teamsun.com.cn
If "format_opt" as "original", the theme will be delivered in the following order:
C = CN, O = Teamsun, OU = TM, ST = BJ, CN = abc, EmailAddress = on
line@teamsun.com.cn
Validity, NotBefore, NotAfter: date and time format options should be:
2013 Teamsun
All rights reserved
185
Time values are in digital form.
Room.
Validity of formatting options, for example:
2009 GMT
-01-01 20:01:01 GMT to 2010-0101
20:01:00 GMT
-01-31T15: 35: 05Z To
2009-01-30T15: 35: 05Z
ext <OID>:. formatting options should be: unresolved or resolved ext <OID>.
Extended format definition X509 certificate as follows:
Extension :: = SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLETS DEFAULT FALSE,
extnValue OCTET STRING}
Among them:
extnID: The OID of the extension;
critical: The criticality flag;
extnValue: The extension value.
: unresolved :( default) only complete extnValue
Values are forwarded to the backend server. For DER, an object by
Three parts, said: type, length and value. extnValue with DER
Coding. Thus, extnValue including the type, length, and value.
tnValue equally to DER encoded, so it also contains three
Parts: the type, length and value. When this option is enabled, only
Numerical extnValue will be forwarded to the backend server.
When extnValue belonging to a numeric type one of the following, whether this option is not in Chapter
8 reverse proxy cache
2013 Teamsun
This command is used to specify the actual service mandatory for each server connection for a single
transaction.
real_name real name as a string in the form of service configuration. Note: If the configuration
Names begin with a number, the string should be enclosed in double quotes.
[show | clear] http serverconnreuse
This command is used to display or remove the application server connection number of the current
state of affairs (on / off).
http serverpersist {on | off} Chapter 8 reverse proxy cache
2013 Teamsun
All rights reserved
189
This command is used to enable or disable continuous connectivity background communication server.
By default, persistent connections enabled. When the connection re-use power
After the energy is enabled, enable persistent connections to ensure that all transactions from the same
client connection can be forwarded to the same backend server. If the connection is enabled
Reuse but disable persistent connections, connections from the same client transaction may be
forwarded to a different backend server connection.
[no] http serverpersist real <real_name> off
This command is used to specify the actual service backend server to disable persistent connections
communications.
real_name real name service configuration, in the form of a string. Note: If equipped
Name set begins with a number, string should be enclosed in double quotes.
[show | clear] http serverpersist
This command is used to display or remove persistent backend server connection status (enable /
disable).
http shuntreset {on | off}
This command is used to enable or disable the reset function can not be reused server connections.
Enabling this feature will force the AS recharge not reusable server connected device
Pick. This option is disabled by default.
show http shuntreset
This command is used to display the status of non-reusable handle server connections.
http buffer nomsglen {on | off}
This command is used to enable (on) or disabled (off) cache and cache handling accept certain non-RFCcompliant response function. When you enable this command, in a letter
Interest is returned to the client before, the header does not "end of response" HTTP response message
length indicator still be cached. This feature is enabled by default.
show http buffer nomsglen
This command is used to display the status of the reply no cache "end of response" message length
indicator.
http rewrite request insertheader <virtual_service> <header_string>
This command is used to specify the virtual service received insert arbitrary HTTP request header
information. Except for the escape of the% character, the header string needs
Verbatim input. % n represents a line separator (by \ r \ n replace),% q is a double quotation mark
("),%% indicates the percent sign. header string maximum
Length of 500 bytes. For example, the header string FRONT-END-HTTPS: on% n, when the administrator
input via CLI
"FRONT-END-HEADER: on% n", we should include the double quotes; through the WebUI input string,
do not enter the quotes.
no http rewrite request insertheader <virtual_service>
This command is used to disable the insert custom HTTP headers specified virtual service. Chapter 8
reverse proxy cache
2013 Teamsun
All rights reserved
190
show http rewrite request insertheader [virtual_service]
This command is used to display the virtual service to insert arbitrary HTTP headers state. If you specify
the keyword "all", will display all virtual services insert
HTTP header configuration. The default is "all".
clear http rewrite request insertheader <virtual_service>
HTTP headers specified in this command is used to clear the insertion of virtual services. If you specify
the keyword is "all", will clear all HTTP virtual service
Header insertion.
http rewrite response cookie secure {on | off} [vs_name]
This command is used to enable or disable the HTTP header is placed within the Set-Cookie security
clause, preventing the client through insecure connection forwarding cookie.
The default state is "on". Parameters "vs_name" is used to enable or disable this feature in the specified
virtual service. If you do not set this parameter, the command
Globally enabled or disabled.
If the global configuration is "off", all configuration for each virtual services are "off". Only global
configuration is "on", the configuration will each virtual services
Effective.
http rewrite response cookie secure icookie {on | off} [vs_name]
This command is used to enable or disable the HTTPS client security cookie support functions. The
default state is "on". The purpose of this command to add is that when life
Order "http rewrite response cookie secure" when it is enabled, do not insert a "secure" label in SetCookie header. Parameters
"Vs_name" is used to enable or disable this feature in the specified virtual service. If you do not set this
parameter, this command will globally enable or disable.
If the global configuration is that all configurations are "off" "off", each virtual services. Only in global
configuration is "on", each virtual service configuration will
Effective.
show http rewrite response cookie secure
This command is used to display the reply security cookie running.
clear http rewrite response cookie
This command is used to rewrite the return to its default settings "on".
http rewrite response port <virtual_service> <modify_action>
This command modifies the specified virtual service receives an HTTP request port number in the
Location response header contains.
virtual_service specify the virtual service name.
modify_action designated modify behavior. Currently, only "remove" behavior. Chapter 8 reverse proxy
cache
2013 Teamsun
All rights reserved
191
no http rewrite response port <virtual_service>
This command is disabled for the specified virtual service port number modification.
show http rewrite response port [virtual_service]
This command displays the port number to modify settings for all virtual services. If you specify a
particular virtual service, this command displays only the virtual port services
Modify settings situation.
clear http rewrite response port <virtual_service>
This command will specify the virtual service port number to modify the settings to their default values.
virtual_service specify the virtual service name. If you specify the keyword "all", then reset the
Virtual service port number to modify the settings.
http rewrite response https <virtual_service>
This command allows the user to specify the HTTP or HTTPS virtual service to redirect from HTTP to
HTTPS rewrite configuration. This process requires
Rewrite HTTP location header content for use HTTPS scheme in the URL.
show http rewrite response https
This command displays the HTTP redirect rewrite HTTPS redirection for all virtual service configuration.
no http rewrite response https <virtual_service>
This command disables the specified virtual service to redirect from HTTP to HTTPS redirection rewrite
function.
clear http rewrite response https
This command disables all virtual service to redirect from HTTP to HTTPS redirection rewrite function.
http import error <error_code> <virtual_service> <url>
This command allows the user to import a custom HTTP error page from a remote server. "error_code"
refers to the HTTP error code,
"Virtual_service" refers to an error of the intended destination, "url" refers to the location of the custom
error page. Import custom error page support HTTP
The error code is 400 (Bad Request), 403 (ban), 412 (prerequisite error), 502 (Bad Gateway) and 503 (no
available services).
show http import error [error_code] [virtual_service]
This command displays the custom error code and error page list of host names to import. If you specify
"error_code" and "virtual_service", then
Import content error page is displayed (if any). Chapter 8 reverse proxy cache
2013 Teamsun
All rights reserved
192
clear http import error [error_code] [virtual_service]
This command clears all error pages to import. If you specify "error_code" and "virtual_service", will
clear the appropriate error page.
http error <error_code> <virtual_service>
The command for the specified "error_code" and "virtual_service", to enable error pages to import.
show http error [error_code] [virtual_service]
This command displays a custom error page to enable all HTTP error codes and host name. If you specify
"error_code" and
"Virtual_service" parameter is enabled error page is displayed (if present).
clear http error [error_code] [virtual_service]
This command disables all enabled error page. If you specify "error_code" and "virtual_service"
parameter, just disable the corresponding error page.
http permit host <host_name>
This command adds the specified host name to the list of host names allowed. The default allows all
host names. The command to configure at least one host name, only by
Over the hostname configuration are allowed, others are rejected.
show http permit host
This command displays a list of host names are allowed.
no http permit host <host_name>
This command clears the specified host name from the list of host names of allowed. After this host
name is cleared, if the list no other host name, the
There are host names are allowed.
clear http permit host
This command removes all host names from being allowed to host names list. After executing this
command, all host names are allowed.
[no] http permit method <method> [vip]
This command adds HTTP methods to be allowed or removed from the specified method. The method
can be used are, get, post, put, delete, trace,
connect, options, head, propfind, proppatch, mkcol, copy, move, lock, unlock, purge, rpc_in_data and
rpc_out_data. By default, allow all methods, but did not configure any command. Use this command to
configure at least one method, only the
Method configuration in order to be allowed, the remaining were rejected. If the "vip" parameter is null
or 0.0.0.0, this command is configured as a global. Otherwise, the command
VIP configuration.
show http permit method [vip] Chapter 8 reverse proxy cache
2013 Teamsun
All rights reserved
193
This command displays were allowed and rejected the list of methods HTTP. If the "vip" parameter is
0.0.0.0, this command displays the global configuration. If you do not
Specify "vip" parameter, this command displays all settings, including global settings and all per-vip
settings. If you specify a VIP parameter is only displayed
VIP setting.
clear http permit method [vip]
This command removes all the way from the list of methods allowed in HTTP. After executing this
command, all HTTP methods will be allowed. If the "vip"
Parameter is specified as 0.0.0.0, this command will clear the global permitted methods. If you do not
specify a "vip" parameter, this command will clear all allowed methods
Including global settings and all per-VIP setting. If you specify a VIP parameters, remove only the
specified VIP permitted methods.
http modifyheader http10 {on | off}
This command allows the user to change HTTP response version from 1.1 to 1.0, while adding a header
to restore the "connection: keep-alive". If the HTTP
Version 1.1, AS device to convert it to 1.0. If the "connection" field does not exist or is connected field is
"connection: close", AS
Equipment will add this field or be amended to "connection: keep-alive". The default setting is "off".
show http modifyheader http10
This command displays the modified header configuration.
[no] http acl url <virtual_service> <path> [level_0 | 1 | 2]
This command is an SLB virtual service network resource definition an ACL rule.
The maximum number of ACL configuration rules depends on system memory size:
2013 Teamsun
All rights reserved
194
Parameter Value Description
0 resources can be accessed via HTTP and HTTPS.
A resource can only be accessed via HTTPS, may have, but also there is no client authentication.
However, if you set
SSL is compulsory certification, the client certificate authentication required "2" implementation.
Two resources can only access via HTTPS, forcing client certificate authentication.
http serverconnip <virtual_service> [header_name]
The command for a virtual service settings specified a server connection IP rules. Tell AS IP server
connection settings from the specified HTTP equipment
Header seeking to obtain an IP address, and backend server as the source IP connection. IP address of
the HTTP request header can be IPv4 or IPv6.
virtual_service for a specified HTTP or HTTPS virtual service name.
header_name an HTTP request header name is not case sensitive (not a standard
HTTP header). This is an optional parameter, the default value
"X-Forwarded-For". The maximum length is 100 characters. Header name
Not case sensitive.
Description: This command is only transparent mode configuration to take effect.
197
Source string contains the character "/" will result in an error, because the parameter
"Substitute s / from-pattern / to-pattern /" already exists in the
Characters. In this case, we should use the "Substitute
s \ | from-pattern \ | to-pattern \ | ".
This parameter is used to specify the flags string matching mode can be set to "-R" or
"-i". This is an optional parameter, the default value is null.
-R", as long as partial match "from-pattern"
Defined string, AS device will be rewritten.
et to "-i", matching "from-pattern" string does not zone
Case-sensitive.
-pattern" definition
When the strings match exactly, AS device will rewrite them.
Description:
1 parameter "rule" configuration string must be placed in double quotes.
2. "ProxyHTMLURLMap" and "Substitute" configuration string strict compliance with capitalization
requirements.
3 When "ProxyHTMLURLMap" and "Substitute" rules are configured, the first to use
"ProxyHTMLURLMap" rule, then
Then use the "Substitute" rule. If "ProxyHTMLURLMap" and "Substitute" rules were configured and
mapped to phase
Far from the expression, "Substitute" rule will rewrite "ProxyHTMLURLMap" rule.
4 If you want to modify the rewrite rule, run the day to rewrite operation will stop, AS will reset the
relevant connections. Therefore, when the device is processing network AS
When the network communication, it is recommended not to change the rewrite rules.
5 If you enable HTTP content rewriting functions, and configure the content rewrite rule, return each
row length can not exceed 1MB; otherwise,
AS device to the client sends a RST packet, terminates the TCP connection.
no http rewrite body rule <rule> [flags]
The command to remove a specified HTTP content rewrite rules.
text / richtext
mime_type This parameter specifies the file types to be rewritten. Type parameter can be set are:
html, plain, richtext, xml, xhtml, css or js.
By default, AS equipment rewrite only "text / html" type files.
no http rewrite body mimetype <mime_type>
This command is used to delete a configuration file to specify the type.
show http rewrite body mimetype
This command is used to display the current configuration of all file types.
This command displays a list of all the URL and associated URL regular expressions. If you specify the
parameters "url_list", this command will display only the specified URL column
Table of regular expressions.
clear http rewrite body url list [all | url_list]
This command removes all existing URL lists and related regular expressions.
all of the parameters used to delete a list of all current and relevant URL regular expression
Style.
URL list and related url_list This parameter is used to delete the specified regular expression.
http rewrite body url permit <virtual_service> <url_list>
This command allows you to specify a URL according to a list of specified virtual service content
rewritten. Only the specified URL list contains the string matching network
Page file to be overwritten. Other files can not be overwritten.
virtual_service This parameter is used to specify a virtual service. Chapter 9 rewrite HTTP content
2013 Teamsun
All rights reserved
200
url_list This parameter is used to specify a list of predefined URL. (Please refer to the command
"Http rewrite body url list <url_list> <url_regex>")
no http rewrite body url permit <virtual_service> <url_list>
This command is used to delete a list of configuration allows the URL specified.
show http rewrite body url permit [virtual_service]
This command is used to display a list of all allowed URL configuration. Parameters "virtual_service" URL
list is used to display the license specified virtual service configuration.
clear http rewrite body url permit <virtual_service>
This command is used to delete the specified list of all virtual service allows configuration of the URL.
virtual_service This parameter is used to specify the virtual service. If this parameter is set to "all", will
Delete a list of all virtual service allows configuration of the URL.
http rewrite body url deny <virtual_service> <url_list>
This command to disable the specified URL rewriting the list of specific virtual service content. All
contain a list of matching the specified URL string
This command allows the user to configure JavaScript, CSS, PDF, PPT, XLS and DOC files to configure the
user agent. Parameters
"User_agent_string" must be placed in double quotes, for example, http compression strategy User
Agent "IE 5.5" pdf file. However, TEXT, XML and
HTTP compression of HTML as the default, so there is no need to use the command "http compression
policy useragent" configuration. Parameters
"User_agent_string" AS device only for a sub-string comparison purposes.
"No" version of this command will clear the configuration (no http compression strategies user agent).
http compression advanced useragent on
This command enables Java Script and CSS compression, apply the following four objects are browser
(user agent): IE 6, IE 7, IE 8 and Mozilla
5.0
http compression policy urlexclude <vhost> <wildcard_expression>
The command for a virtual service to add a url-exclude compression rules. URL configuration if a client
sends a request to the virtual service
The "wildcard_expression" match, even if HTTP compression is enabled, the text of the reply will not be
compressed. This command than "http
compression policy useragent "command higher priority.
show http compression policy urlexclude [vhost]
This command displays all HTTP "vhost" parameter specifies the virtual services compression strategy
urlexclude rules. If you do not specify a virtual service name,
All HTTP compression strategy urlexclude rules.
no http compression policy urlexclude <vhost> <wildcard_expression>
This command is used to clear a specified by the virtual service name and wildcard expressions HTTP
compression strategy urlexclude rules. Chapter 11 HTTP Compression
2013 Teamsun
All rights reserved
205
clear http compression policy urlexclude [vhost]
This command clears a specified virtual service or all virtual services to all HTTP compression strategy
urlexclude rules.
show http compression policy useragent
This command displays the configuration of the user agent HTTP compression strategy.
clear http compression policy useragent
Users of this command to delete all the HTTP proxy has been configured compression strategy.
show statistics compression [virtual_name]
This command displays various statistics compressed. Specify a virtual service name, display statistics for
a SLB virtual service. To view the first seven
All statistics virtual service layer configured to not need to specify the name of the virtual run the above
command.
For example:
ent to compression
transactions
The following is the content of the explanation of the output information items.
Statistics Description
Total bytes sent to
compression of all the compressed data, in bytes, is the result of the length compressed by software and
hardware.
Total bytes recvd from
compression of all the raw data to be compressed bytes that can be software or hardware compression.
Sent bytes / second in the last one second compressed all the data. The argument before the current
one second
total_bytes_sent_out - total_bytes_sent_out calculations.
Rcvd bytes / second of raw data the total past a second compressed. The calculated parameter is the
current yield :(
To the total bytes) - (total bytes received a second ago)
Peak Sent bytes / second
Up to now, the maximum number of bytes per second sent from the beginning. If you recently sent
bytes per second
Number> peak number of bytes sent per second, the peak number of bytes sent per second = recently
sent per second
Bytes.
Peak Rcvd
bytes / second
The maximum number of bytes from the beginning to now received per second. If the number of bytes
per second received recently
> Word peak number of bytes received per second, the peak number of bytes received per second per
second = newly
Sessions.
Currently active
transactions
HTTP connections need to use active response data compression, this value should be equal to or
Greater than 0.
Statistics Description
HTML's compressed HTTP compression total response type is HTML.
TEXT's compressed HTTP compression total response of type TEXT.
XML's compressed HTTP compression total response type is XML.
DOC's compressed HTTP compression total response type for DOC.
PPT's compressed HTTP compression total response, type PPT.
XLS's compressed HTTP compression total response, type XLS.
CSS's compressed HTTP compression total response type for CSS.
JS's compressed HTTP compression total response type for JS.
PDF's compressed HTTP compression total response types to PDF.
The total number of requests attempted HTTP compression response, equivalent to the sum of all types
of compressed response.
content length
The total number of transactions HTTP compression in response to HTTP length calculation.
chunk encoding
The total number of transactions HTTP compression response, respond with a block coding header.
fin terminated
The total number of transactions HTTP compression response, responded to Fin terminated. Chapter 11
HTTP Compression
2013 Teamsun
All rights reserved
207
Statistics Description
Http 1.0 response HTTP 1.0 compression total response.
Http 1.1 response HTTP 1.1 compression total response.
clear statistics compression [virtual_name]
This command is used to clear the compression statistics. Specify a virtual name can clear the statistics
for a particular SLB virtual service. If you want to clear
In addition to Layer 7 virtual service statistics of all configurations, run the above command does not
develop in the virtual name of the premise. Chapter 12 Secure Sockets Layer (SSL)
2013 Teamsun
All rights reserved
208
Chapter 12 Secure Sockets Layer (SSL)
This chapter describes the Secure Sockets Layer (SSL) configuration commands.
show ssl status
This command is used to display the current status of the already configured SSL virtual host and all the
real host.
show ssl host
This command is used to display all currently configured SSL host and its matching SLB services.
show statistics ssl [host_name]
This command is used to display the current statistics for SSL connections and specify a host session. If
you do not specify a host, the host has been configured to display all
Statistics.
For example:
ions: 43
Description: SSL statistics in the "Resumed SSL sessions", "Resumable SSL sessions" and "Session Misses"
Are cumulative value. Among them, "Resumable SSL sessions" value will not be reduced, even when SSL
session times out, it will not be reduced.
clear statistics ssl [host_name]
This command is used to clear all the relevant statistical information specified host. If you do not specify
a host, then remove all configured hosts statistics.
[no] ssl host {real | virtual} <host_name> <slb_service>
This command creates an SSL host, and then bind to a specific host SLB services, regardless of whether
the service is virtual or real. Points
Rationing an SSL host SLB services must belong to HTTPS, TCPS, FTPS type. SLB services need to create
an SSL Host
Before the establishment. Please note SLB services by different names to activate the command mode,
you can assign a multiple SLB service host. For now,
Up to 64 SLB services share the same SSL virtual host. "No" version of this command will release the
relationship between the host and the SLB service. Chapter 12 Secure Sockets Layer (SSL)
2013 Teamsun
All rights reserved
209
real | virtual remind NetFOS, in an SSL service between the host and an SLB
The binding is configured virtual connection, or real connection. If an SSL
Host SLB virtual service associated with a newly created virtual SSL Main
Machine will play the role of SSL server. If a host with an SSL
Associated with a SLB real service, SSL real host will play the newly created
Role SSL client. An SSL host, if the virtual and SLB
Related services, from now on will be referred to an SSL real host.
SSL virtual host and SSL real host are two different entities, with
Have different configuration parameters. These options will be further solution in each command
Release.
Specify a name host_name SSL host. The name can be a number of letters
Character string, beginning can be underlined. The maximum length of a host name
255 bytes.
slb_service SSL hosts create and bind the SLB host name.
ssl csr <virtual_host_name> [key_length]
Create a virtual host specified CSR (Certificate Signing Request) this command. After running this
command, the system prompts the user to enter a range of information,
Ensure proper reception CSR. The administrator can choose to export the key and protect the exported
key with an encrypted password for future use.
In addition, the command also creates a "test" certificate for a virtual host. When you enable virtual
host for this test certificate, the console will be a
Warning message to remind you that the certificate chain is not complete.
virtual_host_name SSL virtual host name.
key_length generated SSL key pair for a specified length. SSL key lengths
Are 1024, 2048 and 4096. The default value is 1024.
Prompting the requested data as follows:
2013 Teamsun
All rights reserved
210
N)?:
For the above information, "State or province", "Location or local city", "Email address of administrator"
and so subject field is
Selected parameters. You can specify up to three values for "Organizational Unit" field. Once the above
information has been provided, AS device users to send Bianxiang
A data information. Users can copy the information to the e-mail, sent to a verification mechanism. CSR
in the subject field length should comply
Observe the following restrictions:
-character country code: 2 bytes
Warning: The command "ssl csr" produce test certificate is not used in the production system should
only be used for testing purposes. The private key inputs support all types
Character, the key length is also not limited. However, the key length can not be 0 bytes.
cert_index optional parameter is used to display the specified certificate. Parameter value can be 0, 1, 2,
3 Mo
Default is 0. If this parameter is null or 0, only the specified SSL host
Active certificate.
ssl restore certificate <host_name> <file_name> <password>
This command allows the user to restore the host name to specify SSL certificate from a PFX file and
private key, the file can be stored on a local or remote TFTP
On the server. Password string must when using "ssl backup" command to generate the input file is the
same string.
Name host_name to the specified SSL host configuration.
filename file_name an alphanumeric string. Local Format: Specified
Local valid filename, stored locally. TFTP format:
tftp: // server / filename.
string password allows access to the specified file. If the user wishes to use the keys breaks
Number, for example, "!" Or "$", the entire password must be placed within double quotes. Chapter 12
Secure Sockets Layer (SSL)
2013 Teamsun
All rights reserved
213
ssl import key <host_name> [cert_index] [tftp_ip] [file_name]
This command is used to import a SSL host key, then it is associated with the certificate index.
Administrators can import up to three keys.
If the administrator wants to import a key by CLI, he can "cut and paste", will be a key input CLI. The
command also supports TFTP
Importing IIS 5, IIS 4, Netscape iPlanet and Apache Web server key. Description: This command can also
be PEM TFTP
Unencrypted private key import format, but doing so is not safe, you should try to avoid.
host_name SSL host name.
cert_index import the key associated with a certificate for the index. It can be set to 1,2,3.
The default value is 1.
tftp_ip optional parameter is used to specify the TFTP IP address only key by
TFTP server or CLI trusted Certificate Authority import the certificate. NetFOS have a list of pre-installed
CA default, this command mad Confucianism new certificate, and then additional
Existing lists. This operation is used only for SSL virtual host. If the certificate format to PEM, the user
simply by "cut and paste", the root directory of the CA
Copy the certificate to the CLI. NetFOS have the ability to import PEM and DER format certificate by a
Certificate Authority TFTP.
virtual_host_name optional parameters. This parameter is used to specify the SSL virtual host name. If
that
Set to "ALL", the new certificate will import the root CA Global list. This parameter
The default is "ALL".
tftp_ip optional parameter is used to specify TFTP IP address, only in the key by
Will be used when TFTP import.
filename optional parameter used in the TFTP server for the key specified file name.
The default file name is <hostname> .crt.
Note: When you run a trusted CA certificate to import the specified SSL virtual host command, first run
the command "ssl stop", so that SSL virtual
Intends to host into hibernation.
ssl import interca <virtual_host_name> [tftp_ip] [filename]
This command allows the user to import an intermediate certificate authority issued certificates. When
the user needs on the TFTP server or CLI as a host with SSL
When setting a certificate chain, will use this command. This operation is used only for SSL virtual host.
Once the user via an e-mail receive a certificate, such as
If the certificate format for PEM, simply provide a certificate authority certificates to "cut and paste"
approach copied to the CLI. NetFOS have the ability to
PEM and DER format certificate issued by an intermediate Certificate Authority TFTP import.
virtual_host_name specify the SSL virtual host name.
tftp_ip optional parameter is used to specify TFTP IP address, only the key via TFTP
Will be used when importing.
filename This command is used to specify the intermediate CA certificate file on the TFTP server
Names. The default file name is <hostname> .crt. Chapter 12 Secure Sockets Layer (SSL)
2013 Teamsun
All rights reserved
215
show ssl interca <virtual_host_name> [display_mode]
This command is used to view the intermediate CA certificate is issued to specify SSL virtual host.
virtual_host_name specified SSL virtual host name. If this parameter is specified as "ALL", shows the
global
Of the root directory CA. The default is "ALL".
display_mode display mode can be "complete" or "simple", the default is
"Complete".
no ssl interca <virtual_host_name> [certificate_number]
This command is used to clear the specified intermediate CA certificate issued for the specified SSL host.
virtual_host_name specify an SSL virtual host name.
certificate_number specify the serial number of the certificate needs to be cleared.
ssl import clientkey [virtual_host_name] [url]
The command for the specified SSL virtual host to import a SSL client private key, customer
authentication with other SSL server links. For example,
Customer authentication, OCSP responder contact with the SSL server. That is, the private key is not
limited to OCSP, the client can also be