The device monitors the responses of HTTP requests with URLs specified in the check-url command. If the response time for an HTTP request exceeds the specified timeout time or the status code in the HTTP response is the same as the specified response status code, a URL error is recorded. If the number of URL errors exceeds the upper limit of URL error times, the real server is automatically shut down.

Examples

# Set the upper limit of URL error times to 20 for HTTP passive LB probe template tplt.

<Sysname> system-view

[Sysname] loadbalance probe-template http-passive tplt

[Sysname-lbpt-http-passive-tplt] abnormal-url threshold 20

Related commands

check-url

status-code

timeout

activate

Use activate to set the criteria to determine whether a server farm is available.

Use undo activate to restore the default.

Syntax

activate lower lower-percentage upper upper-percentage

undo activate

Default

A server farm is available when a minimum of one real server is available.

Views

Server farm view

Predefined user roles

network-admin

Parameters

lower lower-percentage: Specifies the lower percentage value in the range of 1 to 99. When the percentage of available real servers in the primary server farm is lower than the lower percentage value, the primary server farm becomes unavailable. Then the backup server farm takes over.

upper upper-percentage: Specifies the upper percentage value in the range of 1 to 99. The upper percentage value must be higher than or equal to the lower percentage value. When the percentage of available real servers in the primary server farm is higher than the upper percentage value, the primary server farm becomes available again to process services.

Usage guidelines

If no backup server farm is configured on the virtual server, this configuration does not take effect.

Examples

# Set the lower percentage value to 20 and upper percentage value to 80 for the server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] activate lower 20 upper 80

Related commands

default server-farm

all-service-down action forward

Use all-service-down action forward to enable the device to forward packets to the last selected server farm member when all server farm members are unavailable.

Use undo all-service-down action forward to restore the default.

Syntax

all-service-down action forward

undo all-service-down action forward

Default

The device drops packets when all server farm members are unavailable.

Views

Server farm view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

With this feature disabled, the device drops packets when all server farm members are unavailable. With this feature enabled, the device forwards packets to the last selected server farm member when all server farm members are unavailable.

Restrictions and guidelines

This command takes effect only when the server farm is referenced by a TCP virtual server operating in Layer 7.

Examples

# Enable the device to forward packets to the last selected server farm member when all server farm members are unavailable.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] all-service-down action forward

application-mode enable

Use application-mode enable to configure a TCP virtual server to operate at Layer 7.

Use undo application-mode enable to restore the default.

Syntax

application-mode enable

undo application-mode enable

Default

A TCP virtual server operates at Layer 4.

Views

TCP virtual server view

Predefined user roles

network-admin

Usage guidelines

For a TCP virtual server to operate at Layer 7, you must specify a non-zero port number for the virtual server.

Examples

# Configure TCP virtual server vs to operate at Layer 7.

<Sysname> system-view

[Sysname] virtual-server vs type tcp

[Sysname-vs-tcp-vs] application-mode enable

argument

Use argument to configure user-defined information for a custom-monitoring LB probe template.

Use undo argument to restore the default.

Syntax

argument text

undo argument

Default

No user-defined information is configured for a custom-monitoring LB probe template.

Views

Custom-monitoring LB probe template view

Predefined user roles

network-admin

Parameters

text: Specifies an information text, a case-sensitive string of 1 to 255 characters. The string can contain spaces and cannot contain quotation marks (").

Usage guidelines

When executing the script file used for custom monitoring, the device transfers the information text to the script file as a parameter.

You can configure multiple arguments separated by spaces as the user-defined information.

Examples

# In custom-monitoring LB probe template test_external, configure user-defined information as abc 123 456.

<Sysname> system-view

[Sysname] loadbalance probe-template external-monitor test_external

[Sysname-lbpt-external-monitor-test_external] argument abc 123 456

arp-nd interface (SNAT address pool view)

Use arp-nd interface to specify an interface for sending gratuitous ARP packets and ND packets.

Use undo arp-nd interface to disable an interface from sending gratuitous ARP packets and ND packets.

Syntax

arp-nd interface interface-type interface-number

undo arp-nd interface interface-type interface-number

Default

No interface is specified for sending gratuitous ARP packets and ND packets. No interface can send gratuitous ARP packets or ND packets.

Views

SNAT address pool view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

You can execute this command multiple times to specify multiple interfaces for one SNAT address pool.

If an IP address in a SNAT address pool is in the same network segment as the IP address of an interface connected to a server, you must perform the following tasks:

· Set the IPv4 subnet mask length to 32 or IPv6 prefix length to 128 for the virtual server IP address.

· Execute this command.

· Enable IP address advertisement for the virtual server.

Examples

# For SNAT address pool lbsp, specify GigabitEthernet 1/0/1 as the interface for sending gratuitous ARP packets and ND packets.

<Sysname> system-view

[Sysname] loadbalance snat-pool lbsp

[Sysname-lbsnat-pool-lbsp] arp-nd interface gigabitethernet 1/0/1

arp-nd interface (virtual server view)

Use arp-nd interface to specify an interface for sending gratuitous ARP packets and ND packets.

Use undo arp-nd interface to disable an interface from sending gratuitous ARP packets and ND packets.

Syntax

arp-nd interface interface-type interface-number

undo arp-nd interface interface-type interface-number

Default

No interface is specified for sending gratuitous ARP packets and ND packets. No interface can send gratuitous ARP packets or ND packets.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

You can execute this command multiple times to specify multiple interfaces for one virtual server.

If the virtual server IP address is in the same network segment as the IP address of an interface connected to a client, you must perform the following tasks:

· Set the IPv4 subnet mask length to 32 or IPv6 prefix length to 128 for the virtual server IP address.

· Execute this command.

· Enable IP address advertisement for the virtual server.

If the virtual server IP address and interface IP address are in different network segments, you do not need to execute this command.

Examples

# For virtual server vs3, specify GigabitEthernet 1/0/1 as the interface for sending gratuitous ARP packets and ND packets.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] arp-nd interface gigabitethernet 1/0/1

auto-shutdown recovery-time

Use auto-shutdown recovery-time to set the automatic recovery time for intelligent monitoring.

Use undo auto-shutdown recovery-time to restore the default.

Syntax

auto-shutdown recovery-time recovery-time

undo auto-shutdown recovery-time

Default

The automatic recovery time is 0 minutes.

Views

Server farm view

Predefined user roles

network-admin

Parameters

recovery-time: Specifies the automatic recovery time in the range of 0 to 15300 minutes. The value of 0 means that a server farm member placed in Auto shutdown state does not automatically recover.

Usage guidelines

Application scenarios

Use this command to enable automatic recovery for a real server that is shut down by intelligent monitoring.

Operating mechanism

If health monitoring is not configured, a recovered real server is set to Unknown state.

If health monitoring is configured and succeeds, a recovered real server is set to Active state. If health monitoring fails, a recovered real server is set to Probe-failed state.

Examples

# Set the automatic recovery time to 5 minutes for server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] auto-shutdown recovery-time 5

busy-action

Use busy-action to configure the action to take when a server farm is busy.

Use undo busy-action to restore the default.

Syntax

busy-action { drop | enqueue length length timeout timeout-value | force }

undo busy-action

Default

The default action is drop.

Views

Server farm view

Predefined user roles

network-admin

Parameters

drop: Stops assigning client requests to the server farm.

enqueue: Assigns new client requests to a wait queue.

length length: Specifies the maximum number of client requests allowed in the wait queue, in the range of 1 to 100000. When the queue is full, new client requests are dropped.

timeout timeout-value: Specifies the aging time for the wait queue, in the range of 1 to 60 seconds.

force: Forcibly assigns client requests to all real servers in the server farm.

Usage guidelines

For the drop action, if the LB policy for the server farm contains the action of matching the next rule, the device compares client requests with the next rule. Otherwise, the device drops the client requests.

Examples

# Configure the action to take when a server farm is busy as force.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] busy-action force

capability-exchange timeout

Use capability-exchange timeout to set the timeout timer for Diameter capability exchange.

Use undo capability-exchange timeout to restore the default.

Syntax

capability-exchange timeout timeout-value

undo capability-exchange timeout

Default

The timeout timer for Diameter capability exchange is 10 seconds.

Views

Diameter session parameter profile view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the timeout timer for Diameter capability exchange, in the range of 1 to 4294967295 seconds. The default setting is 10 seconds.

Usage guidelines

After the device establishes a TCP connection with a client or server, they exchange information through Capabilities-Exchange-Request (CER) and Capabilities-Exchange-Answer (CEA) messages. If no CER or CEA messages are exchanged between the device and the peer within the specified timeout timer, the device considers the TCP connection invalid and disconnects it. This feature avoids continuous occupation of system resources by invalid connections.

Examples

# Set the timeout timer for Diameter capability exchange to 15 seconds for Diameter session parameter profile dia.

<Sysname> system-view

[Sysname] parameter-profile dia type diameter-session

[Sysname-para-diameter-session-dia] capability-exchange timeout 15

Related commands

parameter-profile

case-insensitive

Use case-insensitive to disable case sensitivity for matching character strings.

Use undo case-insensitive to restore the default.

Syntax

case-insensitive

undo case-insensitive

Default

Case sensitivity is enabled for matching character strings.

Views

HTTP parameter profile view

Predefined user roles

network-admin

Usage guidelines

This command affects the following content:

· HTTP header value, HTTP cookie name and value, and URL for matching classes.

· Header value, URL, and key value used for generating sticky entries for the HTTP header sticky method.

· Cookie name and value and key value used for generating sticky entries for the cookie get sticky method.

Examples

# Disable case sensitivity for the HTTP-type parameter profile pp1.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] case-insensitive

check all-packet

Use check all-packet to enable checking for all packets.

Use undo check all-packet to restore the default.

Syntax

check all-packet

undo check all-packet

Default

Checking for all packets is disabled.

Views

HTTP cookie sticky group view

HTTP passive sticky group view

Predefined user roles

network-admin

Usage guidelines

If the sticky method is cookie get, use this command to get cookies from all HTTP response packets. If this command is not executed, the device gets only the Set-Cookie from the first response packet of a connection.

If the sticky method is cookie rewrite, use this command to rewrite cookies in all HTTP response packets. If this command is not executed, the device rewrites only the Set-Cookie in the first response packet of a connection.

If the sticky method is cookie insert, use this command to insert cookies to all HTTP response packets. If this command is not executed, the device inserts only the Set-Cookie to the first response packet of a connection.

If the sticky method is HTTP passive, use this command to generate sticky entries from all HTTP response packets. If this command is not executed, the device generates sticky entries only from the first response packet of a connection.

Examples

# Enable checking for all packets in the HTTP cookie sticky group sg3.

<Sysname> system-view

[Sysname] sticky-group sg3 type http-cookie

[Sysname-sticky-http-cookie-sg3] check all-packet

check-url

Use check-url to configure a URL regular expression to match URLs for an HTTP passive LB probe template.

Use undo check-url to remove the URL regular expression configuration.

Syntax

check-url url

undo check-url url

Default

No URL regular expression is configured.

Views

HTTP passive LB probe template view

Predefined user roles

network-admin

Parameters

url: Specifies a URL regular expression, a case-insensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Usage guidelines

Operating mechanism

If an HTTP request carries one of the specified URLs, the device examines whether a URL error occurs in the HTTP response.

Restrictions and guidelines

You can configure a maximum of 10 URL regular expressions for one HTTP passive LB probe template.

Examples

# Configure www.example.com as a matching URL for HTTP passive LB probe template tplt.

<Sysname> system-view

[Sysname] loadbalance probe-template http-passive tplt

[Sysname-lbpt-http-passive-tplt] check-url www.example.com

class

Use class to specify an LB action for the specified LB class.

Use undo class to delete an LB class.

Syntax

class class-name [ insert-before before-class-name | insert-after [ after-class-name ] ] action action-name

undo class class-name

Default

No LB action is specified for the LB class.

Views

LB policy view

Predefined user roles

network-admin

Parameters

class-name: Specifies an LB class by its name, a case-insensitive string of 1 to 255 characters.

insert-before: Inserts the target class before an LB class (which must already be referenced by the current LB policy).

before-class-name: Specifies an LB class by its name, a case-insensitive string of 1 to 255 characters.

insert-after: Inserts the target class after an LB class (which must already be referenced by the current LB policy).

after-class-name: Specifies an LB class by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this argument, the command inserts the target LB class after all LB classes.

action-name: Specifies an LB action by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Operating mechanism

This command sets an LB action for packets matching the specified LB class.

If you do not specify the insert-before and insert-after keywords, the command inserts the target LB class after all LB classes.

You can specify an LB action for different LB classes.

You can specify multiple LB classes for an LB policy. Packets match the classes in the order the classes are configured. If a class is matched, the specified action is taken and packets stop matching the subsequent classes. As a best practice for finer matching when a class rule is included in the rule of another class, configure the class with more detailed rule first. If no class is matched, the default action is taken.

Restrictions and guidelines

A DNS LB policy can reference DNS LB actions only; a generic LB policy can reference generic LB classes and generic LB actions only. This rule does not apply to HTTP LB policies.

Examples

# In server load balancing, specify the LB action lba1 for the LB class lbc1 in the generic LB policy lbp1, and insert lbc1 before the LB class lbc0.

<Sysname> system-view

[Sysname] loadbalance policy lbp1 type generic

[Sysname-lbp-generic-lbp1] class lbc1 insert-before lbc0 action lba1

# In outbound link load balancing, specify the LB action lba2 for the LB class lbc2 in the link-generic LB policy lbp2, and insert lbc1 before the LB class lbc0.

<Sysname> system-view

[Sysname] loadbalance policy lbp2 type link-generic

[Sysname-lbp-link-generic-lbp2] class lbc2 insert-before lbc0 action lba2

# In transparent DNS proxy, specify the LB action lba3 for the LB class lbc3 in the DNS LB policy lbp3, and insert lbc1 before the LB class lbc0.

<Sysname> system-view

[Sysname] loadbalance policy lbp3 type dns

[Sysname-lbp-dns-lbp3] class lbc3 insert-before lbc0 action lba3

compression level

Use compression level to set the compression level for response packets.

Use undo compression level to restore the default.

Syntax

compression level level

undo compression level

Default

The compression level for response packets is 1.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

Parameters

level: Specifies the compression level in the range of 1 to 9. A larger value indicates a lower compression speed and a higher compression ratio.

Examples

# Create the HTTP-compression parameter profile pa1, and set the compression level to 6.

<Sysname> system-view

[Sysname] parameter-profile pa1 type http-compress

[Sysname-para-http-compress-pa1] compression level 6

concurrent-streams-per-connection

Use concurrent-streams-per-connection to configure the maximum number of concurrent requests supported by a TCP connection.

Use undo concurrent-streams-per-connection to restore the default.

Syntax

concurrent-streams-per-connection connection-number

Default

A TCP connection supports a maximum of 10 concurrent requests.

Views

HTTP2.0 parameter profile view

Predefined user roles

network-admin

Parameters

connection-number: Specifies the maximum number of concurrent requests supported by a TCP connection. The value range for this argument is 1 to 256.

Usage guidelines

Operating mechanism

The HTTP2.0 protocol supports concurrent processing and responding of multiple HTTP2.0 requests over a single TCP connection. You can execute this command to configure the maximum number of concurrent requests supported by a TCP connection. When the number of requests reaches the limit, the device will terminate the HTTP2.0 TCP connection. Configure an appropriate value for the maximum number of concurrent requests supported by a TCP connection based on the actual network conditions. A large value might cause the generation of a large number of HTTP2.0 packet header entries on the client or server, occupying a lot of memory and reducing the concurrent processing capability. A small value might cause multiple TCP connection establishments during packet transmission, reducing packet transmission efficiency.

Restrictions and guidelines

This command takes effect only on HTTP 2.0 request packets.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Create HTTP2.0 parameter profile p1, and set the maximum number of concurrent requests supported by a TCP connection to 128.

<Sysname> system-view

[Sysname] parameter-profile p1 type http2

[Sysname-para-http2-p1] concurrent-streams-per-connection 128

Related commands

header-table size

connection close

Use connection close to configure the device to proactively close TCP connections to real servers.

Use undo connection close to restore the default.

Syntax

connection close { fin | rst }

undo connection close

Default

The device does not proactively close the TCP connection to a real server.

Views

HTTP2.0 parameter profile view

Predefined user roles

network-admin

vsys-admin

Parameters

fin: Closes connections by sending FIN packets.

rst: Closes connections by sending RST packets.

Usage guidelines

Application scenarios

When the device receives multiple concurrent HTTP2.0 requests from a client, the device needs to establish separate TCP connections to multiple real servers to forward the requests, because both the device and servers support only the HTTP1.1 protocol. After processing and responding to the requests, a real server does not close the TCP connections to the device until the client receives responses to all requests. If the client accesses the server again, it continues to use the same connection. In this scenario, a large number of servers might be occupied for a time period, delaying the processing of other clients' requests.

To resolve this issue, you can execute this command to configure the real servers to disconnect from the device in the specified manner after processing a request.

Restrictions and guidelines

This command takes effect only when a client sends an HTTP2.0 request, but the device and real servers support only HTTP1.1.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Create HTTP2.0 parameter profile p1, and configure the device to close TCP connections to real servers by sending FIN packets.

<Sysname> system-view

[Sysname] parameter-profile p1 type http2

[Sysname-para-http2-p1] connection close fin

connection idle-timeout

Use connection idle-timeout to configure the idle timeout timer for TCP connections.

Use undo connection idle-timeout to restore the default.

Syntax

connection idle-timeout timeout-value

undo connection idle-timeout

Default

The idle timeout timer for TCP connections is 300 seconds.

Views

HTTP2.0 parameter profile view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the idle timeout timer for TCP connections, in the range of 0 to 4294967295 seconds.

Usage guidelines

Operating mechanism

You can execute this command to configure the idle timeout period for TCP connections between the device and clients/servers. If no application data is transmitted over a TCP connection within the idle timeout period, the device will close the TCP connection.

Restrictions and guidelines

This command takes effect only on HTTP 2.0 request packets.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Create HTTP2.0 parameter profile p1, and set the idle timeout timer for TCP connections to 60 seconds.

<Sysname> system-view

[Sysname] parameter-profile p1 type http2

[Sysname-para-http2-p1] connection idle-timeout 60

connection-limit max (real server view)

Use connection-limit max to set the maximum number of connections of a real server.

Use undo connection-limit max to restore the default.

Syntax

connection-limit max max-number

undo connection-limit max

Default

The maximum number of connections of a real server is 0, which means the number is not limited.

Views

Real server view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of connections, in the range of 0 to 4294967295. If the value of this argument takes 0, the number is not limited.

Usage guidelines

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum number of connections of the real server rs to 10000.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] connection-limit max 10000

connection-limit max (server farm member view)

Use connection-limit max to set the maximum number of connections of a server farm member.

Use undo connection-limit max to restore the default.

Syntax

connection-limit max max-number

undo connection-limit max

Default

The maximum number of connections of a link is 0, which means the number is not limited.

Views

Server farm member view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of connections, in the range of 0 to 4294967295. If the value of this argument takes 0, the number is not limited.

Examples

# Set the maximum number of connections of the server farm member rs1 to 10000.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname -sfarm-sf-#member#-rs1-port-80] connection-limit max 10000

connection-limit max (virtual server view)

Use connection-limit max to set the maximum number of connections of a virtual server.

Use undo connection-limit max to restore the default.

Syntax

connection-limit max max-number

undo connection-limit max

Default

The maximum number of connections of a virtual server is 0, which means the number is not limited.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of connections, in the range of 0 to 4294967295. If the value of this argument takes 0, the number is not limited.

Usage guidelines

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum number of connections for the IP-type virtual server vs3 to 10000.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] connection-limit max 10000

# In outbound link load balancing, set the maximum number of connections for the link IP-type virtual server vs2 to 10000.

<Sysname> system-view

[Sysname] virtual-server vs2 type link-ip

[Sysname-vs-link-ip-vs2] connection-limit max 10000

content (HTTP content sticky group view)

Use content to configure the HTTP entity sticky method.

Use undo content to delete the HTTP entity sticky method.

Syntax

content [ offset offset ] [ start start-string ] [ end end-string | length length ]

undo content

Default

No sticky methods exist.

Views

HTTP entity sticky group view

Predefined user roles

network-admin

Parameters

offset offset: Specifies the offset value of the entity based on the start of the HTTP packet, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the entity, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the entity, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the entity, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

Operating mechanism

Use this command to obtain the HTTP entity information used to generate sticky entries based on the offset, start-string, end-string, and length values. The start-string and end-string values are not included in the sticky entry information.

The HTTP entity sticky method applies only to contents within the entity. The HTTP entity sticky method does not apply to chunk and multipart entity content.

Restrictions and guidelines

The HTTP entity sticky method is not supported by the virtual servers of the fast HTTP type.

Examples

# Configure the HTTP entity sticky method for the HTTP entity sticky group sg2: Starting from the 30th byte of start of the HTTP packet, use the 20-byte HTTP entity with abc as the start string to generate sticky entries.

<Sysname> system-view

[Sysname] sticky-group sg2 type http-content

[Sysname-sticky-http-content-sg2] content offset 30 start abc length 20

content (HTTP passive sticky group view)

Use content to configure the HTTP passive entity sticky method.

Use undo content to delete the HTTP passive entity sticky method.

Syntax

content { get | match } id start start-string { end end-string | length length }

undo content { get | match } id

Default

No sticky methods exist.

Views

HTTP passive sticky group view

Predefined user roles

network-admin

Parameters

get: Obtains the specified string in the HTTP response entity, which is used to generate a sticky entry.

match: Obtains the specified string in the HTTP request entity, which is used to match a sticky entry.

id: Specifies the string ID in the range of 1 to 4.

start start-string: Specifies the regular expression that marks the start of the entity, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

length length: Specifies the length of the entity, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

The start-string and end-string values are not included in the sticky entry information.

Both the content get and content match commands are required for an HTTP passive sticky method.

The device obtains the content information of an incoming HTTP request based on the content match command and obtains the content information of an incoming HTTP response based on the content get command. If the content information of the HTTP request matches the content information of the HTTP response, the device generates a sticky entry based on the content information of the HTTP response. Subsequent HTTP requests that match the sticky entry are forwarded according to the sticky entry.

The following rules apply to use of the content match and content get commands:

· You can execute a maximum of four content get commands and four content match commands for one HTTP passive sticky method.

· A number of n strings that are obtained based on n content get commands generates 2n-1 strings in ascending order of string IDs. If the string obtained based on the content match command matches any one of these generated strings, the match is successful.

· A number of n strings that are obtained based on n content match commands combine as one string in ascending order of string IDs.

For example, three content get commands are executed with string IDs 1, 2, and 3. The device obtains three strings a, b, and c in the HTTP response header, generates seven strings a, b, c, ab, ac, bc, and abc, and generates seven sticky entries. Then, three content match commands are executed with string IDs 2, 3, and 4. The device obtains three strings a, b, and c in the HTTP request header and generates one string abc. If the string matches one of the seven strings, the device generates a sticky entry based on the string abc. Subsequent HTTP requests that match the sticky entry are forwarded according to the sticky entry.

Examples

# Configure the HTTP passive sticky method for the HTTP passive sticky group sg2: Obtain the 20-byte HTTP entity string starting with abc in the HTTP response. If the string matches the 20-byte HTTP entity string starting with xxx in the HTTP request, the device generates a sticky entry based on the string obtained from the HTTP response.

<Sysname> system-view

[Sysname] sticky-group sg2 type http-passive

[Sysname-sticky-http-passive-sg2] content get 1 start abc length 20

[Sysname-sticky-http-passive-sg2] content match 1 start xxx length 20

Related commands

display sticky-group

header (HTTP passive sticky group view)

content length-threshold

Use content length-threshold to set the minimum length of HTTP response content for compression.

Use undo content length-threshold to restore the default.

Syntax

content length-threshold length

undo content length-threshold

Default

The minimum length of HTTP response content for compression is 1024 bytes.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

Parameters

length: Specifies the minimum length of HTTP response content for compression, in the range of 0 to 4294967295 bytes.

Usage guidelines

If an HTTP response packet contains the Content-Length header, the packet content is compressed only when its length reaches the minimum length of HTTP response content for compression. If the HTTP response packet does not contain the Content-Length header, the configuration does not take effect. The packet content is compressed regardless of its length.

Examples

# Create the HTTP-compression parameter profile http1, and set the minimum length of HTTP response content for compression to 2000 bytes.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] content length-threshold 2000

content maxparse-length

Use content maxparse-length to set the maximum length of HTTP entities that can be parsed.

Use undo content maxparse-length to restore the default.

Syntax

content maxparse-length length

undo content maxparse-length

Default

The maximum length of HTTP entities that can be parsed is 4096.

Views

HTTP parameter profile view

Predefined user roles

network-admin

Parameters

length: Specifies the maximum length of HTTP entities that can be parsed, in the range of 1 to 65535 bytes.

Usage guidelines

This command is not supported by the virtual servers of the fast HTTP type.

Examples

# Set the maximum length of HTTP entities that can be parsed to 8192 for the HTTP parameter profile pp1.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] content maxparse-length 8192

content request-max-length

Use content request-max-length to set the maximum size of the HTTP content.

Use undo content request-max-length to restore the default.

Syntax

content request-max-length length

undo content request-max-length

Default

The size of the HTTP content is not limited.

Views

HTTP parameter profile view

Predefined user roles

network-admin

Parameters

length: Specifies the maximum size of the HTTP content, in the range of 1 to 4294967295 bytes.

Usage guidelines

If the size of the HTTP content in an HTTP request exceeds the specified maximum size, the device discards the HTTP request.

Examples

# Set the maximum size of the HTTP content to 1000 for the HTTP parameter profile h1.

<Sysname> system-view

[Sysname] parameter h1 type http

[Sysname-para-http-h1] content request-max-length 1000

content rewrite

Use content rewrite to rewrite the content of HTTP responses.

Use undo content rewrite to restore the default.

Syntax

content rewrite value value replace replace-string

undo content rewrite

Default

The content of HTTP responses is not rewritten.

Views

HTTP LB action view

Predefined user roles

network-admin

Parameters

value value: Specifies the HTTP packet content to be rewritten, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

replace replace-string: Specifies the content after rewrite, a case-sensitive string of 1 to 127 characters.

Usage guidelines

This command applies only to the HTTP response packets in the format of text/*.

The rewrite operation is not performed in either of the following situations:

· A regular expression is used to match the content before rewrite, and the content before rewrite exceeds 4096 bytes in size.

· The content after rewrite exceeds 4096 bytes in size.

If you specify the replace-string argument as %[1-9], the matching packet content value will be replaced by the content in the corresponding pair of brackets. For example, if you execute the content rewrite value (Wel)(co)(me) replace %2 command, the content Welcome will be replaced by the content co in the second pair of brackets.

If you execute the content rewrite command multiple times, the most recent configuration takes effect.

Examples

# Create the HTTP LB action named replace, and replace the content 2000::1 in HTTP response packets with 2.3.4.5.

<Sysname> system-view

[Sysname] loadbalance action replace type http

[Sysname-lba-http-replace] content rewrite value 2000::1 replace 2.3.4.5

cookie (protection rule view)

Use cookie to configure a cookie-based protection threshold.

Use undo cookie to restore the default.

Syntax

cookie cookie-name request-threshold threshold

undo cookie

Default

No cookie-based protection threshold is configured.

Views

Protection rule view

Predefined user roles

network-admin

Parameters

cookie-name: Specifies an HTTP cookie by its name, a case-sensitive string of 1 to 63 characters. The cookie name cannot contain brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). Additionally, the cookie name cannot contain ASCII codes that are less than or equal to 31 and greater than or equal to 127.

request-threshold threshold: Specifies a request threshold in the range of 1 to 4294967295.

Usage guidelines

If the number of times that a user accesses a protected URL exceeds the request threshold during the protection period, the protection action is taken. The device determines whether requests belong to the same user based on the following elements:

· Cookie—Requests with the same cookie value for the cookie specified in this command belong to the same user.

· Source IP address—Requests with the same source IP address belong to the same user.

If you configure both a cookie-based request threshold and a source-IP-based request threshold, the protection action is taken when either threshold is exceeded.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In protection rule 5, configure the cookie name as jsessionid and the request threshold as 2.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] rule 5

[Sysname-lbpp-http-p1-rule-5] cookie jsessionid request-threshold 2

Related commands

protected-url

protection-action

protection-period

source-ip

cookie (sticky group view)

Use cookie to configure the HTTP cookie sticky method.

Use undo cookie to restore the default.

Syntax

cookie { get name cookie-name [ offset offset ] [ start start-string] [ end end-string | length length ] | { insert [ name cookie-name ] [ domain domain-name ] [ path path ] [ httponly ] [ secure ] | rewrite [ name cookie-name ] [ httponly ] [ secure ] }

undo cookie { get | insert | rewrite }

Default

No HTTP cookie sticky methods exist.

Views

HTTP cookie sticky group view

Predefined user roles

network-admin

Parameters

get: Specifies the cookie get sticky method that gets the Set-Cookie field in the HTTP response packets sent by the server.

cookie-name: Specifies an HTTP cookie by its name, a case-sensitive string of 1 to 63 characters.

offset offset: Specifies the offset value based on the start of the cookie value, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the cookie, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the cookie, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the cookie, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

insert: Specifies the cookie insert sticky method that inserts the Set-Cookie field to the HTTP response packets sent by the server.

rewrite: Specifies the cookie rewrite sticky method that rewrites the Set-Cookie field in the HTTP response packets sent by the server.

name cookie-name: Specifies an HTTP cookie by its name, a case-sensitive string of 1 to 63 characters. The default name is X-LB.

domain domain-name: Specifies a domain name indicating the hosts to which the cookie will be sent, a case-sensitive string of 1 to 255 characters. If you do not specify this option, the cookie will be sent to only the host where it is created.

path path: Specifies a path indicating the paths to which the cookie will be sent, a case-sensitive string of 1 to 255 characters. If you do not specify this option, the cookie will be sent to every path (the root directory / applies).

httponly: Specifies that the cookie cannot be accessed by scripts. If you do not specify this keyword, the cookie can be accessed by scripts.

secure: Specifies that the cookie can be transmitted over only HTTPS connections. If you do not specify this keyword, the cookie can be transmitted over any connections.

Usage guidelines

Use the cookie get command to obtain the HTTP cookie information used to generate sticky entries based on the offset, start-string, end-string, and length values. The start-string and end-string values are not included in the sticky entry information.

If the sticky method is cookie rewrite, the Set-Cookie field of the specified cookie must be available in the HTTP response packets sent by the server. The system modifies only the cookie name and value in the Set-Cookie field without modifying other attributes such as Expires.

If the sticky method is cookie insert or cookie rewrite and the timeout timer for sticky entries is 0, the system adds the Expires field after the inserted or rewritten value. If the HTTP response packets sent by the server carry this attribute, the load balancing module does not modify the attribute. Instead, it adds the user-configured Expires information after the value. As a best practice, do not carry any timeout attribute in the Set-Cookie header on the server when you configure the cookie rewrite sticky method.

The domain domain-name option specifies the hosts to which the cookie will be sent. Suppose a client can visit hosts example.com, www.example.com, and www.corp.example.com. If you specify example.com for the domain domain-name option, the client includes the cookie when sending HTTP requests to any one of the three hosts. If you specify www.corp.example.com for the domain domain-name option, the client includes the cookie only when sending HTTP requests to www.corp.example.com.

The path path option limits the scope of the cookie to a set of paths. Suppose a client can visit folders www.example.com/a and www.example.com/b. If you specify www.example.com for the domain domain-name option and /a for the path path option, the client includes the cookie only when sending HTTP requests to www.example.com/a.

The httponly option prevents attackers from obtaining cookie information by using scripts.

The secure option makes sure the cookie is transmitted over an HTTPS connection. For an HTTP connection, the cookie is not transmitted.

Examples

# Configure the cookie get sticky method for the HTTP cookie sticky group sg3: Starting from the 10th byte of start of the HTTP packet, use the 32-byte HTTP cookie named user to generate sticky entries.

<Sysname> system-view

[Sysname] sticky-group sg3 type http-cookie

[Sysname-sticky-http-cookie-sg3] cookie get name user offset 10 length 32

# Configure the cookie insert sticky method for the HTTP cookie sticky group sg3.

<Sysname> system-view

[Sysname] sticky-group sg3 type http-cookie

[Sysname-sticky-http-cookie-sg3] cookie insert

cookie secondary name

Use cookie secondary name to specify the name of the secondary cookie to be searched in the URI.

Use undo cookie secondary name to restore the default.

Syntax

cookie secondary name value

undo cookie secondary name

Default

The name of the secondary cookie to be searched in the URI is not specified.

Views

HTTP cookie sticky group view

Predefined user roles

network-admin

Parameters

value: Specifies the name of the secondary cookie, a case-sensitive token string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127.

Usage guidelines

This command applies only to the cookie get sticky method. Executing this command enables the system to locate the secondary cookie in the URI when it fails to locate the specified cookie in the HTTP request packet header.

Examples

# Specify the name of the secondary cookie to be searched in the URI as sid for the HTTP cookie sticky group sg3.

<Sysname> system-view

[Sysname] sticky-group sg3 type http-cookie

[Sysname-sticky-http-cookie-sg3] cookie secondary name sid

customlog content

Use customlog content to configure the content to be output by using the fast log output feature.

Use undo customlog content to restore the default.

Syntax

customlog content content-value

undo customlog content

Default

No content is output by using the fast log output feature.

Views

HTTP virtual server view

Predefined user roles

network-admin

Parameters

content-value: Specifies the log content to be output, a case-sensitive string of 1 to 255 characters. To enter multiple variables, separate them by semicolons. The device supports the following variables:

· %{is}—Source IP address in HTTP requests.

· %{ps}—Source port number in HTTP requests.

· %{id}—Destination IP address in HTTP requests.

· %{pd}—Destination port number in HTTP requests.

· %{sis}—Source IP address in HTTP responses.

· %{sps}—Source port number in HTTP responses.

· %{sid}—Destination IP address in HTTP responses.

· %{spd}—Destination port number in HTTP responses.

· %{vsn}—Virtual server name.

· %{sfn}—Server farm name.

· %{reqtmstamp}—HTTP request timestamp, in GMT.

· %{reqtime}—HTTP request timestamp, in CST.

· %{uri}—HTTP URI.

· %{ver}—HTTP version number.

· %{args}—HTTP access parameters.

· %{method}—HTTP request method.

· %{xff}—IP address of XFF (X-Forwarded-For).

· %{ctype}—Content-Type field in HTTP requests.

· %{clen}—Content-Length field in HTTP requests.

· %{ref}—Referer header field in HTTP requests.

· %{ua}—User-Agent header field in HTTP requests.

· %{host}—Host header field in HTTP requests.

· %{path}—Path in HTTP requests.

· %{reqsz}—HTTP request size in bytes.

· %{reqtm}—HTTP request duration in milliseconds. The duration is from time when the device receives an HTTP request to the time when the device receives the HTTP response.

· %{rspclen}—Content-Length field in HTTP responses.

· %{reqsz}—HTTP response size in bytes.

· %{rsptm}—HTTP response duration in milliseconds. The duration is from the time when the device receives an HTTP response to the time when the device finishes sending out the HTTP response.

· %{stscode}—HTTP response status code.

· %{reqbsz}—Body size of HTTP requests, in bytes.

· %{rspbsz}—Body size of HTTP responses received by the device from the server, in bytes.

· %{rspsntbsz}—Body size of HTTP responses sent from the device to the client, in bytes.

· %{cookie_cookie-name—HTTP cookie. The cookie name cannot contain brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). Additionally, the cookie name cannot contain ASCII codes that are less than or equal to 31 and greater than or equal to 127. You can specify multiple cookies.

Usage guidelines

Operating mechanism

After you execute this command, the device sends the specified content to the log host by using the fast log output feature.

If you execute this command multiple times, the most recent configuration takes effect.

Restrictions and guidelines

Before executing this command, you must enable fast log output for load balancing and configure fast log output parameters.

Examples

# For HTTP virtual server vs, output the source IP address and source port number in HTTP requests by using the fast log output feature.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] customlog content %{is};%{ps}

Related commands

customlog format (Network Management and Monitoring Command Reference)

customlog host (Network Management and Monitoring Command Reference)

default server-farm

Use default server-farm to specify the default (primary) server farm.

Use undo default server-farm to restore the default.

Syntax

default server-farm server-farm-name [ backup backup-server-farm-name ] [ sticky sticky-name [ backup backup-sticky-name ] ]

undo default server-farm

Default

No default server farm is specified.

Views

Fast HTTP virtual server view

HTTP virtual server view

IP virtual server view

TCP virtual server view

UDP virtual server view

Predefined user roles

network-admin

Parameters

server-farm-name: Specifies a primary server farm by its name, a case-insensitive string of 1 to 255 characters.

backup backup-server-farm-name: Specifies a backup server farm by its name, a case-insensitive string of 1 to 255 characters.

sticky sticky-name: Specifies a primary sticky group by its name, a case-insensitive string of 1 to 255 characters.

backup backup-sticky-name: Specifies a backup sticky group by its name, a case-insensitive string of 1 to 255 characters. This option is supported only by HTTP virtual servers and RADIUS virtual servers.

Usage guidelines

Operating mechanism

When the primary server farm is available (contains real servers), the virtual server forwards packets through the primary server farm. When the primary server farm is not available, the virtual server forwards packets through the backup server farm.

If you specify both a primary sticky group and a backup sticky group, the device generates both primary sticky entries and backup sticky entries. If packets do not match primary sticky entries, backup sticky entries will apply.

Restrictions and guidelines

The device generates backup sticky entries for only the following sticky group combinations:

· RADIUS-type primary sticky group and port-address-type backup sticky group.

· HTTP cookie-type primary sticky group and port-address-type backup sticky group.

· HTTP cookie-type primary sticky group and HTTP passive-type backup sticky group.

Examples

# Specify the primary server farm sf, the backup server farm sfb, and the sticky group sg1 for the IP-type virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] default server-farm sf backup sfb sticky sg1

default-class action

Use default-class action to specify the default LB action.

Use undo default-class to restore the default.

Syntax

default-class action action-name

undo default-class

Default

No default LB action is specified.

Views

LB policy view

Predefined user roles

network-admin

Parameters

action-name: Specifies an LB action by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Operating mechanism

This command sets the default LB action for packets that fail to match any LB class.

Restrictions and guidelines

A DNS LB policy can reference DNS LB actions only; a generic LB policy can reference generic LB actions only. This rule does not apply to HTTP LB policies.

Examples

# In server load balancing, specify the default LB action lba1 for the generic LB policy lbp1.

<Sysname> system-view

[Sysname] loadbalance policy lbp1 type generic

[Sysname-lbp-generic-lbp1] default-class action lba1

# In outbound link load balancing, specify the default LB action lba2 for the link-generic LB policy lbp2.

<Sysname> system-view

[Sysname] loadbalance policy lbp2 type link-generic

[Sysname-lbp-link-generic-lbp2] default-class action lba2

# In transparent DNS proxy, specify the default LB action lba3 for the DNS LB policy lbp3.

<Sysname> system-view

[Sysname] loadbalance policy lbp3 type dns

[Sysname-lbp-dns-lbp3] default-class action lba3

description

Use description to configure a description.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is configured.

Views

ISP view

LB action view

LB class view

LB policy view

LB probe template view

LB connection limit policy view

Parameter profile view

Protection policy view

Real server view

Server farm member view

Server farm view

SNAT address pool view

SNAT global policy view

Sticky group view

Virtual server view

Link group view

Link group member view

Link view

DNS server pool view

DNS server pool member view

DNS server view

Statistics node view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 127 characters.

Examples

# Configure the description LB action LBA1 for the generic LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] description LB action LBA1

destination-ip object-group

Use destination-ip object-group to specify a destination IP address object group for address translation.

Use undo destination-ip object-group to restore the default.

Syntax

destination-ip object-group object-group-name

undo destination-ip object-group

Default

All packets are translated.

Views

SNAT global policy view

Predefined user roles

network-admin

Parameters

object-group-name: Specifies a destination IP address object group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you specify a destination IP address object group, the device performs SNAT on only packets with a matching destination IP address. For information about configuring an IP address object group, see object group configuration in Security Configuration Guide.

Examples

# Specify destination IP address object group obj1 for SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] destination-ip object-group obj1

Related commands

object-group (Security Command Reference)

diameter-attribute code

Use diameter-attribute code to configure a Diameter attribute sticky method.

Use undo diameter-attribute to delete a Diameter attribute sticky method.

Syntax

diameter-attribute { code attribute-code [ index index-value ] } &<1-4>

undo diameter-attribute

Default

No Diameter attribute sticky methods exist.

Views

Diameter sticky group view

Predefined user roles

network-admin

Parameters

code attribute-code: Specifies a Diameter attribute by its AVP code in the range of 0 to 4294967295.

index index-value: Specifies a Diameter attribute by its index value in an AVP sequence. The value range for the index-value argument is 0 to 32. When the type of the AVP specified by the attribute-code argument is Grouped, which indicates that the attribute is an AVP sequence, you must also specify the index value of the attribute in the AVP sequence. If you do not specify the index-value argument, the index value takes 0, which indicates that the index value of the Diameter attribute in the AVP sequence is not restricted.

&<1-4>: Indicates that the arguments before it can be entered up to four times.

Usage guidelines

Operating mechanism

Use this command to configure the device to generate a sticky entry based on the specified Diameter attribute in a Diameter request. Subsequent requests that match the sticky entry are forwarded according to the sticky entry. You can configure only one Diameter attribute sticky method for a Diameter sticky group. If you execute this command multiple times, the most recent configuration takes effect.

Common Diameter attribute codes include:

· 258—Auth-Application-Id.

· 259—Acct-Application-Id.

· 263—Session-Id.

· 264—Origin-Host.

· 283—Destination-Realm.

· 293—Destination-Host.

· 296—Origin-Realm.

· 443—Subscription-Id.

· 444—Subscription-Id-Data.

Restrictions and guidelines

The Diameter attribute sticky methods apply only to Diameter messages.

Examples

# In sticky group s1, configure a sticky method based on Diameter attribute Session-Id.

<Sysname> system-view

[Sysname] sticky-group s1 type diameter

[Sysname-sticky-diameter-s1] diameter-attribute code 263

Related commands

sticky-group

display loadbalance action

Use display loadbalance action to display LB action information.

Syntax

display loadbalance action [ name action-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name action-name: Specifies an LB action by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all LB actions.

Examples

# Display information about all LB actions.

<Sysname> display loadbalance action

LB action: lba1

Description:

Type: Generic

State: Inactive

Forward type: Drop

IP ToS:

Fallback-action: Disabled

Busy-action: Force

TCP payload rewrite:

Value: QMGR.S01

Replacement: QMGR.S01%[variable]

Direction: Request

TCP payload rewrite:

Value: QMGR.S01_1

Replacement: QMGR.S01_2

Direction: Response

TCP payload rewrite:

Value: QMGR.S02_2

Replacement: QMGR.S01_2

Direction: Response

Reference count: 1

LB action: lba2

Description:

Type: HTTP

State: Active

Forward type: Server farm

Server farm: sf (in use)

Backup server farm: sfb

Sticky: sg3

Backup sticky: sg4

IP ToS: 20

Fallback-action: Disabled

SSL client policy:

Content rewrite:

Value:

Replacement:

Redirect relocation:

Redirect return-code: 302

Header delete:

Name: ww

Direction: Request

Header insert:

Name: aa

Value: 1234567890123456789012345678901234567890123456789012345678901234567890

Direction: Both

Header insert:

Name: cc

Value: dd

Direction: Request

Header rewrite:

Name: ee

Value: dd

Replacement: ff

Direction: Response

SSL URL rewrite:

Value: 12

Clear port: 12

SSL port: 123

Location header rewrite:

Target string: (http://www.example.com): 9080

Replacement string: %1:80

Reference count: 1

LB action: lba3

Description: sina

Type: Link-generic

State: Active

Forward type: link group

Link group: lg1 (in use)

Backup link group: lg2

Sticky:

IP ToS:

Fallback-action: None

Reference count: 1

LB action: lba4

Description: xx

Type: DNS

State: Active

Forward type: DNS server pool

DNS server pool: dsp1

Sticky: st

IP ToS:

Fallback-action: Disabled

Busy-action: Force

Reference count: 1

LB action: lba5

Description:

Type: HTTP

State: Active

Forward type: Redirect

IP ToS:

Fallback-action: Continue

SSL client policy:

Content rewrite:

Value:

Replacement:

Redirect relocation: www.example.com

Redirect return-code: 302

Reference count: 1

LB action: lba6

Description:

Type: HTTP

State: Active

Forward type: Response

IP ToS:

Fallback-action: Response

Raw file name: 301.raw

SSL client policy:

Content rewrite:

Value:

Replacement:

Redirect relocation:

Redirect return-code: 302

Response file:

File: index.html

URL: /index/css

Response file:

File name: subsys_intf.js

URL: /index/subsys

Response file:

File name: subsys.js

URL: /subsys.js

Response zip file:

Zip file name: subsys.zip

Working path: /

Reference count: 1

LB action: lba7

Description:

Type: Diameter

State: Active

Forward type: Server farm

Server farm: sf (in use)

Backup server farm:

Sticky: sg3

Fallback-action: Continue

SSL client policy:

TCP parameter profile (client-side): tcp

Diameter-session parameter profile: dia1

Reference count: 1

Table 1 Command output

Field	Description
LB action	LB action name.
Description	Description for the LB action.
Type	LB action type: · DNS. · Generic. · HTTP. · Link-generic. · RADIUS. · Diameter.
State	LB action state: · Active. · Inactive.
Forward type	Packet forwarding mode of the LB action: · Drop—Discards packets. · Drop(FIN-close)—Closes TCP connections by sending FIN packets (applicable to generic, HTTP, and Diameter LB actions). · Drop(RST-close)—Closes TCP connections by sending RST packets (applicable to generic, HTTP, and Diameter LB actions). · Forward—Forwards packets. · Server farm—Forwards packets through the server farm (applicable to generic, HTTP, RADIUS, and Diameter LB actions). · Link group—Forwards packets through the link group (applicable to link-generic LB actions). · DNS server pool—Forwards packets through the DNS server pool (applicable to DNS LB actions). · Skip current DNS proxy (applicable to DNS LB actions). · Redirect—Redirects packets. · Response—Responds to client requests by using a file.
Server farm	Primary server farm name. (in use) indicates the server farm is in use. This field is displayed only when the packet forwarding mode is server farm.
Backup server farm	Backup server farm name. (in use) indicates the server farm is in use. This field is displayed only when the packet forwarding mode is server farm.
Link group	Default link group name. (in use) indicates the link group is in use.
Backup link group	Backup link group name. (in use) indicates the link group is in use.
Sticky	Primary sticky group name. This field is displayed only when the packet forwarding mode is server farm or DNS server pool.
Backup sticky	Backup sticky group name. This field is displayed only when the packet forwarding mode is server farm and the LB action type is HTTP or RADIUS.
IP ToS	ToS field value of IP packets.
Fallback-action	Action taken upon load balancing failure: · None—Does not take any action. · Continue—Matches the next rule. · Response—Responds to client requests by using a file (applicable to DNS, generic, HTTP, link-generic, and RADIUS LB actions). · Drop(FIN-close)—Closes TCP connections by sending FIN packets (applicable to generic and HTTP LB actions). · Drop(RST-close)—Closes TCP connections by sending RST packets (applicable to generic and HTTP LB actions).
Busy-action	Action taken upon busyness: · Continue—Matches the next rule. · Force—Assigns packets to links or DNS servers regardless of whether they are busy.
SSL client policy	SSL client policy name. This field is displayed only for HTTP and Diameter LB actions.
Content rewrite	HTTP content rewrite configuration: · Value—Specifies the HTTP packet content to be rewritten. · Replacement—Specifies the content after rewrite. This field is displayed only for an HTTP-type LB action.
Redirect relocation	Redirection URL. This field is displayed only for HTTP-type LB actions.
Redirect return-code	Status code in the redirection packets. This field is displayed only for HTTP-type LB actions.
Header delete	Deletes the HTTP header. · Name—Name of the HTTP packet header. · Direction—Specifies HTTP requests, HTTP responses, or both. This field is displayed only when the header delete command is configured.
Header insert	Inserts the HTTP header. · Name—Name of the HTTP packet header. · Value—Content of the HTTP packet header. · Direction—Specifies HTTP requests, HTTP responses, or both. This field is displayed only when the header insert command is configured.
Header rewrite	Rewrites the HTTP header. · Name—Name of the HTTP packet header. · Value—Content of the HTTP packet header to be rewritten. · Replacement—Content after rewrite. · Direction—Specifies HTTP requests, HTTP responses, or both. This field is displayed only when the header rewrite command is configured.
SSL URL rewrite	Rewrites the URL in the Location header of HTTP response packets sent by the server. · Value—Regular expression for the location header URL. · Clear port—HTTP port number to be rewritten. · SSL port—SSL port number after rewrite. This field is displayed only when the ssl url rewrite command is configured.
Location header rewrite	Rewrite the Location header content of an HTTP response sent by the server. · Target string—Regular expression for the Location header to be rewritten. · Replacement string—Location header after rewriting. This field is displayed only when the location rewrite replace command is executed.
DNS server pool	DNS server pool name. This field is displayed only when the packet forwarding mode is DNS server pool.
Response file	Responds to client requests by using an uncompressed file.
File name	Name of the uncompressed file.
URL	URL path used to match client requests.
Response zip file	Responds to client requests by using a compressed file.
Zip file name	Name of the compressed file.
Working path	Working path used to match client requests.
Raw file name	Response file used upon load balancing failure.
TCP payload rewrite	Rewrite the TCP payload: · Value—Content of the TCP packet header to be rewritten. · Replacement—Content after rewrite. · Direction—Specifies TCP requests, TCP responses, or both. This field is displayed only when the payload rewrite command is configured.
TCP parameter profile (client-side)	Client-side TCP parameter profile specified for the Diameter LB action. This field is displayed only when a client-side TCP parameter profile is specified.
Diameter-session parameter profile	Diameter session parameter profile specified for the Diameter LB action. This field is displayed only when a Diameter session parameter profile is specified.
Reference count	Number of times that the resource is being referenced.

display loadbalance alg

Use display loadbalance alg to display the ALG status for all protocols.

Syntax

display loadbalance alg

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the ALG status for all protocols.

<Sysname> display loadbalance alg

LB ALG:

DNS : Enable

FTP : Enable

H323 : Disabled

ICMP-ERROR : Enable

ILS : Disabled

MGCP : Disabled

NBT : Disabled

PPTP : Enable

RSH : Disabled

RTSP : Enable

SCCP : Disabled

SIP : Disabled

SQLNET : Disabled

TFTP : Disabled

XDMCP : Disabled

display loadbalance class

Use display loadbalance class to display LB class information.

Syntax

display loadbalance class [ name class-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name class-name: Specifies an LB class by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all LB classes.

Examples

# Display information about all LB classes.

<Sysname> display loadbalance class

LB class: lbc1

Description:

Type: HTTP

Match type: Match-all

Match rule:

match 1 source ip address 1.2.3.0 24

match 2 source ipv6 address 1::2

match 3 cookie abc value 123

match 4 header def value 12

match 5 method ext xde

match 6 method rfc CONNECT

match 7 class cla2

match 8 url 2q3

match 9 acl ipv4 number 2000

match 10 acl ipv6 number 2001

match 11 acl ipv4 name aaa

match 12 acl ipv6 name bbb

match 13 isp name isp1

Reference count: 1

LB class: lbc2

Description:

Type: Generic

Match type: Match-any

Match rule:

match 1 class cla2

match 2 source ip address 1.2.23.0 24

match 3 source ipv6 address 1::12

match 4 acl ipv4 number 3000

match 5 acl ipv6 number 3001

match 6 acl ipv4 name ccc

match 7 acl ipv6 name ddd

match 8 isp name isp2

match 9 payload orcl

Reference count: 1

LB class: lbc3

Description:

Type: Link-generic

Match type: Match-any

Match rule:

match 1 class cla3

match 2 source ip address 1.2.3.0 24

match 3 source ipv6 address 1::12

match 4 acl ipv4 number 3002

match 5 acl ipv6 number 3003

match 6 acl ipv4 name ccc

match 7 acl ipv6 name ddd

match 8 isp name isp2

match 9 user u1

match 10 user-group lb-group

match 11 interface GE1/0/1

Reference count: 1

LB class: lbc4

Description:

Type: DNS

Match type: Match-any

Match rule:

match 1 class cla2

match 2 source ip address 1.2.3.0 24

match 3 source ipv6 address 1::12

match 4 acl ipv4 number 3002

match 5 acl ipv6 number 3003

match 6 acl ipv4 name ccc

match 7 acl ipv6 name ddd

match 8 destination ip address 1.2.3.0 24

match 9 destination ipv6 address 1::12

match 10 domain-name www.example.com

Reference count: 1

LB class: lbc5

Description:

Type: MySQL

Match type: Match-any

Match rule:

match 1 class cla2

match 2 source ip address 1.2.3.0 24

match 3 source ipv6 address 1::12

match 4 acl ipv4 number 3002

match 5 acl ipv6 number 3003

match 6 acl ipv4 name ccc

match 7 acl ipv6 name ddd

match 8 sql select

Reference count: 1

LB class: lbc6

Description:

Type: Diameter

Match type: Match-any

Match rule:

match 1 class cla2

match 2 application-id 5

match 3 destinaton-realm a.example.com

Reference count: 1

Table 2 Command output

Field	Description
LB class	LB class name.
Description	Description for the LB class.
Type	LB class type: · DNS. · Generic. · HTTP. · Link-generic. · MySQL. · RADIUS. · Diameter.
Match type	Match type for the LB class: · Match-all—Requires matching all rules of the LB class. · Match-any—Requires matching any rule of the LB class.
Match rule	Match rules for the LB class.
Reference count	Number of times that the resource is being referenced.

display loadbalance connections

Use display loadbalance connections to display information about Layer 7 LB TCP connections.

Syntax

display loadbalance connections [ client-side{ ipv4 | ipv6 } [ cs-client-ip ip-address [ cs-client-port port-number ] ] [ cs-server-ip ip-address [ cs-server-port port-number ] ] [ state { closed | close_wait | closing | established | fin_wait_1 | fin_wait_2 | last_ack | listening | syn_received | syn_sent | time_wait } ] ] [ server-side { ipv4 | ipv6 } [ ss-client-ip ip-address [ ss-client-port port-number ] ] [ ss-server-ip ip-address [ ss-server-port port-number ] ] [ state { closed | close_wait | closing | established | fin_wait_1 | fin_wait_2 | last_ack | listening | syn_received | syn_sent | time_wait } ] ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

client-side: Displays client-side connections.

server-side: Displays server-side connections.

ipv4: Specifies IPv4 connections.

ipv6: Specifies IPv6 connections.

cs-client-ip ip-address: Specifies a client by its IP address on the client side.

cs-client-port port-number: Specifies the port number of the client on the client side, in the range of 0 to 65535. 0 means any port number.

ss-client-ip ip-address: Specifies a client by its IP address on the server side.

ss-client-port port-number: Specifies the port number of the client on the server side, in the range of 0 to 65535. 0 means any port number.

cs-server-ip ip-address: Specifies a server by its IP address on the client side.

cs-server-port port-number: Specifies the port number of the server on the client side, in the range of 0 to 65535. 0 means any port number.

ss-server-ip ip-address: Specifies a server by its IP address on the server side.

ss-server-port port-number: Specifies the port number of the server on the server side, in the range of 0 to 65535. 0 means any port number.

state { closed | close_wait | closing | established | fin_wait_1 | fin_wait_2 | last_ack | listening | syn_received | syn_sent | time_wait }: Specifies TCP connections by connection state. If you do not specify this parameter, the command displays information about TCP connections in each state.

verbose: Displays detailed information about TCP connections. If you do not specify this keyword, the command displays brief information.

Usage guidelines

If you do not specify any parameters, this command displays information about all Layer 7 LB TCP connections.

Examples

# Display brief information about all Layer 7 LB TCP connections.

<Sysname> display loadbalance connections

Client side: State Server side: State Cookie

192.168.56.1 <--> 8.8.8.8/80 ESTAB 192.168.56.1 <--> 2.2.2.2/80 ESTB X-LB=2.3.ab37423e.50

/50168 /1026

Any <-->Any CLOSED 192.168.56.1 <--> 2.2.2.2/80 TIMEWT X-LB=2.3.ab37423e.50

/1027

Total sessions: 3

# Display detailed information about all Layer 7 LB TCP connections.

<Sysname> display loadbalance connections verbose

Slot 1:

--------------------------------------------------------------------------------

Client side Server side

Client address 12.12.12.12/3032 12.12.12.12/54649

Server address 4.4.44.4/80 5.5.5.5/80

State ESTABLISHED ESTABLISHED

VPN name -- --

Cookie X-LB=2.3.ab37423e.50

Idle time 0 sec

Idle timeout 20 sec

Start time 2018-05-30 16:54:13

--------------------------------------------------------------------------------

Client side Server side

Client address 12.12.12.12/2996 Any

Server address 4.4.44.4/80 Any

State TIME_WAIT N/A

VPN name -- --

Cookie X-LB=2.3.ab37423e.50

Idle time 1 sec

Idle timeout 20 sec

Start time 2018-05-30 16:54:12

--------------------------------------------------------------------------------

Client side Server side

Client address 12.12.12.12/3251 12.12.12.12/54341

Server address 4.4.44.4/80 5.5.5.5/80

State ESTABLISHED ESTABLISHED

VPN name -- --

Cookie X-LB=2.3.ab37423e.50

Idle time 0 sec

Idle timeout 20 sec

Start time 2018-05-30 16:54:14

Total sessions: 3

Table 3 Command output

Field	Description
State	TCP connection state: · LISTEN. · SYNSNT—SYN_SENT. · SYNRCV—SYN_RECEIVED. · ESTB—ESTABLISHED. · FINWT1—FIN_WAIT_1. · FINWT2—FIN_WAIT_2. · CLOWAT—CLOSE_WAIT. · CLOSING. · LASACK—LAST_ACK. · TIMEWT—TIME_WAIT. · CLOSED. For more information about these states, see RFC 793.
VPN name	This field is not supported in the current software version. VPN instance name.
Cookie	Cookie name and value.
Start time	Time when the TCP connection was established.

‌

display loadbalance diameter connections

Use display loadbalance diameter connections to display Layer 7 LB Diameter connection information.

Syntax

display loadbalance diameter connections [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed LB Diameter connection information. If you do not specify this keyword, the command displays brief LB Diameter connection information.

Examples

# Display brief Layer 7 LB Diameter connection information.

<Sysname> display loadbalance diameter connections

Client side: State Server side: State

1.1.1.1/50159 <--> 2.2.2.1/3868 ESTAB 12.12.12.1/1028 <--> 13.13.13.2/3868 ESTB

12.12.12.1/1029 <--> 13.13.13.3/3868 ESTB

12.12.12.1/1030 <--> 13.13.13.4/3868 ESTB

11.11.11.11/5009 <--> 22.2.22.1/3868 ESTAB 14.14.14.1/1028 <--> 15.15.15.2/3868 ESTB

14.14.14.1/1029 <--> 15.15.15.3/3868 ESTB

# Display detailed Layer 7 LB Diameter connection information.

<Sysname> display loadbalance diameter connections verbose

Slot 1:

--------------------------------------------------------------------------------

Client side

Role Address Origin-Host Origin-Realm

Client 1.1.1.1/50169 dcca.example.com example.com

Server 2.2.2.1/3868 host.h3c.com h3c.com

State ESTABLISHED

VPN name --

Idle time 0 sec

Idle timeout 20 sec

Start time 2023-05-30 16:54:13

Server side

Role Address Origin-Host Origin-Realm

Client 12.12.12.1/1028 host1.h3c.com h3c.com

Server 13.13.13.2/3868 ide.example.com example.com

State ESTABLISHED

VPN name -- .

Idle time 0 sec

Idle timeout 20 sec

Start time 2023-05-30 16:54:14

Role Address Origin-Host Origin-Realm

Client 12.12.12.1/1029 host1.h3c.com h3c.com

Server 13.13.13.3/3868 ide.example.com example.lb.com

State ESTABLISHED

VPN name --

Idle time 0 sec

Idle timeout 20 sec

Start time 2023-05-30 16:54:14

Role Address Origin-Host Origin-Realm

Client 12.1.12.12/1030 host1.h3c.com h3c.com

Server 13.13.13.4/3868 ide.example.com example.com

State ESTABLISHED

VPN name --

Idle time 0 sec

Idle timeout 20 sec

Start time 2023-05-30 16:54:15

--------------------------------------------------------------------------------

Client side

Role Address Origin-Host Origin-Realm

Client 1.1.1.2/50169 dc1.example.com example1.com

Server 2.2.2.2/3868 host2.h3c.com h3c2.com

State ESTABLISHED

VPN name --

Idle time 0 sec

Idle timeout 20 sec

Start time 2023-05-30 16:54:13

Server side

Role Address Origin-Host Origin-Realm

Client 12.12.12.2/1028 host2.h3c.com h3c2.com

Server 13.13.13.3/3868 ide2.example.com example3.com

State ESTABLISHED

VPN name -- .

Idle time 0 sec

Idle timeout 20 sec

Start time 2023-05-30 16:54:14

--------------------------------------------------------------------------------

Table 4 Command output

Field	Description
Client side	Connection information on the client side.
Server side	Connection information on the server side.
Origin-Host	Source host name.
Origin-Realm	Source domain name.
State	TCP connection state. Options include the following: · CLOSED. · LISTEN, LISTENING. · SYNSNT, SYN_SENT. · SYNRCV, SYN_RECEIVED. · ESTAB, ESTABLISHED. · CLOWAT, CLOSE_WAIT. · FINWT1, FIN_WAIT_1. · CLOSING. · LASACK, LAST_ACK. · FINWT2, FIN_WAIT_2. · TIMEWT, TIME_WAIT. For more information about Diameter connection states, see RFC793.
VPN name	VPN instance name.
Idle time	Idle time period of the TCP connection, in seconds.
Idle timeout	Idle timeout timer for TCP connections, in seconds.
Start time	Time when the connection establishment started.

display loadbalance dns-query

Use display loadbalance dns-query to display information about the domain names queried by external link proxy.

Syntax

display loadbalance dns-query

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display information about the domain names queried by external link proxy.

<Sysname> display loadbalance dns-query

Slot 1:

VPN instance:

Domain name DNS server

www.a.example.com 1.2.3.4

www.b.example.com 2.2.3.4

Slot 2:

VPN instance:

Domain name DNS server

www.c.example.com 3.2.3.4

www.d.example.com 4.2.3.4

Table 5 Command output

Field	Description
Domain name	Domain name being queried.
DNS server	IP address of the DNS server.
VPN instance	This field is not supported in the current software version. VPN instance.

display loadbalance external-monitor log

Use display loadbalance external-monitor log to display the log information for custom monitoring.

Syntax

display loadbalance external-monitor log

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the log information for custom monitoring.

<Sysname> display loadbalance external-monitor log

The external monitor probe state of (server farm sf, real server rs, port: 3306) template mysql-template changed to successful.

The external monitor probe state of (server farm sf2, real server rs2, port: 3306) template mysql-template changed to failed.

display loadbalance limit-policy

Use display loadbalance limit-policy to display LB connection limit policy information.

Syntax

display loadbalance limit-policy [ name policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

policy-name: Specifies an LB connection limit policy by its name, a case-insensitive string of 1 to 255 characters.

Examples

# Display information about the LB connection limit policy lptest.

<Sysname> display loadbalance limit-policy name lptest

Limit-policy: lptest

Description:

Limit rule:

limit lptest acl 3000 amount 10 10

Reference count: 1

display loadbalance policy

Use display loadbalance policy to display LB policy information.

Syntax

display loadbalance policy [ name policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name policy-name: Specifies an LB policy by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all LB policies.

Examples

# Display information about all LB policies.

<Sysname> display loadbalance policy

LB policy: lbp1

Description:

Type: Generic

Class: lbc1

Action: lba1

Default action: lba0

Reference count: 1

LB policy: lbp2

Description:

Type: HTTP

Default action:

Reference count: 1

LB policy: lbp3

Description:

Type: Link-generic

Class: lbc3

Action: lba3

Default action: lba3

Reference count: 1

LB policy: lbp4

Description:

Type: DNS

Class: lbc4

Action: lba4

Default action: lba4

LB policy: lbp5

Description:

Type: MySQL

Class: lbc5

Action: lba5

Default action: lba5

Reference count: 1

LB policy: lbp6

Description:

Type: Diameter

Class: lbc6

Action: lba6

Default class action: lbc1

Reference count: 1

Table 6 Command output

Field	Description
LB policy	LB policy name.
Description	Description for the LB policy.
Type	LB policy type: · DNS. · Generic. · HTTP. · Link-generic. · MySQL. · RADIUS. · Diameter
Class	LB class for the LB policy.
Action	LB action for the LB class.
Default class action	Default LB action.
Reference count	Number of times that the resource is being referenced.

display loadbalance probe failed-record

Use display loadbalance probe failed-record to display the records of health monitoring failures.

Syntax

display loadbalance probe failed-record { real-server | link } [ name name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

real-server: Specifies a real server or all real servers.

link: Specifies a link or all links.

name name: Specifies a real server or a link by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this parameter, this command displays the recorded health monitoring failures for all real servers or all links.

Usage guidelines

Before display the records of health monitoring failures, use the loadbalance probe failed-record enable command to enable recording health monitoring failures.

Examples

# Display the recorded health monitoring failures for all real servers.

<Sysname> display loadbalance probe failed-record real-server

Template Server farm Real server Address family Port Template type Reason Failure time

t1 sf2 rs IPv4 30 arp TimeOut 2023-06-25 17:14:39

t1 sf1 rs IPv6 20 arp TimeOut 2023-06-25 17:14:39

t1 - rs IPv4 - arp TimeOut 2023-06-25 17:14:38

t1 - rs IPv6 10 arp TimeOut 2023-06-25 17:14:37

# Display the recorded health monitoring failures for all links.

<Sysname> display loadbalance probe failed-record link

Template Link group Link Address family Template type Reason Failure time

t1 lg lk IPv4 arp TimeOut 2023-06-25 17:14:39

t1 lg lk IPv6 arp TimeOut 2023-06-25 17:14:39

t1 - lk IPv4 arp TimeOut 2023-06-25 17:14:38

t1 - lk IPv6 arp TimeOut 2023-06-25 17:14:37

Table 7 Command output

Field	Description
Template	Name of the template for health monitoring.
Server farm	Name of the server farm that failed health monitoring. This field displays a hyphen (-) if the real server is not in any server farm.
Real server	Name of the real server or server farm member.
Link group	Name of the link group that failed health monitoring. This field displays a hyphen (-) if the link is not in any link group.
Link	Name of the link or link group member.
Address family	Address family type for the real server or link. Options include IPv4 and IPv6. This field displays a hyphen (-) for a custom-monitoring LB probe template.
Port	Port number of the real server. This field displays a hyphen (-) if the NQA port number is used.
Template type	Type of the template for health monitoring.
Reason	Reason for the health monitoring failure: · Timeout. · No Route—Health monitoring failed due to routing inaccessibility. · Internal error. · Verify error—Health monitoring failed due to a verification error. · Disconnect—Health monitoring failed because the remote end forcibly terminated the connection. · No connection—Failed to establish a connection with the remote end. · Expect Status error. · Other errors.
Failure time	Time when health monitoring failed, from the most recent to the earliest.

Related commands

loadbalance probe failed-record enable

loadbalance probe failed-record max-number

reset loadbalance probe failed-record

display loadbalance probe-template

Use display loadbalance probe-template to display LB probe template information.

Syntax

display loadbalance probe-template [ name template-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name template-name: Specifies an LB probe template by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all LB probe templates.

Examples

# Display information about all LB probe templates.

<Sysname> display loadbalance probe-template

Load balancing probe template: rst1

Description:

Type: tcp-rst

Monitoring interval: 20 sec

RST threshold: 10

Protection action: auto-shutdown

Reference count: 1

Load balancing probe template: zero2

Description:

Type: tcp-zero-window

Monitoring interval: 30 sec

Zero-window threshold: 20

Protection action: busy

Probe interval: 30 sec

Probe times: 3

Reference count: 1

Load balancing probe template: icmp1

Description:

Type: icmp

Timeout: 3 sec

Frequency: 300

Reference count: 1

Load balancing probe template: http1

Description:

Type: http-passive

Monitoring interval: 1 sec

Abnormal-url threshold: 10000

Timeout: 30 sec

URL list:

aaa

Status code list:

404

Reference count: 1

Load balancing probe template: test_external

Description:

Type: external-monitor

External script: http.sh

Monitoring interval: 5 sec

Timeout: 6 sec

Argument: 192.168.1.123

Environment variable list:

Name Value

Test3 /opt/lib

Test4 /usr/bin

Reference count: 1

Load balancing probe template: mysql

Description:

Type: database (MySQL)

Destination ip/ipv6: 187.61.0.45

Destination port: 0

Monitoring interval: 30 sec

Timeout: 31 sec

Database: sid

Username: admin

Sent statement:

Expected data: STANDBY

Expected column: 1

Expected row: 2

Max reuse times: 0

Reference count: 2

Load balancing probe template: oracle

Description:

Type: database (Oracle)

Destination ip/ipv6: 187.61.0.44

Destination port: 0

Monitoring interval: 15 sec

Timeout: 10 sec

Database connection-string: %{ip}:%{port}/sid

Username: admin

Sent statement: select database role from v$database

Expected data: STANDBY

Expected column: 0

Expected row: 0

Max reuse times: 0

Reference count: 2

Table 8 Command output

Field	Description
Load balancing probe template	LB probe template name.
Description	Description for the LB probe template.
Type	LB probe template type: · external-monitor—Custom monitoring. · http-passive. · icmp. · tcp-rst. · tcp-zero-window. · database (AntDB): AntDB database LB probe template. This field is not supported in the current software version. · database (MySQL): MySQL database LB probe template. This field is not supported in the current software version. · database (Oracle): Oracle database LB probe template. This field is not supported in the current software version.
Monitoring interval	Monitoring time. During the monitoring time, the system counts the number of RST packets or zero-window packets sent by each server farm member in a server farm. This field is not displayed for an ICMP LB probe template.
RST threshold	Maximum number of RST packets a real server can send. This field is displayed only for a TCP-RST LB probe template.
Zero-window threshold	Maximum percentage of zero-window packets a real server can send. This field is displayed only for a TCP zero-window LB probe template.
Protection action	Action to take when the RST or zero-window packet threshold is reached: Auto-shutdown or Busy. This field is displayed only for a TCP-RST or TCP zero-window LB probe template.
Probe interval	Interval to probe the real server in busy state. This field is displayed only for a TCP-RST or TCP zero-window LB probe template.
Probe times	Maximum number of times for probing the real server in busy state. If the number of probe times is reached, the real server is automatically shut down. This field is displayed only for a TCP-RST or TCP zero-window LB probe template.
Timeout	Timeout time for probe responses, HTTP responses, or custom monitoring probe packet responses. This field is not displayed for a TCP RST or TCP zero-window LB probe template.
Frequency	Probe interval for an LB probe template. This field is displayed only for an ICMP LB probe template or HTTP passive LB probe template.
Abnormal-url threshold	Upper limit of URL error times. This field is displayed only for an HTTP passive LB probe template.
URL list	List of URLs to check for an HTTP passive LB probe template This field is displayed only for an HTTP passive LB probe template.
Status code list	List of response status codes to check for an HTTP passive LB probe template This field is displayed only for an HTTP passive LB probe template.
External script	Script file used by a custom-monitoring LB probe template. This field is displayed only for a custom-monitoring LB probe template.
Argument	User-defined information for a custom-monitoring LB probe template. This field is displayed only for a custom-monitoring LB probe template.
Environment variables list	Environment variable list for a custom-monitoring LB probe template. This field is displayed only for a custom-monitoring LB probe template.
Name	Environment variable name. This field is displayed only for a custom-monitoring LB probe template.
Value	Environment variable value. This field is displayed only for a custom-monitoring LB probe template.
Sent statement	Query statement to be executed after login. This field is displayed only for database LB probe templates.
Reference count	Number of times that the resource is being referenced.

Related commands

reset real-server statistics

display loadbalance process-limit

Use display loadbalance process-limit to display the maximum number of processes allowed to be started for custom monitoring.

Syntax

display loadbalance process-limit

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the maximum number processes allowed to be started for custom monitoring.

<Sysname> display loadbalance process-limit

Loadbalance process-limit: 2

display loadbalance protection-policy

Use display loadbalance protection-policy to display the configuration of protection policies.

Syntax

display loadbalance protection-policy [ name policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name policy-name: Specifies a protection policy by its name, a case-insensitive string of 1 to 255 characters. If you do not specify a protection policy, this command displays the configuration of all protection policies.

Examples

# Display the configuration of all protection policies.

<Sysname> display loadbalance protection-policy

Policy name: p1

Description:

Type: HTTP

Protection action: warning

Rule ID: 3

URL: /index.php

Protection period: 2

Method Threshold

Cookie (Jsessionid) 20

Source IP 10

Rule ID: 5

URL: /test.php

Protection period: 20

Method Threshold

Cookie (A1B2C3D4) 20

Reference count: 1

Slow-attack protection state: Enabled

Slow-attack request-header timeout: 10 seconds

Slow-attack request-body timeout: 20 seconds

Slow-attack client-read timeout: 30 seconds

Slow-attack min-transmit-rate: 100 B/s

Slow-attack min-transmit-rate duration: 60 seconds

Table 9 Command output

Field	Description
Protection action	Protection action: · warning—Generates a log message. · drop—Drops requests. · verify (insert header)—Performs client verification by inserting an HTTP header. · verify (js)—Performs cookie verification by inserting a JS script.
URL	Protected URL.
Method	Threshold type: · Cookie (xxx)—Cookie-based threshold (cookie name). · Source IP—- Source-IP-based threshold.
Reference count	Number of times that the resource is being referenced.
Slow-attack protection state	HTTP slow attack protection status: · Enabled. · Disabled.
Slow-attack request-header timeout	Timeout timer for detecting slow headers attacks.
Slow-attack request-body timeout	Timeout timer for detecting slow body attacks.
Slow-attack client-read timeout	Timeout timer for detecting slow read attacks.
Slow-attack min-transmit-rate	Minimum transmission rate for detecting HTTP slow attacks.
Slow-attack min-transmit-rate duration	Minimum transmission rate duration for detecting HTTP slow attacks.

‌

display loadbalance snat-address statistics

Use display loadbalance snat-address statistics to display SNAT IP address statistics.

Syntax

display loadbalance snat-address statistics { ip ip-address | ipv6 ipv6-address }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip ip-address: Specifies an IPv4 address.

ipv6 ipv6-address: Specifies an IPv6 address.

Examples

# Display SNAT address statistics.

<Sysname> display loadbalance snat-address statistics ip 10.10.10.79

SNAT address: 10.10.10.79

Inbound throughput 772.2Kbps

Outbound throughput 376.7Kbps

Received packets 2300

Sent packets 1100

Current connections 0

Peak connections 1

Total connections 1

Table 10 Command output

Field	Description
SNAT address	IP address in the SNAT address pool.
Inbound throughput	Packet inbound throughput.
Outbound throughput	Packet outbound throughput.
Received packets	Number of received packets.
Sent packets	Number of sent packets.
Current connections	Number of concurrent connections.
Peak connections	Number of history maximum concurrent connections.
Total connections	Total number of history connections.

‌

display loadbalance snat-global-policy

Use display loadbalance snat-global-policy to display SNAT global policy information.

Syntax

display loadbalance snat-global-policy [ name policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name policy-name: Specifies a SNAT global policy by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all SNAT global policies.

Examples

# Display information about all SNAT global policies.

<Sysname> display loadbalance snat-global-policy

Policy name: lbsnat1

Description:

State: Active

Priority: 0

VPN instance:

Source IP object group: src-obj

Destination IP object group: dst-obj

Service object group: proto-obj

Translation mode: snat-pool sp

Policy name: lbsnat2

Description:

State: Inactive(disable)

Priority: 0

VPN instance:

Source IP object group: src-obj

Destination IP object group:

Service object group:

Translation mode: auto-map

Table 11 Command output

Field	Description
State	State of the SNAT global policy: · Active—The SNAT global policy is enabled and available. · Inactive—The SNAT global policy is enabled but unavailable. · Inactive (disabled)—The SNAT global policy is disabled and unavailable.
VPN instance	This field is not supported in the current software version. VPN instance to which the SNAT global policy belongs.

Field

Description

State

State of the SNAT global policy:

· Active—The SNAT global policy is enabled and available.

· Inactive—The SNAT global policy is enabled but unavailable.

· Inactive (disabled)—The SNAT global policy is disabled and unavailable.

VPN instance

This field is not supported in the current software version.

VPN instance to which the SNAT global policy belongs.

‌

display loadbalance snat-pool

Use display loadbalance snat-pool to display SNAT address pool information.

Syntax

display loadbalance snat-pool [ name pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name pool-name: Specifies a SNAT address pool by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all SNAT address pools.

Examples

# Display information about all SNAT address pools.

<Sysname> display loadbalance snat-pool

SNAT pool: lbsp1

Description:

VPN instance:

Traffic group: 1

VRRP IPv4 info:

VRRP IPv4 VRID: 1

Interface: GigabitEthernet1/0/1

VRRP IPv6 info:

VRRP IPv6 VRID: 3

Interface: GigabitEthernet1/0/1

IPv4 range:

Start address End address

202.110.10.5 202.110.10.10

202.110.20.10 202.110.20.15

IPv6 range:

Start address End address

2002::2 2002::100

2002::200 2002::300

ARP/ND interfaces:

GigabitEthernet1/0/1

GigabitEthernet1/0/3

Reference count: 1

SNAT pool: lbsp2

Description:

VPN instance:

Traffic group: 1

VRRP IPv4 info:

VRRP IPv4 VRID: 1

Interface: GigabitEthernet1/0/1

VRRP IPv6 info:

VRRP IPv6 VRID: 3

Interface: GigabitEthernet1/0/1

IPv4 range:

Start address End address

203.110.10.10 203.110.10.15

IPv6 range:

Start address End address

2003::2 2003::100

ARP/ND interfaces:

GigabitEthernet1/0/2

Reference count: 1

Table 12 Command output

Field	Description
SNAT pool	SNAT address pool name.
Description	Description for the SNAT address pool.
VPN instance	This field is not supported in the current software version. VPN instance to which the SNAT address pool belongs.
Traffic group	Number of the cluster traffic group bound to the SNAT address pool.
IPv4 range	IPv4 address range.
IPv6 range	IPv6 address range.
ARP/ND interfaces	Interfaces from which gratuitous ARP packets and ND packets are sent out.
VRRP IPv4 VRID	ID of the IPv4 VRRP group bound to the SNAT address pool.
Interface	VRRP group interface bound to the SNAT address pool.
VRRP IPv6 VRID	ID of the IPv6 VRRP group bound to the SNAT address pool.
Reference count	Number of times that the resource is being referenced.

display loadbalance snat-pool statistics

Use display loadbalance snat-pool statistics to display SNAT address pool statistics.

Syntax

display loadbalance snat-pool statistics [ name pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name pool-name: Displays statistics of the specified SNAT address pool. The pool-name argument specifies the SNAT address pool name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays statistics of all SNAT address pools.

Examples

# Display statistics of SNAT address pool spool.

<Sysname> display loadbalance snat-pool statistics name spool

SNAT pool: spool

SNAT address: 10.10.10.79

Inbound throughput 772.2Kbps

Outbound throughput 376.7Kbps

Received packets 2300

Sent packets 1100

Current connections 1

Peak connections 1

Total connections 1

--------------------------------------------------

SNAT address: 10.10.10.80

Inbound throughput 854.6Kbps

Outbound throughput 417.0Kbps

Received packets 2600

Sent packets 1300

Current connections 1

Peak connections 1

Total connections 1

--------------------------------------------------

Total:

Inbound throughput 1.6Mbps

Outbound throughput 793.7Kbps

Received packets 4900

Sent packets 2400

Current connections 2

Peak connections 2

Total connections 2

Table 13 Command output

Field	Description
SNAT pool	SNAT address pool name.
SNAT address	IP address member in the SNAT address pool.
Inbound throughput	Packet inbound throughput.
Outbound throughput	Packet outbound throughput.
Received packets	Number of received packets.
Sent packets	Number of sent packets.
Current connections	Number of concurrent connections.
Peak connections	Number of history maximum concurrent connections.
Total connections	Total number of history connections.

‌

display loadbalance total-count

Use display loadbalance total-count to display the total numbers of LB resources.

Syntax

display loadbalance total-count

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the total numbers of LB resources.

<Sysname> display loadbalance total-count

Total number of virtual-server:0

Total number of real-server:0

Total number of server-farm:0

Total number of server-farm member:0

Table 14 Command output

Field	Description
Total number of virtual-server	Total number of virtual servers.
Total number of real-server	Total number of real servers.
Total number of server-farm	Total number of server farms.
Total number of server-farm member	Total number of server farm members.

display loadbalance snat-pool reference

Use display loadbalance snat-pool reference to display information about SNAT address pools being referenced.

Syntax

display loadbalance snat-pool reference [ brief | name pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

brief: Displays brief reference information. If you do not specify this keyword, the command displays detailed reference information.

name pool-name: Specifies an SNAT address pool by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all SNAT address pools.

Examples

# Display brief information about all SNAT address pools being referenced.

<Sysname> display loadbalance snat-pool reference brief

SNAT pool Type Server farms SNAT global policies

lbsp1 Address-based split 3 2

lbsp2 Port-based split 0 1

lbsp3 Failover-group-based split 2 2

# Display detailed reference information about SNAT address pool lbsp1.

<Sysname> display loadbalance snat-pool reference name lbsp1

SNAT pool: lbsp1

Type: Port-based split

Server farms: sf1

sf3

sf4

SNAT global policies: lbsnat1

lbsnat3

# Display detailed information about all SNAT address pools being referenced.

<Sysname> display loadbalance snat-pool reference

SNAT pool: lbsp1

Type: Port-based split

Server farms: sf1

sf3

sf4

SNAT global policies: lbsnat1

lbsnat3

SNAT pool: lbsp2

Type: Address split

Server farms: sf2

sf5

SNAT global policies: lbsnat2

Lbsnat4

Table 15 Command output

Field	Description
SNAT pool	SNAT address pool name.
Type	SNAT address pool type. Options include the following: · Address-based split. · Failover-group-based spit. · Port-based split.
Server farms	Server farms that use this SNAT address pool.
SNAT global policies	SNAT global policies that use the SNAT address pool.

Related commands

snat-pool (server farm view)

translation-mode

display loadbalance virtual-server overall-total-statistics

Use display loadbalance virtual-server overall-total-statistics to display statistics information about all virtual servers on the device.

Syntax

display loadbalance virtual-server overall-total-statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Execute this command display statistics information about all virtual server connections on the device and SSL offloading capability statistics.

Examples

# Display statistics information about all virtual servers on the device.

<Sysname> display loadbalance virtual-server overall-total-statistics

Total connections: 1048341

Active connections: 0

Connections per second: 0

Active SSL connections: 1

SSL connections per second: 300

SSL inbound bandwidth: 208800 bps

SSL outbound bandwidth: 1704864 bps

Table 16 Command output

Field	Description
Total connections	Total number of virtual server connections.
Active connections	Total number of active connections on all virtual servers.
Connections per second	Connections per second for all virtual servers.
Active SSL connections	Number of SSL offloading connections.
SSL connections per second	SSL offloading connections per second.
SSL inbound bandwidth	Inbound bandwidth for SSL offloading.
SSL outbound bandwidth	Outbound bandwidth for SSL offloading.

Related commands

display loadbalance virtual-server total-statistics

Use display loadbalance virtual-server total-statistics to display cumulative statistics for all virtual servers.

Syntax

display loadbalance virtual-server total-statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Usage guidelines

Operating mechanism

This command displays the cumulative connection statistics for all virtual servers. If you execute the reset virtual-server command for a virtual server, the statistical values are affected.

Examples

# Display cumulative statistics for all virtual servers.

<Sysname> display loadbalance virtual-server total-statistics

Slot 1:

Total connections: 0

Active connections: 0

Connections per second: 0

Active SSL connections: 0

SSL connections per second: 0

Slot 2:

Total connections: 0

Active connections: 0

Connections per second: 0

Active SSL connections: 0

SSL connections per second: 0

Table 17 Command output

Field	Description
Total connections	Total number of connections.
Active connections	Number of active connections.
Connections per second	Number of connections per second.
Active SSL connections	Number of active SSL connections.
SSL connections per second	SSL connections per second.

‌

display parameter-profile

Use display parameter-profile to display parameter profile information.

Syntax

display parameter-profile [ name parameter-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name parameter-name: Specifies a parameter profile by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all parameter profiles.

Examples

# Display information about all parameter profiles.

<Sysname> display parameter-profile

Parameter profile: pp1

Description:

Type: IP

IP ToS: 20

Reference count: 0

Parameter profile: pp2

Description:

Type: TCP

Exceed MSS: Allow

TCP window size: 65535

TCP connection idle-timeout: 10

Time-wait timeout: 5

Keepalive idle-timeout: 300

Keepalive retransmission interval: 3

Keepalive retransmission count: 5

Syn retransmission-timeout: 5

Syn cookie threshold: 10

Fin-wait1 timeout: 6

Fin-wait2 timeout: 10

Src-addr-option:

Option kind number: 29 (TCP-AO)

Encoding: string

TCP option remove:

Option kind number: 3 (WSopt)

TCP option remove:

Option kind number: 5 (SACK)

TCP option insert-mode: data-packet

TCP option insert:

Option kind number: 28 (UTO)

Value: src-ip

Encoding: string

TCP option preserve:

Option kind number: 8 (TSopt)

TCP Timestamps option: Preserve

Reference count: 1

Parameter profile: pp3

Description:

Type: HTTP

Rebalance per request: Enabled

Server connection reuse: Enabled

Case insensitive: Enabled

Header modify per request: Enabled

Content maximum parse length: 8192

Header maximum parse length: 8192

Secondary cookie delimiters: !@#$

Secondary cookie start: ?

Encrypted cookie name: cookie1

Header exceed length: Drop

Reference count: 1

Parameter profile: compress

Description:

Type: HTTP compression

Compression level: 1

Prefer method: Gzip

Content length threshold: 1024

Memory size: 8KB

Window size: 16KB

Header Insert: Enabled

Header Delete: Enabled

Request version all: Disabled

Rule 1: Permit url abc

Reference count: 1

Parameter profile: urlstat

Description:

Type: HTTP-statistics

Node: bank1

Description:

rule 1 url url1

rule 2 url url2

Node: bank2

Description:

rule 1 url url3

rule 2 url url4

Object group name:

ObjGrp1

ObjGrp2

Reference count: 1

Parameter profile: pp4

Description:

Type: OneConnect

Max reuse times: 1000

Idle time: 10000

IPv4 source mask length: 24

IPv6 source prefix length: 120

Reference count: 1

Parameter profile: pp5

Description:

Type: TCP-application

Match-buffer-time: 5

Match-buffer-size: 4096

Match-buffer-end: YY

Reference count: 1

Parameter profile: pp6

Description:

Type: MySQL

Pool size: 2000

Server connection reuse: Enabled

Max reuse times: 1000

Idle time: 10000 sec

IPv4 source mask length: 24

IPv6 source prefix length: 120

Reference count: 1

Parameter profile: pp6

Description:

Type: HTTP2

Concurrent-streams-per-connection: 123

Recv-window size: 32

Connection idle-timeout: 300

Frame size: 1531

Header-table size: 53241

Insert-header-field: hx

Connection close fin

Reference count: 1

Parameter profile: pp7

Description:

Type: Diameter-session

Origin host: host.example.com

Origin realm: example.com

Vendor Id: 25506

Product name: L5080

Host ip: 20.0.0.2

Retransmission: Enabled

Retransmission timeout: 5

CE timeout: 20

Reference count: 1

Table 18 Command output

Field	Description
Parameter profile	Parameter profile name.
Description	Description for the parameter profile.
Type	Parameter profile type: · IP. · HTTP. · HTTP-compression. · HTTP statistics. · MySQL. · OneConnect. · TCP. · TCP-application. · HTTP2. · Diameter session.
IP ToS	ToS field of the IP packets sent to the server.
Reference count	Number of times that the resource is being referenced.
Exceed MSS	Action to take on the segments that exceed the MSS in the HTTP requests sent by the client: · Allow—Allows the segments to exceed the MSS. · Drop—Discards the segments that exceed the MSS.
Rebalance per request	Whether or not to enable load balancing for each HTTP request.
Pool size	Size of the MySQL connection pool.
Server connection reuse	Whether or not to reuse the connection between the LB device and the server.
Header modify per request	Whether or not to perform the insert, delete, or modify operation for the header of each HTTP request or response packet.
Case insensitive	Whether or not to enable case sensitivity for matching character strings.
Content maximum parse length	Maximum length of the HTTP entities that can be parsed.
Header maximum parse length	Maximum length of the HTTP headers that can be parsed.
Secondary cookie delimiters	Delimiters that can separate secondary cookies in URLs.
Secondary cookie start	Start delimiter for secondary cookies in URLs.
Encrypted cookie name	Cookie enabled with encryption.
Header exceed length	Action to take on the HTTP requests or responses when their packet headers exceed the maximum length: · Continue—Continues to perform load balancing. · Drop—Stops performing load balancing, discards the packet, and terminates the connection.
TCP window size	Maximum local window size for TCP connections.
TCP connection idle-timeout	Idle timeout time for TCP connections, in seconds.
Time-wait timeout	TIME_WAIT state timeout time for TCP connections, in seconds.
Keepalive idle-timeout	Idle timeout time for sending TCP keepalive packets.
Keepalive retransmission interval	Retransmission interval for TCP keepalive packets.
Keepalive retransmission count	Retransmission times for TCP keepalive packets.
Syn retransmission-timeout	Retransmission timeout time for TCP SYN packets
Syn cookie threshold	Threshold for triggering SYN Cookie protection. The value of 0 indicates that SYN Cookie protection will never be triggered.
Fin-wait1 timeout	FIN-WAIT-1 state timeout time for TCP connections.
Fin-wait2 timeout	FIN-WAIT-2 state timeout time for TCP connections.
Node	Statistics node name and all URL match rules configured for the statistics node.
Object group name	IP address object groups used by the HTTP statistics parameter profile.
Max reuse times	Maximum number of times a TCP connection can be reused.
Idle time	Idle timeout time for TCP connections, in seconds.
IPv4 source mask length	Mask length for connection reuse.
IPv6 source prefix length	Prefix length for connection reuse.
Match-buffer-time	Buffering period for TCP payload matching, in seconds.
Match-buffer-size	Maximum buffering size for TCP payload matching.
Match-buffer-end	Buffering end string for TCP payload matching.
Src-addr-option	TCP option for SNAT address translation.
Option kind number	TCP option number
Encoding	Encoding mode for the TCP option: · binary. · string.
TCP option insert-mode	TCP option insert mode. Options include the following: · per-packet—Insert into data packets and handshake packets. · data-packet—Insert into data packets only.
TCP option insert	Inserts contents into a TCP option.
Value	Contents to insert into the TCP option
TCP option remove	Removes a TCP option.
Concurrent-streams-per-connection	Maximum number of concurrent requests supported by a TCP connection.
Recv-window size	Tx window sized for HTTP2.0 packets.
Connection idle-timeout	Idle timeout period of TCP connections for HTTP2.0 requests.
Frame size	HTTP2.0 frame size.
Header-table size	HTTP2.0 packet header table size.
Insert-header-field	Header field inserted in to HTTP2.0 requests.
Connection close fin/Connection close rst	Method for closing TCP connections between the device and real servers. Options include the following: · fin—Close TCP connections by sending FIN packets. · rst—Close TCP connections by sending RST packets.
TCP option preserve	Preserves a TCP option.
TCP option rewrite	Rewrites a TCP option.
TCP Timestamps option	Action on the TCP Timestamps option: · Preserve. · Rewrite. · Remove. An asterisk (*) after the action indicates that it is the action globally specified. If no asterisk is displayed, it is the action specified for the parameter profile.
Origin host	Origin-Host AVP to be sent in Diameter messages.
Origin realm	Origin-Realm AVP to be sent in Diameter messages.
Vendor Id	Vendor-Id AVP to be sent in Diameter messages.
Product name	Product-Name AVP to be sent in Diameter messages.
Host ip/Host ipv6	Host IPv4 or IPv6 address.
Retransmission	Enabling status of Diameter message retransmission. Options include: · Disabled. · Enabled.
Retransmission timeout	Timeout timer for Diameter message retransmission.
CE timeout	Timeout timer for Diameter capability exchange.

display real-server

Use display real-server to display real server information or server farm member information.

Syntax

display real-server [ brief | name real-server-name ]

display real-server server-farm server-farm-name [ name real-server-name port port-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

brief: Displays brief real server information. If you do not specify this keyword, the command displays detailed real server information.

name real-server-name: Displays information about the specified real server. The real-server-name argument specifies a real server name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all real servers.

server-farm server-farm-name: Displays information about members of a server farm. The server-farm-name argument specifies a server farm by its name, a case-insensitive string of 1 to 255 characters.

name real-server-name port port-number: Displays information about a server farm member. The real-server-name argument specifies a server farm member by its name, a case-insensitive string of 1 to 255 characters. The port-number argument specifies the port number of the server farm member, in the range of 0 to 65535. If you do not specify this option, the command displays information about all members of a server farm.

Examples

# Display brief information about all real servers.

<Sysname> display real-server brief

Real server Address/domain Port State VPN instance Server farm

rs1 192.168.1.1 0 Active sf

rs2 192.168.1.2 0 Busy sf

rs3 192.168.1.3 0 Active sf

rs4 www.example.com 0 Active sf

# Display detailed information about the real server rs.

<Sysname> display real-server name rs

Real server: rs

Description: Real server RS

State: Active

Domain name:

VPN instance:

Inherit VPN: Disabled

IPv4 address: 1.1.1.1

IPv6 address: 1001::1

Port: 0 (port number in original packet)

Server farm: sf

Weight: 150

Priority: 3

Cost: 100

Slow shutdown: Enabled

Slow offline: Disabled

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

Bandwidth busy:

Max bandwidth: 10000 kbps

Max inbound bandwidth: 5000 kbps

Max outbound bandwidth: 5000 kbps

Busy rate: 80

Inbound busy rate: 70

Outbound busy rate: 60

Busy recovery rate: 60

Inbound busy recovery rate: 60

Outbound busy recovery rate: 60

Probe log: Enabled

Probe information:

Dynamic weight: 1

SNMPDCA busy state: Normal

Probe success criteria: All

Probe method State

t4 Succeeded

External-monitor method State

test_external Succeeded

test_external2 Succeeded

Database Probe method State

ora1(database) Succeeded

Reference count: 1

# Display information about all members of server farm sf.

<Sysname> display real-server server-farm sf

Server farm: sf

Real server: rs1

Description: real server 1

Parent state: Inactive

State: Inactive

Port: 2

Weight: 2

Priority: 2

Slow shutdown: Disabled

Slow offline: Disabled

Manual recover: Disabled

Connection limit: --

Connection rate limit: --

Probe log: Enabled

Probe information:

Dynamic weight: --

SNMPDCA busy state: --

Probe success criteria: All

Probe method State

icmp Failed

External-monitor method State

test_external Succeeded

test_external2 Succeeded

Database Probe method State

ora1 Invalid

Probe template information:

TCP RST probe template: rst

Probe result: Normal

TCP zero-window probe template:

HTTP passive probe template:

Real server: rs2

Description: real server 2

Parent state: Inactive

State: Inactive

Port: 80

Weight: 100

Priority: 4

Slow shutdown: Disabled

Slow offline: Disabled

Manual recover: Disabled

Connection limit: --

Connection rate limit: --

Probe log: Enabled

Probe information:

Dynamic weight: 1

SNMPDCA busy state: Normal

Probe success criteria: All

Probe method State

tcp Failed

Database Probe method State

Probe template information:

TCP RST probe template:

TCP zero-window probe template: zero

Probe result: Normal

HTTP passive probe template:

Variable information:

Variable name: variable

Variable value: 2

Table 19 Command output

Field	Description
Real server	Real server name.
Address/domain	IPv4 address of the real server. IPv6 address or domain name.
Port	Port number of the real server. 0 means the port number in the packet is used.
Domain name	Domain name of the real server.
Parent state/State	Real server state/Server farm member state: · Active—The real server is available. · Busy—The real server is busy. When the real server is in Active or Ramp state and enabled with bandwidth statistics collection and link protection, this field displays Busy if the maximum expected bandwidth is reached. · Inactive—The real server is unavailable, because the configuration is not complete, the server is not referenced, or the virtual server is not enabled. · Probe-failed—Health monitoring has failed. · Ramp—Ramp-up phase of slow online. · Shutdown—The real server is shut down. · Standby—Standby phase of slow online. · Unknown—Health monitoring is not configured. · Auto shutdown—The real server is automatically shut down when the RST or zero-window packet threshold is reached or the number of probe times is reached. · Slowoffline—The slow offline feature is enabled for the real server or server farm member, and no health monitoring method is specified for the real server, server farm, or server farm member. · Shutdown (Probe-success)—The slow offline feature is enabled for the real server or server farm member, no active connections exist, and health monitoring succeeds. · Shutdown (Probe-failed)—The slow offline feature is enabled for the real server or server farm member, no active connections exist, and health monitoring fails. · Slowoffline (Probe-success)—The slow offline feature is enabled for the real server or server farm member, new connections are established, and health monitoring succeeds. · Slowoffline (Probe-failed)—The slow offline feature is enabled for the real server or server farm member, new connections are established, and health monitoring fails.
VPN instance	This field is not supported in the current software version. VPN instance to which the real server belongs.
Inherit VPN	This field is not supported in the current software version. VPN instance inheritance: Enabled or Disabled.
Server farm	Server farm of the real server.
Description	Description for the real server.
IPv4 address	IPv4 address of the real server.
IPv6 address	IPv6 address of the real server.
Weight	Weight of the real server.
Priority	Priority of the real server.
Cost	Cost for proximity calculation.
Slow shutdown	Slow shutdown state of the real server: · Disabled. · Enabled.
Connection limit	Maximum number of connections for the real server.
Connection rate limit	Maximum number of connections per second for the real server.
Rate limit	Rate limit of the real server.
Connections	Maximum number of connections per second for the real server.
Bandwidth	Maximum bandwidth for the real server in kbps.
Inbound bandwidth	Maximum uplink bandwidth for the real server in kbps.
Outbound bandwidth	Maximum downlink bandwidth for the real server in kbps.
Max bandwidth	Maximum expected bandwidth for the real server in kbps.
Max inbound bandwidth	Maximum uplink expected bandwidth for the real server in kbps.
Max outbound bandwidth	Maximum downlink expected bandwidth for the real server in kbps.
Busy rate	Bandwidth ratio for the real server.
Inbound busy rate	Inbound bandwidth ratio for the real server.
Outbound busy rate	Outbound bandwidth ratio for the real server.
Busy recovery rate	Bandwidth recovery ratio for the real server.
Inbound busy recovery rate	Inbound bandwidth recovery ratio for the real server.
Outbound busy recovery rate	Outbound bandwidth recovery ratio for the real server.
Dynamic weight	Dynamic weight calculated by using the dynamic round robin algorithm. This field displays a weight value only if the dynamic round robin algorithm is used. If any other algorithm is used, this field displays two hyphens (--).
SNMPDCA busy state	Busy state obtained by using the dynamic round robin algorithm: Normal or Busy. If the dynamic round robin algorithm is not used, this field displays two hyphens (--).
Probe log	Health monitoring logging state of the real server: · Disabled. · Enabled.
Probe success criteria	Health monitoring success criteria for the real server: · All—Health monitoring succeeds only when all the specified health monitoring methods succeed. · At least X—Health monitoring succeeds when a minimum of X health monitoring methods succeed.
Probe method	Name of the NQA template used by the health monitoring method.
State	State of the health monitoring method (custom monitoring or NQA): · Failed—Health monitoring has failed. · In progress—Health monitoring is in progress. · Invalid—Health monitoring is unavailable (because the configuration of the NQA template is not complete), or the real server is unavailable. · Succeeded—Health monitoring has succeeded.
External-monitor method	Custom monitoring method.
Database Probe method	This field is not supported in the current software version. Database LB probe template.
TCP RST probe template	Name of the TCP RST LB probe template.
TCP zero-window probe template	Name of the TCP zero-window LB probe template.
HTTP passive probe template	Name of the HTTP passive LB probe template.
Probe result	Probe result of the TCP RST, TCP zero-window, or HTTP passive LB probe template: · Normal—The server farm member is running correctly. · Busy—The server farm member is busy. · Slowdown—The server farm member is in slowdown state.
Manual recover	State of the health monitoring manual recovery feature: · Disabled. · Enabled.
Reference count	Number of times that the resource is being referenced.

display real-server statistics

Use display real-server statistics to display real server statistics or server farm member statistics.

Syntax

display real-server statistics [ name real-server-name ]

display real-server statistics server-farm server-farm-name [ name real-server-name port port-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name real-server-name: Specifies a real server by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays statistics for all real servers.

server-farm server-farm-name: Displays statistics for members of a server farm. The server-farm-name argument specifies a server farm by its name, a case-insensitive string of 1 to 255 characters.

name real-server-name port port-number: Displays statistics for a server farm member. The real-server-name argument specifies a server farm member by its name, a case-insensitive string of 1 to 255 characters. The port-number argument specifies the port number of the server farm member, in the range of 0 to 65535. If you do not specify this option, the command displays statistics for all members of a server farm.

Examples

# Display statistics for the real server rs.

<Sysname> display real-server statistics name rs

Real server: rs

Total connections: 1798

Active connections: 788

Max connections: 803

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 157

Max connections per second: 163

recorded at 11:02:49 on Tue May 21 2019

Server input: 333332 bytes

Server output: 472054 bytes

Throughput: 4396 bps

Inbound throughput: 1214 bps

Outbound throughput: 3128 bps

Max throughput: 4564 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 1214 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 3320 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 1798

Sent packets: 0

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Received requests: 0

Dropped requests: 0

Sent responses: 0

Dropped responses: 0

Connection failures: 1

Busy state: Busy

# Display statistics for all members of server farm sf.

<Sysname> display real-server statistics server-farm sf

Server farm: sf

Real server: rs1

Total connections: 0

Active connections: 0

Max connections: 0

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 0

Max connections per second: 0

recorded at 11:02:49 on Tue May 21 2019

Server input: 0 bytes

Server output: 0 bytes

Throughput: 0 bps

Inbound throughput: 0 bps

Outbound throughput: 0 bps

Max throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 0

Sent packets: 0

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Received requests: 0

Dropped requests: 0

Sent responses: 0

Dropped responses: 0

Connection failures: 0

RST packets: 50

Max RST packets: 5000

RST probe protection times: 3

Max RST probe protection times: 9

Zero-window packet percentage: 10

Max zero-window packet percentage: 50

Zero-window probe protection times: 2

Max zero-window probe protection times: 8

Abnormal url times: 10

Max abnormal url times: 20

Real server: rs2

Total connections: 0

Active connections: 0

Max connections: 0

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 0

Max connections per second: 0

recorded at 11:02:49 on Tue May 21 2019

Server input: 0 bytes

Server output: 0 bytes

Throughput: 0 bps

Inbound throughput: 0 bps

Outbound throughput: 0 bps

Max throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 0

Sent packets: 0

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Received requests: 0

Dropped requests: 0

Sent responses: 0

Dropped responses: 0

Connection failures: 0

RST packets: 50

Max RST packets: 5000

RST probe protection times: 3

Max RST probe protection times: 9

Zero-window packet percentage: 10

Max zero-window packet percentage: 50

Zero-window probe protection times: 2

Max zero-window probe protection times: 8

Abnormal url times: 10

Max abnormal url times: 20

Table 20 Command output

Field	Description
Real server	Real server name.
Total connections	Total number of connections.
Active connections	Number of active connections.
Max connections	Maximum number of connections.
Connections per second	Number of connections per second.
Max connections per second	Maximum number of connections per second.
Server input	Traffic (in bytes) received by the server.
Server output	Traffic (in bytes) sent by the server.
Throughput	Total packet throughput in bps.
Inbound throughput	Inbound packet throughput in bps.
Outbound throughput	Outbound packet throughput in bps.
Max throughput	Maximum packet throughput in bps.
Max inbound throughput	Maximum inbound packet throughput in bps.
Max outbound throughput	Maximum outbound packet throughput in bps.
Received packets	Number of received packets.
Sent packets	Number of sent packets.
Dropped packets	Number of dropped packets.
Received requests	Number of received HTTP request packets. This field is displayed only for Layer 7 real servers.
Dropped requests	Number of dropped HTTP request packets. This field is displayed only for Layer 7 real servers.
Sent responses	Number of sent HTTP response packets. This field is displayed only for Layer 7 real servers.
Dropped responses	Number of dropped HTTP response packets. This field is displayed only for Layer 7 real servers.
Connection failures	Number of connection establishment failures.
Busy state	Real server state: · --—Unavailable. · Normal. · Busy.
RST packets	Number of RST packets sent by the real server during the monitoring time.
Max RST packets	Maximum number of RST packets sent by the real server during the monitoring time.
RST probe protection times	Number of probe times for the RST LB probe template.
Max RST probe protection times	Maximum number of probe times for the RST LB probe template.
Zero-window packet percentageZero-window packet rate	Percentage of zero-window packets sent by the real server during the monitoring time.
Max zero-window packet percentageMax zero-window packet rate	Maximum percentage of zero-window packets sent by the real server during the monitoring time.
Zero-window probe protection times	Number of probe times for the zero-window LB probe template.
Max zero-window probe protection times	Maximum number of probe times for the zero-window LB probe template.
Abnormal url times	Number of URL error times during the current monitoring time during the monitoring time.
Max abnormal url times	Maximum number of URL error times during the monitoring time.

Related commands

reset real-server statistics

display real-server overall-statistics

Use display real-server overall-statistics to display statistics information about all real servers or server farm members on the device.

Syntax

‌

display real-server overall-statistics [ name real-server-name ]

display real-server overall-statistics server-farm server-farm-name [ name real-server-name port port-number ]

display real-server overall-statistics server-farm server-farm-name [ name real-server-name port port-number ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name real-server-name: Specifies a real server by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information of all real servers.

server-farm server-farm-name: Displays statistics for members of a server farm. The server-farm-name argument specifies a server farm by its name, a case-insensitive string of 1 to 255 characters.

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# Display statistics information about real server rs.

<Sysname> display real-server overall-statistics name rs

Real server: rs

Total connections: 356578

Active connections: 0

Max connections: 37,

recorded at: 08:46:22 on Wed Apr 13 2022

Connections per second: 0

Max connections per second: 6759,

recorded at: 08:46:04 on Wed Apr 13 2022

Server input: 88075301 bytes

Server output: 115531472 bytes

Throughput: 0 bps

Inbound throughput: 0 bps

Outbound throughput: 0 bps

Max throughput: 28337024 bps,

recorded at: 08:46:19 on Wed Apr 13 2022

Max inbound throughput: 13176880 bps,

recorded at: 08:46:05 on Wed Apr 13 2022

Max outbound throughput: 17375712 bps,

recorded at: 08:46:19 on Wed Apr 13 2022

Received packets: 1426317

Sent packets: 713161

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Received requests: 356578

Dropped requests: 0

Sent responses: 356578

Dropped responses: 0

Connection failures: 0

Busy state: --

# Display statistics information about all members in server farm sf.

<Sysname> display real-server overall-statistics server-farm sf

Server farm: sf

Real server (port: 443): rs

Total connections: 0

Active connections: 0

Max connections: 0

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 0

Max connections per second: 0

recorded at 11:02:49 on Tue May 21 2019

Server input: 0 bytes

Server output: 0 bytes

Throughput: 0 bps

Inbound throughput: 0 bps

Outbound throughput: 0 bps

Max throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 0

Sent packets: 0

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Received requests: 0

Dropped requests: 0

Sent responses: 0

Dropped responses: 0

Connection failures: 0

RST packets: 50

Max RST packets: 5000

RST probe protection times: 3

Max RST probe protection times: 9

Zero-window packet percentage: 10

Max zero-window packet percentage: 50

Zero-window probe protection times: 2

Max zero-window probe protection times: 8

Abnormal url times: 10

Max abnormal url times: 20

For description of the command outputs, see Table 20.

Related commands

display real-server statistics

display server-farm

Use display server-farm to display server farm information.

Syntax

display server-farm [ brief | name server-farm-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

brief: Displays brief server farm information. If you do not specify this keyword, the command displays detailed server farm information.

name server-farm-name: Displays information about the specified server farm. The server-farm-name argument specifies a server farm name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all server farms.

Examples

# Display brief information about all server farms.

<Sysname> display server-farm brief

Predictor: RR - Round robin, RD - Random, LC - Least connection,

BW – Bandwidth, MBW – Max bandwidth,

IBW – Inbound bandwidth, OBW – Outbound bandwidth,

MIBW – Max inbound bandwidth, MOBW – Max outbound bandwidth,

HASH(SIP) - Hash address source IP,

HASH(DIP) - Hash address destination IP,

HASH(SIP-PORT) - Hash address source IP-port

LT - Least time, DRR - Dynamic round robin

CARP(SIP) - CARP address source IP

CARP(DIP) - CARP address destination IP

CARP(SIP-PORT) - CARP address source IP-port

CARP(HTTP) - CARP HTTP payload

HASH(HTTP) - Hash HTTP payload

NAT/SNAT: Y - Enabled, N - Disabled

Server farm Predictor NAT SNAT Total Active

sf RR Y N 3 3

# Display detailed information about all server farms.

<Sysname> display server-farm

Server farm: sf1

Description:

Predictor: Hash address

Proximity: Disabled

Manual recover: Disabled

NAT: Enabled

SNAT mode: snat-pool sp

Failed action: Keep

Active threshold: Enabled

Lower: 80

Upper: 90

Slow-online: Enabled

Standby time: 5s

Ramp-up time: 10s

Selected server: Enabled

Min server: 100

Max server: 600

Busy action: Enqueue

Queue length: 11

Queue timeout: 12

Probe information:

Probe success criteria: All

Probe method:

aaa

bbb

ccc

External-monitor method:

Database Probe method:

TCP RST probe template: aaa

TCP zero-window probe template: bbb

HTTP passive probe template: ccc

Auto-shutdown recovery time: 30

All-service-down action: Forward

Forwarded to member: rs1

Total real server: 1

Active real server: 1

Reference count: 1

Real server list: (* : waiting for manual recover)

Name State VPN instance Address/Domain name Port Weight Priority LT-weight

rs1 Inactive 1.2.3.4 0 100 4 50

rs2 Auto shutdown 1.2.3.4 0 100 4 50

rs3 Active www.example.com 0 100 4 50

Temporary real server list : (* : waiting for manual recover)

Name State Address Port Real server Domain name

auto_1.1.1.1 Active 1.1.1.1 rs1 www.example1.com

auto_2.2.2.2 Inactive 2.2.2.2 rs2 www.example2.com

Table 21 Command output

Field	Description
Server farm	Server farm name.
Predictor	Scheduling algorithm of the server farm: · RR—Weighted round robin algorithm. · RD—Random algorithm. · LC—Weighted least connection algorithm. · BW—Bandwidth algorithm. · IBW—Inbound bandwidth algorithm. · OBW—Outbound bandwidth algorithm. · MBW—Maximum bandwidth algorithm. · MIBW—Maximum inbound bandwidth algorithm. · MOBW—Maximum outbound bandwidth algorithm. · HASH(SIP)—Hash algorithm based on source IP address. · HASH(DIP)—Hash algorithm based on destination IP address. · HASH(SIP-PORT)—Hash algorithm based on source IP address and port number. · LT—Least time algorithm. · DRR—Dynamic round robin algorithm. · CARP(SIP)—CARP hash algorithm based on source IP address. · CARP(DIP)—CARP hash algorithm based on destination IP address. · CARP(SIP-PORT)—CARP hash algorithm based on source IP address and port number. · CARP(HTTP)—CARP hash algorithm based on HTTP content. · HASH(HTTP)—Hash algorithm based on HTTP content.
Manual recover	State of the health monitoring manual recovery feature: · Disabled. · Enabled.
NAT	NAT state of the server farm: · N—Disabled. · Y—Enabled.
SNAT	SNAT state of the server farm: · N—Disabled. · Y—Enabled.
Total	Total number of real servers.
Active	Number of active real servers.
Description	Description for the server farm.
Proximity	Proximity state of the server farm: · Disabled. · Enabled.
NAT	NAT state of the server farm: · Disabled—NAT is not configured. · Enabled.
SNAT mode	SNAT translation mode: · auto-map—Automatic mapping mode. · tcp-option—TCP option mode. · snat-pool—SNAT pool mode, which uses the SNAT address pool (specified by its name) to perform address translation.
Failed action	Fault processing method of the server farm: · Keep—Keeps existing connections. · Reschedule—Redirects connections. · Reset—Terminates existing connections.
Active threshold	State of the criteria to determine that the server farm is available: disabled or enabled. If the state is enabled, the following fields are displayed: · Lower—Lower percentage value. · Upper—Upper percentage value.
Slow-online	State of the slow online feature: disabled or enabled. If the state is enabled, the following fields are displayed: · Standby time. · Ramp-up time.
Selected server	State of real server limit to participate in scheduling: disabled or enabled. If the state is enabled, the following fields are displayed: · Min server—Minimum number of real servers that participate in scheduling. · Max server—Maximum number of real servers that participate in scheduling.
Probe success criteria	Health monitoring success criteria for the real server: · All—Health monitoring succeeds only when all the specified health monitoring methods succeed. · At least—Health monitoring succeeds when a specified minimum number of health monitoring methods succeed.
Busy action	Action to take when the server farm is busy: · Drop. · Enqueue. · Force.
Queue length	This field is displayed only if the busy action is Enqueue.
Queue timeout	This field is displayed only if the busy action is Enqueue.
Probe method	Name of the NQA template used by the health monitoring method.
External-monitor method	Name of the custom probe template.
Database Probe method	This field is not supported in the current software version. Name of the database LB probe template.
All-service-down action	Indicates how packets are processed when all server farm members are unavailable: · --—Drop packets. · Forward—Forward packets to the last selected server farm member.
Forwarded to member	Last selected server farm member to which packets are forwarded.
Total real server	Total number of real servers.
Active real server	Number of active real servers.
Reference count	Number of times that the resource is being referenced.
Name	Real server name.
State	Real server state: · Active—The real server is available. · Busy—The real server is busy. When the real server is in Active or Ramp state and enabled with bandwidth statistics collection and link protection, this field displays Busy if the maximum expected bandwidth is reached. · Inactive—The real server is unavailable, because the configuration is not complete, the server is not referenced, or the virtual server is not enabled. · Probe-failed—Health monitoring has failed. · Ramp—Ramp-up phase of slow online. · Shutdown—The real server is shut down. · Standby—Standby phase of slow online. · Unknown—Health monitoring is not configured. · Auto shutdown—The real server is automatically shut down when the RST or zero-window packet threshold is reached or the number of probe times is reached. · Slowoffline—The slow offline feature is enabled for the real server or server farm member, and no health monitoring method is specified for the real server, server farm, or server farm member. · Shutdown (Probe-success)—The slow offline feature is enabled for the real server or server farm member, no active connections exist, and health monitoring succeeds. · Shutdown (Probe-failed)—The slow offline feature is enabled for the real server or server farm member, no active connections exist, and health monitoring fails. · Slowoffline (Probe-success)—The slow offline feature is enabled for the real server or server farm member, new connections are established, and health monitoring succeeds. · Slowoffline (Probe-failed)—The slow offline feature is enabled for the real server or server farm member, new connections are established, and health monitoring fails.
Address/Domain name	IPv4 and IPv6 addresses or domain names of the real server.
Port	Port number of the real server.
Weight	Weight of the real server.
Priority	Priority of the real server.
LT-weight	Weight calculated by using the least time algorithm. This field displays a weight value only if the least time algorithm is used. If any other algorithm is used, this field displays two hyphens (--).
Temporary real server list	Temporary real server list.
Real server	Name of the real server to which the temporary real server belongs.
Domain name	Name of the domain to which the temporary real server belongs.
TCP RST probe template	TCP-RST LB probe template referenced by the server farm. This field is displayed only if a TCP-RST LB probe template is referenced.
TCP zero-window probe template	TCP zero-window LB probe template referenced by the server farm. This field is displayed only if a TCP zero-window LB probe template is referenced.
HTTP passive probe template	HTTP passive LB probe template referenced by the server farm. This field is displayed only if an HTTP passive LB probe template is referenced.
Auto-shutdown recovery time	Automatic recovery time for intelligent monitoring, in minutes.

display sticky statistics

Use display sticky statistics to display sticky entry statistics

Syntax

display sticky statistics [ dns-proxy | virtual-server ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dns-proxy dns-proxy-name: Displays sticky entry statistics for transparent DNS proxies.

virtual-server: Displays sticky entry statistics for virtual servers.

Usage guidelines

If you do not specify the dns-proxy or virtual-server keyword, this command displays statistics for all sticky entries.

Examples

# Display sticky entry statistics for virtual servers.

<Sysname> display sticky statistics virtual-server

Virtual server:

Total sticky entries for all sticky types: 27000

Sticky type Sticky method Total sticky entries Synced sticky entries

Address-port 12000 120

Src IP 100 10

Src IPv6 100 10

Dst IP 100 10

Dst IPv6 100 10

Both IP 100 10

Both IPv6 100 10

Src IP port 100 10

Src IPv6 port 100 10

Dst IP port 100 10

Dst IPv6 port 100 10

Both IP port 100 10

Both IPv6 port 100 10

HTTP header 5000 50

HTTP version 100 10

HTTP URL 100 10

HTTP method 100 10

HTTP host 100 10

Header name 100 10

HTTP cookie Cookie get 100 10

HTTP content HTTP content 100 10

Payload Payload 100 10

SSL SSL session 100 10

RADIUS Attribute ID 200 20

SIP SIP Call-ID 100 10

HTTP passive HTTP Passive 100 10

UDP passive Payload Passive 100 10

TCP payload TCP Payload 100 10

Diameter Attribute ID 100 10

# Display sticky entry statistics for transparent DNS proxies.

<Sysname> display sticky statistics dns-proxy

DNS proxy:

Total sticky entries for all sticky types: 12000

Sticky type Sticky method Total sticky entries Synced sticky entries

Address-port 12000 120

Src IP 100 10

Src IPv6 100 10

Dst IP 100 10

Dst IPv6 100 10

Both IP 100 10

Both IPv6 100 10

Src IP port 100 10

Src IPv6 port 100 10

Dst IP port 100 10

Dst IPv6 port 100 10

Both IP port 100 10

Both IPv6 port 100 10

Table 22 Command output

Field	Description
Sticky group name	Name of the sticky group that generates the sticky entries.
Sticky type	Type of the sticky group. Options include: · Address-port—Address and port. · HTTP content—HTTP entity. · HTTP cookie. · HTTP header. · HTTP passive. · Payload—HTTP or UDP payload. · RADIUS. · SIP. · SSL. · TCP payload. · UDP passive. · Diameter.
Sticky method	Sticky method corresponding to the sticky entries: · Src IP—Source IPv4 address sticky method. · Src IPv6—Source IPv6 address sticky method. · Src IP and port—Source IPv4 address + source port sticky method. · Src IPv6 and port—Source IPv6 address + source port sticky method. · Dst IP—Destination IPv4 address sticky method. · Dst IPv6—Destination IPv6 address sticky method. · Dst IP and port—Destination IPv4 address + destination port sticky method. · Dst IPv6 and port—Destination IPv6 address + destination port sticky method. · Both IP—Source IPv4 address + destination IPv4 address sticky method. · Both IPv6—Source IPv6 address + destination IPv6 address sticky method. · Both IP and port—Source IPv4 address + source port + destination IPv4 address + destination port sticky method. · Both IPv6 and port—Source IPv6 address + source port + destination IPv6 address + destination port sticky method. · HTTP URL—HTTP URL based sticky method. · HTTP header name—HTTP header name based sticky method. · HTTP version—HTTP version based sticky method. · HTTP host—HTTP host based sticky method. · HTTP method—HTTP Request-Method based sticky method. · HTTP content—HTTP entity sticky method. · Cookie get—HTTP cookie get sticky method. · Payload—HTTP or UDP payload sticky method. · HTTP passive—HTTP passive sticky method. · Payload passive—UDP payload passive sticky method. · TCP payload—TCP payload sticky method. · RADIUS IP—Sticky method based on the Framed-IP-Address attribute of RADIUS packets. · RADIUS ID—Sticky method based on the specified attribute of RADIUS packets. · SIP Call-ID—Sticky method based on the Call-ID header field of SIP packets. · SSL session ID—SSL sticky method based on SSL session ID. · Attribute ID—Sticky method based on the specified Diameter attribute.
Synced sticky entries	Number of sticky entries synchronized from other devices or other cards on the local device.

‌

display sticky virtual-server

Use display sticky virtual-server to display sticky entry information for virtual servers.

Syntax

display sticky virtual-server [ virtual-server-name virtual-server-name ] [ [ link { ip ipv4-address | ipv6 ipv6-address | interface { interface-type interface-number | interface-name } } | link-group link-group-name ] * | [ real-server-addr { ipv4-address | ipv6-address } | real-server-port port-number | server-farm server-farm-name | text text ] * ] [ class { class-name | default-class } | client-addr { ipv4-address | ipv6-address } | client-port port-number | sticky-type { diameter | address-port | http-content | http-cookie | http-header | http-passive | payload | radius | sip | ssl | tcp-payload | udp-passive } [ key sticky-key ] ] * [ traffic-group traffic-group-id ] [ brief ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

virtual-server virtual-server-name: Specifies a virtual server by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays sticky entry information for all virtual servers.

link { ip ipv4-address | ipv6 ipv6-address | interface { interface-type interface-number | interface-name } }: Specifies a link by its IPv4 address, IPv6 address, or output interface.

link-group link-group-name: Specifies a link group by its name, a case-insensitive string of 1 to 255 characters.

real-server-addr { ipv4-address | ipv6-address }: Specifies a real server by its IPv4 or IPv6 address.

real-server-port port-number: Specifies a real server port number in the range of 0 to 65535.

server-farm server-farm-name: Specifies a server farm by its name, a case-insensitive string of 1 to 255 characters.

text text: Specifies a text string to match. The string is case sensitive and can contain 1 to 63 characters.

class { class-name | default-class }: Specifies an LB class by its name, a case-insensitive string of 1 to 255 characters, or specifies the default LB class.

client-addr { ipv4-address | ipv6-address }: Specifies a client by its IPv4 or IPv6 address.

client-port port-number: Specifies a client port number in the range of 0 to 65535.

sticky-type { diameter | address-port | http-content | http-cookie | http-header | http-passive | payload | radius | sip | ssl | tcp-payload | udp-passive }: Specifies a sticky group type.

key sticky-key: Specifies a key value, a case-sensitive string of 1 to 36 characters. If you do not specify key value, this command displays sticky entries for all key values.

traffic-group traffic-group-id: Specifies a cluster traffic group by its ID, an integer in the range of 1 to 255. If you do not specify this option, the command displays sticky entry information for all cluster traffic groups.

brief: Displays brief information about sticky entries. If you do not specify this keyword, the command displays detailed information about sticky entries.

Examples

# Display detailed sticky entry information for all virtual servers.

<Sysname> display sticky virtual-server

Virtual server name: vs

Cluster traffic group: 1

Server farm name: sf

Class: cla

Sticky type: Address-port

Sticky method: Source IP

Sticky key: 3.0.0.13

Virtual server addr: 33.44.1.1:80

Real server addr: 7.0.0.7:80

Client addr: 3.0.0.13

Timeout: 100 sec

Expiration time: 58 sec

Matching sessions: 1

------------------------------------------

Virtual server name: vs1

Server farm name: sf_http

Cluster traffic group: 1

Class: Default Class

Sticky type: HTTP header

Sticky method: HTTP header name

Sticky key: cb3bae31bb1c443fbf3db8889055f2fe

Text: a1b2c3d4e5

Virtual server addr: 33.44.1.2:80

Real server addr: 7.0.0.7:80

Client addr: 3.0.0.13

Timeout: 100 sec

Expiration time: 58 sec

Matching sessions: 1

------------------------------------------

Virtual server name: vs2

Cluster traffic group: 1

Link group name: lg

Class: cl2

Sticky type: Address-port

Sticky method: Source IP

Sticky key: 3.0.0.15

Virtual server addr: 0.0.0.0:0

link: 20.1.1.1

Client addr: 3.0.0.15

Timeout: 100 sec

Expiration time: 58 sec

Matching sessions: 1

# Display brief sticky entry information for all virtual servers.

<Sysname> display sticky virtual-server brief

Sticky type Sticky method Sticky key Virtual server Real-server/link

Address-port Src IP 3.0.0.13 vs 7.0.0.7:80

Address-port Src IP 3.0.0.15 vs2 20.1.1.1

Table 23 Command output

Field	Description
Sticky group name	Name of the sticky group that generates the sticky entries.
Cluster traffic group	Cluster traffic group ID.
Sticky method	Sticky method corresponding to the sticky entries: · Src IP—Source IPv4 address sticky method. · Src IPv6—Source IPv6 address sticky method. · Src IP and port—Source IPv4 address + source port sticky method. · Src IPv6 and port—Source IPv6 address + source port sticky method. · Dst IP—Destination IPv4 address sticky method. · Dst IPv6—Destination IPv6 address sticky method. · Dst IP and port—Destination IPv4 address + destination port sticky method. · Dst IPv6 and port—Destination IPv6 address + destination port sticky method. · Both IP—Source IPv4 address + destination IPv4 address sticky method. · Both IPv6—Source IPv6 address + destination IPv6 address sticky method. · Both IP and port—Source IPv4 address + source port + destination IPv4 address + destination port sticky method. · Both IPv6 and port—Source IPv6 address + source port + destination IPv6 address + destination port sticky method. · HTTP URL—HTTP URL based sticky method. · HTTP header name—HTTP header name based sticky method. · HTTP version—HTTP version based sticky method. · HTTP host—HTTP host based sticky method. · HTTP method—HTTP Request-Method based sticky method. · HTTP content—HTTP entity sticky method. · Cookie get—HTTP cookie get sticky method. · Payload—HTTP or UDP payload sticky method. · HTTP passive—HTTP passive sticky method. · Payload passive—UDP payload passive sticky method. · TCP payload—TCP payload sticky method. · Framed-IP-Address—Sticky method based on the Framed-IP-Address attribute of RADIUS packets. · User-Name—Sticky method based on the User-Name attribute of RADIUS packets. · Code=attribute-code—Sticky method based on the attribute (specified by attribute-code) of RADIUS packets. · SIP Call-ID—Sticky method based on the Call-ID header field of SIP packets. · SSL session ID—SSL sticky method based on SSL session ID.
Sticky key	Key value corresponding to the sticky entry.
Timeout	Configured timeout time for sticky entries, in seconds. indefinite indicates not aging.
Expiration time	Remaining lifetime of the sticky entry, in seconds.
Matching sessions	Number of sessions that match the sticky entry. This field is not displayed for sticky entries corresponding to HTTP Cookie insert and rewrite sticky methods.

‌

display sticky-group

Use display sticky-group to display sticky group information.

Syntax

display sticky-group [ name group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name group-name: Specifies a sticky group by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all sticky groups.

Examples

# Display information about all sticky groups.

<Sysname> display sticky-group

Sticky group: sg1

Description:

Timeout: 60

Override limit: Disabled

Stickiness-over-busyness: Enabled

Matching across services: Enabled

Matching across virtual servers: Enabled

Sticky group type: Address-port

Method: Both IP and port

Mask: 32

Reference count: 1

Sticky group: sg2

Description:

Timeout: 60

Override limit: Disabled

Stickiness-over-busyness: Enabled

Sticky group type: HTTP header

Method: HTTP header name

Name: accept-encoding

Offset: 4

Start: gzip

Length: 10

Reference count: 1

Sticky group: sg3

Description:

Timeout: 60

Override limit: Disabled

Stickiness-over-busyness: Enabled

Sticky group type: RADIUS

Method: User-Name

Reference count: 1

Sticky group: sg4

Description:

Timeout: 86400

Override limit: Disabled

Stickiness-over-busyness: Disabled

Sticky group type: HTTP cookie

Method: HTTP cookie insert

Name: X-LB

Domain: example.com

Path: /test1

HttpOnly: Enabled

Secure: Enabled

Check all packets: Disabled

Reference count: 1

Sticky group: sg5

Description:

Timeout: 60

Matching across services: Enabled

Matching across virtual servers: Enabled

Sticky group type: Diameter

Method: attribute-code

Code: 263, Index: 0

Code: 283, Index: 0

Reference count: 1

Table 24 Command output

Field	Description
Sticky group	Sticky group name.
Description	Description for the sticky group.
Timeout	Timeout time for sticky entries in seconds. The value Infinite indicates that sticky entries never age out.
Override limit	Whether the feature of ignoring the limits for sessions that match sticky entries is enabled: Enabled or Disabled.
Stickiness-over-busyness	Whether the stickiness-over-busyness feature is enabled: Enabled or Disabled.
Sticky group type	Sticky group type: · Address-port—Address and port. · HTTP content—HTTP entity. · HTTP cookie. · HTTP header. · HTTP passive. · Payload—HTTP or UDP payload. · RADIUS. · SIP. · SSL. · UDP passive. · TCP payload. · Diameter.
Reference count	Number of times that the resource is being referenced.

Table 25 Detailed information for sticky groups

Sticky group type	Field	Description
Address-port	Method	Sticky method: · Source IP—Source IPv4 address sticky method. · Source IPv6—Source IPv6 address sticky method. · Source IP and port—Source IPv4 address + source port sticky method. · Source IPv6 and port—Source IPv6 address + source port sticky method. · Destination IP—Destination IPv4 address sticky method. · Destination IPv6—Destination IPv6 address sticky method. · Destination IP and port—Destination IPv4 address + destination port sticky method. · Destination IPv6 and port—Destination IPv6 address + destination port sticky method. · Both IP—Source IPv4 address + destination IPv4 address sticky method. · Both IPv6—Source IPv6 address + destination IPv6 address sticky method. · Both IP and port—Source IPv4 address + source port + destination IPv4 address + destination port sticky method. · Both IPv6 and port—Source IPv6 address + source port + destination IPv6 address + destination port sticky method.
	Mask	Mask length for the sticky method. This field is displayed only for IPv4 sticky methods.
	Prefix	Prefix length for the sticky method. This field is displayed only for IPv6 sticky methods.
HTTP content	Offset	Offset value of the entity based on the start of the HTTP packet.
	Start	Regular expression that marks the start of the entity.
	End	Regular expression that marks the end of the entity. Either this field or the Length field is displayed, but not both of them.
	Length	Length of the entity. Either this field or the End field is displayed, but not both of them.
HTTP cookie	Method	Sticky method: · HTTP cookie insert—Cookie insert sticky method. · HTTP cookie rewrite—Cookie rewrite sticky method. · HTTP cookie get—Cookie get sticky method. This field is displayed only for the HTTP cookie sticky method.
	Name	HTTP cookie name. This field is displayed only for the HTTP cookie sticky method.
	Domain	Domain scope of the cookie. This field is displayed only for the HTTP cookie insert sticky method.
	Path	Path scope of the cookie. This field is displayed only for the HTTP cookie insert sticky method.
	Offset	Offset value based on the start of the cookie value. This field is displayed only for the cookie insert sticky method.
	Start	Regular expression that marks the start of the cookie. This field is displayed only for the cookie insert sticky method.
	End	Regular expression that marks the end of the cookie. Either this field or the Length field is displayed, but not both of them. This field is displayed only for the cookie insert sticky method.
	Length	Length of the cookie. Either this field or the End field is displayed, but not both of them. This field is displayed only for the cookie insert sticky method.
	Cookie secondary name	Name of the secondary cookie to be searched in the URI. This field is displayed only for the cookie insert sticky method.
	HttpOnly	HttpOnly attribute of the cookie. This field is displayed only for the HTTP cookie insert or cookie rewrite sticky method.
	Secure	Secure attribute of the cookie. This field is displayed only for the HTTP cookie insert or cookie rewrite sticky method.
	Check all packets	Whether or not to enable checking for all packets.
HTTP header	Method	Sticky method: · HTTP host—HTTP host based sticky method. · HTTP header name—HTTP header name based sticky method. · HTTP method—HTTP Request-Method based sticky method. · HTTP URL—HTTP URL based sticky method. · HTTP version—HTTP version based sticky method. This field is displayed only for the HTTP header sticky method.
	Name	HTTP header name. This field is displayed only for the HTTP header name based sticky method.
	Offset	Offset value of the HTTP header based on the start of the HTTP packet. This field is displayed only for the HTTP host or URL based sticky method.
	Start	Regular expression that marks the start of the HTTP header. This field is displayed only for the HTTP host or URL based sticky method.
	End	Regular expression that marks the end of the HTTP header. Either this field or the Length field is displayed, but not both of them. This field is displayed only for the HTTP host or URL based sticky method.
	Length	Length of the HTTP header. Either this field or the End field is displayed, but not both of them. This field is displayed only for the HTTP host or URL based sticky method.
Payload	Offset	Offset value of the HTTP or UDP payload based on the start of the HTTP packet.
	Start	Regular expression that marks the start of the HTTP or UDP payload.
	End	Regular expression that marks the end of the HTTP or UDP payload. Either this field or the Length field is displayed, but not both of them. .
	Length	Length of the HTTP or UDP payload. Either this field or the End field is displayed, but not both of them.
RADIUS	Method	Sticky method: · Framed-IP-Address—Sticky method based on the Framed-IP-Address attribute of RADIUS packets. · User-Name—Sticky method based on the User-Name attribute of RADIUS packets. · Code=attribute-code—Sticky method based on the attribute (specified by attribute-code) of RADIUS packets. This field is not displayed if no RADIUS attribute based sticky method is specified.
SIP	Method	Sticky method, which can only be SIP Call-ID (SIP sticky method based on the Call-ID header field of SIP packets).
SSL	Method	Sticky method, which can only be SSL session ID (SSL sticky method based on SSL session ID). This field is displayed only for the SSL sticky method based on SSL session ID.
HTTP passive	Method	Sticky method: · HTTP header name—HTTP header name sticky method. · HTTP URL—HTTP URL sticky method. · HTTP content—HTTP content sticky method.
	Get	Obtains the specified string in HTTP responses.
	Match	Matches the specified string in HTTP requests.
	Name	HTTP header name. This field is displayed only for the HTTP header name based sticky method.
	Start	Regular expression that marks the start of the HTTP header.
	End	Regular expression that marks the end of the HTTP header. Either this field or the Length field is displayed, but not both of them.
	Length	Length of the HTTP header. Either this field or the End field is displayed, but not both of them.
UDP passive	Get	Obtains the specified string in UDP responses.
	Match	Matches the specified string in UDP requests.
	Start	Regular expression that marks the start of the UDP payload.
	End	Regular expression that marks the end of the UDP payload. Either this field or the Length field is displayed, but not both of them.
	Length	Length of the UDP payload. Either this field or the End field is displayed, but not both of them.
TCP payload	Offset	Offset value of the TCP payload based on the start of the TCP packet.
	Start	Regular expression that marks the start of the TCP payload.
	End	Regular expression that marks the end of the TCP payload. Either this field or the Length field is displayed, but not both of them.
	Length	Length of the TCP payload. Either this field or the End field is displayed, but not both of them.
Diameter	Method	Sticky method, which can only be attribute-code (sticky method based on the specified Diameter attribute in Diameter messages).
	Code	AVP code of the specified Diameter attribute.
	Index	Index of the specified Diameter attribute in an AVP sequence.

display temporary-real-server

Use display temporary-real-server to display temporary real server information.

Syntax

display temporary-real-server [ brief | name temporary-real-server-name ]

display temporary-real-server server-farm server-farm-name [ name temporary-real-server-name port port-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

brief: Displays brief information about temporary real servers. If you do not specify this keyword, the command displays detailed information about temporary real servers.

name temporary-real-server-name: Specifies a temporary real server by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all temporary real servers.

server-farm server-farm-name: Specifies a server farm by its name, a case-insensitive string of 1 to 255 characters.

name temporary-real-server-name port port-number: Specifies a temporary real server by its name and port number. The temporary-real-server-name argument represents the name of the temporary real server, a case-insensitive string of 1 to 1 to 255 characters. The port-number argument represents the port number of the temporary real server, in the range of 0 to 65535. If you do not specify this option, the command displays information about all temporary real servers in the specified server farm.

Examples

# Display brief information about all temporary real servers.

<Sysname> display temporary-real-server brief

Temporary real server Address Real server Domain name State

auto_1.1.1.1 1.1.1.1 rs www.h3c.com Active

auto_2.2.2.2 2.2.2.2 rs1 www.example.com Busy

# Display detailed information about temporary real server auto_1.1.1.1.

<Sysname> display temporary-real-server name auto_1.1.1.1

Temporary real server: auto_1.1.1.1

Description: auto_1.1.1.1

State: Active

Belong domain name: www.h3c.com

Belong real server: rs

VPN instance:

Inherit VPN: Disabled

IPv4 address: 1.1.1.1

IPv6 address:

Port: 0 (port number in original packet)

Server farm: sf

Weight: 150

Priority: 3

Cost: 100

Slow shutdown: Enabled

Slow offline: Disabled

Connection limit: 10000

Rate limit:

Connections: 10000

HTTP requests: --

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

Bandwidth busy:

Max bandwidth: 10000 kbps

Max inbound bandwidth: 5000 kbps

Max outbound bandwidth: 5000 kbps

Busy rate: 80

Inbound busy rate: 70

Outbound busy rate: 60

Busy recovery rate: 60

Inbound busy recovery rate: 60

Outbound busy recovery rate: 60

Probe log: Enabled

Probe information:

Dynamic weight: 1

SNMPDCA busy state: Normal

Probe success criteria: All

Probe method State

t4 Succeeded

External-monitor method State

test_external Succeeded

test_external2 Succeeded

Reference count: 1

# Display information about all temporary real servers in server farm sf.

<Sysname> display temporary-real-server server-farm sf

Server farm: sf

Real server: auto_1.1.1.1

Description: auto_1.1.1.1

Parent state: Inactive

State: Inactive

Port: 2 (port number in original packet)

Weight: 2

Priority: 2

Slow shutdown: Disabled

Slow offline: Disabled

Manual recover: Disabled

Connection limit: --

Rate limit: --

Connections: --

HTTP requests: --

Probe log: Enabled

Probe information:

Probe success criteria: All

Dynamic weight: --

SNMPDCA busy state: --

Probe method State

icmp Failed

External-monitor method State

test_external Succeeded

test_external2 Succeeded

Database Probe method State

ora1 Invalid

Probe template information:

TCP RST probe template: rst

Probe result: Normal

TCP zero-window probe template:

HTTP passive probe template:

Table 26 Command output

Field	Description
Temporary real server	Name of the temporary real server.
Real server	Name of the real server to which the temporary real server belongs.
Domain name	Name of the domain to which the temporary real server belongs.
Address	IPv4 address of the temporary real server.
Port	Port number of the temporary real server. The value of 0 indicates using the port number carried in the original packet.
State	State of the temporary real server/server farm member. Options include the following: · Active—The temporary real server/server farm member is available. · Busy—The temporary real server/server farm member is busy. When the temporary real server is in Active or Ramp state and enabled with bandwidth statistics collection and link protection, this field displays Busy if the maximum expected bandwidth is reached. · Inactive—The temporary real server/server farm member is unavailable, because the configuration is not complete, the server is not referenced, or the virtual server is not enabled. · Probe-failed—Health monitoring probe failed. · Ramp—Ramp-up phase of slow online. · Shutdown—The temporary real server/server farm member is shut down. · Standby—Standby phase of slow online. · Unknown—The temporary real server/server farm member is not configured with health monitoring. · Auto shutdown—The temporary real server/server farm member is in auto shutdown state. When a server farm is bound to an LB probe template, and the probe result reaches the specified threshold or exceeds the number of busy protections, the state of the server farm members is Auto shutdown. · Slowoffline—The slow offline feature is enabled for the real server or server farm member, and no health monitoring method is specified for the real server, server farm, or server farm member. · Shutdown (Probe-success)—The slow offline feature is enabled for the real server or server farm member, no active connections exist, and health monitoring succeeds. · Shutdown (Probe-failed)—The slow offline feature is enabled for the real server or server farm member, no active connections exist, and health monitoring fails. · Slowoffline (Probe-success)—The slow offline feature is enabled for the real server or server farm member, new connections are established, and health monitoring succeeds. · Slowoffline (Probe-failed)—The slow offline feature is enabled for the real server or server farm member, new connections are established, and health monitoring fails.
Belong domain name	Name of the domain to which the temporary real server belongs.
Belong real server	Name of the real server to which the temporary real server belongs.
VPN instance	This field is not supported in the current software version. Name of the VPN instance to which the temporary real server belongs.
Inherit VPN	This field is not supported in the current software version. State of the VPN instance inheritance feature: · Enabled. · Disabled.
Server farm	Server farm to which the temporary real server belongs.
Description	Description of the temporary real server.
IPv4 address	IPv4 address of the temporary real server.
IPv6 address	IPv6 address of the temporary real server.
Weight	Weight of the temporary real server.
Priority	Scheduling priority of the temporary real server.
Cost	Cost of proximity calculation.
Slow shutdown	State of the slow shutdown feature for the temporary real server: · Disabled. · Enabled.
Connection limit	Maximum number of connections supported by the temporary real server.
Connection rate limit	Maximum connection rate supported by the temporary real server.
Rate limit	Rate limit of the temporary real server.
Connections	Maximum connection rate supported by the temporary real server.
HTTP requests	HTTP requests per second for the temporary real server.
Bandwidth	Maximum total bandwidth supported by the temporary real server, in kbps.
Inbound bandwidth	Maximum uplink bandwidth supported by the temporary real server, in kbps.
Outbound bandwidth	Maximum downlink bandwidth supported by temporary real server, in kbps.
Max bandwidth	Maximum total bandwidth allowed when the temporary real server is busy, in kbps.
Max inbound bandwidth	Maximum uplink bandwidth allowed when the temporary real server is busy, in kbps.
Max outbound bandwidth	Maximum downlink bandwidth allowed when the temporary real server is busy, in kbps.
Busy rate	Busy ratio of the total bandwidth allowed for the temporary real server.
Inbound busy rate	Busy ratio of the uplink bandwidth allowed for the temporary real server.
Outbound busy rate	Busy ratio of the downlink bandwidth allowed for the temporary real server.
Busy recovery rate	Busy recovery ratio of the total bandwidth allowed for the temporary real server.
Inbound busy recovery rate	Busy recovery ratio of the uplink bandwidth allowed for the temporary real server.
Outbound busy recovery rate	Busy recovery ratio of the downlink bandwidth allowed for the temporary real server.
Dynamic weight	Dynamic weight calculated by the dynamic feedback algorithm. This value is valid only after the dynamic feedback algorithm takes effect. Otherwise, this field displays two hyphens (--).
SNMPDCA busy state	Busy state of the temporary real server obtained by the dynamic feedback algorithm: · Normal—The temporary real server is running correctly. · Busy—The temporary real server is busy. This value is valid only after the dynamic feedback algorithm takes effect. Otherwise, this field displays two hyphens (--).
Probe log	State of health monitoring logging for the temporary real server: · Disabled. · Enabled.
Probe success criteria	Success criteria for temporary real server health monitoring probe: · All—Health monitoring probe succeeds only when all methods pass the probe. · At least X—Health monitoring probe succeeds when X or more methods pass the probe.
Probe method	Name of the NQA template used by health monitoring probe.
State	State of custom monitoring, database probe, or NQA health monitoring: · Failed—Health monitoring probe failed. · In progress—Health monitoring probe is in progress. · Invalid—Health monitoring probe is not available, because the NQA template is not completely configured or the temporary real server is not available. · Succeeded—Health monitoring probe succeeded.
External-monitor method	Custom monitoring method.
Database Probe method	This field is not supported in the current software version. Database LB probe template.
Manual recover	State of the health monitoring manual recovery feature for the server farm members: · Disabled. · Enabled.
TCP RST probe template	TCP RST LB probe template.
TCP zero-window probe template	TCP zero-window LB probe template.
HTTP passive probe template	HTTP passive LB probe template.
Probe result	Probe result of the TCP RST, TCP zero-window, or HTTP passive LB probe template. Options include the following: · Normal—The server farm member is running correctly. · Busy—The server farm member is busy. · Slowdown—The server farm member is in slowdown state.
Variable information	Variables associated with the server farm member.
Reference count	Number of times that the resource is being referenced.

display virtual-server

Use display virtual-server to display virtual server information.

Syntax

display virtual-server [ brief | name virtual-server-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

brief: Displays brief virtual server information. If you do not specify this keyword, the command displays detailed virtual server information.

name virtual-server-name: Displays information about the specified virtual server. The virtual-server-name argument specifies a virtual server name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays information about all virtual servers.

Examples

# Display brief information about all virtual servers.

<Sysname> display virtual-server brief

Virtual server State Type VPN instance Virtual address Port

vs1 Inactive IP 192.168.21.148/32 80

vpn2 192.168.21.149/32 80

... ...

1111:2222:3333:4444

:5555:6666:7777:888

... ...

vs2 Active HTTP 61.159.4.100/32 8080

vs3 Active LINK-IP 51.139.4.100/32 0

vs4 Active MySQL 12.139.5.132/32 3306

vs5 Active Diameter 13.139.5.132/32 3868

# Display detailed information about all virtual servers.

<Sysname> display virtual-server

Virtual server: vs

Description: Virtual server VS

Type: HTTP

State: Active

VPN instance: vpn1

Virtual IPv4 address: 1.1.1.1/32

1.1.1.2/32(vpn2)

Virtual IPv6 address: 1001::1/128(vpn3)

1001::2/128(vpn4)

Port: 0 (any port)

Traffic group: 1

Primary server farm: sf (in use)

Backup server farm: sfb

Primary sticky: sg3

Backup sticky: sg4

LB policy: lbp2

LB limit-policy:

TCP parameter profile (client-side): ptc

TCP parameter profile (server-side): pts

HTTP parameter profile: pp1

HTTP2 parameter profile (client-side): h1

HTTP2 parameter profile (server-side): h2

HTTP-statistics parameter profile: 1

OneConnect parameter profile: one

DPI application profile: profile1

UDP per-packet: Enabled

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

SSL server policies with SNI list:

Name: ssl

Server name indication: www.example.com

Name: ssl2

Server name indication: www.example.com

SSL server policy: ssl-server

SSL client policy: ssl-client

Redirect relocation:

Redirect return-code: 302

Sticky: test

Sticky synchronization: Disabled

Bandwidth busy protection: Disabled

Interface bandwidth statistics: Disabled

Route advertisement: Enabled

ARP/ND interfaces:

GigabitEthernet1/0/1

GigabitEthernet1/0/2

HTTP protection policy: p1

Customlog content: %{is};%{ps}

Insert xff: Enabled

External-link proxy: Enabled

External-link inject URI: proxy

External-link inject domain suffix: c.example.com

External-link SNAT pool: spool1

External-link domain name whitelist:

a.example.com

b.example.com

Virtual server: vstcp

Description: Virtual server VS

Type: TCP

State: Active

VPN instance:

Virtual IPv4 address: 1.1.1.1/32

Virtual IPv6 address: 1001::1/128

Port: 8080

Traffic group: 1

Primary server farm: sf (in use)

Backup server farm: sfb

Sticky: sg3

LB policy: lbp2

LB limit-policy:

TCP parameter profile (client-side): ptc

TCP parameter profile (server-side): pts

TCP-Application parameter profile: ptapp

DPI application profile: profile1

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

SSL server policies with SNI list:

Name: ssl

Server name indication: www.example.com

Name: ssl2

Server name indication: www.example.com

SSL server policy: ssl-server

Sticky synchronization: Disabled

Bandwidth busy protection: Disabled

Interface bandwidth statistics: Disabled

Route advertisement: Enabled

Application-Mode: Enabled

Proxy protocol: Enabled

Proxy protocol version: V1

ARP/ND interfaces:

GigabitEthernet1/0/1

GigabitEthernet1/0/2

# Display detailed information about the virtual server lk in outbound link load balancing.

<Sysname> display virtual-server name lk

Virtual server: lk

Description:

Type: Link-IP

State: Active

VPN instance:

Virtual IPv4 address: 1.1.1.1/32

Virtual IPv6 address: 1001::1/128

Port: 0

Traffic group: 1

Primary link group: lg1 (in use)

Backup link group: lg2

Sticky: sg3

LB policy: lbp2

LB limit-policy:

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

Connection synchronization: Disabled

Sticky synchronization: Disabled

Bandwidth busy protection: Disabled

Interface bandwidth statistics: Disabled

Route advertisement: Disabled

ARP/ND interfaces:

GigabitEthernet1/0/1

# Display detailed information about the virtual server vs4.

<Sysname> display virtual-server name vs4

Virtual server: vs4

Description: Virtual server VS4

Type: MySQL

State: Active

VPN instance:

Virtual IPv4 address: 1.1.1.1/32

Virtual IPv6 address: 1001::1/128

Port: 3306

Traffic group: 1

Primary server farm: sf (in use)

Backup server farm: sfb

Sticky: sg3

LB policy: lbp2

LB limit-policy:

MySQL parameter profile: my

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

Sticky synchronization: Disabled

Bandwidth busy protection: Disabled

Interface bandwidth statistics: Disabled

Route advertisement: Enabled

ARP/ND interfaces:

GigabitEthernet1/0/1

GigabitEthernet1/0/2

Version: 5.6

User list:

Username: wangping

Username: liqiang

Read server farm: rd

Read sticky group: rsg

Write server farm: wr

Write sticky group: wsg

# Display detailed information about virtual server vs5.

<Sysname> display virtual-server name vs5

Virtual server: vs5

Description: Virtual server VS5

Type: Diameter

State: Active

VPN instance: vpn1

Virtual IPv4 address: 1.1.1.1/32

Virtual IPv6 address: 1001::1/128

Port: 3868

Traffic group: 1

Sticky: dia-sg

LB policy: dia-lbp

LB limit-policy:

Connection limit: --

Rate limit:

Connections: --

SSL server policy: ssp

Diameter-session parameter profile: Dia-para

Sticky synchronization: Disabled

Route advertisement: Enabled

Table 27 Command output

Field	Description
Virtual server	Virtual server name.
State	Virtual server state: · Active—The virtual server is available. · Inactive—The virtual server is unavailable. · Inactive (disabled)—The virtual server is unavailable because the virtual server is disabled.
Type	Virtual server type: Fast HTTP, HTTP, IP, MySQL, RADIUS, TCP, UDP, link-IP, or Diameter.
VPN instance	This field is not supported in the current software version. Name of the VPN instance to which the virtual server belongs.
Virtual address	IPv4 address and mask of the virtual server.
Port	Port number of the virtual server. 0 means any port.
Traffic group	Number of the cluster traffic group bound to the virtual server.
Description	Description of the virtual server.
Virtual IPv4 address	IPv4 address and mask of the virtual server.
Virtual IPv6 address	IPv6 address and prefix of the virtual server.
Primary server farm	Default primary server farm name. (in use) indicates the server farm is in use.
Backup server farm	Default backup server farm name. (in use) indicates the server farm is in use.
Primary link group	Default primary link group name. (in use) indicates the link group is in use.
Backup link group	Default backup link group name. (in use) indicates the link group is in use.
Primary sticky	Default primary sticky group name.
Backup sticky	Backup sticky group name. This field is displayed only for HTTP and RADIUS virtual servers.
LB policy	LB policy referenced by the virtual server.
HTTP parameter profile	HTTP parameter profile referenced by the virtual server. This field is displayed only if an HTTP parameter profile is configured.
IP parameter profile	IP parameter profile referenced by the virtual server. This field is displayed only if an IP parameter profile is configured.
TCP parameter profile	TCP parameter profile referenced by the virtual server. This field is displayed only if a TCP parameter profile is configured.
TCP parameter profile (client-side)	Client-side TCP parameter profile referenced by the virtual server. This field is displayed only if a client-side TCP parameter profile is configured.
TCP parameter profile (server-side)	Server-side TCP parameter profile referenced by the virtual server. This field is displayed only if a server-side TCP parameter profile is configured.
OneConnect parameter profile	OneConnect parameter profile referenced by the virtual server. This field is displayed only if an OneConnect parameter profile is configured.
HTTP-statistics parameter profile	HTTP statistics parameter profile referenced by the virtual server. This field is displayed only if an HTTP statistics parameter profile is configured.
TCP-Application parameter profile	TCP-application parameter profile referenced by the virtual server. This field is displayed only if a TCP-application parameter profile is configured.
MySQL parameter profile	MySQL parameter profile referenced by the virtual server. This field is displayed only if a MySQL parameter profile is configured.
HTTP2 parameter profile (client-side)	Client-side HTTP2.0 parameter profile used by the virtual server. This field is displayed only if an HTTP2.0 parameter profile is configured.
HTTP2 parameter profile (server-side)	Server-side HTTP2.0 parameter profile used by the virtual server. This field is displayed only if an HTTP2.0 parameter profile is configured.
Diameter parameter profile	Diameter session parameter profile specified for the virtual server. This field is displayed only when a Diameter session parameter profile is specified.
DPI application profile	DPI application profile referenced by the virtual server. This field is displayed only if a DPI application profile is configured.
UDP per-packet	State of the per-packet load balancing for UDP traffic: · Disabled. · Enabled. This field is displayed only for UDP virtual servers.
Connection limit	Maximum number of connections of the virtual server.
Rate limit	Rate limit of the virtual server.
Connections	Maximum number of connections per second of the virtual server.
Bandwidth	Maximum bandwidth for the virtual server in kbps.
Inbound bandwidth	Maximum inbound bandwidth for the virtual server in kbps.
Outbound bandwidth	Maximum outbound bandwidth for the virtual server in kbps.
SSL server policies with SNI list	List of SSL server policies with SNIs. This field is displayed only for TCP-type and HTTP-type virtual servers.
Server name indication	Server name indication. This field is displayed only for TCP-type and HTTP-type virtual servers.
SSL server policy	SSL server policy name. This field is displayed only for HTTP-type and Diameter-type virtual servers.
SSL client policy	SSL client policy name. This field is displayed only for HTTP-type virtual servers.
Redirect relocation	Redirection URL. This field is displayed only for HTTP-type virtual servers.
Redirect return-code	Status code in the redirection packets. This field is displayed only for HTTP-type virtual servers.
Sticky	Sticky group for the virtual server. This field is displayed only for HTTP-type virtual servers.
Connection synchronization	This field is not supported in the current software version. Session extension information synchronization state: Enabled or Disabled. This field is not displayed for HTTP-type virtual servers.
Sticky synchronization	This field is not supported in the current software version. Sticky entry synchronization state: Enabled or Disabled.
Bandwidth busy protection	Link protection state: Enabled or Disabled.
Interface bandwidth statistics	Bandwidth statistics collection by interfaces: Disabled or Enabled.
Route advertisement	IP address advertisement for the virtual server: Disabled or Enabled.
Application-Mode	Layer 7 operating mode for the virtual server: Disabled or Enabled. This field is displayed only for a TCP virtual server.
Proxy protocol	State of the proxy protocol feature for the virtual server: · Disabled. · Enabled. This field is displayed for only TCP virtual servers.
Proxy protocol version	Proxy protocol version: · V1. · V2. This field is displayed only when the proxy protocol feature is enabled.
ARP/ND interfaces	Interfaces from which gratuitous ARP packets and ND packets are sent out.
Version	MySQL database version. This field is displayed only for a MySQL virtual server.
User list	List of users logged in to the MySQL database. This field is displayed only for a MySQL virtual server.
Username	Username used to log in to the MySQL database. This field is displayed only for a MySQL virtual server.
Read server farm	Read server farm referenced by the MySQL virtual server. This field is displayed only for a MySQL virtual server.
Read sticky group	Sticky group associated with the read server farm. This field is displayed only for a MySQL virtual server.
Write server farm	Write server farm referenced by the MySQL virtual server. This field is displayed only for a MySQL virtual server.
Write sticky group	Sticky group associated with the write server farm. This field is displayed only for a MySQL virtual server.
Customlog content	Content output by using the fast log output feature. This field is displayed only for an HTTP virtual server.
Insert xff	Whether the X-Forwarded-for field is inserted into packets sent to the server: · Disabled. · Enabled. This field is displayed for only HTTP virtual servers.
HTTP protection policy	HTTP protection policy referenced by the virtual server.
External-link proxy	External link proxy state: Disabled or Enabled.
External-link inject URI	URI of external link proxy.
External-link inject domain suffix	Domain name suffix of external link proxy.
External-link SNAT pool	SNAT address pool of external link proxy.
External-link domain name whitelist	Whitelist of external link proxy.

display virtual-server overall-statistics

Use display virtual-server overall-statistics to display statistics information about all virtual servers on the device.

Syntax

display virtual-server overall-statistics [ name virtual-server-name ]

‌‌

display virtual-server overall-statistics [ name virtual-server-name ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name virtual-server-name: Specifies a virtual server by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command displays statistics information for all virtual servers.

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Usage guidelines

The virtual server statistics interval is 200 milliseconds.

Examples

# Display statistics information about virtual server vs.

<Sysname> display virtual-server overall-statistics name vs

Virtual server: vs

Total connections: 1048341

Active connections: 0

Max connections: 245,

recorded at: 17:32:04 on Tue Jul 24 2074

Connections per second: 0

Max connections per second: 18912,

recorded at: 17:31:55 on Tue Jul 24 2074

Client input: 242167623 bytes

Client output: 339667596 bytes

Throughput: 0 bps

Inbound throughput: 0 bps

Outbound throughput: 0 bps

Max throughput: 79507672 bps,

recorded at: 17:31:59 on Tue Jul 24 2074

Max inbound throughput: 35814280 bps,

recorded at: 17:32:01 on Tue Jul 24 2074

Max outbound throughput: 46758144 bps,

recorded at: 17:32:00 on Tue Jul 24 2074

Active SSL connections: 0

SSL connections per second: 0

Received packets: 4193385

Sent packets: 2096703

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Received requests: 1048341

Dropped requests: 0

Sent responses: 1048341

Dropped responses: 0

Authentication permitted requests: 0

Authentication denied requests: 0

Redirect requests for login: 0

Redirect requests for re-authentication: 0

For description of the command outputs, see Table 28.

Related commands

display virtual-server statistics

Use display virtual-server statistics to display virtual server statistics.

Syntax

display virtual-server statistics [ name virtual-server-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Usage guidelines

The virtual server statistics collection interval is 200 milliseconds and is not configurable.

Examples

# Display statistics for the virtual server vs.

<Sysname> display virtual-server statistics name vs

Virtual server: vs

Total connections: 979

Active connections: 618

Max connections: 661

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 146

Max connections per second: 156

recorded at 11:02:49 on Tue May 21 2019

Client input: 333332 bytes

Client output: 472054 bytes

Throughput: 4088 bps

Inbound throughput: 1214 bps

Outbound throughput: 2874 bps

Max throughput: 4368 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 1214 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 3154 bps

recorded at 11:02:49 on Tue May 21 2019

Active SSL connections: 0

SSL connections per second: 0

Received packets: 979

Sent packets: 0

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Authentication permitted requests: 0

Authentication denied requests: 0

Redirected requests for login: 4

Redirected requests for re-authentication: 0

Table 28 Command output

Field	Description
Virtual server	Virtual server name.
Total connections	Total number of connections.
Active connections	Number of active connections.
Half Open connections	Number of half-open connections. This field is displayed for only TCP virtual servers.
Max connections	Maximum number of connections.
Connections per second	Number of connections per second.
Max connections per second	Maximum number of connections per second.
Client input	Traffic (in bytes) received from the client.
Client output	Traffic (in bytes) sent to the client.
Throughput	Total packet throughput in bps.
Inbound throughput	Inbound packet throughput in bps.
Outbound throughput	Outbound packet throughput in bps.
Max throughput	Maximum packet throughput in bps.
Max throughput	Maximum inbound packet throughput in bps.
Max throughput	Maximum outbound packet throughput in bps.
Active SSL connections	Number of active SSL connections.
SSL connections per second	SSL connections per second.
Received packets	Number of received packets.
Sent packets	Number of packets sent by the virtual server to the client.
Dropped packets	Number of dropped packets.
Received requests	Number of received HTTP request packets. This field is displayed only for HTTP-type virtual servers.
Dropped requests	Number of dropped HTTP request packets. This field is displayed only for HTTP-type virtual servers.
Sent responses	Number of sent HTTP response packets. This field is displayed only for HTTP-type virtual servers.
Dropped responses	Number of dropped HTTP response packets. This field is displayed only for HTTP-type virtual servers.
Authentication permitted requests	Number of permitted requests after authentication.
Authentication denied requests	Number of denied requests after authentication.
Redirected requests for login	Number of requests redirected to the login page.
Redirected requests for re-authentication	Number of requests redirected to the reauthentication page.

Related commands

reset virtual-server statistics

domain-name

Use domain-name to configure a domain name for a real server.

Use undo domain-name to restore the default.

Syntax

domain-name domain-name

undo domain-name

Default

No domain name is configured for a real server.

Views

Real server view

Predefined user roles

network-admin

Parameters

domain-name: Specifies a domain name, a case-insensitive string of 1 to 253 characters. Each dot-separated label (such as example.com) in the domain name can contain a maximum of 253 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), and dots (.).

Usage guidelines

Operating mechanism

After you configure a domain name for a real server, the device immediately sends a domain name query request to the DNS server. It then creates a real server with name auto_ip-address and IP address ip-address based on the query result. If the real server domain name is resolved to multiple IP addresses, the device creates multiple real servers.

If you configure a domain name for a real server, you must specify the DNS server for domain name resolution by using the dns server command. For more information about the dns server command, see DNS commands in Network Connectivity Command Reference.

The domain name query result returned by the DNS server carries a TTL expiration time. When the TTL expires, the device automatically performs the next domain name query. If the resolved IP for the domain name changes, the temporary real server generated based on the old IP will be deleted, and a new temporary real server will be generated based on the new IP.

The domain name query results returned by the DNS server include TTL timeout information. When the TTL expires, the device automatically performs the next domain name query. If the resolved IP address changes, the device deletes the temporary real server created based on the old resolved IP and generates a new temporary real server based on the new resolved IP.

Restrictions and guidelines

For a real server, the domain-name command and ip address command are mutually exclusive. If you execute both commands, the most recent configuration takes effect.

Different real servers cannot use the same domain name.

Examples

# In real server view, configure a domain name for the real server.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] domain-name www.example.com

Related commands

dns server (Network Connectivity Command Reference)

ip address

display temporary-real-server

dpi-app-profile

Use dpi-app-profile to specify a DPI application profile for the virtual server.

Use undo dpi-app-profile to restore the default.

Syntax

dpi-app-profile app-profile-name

undo dpi-app-profile

Default

No DPI application profile is specified for a virtual server.

Views

IP/TCP/UDP/HTTP virtual server view

Link IP virtual server view

Predefined user roles

network-admin

Parameters

app-profile-name: Specifies a DPI application profile by its name, a case-insensitive string of 1 to 63 characters. For more information about DPI application profiles, see DPI engine in DPI Configuration Guide.

Usage guidelines

Operating mechanism

By specifying a DPI application profile, you can apply DPI services to the traffic of a virtual server. For more information about DPI services, see DPI Configuration Guide.

Examples

# Specify DPI application profile profile_1 for IP-type virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type ip

[Sysname-vs-ip-vs] dpi-app-profile profile_1

# In outbound link load balancing, specify DPI application profile profile_1 for link IP-type virtual server vs1.

<Sysname> system-view

[Sysname] virtual-server vs1 type link-ip

[Sysname-vs-link-ip-vs1] dpi-app-profile profile_1

Related commands

app-profile (DPI Command Reference)

display virtual-server

encrypt-cookie

Use encrypt-cookie to encrypt a cookie.

Use undo encrypt-cookie to remove the encryption for a cookie.

Syntax

encrypt-cookie name cookie-name key { cipher | simple } string

undo encrypt-cookie name cookie-name

Default

No cookie is encrypted.

Views

HTTP parameter profile view

Predefined user roles

network-admin

Parameters

name cookie-name: Specifies a cookie by its name, a case-sensitive string of 1 to 63 characters.

key: Specifies a key used to encrypt the cookie.

cipher: Specifies a key in ciphertext form.

simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in ciphertext form.

string: Specifies the key. Its plaintext form is a case-sensitive string of 1 to 31 characters. Its ciphertext form is a case-sensitive string of 1 to 73 characters.

Usage guidelines

After you execute this command, the device encrypts the Set-Cookie field in HTTP responses to prevent personal information from being revealed. When a client request contains an encrypted cookie, the device decrypts the cookie before sending the request to the server.

Examples

# For HTTP parameter profile p1, encrypt cookie cookie1 with encryption key 123456.

<Sysname> system-view

[Sysname] parameter-profile p1 type http

[Sysname-para-http-p1] encrypt-cookie name cookie1 key simple 123456

env-variables

Use env-variables to configure an environment variable for custom monitoring.

Use undo env-variables to delete an environment variable for custom monitoring.

Syntax

env-variables variable-name value variable-value

undo env-variables variable-name

Default

No environment variables are configured for custom monitoring.

Views

Custom-monitoring LB probe template view

Predefined user roles

network-admin

Parameters

variable-name: Specifies the environment variable name, a case-sensitive string of 1 to 63 characters. The name can contain spaces.

value variable-value: Specifies an environment variable value, a case-sensitive string of 1 to 255 characters. The name can contain spaces and cannot contain quotation marks (").

Usage guidelines

Operating mechanism

You can specify the environment to execute the custom script file by configuring an environment variable.

You can configure a maximum of 16 environment variables.

Examples

# In custom-monitoring LB probe template test_external, configure an environment variable with name env and value /var/tmp.

<Sysname> system-view

[Sysname] loadbalance probe-template external-monitor test_external

[Sysname-lbpt-external-monitor-test_external] env-variables env value /var/tmp

exceed-mss

Use exceed-mss to specify the action to take on the segments that exceed the MSS in the HTTP requests sent by the client.

Use undo exceed-mss to restore the default.

Syntax

exceed-mss { allow | drop }

undo exceed-mss

Default

The device allows the segments to exceed the MSS in the HTTP requests sent by the client.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

allow: Allows the segments to exceed the MSS.

drop: Discards the segments that exceed the MSS.

Examples

# For the TCP parameter profile pp3, specify the drop action for the segments that exceed the MSS in the HTTP requests sent by the client.

<Sysname> system-view

[Sysname] parameter-profile pp3 type tcp

[Sysname-para-tcp-pp3] exceed-mss drop

external-link inject-domain-suffix

Use external-link inject-domain-suffix to configure the domain name suffix for external link proxy.

Use undo external-link inject-domain-suffix to delete the domain name suffix for external link proxy.

Syntax

external-link inject-domain-suffix domain-suffix

undo external-link inject-domain-suffix

Default

No domain name suffix is configured for external link proxy.

Views

HTTP virtual server view

Predefined user roles

network-admin

Parameters

domain-suffix: Specifies the domain name suffix for rewriting domain names of external links. This argument is a case-insensitive, dot-separated string of 1 to 254 characters. Each dot-separated label in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), and dots (.).

Usage guidelines

Operating mechanism

If DNS packet link selection is performed by inbound link load balancing, make sure the domain name suffixes in DNS mappings are the same as those on the external link proxy.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the domain name suffix as b.example.com for external link proxy on HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] external-link inject-domain-suffix b.example.com

Related commands

display virtual-server

external-link inject-uri

external-link proxy enable

external-link inject-uri

Use external-link inject-uri to configure the URI for external link proxy.

Use undo external-link inject-uri to delete the URI for external link proxy.

Syntax

external-link inject-uri string

undo external-link inject-uri

Default

No URI is configured for external link proxy.

Views

HTTP virtual server view

Predefined user roles

network-admin

Parameters

string: Specifies the URI for rewriting domain names of external links. This argument is a case-insensitive string of 1 to 63 characters. The URI can contain letters, digits, hyphens (-), and underscores (_), and cannot contain dots (.).

Usage guidelines

Operating mechanism

Use this command to rewrite domain names of external links. Upon receiving a response from the IPv6 site server, the LB device rewrites the IPv4 external link in the response by adding the specified parameters to the associated domain name. The parameters include the URI, domain name suffix, and virtual server port number. Suppose the domain name of the original external link is http://www.example1.com, URI is proxy, domain name suffix is example2.com, and virtual server port number is 8080. The external link domain name after rewrite is http://www.example1.com.proxy.example2.com:8080. Upon receiving a DNS request containing this modified domain name, the LB device performs the following operations:

1. Extracts the original domain name.

2. Requests the associated IPv4 resource on behalf of the IPv6 client.

3. Returns the obtained IPv4 resource to the IPv6 client.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the URI as proxy for external link proxy on HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] external-link inject-uri proxy

Related commands

display virtual-server

external-link inject-domain-suffix

external-link proxy enable

external-link proxy enable (LB action view)

Use external-link proxy enable to enable external link proxy.

Use undo external-link proxy enable to disable external link proxy.

Syntax

external-link proxy enable

undo external-link proxy enable

Default

External link proxy is disabled.

Views

HTTP LB action view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

To perform external link proxy for a traffic class instead of all traffic of a virtual server, enable external link proxy in an HTTP LB action. Additionally, configure external link proxy parameters in the view of the virtual server and specify the LB policy for the virtual server.

The external link proxy action is first taken when the following actions are also configured:

· A forwarding LB action.

· HTTP redirection action.

· Specifying a response file for matching HTTP requests.

· Specifying a response file used upon load balancing failure.

Examples

# Enable external link proxy for HTTP LB action a1.

<Sysname> system-view

[Sysname] loadbalance action a1 type http

[Sysname-lba-http-a1] external-link proxy enable

Related commands

display loabalance action

external-link inject-domain-suffix

external-link inject-uri

external-link proxy enable (virtual server view)

Use external-link proxy enable to enable external link proxy.

Use undo external-link proxy enable to disable external link proxy.

Syntax

external-link proxy enable

undo external-link proxy enable

Default

External link proxy is disabled.

Views

HTTP virtual server view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

This command enables the LB device to operate as a proxy to request IPv4 resources on behalf of IPv6 clients. External link proxy operates as follows:

1. The LB device receives an IPv6 DNS request containing an IPv4 link, and sends the request to the IPv6 site server.

2. Upon receiving a response from the server, the LB device returns a script file with the external link rewritten as configured to the client.

3. The client executes the script file, modifies the external link domain name as instructed, and then sends another DNS request containing the modified domain name.

4. Upon receiving the request, the LB device extracts the original domain name and requests the associated IPv4 resource on behalf of the client.

5. The LB device returns the obtained IPv4 resource to the client.

Examples

# Enable external link proxy for HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] external-link proxy enable

Related commands

display virtual-server

external-link snat-pool

Use external-link snat-pool to specify the SNAT address pool for external link proxy.

Use undo external-link snat-pool to restore the default.

Syntax

external-link snat-pool pool-name

undo external-link snat-pool

Default

No SNAT address pool is specified for external link proxy.

Views

HTTP virtual server view

Predefined user roles

network-admin

Parameters

pool-name: Specifies a SNAT address pool by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Operating mechanism

To request an IPv4 resource as an external link proxy, the LB device will choose an IP address from the specified SNAT pool. The LB device uses this IP address as the client IP address to initiate a request on behalf of the IPv6 client.

If you do not specify a SNAT address pool, the LB device uses the IP address of the output interface to the server as the client IP address.

Examples

# Specify the SNAT address pool as spool1 for external link proxy on HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] external-link snat-pool spool1

Related commands

display virtual-server

loadbalance snat-pool

external-link whitelist domain

Use external-link whitelist domain to add a domain name to the whitelist for external link proxy.

Use undo external-link whitelist domain to delete a domain name from the whitelist for external link proxy.

Syntax

external-link whitelist domain domain-name

undo external-link whitelist domain domain-name

Default

No domain names are added to the whitelist for external link proxy.

Views

HTTP virtual server view

Predefined user roles

network-admin

Parameters

domain-name: Specifies a domain name, a case-insensitive, dot-separated string of 1 to 254 characters. Each dot-separated label in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), and dots (.).

Usage guidelines

Operating mechanism

The LB device does not rewrite the external links containing any domain names in the whitelist. You can add specific domain names (for example, those of the IPv6 external links in the IPv6 site) to the whitelist.

Examples

# Add domain name a.example.com to the whitelist for external link proxy on HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] external-link whitelist domain a.example.com

Related commands

display virtual-server

external-script

Use external-script to specify a script file used for custom monitoring.

Use undo external-script to restore the default.

Syntax

external-script file-name

undo external-script

Default

No script file is specified for custom monitoring.

Views

Custom-monitoring LB probe template view

Predefined user roles

network-admin

Parameters

file-name: Specifies a script file by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Operating mechanism

The device detects the state of real severs according to the detection contents in the script file.

If you execute this command multiple times, the most recent configuration takes effect.

Restrictions and guidelines

Before specifying a script file, upload the file to the device.

The device supports specifying only script files with the .py suffix.

Examples

# In custom-monitoring LB probe template test_external, use script file test.py for custom monitoring.

<Sysname> system-view

[Sysname] loadbalance probe-template external-monitor test-external

[Sysname-lbpt-external-monitor-test-external] external-script test.py

fail-action

Use fail-action to specify the fault processing method for a server farm.

Use undo fail-action to restore the default.

Syntax

fail-action { keep | reschedule | reset }

undo fail-action

Default

The fault processing method is to keep existing connections.

Views

Server farm view

Predefined user roles

network-admin

Parameters

keep: Keeps the connection with the failed real server. Keeping or terminating the connection depends on the timeout mechanism of the protocol.

reschedule: Redirects the connection to another available real server in the server farm.

reset: Terminates the connection with the failed real server by sending RST packets (for TCP packets) or ICMP unreachable packets (for other types of packets).

Usage guidelines

The fault processing method applies when the real server that processes packets fails.

Examples

# Specify the fault processing method for the server farm sf as reschedule.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] fail-action reschedule

fallback-action close

Use fallback-action close to configure the method of closing TCP connections upon failure to find a real server.

Use undo fallback-action to restore the default.

Syntax

fallback-action close { fin | rst }

undo fallback-action

Default

Packets are dropped when no real servers are available for the current LB action.

Views

Generic/HTTP LB action view

Predefined user roles

network-admin

Parameters

fin: Closes TCP connections by sending FIN packets.

rst: Closes TCP connections by sending RST packets.

Usage guidelines

This command enables the device to close TCP connections matching the LB policy by sending FIN or RST packets if the device fails to find a real server according to the LB action.

Examples

# In HTTP LB action a1, configure the method of closing TCP connections by sending RST packets.

<Sysname> system-view

[Sysname] loadbalance action a1 type http

[Sysname-lba-http-a1] fallback-action close rst

fallback-action continue

Use fallback-action continue to match the next rule upon failure to find an available server.

Use undo fallback-action to restore the default.

Syntax

fallback-action continue

undo fallback-action

Default

Packets are dropped when no servers are available for the current LB action.

Views

LB action view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

This command enables packets to match the next rule in an LB policy when no servers are available for the current LB action.

Restrictions and guidelines

This command does not apply to SIP virtual servers.

Examples

# Match the next rule upon failure to find a real server for the HTTP LB action a1.

<Sysname> system-view

[Sysname] loadbalance action a1 type http

[Sysname-lba-http-a1] fallback-action continue

# In transparent DNS proxy, match the next rule upon failure to find a DNS server for the DNS LB action a2.

<Sysname> system-view

[Sysname] loadbalance action a2 type dns

[Sysname-lba-dns-a2] fallback-action continue

# In outbound link load balancing, match the next rule upon failure to find a DNS server for the link-generic LB action a3.

<Sysname> system-view

[Sysname] loadbalance action a3 type link-generic

[Sysname-lba-link-generic-a3] fallback-action continue

fallback-action response raw-file

Use fallback-action response raw-file to specify a response file used upon load balancing failure.

Use undo fallback-action to restore the default.

Syntax

fallback-action response raw-file raw-filename

undo fallback-action

Default

Packets are discarded upon load balancing failure.

Views

HTTP LB action view

Predefined user roles

network-admin

Parameters

raw-filename: Specifies a response file by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Compatibility information

The fallback-action response raw-file command and the fallback-action continue command are mutually exclusive.

Operating mechanism

This command enables the device to respond to client requests when the device fails to find an available real server or fails to find the response file specified in the response command. The response file specified in the fallback-action response raw-file command must contain a complete HTTP packet and cannot contain only the HTTP content.

Examples

# Specify the 301.raw file as the response file used upon load balancing failure.

<Sysname> system-view

[Sysname] loadbalance action a_http type http

[Sysname-lba-http-a_http] fallback-action response raw-file 301.raw

Related commands

display loadbalance action

fallback-action continue

fin-wait1 timeout

Use fin-wait1 timeout to set the FIN-WAIT-1 state timeout time for TCP connections.

Use undo fin-wait1 timeout to restore the default.

Syntax

fin-wait1 timeout timeout-value

undo fin-wait1 timeout

Default

The FIN-WAIT-1 state timeout time is 5 seconds for TCP connections.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the FIN-WAIT-1 state timeout time in the range of 1 to 65535 seconds.

Examples

# Set the FIN-WAIT-1 state timeout time for TCP connections to 10 seconds in the TCP parameter profile profile.

<Sysname> system-view

[Sysname] parameter-profile profile type tcp

[Sysname-para-tcp-profile] fin-wait1 timeout 10

Related commands

display parameter-profile

fin-wait2 timeout

Use fin-wait2 timeout to set the FIN-WAIT-2 state timeout time for TCP connections.

Use undo fin-wait2 timeout to restore the default.

Syntax

fin-wait1 timeout timeout-value

undo fin-wait1 timeout

Default

The FIN-WAIT-2 state timeout time is 5 seconds for TCP connections.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the FIN-WAIT-2 state timeout time in the range of 1 to 65535 seconds.

Examples

# Set the FIN-WAIT-2 state timeout time for TCP connections to 10 seconds in the TCP parameter profile profile.

<Sysname> system-view

[Sysname] parameter-profile profile type tcp

[Sysname-para-tcp-profile] fin-wait2 timeout 10

Related commands

display parameter-profile

forward all

Use forward all to configure the packet forwarding mode.

Use undo forward to restore the default.

Syntax

forward all

undo forward

Default

The packet forwarding mode is to discard packets.

Views

DNS/Generic/Link-generic LB action view

Predefined user roles

network-admin

Usage guidelines

Compatibility information

In DNS LB action view, this command is mutually exclusive with the dns-server-pool or skip current-dns-proxy command. In generic LB action view, the forward all and server-farm commands are mutually exclusive. In link-generic LB action view, the forward all and link-group commands are mutually exclusive. If you configure one command, the other command (if configured) is automatically cancelled.

Restrictions and guidelines

This command does not apply to SIP virtual servers.

Examples

# In server load balancing, configure the packet forwarding mode for the generic LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] forward all

# In outbound link load balancing, configure the packet forwarding mode for the link-generic LB action lba2.

<Sysname> system-view

[Sysname] loadbalance action lba2 type link-generic

[Sysname-lba-link-generic-lba2] forward all

# In transparent DNS proxy, configure the packet forwarding mode for the DNS LB action lba3.

<Sysname> system-view

[Sysname] loadbalance action lba3 type dns

[Sysname-lba-dns-lba3] forward all

Related commands

dns-server-pool

link-group (LB action view)

server-farm (LB action view)

frame size

Use frame size to configure the size of a frame in an HTTP2.0 packet.

Use undo frame size to restore the default.

Syntax

frame size size

undo frame size

Default

The size of a frame in an HTTP2.0 packet is 2048.

Views

HTTP2.0 parameter profile view

Predefined user roles

network-admin

Parameters

size: Specifies the size of a frame in an HTTP2.0 packet, in the range of 1024 to 16384.

Usage guidelines

Operating mechanism

A frame is the smallest unit of an HTTP2.0 packet, and an HTTP2.0 packet can be composed of multiple frames. You can configure the size of a frame in an HTTP2.0 packet. If a frame exceeds the specified size, the device will fragment the data in the frame based on the specified frame size.

This command takes effect only on HTTP 2.0 request packets.

Restrictions and guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Create HTTP2.0 parameter profile p1, and set the size of a frame in an HTTP2.0 packet to 1024.

<Sysname> system-view

[Sysname] parameter-profile p1 type http2

[Sysname-para-http2-p1] frame size 1024

frequency

Use frequency to set the probe interval for an LB probe template.

Use undo frequency to restore the default.

Syntax

frequency interval

undo frequency

Default

The probe interval is 300 seconds.

Views

Load balancing probe template view

Predefined user roles

network-admin

Parameters

interval: Specifies the probe interval in the range of 5 to 604800 seconds.

Usage guidelines

Operating mechanism

This command specifies the interval for sending probe packets.

Examples

# Set the probe interval to 3600 seconds for ICMP probe template icmptplt.

<Sysname> system-view

[Sysname] loadbalance probe-template icmp icmptplt

[Sysname-lb-pt-icmp-icmptplt] frequency 3600

header (HTTP header sticky group view)

Use header to configure the HTTP header sticky method.

Use undo header to restore the default.

Syntax

header { { { host | name header-name | url } [ offset offset ] [ start start-string ] [ end end-string | length length ] } | request-method | version }

undo header

Default

No HTTP header sticky methods exist.

Views

HTTP header sticky group view

Predefined user roles

network-admin

Parameters

host: Specifies the HTTP host based sticky method.

name header-name: Specifies the HTTP header name based sticky method. The header-name argument is a case-insensitive string of 1 to 63 characters.

url: Specifies the HTTP URL based sticky method.

offset offset: Specifies the offset value of the HTTP header based on the start of the HTTP packet, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the HTTP header, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the HTTP header, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the HTTP header, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

request-method: Specifies the HTTP Request-Method based sticky method.

version: Specifies the HTTP version based sticky method.

Usage guidelines

Use this command to obtain the HTTP header information used to generate sticky entries based on the offset, start-string, end-string, and length values. The start-string and end-string values are not included in the sticky entry information.

Examples

# Configure the HTTP header sticky method for the HTTP header sticky group sg4: Specify the HTTP host based sticky method.

<Sysname> system-view

[Sysname] sticky-group sg4 type http-header

[Sysname-sticky-http-header-sg4] header host

header (HTTP passive sticky group view)

Use header to configure the HTTP header passive sticky method.

Use undo header to delete the HTTP header passive sticky method.

Syntax

header { get id name header-name | match id { name header-name | url } } start start-string { end end-string | length length }

undo { get | match } id

Default

No HTTP header passive sticky methods exist.

Views

HTTP passive sticky group view

Predefined user roles

network-admin

Parameters

get: Obtains the specified string in the HTTP response header, which is used to generate an HTTP header passive sticky entry.

match: Obtains the specified string in the HTTP request header, which is used to match an HTTP header passive sticky entry.

id: Specifies the string ID in the range of 1 to 4.

name header-name: Specifies the HTTP header name based sticky method. The header-name argument is a case-insensitive string of 1 to 63 characters.

url: Specifies the HTTP URL based sticky method.

start start-string: Specifies the regular expression that marks the start of the HTTP header or URL, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the HTTP header or URL, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

length length: Specifies the length of the HTTP header or URL, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

The start-string and end-string values are not included in the sticky entry information.

Both the header get and header match commands are required for an HTTP header passive sticky method.

The device obtains the header or URL information of an incoming HTTP request based on the header match command and obtains the header information of an incoming HTTP response based on the header get command. If the header or URL information of the HTTP request matches the header information of the HTTP response, the device generates a sticky entry based on the header information of the HTTP response. Subsequent HTTP requests that match the sticky entry are forwarded according to the sticky entry.

The following rules apply to use of the header match and header get commands:

· You can execute a maximum of four header get commands and four header match commands for one HTTP passive sticky method.

· A number of n strings that are obtained based on n header get commands generates 2n-1 strings in ascending order of string IDs. If the string obtained based on the header match command matches any one of these generated strings, the match is successful.

· A number of n strings that are obtained based on n header match commands combine as one string in ascending order of string IDs.

For example, three header get commands are executed with string IDs 1, 2, and 3. The device obtains three strings a, b, and c in the HTTP response header, generates seven strings a, b, c, ab, ac, bc, and abc, and generates seven sticky entries. Then, three header match commands are executed with string IDs 2, 3, and 4. The device obtains three strings a, b, and c in the HTTP request header and generates one string abc. If the string matches one of the seven strings, the device generates a sticky entry based on the string abc. Subsequent HTTP requests that match the sticky entry are forwarded according to the sticky entry.

Examples

# Configure the HTTP passive sticky method for the HTTP passive sticky group sg4: Obtain the string between callid and & in the URL of the HTTP request. If the string matches the string between phone-number and & in HTTP response header x-forward-callid, the device generates a sticky entry based on the string between phone-number and &.

<Sysname> system-view

[Sysname] sticky-group sg4 type http-passive

[Sysname-sticky-http-passive-sg4] header get 1 name x-forward-callid start phone-number end &

[Sysname-sticky-http-passive-sg4] header match 1 url start callid end &

Related commands

content (HTTP passive sticky group view)

display sticky-group

header call-id

Use header call-id to configure the SIP call ID sticky method.

Use undo header call-id to restore the default.

Syntax

header call-id

undo header call-id

Default

No sticky methods exist.

Views

SIP sticky group view

Predefined user roles

network-admin

Usage guidelines

The SIP call ID sticky method allows the device to generate sticky entries based on the Call-ID header field in SIP messages. Packets with the same call ID are assigned to the same real server.

Examples

# Configure the SIP call ID sticky method for the SIP sticky group sg6.

<Sysname> system-view

[Sysname] sticky-group sg6 type sip

[Sysname-sticky-sip-sg6] header call-id

header delete

Use header delete to delete the HTTP header.

Use undo header delete to keep the HTTP header.

Syntax

header delete { both | request | response } name header-name

undo header delete { both | request | response } name header-name

Default

The HTTP header is kept.

Views

HTTP LB action view

Predefined user roles

network-admin

Parameters

both: Specifies both the HTTP request and response packets.

request: Specifies the HTTP request packets.

response: Specifies the HTTP response packets.

name header-name: Specifies the name of the HTTP packet header, including standard and user-defined headers that must match the header in the packet. The header-name argument is a case-insensitive string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127. You can enter a question mark (?) to obtain a list of standard header names. For more information about the header names, see RFC 4229.

Usage guidelines

This command deletes the specified header from HTTP packets.

Examples

# Delete the header named host from HTTP request packets for the HTTP LB action lba2.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] header delete request name host

header delete request accept-encoding

Use header delete request accept-encoding to delete the Accept-Encoding header from HTTP requests.

Use undo header delete request accept-encoding to keep the Accept-Encoding header in HTTP requests.

Syntax

header delete request accept-encoding

undo header delete request accept-encoding

Default

The LB device deletes the Accept-Encoding header from HTTP requests.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

Usage guidelines

This command enables the LB device to delete the Accept-Encoding header from the HTTP request before sending it to the server. If the response packet sent by the server matches the specified match rule, the LB device compresses the packet before sending it to the requesting client. If the HTTP request sent by the client does not contain the Accept-Encoding header, the LB device does not compress the response packet regardless of whether this command is executed.

By default, the LB device does not modify request packets. If the response packet sent by the server is compressed, the LB device sends the packet to the requesting client without compressing it. If the response packet sent by the server is not compressed and matches the specified match rule, the LB device compresses the packet before sending it to the requesting client.

Examples

# Create the HTTP-compression parameter profile http1, and delete the Accept-Encoding header from HTTP requests.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] header delete request accept-encoding

header exceed-length

Use header exceed-length to specify the action to take on the HTTP requests or responses when their packet headers exceed the maximum length.

Use undo header exceed-length to restore the default.

Syntax

header exceed-length { continue | drop }

undo header exceed-length

Default

The system continues to perform load balancing for HTTP requests or responses when their packet headers exceed the maximum length.

Views

HTTP parameter profile view

Predefined user roles

network-admin

Parameters

continue: Continues to perform load balancing.

drop: Stops performing load balancing, discards the packet, and terminates the connection.

Usage guidelines

Operating mechanism

When the HTTP packet header length exceeds the processing capability of load balancing, the drop method applies.

Restrictions and guidelines

This command is not supported by virtual servers of the fast HTTP type.

Examples

# For the HTTP parameter profile pp1, specify the drop action for the HTTP requests or responses with their packet headers exceeding the maximum length.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] header exceed-length drop

header insert

Use header insert to insert the HTTP header.

Use undo header insert to remove the configuration.

Syntax

header insert { both | request | response } name header-name value value [ encode { base64 | url } ]

undo header insert { both | request | response } name header-name

Default

The HTTP header is not inserted.

Views

HTTP LB action view

Predefined user roles

network-admin

Parameters

both: Specifies both the HTTP request and response packets.

request: Specifies the HTTP request packets.

response: Specifies the HTTP response packets.

name header-name: Specifies the name of the HTTP packet header, including standard and user-defined headers. The header-name argument is a case-sensitive string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127. You can enter a question mark (?) to obtain a list of standard header names. For more information about the header names, see RFC 4229.

value value: Specifies the header content to be inserted to the HTTP packet, a string of 1 to 255 characters. You can also specify the following replacement strings:

· %is—Source IP address in HTTP requests.

· %ps—Source port number in HTTP requests.

· %id—Destination IP address in HTTP requests.

· %pd—Destination port number in HTTP requests.

· %sps—Source port number in HTTP responses.

· %spd—Destination port number in HTTP responses.

· %sis—Source IP address in HTTP responses.

· %sid—Destination IP address in HTTP responses.

· %{x509v}—Certificate version.

· %{x509snum}—Certificate serial number.

· %{x509sigalgo}—Certificate signature algorithm.

· %{x509issuer}—Certificate issuer.

· %{x509before}—Certificate effective time.

· %{x509after}—Certificate expiration time.

· %{x509sub}—Certificate subject.

· %{x509spktype}—Public key type for the certificate subject.

· %{x509spk}—Public key for the certificate subject.

· %{x509spkRSA}—Length of the RSA public key for the certificate subject (this field is available only for an RSA public key).

· %{x509hash}—MD5 hash value of the client certificate.

· %{x509cipher}—Certificate cipher.

· %{dncn}—Issuee.

· %{dne}—Email.

· %{dno}—Company/Organization.

· %{dnou}—Department.

· %{dnc}—Country.

· %{dns}—State/Province.

· %{dnl}—City.

encode { base64 | url }: Specifies an encoding method for replacement strings. If you do not specify an encoding method, replacement strings are not encoded.

Usage guidelines

Operating mechanism

This command inserts the specified header to HTTP packets.

Restrictions and guidelines

URL encoding encodes only special characters in replacement strings, for example, colons in IPv6 addresses. Base64 encoding encodes entire replacement strings.

Execute this command to insert the client source IP address into the X-Forwarded-For field in the header of an HTTP request. Then, you do not need to execute the insert-xff enable command for the virtual server to enable the insertion of source IP address in X-Forwarded-For field. If you execute both the header insert and insert-xff enable commands, the insert-xff enable command takes precedence.

Examples

# Insert the header named source with source IP address and source port number as the content to HTTP request packets for the HTTP LB action lba2.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] header insert request name source value %is:%ps

Related commands

insert-xff enable

header insert response vary

Use header insert response vary to insert the Vary header into HTTP responses.

Use undo header insert response vary to remove the configuration.

Syntax

header insert response vary

undo header insert response vary

Default

The Vary header is inserted into HTTP responses.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

Usage guidelines

This command inserts the Vary header to HTTP responses and sets the header content to Accept-Encoding before sending them to the client. The command takes effect regardless of whether the response packets contain the Vary header or whether the packets are compressed.

Examples

# Create the HTTP-compression parameter profile http1, and insert the Vary header into HTTP responses.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] header insert response vary

header maxparse-length

Use header maxparse-length to set the maximum length of HTTP headers that can be parsed.

Use undo header maxparse-length to restore the default.

Syntax

header maxparse-length length

undo header maxparse-length

Default

The maximum length of HTTP headers that can be parsed is 4096.

Views

HTTP parameter profile view

Predefined user roles

network-admin

Parameters

length: Specifies the maximum length of HTTP headers that can be parsed, in the range of 1 to 65535 bytes.

Usage guidelines

This command is not supported by the virtual servers of the fast HTTP type.

Examples

# Set the maximum length of HTTP headers that can be parsed to 8192 for the HTTP parameter profile pp1.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] header maxparse-length 8192

header modify per-request

Use header modify per-request to perform the insert, delete, or modify operation for the header of each HTTP request or response packet.

Use undo header modify per-request to restore the default.

Syntax

header modify per-request

undo header modify per-request

Default

The insert, delete, or modify operation is performed for the header of the first HTTP request or response packet of a connection.

Views

HTTP parameter profile view

Predefined user roles

network-admin

Examples

# For the HTTP parameter profile pp1, perform the insert, delete, or modify operation for the header of each HTTP request or response packet.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] header modify per-request

header rewrite

Use header rewrite to rewrite the HTTP header.

Use undo header rewrite to remove the configuration.

Syntax

header rewrite { both | request | response } name header-name value value replace replace [ encode { base64 | url } ]

undo header rewrite { both | request | response } name header-name

Default

The HTTP header is not rewritten.

Views

HTTP LB action view

Predefined user roles

network-admin

Parameters

both: Specifies both the HTTP request and response packets.

request: Specifies the HTTP request packets.

response: Specifies the HTTP response packets.

value value: Specifies the HTTP packet header content to be rewritten, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

replace replace: Specifies the content after rewrite, a case-sensitive string of 1 to 127 characters. You can also specify the following replacement strings:

· %is—Source IP address in HTTP requests.

· %ps—Source port number in HTTP requests.

· %id—Destination IP address in HTTP requests.

· %pd—Destination port number in HTTP requests.

· %sps—Source port number in HTTP responses.

· %spd—Destination port number in HTTP responses.

· %sis—Source IP address in HTTP responses.

· %sid—Destination IP address in HTTP responses.

· %{x509v}—Certificate version.

· %{x509snum}—Certificate serial number.

· %{x509sigalgo}—Certificate signature algorithm.

· %{x509issuer}—Certificate issuer.

· %{x509before}—Certificate effective time.

· %{x509after}—Certificate expiration time.

· %{x509sub}—Certificate subject.

· %{x509spktype}—Public key type for the certificate subject.

· %{x509spk}—Public key for the certificate subject.

· %{x509spkRSA}—Length of the RSA public key for the certificate subject (this field is available only for an RSA public key).

· %{x509hash}—MD5 hash value of the client certificate.

· %{dncn}—Issuee.

· %{dne}—Email.

· %{dno}—Company/Organization.

· %{dnou}—Department.

· %{dnc}—Country.

· %{dns}—State/Province.

· %{dnl}—City.

encode { base64 | url }: Specifies an encoding method for replacement strings. If you do not specify an encoding method, replacement strings are not encoded.

Usage guidelines

This command rewrites the value setting of the specified header in HTTP packets to the replace setting.

URL encoding encodes only special characters in replacement strings, for example, colons in IPv6 addresses. Base64 encoding encodes entire replacement strings.

Examples

# For the HTTP LB action lba2, rewrite the content www.hello.example.com of the header named host in HTTP request packets to www.he.example.com.cn.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] header rewrite request name host value www\.(he)(llo)\.example.com replace www.%1.example.com.cn encode url

header rewrite request url

Use header rewrite request url to rewrite the URL in HTTP requests.

Use undo header rewrite request url to restore the default.

Syntax

header rewrite request url value value replace replace [ encode { base64 | url } ]

undo header rewrite request url

Default

The URL in HTTP requests is not rewritten.

Views

HTTP LB action view

Predefined user roles

network-admin

Parameters

value value: Specifies the URL to be rewritten, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

replace replace: Specifies the URL after rewrite, a case-sensitive string of 1 to 127 characters. You can also specify the following replacement strings:

· %is—Source IP address in HTTP requests.

· %ps—Source port number in HTTP requests.

· %id—Destination IP address in HTTP requests.

· %pd—Destination port number in HTTP requests.

· %sps—Source port number in HTTP responses.

· %spd—Destination port number in HTTP responses.

· %sis—Source IP address in HTTP responses.

· %sid—Destination IP address in HTTP responses.

· %{x509v}—Certificate version.

· %{x509snum}—Certificate serial number.

· %{x509sigalgo}—Certificate signature algorithm.

· %{x509issuer}—Certificate issuer.

· %{x509before}—Certificate effective time.

· %{x509after}—Certificate expiration time.

· %{x509sub}—Certificate subject.

· %{x509spktype}—Public key type for the certificate subject.

· %{x509spk}—Public key for the certificate subject.

· %{x509spkRSA}—Length of the RSA public key for the certificate subject (this field is available only for an RSA public key).

· %{x509hash}—MD5 hash value of the client certificate.

· %{dncn}—Issuee.

· %{dne}—Email.

· %{dno}—Company/Organization.

· %{dnou}—Department.

· %{dnc}—Country.

· %{dns}—State/Province.

· %{dnl}—City.

encode { base64 | url }: Specifies an encoding method for replacement strings. If you do not specify an encoding method, replacement strings are not encoded.

Usage guidelines

This command rewrites the value setting in the HTTP request URL to the replace setting.

URL encoding encodes only special characters in replacement strings, for example, colons in IPv6 addresses. Base64 encoding encodes entire replacement strings.

Examples

# For the HTTP LB action lba2, rewrite the URL www.hello.example.com in HTTP requests to www.he.example.com.cn.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] header rewrite request url value www\.(he)(llo)\.example.com replace www.%1.example.com.cn encode url

header-table size

Use header-table size to configure the maximum number of HTTP2.0 packet header entries supported by the device.

Use undo header-table size to restore the default.

Syntax

header-table size size

undo header-table size

Default

The maximum number of HTTP2.0 packet header entries supported by the device is 4096.

Views

HTTP2.0 parameter profile view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum number of HTTP2.0 packet header entries supported by the device, in the range of 0 to 65536.

Usage guidelines

Application scenarios

HTTP2.0 maintains a header table for strings and fields that appear repeatedly in the packet headers. The header table uses small-length index numbers to represent the repeated strings and compresses header data through Huffman encoding, implementing header compression for a large number of concurrent requests and responses.

As the number of HTTP2.0 packets that barely have repeated headers sent over a TCP connection increases, the number of header table entries increases on both the client and server. These entries will consume a lot of memory and reduce the concurrent processing capability of the device or server.

Operating mechanism

To resolve this issue, you can configure the maximum number of HTTP2.0 packet header entries supported by the device. When the number of header entries reaches the limit, the device will terminate the TCP connection to release memory and ensure device or server performance. You can also execute the concurrent-streams-per-connection command to configure the maximum number of concurrent requests supported by a TCP connection to resolve this issue.

This command takes effect only on HTTP 2.0 request packets.

Restrictions and guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Create HTTP2.0 parameter profile p1, and set the maximum number of HTTP2.0 packet header entries supported by the device to 1024.

<Sysname> system-view

[Sysname] parameter-profile p1 type http2

[Sysname-para-http2-p1] header-table size 1024

Related commands

concurrent-streams-per-connection

host ip address

Use host { ip | ipv6 } address to configure the Host-IP-Address AVP to be sent in Diameter messages.

Use undo host { ip | ipv6 } address to restore the default.

Syntax

host { ip | ipv6 } address ip-address

undo host { ip | ipv6 } address

Default

The Host-IP-Address AVP to be sent in Diameter messages is not configured.

Views

Diameter session parameter profile view

Predefined user roles

network-admin

Parameters

ip-address: Specifies an IPv4 or IPv6 address. The IP address cannot be a loopback, IPv6 multicast, link-local, or unspecified address.

Usage guidelines

The IP address specified by this command must be an address configured for an available interface on the device. During Diameter capability exchange with the peer, the device sends the specified Host-IP-Address AVP as its own IP address to the peer.

Examples

# Specify the Host-IP-Address AVP as 22.2.2.6 for Diameter session parameter profile dia.

<Sysname> system-view

[Sysname] parameter-profile dia type diameter-session

[Sysname-para-diameter-session-dia] host ip address 22.2.2.6

Related commands

parameter-profile

idle-time

Use idle-time to set the idle timeout time for TCP connections between the LB device and servers.

Use undo idle-time to restore the default.

Syntax

idle-time idle-time

undo idle-time

Default

The idle timeout time for TCP connections between the LB device and servers is 86400 seconds.

Views

OneConnect parameter profile view

MySQL parameter profile view

Predefined user roles

network-admin

Parameters

idle-time: Specifies the idle timeout time in the range of 1 to 4294967295 seconds.

Usage guidelines

The idle timeout time is the amount of time that a TCP connection can stay idle before it is disconnected. After the TCP connection is disconnected, new connection requests trigger establishment of a new TCP connection.

Examples

# In OneConnect parameter profile ocp, set the idle timeout time to 10000 seconds for TCP connections between the LB device and servers.

<Sysname> system-view

[Sysname] parameter-profile ocp type oneconnect

[Sysname-para-oneconnect-ocp] idle-time 10000

insert-header-field

Use insert-header-field to insert header fields into HTTP2.0 requests.

Use undo insert-header-field to restore the default.

Syntax

insert-header-field field-name

Default

No header fields are inserted into HTTP2.0 requests.

Views

HTTP2.0 parameter profile view

Predefined user roles

network-admin

Parameters

field-name: Specifies a header field by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can insert header fields into HTTP2.0 requests to help a real server identify HTTP2.0 requests.

This command takes effect only on HTTP 2.0 request packets.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Create HTTP2.0 parameter profile p1, and configure the device to insert header field aaa into HTTP2.0 requests.

<Sysname> system-view

[Sysname] parameter-profile p1 type http2

[Sysname-para-http2-p1] insert-header-field aaa

insert-xff enable

Use insert-xff enable to enable the device to insert client source IP address into the X-Forwarded-For field.

Use undo insert-xff enable to disable the device from inserting client source IP address into the X-Forwarded-For field.

Syntax

insert-xff enable

undo insert-xff enable

Default

The device does not insert client source IP address into the X-Forwarded-For field.

Views

HTTP virtual server view

Predefined user roles

network-admin

Usage guidelines

After you execute this command, when the device receives a request packet from a client, it will insert the client source IP address into the X-Forwarded-For field in the HTTP packet extended header.

Examples

# Enable the device to insert client source IP address into the X-Forwarded-For field for HTTP virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type http

[Sysname-vs-http-vs3] insert-xff enable

ip

Use ip to configure the IPv4 sticky method.

Use undo ip to restore the default.

Syntax

ip [ port ] { both | destination | source } [ mask mask-length ]

undo ip

Default

No IPv4 sticky method is configured.

Views

Sticky group view

Predefined user roles

network-admin

Parameters

port: Specifies the sticky method as IPv4 address + port number. If you do not specify this keyword, the sticky method is IPv4 address.

both: Specifies the sticky method as source IPv4 address + destination IPv4 address (if you do not specify the port keyword), or source IPv4 address + source port number + destination IPv4 address + destination port number (if you specify the port keyword).

destination: Specifies the sticky method as destination IPv4 address if you do not specify the port keyword, or destination IPv4 address + destination port number if you specify the port keyword.

source: Specifies the sticky method as source IPv4 address if you do not specify the port keyword, or source IPv4 address + source port number if you specify the port keyword.

mask mask-length: Specifies the mask length for the sticky method.

Examples

# Configure the sticky method for the address and port-based sticky group sg1 as source IPv4 address.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] ip source

# Configure the sticky method for the address and port-based sticky group sg1 as source IPv4 address + source port number.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] ip port source

Related commands

sticky-group

ip address

Use ip address to configure an IPv4 address for a real server.

Use undo ip address to restore the default.

Syntax

ip address ipv4-address

undo ip address

Default

No IPv4 address is configured for a real server.

Views

Real server view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies an IPv4 address, which cannot be a loopback address, multicast address, broadcast address, or an address in the format of 0.X.X.X.

Examples

# Configure the IPv4 address for the real server rs as 1.1.1.1.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] ip address 1.1.1.1

ip range

Use ip range to add an IPv4 address range to a SNAT address pool.

Use undo ip range to remove an IPv4 address range from a SNAT address pool.

Syntax

ip range start start-ipv4-address end end-ipv4-address

undo ip range start start-ipv4-address end end-ipv4-address

Default

An SNAT address pool does not contain IPv4 address ranges.

Views

SNAT address pool view

Predefined user roles

network-admin

Parameters

start start-ipv4-address: Specifies the start IPv4 address.

end end-ipv4-address: Specifies the end IPv4 address, which must be greater than or equal to the start IPv4 address.

Usage guidelines

Operating mechanism

You can execute this command multiple times to add multiple IPv4 address ranges to a SNAT address pool. Each address range can have a maximum of 256 IPv4 addresses.

Restrictions and guidelines

No overlapping IPv4 addresses are allowed in the same SNAT address pool or different SNAT address pools.

If the addresses in an SNAT address pool are in the same network segment as the IP address of the interface connect the device to the server, you must specify an interface for sending gratuitous ARP or ND packets.

Examples

# Add IPv4 address range 1.1.1.1 to 1.1.1.100 to the SNAT address pool lbsp.

<Sysname> system-view

[Sysname] loadbalance snat-pool lbsp

[Sysname-lbsnat-pool-lbsp] ip range start 1.1.1.1 end 1.1.1.100

Related commands

arp-nd interface (SNAT address pool view)

loadbalance snat-pool

ip source mask

Use ip source mask to specify the IPv4 mask for connection reuse.

Use undo ip source mask to restore the default.

Syntax

ip source mask { mask-length | mask }

undo ip source mask

Default

The IPv4 mask for connection reuse is the natural mask.

Views

OneConnect parameter profile view

MySQL parameter profile view

Predefined user roles

network-admin

Parameters

mask-length: Specifies the mask length in the range of 0 to 32. A value of 0 indicates the natural mask.

mask: Specifies the subnet mask in dotted decimal notation.

Usage guidelines

This command limits the network segment of clients that can reuse connections between the LB device and servers. If the client that initiates a connection request is in the same network segment as the idle TCP connection, the idle TCP connection is reused. If the client does not match this requirement, a new TCP connection is established.

Examples

# In OneConnect parameter profile ocp, set the mask length for connection reuse to 24.

<Sysname> system-view

[Sysname] parameter-profile ocp type oneconnect

[Sysname-para-oneconnect-ocp] ip source mask 24

ipv6

Use ipv6 to configure the IPv6 sticky method.

Use undo ipv6 to restore the default.

Syntax

ipv6 [ port ] { both | destination | source } [ prefix prefix-length ]

undo ipv6

Default

No IPv6 sticky method is configured.

Views

Sticky group view

Predefined user roles

network-admin

Parameters

port: Specifies the sticky method as IPv6 address + port number. If you do not specify this keyword, the sticky method is IPv6 address.

both: Specifies the sticky method as source IPv6 address + destination IPv6 address if you do not specify the port keyword, or source IPv6 address + source port number + destination IPv6 address + destination port number if you specify the port keyword.

destination: Specifies the sticky method as destination IPv6 address if you do not specify the port keyword, or destination IPv6 address + destination port number if you specify the port keyword.

source: Specifies the sticky method as source IPv6 address if you do not specify the port keyword, or source IPv6 address + source port number if you specify the port keyword.

prefix prefix-length: Specifies the prefix length for the sticky method.

Examples

# Configure the sticky method for the address- and port-based sticky group sg1 as source IPv6 address.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] ipv6 source

# Configure the sticky method for the address- and port-based sticky group sg1 as source IPv6 address + source port number.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] ipv6 port source

Related commands

sticky-group

ipv6 address

Use ipv6 address to configure an IPv6 address for a real server.

Use undo ipv6 address to restore the default.

Syntax

ipv6 address ipv6-address

undo ipv6 address

Default

No IPv6 address is configured for a real server.

Views

Real server view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 address, which cannot be a loopback address, IPv6 multicast address, link-local address, or all-zero address.

Examples

# Configure the IPv6 address for the real server rs as 1001::1.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] ipv6 address 1001::1

ipv6 range

Use ipv6 range to add an IPv6 address range to a SNAT address pool.

Use undo ipv6 range to remove an IPv6 address range from a SNAT address pool.

Syntax

Default

An SNAT address pool does not contain IPv6 address ranges.

Views

SNAT address pool view

Predefined user roles

network-admin

Parameters

start start-ipv6-address: Specifies the start IPv6 address.

end end-ipv6-address: Specifies the end IPv6 address, which must be greater than or equal to the start IPv6 address.

Usage guidelines

Operating mechanism

You can execute this command multiple times to add multiple IPv6 address ranges to a SNAT address pool. Each address range can have a maximum of 10000 IPv6 addresses.

Restrictions and guidelines

No overlapping IPv6 addresses are allowed in the same SNAT address pool or different SNAT address pools.

Examples

# Add IPv6 address range 1001::1 to 1001::100 to the SNAT address pool lbsp.

<Sysname> system-view

[Sysname] loadbalance snat-pool lbsp

[Sysname-lbsnat-pool-lbsp] ipv6 range start 1001::1 end 1001::100

Related commands

arp-nd interface (SNAT address pool view)

loadbalance snat-pool

ipv6 source prefix

Use ipv6 source prefix to specify the IPv6 prefix length for connection reuse.

Use undo ipv6 source prefix to restore the default.

Syntax

ipv6 source prefix prefix-length

undo ipv6 source prefix

Default

Client IPv6 addresses with a prefix length of 0 can reuse connections.

Views

OneConnect parameter profile view

MySQL parameter profile view

Predefined user roles

network-admin

Parameters

prefix-length: Specifies the prefix length in the range of 0 to 128.

Usage guidelines

Examples

# In OneConnect parameter profile ocp, set the prefix length for connection reuse to 24.

<Sysname> system-view

[Sysname] parameter-profile ocp type oneconnect

[Sysname-para-oneconnect-ocp] ipv6 source prefix 24

keepalive idle-timeout

Use keepalive idle-timeout to set the idle timeout time for sending keepalive packets.

Use undo keepalive idle-timeout to restore the default.

Syntax

keepalive idle-timeout timeout-value

undo keepalive idle-timeout

Default

The idle timeout time for sending keepalive packets is 1800 seconds.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the idle timeout time for sending keepalive packets, in the range of 1 to 65535 seconds.

Examples

# Set the timeout time for sending keepalive packets to 5 seconds in the TCP parameter profile profile.

<Sysname> system-view

[Sysname] parameter-profile profile type tcp

[Sysname-para-tcp-profile] keepalive idle-timeout 5

Related commands

display parameter-profile

keepalive retransmission interval

Use keepalive retransmission interval to set the retransmission interval and retransmission times for keepalive packets.

Use undo keepalive retransmission interval to restore the default.

Syntax

keepalive retransmission interval interval count count

undo keepalive retransmission

Default

The retransmission interval is 10 seconds, and the retransmission times is 3.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

interval: Specifies the retransmission interval for keepalive packets, in the range of 1 to 65535 seconds.

count: Specifies the retransmission times for keepalive packets, in the range of 1 to 65535.

Examples

# Set the retransmission interval and retransmission times for keepalive packets to 5 seconds and 10, respectively, in the TCP parameter profile profile.

<Sysname> system-view

[Sysname] parameter-profile profile type tcp

[Sysname-para-tcp-profile] keepalive retransmission interval 5 count 10

Related commands

display parameter-profile

lb-limit-policy

Use lb-limit-policy to apply an LB connection limit policy to a virtual server.

Use undo lb-limit-policy to restore the default.

Syntax

lb-limit-policy policy-name

undo lb-limit-policy

Default

No LB connection limit policies are applied to a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an LB connection limit policy by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Use this command to implement rate limit for user traffic.

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Apply the LB connection limit policy llp to the HTTP-type virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs]lb-limit-policy llp

Related commands

loadbalance limit-policy

lb-policy

Use lb-policy to specify an LB policy to be referenced by the specified virtual server.

Use undo lb-policy to restore the default.

Syntax

lb-policy policy-name

undo lb-policy

Default

No LB policy is referenced by a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an LB policy by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Operating mechanism

By referencing an LB policy, the virtual server implements load balancing for matching packets based on the packet contents.

Restrictions and guidelines

A virtual server can reference the policy template of the specified type. For example, a virtual server of the fast HTTP or HTTP type can reference a policy template of the generic type or HTTP type. A virtual server of the IP, SIP, TCP, or UDP type can reference a policy template of the generic type only.

Examples

# Specify the LB policy lbp1 to be referenced by the IP-type virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] lb-policy lbp1

limit

Use limit to configure an LB connection limit rule.

Use undo limit to delete an LB connection limit rule.

Syntax

limit limit-id acl [ ipv6 ] { acl-number | name acl-name } [ per-destination | per-service | per-source ] * amount max-amount min-amount

undo limit limit-id

Default

No rules are configured for an LB connection limit policy.

Views

LB connection limit policy view

Predefined user roles

network-admin

Parameters

limit-id: Specifies an LB connection limit rule ID. The value range for this argument is 1 to 65535.

acl: Specifies an ACL to limit user connections of a specified user range.

ipv6: Specifies an IPv6 ACL. If you do not specify this keyword, the command uses an IPv4 ACL.

acl-number: Specifies the ACL number in the range of 2000 to 3999.

name acl-name: Specifies an ACL by its name.

per-destination: Limits user connections by destination IP address.

per-service: Limits user connections by service. Services are classified by transport layer protocol and service port number.

per-source: Limits user connections by source IP address.

max-amount: Specifies the upper limit of connections, in the range of 1 to 4294967295. When the number of connections in a specified range or for a certain type reaches the upper limit, the device does not accept new connection requests.

min-amount: Specifies the lower limit of connections, in the range of 1 to 4294967295. The min-amount must be equal to or smaller than the max-amount. The device accepts new connection requests only when the number of connections drops below the lower limit.

Usage guidelines

Operating mechanism

An LB connection limit policy can have multiple rules. You can specify an ACL, a type, and the upper and lower limits for each rule. You can specify one or more of the per-destination, per-service, and per-source keywords for the command. For example, you can specify both the per-destination and per-source keywords to limit user connections by destination address and source address of packets.

If the per-destination, per-service, and per-source keywords are not specified, the command limits all user connections matching the specified ACL.

The rules in an LB connection limit policy are matched in ascending order of the rule IDs until a match is found.

When the specified ACL changes, the device uses a new LB connection limit policy to process existing connections again.

Restrictions and guidelines

You must specify a different ACL for each rule in an LB connection limit policy.

Examples

# Configure rule 1 for the LB connection limit policy 1. Use ACL 3000 to permit user connections sourced from the network 192.168.0.0/24, and set the upper and lower limits to 2000 and 1800 for the user connections by source and destination addresses.

<Sysname> system-view

[Sysname] acl advanced 3000

[Sysname-acl-ipv4-adv-3000] rule permit ip source 192.168.0.0 0.0.0.255

[Sysname-acl-ipv4-adv-3000] quit

[Sysname] loadbalance limit-policy 1

[Sysname-lb-limit-policy-1] limit 1 acl 3000 per-destination per-source amount 2000 1800

loadbalance action

Use loadbalance action to create an LB action and enter its view, or enter the view of an existing LB action.

Use undo loadbalance action to delete the specified LB action.

Syntax

loadbalance action action-name [ type { diameter | dns | generic | http | link-generic | radius } ]

undo loadbalance action action-name

Default

No LB actions exist.

Views

System view

Predefined user roles

network-admin

Parameters

action-name: Specifies the LB action name, a case-insensitive string of 1 to 255 characters.

type { diameter | dns | generic | http | link-generic | radius }: Specifies an LB action type.

· diameter: Diameter load balancing action.

· dns: DNS load balancing action.

· generic: Generic server load balancing action.

· http: HTTP load balancing action.

· link-generic: Link load balancing action.

· radius: RADIUS load balancing action.

Usage guidelines

Restrictions and guidelines

When you create an LB action, you must specify the LB action type. You can enter an existing LB action view without entering the type of the LB action.

Examples

# Create the LB action lba1 with the generic type, and enter LB action view.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1]

loadbalance alg

Use loadbalance alg to enable ALG for the specified protocols.

Use undo loadbalance alg to disable ALG for the specified protocols.

Syntax

loadbalance alg { dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet | tftp | xdmcp }

undo loadbalance alg { dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet | tftp | xdmcp }

Default

ALG is enabled for the DNS, FTP, PPTP, and RTSP protocols and ICMP error packets.

Views

System view

Predefined user roles

network-admin

Parameters

dns: Specifies the DNS protocol.

ftp: Specifies the FTP protocol.

h323: Specifies the H.323 protocol.

icmp-error: Specifies the ICMP error packets.

ils: Specifies the Internet Locator Service (ILS) protocol.

mgcp: Specifies the Media Gateway Control Protocol (MGCP).

nbt: Specifies the NetBIOS over TCP/IP (NBT) protocol.

pptp: Specifies the Point-to-Point Tunneling Protocol (PPTP).

rsh: Specifies the Remote Shell (RSH) protocol.

rtsp: Specifies the Real Time Streaming Protocol (RTSP).

sccp: Specifies the Skinny Client Control Protocol (SCCP).

sip: Specifies the Session Initiation Protocol (SIP).

sqlnet: Specifies the SQLNET protocol.

tftp: Specifies the TFTP protocol.

xdmcp: Specifies the X Display Manager Control Protocol (XDMCP).

Usage guidelines

Operating mechanism

The ALG feature distributes parent and child sessions to the same link.

Restrictions and guidelines

SIP fragmented packets do not support the ALG feature.

Examples

# Enable ALG for TFTP.

<Sysname> system-view

[Sysname] loadbalance alg tftp

loadbalance alg all-enable

Use loadbalance alg all-enable to enable ALG for all protocols.

Use loadbalance alg all-disable to disable ALG for all protocols.

Syntax

loadbalance alg all-enable

loadbalance alg all-disable

Default

ALG is enabled for the DNS, FTP, PPTP, and RTSP protocols and ICMP error packets.

Views

System view

Predefined user roles

network-admin

Examples

# Enable ALG for all protocols.

<Sysname> system-view

[Sysname] loadbalance alg all-enable

loadbalance class

Use loadbalance class to create an LB class and enter its view, or enter the view of an existing LB class.

Use undo loadbalance class to delete the specified LB class.

Syntax

loadbalance class class-name [ type { diameter | dns | generic | http | link-generic | mysql | radius } [ match-all | match-any ] ]

undo loadbalance class class-name

Default

No LB classes exist.

Views

System view

Predefined user roles

network-admin

Parameters

class-name: Specifies the LB class name, a case-insensitive string of 1 to 255 characters.

type { diameter | dns | generic | http | link-generic | mysql | radius }: Specifies an LB class type.

· diameter: Diameter load balancing class.

· dns: DNS load balancing class.

· generic: Generic server load balancing class.

· http: HTTP load balancing class.

· link-generic: Link load balancing class.

· mysql: MySQL load balancing class.

· radius: RADIUS load balancing class.

[ match-all | match-any ]: Requires matching all rules or any rule of the LB class. match-all is the default match mode.

Usage guidelines

Restrictions and guidelines

When you create an LB class, you must specify an LB class type. You can enter an existing LB class view without entering the type of the LB class.

Examples

# Create the LB class lbc1 with the generic type, and enter LB class view.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type generic

[Sysname-lbc-generic-lbc1]

loadbalance limit-policy

Use loadbalance limit-policy to create an LB connection limit policy and enter its view, or enter the view of an existing LB connection limit policy.

Use undo loadbalance limit-policy to delete an LB connection limit policy.

Syntax

loadbalance limit-policy policy-name

undo loadbalance limit-policy policy-name

Default

No LB connection limit policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies the LB connection limit policy name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Operating mechanism

Using an LB connection limit policy can limit the number of connections on the device. It helps prevent a large number of connections from consuming too many device system resources and server resources. In this way, internal network resources (hosts or servers) are protected, and device system resources can be used more appropriately.

Examples

# Create the LB connection limit policy llp, and enter LB connection limit policy view.

<Sysname> system-view

[Sysname] loadbalance limit-policy llp

[Sysname-lb-limit-policy-llp]

loadbalance log enable base

Use loadbalance log enable base to enable load balancing basic logging.

Use undo loadbalance log enable base to disable load balancing basic logging.

Syntax

loadbalance log enable base

undo loadbalance log enable base

Default

Load balancing basic logging is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Load balancing basic logging generates logs for the following events:

· The state of a real server, real server group, link, or link group changes.

· The health monitoring result of a real server or link changes.

· The number of connections on a real server, virtual server, or link reaches or drops below the upper limit.

· The connection establishment rate on a real server, virtual server, or link reaches or drops below the upper limit.

· A primary/backup server farm switchover occurs between server farms specified for a virtual server.

· A primary/backup link group switchover occurs between link groups specified for a virtual server.

· A primary/backup server farm switchover occurs between server farms specified for an LB action.

· A primary/backup link group switchover occurs between link groups specified for an LB action.

If the actual bandwidth of a link, real server, or virtual server exceeds the maximum bandwidth specified by using the rate-limit bandwidth command, the device does not generates LB basic logs.

Examples

# Enable load balancing basic logging.

<Sysname> system-view

[Sysname] loadbalance log enable base

Related commands

rate-limit bandwidth (link view)

rate-limit bandwidth (real server view)

rate-limit bandwidth (virtual server view)

loadbalance log enable nat

Use loadbalance log enable nat to enable load balancing NAT logging.

Use undo loadbalance log enable nat to disable load balancing NAT logging.

Syntax

loadbalance log enable nat

undo loadbalance log enable nat

Default

Load balancing NAT logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

Load balancing NAT logging records NAT session information, including IP address and port translation information and access information.

Restrictions and guidelines

Load balancing NAT logs are exported as flow logs. To export load balancing NAT logs, you must also configure flow log settings. For more information about flow logs, see Network Management and Monitoring Configuration Guide.

Examples

# Enable load balancing NAT logging.

<Sysname> system-view

[Sysname] loadbalance log enable nat

loadbalance policy

Use loadbalance policy to create an LB policy and enter its view, or enter the view of an existing LB policy.

Use undo loadbalance policy to delete the specified LB policy.

Syntax

loadbalance policy policy-name [ diameter | type { dns | generic | http | link-generic | mysql | radius } ]

undo loadbalance policy policy-name

Default

No LB policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies the LB policy name, a case-insensitive string of 1 to 255 characters.

type { diameter | dns | generic | http | link-generic | mysql | radius }: Specifies an LB policy type.

· diameter: Diameter load balancing policy.

· dns: DNS load balancing policy.

· generic: Generic server load balancing policy.

· http: HTTP load balancing policy.

· link-generic: Link load balancing policy.

· mysql: MySQL load balancing policy.

· radius: RADIUS load balancing policy.

Usage guidelines

Restrictions and guidelines

When you create an LB policy, you must specify the LB policy type. You can enter existing LB policy view without entering the type of the LB policy.

Examples

# Create the LB policy lbp1 with the generic type, and enter LB policy view.

<Sysname> system-view

[Sysname] loadbalance policy lbp1 type generic

[Sysname-lbp-generic-lbp1]

loadbalance probe failed-record enable

Use loadbalance probe failed-record enable to enable recording health monitoring failures.

Use undo loadbalance probe failed-record enable to restore the default.

Syntax

loadbalance probe failed-record enable

undo loadbalance probe failed-record enable

Default

Recording of health monitoring failures is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

After you execute this command, the device starts recording health monitoring failures of real servers and links. To display the records of health monitoring failures, execute the display loadbalance probe failed-record command.

Examples

# Enable recording of health monitoring failures.

<Sysname> system-view

[Sysname] loadbalance probe failed-record enable

Related commands

display loadbalance probe failed-record

loadbalance probe failed-record max-number

Use loadbalance probe failed-record max-number to set the maximum number of health monitoring failures that can be recorded.

Use undo loadbalance probe failed-record max-number to restore the default.

Syntax

loadbalance probe failed-record max-number max-number

undo loadbalance probe failed-record max-number

Default

The maximum number of health monitoring failures that can be recorded is 50000.

Views

System view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of health monitoring failures that can be recorded in the range of 100 to 50000.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the maximum number of health monitoring failures that can be recorded to 10000.

<Sysname> system-view

[Sysname] loadbalance probe failed-record max-number 10000

Related commands

loadbalance probe failed-record enable

loadbalance probe-template

Use loadbalance probe-template to create an LB probe template and enter its view, or enter the view of an existing LB probe template.

Use undo loadbalance probe-template to delete an LB probe template.

Syntax

loadbalance probe-template { external-monitor | http-passive | icmp | tcp-rst | tcp-zero-window } template-name

undo loadbalance probe-template { external-monitor | http-passive | icmp | tcp-rst | tcp-zero-window } template-name

Default

No LB probe templates exist.

Views

System view

Predefined user roles

network-admin

Parameters

external-monitor: Specifies the custom-monitoring-type template.

http-passive: Specifies the HTTP-passive-type template.

icmp: Specifies the ICMP-type template.

tcp-rst: Specifies the TCP-RST template.

tcp-zero-window: Specifies the TCP zero-window template.

template-name: Specifies a template name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

A server farm, a server farm member, or a real server can use a custom-monitoring LB probe template to detect the health state of each real server.

A server farm can use an HTTP passive LB probe template to count the number of URL error times by monitoring the responses of HTTP requests to each real server.

The proximity feature can use an ICMP LB probe template to start ICMP tests and identify the reachability of hosts according to received ICMP responses.

A server farm can use a TCP-RST or TCP zero-window LB probe template to count the number of RST packets or zero-window packets sent by each server farm member.

For a back-end server acting as a database, the server farm, server farm member, or real server can use a database LB probe template to detect the availability of the database. Within the monitoring period of the LB probe template, the device can use the various probe methods to progressively obtain the health state of target database from different aspects.

Examples

# Create an LB probe template named icmptplt, and enter LB probe template view.

<Sysname> system-view

[Sysname] loadbalance probe-template icmp icmptplt

[Sysname-lbpt-icmp-icmptplt]

loadbalance process-limit

Use loadbalance process-limit to set the maximum number of processes allowed to be started for custom monitoring.

Use undo loadbalance process-limit to restore the default.

Syntax

loadbalance process-limit number

undo loadbalance process-limit

Default

A maximum of eight processes can be started for custom monitoring.

Views

System view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of processes, in the range of 1 to 16.

Examples

# Set the maximum number of processes allowed to be started for custom monitoring to 2.

<Sysname> system-view

[Sysname] loadbalance process-limit 2

Related commands

display loadbalance process-limit

loadbalance protection-policy

Use loadbalance protection-policy to create a protection policy and enter its view, or enter the view of an existing protection policy.

Use undo loadbalance protection-policy to delete a protection policy.

Syntax

loadbalance protection-policy policy-name [ type http ]

undo loadbalance protection-policy policy-name

Default

No protection policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a protection policy name, a case-insensitive string of 1 to 255 characters.

type http: Specifies the HTTP-type protection policy. When you create a protection policy, you must specify the policy type. You can enter the view of an existing protection policy without specifying the policy type.

Examples

# Create an HTTP protection policy named p1 and enter its view.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1 type http

[Sysname-lbpp-http-p1]

loadbalance reload external-link file

Use loadbalance reload external-link file to load an external link rewrite file.

Use undo loadbalance reload external-link file to remove the configuration.

Syntax

loadbalance reload external-link file filename

undo loadbalance reload external-link file

Default

No external link rewrite file is used.

Views

System view

Predefined user roles

network-admin

Parameters

filename: Specifies a file by its complete name, a case-insensitive string of 1 to 256 characters.

Usage guidelines

Operating mechanism

If the file content has changed, you must reload the external link rewrite file to ensure it is effective.

Recommended configuration

Make sure the file format is supported by the client browser. As a best practice, use the JS script file.

Restrictions and guidelines

Make sure the name of the external link rewrite file is different from the response file for HTTP requests.

Examples

# Load external link rewrite file /sub_lb_sw.js.

<Sysname> system-view

[Sysname] loadbalance reload external-link file /sub_lb_sw.js

Related commands

external-link inject-domain-suffix

external-link inject-uri

external-link proxy enable

external-link whitelist domain

loadbalance schedule-test ip

Use loadbalance schedule-test ip to perform an IPv4 load balancing test.

Syntax

loadbalance schedule-test ip { application http { message-file file-name | method { get | post } url url [ header header ]&<1-10> [ content content-value ] } | protocol { protocol-number | icmp | tcp | udp } } destination destination-address destination-port destination-port source source-address source-port source-port

Views

Any view

Predefined user roles

network-admin

Parameters

application: Specifies an application to be tested.

http: Specifies the HTTP application.

message-file file-name: Specifies the file that contains HTTP packet contents. The file name is a case-insensitive string of 1 to 255 characters. The file size cannot exceed 5000 bytes.

method: Specifies an HTTP request method.

get: Specifies the GET method.

post: Specifies the POST method.

url url: Specifies a URL for the HTTP packet, a case-insensitive string of 1 to 255 characters. A URL can contain letters, digits, hyphens (-), underscores (_), and periods (.). The URL cannot contain consecutive periods.

[ header header ]&<1-10>: Specifies a space-separated list of up to 10 HTTP packet headers. A header is a case-sensitive string of 1 to 127 characters excluding question marks (?).

content content-value: Specifies the content of the HTTP packet body, a case-sensitive string of 1 to 255 characters excluding question marks (?).

protocol { protocol-number | icmp | tcp | udp }: Specifies a protocol by its number in the range of 0 to 255 or by its name. For ICMP (1), TCP (6), and UDP (17), you can enter the protocol number or protocol name.

destination destination-address: Specifies the destination IPv4 address.

destination-port destination-port: Specifies the destination port number in the range of 0 to 65535. This option is not supported by some protocols.

source source-address: Specifies the source IPv4 address.

source-port source-port: Specifies the source port number in the range of 0 to 65535. This option is not supported by some protocols.

Examples

# Perform an IPv4 load balancing test for the TCP protocol.

<Sysname> loadbalance schedule-test ip protocol tcp destination 7.7.7.7 destination-port 4 source 2.2.2.2 source-port 5

Matched virtual server: vs2

Matched default server farm: sf

Forward type: Forwarding to real server

Selected real server: rs2

Scheduling algorithm: Predictor

# Perform an IPv4 load balancing test for the TCP protocol.

<Sysname> loadbalance schedule-test ip protocol tcp destination 7.7.7.7 destination-port 4 source 2.2.2.2 source-port 5

Matched virtual server: vs2

Matched default link group: lg

Forward type: Forwarding to link

Selected link: link2

Scheduling algorithm: Predictor

Table 29 Command output

Field	Description
Forward type	Forwarding mode: · The destination address is not supported. Load balancing is not performed. · Matching HTTP virtual server is not supported—An HTTP virtual server is matched. Load balancing is not supported. · Forward all—Forwards packets. · Forwarding to real server—Forwards packets to the real server. · Forwarding to link—Forwards packets to the link. · Drop—Drops packets. · Redirect—Redirects packets. · Waiting—Enqueues packets.
Drop reason	Packet drop reason: · Number of connections or bandwidth for the virtual server exceeded the limit. · No class matched and no valid default server farm/link group configured. · No valid real server/link in the server farm/link group. · Action is drop. · A sticky entry was matched but the number of connections or bandwidth for the real server/link exceeded the limit. · A class was matched but no valid server farm/link group exists in the action of the class. · The HTTP message is not valid. · The HTTP request line is not valid. · The HTTP header is not valid. · The chunk HTTP content is not valid. · The server farm is busy. · Queue overflow (which means the wait queue is full).
Scheduling algorithm	Scheduling algorithm used to select the real server or link: · Predictor—The real server or link is selected by using the scheduling algorithm. · Sticky method—The real server or link is selected by using the sticky method. · Proximity—The link is selected by using the proximity feature.

loadbalance schedule-test ipv6

Use loadbalance schedule-test ipv6 to perform an IPv6 load balancing test.

Syntax

loadbalance schedule-test ipv6 { application http { message-file file-name | method { get | post } url url [ header header ]&<1-10> [ content content-value ] } | protocol { protocol-number | icmpv6 | tcp | udp } } destination destination-address destination-port destination-port source source-address source-port source-port

Views

Any view

Predefined user roles

network-admin

Parameters

application: Specifies an application to be tested.

http: Specifies the HTTP application.

message-file file-name: Specifies the file that contains HTTP packet contents. The file name is a case-insensitive string of 1 to 255 characters. The file size cannot exceed 5000 bytes.

method: Specifies an HTTP request method.

get: Specifies the GET method.

post: Specifies the POST method.

[ header header ]&<1-10>: Specifies a space-separated list of up to 10 HTTP packet headers. A header is a case-sensitive string of 1 to 127 characters excluding question marks (?).

content content-value: Specifies the content of the HTTP packet body, a case-sensitive string of 1 to 255 characters excluding question marks (?).

protocol { protocol-number | icmpv6 | tcp | udp }: Specifies a protocol by its number in the range of 0 to 255 or by its name. For ICMPv6 (58), TCP (6), and UDP (17), you can enter the protocol number or protocol name.

destination destination-address: Specifies the destination IPv6 address.

destination-port destination-port: Specifies the destination port number in the range of 0 to 65535. This option is not supported by some protocols.

source source-address: Specifies the source IPv6 address.

source-port source-port: Specifies the source port number in the range of 0 to 65535. This option is not supported by some protocols.

Examples

# Schedule an IPv6 load balancing test for the ICMPv6 protocol.

<Sysname> loadbalance schedule-test ipv6 protocol icmpv6 destination 10::1 source 12::2

Matched virtual server: vs2

Matched default server farm: sf

Forward type: Forwarding to real server

Selected real server: rs2

Scheduling algorithm: Predictor

# Schedule an IPv6 load balancing test for the ICMPv6 protocol.

<Sysname> loadbalance schedule-test ipv6 protocol icmpv6 destination 10::1 source 12::2

Matched virtual server: vs2

Matched default link group: lg

Forward type: Forwarding to link

Selected link: link2

Scheduling algorithm: Predictor

Table 30 Command output

Field	Description
Forward type	Forwarding mode: · The destination address is not supported. Load balancing is not performed. · Matching HTTP virtual server is not supported—An HTTP virtual server is matched. Load balancing is not supported. · Forward all—Forwards packets. · Forwarding to real server/link—Forwards packets to the real server or link. · Drop—Drops packets. · Redirect—Redirects packets. · Waiting—Enqueues packets.
Drop reason	Packet drop reason: · Number of connections or bandwidth for the virtual server exceeded the limit. · No class matched and no valid default server farm/link group configured. · No valid real server/link in the server farm/link group. · Action is drop. · A sticky entry was matched but the number of connections or bandwidth for the real server/link exceeded the limit. · A class was matched but no valid server farm/link group exists in the action of the class. · The HTTP message is not valid. · The HTTP request line is not valid. · The HTTP header is not valid. · The chunk HTTP content is not valid. · The server farm is busy. · Queue overflow (which means the wait queue is full).
Scheduling algorithm	Scheduling algorithm used to select the real server or link: · Predictor—The real server or link is selected by using the scheduling algorithm. · Sticky method—The real server or link is selected by using the sticky method. · Proximity—The link is selected by using the proximity feature.

loadbalance snat-global-policy

Use loadbalance snat-global-policy to create a SNAT global policy and enter its view, or enter the view of an existing SNAT global policy.

Use undo loadbalance snat-global-policy to delete the specified SNAT global policy.

Syntax

loadbalance snat-global-policy policy-name

undo loadbalance snat-global-policy policy-name

Default

No SNAT global policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies the SNAT global policy name, a case-insensitive string of 1 to 255 characters.

Examples

# Create the SNAT global policy sn1, and enter SNAT global policy view.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1]

Related commands

snat-mode

snat-pool (server farm view)

loadbalance snat-pool

Use loadbalance snat-pool to create a SNAT address pool and enter its view, or enter the view of an existing SNAT address pool.

Use undo loadbalance snat-pool to delete the specified SNAT address pool.

Syntax

loadbalance snat-pool pool-name

undo loadbalance snat-pool pool-name

Default

No SNAT address pools exist.

Views

System view

Predefined user roles

network-admin

Parameters

pool-name: Specifies the SNAT address pool name, a case-insensitive string of 1 to 255 characters.

Examples

# Create the SNAT address pool lbsp, and enter SNAT address pool view.

<Sysname> system-view

[Sysname] loadbalance snat-pool lbsp

[Sysname-lbsnat-pool-lbsp]

loadbalance ssl performance-optimize cache-value

Use loadbalance ssl performance-optimize cache-value to configure the cache limit for SSL performance optimization.

Use undo loadbalance ssl performance-optimize cache-value to restore the default.

Syntax

loadbalance ssl performance-optimize cache-value cache-value

undo loadbalance ssl performance-optimize cache-value

Default

The cache limit for SSL performance optimization is 0 KB, indicating that the cache size is not limited.

Views

System view

Predefined user roles

network-admin

Parameters

cache-value: Specifies the cache limit for SSL performance optimization, in the range of 0 to 15 KB.

Usage guidelines

When the SSL caches reach the specified limit, the caches will be sent to the server.

Examples

# Set the cache limit for SSL performance optimization to 12KB.

<Sysname> system-view

[Sysname] loadbalance ssl performance-optimize cache-value 12

loadbalance tcp-timestamp-mode

Use loadbalance tcp-timestamp-mode to globally specify an action to take on the Timestamps option in TCP packet headers.

Use undo loadbalance tcp-timestamp-mode to restore the default.

Syntax

loadbalance tcp-timestamp-mode { preserve | rewrite | remove }

undo loadbalance tcp-timestamp-mode

Views

System view

Default

The Timestamps option is preserved in TCP packet headers.

Predefined user roles

network-admin

Parameters

preserve: Preserves the Timestamps option in TCP packet headers.

rewrite: Rewrites the Timestamps option in TCP packet headers.

remove: Removes the Timestamps option from TCP packet headers.

Usage guidelines

Operating mechanism

This command enables the LB device to preserve, rewrite, or remove the Timestamps option in the headers of TCP packets sent to the server.

· Preserve—Preserves the Timestamps option value in TCP packet headers.

· Rewrite—Rewrites the Timestamps option value in TCP packet headers with the current timestamp value of the device.

· Remove—Removes the Timestamps option field from TCP packet headers. On some networks where timestamps are unnecessary, you can remove them to reduce the packet size and enhance transmission performance. When the back-end servers do not support the timestamp mechanism, you can also remove the Timestamps option from TCP packet headers.

Restrictions and guidelines

This command takes effect for virtual servers of the TCP, HTTP, Diameter, and MySQL types. The tcp option preserve, tcp option rewrite, or tcp option remove command executed in TCP parameter profile view takes effect only for the virtual servers that are specified with the parameter profile. If both the global setting and the setting in TCP parameter profile view are configured, the setting in TCP parameter profile view takes precedence.

Examples

# Globally preserve the Timestamps option in TCP packet headers.

<Sysname> system-view

[Sysname] loadbalance tcp-timestamp-mode preserve

Related commands

tcp option preserve

tcp option remove

tcp option rewrite

loadbalance test pcre

Use loadbalance test pcre to perform a PCRE regular expression match test and display the match result.

Syntax

loadbalance test pcre value value { string string | file file-name } [ offset offset ] [ case-insensitive ]

Views

Any view

Predefined user roles

network-admin

Parameters

value value: Specifies a PCRE regular expression, a case-sensitive string of 1 to 255 characters excluding question marks (?).

string string: Specifies the string to be tested, a case-sensitive string of 1 to 255 characters.

file file-name: Specifies the file to be tested by its name, a case-insensitive string of 1 to 255 characters. The file size cannot exceed 5000 bytes.

offset offset: Specifies the offset from the content to be tested, in the range of 0 to 255 bytes. The default is 0.

case-insensitive: Enables case-insensitivity matching. If you do not specify this keyword, case-sensitivity matching applies.

Usage guidelines

Operating mechanism

If the specified string or file matches the PCRE regular expression multiple times, the device displays only the result of the first match.

For a string test, the device displays the match result in text strings. For a file test, the device displays the match result in both hexadecimal characters and text strings. Characters that cannot be displayed are represented as periods (.).

Examples

# Perform a PCRE regular expression match test for string ABCDAAaefg.

<Sysname> loadbalance test pcre value aaa string ABCDAAaefg case-insensitive

Matched string content: AAa

# Perform a PCRE regular expression match test for file 123.txt.

<Sysname> loadbalance test pcre value dzckgjlfdsfdsfsdnfsdkjgnf file 123.txt

Matched file content:

64 7a 63 6b 67 6a 6c 66 64 73 66 64 73 66 73 64 dzckgjlf dsfdsfsd

6e 66 73 64 6b 6a 67 6e 66 64 nfsdkjgn f

loadbalance test rewrite

Use loadbalance test rewrite to perform a regular-expression-based rewrite test and display the rewrite result.

Syntax

loadbalance test rewrite value value replace replace-string { string string | file file-name } [ offset offset ] [ case-insensitive ]

Views

Any view

Predefined user roles

network-admin

Parameters

value value: Specifies a regular expression to match the content to be rewritten, a case-sensitive string of 1 to 255 characters excluding question marks (?). You can also specify the following character strings:

· %is—Source IP address.

· %ps—Source port number.

· %id—Destination IP address.

· %pd—Destination port number.

replace replace-string: Specifies the content after rewrite, a case-sensitive string of 1 to 255 characters.

string string: Specifies the string to be tested, a case-sensitive string of 1 to 255 characters.

file file-name: Specifies the file to be tested by its name, a case-insensitive string of 1 to 255 characters. The file size cannot exceed 5000 bytes.

offset offset: Specifies the offset from the content to be tested, in the range of 0 to 255 bytes. The default is 0.

case-insensitive: Enables case-insensitivity matching. If you do not specify this keyword, case-sensitivity matching applies.

Usage guidelines

Operating mechanism

If the string or file to be tested matches the regular expression, the device replaces the matching content with the content after rewrite.

If the string or file matches the regular expression multiple times, the device displays only the rewrite result of the first match.

For a string test, the device displays the rewrite result in text strings. For a file test, the device displays the rewrite result in both hexadecimal characters and text strings. Characters that cannot be displayed are represented as periods (.).

Examples

# Perform a rewrite test for string ABCDAAaefg.

<Sysname> loadbalance test rewrite value %id replace ip:%id,port:%pd string ABCDAAaefg case-insensitive

Rewritten string content: ABCD172.0.0.1fg

# Perform a rewrite test for file 123.txt.

<Sysname> loadbalance test rewrite value dzckgjlfdsfdsfsdnfsdkjgnf replace ip:%id,port:%pd file 123.txt

Rewritten file content:

66 67 73 2d 61 47 76 61 73 64 64 73 61 67 76 62 fgs-aGva sddsagvb

64 6a 63 78 6b 6c 63 78 76 0d 0a 0d 0a 0d 0a 0d djcxklcx v.......

0a 69 70 3a 31 37 32 2e 30 2e 30 2e 31 2c 70 6f .ip:172. 0.0.1,po

72 74 3a 38 30 09 6a 6b 64 67 6e 66 64 6a 6b 67 rt:80.jk dgnfdjkg

6e 66 64 6b 6a 67 6e 66 64 6b 6e 67 76 73 64 66 nfdkjgnf dkngvsdf

6c 0d 0a 0d 0a 0d 0a 0d 0a 66 67 73 2b 61 67 76 l....... .fgs+agv

61 73 64 64 73 61 67 76 62 64 6a 63 78 6b 6c 63 asddsagv bdjcxklc

78 76 0d 0a 66 67 73 64 61 67 76 61 73 64 64 73 xv..fgsd agvasdds

61 67 76 62 64 6a 63 78 6b 6c 63 78 76 agvbdjcx klcxv

location rewrite

Use location rewrite to rewrite the content in the Location header of HTTP responses from the server.

Use undo location rewrite to restore the default.

Syntax

location rewrite match regex match-pattern replace replace-string

undo location rewrite match regex match-pattern replace replace-string

Default

The content in the Location header of HTTP responses from the server is not rewritten.

Views

HTTP LB action view

Predefined user roles

network-admin

Parameters

match: Matches the Location header content to be rewritten.

regex match-pattern: Specifies a regular expression, a case-sensitive string of 1 to 127 characters. Regular expression metacharacter (?) is supported.

replace replace-string: Specifies the Location header content after rewriting, a case-sensitive string of 1 to 127 characters.

Usage guidelines

Operating mechanism

If the HTTP response contains 302 redirect and matches the specified match-pattern, the system will rewrite the content in the Location header to replace-value based on the match-pattern.

You can execute this command multiple times to configure multiple rules. If you execute this command multiple times to rewrite the same Location header content, the most recent configuration takes effect.

Restrictions and guidelines

As a best practice, configure a maximum of 16 rules for an HTTP LB action.

Redirection of the Location header is executed after SSL URL redirection rewrite. The system rewrites the Location header content after matching the SSL URL rewrite result.

Examples

# In HTTP LB action lba2, rewrite http://www.example.com:9080 to http://www.example.com:80 in the Location headers of HTTP responses sent by the server.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] location rewrite match regex (http://www.example.com):9080 replace %1:80

Related commands

ssl url rewrite location

manual-recover enable (server farm view)

Use manual-recover enable to enable health monitoring manual recovery.

Use undo manual-recover enable to disable health monitoring manual recovery.

Syntax

manual-recover enable

undo manual-recover enable

Default

Health monitoring manual recovery is disabled.

Views

Server farm view

Predefined user roles

network-admin

Usage guidelines

If health monitoring manual recovery is disabled, a server farm member automatically returns to normal state after it passes the health check. If health monitoring manual recovery is enabled, when a server farm member passes the health check, it will not automatically return to normal state. You need to manually restore it to normal state by executing the recover-to-active command in server farm member view.

Examples

# Enable health monitoring manual recovery for server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] manual-recover enable

Related commands

recover-to-active (server farm member view)

match acl

Use match class to create an ACL match rule or modify an existing ACL match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] acl [ ipv6 ] { acl-number | name acl-name }

undo match match-id

Default

No match rules exist.

Views

LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

ipv6: Specifies an IPv6 ACL. If you do not specify this keyword, the command creates an IPv4 ACL.

acl-number: Specifies the ACL number in the range of 2000 to 3999.

name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters starting with a letter.

Usage guidelines

If the specified ACL does not exist, this rule is not matched.

You can create a maximum of 65535 match rules for an LB class.

Examples

# In server load balancing, create an ACL match rule for the generic LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type generic

[Sysname-lbc-generic-lbc1] match acl 2000

# In outbound link load balancing, create an ACL match rule for the link-generic LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type link-generic

[Sysname-lbc-link-generic-lbc2] match acl 2000

# In transparent DNS proxy, create an ACL match rule for the DNS LB class lbc3.

<Sysname> system-view

[Sysname] loadbalance class lbc3 type dns

[Sysname-lbc-dns-lbc3] match acl 2000

match application-id

Use match application-id to create an application ID match rule or modify an existing application ID match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] application-id [ application-id | all ]

undo match match-id

Default

No match rules exist.

Views

Diameter LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

application-id: Specifies an application by its ID in the range of 1 to 4294967295.

all: Specifies all applications.

Usage guidelines

The specified application ID must be an application ID defined in the Diameter base protocol and its extension protocols. If the specified application ID does not exist, the rule does not take effect.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an application ID match rule for Diameter LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type diameter

[Sysname-lbc-diameter-lbc1] match application-id 3

Related commands

loadbalance class

match class

Use match class to create a match rule that references an LB class or modify an existing match rule that references an LB class.

Use undo match to delete a match rule.

Syntax

match [ match-id ] class class-name

undo match match-id

Default

An LB class does not have a match rule.

Views

LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

class-name: Specifies an LB class by its name, a case-insensitive string of 1 to 255 characters, to be referenced by the match rule. The current LB class cannot be referenced.

Usage guidelines

A match rule cannot reference an LB class that has already been referenced.

You can create a maximum of 65535 match rules for an LB class.

Examples

# In server load balancing, create a match rule that references the LB class lbc2 for the generic LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type generic

[Sysname-lbc-generic-lbc1] match class lbc2

# In outbound link load balancing, create a match rule that references the LB class lbc3 for the link-generic LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc3 type link-generic

[Sysname-lbc-link-generic-lbc3] match class lbc2

# In transparent DNS proxy, create a match rule that references the LB class lbc4 for the DNS LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc4 type dns

[Sysname-lbc-dns-lbc4] match class lbc2

match content

Use match content to create an HTTP entity match rule or modify an existing HTTP entity match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] content content [ offset offset ]

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

content content: Specifies the HTTP entity regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

offset offset: Specifies the offset value of the HTTP entity based on the start of the HTTP packet, in the range of 0 to 1000 bytes. The default is 0.

Usage guidelines

If the entity of an HTTP packet after the offset value matches the specified regular expression, the packet matches the rule.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an HTTP entity match rule for the HTTP LB class lbc2: Specify the offset value as 10 and regular expression as abc.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match content abc.* offset 10

match cookie

Use match cookie to create an HTTP cookie match rule or modify an existing HTTP cookie match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] cookie cookie-name value value

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

cookie cookie-name: Specifies the name of the HTTP cookie, a case-sensitive string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127.

value value: Specifies the cookie value regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Usage guidelines

If an HTTP packet contains the specified cookie with the value matching the specified regular expression, the packet matches the rule.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an HTTP cookie match rule for the HTTP LB class lbc2: Specify the cookie name as JSession-id and cookie value regular expression as abc.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match cookie JSession-id value abc.*

match destination-realm

Use match destination-realm to create a destination realm match rule or modify an existing destination realm match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] destination-realm realm-name

undo match match-id

Default

No match rules exist.

Views

Diameter LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

realm-name: Specifies a destination realm name for exact match, a case-sensitive string of 1 to 127 characters.

Usage guidelines

If a Diameter LB class is configured with a destination realm name match rule, the corresponding LB action will be performed for the traffic matching the specified destination realm name. If the specified destination realm name does not exist, the rule does not take effect.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an destination realm name match rule for Diameter LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type diameter

[Sysname-lbc-diameter-lbc1] match destination-realm example.com

Related commands

loadbalance class

match header

Use match header to create an HTTP header match rule or modify an existing HTTP header match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] header header-name value value

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

header header-name: Specifies the name of the HTTP packet header, a case-insensitive string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127.

value value: Specifies the header value regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Usage guidelines

If an HTTP packet contains the specified header with the value matching the specified regular expression, the packet matches the rule.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an HTTP header match rule for the HTTP LB class lbc2: Specify the HTTP packet header name as user-agent and header value regular expression as abcd.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match header user-agent value abcd

match interface

Use match interface to create an interface match rule or modify an existing interface match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] interface interface-type interface-number

undo match match-id

Default

An LB class does not have a match rule.

Views

Generic/HTTP/Link-generic LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

interface interface-type interface-number: Specifies an interface by its type and number. The interface type can be Layer 3 Ethernet interface and Layer 3 aggregate interface.

Usage guidelines

If the specified interface does not exist, the rule does not take effect.

Examples

# In outbound link load balancing, create an interface match rule for the link-generic LB class lbc1 to match interface GigabitEthernet 1/0/0.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type link-generic

[Sysname-lbc-link-generic-lbc1] match interface gigabitethernet 1/0/0

# In server load balancing, create an interface match rule for the generic LB class lbc2 to match interface GigabitEthernet 1/0/0.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type generic

[Sysname-lbc-generic-lbc2] match interface gigabitethernet 1/0/0

match method

Use match method to create an HTTP method match rule or modify an existing HTTP method match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] method { ext ext-type | rfc rfc-type }

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

ext ext-type: Specifies the extended type, a case-sensitive string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127.

rfc rfc-type: Specifies the RFC type to process the resources identified by the URI in HTTP request packets:

· CONNECT—Maintain the resources.

· DELETE—Delete the resources.

· GET—Request for the resources.

· HEAD—Request for the header of the response message of the resources.

· OPTIONS—Request to query the resources-related options and requirements supported by the server.

· POST—Add new data to the resources.

· PUT—Request the server to store the resource identified by the URI.

· TRACE—Request the server to return the request message it receives for test or diagnosis.

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a packet matching method match rule with extended type user for the HTTP LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match method ext user

# Create a packet matching method match rule with RFC type CONNECT for the HTTP LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match method rfc CONNECT

match payload

Use match payload to create a TCP payload match rule or modify an existing TCP payload match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] payload payload [ case-insensitive ] [ not ]

undo match match-id

Default

An LB class does not have a match rule.

Views

Generic LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

payload: Specifies the TCP payload regular expression, a case-sensitive string of 1 to 255 characters.

case-insensitive: Disables case sensitivity for matching character strings. If you do not specify this keyword, case sensitivity is enabled.

not: Negates the match rule. If you do not specify this keyword, the LB action is taken when the TCP payload regular expression is matched.

Usage guidelines

The device takes the corresponding LB action on TCP packets matching a TCP payload match rule. If you specify the not keyword for a TCP payload match rule, the device takes the corresponding LB action on TCP packets not matching the TCP payload match rule.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a match rule to match the payload hello for generic LB class c1.

<Sysname> system-view

[Sysname] loadbalance class c1 type generic

[Sysname-lbc-generic-c1] match payload hello

match radius-attribute

Use match radius-attribute to create a RADIUS attribute match rule or modify an existing RADIUS attribute match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] radius-attribute { code attribute-code | user-name } value attribute-value

undo match match-id

Default

An LB class does not have a match rule.

Views

RADIUS LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

code attribute-code: Specifies the code of the RADIUS attribute type, in the range of 1 to 255.

user-name: Specifies the RADIUS attribute type as user-name (code 1).

value attribute-value: Specifies the RADIUS attribute regular expression, a case-sensitive string of 1 to 255 characters.

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a match rule to match usernames that contain aaa for RADIUS LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type radius

[Sysname-lbc-radius-lbc1] match radius-attribute user-name value aaa*

match source

Use match source to create a source IP address match rule or modify an existing source IP address match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] source { ip address ipv4-address [ mask-length | mask ] | ipv6 address ipv6-address [ prefix-length ] }

undo match match-id

Default

An LB class does not have a match rule.

Views

LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

source: Specifies the match rule type as source IP address.

ip address ipv4-address: Specifies an IPv4 address.

mask-length: Specifies a mask length in the range of 0 to 32. The default is 32.

mask: Specifies a subnet mask. The default is 255.255.255.255.

ipv6 address ipv6-address: Specifies an IPv6 address.

prefix-length: Specifies a prefix length in the range of 0 to 128. The default is 128.

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# In server load balancing, create a match rule that matches source IP address 1.1.1.1/32 for the generic LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type generic

[Sysname-lbc-generic-lbc1] match source ip address 1.1.1.1

# In outbound link load balancing, create a match rule that matches source IP address 1.1.1.1/32 for the link-generic LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type link-generic

[Sysname-lbc-link-generic-lbc2] match source ip address 1.1.1.1

# In transparent DNS proxy, create a match rule that matches source IP address 1.1.1.1/32 for the DNS LB class lbc3.

<Sysname> system-view

[Sysname] loadbalance class lbc3 type dns

[Sysname-lbc-dns-lbc3] match source ip address 1.1.1.1

match sql

Use match sql to create a MySQL statement match rule or modify an existing MySQL statement match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] sql sql [ case-insensitive ] [ not ]

undo match match-id

Default

An LB class does not have a match rule.

Views

MySQL LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

sql: Specifies a regular expression used to match MySQL statements, a case-sensitive string of 1 to 255 characters.

case-insensitive: Disables case sensitivity for matching character strings. If you do not specify this keyword, case sensitivity is enabled.

not: Specifies that the LB action is taken when the MySQL statement regular expression is not matched. If you do not specify this keyword, the LB action is taken when the MySQL statement regular expression is matched.

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a match rule that matches MySQL statement select for the MySQL LB class c1.

<Sysname> system-view

[Sysname] loadbalance class c1 type mysql

[Sysname-lbc-mysql-lbc1] match sql select

match url

Use match url to create an HTTP URL match rule or modify an existing HTTP URL match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] url url

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

url url: Specifies a URL regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an HTTP URL match rule with regular expression .*.html for the HTTP LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match url .*.html

match user

Use match user to create a user match rule or modify an existing user match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] [ identity-domain domain-name ] user user-name

undo match match-id

Default

An LB class does not have a match rule.

Views

Generic/HTTP/Link-generic LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

identity-domain domain-name: Matches the user in an identity domain. The domain-name argument represents the identity domain name, a case-insensitive string of 1 to 255 characters excluding question marks (?). If you do not specify this option, the system matches the user among users that do not belong to any identity domain.

user-name: Specifies a username, a case-sensitive string of 1 to 55 characters.

Usage guidelines

If the specified user does not exist, the rule does not take effect.

Examples

# In outbound link load balancing, create a user match rule for the link-generic LB class lbc1 to match user u1 in identity domain domain1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type link-generic

[Sysname-lbc-link-generic-lbc1] match identity-domain domain1 user u1

# In server load balancing, create a user match rule for the generic LB class lbc2 to match user u1 in identity domain domain1.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type generic

[Sysname-lbc-generic-lbc2] match identity-domain domain1 user u1

Related commands

display loadbalance class

match user-group

Use match user-group to create a user group match rule or modify an existing user group match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] [ identity-domain domain-name ] user-group user-group-name

undo match match-id

Default

An LB class does not have a match rule.

Views

Generic/HTTP/Link-generic LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

identity-domain domain-name: Matches the user group in an identity domain. The domain-name argument represents the identity domain name, a case-insensitive string of 1 to 255 characters excluding question marks (?). If you do not specify this option, the system matches the user group among user groups that do not belong to any identity domain.

user-group-name: Specifies a user group by its name, a case-insensitive string of 1 to 200 characters.

Usage guidelines

If the specified user group does not exist, the rule does not take effect.

Examples

# In outbound link load balancing, create a user group match rule for the link-generic LB class lbc1 to match user group lb-group in identity domain domain1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type link-generic

[Sysname-lbc-link-generic-lbc1] match identity-domain domain1 user-group lb-group

# In server load balancing, create a user group match rule for the generic LB class lbc2 to match user group lb-group in identity domain domain1.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type generic

[Sysname-lbc-generic-lbc2] match identity-domain domain1 user-group lb-group

Related commands

display loadbalance class

match version

Use match version to create an HTTP version match rule or modify an existing HTTP version match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] version { 1.0| 1.1 | 2.0 }

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

1.0: Specifies HTTP 1.0.

1.1: Specifies HTTP 1.1.

2.0: Specifies HTTP 2.0.

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an HTTP version match rule with HTTP 1.0 for the HTTP LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type http

[Sysname-lbc-dns-lbc1] match version 1.0

match-across-service enable

Use match-across-service enable to enable sticky entry matching across services.

Use undo match-across-service enable to disable sticky entry matching across services.

Syntax

match-across-service enable

undo match-across-service enable

Default

Sticky entry matching across services is disabled.

Views

Address-port sticky group view

RADIUS sticky group view

Diameter sticky group view

Predefined user roles

network-admin

Usage guidelines

When the device fails to find matching a stikcy entry for traffic of a virtual server, this feature allows the device to match the sticky entries of other virtual servers with the same IP address as the current virtual server.

With this feature enabled, the device can distribute requests from the same client to different services of the same virtual server to the same server farm member.

Examples

# In address-port sticky group sg1, enable sticky entry matching across services.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] match-across-service enable

match-across-virtual-server enable

Use match-across-virtual-server enable to enable sticky entry matching across virtual servers.

Use undo match-across-virtual-server enable to disable sticky entry matching across virtual servers.

Syntax

match-across-virtual-server enable

undo match-across-virtual-server enable

Default

Sticky entry matching across virtual servers is disabled.

Views

Address-port sticky group view

RADIUS sticky group view

Diameter sticky group view

Predefined user roles

network-admin

Usage guidelines

When the device fails to find matching a stikcy entry for traffic of a virtual server, this feature allows the device to match the sticky entries of other virtual servers.

With this feature enabled, the device can distribute requests from the same client to different virtual servers to the same server farm member.

Examples

# In address-port sticky group sg1, enable sticky entry matching across virtual servers.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] match-across-virtual-server enable

match-buffer-end

Use match-buffer-end to configure the buffering end string for TCP payload matching.

Use undo match-buffer-end to restore the default.

Syntax

match-buffer-end string

undo match-buffer-end

Default

No buffering end string is configured.

Views

TCP-application parameter profile view

Predefined user roles

network-admin

Parameters

string: Specifies a string that indicates the end of buffering, a case-insensitive string of 1 to 31 characters.

Usage guidelines

For the TCP payload match rule, the device buffers traffic from clients for TCP payload matching during the buffering period. The device stops buffering traffic when any of the following events occurs:

· The device receives the buffering end string from clients.

· The size of buffered data exceeds the specified buffering size.

· The buffered data matches the TCP payload match rule.

This command specifies the string that indicates the end of buffering for traffic received from clients.

Examples

# In TCP-application parameter profile p1, configure the buffering end string as over.

<Sysname> system-view

[Sysname] parameter-profile p1 type tcp-application

[Sysname-para-tcp-application-p1] match-buffer-end over

Related commands

match-buffer-size

match-buffer-time

match payload

match-buffer-size

Use match-buffer-size to set the maximum buffering size for TCP payload matching.

Use undo match-buffer-size to restore the default.

Syntax

match-buffer-size size

undo match-buffer-size

Default

The maximum buffering size is 4096 bytes.

Views

TCP-application parameter profile view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum buffering size in the range of 1 to 4096 bytes.

Usage guidelines

· The device receives the buffering end string from clients.

· The size of buffered data exceeds the specified buffering size.

· The buffered data matches the TCP payload match rule.

This command specifies the maximum size of TCP data from clients that the device can buffer.

Examples

# In TCP-application parameter profile p1, set the maximum buffering size to 2048 bytes for TCP payload matching.

<Sysname> system-view

[Sysname] parameter-profile p1 type tcp-application

[Sysname-para-tcp-application-p1] match-buffer-size 2048

Related commands

match-buffer-end

match-buffer-time

match payload

match-buffer-time

Use match-buffer-time to set the buffering period for TCP payload matching.

Use undo match-buffer-time to restore the default.

Syntax

match-buffer-time time

undo match-buffer-time

Default

The buffering period for TCP payload matching is 3 seconds.

Views

TCP-application parameter profile view

Predefined user roles

network-admin

Parameters

time: Specifies the buffering period in the range of 1 to 5 seconds.

Usage guidelines

· The device receives the buffering end string from clients.

· The size of buffered data exceeds the specified buffering size.

· The buffered data matches the TCP payload match rule.

This command specifies the amount of time for the device to buffer TCP data sent by clients.

Examples

# In TCP-application parameter profile p1, set the buffering period for TCP payload matching to 3 seconds.

<Sysname> system-view

[Sysname] parameter-profile p1 type tcp-application

[Sysname-para-tcp-application-p1] match-buffer-time 3

Related commands

match-buffer-end

match-buffer-size

match payload

max-reuse (parameter profile view)

Use max-reuse to set the maximum number of times that a TCP connection can be reused.

Use undo max-reuse to restore the default.

Syntax

max-reuse reuse-number

undo max-reuse

Default

A TCP connection can be reused for a maximum of 1000 times.

Views

OneConnect parameter profile view

MySQL parameter profile view

Predefined user roles

network-admin

Parameters

reuse-number: Specifies the maximum number of reuse times, in the range of 1 to 4294967295.

Usage guidelines

Operating mechanism

After connection reuse is enabled, a TCP connection is not disconnected until the maximum number of reuse times is reached. After the TCP connection is disconnected, new connection requests trigger establishment of a new TCP connection.

Examples

# In OneConnect parameter profile ocp, set the maximum number of reuse times to 10000.

<Sysname> system-view

[Sysname] parameter-profile ocp type oneconnect

[Sysname-para-oneconnect-ocp] max-reuse 10000

memory-size

Use memory-size to set the memory size used for compression.

Use undo memory-size to restore the default.

Syntax

memory-size size

undo memory-size

Default

The memory size used for compression is 8 KB.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

Parameters

size: Specifies the memory size in KB used for compression. The value can only be 1, 2, 4, 8, 16, 32, or 64.

Examples

# Create the HTTP-compression parameter profile pa1, and set the memory size used for compression to 32 KB.

<Sysname> system-view

[Sysname] parameter-profile pa1 type http-compress

[Sysname-para-http-compress-pa1] memory-size 32

monitor-interval

Use monitor-interval to set the monitoring time for an LB probe template.

Use undo monitor-interval to restore the default.

Syntax

monitor-interval interval-time

undo monitor-interval

Default

The monitoring time is 10 seconds for a TCP-RST or TCP zero-window LB probe template, 1 second for an HTTP passive LB probe template, and 5 seconds for a custom-monitoring LB probe template.

Views

HTTP passive LB probe template view

TCP-RST LB probe template view

TCP zero-window LB probe template view

Custom-monitoring LB probe template view

Predefined user roles

network-admin

Parameters

interval-time: Specifies the monitoring time in the range of 5 to 255 seconds for a TCP-RST or TCP zero-window LB probe template, in the range of 1 to 5 seconds for an HTTP passive LB probe template, and in the range of 1 to 86400 seconds for a custom-monitoring LB probe template.

Usage guidelines

During the monitoring time, the system counts the number of RST packets or zero-window packets sent by each server farm member in a server farm.

During the monitoring time, the system monitors the responses of matching HTTP requests and counts the number of URL error times.

After a custom-monitoring LB probe template is specified, the system executes the custom script file during the monitoring time to detect the state of real servers.

Examples

# In TCP RST LB probe template rsttplt, set the monitoring time to 60 seconds.

<Sysname> system-view

[Sysname] loadbalance probe-template tcp-rst rsttplt

[Sysname-lbpt-tcp-rst-rsttplt] monitor-interval 60

Related commands

external-script

node

Use node to create a statistics node and enter its view, or enter the view of an existing statistics node.

Use undo node to delete the specified statistics node.

Syntax

node node-name

undo node node-name

Default

No statistics nodes exist.

Views

HTTP statistics parameter profile view

Predefined user roles

network-admin

Parameters

node-name: Specifies the statistics node name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

You can configure a maximum of 256 statistics nodes in one HTTP statistics parameter profile.

Examples

# In HTTP statistics parameter profile http1, create statistics node node1 and enter statistics node view.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-statistics

[Sysname-para-http-statistics-http1] node node1

[Sysname-para-http-statistics-http1-node-node1]

origin-host

Use origin-host to configure the Origin-Host AVP to be sent in Diameter messages.

Use undo origin-host to restore the default.

Syntax

origin-host host-name

undo origin-host

Default

The Origin-Host AVP to be sent in Diameter messages is host.h3c.com.

Views

Diameter session parameter profile view

Predefined user roles

network-admin

Parameters

host-name: Specifies the Origin-Host AVP to be sent in Diameter messages, a case-sensitive string of 1 to 127 characters.

Usage guidelines

Operating mechanism

During Diameter capability exchange between the device and the peer, they exchange the Origin-Host, Origin-Realm, Vendor-Id, and Product-Name AVPs through CER and CEA messages. Use this command to specify the Origin-Host AVP for the device to send to the peer during the Diameter capability exchange.

Recommended configuration

The configured Origin-Host AVP must be a fully qualified domain name (FQDN), which contains both a host name and a source domain name. The source domain name is specified by using the origin-realm command. For example, if the host name is host1 and the source domain name is example.com, the Origin-Host AVP must be configured as host1.example.com.

Examples

# Configure the Origin-Host AVP as rd.example.com for Diameter session parameter profile dia.

<Sysname> system-view

[Sysname] parameter-profile dia type diameter-session

[Sysname-para-diameter-session-dia] origin-host rd.example.com

Related commands

origin-realm

parameter-profile

origin-realm

Use origin-realm to configure the Origin-Realm AVP to be sent in Diameter messages.

Use undo origin-realm to restore the default.

Syntax

origin-realm realm-name

undo origin-realm

Default

The Origin-Realm AVP to be sent in Diameter messages is h3c.com.

Views

Diameter session parameter profile view

Predefined user roles

network-admin

Parameters

realm-name: Specifies the Origin-Realm AVP to be sent in Diameter messages, a case-sensitive string of 1 to 127 characters.

Usage guidelines

During Diameter capability exchange between the device and the peer, they exchange the Origin-Host, Origin-Realm, Vendor-Id, and Product-Name AVPs through CER and CEA messages. Use this command to specify the Origin-Realm AVP for the device to send to the peer during the Diameter capability exchange.

Examples

# Configure the Origin-Realm AVP as rd.example.com for Diameter session parameter profile dia.

<Sysname> system-view

[Sysname] parameter-profile dia type diameter-session

[Sysname-para-diameter-session-dia] origin-realm example.com

Related commands

origin-host

parameter-profile

override-limit enable

Use override-limit enable to ignore the limits for sessions that match sticky entries.

Use undo override-limit enable to remove the configuration.

Syntax

override-limit enable

undo override-limit enable

Default

The session limits apply to sessions that match sticky entries.

Views

Sticky group view

Predefined user roles

network-admin

Usage guidelines

Use this command to ignore the following limits for sessions that match sticky entries:

· Bandwidth and connection parameters on real servers or links.

· Bandwidth ratios and maximum expected bandwidths for real servers or links.

· LB connection limit policies on virtual servers.

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Ignore the limits for sessions that match sticky entries generated in the sticky group st.

<Sysname> system-view

[Sysname] sticky-group st type address-port

[Sysname-sticky-address-port-st] override-limit enable

parameter (LB action view)

Use parameter to specify a parameter profile for a Diameter LB action.

Use undo parameter to restore the default.

Syntax

parameter { diameter-session | tcp } profile-name [ server-side ]

undo parameter { diameter-session | tcp }

Default

No parameter profile is specified for a Diameter LB action.

Views

Diameter LB action view

Predefined user roles

network-admin

Parameters

diameter-session: Specifies a Diameter session parameter profile.

tcp: Specifies a TCP parameter profile.

profile-name: Specifies a parameter profile by its name, a case-insensitive string of 1 to 255 characters.

server-side: Specifies a server-side TCP parameter profile.

Usage guidelines

Use this command to specify a Diameter session parameter profile to process the traffic forwarded to the server farm. Use this command to specify a TCP parameter profile to process and optimize the TCP connections established between the device and the server.

Examples

# Specify Diameter session parameter profile pp2 for Diameter LB action act.

<Sysname> system-view

[Sysname] loadbalance action act type diameter

[Sysname-lba-diameter-act] parameter diameter-session pp2

Related commands

loadbalance action

parameter (virtual server view)

Use parameter to specify a parameter profile to be referenced by a virtual server.

Use undo parameter to restore the default.

Syntax

parameter { diameter-session | http | http-compression | http-statistics | http2 [ client-side | server-side ] | ip | mysql | oneconnect | tcp | tcp-application } profile-name [ client-side | server-side ]

undo parameter { diameter-session | http | http-compression | http-statistics | http2 [ client-side | server-side ] | ip | mysql | oneconnect | tcp | tcp-application } [ client-side | server-side ]

Default

No parameter profile is referenced by a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

{ diameter-session | http | http2 | http-compression | http-statistics | ip | mysql | oneconnect | tcp | tcp-application }: Specifies a parameter profile type, Diameter session, HTTP, HTTP2.0, HTTP-compression, HTTP statistics, IP, OneConnect, TCP, or TCP-application. The diameter-session keyword is supported only by virtual servers of the Diameter type. The http keyword is supported only by virtual servers of the fast HTTP and HTTP types. The tcp client-side option is supported only by virtual servers of the Diameter, fast HTTP, HTTP, and MySQL types. The tcp server-side option is supported only by virtual servers of the fast HTTP, HTTP, and MySQL types. The http-compression, http-statistics, http2, and oneconnect keywords are supported only by virtual servers of the HTTP type. The mysql keyword is supported only by MySQL virtual servers. The tcp-application keyword is supported only by TCP virtual servers operating at Layer 7.

profile-name: Specifies a parameter profile by its name, a case-insensitive string of 1 to 255 characters.

client-side: Specifies a client-side parameter profile.

server-side: Specifies a server-side parameter profile.

Usage guidelines

Operating mechanism

The virtual server references the parameter profile to implement analysis, processing, and optimization for service traffic.

A client-side parameter profile optimizes and processes TCP connections between the client and the device. A server-side parameter profile optimizes and processes TCP connections between the device and the server. Only TCP parameter profiles support the client-side and server-side keywords.

If you configure the virtual server to use only the HTTP2.0 parameter profile on the client side, the system analyzes, processes, and optimizes HTTP2.0 packets sent by the client, but forwards HTTP1.0 or 1.1 packets to the real server. If you configure the virtual server to use the HTTP2.0 parameter profiles on both the client side and server side, the system processes and optimizes HTTP2.0 packets sent by the client and forwards HTTP2.0 packets to the real server. If you configure the virtual server to use only the HTTP2.0 parameter profile on the server side, the parameter profile does not take effect. If you configure the virtual server to use only an HTTP parameter profile, only HTTP 1.0 and HTTP 1.1 packets can be processed and forwarded.

Restrictions and guidelines

The virtual servers of the RADIUS type can only reference the IP parameter profile.

Examples

# Specify the IP parameter profile pp2 to be referenced by the IP-type virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] parameter ip pp2

parameter-profile

Use parameter-profile to create a parameter profile and enter its view, or enter the view of an existing parameter profile.

Use undo parameter-profile to delete the specified parameter profile.

Syntax

parameter-profile profile-name [ type { diameter-session | http | http-compression | http-statistics | http2 | ip | mysql | oneconnect | tcp | tcp-application } ]

undo parameter-profile profile-name

Default

No parameter profiles exist.

Views

System view

Predefined user roles

network-admin

Parameters

profile-name: Specifies a parameter profile name, a case-insensitive string of 1 to 255 characters.

type { diameter-session | http | http-compression | http-statistics | http2 | ip | mysql | oneconnect | tcp | tcp-application }: Specifies a parameter profile type, Diameter session, HTTP, HTTP-compression, HTTP statistics, IP, MySQL, OneConnect, TCP, or TCP-application. When you create a parameter profile, you must specify the parameter profile type. You can enter an existing parameter profile view without entering the parameter profile type.

Usage guidelines

Operating mechanism

You can configure advanced parameters through the parameter profile. The virtual server references the parameter profile to implement analysis, processing, and optimization for service traffic.

Examples

# Create the IP parameter profile pp2, and enter parameter profile view.

<Sysname> system-view

[Sysname] parameter-profile pp2 type ip

[Sysname-para-ip-pp2]

payload (HTTP/UDP payload sticky group view)

Use payload to configure the HTTP or UDP payload sticky method.

Use undo payload to delete the HTTP or UDP payload sticky method.

Syntax

payload [ offset offset ] [ start start-string ] [ end end-string | length length ]

undo payload

Default

No sticky methods exist.

Views

HTTP/UDP payload sticky group view

Predefined user roles

network-admin

Parameters

offset offset: Specifies the offset value of the HTTP or UDP payload based on the start of the HTTP or UDP packet, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the HTTP or UDP payload, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the HTTP or UDP payload, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the HTTP or UDP payload, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

Operating mechanism

Use this command to obtain the HTTP or UDP payload information used to generate sticky entries based on the offset, start-string, end-string, and length values. The start-string and end-string values are not included in the sticky entry information.

Restrictions and guidelines

This command is not supported by the virtual servers of the fast HTTP type.

Examples

# Configure the HTTP payload sticky method for the HTTP payload sticky group sg5: Starting from the 10th byte of start of the HTTP packet, use the 20-byte HTTP payload to generate sticky entries.

<Sysname> system-view

[Sysname] sticky-group sg5 type payload

[Sysname-sticky-payload-sg5] payload offset 10 length 20

# Configure the UDP payload sticky method for the UDP payload sticky group sg6: Starting from the 28th byte of start of the UDP packet, use the 6-byte UDP payload to generate sticky entries.

<Sysname> system-view

[Sysname] sticky-group sg6 type payload

[Sysname-sticky-payload-sg6] payload offset 28 length 6

payload (UDP passive sticky group view)

Use payload to configure the UDP payload passive sticky method.

Use undo payload to delete the UDP payload passive sticky method.

Syntax

payload { get | match } [ offset offset ] [ start start-string ] [ end end-string | length length ]

undo payload { get | match }

Default

No UDP payload passive sticky methods exist.

Views

UDP passive sticky group view

Predefined user roles

network-admin

Parameters

get: Obtains the specified string in the UDP response payload, which is used to generate a UDP payload passive sticky entry.

match: Obtains the specified string in the UDP request payload, which is used to match a UDP payload passive sticky entry.

offset offset: Specifies the offset value of the UDP payload based on the start of the UDP packet, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the UDP payload, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the UDP payload, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the UDP payload, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

Use the payload get command to obtain the UDP response payload information based on the offset, start-string, end-string, and length values. Use the payload match command to obtain the UDP request payload information based on those values.

The start-string and end-string values are not included in the sticky entry information.

Both the payload get and payload match commands are required for a UDP payload passive sticky method.

The device obtains the payload information of an incoming UDP request based on the payload match command and obtains the payload information of an incoming UDP response based on the payload get command. If the payload information of the UDP request matches the payload information of the UDP response, the device generates a sticky entry based on the payload information of the UDP response. Subsequent UDP requests that match the sticky entry are forwarded according to the sticky entry.

Examples

# Configure the UDP payload passive sticky method for the UDP passive sticky group sg5: Obtain the 20-byte UDP payload string starting with id in the UDP response. If the obtained string matches the 20-byte UDP payload string starting with id in the UDP request, the device generates a sticky entry based on the string obtained from the UDP response.

<Sysname> system-view

[Sysname] sticky-group sg5 type udp-passive

[Sysname-sticky-udp-passive-sg5] payload get start id length 20

[Sysname-sticky-udp-passive-sg5] payload match start id length 20

payload (TCP payload sticky group view)

Use payload to configure the TCP payload sticky method.

Use undo payload to delete the TCP payload sticky method.

Syntax

payload [ offset offset ] [ start start-string ] [ end end-string | length length ]

undo payload

Default

No TCP payload sticky methods exist.

Views

TCP payload sticky group view

Predefined user roles

network-admin

Parameters

offset offset: Specifies the offset value of the TCP payload based on the start of the TCP packet, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the TCP payload, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the TCP payload, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the TCP payload, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

Use this command to obtain the TCP payload information used to generate sticky entries based on the offset, start-string, end-string, and length values. The start-string and end-string values are not included in the sticky entry information.

If you do not specify any parameters in this command, the sticky entry is generated based on the whole TCP packet.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the TCP payload sticky method for the TCP payload sticky group sg: Use the whole TCP packet to generate sticky entries.

<Sysname> system-view

[Sysname] sticky-group sg type tcp-payload

[Sysname-sticky-payload-sg] payload

payload rewrite

Use payload rewrite to rewrite the TCP payload.

Use undo payload rewrite to remove the configuration.

Syntax

payload rewrite { both | request | response } value value replace replace-string

undo payload rewrite { both | request | response } value value

Default

The TCP payload is not rewritten.

Views

Generic LB action view

Predefined user roles

network-admin

Parameters

both: Specifies both the TCP request and response packets.

request: Specifies the TCP request packets.

response: Specifies the TCP response packets.

value value: Specifies the TCP packet header content to be rewritten, a case-sensitive string of 1 to 127 characters.

replace replace-string: Specifies the content after rewrite, a case-sensitive string of 1 to 127 characters. You can also specify the following replacement strings:

· %[variable]—Replaces the specified value with the variable associated with the server farm member. The variable is the variable name.

· %[1-9]—Replaces the specified value with the content in the corresponding parentheses of the specified value. For example, executing the payload rewrite value (Wel)(co)(me) replace %2 command will replace the string Welcome with co in the second pair of parentheses.

Usage guidelines

You can replace the specified value with the variable associated with the server farm member by specifying the replacement string %[variable]. For example, you can replace the string QMGR.S01 in the payload with QMGR.S0_1 by executing the following commands:

· variable var1 value _1 (in server farm member view).

· payload rewrite request value “QMGR.S01” replace QMGR.S01%[var1] (in generic LB action view).

Examples

# In generic LB action lba1, replace QMGR.S01 in the payload of TCP requests with QMGR.S01%[var1]. var1 is the name of the variable associated with the server farm member.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] payload rewrite request value QMGR.S01 replace QMGR.S01%[var1]

Related commands

variable

pool-size

Use pool-size to set the maximum number of connections allowed in the MySQL connection pool.

Use undo pool-size to restore the default.

Syntax

pool-size pool-size

undo pool-size

Default

The maximum number of connections allowed in the MySQL connection pool is 1024.

Views

MySQL parameter profile view

Predefined user roles

network-admin

Parameters

pool-size: Specifies the maximum number of connections allowed in the MySQL connection pool, in the range of 1 to 64000.

Usage guidelines

After MySQL data transfer is completed, the TCP connection is stored in a connection pool instead of being closed. For a new connection request, the device selects an available connection from the connection pool before attempting to open a new connection.

Examples

# Set the maximum number of connections allowed in the MySQL connection pool to 2000 for the MySQL parameter profile p1.

<Sysname> system-view

[Sysname] parameter-profile p1 type mysql

[Sysname-para-mysql-p1] pool-size 2000

port (real server view)

Use port to configure the port number of a real server.

Use undo port to restore the default.

Syntax

port port-number

undo port

Default

The port number of a real server is 0. (The original port number is used.)

Views

Real server view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port number in the range of 0 to 65535. 0 means the original port number is used.

Usage guidelines

This configuration takes effect only when you enable the NAT feature for the server farm.

Examples

# Specify the port number of the real server rs as 8080.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] port 8080

Related commands

transparent enable (server farm view)

port (virtual server view)

Use port to configure the port number of a virtual server.

Use undo port to restore the default.

Syntax

port { port-number [ to port-number ] } &<1-n>

undo port

Default

The port number is 0 (indicates any port) for the virtual server of the IP, RADIUS, TCP, or UDP type. The port number is 80 for the virtual server of the fast HTTP or HTTP type. The port number is 5060 for the virtual server of the SIP type.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

port-number [ to port-number ] &<1-n>: Specifies a space-separated list of up to n port number items. Each port number item specifies a port number or a range of port numbers in the form of start-port-number to end-port-number. For IP, RADIUS, TCP, and UDP virtual servers, the value range for the port-number argument is 0 to 65535 (0 means any port) and the value range for n is 1 to 32. For HTTP, fast HTTP, and SIP virtual servers, the value range for the port-number argument is 1 to 65535 and the value of n can only be 1.

Usage guidelines

If the virtual server has referenced an SSL policy, you must configure a non-default port number (typically 443) for the virtual server.

Examples

# Specify the port number of the IP-type virtual server vs3 as 8080.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] port 8080

Related commands

ssl-server-policy

predictor

Use predictor to specify a scheduling algorithm for a server farm.

Use undo predictor to restore the default.

Syntax

Real server-based:

predictor { dync-round-robin | least-connection | least-time | { bandwidth | max-bandwidth } [ inbound | outbound ] }

undo predictor

Server farm member-based:

predictor hash [ carp ] address { destination | source | source-ip-port } [ mask mask-length ] [ prefix prefix-length ]

predictor hash [ carp ] http [ offset offset ] [ start start-string ] [ [ end end-string ] | [ length length ] ]

predictor { least-connection member [ slow-online ] | least-time member | random | round-robin | }

undo predictor

Default

The scheduling algorithm for a server farm is weighted round robin.

Views

Server farm view

Predefined user roles

network-admin

Parameters

hash address: Performs the hash algorithm based on IP address.

carp: Specifies the Cache Array Routing Protocol (CARP) hash algorithm. When the number of available real servers changes, this protocol makes all available real servers have the smallest load changes.

destination: Performs the hash algorithm based on destination IP address.

source: Performs the hash algorithm based on source IP address.

source-ip-port: Performs the hash algorithm based on source IP address and port number.

mask mask-length: Specifies the IPv4 address mask length, in the range of 0 to 32. The default is 32.

prefix prefix-length: Specifies the IPv6 address prefix length, in the range of 0 to 128. The default is 128.

http: Performs the hash algorithm based on the HTTP content.

offset offset: Specifies the offset value based on the start of the HTTP content, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the HTTP content, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the HTTP content, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the HTTP content, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

dync-round-robin: Specifies the dynamic round robin algorithm, which assigns new connections to real servers based on load weight values calculated by using the memory usage, CPU usage, and disk usage of the real servers. The smaller the load, the greater the weight value. A real server with a greater weight value is assigned more connections.

least-connection: Specifies the real server-based weighted least connection algorithm, which always assigns new connections to the real server with the fewest number of weighted active connections (the total number of active connections in all server farms divided by weight). The weight value used in this algorithm is configured in real server view.

least-connection member: Specifies the server farm member-based weighted least connection algorithm, which always assigns new connections to the server farm member with the fewest number of weighted active connections (the number of active connections in the specified server farm divided by weight). The weight value used in this algorithm is configured in server farm member view.

slow-online: Optimizes the warm-up process of server farm members that use the weighted least connection algorithm. To optimize the warm-up process of server farm members by using this keyword, first enable the real server warm-up feature for the server farm.

least-time: Specifies the least time algorithm, which assigns new connections to real servers based on load weight values calculated by using the response time of the real servers. The shorter the response time, the greater the weight value. A real server with a greater weight value is assigned more connections.

least-time member: Specifies the server farm member-based least time algorithm, which assigns new connections to server farm members based on load weight values calculated by using the response time of the server farm members. The shorter the response time, the greater the weight value. A server farm member with a greater weight value is assigned more connections.

random: Specifies the random algorithm, which randomly assigns new connections to real servers.

round-robin: Specifies the weighted round robin algorithm, which assigns new connections to real servers based on the weights of real servers. A higher weight indicates more new connections will be assigned. The weight value used in this algorithm is configured in server farm member view.

bandwidth: Specifies the bandwidth algorithm, which assigns packets to real servers based on the weight of the real servers and the bandwidth ratio. The weight value used in this algorithm is configured in real server view.

max-bandwidth: Specifies the maximum bandwidth algorithm, which always assigns packets to the idle real server with the largest remaining bandwidth.

inbound: Selects a real server based on the inbound bandwidth.

outbound: Selects a real server based on the outbound bandwidth.

Usage guidelines

The dynamic round robin algorithm can take effect only if you specify an SNMP-DCA NQA template. If no SNMP-DCA NQA template is specified, the non-weighted round robin algorithm is used. For more information about NQA templates, see NQA configuration in Network Management and Monitoring Configuration Guide.

If you do not specify the inbound or outbound keyword, the total bandwidth is used to select a real server.

In the bandwidth algorithm and maximum bandwidth algorithm, the remaining bandwidth is the maximum expected bandwidth minus the current bandwidth. If the maximum expected bandwidth is not configured, the remaining bandwidth is the maximum bandwidth of the real server minus the current bandwidth.

Examples

# Specify the scheduling algorithm for the server farm sf as random.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] predictor random

Related commands

max-bandwidth (real server view)

rate-limit bandwidth (real server view)

prefer-method

Use prefer-method to specify the preferred compression algorithm.

Use undo prefer-method to restore the default.

Syntax

prefer-method { deflate | gzip }

undo prefer-method

Default

The preferred compression algorithm is gzip.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

Parameters

deflate: Specifies the Deflate compression algorithm.

gzip: Specifies the default GNU zip compression algorithm.

Usage guidelines

If the client request supports the configured compression algorithm, the configured compression algorithm applies. If the client request does not support the configured compression algorithm, the compression algorithm contained in the request applies.

Examples

# Create the HTTP-compression parameter profile http1, and specify the preferred compression algorithm as deflate.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] prefer-method deflate

priority (real server view)

Use priority to set the priority of a real server.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

The priority of a real server is 4.

Views

Real server view

Predefined user roles

network-admin

Parameters

priority: Specifies the priority value of the real server, in the range of 1 to 8. A greater value means a higher priority to be referenced.

Usage guidelines

Typically only the real servers with the highest priority participate in scheduling. If the number of such real servers is smaller than the required minimum number, more real servers are selected by priority in descending order.

Examples

# Set the priority of the real server rs to 3.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] priority 3

Related commands

selected-server

priority (server farm member view)

Use priority to set the priority of a server farm member.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

The priority of a server farm member is 4.

Views

Server farm member view

Predefined user roles

network-admin

Parameters

priority: Specifies the priority value in the range of 1 to 8. A greater value means a higher priority.

Usage guidelines

Typically, only the members with the highest priority in a server farm participate in scheduling. If the number of such members is smaller than the required minimum number, more members are selected by priority in descending order. If the allowed maximum number is exceeded after members with a certain priority are added, only some of the members with that priority are added.

Use this command together with the selected-server command in server farm view.

Examples

# Set the priority of server farm member rs1 to 3.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] priority 3

Related commands

selected-server (server farm view)

priority (SNAT global policy view)

Use priority to set the priority of a SNAT global policy.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

The priority of a SNAT global policy is 0.

Views

SNAT global policy view

Predefined user roles

network-admin

Parameters

priority: Specifies the priority value in the range of 0 to 65535. A greater value means a higher priority.

Usage guidelines

You can configure multiple SNAT global policies with different priorities. They are matched in descending order of priority values.

Examples

# Set the priority of SNAT global policy sn1 to 100.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] priority 100

probe (real server view)

Use probe to specify a health monitoring method for a real server.

Use undo probe to restore the default.

Syntax

probe template-name [ nqa-template-port ]

undo probe template-name

Default

No health monitoring method is specified for a real server.

Views

Real server view

Predefined user roles

network-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 255 characters.

nqa-template-port: Uses the destination port number specified in the NQA template for detection. If you do not specify this keyword, the real server's port number is used for detection.

Usage guidelines

Use the nqa template command to create an NQA template to be referenced by the health monitoring method.

You can specify a health monitoring method by using one of the following methods:

· Configure the parameter globally for all members in a server farm in server farm view.

· Configure the parameter for a specific real server in real server view or server farm member view.

The health monitoring method configuration in real server view or server farm member view takes precedence over the configuration in server farm view. As a best practice, specify a health monitoring method preferentially in server farm view.

The health monitoring result for a real server affects the availability of a server farm member. The health monitoring result for a server farm member does not affect the availability of a real server.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the real server rs as t4.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] real-server rs

[Sysname-rserver-rs] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (real server view)

probe (server farm member view)

Use probe to specify a health monitoring method for a server farm member.

Use undo probe to restore the default.

Syntax

probe template-name [ nqa-template-port ]

undo probe template-name

Default

No health monitoring method is specified for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 255 characters.

nqa-template-port: Uses the destination port number specified in the NQA template for detection. If you do not specify this keyword, the server farm member's port number is used for detection.

Usage guidelines

Use the nqa template command to create an NQA template to be referenced by the health monitoring method. The server farm uses the parameters defined in the NQA template to detect the availability of the server farm members.

You can specify a health monitoring method by using one of the following methods:

· Configure the parameter globally for all members in a server farm in server farm view.

· Configure the parameter for a specific real server in real server view or server farm member view.

The health monitoring method configuration in server farm member view takes precedence over the configuration in server farm view. As a best practice, specify a health monitoring method preferentially in server farm view.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the server farm member rs1 as t4.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (server farm member view)

probe (server farm view)

Use probe to specify a health monitoring method for a server farm.

Use undo probe to delete a health monitoring method from a server farm.

Syntax

probe template-name [ nqa-template-port ]

undo probe template-name

Default

No health monitoring method is specified for a server farm.

Views

Server farm view

Predefined user roles

network-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 255 characters.

nqa-template-port: Uses the destination port number specified in the NQA template for detection. If you do not specify this keyword, the real server's port number is used for detection.

Usage guidelines

Use the nqa template command to create an NQA template to be referenced by the health monitoring method.

You can specify a health monitoring method by using one of the following methods:

· Configure the parameter globally for all members in a server farm in server farm view.

· Configure the parameter for a specific real server in real server view or server farm member view.

The health monitoring method configuration in real server view takes precedence over the configuration in server farm view. As a best practice, specify a health monitoring method preferentially in server farm view.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the server farm sf as t4.

<Sysname>system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] server-farm sf

[Sysname-sfarm-sf] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (server farm view)

probe log enable (real server view)

Use probe log enable to enable health monitoring logging for a real server.

Use undo probe log enable to disable health monitoring logging for a real server.

Syntax

probe log enable

undo probe log enable

Default

Health monitoring logging is enabled for a real server.

Views

Real server view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

This feature generates logs when the health of a real server changes.

Examples

# Enable health monitoring logging for real server rs.

<Sysname>system-view

[Sysname] real-server rs

[Sysname-rserver-rs] probe log enable

probe log enable (server farm member view)

Use probe log enable to enable health monitoring logging for a server farm member.

Use undo probe log enable to disable health monitoring logging for a server farm member.

Syntax

probe log enable

undo probe log enable

Default

Health monitoring logging is enabled for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

This feature generates logs when the health of a server farm member changes.

Examples

# Enable health monitoring logging for server farm member rs1.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] probe log enable

probe-template (real server view)

Use probe-template to specify a custom-monitoring LB probe template for a real server.

Use undo probe-template to remove a custom-monitoring LB probe template from a real server.

Syntax

probe-template template-name

undo probe-template template-name

Default

No LB probe template is specified for a real server.

Views

Real server view

Predefined user roles

network-admin

Parameters

external-monitor: Specifies a custom-type LB probe template.

template-name: Specifies a custom-monitoring template by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Operating mechanism

This command can monitor a real sever by referencing a custom-monitoring LB probe template.

The monitoring result of a real server affects the availability of a server farm member, but the monitoring result of a server farm member does not affect the availability of a real server.

A real server configured with a domain name do not support custom-monitoring LB probe templates.

Examples

# Specify custom-monitoring LB probe template test_external for real server rs.

<Sysname>system-view

[Sysname] real-server rs

[Sysname-rserver-rs] probe-template external-monitor test_external

Related commands

loadbalance probe-template

probe-template (server farm member view)

Use probe-template to specify a custom-monitoring probe template for a server farm member.

Use undo probe-template to remove a custom-monitoring LB probe template from a server farm member.

Syntax

probe-template template-name

undo probe-template template-name

Default

No probe template is specified for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

Parameters

external-monitor: Specifies a custom-type LB probe template.

template-name: Specifies a custom-monitoring template by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Operating mechanism

This command can monitor a sever farm member by referencing a custom-monitoring LB probe template.

You can configure this command for all server farm members in server farm view or for a single server farm member in server farm member view. If you configure this command in both server farm view and server farm member view, the configuration in server farm member view takes effect.

The monitoring result of a real server affects the availability of a server farm member, but the monitoring result of a server farm member does not affect the availability of a real server.

A server farm member configured with a domain name do not support custom-monitoring LB probe templates.

Examples

# Specify custom-monitoring LB probe template test_external for server farm member rs1.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] probe-template external-monitor test_external

Related commands

loadbalance probe-template

probe-template (server farm view)

Use probe-template to specify an LB probe template for a server farm.

Use undo probe-template to remove an LB probe template for a server farm.

Syntax

probe-template { external-monitor | http-passive | tcp-rst | tcp-zero-window } template-name

undo probe-template { external-monitor | http-passive | tcp-rst | tcp-zero-window }

Default

No LB probe template is specified for a server farm.

Views

Server farm view

Predefined user roles

network-admin

Parameters

external-monitor: Specifies a custom-monitoring LB probe template.

http-passive: Specifies an HTTP passive LB probe template.

tcp-rst: Specifies a TCP-RST LB probe template.

tcp-zero-window: Specifies a TCP zero-window LB probe template.

template-name: Specifies the template name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

This command can monitor all real severs in a server farm.

A server farm can reference only one HTTP passive LB probe template, one TCP-RST LB probe template, and one TCP zero-window LB probe template at the same time.

You can specify multiple custom-monitoring LB probe templates for a server farm. A custom-monitoring LB probe template does not take effect on a server farm member if the member is configured with a domain name.

Examples

# Specify TCP-RST LB probe template r1 for server farm sf.

<Sysname>system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] probe-template tcp-rst r1

Related commands

loadbalance probe-template

product-name

Use product-name to configure the Product-Name AVP to be sent in Diameter messages.

Use undo product-name to restore the default.

Syntax

product-name product-name

undo product-name

Default

The Product-Name AVP is the device name configured by the administrator. If the administrator has not edited the device name, the Product-Name AVP is H3C.

Views

Diameter session parameter profile view

Predefined user roles

network-admin

Parameters

product-name: Specifies the Product-Name AVP, a case-sensitive string of 1 to 127 characters.

Usage guidelines

During Diameter capability exchange between the device and the peer, they exchange the Origin-Host, Origin-Realm, Vendor-Id, and Product-Name AVPs through CER and CEA messages. Use this command to specify the Product-Name AVP for the device to send to the peer during Diameter capability exchange.

The administrator can use the sysname command to configure the device name, which is used as the Product-Name AVP by default. For more information about the sysname command, see Fundamentals Command Reference.

Examples

# Specify the Product-Name AVP as L5080 for Diameter session parameter profile dia.

<Sysname> system-view

[Sysname] parameter-profile dia type diameter-session

[Sysname-para-diameter-session-dia] product-name L5080

Related commands

parameter-profile

sysname (Fundamentals Command Reference)

protect-action

Use protect-action to configure the protection action for an LB probe template.

Use undo protect-action to restore the default.

Syntax

protect-action { auto-shutdown | busy [ probe-interval interval ] [ probe-times times ] }

undo protect-action

Default

The protection action is to place a real server in busy state.

Views

TCP-RST LB probe template view

TCP zero-window LB probe template view

Predefined user roles

network-admin

Parameters

auto-shutdown: Automatically shuts down a real server.

busy: Places a real server in busy state.

probe-interval interval: Specifies the interval for probing the real server in busy state, in the range of 5 to 3600 seconds. The default is 30 seconds.

probe-times times: Specifies the maximum number of times for probing the real server in busy state, in the range of 0 to 255. The default is 0, which means that the number of probe times is not limited.

Usage guidelines

For the busy action, after placing a real server in busy state, the device starts probing the real server at the specified probe intervals. If the number of RST or zero-window packets sent does not reach the threshold in a probe interval, the real server is placed back in normal state. If threshold violation persists when the maximum probe times is reached, the system automatically shuts down the real server.

A real server that is shut down or placed in busy state due to packet threshold violation will be restored to normal state immediately when the referenced LB probe template is deleted.

If a real server is shut down or placed in busy state due to packet threshold violation, you can restore the real server to normal state after a period of time (by executing the auto-shutdown recovery-time command) or immediately (by executing the recover-from-auto-shutdown (real server view) command).

Examples

# In TCP-RST LB probe template rsttplt, configure the protection action as busy, set the probe interval to 30 seconds, and set the probe times to 3.

<Sysname>system-view

[Sysname] loadbalance probe-template tcp-rst rsttplt

[Sysname-lbpt-tcp-rst-rsttplt] protect-action busy probe-interval 30 probe-times 3

Related commands

auto-shutdown recovery-time

recover-from-auto-shutdown (real server view)

protected-url

Use protected-url to configure the URLs to be protected.

Use undo protected-url to remove all protected URLs.

Syntax

protected-url url

undo protected-url

Default

No URLs are protected.

Views

Protection rule view

Predefined user roles

network-admin

Parameters

url: Specifies a regular expression to match URLs, a case-sensitive string of 1 to 255 characters. The regular expression cannot contain question marks (?).

Usage guidelines

If the number of times that a user accesses a protected URL exceeds the request threshold during the protection period, the protection action is taken.

The device does not match the parameters in a URL and matches only the portion before the question mark (?).

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In protection rule 5, configure www.example.com/index.html as a protected URL.

<Sysname>system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] rule 5

[Sysname-lbpp-http-p1-rule-5] protected-url www.example.com/index.html

Related commands

cookie (protection policy view)

protection-action

protection-period

source-ip

protection-action

Use protection-action to configure a protection action.

Use undo protection-action to restore the default.

Syntax

protection-action { warning | { drop | verify { insert-header | js } } } *

undo protection-action

Default

No protection action is configured.

Views

HTTP protection policy view

Predefined user roles

network-admin

Parameters

warning: Generates a log message.

drop: Drops requests.

verify: Performs client verification on subsequent requests.

insert-header: Performs cookie verification by inserting an HTTP header.

js: Performs cookie verification by inserting a JS script.

Usage guidelines

The protection action is taken when protection rules in a protection policy are matched. The device supports the following protection actions:

· Warning—Generates a log message and sends it to the information center.

· Drop—Drops requests.

· Verify client—Returns a response carrying a cookie value to the client. If a subsequent request carries the returned cookie value, it passes the verification. If a subsequent request does not carry a cookie value or carries a different cookie value, it fails to pass the verification and is dropped. This protection action is useful in scenarios where attackers cannot insert cookie values into attack packets. The device supports returning a cookie value by inserting an HTTP header or a JS script.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In HTTP protection policy p1, configure generating log messages and performing client verification by inserting an HTTP header as the protection actions.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1 type http

[Sysname-lbpp-http-p1] protection-action warning verify insert-header

protection-period

Use protection-period to set the protection period.

Use undo protection-period to restore the default.

Syntax

protection-period period

undo protection-period

Default

The protection period is 120 seconds.

Views

Protection rule view

Predefined user roles

network-admin

Parameters

period: Specifies a protection period in the range of 1 to 900 seconds.

Usage guidelines

If the number of times that a user accesses a protected URL exceeds the request threshold during the protection period, the protection action is taken.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In protection rule 5, set the protection period to 5 seconds.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] rule 5

[Sysname-lbpp-http-p1-rule-5] protection-period 5

Related commands

protected-url

protection-action

protection-policy

Use protection-policy to specify a protection policy for a virtual server.

Use undo protection-policy to restore the default.

Syntax

protection-policy http policy-name

undo protection-policy http

Default

No protection policy is specified for a virtual server.

Views

HTTP virtual server view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a protection policy by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

The protection policy specified for a virtual server protects the traffic matching the virtual server.

Examples

# Specify protection policy p1 for HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs]protection-policy http p1

Related commands

loadbalance protection-policy

proximity enable

Use proximity enable to enable the proximity feature for a server farm.

Use undo proximity enable to disable the proximity feature for a server farm.

Syntax

proximity enable

undo proximity enable

Default

The proximity feature is disabled for a server farm.

Views

Server farm view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

The proximity feature takes precedence over the scheduling algorithm in selecting a real server. If no real server is selected according to the proximity feature, the scheduling algorithm is used.

Examples

# Enable the proximity feature for the server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] proximity enable

proxy-protocol enable

Use proxy-protocol enable to enable proxy protocol for a TCP virtual server

Use undo proxy-protocol enable to restore the default.

Syntax

proxy-protocol enable [ v1 | v2 ]

undo proxy-protocol enable

Default

Proxy protocol is disabled for a TCP virtual server.

Views

TCP virtual server view

Predefined user roles

network-admin

Parameters

v1: Specifies proxy protocol version 1.

v2: Specifies proxy protocol version 2.

Usage guidelines

After you execute this command, the device uses the proxy protocol to transparently transmit the real source IP address information to the back-end real server.

If you do not specify a proxy protocol version when executing this command, version 1 is used by default. Before executing this command, make sure that the back-end real server supports the specified proxy protocol version. If the back-end real server does not support the specified proxy protocol version, the device and the real server cannot establish a connection.

Only Layer 7 TCP virtual servers support this command.

Examples

# In TCP virtual server view, enable the proxy protocol feature.

<Sysname> system-view

[Sysname] virtual-server vs type tcp

[Sysname-vs-tcp-vs] proxy-protocol enable

Related commands

application-mode enable

radius-attribute

Use radius-attribute to configure the RADIUS attribute sticky method.

Use undo radius-attribute to delete the RADIUS attribute sticky method.

Syntax

radius-attribute { code attribute-code | framed-ip-address | user-name }

undo radius-attribute

Default

No RADIUS sticky methods exist.

Views

RADIUS sticky group view

Predefined user roles

network-admin

Parameters

code attribute-code: Specifies the code of the RADIUS attribute type, in the range of 1 to 255.

framed-ip-address: Specifies the RADIUS attribute type as framed-ip-address (code 8).

user-name: Specifies the RADIUS attribute type as user-name (code 1).

Usage guidelines

The RADIUS attribute sticky method takes effect only on RADIUS packets.

Examples

# Configure the RADIUS attribute sticky method for sticky group s1 by specifying the RADIUS attribute type as user-name.

<Sysname> system-view

[Sysname] sticky-group s1 type radius

[Sysname-sticky-radius-s1] radius-attribute user-name

rate-limit bandwidth (real server view)

Use rate-limit bandwidth to set the maximum bandwidth of a real server.

Use undo rate-limit bandwidth to restore the default.

Syntax

rate-limit bandwidth [ inbound | outbound ] bandwidth-value kbps

undo rate-limit bandwidth [ inbound | outbound ]

Default

The maximum bandwidth of a real server is not limited.

Views

Real server view

Predefined user roles

network-admin

Parameters

inbound: Specifies the maximum inbound bandwidth.

outbound: Specifies the maximum outbound bandwidth.

bandwidth-value: Specifies the maximum bandwidth in the range of 0 to 4294967295. The value 0 means the bandwidth is not limited.

kbps: Specifies the bandwidth unit as kbps.

Usage guidelines

If you do not specify the inbound or outbound keyword, the maximum bandwidth equals the inbound bandwidth plus the outbound bandwidth.

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum bandwidth of the real server rs to 1 kbps.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] rate-limit bandwidth 1 kbps

# Set the maximum inbound bandwidth of the real server rs to 1 kbps.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] rate-limit bandwidth inbound 1 kbps

# Set the maximum outbound bandwidth of the real server rs to 1 kbps.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] rate-limit bandwidth outbound 1 kbps

rate-limit bandwidth (virtual server view)

Use rate-limit bandwidth to set the maximum bandwidth of a virtual server.

Use undo rate-limit bandwidth to restore the default.

Syntax

rate-limit bandwidth [ inbound | outbound ] bandwidth-value kbps

undo rate-limit bandwidth [ inbound | outbound ]

Default

The maximum bandwidth of a virtual server is not limited.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

inbound: Specifies the maximum inbound bandwidth.

outbound: Specifies the maximum outbound bandwidth.

bandwidth-value: Specifies the maximum bandwidth in the range of 0 to 4294967295. The value 0 means the bandwidth is not limited.

kbps: Specifies the bandwidth unit as kbps.

Usage guidelines

If you do not specify the inbound or outbound keyword, the maximum bandwidth equals the inbound bandwidth plus the outbound bandwidth.

Examples

# Set the maximum bandwidth of the IP-type virtual server vs3 to 1 kbps.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] rate-limit bandwidth 1 kbps

# In outbound link load balancing, set the maximum inbound bandwidth of the link IP-type virtual server vs3 to 1 kbps.

<Sysname> system-view

[Sysname] virtual-server vs3 type link-ip

[Sysname-vs-link-ip-vs3] rate-limit bandwidth inbound 1 kbps

rate-limit connection (real server view)

Use rate-limit connection to set the maximum number of connections per second of a real server.

Use undo rate-limit connection to restore the default.

Syntax

rate-limit connection connection-number

undo rate-limit connection

Default

The maximum number of connections per second of a real server is 0.

Views

Real server view

Predefined user roles

network-admin

Parameters

connection-number: Specifies the maximum number of connections per second in the range of 0 to 4294967295. 0 means the number is not limited.

Usage guidelines

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum number of connections per second of the real server rs to 10000.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] rate-limit connection 10000

rate-limit connection (server farm member view)

Use rate-limit connection to set the maximum number of connections per second of a server farm member.

Use undo rate-limit connection to restore the default.

Syntax

rate-limit connection connection-number

undo rate-limit connection

Default

The maximum number of connections per second of a server farm member is 0.

Views

Server farm member view

Predefined user roles

network-admin

Parameters

connection-number: Specifies the maximum number of connections per second in the range of 0 to 4294967295. 0 means the number is not limited.

Examples

# Set the maximum number of connections per second of the server farm member rs1 to 1000.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] rate-limit connection 1000

rate-limit connection (virtual server view)

Use rate-limit connection to set the maximum number of connections per second of a virtual server.

Use undo rate-limit connection to restore the default.

Syntax

rate-limit connection connection-number

undo rate-limit connection

Default

The maximum number of connections per second of a virtual server is 0.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

connection-number: Specifies the maximum number of connections per second in the range of 0 to 4294967295. 0 means the number is not limited.

Examples

# Set the maximum number of connections per second of the IP-type virtual server vs3 to 10000.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] rate-limit connection 10000

# In outbound link load balancing, set the maximum number of connections per second of the link IP-type virtual server vs2 to 10000.

<Sysname> system-view

[Sysname] virtual-server vs2 type link-ip

[Sysname-vs-link-ip-vs2] rate-limit connection 10000

rate-limit http-request (real server view)

Use rate-limit http-request to set the maximum number of HTTP requests per second for a real server.

Use undo rate-limit http-request to restore the default.

Syntax

rate-limit http-request request-number

undo rate-limit http-request

Default

The maximum number of HTTP requests per second is 0 for a real server.

Views

Real server view

Predefined user roles

network-admin

Parameters

request-number: Specifies the maximum number of HTTP requests per second, in the range of 0 to 4294967295. 0 means the number is not limited.

Usage guidelines

The number of HTTP requests per second is used for determining whether a real server is busy. If the number of HTTP requests received by a real server per second exceeds the specified maximum value, the real server is considered busy.

Examples

# Set the maximum number of HTTP requests per second to 10000 for real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] rate-limit http-request 10000

rate-limit http-request (server farm member view)

Use rate-limit http-request to set the maximum number of HTTP requests per second for a server farm member.

Use undo rate-limit http-request to restore the default.

Syntax

rate-limit http-request request-number

undo rate-limit http-request

Default

The maximum number of HTTP requests per second is 0 for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

Parameters

request-number: Specifies the maximum number of HTTP requests per second, in the range of 0 to 4294967295. 0 means the number is not limited.

Usage guidelines

The number of HTTP requests per second is used for determining whether a server farm member is busy. If the number of HTTP requests received by a server farm member per second exceeds the specified maximum value, the server farm member is considered busy.

Examples

# Set the maximum number of HTTP requests per second to 10000 for server farm member rs.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] rate-limit http-request 10000

readwrite-separation

Use readwrite-separation to enable read/write separation for the MySQL database.

Use undo readwrite-separation to disable read/write separation for the MySQL database.

Syntax

readwirte-separation read-server-farm read-server-farm-name [ read-sticky-group read-sticky-group-name ] write-server-farm write-sever-farm-name [ write-sticky-group write-sticky-group-name ]

undo readwrite-separation

Default

Read/write separation is disabled for the MySQL database.

Views

MySQL virtual server view

Predefined user roles

network-admin

Parameters

read-server-farm read-server-farm-name: Specifies a read server farm by its name, a case-insensitive string of 1 to 63 characters.

read-sticky read-sticky-group-name: Specifies a sticky group for the read server farm by its name, a case-insensitive string of 1 to 63 characters.

write-server-farm write-server-farm-name: Specifies a write server farm by its name, a case-insensitive string of 1 to 63 characters.

write-sticky write-sticky-group-name: Specifies a sticky group for the write server farm by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Read/write separation allows read commands and write commands to be executed by the read server farm and write server farm, respectively, which helps reduce the impact of concurrent read/write requests on database performance.

Examples

# Enable read/write separation for the MySQL database of MySQL virtual server vs1.

<Sysname> system-view

[Sysname] virtual-server vs1 type mysql

[Sysname-vs-mysql-vs1] readwrite-separation read-server-farm rd write-server-farm wr

real-server (server farm view)

Use real-server to create a server farm member and enter its view, or enter the view of an existing server farm member.

Use undo real-server to delete a server farm member.

Syntax

real-server real-server-name port port-number

undo real-server real-server-name port port-number

Default

No server farm members exist.

Views

Server farm view

Predefined user roles

network-admin

Parameters

real-server-name: Specifies a server farm member by its name, a case-insensitive string of 1 to 255 characters.

port-number: Specifies the port number of the server farm member, in the range of 0 to 65535.

Usage guidelines

You can use one of the following methods to add a member to a server farm:

· Use the real-server command in server farm view. H3C recommends using this method.

· Use the server-farm command in real server view.

You cannot use both methods to add a member with the same real server name and port number to a server farm.

If you configure a domain name on a real server and receive the domain name resolution result, the server farm will automatically reference the temporary server farm members corresponding to the domain name resolution result after referencing the real server. The name of a temporary member is in the auto_IP address form, for example, auto_1.1.1.1.

Examples

# Add server farm member rs1 and enter server farm member view.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80]

Related commands

server-farm (real server view)

real-server (system view)

Use real-server to create a real server and enter its view, or enter the view of an existing real server.

Use undo real-server to delete the specified real server.

Syntax

real-server real-server-name

undo real-server real-server-name

Default

No real servers exist.

Views

System view

Predefined user roles

network-admin

Parameters

real-server-name: Specifies the real server name, a case-insensitive string of 1 to 255 characters.

Examples

# Create real server rs and enter real server view.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs]

rebalance per-request

Use rebalance per-request to enable load balancing for each HTTP request.

Use undo rebalance per-request to restore the default.

Syntax

rebalance per-request

undo rebalance per-request

Default

Load balancing applies to the first HTTP request of a connection. Other HTTP requests are processed in the same way.

Views

HTTP parameter profile view

Predefined user roles

network-admin

Examples

# Enable load balancing for each HTTP request in the HTTP parameter profile pp1.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] rebalance per-request

recover-to-active (real server view)

Use recover-to-active to manually recover a real server.

Syntax

recover-to-active

Views

Real server view

Predefined user roles

network-admin

Usage guidelines

If health monitoring is not configured, a recovered real server is set to Unknown state.

If health monitoring is configured and succeeds, a recovered real server is set to Active state. If health monitoring fails, a recovered real server is set to Probe-failed state.

Examples

# Manually recover a real server.

<Sysname>system-view

[Sysname] real-server rs

[Sysname-rserver-rs] recover-to-active

recover-to-active (server farm member view)

Use recover-to-active to manually recover a server farm member.

Syntax

recover-to-active

Views

Server farm member view

Predefined user roles

network-admin

Usage guidelines

If health monitoring is not configured, a recovered server farm member is set to Unknown state.

If health monitoring is configured and succeeds, a recovered server farm member is set to Active state. If health monitoring fails, a recovered server farm member is set to Probe-failed state.

Examples

# Manually recover a server farm member.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] recover-to-active

recv-window size

Use recv-window size to configure the maximum Tx window size for HTTP2.0.

Use undo recv-window size to restore the default.

Syntax

recv-window size size

Default

The maximum Tx window size for HTTP2.0 is 32KB.

Views

HTTP2.0 parameter profile view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum Tx window size for HTTP2.0, in the range of 16 to 128 KB.

Usage guidelines

If there are too many concurrent requests on a TCP connection, the concurrent processing capability of the device or server will be affected. To resolve this issue, you can configure the maximum number of concurrent requests supported by a TCP connection. You can also configure the maximum Tx window size for HTTP2.0 to resolve this issue. When the concurrent requests exceed the maximum Tx window size, the device will receive and process the concurrent requests in multiple batches based on the Tx window size.

This command takes effect only on HTTP 2.0 request packets.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Create HTTP2.0 parameter profile p1, and set the maximum Tx window size for HTTP2.0 to 128KB.

<Sysname> system-view

[Sysname] parameter-profile p1 type http2

[Sysname-para-http2-p1] recv-window size 128

Related commands

concurrent-streams-per-connection

redirect relocation (LB action view)

Use redirect relocation to enable the redirection feature and specify a redirection URL for an LB action.

Use undo redirect relocation to disable the redirection feature for an LB action.

Syntax

redirect relocation relocation

undo redirect relocation

Default

The redirection feature is disabled for an LB action.

Views

HTTP LB action view

Predefined user roles

network-admin

Parameters

relocation: Specifies a redirection URL, a case-sensitive string of 1 to 255 characters. You can also specify the question mark (?) or the following character strings as the redirection URL (each character string can be used only once):

· %h: Specifies the host name and port number in the client request packet.

· %{host}: Specifies the host name in the client request packet.

· %{port}: Specifies the port number in the client request packet.

· %p: Specifies the URL in the client request packet.

Usage guidelines

Compatibility information

This command redirects all HTTP request packets matching an LB action to the specified URL.

Operating mechanism

This command and the server-farm command are mutually exclusive. If you configure one command, the other command (if configured) is automatically cancelled.

Examples

# Enable the redirection feature for the HTTP LB action lba1, and specify the redirection URL as https://%h%p.

<Sysname> system-view

[Sysname] loadbalance action lba1 type http

[Sysname-lba-http-lba1] redirect relocation https://%h%p

redirect relocation (virtual server view)

Use redirect relocation to enable the redirection feature and specify a redirection URL for a virtual server.

Use undo redirect relocation to disable the redirection feature for a virtual server.

Syntax

redirect relocation relocation

undo redirect relocation

Default

The redirection feature is disabled for a virtual server.

Views

HTTP virtual server view

Predefined user roles

network-admin

Parameters

relocation: Specifies a redirection URL, a case-sensitive string of 1 to 255 characters. The redirection feature redirects all request packets matching the virtual server to the URL. You can also specify the question mark (?) or the following character strings as the redirection URL (each character string can be used only once):

· %h: Specifies the host name and port number in the client request packet.

· %{host}: Specifies the host name in the client request packet.

· %{port}: Specifies the port number in the client request packet.

· %p: Specifies the URL in the client request packet.

Examples

# Enable the redirection feature for the HTTP-type virtual server vs2, and specify the redirection URL as https://%h%p.

<Sysname> system-view

[Sysname] virtual-server vs2 type http

[Sysname-vs-http-vs2] redirect relocation https://%h%p

redirect return-code (LB action view)

Use redirect return-code to specify the status code in the redirection packets that the LB device returns to clients.

Use undo redirect return-code to restore the default.

Syntax

redirect return-code { 301 | 302 | 307 }

undo redirect return-code

Default

The status code in the redirection packets that the LB device returns to clients is 302.

Views

HTTP LB action view

Predefined user roles

network-admin

mdc-admin

Parameters

301: Deletes request resources permanently.

302: Deletes request resources temporarily.

307: Redirects requests to the URL in the location header temporarily.

Usage guidelines

This configuration takes effect only when the redirection feature is enabled for the HTTP LB action.

Examples

# Specify the status code in the redirection packets that the LB device returns to clients as 301 for the HTTP LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type http

[Sysname-lba-http-lba1] redirect return-code 301

Related commands

redirect relocation

redirect return-code (virtual server view)

Use redirect return-code to specify the status code in the redirection packets that the LB device returns to clients.

Use undo redirect return-code to restore the default.

Syntax

redirect return-code { 301 | 302 | 307 }

undo redirect return-code

Default

The status code in the redirection packets that the LB device returns to clients is 302.

Views

HTTP virtual server view

Predefined user roles

network-admin

Parameters

301: Deletes request resources permanently.

302: Deletes request resources temporarily.

307: Redirects requests to the URL in the location header temporarily.

Usage guidelines

This configuration takes effect only when the redirection feature is enabled for the virtual server.

Examples

# Specify the status code in the redirection packets that the LB device returns to clients as 301 for the HTTP-type virtual server vs2.

<Sysname> system-view

[Sysname] virtual-server vs2 type http

[Sysname-vs-http-vs2] redirect return-code 301

Related commands

redirect relocation

reload http-response

Use reload http-response to reload a response file.

Syntax

reload http-response { file filename }

Views

System view

Predefined user roles

network-admin

Parameters

file filename: Specifies a file by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

If a response file changes, you must reload the file to make it take effect.

Examples

# Reload response file subsys_intf.js.

<Sysname> system-view

[Sysname] reload http-response /index/subsys_intf.js

Related commands

fallback-action response raw-file

response

request-version all

Use request-version all to enable compression for responses to HTTP 1.0 requests.

Use undo request-version all to restore the default.

Syntax

request-version all

undo request-version all

Default

Compression is disabled for responses to HTTP 1.0 requests.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

Examples

# Create the HTTP-compression parameter profile http1, and enable compression for responses to HTTP 1.0 requests.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] request-version all

reset loadbalance connections

Use reset loadbalance connections to clear application layer connections.

Syntax

reset loadbalance connections

Views

User view

Predefined user roles

network-admin

Usage guidelines

This command clears all application layer connections, including reused idle connections.

Examples

# Clear application layer connections.

<Sysname> reset loadbalance connection

reset loadbalance probe failed-record

Use reset loadbalance probe failed-record to clear the recorded health monitoring failures.

Syntax

reset loadbalance probe failed-record { real-server | link } [ name name ]

Views

User view

Predefined user roles

network-admin

Parameters

real-server: Specifies a real server or all real servers.

link: Specifies a link or all links.

name name: Specifies a real server or a link by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this parameter, this command clears the recorded health monitoring failures for all real servers or all links.

Examples

# Clear the recorded health monitoring failures for all real servers.

<Sysname> reset loadbalance probe failed-record real-server

Related commands

display loadbalance probe failed-record

reset loadbalance snat-pool statistics

Use reset loadbalance snat-pool statistics to clear SNAT address pool statistics.

Syntax

reset loadbalance snat-pool statistics [ pool-name ]

Views

User view

Predefined user roles

network-admin

Parameters

pool-name: Specifies an SNAT address pool by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command clear statistics of all SNAT address pools.

Examples

# Clear statistics of all SNAT address pools and the associated SNAT IP addresses.

<Sysname> reset loadbalance snat-pool statistics

# Clear statistics of SNAT address pool sp and its members.

<Sysname> reset loadbalance snat-pool statistics sp

reset real-server statistics

Use reset real-server statistics to clear real server statistics or server farm member statistics.

Syntax

reset real-server statistics [ real-server-name ]

reset real-server statistics server-farm server-farm-name [ name real-server-name port port-number ]

Views

User view

Predefined user roles

network-admin

Parameters

real-server-name: Clears statistics of the specified real server. The real-server-name argument specifies a real server name, a case-insensitive string of 1 to 255 characters. If you do not specify this argument, the command clears statistics of all real servers.

server-farm server-farm-name: Clears statistics for members of a server farm. The server-farm-name argument specifies a server farm by its name, a case-insensitive string of 1 to 255 characters.

name real-server-name port port-number: Clears statistics for a server farm member. The real-server-name argument specifies a server farm member by its name, a case-insensitive string of 1 to 255 characters. The port-number argument specifies the port number of the server farm member, in the range of 0 to 65535. If you do not specify this option, the command clears statistics for all members of a server farm.

Examples

# Clear statistics of all real servers.

<Sysname> reset real-server statistics

# Clear statistics of all members in server farm sf.

<Sysname> reset real-server statistics server-farm sf

Related commands

display real-server statistics

reset sticky virtual-server

Use reset sticky virtual-server to clear sticky entry information for virtual servers.

Syntax

reset sticky virtual-server [ virtual-server-name virtual-server-name ] [ [ link { ip ipv4-address | ipv6 ipv6-address | interface { interface-type interface-number | interface-name } } | link-group link-group-name ] * | [ real-server-addr { ipv4-address | ipv6-address } | real-server-port port-number | server-farm server-farm-name | text text ] * ] [ class { class-name | default-class } | client-addr { ipv4-address | ipv6-address } | client-port port-number | sticky-type { diameter | address-port | http-content | http-cookie | http-header | http-passive | payload | radius | sip | ssl | tcp-payload | udp-passive } [ key sticky-key ] ] * [ traffic-group traffic-group-id ]

Views

User view

Predefined user roles

network-admin

Parameters

virtual-server virtual-server-name: Specifies a virtual server by its name, a case-insensitive string of 1 to 255 characters. If you do not specify this option, the command clears sticky entry information for all virtual servers.

link { ip ipv4-address | ipv6 ipv6-address | interface { interface-type interface-number | interface-name } }: Specifies a link by its IPv4 address, IPv6 address, or output interface.

link-group link-group-name: Specifies a link group by its name, a case-insensitive string of 1 to 255 characters.

real-server-addr { ipv4-address | ipv6-address }: Specifies a real server by its IPv4 or IPv6 address.

real-server-port port-number: Specifies a real server port number in the range of 0 to 65535.

server-farm server-farm-name: Specifies a server farm by its name, a case-insensitive string of 1 to 255 characters.

text text: Specifies a text string to match.

class { class-name | default-class }: Specifies an LB class by its name, a case-insensitive string of 1 to 255 characters, or specifies the default LB class.

client-addr { ipv4-address | ipv6-address }: Specifies a client by its IPv4 or IPv6 address.

client-port port-number: Specifies a client port number in the range of 0 to 65535.

sticky-type { diameter | address-port | http-content | http-cookie | http-header | http-passive | payload | radius | sip | ssl | tcp-payload | udp-passive }: Specifies a sticky group type.

key sticky-key: Specifies a key value, a case-sensitive string of 1 to 36 characters. If you do not specify key value, this command clears sticky entries for all key values.

traffic-group traffic-group-id: Specifies a cluster traffic group by its ID, an integer in the range of 1 to 255. If you do not specify this option, the command clears sticky entry information of all cluster traffic groups.

Examples

# Clear sticky entry information for client address 3.0.0.1 of virtual server vs.

<Sysname> reset sticky virtual-server virtual-server-name vs client-addr 3.0.0.1

reset virtual-server statistics

Use reset virtual-server statistics to clear virtual server statistics.

Syntax

reset virtual-server statistics [ virtual-server-name ]

Views

User view

Predefined user roles

network-admin

Parameters

virtual-server-name: Clears statistics of the specified virtual server. The virtual-server-name argument specifies a virtual server name, a case-insensitive string of 1 to 255 characters. If you do not specify this argument, the command clears statistics of all virtual servers.

Examples

# Clear statistics of all virtual servers.

<Sysname> reset virtual-server statistics

Related commands

display virtual-server statistics

response

Use response to specify a response file for matching HTTP requests.

Use undo response to restore the default.

Syntax

response { url url file filename | workpath workpath zip-file zip-filename }

undo response { url url | workpath workpath }

Default

No response file is specified for HTTP requests.

Views

HTTP LB action view

Predefined user roles

network-admin

Parameters

url url: Specifies the URL path used to match HTTP requests, a case-sensitive string of 1 to 255 characters. The specified URL path must start with a forward slash (/).

file filename: Specifies an uncompressed file by its name, a case-insensitive string of 1 to 255 characters.

workpath workpath: Specifies a working path to match the URL in HTTP requests, a case-sensitive string of 1 to 255 characters. The working path can be a single forward slash (/), or a string that starts with a forward slash and does not end with a forward slash.

zip-file zip-filename: Specifies a zip file by its name, a case-insensitive string of 1 to 255 characters. The relative path in the zip file is used to match the URL in HTTP requests.

Usage guidelines

Compatibility information

Any two of the following commands are mutually exclusive:

· response

· server-farm (LB action view)

· redirect relocation (LB action view)

Operating mechanism

If the URL path in a client request matches the specified URL path, the device responds to the request by using an uncompressed file.

If the URL path in a client request matches the specified working path plus a relative path in the zip file, the device responds to the request by using the file in the zip file. For example, if you configure the response workpath /index zip-file flash:/za/zb/test.zip command and a relative path /css/col.css exists in test.zip, the matching URL is /index/css/col.css and the response file is col.css.

URL-encoded URLs cannot be matched.

If you configure both an uncompressed file and a compressed file for the same URL path, the uncompressed file is used to respond to matching HTTP requests.

The path specified in the command must exist on the device.

For the same HTTP LB action, only one uncompressed file can be used for a URL, and one uncompressed file can be used for multiple URLs.

If you specify multiple compressed files for one or more URL paths in the same HTTP LB action, the most recent configuration takes effect.

If you specify multiple uncompressed files for one URL path in the same HTTP LB action, the most recent configuration takes effect. One uncompressed file can be used for different URL paths.

Examples

# Specify response file subsys.js for the HTTP requests with URL path /index/subsys/subsys_intf.js.

<Sysname> system-view

[Sysname] loadbalance action a_http type http

[Sysname-lba-http-a_http] response url /index/subsys/subsys_intf.js file subsys.js

Related commands

display loadbalance action

redirect relocation (LB action view)

server-farm (LB action view)

retransmission enable

Use retransmission enable to enable Diameter message retransmission.

Use undo retransmission enable to disable Diameter message retransmission.

Syntax

retransmission enable

undo retransmission enable

Default

Diameter message retransmission is disabled.

Views

Diameter session parameter profile view

Predefined user roles

network-admin

Usage guidelines

With Diameter message retransmission enabled, if the device does not receive any response from the real server within the retransmission timeout timer, the device retransmits the message to another real server in the same server farm and restarts the timer. If the device still does not receive any response within the retransmission timeout timer, it considers the message transmission failed and notifies the client that the server is unreachable.

The device can retransmit a Diameter message only once.

Examples

# Enable Diameter message retransmission for Diameter session parameter profile dia.

<Sysname> system-view

[Sysname] parameter-profile dia type diameter-session

[Sysname-para-diameter-session-dia] retransmission enable

Related commands

parameter-profile

retransmission timeout

Use retransmission timeout to set the timeout timer for Diameter message retransmission.

Use undo retransmission to restore the default.

Syntax

retransmission timeout timeout-value

undo retransmission timeout

Default

The timeout timer for Diameter message retransmission is 5 seconds.

Views

Diameter session parameter profile view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the timeout timer in the range of 1 to 4294967295 seconds.

Usage guidelines

Before using this command, use the retransmission enable command to enable Diameter message retransmission.

The device can retransmit a Diameter message only once.

Use this command to set an appropriate timeout timer for Diameter message retransmission. A long timeout timer might result in waste of resources. A short timeout timer might prevent the servers from responding to user requests in time.

Examples

# Set the timeout timer for Diameter message retransmission to 15 seconds for Diameter session parameter profile dia.

<Sysname> system-view

[Sysname] parameter-profile dia type diameter-session

[Sysname-para-diameter-session-dia] retransmission timeout 15

Related commands

parameter-profile

retransmission enable

route-advertisement enable

Use route-advertisement enable to enable IP address advertisement for a virtual server.

Use undo route-advertisement enable to disable IP address advertisement for a virtual server.

Syntax

route-advertisement enable

undo route-advertisement enable

Default

IP address advertisement is disabled for a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

Usage guidelines

After this feature is configured, the device advertises the IP address of the virtual server to OSPF for route calculation. When the service of a data center switches to another data center, the traffic to the virtual server can also be switched to that data center. For information about OSPF, see Network Connectivity Configuration Guide.

Examples

# Enable IP address advertisement for the virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type ip

[Sysname-vs-ip-vs] route-advertisement enable

rst threshold

Use rst threshold to set the RST packet count threshold for a TCP-RST LB probe template.

Use undo rst threshold to restore the default.

Syntax

rst threshold number

undo rst threshold

Default

The RST packet count threshold is 1000000.

Views

TCP-RST LB probe template view

Predefined user roles

network-admin

Parameters

number: Specifies the RST packet count threshold value, in the range of 1 to 4294967295.

Usage guidelines

When the number of RST packets sent by a real server reaches the threshold, the protection action specified in the protect-action command is taken.

Examples

# In TCP-RST LB probe template rsttplt, set the RST packet count threshold to 20.

<Sysname>system-view

[Sysname] loadbalance probe-template tcp-rst rsttplt

[Sysname-lbpt-tcp-rst-rsttplt] rst threshold 20

Related commands

protect-action

rule (parameter profile view)

Use rule to configure a filtering rule for compression.

Use undo rule to restore the default.

Syntax

rule [ rule-id ] { deny | permit } { content-type | url } expression

undo rule rule-id

Default

No filtering rules are configured.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

Parameters

rule-id: Specifies a rule by its ID in the range of 1 to 65535. If the rule does not exist, the command creates the rule. If the rule already exists, the command modifies the rule. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

deny: Does not compress matching packets.

permit: Compresses matching packets.

content-type: Matches content types in the content-type header of packets.

url: Matches URLs in packets.

expression: Specifies a regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Examples

# Create the HTTP-compression parameter profile http1, and configure the device to not compress the response packets containing the string image in URLs.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] rule deny url image

rule (protection policy view)

Use rule to create a protection rule and enter its view, or enter the view of an existing protection rule.

Use undo rule to delete a protection rule.

Syntax

rule rule-id

undo rule rule-id

Default

No protection rules exist.

Views

HTTP protection policy view

Predefined user roles

network-admin

Parameters

rule-id: Specifies a rule ID in the range of 1 to 65535.

Usage guidelines

Operating mechanism

You can configure multiple protection rules in an HTTP protection policy. The device compares the URL in a packet with the URLs configured in the protection rules according to the order of the rule IDs. If a match is found and the configured protection threshold is exceeded, the device performs the associated protection action. If the URL in the packet does not match the URL configured in a specific protection rule, the device compares the URL with the next protection rule.

Examples

# In HTTP protection policy p1, create protection rule 5 and enter its view.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] rule 5

[Sysname-lbpp-http-p1-rule-5]

secondary-cookie delimiters

Use secondary-cookie delimiters to configure the delimiter that separates secondary cookies in URLs.

Use undo secondary-cookie delimiters to restore the default.

Syntax

secondary-cookie delimiters text

undo secondary-cookie delimiters

Default

The delimiter that separates secondary cookies in URLs can be slash (/), ampersand (&), number sign (#), or plus (+).

Views

HTTP parameter profile view

Predefined user roles

network-admin

Parameters

text: Specifies the delimiter, a string of 1 to 4 characters including exclamation mark (!), quotation mark (',"), number sign (#), semicolon (;), brackets (( ),[ ], < >), question mark (?), backslash (\), caret (^), grave accent (`), vertical bar (|), colon (:), at sign (@), ampersand (&), dollar sign ($), plus (+), asterisk (*), comma (,), and slash (/). Each character in the string is considered as a delimiter.

Examples

# For the HTTP parameter profile pp1, configure the delimiter that separates secondary cookies in URLs as slash (/), at sign (@), number sign (#), or dollar sign ($).

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] secondary-cookie delimiters !@#$

secondary-cookie start

Use secondary-cookie start to configure the start delimiter for secondary cookies in URLs.

Use undo secondary-cookie start to restore the default.

Syntax

secondary-cookie start text

undo secondary-cookie start

Default

The start delimiter for secondary cookies in URLs is question mark (?).

Views

HTTP parameter profile view

Predefined user roles

network-admin

Parameters

text: Specifies the delimiter, a string of 1 to 2 characters including exclamation mark (!), quotation mark ("), number sign (#), semicolon (;), brackets ([ ], < >), question mark (?), backslash (\), caret (^), grave accent (`), and vertical bar (|).

Examples

# For the HTTP parameter profile pp1, configure the start delimiter for secondary cookies in URLs as question mark (?) or exclamation mark (!).

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] secondary-cookie start ?!

selected-server

Use selected-server to specify the number of real servers to participate in scheduling.

Use undo selected-server to restore the default.

Syntax

selected-server min min-number max max-number

undo selected-server

Default

The real servers with the highest priority participate in scheduling.

Views

Server farm view

Predefined user roles

network-admin

Parameters

min min-number: Specifies the minimum number of real servers to participate in scheduling, in the range of 1 to 1000.

max max-number: Specifies the maximum number of real servers to participate in scheduling, in the range of 1 to 1000. The value of the max-number argument must be greater than or equal to the value of the min-number argument.

Usage guidelines

If the number of real servers available to participate in scheduling exceeds the max-number setting, the max-number setting applies.

If the number of real servers available to participate in scheduling is less than the min-number setting, more real servers are selected by priority in descending order.

Examples

# Configure the minimum number and maximum number of real servers in the server farm sf to participate in scheduling as 20 and 30, respectively.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] selected-server min 20 max 30

Related commands

predictor (server farm view)

priority (real server view)

server-connection reuse

Use server-connection reuse to enable connection reuse between the LB device and the server.

Use undo server-connection reuse to disable connection reuse between the LB device and the server.

Syntax

server-connection reuse

undo server-connection reuse

Default

Connection reuse between the LB device and the server is disabled.

Views

HTTP parameter profile view

MySQL parameter profile view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

This command allows the LB device to establish connections to the server that can be reused by clients. Because multiple clients can use the same connection, the number of connections between the clients and the server is reduced.

Restrictions and guidelines

This command is not supported by the virtual servers of the fast HTTP type.

Examples

# Enable connection reuse between the LB device and the server for the HTTP parameter profile pp1.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] server-connection reuse

server-farm (LB action view)

Use server-farm to specify the primary server farm.

Use undo server-farm to restore the default.

Syntax

server-farm server-farm-name [ backup backup-server-farm-name ] [ sticky sticky-name [ backup backup-sticky-name ] ]

undo server-farm

Default

No primary server farm is specified.

Views

LB action view

Predefined user roles

network-admin

Parameters

server-farm-name: Specifies a primary server farm name, a case-insensitive string of 1 to 255 characters.

backup backup-server-farm-name: Specifies a backup server farm name, a case-insensitive string of 1 to 255 characters.

sticky sticky-name: Specifies a primary sticky group by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Compatibility information

This command is mutually exclusive with the forward all or redirect relocation command. If you configure one command, the other command (if configured) is automatically cancelled.

Operating mechanism

When the primary server farm is available (contains real servers), packets are forwarded through the primary server farm. When the primary server farm is not available, packets are forwarded through the backup server farm.

Restrictions and guidelines

The device generates backup sticky entries for only the following sticky group combinations:

· RADIUS-type primary sticky group and port-address-type backup sticky group.

· HTTP cookie-type primary sticky group and port-address-type backup sticky group.

· HTTP cookie-type primary sticky group and HTTP passive-type backup sticky group.

Examples

# Specify the primary server farm sf, the backup server farm sfb, and the sticky group sg1 for the generic LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] server-farm sf backup sfb sticky sg1

Related commands

forward all

server-farm (real server view)

Use server-farm to specify the server farm for a real server.

Use undo server-farm to restore the default.

Syntax

server-farm server-farm-name

undo server-farm [ server-farm-name ]

Default

A real server does not belong to any server farm.

Views

Real server view

Predefined user roles

network-admin

Parameters

server-farm-name: Specifies a server farm name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

You can specify a server farm that has not been created.

Examples

# Specify the server farm sf for the real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] server-farm sf

server-farm (system view)

Use server-farm to create a server farm and enter its view, or enter the view of an existing server farm.

Use undo server-farm to delete the specified server farm.

Syntax

server-farm server-farm-name

undo server-farm server-farm-name

Default

No server farms exist.

Views

System view

Predefined user roles

network-admin

Parameters

server-farm-name: Specifies a server farm name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Operating mechanism

You can add servers with common attributes to a server farm to facilitate management.

Examples

# Create the server farm sf and enter server farm view.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf]

service-down-action reset

Use service-down-action reset to enable immediate TCP connection interruption upon virtual server unavailability.

Use undo service-down-action reset to disable immediate TCP connection interruption upon virtual server unavailability.

Syntax

service-down-action reset

undo service-down-action reset

Default

Immediate TCP connection interruption upon virtual server unavailability is disabled.

Views

TCP/HTTP/fast HTTP/MySQL/SIP-TCP virtual server view

Predefined user roles

network-admin

Usage guidelines

After you execute this command for a virtual server, if the virtual server is unavailable, a SYN packet from a client will be immediately responded to with an RST packet.

Examples

# In TCP virtual server view, enable immediate TCP connection interruption upon virtual server unavailability.

<Sysname> system-view

[Sysname] virtual-server vs type tcp

[Sysname-vs-tcp-vs] service-down-action reset

service enable

Use service enable to enable a virtual server.

Use undo service enable to disable a virtual server.

Syntax

service enable

undo service enable

Default

A virtual server is disabled.

Views

Virtual server view

Predefined user roles

network-admin

Examples

# Enable the IP-type virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] service enable

# In outbound link load balancing, enable the link IP-type virtual server vs2.

<Sysname> system-view

[Sysname] virtual-server vs2 type link-ip

[Sysname-vs-link-ip-vs2] service enable

service object-group

Use service object-group to specify a service object group for address translation.

Use undo service object-group to restore the default.

Syntax

service object-group object-group-name

undo service object-group

Default

All packets matching virtual servers are translated.

Views

SNAT global policy view

Predefined user roles

network-admin

Parameters

object-group-name: Specifies a service object group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you specify a service object group, the device performs SNAT on only packets with a matching service. For information about configuring a service object group, see object group configuration in Security Configuration Guide.

Examples

# Specify a service object group obj1 for SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] service object-group obj1

Related commands

object-group (Security Command Reference)

set ip tos (LB action view)

Use set ip tos to set the ToS field value of IP packets sent to the server.

Use undo set ip tos to restore the default.

Syntax

set ip tos tos-number

undo set ip tos

Default

The ToS field of IP packets sent to the server is not changed.

Views

LB action view

Predefined user roles

network-admin

Parameters

tos-number: Specifies the ToS field value in the range of 0 to 255.

Examples

# Set the ToS field value to 20 for IP packets sent to the server for the generic LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] set ip tos 20

# In outbound link load balancing, set the ToS field value to 20 for IP packets sent to the server for the link-generic LB action lba2.

<Sysname> system-view

[Sysname] loadbalance action lba2 type link-generic

[Sysname-lba-link-generic-lba2] set ip tos 20

# In transparent DNS proxy, set the ToS field value to 20 for IP packets sent to the server for the DNS LB action lba3.

<Sysname> system-view

[Sysname] loadbalance action lba3 type dns

[Sysname-lba-dns-lba3] set ip tos 20

set ip tos (parameter profile view)

Use set ip tos to set the ToS field value of IP packets sent to the client.

Use undo set ip tos to restore the default.

Syntax

set ip tos tos-number

undo set ip tos

Default

The ToS field of IP packets sent to the client is not changed.

Views

Parameter profile view

Predefined user roles

network-admin

Parameters

tos-number: Specifies the ToS field value in the range of 0 to 255.

Usage guidelines

This command is available in IP parameter profile view only.

Examples

# Set the ToS field value to 20 for IP packets sent to the client for the IP parameter profile pp2.

<Sysname> system-view

[Sysname] parameter-profile pp2 type ip

[Sysname-para-ip-pp2] set ip tos 20

shutdown (real server view)

Use shutdown to shut down a real server.

Use undo shutdown to activate a real server.

Syntax

shutdown

undo shutdown

Default

A real server is activated.

Views

Real server view

Predefined user roles

network-admin

Examples

# Shut down the real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] shutdown

shutdown (server farm member view)

Use shutdown to shut down a server farm member.

Use undo shutdown to activate a server farm member.

Syntax

shutdown

undo shutdown

Default

A server farm member is activated.

Views

Server farm member view

Predefined user roles

network-admin

Examples

# Shut down the server farm member rs1.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] shutdown

slow-attack client-read timeout

Use slow-attack client-read timeout to configure the timeout timer for detecting slow read attacks.

Use undo slow-attack client-read timeout to disable slow read attack detection.

Syntax

slow-attack client-read timeout timeout-value

undo slow-attack client-read timeout

Default

Slow read attack detection is disabled. After you enable HTTP slow attack protection, the timeout timer for detecting slow read attacks is 30 seconds.

Views

HTTP protection policy view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the timeout timer for the client to finish reading an HTTP response, in the range of 1 to 65535 seconds. The default value is 30.

Usage guidelines

Operating mechanism

The device takes an HTTP response as a slow read attack if a client does not finish reading an HTTP response sent by a server before the timeout timer expires.

Restrictions and guidelines

The timeout timer for detecting slow read attacks takes effect only after you enable HTTP slow attack protection.

If you use this command to enable slow read attack detection, the configuration takes effect on only new traffic, and it does not take effect on existing traffic.

If you use this command to disable slow read attack detection or edit the timeout timer for detecting slow read attacks, the configuration takes effect on both existing traffic and new traffic.

Examples

# Configure the timeout timer for detecting slow read attacks in HTTP protection policy view.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] slow-attack client-read timeout 30

Related commands

display loadbalance protection-policy

slow-attack protection enable

slow-attack min-transmit-rate

Use slow-attack min-transmit-rate to configure the minimum transmission rate and the minimum transmission rate duration for detecting slow attacks.

Use undo slow-attack min-transmit-rate to disable .

Syntax

slow-attack min-transmit-rate rate-value [ duration duration ]

undo slow-attack min-transmit-rate

Default

Slow attack detection with the minimum transmission rate is disabled. After you enable HTTP slow attack protection, the minimum transmission rate is 100 bytes per second and the duration is 60 seconds for detecting slow attacks.

Views

HTTP protection policy view

Predefined user roles

network-admin

Parameters

rate-value: Specifies the minimum transmission rate for detecting slow attacks, in the range of 1 to 65535 bytes per second. The default value is 100.

duration: Specifies the minimum transmission rate duration for detecting slow attacks, in the range of 1 to 65535 seconds. The default value is 60.

Usage guidelines

Operating mechanism

When some applications have high upload or download demands, using the timeout timer for detecting slow attacks might lead to misjudgments. To identify attacks more accurately, the device can use the minimum transmission rate and minimum transmission rate duration settings. The device takes the traffic as a slow HTTP attack if the actual transmission rate remains below the minimum rate within the specified duration.

The device then identifies the attack type based on the current transmission stage.

· In the HTTP request header transmission stage, the device identifies that it might be a slow headers attack.

· In the HTTP request body transmission stage, the device identifies that it might be a slow body attack.

· In the response packet sending stage, the device identifies that it might be a slow read attack.

· If the client request packet or the response packet returned to the client is the HTTP/2 version, the device identifies it as an HTTP/2 slow attack.

Restrictions and guidelines

The minimum transmission rate and the minimum transmission rate duration for detecting slow attacks take effect only after you enable HTTP slow attack protection.

If you use this command to enable slow attack detection with the minimum transmission rate or edit the minimum transmission rate, the configuration takes effect on only new traffic, and it does not take effect on existing traffic.

If you use this command to disable slow attack detection with the minimum transmission rate or edit the minimum transmission rate duration, the configuration takes effect on new both existing traffic and new traffic.

Examples

# Configure the minimum transmission rate as 120 bytes per second and the duration as 50 seconds for detecting slow attacks in HTTP protection policy view.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] slow-attack min-transmit-rate 120 duration 50

Related commands

display loadbalance protection-policy

slow-attack client-read timeout

slow-attack protection enable

slow-attack request-headers timeout

slow-attack request-body timeout

slow-attack protection enable

Use slow-attack protection enable to enable HTTP slow attack protection for an HTTP protection policy.

Use undo slow-attack protection enable to disable HTTP slow attack protection for an HTTP protection policy.

Syntax

slow-attack protection enable

undo slow-attack protection enable

Default

HTTP slow attack protection is disabled for an HTTP protection policy.

Views

HTTP protection policy view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

You can configure HTTP slow attack protection for an HTTP protection policy. This configuration enables the device to analyze received HTTP request packets. It determines whether a slow headers, slow body, or slow read attack occurs based on the timeout timer, minimum transmission rate, and minimum transmission rate duration. If such a slow attack occurs, the device takes the associated protection actions.

HTTP slow attacks include the following types:

· Slow headers attack—The device takes an HTTP request as a slow headers attack if the device does not completely receive the headers of the HTTP request sent by a client before the timeout timer expires.

· Slow body attack—The device takes an HTTP request as a slow body attack if the device does not completely receive the body of the HTTP request sent by a client before the timeout timer expires.

· Slow read attack—The device takes an HTTP response as a slow read attack if a client does not finish reading an HTTP response sent by a server before the timeout timer expires.

Restrictions and guidelines

To have the HTTP slow attack protection feature take effect, specify the protection action as warning or drop with the protection-action { warning | drop } * command.

Examples

# Enable HTTP slow attack protection in HTTP protection policy view.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] slow-attack protection enable

Related commands

display loadbalance protection-policy

protection-action

slow-attack client-read timeout

slow-attack min-transmit-rate

slow-attack request-body timeout

slow-attack request-header timeout

slow-attack request-body timeout

Use slow-attack request-body timeout to configure the timeout timer for detecting slow body attacks.

Use undo slow-attack request-body timeout to disable slow body attack detection.

Syntax

slow-attack request-body timeout timeout-value

undo slow-attack request-body timeout

Default

Slow body attack detection is disabled. After you enable HTTP slow attack protection, the timeout timer for detecting slow body attacks is 20 seconds.

Views

HTTP protection policy view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the timeout timer for the client to completely send the body of an HTTP request, in the range of 1 to 65535 seconds. The default value is 20.

Usage guidelines

Operating mechanism

The device takes an HTTP request as a slow body attack if the device does not completely receive the body of the HTTP request sent by a client before the timeout timer expires.

Restrictions and guidelines

The timeout timer for detecting slow body attacks takes effect only after you enable HTTP slow attack protection.

If you use this command to enable slow body attack detection, the configuration takes effect on only new traffic, and it does not take effect on existing traffic.

If you use this command to disable slow body attack detection or edit the timeout timer for detecting slow body attacks, the configuration takes effect on both existing traffic and new traffic.

Examples

# Configure the timeout timer for detecting slow body attacks in HTTP protection policy view.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] slow-attack request-body timeout 20

Related commands

display loadbalance protection-policy

slow-attack protection enable

slow-attack min-transmit-rate

slow-attack request-header timeout

Use slow-attack request-header timeout to configure the timeout timer for detecting slow headers attacks.

Use undo slow-attack request-header timeout to disable slow headers attack detection.

Syntax

slow-attack request-header timeout timeout-value

undo slow-attack request-header timeout

Default

Slow headers attack detection is disabled. After you enable HTTP slow attack protection, the timeout timer for detecting slow headers attacks is 10 seconds.

Views

HTTP protection policy view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the timeout timer for the client to completely send the headers of an HTTP request, in the range of 1 to 65535 seconds. The default value is 10.

Usage guidelines

Operating mechanism

The device takes an HTTP request as a slow headers attack if the device does not completely receive the headers of the HTTP request sent by a client before the timeout timer expires.

Restrictions and guidelines

The timeout timer for detecting slow headers attacks takes effect only after you enable HTTP slow attack protection.

If you use this command to enable slow headers attack detection, the configuration takes effect on only new traffic, and it does not take effect on existing traffic.

If you use this command to disable slow headers attack detection or edit the timeout timer for detecting slow headers attacks, the configuration takes effect on both existing traffic and new traffic.

Examples

# Configure the timeout timer for detecting slow headers attacks in HTTP protection policy view.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] slow-attack request-header timeout 10

Related commands

display loadbalance protection-policy

slow-attack protection enable

slow-attack min-transmit-rate

slow-offline enable (real server view)

Use slow-offline enable to enable the slow offline feature for a real server.

Use undo slow-offline enable to disable the slow offline feature for a real server.

Syntax

slow-offline enable

undo slow-offline enable

Default

The slow offline feature is disabled for a real server.

Views

Real server view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

The shutdown command immediately terminates existing connections of a real server. The slow offline feature does not terminate existing connections and wait them to age out. It creates connections for traffic that matches the exiting sticky entry and continues to perform health monitoring on the server farm member.

Application scenarios

Use the slow offline feature if you want to remove a server farm member and then add it again at a later time. With the slow offline feature, you can also monitor the state of the server farm member in real time.

Prerequisites

To enable the slow offline feature for a real server, you must execute the slow-offline enable command and then the shutdown command.

This command and the slow-shutdown enable command are mutually exclusive. A subsequently executed command overwrites the previously executed command.

Examples

# Enable the slow offline feature for the real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] slow-offline enable

[Sysname-rserver-rs] shutdown

Related commands

shutdown (real server view)

slow-shutdown (real server view)

slow-offline enable (server farm member view)

Use slow-offline enable to enable the slow offline feature for a server farm member.

Use undo slow-offline enable to disable the slow offline feature for a server farm member.

Syntax

slow-offline enable

undo slow-offline enable

Default

The slow offline feature is disabled for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

The shutdown command immediately terminates existing connections of a server farm member. The slow offline feature does not terminate existing connections and wait them to age out. It creates connections for traffic that matches an existing sticky entry and continues to perform health monitoring on the server farm member.

Application scenarios

Prerequisites

To enable the slow offline feature for a server farm member, you must execute this command and then the shutdown command.

This command and the slow-shutdown enable command are mutually exclusive. A subsequently executed command overwrites the previously executed command.

Examples

# Enable the slow offline feature for the server farm member rs.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs port 0

[Sysname-sfarm-sf-#member#-rs-port-0] slow-offline enable

[Sysname-sfarm-sf-#member#-rs-port-0] shutdown

Related commands

shutdown (server farm member view)

slow-shutdown (server farm member view)

slow-online

Use slow-online to enable the slow online feature for a server farm.

Use undo slow-online to disable the slow online feature for a server farm.

Syntax

slow-online [ standby-time standby-time ramp-up-time ramp-up-time ]

undo slow-online

Default

The slow online feature is disabled for a server farm.

Views

Server farm view

Predefined user roles

network-admin

Parameters

standby-time standby-time: Specifies the standby timer in the range of 0 to 600 seconds. The default is 5 seconds.

ramp-up-time ramp-up-time: Specifies the ramp-up timer in the range of 3 to 600 seconds. The default is 5 seconds.

Usage guidelines

The real servers newly added to a server farm might not be able to immediately process large numbers of services assigned by the LB device. To resolve this issue, enable the slow online feature for the server farm. The feature uses the standby timer and ramp-up timer. When a real server is added, the LB device does not assign any service to the real server until the standby timer expires.

When the standby timer expires, the ramp-up timer starts. During the ramp-up time, the LB device increases the service amount according to the processing capability of the real server, until the ramp-up timer expires.

Examples

# Enable the slow online feature for the server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] slow-online

slow-shutdown enable (real server view)

Use slow-shutdown enable to enable the slow shutdown feature for a real server.

Use undo slow-shutdown enable to disable the slow shutdown feature for a real server.

Syntax

slow-shutdown enable

undo slow-shutdown enable

Default

The slow shutdown feature is disabled for a real server.

Views

Real server view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

The shutdown command immediately terminates existing connections of a real server. The slow shutdown feature ages out the connections, and does not establish new connections.

Application scenarios

Use the slow shutdown feature before you maintain or upgrade a real server to avoid bad user experience caused by sudden disconnections.

Prerequisites

To enable the slow shutdown feature for a real server, you must execute the slow-shutdown enable command and then the shutdown command. If you execute the shutdown command and then the slow-shutdown enable command, the slow shutdown feature does not take effect and the real server is shut down.

This command and the slow-offline enable command are mutually exclusive. A subsequently executed command overwrites the previously executed command.

Examples

# Enable the slow shutdown feature for the real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] slow-shutdown enable

[Sysname-rserver-rs] shutdown

Related commands

shutdown (real server view)

slow-offline enable (real server view)

slow-shutdown enable (server farm member view)

Use slow-shutdown enable to enable the slow shutdown feature for a server farm member.

Use undo slow-shutdown enable to disable the slow shutdown feature for a server farm member.

Syntax

slow-shutdown enable

undo slow-shutdown enable

Default

The slow shutdown feature is disabled for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

The shutdown command immediately terminates existing connections of a server farm member. The slow shutdown feature ages out the connections, and does not establish new connections.

Application scenarios

Use the slow shutdown feature before you maintain or upgrade a server farm member to avoid bad user experience caused by sudden disconnections.

Prerequisites

To enable the slow shutdown feature for a server farm member, you must execute the slow-shutdown enable command and then the shutdown command. If you execute the shutdown command and then the slow-shutdown enable command, the slow shutdown feature does not take effect and the server farm member is shut down.

This command and the slow-offline enable command are mutually exclusive. A subsequently executed command overwrites the previously executed command.

Examples

# Enable the slow shutdown feature for the server farm member rs1.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] slow-shutdown enable

[Sysname-sfarm-sf-#member#-rs1-port-80] shutdown

Related commands

shutdown (server farm member view)

slow-offline enable (server farm member view)

snat enable

Use snat enable to enable a SNAT global policy.

Use undo snat enable to disable a SNAT global policy.

Syntax

snat enable

undo snat enable

Default

A SNAT global policy is disabled.

Views

SNAT global policy view

Predefined user roles

network-admin

Examples

# Enable SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] snat enable

snat-mode

Use snat-mode to specify a translation mode for a server farm.

Use undo snat-mode to restore the default.

Syntax

snat-mode { auto-map | tcp-option }

undo snat-mode

Default

No translation mode is specified for a server farm.

Views

Server farm view

Predefined user roles

network-admin

Parameters

auto-map: Specifies the automatic mapping mode.

tcp-option: Specifies the TCP option mode.

Usage guidelines

Compatibility information

You can configured only one translation mode for a server farm. This command and the snat-pool (server farm view) command are mutually exclusive.

Operating mechanism

The device supports the following translation modes for a server farm:

· Automatic mapping—Translates the source IP address into the IP address of the interface connecting to the real servers.

· TCP option—Translates the source IP address into the IP address carried in the TCP option field of packets.

· SNAT address pool—Translates the source IP address into an IP address in the SNAT address pool specified by using the snat-pool (server farm view) command.

If SNAT is not configured for a server farm, the server farm uses SNAT global policies for address translation (if configured).

Examples

# Specify the automatic mapping translation mode for server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] snat-mode auto-map

Related commands

loadbalance snat-global-policy

snat-pool (server farm view)

snat-pool

Use snat-pool to specify the SNAT address pool to be referenced by a server farm.

Use undo snat-pool to restore the default.

Syntax

snat-pool pool-name

undo snat-pool

Default

No SNAT address pool is referenced by a server farm.

Views

Server farm view

Predefined user roles

network-admin

Parameters

pool-name: Specifies the SNAT address pool name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

After a server farm references a SNAT address pool, the LB device replaces the source address of packets it receives with an SNAT address before forwarding the packets.

Examples

# Specify the SNAT address pool lbsp to be referenced by the server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] snat-pool lbsp

snmp-agent trap enable loadbalance

Use snmp-agent trap enable loadbalance to enable SNMP notifications for load balancing.

Use undo snmp-agent trap enable loadbalance to disable SNMP notifications for load balancing.

Syntax

snmp-agent trap enable loadbalance

undo snmp-agent trap enable loadbalance

Default

All SNMP notifications are enabled for load balancing.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

To report critical load balancing events to an NMS, enable SNMP notifications for load balancing. For load balancing event notifications to be sent correctly, you must also configure SNMP as described in the network management and monitoring configuration guide for the device.

Examples

# Disable SNMP notifications for load balancing.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable loadbalance

source-ip

Use source-ip to configure a source-IP-based request threshold.

Use undo source-ip to restore the default.

Syntax

source-ip request-threshold threshold

undo source-ip

Default

The source-IP-based request threshold is not configured.

Views

Protection rule view

Predefined user roles

network-admin

Parameters

request-threshold threshold: Specifies a request threshold in the range of 1 to 4294967295.

Usage guidelines

· Cookie—Requests with the same cookie value for a cookie (specified in the cookie command in protection rule view) belong to the same user.

· Source IP address—Requests with the same source IP address belong to the same user.

If you configure both a cookie-based request threshold and a source-IP-based request threshold, the protection action is taken when either threshold is exceeded.

Examples

# In protection rule 5, configure a source-IP-based request threshold of 2.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] rule 5

[Sysname-lbpp-http-p1-rule-5] source-ip request-threshold 2

Related commands

cookie (protection policy view)

protected-url

protection-action

protection-period

source-ip object-group (parameter profile view)

Use source-ip object-group to enable collection of HTTP traffic statistics by source IP address object group.

Use undo source-ip object-group to remove a source IP address object group for HTTP traffic statistics collection.

Syntax

source-ip object-group object-group-name

undo source-ip object-group object-group-name

Default

HTTP traffic statistics are collected on a per-IP address basis.

Views

HTTP statistics parameter profile view

Predefined user roles

network-admin

Parameters

object-group-name: Specifies a source IP address object group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Operating mechanism

If HTTP packets match the specified URL and source IP address object group, they are counted based on the source IP address object group. If HTTP packets match the specified URL but do not match the specified source IP address object group, they are counted based on the source IP address.

You can specify a maximum of 1024 source IP address object groups in one HTTP statistics parameter profile.

Restrictions and guidelines

This command takes effect only on IP address objects configured by using the host, subnet, and range keywords in the network command. For information about configuring IP address objects, see object group configuration in Security Configuration Guide.

Examples

# In HTTP statistics parameter profile http1, enable collection of HTTP traffic statistics by source IP address object group cnc.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-statistics

[Sysname-para-http-statistics-http1] source-ip object-group cnc

Related commands

network (Security Command Reference)

object-group (Security Command Reference)

source-ip object-group (SNAT global policy view)

Use source-ip object-group to specify a source IP address object group for address translation.

Use undo source-ip object-group to restore the default.

Syntax

source-ip object-group object-group-name

undo source-ip object-group

Default

All packets are translated.

Views

SNAT global policy view

Predefined user roles

network-admin

Parameters

object-group-name: Specifies a source IP address object group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you specify a source IP address object group, the device performs SNAT on only packets with a matching source IP address. For information about configuring an IP address object group, see object group configuration in Security Configuration Guide.

Examples

# Specify source IP address object group obj1 for SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] source-ip object-group obj1

Related commands

object-group (Security Command Reference)

src-addr-option

Use src-addr-option to configure the TCP option for SNAT.

Use undo src-addr-option to restore the default.

Syntax

src-addr-option option-number [ encode { binary | string } ]

undo src-addr-option

Default

No TCP option is configured for SNAT.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

option-number: Specifies a TCP option by its number. Valid numbers are 6, 7, 9 to 18, and 22 to 254.

encode { binary | string }: Specifies the bindary or string encoding mode. The default is the binary mode.

Usage guidelines

This command enables the device to parse the IP address in the TCP option by using the specified encoding mode. Then, the device translates the source IP address according to the configured translation mode.

This command takes effect only in a TCP parameter profile that is referenced as a client-side parameter profile by a virtual server.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In TCP parameter profile pp3, specify TCP option 28 with binary encoding mode for SNAT.

<Sysname> system-view

[Sysname] parameter-profile pp3 type tcp

[Sysname-para-tcp-pp3] src-addr-option 28 encode binary

Related commands

snat-mode

ssl session-id

Use ssl session-id to configure an SSL sticky method based on SSL session ID.

Use undo ssl session-id to restore the default.

Syntax

ssl session-id

undo ssl session-id

Default

No sticky methods exist.

Views

SSL sticky group view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

The SSL sticky method based on SSL session ID applies only to HTTPS request packets. This sticky method requires specifying an SSL server policy for the virtual server.

Examples

# Configure the SSL sticky method based on SSL session ID for the SSL sticky group sg6.

<Sysname> system-view

[Sysname] sticky-group sg6 type ssl

[Sysname-sticky-ssl-sg6] ssl session-id

ssl url rewrite

Use ssl url rewrite to rewrite the URL in the Location header of HTTP response packets sent by the server.

Use undo ssl url rewrite to remove the configuration.

Syntax

ssl url rewrite location location [ clearport clear-port ] [ sslport ssl-port ]

undo ssl url rewrite location location [ clearport clear-port ]

Default

The URL in the Location header of HTTP response packets sent by the server is not rewritten.

Views

HTTP LB action view

Predefined user roles

network-admin

Parameters

location location: Specifies the Location header URL regular expression, a case-sensitive string of 1 to 255 characters.

clearport clear-port: Specifies the HTTP port number to be rewritten, in the range of 1 to 65535. The default is 80.

sslport ssl-port: Specifies the SSL port number after rewrite, in the range of 1 to 65535. The default is 443.

Usage guidelines

If the Location header of an HTTP response packet contains the location and clear-port values, the system rewrites HTTP in the URL to HTTPS and rewrites the clear-port value to the ssl-port value.

Examples

# For the HTTP LB action lba2, rewrite the URL http://www.ss.example.com:8080 in the Location header of HTTP response packets sent by the server to https://www.ss.example.com:443.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] ssl url rewrite location www.ss.example.com clearport 8080 sslport 443

ssl-client-policy (LB action view)

Use ssl-client-policy to specify an SSL client policy to encrypt traffic between the LB device (SSL client) and the SSL server.

Use undo ssl-client-policy to restore the default.

Syntax

ssl-client-policy policy-name

undo ssl-client-policy policy-name

Default

No SSL client policy is referenced.

Views

HTTP/Diameter LB action view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an SSL policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

The virtual servers of the fast HTTP type do not support this command.

The device does not support specifying an SSL client policy that uses the following cipher suites:

· exp_rsa_des_cbc_sha.

· exp_rsa_rc2_md5.

· exp_rsa_rc4_md5.

· rsa_des_cbc_sha.

Examples

# Specify the SSL client policy scp for the HTTP LB action lba2.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] ssl-client-policy scp

ssl-client-policy (virtual server view)

Use ssl-client-policy to specify an SSL client policy for a virtual server to encrypt traffic between the LB device (SSL client) and the SSL server.

Use undo ssl-client-policy to restore the default.

Syntax

ssl-client-policy policy-name

undo ssl-client-policy policy-name

Default

A virtual server does not reference any SSL client policy.

Views

HTTP virtual server view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an SSL policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

The virtual servers of the fast HTTP type do not support this command.

The device does not support specifying an SSL client policy that uses the following cipher suites:

· exp_rsa_des_cbc_sha.

· exp_rsa_rc2_md5.

· exp_rsa_rc4_md5.

· rsa_des_cbc_sha.

Examples

# Specify the SSL client policy scp for the HTTP virtual server vs2.

<Sysname> system-view

[Sysname] virtual-server vs2 type http

[Sysname-vs-http-vs2] ssl-client-policy scp

ssl-server-policy

Use ssl-server-policy to specify an SSL server policy for a virtual server to encrypt traffic between the LB device (SSL server) and the SSL client.

Use undo ssl-server-policy to remove an SSL server policy.

Syntax

ssl-server-policy policy-name [ sni server-name ]

undo ssl-server-policy policy-name [ policy-name sni ]

Default

A virtual server does not reference any SSL server policy.

Views

HTTP/TCP/Diameter virtual server view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an SSL server policy by its name, a case-insensitive string of 1 to 31 characters.

sni server-name: Specifies an SSL server indication, a case-insensitive string of 1 to 253 characters.

Usage guidelines

Operating mechanism

If you execute this command multiple times without the sni server-name option, the most recent configuration takes effect.

You can specify multiple SSL server policies with SSL server indications, and each SSL server policy must have a different SSL server indication.

If you specify multiple SSL server policies, only the SSL server policy without an SSL server indication takes effect.

Restrictions and guidelines

The virtual servers of the fast HTTP type do not support this command.

The device does not support specifying an SSL server policy that uses the following cipher suites:

· exp_rsa_des_cbc_sha.

· exp_rsa_rc2_md5.

· exp_rsa_rc4_md5.

· rsa_des_cbc_sha.

Examples

# Specify the SSL server policy ssp for the HTTP virtual server vs2.

<Sysname> system-view

[Sysname] virtual-server vs2 type http

[Sysname-vs-http-vs2] ssl-server-policy ssp

statistics-match url

Use statistics-match url to configure a URL match rule.

Use undo statistics-match url to delete a URL match rule.

Syntax

statistics-match [ rule-id ] url url

undo statistics-match rule-id

Default

No URL match rules exist.

Views

Statistics node view

Predefined user roles

network-admin

Parameters

rule-id: Specifies the match rule ID in the range of 1 to 256. If you do not specify a match rule ID, the system assigns the smallest available rule ID to the match rule.

url: Specifies a URL regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Usage guidelines

You can configure a maximum of 256 URL match rules for one statistics node.

Examples

# In statistics node bank, configure a string of .html to match URLs in HTTP packets.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-statistics

[Sysname-para-http-statistics-http1] node bank

[Sysname-para-http-statistics-http1-node-bank] statistics-match url *.html

status-code

Use status-code to configure a response status code to check.

Use undo status-code to remove a response status code.

Syntax

status-code code

undo status-code code

Default

No response status code is configured for checking.

Views

HTTP passive LB probe template view

Predefined user roles

network-admin

Parameters

code: Specifies a response status code, in the range of 100 to 599.

Usage guidelines

The device monitors the responses of HTTP requests with URLs specified in the check-url command. If the status code in an HTTP response is the same as the specified response status code, a URL error is recorded.

You can configure a maximum of 10 response status codes for one HTTP passive load balancing template.

Examples

# Configure response status code 404 in HTTP passive load balancing template tplt.

<Sysname> system-view

[Sysname] loadbalance probe-template http-passive tplt

[Sysname-lbpt-http-passive-tplt] status-code 404

Related commands

check-url

sticky

Use sticky to specify a sticky group for a virtual server.

Use undo sticky to restore the default.

Syntax

sticky sticky-name

undo sticky

Default

No sticky group is specified for a virtual server.

Views

HTTP virtual server view

Predefined user roles

network-admin

Parameters

sticky-name: Specifies a sticky group by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Operating mechanism

You can also specify a sticky group by using the default server-farm and server-farm (LB action view) commands. The sticky group specified by using the sticky command has the highest priority.

Restrictions and guidelines

This command allows you to specify only HTTP cookie sticky groups.

Examples

# Specify the HTTP cookie sticky group test for HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] sticky test

Related commands

default server-farm

server-farm (LB action view)

sticky-group

Use sticky-group to create a sticky group and enter its view, or enter the view of an existing sticky group.

Use undo sticky-group to delete the specified sticky group.

Syntax

sticky-group group-name [ type { address-port | diameter | http-content | http-cookie | http-header | http-passive | payload | radius| sip | ssl | tcp-payload | udp-passive } ]

undo sticky-group group-name

Default

No sticky groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-name: Specifies a sticky group name, a case-insensitive string of 1 to 255 characters.

type { address-port | diameter | http-content | http-cookie | http-header | http-passive | payload | radius | sip | ssl | tcp-payload | udp-passive }: Specifies the sticky group type, address and port, Diameter, HTTP entity, HTTP cookie, HTTP header, HTTP passive, HTTP or UDP payload, RADIUS, SIP, SSL, TCP payload, or UDP passive. When you create a sticky group, you must specify the sticky group type. You can enter an existing sticky group view without entering the type of the sticky group.

Usage guidelines

Operating mechanism

A sticky group uses a specific sticky method to distribute similar sessions to the same real server or link. The sticky method applies to the first packet of a session. Subsequent packets of the session are distributed to the same real server or link.

Examples

# Create the address- and port-type sticky group sg1 and enter sticky group view.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1]

sticky-over-busy enable

Use sticky-over-busy enable to enable stickiness-over-busyness.

Use undo sticky-over-busy enable to disable stickiness-over-busyness.

Syntax

sticky-over-busy enable

undo sticky-over-busy enable

Default

Stickiness-over-busyness is disabled.

Views

Sticky group view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to assign client requests to real servers based on sticky entries, regardless of whether the real servers are busy.

When stickiness-over-busyness is disabled, the device assigns client requests to only the real servers in normal state.

Examples

# In address- and port-type sticky group sg1, enable stickiness-over-busyness.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] sticky-over-busy enable

success-criteria (real server view)

Use success-criteria to specify the health monitoring success criteria for a real server.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

Real server view

Predefined user roles

network-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in real server view takes precedence over the configuration in server farm view.

Examples

# Configure the health monitoring success criteria for the real server rs as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] success-criteria at-least 2

success-criteria (server farm member view)

Use success-criteria to specify the health monitoring success criteria for a server farm member.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

Server farm member view

Predefined user roles

network-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in server farm member view takes precedence over the configuration in server farm view.

Examples

# Configure the health monitoring success criteria for the server farm member rs1 as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] success-criteria at-least 2

success-criteria (server farm view)

Use success-criteria to specify the health monitoring success criteria for a server farm.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

Server farm view

Predefined user roles

network-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in real server view takes precedence over the configuration in server farm view.

Examples

# Configure the health monitoring success criteria for the server farm sf as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] success-criteria at-least 2

syn retransmission-timeout

Use syn retransmission-timeout to set the retransmission timeout time for SYN packets.

Use undo syn retransmission-timeout to restore the default.

Syntax

syn retransmission-timeout timeout-value

undo syn retransmission-timeout

Default

The retransmission timeout time for SYN packets is 10 seconds.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the retransmission timeout time for SYN packets, in the range of 1 to 75 seconds.

Usage guidelines

This command sets the amount of time the device waits for a SYN ACK before closing a TCP connection.

Examples

# Set the retransmission timeout time for SYN packets to 5 seconds for TCP connections.

<Sysname> system-view

[Sysname] parameter-profile profile type tcp

[Sysname-para-tcp-profile] syn retransmission-timeout 5

Related commands

display parameter-profile

syn-cookie threshold

Use syn-cookie threshold to configure the threshold for triggering SYN Cookie protection.

Use undo syn-cookie threshold to restore the default.

Syntax

syn-cookie threshold threshold

undo syn-cookie threshold

Default

The threshold is 0, indicating that SYN Cookie protection will never be triggered.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

threshold: Specifies the number of half-open connections that triggers SYN Cookie protection, in the range of 1 to 4294967295.

Usage guidelines

Application scenarios

Generally, the establishment of a TCP connection requires a three-way handshake. Some attackers carry out SYN Flood attacks during the establishment of a TCP connection to consume server resources, preventing the server from providing services. You can execute this command to resolve this issue.

When the number of half-open connections between the virtual server and client reaches the specified threshold, the SYN Cookie protection feature will be triggered to prevent SYN Flood attacks.

A half-open connection refers to a TCP connection that is not completely established. In a half-open connection between a virtual server and a client, the virtual server has received a TCP connection request SYN packet but has not received an ACK packet.

Restrictions and guidelines

This command takes effect only when the TCP parameter profile is used by a Layer 4 TCP virtual server.

Examples

# In TCP parameter profile tcppara, set the threshold for triggering SYN Cookie protection to 10.

<Sysname> system-view

[Sysname] parameter-profile tcppara type tcp

[Sysname-para-tcp-tcppara] syn-cookie threshold 10

tcp checksum-force-verify enable

Use tcp checksum-force-verify enable to enable the device to check the TCP checksum of a received packet.

Use undo tcp checksum-force-verify enable to restore the default.

Syntax

tcp checksum-force-verify enable

undo tcp checksum-force-verify enable

Default

The device does not check the TCP checksum of a received packet.

Views

TCP parameter profile view

Predefined user roles

network-admin

Usage guidelines

After you execute this command, the device will check the TCP checksum of a received packet. If the TCP checksum is correct, the device processes the packet. If the TCP checksum is incorrect, the device discards the packet, because it determines that the packet has been tampered with during the transmission from the sender to the device.

Examples

# Enable the device to check the TCP checksum of a received packet.

<Sysname> system-view

[Sysname] parameter-profile pp type tcp

[Sysname-para-tcp-pp] tcp checksum-force-verify enable

tcp connection idle-timeout

Use tcp connection idle-timeout to set the idle timeout for TCP connections.

Use undo tcp connection idle-timeout to restore the default.

Syntax

tcp connection idle-timeout value

undo tcp connection idle-timeout

Default

The idle timeout is 0 seconds for TCP connections, which means TCP connections never time out.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

value: Specifies the idle timeout in the range of 1 to 86400 seconds.

Usage guidelines

This command sets the idle timeout for TCP connections between the LB device and the clients and for TCP connections between the LB device and the servers. If no traffic is available on a TCP connection before the idle timeout expires, the LB device terminates the TCP connection.

Examples

# Set the idle timeout to 60 seconds for TCP connections.

<Sysname> system-view

[Sysname] parameter-profile pp1 type tcp

[Sysname-para-tcp-pp1] tcp connection idle-timeout 60

tcp mss

Use tcp mss to set the MSS for the LB device.

Use undo tcp mss to restore the default.

Syntax

tcp mss value

undo tcp mss

Default

The MSS is not set for the LB device.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

value: Specifies the MSS value in the range of 128 to 1460 bytes.

Usage guidelines

Operating mechanism

When the client establishes a TCP connection to the LB device, the client sends its own MSS value to the LB device. The LB device records the MSS value and sends the configured MSS value to the client. The client and the LB device use the smaller MSS value for communication.

When the LB device establishes a TCP connection to the server, the LB device sends the configured MSS value to the server. The server records the MSS value and sends its own MSS value to the LB device. The LB device and the server use the smaller MSS value for communication.

Restrictions and guidelines

This command takes effect only when the fast HTTP or HTTP virtual server has referenced a TCP parameter profile.

Examples

# Set the MSS to 1300 bytes for the LB device.

<Sysname> system-view

[Sysname] parameter-profile tcp type tcp

[Sysname-para-tcp-tcp] tcp mss 1300

tcp option preserve

Use tcp option preserve to preserve the specified TCP option in TCP packet headers.

Use undo tcp option preserve to remove the configuration.

Syntax

tcp option preserve option-number

undo tcp option preserve option-number

Views

TCP parameter profile view

Default

The preserve action is not specified for the TCP option in TCP packet headers. For the Timestamps option, the global action specified in the loadbalance tcp-timestamp-mode command applies.

Predefined user roles

network-admin

Parameters

option-number: Specifies a TCP option by its number. In the current software version, the value for this argument only takes 8, indicating the Timestamps option in TCP packet headers.

Usage guidelines

Operating mechanism

This command enables the LB device to preserve the Timestamps option in the headers of TCP packets sent to the server. In the current software version, this command supports only the TCP Timestamps option with option number 8.

Restrictions and guidelines

If you execute the tcp option preserve, tcp option remove, and tcp option rewrite commands multiple times for TCP option 8, the most recent configuration takes effect.

If you execute both the tcp option preserve and loadbalance tcp-timestamp-mode commands, the tcp option preserve command takes effect.

Examples

# In TCP parameter profile pp1, preserve TCP option 8 in TCP packet headers.

<Sysname> system-view

[Sysname] parameter-profile pp1 type tcp

[Sysname-para-tcp-pp1] tcp option preserve 8

Related commands

loadbalance tcp-timestamp-mode

parameter-profile

tcp option remove

tcp option rewrite

tcp option insert

Use tcp option insert to insert the client information into a TCP option.

Use undo tcp option insert to remove the configuration.

Syntax

tcp option insert option-number { src-addr | value value } [ encode { binary | string } ]

undo tcp option insert option-number

Default

The client information is not inserted into any TCP options.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

option-number: Specifies a TCP option by its number. Valid values are 6, 7, 9 to 18, and 22 to 254.

src-addr: Inserts the real source IP address of the client to the TCP option.

value value: Inserts the specified information to the TCP option. The information is a string of 1 to 255 characters and supports the following variables:

· %{is}: Client source IP address.

· %{isl}: Client source IP address length. One byte.

· %{ps}: Client source port number.

· %{psl}: Client source port number length. One byte.

encode { binary | string }: Specifies the binary or string encoding mode. The default is binary mode.

Usage guidelines

Operating mechanism

This command inserts the specified information into the specified option in headers of TCP packets sent to the server.

You can execute this command multiple times to insert the client IP address to a maximum of five TCP options.

When a TCP parameter profile is used by a Layer 4 TCP virtual server, the specified content is inserted only to the TCP SYN initial packet. When the profile is used by a Layer 7 TCP virtual server, the specified content is inserted to the TCP negotiation packets and all data packets.

If you execute this command multiple times for the same TCP option, the most recent configuration takes effect.

Restrictions and guidelines

This command takes effect only on TCP parameter profiles referenced by the following virtual servers:

· HTTP virtual servers.

· TCP virtual servers configured with SSL server policies.

· TCP virtual servers operating at Layer 7.

· MySQL virtual servers.

Examples

# In TCP parameter profile para2, insert the client IP address into TCP option 28.

<Sysname> system-view

[Sysname] parameter-profile para2 type tcp

[Sysname-para-tcp-para2] tcp option insert 28 src-addr

Related commands

parameter-profile

tcp option remove

Use tcp option remove to remove the specified TCP option from TCP packet headers.

Use undo tcp option remove to remove the configuration.

Syntax

tcp option remove option-number

undo tcp option remove option-number

Default

The remove action is not specified for the TCP option in TCP packet headers. For the Timestamps option, the global action specified in the loadbalance tcp-timestamp-mode command applies.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

option-number: Specifies a TCP option by its number in the range of 3 to 254.

Usage guidelines

Operating mechanism

This command removes the specified TCP option from headers of TCP packets sent to the server.

Restrictions and guidelines

If you execute the tcp option preserve, tcp option remove, and tcp option rewrite commands multiple times for TCP option 8, the most recent configuration takes effect.

If you execute both the tcp option remove command for TCP option 8 and the loadbalance tcp-timestamp-mode command, the tcp option remove command takes effect.

You can execute this command multiple times to remove a maximum of five TCP options.

Examples

# In TCP parameter profile para2, remove TCP option 8 from TCP packet headers.

<Sysname> system-view

[Sysname] parameter-profile para2 type tcp

[Sysname-para-tcp-para2] tcp option remove 8

Related commands

loadbalance tcp-timestamp-mode

parameter-profile

tcp option preserve

tcp option rewrite

Use tcp option rewrite to rewrite the specified TCP option in TCP packet headers.

Use undo tcp option rewrite to remove the configuration.

Syntax

tcp option rewrite option-number

undo tcp option rewrite option-number

Views

TCP parameter profile view

Default

The rewrite action is not specified for the TCP option in TCP packet headers. For the Timestamps option, the global action specified in the loadbalance tcp-timestamp-mode command applies.

Predefined user roles

network-admin

Parameters

option-number: Specifies a TCP option by its number. In the current software version, the value for this argument only takes 8, indicating the Timestamps option in TCP packet headers.

Usage guidelines

Operating mechanism

This command enables the LB device to rewrite the Timestamps option in the headers of TCP packets sent to the server. In the current software version, this command supports only the TCP Timestamps option with option number 8. This command rewrites the Timestamps option value in TCP packet headers with the current timestamp value of the device

Restrictions and guidelines

If you execute the tcp option preserve, tcp option remove, and tcp option rewrite commands multiple times for TCP option 8, the most recent configuration takes effect.

If you execute both the tcp option rewrite and loadbalance tcp-timestamp-mode commands, the tcp option rewrite command takes effect.

Examples

# In TCP parameter profile pp1, rewrite TCP option 8 in TCP packet headers.

<Sysname> system-view

[Sysname] parameter-profile pp1 type tcp

[Sysname-para-tcp-pp1] tcp option rewrite 8

Related commands

loadbalance tcp-timestamp-mode

parameter-profile

tcp option preserve

tcp option remove

tcp window-size

Use tcp window-size to configure the maximum local window size for TCP connections.

Use undo tcp window-size to restore the default.

Syntax

tcp window-size size

undo tcp window-size

Default

The maximum local window size for TCP connections is 65535.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum local window size for TCP connections, in the range of 8192 to 65535.

Examples

# Set the maximum local window size for TCP connections to 8192 for the TCP parameter profile pp3.

<Sysname> system-view

[Sysname] parameter-profile pp3 type tcp

[Sysname-para-tcp-pp3] tcp window-size 8192

tcp-close

Use tcp-close to configure the method to close TCP connections.

Use undo tcp-close to restore the default.

Syntax

tcp-close { fin | rst }

undo tcp-close

Default

FIN packets are sent to close TCP connections.

Views

Generic/HTTP/Diameter LB action view

Predefined user roles

network-admin

Parameters

fin: Closes TCP connections by sending FIN packets.

rst: Closes TCP connections by sending RST packets.

Examples

# In generic LB action lba1, configure the rst method to close TCP connections.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] tcp-close rst

timeout (LB probe template view)

Use timeout to set the timeout time for probe responses.

Use undo timeout to restore the default.

Syntax

timeout timeout-value

undo timeout

Default

The timeout time for probe responses is 3 seconds for ICMP probe packets and custom monitoring probe packets and is 5 seconds for HTTP passive probe packets.

Views

ICMP LB probe template view

HTTP passive LB probe template view

Custom-monitoring LB probe template view

Predefined user roles

network-admin

Parameters

timeout-value: Specifies the timeout time for probe responses, in the range of 1 to 60 seconds for ICMP probe packets, 1 to 255 seconds for HTTP passive probe packets, and 1 to 86400 seconds for custom monitoring probe packets.

Usage guidelines

Operating mechanism

After an HTTP passive LB probe template is referenced, the device monitors the responses of HTTP requests with URLs specified in the check-url command. If the response time for an HTTP request exceeds the specified timeout time, a URL error is recorded.

Recommended configuration

As a best practice, set the timeout time for probe responses to be smaller than the monitoring time (set by using the monitor-interval command).

Examples

# Set the timeout time for probe responses to 5 seconds in the ICMP template icmptplt.

<Sysname> system-view

[Sysname] loadbalance probe-template icmp icmptplt

[Sysname-lbpt-icmp-icmptplt] timeout 5

Related commands

check-url

monitor-interval

timeout (sticky group view)

Use timeout to set the timeout timer for sticky entries.

Use undo timeout to restore the default.

Syntax

timeout { indefinite | timeout-value }

undo timeout

Default

The timeout timer for sticky entries is 86400 seconds for sticky groups of the HTTP cookie, HTTP passive, and UDP passive types, 180 seconds for sticky groups of the Diameter type, and 60 seconds for sticky groups of other types.

Views

Sticky group view

Predefined user roles

network-admin

Parameters

indefinite: Specifies an indefinite timeout timer for sticky entries so that the sticky entries never age out. Sticky groups of the HTTP cookie type, HTTP passive type, and UDP passive type do not support this keyword.

timeout-value: Specifies the timeout timer in the range of 0 to 31536000 seconds for sticky groups of the HTTP cookie type and in the range of 10 to 604800 seconds for sticky groups of other types.

Usage guidelines

For sticky groups of the HTTP cookie type, the following principles apply:

· If the sticky method is cookie insert or cookie rewrite, a timeout timer of 0 indicates session persistency.

· If the sticky method is cookie get, a timeout timer of 0 indicates the timeout time for the sticky entries is 0 seconds.

Examples

# Set the timeout timer for sticky entries to 100 seconds in the address- and port-type sticky group sg1.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] timeout 100

time-wait timeout

Use time-wait timeout to set the TIME_WAIT state timeout time for TCP connections.

Use undo time-wait timeout to restore the default.

Syntax

time-wait timeout value

undo time-wait timeout

Default

The TIME_WAIT state timeout time is 2 seconds for TCP connections.

Views

TCP parameter profile view

Predefined user roles

network-admin

Parameters

value: Specifies the TIME_WAIT state timeout time in the range of 1 to 65535 seconds.

Usage guidelines

A TCP connection cannot be released until the TIME_WAIT timer expires. To release TCP connections faster and improve load balancing efficiency, use this command to set a shorter TIME_WAIT state timeout time.

Examples

# Set the TIME_WAIT state timeout time for TCP connections to 30 seconds in the TCP parameter profile pa1.

<Sysname> system-view

[Sysname] parameter-profile pa1 type tcp

[Sysname-para-tcp-pa1] time-wait timeout 30

traffic-group (virtual server view)

Use traffic-group to bind a cluster traffic group to a virtual server.

Use undo traffic-group to restore the default.

Syntax

traffic-group traffic-group-id

undo traffic-group

Default

No cluster traffic group is bound to a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

traffic-group-id: Specifies a cluster traffic group by its ID, an integer in the range of 1 to 255.

Usage guidelines

Application scenarios

In a cluster, a cluster traffic group is a basic logical unit that processes services. After you associate a cluster traffic group with a virtual server, traffic that matches the virtual server is processed by the cluster traffic group.

To specify a cluster traffic group for a virtual server, make sure the current device has been added to the traffic group.

Different types of virtual servers can use the same cluster traffic group.

Restrictions and guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Bind cluster traffic group 1 to virtual server vs1.

<Sysname> system-view

[Sysname] virtual-server vs1 type http

[Sysname-vs-http-vs1] traffic-group 1

Related commands

cluster traffic-group (High Availability Command Reference)

traffic-group (snat pool view)

Use traffic-group to specify a cluster traffic group for an SNAT address pool.

Use undo traffic-group to restore the default.

Syntax

traffic-group traffic-group-id

undo traffic-group

Default

An SNAT address pool is not bound to any cluster traffic group.

Views

SNAT address pool view

Predefined user roles

network-admin

Parameters

traffic-group-id: Specifies a cluster traffic group by its number in the range of 1 to 255.

Usage guidelines

Application scenarios

In a cluster network, a traffic group is the basic logical unit for processing services in the cluster. You can specify a cluster traffic group for an SNAT address pool to enable the cluster traffic group to process the packets matching the SNAT address pool.

To specify a cluster traffic group for an SNAT address pool, make sure the current device has been added to the traffic group.

Restrictions and guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Bind SNAT address pool sp to cluster traffic group 1.

<Sysname> system-view

[Sysname] loadbalance snat-pool sp

[Sysname-lbsnat-pool-addr-sp] traffic-group 1

Related commands

cluster traffic-group (High Availability Command Reference)

translation-mode

Use translation-mode to configure a translation mode for a SNAT global policy.

Use undo translation-mode to restore the default.

Syntax

translation-mode { auto-map | snat-pool pool-name }

undo translation-mode

Default

No translation mode is configured for a SNAT global policy.

Views

SNAT global policy view

Predefined user roles

network-admin

Parameters

auto-map: Specifies the automatic mapping mode.

snat-pool pool-name: Specifies the SNAT address pool mode. The pool-name argument specifies the SNAT address pool name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Operating mechanism

The device supports the following translation modes in a SNAT global policy:

· Automatic mapping—Translates the source IP address into the IP address of the interface connecting to the real servers.

· SNAT address pool—Translates the source IP address into an IP address in the specified SNAT address pool.

Restrictions and guidelines

If SNAT is not configured for a server farm, the server farm uses SNAT global policies for address translation.

Examples

# Specify SNAT address pool sp for address translation in SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] translation-mode snat-pool sp

transparent enable

Use transparent enable to disable NAT for a server farm.

Use undo transparent enable to enable NAT for a server farm.

Syntax

transparent enable

undo transparent enable

Default

NAT is enabled for a server farm.

Views

Server farm view

Predefined user roles

network-admin

Usage guidelines

If the server farm is referenced by a virtual server of the HTTP type, the NAT feature takes effect even if it is disabled.

Examples

# Disable NAT for the server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] transparent enable

udp per-packet

Use udp per-packet to enable per-packet load balancing for UDP traffic for a virtual server.

Use undo udp per-packet to disable per-packet load balancing for UDP traffic for a virtual server.

Syntax

udp per-packet

undo udp per-packet

Default

Per-packet load balancing for UDP traffic is disabled for a virtual server.

Views

UDP virtual server view

UDP-based SIP virtual server view

Predefined user roles

network-admin

Usage guidelines

Operating mechanism

When per-packet load balancing for UDP traffic is disabled, the LB device distributes traffic matching the virtual server according to application type. Traffic of the same application type is distributed to one real server.

Restrictions and guidelines

When per-packet load balancing for UDP traffic is enabled, the following results apply:

· The LB device distributes traffic matching the virtual server on a per-packet basis.

· The LB device does not collect statistics of connections on the virtual server or real server.

· If NAT is not enabled for the referenced server farm, the LB device does not collect statistics of packets sent by the virtual server or real server.

· The following configurations are still effective:

¡ Scheduling algorithm configured on the server farm referenced by the virtual server.

¡ Sticky method of the sticky group when the virtual server references the server farm.

Because packets of the same session have the same quintuple, the hash scheduling algorithm or the source IP address sticky method yields the same result for the packets. For example, if a server farm uses the hash scheduling algorithm or the source IP address sticky method, the LB device distributes UDP packets of the same session to one real server. In this case, the LB device cannot distribute UDP packets on a per-packet basis.

Examples

# Enable per-packet load balancing for UDP traffic for the UDP virtual server vs5.

<Sysname> system-view

[Sysname] virtual-server vs5 type udp

[Sysname-vs-udp-vs5] udp per-packet

username (virtual server view)

Use username to specify the login username and password of the MySQL database.

Use undo username to remove the login username and password of the MySQL database.

Syntax

username username [ password { cipher | simple } string ]

undo username username

Default

The login username and password of the MySQL database is not specified.

Views

MySQL virtual server view

Predefined user roles

network-admin

Parameters

username: Specifies the username, a case-sensitive string of 1 to 63 characters.

password: Specifies the password. If you do not specify the password, the password is null.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password string. Its plaintext form is a case-sensitive string of 1 to 127 characters. Its encrypted form is a case-sensitive string of 1 to 255 characters.

Usage guidelines

You can configure a maximum of 100 login users.

The specified login username and password must be the same as the actual login username and password of the MySQL database.

Examples

# Specify the username and password as root and 123456, respectively, for the MySQL virtual server vs1.

<Sysname> system-view

[Sysname] virtual-server vs1 type mysql

[Sysname-vs-mysql-vs1] username root password simple 123456

variable

Use variable to associate a variable with a server farm member.

Use undo variable to disassociate a variable from a server farm member.

Syntax

variable variable-name value value

undo variable variable-name

Default

No variable is associated with a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

Parameters

variable-name: Specifies a variable name, a case-sensitive string of 1 to 63 characters.

value value: Specifies the variable value, a case-sensitive string of 1 to 127 characters.

Examples

# Associate a variable with variable name var1 and variable value 1 with server farm member rs.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs port 5001

[Sysname-sfarm-sf-#member#-rs-port-5001] variable var1 value _1

Related commands

payload rewrite

vendor-id

Use vendor-id to configure the Vendor-Id AVP to be sent in Diameter messages.

Use undo vendor-id to restore the default.

Syntax

vendor-id vendor-id

vendor-id undone

Default

The Vendor-Id AVP is 25506, which indicates that the vendor is H3C.

Views

Diameter session parameter profile view

Predefined user roles

network-admin

Parameters

vendor-id: Specify the Vendor-Id AVP in the range of 1 to 4294967295. By default, the Vendor-Id AVP is 25506, which indicates that the vendor is H3C.

Usage guidelines

During the Diameter capability exchange between the device and the peer, they exchange the Origin-Host, Origin-Realm, Vendor-Id, and Product-Name AVPs through CER and CEA messages. Use this command to specify the Vendor-Id AVP for the device to send to the peer during the Diameter capability exchange.

Examples

# Specify the Vendor-Id AVP as 25506 for Diameter session parameter profile dia.

<Sysname> system-view

[Sysname] parameter-profile dia type diameter-session

[Sysname-para-diameter-session-dia] vendor-id 25506

Related commands

parameter-profile

version

Use version to configure the MySQL database version.

Use undo version to restore the default.

Syntax

version { 5.0 | 5.1 | 5.5 | 5.6 | 5.7 }

undo version

Default

The MySQL database version is 5.6.

Views

MySQL virtual server view

Predefined user roles

network-admin

Parameters

{ 5.0 | 5.1 | 5.5 | 5.6 | 5.7 }: Specifies the MySQL database version number.

Usage guidelines

The LB device performs authentication for clients on behalf of the MySQL server and sends database initialization packets of the specified MySQL version to clients.

Examples

# Configure the MySQL database version as 5.7 for the MySQL virtual server vs1.

<Sysname> system-view

[Sysname] virtual-server vs1 type mysql

[Sysname-vs-mysql-vs1] version 5.7

virtual ip address

Use virtual ip address to configure an IPv4 address (VSIP) for a virtual server.

Use undo virtual ip address to remove an IPv4 address from a virtual server.

Syntax

virtual ip address ipv4-address [ mask-length | mask ]

undo virtual ip address [ ipv4-address [ all ] ]

Default

No IPv4 address is configured for a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies an IPv4 address. It cannot be a loopback address, multicast address, broadcast address, or an address in the format of 0.X.X.X (with a mask length of 32).

mask-length: Specifies a mask length in the range of 0 to 32. The default is 32. This argument is not supported by virtual servers of the fast HTTP type and HTTP type.

mask: Specifies a subnet mask. The default is 255.255.255.255. This argument is not supported by virtual servers of the fast HTTP type and HTTP type.

all: Deletes the IPv4 address.

Usage guidelines

Operating mechanism

You can configure an IPv4 address range or multiple individual IPv4 addresses for a virtual server. When you configure an IPv4 address range and execute this command multiple times, the most recent configuration takes effect. A virtual server supports either IPv4 address range or individual IPv4 addresses, but not both.

When you execute the undo virtual ip address command:

· If you do not specify any parameters, the command deletes all IPv4 addresses of the virtual server.

· If you specify the ipv4-address all option, the command deletes the IPv4 address.

Recommended configuration

If the IP address of an interface connected to a client is in the same network segment as the VSIP, you must perform the following tasks:

· Set the IPv4 subnet mask length to 32 for the VSIP.

· Specify an interface for sending gratuitous ARP or ND packets.

Restrictions and guidelines

For a UDP SIP virtual server with port number 5060, when you enable per-packet load balancing for UDP traffic by using the udp per-packet command and enable SIP load balancing ALG by using the loadbalance alg sip command, the device does not support processing multiple IP addresses. Therefore, configure only one VSIP as a best practice.

Examples

# Configure the IPv4 address for the IP-type virtual server vs3 as 1.1.1.1/24.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] virtual ip address 1.1.1.1 24

Related commands

arp-nd interface (virtual server view)

virtual ipv6 address

Use virtual ipv6 address to configure an IPv6 address (VSIP) for a virtual server.

Use undo virtual ipv6 address to remove an IPv6 address from a virtual server.

Syntax

virtual ipv6 address ipv6-address [ prefix-length ]

undo virtual ipv6 address [ ipv6-address [ all ] ]

Default

No IPv6 address is configured for a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 address, which cannot be a loopback address, IPv6 multicast address, link-local address, or all-zero address (when the prefix length is not 0).

prefix-length: Specifies a prefix length in the range of 0 to 128. The default is 128. This argument is not supported by virtual servers of the fast HTTP type and HTTP type.

all: Deletes the IPv6 address.

Usage guidelines

Operating mechanism

You can configure an IPv6 address range or multiple individual IPv6 addresses for a virtual server. When you configure an IPv6 address range and execute this command multiple times, the most recent configuration takes effect. A virtual server supports either IPv6 address range or individual IPv6 addresses, but not both.

When you execute the undo virtual ipv6 address command:

· If you do not specify any parameters, the command deletes all IPv6 addresses of the virtual server.

· If you specify the ipv6-address all option, the command deletes the IPv6 address.

Recommended configuration

If the IPv6 address of an interface connected to a client is in the same network segment as the VSIP, you must perform the following tasks:

· Set the IPv6 prefix length to 128 for the VSIP.

· Specify an interface for sending gratuitous ARP or ND packets.

Restrictions and guidelines

Examples

# Configure the IPv6 address for the IP-type virtual server vs3 as 1001::1/64.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] virtual ipv6 address 1001::1 64

Related commands

arp-nd interface (virtual server view)

virtual-server (system view)

Use virtual-server to create a virtual server and enter its view, or enter the view of an existing virtual server.

Use undo virtual-server to delete the specified virtual server.

Syntax

virtual-server virtual-server-name [ type { diameter | fast-http | http | ip | link-ip | | mysql sip-tcp | sip-udp | radius | tcp | udp } ]

undo virtual-server virtual-server-name

Default

No virtual servers exist.

Views

System view

Predefined user roles

network-admin

Parameters

virtual-server-name: Specifies the virtual server name, a case-insensitive string of 1 to 255 characters.

type { diameter | fast-http |http | ip | link-ip | mysql | sip-tcp | sip-udp | radius | tcp | udp }: Specifies the virtual server type as Diameter, fast HTTP, HTTP, IP, link-IP, MySQL, RADIUS, TCP-based SIP, UDP-based SIP, TCP, or UDP. When you create a virtual server, you must specify a virtual server type. You can enter an existing virtual server view without entering the type of the virtual server.

Examples

# Create the virtual server vs3 with the IP type, and enter virtual server view.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3]

vrrp vrid (SNAT address pool view)

Use vrrp vrid to bind an SNAT address pool to a VRRP group.

Use undo vrrp to remove the configuration.

Syntax

vrrp [ ipv6 ] vrid virtual-router-id interface interface-type interface-number

undo [ ipv6 ] vrrp

Default

An SNAT address pool is not bound to any VRRP group.

Views

SNAT address pool view

Predefined user roles

network-admin

Parameters

ipv6: Specifies an IPv6 VRRP group. If you do not specify this keyword, the SNAT group is bound to an IPv4 VRRP group.

virtual-router-id: Specifies a VRRP group by its number in the range of 1 to 255.

interface interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

An SNAT address pool can be bound to a maximum of one IPv4 VRRP group and a maximum of one IPv6 VRRP group.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Bind SNAT address pool sp1 to VRRP group 1.

<Sysname> system-view

[Sysname] loadbalance snat-pool spl

[Sysname-lbsnat-pool-sp1] vrrp vrid 1 interface gigabitethernet 1/0/1

weight (real server view)

Use weight to set the weight of a real server.

Use undo weight to restore the default.

Syntax

weight weight-value

undo weight

Default

The weight of a real server is 100.

Views

Real server view

Predefined user roles

network-admin

Parameters

weight-value: Specifies the weight in the range of 1 to 255.

Usage guidelines

A greater weight value means a higher priority to be referenced.

Examples

# Set the weight of the real server rs to 150.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] weight 150

weight (server farm member view)

Use weight to set the weight of a server farm member.

Use undo weight to restore the default.

Syntax

weight weight-value

undo weight

Default

The weight of a server farm member is 100.

Views

Server farm member view

Predefined user roles

network-admin

Parameters

weight-value: Specifies the weight in the range of 1 to 255.

Usage guidelines

A greater weight value means a higher priority in scheduling.

Examples

# Set the weight of the server farm member rs1 to 150.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] weight 150

window-size

Use window-size to set the window size used for compression.

Use undo window-size to restore the default.

Syntax

window-size size

undo window-size

Default

The window size used for compression is 16 KB.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

Parameters

size: Specifies the window size in KB used for compression. The value can only be 1, 2, 4, 8, 16, or 32.

Examples

# Create the HTTP-compression parameter profile pa1, and set the window size used for compression to 32 KB.

<Sysname> system-view

[Sysname] parameter-profile pa1 type http-compress

[Sysname-para-http-compression-pa1] window-size 32

zero-window threshold

Use zero-window threshold to set the percentage threshold of zero-window packets for a TCP zero-window LB probe template.

Use undo zero-window threshold to restore the default.

Syntax

zero-window threshold percentage

undo packet-zero-window

Default

The percentage threshold of zero-window packets is 40%.

Views

TCP zero-window LB probe template view

Predefined user roles

network-admin

Parameters

percentage: Specifies the percentage threshold of zero-window packets, in the range of 1 to 100.

Usage guidelines

When the percentage of zero-window packets sent by a real server reaches the threshold, the protection action specified in the protect-action command is taken.

Examples

# In TCP zero-window LB probe template zerotplt, set the percentage threshold of zero-window packets to 20%.

<Sysname>system-view

[Sysname] loadbalance probe-template tcp-zero-window zerotplt

[Sysname-lbpt-tcp-zwnd-zerotplt] zero-window threshold 20

Related commands

protect-action

15-High Availability Command Reference

Operating mechanism

Restrictions and guidelines

Application scenarios

Operating mechanism

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

Application scenarios

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

connection-limit max (virtual server view)

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

default-class action

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

display loadbalance action

display loadbalance virtual-server total-statistics

Operating mechanism

Operating mechanism

Restrictions and guidelines

Operating mechanism

Operating mechanism

Operating mechanism

Operating mechanism

Operating mechanism

Operating mechanism

Operating mechanism

Operating mechanism

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

Compatibility information

Operating mechanism

Compatibility information

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines

Operating mechanism

header (HTTP header sticky group view)

Operating mechanism

Restrictions and guidelines

Operating mechanism

Restrictions and guidelines