[Virtual Server 33 443 https Service Menu] name - Set descriptive virtual service name http - HTTP Load Balancing Menu tcpopt - TCP Optimization Menu ssl - SSL Load Balancing Menu cntrules - Content Based Services Rules Menu appshape - AppShape++ Menu action - Set action type of this service pip - Proxy IP Menu group - Set real server group number redirect - Set application redirection URL group - Set real server group number rport - Set real port hname - Set hostname namesrvr - Set nameserver group for the domain name cont - Set BW contract for this virtual service pbind - Set persistent binding type thash - Set hash parameter report - Set report granularity level tmout - Set minutes inactive connection remains open ptmout - Set in minutes for inactive persistent connection satisrt - Set satisfied response time threshold dbind - Enable/disable/forceproxy delayed binding clsrst - Enable/disable send RST on connection close nonhttp - Enable/disable non-HTTP traffic via HTTP tunnel nonat - Enable/disable only substituting MAC addresses apm - Enable/disable apm direct - Enable/disable direct access mode mirror - Enable/disable session mirroring winsize0 - Enable/disable using window size zero in SYN+ACK ckrebind - Enable/disable server rebalancing when cookie is absent sesslog - Enable/disable session logging del - Delete virtual service cur - Display current virtual service configuration |
Command Syntax and Usage | |
---|---|
name | |
Sets a descriptive name for the virtual service. | |
http | |
Displays the HTTP Load Balancing menu. To view this menu, see /cfg/slb/virt <server number>/service/http HTTP Load Balancing Menu. From this menu, you can enable or disable HTTP redirection for Global Server Load Balancing (GSLB) on a per VIP basis. Disabling HTTP redirection causes GSLB to use a proxy IP address for HTTP. | |
tcpopt | |
Displays the TCP Optimization menu for adding a TCP optimization policy to the client-side and server-side flows of a virtual service. To view this menu, see /cfg/slb/virt/service/basic-slb/tcpopt TCP Optimization Menu. | |
ssl <srvrcert|sslpol|cur> | |
Displays the SSL Load Balancing menu. To view this menu, see /cfg/slb/virt <server number>/service/https/ssl SSL Load Balancing Menu. | |
cntrules | |
Displays the Content-Based Services Rule menu. The maximum number of rules per virtual service is 1024. The rule number defines the rule priority. Note: Alteon performs HTTP Layer 7 content switching before applying any modifications and is based on the original requests. To view this menu, see /cfg/slb/virt <server number>/service/https/cntrules Content-Based Services Rule Menu. | |
appshape++ | |
Displays the AppShape++ menu for managing AppShape++ scripts. To view this menu, see /cfg/slb/virt/service/basic-slb/appshape AppShape++ Menu. | |
action group|redirect|discard | |
Sets the action type of this virtual service. When content rules are configured for the service, this parameter specifies the default action when traffic does not match any of the content rules. Values: ![]() ![]() ![]() Default: group When the action option is set to redirect, the dbind option is automatically set to forceproxy. | |
pip | |
Displays the Proxy IP menu. To view this menu, see /cfg/slb/virt/service/basic-slb/pip Proxy IP Menu. | |
group <real server group ID> | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. | |
redirect | |
Sets the application redirection location of this virtual service. The redirection location is a string of up to 255 characters with the following format: <protocol>://<host>[:<port>][/<path>][?<query>] The protocol and host parameters are mandatory. All other parameters are optional. For each of the location fields, to access the value in the original request, use token format ($PROTOCOL, $HOST, $PORT, $PATH or $QUERY). For example: ![]() ![]() | |
rport <real server port (0, 1, 5-65534)> | |
Defines the real server TCP or UDP port assigned to this service. By default, this is the same as the virtual port (service virtual port). If rport is configured to be different than the virtual port defined in /cfg/slb/virt <number> /service <virtual port>, Alteon maps the virtual port to this real port. When configuring an SSL-based virtual service, how the rport value is set is usually dependent on whether encryption between Alteon and the back-end servers is enabled (meaning that there is back-end encryption). The back-end encryption setting is part of the associated SSL policy configuration using the bessl (back-end listening port) command (see a description of this command in /cfg/slb/ssl/sslpol SSL Policy Menu). The following describes how rport is set based on the bessl setting: ![]() ![]() Notes: • You can also configure SSL offloading for other protocols encrypted by SSL by using SSL as the application type. To select the virtual service application type, see /cfg/slb/virt <server number> /service <virtual port or application name> Virtual Server Service Configuration. • When using the SSL application type, HTTP-based capabilities such as setting HTTP redirection conversion, setting the SSL client information, or passing authentication policy information to the back-end servers are not available. Also, this capability is not supported for protocols that include special treatment of SSL, such as FTPS, SMPTS and POPS. If your network environment requires it, you can change the default back-end listening port. Notes: • If you have associated an SSL policy to a virtual service but have not yet configured the SSL policy, the default value of the listening port is set as the same value as the virtual service port. When you eventually set the back-end encryption using the bessl command, you receive a message similar to the following, based on how you configure the back-end listening port: Note: You may want to update rport in the following virtual services associating this SSL policy: virt 1 service 443 HTTPS virt 3 service 8080 HTTPS • If you set rport to 0 (meaning that no specific port is defined), Alteon determines the back-end listening port based on the SSL policy definition and dynamically sets the real port as appropriate. | |
namesrvr <nameserver group>|none | |
Specifies the nameserver group for the domain name. | |
hname <hostname>|none | |
Specifies the Host header to be used in the health check request. Maximum characters: 128 If this parameter is not specified, an HTTP 1.0 request is sent; otherwise an HTTP 1.1 request is sent. When the inherit option is selected the host definition is taken from the virtual service Hostname (hname) and the virtual server domain name (dname) values of the virtual service to which this server group is bound. When performing an HTTPS health check, if a hostname is available (either configured or inherited), it is inserted as SNI extension in the Client SSL Hello message. | |
cont <BWM Contract (0-1024), 0 for VIP default> | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. | |
pbind clientip|sslid|disable | |
Specifies the parameter that defines a persistent session. Values: ![]() Different services from the same client may not map to the same server. The real server connection timeout value (/cfg/slb/real/tmout) controls how long these inactive but persistent connections remain associated with their real servers. When the client resumes activity after their connection has been aged out, they are connected to the most appropriate real server based on the load balancing metric. An alternative approach may be to use the /cfg/slb/group/content/metric command to set the minmisses or hash real server group metrics. With clientip enabled, Alteon maps HTTP and HTTPS traffic from the same client to the same server regardless of the load balancing metric used because the services are related. For more information, see Server Load Balancing Metrics. ![]() Available only for HTTPS and SSL services without SSL offload. Alteon does not support the sslid option when you set the virtual service /cfg/slb/virt/service/dbind command to forceproxy. ![]() Default: disable | |
thash sip|sip+sport | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. | |
report service|real | |
Sets the service reporting level. Alteon devices can send Device Performance Monitoring (DPM) data to Cyber Controller (or APSolute Vision 4.x). Cyber Controller processes the data and can display the information in the Device Performance Monitoring Web interface. Values: ![]() ![]() Default: service | |
tmout <even number of minutes (0-32768)> | |
Specifies the length of time, in minutes, that an inactive session remains in the session table. Every client-to-server session being load balanced is recorded in the session table. When the client ends the session, the session table entry is removed. In certain circumstances, such as when a client application is abnormally terminated by the client’s system, TCP and UDP connections remain registered in the session table. In order to prevent table overflow, these orphaned entries must be aged out of the session table. Values: ![]() ![]() Default: 0 | |
ptmout | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. | |
satisrt <inherit, [1-999999]> | |
Sets the application satisfied response time threshold. You can configure the application satisfied response time threshold globally at /cfg/slb/adv/satistr (default is 500 ms) or locally per service at /cfg/slb/virt/service/satisrt (default is inherit the global setting). Based on this threshold, Alteon calculates the frustrated threshold as 4 times the satisfied latency threshold. When a transaction response is above the frustrated threshold, its event log will be marked as exception. | |
dbind disable|forceproxy | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. When the action option is set to redirect, the dbind option is automatically set to forceproxy. Note: The enable option is supported for backward compatibility only. The enable option still displays after upgrade for existing services and filters configured with it, but the option is not available for new virtual services or filters. Radware recommends moving such virtual services and filters to forceproxy mode. | |
clsrst disable|enable | |
Specifies how Alteon closes client-side and server-side sessions. Values: ![]() ![]() Default: disable Note: To enable session reset on connection close, full proxy mode (forceproxy) must be enabled. | |
nonhttp enable|disable | |
Specifies whether to enable or disable processing of non-HTTP connections. Values: ![]() ![]() Default: disable | |
nonat disable|enable | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. | |
apm enable|disable | |
Note: APM is no longer supported. Keep APM disabled to eliminate any undesired performance impact. Enables or disables application performance monitoring (APM) on this service traffic. Relevant only for HTTP and HTTPS services (SSL offload must be performed by Alteon for HTTPS). Alteon gathers HTTP application performance data and sends it to the APM server. The APM server gathers all information, analyzes and displays application performance and SLA data. The APM server is situated on the Cyber Controller (or APSolute Vision 4.x) server. An APM license must be installed on Alteon, and the APM server must be configured before attempting to activate it as a service. When APM is activated on a service, Alteon attempts to configure the new monitored application on the APM server. If this attempt fails, the event is reported and the APM is disabled on the service. Default: disabled Notes: ![]() ![]() | |
direct disable|enable | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. | |
mirror disable|enable | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. | |
winsize0 disable|enable | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. | |
ckrebind disable|enable | |
When this parameter is enabled, Alteon searches for the persistent cookie session in each request by lookup on the persistent SP. If the persistent cookie session is found, it selects the server that the cookie value points to. If it is not found, the server is selected based on the metric and the cookie value is inserted or updated on response. When this parameter is disabled, Alteon searches for the persistent cookie session in each request by lookup on the designated SP only. If the persistent cookie session is found, it selects the server that the cookie value points to. If it is not found in the first HTTP request, the server is selected based on the metric and the cookie value is inserted or updated on response. If not found in the subsequent HTTP requests, the server used for the first HTTP request is selected. Default: disable | |
sesslog disable|enable | |
Specifies whether to enable or disable session logging. Session logs are sent to the syslog servers via the data port when the sessions are deleted or aged out. The Alteon switch processor sends the buffered session logging data to the syslog server at regular intervals (every 30 seconds) if the buffer is not completely filled. There will be no session syslog if no sessions have aged out during this duration of 30 seconds. Note: Syslog servers configured on Alteon must be accessible via the data ports. Default: disable | |
del | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. | |
cur | |
See the description of this command at /cfg/slb/virt <server id>/service/basic-slb Virtual Server Basic SLB Service Configuration Menu. |