[Redirection Advance Menu] fwlb - Enable/disable firewall redirect hash method linklb - Enable/disable WAN link load balancing vpnflood - Enable/disable two way VPN load balancing dbind - Enable/disable delayed binding for redirection pbind - Enable/disable persistent binding for redirection rtproxy - Enable/disable redirect to proxy server fallback – Set fallback action (group down) fbgoto - Set filter ID for Goto fallback action fbport - Set ingress port for ContinueFlow fallback action fbvlan - Set ingress VLAN ID for ContinueFlow fallback action cur - Display current redirection configuration |
Command Syntax and Usage | |
---|---|
fwlb | |
Enables or disables the firewall redirect hash method. For more information on firewall load balancing, see the Alteon Command Line Interface Application Guide. Note: Firewall load balancing requires the “by number” mode of operation to be enabled at /cfg/sys/idbynum. | |
linklb | |
Enables or disables WAN link load balancing. For more information on configuring inbound link load balancing, see /cfg/slb/linklb Inbound Link Load Balancing Configuration Menu. | |
vpnflood | |
Enables or disables two-way Virtual Private Network (VPN) load balancing. For more information on VPN load balancing, see the Alteon Command Line Interface Application Guide. | |
dbind <disable|forceproxy> | |
Enables or disables full proxy mode for TCP services. Delayed binding prevents SYN denial-of-service (DoS) attacks on the server. DoS occurs when the server or Alteon cannot service the client because they are saturated with invalid traffic. Using delayed binding, Alteon intercepts the client SYN request before it reaches the server. Alteon responds to the client with a SYN ACK that contains embedded client information. Alteon does not allocate a session until a valid SYN ACK is received from the client or the three-way handshake is complete. The Application Service Engine is a full TCP proxy which performs delayed binding of connections, during which it can optimize TCP behavior, intercept client requests and server responses to modify them, and so on. In some cases, the proxy behavior itself may be required even without the use of any other application service. For this purpose, you can set delayed binding to force proxy mode. In this mode, the Application Service Engine performs TCP optimizations without SYN attack protection, functions as a full TCP proxy, performs persistence for HTTP cookies to reorder TCP packets which do not arrive in the correct order, and so on. For example, when no Layer 7 application services (such as SSL offloading, caching, compression, or HTTP modifications) are in use, and when no Layer 7 requests are coming from the client, force proxy mode forces Alteon to perform a back-end TCP handshake. If the server does not respond within a configured period, Alteon moves to the next server. When the destination port is set to RTSP (554) at /cfg/slb/filt/dport, the filter automatically works in delayed binding (dbind) mode even if the dbind option is disabled for filter redirection. Values: ![]() ![]() Default: disable Note: The Application Service Engine can work in both Alteon delayed binding modes. In enabled delayed binding mode, the Application Service Engine only provides SYN attack protection. In force proxy mode, it only provides TCP optimizations. | |
pbind <enabled|disabled> | |
Specifies whether to enable WAN link persistence per client IP. All connections from the same client IP to the same destination IP and server port/destination port are redirected to the same server. Persistency per client is maintained across all filters that select the same group, and not per filter. If a server port (rport) is configured on matched filter, client persistency is preserved to the same destination IP and server port combination, otherwise it is preserved to the destination IP and destination port. Standard HTTP and HTTPS connections from the same client IP to the same destination IP are redirected to the same server, even though destination ports are different. Note: To prevent the possiblity of creating two P-entries pointing to different servers, disable persistent binding (pbind). In addition, use phash metric in the relevant group. (For more information about metric commands, see Server Load Balancing Metrics.) For example: /cfg/slb/group 2 metric phash 255.255.255.255 rmetric hash Default: disabled | |
rtproxy <disable|enable> | |
Specifies how to redirect traffic to a proxy server. Values: ![]() ![]() Default: disable | |
fallback <d|a|g> | |
Specifies the behavior when the server group attached to this filter is unavailable. Values: ![]() ![]() ![]() ![]() Default (for new filters): deny | |
fbgoto <0|3-2048> | |
Specifies the target filter ID for the goto action. Values: 0, 3 – 2048 | |
fbport (1-2|none) | |
Specifies the physical port through which traffic from the server group attached to this filter was expected to ingress Alteon (client traffic). This allows Alteon to bypass this group when down, and continue the flow. For groups where each server has different ingress ports, select one of them to specify. When the ingress port is part of an LACP trunk group, Alteon load balances between the ports in the trunk even though only a single port is defined here. | |
fbvlan | |
Specifies the ingress VLAN ID for a “continue in the flow” fallback action. ![]() ![]() | |
cur | |
Displays all current redirection settings. |