Command Line Interface Reference Guide > The SLB Configuration Menu
/cfg/slb/virt <server number>/service/http
Virtual Server HTTP Service Configuration Menu
The following menu example is application-specific and includes only the application-specific commands. For all common commands, refer to /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu.
 
[Virtual Server 22 234 http Service Menu]
name - Set descriptive virtual service name
http - HTTP Load Balancing Menu
cntrules - Content Based Services Rules Menu
appshape - AppShape++ Menu
tcpopt - TCP Optimization Menu
action - Set action type of this service
pip - Proxy IP Menu
ssl - SSL Load Balancing Menu
     sec      - Security Policy Menu
eaaf    - ERT Active Attackers Feed Menu
     group - Set real server group number
redirect - Set application redirection URL
rport - Set real port
hname - Set hostname
cont - Set BW contract for this virtual service
pbind - Set persistent binding type
thash - Set hash parameter
report - Set report granularity level
tmout - Set minutes inactive connection remains open
ptmout - Set in minutes for inactive persistent connection
     satisrt - Set satisfied response time threshold
ipheader - Set the HTTP header indicating the IP address of the user
sideband - Set sideband policy
dbind - Enable/disable/forceproxy delayed binding
clsrst - Enable/disable send RST on connection close
nonhttp - Enable/disable non-HTTP traffic via HTTP tunnel
nonat - Enable/disable only substituting MAC addresses
apm - Enable/disable apm
direct - Enable/disable direct access mode
mirror - Enable/disable session mirroring
winsize0 - Enable/disable using window size zero in SYN+ACK
ckrebind - Enable/disable server rebalancing when cookie is absent
sesslog - Enable/disable session logging
del - Delete virtual service
cur - Display current virtual service configuration
 
Virtual Server HTTP Service Configuration Options (/cfg/slb/virt/service/http) 
Command Syntax and Usage
name
 
Sets the descriptive name of the virtual service.
http
 
Displays the HTTP Load Balancing menu. To view this menu, see /cfg/slb/virt <server number>/service/http HTTP Load Balancing Menu.
From this menu, you can enable or disable HTTP redirection for Global Server Load Balancing (GSLB) on a per VIP basis. Disabling HTTP redirection causes GSLB to use a proxy IP address for HTTP.
cntrules
 
Displays the Content-Based Services Rule menu. The maximum number of rules per virtual service is 1281024. The rule number defines the rule priority.
Note: Alteon performs HTTP Layer 7 content switching before applying any modifications and is based on the original requests.
appshape++
 
Displays the AppShape++ menu for managing AppShape++ scripts. To view this menu, see /cfg/slb/virt/service/basic-slb/appshape AppShape++ Menu.
tcpopt
 
Displays the TCP Optimization menu for adding a TCP optimization policy to the client-side and server-side flows of a virtual service. To view this menu, see /cfg/slb/virt/service/basic-slb/tcpopt TCP Optimization Menu.
action group|redirect|discard
 
Sets the action type of this virtual service when no match is found in the HTTP content rule.
Values:
*group — Load balances the traffic between the servers defined in the group field after performing all other of the service’s actions.
*redirect — Performs application redirection for HTTP and HTTPS services based on the settings of the redirect command (see in this table).
*discard — Drops the session.
Default: group
pip
 
Displays the Proxy IP menu. To view this menu, see /cfg/slb/virt/service/basic-slb/pip Proxy IP Menu.
ssl <srvrcert|sslpol|cur>
 
Displays the SSL Load Balancing menu. To view this menu, see /cfg/slb/virt <server number>/service/https/ssl SSL Load Balancing Menu.
sec
 
Displays the Security Policy menu. To view this menu, see /cfg/slb/virt <server number>/service/sec Security Policy Menu.
eaaf
 
Displays the ERT Active Attackers Feed menu. To view this menu, see /cfg/slb/virt 2/service 80/eaaf ERT Active Attackers Feed Menu
group <real server group ID (alphanumeric)>
 
redirect
 
Sets the application redirection location of this virtual service.
Typically, client requests for HTTP applications are redirected to the location with the best response and least load for the requested content. The HTTP protocol has a built-in redirection function that allows requests to be redirected to an alternate site. However, if a client requests a non-HTTP application such as FTP, POP3, or SMTP, then the lack of a redirection functionality in these applications requires that a proxy IP address be configured on the client port. The client port initiates a redirect only if resources are unavailable at the first site.
Note: This feature should be used as the method of last resort for GSLB implementations in topologies where the remote servers are usually virtual server IP addresses in other Alteons.
The redirection location is a string of up to 255 characters with the following format:
<protocol>://<host>[:<port>][/<path>][?<query>]
The protocol and host parameters are mandatory. All other parameters are optional.
For each of the location fields, to access the value in the original request, use token format ($PROTOCOL, $HOST, $PORT, $PATH or $QUERY).
For example:
*To redirect to HTTPS: https://$HOST/$PATH?QUERY
*To change host: $PROTOCOL://NewHost.com/$PATH?$QUERY
rport <real server port (0, 1, 5-65534)>
 
hname <hostname> |none
 
cont <BWM Contract (0-1024), 0 for VIP default>
 
pbind clientip|cookie <p|r|i>|disable
 
Specifies the parameter that defines a persistent session.
Values:
*clientip — Uses the client IP address as the session identifier, and associates all connections from the same client with the same real server until the client becomes inactive, and the persistent entry is aged out of the session table.
Different services from the same client may not map to the same server.
The real server connection timeout value (/cfg/slb/real/tmout) controls how long these inactive but persistent connections remain associated with their real servers.
When the client resumes activity after their connection has been aged out, they are connected to the most appropriate real server based on the load balancing metric.
An alternative approach may be to use the /cfg/slb/group/content/metric command to set the minmisses or hash real server group metrics.
With clientip enabled, Alteon maps HTTP and HTTPS traffic from the same client to the same server regardless of the load balancing metric used because the services are related.
For more information, see Server Load Balancing Metrics.
*cookie — Uses a cookie header or a URI cookie as an identifier, and associates all HTTP requests with the same cookie value to the same server.
Available only for HTTP and HTTPS (with SSL offload) applications.
If the cookie expiration time is greater than the virtual service /cfg/slb/virt x/service x/ptmout value, timed out requests will not be persistent.
For more information, see Cookie-Based Persistence.
*disable — Disables persistence for this service.
Default: disable
thash sip|sip+sport
 
report <service|group|real>
 
Sets the reporting level for Device Performance Monitoring (DPM). When DPM is enabled, performance statistics are sent to Cyber Controller (or APSolute Vision 4.x) for display in the Device Performance Monitoring Web interface. The DPM Web interface includes alerts, dashboards with current monitoring data, and reports with historical data.
Note: For DPM to work you must enable it (see /cfg/sys/report Configuring Device Performance Monitoring (DPM) Reporting Parameters), and you must enable DAM (Direct Access Mode) for each virtual service that you are monitoring.
By default, statistics are gathered per virtual service. When you require more granular reports, you can select an extended reporting level per virtual service (per group or real server associated with that service).
Values:
*service — DPM statistics are gathered and displayed per virtual service.
*group — DPM statistics are gathered and displayed per group per virtual service.
*real — DPM statistics are gathered and displayed per real server per virtual service.
Default: service
For more information on DPM, see the Cyber Controller (or APSolute Vision 4.x) User Guide.
tmout
 
ptmout
 
satisrt <inherit, [1-999999]>
 
Sets the application satisfied response time threshold.
You can configure the application satisfied response time threshold globally at /cfg/slb/adv/satistr (default is 500 ms) or locally per service at /cfg/slb/virt/service/satisrt (default is inherit the global setting).
Based on this threshold, Alteon calculates the frustrated threshold as 4 times the satisfied latency threshold. When a transaction response is above the frustrated threshold, its event log will be marked as exception.
ipheader <remote_addr|x‑forwarded‑for||http_client_ip|
http_x_forwarded_for|x‑real‑ip|http_x_forwarded|proxy-client-ip|wl-proxy-client‑ip|http_x_cluster_client_ip|http_forwarded_for|http_forwarded|http_via|x-true-client_ip|user-defined>
 
Specifies the IP header of the client IP address in CDN/Proxy deployment. This is required for ERT Active (eaaf) and Traffic Event logging.
Default: x-forwarded-for
sideband <4|aaa>
 
You can attach a sideband policy to a virtual service of type HTTP/HTTPS.
Note: This capability is part of the DNSoverHTTP to DNSoverUDP support.
dbind disable|forceproxy
 
clsrst disable|enable
 
Specifies how Alteon closes client-side and server-side sessions.
Values:
*disable — When Alteon receives a FIN message from the client, Alteon performs a graceful closure of both client-side and server-side sessions.
*enable — When Alteon receives a FIN message from the client, Alteon closes the server-side session entry using RST for fastage.
Default: disable
Note: To enable session reset on connection close, full proxy mode (forceproxy) must be enabled.
nonhttp enable|disable
 
Specifies whether to enable or disable processing of non-HTTP connections.
Values:
*enable — Alteon processes non-HTTP traffic according to the default service action.
*disable — Alteon terminates non-HTTP connections with an error message.
Default: disable
Note: When nonhttp is enabled, Alteon will still support http service with all http features (like modifications). If non-http traffic is identified, instead of closing the session with an error (as it would be with nonhttp=dis), Alteon will bypass all HTTP capabilities and let the traffic pass. From this point, no http features will work until the end of the connection (tcp session).
nonat disable|enable
apm enable|disable
 
Note: APM is no longer supported. Keep APM disabled to eliminate any undesired performance impact.
Enables or disables application performance monitoring (APM) for GSLB.
Alteon gathers HTTP application performance data and sends it to the APM server. The APM server gathers all information, analyzes and displays application performance and SLA data. The APM server is situated on the Cyber Controller (or APSolute Vision 4.x) server. An APM license must be installed on Alteon, and the APM server must be configured before attempting to activate it as a service. When APM is activated on a service, Alteon attempts to configure the new monitored application on the APM server. If this attempt fails, the event is reported and the APM is disabled on the service.
Default: disable
direct disable|enable
 
mirror disable|enable
 
winsize0 disable|enable
 
ckrebind disable|enable
 
Specifies whether to make the cookie persistency decision per each HTTP/S request, or only for the first request. When this parameter is enabled, Alteon searches for the persistent cookie in each request and, if found, selects the server that the cookie value points to. If the persistent cookie is not found, the server is selected and the cookie value is inserted or updated on response. 
Default: disable
sesslog disable|enable
 
Specifies whether to enable or disable session logging.
Session logs are sent to the syslog servers via the data port when the sessions are deleted or aged out. The Alteon switch processor sends the buffered session logging data to the syslog server at regular intervals (every 30 seconds) if the buffer is not completely filled. There will be no session syslog if no sessions have aged out during this duration of 30 seconds.
Note: Syslog servers configured on Alteon must be accessible via the data ports.
Default: disable
del
 
cur