Non-default vSystems do not support some of the load balancing commands. For information about vSystem support for a command, see the usage guidelines on that command. For information about vSystem, see Virtual Technologies Configuration Guide.

abnormal-url threshold

Use abnormal-url threshold to set the upper limit of URL error times.

Use undo abnormal-url threshold to restore the default.

Syntax

abnormal-url threshold number

undo abnormal-url threshold

Default

The upper limit of URL error times is 10000.

Views

HTTP passive LB probe template view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

number: Specifies the upper limit of URL error times, in the range of 1 to 4294967295.

Usage guidelines

The device monitors the responses of HTTP requests with URLs specified in the check-url command. If the response time for an HTTP request exceeds the specified timeout time or the status code in the HTTP response is the same as the specified response status code, a URL error is recorded. If the number of URL errors exceeds the upper limit of URL error times, the real server is automatically shut down.

Examples

# Set the upper limit of URL error times to 20 for HTTP passive LB probe template tplt.

<Sysname> system-view

[Sysname] loadbalance probe-template http-passive tplt

[Sysname-lbpt-http-passive-tplt] abnormal-url threshold 20

Related commands

check-url

status-code

timeout

activate (link group view)

Use activate to set the criteria to determine whether a link group is available.

Use undo activate to restore the default.

Syntax

activate lower lower-percentage upper upper-percentage

undo activate

Default

A link group is available when a minimum of one link is available.

Views

Link group view

Predefined user roles

network-admin

context-admin

Parameters

lower lower-percentage: Specifies the lower percentage value in the range of 1 to 99.

upper upper-percentage: Specifies the upper percentage value in the range of 1 to 99. The upper percentage value must be greater than or equal to the lower percentage value.

Usage guidelines

Non-default vSystems do not support this command.

When the percentage of available links in a primary link group is smaller than the lower percentage value, the primary link group becomes unavailable. Then the backup link group takes over. When the percentage of available links in a primary link group is greater than the upper percentage value, the primary link group becomes available again to process services.

If no backup link group is configured on the virtual server, this configuration does not take effect.

Examples

# Set the lower percentage value to 20 and upper percentage value to 80 for the link group lg.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] activate lower 20 upper 80

activate (server farm view)

Use activate to set the criteria to determine whether a server farm is available.

Use undo activate to restore the default.

Syntax

activate lower lower-percentage upper upper-percentage

undo activate

Default

A server farm is available when a minimum of one real server is available.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

lower lower-percentage: Specifies the lower percentage value in the range of 1 to 99. When the percentage of available real servers in the primary server farm is lower than the lower percentage value, the primary server farm becomes unavailable. Then the backup server farm takes over.

upper upper-percentage: Specifies the upper percentage value in the range of 1 to 99. The upper percentage value must be higher than or equal to the lower percentage value. When the percentage of available real servers in the primary server farm is higher than the upper percentage value, the primary server farm becomes available again to process services.

Usage guidelines

If no backup server farm is configured on the virtual server, this configuration does not take effect.

Examples

# Set the lower percentage value to 20 and upper percentage value to 80 for the server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] activate lower 20 upper 80

Related commands

default server-farm

all-service-down action forward

Use all-service-down action forward to enable the device to forward packets to the last selected server farm member when all server farm members are unavailable.

Use undo all-service-down action forward to restore the default.

Syntax

all-service-down action forward

undo all-service-down action forward

Default

The device drops packets when all server farm members are unavailable.

Views

Server farm view

Predefined user roles

network-admin

context-admin

Usage guidelines

This command takes effect only when the server farm is referenced by a TCP virtual server operating in Layer 7.

Examples

# Enable the device to forward packets to the last selected server farm member when all server farm members are unavailable.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] all-service-down action forward

application-mode enable

Use application-mode enable to configure a TCP virtual server to operate at Layer 7.

Use undo application-mode enable to restore the default.

Syntax

application-mode enable

undo application-mode enable

Default

A TCP virtual server operates at Layer 4.

Views

TCP virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

For a TCP virtual server to operate at Layer 7, you must specify a non-zero port number for the virtual server.

Examples

# Configure TCP virtual server vs to operate at Layer 7.

<Sysname> system-view

[Sysname] virtual-server vs type tcp

[Sysname-vs-tcp-vs] application-mode enable

argument

Use argument to configure user-defined information for a custom-monitoring LB probe template.

Use undo argument to restore the default.

Syntax

argument text

undo argument

Default

No user-defined information is configured for a custom-monitoring LB probe template.

Views

Custom-monitoring LB probe template view

Predefined user roles

network-admin

context-admin

Parameters

text: Specifies an information text, a case-sensitive string of 1 to 255 characters. The string can contain spaces and cannot contain quotation marks (").

Usage guidelines

Non-default vSystems do not support this command.

When executing the script file used for custom monitoring, the device transfers the information text to the script file as a parameter.

You can configure multiple arguments separated by spaces as the user-defined information.

Examples

# In custom-monitoring LB probe template test_external, configure user-defined information as abc 123 456.

<Sysname> system-view

[Sysname] loadbalance probe-template external-monitor test_external

[Sysname-lbpt-external-monitor-test_external] argument abc 123 456

arp-nd interface (SNAT address pool view)

Use arp-nd interface to specify an interface for sending gratuitous ARP packets and ND packets.

Use undo arp-nd interface to disable an interface from sending gratuitous ARP packets and ND packets.

Syntax

arp-nd interface interface-type interface-number

undo arp-nd interface interface-type interface-number

Default

No interface is specified for sending gratuitous ARP packets and ND packets. No interface can send gratuitous ARP packets or ND packets.

Views

SNAT address pool view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

You can execute this command multiple times to specify multiple interfaces for one SNAT address pool.

If an IP address in a SNAT address pool is in the same network segment as the IP address of an interface connected to a server, you must execute this command. If the condition does not exist, you do not need to execute this command.

Examples

# For SNAT address pool lbsp, specify GigabitEthernet 1/0/1 as the interface for sending gratuitous ARP packets and ND packets.

<Sysname> system-view

[Sysname] loadbalance snat-pool lbsp

[Sysname-lbsnat-pool-lbsp] arp-nd interface gigabitethernet 1/0/1

arp-nd interface (virtual server view)

Use arp-nd interface to specify an interface for sending gratuitous ARP packets and ND packets.

Use undo arp-nd interface to disable an interface from sending gratuitous ARP packets and ND packets.

Syntax

arp-nd interface interface-type interface-number

undo arp-nd interface interface-type interface-number

Default

No interface is specified for sending gratuitous ARP packets and ND packets. No interface can send gratuitous ARP packets or ND packets.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

You can execute this command multiple times to specify multiple interfaces for one virtual server.

If the virtual server IP address is in the same network segment as the IP address of an interface connected to a client, you must execute this command. If the condition does not exist, you do not need to execute this command.

Examples

# For virtual server vs3, specify GigabitEthernet 1/0/1 as the interface for sending gratuitous ARP packets and ND packets.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] arp-nd interface gigabitethernet 1/0/1

auto-alloc address

Use auto-alloc address to enable the device to automatically obtain the IP address of a DNS server.

Use undo auto-alloc address to disable the device from automatically obtaining the IP address of a DNS server.

Syntax

auto-alloc address

undo auto-alloc address

Default

The device is disabled from automatically obtaining the IP address of a DNS server.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This command is mutually exclusive with the ip address and ipv6 address commands.

Before configuring this command, you must configure the router interface command. Otherwise, the IP address of the DNS server cannot be obtained.

If the device obtains multiple DNS server IP addresses, it uses the smallest available IP address.

Examples

# Enable the device to automatically obtain the IP address of DNS server ds1.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1] auto-alloc address

Related commands

display loadbalance dns-server

auto-shutdown recovery-time

Use auto-shutdown recovery-time to set the automatic recovery time for intelligent monitoring.

Use undo auto-shutdown recovery-time to restore the default.

Syntax

auto-shutdown recovery-time recovery-time

undo auto-shutdown recovery-time

Default

The automatic recovery time is 0 minutes.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

recovery-time: Specifies the automatic recovery time in the range of 0 to 15300 minutes. The value of 0 means that a server farm member placed in Auto shutdown state does not automatically recover.

Usage guidelines

Use this command to enable automatic recovery for a real server that is shut down by intelligent monitoring.

If health monitoring is not configured, a recovered real server is set to Unknown state.

If health monitoring is configured and succeeds, a recovered real server is set to Active state. If health monitoring fails, a recovered real server is set to Probe-failed state.

Examples

# Set the automatic recovery time to 5 minutes for server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] auto-shutdown recovery-time 5

bandwidth busy-protection enable (transparent DNS proxy view)

Use bandwidth busy-protection enable to enable the link protection feature for a transparent DNS proxy.

Use undo bandwidth busy-protection enable to disable the link protection feature for a transparent DNS proxy.

Syntax

bandwidth busy-protection enable

undo bandwidth busy-protection enable

Default

The link protection feature is disabled for a transparent DNS proxy.

Views

Transparent DNS proxy view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This feature enables a transparent DNS proxy to select a DNS server from the DNS server pool based on the link bandwidth ratio. If the bandwidth ratio of a link exceeds the specified value, the corresponding DNS server is not selected.

If the link bandwidth ratio of all DNS servers in the DNS server pool exceeds the specified value, the link protection feature is automatically disabled. If the link bandwidth ratio of any DNS server drops below the specified value, the link protection feature is automatically enabled, and the corresponding DNS server is selected.

Examples

# Enable the link protection feature for transparent DNS proxy dns-proxy1.

<Sysname> system-view

[Sysname] loadbalance dns-proxy dns-proxy1

[Sysname-lb-dp-udp-dns-proxy1] bandwidth busy-protection enable

Related commands

bandwidth busy-rate (link view)

bandwidth busy-protection enable (virtual server pool view)

Use bandwidth busy-protection enable to enable the link protection feature for a virtual server pool.

Use undo bandwidth busy-protection enable to disable the link protection feature for a virtual server pool.

Syntax

bandwidth busy-protection enable

undo bandwidth busy-protection enable

Default

The link protection feature is disabled for a virtual server pool.

Views

Virtual server pool view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This feature enables a virtual server pool to select a virtual server based on the link bandwidth ratio. If the bandwidth ratio of a link is exceeded, the virtual server is not selected.

Examples

# Enable the link protection feature for the virtual server pool local-pool.

<Sysname> system-view

[Sysname] loadbalance virtual-server-pool local-pool

[Sysname-lb-vspool-local-pool] bandwidth busy-protection enable

Related commands

bandwidth busy-rate (link view)

bandwidth busy-protection enable (virtual server view)

Use bandwidth busy-protection enable to enable the link protection feature.

Use undo bandwidth busy-protection enable to disable the link protection feature.

Syntax

bandwidth busy-protection enable

undo bandwidth busy-protection enable

Default

The link protection feature is disabled.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

The outbound (or inbound) direction of a link is busy when its outbound (or inbound) bandwidth ratio is exceeded. Use this command to prevent traffic from overwhelming a link when its outbound direction is busy. New traffic (not matching any sticky entries) is not distributed to the link when only its outbound direction is busy.

A link enters busy state when a minimum of one direction (outbound and inbound) is busy. The link recovers (active state) only when both its outbound and inbound directions are available.

The link protection feature takes effect only when bandwidth statistics collection by interfaces is enabled.

Examples

# Enable the link protection feature for the IP-type virtual server vs3.

<Sysname>system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] bandwidth busy-protection enable

Related commands

bandwidth interface statistics enable

bandwidth busy-rate

Use bandwidth busy-rate to set the bandwidth ratio for an LB link.

Use undo bandwidth busy-rate to restore the default.

Syntax

bandwidth [ inbound | outbound ] busy-rate busy-rate-number [ recovery recovery-rate-number ]

undo bandwidth [ inbound | outbound ] busy-rate

Default

The bandwidth ratio is 70.

Views

LB link view

Predefined user roles

network-admin

context-admin

Parameters

inbound: Specifies the inbound bandwidth ratio.

outbound: Specifies the outbound bandwidth ratio.

busy-rate-number: Specifies bandwidth ratio in the range of 1 to 100.

recovery recovery-rate-number: Specifies bandwidth recovery ratio in the range of 1 to 100. By default, if the bandwidth ratio is greater than 10, the bandwidth recovery ratio equals the bandwidth ratio minus 10; if the bandwidth ratio is smaller than or equal to 10, the bandwidth recovery ratio equals the bandwidth ratio.

Usage guidelines

Non-default vSystems do not support this command.

If the bandwidth of an LB link exceeds the maximum expected bandwidth multiplied by the bandwidth ratio, the LB link is busy and will not be selected. If the bandwidth of the LB link drops below the maximum expected bandwidth multiplied by the bandwidth recovery ratio, the LB link participates in scheduling again.

If you do not specify the inbound or outbound keyword, this command sets the total bandwidth ratio.

The bandwidth ratio equals the current bandwidth divided by the maximum bandwidth of the LB link. If the maximum bandwidth is not limited, the supported maximum bandwidth is used for calculating the bandwidth ratio.

The bandwidth recovery ratio must be smaller than or equal to the bandwidth ratio of an LB link.

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the total bandwidth ratio and bandwidth recovery ratio for the LB link lk1 to 90 and 85.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-link1] bandwidth busy-rate 90 recovery 85

Related commands

display loadbalance link

max-bandwidth (link view)

bandwidth interface statistics enable

Use bandwidth interface statistics enable to enable bandwidth statistics collection by interfaces.

Use undo bandwidth interface statistics enable to disable bandwidth statistics collection by interfaces.

Syntax

bandwidth interface statistics enable

undo bandwidth interface statistics enable

Default

Bandwidth statistics collection by interfaces is disabled.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Examples

# Enable bandwidth statistics collection by interfaces for the IP-type virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] bandwidth interface statistics enable

bandwidth weight

Use bandwidth weight to set the bandwidth weight for proximity calculation.

Use undo bandwidth weight to restore the default.

Syntax

bandwidth { inbound | outbound } weight bandwidth-weight

undo bandwidth { inbound | outbound } weight

Default

The inbound or outbound bandwidth weight for proximity calculation is 100.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

inbound: Specifies the inbound bandwidth weight.

outbound: Specifies the outbound bandwidth weight.

bandwidth-weight: Specifies the bandwidth weight for proximity calculation, in the range of 0 to 255. A larger value indicates a higher bandwidth weight.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the inbound bandwidth weight for proximity calculation to 200.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity] bandwidth inbound weight 200

# Set the outbound bandwidth weight for proximity calculation to 200.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity] bandwidth outbound weight 200

busy-action

Use busy-action to configure the action to take when a server farm is busy.

Use undo busy-action to restore the default.

Syntax

busy-action { drop | enqueue length length timeout timeout-value | force }

undo busy-action

Default

The default action is drop.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

drop: Stops assigning client requests to the server farm.

enqueue: Assigns new client requests to a wait queue.

length length: Specifies the maximum number of client requests allowed in the wait queue, in the range of 1 to 100000. When the queue is full, new client requests are dropped.

timeout timeout-value: Specifies the aging time for the wait queue, in the range of 1 to 60 seconds.

force: Forcibly assigns client requests to all real servers in the server farm.

Usage guidelines

For the drop action, if the LB policy for the server farm contains the action of matching the next rule, the device compares client requests with the next rule. Otherwise, the device drops the client requests.

Examples

# Configure the action to take when a server farm is busy as force.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] busy-action force

busy-action continue

Use busy-action continue to configure the action of matching the next rule when all links or DNS servers are busy.

Use undo busy-action to restore the default.

Syntax

busy-action continue

undo busy-action

Default

The device assigns packets to links or DNS servers regardless of whether they are busy.

Views

Link-generic LB action view

DNS server LB action view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This command enables the device to match the next rule when all links or DNS servers are busy.

Examples

# Configure link-generic LB action a1 to match the next rule when all links or DNS servers are busy.

<Sysname> system-view

[Sysname] loadbalance action a1 type link-generic

[Sysname-lba-link-generic-a1] busy-action continue

case-insensitive

Use case-insensitive to disable case sensitivity for matching character strings.

Use undo case-insensitive to restore the default.

Syntax

case-insensitive

undo case-insensitive

Default

Case sensitivity is enabled for matching character strings.

Views

HTTP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

This command affects the following content:

· HTTP header value, HTTP cookie name and value, and URL for matching classes.

· Header value, URL, and key value used for generating sticky entries for the HTTP header sticky method.

· Cookie name and value and key value used for generating sticky entries for the cookie get sticky method.

Examples

# Disable case sensitivity for the HTTP-type parameter profile pp1.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] case-insensitive

check all-packet

Use check all-packet to enable checking for all packets.

Use undo check all-packet to restore the default.

Syntax

check all-packet

undo check all-packet

Default

Checking for all packets is disabled.

Views

HTTP cookie sticky group view

HTTP passive sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

If the sticky method is cookie get, use this command to get cookies from all HTTP response packets. If this command is not executed, the device gets only the Set-Cookie from the first response packet of a connection.

If the sticky method is cookie rewrite, use this command to rewrite cookies in all HTTP response packets. If this command is not executed, the device rewrites only the Set-Cookie in the first response packet of a connection.

If the sticky method is cookie insert, use this command to insert cookies to all HTTP response packets. If this command is not executed, the device inserts only the Set-Cookie to the first response packet of a connection.

If the sticky method is HTTP passive, use this command to generate sticky entries from all HTTP response packets. If this command is not executed, the device generates sticky entries only from the first response packet of a connection.

Examples

# Enable checking for all packets in the HTTP cookie sticky group sg3.

<Sysname> system-view

[Sysname] sticky-group sg3 type http-cookie

[Sysname-sticky-http-cookie-sg3] check all-packet

check-url

Use check-url to configure a URL regular expression to match URLs for an HTTP passive LB probe template.

Use undo check-url to remove the URL regular expression configuration.

Syntax

check-url url

undo check-url url

Default

No URL regular expression is configured.

Views

HTTP passive LB probe template view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

url: Specifies a URL regular expression, a case-insensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Usage guidelines

If an HTTP request carries one of the specified URLs, the device examines whether a URL error occurs in the HTTP response.

You can configure a maximum of 10 URL regular expressions for one HTTP passive LB probe template.

Examples

# Configure www.example.com as a matching URL for HTTP passive LB probe template tplt.

<Sysname> system-view

[Sysname] loadbalance probe-template http-passive tplt

[Sysname-lbpt-http-passive-tplt] check-url www.example.com

class

Use class to specify an LB action for the specified LB class.

Use undo class to delete an LB class.

Syntax

class class-name [ insert-before before-class-name | insert-after [ after-class-name ] ] action action-name

undo class class-name

Default

No LB action is specified for the LB class.

Views

LB policy view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

class-name: Specifies an LB class by its name, a case-insensitive string of 1 to 63 characters.

insert-before: Inserts the target class before an LB class (which must already be referenced by the current LB policy).

before-class-name: Specifies an LB class by its name, a case-insensitive string of 1 to 63 characters.

insert-after: Inserts the target class after an LB class (which must already be referenced by the current LB policy).

after-class-name: Specifies an LB class by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument for the insert-after keyword, the target class is inserted before all LB classes.

action-name: Specifies an LB action by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

This command sets an LB action for packets matching the specified LB class.

If you do not specify the insert-before or insert-after keyword, this command inserts the target class after all LB classes.

You can specify an LB action for different LB classes.

You can specify multiple LB classes for an LB policy. Packets match the classes in the order the classes are configured. If a class is matched, the specified action is taken and packets stop matching the subsequent classes. As a best practice for finer matching when a class rule is included in the rule of another class, configure the class with more detailed rule first. If no class is matched, the default action is taken.

A DNS LB policy can reference DNS LB actions only; a generic LB policy can reference generic LB classes and generic LB actions only. This rule does not apply to HTTP LB policies.

Examples

# Specify the LB action lba1 for the LB class lbc1 in the generic LB policy lbp1, and insert lbc1 before the LB class lbc0.

<Sysname> system-view

[Sysname] loadbalance policy lbp1 type generic

[Sysname-lbp-generic-lbp1] class lbc1 insert-before lbc0 action lba1

compression level

Use compression level to set the compression level for response packets.

Use undo compression level to restore the default.

Syntax

compression level level

undo compression level

Default

The compression level for response packets is 1.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

level: Specifies the compression level in the range of 1 to 9. A larger value indicates a lower compression speed and a higher compression ratio.

Examples

# Create the HTTP-compression parameter profile pa1, and set the compression level to 6.

<Sysname> system-view

[Sysname] parameter-profile pa1 type http-compress

[Sysname-para-http-compress-pa1] compression level 6

connection-limit max (link group member view)

Use connection-limit max to set the maximum number of connections of a link group member.

Use undo connection-limit max to restore the default.

Syntax

connection-limit max max-number

undo connection-limit max

Default

The maximum number of connections of a link is 0, which means the number is not limited.

Views

Link group member view

Predefined user roles

network-admin

context-admin

Parameters

max-number: Specifies the maximum number of connections, in the range of 0 to 4294967295. If the value of this argument takes 0, the number is not limited.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the maximum number of connections of the link group member lk1 to 10000.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] link lk1

[Sysname-lb-lgroup-lg-#member#-lk1] connection-limit max 10000

connection-limit max (link view)

Use connection-limit max to set the maximum number of connections of a link.

Use undo connection-limit max to restore the default.

Syntax

connection-limit max max-number

undo connection-limit max

Default

The maximum number of connections of a link is 0, which means the number is not limited.

Views

Link view

Predefined user roles

network-admin

context-admin

Parameters

max-number: Specifies the maximum number of connections, in the range of 0 to 4294967295. If the value of this argument takes 0, the number is not limited.

Usage guidelines

Non-default vSystems do not support this command.

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum number of connections of the link lk to 10000.

<Sysname> system-view

[Sysname] loadbalance link lk

[Sysname-lb-link-lk] connection-limit max 10000

connection-limit max (real server view)

Use connection-limit max to set the maximum number of connections of a real server.

Use undo connection-limit max to restore the default.

Syntax

connection-limit max max-number

undo connection-limit max

Default

The maximum number of connections of a real server is 0, which means the number is not limited.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

max-number: Specifies the maximum number of connections, in the range of 0 to 4294967295. If the value of this argument takes 0, the number is not limited.

Usage guidelines

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum number of connections of the real server rs to 10000.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] connection-limit max 10000

connection-limit max (server farm member view)

Use connection-limit max to set the maximum number of connections of a server farm member.

Use undo connection-limit max to restore the default.

Syntax

connection-limit max max-number

undo connection-limit max

Default

The maximum number of connections of a link is 0, which means the number is not limited.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

max-number: Specifies the maximum number of connections, in the range of 0 to 4294967295. If the value of this argument takes 0, the number is not limited.

Examples

# Set the maximum number of connections of the server farm member rs1 to 10000.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname -sfarm-sf-#member#-rs1-port-80] connection-limit max 10000

connection-limit max (virtual server view)

Use connection-limit max to set the maximum number of connections of a virtual server.

Use undo connection-limit max to restore the default.

Syntax

connection-limit max max-number

undo connection-limit max

Default

The maximum number of connections of a virtual server is 0, which means the number is not limited.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

max-number: Specifies the maximum number of connections, in the range of 0 to 4294967295. If the value of this argument takes 0, the number is not limited.

Usage guidelines

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum number of connections for the IP-type virtual server vs3 to 10000.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] connection-limit max 10000

connection-sync enable (transparent DNS proxy view)

Use connection-sync enable to enable session extension information synchronization for a transparent DNS proxy.

Use undo connection-sync enable to disable session extension information synchronization for a transparent DNS proxy.

Syntax

connection-sync enable

undo connection-sync enable

Default

Session extension information synchronization is disabled for a transparent DNS proxy.

Views

Transparent DNS proxy view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This command can back up session information to ensure service continuity during a master and backup switchover in hot backup mode.

Examples

# Enable session extension information synchronization for the transparent DNS proxy dns_proxy1.

<Sysname>system-view

[Sysname] loadbalance dns-proxy dns-proxy1

[Sysname-lb-dp-udp-dns-proxy1] connection-sync enable

connection-sync enable (virtual server view)

Use connection-sync enable to enable session extension information synchronization for a virtual server.

Use undo connection-sync enable to disable session extension information synchronization for a virtual server.

Syntax

connection-sync enable

undo connection-sync enable

Default

Session extension information synchronization is disabled for a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

This command is not supported by the virtual servers of the HTTP type.

Examples

# Enable session extension information synchronization for the IP-type virtual server vs3.

<Sysname>system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] connection-sync enable

content (HTTP content sticky group view)

Use content to configure the HTTP entity sticky method.

Use undo content to delete the HTTP entity sticky method.

Syntax

content [ offset offset ] [ start start-string ] [ end end-string | length length ]

undo content

Default

No sticky methods exist.

Views

HTTP entity sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

offset offset: Specifies the offset value of the entity based on the start of the HTTP packet, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the entity, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the entity, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the entity, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

Use this command to obtain the HTTP entity information used to generate sticky entries based on the offset, start-string, end-string, and length values. The start-string and end-string values are not included in the sticky entry information.

The HTTP entity sticky method applies only to contents within the entity. The HTTP entity sticky method does not apply to chunk and multipart entity content.

Examples

# Configure the HTTP entity sticky method for the HTTP entity sticky group sg2: Starting from the 30th byte of start of the HTTP packet, use the 20-byte HTTP entity with abc as the start string to generate sticky entries.

<Sysname> system-view

[Sysname] sticky-group sg2 type http-content

[Sysname-sticky-http-content-sg2] content offset 30 start abc length 20

content (HTTP passive sticky group view)

Use content to configure the HTTP passive entity sticky method.

Use undo content to delete the HTTP passive entity sticky method.

Syntax

content { get | match } id start start-string { end end-string | length length }

undo content { get | match } id

Default

No sticky methods exist.

Views

HTTP passive sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

get: Obtains the specified string in the HTTP response entity, which is used to generate a sticky entry.

match: Obtains the specified string in the HTTP request entity, which is used to match a sticky entry.

id: Specifies the string ID in the range of 1 to 4.

start start-string: Specifies the regular expression that marks the start of the entity, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

length length: Specifies the length of the entity, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

The start-string and end-string values are not included in the sticky entry information.

Both the content get and content match commands are required for an HTTP passive sticky method.

The device obtains the content information of an incoming HTTP request based on the content match command and obtains the content information of an incoming HTTP response based on the content get command. If the content information of the HTTP request matches the content information of the HTTP response, the device generates a sticky entry based on the content information of the HTTP response. Subsequent HTTP requests that match the sticky entry are forwarded according to the sticky entry.

The following rules apply to use of the content match and content get commands:

· You can execute a maximum of four content get commands and four content match commands for one HTTP passive sticky method.

· A number of n strings that are obtained based on n content get commands generates 2n-1 strings in ascending order of string IDs. If the string obtained based on the content match command matches any one of these generated strings, the match is successful.

· A number of n strings that are obtained based on n content match commands combine as one string in ascending order of string IDs.

For example, three content get commands are executed with string IDs 1, 2, and 3. The device obtains three strings a, b, and c in the HTTP response header, generates seven strings a, b, c, ab, ac, bc, and abc, and generates seven sticky entries. Then, three content match commands are executed with string IDs 2, 3, and 4. The device obtains three strings a, b, and c in the HTTP request header and generates one string abc. If the string matches one of the seven strings, the device generates a sticky entry based on the string abc. Subsequent HTTP requests that match the sticky entry are forwarded according to the sticky entry.

Examples

# Configure the HTTP passive sticky method for the HTTP passive sticky group sg2: Obtain the 20-byte HTTP entity string starting with abc in the HTTP response. If the string matches the 20-byte HTTP entity string starting with xxx in the HTTP request, the device generates a sticky entry based on the string obtained from the HTTP response.

<Sysname> system-view

[Sysname] sticky-group sg2 type http-passive

[Sysname-sticky-http-passive-sg2] content get 1 start abc length 20

[Sysname-sticky-http-passive-sg2] content match 1 start xxx length 20

Related commands

display sticky-group

header (HTTP passive sticky group view)

content length-threshold

Use content length-threshold to set the minimum length of HTTP response content for compression.

Use undo content length-threshold to restore the default.

Syntax

content length-threshold length

undo content length-threshold

Default

The minimum length of HTTP response content for compression is 1024 bytes.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

length: Specifies the minimum length of HTTP response content for compression, in the range of 0 to 4294967295 bytes.

Usage guidelines

If an HTTP response packet contains the Content-Length header, the packet content is compressed only when its length reaches the minimum length of HTTP response content for compression. If the HTTP response packet does not contain the Content-Length header, the configuration does not take effect. The packet content is compressed regardless of its length.

Examples

# Create the HTTP-compression parameter profile http1, and set the minimum length of HTTP response content for compression to 2000 bytes.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] content length-threshold 2000

content maxparse-length

Use content maxparse-length to set the maximum length of HTTP entities that can be parsed.

Use undo content maxparse-length to restore the default.

Syntax

content maxparse-length length

undo content maxparse-length

Default

The maximum length of HTTP entities that can be parsed is 4096.

Views

HTTP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

length: Specifies the maximum length of HTTP entities that can be parsed, in the range of 1 to 65535 bytes.

Examples

# Set the maximum length of HTTP entities that can be parsed to 8192 for the HTTP parameter profile pp1.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] content maxparse-length 8192

content request-max-length

Use content request-max-length to set the maximum size of the HTTP content.

Use undo content request-max-length to restore the default.

Syntax

content request-max-length length

undo content request-max-length

Default

The size of the HTTP content is not limited.

Views

HTTP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

length: Specifies the maximum size of the HTTP content, in the range of 1 to 4294967295 bytes.

Usage guidelines

If the size of the HTTP content in an HTTP request exceeds the specified maximum size, the device discards the HTTP request.

Examples

# Set the maximum size of the HTTP content to 1000 for the HTTP parameter profile h1.

<Sysname> system-view

[Sysname] parameter h1 type http

[Sysname-para-http-h1] content request-max-length 1000

content rewrite

Use content rewrite to rewrite the content of HTTP responses.

Use undo content rewrite to restore the default.

Syntax

content rewrite value value replace replace-string

undo content rewrite

Default

The content of HTTP responses is not rewritten.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

value value: Specifies the HTTP packet content to be rewritten, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

replace replace-string: Specifies the content after rewrite, a case-sensitive string of 1 to 127 characters.

Usage guidelines

This command applies only to the HTTP response packets in the format of text/*.

The rewrite operation is not performed in either of the following situations:

· A regular expression is used to match the content before rewrite, and the content before rewrite exceeds 4096 bytes in size.

· The content after rewrite exceeds 4096 bytes in size.

If you specify the replace-string argument as %[1-9], the matching packet content value will be replaced by the content in the corresponding pair of brackets. For example, if you execute the content rewrite value (Wel)(co)(me) replace %2 command, the content Welcome will be replaced by the content co in the second pair of brackets.

If you execute the content rewrite command multiple times, the most recent configuration takes effect.

Examples

# Create the HTTP LB action named replace, and replace the content 2000::1 in HTTP response packets with 2.3.4.5.

<Sysname> system-view

[Sysname] loadbalance action replace type http

[Sysname-lba-http-replace] content rewrite value 2000::1 replace 2.3.4.5

cookie (protection rule view)

Use cookie to configure a cookie-based protection threshold.

Use undo cookie to restore the default.

Syntax

cookie cookie-name request-threshold threshold

undo cookie

Default

No cookie-based protection threshold is configured.

Views

Protection rule view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

cookie-name: Specifies an HTTP cookie by its name, a case-sensitive string of 1 to 63 characters. The cookie name cannot contain brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). Additionally, the cookie name cannot contain ASCII codes that are less than or equal to 31 and greater than or equal to 127.

request-threshold threshold: Specifies a request threshold in the range of 1 to 4294967295.

Usage guidelines

If the number of times that a user accesses a protected URL exceeds the request threshold during the protection period, the protection action is taken. The device determines whether requests belong to the same user based on the following elements:

· Cookie—Requests with the same cookie value for the cookie specified in this command belong to the same user.

· Source IP address—Requests with the same source IP address belong to the same user.

If you configure both a cookie-based request threshold and a source-IP-based request threshold, the protection action is taken when either threshold is exceeded.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In protection rule 5, configure the cookie name as jsessionid and the request threshold as 2.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] rule 5

[Sysname-lbpp-http-p1-rule-5] cookie jsessionid request-threshold 2

Related commands

protected-url

protection-action

protection-period

source-ip

cookie (sticky group view)

Use cookie to configure the HTTP cookie sticky method.

Use undo cookie to restore the default.

Syntax

cookie { get name cookie-name [ offset offset ] [ start start-string] [ end end-string | length length ] | { insert [ domain domain-name ] [ path path ] [ httponly ] [ secure ] | rewrite } [ name cookie-name ] [ httponly ] [ secure ] }

undo cookie { get | insert | rewrite }

Default

No HTTP cookie sticky methods exist.

Views

HTTP cookie sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

get: Specifies the cookie get sticky method that gets the Set-Cookie field in the HTTP response packets sent by the server.

cookie-name: Specifies an HTTP cookie by its name, a case-sensitive string of 1 to 63 characters.

offset offset: Specifies the offset value based on the start of the cookie value, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the cookie, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the cookie, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the cookie, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

insert: Specifies the cookie insert sticky method that inserts the Set-Cookie field to the HTTP response packets sent by the server.

rewrite: Specifies the cookie rewrite sticky method that rewrites the Set-Cookie field in the HTTP response packets sent by the server.

name cookie-name: Specifies an HTTP cookie by its name, a case-sensitive string of 1 to 63 characters. The default name is X-LB.

domain domain-name: Specifies a domain name indicating the hosts to which the cookie will be sent, a case-sensitive string of 1 to 255 characters. If you do not specify this option, the cookie will be sent to only the host where it is created.

path path: Specifies a path indicating the paths to which the cookie will be sent, a case-sensitive string of 1 to 255 characters. If you do not specify this option, the cookie will be sent to every path (the root directory / applies).

httponly: Specifies that the cookie cannot be accessed by scripts. If you do not specify this keyword, the cookie can be accessed by scripts.

secure: Specifies that the cookie can be transmitted over only HTTPS connections. If you do not specify this keyword, the cookie can be transmitted over any connections.

Usage guidelines

Use the cookie get command to obtain the HTTP cookie information used to generate sticky entries based on the offset, start-string, end-string, and length values. The start-string and end-string values are not included in the sticky entry information.

If the sticky method is cookie rewrite, the Set-Cookie field of the specified cookie must be available in the HTTP response packets sent by the server. The system modifies only the cookie name and value in the Set-Cookie field without modifying other attributes such as Expires.

If the sticky method is cookie insert or cookie rewrite and the timeout timer for sticky entries is 0, the system adds the Expires field after the inserted or rewritten value. If the HTTP response packets sent by the server carry this attribute, the load balancing module does not modify the attribute. Instead, it adds the user-configured Expires information after the value. As a best practice, do not carry any timeout attribute in the Set-Cookie header on the server when you configure the cookie rewrite sticky method.

The domain domain-name option specifies the hosts to which the cookie will be sent. Suppose a client can visit hosts example.com, www.example.com, and www.corp.example.com. If you specify example.com for the domain domain-name option, the client includes the cookie when sending HTTP requests to any one of the three hosts. If you specify www.corp.example.com for the domain domain-name option, the client includes the cookie only when sending HTTP requests to www.corp.example.com.

The path path option limits the scope of the cookie to a set of paths. Suppose a client can visit folders www.example.com/a and www.example.com/b. If you specify www.example.com for the domain domain-name option and /a for the path path option, the client includes the cookie only when sending HTTP requests to www.example.com/a.

The httponly option prevents attackers from obtaining cookie information by using scripts.

The secure option makes sure the cookie is transmitted over an HTTPS connection. For an HTTP connection, the cookie is not transmitted.

Examples

# Configure the cookie get sticky method for the HTTP cookie sticky group sg3: Starting from the 10th byte of start of the HTTP packet, use the 32-byte HTTP cookie named user to generate sticky entries.

<Sysname> system-view

[Sysname] sticky-group sg3 type http-cookie

[Sysname-sticky-http-cookie-sg3] cookie get name user offset 10 length 32

# Configure the cookie insert sticky method for the HTTP cookie sticky group sg3.

<Sysname> system-view

[Sysname] sticky-group sg3 type http-cookie

[Sysname-sticky-http-cookie-sg3] cookie insert

cookie secondary name

Use cookie secondary name to specify the name of the secondary cookie to be searched in the URI.

Use undo cookie secondary name to restore the default.

Syntax

cookie secondary name value

undo cookie secondary name

Default

The name of the secondary cookie to be searched in the URI is not specified.

Views

HTTP cookie sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

value: Specifies the name of the secondary cookie, a case-sensitive token string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127.

Usage guidelines

This command applies only to the cookie get sticky method. Executing this command enables the system to locate the secondary cookie in the URI when it fails to locate the specified cookie in the HTTP request packet header.

Examples

# Specify the name of the secondary cookie to be searched in the URI as sid for the HTTP cookie sticky group sg3.

<Sysname> system-view

[Sysname] sticky-group sg3 type http-cookie

[Sysname-sticky-http-cookie-sg3] cookie secondary name sid

cost

Use cost to set the link cost for proximity calculation.

Use undo cost to restore the default.

Syntax

cost cost-value

undo cost

Default

The link cost for proximity calculation is 0.

Views

Link view

Predefined user roles

network-admin

context-admin

Parameters

cost-value: Specifies the link cost for proximity calculation, in the range of 0 to 10240.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the link cost for proximity calculation to 200 for the link lk1.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] cost 200

cost weight

Use cost weight to set the cost weight for proximity calculation.

Use undo cost weight to restore the default.

Syntax

cost weight cost-weight

undo cost weight

Default

The cost weight for proximity calculation is 100.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

cost-weight: Specifies the cost weight for proximity calculation, in the range of 0 to 255. A larger value indicates a higher cost weight.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the cost weight for proximity calculation to 200.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity] cost weight 200

customlog content

Use customlog content to configure the content to be output by using the fast log output feature.

Use undo customlog content to restore the default.

Syntax

customlog content content-value

undo customlog content

Default

No content is output by using the fast log output feature.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

content-value: Specifies the log content to be output, a case-sensitive string of 1 to 255 characters. To enter multiple variables, separate them by semicolons. The device supports the following variables:

· %{is}—Source IP address in HTTP requests.

· %{ps}—Source port number in HTTP requests.

· %{id}—Destination IP address in HTTP requests.

· %{pd}—Destination port number in HTTP requests.

· %{sis}—Source IP address in HTTP responses.

· %{sps}—Source port number in HTTP responses.

· %{sid}—Destination IP address in HTTP responses.

· %{spd}—Destination port number in HTTP responses.

· %{vsn}—Virtual server name.

· %{sfn}—Server farm name.

· %{reqtmstamp}—HTTP request timestamp, in GMT.

· %{uri}—HTTP URI.

· %{ver}—HTTP version number.

· %{args}—HTTP access parameters.

· %{method}—HTTP request method.

· %{xff}—IP address of XFF (X-Forwarded-For).

· %{ctype}—Content-Type field in HTTP requests.

· %{clen}—Content-Length field in HTTP requests.

· %{ref}—Referer header field in HTTP requests.

· %{ua}—User-Agent header field in HTTP requests.

· %{host}—Host header field in HTTP requests.

· %{path}—Path in HTTP requests.

· %{reqsz}—HTTP request size in bytes.

· %{reqtm}—HTTP request duration in milliseconds. The duration is from time when the device receives an HTTP request to the time when the device receives the HTTP response.

· %{rspclen}—Content-Length field in HTTP responses.

· %{reqsz}—HTTP response size in bytes.

· %{rsptm}—HTTP response duration in milliseconds. The duration is from the time when the device receives an HTTP response to the time when the device finishes sending out the HTTP response.

· %{stscode}—HTTP response status code.

· %{reqbsz}—Body size of HTTP requests, in bytes.

· %{rspbsz}—Body size of HTTP responses received by the device from the server, in bytes.

· %{rspsntbsz}—Body size of HTTP responses sent from the device to the client, in bytes.

· %{cookie_cookie-name—HTTP cookie. The cookie name cannot contain brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). Additionally, the cookie name cannot contain ASCII codes that are less than or equal to 31 and greater than or equal to 127. You can specify multiple cookies.

Usage guidelines

After you execute this command, the device sends the specified content to the log host by using the fast log output feature.

Before executing this command, you must enable fast log output for load balancing and configure fast log output parameters.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# For HTTP virtual server vs, output the source IP address and source port number in HTTP requests by using the fast log output feature.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] customlog content %{is};%{ps}

Related commands

customlog format (Network Management and Monitoring Command Reference)

customlog host (Network Management and Monitoring Command Reference)

default dns-server-pool

Use default dns-server-pool to specify the default (primary) DNS server pool for a transparent DNS proxy.

Use undo default dns-server-pool to restore the default.

Syntax

default dns-server-pool pool-name [ sticky sticky-name ]

undo default dns-server-pool

Default

No default DNS server pool is specified for a transparent DNS proxy.

Views

Transparent DNS proxy view

Predefined user roles

network-admin

context-admin

Parameters

pool-name: Specifies a primary DNS server pool by its name, a case-insensitive string of 1 to 63 characters.

sticky sticky-name: Specifies a sticky group by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a sticky group, the DNS server pool does not correspond to any sticky group.

Usage guidelines

Non-default vSystems do not support this command.

If you execute the default dns-server-pool command multiple times, the most recent configuration takes effect.

Examples

# Specify the primary DNS server pool dns-pool1 and the sticky group st1 for the transparent DNS proxy dns-proxy1.

<Sysname> system-view

[Sysname] loadbalance dns-proxy dns-proxy1

[Sysname-lb-dp-udp-dns-proxy1] default dns-server-pool dns-pool1 sticky st1

default link-group

Use default link-group to specify the default (primary) link group.

Use undo default link-group to restore the default.

Syntax

default link-group link-group-name [ backup backup-link-group-name ] [ sticky sticky-name ]

undo default link-group

Default

No default link group is specified.

Views

Link-IP virtual server view

Predefined user roles

network-admin

context-admin

Parameters

link-group-name: Specifies a primary link group by its name, a case-insensitive string of 1 to 63 characters.

backup backup-link-group-name: Specifies a backup link group by its name, a case-insensitive string of 1 to 63 characters.

sticky sticky-name: Specifies a sticky group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

When the primary link group is available (contains links), the virtual server forwards packets through the primary link group. When the primary link group is not available, the virtual server forwards packets through the backup link group.

Examples

# Specify the primary link group link1, the backup link group link2, and the sticky group sg1 for the link-IP-type virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type link-ip

[Sysname-vs-link-ip-vs3] default link-group link1 backup link2 sticky sg1

default server-farm

Use default server-farm to specify the default (primary) server farm.

Use undo default server-farm to restore the default.

Syntax

default server-farm server-farm-name [ backup backup-server-farm-name ] [ sticky sticky-name [ backup backup-sticky-name ] ]

undo default server-farm

Default

No default server farm is specified.

Views

HTTP virtual server view

IP virtual server view

TCP virtual server view

UDP virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

server-farm-name: Specifies a primary server farm by its name, a case-insensitive string of 1 to 63 characters.

backup backup-server-farm-name: Specifies a backup server farm by its name, a case-insensitive string of 1 to 63 characters.

sticky sticky-name: Specifies a primary sticky group by its name, a case-insensitive string of 1 to 63 characters.

backup backup-sticky-name: Specifies a backup sticky group by its name, a case-insensitive string of 1 to 63 characters. This option is supported only by HTTP virtual servers and RADIUS virtual servers.

Usage guidelines

When the primary server farm is available (contains real servers), the virtual server forwards packets through the primary server farm. When the primary server farm is not available, the virtual server forwards packets through the backup server farm.

If you specify both a primary sticky group and a backup sticky group, the device generates both primary sticky entries and backup sticky entries. If packets do not match primary sticky entries, backup sticky entries will apply.

The device generates backup sticky entries for only the following sticky group combinations:

· RADIUS-type primary sticky group and port-address-type backup sticky group.

· HTTP cookie-type primary sticky group and port-address-type backup sticky group.

· HTTP cookie-type primary sticky group and HTTP passive-type backup sticky group.

Examples

# Specify the primary server farm sf, the backup server farm sfb, and the sticky group sg1 for the IP-type virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] default server-farm sf backup sfb sticky sg1

default-class action

Use default-class action to specify the default LB action.

Use undo default-class to restore the default.

Syntax

default-class action action-name

undo default-class

Default

No default LB action is specified.

Views

LB policy view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

action-name: Specifies an LB action by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

This command sets the default LB action for packets that fail to match any LB class.

A DNS LB policy can reference DNS LB actions only; a generic LB policy can reference generic LB actions only. This rule does not apply to HTTP LB policies.

Examples

# Specify the default LB action lba1 for the generic LB policy lbp1.

<Sysname> system-view

[Sysname] loadbalance policy lbp1 type generic

[Sysname-lbp-generic-lbp1] default-class action lba1

description

Use description to configure a description.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is configured.

Views

ISP view

LB action view

LB class view

LB policy view

LB connection limit policy view

Parameter profile view

Protection policy view

Real server view

Server farm member view

Server farm view

SNAT address pool view

SNAT global policy view

Sticky group view

Virtual server view

Link group view

Link group member view

Link view

DNS server pool view

DNS server pool member view

DNS server view

Statistics node view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 127 characters.

Examples

# Configure the description LB action LBA1 for the generic LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] description LB action LBA1

destination-ip object-group

Use destination-ip object-group to specify a destination IP address object group for address translation.

Use undo destination-ip object-group to restore the default.

Syntax

destination-ip object-group object-group-name

undo destination-ip object-group

Default

All packets are translated.

Views

SNAT global policy view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

object-group-name: Specifies a destination IP address object group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you specify a destination IP address object group, the device performs SNAT on only packets with a matching destination IP address. For information about configuring an IP address object group, see object group configuration in Security Configuration Guide.

Examples

# Specify destination IP address object group obj1 for SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] destination-ip object-group obj1

Related commands

object-group (Security Command Reference)

display loadbalance action

Use display loadbalance action to display LB action information.

Syntax

display loadbalance action [ name action-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name action-name: Specifies an LB action by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all LB actions.

Examples

# Display information about all LB actions.

<Sysname> display loadbalance action

LB action: lba1

Description:

Type: Generic

State: Inactive

Forward type: Drop

IP ToS:

Fallback-action: Disabled

Busy-action: Force

TCP payload rewrite:

Value: QMGR.S01

Replacement: QMGR.S01%[variable]

Direction: Request

TCP payload rewrite:

Value: QMGR.S01_1

Replacement: QMGR.S01_2

Direction: Response

TCP payload rewrite:

Value: QMGR.S02_2

Replacement: QMGR.S01_2

Direction: Response

LB action: lba2

Description:

Type: HTTP

State: Active

Forward type: Server farm

Server farm: sf (in use)

Backup server farm: sfb

Sticky: sg3

Backup sticky: sg4

IP ToS: 20

Fallback-action: Disabled

SSL client policy:

Content rewrite:

Value:

Replacement:

Redirect relocation:

Redirect return-code: 302

Header delete:

Name: ww

Direction: Request

Header insert:

Name: aa

Value: 1234567890123456789012345678901234567890123456789012345678901234567890

Direction: Both

Header insert:

Name: cc

Value: dd

Direction: Request

Header rewrite:

Name: ee

Value: dd

Replacement: ff

Direction: Response

SSL URL rewrite:

Value: 12

Clear port: 12

SSL port: 123

LB action: lba3

Description: sina

Type: Link-generic

State: Active

Forward type: link group

Link group: lg1 (in use)

Backup link group: lg2

Sticky:

IP ToS:

Fallback-action: None

LB action: lba4

Description: xx

Type: DNS

State: Active

Forward type: DNS server pool

DNS server pool: dsp1

Sticky: st

IP ToS:

Fallback-action: Disabled

Busy-action: Force

LB action: lba5

Description:

Type: HTTP

State: Active

Forward type: Redirect

IP ToS:

Fallback-action: Continue

SSL client policy:

Content rewrite:

Value:

Replacement:

Redirect relocation: www.h3c.com

Redirect return-code: 302

LB action: lba6

Description:

Type: HTTP

State: Active

Forward type: Response

IP ToS:

Fallback-action: Response

Raw file name: 301.raw

SSL client policy:

Content rewrite:

Value:

Replacement:

Redirect relocation:

Redirect return-code: 302

Response file:

File: index.html

URL: /index/css

Response file:

File name: subsys_intf.js

URL: /index/subsys

Response file:

File name: subsys.js

URL: /subsys.js

Response zip file:

Zip file name: subsys.zip

Working path: /

Table 1 Command output

Field	Description
LB action	LB action name.
Description	Description for the LB action.
Type	LB action type: · DNS. · Generic. · HTTP. · Link-generic. · RADIUS.
State	LB action state: · Active. · Inactive.
Forward type	Packet forwarding mode of the LB action: · Drop—Discards packets. · Drop(FIN-close)—Closes TCP connections by sending FIN packets (applicable to generic and HTTP LB actions). · Drop(RST-close)—Closes TCP connections by sending RST packets (applicable to generic and HTTP LB actions). · Forward—Forwards packets. · Server farm—Forwards packets through the server farm (applicable to generic, HTTP, and RADIUS LB actions). · Link group—Forwards packets through the link group (applicable to link-generic LB actions). · DNS server pool—Forwards packets through the DNS server pool (applicable to DNS LB actions). · Skip current DNS proxy (applicable to DNS LB actions). · Redirect—Redirects packets. · Response—Responds to client requests by using a file.
Server farm	Primary server farm name. (in use) indicates the server farm is in use. This field is displayed only when the packet forwarding mode is server farm.
Backup server farm	Backup server farm name. (in use) indicates the server farm is in use. This field is displayed only when the packet forwarding mode is server farm.
Link group	Default link group name. (in use) indicates the link group is in use.
Backup link group	Backup link group name. (in use) indicates the link group is in use.
Sticky	Primary sticky group name. This field is displayed only when the packet forwarding mode is server farm or DNS server pool.
Backup sticky	Backup sticky group name. This field is displayed only when the packet forwarding mode is server farm and the LB action type is HTTP or RADIUS.
IP ToS	ToS field value of IP packets.
Fallback-action	Action taken upon load balancing failure: · None—Does not take any action. · Continue—Matches the next rule. · Response—Responds to client requests by using a file. · Drop(FIN-close)—Closes TCP connections by sending FIN packets (applicable to generic and HTTP LB actions). · Drop(RST-close)—Closes TCP connections by sending RST packets (applicable to generic and HTTP LB actions).
Busy-action	Action taken upon busyness: · Continue—Matches the next rule. · Force—Assigns packets to links or DNS servers regardless of whether they are busy.
SSL client policy	SSL client policy name. This field is displayed for HTTP LB actions only.
Content rewrite	HTTP content rewrite configuration: · Value—Specifies the HTTP packet content to be rewritten. · Replacement—Specifies the content after rewrite. This field is displayed only for an HTTP-type LB action.
Redirect relocation	Redirection URL. This field is displayed only for HTTP-type LB actions.
Redirect return-code	Status code in the redirection packets. This field is displayed only for HTTP-type LB actions.
Header delete	Deletes the HTTP header. · Name—Name of the HTTP packet header. · Direction—Specifies HTTP requests, HTTP responses, or both. This field is displayed only when the header delete command is configured.
Header insert	Inserts the HTTP header. · Name—Name of the HTTP packet header. · Value—Content of the HTTP packet header. · Direction—Specifies HTTP requests, HTTP responses, or both. This field is displayed only when the header insert command is configured.
Header rewrite	Rewrites the HTTP header. · Name—Name of the HTTP packet header. · Value—Content of the HTTP packet header to be rewritten. · Replacement—Content after rewrite. · Direction—Specifies HTTP requests, HTTP responses, or both. This field is displayed only when the header rewrite command is configured.
SSL URL rewrite	Rewrites the URL in the Location header of HTTP response packets sent by the server. · Value—Regular expression for the location header URL. · Clear port—HTTP port number to be rewritten. · SSL port—SSL port number after rewrite. This field is displayed only when the ssl url rewrite command is configured.
DNS server pool	DNS server pool name. This field is displayed only when the packet forwarding mode is DNS server pool.
Response file	Responds to client requests by using an uncompressed file.
File name	Name of the uncompressed file.
URL	URL path used to match client requests.
Response zip file	Responds to client requests by using a compressed file.
Zip file name	Name of the compressed file.
Working path	Working path used to match client requests.
Raw file name	Response file used upon load balancing failure.
TCP payload rewrite	Rewrite the TCP payload: · Value—Content of the TCP packet header to be rewritten. · Replacement—Content after rewrite. · Direction—Specifies TCP requests, TCP responses, or both. This field is displayed only when the payload rewrite command is configured.

display loadbalance alg

Use display loadbalance alg to display the ALG status for all protocols.

Syntax

display loadbalance alg

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Examples

# Display the ALG status for all protocols.

<Sysname> display loadbalance alg

LB ALG:

DNS : Enable

FTP : Enable

H323 : Disabled

ICMP-ERROR : Enable

ILS : Disabled

MGCP : Disabled

NBT : Disabled

PPTP : Enable

RSH : Disabled

RTSP : Enable

SCCP : Disabled

SIP : Disabled

SQLNET : Disabled

TFTP : Disabled

XDMCP : Disabled

display loadbalance class

Use display loadbalance class to display LB class information.

Syntax

display loadbalance class [ name class-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name class-name: Specifies an LB class by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all LB classes.

Examples

# Display information about all LB classes.

<Sysname> display loadbalance class

LB class: lbc1

Description:

Type: HTTP

Match type: Match-all

Match rule:

match 1 source ip address 1.2.3.0 24

match 2 source ipv6 address 1::2

match 3 cookie abc value 123

match 4 header def value 12

match 5 method ext xde

match 6 method rfc CONNECT

match 7 class cla2

match 8 url 2q3

match 9 acl ipv4 number 2000

match 10 acl ipv6 number 2001

match 11 acl ipv4 name aaa

match 12 acl ipv6 name bbb

match 13 isp name isp1

LB class: lbc2

Description:

Type: Generic

Match type: Match-any

Match rule:

match 1 class cla2

match 2 source ip address 1.2.23.0 24

match 3 source ipv6 address 1::12

match 4 acl ipv4 number 3000

match 5 acl ipv6 number 3001

match 6 acl ipv4 name ccc

match 7 acl ipv6 name ddd

match 8 isp name isp2

match 9 payload orcl

LB class: lbc3

Description:

Type: Link-generic

Match type: Match-any

Match rule:

match 1 class cla3

match 2 source ip address 1.2.3.0 24

match 3 source ipv6 address 1::12

match 4 acl ipv4 number 3002

match 5 acl ipv6 number 3003

match 6 acl ipv4 name ccc

match 7 acl ipv6 name ddd

match 8 isp name isp2

match 9 user u1

match 10 user-group lb-group

match 11 interface GE1/0/1

LB class: lbc4

Description:

Type: DNS

Match type: Match-any

Match rule:

match 1 class cla2

match 2 source ip address 1.2.3.0 24

match 3 source ipv6 address 1::12

match 4 acl ipv4 number 3002

match 5 acl ipv6 number 3003

match 6 acl ipv4 name ccc

match 7 acl ipv6 name ddd

match 8 destination ip address 1.2.3.0 24

match 9 destination ipv6 address 1::12

match 10 domain-name www.h3c.com

LB class: lbc5

Description:

Type: MySQL

Match type: Match-any

Match rule:

match 1 class cla2

match 2 source ip address 1.2.3.0 24

match 3 source ipv6 address 1::12

match 4 acl ipv4 number 3002

match 5 acl ipv6 number 3003

match 6 acl ipv4 name ccc

match 7 acl ipv6 name ddd

match 8 sql select

Table 2 Command output

Field	Description
LB class	LB class name.
Description	Description for the LB class.
Type	LB class type: · DNS. · Generic. · HTTP. · Link-generic. · MySQL. · RADIUS.
Match type	Match type for the LB class: · Match-all—Requires matching all rules of the LB class. · Match-any—Requires matching any rule of the LB class.
Match rule	Match rules for the LB class.

display loadbalance connections

Use display loadbalance connections to display information about Layer 7 LB TCP connections.

Syntax

In standalone mode:

display loadbalance connections [ client-side{ ipv4 | ipv6 } [ cs-client-ip ip-address [ cs-client-port port-number ] ] [ cs-server-ip ip-address [ cs-server-port port-number ] ] [ state { closed | close_wait | closing | established | fin_wait_1 | fin_wait_2 | last_ack | listening | syn_received | syn_sent | time_wait } ] ] [ server-side { ipv4 | ipv6 } [ ss-client-ip ip-address [ ss-client-port port-number ] ] [ ss-server-ip ip-address [ ss-server-port port-number ] ] [ state { closed | close_wait | closing | established | fin_wait_1 | fin_wait_2 | last_ack | listening | syn_received | syn_sent | time_wait } ] ] [ slot slot-number ] [ verbose ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

client-side: Displays client-side connections.

server-side: Displays server-side connections.

ipv4: Specifies IPv4 connections.

ipv6: Specifies IPv6 connections.

cs-client-ip ip-address: Specifies a client by its IP address on the client side.

cs-client-port port-number: Specifies the port number of the client on the client side, in the range of 0 to 65535. 0 means any port number.

ss-client-ip ip-address: Specifies a client by its IP address on the server side.

ss-client-port port-number: Specifies the port number of the client on the server side, in the range of 0 to 65535. 0 means any port number.

cs-server-ip ip-address: Specifies a server by its IP address on the client side.

cs-server-port port-number: Specifies the port number of the server on the client side, in the range of 0 to 65535. 0 means any port number.

ss-server-ip ip-address: Specifies a server by its IP address on the server side.

ss-server-port port-number: Specifies the port number of the server on the server side, in the range of 0 to 65535. 0 means any port number.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about Layer 7 LB TCP connections for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about Layer 7 LB TCP connections for all cards. (In IRF mode.)

state { closed | close_wait | closing | established | fin_wait_1 | fin_wait_2 | last_ack | listening | syn_received | syn_sent | time_wait }: Specifies TCP connections by connection state. If you do not specify this parameter, the command displays information about TCP connections in each state.

verbose: Displays detailed information about TCP connections. If you do not specify this keyword, the command displays brief information.

Usage guidelines

If you do not specify any parameters, this command displays information about all Layer 7 LB TCP connections.

Examples

# Display brief information about all Layer 7 LB TCP connections.

<Sysname> display loadbalance connections

Client side: State Server side: State

192.168.56.1 <--> 8.8.8.8/80 ESTAB 192.168.56.1 <--> 2.2.2.2/80 ESTB

/50168 /1026

Any <-->Any CLOSED 192.168.56.1 <--> 2.2.2.2/80 TIMEWT

/1027

Total sessions: 3

# Display detailed information about all Layer 7 LB TCP connections.

<Sysname> display loadbalance connections verbose

Slot 1:

--------------------------------------------------------------------------------

Client side Server side

Client address 12.12.12.12/3032 12.12.12.12/54649

Server address 4.4.44.4/80 5.5.5.5/80

State ESTABLISHED ESTABLISHED

VPN name -- --

Idle time 0 sec

Idle timeout 20 sec

Start time 2018-05-30 16:54:13

--------------------------------------------------------------------------------

Client side Server side

Client address 12.12.12.12/2996 Any

Server address 4.4.44.4/80 Any

State TIME_WAIT N/A

VPN name -- --

Idle time 1 sec

Idle timeout 20 sec

Start time 2018-05-30 16:54:12

--------------------------------------------------------------------------------

Client side Server side

Client address 12.12.12.12/3251 12.12.12.12/54341

Server address 4.4.44.4/80 5.5.5.5/80

State ESTABLISHED ESTABLISHED

VPN name -- --

Idle time 0 sec

Idle timeout 20 sec

Start time 2018-05-30 16:54:14

Total sessions: 3

Table 3 Command output

Field	Description
State	TCP connection state: · LISTEN. · SYNSNT—SYN_SENT. · SYNRCV—SYN_RECEIVED. · ESTB—ESTABLISHED. · FINWT1—FIN_WAIT_1. · FINWT2—FIN_WAIT_2. · CLOWAT—CLOSE_WAIT. · CLOSING. · LASACK—LAST_ACK. · TIMEWT—TIME_WAIT. · CLOSED. For more information about these states, see RFC 793.
VPN name	VPN instance name.
Start time	Time when the TCP connection was established.

‌

display loadbalance dns-cache

Use display loadbalance dns-cache to display DNS cache information.

Syntax

In standalone mode:

display loadbalance dns-cache [ vpn-instance vpn-instance-name ] [ domain-name domain-name ] [ slot slot-number ]

In IRF mode:

display loadbalance dns-cache [ vpn-instance vpn-instance-name ] [ domain-name domain-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays DNS cache information for the public network.

domain-name domain-name: Specifies a domain name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays DNS cache information for all domain names.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays DNS cache information for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays DNS cache information for all cards. (In IRF mode.)

Usage guidelines

Non-default vSystems do not support this command.

DNS cache information records mappings between domain names and IP addresses.

Examples

# Display all DNS cache information.

<Sysname> display loadbalance dns-cache

Slot 1:

Domain name: www.example1.com

Aging time: 20 min

IPv4 addresses: 6.3.5.2

4.5.6.3

192.169.41.8

IPv6 addresses: 4:4:4::7

Domain name: www.example2.com

Aging time: 20 min

IPv4 addresses: 5.5.5.5

3.4.5.9

display loadbalance dns-listener

Use display loadbalance dns-listener to display DNS listener information.

Syntax

display loadbalance dns-listener [ name listener-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name listener-name: Specifies a DNS listener by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all DNS listeners.

Usage guidelines

Non-default vSystems do not support this command.

This command can display the service state, IPv4 address, port number, and fallback method.

Examples

# Display information about the DNS listener listener1.

<Sysname> display loadbalance dns-listener name listener1

DNS listener name: listener1

Service state: Enabled

IPv4 address: 1.1.1.2

Port: 53

IPv6 address: --

IPv6 Port: 53

Fallback: Reject

VPN instance:

Table 4 Command output

Field	Description
Service state	DNS listener state: · Enabled. · Disabled.
IPv4 address	IPv4 address of the DNS listener.
Port	Port number of the DNS listener.
IPv6 address	IPv6 address of the DNS listener.
IPv6 Port	IPv6 port number of the DNS listener.
Fallback	Processing method when the DNS listener fails to find the server to respond to the DNS request: · dns-proxy—Responds to the DNS request through the DNS proxy. · No-response—Does not respond to the DNS request. · Reject—Sends a DNS reject packet.
VPN instance	VPN instance to which the DNS listener belongs.

‌

display loadbalance dns-listener statistics

Use display loadbalance dns-listener statistics to display DNS listener statistics.

Syntax

In standalone mode:

display loadbalance dns-listener statistics [ name dns-listener-name ] [ slot slot-number ]

In IRF mode:

display loadbalance dns-listener statistics [ name dns-listener-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name dns-listener-name: Specifies a DNS listener by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays statistics for all DNS listeners.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays DNS listener statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays DNS listener statistics for all cards. (In IRF mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display statistics for the DNS listener dl.

<Sysname> display loadbalance dns-listener statistics name dl

DNS listener: dl

Total:

Received requests: 100

Received valid requests: 70

Unresponded requests: 10

Rejected requests: 20

Proxy requests: 0

------------------------------------------------

RCVR - Received requests, RVR - Received valid requests,

UR - Unresponded requests, RJTR - Rejected requests, PR - Proxy requests

Type RCVR RVR UR RJTR PR

A 50 50 0 0 0

AAAA 0 0 0 0 0

MX 10 5 5 0 0

NS 20 5 5 10 0

CNAME 10 5 0 5 0

SOA 10 5 0 5 0

PTR 0 0 0 0 0

TXT 10 5 0 5 0

SRV 0 0 0 0 0

Table 5 Command output

Field	Description
Proxy requests	Number of responses to DNS requests through transparent DNS proxies.
Type	DNS request type: · A—IPv4 host address. · AAAA—IPv6 host address. · CNAME—Canonical name. · MX—Mail exchanger. · NS—Name server. · PTR—Pointer. · SOA—Start of authority. · SRV—Service. · TXT—Text.

Field

Description

Proxy requests

Number of responses to DNS requests through transparent DNS proxies.

Type

DNS request type:

· A—IPv4 host address.

· AAAA—IPv6 host address.

· CNAME—Canonical name.

· MX—Mail exchanger.

· NS—Name server.

· PTR—Pointer.

· SOA—Start of authority.

· SRV—Service.

· TXT—Text.

display loadbalance dns-map

Use display loadbalance dns-map to display DNS mapping information.

Syntax

display loadbalance dns-map [ name dns-map-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

dns-map-name: Specifies a DNS mapping by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command displays information about all DNS mappings.

Usage guidelines

Non-default vSystems do not support this command.

Use this command to view the service state, domain name, and virtual server pool for DNS mappings.

Examples

# Display information about the DNS mapping dm1.

<Sysname> display loadbalance dns-map name dm1

DNS mapping name: dm1

Service state: Enabled

TTL: 3600s

Domain name list: www.example.domain.com

Virtual server pool: pool1

Table 6 Command output

Field	Description
Service state	DNS mapping state: · Enabled. · Disabled.
TTL	TTL, in seconds, to cache DNS records for DNS responses.
Domain name list	Domain name of the DNS mapping.
Virtual server pool	Virtual server pool used by the DNS mapping.

display loadbalance dns-map statistics

Use display loadbalance dns-map statistics to display DNS mapping statistics.

Syntax

In standalone mode:

display loadbalance dns-map statistics [ name dns-map-name ] [ slot slot-number ]

In IRF mode:

display loadbalance dns-map statistics [ name dns-map-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name dns-map-name: Specifies a DNS mapping by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays statistics for all DNS mappings.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays DNS mapping statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays DNS mapping statistics for all cards. (In IRF mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display statistics for the DNS mapping dm.

<Sysname> display loadbalance dns-map statistics name dm

DNS map: dm

Matched DNS requests: 100

Table 7 Command output

Field	Description
DNS map	DNS mapping name.
Matched DNS requests	Number of DNS requests matching the DNS mapping.

display loadbalance dns-proxy

Use display loadbalance dns-proxy to display transparent DNS proxy information.

Syntax

display loadbalance dns-proxy [ brief | name dns-proxy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

brief: Displays brief transparent DNS proxy information. If you do not specify this keyword, the command displays detailed transparent DNS proxy information.

name dns-proxy-name: Specifies a transparent DNS proxy by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all transparent DNS proxies.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display brief information about all transparent DNS proxies.

<Sysname> display loadbalance dns-proxy brief

DNS proxy State Type VPN instance IP address Port

dns-proxy1 Active UDP 1.2.3.0/24 53

dns-proxy2 Inactive UDP -- 5353

# Display information about transparent DNS proxy dns-proxy1.

<Sysname> display loadbalance dns-proxy name dns-proxy1

DNS proxy: dns-proxy1

Type: UDP

State: Active

Service state: Enabled

VPN instance:

IPv4 address: 1.2.3.0/24

IPv6 address: --

Port: 53

DNS server pool: dns-pool1

Sticky: st

LB policy: dns-policy1

Connection synchronization: Enabled

Sticky synchronization: Enabled

Bandwidth busy protection: Disabled

Table 8 Command output

Field	Description
DNS proxy	Transparent DNS proxy name.
Type	Transparent DNS proxy type. Only UDP is supported.
State	Transparent DNS proxy state: · Active—The transparent DNS proxy is available. · Inactive—The transparent DNS proxy is unavailable for any reason except that the transparent DNS proxy feature is disabled. · Inactive (disabled)—The transparent DNS proxy is unavailable because the transparent DNS proxy feature is disabled.
Service state	Transparent DNS proxy state: Enabled or Disabled.
VPN instance	VPN instance to which the transparent DNS proxy belongs.
DNS server pool	Default DNS server pool used by the transparent DNS proxy.
Sticky	Sticky group used by the transparent DNS proxy.
Connection synchronization	Session extension information synchronization state: Enabled or Disabled.
Sticky synchronization	Sticky entry synchronization state: Enabled or Disabled.
Bandwidth busy protection	Link protection state: Enabled or Disabled.

display loadbalance dns-proxy statistics

Use display loadbalance dns-proxy statistics to display transparent DNS proxy statistics.

Syntax

In standalone mode:

display loadbalance dns-proxy statistics [ name dns-proxy-name ] [ slot slot-number ]

In IRF mode:

display loadbalance dns-proxy statistics [ name dns-proxy-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name dns-proxy-name: Specifies a transparent DNS proxy by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays statistics for all transparent DNS proxies.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays transparent DNS proxy statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays transparent DNS proxy statistics for all cards. (In IRF mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display statistics for the transparent DNS proxy dns-proxy1.

<Sysname> display loadbalance dns-proxy statistics name dns-proxy1

DNS proxy: dns-proxy1

Received requests: 100

Dropped requests: 2

Received responses: 98

Dropped responses: 0

Table 9 Command output

Field	Description
DNS proxy	Transparent DNS proxy name.
Received requests	Number of DNS requests received by the transparent DNS proxy.
Dropped requests	Number of DNS requests dropped by the transparent DNS proxy.
Received responses	Number of DNS responses received by the transparent DNS proxy.
Dropped responses	Number of DNS responses dropped by the transparent DNS proxy.

display loadbalance dns-query

Use display loadbalance dns-query to display information about the domain names queried by external link proxy.

Syntax

In standalone mode:

display loadbalance dns-query [ vpn-instance vpn-instance-name ] [ slot slot-number ]

In IRF mode:

display loadbalance dns-query [ vpn-instance vpn-instance-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays domain name information for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays domain name information for all cards. (In IRF mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display information about the domain names queried by external link proxy.

<Sysname> display loadbalance dns-query

Slot 1:

VPN instance:

Domain name DNS server

www.a.example.com 1.2.3.4

www.b.example.com 2.2.3.4

Slot 2:

VPN instance:

Domain name DNS server

www.c.example.com 3.2.3.4

www.d.example.com 4.2.3.4

Table 10 Command output

Field	Description
Domain name	Domain name being queried.
DNS server	IP address of the DNS server.

display loadbalance dns-server

Use display loadbalance dns-server to display DNS server information or DNS server pool member information.

Syntax

display loadbalance dns-server [ brief | name dns-server-name ]

display loadbalance dns-server dns-server-pool dns-server-pool-name [ name dns-server-name port port-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

brief: Displays brief DNS server information. If you do not specify this keyword, the command displays detailed DNS server information.

name dns-server-name: Displays detailed information about a DNS server. The dns-server-name argument specifies a DNS server by its name, a case-insensitive string of 1 to 63 characters.

dns-server-pool dns-server-pool-name: Displays information about members of a DNS server pool. The dns-server-pool-name argument specifies a DNS server pool by its name, a case-insensitive string of 1 to 63 characters.

dns-server dns-server-name port port-number: Displays information about a DNS server pool member. The dns-server-name argument specifies a DNS server pool member by its name, a case-insensitive string of 1 to 63 characters. The port-number argument specifies the port number of the DNS server pool member, in the range of 0 to 65535. If you do not specify this option, the command displays information about all members of a DNS server pool.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify any parameter, the command displays detailed information about all DNS servers.

If the device obtains multiple DNS server IP addresses, it uses the smallest available IP address.

If no health monitoring method is specified, the device determines that all obtained DNS server IP addresses are available. If a health monitoring method is specified, the device determines that only the DNS server IP addresses that pass health monitoring are available.

Examples

# Display brief information about all DNS servers.

<Sysname> display loadbalance dns-server brief

(*) – Auto-alloc address using

DNS server Address Port Link State DNS server pool

ds1 10.150.100.100(*) 0 link1 Active dns_pool

ds2 20.150.100.100 5353 link2 Probe-failed dns_pool

ds3 -- 0 link3 Inactive dns_pool

ds4 --(*) 0 link3 Inactive dns_pool

# Display detailed information about DNS server ds1.

<Sysname> display loadbalance dns-server name ds1

(*) – Auto-alloc address using

dns-server: ds1

Description:

State: Active

VPN instance: --

Auto-alloc address: Enabled

IPv4 address: 10.150.100.100(*)

10.160.100.1

10.154.60.2

IPv6 address: --

Port: 0 (port number in original packet)

Link: link1

DNS server pool: dns-pool

Weight: 100

Priority: 4

Probe information:

Probe success criteria: All

Probe method State

t4 Succeeded

# Display information about all members of DNS server pool dsp1.

<Sysname> display loadbalance dns-server dns-server-pool dsp1

DNS server pool: dsp1

dns-server: ds1

Description: DNS server 1

Parent state: Inactive

State: Inactive

Port: 0 (port number in original packet)

Weight: 2

Priority: 2

Probe success criteria: All

Probe method State

icmp Failed

dns-server: rs2

Description: DNS server 2

Parent state: Inactive

State: Inactive

Port: 53

Weight: 100

Priority: 4

Probe information:

Probe success criteria: All

Probe method State

DNS Failed

Table 11 Command output

Field	Description
DNS server	DNS server name.
Address	IP address of the DNS server. The asterisk () indicates that the IP address is automatically obtained and is being used. If all obtained IP addresses are unavailable, this field displays --(). If no IP address is obtained and no IP address is manually configured, this field displays two hyphens (--).
Link	Link of the DNS server.
Parent state/State	DNS server state/DNS server pool member state: · Active—The DNS server is available. · Busy—The DNS server is busy. When the DNS server is in Active state and enabled with the link protection feature, this field displays Busy if the maximum expected bandwidth is reached. · Inactive—The DNS server is unavailable, because the configuration is not complete or the server is not referenced. · Probe-failed—Health monitoring has failed. · Unknown—Health monitoring is not configured.
Description	Description for the DNS server.
Auto-alloc address	Whether the device is enabled to automatically obtain the IP address of a DNS server: Disabled or Enabled.
IPv4 address	IPv4 address of the DNS server.
IPv6 address	IPv6 address of the DNS server.
Port	Port number of the DNS server. 0 means the port number in the packet is used.
Weight	Weight of the DNS server.
Priority	Priority of the DNS server.
Probe information	Detailed health monitoring information for the DNS server.
Probe success criteria	Health monitoring success criteria for the DNS server: · All—Health monitoring succeeds only when all the specified health monitoring methods succeed. · At least—Health monitoring succeeds when a specified minimum number of health monitoring methods succeed.
Probe method	Name of the NQA template used by the health monitoring method.
State	State of the health monitoring method: · Failed—Health monitoring has failed. · In progress—Health monitoring is in progress. · Invalid—Health monitoring is unavailable (because the configuration of the NQA template is not complete), or the DNS server is unavailable. · Succeeded—Health monitoring has succeeded.

display loadbalance dns-server statistics

Use display loadbalance dns-server statistics to display DNS server statistics or DNS server pool member statistics.

Syntax

In standalone mode:

display loadbalance dns-server statistics [ name dns-server-name ] [ slot slot-number ]

display loadbalance dns-server statistics dns-server-pool dns-server-pool-name [ name dns-server-name port port-number ] [ slot slot-number ]

In IRF mode:

display loadbalance dns-server statistics [ name dns-server-name ] [ chassis chassis-number slot slot-number ]

display loadbalance dns-server statistics dns-server-pool dns-server-pool-name [ name dns-server-name port port-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name dns-server-name: Specifies a DNS server by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays statistics for all DNS servers.

dns-server-pool dns-server-pool-name: Displays statistics for members of a DNS server pool. The dns-server-pool-name argument specifies a DNS server pool by its name, a case-insensitive string of 1 to 63 characters.

dns-server dns-server-name port port-number: Displays statistics for a DNS server pool member. The dns-server-name argument specifies a DNS server pool member by its name, a case-insensitive string of 1 to 63 characters. The port-number argument specifies the port number of the DNS server pool member, in the range of 0 to 65535. If you do not specify this option, the command displays statistics for all members of a DNS server pool.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays DNS server statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays DNS server statistics for all cards. (In IRF mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display statistics for the DNS server ds1.

<Sysname> display loadbalance dns-server statistics name ds1

DNS server: ds1

Received requests: 100

Send requests: 98

Dropped requests: 2

Received responses: 98

Send responses: 98

Dropped responses: 0

# Display statistics for all members of DNS server pool dsp1.

<Sysname> display loadbalance dns-server statistics dns-server-pool dsp1

DNS server pool: dsp1

DNS server (port: 20): ds1

Received requests: 100

Dropped requests: 2

Sent responses: 98

Dropped responses: 0

DNS server (port: 28): ds2

Received requests: 100

Dropped requests: 0

Sent responses: 100

Dropped responses: 0

Table 12 Command output

Field	Description
DNS server	DNS server name.
Received requests	Number of DNS requests received by the DNS server.
Send requests	Number of DNS requests sent by the DNS server.
Dropped requests	Number of DNS requests dropped by the DNS server.
Received responses	Number of DNS responses received by the DNS server.
Send responses	Number of DNS responses sent by the DNS server.
Dropped responses	Number of DNS responses dropped by the DNS server.

display loadbalance dns-server-pool

Use display loadbalance dns-server-pool to display DNS server pool information.

Syntax

display loadbalance dns-server-pool [ brief | name pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

brief: Displays brief DNS server pool information. If you do not specify this keyword, the command displays detailed DNS server pool information.

name pool-name: Displays detailed information about a DNS server pool. The pool-name argument specifies a DNS server pool by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify any parameter, the command displays detailed information about all DNS server pools.

Examples

# Display brief information about all DNS server pools.

<Sysname> display loadbalance dns-server-pool brief

Predictor: RR - Round robin, RD - Random,

BW - Bandwidth, MBW - Max bandwidth,

IBW - Inbound bandwidth, OBW - Outbound bandwidth,

MIBW - Max inbound bandwidth, MOBW - Max outbound bandwidth,

HASH(SIP) - Hash address source IP,

HASH(DIP) - Hash address destination IP,

HASH(SIP-PORT) - Hash address source IP-port

DNS server pool Predictor Total Active

dns-pool RR 3 2

dns-pool1 RR 0 0

dns-pool2 RD 3 0

# Display detailed information about DNS server pool dns-pool.

<Sysname> display loadbalance dns-server-pool name dns-pool

DNS server pool: dns-pool

Description:

Predictor: Round robin

Selected server: Enabled

Min servers: 3

Max servers: 5

Probe information:

Probe success criteria: At-least 2

Probe method: t4

Total DNS servers: 3

Active DNS servers: 0

DNS server list:

Name State Address port Link Weight Priority

ds1 Active 10.150.100.100 0 link1 100 4

ds2 Probe-failed 20.150.100.100 5353 link2 100 4

ds3 Inactive -- 0 link3 100 4

Table 13 Command output

Field	Description
Predictor	Scheduling algorithm of the DNS server pool: · RR—Weighted round robin algorithm. · RD—Random algorithm. · BW—Bandwidth algorithm. · IBW—Inbound bandwidth algorithm. · OBW—Outbound bandwidth algorithm. · MBW—Maximum bandwidth algorithm. · MIBW—Maximum inbound bandwidth algorithm. · MOBW—Maximum outbound bandwidth algorithm. · HASH(SIP)—Hash algorithm based on source IP address. · HASH(DIP)—Hash algorithm based on destination IP address. · HASH(SIP-PORT)—Hash algorithm based on source IP address and port number.
DNS server pool	DNS server pool name.
Total	Total number of DNS servers.
Active	Number of active DNS servers.
Description	Description for the DNS server pool.
Selected server	State of DNS server limit to participate in scheduling: disabled or enabled. If the state is enabled, the following fields are displayed: · Min servers—Minimum number of DNS servers that can participate in scheduling. · Max servers—Maximum number of DNS servers that can participate in scheduling.
Probe information	Detailed health monitoring information for the DNS server pool.
Probe success criteria	Health monitoring success criteria for the DNS server pool: · All—Health monitoring succeeds only when all the specified health monitoring methods succeed. · At least—Health monitoring succeeds when a specified minimum number of health monitoring methods succeed.
Probe method	Name of the NQA template used by the health monitoring method.
Total DNS servers	Total number of DNS servers.
Active DNS servers	Number of active DNS servers.
Name	DNS server name.
State	DNS server state: · Active—The DNS server is available. · Busy—The DNS server is busy. When the DNS server is in Active or Ramp state and enabled with link protection, this field displays Busy if the maximum expected bandwidth is reached. · Inactive—The DNS server is unavailable, because the configuration is not complete or the server is not referenced. · Probe-failed—Health monitoring has failed.
Address	IP address of the DNS server. The asterisk () indicates that the IP address is automatically obtained and is being used. If all obtained IP addresses are unavailable, this field displays --(). If no IP address is obtained and no IP address is manually configured, this field displays two hyphens (--).
Port	Port number of the DNS server.
Link	Name of the link corresponding to the DNS server.
Weight	Weight of the DNS server.
Priority	Priority of the DNS server.

display loadbalance external-monitor log

Use display loadbalance external-monitor log to display the log information for custom monitoring.

Syntax

display loadbalance external-monitor log

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display the log information for custom monitoring.

<Sysname> display loadbalance external-monitor log

The external monitor probe state of (server farm sf, real server rs, port: 3306) template mysql-template changed to successful.

The external monitor probe state of (server farm sf2, real server rs2, port: 3306) template mysql-template changed to failed.

display loadbalance hot-backup statistics

Use display loadbalance hot-backup statistics to display LB hot backup statistics.

Syntax

In standalone mode:

display loadbalance hot-backup statistics [ slot slot-number ]

In IRF mode:

display loadbalance hot-backup statistics [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays LB hot backup statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays LB hot backup statistics for all cards. (In IRF mode.)

Examples

# Display LB hot backup statistics.

<Sysname> display loadbalance hot-backup statistics

Slot 2:

TryAdd TryDel AckDel AckOK AckNO NotSpt

StiSnd 1 0 0 0 0 0

StiRcv 0 0 0 0 0 0

StiSndFail 0 0 0 0 0 0

StiRcvFail 0 0 0 0 0 0

MsgSnd 1 0 0 0 0 0

MsgRcv 0 0 0 0 0 0

MsgSndFail 0 0 0 0 0 0

MsgRcvFail 0 0 0 0 0 0

MAllocFail 0 0 0 0 0 0

SesBkTotal : 0

SesBkFail : 0

SesResTotal: 0

SesResFail : 0

SesUpdate : 0

Table 14 Command output

Field	Description
TryAdd	Message for adding sticky entries.
TryDel	Message for deleting sticky entries.
AckDel	Message for acknowledging the deletion of sticky entries.
AckOK	Message indicating the sticky entries that can be deleted.
AckNO	Message indicating the sticky entries that cannot be deleted.
NotSpt	Message indicating the unsupported sticky entries.
StiSnd	Number of sent sticky entries.
StiRcv	Number of received sticky entries.
StiSndFail	Number of sticky entry sending failures.
StiRcvFail	Number of sticky entry receiving failures.
MsgSnd	Number of sent messages.
MsgRcv	Number of received messages.
MsgSndFail	Number of message sending failures.
MsgRcvFail	Number of message receiving failures.
MAllocFail	Number of memory application failures.
SesBkTotal	Number of session backups.
SesBkFail	Number of session backup failures.
SesResTotal	Number of session restorations.
SesResFail	Number of session restoration failures.
SesUpdate	Number of session updates.

display loadbalance isp

Use display loadbalance isp to display ISP information.

Syntax

display loadbalance isp [ ip ipv4-address | ipv6 ipv6-address | name isp-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

ip ipv4-address: Specifies an IPv4 address.

ipv6 ipv6-address: Specifies an IPv6 address.

name isp-name: Specifies an ISP by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify any parameters, this command displays information about all ISPs.

Examples

# Display information about all ISPs.

<Sysname> display loadbalance isp

(*) - User-defined object

Last successful auto update time: 04:09:00 UTC Fri 03/16/2012

Last auto update time: 04:09:00 UTC Fri 03/16/2012

Last auto update result: Successful

ISP update count: 1

LB ISP: isp1

Whois maintainer object name:

MAINT-CHINANET

Description: ISP1

IPv4 address/Mask length: --

IPv6 address/Prefix length: --

LB ISP: isp2(*)

Description:

IPv4 address/Mask length:

1.2.3.0/32(*) 1.2.3.4/32 3.3.3.6/32(*)

192.168.6.131/32(*) 192.168.195.189/32(*)

IPv6 address/Prefix length:

1::2/128

FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF/128(*)

# Display information about the ISP corresponding to the IP address 1.2.3.0.

<Sysname> display loadbalance isp ip 1.2.3.0

ISP name Source IPv4 address/Mask length

isp2 user-set 1.2.3.0/28

isp2 user-set 1.2.3.0/29

isp2 user-set 1.2.3.0/30

isp2 file-load 1.2.3.0/31

auto-update

isp2 user-set 1.2.3.0/32

file-load

# Display information about the ISP corresponding to the IPv6 address 1::1234.

<Sysname> display loadbalance isp ipv6 1::1234

ISP name Source IPv6 address/Prefix length

isp2 user-set 1::1234/126

isp2 user-set 1::1234/127

isp2 file-load 1::1234/128

Table 15 Command output

Field	Description
(*) - User-defined object	() indicates that the ISP information is manually configured. If the ISP information is also imported from a file, () is not displayed.
Last successful auto update time	Time of the most recent successful update.
Last auto update time	Time of the most recent update.
Last auto update result	Result of the most recent auto update: · Successful. · Failed to connect to WHOIS server. · Connection failed. · Failed to query DNS (which means failed to send DNS requests).
ISP update count	Number of ISPs in the most recent update.
LB ISP	ISP name.
Description	Description for the ISP.
Source	Source of the ISP: · user-set—Manually configured. · file-load—Imported from a file. · auto-update—ISP auto update.

display loadbalance limit-policy

Use display loadbalance limit-policy to display LB connection limit policy information.

Syntax

display loadbalance limit-policy [ name policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

policy-name: Specifies an LB connection limit policy by its name, a case-insensitive string of 1 to 63 characters.

Examples

# Display information about the LB connection limit policy lptest.

<Sysname> display loadbalance limit-policy name lptest

Limit-policy: lptest

Description:

Limit rule:

limit lptest acl 3000 amount 10 10

display loadbalance link

Use display loadbalance link to display LB link information or link group member information.

Syntax

display loadbalance link [ brief | name link-name ]

display loadbalance link link-group link-group-name [ name link-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

brief: Displays brief information about all LB links. If you do not specify this keyword, the command displays detailed LB link information.

name link-name: Displays detailed information about the specified LB link. The link-name argument specifies an LB link name, a case-insensitive string of 1 to 63 characters.

link-group link-group-name: Displays information about members of a link group. The link-group-name argument specifies a link group by its name, a case-insensitive string of 1 to 63 characters.

name link-name: Displays information about a link group member. The link-name argument specifies a link group member by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all members of a link group.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify the brief keyword or the name link-name option, the command displays detailed information about all LB links.

Examples

# Display brief information about all LB links.

<Sysname> display loadbalance link brief

Link Router IP/Interface State VPN instance Link group

Lk1 192.168.1.1 Busy -- lg

Lk2 192.168.2.1 Active -- lg

Lk3 Dialer0 Inactive -- lg

# Display detailed information about the LB link lk.

<Sysname> display loadbalance link name lk

Link: lk

Description: lk

State: Busy

VPN instance: --

Inherit VPN: Disabled

Router IP: 1.2.3.4

Router IPv6: --

Link-group: lg

Weight: 100

Priority: 4

Cost: 0

Slow-shutdown: Disabled

Connection limit: 0

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

Bandwidth busy:

Max bandwidth: 10000 kbps

Max inbound bandwidth: 5000 kbps

Max outbound bandwidth: 5000 kbps

Busy rate: 80

Inbound busy rate: 70

Outbound busy rate: 60

Busy recovery rate: 60

Inbound busy recovery rate: 60

Outbound busy recovery rate: 60

Probe information:

Probe success criteria: All

Probe method State

t4 Inactive

Link: lk2

Description: link2

State: Inactive

VPN instance: --

Inherit VPN: Disabled

IPv4 address state: Active

IPv6 address state: Inactive

Router interface: Dialer0

Link group: lg

Weight: 150

Priority: 3

Cost: 100

Slow shutdown: Enabled

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

Bandwidth busy:

Max bandwidth: 10000 kbps

Max inbound bandwidth: 5000 kbps

Max outbound bandwidth: 5000 kbps

Busy rate: 80

Inbound busy rate: 70

Outbound busy rate: 60

Busy recovery rate: 60

Inbound busy recovery rate: 60

Outbound busy recovery rate: 60

Probe information:

Probe success criteria: All

Probe method State

t4 Inactive

# Display information about all members of link group lg.

<Sysname> display loadbalance link link-group lg

Link group: lg

Link: lk1

Description: link 1

Parent state: Inactive

State: Inactive

Weight: 2

Priority: 2

Slow shutdown: Disabled

Connection limit: --

Connection rate limit: --

Probe information:

Probe success criteria: All

Probe method State

icmp Failed

Link: lk2

Description: link 2

Parent state: Inactive

State: Inactive

Weight: 100

Priority: 4

Slow shutdown: Disabled

Connection limit: --

Connection rate limit: --

Probe information:

Probe success criteria: All

Probe method State

tcp Failed

Table 16 Command output

Field	Description
Link	LB link name.
Router IP/Interface	Gateway IP address or outgoing interface of the LB link.
Parent state/State	LB link state/Link group member state: · Active—The LB link is available. · Busy—The LB link is busy. · Inactive—The LB link is unavailable, because the configuration is not complete, the LB link is not referenced, or the virtual server is not enabled. · Probe-failed—Health monitoring has failed. · Ramp—Ramp-up phase of slow online. · Shutdown—The LB link is shut down. · Standby—Standby phase of slow online. · Unknown—Health monitoring is not configured.
VPN instance	VPN instance of the LB link. · Config—Manually configured. · Inherit—Inherited.
Link group	Link group to which the LB link belongs.
Description	Description for the LB link.
Inherit VPN	State of VPN instance inheritance: Enabled or Disabled.
IPv4 address state	IPv4 address state of the LB link: · Active—An available IPv4 address is obtained through the outgoing interface of the LB link. · Inactive—No available IPv4 address is obtained through the outgoing interface of the LB link. This field is displayed only if an outgoing interface is specified for an LB link.
IPv6 address state	IPv6 address state of the link: · Active—An available IPv6 address is obtained through the outgoing interface of the LB link. · Inactive—No available IPv6 address is obtained through the outgoing interface of the LB link. This field is displayed only if an outgoing interface is specified for an LB link.
Weight	Weight of the LB link.
Priority	Priority of the LB link.
Cost	Cost for proximity calculation.
Slow shutdown	Slow shutdown state of the LB link: · Disabled. · Enabled.
Connection limit	Maximum number of connections for the LB link.
Connection rate limit	Maximum number of connections per second for the LB link.
Rate limit	Rate limit of the LB link.
Connections	Maximum number of connections per second for the LB link.
Bandwidth	Maximum bandwidth for the LB link in kbps.
Inbound bandwidth	Maximum inbound bandwidth for the LB link in kbps.
Outbound bandwidth	Maximum outbound bandwidth for the LB link in kbps.
Bandwidth busy	Bandwidth ratio.
Max bandwidth	Maximum expected bandwidth for the LB link in kbps.
Max inbound bandwidth	Maximum inbound expected bandwidth for the LB link in kbps.
Max outbound bandwidth	Maximum outbound expected bandwidth for the LB link in kbps.
Busy rate	Bandwidth ratio for the LB link.
Inbound busy rate	Inbound bandwidth ratio for the LB link.
Outbound busy rate	Outbound bandwidth ratio for the LB link.
Busy recovery rate	Bandwidth recovery ratio for the LB link.
Inbound busy recovery rate	Inbound bandwidth recovery ratio for the LB link.
Outbound busy recovery rate	Outbound bandwidth recovery ratio for the LB link.
Probe information	Detailed health monitoring information for the LB link.
Probe success criteria	Health monitoring success criteria for the LB link: · All—Health monitoring succeeds only when all the specified health monitoring methods succeed. · At least—Health monitoring succeeds when a specified minimum number of health monitoring methods succeed.
Probe method	Name of the NQA template used by the health monitoring method.
State	State of the health monitoring method: · Failed—Health monitoring has failed. · In progress—Health monitoring is in progress. · Invalid—Health monitoring is unavailable (because the configuration of the NQA template is not complete), or the real server is unavailable. · Succeeded—Health monitoring has succeeded.

display loadbalance link out-interface statistics

Use display loadbalance link out-interface statistics to display link outbound interface statistics.

Syntax

display loadbalance link out-interface statistics [ name link-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name link-name: Specifies a link by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays outbound interface statistics for all links.

Usage guidelines

Non-default vSystems do not support this command.

If the link outbound interface is a logical interface, the rate statistics are calculated based on the interface traffic.

Examples

# Display outbound interface statistics for the link lk1.

<Sysname> display loadbalance link out-interface statistics name lk1

Loadbalance link: lk1

Input rate: 1524 bps

Output rate: 90 bps

Table 17 Command output

Field	Description
Loadbalance link	LB link name.
Input rate	Input rate of the outbound interface in bps.
Output rate	Output rate of the outbound interface in bps.

display loadbalance link statistics

Use display loadbalance link statistics to display link statistics or link group member statistics.

Syntax

In standalone mode:

display loadbalance link statistics [ name link-name ] [ slot slot-number ]

display loadbalance link statistics link-group link-group-name [ name link-name ] [ slot slot-number ]

In IRF mode:

display loadbalance link statistics [ name link-name] [ chassis chassis-number slot slot-number ]

display loadbalance link statistics link-group link-group-name [ name link-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name link-name: Specifies a link by its name, a case-insensitive string of 1 to 63 characters.

link-group link-group-name: Displays statistics for members of a link group. The link-group-name argument specifies a link group by its name, a case-insensitive string of 1 to 63 characters.

name link-name: Displays statistics for a link group member. The link-name argument specifies a link group member by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays statistics for all members of a link group.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays link statistics for all cards. (In standalone mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display statistics for the link lk1.

<Sysname> display loadbalance link statistics name lk1

Loadbalance link: lk1

Total connections: 1798

Active connections: 788

Max connections: 803

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 157

Max connections per second: 163

recorded at 11:02:49 on Tue May 21 2019

Downstream traffic: 333332 bytes

Upstream traffic: 472054 bytes

Throughput: 4396 bps

Inbound throughput: 1214 bps

Outbound throughput: 3128 bps

Max throughput: 4564 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 1214 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 3320 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 1798

Sent packets: 0

Dropped packets: 0

Packet loss rate: 10

# Display statistics for all members of link group lg.

<Sysname> display loadbalance link statistics link-group lg

Loadbalance link group: lg

Loadbalance link: lk1

Total connections: 0

Active connections: 0

Max connections: 0

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 0

Max connections per second: 0

recorded at 11:02:49 on Tue May 21 2019

Downstream traffic: 0 bytes

Upstream traffic: 0 bytes

Throughput: 0 bps

Inbound throughput: 0 bps

Outbound throughput: 0 bps

Max throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 0

Sent packets: 0

Dropped packets: 0

Loadbalance link: lk2

Total connections: 0

Active connections: 0

Max connections: 0

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 0

Max connections per second: 0

recorded at 11:02:49 on Tue May 21 2019

Downstream traffic: 0 bytes

Upstream traffic: 0 bytes

Throughput: 0 bps

Inbound throughput: 0 bps

Outbound throughput: 0 bps

Max throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 0

Sent packets: 0

Dropped packets: 0

Table 18 Command output

Field	Description
Loadbalance link	Link name.
Total connections	Total number of connections.
Active connections	Number of active connections.
Max connections	Maximum number of connections.
Connections per second	Number of connections per second.
Max connections per second	Maximum number of connections per second.
Downstream traffic	Downstream traffic (in bytes) received by the LB device.
Upstream traffic	Upstream traffic (in bytes) sent by the LB device.
Throughput	Total packet throughput in bps.
Inbound throughput	Inbound packet throughput in bps.
Outbound throughput	Outbound packet throughput in bps.
Max throughput	Maximum packet throughput in bps.
Max inbound throughput	Maximum inbound packet throughput in bps.
Max outbound throughput	Maximum outbound packet throughput in bps.
Received packets	Number of received packets.
Sent packets	Number of sent packets.
Dropped packets	Number of dropped packets.
Packet loss rate	Packet loss ratio of the link.

display loadbalance link-group

Use display loadbalance link-group to display link group information.

Syntax

display loadbalance link-group [ brief | name link-group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

brief: Displays brief information about all link groups. If you do not specify this keyword, the command displays detailed link group information.

name link-group-name: Specifies a link group by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all link groups.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify any parameters, the command displays detailed information about all link groups.

A link is displayed as unavailable if the link group configuration is not complete, the link group is not referenced, or the virtual server is not enabled. This does not mean that the link is not available.

Examples

# Display brief information about all link groups.

<Sysname> display loadbalance link-group brief

Predictor: RR - Round robin, RD - Random, LC - Least connection,

BW – Bandwidth, MBW – Max bandwidth,

IBW – Inbound bandwidth, OBW – Outbound bandwidth,

MIBW – Max inbound bandwidth, MOBW – Max outbound bandwidth,

HASH(SIP) - Hash address source IP,

HASH(DIP) - Hash address destination IP,

HASH(SIP-PORT) - Hash address source IP-port

NAT/SNAT: Y - Enabled, N - Disabled

Link group Predictor NAT SNAT Total Active

lg RR Y N 3 3

# Display detailed information about all link groups.

<Sysname> display loadbalance link-group

Link group: lg1

Description:

Predictor: Hash address

Proximity: Disabled

NAT: Enabled

SNAT pool:

Failed action: Keep

Active threshold: Enabled

Lower: 80

Upper: 90

Slow-online: Enabled

Standby time: 5s

Ramp-up time: 10s

Selected link: Enabled

Min link: 100

Max link: 600

Probe information:

Probe success criteria: All

Probe method:

aaa

ddd

Total link: 1

Active link: 1

Link list:

Name State VPN instance Router IP/Interface Weight Priority

Link1 Inactive 1.2.3.4 4 100

Table 19 Command output

Field	Description
Link group	Link group name.
Description	Description for the link group.
Predictor	Scheduling algorithm of the link group: · RR—Weighted round robin algorithm. · RD—Random algorithm. · LC—Weighted least connection algorithm. · BW—Bandwidth algorithm. · IBW—Inbound bandwidth algorithm. · OBW—Outbound bandwidth algorithm. · MBW—Maximum bandwidth algorithm. · MIBW—Maximum inbound bandwidth algorithm. · MOBW—Maximum outbound bandwidth algorithm. · HASH(SIP)—Hash algorithm based on source IP address. · HASH(DIP)—Hash algorithm based on destination IP address. · HASH(SIP-PORT)—Hash algorithm based on source IP address and port number.
Proximity	Proximity state of the link group: · Disabled. · Enabled.
NAT	NAT state of the link group: · Disabled. · Enabled.
SNAT pool	Name of the SNAT address pool referenced by the link group.
Failed action	Fault processing method of the link group: · Keep—Keeps existing connections. · Reschedule—Redirects connections. · Reset—Terminates existing connections.
Active threshold	State of the criteria to determine that the link group is available: disabled or enabled. If the state is enabled, the following fields are displayed: · Lower—Lower percentage value. · Upper—Upper percentage value.
Slow-online	State of the slow online feature: disabled or enabled. If the state is enabled, the following fields are displayed: · Standby time. · Ramp-up time.
Selected link	State of link limit to participate in scheduling: disabled or enabled. If the state is enabled, the following fields are displayed: · Min server—Minimum number of links that participate in scheduling. · Max server—Maximum number of links that participate in scheduling.
Probe success criteria	Health monitoring success criteria for the link group: · All—Health monitoring succeeds only when all the specified health monitoring methods succeed. · At least X—Health monitoring succeeds when a minimum of X health monitoring methods succeed.
Probe method	Name of the NQA template used by the health monitoring method.
Total link	Total number of links.
Active link	Number of active links.
Name	Link name.
State	Link state: · Active—The link is available. · Busy—The link is busy. When the link is in Active or Ramp state and enabled with bandwidth statistics collection and link protection, this field displays Busy if the maximum expected bandwidth is reached. · Inactive—The link is unavailable, because the configuration is not complete, the link is not referenced, or the virtual server is not enabled. · Probe-failed—Health monitoring has failed. · Ramp—Ramp-up phase of slow online. · Shutdown—The link is shut down. · Standby—Standby phase of slow online.
VPN instance	VPN instance of the link.
Router IP	IPv4 and IPv6 addresses of the link.
Router IP/Interface	Gateway IP address or outgoing interface of the link.
Weight	Weight of the link.
Priority	Priority of the link.

display loadbalance local-dns-server parse-fail-record

Use display loadbalance local-dns-server parse-fail-record to display DNS request parse failures.

Syntax

In standalone mode:

display loadbalance local-dns-server parse-fail-record [ type { a | aaaa | cname | mx | ns | soa | srv | txt } ] [ domain domain-name ] | ptr [ ip address { ipv4-address | ipv6-address } ] ] [ vpn-instance vpn-instance-name ] [ slot slot-number ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

type { a | aaaa | cname | mx | ns | ptr | soa | srv | txt }: Specifies a DNS request type. If you do not specify a DNS request type, this command displays DNS request parse failures for all DNS request types.

domain domain-name: Specifies a domain name, a case-insensitive, dot-separated string of 1 to 254 characters for an absolute domain name or 1 to 253 characters for a relative domain name. Each dot-separated label in the domain name can contain a maximum of 63 characters. If you do not specify a domain name, this command displays DNS request parse failures for all domain names.

ip address { ipv4-address | ipv6-address }: Specifies an IP address used for reverse DNS. If you do not specify this option, the command displays DNS request parse failures for all IP addresses.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays DNS request parse failures for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays DNS request parse failures for all cards. (In IRF mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display all DNS request parse failures.

<Sysname> display loadbalance local-dns-server parse-fail-record

Slot 0:

ID Time Type SIP/Port DIP/Port VPN instance Domain Failure cause

----------------------------------------------------------------------------------------

1 03 Nov 2016 A 1.2.3.4/1 2.2.2.2/53 -- www.example.com No matched virtual

19:09:52 server member.

2 03 Nov 2016 AAAA 1.2.3.4/2 2.2.2.2/53 -- www.lb.example.com No matched.

19:09:43 DNS mapping

3 03 Nov 2016 MX 1.2.3.5/3 2.2.2.2/53 -- mail.example.com No matched record.

20:09:41

4 04 Nov 2016 NS 1.2.3.4/4 2.2.2.2/53 -- ns.example.com No matched record.

11:15:40

5 05 Nov 2016 CNAME 1.2.3.4/5 2.2.2.2/53 -- www.example.com No matched DNS

11:16:35 zone.

6 05 Nov 2016 SOA 1.2.3.4/6 2.2.2.2/53 -- www.example.com No matched DNS

12:16:25 zone.

7 05 Dec 2016 PTR 1.2.3.4/7 2.2.2.2/53 -- 1.2.3.4 No matched record.

15:19:16

Table 20 Command output

Field	Description
ID	Failure record ID.
Time	Time when the device received a DNS request.
Type	Resource record type: · A—IPv4 host address. · AAAA—IPv6 host address. · CNAME—Canonical name. · MX—Mail exchanger. · NS—Name server. · PTR—Pointer. · SOA—Start of authority. · SRV—Service. · TXT—Text.
SIP/Port	Source IP address and port number of a DNS request.
DIP/Port	Destination IP address and port number of a DNS request.
Failure cause	Failure cause for DNS request parsing: · --—Parsing succeeded. · No matched DNS listener. · No matched DNS mapping. · No matched virtual server pool. · No matched DNS zone. · Failed to get buffer. · No matched record. · No enough memory resource. · Failed to parse domain. · Failed to find DNS listener by ID. · No scheduling content. · Scheduling failed—The scheduling content exists, but scheduling failed. · No matched virtual server member.

display loadbalance policy

Use display loadbalance policy to display LB policy information.

Syntax

display loadbalance policy [ name policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name policy-name: Specifies an LB policy by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all LB policies.

Examples

# Display information about all LB policies.

<Sysname> display loadbalance policy

LB policy: lbp1

Description:

Type: Generic

Class: lbc1

Action: lba1

Default action: lba0

LB policy: lbp2

Description:

Type: HTTP

Default action:

LB policy: lbp3

Description:

Type: Link-generic

Class: lbc3

Action: lba3

Default action: lba3

LB policy: lbp4

Description:

Type: DNS

Class: lbc4

Action: lba4

Default action: lba4

LB policy: lbp5

Description:

Type: MySQL

Class: lbc5

Action: lba5

Default action: lba5

Table 21 Command output

Field	Description
LB policy	LB policy name.
Description	Description for the LB policy.
Type	LB policy type: · DNS. · Generic. · HTTP. · Link-generic. · MySQL. · RADIUS.
Class	LB class for the LB policy.
Action	LB action for the LB class.
Default class action	Default LB action.

display loadbalance probe-template

Use display loadbalance probe-template to display LB probe template information.

Syntax

display loadbalance probe-template [ name template-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name template-name: Specifies an LB probe template by its name, a case-insensitive string of 1 to 32 characters. If you do not specify this option, the command displays information about all LB probe templates.

Examples

# Display information about all LB probe templates.

<Sysname> display loadbalance probe-template

Load balancing probe template: rst1

Description:

Type: tcp-rst

Monitoring interval: 20 sec

RST threshold: 10

Protection action: auto-shutdown

Load balancing probe template: zero2

Description:

Type: tcp-zero-window

Monitoring interval: 30 sec

Zero-window threshold: 20

Protection action: busy

Probe interval: 30 sec

Probe times: 3

Load balancing probe template: icmp1

Description:

Type: icmp

Timeout: 3 sec

Frequency: 300

Load balancing probe template: http1

Description:

Type: http-passive

Monitoring interval: 1 sec

Abnormal-url threshold: 10000

Timeout: 30 sec

URL list:

aaa

Status code list:

404

Load balancing probe template: test_external

Description:

Type: external-monitor

External script: http.sh

Monitoring interval: 5 sec

Timeout: 6 sec

Argument: 192.168.1.123

Environment variable list:

Name Value

Test3 /opt/lib

Test4 /usr/bin

Table 22 Command output

Field	Description
Load balancing probe template	LB probe template name.
Description	Description for the LB probe template.
Type	LB probe template type: · external-monitor—Custom monitoring. · http-passive. · icmp. · tcp-rst. · tcp-zero-window.
Monitoring interval	Monitoring time. During the monitoring time, the system counts the number of RST packets or zero-window packets sent by each server farm member in a server farm. This field is displayed only for a custom-monitoring, HTTP passive, TCP-RST, or TCP zero-window LB probe template.
RST threshold	Maximum number of RST packets a real server can send. This field is displayed only for a TCP-RST LB probe template.
Zero-window threshold	Maximum percentage of zero-window packets a real server can send. This field is displayed only for a TCP zero-window LB probe template.
Protection action	Action to take when the RST or zero-window packet threshold is reached: Auto-shutdown or Busy. This field is displayed only for a TCP-RST or TCP zero-window LB probe template.
Probe interval	Interval to probe the real server in busy state. This field is displayed only for a TCP-RST or TCP zero-window LB probe template.
Probe times	Maximum number of times for probing the real server in busy state. If the number of probe times is reached, the real server is automatically shut down. This field is displayed only for a TCP-RST or TCP zero-window LB probe template.
Timeout	Timeout time for probe responses, HTTP responses, or custom monitoring probe packet responses. This field is displayed only for an ICMP LB probe template, HTTP passive, or custom-monitoring LB probe template.
Frequency	Probe interval for an LB probe template. This field is displayed only for an ICMP LB probe template or HTTP passive LB probe template.
Abnormal-url threshold	Upper limit of URL error times. This field is displayed only for an HTTP passive LB probe template.
URL list	List of URLs to check for an HTTP passive LB probe template This field is displayed only for an HTTP passive LB probe template.
Status code list	List of response status codes to check for an HTTP passive LB probe template This field is displayed only for an HTTP passive LB probe template.
External script	Script file used by a custom-monitoring LB probe template. This field is displayed only for a custom-monitoring LB probe template.
Argument	User-defined information for a custom-monitoring LB probe template. This field is displayed only for a custom-monitoring LB probe template.
Environment variables list	Environment variable list for a custom-monitoring LB probe template. This field is displayed only for a custom-monitoring LB probe template.
Name	Environment variable name. This field is displayed only for a custom-monitoring LB probe template.
Value	Environment variable value. This field is displayed only for a custom-monitoring LB probe template.

Related commands

reset real-server statistics

display loadbalance process-limit

Use display loadbalance process-limit to display the maximum number of processes allowed to be started for custom monitoring.

Syntax

display loadbalance process-limit

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display the maximum number processes allowed to be started for custom monitoring.

<Sysname> display loadbalance process-limit

Loadbalance process-limit: 200

display loadbalance protection-policy

Use display loadbalance protection-policy to display the configuration of protection policies.

Syntax

display loadbalance protection-policy [ name policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name policy-name: Specifies a protection policy by its name, a case-insensitive string of 1 to 63 characters. If you do not specify a protection policy, this command displays the configuration of all protection policies.

Examples

# Display the configuration of all protection policies.

<Sysname> display loadbalance protection-policy

Policy name: p1

Description:

Type: HTTP

Protection action: verify js

Rule ID: 3

URL: /index.php

Protection period: 2

Method Threshold

Cookie (Jsessionid) 20

Source IP 10

Rule ID: 5

URL: /test.php

Protection period: 20

Method Threshold

Cookie (A1B2C3D4) 20

Table 23 Command output

Field	Description
Protection action	Protection action: · warning—Generates a log message. · drop—Drops requests. · verify (insert header)—Performs client verification by inserting an HTTP header. · verify (js)—Performs cookie verification by inserting a JS script.
URL	Protected URL.
Method	Threshold type: · Cookie (xxx)—Cookie-based threshold (cookie name). · Source IP—- Source-IP-based threshold.

‌

display loadbalance proximity

Use display loadbalance proximity to display proximity entry information.

Syntax

In standalone mode:

display loadbalance proximity [ vpn-instance vpn-instance-name ] [ ip [ ipv4-address ] | ipv6 [ ipv6-address ] ] [ slot slot-number ]

In IRF mode:

display loadbalance proximity [ vpn-instance vpn-instance-name ] [ ip [ ipv4-address ] | ipv6 [ ipv6-address ] ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays proximity entry information for the public network.

ip [ ipv4-address ]: Displays IPv4 proximity entry information. If you specify the ipv4-address argument, this command displays detailed information about the proximity entry corresponding to the IPv4 address. If you do not specify the ipv4-address argument, this command displays brief information about all IPv4 proximity entries.

ipv6 [ ipv6-address ]: Displays IPv6 proximity entry information. If you specify the ipv6-address argument, this command displays detailed information about the proximity entry corresponding to the IPv6 address. If you do not specify the ipv6-address argument, this command displays brief information about all IPv6 proximity entries.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays proximity information for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays proximity information for all cards. (In IRF mode.)

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify the vpn-instance, ip, or ipv6 keyword, this command displays brief information about all IPv4 and IPv6 proximity entries.

Examples

# Display brief information about all IPv4 and IPv6 proximity entries for the public network.

<Sysname> display loadbalance proximity

(*) – Real server object

Slot :1

IPv4 address/Mask length Timeout Best link RTT Dynamic weight

------------------------------------------------------------------------------

1.2.3.0/24 59 lk1 1 170

1.2.15.0/24 58 lk2 2 170

IPv6 address/Prefix length Timeout Best link RTT Dynamic weight

------------------------------------------------------------------------------

11:22::/96 40 lk1 3 200

# Display detailed information about the proximity entry corresponding to the IP address 1.2.3.1 for the public network.

<Sysname> display loadbalance proximity ip 1.2.3.1

(*) – Real server object

IPv4 address/Mask length: 1.2.3.0/24

Timeout: 40

Link list/RTT:

lk1/1

lk2/3

# Display detailed information about the proximity entry corresponding to the IPv6 address 11:22:: in the public network.

<Sysname> display loadbalance proximity ipv6 11:22::

(*) – Real server object

IPv6 address/Prefix length: 11:22::/96

Timeout: 34

Link list/RTT:

lk1/2

lk2/3

Table 24 Command output

Field	Description
Slot	Card for which proximity entry information is displayed.
Timeout	Remaining time of the proximity entries, in seconds.
Link list	Links for the proximity entry. They are listed in descending priority order.
RTT	Network delay for the link in milliseconds.

display loadbalance reverse-zone

Use display loadbalance reverse-zone to display DNS reverse zone information.

Syntax

display loadbalance reverse-zone { ip [ ipv4-address mask-length ] | ipv6 [ ipv6-address prefix-length ] }

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

ip: Displays IPv4 DNS reverse zone information.

ipv4-address mask-length: Specifies an IPv4 address and the mask length. The mask length is in the range of 0 to 32. If you do not specify this argument, the command displays all IPv4 DNS reverse zone information.

ipv6: Displays IPv6 DNS reverse zone information.

ipv6-address prefix-length: Specifies an IPv6 address and the prefix length. The prefix length is in the range of 0 to 128. If you do not specify this argument, the command displays all IPv6 DNS reverse zone information.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display all IPv4 DNS reverse zone information.

<Sysname> display loadbalance reverse-zone ip

Reverse zone: 10.1.1.0/24

Record list:

Type TTL RDATA

PTR 3600 1.1.1.2 a.mail.example.com

PTR 2700 1.1.1.3 b.mail.example.com

# Display all IPv6 DNS reverse zone information.

<Sysname> display loadbalance reverse-zone ipv6

Reverse zone: 1::/64

Record list:

Type TTL RDATA

PTR 3600 1::1 a.mail.example.com

PTR 2700 1::2 b.mail.example.com

Table 25 Command output

Field	Description
Reverse zone	IPv4/IPv6 address and mask/prefix length of the DNS reverse zone.
Record list	List of resource records.
Type	Resource record type (only PTR is supported).
TTL	TTL of the resource record, in seconds.
RDATA	Resource data.

display loadbalance snat-global-policy

Use display loadbalance snat-global-policy to display SNAT global policy information.

Syntax

display loadbalance snat-global-policy [ name policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name policy-name: Specifies a SNAT global policy by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all SNAT global policies.

Examples

# Display information about all SNAT global policies.

<Sysname> display loadbalance snat-global-policy

Policy name: lbsnat1

Description:

State: Active

Priority: 0

VPN instance:

Source IP object group: src-obj

Destination IP object group: dst-obj

Service object group: proto-obj

Translation mode: snat-pool sp

Policy name: lbsnat2

Description:

State: Inactive(disable)

Priority: 0

VPN instance:

Source IP object group: src-obj

Destination IP object group:

Service object group:

Translation mode: auto-map

Table 26 Command output

Field	Description
State	State of the SNAT global policy: · Active—The SNAT global policy is enabled and available. · Inactive—The SNAT global policy is enabled but unavailable. · Inactive (disabled)—The SNAT global policy is disabled and unavailable.

Field

Description

State

State of the SNAT global policy:

· Active—The SNAT global policy is enabled and available.

· Inactive—The SNAT global policy is enabled but unavailable.

· Inactive (disabled)—The SNAT global policy is disabled and unavailable.

‌

display loadbalance snat-pool

Use display loadbalance snat-pool to display SNAT address pool information.

Syntax

display loadbalance snat-pool [ name pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name pool-name: Specifies a SNAT address pool by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all SNAT address pools.

Examples

# Display information about all SNAT address pools.

<Sysname> display loadbalance snat-pool

SNAT pool: lbsp1

Description:

VPN instance:

Type: Address-based split

IPv4 range:

Start address End address

202.110.10.5 202.110.10.10

202.110.20.10 202.110.20.15

IPv6 range:

Start address End address

2002::2 2002::100

2002::200 2002::300

ARP/ND interfaces:

GigabitEthernet1/0/1

GigabitEthernet1/0/3

SNAT pool: lbsp2

Description:

VPN instance:

Type: Port-based split

IPv4 range:

Start address End address

203.110.10.10 203.110.10.15

IPv6 range:

Start address End address

2003::2 2003::100

ARP/ND interfaces:

GigabitEthernet1/0/2

Table 27 Command output

Field	Description
SNAT pool	SNAT address pool name.
Description	Description for the SNAT address pool.
VPN instance	VPN instance to which the SNAT address pool belongs.
Type	Splitting method for the SNAT address pool: · Address-based split—Address-based splitting. · Failover-group-based spit—Failover group-based splitting. · Port-based spit—Port-based splitting.
IPv4 range	IPv4 address range.
IPv6 range	IPv6 address range.
ARP/ND interfaces	Interfaces from which gratuitous ARP packets and ND packets are sent out.

display loadbalance virtual-server total-statistics

Use display loadbalance virtual-server total-statistics to display cumulative statistics for all virtual servers.

Syntax

In standalone mode:

display loadbalance virtual-server total-statistics [ slot slot-number ]

In IRF mode:

display loadbalance virtual-server total-statistics [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays cumulative statistics for all virtual servers on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays cumulative statistics for all virtual servers on all cards. (In IRF mode.)

Usage guidelines

Non-default vSystems do not support this command.

This command displays the cumulative connection statistics for all virtual servers. If you execute the reset virtual-server command for a virtual server, the statistical values are affected.

Examples

# Display cumulative statistics for all virtual servers.

<Sysname> display loadbalance virtual-server total-statistics

Slot 1:

Total connections: 0

Active connections: 0

Connections per second: 0

Slot 2:

Total connections: 0

Active connections: 0

Connections per second: 0

Table 28 Command output

Field	Description
Total connections	Total number of connections.
Active connections	Number of active connections.
Connections per second	Number of connections per second.

‌

display loadbalance virtual-server-pool

Use display loadbalance virtual-server-pool to display virtual server pool information.

Syntax

display loadbalance virtual-server-pool [ brief | name pool-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

brief: Displays brief information about all virtual server pools.

name pool-name: Displays detailed information about the specified virtual server pool.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify the brief keyword or the name pool-name option, the command displays detailed information about all virtual server pools.

Examples

# Display brief information about all virtual server pools.

<Sysname> display loadbalance virtual-server-pool brief

Predictor: RR - Round robin, RD - Random, LC - Least connection,

TOP - Topology, PRO – Proximity

BW - Bandwidth, MBW - Max bandwidth,

IBW - Inbound bandwidth, OBW - Outbound bandwidth,

MIBW - Max inbound bandwidth, MOBW - Max outbound bandwidth,

HASH(SIP) - Hash address source IP,

HASH(DIP) - Hash address destination IP,

HASH(SIP-PORT) - Hash address source IP-port

VSpool Pre Alt Fbk BWP Total Active

vsp RR LC Enabled 0 0

vpp RR Enabled 0 0

vsp1 RD TOP Enabled 3 0

# Display detailed information about the virtual server pool local-pool.

<Sysname> display loadbalance virtual-server-pool name local-pool

Virtual-server pool: local-pool

Predictor:

Preferred RD

Alternate TOP

Fallback --

Bandwidth busy-protection: Disabled

Total virtual servers: 3

Active virtual servers: 0

Virtual server list:

Name State Address Port Weight Link

vs1 Active 192.168.1.1 0 150 ct-link1

vs2 Active 192.167.1.1 0 120 ct-link2

vs3 Active 192.169.1.1 0 80 cnc-link

Virtual IP address list:

Address State Weight Link

10.0.1.1 Active 150 ct-link1

10.1.1.1 Active 120 ct-link2

10.2.1.1 Active 80 cnc-link

Virtual IPv6 address list:

Address State Weight Link

9::5 Active 150 ct-link1

9::6 Active 120 ct-link2

9::7 Active 80 cnc-link

Table 29 Command output

Field	Description
Virtual-server pool	Virtual server pool name.
Predictor	Scheduling algorithm of the virtual server pool.
Bandwidth busy-protection	Link protection feature state for the virtual server pool: · Disabled. · Enabled.
Name	Name of the virtual server.
State	Virtual server state: · Active—The virtual server is available. · Busy—The virtual server is busy. When the virtual server is in Active state and enabled with the link protection feature, this field displays Busy if the maximum expected bandwidth is reached. · Inactive—The virtual server is unavailable, because the configuration is not complete or the associated LB link is unavailable.
Address	IP address of the virtual server or virtual IP address.
Port	Port number of the virtual server.
Weight	Weight of the virtual server or virtual IP address.
Link	LB link used by the virtual server.

display loadbalance zone

Use display loadbalance zone to display DNS forward zone information.

Syntax

display loadbalance zone [ name domain-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name domain-name: Specifies a domain name. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.). The domain name can include a maximum of 253 characters, and each separated string includes no more than 63 characters. If you do not specify a domain name, this command displays DNS forward zone information for all domain names.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Display all DNS forward zone information.

<Sysname> display loadbalance zone

Zone: example.com

TTL: 3600s

SOA:

Primary name server: ns1.example.com

Responsible mail: root.ns1.example.com

Serial: 11812

Retry: 14400s

Expire: 604800s

Min TTL: 86400s

Record list:

Type TTL RDATA

NS 3600s ns1.example.com

NS 4200s ns2.example.com

NS 4200s a.example.com ns2.example.com

MX 3600s a.mail.example.com 10

MX 2700s b.mail.example.com 20

CNAME 5000s a.test.example.com abc1.example.com

CNMAE 3600s b.testexample.com abc2.example.com

TXT 5000s v=spf1 include:spf.abcmail.example.com.cn -all

SRV -- _ http._tcp.example.com. www.example.com 5 10 80

Table 30 Command output

Field	Description
Zone	Domain name of the DNS forward zone.
TTL	TTL of the resource record in the DNS forward zone, in seconds.
SOA	Start of Authority (SOA) information.
Responsible mail	Email address of the domain administrator.
Serial	Domain serial number.
Retry	Retry interval in seconds.
Expire	Expiration time in seconds.
Min TTL	Minimum TTL in seconds.
Record list	List of resource records.
Type	Resource record type: · MX—Mail exchange record. · CNAME—Canonical name record. · NS—Name server record. · SRV—Service location record. · TXT—Text record.
TTL	TTL of the resource record, in seconds.
RDATA	Resource data.

display parameter-profile

Use display parameter-profile to display parameter profile information.

Syntax

display parameter-profile [ name parameter-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name parameter-name: Specifies a parameter profile by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all parameter profiles.

Examples

# Display information about all parameter profiles.

<Sysname> display parameter-profile

Parameter profile: pp1

Description:

Type: IP

IP ToS: 20

Parameter profile: pp2

Description:

Type: TCP

Exceed MSS: Allow

TCP window size: 65535

TCP connection idle-timeout: 10

Time-wait timeout: 5

Keepalive idle-timeout: 300

Keepalive retransmission interval: 3

Keepalive retransmission count: 5

SYN retransmission-timeout: 5

Fin-wait1 timeout: 6

Fin-wait2 timeout: 10

Src-addr-option:

Option number: 29

Encoding: string

TCP option remove:

Option number: 8

TCP option remove:

Option number: 5

TCP option insert:

Option number: 28

Value: src-ip

Encoding: string

Parameter profile: pp3

Description:

Type: HTTP

Rebalance per request: Enabled

Server connection reuse: Enabled

Case insensitive: Enabled

Header modify per request: Enabled

Content maximum parse length: 8192

Header maximum parse length: 8192

Secondary cookie delimiters: !@#$

Secondary cookie start: ?

Encrypted cookie name: cookie1

Header exceed length: Drop

Parameter profile: compress

Description:

Type: HTTP compression

Compression level: 1

Prefer method: Gzip

Content length threshold: 1024

Memory size: 8KB

Window size: 16KB

Header Insert: Enabled

Header Delete: Enabled

Request version all: Disabled

Rule 1: Permit url abc

Parameter profile: urlstat

Description:

Type: HTTP-statistics

Node: bank1

Description:

rule 1 url url1

rule 2 url url2

Node: bank2

Description:

rule 1 url url3

rule 2 url url4

Object group name:

ObjGrp1

ObjGrp2

Parameter profile: pp4

Description:

Type: OneConnect

Max reuse times: 1000

Idle time: 10000

IPv4 source mask length: 24

IPv6 source prefix length: 120

Parameter profile: pp5

Description:

Type: TCP-application

Match-buffer-time: 5

Match-buffer-size: 4096

Match-buffer-end: YY

Parameter profile: pp6

Description:

Type: MySQL

Pool size: 2000

Server connection reuse: Enabled

Max reuse times: 1000

Idle time: 10000 sec

IPv4 source mask length: 24

IPv6 source prefix length: 120

Table 31 Command output

Field	Description
Parameter profile	Parameter profile name.
Description	Description for the parameter profile.
Type	Parameter profile type: · IP. · HTTP. · HTTP-compression. · HTTP statistics. · MySQL. · OneConnect. · TCP. · TCP-application.
IP ToS	ToS field of the IP packets sent to the server.
Exceed MSS	Action to take on the segments that exceed the MSS in the HTTP requests sent by the client: · Allow—Allows the segments to exceed the MSS. · Drop—Discards the segments that exceed the MSS.
Rebalance per request	Whether or not to enable load balancing for each HTTP request.
Pool size	Size of the MySQL connection pool.
Server connection reuse	Whether or not to reuse the connection between the LB device and the server.
Header modify per request	Whether or not to perform the insert, delete, or modify operation for the header of each HTTP request or response packet.
Case insensitive	Whether or not to enable case sensitivity for matching character strings.
Content maximum parse length	Maximum length of the HTTP entities that can be parsed.
Header maximum parse length	Maximum length of the HTTP headers that can be parsed.
Secondary cookie delimiters	Delimiters that can separate secondary cookies in URLs.
Secondary cookie start	Start delimiter for secondary cookies in URLs.
Encrypted cookie name	Cookie enabled with encryption.
Header exceed length	Action to take on the HTTP requests or responses when their packet headers exceed the maximum length: · Continue—Continues to perform load balancing. · Drop—Stops performing load balancing, discards the packet, and terminates the connection.
TCP window size	Maximum local window size for TCP connections.
TCP connection idle-timeout	Idle timeout time for TCP connections, in seconds.
Time-wait timeout	TIME_WAIT state timeout time for TCP connections, in seconds.
Keepalive idle-timeout	Idle timeout time for sending TCP keepalive packets.
Keepalive retransmission interval	Retransmission interval for TCP keepalive packets.
Keepalive retransmission count	Retransmission times for TCP keepalive packets.
SYN retransmission-timeout	Retransmission timeout time for TCP SYN packets
Fin-wait1 timeout	FIN-WAIT-1 state timeout time for TCP connections.
Fin-wait2 timeout	FIN-WAIT-2 state timeout time for TCP connections.
Node	Statistics node name and all URL match rules configured for the statistics node.
Object group name	IP address object groups used by the HTTP statistics parameter profile.
Max reuse times	Maximum number of times a TCP connection can be reused.
Idle time	Idle timeout time for TCP connections, in seconds.
IPv4 source mask length	Mask length for connection reuse.
IPv6 source prefix length	Prefix length for connection reuse.
Match-buffer-time	Buffering period for TCP payload matching, in seconds.
Match-buffer-size	Maximum buffering size for TCP payload matching.
Match-buffer-end	Buffering end string for TCP payload matching.
Src-addr-option	TCP option for SNAT address translation.
Option number	TCP option number
Encoding	Encoding mode for the TCP option: · binary. · string.
TCP option insert	Inserts contents into a TCP option.
Value	Contents to insert into the TCP option
TCP option remove	Removes a TCP option.

display real-server

Use display real-server to display real server information or server farm member information.

Syntax

display real-server [ brief | name real-server-name ]

display real-server server-farm server-farm-name [ name real-server-name port port-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

brief: Displays brief real server information. If you do not specify this keyword, the command displays detailed real server information.

name real-server-name: Displays information about the specified real server. The real-server-name argument specifies a real server name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all real servers.

server-farm server-farm-name: Displays information about members of a server farm. The server-farm-name argument specifies a server farm by its name, a case-insensitive string of 1 to 63 characters.

name real-server-name port port-number: Displays information about a server farm member. The real-server-name argument specifies a server farm member by its name, a case-insensitive string of 1 to 63 characters. The port-number argument specifies the port number of the server farm member, in the range of 0 to 65535. If you do not specify this option, the command displays information about all members of a server farm.

Examples

# Display brief information about all real servers.

<Sysname> display real-server brief

Real server Address Port State VPN instance Server farm

rs1 192.168.1.1 0 Active sf

rs2 192.168.1.2 0 Busy sf

rs3 192.168.1.3 0 Active sf

# Display detailed information about the real server rs.

<Sysname> display real-server name rs

Real server: rs

Description: Real server RS

State: Active

VPN instance:

Inherit VPN: Disabled

IPv4 address: 1.1.1.1

IPv6 address: 1001::1

Port: 0 (port number in original packet)

Server farm: sf

Weight: 150

Priority: 3

Cost: 100

Slow shutdown: Enabled

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

Bandwidth busy:

Max bandwidth: 10000 kbps

Max inbound bandwidth: 5000 kbps

Max outbound bandwidth: 5000 kbps

Busy rate: 80

Inbound busy rate: 70

Outbound busy rate: 60

Busy recovery rate: 60

Inbound busy recovery rate: 60

Outbound busy recovery rate: 60

Probe log: Enabled

Probe information:

Dynamic weight: 1

SNMPDCA busy state: Normal

Probe success criteria: All

Probe method State

t4 Succeeded

External-monitor method State

test_external Succeeded

test_external2 Succeeded

# Display information about all members of server farm sf.

<Sysname> display real-server server-farm sf

Server farm: sf

Real server: rs1

Description: real server 1

Parent state: Inactive

State: Inactive

Port: 2

Weight: 2

Priority: 2

Slow shutdown: Disabled

Connection limit: --

Connection rate limit: --

Probe log: Enabled

Probe information:

Probe success criteria: All

Probe method State

icmp Failed

External-monitor method State

test_external Succeeded

test_external2 Succeeded

Real server: rs2

Description: real server 2

Parent state: Inactive

State: Inactive

Port: 80

Weight: 100

Priority: 4

Slow shutdown: Disabled

Connection limit: --

Connection rate limit: --

Probe log: Enabled

Probe information:

Probe success criteria: All

Probe method State

tcp Failed

Variable information:

Variable name: variable

Variable value: 2

Table 32 Command output

Field	Description
Real server	Real server name.
Address	IPv4 address of the real server.
Port	Port number of the real server. 0 means the port number in the packet is used.
Parent state/State	Real server state/Server farm member state: · Active—The real server is available. · Busy—The real server is busy. When the real server is in Active or Ramp state and enabled with bandwidth statistics collection and link protection, this field displays Busy if the maximum expected bandwidth is reached. · Inactive—The real server is unavailable, because the configuration is not complete, the server is not referenced, or the virtual server is not enabled. · Probe-failed—Health monitoring has failed. · Ramp—Ramp-up phase of slow online. · Shutdown—The real server is shut down. · Standby—Standby phase of slow online. · Unknown—Health monitoring is not configured. · Auto shutdown—The real server is automatically shut down when the RST or zero-window packet threshold is reached or the number of probe times is reached.
VPN instance	VPN instance to which the real server belongs.
Inherit VPN	VPN instance inheritance: Enabled or Disabled.
Server farm	Server farm of the real server.
Description	Description for the real server.
IPv4 address	IPv4 address of the real server.
IPv6 address	IPv6 address of the real server.
Weight	Weight of the real server.
Priority	Priority of the real server.
Cost	Cost for proximity calculation.
Slow shutdown	Slow shutdown state of the real server: · Disabled. · Enabled.
Connection limit	Maximum number of connections for the real server.
Connection rate limit	Maximum number of connections per second for the real server.
Rate limit	Rate limit of the real server.
Connections	Maximum number of connections per second for the real server.
Bandwidth	Maximum bandwidth for the real server in kbps.
Inbound bandwidth	Maximum uplink bandwidth for the real server in kbps.
Outbound bandwidth	Maximum downlink bandwidth for the real server in kbps.
Max bandwidth	Maximum expected bandwidth for the real server in kbps.
Max inbound bandwidth	Maximum uplink expected bandwidth for the real server in kbps.
Max outbound bandwidth	Maximum downlink expected bandwidth for the real server in kbps.
Busy rate	Bandwidth ratio for the real server.
Inbound busy rate	Inbound bandwidth ratio for the real server.
Outbound busy rate	Outbound bandwidth ratio for the real server.
Busy recovery rate	Bandwidth recovery ratio for the real server.
Inbound busy recovery rate	Inbound bandwidth recovery ratio for the real server.
Outbound busy recovery rate	Outbound bandwidth recovery ratio for the real server.
Dynamic weight	Dynamic weight calculated by using the dynamic round robin algorithm. This field displays a weight value only if the dynamic round robin algorithm is used. If any other algorithm is used, this field displays two hyphens (--).
SNMPDCA busy state	Busy state obtained by using the dynamic round robin algorithm: Normal or Busy. If the dynamic round robin algorithm is not used, this field displays two hyphens (--).
Probe log	Health monitoring logging state of the real server: · Disabled. · Enabled.
Probe success criteria	Health monitoring success criteria for the real server: · All—Health monitoring succeeds only when all the specified health monitoring methods succeed. · At least X—Health monitoring succeeds when a minimum of X health monitoring methods succeed.
Probe method	Name of the NQA template used by the health monitoring method.
State	State of the health monitoring method (custom monitoring or NQA): · Failed—Health monitoring has failed. · In progress—Health monitoring is in progress. · Invalid—Health monitoring is unavailable (because the configuration of the NQA template is not complete), or the real server is unavailable. · Succeeded—Health monitoring has succeeded.
External-monitor method	Custom monitoring method.

display real-server statistics

Use display real-server statistics to display real server statistics or server farm member statistics.

Syntax

In standalone mode:

display real-server statistics [ name real-server-name ] [ slot slot-number ]

display real-server statistics server-farm server-farm-name [ name real-server-name port port-number ] [ slot slot-number ]

In IRF mode:

display real-server statistics [ name real-server-name ] [ chassis chassis-number slot slot-number ]

display real-server statistics server-farm server-farm-name [ name real-server-name port port-number ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name real-server-name: Specifies a real server by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays statistics for all real servers.

server-farm server-farm-name: Displays statistics for members of a server farm. The server-farm-name argument specifies a server farm by its name, a case-insensitive string of 1 to 63 characters.

name real-server-name port port-number: Displays statistics for a server farm member. The real-server-name argument specifies a server farm member by its name, a case-insensitive string of 1 to 63 characters. The port-number argument specifies the port number of the server farm member, in the range of 0 to 65535. If you do not specify this option, the command displays statistics for all members of a server farm.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays real server statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays real server statistics for all cards. (In IRF mode.)

Examples

# Display statistics for the real server rs.

<Sysname> display real-server statistics name rs

Real server: rs

Total connections: 1798

Active connections: 788

Max connections: 803

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 157

Max connections per second: 163

recorded at 11:02:49 on Tue May 21 2019

Server input: 333332 bytes

Server output: 472054 bytes

Throughput: 4396 bps

Inbound throughput: 1214 bps

Outbound throughput: 3128 bps

Max throughput: 4564 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 1214 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 3320 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 1798

Sent packets: 0

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Received requests: 0

Dropped requests: 0

Sent responses: 0

Dropped responses: 0

Connection failures: 1

Busy state: Busy

# Display statistics for all members of server farm sf.

<Sysname> display real-server statistics server-farm sf

Server farm: sf

Real server: rs1

Total connections: 0

Active connections: 0

Max connections: 0

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 0

Max connections per second: 0

recorded at 11:02:49 on Tue May 21 2019

Server input: 0 bytes

Server output: 0 bytes

Throughput: 0 bps

Inbound throughput: 0 bps

Outbound throughput: 0 bps

Max throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 0

Sent packets: 0

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Received requests: 0

Dropped requests: 0

Sent responses: 0

Dropped responses: 0

Connection failures: 0

RST packets: 50

Max RST packets: 5000

RST probe protection times: 3

Max RST probe protection times: 9

Zero-window packet percentage: 10

Max zero-window packet percentage: 50

Zero-window probe protection times: 2

Max zero-window probe protection times: 8

Real server: rs2

Total connections: 0

Active connections: 0

Max connections: 0

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 0

Max connections per second: 0

recorded at 11:02:49 on Tue May 21 2019

Server input: 0 bytes

Server output: 0 bytes

Throughput: 0 bps

Inbound throughput: 0 bps

Outbound throughput: 0 bps

Max throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 0 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 0

Sent packets: 0

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Received requests: 0

Dropped requests: 0

Sent responses: 0

Dropped responses: 0

Connection failures: 0

RST packets: 50

Max RST packets: 5000

RST probe protection times: 3

Max RST probe protection times: 9

Zero-window packet percentage: 10

Max zero-window packet percentage: 50

Zero-window probe protection times: 2

Max zero-window probe protection times: 8

Abnormal URL times: 10

Max abnormal URL times: 20

Table 33 Command output

Field	Description
Real server	Real server name.
Total connections	Total number of connections.
Active connections	Number of active connections.
Max connections	Maximum number of connections.
Connections per second	Number of connections per second.
Max connections per second	Maximum number of connections per second.
Server input	Traffic (in bytes) received by the server.
Server output	Traffic (in bytes) sent by the server.
Throughput	Total packet throughput in bps.
Inbound throughput	Inbound packet throughput in bps.
Outbound throughput	Outbound packet throughput in bps.
Max throughput	Maximum packet throughput in bps.
Max inbound throughput	Maximum inbound packet throughput in bps.
Max outbound throughput	Maximum outbound packet throughput in bps.
Received packets	Number of received packets.
Sent packets	Number of sent packets.
Dropped packets	Number of dropped packets.
Received requests	Number of received HTTP request packets. This field is displayed only for Layer 7 real servers.
Dropped requests	Number of dropped HTTP request packets. This field is displayed only for Layer 7 real servers.
Sent responses	Number of sent HTTP response packets. This field is displayed only for Layer 7 real servers.
Dropped responses	Number of dropped HTTP response packets. This field is displayed only for Layer 7 real servers.
Connection failures	Number of connection establishment failures.
Busy state	Real server state: · --—Unavailable. · Normal. · Busy.
RST packets	Number of RST packets sent by the real server during the monitoring time.
Max RST packets	Maximum number of RST packets sent by the real server during the monitoring time.
RST probe protection times	Number of probe times for the RST LB probe template.
Max RST probe protection times	Maximum number of probe times for the RST LB probe template.
Zero-window packet percentageZero-window packet rate	Percentage of zero-window packets sent by the real server during the monitoring time.
Max zero-window packet percentageMax zero-window packet rate	Maximum percentage of zero-window packets sent by the real server during the monitoring time.
Zero-window probe protection times	Number of probe times for the zero-window LB probe template.
Max zero-window probe protection times	Maximum number of probe times for the zero-window LB probe template.
Abnormal URL times	Number of URL error times during the current monitoring time during the monitoring time.
Max abnormal URL times	Maximum number of URL error times during the monitoring time.

Related commands

reset real-server statistics

display server-farm

Use display server-farm to display server farm information.

Syntax

display server-farm [ brief | name server-farm-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

brief: Displays brief server farm information. If you do not specify this keyword, the command displays detailed server farm information.

name server-farm-name: Displays information about the specified server farm. The server-farm-name argument specifies a server farm name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all server farms.

Examples

# Display brief information about all server farms.

<Sysname> display server-farm brief

Predictor: RR - Round robin, RD - Random, LC - Least connection,

BW – Bandwidth, MBW – Max bandwidth,

IBW – Inbound bandwidth, OBW – Outbound bandwidth,

MIBW – Max inbound bandwidth, MOBW – Max outbound bandwidth,

HASH(SIP) - Hash address source IP,

HASH(DIP) - Hash address destination IP,

HASH(SIP-PORT) - Hash address source IP-port

LT - Least time, DRR - Dynamic round robin

CARP(SIP) - CARP address source IP

CARP(DIP) - CARP address destination IP

CARP(SIP-PORT) - CARP address source IP-port

CARP(HTTP) - CARP HTTP payload

HASH(HTTP) - Hash HTTP payload

NAT/SNAT: Y - Enabled, N - Disabled

Server farm Predictor NAT SNAT Total Active

sf RR Y N 3 3

# Display detailed information about all server farms.

<Sysname> display server-farm

Server farm: sf1

Description:

Predictor: Hash address

Proximity: Disabled

NAT: Enabled

SNAT mode: snat-pool sp

Failed action: Keep

Active threshold: Enabled

Lower: 80

Upper: 90

Slow-online: Enabled

Standby time: 5s

Ramp-up time: 10s

Selected server: Enabled

Min server: 100

Max server: 600

Busy action: Enqueue

Queue length: 11

Queue timeout: 12

Probe information:

Probe success criteria: All

Probe method:

aaa

bbb

ccc

TCP RST probe template: aaa

TCP zero-window probe template: bbb

HTTP passive probe template: ccc

Auto-shutdown recovery time: 30

All-service-down action: Forward

Forwarded to member: rs1

Total real server: 1

Active real server: 1

Real server list:

Name State VPN instance Address Port Weight Priority LT-weight

rs1 Inactive 1.2.3.4 0 4 100 50

rs2 Auto shutdown 1.2.3.4 0 4 100 50

Table 34 Command output

Field	Description
Server farm	Server farm name.
Predictor	Scheduling algorithm of the server farm: · RR—Weighted round robin algorithm. · RD—Random algorithm. · LC—Weighted least connection algorithm. · BW—Bandwidth algorithm. · IBW—Inbound bandwidth algorithm. · OBW—Outbound bandwidth algorithm. · MBW—Maximum bandwidth algorithm. · MIBW—Maximum inbound bandwidth algorithm. · MOBW—Maximum outbound bandwidth algorithm. · HASH(SIP)—Hash algorithm based on source IP address. · HASH(DIP)—Hash algorithm based on destination IP address. · HASH(SIP-PORT)—Hash algorithm based on source IP address and port number. · LT—Least time algorithm. · DRR—Dynamic round robin algorithm. · CARP(SIP)—CARP hash algorithm based on source IP address. · CARP(DIP)—CARP hash algorithm based on destination IP address. · CARP(SIP-PORT)—CARP hash algorithm based on source IP address and port number. · CARP(HTTP)—CARP hash algorithm based on HTTP content. · HASH(HTTP)—Hash algorithm based on HTTP content.
NAT	NAT state of the server farm: · N—Disabled. · Y—Enabled.
SNAT	SNAT state of the server farm: · N—Disabled. · Y—Enabled.
Total	Total number of real servers.
Active	Number of active real servers.
Description	Description for the server farm.
Proximity	Proximity state of the server farm: · Disabled. · Enabled.
NAT	NAT state of the server farm: · Disabled—NAT is not configured. · Enabled. · Disabled (no license)—NAT is disabled because of lack of license.
SNAT mode	SNAT translation mode: · auto-map—Automatic mapping mode. · tcp-option—TCP option mode. · snat-pool—SNAT pool mode, which uses the SNAT address pool (specified by its name) to perform address translation.
Failed action	Fault processing method of the server farm: · Keep—Keeps existing connections. · Reschedule—Redirects connections. · Reset—Terminates existing connections.
Active threshold	State of the criteria to determine that the server farm is available: disabled or enabled. If the state is enabled, the following fields are displayed: · Lower—Lower percentage value. · Upper—Upper percentage value.
Slow-online	State of the slow online feature: disabled or enabled. If the state is enabled, the following fields are displayed: · Standby time. · Ramp-up time.
Selected server	State of real server limit to participate in scheduling: disabled or enabled. If the state is enabled, the following fields are displayed: · Min server—Minimum number of real servers that participate in scheduling. · Max server—Maximum number of real servers that participate in scheduling.
Probe success criteria	Health monitoring success criteria for the real server: · All—Health monitoring succeeds only when all the specified health monitoring methods succeed. · At least—Health monitoring succeeds when a specified minimum number of health monitoring methods succeed.
Busy action	Action to take when the server farm is busy: · Drop. · Enqueue. · Force.
Queue length	This field is displayed only if the busy action is Enqueue.
Queue timeout	This field is displayed only if the busy action is Enqueue.
Probe method	Name of the NQA template used by the health monitoring method.
All-service-down action	Indicates how packets are processed when all server farm members are unavailable: · --—Drop packets. · Forward—Forward packets to the last selected server farm member.
Forwarded to member	Last selected server farm member to which packets are forwarded.
Total real server	Total number of real servers.
Active real server	Number of active real servers.
Name	Real server name.
State	Real server state: · Active—The real server is available. · Busy—The real server is busy. When the real server is in Active or Ramp state and enabled with bandwidth statistics collection and link protection, this field displays Busy if the maximum expected bandwidth is reached. · Inactive—The real server is unavailable, because the configuration is not complete, the server is not referenced, or the virtual server is not enabled. · Probe-failed—Health monitoring has failed. · Ramp—Ramp-up phase of slow online. · Shutdown—The real server is shut down. · Standby—Standby phase of slow online. · Unknown—Health monitoring is not configured. · Auto shutdown—The real server is automatically shut down when the RST or zero-window packet threshold is reached or the number of probe times is reached.
Address	IPv4 and IPv6 addresses of the real server.
Port	Port number of the real server.
Weight	Weight of the real server.
Priority	Priority of the real server.
LT-weight	Weight calculated by using the least time algorithm. This field displays a weight value only if the least time algorithm is used. If any other algorithm is used, this field displays two hyphens (--).
TCP RST probe template	TCP-RST LB probe template referenced by the server farm. This field is displayed only if a TCP-RST LB probe template is referenced.
TCP zero-window probe template	TCP zero-window LB probe template referenced by the server farm. This field is displayed only if a TCP zero-window LB probe template is referenced.
HTTP passive probe template	HTTP passive LB probe template referenced by the server farm. This field is displayed only if an HTTP passive LB probe template is referenced.
Auto-shutdown recovery time	Automatic recovery time for intelligent monitoring, in minutes.

display sticky dns-proxy

Use display sticky dns-proxy to display sticky entry information for transparent DNS proxies.

Syntax

In standalone mode:

display sticky dns-proxy [ dns-proxy-name dns-proxy-name ] [ class { class-name | default-class } | client-addr { ipv4-address | ipv6-address } | dns-server-addr { ipv4-address | ipv6-address } | dns-server-pool pool-name | dns-server-port port-number | key sticky-key ] * [ brief ] [ slot slot-number ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

dns-proxy dns-proxy-name: Specifies a transparent DNS proxy by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays sticky entry information for all transparent DNS proxies.

class { class-name | default-class }: Specifies an LB class by its name, a case-insensitive string of 1 to 63 characters, or specifies the default LB class.

client-addr { ipv4-address | ipv6-address }: Specifies a client by its IPv4 or IPv6 address.

dns-server-addr { ipv4-address | ipv6-address }: Specifies a DNS server by its IPv4 or IPv6 address.

dns-server-pool pool-name: Specifies a DNS server pool by its name, a case-insensitive string of 1 to 63 characters.

dns-server-port port-number: Specifies a DNS server port number in the range of 0 to 65535.

key sticky-key: Specifies a key value, a case-sensitive string of 1 to 36 characters.

brief: Displays brief information about sticky entries. If you do not specify this keyword, the command displays detailed information about sticky entries.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays sticky entry information for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays sticky entry information for all cards. (In IRF mode.)

Examples

# Display detailed sticky entry information for all transparent DNS proxies.

<Sysname> display sticky dns-proxy

DNS proxy name: dsp1

DNS server pool name: dns-pool

Class: cl

Sticky type: Address-port

Sticky method: Source IP

Sticky key: 3.0.0.13

DNS proxy addr: 33.44.1.1:80

DNS server addr: 7.0.0.7:80

Client addr: 3.0.0.1

Timeout: 100 sec

Expiration time: 58 sec

# Display brief sticky entry information for all transparent DNS proxies.

<Sysname> display sticky dns-proxy brief

Sticky type Sticky method Sticky key DNS proxy DNS server addr

Address-port Src IP 3.0.0.13 dsp1 7.0.0.7:80

Address-port Src IP 3.0.0.15 dsp2 7.0.0.8:80

Table 35 Command output

Field	Description
Sticky group name	Name of the sticky group that generates the sticky entries.
Sticky method	Sticky method corresponding to the sticky entries: · Src IP—Source IPv4 address sticky method. · Src IPv6—Source IPv6 address sticky method. · Src IP and port—Source IPv4 address + source port sticky method. · Src IPv6 and port—Source IPv6 address + source port sticky method. · Dst IP—Destination IPv4 address sticky method. · Dst IPv6—Destination IPv6 address sticky method. · Dst IP and port—Destination IPv4 address + destination port sticky method. · Dst IPv6 and port—Destination IPv6 address + destination port sticky method. · Both IP—Source IPv4 address + destination IPv4 address sticky method. · Both IPv6—Source IPv6 address + destination IPv6 address sticky method. · Both IP and port—Source IPv4 address + source port + destination IPv4 address + destination port sticky method. · Both IPv6 and port—Source IPv6 address + source port + destination IPv6 address + destination port sticky method.
Sticky key	Key value corresponding to the sticky entry.
Timeout	Configured timeout time for sticky entries, in seconds.
Expiration time	Remaining lifetime of the sticky entry, in seconds.

‌

display sticky statistics

Use display sticky statistics to display sticky entry statistics

Syntax

In standalone mode:

display sticky statistics [ dns-proxy | virtual-server ] [ slot slot-number ]

In IRF mode:

display sticky statistics [ dns-proxy | virtual-server ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

dns-proxy dns-proxy-name: Dispalys sticky entry statistics for transparent DNS proxies.

virtual-server: Displays sticky entry statistics for virtual servers.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays sticky entry statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays sticky entry statistics for all cards. (In IRF mode.)

Usage guidelines

If you do not specify the dns-proxy or virtual-server keyword, this command dispalys statistics for all sticky entries.

Examples

# Display sticky entry statistics for virtual servers.

<Sysname> display sticky statistics virtual-server

Virtual server:

Total sticky entries for all sticky types: 27000

Sticky type Sticky method Total sticky entries Synced sticky entries

Address-port 12000 120

Src IP 100 10

Src IPv6 100 10

Dst IP 100 10

Dst IPv6 100 10

Both IP 100 10

Both IPv6 100 10

Src IP port 100 10

Src IPv6 port 100 10

Dst IP port 100 10

Dst IPv6 port 100 10

Both IP port 100 10

Both IPv6 port 100 10

HTTP header 5000 50

HTTP version 100 10

HTTP URL 100 10

HTTP method 100 10

HTTP host 100 10

Header name 100 10

HTTP cookie Cookie get 100 10

HTTP content HTTP content 100 10

Payload Payload 100 10

SSL SSL session 100 10

RADIUS Attribute ID 200 20

SIP SIP Call-ID 100 10

HTTP passive HTTP Passive 100 10

UDP passive Payload Passive 100 10

TCP payload TCP Payload 100 10

# Display sticky entry statistics for transparent DNS proxies.

<Sysname> display sticky statistics dns-proxy

DNS proxy:

Total sticky entries for all sticky types: 12000

Sticky type Sticky method Total sticky entries Synced sticky entries

Address-port 12000 120

Src IP 100 10

Src IPv6 100 10

Dst IP 100 10

Dst IPv6 100 10

Both IP 100 10

Both IPv6 100 10

Src IP port 100 10

Src IPv6 port 100 10

Dst IP port 100 10

Dst IPv6 port 100 10

Both IP port 100 10

Both IPv6 port 100 10

Table 36 Command output

Field	Description
Sticky group name	Name of the sticky group that generates the sticky entries.
Sticky method	Sticky method corresponding to the sticky entries: · Src IP—Source IPv4 address sticky method. · Src IPv6—Source IPv6 address sticky method. · Src IP and port—Source IPv4 address + source port sticky method. · Src IPv6 and port—Source IPv6 address + source port sticky method. · Dst IP—Destination IPv4 address sticky method. · Dst IPv6—Destination IPv6 address sticky method. · Dst IP and port—Destination IPv4 address + destination port sticky method. · Dst IPv6 and port—Destination IPv6 address + destination port sticky method. · Both IP—Source IPv4 address + destination IPv4 address sticky method. · Both IPv6—Source IPv6 address + destination IPv6 address sticky method. · Both IP and port—Source IPv4 address + source port + destination IPv4 address + destination port sticky method. · Both IPv6 and port—Source IPv6 address + source port + destination IPv6 address + destination port sticky method. · HTTP URL—HTTP URL based sticky method. · HTTP header name—HTTP header name based sticky method. · HTTP version—HTTP version based sticky method. · HTTP host—HTTP host based sticky method. · HTTP method—HTTP Request-Method based sticky method. · HTTP content—HTTP entity sticky method. · Cookie get—HTTP cookie get sticky method. · Payload—HTTP or UDP payload sticky method. · HTTP passive—HTTP passive sticky method. · Payload passive—UDP payload passive sticky method. · TCP payload—TCP payload sticky method. · RADIUS IP—Sticky method based on the Framed-IP-Address attribute of RADIUS packets. · RADIUS ID—Sticky method based on the specified attribute of RADIUS packets. · SIP Call-ID—Sticky method based on the Call-ID header field of SIP packets. · SSL session ID—SSL sticky method based on SSL session ID.
Synced sticky entries	Number of sticky entries synchronized from other devices or other cards on the local device.

‌

display sticky virtual-server

Use display sticky virtual-server to display sticky entry information for virtual servers.

Syntax

In standalone mode:

display sticky virtual-server [ virtual-server-name virtual-server-name ] [ [ link { ip ipv4-address | ipv6 ipv6-address | interface { interface-type interface-number | interface-name } } | link-group link-group-name ] * | [ real-server-addr { ipv4-address | ipv6-address } | real-server-port port-number | server-farm server-farm-name | text text ] * ] [ class { class-name | default-class } | client-addr { ipv4-address | ipv6-address } | sticky-type { address-port | http-content | http-cookie | http-header | http-passive | payload | radius | sip | ssl | tcp-payload | udp-passive } [ key sticky-key ] ] * [ brief ] [ slot slot-number ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

virtual-server virtual-server-name: Specifies a virtual server by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays sticky entry information for all virtual servers.

link { ip ipv4-address | ipv6 ipv6-address | interface { interface-type interface-number | interface-name } }: Specifies a link by its IPv4 address, IPv6 address, or output interface.

link-group link-group-name: Specifies a link group by its name, a case-insensitive string of 1 to 63 characters.

real-server-addr { ipv4-address | ipv6-address }: Specifies a real server by its IPv4 or IPv6 address.

real-server-port port-number: Specifies a real server port number in the range of 0 to 65535.

server-farm server-farm-name: Specifies a server farm by its name, a case-insensitive string of 1 to 63 characters.

text text: Specifies a text string to match.

class { class-name | default-class }: Specifies an LB class by its name, a case-insensitive string of 1 to 63 characters, or specifies the default LB class.

client-addr { ipv4-address | ipv6-address }: Specifies a client by its IPv4 or IPv6 address.

sticky-type { address-port | http-content | http-cookie | http-header | http-passive | payload | radius | sip | ssl | tcp-payload | udp-passive }: Specifies a sticky group type.

key sticky-key: Specifies a key value, a case-sensitive string of 1 to 36 characters. If you do not specify key value, this command displays sticky entries for all key values.

brief: Displays brief information about sticky entries. If you do not specify this keyword, the command displays detailed information about sticky entries.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays sticky entry information for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays sticky entry information for all cards. (In IRF mode.)

Examples

# Display detailed sticky entry information for all virtual servers.

<Sysname> display sticky virtual-server

Virtual server name: vs

Server farm name: sf

Class: cla

Sticky type: Address-port

Sticky method: Source IP

Sticky key: 3.0.0.13

Virtual server addr: 33.44.1.1:80

Real server addr: 7.0.0.7:80

Client addr: 3.0.0.13

Timeout: 100 sec

Expiration time: 58 sec

------------------------------------------

Virtual server name: vs1

Server farm name: sf_http

Class: Default Class

Sticky type: HTTP header

Sticky method: HTTP header name

Sticky key: cb3bae31bb1c443fbf3db8889055f2fe

Text: a1b2c3d4e5

Virtual server addr: 33.44.1.2:80

Real server addr: 7.0.0.7:80

Client addr: 3.0.0.13

Timeout: 100 sec

Expiration time: 58 sec

------------------------------------------

Virtual server name: vs2

Link group name: lg

Class: cl2

Sticky type: Address-port

Sticky method: Source IP

Sticky key: 3.0.0.15

Virtual server addr: 0.0.0.0:0

link: 20.1.1.1

Client addr: 3.0.0.15

Timeout: 100 sec

Expiration time: 58 sec

# Display brief sticky entry information for all virtual servers.

<Sysname> display sticky virtual-server brief

Sticky type Sticky method Sticky key Virtual server Real-server/link

Address-port Src IP 3.0.0.13 vs 7.0.0.7:80

Address-port Src IP 3.0.0.15 vs2 20.1.1.1

Table 37 Command output

Field	Description
Sticky group name	Name of the sticky group that generates the sticky entries.
Sticky method	Sticky method corresponding to the sticky entries: · Src IP—Source IPv4 address sticky method. · Src IPv6—Source IPv6 address sticky method. · Src IP and port—Source IPv4 address + source port sticky method. · Src IPv6 and port—Source IPv6 address + source port sticky method. · Dst IP—Destination IPv4 address sticky method. · Dst IPv6—Destination IPv6 address sticky method. · Dst IP and port—Destination IPv4 address + destination port sticky method. · Dst IPv6 and port—Destination IPv6 address + destination port sticky method. · Both IP—Source IPv4 address + destination IPv4 address sticky method. · Both IPv6—Source IPv6 address + destination IPv6 address sticky method. · Both IP and port—Source IPv4 address + source port + destination IPv4 address + destination port sticky method. · Both IPv6 and port—Source IPv6 address + source port + destination IPv6 address + destination port sticky method. · HTTP URL—HTTP URL based sticky method. · HTTP header name—HTTP header name based sticky method. · HTTP version—HTTP version based sticky method. · HTTP host—HTTP host based sticky method. · HTTP method—HTTP Request-Method based sticky method. · HTTP content—HTTP entity sticky method. · Cookie get—HTTP cookie get sticky method. · Payload—HTTP or UDP payload sticky method. · HTTP passive—HTTP passive sticky method. · Payload passive—UDP payload passive sticky method. · TCP payload—TCP payload sticky method. · Framed-IP-Address—Sticky method based on the Framed-IP-Address attribute of RADIUS packets. · User-Name—Sticky method based on the User-Name attribute of RADIUS packets. · Code=attribute-code—Sticky method based on the attribute (specified by attribute-code) of RADIUS packets. · SIP Call-ID—Sticky method based on the Call-ID header field of SIP packets. · SSL session ID—SSL sticky method based on SSL session ID.
Sticky key	Key value corresponding to the sticky entry.
Timeout	Configured timeout time for sticky entries, in seconds. Value indefinite indicates that the sticky entries do not age.
Expiration time	Remaining lifetime of the sticky entry, in seconds.

‌

display sticky-group

Use display sticky-group to display sticky group information.

Syntax

display sticky-group [ name group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name group-name: Specifies a sticky group by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all sticky groups.

Examples

# Display information about all sticky groups.

<Sysname> display sticky-group

Sticky group: sg1

Description:

Timeout: 60

Override limit: Disabled

Stickiness-over-busyness: Enabled

Matching across services: Enabled

Matching across virtual servers: Enabled

Sticky group type: Address-port

Method: Both IP and port

Mask: 32

Sticky group: sg2

Description:

Timeout: 60

Override limit: Disabled

Stickiness-over-busyness: Enabled

Sticky group type: HTTP header

Method: HTTP header name

Name: accept-encoding

Offset: 4

Start: gzip

Length: 10

Sticky group: sg3

Description:

Timeout: 60

Override limit: Disabled

Stickiness-over-busyness: Enabled

Sticky group type: RADIUS

Method: User-Name

Sticky group: sg4

Description:

Timeout: 86400

Override limit: Disabled

Stickiness-over-busyness: Disabled

Sticky group type: HTTP cookie

Method: HTTP cookie insert

Name: X-LB

Domain: example.com

Path: /test1

HttpOnly: Enabled

Secure: Enabled

Check all packets: Disabled

Table 38 Command output

Field	Description
Sticky group	Sticky group name.
Description	Description for the sticky group.
Timeout	Timeout time for sticky entries in seconds. The value Infinite indicates that sticky entries never age out.
Override limit	Whether the feature of ignoring the limits for sessions that match sticky entries is enabled: Enabled or Disabled.
Stickiness-over-busyness	Whether the stickiness-over-busyness feature is enabled: Enabled or Disabled.
Sticky group type	Sticky group type: · Address-port—Address and port. · HTTP content—HTTP entity. · HTTP cookie. · HTTP header. · HTTP passive. · Payload—HTTP or UDP payload. · RADIUS. · SIP. · SSL. · UDP passive. · TCP payload.

Table 39 Detailed information for sticky groups

Sticky group type	Field	Description
Address-port	Method	Sticky method: · Source IP—Source IPv4 address sticky method. · Source IPv6—Source IPv6 address sticky method. · Source IP and port—Source IPv4 address + source port sticky method. · Source IPv6 and port—Source IPv6 address + source port sticky method. · Destination IP—Destination IPv4 address sticky method. · Destination IPv6—Destination IPv6 address sticky method. · Destination IP and port—Destination IPv4 address + destination port sticky method. · Destination IPv6 and port—Destination IPv6 address + destination port sticky method. · Both IP—Source IPv4 address + destination IPv4 address sticky method. · Both IPv6—Source IPv6 address + destination IPv6 address sticky method. · Both IP and port—Source IPv4 address + source port + destination IPv4 address + destination port sticky method. · Both IPv6 and port—Source IPv6 address + source port + destination IPv6 address + destination port sticky method.
	Mask	Mask length for the sticky method. This field is displayed only for IPv4 sticky methods.
	Prefix	Prefix length for the sticky method. This field is displayed only for IPv6 sticky methods.
HTTP content	Offset	Offset value of the entity based on the start of the HTTP packet.
	Start	Regular expression that marks the start of the entity.
	End	Regular expression that marks the end of the entity. Either this field or the Length field is displayed, but not both of them.
	Length	Length of the entity. Either this field or the End field is displayed, but not both of them.
HTTP cookie	Method	Sticky method: · HTTP cookie insert—Cookie insert sticky method. · HTTP cookie rewrite—Cookie rewrite sticky method. · HTTP cookie get—Cookie get sticky method. This field is displayed only for the HTTP cookie sticky method.
	Name	HTTP cookie name. This field is displayed only for the HTTP cookie sticky method.
	Domain	Domain scope of the cookie. This field is displayed only for the HTTP cookie insert sticky method.
	Path	Path scope of the cookie. This field is displayed only for the HTTP cookie insert sticky method.
	Offset	Offset value based on the start of the cookie value. This field is displayed only for the cookie insert sticky method.
	Start	Regular expression that marks the start of the cookie. This field is displayed only for the cookie insert sticky method.
	End	Regular expression that marks the end of the cookie. Either this field or the Length field is displayed, but not both of them. This field is displayed only for the cookie insert sticky method.
	Length	Length of the cookie. Either this field or the End field is displayed, but not both of them. This field is displayed only for the cookie insert sticky method.
	Cookie secondary name	Name of the secondary cookie to be searched in the URI. This field is displayed only for the cookie insert sticky method.
	HttpOnly	HttpOnly attribute of the cookie. This field is displayed only for the HTTP cookie insert or cookie rewrite sticky method.
	Secure	Secure attribute of the cookie. This field is displayed only for the HTTP cookie insert or cookie rewrite sticky method.
	Check all packets	Whether or not to enable checking for all packets.
HTTP header	Method	Sticky method: · HTTP host—HTTP host based sticky method. · HTTP header name—HTTP header name based sticky method. · HTTP method—HTTP Request-Method based sticky method. · HTTP URL—HTTP URL based sticky method. · HTTP version—HTTP version based sticky method. This field is displayed only for the HTTP header sticky method.
	Name	HTTP header name. This field is displayed only for the HTTP header name based sticky method.
	Offset	Offset value of the HTTP header based on the start of the HTTP packet. This field is displayed only for the HTTP host or URL based sticky method.
	Start	Regular expression that marks the start of the HTTP header. This field is displayed only for the HTTP host or URL based sticky method.
	End	Regular expression that marks the end of the HTTP header. Either this field or the Length field is displayed, but not both of them. This field is displayed only for the HTTP host or URL based sticky method.
	Length	Length of the HTTP header. Either this field or the End field is displayed, but not both of them. This field is displayed only for the HTTP host or URL based sticky method.
Payload	Offset	Offset value of the HTTP or UDP payload based on the start of the HTTP packet.
	Start	Regular expression that marks the start of the HTTP or UDP payload.
	End	Regular expression that marks the end of the HTTP or UDP payload. Either this field or the Length field is displayed, but not both of them. .
	Length	Length of the HTTP or UDP payload. Either this field or the End field is displayed, but not both of them.
RADIUS	Method	Sticky method: · Framed-IP-Address—Sticky method based on the Framed-IP-Address attribute of RADIUS packets. · User-Name—Sticky method based on the User-Name attribute of RADIUS packets. · Code=attribute-code—Sticky method based on the attribute (specified by attribute-code) of RADIUS packets. This field is not displayed if no RADIUS attribute based sticky method is specified.
SIP	Method	Sticky method, which can only be SIP Call-ID (SIP sticky method based on the Call-ID header field of SIP packets).
SSL	Method	Sticky method, which can only be SSL session ID (SSL sticky method based on SSL session ID). This field is displayed only for the SSL sticky method based on SSL session ID.
HTTP passive	Method	Sticky method: · HTTP header name—HTTP header name sticky method. · HTTP URL—HTTP URL sticky method. · HTTP content—HTTP content sticky method.
	Get	Obtains the specified string in HTTP responses.
	Match	Matches the specified string in HTTP requests.
	Name	HTTP header name. This field is displayed only for the HTTP header name based sticky method.
	Start	Regular expression that marks the start of the HTTP header.
	End	Regular expression that marks the end of the HTTP header. Either this field or the Length field is displayed, but not both of them.
	Length	Length of the HTTP header. Either this field or the End field is displayed, but not both of them.
UDP passive	Get	Obtains the specified string in UDP responses.
	Match	Matches the specified string in UDP requests.
	Start	Regular expression that marks the start of the UDP payload.
	End	Regular expression that marks the end of the UDP payload. Either this field or the Length field is displayed, but not both of them.
	Length	Length of the UDP payload. Either this field or the End field is displayed, but not both of them.
TCP payload	Offset	Offset value of the TCP payload based on the start of the TCP packet.
	Start	Regular expression that marks the start of the TCP payload.
	End	Regular expression that marks the end of the TCP payload. Either this field or the Length field is displayed, but not both of them.
	Length	Length of the TCP payload. Either this field or the End field is displayed, but not both of them.

display virtual-server

Use display virtual-server to display virtual server information.

Syntax

display virtual-server [ brief | name virtual-server-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

brief: Displays brief virtual server information. If you do not specify this keyword, the command displays detailed virtual server information.

name virtual-server-name: Displays information about the specified virtual server. The virtual-server-name argument specifies a virtual server name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays information about all virtual servers.

Examples

# Display brief information about all virtual servers.

<Sysname> display virtual-server brief

Virtual server State Type VPN instance Virtual address Port

vs1 Inactive IP 192.168.21.148/32 80

1111:2222:3333:4444

:5555:6666:7777:888

8/128

vs2 Active HTTP 61.159.4.100/32 8080

vs3 Active LINK-IP 51.139.4.100/32 0

vs4 Active MySQL 12.139.5.132/32 3306

# Display detailed information about all virtual servers.

<Sysname> display virtual-server

Virtual server: vs

Description: Virtual server VS

Type: HTTP

State: Active

VPN instance:

Virtual IPv4 address: 1.1.1.1/32

Virtual IPv6 address: 1001::1/128

Port: 0 (any port)

Primary server farm: sf (in use)

Backup server farm: sfb

Primary sticky: sg3

Backup sticky: sg4

LB policy: lbp2

LB limit-policy:

TCP parameter profile (client-side): ptc

TCP parameter profile (server-side): pts

HTTP parameter profile: pp1

HTTP-statistics parameter profile: 1

OneConnect parameter profile: one

UDP per-packet: Enabled

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

SSL server policies with SNI list:

Name: ssl

Server name indication: www.example.com

Name: ssl2

Server name indication: www.example.com

SSL server policy: ssl-server

SSL client policy: ssl-client

Redirect relocation:

Redirect return-code: 302

VRRP IPv4 Info:

VRRP IPv4 VRID: 1

Interface: GigabitEthernet1/0/1

VRRP IPv6 info:

VRRP IPv6 VRID: 3

Interface: GigabitEthernet1/0/1

Sticky: test

Sticky synchronization: Disabled

Bandwidth busy protection: Disabled

Interface bandwidth statistics: Disabled

Route advertisement: Enabled

ARP/ND interfaces:

GigabitEthernet1/0/1

GigabitEthernet1/0/2

HTTP protection policy: p1

Customlog content: %{is};%{ps}

External-link proxy: Enabled

External-link inject URI: proxy

External-link inject domain suffix: c.example.com

External-link SNAT pool: spool1

External-link domain name whitelist:

a.example.com

b.example.com

Virtual server: vstcp

Description: Virtual server VS

Type: TCP

State: Active

VPN instance:

Virtual IPv4 address: 1.1.1.1/32

Virtual IPv6 address: 1001::1/128

Port: 8080

Primary server farm: sf (in use)

Backup server farm: sfb

Sticky: sg3

LB policy: lbp2

LB limit-policy:

TCP parameter profile (client-side): ptc

TCP parameter profile (server-side): pts

TCP-Application parameter profile: ptapp

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

SSL server policies with SNI list:

Name: ssl

Server name indication: www.example1.com

Name: ssl2

Server name indication: www.example2.com

SSL server policy: ssl-server

Sticky synchronization: Disabled

Bandwidth busy protection: Disabled

Interface bandwidth statistics: Disabled

Route advertisement: Enabled

Application-Mode: Enabled

ARP/ND interfaces:

GigabitEthernet1/0/1

GigabitEthernet1/0/2

# Display detailed information about the virtual server lk.

<Sysname> display virtual-server name lk

Virtual server: lk

Description:

Type: Link-IP

State: Active

VPN instance:

Virtual IPv4 address: 1.1.1.1/32

Virtual IPv6 address: 1001::1/128

Port: 0

Primary link group: lg1 (in use)

Backup link group: lg2

Sticky: sg3

LB policy: lbp2

LB limit-policy:

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

Connection synchronization: Disabled

Sticky synchronization: Disabled

Bandwidth busy protection: Disabled

Interface bandwidth statistics: Disabled

Route advertisement: Disabled

ARP/ND interfaces:

GigabitEthernet1/0/1

# Display detailed information about the virtual server vs4.

<Sysname> display virtual-server name vs4

Virtual server: vs4

Description: Virtual server VS4

Type: MySQL

State: Active

VPN instance:

Virtual IPv4 address: 1.1.1.1/32

Virtual IPv6 address: 1001::1/128

Port: 3306

Primary server farm: sf (in use)

Backup server farm: sfb

Sticky: sg3

LB policy: lbp2

LB limit-policy:

MySQL parameter profile: my

Connection limit: 10000

Rate limit:

Connections: 10000

Bandwidth: 10000 kbps

Inbound bandwidth: 5000 kbps

Outbound bandwidth: 5000 kbps

Sticky synchronization: Disabled

Bandwidth busy protection: Disabled

Interface bandwidth statistics: Disabled

Route advertisement: Enabled

ARP/ND interfaces:

GigabitEthernet1/0/1

GigabitEthernet1/0/2

Version: 5.6

User list:

Username: wangping

Username: liqiang

Read server farm: rd

Read sticky group: rsg

Write server farm: wr

Write sticky group: wsg

Table 40 Command output

Field	Description
Virtual server	Virtual server name.
State	Virtual server state: · Active—The virtual server is available. · Inactive—The virtual server is unavailable for any reason other than lack of license and disabled virtual server. · Inactive (no license)—The virtual server is unavailable because of lack of license. · Inactive (disabled)—The virtual server is unavailable because the virtual server is disabled.
Type	Virtual server type: HTTP, IP, MySQL, RADIUS, TCP, UDP, or link-IP.
VPN instance	Name of the VPN instance to which the virtual server belongs.
Virtual address	IPv4 address and mask of the virtual server.
Port	Port number of the virtual server. 0 means any port.
Description	Description of the virtual server.
Virtual IPv4 address	IPv4 address and mask of the virtual server.
Virtual IPv6 address	IPv6 address and prefix of the virtual server.
Primary server farm	Default primary server farm name. (in use) indicates the server farm is in use.
Backup server farm	Default backup server farm name. (in use) indicates the server farm is in use.
Primary link group	Default primary link group name. (in use) indicates the link group is in use.
Backup link group	Default backup link group name. (in use) indicates the link group is in use.
Primary sticky	Default primary sticky group name.
Backup sticky	Backup sticky group name. This field is displayed only for HTTP and RADIUS virtual servers.
LB policy	LB policy referenced by the virtual server.
HTTP parameter profile	HTTP parameter profile referenced by the virtual server. This field is displayed only if an HTTP parameter profile is configured.
IP parameter profile	IP parameter profile referenced by the virtual server. This field is displayed only if an IP parameter profile is configured.
TCP parameter profile	TCP parameter profile referenced by the virtual server. This field is displayed only if a TCP parameter profile is configured.
TCP parameter profile (client-side)	Client-side TCP parameter profile referenced by the virtual server. This field is displayed only if a client-side TCP parameter profile is configured.
TCP parameter profile (server-side)	Server-side TCP parameter profile referenced by the virtual server. This field is displayed only if a server-side TCP parameter profile is configured.
OneConnect parameter profile	OneConnect parameter profile referenced by the virtual server. This field is displayed only if a OneConnect parameter profile is configured.
HTTP-statistics parameter profile	HTTP statistics parameter profile referenced by the virtual server. This field is displayed only if an HTTP statistics parameter profile is configured.
TCP-Application parameter profile	TCP-application parameter profile referenced by the virtual server. This field is displayed only if a TCP-application parameter profile is configured.
MySQL parameter profile	MySQL parameter profile referenced by the virtual server. This field is displayed only if a MySQL parameter profile is configured.
UDP per-packet	State of the per-packet load balancing for UDP traffic: · Disabled. · Enabled. This field is displayed only for UDP virtual servers.
Connection limit	Maximum number of connections of the virtual server.
Rate limit	Rate limit of the virtual server.
Connections	Maximum number of connections per second of the virtual server.
Bandwidth	Maximum bandwidth for the virtual server in kbps.
Inbound bandwidth	Maximum inbound bandwidth for the virtual server in kbps.
Outbound bandwidth	Maximum outbound bandwidth for the virtual server in kbps.
SSL server policies with SNI list	List of SSL server policies with SNIs. This field is displayed only for TCP-type and HTTP-type virtual servers.
Server name indication	Server name indication. This field is displayed only for TCP-type and HTTP-type virtual servers.
SSL server policy	SSL server policy name. This field is displayed only for HTTP-type virtual servers.
SSL client policy	SSL client policy name. This field is displayed only for HTTP-type virtual servers.
Redirect relocation	Redirection URL. This field is displayed only for HTTP-type virtual servers.
Redirect return-code	Status code in the redirection packets. This field is displayed only for HTTP-type virtual servers.
VRRP IPv4 Info	Information about the IPv4 VRRP group bound to the virtual server.
VRRP IPv4 VRID	Virtual router ID of the VRRP group bound to the virtual server.
Interface	Interface on which the VRRP group bound to the virtual server is created.
VRRP IPv6 Info	Information about the IPv6 VRRP group bound to the virtual server.
VRRP IPv6 VRID	Virtual router ID of the IPv6 VRRP group bound to the virtual server.
Sticky	Sticky group for the virtual server. This field is displayed only for HTTP-type virtual servers.
Connection synchronization	Session extension information synchronization state: Enabled or Disabled. This field is not displayed for HTTP-type virtual servers.
Sticky synchronization	Sticky entry synchronization state: Enabled or Disabled.
Bandwidth busy protection	Link protection state: Enabled or Disabled.
Interface bandwidth statistics	Bandwidth statistics collection by interfaces: Disabled or Enabled.
Route advertisement	IP address advertisement for the virtual server: Disabled or Enabled.
Application-Mode	Layer 7 operating mode for the virtual server: Disabled or Enabled. This field is displayed only for a TCP virtual server.
ARP/ND interfaces	Interfaces from which gratuitous ARP packets and ND packets are sent out.
Version	MySQL database version. This field is displayed only for a MySQL virtual server.
User list	List of users logged in to the MySQL database. This field is displayed only for a MySQL virtual server.
Username	Username used to log in to the MySQL database. This field is displayed only for a MySQL virtual server.
Read server farm	Read server farm referenced by the MySQL virtual server. This field is displayed only for a MySQL virtual server.
Read sticky group	Sticky group associated with the read server farm. This field is displayed only for a MySQL virtual server.
Write server farm	Write server farm referenced by the MySQL virtual server. This field is displayed only for a MySQL virtual server.
Write sticky group	Sticky group associated with the write server farm. This field is displayed only for a MySQL virtual server.
Customlog content	Content output by using the fast log output feature. This field is displayed only for an HTTP virtual server.
HTTP protection policy	HTTP protection policy referenced by the virtual server.
External-link proxy	External link proxy state: Disabled or Enabled.
External-link inject URI	URI of external link proxy.
External-link inject domain suffix	Domain name suffix of external link proxy.
External-link SNAT pool	SNAT address pool of external link proxy.
External-link domain name whitelist	Whitelist of external link proxy.

display virtual-server statistics

Use display virtual-server statistics to display virtual server statistics.

Syntax

In standalone mode:

display virtual-server statistics [ name virtual-server-name ] [ slot slot-number ]

In IRF mode:

display virtual-server statistics [ name virtual-server-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

name virtual-server-name: Specifies a virtual server by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command displays statistics of all virtual servers.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays virtual server statistics for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays virtual server statistics for all cards. (In IRF mode.)

Examples

# Display statistics for the virtual server vs.

<Sysname> display virtual-server statistics name vs

Virtual server: vs

Total connections: 979

Active connections: 618

Max connections: 661

recorded at 11:02:49 on Tue May 21 2019

Connections per second: 146

Max connections per second: 156

recorded at 11:02:49 on Tue May 21 2019

Client input: 333332 bytes

Client output: 472054 bytes

Throughput: 4088 bps

Inbound throughput: 1214 bps

Outbound throughput: 2874 bps

Max throughput: 4368 bps

recorded at 11:02:49 on Tue May 21 2019

Max inbound throughput: 1214 bps

recorded at 11:02:49 on Tue May 21 2019

Max outbound throughput: 3154 bps

recorded at 11:02:49 on Tue May 21 2019

Received packets: 979

Sent packets: 0

Dropped packets: 0

Received packets per second: 0

Sent packets per second: 0

Authentication permitted requests: 0

Authentication denied requests: 0

Redirected requests for login: 4

Redirected requests for re-authentication: 0

Table 41 Command output

Field	Description
Virtual server	Virtual server name.
Total connections	Total number of connections.
Active connections	Number of active connections.
Max connections	Maximum number of connections.
Connections per second	Number of connections per second.
Max connections per second	Maximum number of connections per second.
Client input	Traffic (in bytes) received from the client.
Client output	Traffic (in bytes) sent to the client.
Throughput	Total packet throughput in bps.
Inbound throughput	Inbound packet throughput in bps.
Outbound throughput	Outbound packet throughput in bps.
Max throughput	Maximum packet throughput in bps.
Max throughput	Maximum inbound packet throughput in bps.
Max throughput	Maximum outbound packet throughput in bps.
Received packets	Number of received packets.
Sent packets	Number of packets sent by the virtual server to the client.
Dropped packets	Number of dropped packets.
Received requests	Number of received HTTP request packets. This field is displayed only for HTTP-type virtual servers.
Dropped requests	Number of dropped HTTP request packets. This field is displayed only for HTTP-type virtual servers.
Sent responses	Number of sent HTTP response packets. This field is displayed only for HTTP-type virtual servers.
Dropped responses	Number of dropped HTTP response packets. This field is displayed only for HTTP-type virtual servers.
Authentication permitted requests	Number of permitted requests after authentication.
Authentication denied requests	Number of denied requests after authentication.
Redirected requests for login	Number of requests redirected to the login page.
Redirected requests for re-authentication	Number of requests redirected to the reauthentication page.

Related commands

reset virtual-server statistics

dns-server (DNS server pool view)

Use dns-server to create a DNS server pool member and enter its view, or enter the view of an existing DNS server pool member.

Use undo dns-server to delete a DNS server pool member.

Syntax

dns-server dns-server-name port port-number

undo dns-server dns-server-name port port-number

Default

No DNS server pool members exist.

Views

DNS server pool view

Predefined user roles

network-admin

context-admin

Parameters

dns-server-name: Specifies a DNS server pool member name, a case-insensitive string of 1 to 63 characters.

port-number: Specifies the port number of the DNS server pool member, in the range of 0 to 65535.

Usage guidelines

Non-default vSystems do not support this command.

You can use one of the following methods to add a member to a DNS server pool:

· Use the dns-server command in DNS server pool view. H3C recommends using this method.

· Use the dns-server-pool command in DNS server view.

You cannot use both methods to add a member with the same DNS server name and port number to a DNS server pool.

Examples

# Add DNS server pool member ds1 and enter DNS server pool member view.

<Sysname> system-view

[Sysname] loadbalance dns-server-pool dsp1

[Sysname-lb-dspool-dsp1] dns-server ds1 port 10

[Sysname-lb-dspool-dsp1-#member#-ds1-port-10]

Related commands

dns-server-pool (DNS server view)

Use dns-server-pool to specify a DNS server pool for a DNS server.

Use undo dns-server-pool to restore the default.

Syntax

dns-server-pool pool-name

undo dns-server-pool

Default

A DNS server does not belong to any DNS server pool.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Parameters

pool-name: Specifies a DNS server pool by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

You can specify a DNS server pool that has not been created.

Examples

# Specify DNS server pool dns-pool1 for DNS server ds1.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1] dns-server-pool dns-pool1

Related commands

display loadbalance dns-server

dns-server-pool (LB action view)

Use dns-server-pool to specify a DNS server pool for guiding packet forwarding.

Use undo dns-server-pool to restore the default.

Syntax

dns-server-pool pool-name [ sticky sticky-name ]

undo dns-server-pool

Default

No DNS server pool is specified for guiding packet forwarding.

Views

DNS LB action view

Predefined user roles

network-admin

context-admin

Parameters

pool-name: Specifies a DNS server pool by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

This command is mutually exclusive with the forward all or skip current-dns-proxy command. If you configure one command, the other command (if configured) is automatically cancelled.

Examples

# Specify the DNS server pool dsp and the sticky group sg1 for DNS LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type dns

[Sysname-lba-dns-lba1] dns-server-pool dsp sticky st1

Related commands

forward all

domain-name

Use domain-name to specify a domain name for a DNS mapping.

Use undo domain-name to delete a domain name from a DNS mapping.

Syntax

domain-name domain-name

undo domain-name domain-name

Default

No domain name is specified for a DNS mapping.

Views

DNS mapping view

Predefined user roles

network-admin

context-admin

Parameters

domain-name: Specifies a domain name, a case-insensitive string of 1 to 253 characters. Each dot-separated label in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), dots (.), and wildcards (asterisks and question marks). Dots cannot be used as the start and end characters.

Usage guidelines

Non-default vSystems do not support this command.

You can specify multiple domain names for a DNS mapping.

When you use wildcards (asterisks and question marks) in a domain name, follow these guidelines:

· An asterisk (*) can substitute a character string.

· A question mark (?) can substitute any single character except for dot (.).

Examples

# Specify two domain names for the DNS mapping dm1.

<Sysname> system-view

[Sysname] loadbalance dns-map dm1

[Sysname-lb-dm-dm1] domain-name www.example.domain.com

[Sysname-lb-dm-dm1] domain-name ???.example.*.com

encrypt-cookie

Use encrypt-cookie to encrypt a cookie.

Use undo encrypt-cookie to remove the encryption for a cookie.

Syntax

encrypt-cookie name cookie-name key { cipher | simple } string

undo encrypt-cookie name cookie-name

Default

No cookie is encrypted.

Views

HTTP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

name cookie-name: Specifies a cookie by its name, a case-sensitive string of 1 to 63 characters.

key: Specifies a key used to encrypt the cookie.

cipher: Specifies a key in ciphertext form.

simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in ciphertext form.

string: Specifies the key. Its plaintext form is a case-sensitive string of 1 to 31 characters. Its ciphertext form is a case-sensitive string of 1 to 73 characters.

Usage guidelines

After you execute this command, the device encrypts the Set-Cookie field in HTTP responses to prevent personal information from being revealed. When a client request contains an encrypted cookie, the device decrypts the cookie before sending the request to the server.

Examples

# For HTTP parameter profile p1, encrypt cookie cookie1 with encryption key 123456.

<Sysname> system-view

[Sysname] parameter-profile p1 type http

[Sysname-para-http-p1] encrypt-cookie name cookie1 key simple 123456

env-variables

Use env-variables to configure an environment variable for custom monitoring.

Use undo env-variables to delete an environment variable for custom monitoring.

Syntax

env-variables variable-name value variable-value

undo env-variables variable-name

Default

No environment variables are configured for custom monitoring.

Views

Custom-monitoring LB probe template view

Predefined user roles

network-admin

context-admin

Parameters

variable-name: Specifies the environment variable name, a case-sensitive string of 1 to 63 characters. The name can contain spaces.

value variable-value: Specifies an environment variable value, a case-sensitive string of 1 to 255 characters. The name can contain spaces and cannot contain quotation marks (").

Usage guidelines

Non-default vSystems do not support this command.

You can specify the environment to execute the custom script file by configuring an environment variable.

You can configure a maximum of 16 environment variables.

Examples

# In custom-monitoring LB probe template test_external, configure an environment variable with name env and value /var/tmp.

<Sysname> system-view

[Sysname] loadbalance probe-template external-monitor test_external

[Sysname-lbpt-external-monitor-test_external] env-variables env value /var/tmp

exceed-mss

Use exceed-mss to specify the action to take on the segments that exceed the MSS in the HTTP requests sent by the client.

Use undo exceed-mss to restore the default.

Syntax

exceed-mss { allow | drop }

undo exceed-mss

Default

The device allows the segments to exceed the MSS in the HTTP requests sent by the client.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

allow: Allows the segments to exceed the MSS.

drop: Discards the segments that exceed the MSS.

Examples

# For the TCP parameter profile pp3, specify the drop action for the segments that exceed the MSS in the HTTP requests sent by the client.

<Sysname> system-view

[Sysname] parameter-profile pp3 type tcp

[Sysname-para-tcp-pp3] exceed-mss drop

expire

Use expire to set the expiration time for SOA resource records.

Use undo expire to restore the default.

Syntax

expire expire-time

undo expire

Default

The expiration time is 86400 seconds.

Views

SOA view

Predefined user roles

network-admin

context-admin

Parameters

expire-time: Specifies the expiration time in the range of 500 to 4294967295 seconds.

Usage guidelines

Non-default vSystems do not support this command.

The expiration time for SOA resource records is the amount of time that the secondary DNS server can work after it loses contact with the primary DNS server.

Examples

# Set the expiration time for SOA resource records to 7 days for DNS forward zone example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] soa

[Sysname-lb-zone-example.com-soa] expire 604800

Related commands

display loadbalance zone

external-link inject-domain-suffix

Use external-link inject-domain-suffix to configure the domain name suffix for external link proxy.

Use undo external-link inject-domain-suffix to delete the domain name suffix for external link proxy.

Syntax

external-link inject-domain-suffix domain-suffix

undo external-link inject-domain-suffix

Default

No domain name suffix is configured for external link proxy.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

Parameters

domain-suffix: Specifies the domain name suffix for rewriting domain names of external links. This argument is a case-insensitive, dot-separated string of 1 to 254 characters (for example, example.com). Each dot-separated label in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), and dots (.).

Usage guidelines

Non-default vSystems do not support this command.

If DNS packet link selection is performed by inbound link load balancing, make sure the domain name suffixes in DNS mappings are the same as those on the external link proxy.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the domain name suffix as b.example.com for external link proxy on HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs http

[Sysname-vs-http-vs] external-link inject-domain-suffix b.example.com

Related commands

display virtual-server

external-link inject-uri

external-link proxy enable

external-link inject-uri

Use external-link inject-uri to configure the URI for external link proxy.

Use undo external-link inject-uri to delete the URI for external link proxy.

Syntax

external-link inject-uri string

undo external-link inject-uri

Default

No URI is configured for external link proxy.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

Parameters

string: Specifies the URI for rewriting domain names of external links. This argument is a case-insensitive string of 1 to 63 characters. The URI can contain letters, digits, hyphens (-), and underscores (_), and cannot contain dots (.).

Usage guidelines

Non-default vSystems do not support this command.

Use this command to rewrite domain names of external links. Upon receiving a response from the IPv6 site server, the LB device rewrites the IPv4 external link in the response by adding the specified parameters to the associated domain name. The parameters include the URI, domain name suffix, and virtual server port number. Suppose the domain name of the original external link is http://www.example1.com, URI is proxy, domain name suffix is example2.com, and virtual server port number is 8080. The external link domain name after rewrite is http://www.example1.com.proxy.example2.com:8080. Upon receiving a DNS request containing this modified domain name, the LB device performs the following operations:

1. Extracts the original domain name.

2. Requests the associated IPv4 resource on behalf of the IPv6 client.

3. Returns the obtained IPv4 resource to the IPv6 client.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the URI as proxy for external link proxy on HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs http

[Sysname-vs-http-vs] external-link inject-uri proxy

Related commands

display virtual-server

external-link inject-domain-suffix

external-link proxy enable

external-link proxy enable (LB action view)

Use external-link proxy enable to enable external link proxy.

Use undo external-link proxy enable to disable external link proxy.

Syntax

external-link proxy enable

undo external-link proxy enable

Default

External link proxy is disabled.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

To perform external link proxy for a traffic class instead of all traffic of a virtual server, enable external link proxy in an HTTP LB action. Additionally, configure external link proxy parameters in the view of the virtual server and specify the LB policy for the virtual server.

The external link proxy action is first taken when the following actions are also configured:

· A forwarding LB action.

· HTTP redirection action.

· Specifying a response file for matching HTTP requests.

· Specifying a response file used upon load balancing failure.

Examples

# Enable external link proxy for HTTP LB action a1.

<Sysname> system-view

[Sysname] loadbalance action a1 type http

[Sysname-lba-http-a1] external-link proxy enable

Related commands

display loabalance action

external-link inject-domain-suffix

external-link inject-uri

external-link proxy enable (virtual server view)

Use external-link proxy enable to enable external link proxy.

Use undo external-link proxy enable to disable external link proxy.

Syntax

external-link proxy enable

undo external-link proxy enable

Default

External link proxy is disabled.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This command enables the LB device to operate as a proxy to request IPv4 resources on behalf of IPv6 clients. External link proxy operates as follows:

1. The LB device receives an IPv6 DNS request containing an IPv4 link, and sends the request to the IPv6 site server.

2. Upon receiving a response from the server, the LB device returns a script file with the external link rewritten as configured to the client.

3. The client executes the script file, modifies the external link domain name as instructed, and then sends another DNS request containing the modified domain name.

4. Upon receiving the request, the LB device extracts the original domain name and requests the associated IPv4 resource on behalf of the client.

5. The LB device returns the obtained IPv4 resource to the client.

Examples

# Enable external link proxy for HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs http

[Sysname-vs-http-vs] external-link proxy enable

Related commands

display virtual-server

external-link snat-pool

Use external-link snat-pool to specify the SNAT address pool for external link proxy.

Use undo external-link snat-pool to restore the default.

Syntax

external-link snat-pool pool-name

undo external-link snat-pool

Default

No SNAT address pool is specified for external link proxy.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

Parameters

pool-name: Specifies a SNAT address pool by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

To request an IPv4 resource as an external link proxy, the LB device will choose an IP address from the specified SNAT pool. The LB device uses this IP address as the client IP address to initiate a request on behalf of the IPv6 client.

If you do not specify a SNAT address pool, the LB device uses the IP address of the output interface to the server as the client IP address.

Examples

# Specify the SNAT address pool as spool1 for external link proxy on HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs http

[Sysname-vs-http-vs] external-link snat-pool spool1

Related commands

display virtual-server

loadbalance snat-pool

external-link whitelist domain

Use external-link whitelist domain to add a domain name to the whitelist for external link proxy.

Use undo external-link whitelist domain to delete a domain name from the whitelist for external link proxy.

Syntax

external-link whitelist domain domain-name

undo external-link whitelist domain domain-name

Default

No domain names are added to the whitelist for external link proxy.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

Parameters

domain-name: Specifies a domain name, a case-insensitive, dot-separated string of 1 to 254 characters. Each dot-separated label in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), and dots (.).

Usage guidelines

Non-default vSystems do not support this command.

The LB device does not rewrite the external links containing any domain names in the whitelist. You can add specific domain names (for example, those of the IPv6 external links in the IPv6 site) to the whitelist.

Examples

# Add domain name a.example.com to the whitelist for external link proxy on HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs http

[Sysname-vs-http-vs] external-link whitelist domain a.example.com

Related commands

display virtual-server

external-script

Use external-script to specify a script file used for custom monitoring.

Use undo external-script to restore the default.

Syntax

external-script file-name

undo external-script

Default

No script file is specified for custom monitoring.

Views

Custom-monitoring LB probe template view

Predefined user roles

network-admin

context-admin

Parameters

file-name: Specifies a script file by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Non-default vSystems do not support this command.

The device detects the state of real severs according to the detection contents in the script file.

Before specifying a script file, upload the file to the device.

The device supports specifying only script files with the .py suffix.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In custom-monitoring LB probe template test_external, use script file test.py for custom monitoring.

<Sysname> system-view

[Sysname] loadbalance probe-template external-monitor test-external

[Sysname-lbpt-external-monitor-test-external] external-script test.py

fail-action (link group view)

Use fail-action to specify the fault processing method for links in a link group.

Use undo fail-action to restore the default.

Syntax

fail-action { keep | reschedule | reset }

undo fail-action

Default

The fault processing method is to keep existing connections.

Views

Link group view

Predefined user roles

network-admin

context-admin

Parameters

keep: Keeps the connection with the failed link. Keeping or terminating the connection depends on the timeout mechanism of the protocol.

reschedule: Redirects the connection to another available link in the link group.

reset: Terminates the connection with the failed link by sending RST packets (for TCP packets) or ICMP unreachable packets (for other types of packets).

Usage guidelines

Non-default vSystems do not support this command.

The fault processing method applies when the link that processes packets fails.

Examples

# Specify the fault processing method for links in link group lg as reschedule.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] fail-action reschedule

fail-action (server farm view)

Use fail-action to specify the fault processing method for a server farm.

Use undo fail-action to restore the default.

Syntax

fail-action { keep | reschedule | reset }

undo fail-action

Default

The fault processing method is to keep existing connections.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

keep: Keeps the connection with the failed real server. Keeping or terminating the connection depends on the timeout mechanism of the protocol.

reschedule: Redirects the connection to another available real server in the server farm.

reset: Terminates the connection with the failed real server by sending RST packets (for TCP packets) or ICMP unreachable packets (for other types of packets).

Usage guidelines

The fault processing method applies when the real server that processes packets fails.

Examples

# Specify the fault processing method for the server farm sf as reschedule.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] fail-action reschedule

fallback

Use fallback to specify a processing method for DNS mapping search failure.

Use undo fallback to restore the default.

Syntax

fallback { dns-proxy | no-response | reject }

undo fallback

Default

A DNS listener sends a DNS reject packet for DNS mapping search failure.

Views

DNS listener view

Predefined user roles

network-admin

context-admin

Parameters

dns-proxy: Responds to DNS requests through a transparent DNS proxy.

no-response: Does not respond to DNS requests.

reject: Sends a DNS reject packet.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Specify the processing method for DNS mapping search failure as no-response.

<Sysname> system-view

[Sysname] loadbalance dns-listener ct-listener

[Sysname-lb-dl-ct-listener] fallback no-response

fallback-action close

Use fallback-action close to configure the method of closing TCP connections upon failure to find a real server.

Use undo fallback-action to restore the default.

Syntax

fallback-action close { fin | rst }

undo fallback-action

Default

Packets are dropped when no real servers are available for the current LB action.

Views

Generic/HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

fin: Closes TCP connections by sending FIN packets.

rst: Closes TCP connections by sending RST packets.

Usage guidelines

This command enables the device to close TCP connections matching the LB policy by sending FIN or RST packets if the device fails to find a real server according to the LB action.

Examples

# In HTTP LB action a1, configure the method of closing TCP connections by sending RST packets.

<Sysname> system-view

[Sysname] loadbalance action a1 type http

[Sysname-lba-http-a1] fallback-action close rst

fallback-action continue

Use fallback-action continue to match the next rule upon failure to find an available server.

Use undo fallback-action to restore the default.

Syntax

fallback-action continue

undo fallback-action

Default

Packets are dropped when no servers are available for the current LB action.

Views

LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

This command enables packets to match the next rule in an LB policy when no servers are available for the current LB action.

This command does not apply to SIP virtual servers.

Examples

# Match the next rule upon failure to find a real server for the HTTP LB action a1.

<Sysname> system-view

[Sysname] loadbalance action a1 type http

[Sysname-lba-http-a1] fallback-action continue

# Match the next rule upon failure to find a DNS server for the DNS LB action a2.

<Sysname> system-view

[Sysname] loadbalance action a2 type dns

[Sysname-lba-dns-a2] fallback-action continue

fallback-action response raw-file

Use fallback-action response raw-file to specify a response file used upon load balancing failure.

Use undo fallback-action to restore the default.

Syntax

fallback-action response raw-file raw-filename

undo fallback-action

Default

Packets are discarded upon load balancing failure.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

raw-filename: Specifies a response file by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

This command enables the device to respond to client requests when the device fails to find an available real server or fails to find the response file specified in the response command. The response file specified in the fallback-action response raw-file command must contain a complete HTTP packet and cannot contain only the HTTP content.

The fallback-action response raw-file command and the fallback-action continue command are mutually exclusive.

Examples

# Specify the 301.raw file as the response file used upon load balancing failure.

<Sysname> system-view

[Sysname] loadbalance action a_http type http

[Sysname-lba-http-a_http] fallback-action response raw-file 301.raw

Related commands

display loadbalance action

fallback-action continue

fin-wait1 timeout

Use fin-wait1 timeout to set the FIN-WAIT-1 state timeout time for TCP connections.

Use undo fin-wait1 timeout to restore the default.

Syntax

fin-wait1 timeout timeout-value

undo fin-wait1 timeout

Default

The FIN-WAIT-1 state timeout time is 5 seconds for TCP connections.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

timeout-value: Specifies the FIN-WAIT-1 state timeout time in the range of 1 to 65535 seconds.

Examples

# Set the FIN-WAIT-1 state timeout time for TCP connections to 10 seconds in the TCP parameter profile profile.

<Sysname> system-view

[Sysname] parameter-profile profile type tcp

[Sysname-para-tcp-profile] fin-wait1 timeout 10

Related commands

display parameter-profile

fin-wait2 timeout

Use fin-wait2 timeout to set the FIN-WAIT-2 state timeout time for TCP connections.

Use undo fin-wait2 timeout to restore the default.

Syntax

fin-wait1 timeout timeout-value

undo fin-wait1 timeout

Default

The FIN-WAIT-2 state timeout time is 5 seconds for TCP connections.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

timeout-value: Specifies the FIN-WAIT-2 state timeout time in the range of 1 to 65535 seconds.

Examples

# Set the FIN-WAIT-2 state timeout time for TCP connections to 10 seconds in the TCP parameter profile profile.

<Sysname> system-view

[Sysname] parameter-profile profile type tcp

[Sysname-para-tcp-profile] fin-wait2 timeout 10

Related commands

display parameter-profile

forward all

Use forward all to configure the packet forwarding mode.

Use undo forward to restore the default.

Syntax

forward all

undo forward

Default

The packet forwarding mode is to discard packets.

Views

DNS/Generic/Link-generic LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

In DNS LB action view, this command is mutually exclusive with the dns-server-pool or skip current-dns-proxy command. In generic LB action view, the forward all and server-farm commands are mutually exclusive. In link-generic LB action view, the forward all and link-group commands are mutually exclusive. If you configure one command, the other command (if configured) is automatically cancelled.

This command does not apply to SIP virtual servers.

Examples

# Configure the packet forwarding mode for the generic LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] forward all

Related commands

dns-server-pool

link-group (LB action view)

server-farm (LB action view)

frequency

Use frequency to set the probe interval for an LB probe template.

Use undo frequency to restore the default.

Syntax

frequency interval

undo frequency

Default

The probe interval is 300 seconds.

Views

Load balancing probe template view

Predefined user roles

network-admin

context-admin

Parameters

interval: Specifies the probe interval in the range of 5 to 604800 seconds.

Usage guidelines

Non-default vSystems do not support this command.

This command specifies the interval for sending probe packets.

Examples

# Set the probe interval to 3600 seconds for ICMP probe template icmptplt.

<Sysname> system-view

[Sysname] loadbalance probe-template icmp icmptplt

[Sysname-lb-pt-icmp-icmptplt] frequency 3600

header (HTTP header sticky group view)

Use header to configure the HTTP header sticky method.

Use undo header to restore the default.

Syntax

header { { { host | name header-name | url } [ offset offset ] [ start start-string ] [ end end-string | length length ] } | request-method | version }

undo header

Default

No HTTP header sticky methods exist.

Views

HTTP header sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

host: Specifies the HTTP host based sticky method.

name header-name: Specifies the HTTP header name based sticky method. The header-name argument is a case-insensitive string of 1 to 63 characters.

url: Specifies the HTTP URL based sticky method.

offset offset: Specifies the offset value of the HTTP header based on the start of the HTTP packet, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the HTTP header, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the HTTP header, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the HTTP header, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

request-method: Specifies the HTTP Request-Method based sticky method.

version: Specifies the HTTP version based sticky method.

Usage guidelines

Use this command to obtain the HTTP header information used to generate sticky entries based on the offset, start-string, end-string, and length values. The start-string and end-string values are not included in the sticky entry information.

Examples

# Configure the HTTP header sticky method for the HTTP header sticky group sg4: Specify the HTTP host based sticky method.

<Sysname> system-view

[Sysname] sticky-group sg4 type http-header

[Sysname-sticky-http-header-sg4] header host

header (HTTP passive sticky group view)

Use header to configure the HTTP header passive sticky method.

Use undo header to delete the HTTP header passive sticky method.

Syntax

header { get id name header-name | match id { name header-name | url } } start start-string { end end-string | length length }

undo { get | match } id

Default

No HTTP header passive sticky methods exist.

Views

HTTP passive sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

get: Obtains the specified string in the HTTP response header, which is used to generate an HTTP header passive sticky entry.

match: Obtains the specified string in the HTTP request header, which is used to match an HTTP header passive sticky entry.

id: Specifies the string ID in the range of 1 to 4.

name header-name: Specifies the HTTP header name based sticky method. The header-name argument is a case-insensitive string of 1 to 63 characters.

url: Specifies the HTTP URL based sticky method.

start start-string: Specifies the regular expression that marks the start of the HTTP header or URL, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the HTTP header or URL, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

length length: Specifies the length of the HTTP header or URL, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

The start-string and end-string values are not included in the sticky entry information.

Both the header get and header match commands are required for an HTTP header passive sticky method.

The device obtains the header or URL information of an incoming HTTP request based on the header match command and obtains the header information of an incoming HTTP response based on the header get command. If the header or URL information of the HTTP request matches the header information of the HTTP response, the device generates a sticky entry based on the header information of the HTTP response. Subsequent HTTP requests that match the sticky entry are forwarded according to the sticky entry.

The following rules apply to use of the header match and header get commands:

· You can execute a maximum of four header get commands and four header match commands for one HTTP passive sticky method.

· A number of n strings that are obtained based on n header get commands generates 2n-1 strings in ascending order of string IDs. If the string obtained based on the header match command matches any one of these generated strings, the match is successful.

· A number of n strings that are obtained based on n header match commands combine as one string in ascending order of string IDs.

For example, three header get commands are executed with string IDs 1, 2, and 3. The device obtains three strings a, b, and c in the HTTP response header, generates seven strings a, b, c, ab, ac, bc, and abc, and generates seven sticky entries. Then, three header match commands are executed with string IDs 2, 3, and 4. The device obtains three strings a, b, and c in the HTTP request header and generates one string abc. If the string matches one of the seven strings, the device generates a sticky entry based on the string abc. Subsequent HTTP requests that match the sticky entry are forwarded according to the sticky entry.

Examples

# Configure the HTTP passive sticky method for the HTTP passive sticky group sg4: Obtain the string between callid and & in the URL of the HTTP request. If the string matches the string between phone-number and & in HTTP response header x-forward-callid, the device generates a sticky entry based on the string between phone-number and &.

<Sysname> system-view

[Sysname] sticky-group sg4 type http-passive

[Sysname-sticky-http-passive-sg4] header get 1 name x-forward-callid start phone-number end &

[Sysname-sticky-http-passive-sg4] header match 1 url start callid end &

Related commands

content (HTTP passive sticky group view)

display sticky-group

header call-id

Use header call-id to configure the SIP call ID sticky method.

Use undo header call-id to restore the default.

Syntax

header call-id

undo header call-id

Default

No sticky methods exist.

Views

SIP sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

The SIP call ID sticky method allows the device to generate sticky entries based on the Call-ID header field in SIP messages. Packets with the same call ID are assigned to the same real server.

Examples

# Configure the SIP call ID sticky method for the SIP sticky group sg6.

<Sysname> system-view

[Sysname] sticky-group sg6 type sip

[Sysname-sticky-sip-sg6] header call-id

header delete

Use header delete to delete the HTTP header.

Use undo header delete to keep the HTTP header.

Syntax

header delete { both | request | response } name header-name

undo header delete { both | request | response } name header-name

Default

The HTTP header is kept.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

both: Specifies both the HTTP request and response packets.

request: Specifies the HTTP request packets.

response: Specifies the HTTP response packets.

name header-name: Specifies the name of the HTTP packet header, including standard and user-defined headers that must match the header in the packet. The header-name argument is a case-insensitive string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127. You can enter a question mark (?) to obtain a list of standard header names. For more information about the header names, see RFC 4229.

Usage guidelines

This command deletes the specified header from HTTP packets.

Examples

# Delete the header named host from HTTP request packets for the HTTP LB action lba2.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] header delete request name host

header delete request accept-encoding

Use header delete request accept-encoding to delete the Accept-Encoding header from HTTP requests.

Use undo header delete request accept-encoding to keep the Accept-Encoding header in HTTP requests.

Syntax

header delete request accept-encoding

undo header delete request accept-encoding

Default

The LB device deletes the Accept-Encoding header from HTTP requests.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

This command enables the LB device to delete the Accept-Encoding header from the HTTP request before sending it to the server. If the response packet sent by the server matches the specified match rule, the LB device compresses the packet before sending it to the requesting client. If the HTTP request sent by the client does not contain the Accept-Encoding header, the LB device does not compress the response packet regardless of whether this command is executed.

By default, the LB device does not modify request packets. If the response packet sent by the server is compressed, the LB device sends the packet to the requesting client without compressing it. If the response packet sent by the server is not compressed and matches the specified match rule, the LB device compresses the packet before sending it to the requesting client.

Examples

# Create the HTTP-compression parameter profile http1, and delete the Accept-Encoding header from HTTP requests.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] header delete request accept-encoding

header exceed-length

Use header exceed-length to specify the action to take on the HTTP requests or responses when their packet headers exceed the maximum length.

Use undo header exceed-length to restore the default.

Syntax

header exceed-length { continue | drop }

undo header exceed-length

Default

The system continues to perform load balancing for HTTP requests or responses when their packet headers exceed the maximum length.

Views

HTTP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

continue: Continues to perform load balancing.

drop: Stops performing load balancing, discards the packet, and terminates the connection.

Usage guidelines

When the HTTP packet header length exceeds the processing capability of load balancing, the drop method applies.

Examples

# For the HTTP parameter profile pp1, specify the drop action for the HTTP requests or responses with their packet headers exceeding the maximum length.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] header exceed-length drop

header insert

Use header insert to insert the HTTP header.

Use undo header insert to remove the configuration.

Syntax

header insert { both | request | response } name header-name value value [ encode { base64 | url } ]

undo header insert { both | request | response } name header-name

Default

The HTTP header is not inserted.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

both: Specifies both the HTTP request and response packets.

request: Specifies the HTTP request packets.

response: Specifies the HTTP response packets.

name header-name: Specifies the name of the HTTP packet header, including standard and user-defined headers. The header-name argument is a case-sensitive string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127. You can enter a question mark (?) to obtain a list of standard header names. For more information about the header names, see RFC 4229.

value value: Specifies the header content to be inserted to the HTTP packet, a string of 1 to 255 characters. You can also specify the following replacement strings:

· %is—Source IP address in HTTP requests.

· %ps—Source port number in HTTP requests.

· %id—Destination IP address in HTTP requests.

· %pd—Destination port number in HTTP requests.

· %sps—Source port number in HTTP responses.

· %spd—Destination port number in HTTP responses.

· %sis—Source IP address in HTTP responses.

· %sid—Destination IP address in HTTP responses.

· %{x509v}—Certificate version.

· %{x509snum}—Certificate serial number.

· %{x509sigalgo}—Certificate signature algorithm.

· %{x509issuer}—Certificate issuer.

· %{x509before}—Certificate effective time.

· %{x509after}—Certificate expiration time.

· %{x509sub}—Certificate subject.

· %{x509spktype}—Public key type for the certificate subject.

· %{x509spk}—Public key for the certificate subject.

· %{x509spkRSA}—Length of the RSA public key for the certificate subject (this field is available only for an RSA public key).

· %{x509hash}—MD5 hash value of the client certificate.

· %{dncn}—Issuee.

· %{dne}—Email.

· %{dno}—Company/Organization.

· %{dnou}—Department.

· %{dnc}—Country.

· %{dns}—State/Province.

· %{dnl}—City.

encode { base64 | url }: Specifies an encoding method for replacement strings. If you do not specify an encoding method, replacement strings are not encoded.

Usage guidelines

This command inserts the specified header to HTTP packets.

URL encoding encodes only special characters in replacement strings, for example, colons in IPv6 addresses. Base64 encoding encodes entire replacement strings.

Examples

# Insert the header named source with source IP address and source port number as the content to HTTP request packets for the HTTP LB action lba2.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] header insert request name source value %is:%ps

header insert response vary

Use header insert response vary to insert the Vary header into HTTP responses.

Use undo header insert response vary to remove the configuration.

Syntax

header insert response vary

undo header insert response vary

Default

The Vary header is inserted into HTTP responses.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

This command inserts the Vary header to HTTP responses and sets the header content to Accept-Encoding before sending them to the client. The command takes effect regardless of whether the response packets contain the Vary header or whether the packets are compressed.

Examples

# Create the HTTP-compression parameter profile http1, and insert the Vary header into HTTP responses.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] header insert response vary

header maxparse-length

Use header maxparse-length to set the maximum length of HTTP headers that can be parsed.

Use undo header maxparse-length to restore the default.

Syntax

header maxparse-length length

undo header maxparse-length

Default

The maximum length of HTTP headers that can be parsed is 4096.

Views

HTTP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

length: Specifies the maximum length of HTTP headers that can be parsed, in the range of 1 to 65535 bytes.

Examples

# Set the maximum length of HTTP headers that can be parsed to 8192 for the HTTP parameter profile pp1.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] header maxparse-length 8192

header modify per-request

Use header modify per-request to perform the insert, delete, or modify operation for the header of each HTTP request or response packet.

Use undo header modify per-request to restore the default.

Syntax

header modify per-request

undo header modify per-request

Default

The insert, delete, or modify operation is performed for the header of the first HTTP request or response packet of a connection.

Views

HTTP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Examples

# For the HTTP parameter profile pp1, perform the insert, delete, or modify operation for the header of each HTTP request or response packet.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] header modify per-request

header rewrite

Use header rewrite to rewrite the HTTP header.

Use undo header rewrite to remove the configuration.

Syntax

header rewrite { both | request | response } name header-name value value replace replace [ encode { base64 | url } ]

undo header rewrite { both | request | response } name header-name

Default

The HTTP header is not rewritten.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

both: Specifies both the HTTP request and response packets.

request: Specifies the HTTP request packets.

response: Specifies the HTTP response packets.

value value: Specifies the HTTP packet header content to be rewritten, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

replace replace: Specifies the content after rewrite, a case-sensitive string of 1 to 127 characters. You can also specify the following replacement strings:

· %is—Source IP address in HTTP requests.

· %ps—Source port number in HTTP requests.

· %id—Destination IP address in HTTP requests.

· %pd—Destination port number in HTTP requests.

· %sps—Source port number in HTTP responses.

· %spd—Destination port number in HTTP responses.

· %sis—Source IP address in HTTP responses.

· %sid—Destination IP address in HTTP responses.

· %{x509v}—Certificate version.

· %{x509snum}—Certificate serial number.

· %{x509sigalgo}—Certificate signature algorithm.

· %{x509issuer}—Certificate issuer.

· %{x509before}—Certificate effective time.

· %{x509after}—Certificate expiration time.

· %{x509sub}—Certificate subject.

· %{x509spktype}—Public key type for the certificate subject.

· %{x509spk}—Public key for the certificate subject.

· %{x509spkRSA}—Length of the RSA public key for the certificate subject (this field is available only for an RSA public key).

· %{x509hash}—MD5 hash value of the client certificate.

· %{dncn}—Issuee.

· %{dne}—Email.

· %{dno}—Company/Organization.

· %{dnou}—Department.

· %{dnc}—Country.

· %{dns}—State/Province.

· %{dnl}—City.

encode { base64 | url }: Specifies an encoding method for replacement strings. If you do not specify an encoding method, replacement strings are not encoded.

Usage guidelines

This command rewrites the value setting of the specified header in HTTP packets to the replace setting.

URL encoding encodes only special characters in replacement strings, for example, colons in IPv6 addresses. Base64 encoding encodes entire replacement strings.

Examples

# For the HTTP LB action lba2, rewrite the content www.hello.example.com of the header named host in HTTP request packets to www.he.example.com.cn.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] header rewrite request name host value www\.(he)(llo)\.example.com replace www.%1.example.com.cn encode url

header rewrite request url

Use header rewrite request url to rewrite the URL in HTTP requests.

Use undo header rewrite request url to restore the default.

Syntax

header rewrite request url value value replace replace [ encode { base64 | url } ]

undo header rewrite request url

Default

The URL in HTTP requests is not rewritten.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

value value: Specifies the URL to be rewritten, a case-sensitive string of 1 to 127 characters. The string cannot contain question marks (?).

replace replace: Specifies the URL after rewrite, a case-sensitive string of 1 to 127 characters. You can also specify the following replacement strings:

· %is—Source IP address in HTTP requests.

· %ps—Source port number in HTTP requests.

· %id—Destination IP address in HTTP requests.

· %pd—Destination port number in HTTP requests.

· %sps—Source port number in HTTP responses.

· %spd—Destination port number in HTTP responses.

· %sis—Source IP address in HTTP responses.

· %sid—Destination IP address in HTTP responses.

· %{x509v}—Certificate version.

· %{x509snum}—Certificate serial number.

· %{x509sigalgo}—Certificate signature algorithm.

· %{x509issuer}—Certificate issuer.

· %{x509before}—Certificate effective time.

· %{x509after}—Certificate expiration time.

· %{x509sub}—Certificate subject.

· %{x509spktype}—Public key type for the certificate subject.

· %{x509spk}—Public key for the certificate subject.

· %{x509spkRSA}—Length of the RSA public key for the certificate subject (this field is available only for an RSA public key).

· %{x509hash}—MD5 hash value of the client certificate.

· %{dncn}—Issuee.

· %{dne}—Email.

· %{dno}—Company/Organization.

· %{dnou}—Department.

· %{dnc}—Country.

· %{dns}—State/Province.

· %{dnl}—City.

encode { base64 | url }: Specifies an encoding method for replacement strings. If you do not specify an encoding method, replacement strings are not encoded.

Usage guidelines

This command rewrites the value setting in the HTTP request URL to the replace setting.

URL encoding encodes only special characters in replacement strings, for example, colons in IPv6 addresses. Base64 encoding encodes entire replacement strings.

Examples

# For the HTTP LB action lba2, rewrite the URL www.hello.example.com in HTTP requests to www.he.example.com.cn.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] header rewrite request url value www\.(he)(llo)\.example.com replace www.%1.example.com.cn encode url

idle-time

Use idle-time to set the idle timeout time for TCP connections between the LB device and servers.

Use undo idle-time to restore the default.

Syntax

idle-time idle-time

undo idle-time

Default

The idle timeout time for TCP connections between the LB device and servers is 86400 seconds.

Views

OneConnect parameter profile view

MySQL parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

idle-time: Specifies the idle timeout time in the range of 1 to 4294967295 seconds.

Usage guidelines

The idle timeout time is the amount of time that a TCP connection can stay idle before it is disconnected. After the TCP connection is disconnected, new connection requests trigger establishment of a new TCP connection.

Examples

# In OneConnect parameter profile ocp, set the idle timeout time to 10000 seconds for TCP connections between the LB device and servers.

<Sysname> system-view

[Sysname] parameter-profile ocp type oneconnect

[Sysname-para-oneconnect-ocp] idle-time 10000

inherit vpn-instance disable (link view)

Use inherit vpn-instance disable to disable VPN instance inheritance for a link.

Use undo inherit vpn-instance disable to enable VPN instance inheritance for a link.

Syntax

inherit vpn-instance disable

undo inherit vpn-instance disable

Default

VPN instance inheritance is enabled for a link.

Views

Link view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

When VPN instance inheritance is enabled, a link without a VPN instance specified inherits the VPN instance of the virtual server. When VPN instance inheritance is disabled, a link without a VPN instance specified belongs to the public network.

To specify a VPN instance for a link, use the vpn-instance vpn-instance-name command in link view.

You can display the VPN instance for a link by using the display loadbalance link command.

Examples

# Disable VPN instance inheritance for link lk1.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] inherit vpn-instance disable

Related commands

display loadbalance link

vpn-instance (link view)

inherit vpn-instance disable (real server view)

Use inherit vpn-instance disable to disable VPN instance inheritance for a real server.

Use undo inherit vpn-instance disable to enable VPN instance inheritance for a real server.

Syntax

inherit vpn-instance disable

undo inherit vpn-instance disable

Default

VPN instance inheritance is enabled for a real server.

Views

Real server view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

When VPN instance inheritance is enabled, a real server without a VPN instance specified inherits the VPN instance of its virtual server. When VPN instance inheritance is disabled, a real server without a VPN instance specified belongs to the public network.

To specify a VPN instance for a real server, use the vpn-instance command in real server view.

Examples

# Disable VPN instance inheritance for real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] inherit vpn-instance disable

Related commands

vpn-instance (real server view)

vpn-instance (virtual server view)

ip

Use ip to configure the IPv4 sticky method.

Use undo ip to restore the default.

Syntax

ip [ port ] { both | destination | source } [ mask mask-length ]

undo ip

Default

No IPv4 sticky method is configured.

Views

Sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

port: Specifies the sticky method as IPv4 address + port number. If you do not specify this keyword, the sticky method is IPv4 address.

both: Specifies the sticky method as source IPv4 address + destination IPv4 address (if you do not specify the port keyword), or source IPv4 address + source port number + destination IPv4 address + destination port number (if you specify the port keyword).

destination: Specifies the sticky method as destination IPv4 address if you do not specify the port keyword, or destination IPv4 address + destination port number if you specify the port keyword.

source: Specifies the sticky method as source IPv4 address if you do not specify the port keyword, or source IPv4 address + source port number if you specify the port keyword.

mask mask-length: Specifies the mask length for the sticky method.

Examples

# Configure the sticky method for the address and port-based sticky group sg1 as source IPv4 address.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] ip source

# Configure the sticky method for the address and port-based sticky group sg1 as source IPv4 address + source port number.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] ip port source

Related commands

sticky-group

ip address (DNS listener view)

Use ip address to specify an IPv4 address and a port number for a DNS listener.

Use undo ip address to restore the default.

Syntax

ip address ipv4-address [ port port-number ]

undo ip address

Default

No IPv4 address or port number is specified for a DNS listener.

Views

DNS listener view

Predefined user roles

network-admin

context-admin

Parameters

ipv4-address: Specifies an IPv4 address, which cannot be a loopback address, multicast address, broadcast address, or an address in the format of 0.X.X.X.

port-number: Specifies a port number in the range of 1 to 65535. The default port number is 53.

Usage guidelines

Non-default vSystems do not support this command.

You can specify only one IPv4 address for a DNS listener. If you execute this command multiple times, the most recent configuration takes effect. A DNS listener without an IPv4 address configured does not process IPv4 DNS requests.

To ensure correct operation of inbound link load balancing when server load balancing is also enabled, do not specify the virtual server's IP address as the DNS listener's IP address.

Examples

# Specify the IPv4 address for the DNS listener as 1.2.3.4 and port number as 8080.

<Sysname> system-view

[Sysname] loadbalance dns-listener ct-listener

[Sysname-lb-dl-ct-listener] ip address 1.2.3.4 port 8080

Related commands

display loadbalance dns-listener

ip address (DNS server view)

Use ip address to specify an IPv4 address for a DNS server.

Use undo ip address to restore the default.

Syntax

ip address ipv4-address

undo ip address

Default

No IPv4 address is specified for a DNS server.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Parameters

ipv4-address: Specifies an IPv4 address, which cannot be a loopback address, multicast address, broadcast address, or an address in the format of 0.X.X.X.

Usage guidelines

Non-default vSystems do not support this command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the IPv4 address for DNS server ds1 as 1.2.3.4.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1] ip address 1.2.3.4

ip address (ISP view)

Use ip address to configure an IPv4 address for an ISP.

Use undo ip address to restore the default.

Syntax

ip address ipv4-address { mask-length | mask }

undo ip address ipv4-address { mask-length | mask }

Default

No IPv4 address is configured for an ISP.

Views

ISP view

Predefined user roles

network-admin

context-admin

Parameters

ipv4-address: Specifies an IPv4 address.

mask-length: Specifies the mask length for the IPv4 address, in the range of 0 to 32.

mask: Specifies the mask for the IPv4 address.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Configure the IPv4 address for the ISP isp1 as 1.1.1.1.

<Sysname> system-view

[Sysname] loadbalance isp name isp1

[Sysname-lbisp-isp1] ip address 1.1.1.1 24

ip address (real server view)

Use ip address to configure an IPv4 address for a real server.

Use undo ip address to restore the default.

Syntax

ip address ipv4-address

undo ip address

Default

No IPv4 address is configured for a real server.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

ipv4-address: Specifies an IPv4 address, which cannot be a loopback address, multicast address, broadcast address, or an address in the format of 0.X.X.X.

Examples

# Configure the IPv4 address for the real server rs as 1.1.1.1.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] ip address 1.1.1.1

ip address (transparent DNS proxy view)

Use ip address to specify an IPv4 address for a transparent DNS proxy.

Use undo ip address to restore the default.

Syntax

ip address ipv4-address [ mask-length | mask ]

undo ip address

Default

No IPv4 address is specified for a transparent DNS proxy.

Views

Transparent DNS proxy view

Predefined user roles

network-admin

context-admin

Parameters

ipv4-address: Specifies an IPv4 address, which cannot be a loopback address, multicast address, broadcast address, or an address in the format of 0.X.X.X.

mask-length: Specifies a mask length in the range of 0 to 32.

mask: Specifies a subnet mask.

Usage guidelines

Non-default vSystems do not support this command.

A transparent DNS proxy processes a DNS request only when the destination IP address and port number of the DNS request match those of the transparent DNS proxy.

If server load balancing is configured, configure different IP addresses and port numbers for the transparent DNS proxy and the virtual server of the UDP type.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the IPv4 address for transparent DNS proxy dns-proxy1 as 1.2.3.4/24.

<Sysname> system-view

[Sysname] loadbalance dns-proxy dns_proxy1

[Sysname-lb-dp-udp-dns-proxy1] ip address 1.2.3.4 24

ip mask

Use ip mask to set the mask length for IPv4 proximity entries.

Use undo ip mask to restore the default.

Syntax

ip mask { mask-length | mask }

undo ip mask

Default

The mask length for IPv4 proximity entries is 24.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

mask-length: Specifies the mask length for IPv4 proximity entries, in the range of 0 to 32. A value of 0 indicates the natural mask.

mask: Specifies the mask for IPv4 proximity entries.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the mask length for IPv4 proximity entries to 30.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity] ip mask 30

ip range

Use ip range to add an IPv4 address range to a SNAT address pool.

Use undo ip range to remove an IPv4 address range from a SNAT address pool.

Syntax

ip range start start-ipv4-address end end-ipv4-address [ failover-group group-name [ channel channel-id ] ]

undo ip range start start-ipv4-address end end-ipv4-address

Default

An SNAT address pool does not contain IPv4 address ranges.

Views

SNAT address pool view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

start start-ipv4-address: Specifies the start IPv4 address.

end end-ipv4-address: Specifies the end IPv4 address, which must be greater than or equal to the start IPv4 address.

failover-group group-name: Specifies a failover group for the address range by its name, a case-sensitive string of 1 to 63 characters. The specified failover group must already exist. You must specify a failover group if you have specified the failover group-based splitting method when creating the SNAT address pool. For other splitting methods, you cannot specify a failover group.

channel channel-id: Specifies a channel by its ID. The channel ID can be 0 or 1. The default channel ID is 0.

Usage guidelines

You can execute this command multiple times to add multiple IPv4 address ranges to a SNAT address pool. Each address range can have a maximum of 256 IPv4 addresses. No overlapping IPv4 addresses are allowed in the same SNAT address pool or different SNAT address pools.

If you specify a failover group and a channel in this command, only that channel in that failover group can use the configured address range. For more information about failover groups, see Virtual Technologies Configuration Guide.

If the addresses in an SNAT address pool are in the same network segment as the IP address of the interface connect the device to the server, you must specify an interface for sending gratuitous ARP or ND packets.

Examples

# Add IPv4 address range 1.1.1.1 to 1.1.1.100 to the SNAT address pool lbsp.

<Sysname> system-view

[Sysname] loadbalance snat-pool lbsp

[Sysname-lbsnat-pool-lbsp] ip range start 1.1.1.1 end 1.1.1.100

Related commands

arp-nd interface (SNAT address pool view)

loadbalance snat-pool

ip source mask

Use ip source mask to specify the IPv4 mask for connection reuse.

Use undo ip source mask to restore the default.

Syntax

ip source mask { mask-length | mask }

undo ip source mask

Default

The IPv4 mask for connection reuse is the natural mask.

Views

OneConnect parameter profile view

MySQL parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

mask-length: Specifies the mask length in the range of 0 to 32. A value of 0 indicates the natural mask.

mask: Specifies the subnet mask in dotted decimal notation.

Usage guidelines

This command limits the network segment of clients that can reuse connections between the LB device and servers. If the client that initiates a connection request is in the same network segment as the idle TCP connection, the idle TCP connection is reused. If the client does not match this requirement, a new TCP connection is established.

Examples

# In OneConnect parameter profile ocp, set the mask length for connection reuse to 24.

<Sysname> system-view

[Sysname] parameter-profile ocp type oneconnect

[Sysname-para-oneconnect-ocp] ip source mask 24

ipv6

Use ipv6 to configure the IPv6 sticky method.

Use undo ipv6 to restore the default.

Syntax

ipv6 [ port ] { both | destination | source } [ prefix prefix-length ]

undo ipv6

Default

No IPv6 sticky method is configured.

Views

Sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

port: Specifies the sticky method as IPv6 address + port number. If you do not specify this keyword, the sticky method is IPv6 address.

both: Specifies the sticky method as source IPv6 address + destination IPv6 address if you do not specify the port keyword, or source IPv6 address + source port number + destination IPv6 address + destination port number if you specify the port keyword.

destination: Specifies the sticky method as destination IPv6 address if you do not specify the port keyword, or destination IPv6 address + destination port number if you specify the port keyword.

source: Specifies the sticky method as source IPv6 address if you do not specify the port keyword, or source IPv6 address + source port number if you specify the port keyword.

prefix prefix-length: Specifies the prefix length for the sticky method.

Examples

# Configure the sticky method for the address- and port-based sticky group sg1 as source IPv6 address.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] ipv6 source

# Configure the sticky method for the address- and port-based sticky group sg1 as source IPv6 address + source port number.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] ipv6 port source

Related commands

sticky-group

ipv6 address (DNS listener view)

Use ipv6 address to configure an IPv6 address and a port number for a DNS listener.

Use undo ipv6 address to restore the default.

Syntax

ipv6 address ipv6-address [ port port-number ]

undo ipv6 address

Default

No IPv6 address or port number is configured for a DNS listener.

Views

DNS listener view

Predefined user roles

network-admin

context-admin

Parameters

ipv6-address: Specifies an IPv6 address, which cannot be a loopback address, IPv6 multicast address, link-local address, or all-zero address.

port port-number: Specifies a port number in the range of 1 to 65535. The default is 53.

Usage guidelines

Non-default vSystems do not support this command.

A DNS listener can be configured with only one IPv6 address. A DNS listener without an IPv6 address configured does not process IPv6 DNS requests.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the IPv6 address and port number for DNS listener ct-listener as 1001::1 and 64.

<Sysname> system-view

[Sysname] loadbalance dns-listener ct-listener

[Sysname-lb-dl-ct-listener] ipv6 address 1001::1 port 64

Related commands

display loadbalance dns-listener

ipv6 address (DNS server view)

Use ipv6 address to configure an IPv6 address for a DNS server.

Use undo ipv6 address to restore the default.

Syntax

ipv6 address ipv6-address

undo ipv6 address

Default

No IPv6 address is configured for a DNS server.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Parameters

ipv6-address: Specifies an IPv6 address, which cannot be a loopback address, IPv6 multicast address, link-local address, or all-zero address.

Usage guidelines

Non-default vSystems do not support this command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the IPv6 address for DNS server ds1 as 1001::1.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1] ipv6 address 1001::1

ipv6 address (ISP view)

Use ipv6 address to configure an IPv6 address for an ISP.

Use undo ipv6 address to restore the default.

Syntax

ipv6 address ipv6-address prefix-length

undo ipv6 address ipv6-address prefix-length

Default

No IPv6 address is configured for an ISP.

Views

ISP view

Predefined user roles

network-admin

context-admin

Parameters

ipv6-address: Specifies an IPv6 address.

prefix-length: Specifies the prefix length for the IPv6 address, in the range of 1 to 128.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Configure the IPv6 address for the ISP isp1 as 200::1.

<Sysname> system-view

[Sysname] loadbalance isp name isp1

[Sysname-lbisp-isp1] ipv6 address 200::1 100

ipv6 address (real server view)

Use ipv6 address to configure an IPv6 address for a real server.

Use undo ipv6 address to restore the default.

Syntax

ipv6 address ipv6-address

undo ipv6 address

Default

No IPv6 address is configured for a real server.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

ipv6-address: Specifies an IPv6 address, which cannot be a loopback address, IPv6 multicast address, link-local address, or all-zero address.

Examples

# Configure the IPv6 address for the real server rs as 1001::1.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] ipv6 address 1001::1

ipv6 address (transparent DNS proxy view)

Use ipv6 address to configure an IPv6 address for a transparent DNS proxy.

Use undo ipv6 address to restore the default.

Syntax

ipv6 address ipv6-address [ prefix-length ]

undo ipv6 address

Default

No IPv6 address is configured for a transparent DNS proxy.

Views

Transparent DNS proxy view

Predefined user roles

network-admin

context-admin

Parameters

ipv6-address: Specifies an IPv6 address, which cannot be a loopback address, IPv6 multicast address, link-local address, or all-zero address (If the prefix length is 0, you can specify the all-zero address.).

prefix-length: Specifies a prefix length for the IPv6 address, in the range of 0 to 128.

Usage guidelines

Non-default vSystems do not support this command.

A transparent DNS proxy processes a DNS request only when the destination IP address and port number of the DNS request match those of the transparent DNS proxy.

If server load balancing is configured, configure different IP addresses and port numbers for the transparent DNS proxy and the virtual server of the UDP type.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the IPv6 address for transparent DNS proxy dns-proxy1 as 1::2:3/112.

<Sysname> system-view

[Sysname] loadbalance dns-proxy dns-proxy1

[Sysname-lb-dp-udp-dns-proxy1] ipv6 address 1::2:3 112

ipv6 prefix

Use ipv6 prefix to configure the prefix length for IPv6 proximity entries.

Use undo ipv6 prefix to restore the default.

Syntax

ipv6 prefix prefix-length

undo ipv6 prefix

Default

The prefix length for IPv6 proximity entries is 96.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

prefix-length: Specifies the prefix length for IPv6 proximity entries, in the range of 1 to 128.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Specify the prefix length for IPv6 proximity entries as 64.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity] ipv6 prefix 64

ipv6 range

Use ipv6 range to add an IPv6 address range to a SNAT address pool.

Use undo ipv6 range to remove an IPv6 address range from a SNAT address pool.

Syntax

ipv6 range start start-ipv6-address end end-ipv6-address [ failover-group group-name [ channel channel-id ] ]

undo ipv6 range start start-ipv6-address end end-ipv6-address

Default

An SNAT address pool does not contain IPv6 address ranges.

Views

SNAT address pool view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

start start-ipv6-address: Specifies the start IPv6 address.

end end-ipv6-address: Specifies the end IPv6 address, which must be greater than or equal to the start IPv6 address.

channel channel-id: Specifies a channel by its ID. The channel ID can be 0 or 1. The default channel ID is 0.

Usage guidelines

You can execute this command multiple times to add multiple IPv6 address ranges to a SNAT address pool. Each address range can have a maximum of 10000 IPv6 addresses. No overlapping IPv6 addresses are allowed in the same SNAT address pool or different SNAT address pools.

Examples

# Add IPv6 address range 1001::1 to 1001::100 to the SNAT address pool lbsp.

<Sysname> system-view

[Sysname] loadbalance snat-pool lbsp

[Sysname-lbsnat-pool-lbsp] ipv6 range start 1001::1 end 1001::100

Related commands

arp-nd interface (SNAT address pool view)

loadbalance snat-pool

ipv6 source prefix

Use ipv6 source prefix to specify the IPv6 prefix length for connection reuse.

Use undo ipv6 source prefix to restore the default.

Syntax

ipv6 source prefix prefix-length

undo ipv6 source prefix

Default

Client IPv6 addresses with a prefix length of 0 can reuse connections.

Views

OneConnect parameter profile view

MySQL parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

prefix-length: Specifies the prefix length in the range of 0 to 128.

Usage guidelines

Examples

# In OneConnect parameter profile ocp, set the prefix length for connection reuse to 24.

<Sysname> system-view

[Sysname] parameter-profile ocp type oneconnect

[Sysname-para-oneconnect-ocp] ipv6 source prefix 24

isp

Use isp to add an ISP to a region.

Use undo isp to delete an ISP from a region.

Syntax

isp isp-name

undo isp isp-name

Default

A region does not contain any ISPs.

Views

Region view

Predefined user roles

network-admin

context-admin

Parameters

isp-name: Specifies an ISP by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Add the ISP isp-ct to the region region-ct.

<Sysname> system-view

[Sysname] loadbalance region region-ct

[Sysname-lb-region-region-ct] isp isp-ct

Related commands

loadbalance region

keepalive idle-timeout

Use keepalive idle-timeout to set the idle timeout time for sending keepalive packets.

Use undo keepalive idle-timeout to restore the default.

Syntax

keepalive idle-timeout timeout-value

undo keepalive idle-timeout

Default

The idle timeout time for sending keepalive packets is 1800 seconds.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

timeout-value: Specifies the idle timeout time for sending keepalive packets, in the range of 1 to 65535 seconds.

Examples

# Set the timeout time for sending keepalive packets to 5 seconds in the TCP parameter profile profile.

<Sysname> system-view

[Sysname] parameter-profile profile type tcp

[Sysname-para-tcp-profile] keepalive idle-timeout 5

Related commands

display parameter-profile

keepalive retransmission interval

Use keepalive retransmission interval to set the retransmission interval and retransmission times for keepalive packets.

Use undo keepalive retransmission interval to restore the default.

Syntax

keepalive retransmission interval interval count count

undo keepalive retransmission

Default

The retransmission interval is 10 seconds, and the retransmission times is 3.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

interval: Specifies the retransmission interval for keepalive packets, in the range of 1 to 65535 seconds.

count: Specifies the retransmission times for keepalive packets, in the range of 1 to 65535.

Examples

# Set the retransmission interval and retransmission times for keepalive packets to 5 seconds and 10, respectively, in the TCP parameter profile profile.

<Sysname> system-view

[Sysname] parameter-profile profile type tcp

[Sysname-para-tcp-profile] keepalive retransmission interval 5 count 10

Related commands

display parameter-profile

lb-limit-policy

Use lb-limit-policy to apply an LB connection limit policy to a virtual server.

Use undo lb-limit-policy to restore the default.

Syntax

lb-limit-policy policy-name

undo lb-limit-policy

Default

No LB connection limit policies are applied to a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

policy-name: Specifies an LB connection limit policy by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Use this command to implement rate limit for user traffic.

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Apply the LB connection limit policy llp to the HTTP-type virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs]lb-limit-policy llp

Related commands

loadbalance limit-policy

lb-policy (transparent DNS proxy view)

Use lb-policy to specify an LB policy to be referenced by a transparent DNS proxy.

Use undo lb-policy to restore the default.

Syntax

lb-policy policy-name

undo lb-policy

Default

No LB policy is referenced by a transparent DNS proxy.

Views

Transparent DNS proxy view

Predefined user roles

network-admin

context-admin

Parameters

policy-name: Specifies an LB policy by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

By referencing an LB policy, a transparent DNS proxy implements load balancing for matching packets based on the packet contents.

A transparent DNS proxy can reference only a DNS policy template.

Examples

# Specify the LB policy dns-policy1 to be referenced by transparent DNS proxy dns-proxy1.

<Sysname> system-view

[Sysname] loadbalance dns-proxy dns-proxy1

[Sysname-lb-dp-udp-dns-proxy1] lb-policy dns-policy1

lb-policy (virtual server view)

Use lb-policy to specify an LB policy to be referenced by the specified virtual server.

Use undo lb-policy to restore the default.

Syntax

lb-policy policy-name

undo lb-policy

Default

No LB policy is referenced by a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

policy-name: Specifies an LB policy by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

By referencing an LB policy, the virtual server implements load balancing for matching packets based on the packet contents.

A virtual server can reference the policy template of the specified type. For example, a virtual server of the HTTP type can reference a policy template of the generic type or HTTP type. A virtual server of the IP, SIP, TCP, or UDP type can reference a policy template of the generic type only.

Examples

# Specify the LB policy lbp1 to be referenced by the IP-type virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] lb-policy lbp1

limit

Use limit to configure an LB connection limit rule.

Use undo limit to delete an LB connection limit rule.

Syntax

limit limit-id acl [ ipv6 ] { acl-number | name acl-name } [ per-destination | per-service | per-source ] * amount max-amount min-amount

undo limit limit-id

Default

No rules are configured for an LB connection limit policy.

Views

LB connection limit policy view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

limit-id: Specifies an LB connection limit rule ID. The value range for this argument is 1 to 65535.

acl: Specifies an ACL to limit user connections of a specified user range.

ipv6: Specifies an IPv6 ACL. If you do not specify this keyword, the command uses an IPv4 ACL.

acl-number: Specifies the ACL number in the range of 2000 to 3999.

name acl-name: Specifies an ACL by its name.

per-destination: Limits user connections by destination IP address.

per-service: Limits user connections by service. Services are classified by transport layer protocol and service port number.

per-source: Limits user connections by source IP address.

max-amount: Specifies the upper limit of connections, in the range of 1 to 4294967295. When the number of connections in a specified range or for a certain type reaches the upper limit, the device does not accept new connection requests.

min-amount: Specifies the lower limit of connections, in the range of 1 to 4294967295. The min-amount must be equal to or smaller than the max-amount. The device accepts new connection requests only when the number of connections drops below the lower limit.

Usage guidelines

An LB connection limit policy can have multiple rules. You can specify an ACL, a type, and the upper and lower limits for each rule. You can specify one or more of the per-destination, per-service, and per-source keywords for the command. For example, you can specify both the per-destination and per-source keywords to limit user connections by destination address and source address of packets.

You must specify a different ACL for each rule in an LB connection limit policy.

If the per-destination, per-service, and per-source keywords are not specified, the command limits all user connections matching the specified ACL.

The rules in an LB connection limit policy are matched in ascending order of the rule IDs until a match is found.

When the specified ACL changes, the device uses a new LB connection limit policy to process existing connections again.

Examples

# Configure rule 1 for the LB connection limit policy 1. Use ACL 3000 to permit user connections sourced from the network 192.168.0.0/24, and set the upper and lower limits to 2000 and 1800 for the user connections by source and destination addresses.

<Sysname> system-view

[Sysname] acl advanced 3000

[Sysname-acl-ipv4-adv-3000] rule permit ip source 192.168.0.0 0.0.0.255

[Sysname-acl-ipv4-adv-3000] quit

[Sysname] loadbalance limit-policy 1

[Sysname-lb-limit-policy-1] limit 1 acl 3000 per-destination per-source amount 2000 1800

link (DNS server view)

Use link to associate a link with a DNS server.

Use undo link to restore the default.

Syntax

link link-name

undo link

Default

No link is associated with a DNS server.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Parameters

link-name: Specifies a link by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

A DNS server can be associated with only one link. A link can be associated with multiple DNS servers.

Examples

# Associate link link1 with DNS server ds1.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1] link link1

link (link group view)

Use link to create a link group member and enter its view, or enter the view of an existing link group member.

Use undo link to delete a link group member.

Syntax

link link-name

undo link link-name

Default

No link group members exist.

Views

Link group view

Predefined user roles

network-admin

context-admin

Parameters

link-name: Specifies a link group member name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

You can use one of the following methods to add a member to a link group:

· Use the link command in link group view. H3C recommends using this method.

· Use the link-group command in link view.

You cannot use both methods to add a member with the same link name to a link group.

Examples

# Add link group member lk1 and enter link group member view.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] link lk1

[Sysname-lb-lgroup-lg-#member#-lk1]

Related commands

link-group (link view)

link-group (LB action view)

Use link-group to specify the primary link group.

Use undo link-group to restore the default.

Syntax

link-group link-group-name [ backup backup-link-group-name ] [ sticky sticky-name ]

undo link-group

Default

No primary link group is specified.

Views

LB action view

Predefined user roles

network-admin

context-admin

Parameters

link-group-name: Specifies a primary link group name, a case-insensitive string of 1 to 63 characters.

backup backup-link-group-name: Specifies a backup link group name, a case-insensitive string of 1 to 63 characters.

sticky sticky-name: Specifies the name of the sticky group corresponding to the link group. It is a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

The link-group and forward all commands are mutually exclusive. If you configure one command, the other command (if configured) is automatically cancelled.

When the primary link group is available (contains links), packets are forwarded through the primary link group. When the primary link group is not available, packets are forwarded through the backup link group.

Examples

# Specify the primary link group lg, the backup link group lgb, and the sticky group sg1 for the link-generic LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type link-generic

[Sysname-lba-link-generic-lba1] server-farm sf backup sfb sticky sg1

Related commands

forward all

link-group (link view)

Use link-group to specify a link group for a link.

Use undo link-group to restore the default.

Syntax

link-group link-group-name

undo link-group

Default

A link does not belong to any link group.

Views

Link view

Predefined user roles

network-admin

context-admin

Parameters

link-group-name: Specifies a link group name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

The device selects the best link from the matching link group to perform link load balancing.

Examples

# Specify the link group lkg1 for the link lk1.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] link-group lkg1

loadbalance action

Use loadbalance action to create an LB action and enter its view, or enter the view of an existing LB action.

Use undo loadbalance action to delete the specified LB action.

Syntax

loadbalance action action-name [ type { dns | generic | http | link-generic | radius } ]

undo loadbalance action action-name

Default

No LB actions exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

action-name: Specifies the LB action name, a case-insensitive string of 1 to 63 characters.

type { dns | generic | http | link-generic | radius }: Specifies an LB action type.

· dns: DNS load balancing action. Non-default vSystems do not support this parameter.

· generic: Generic server load balancing action.

· http: HTTP load balancing action.

· link-generic: Link load balancing action. Non-default vSystems do not support this parameter.

· radius: RADIUS load balancing action.

Usage guidelines

When you create an LB action, you must specify the LB action type. You can enter an existing LB action view without entering the type of the LB action.

You can create generic, HTTP, and RADIUS LB actions only if the device has licenses installed. For information about licensing, see license management in Fundamentals Configuration Guide.

Examples

# Create the LB action lba1 with the generic type, and enter LB action view.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1]

loadbalance alg

Use loadbalance alg to enable ALG for the specified protocols.

Use undo loadbalance alg to disable ALG for the specified protocols.

Syntax

loadbalance alg { dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet | tftp | xdmcp }

undo loadbalance alg { dns | ftp | h323 | icmp-error | ils | mgcp | nbt | pptp | rsh | rtsp | sccp | sip | sqlnet | tftp | xdmcp }

Default

ALG is enabled for the DNS, FTP, PPTP, and RTSP protocols and ICMP error packets.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

dns: Specifies the DNS protocol.

ftp: Specifies the FTP protocol.

h323: Specifies the H.323 protocol.

icmp-error: Specifies the ICMP error packets.

ils: Specifies the Internet Locator Service (ILS) protocol.

mgcp: Specifies the Media Gateway Control Protocol (MGCP).

nbt: Specifies the NetBIOS over TCP/IP (NBT) protocol.

pptp: Specifies the Point-to-Point Tunneling Protocol (PPTP).

rsh: Specifies the Remote Shell (RSH) protocol.

rtsp: Specifies the Real Time Streaming Protocol (RTSP).

sccp: Specifies the Skinny Client Control Protocol (SCCP).

sip: Specifies the Session Initiation Protocol (SIP).

sqlnet: Specifies the SQLNET protocol.

tftp: Specifies the TFTP protocol.

xdmcp: Specifies the X Display Manager Control Protocol (XDMCP).

Usage guidelines

The ALG feature distributes parent and child sessions to the same link.

SIP fragmented packets do not support the ALG feature.

Examples

# Enable ALG for TFTP.

<Sysname> system-view

[Sysname] loadbalance alg tftp

loadbalance alg all-enable

Use loadbalance alg all-enable to enable ALG for all protocols.

Use loadbalance alg all-disable to disable ALG for all protocols.

Syntax

loadbalance alg all-enable

loadbalance alg all-disable

Default

ALG is enabled for the DNS, FTP, PPTP, and RTSP protocols and ICMP error packets.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Examples

# Enable ALG for all protocols.

<Sysname> system-view

[Sysname] loadbalance alg all-enable

loadbalance class

Use loadbalance class to create an LB class and enter its view, or enter the view of an existing LB class.

Use undo loadbalance class to delete the specified LB class.

Syntax

loadbalance class class-name [ type { dns | generic | http | link-generic | mysql | radius } [ match-all | match-any ] ]

undo loadbalance class class-name

Default

No LB classes exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

class-name: Specifies the LB class name, a case-insensitive string of 1 to 63 characters.

type { dns | generic | http | link-generic | mysql | radius }: Specifies an LB class type.

· dns: DNS load balancing class. Non-default vSystems do not support this parameter.

· generic: Generic server load balancing class.

· http: HTTP load balancing class.

· link-generic: Link load balancing class. Non-default vSystems do not support this parameter.

· mysql: MySQL load balancing class.

· radius: RADIUS load balancing class.

[ match-all | match-any ]: Requires matching all rules or any rule of the LB class. match-all is the default match mode.

Usage guidelines

When you create an LB class, you must specify an LB class type. You can enter an existing LB class view without entering the type of the LB class.

You can create generic, HTTP, MySQL, and RADIUS LB classes only if the device has licenses installed. For information about licensing, see license management in Fundamentals Configuration Guide.

Examples

# Create the LB class lbc1 with the generic type, and enter LB class view.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type generic

[Sysname-lbc-generic-lbc1]

loadbalance dns-cache aging-time

Use loadbalance dns-cache aging-time to set the aging time for DNS cache entries.

Use undo loadbalance dns-cache aging-time to restore the default.

Syntax

loadbalance dns-cache aging-time aging-time

undo loadbalance dns-cache aging-time

Default

The aging time for DNS cache entries is 60 minutes.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

aging-time: Specifies the aging time for DNS cache entries, in the range of 1 to 1440 minutes.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the aging time for DNS cache entries to 100 minutes.

<Sysname> system-view

[Sysname] loadbalance dns-cache aging-time 100

loadbalance dns-listener

Use loadbalance dns-listener to create a DNS listener and enter its view, or enter the view of an existing DNS listener.

Use undo loadbalance dns-listener to delete a DNS listener.

Syntax

loadbalance dns-listener dns-listener-name

undo loadbalance dns-listener dns-listener-name

Default

No DNS listeners exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

dns-listener-name: Specifies the DNS listener name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

A DNS listener listens for DNS requests on the LB device.

Examples

# Create the DNS listener ct-listener, and enter DNS listener view.

<Sysname> system-view

[Sysname] loadbalance dns-listener ct-listener

[Sysname-lb-dl-ct-listener]

loadbalance dns-map

Use loadbalance dns-map to create a DNS mapping and enter its view, or enter the view of an existing DNS mapping.

Use undo loadbalance dns-map to delete a DNS mapping.

Syntax

loadbalance dns-map dns-map-name

undo loadbalance dns-map dns-map-name

Default

No DNS mappings exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

dns-map-name: Specifies the DNS mapping name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

A DNS mapping maps a domain name to the IP address of a virtual server pool. A domain name can be mapped to only one virtual server pool.

Examples

# Create the DNS mapping dm1, and enter DNS mapping view.

<Sysname> system-view

[Sysname] loadbalance dns-map dm1

[Sysname-lb-dm-dm1]

loadbalance dns-proxy

Use loadbalance dns-proxy to create a transparent DNS proxy and enter its view, or enter the view of an existing transparent DNS proxy.

Use undo loadbalance dns-proxy to delete a transparent DNS proxy.

Syntax

loadbalance dns-proxy dns-proxy-name type udp

undo loadbalance dns-proxy dns-proxy-name

Default

No transparent DNS proxies exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

dns-proxy-name: Specifies the transparent DNS proxy name, a case-insensitive string of 1 to 63 characters.

type udp: Specifies the transparent DNS proxy type as UDP.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Create the UDP transparent DNS proxy dns-proxy1, and enter UDP transparent DNS proxy view.

<Sysname> system-view

[Sysname] loadbalance dns-proxy dns-proxy1 type udp

[Sysname-lb-dp-udp-dns-proxy1]

Related commands

display loadbalance dns-proxy

loadbalance dns-server

Use loadbalance dns-server to create a DNS server and enter its view, or enter the view of an existing DNS server.

Use undo loadbalance dns-server to delete a DNS server.

Syntax

loadbalance dns-server dns-server-name

undo loadbalance dns-server dns-server-name

Default

No DNS servers exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

dns-server-name: Specifies the DNS server name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Create the DNS server ds1, and enter DNS server view.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1]

loadbalance dns-server-pool

Use loadbalance dns-server-pool to create a DNS server pool and enter its view, or enter the view of an existing DNS server pool.

Use undo loadbalance dns-server-pool to delete a DNS server pool.

Syntax

loadbalance dns-server-pool pool-name

undo loadbalance dns-server-pool pool-name

Default

No DNS server pools exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

pool-name: Specifies the DNS server pool name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Create the DNS server pool dns-pool1, and enter DNS server pool view.

<Sysname> system-view

[Sysname] loadbalance dns-server-pool dns-pool1

[Sysname-lb-dspool-dns-pool1]

loadbalance flow-redirect blade-aggregation

Use loadbalance flow-redirect blade-aggregation to distribute traffic to the specified Blade aggregate interfaces.

Use undo loadbalance flow-redirect to restore the default.

Syntax

loadbalance flow-redirect blade-aggregation

undo loadbalance flow-redirect

Default

Traffic is evenly distributed among failover groups.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This command distributes LB traffic to Blade aggregate interface 257 and distributes the return traffic that does not match any traffic distribution rules to Blade aggregate interface 1. This command requires the following configurations:

· Configure the link-aggregation load-sharing mode source-ip command on Blade aggregate interface 257.

· Configure the link-aggregation load-sharing mode destination-ip command on Blade aggregate interface 1.

Examples

# Distribute traffic to the specified Blade aggregate interfaces.

<Sysname> system-view

[Sysname] loadbalance flow-redirect blade-aggregation

Related commands

link-aggregation load-sharing mode (Layer 2—LAN Switching Command Reference)

loadbalance flow-redirect disable

Use loadbalance flow-redirect disable to disable traffic distribution rule deployment.

Use undo loadbalance flow-redirect disable to enable traffic distribution rule deployment.

Syntax

loadbalance flow-redirect disable

undo loadbalance flow-redirect disable

Default

Traffic distribution rule deployment is enabled.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

After you disable traffic distribution rule deployment, the system deletes the deployed traffic distribution rules, and does not deploy new traffic distribution rules. In this case, you must configure traffic redirection by using a QoS policy to ensure that the request and response packets are processed by one failover group. For information about configuring traffic redirection by using a QoS policy, see ACL and QoS Configuration Guide.

Examples

# Disable traffic distribution rule deployment.

<Sysname> system-view

[Sysname] loadbalance flow-redirect disable

loadbalance flow-redirect failover-group

Use loadbalance flow-redirect failover-group to distribute traffic to the specified failover group.

Use undo loadbalance flow-redirect to restore the default.

Syntax

loadbalance flow-redirect failover-group

undo loadbalance flow-redirect

Default

Traffic is evenly distributed among failover groups.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This command distributes LB traffic always to the failover group that is selected by NAT Server to process NAT traffic. The traffic distribution rule deployed by NAT Server distributes traffic always to one failover group. If you do not configure this command, the default LB traffic direction method might conflict with the traffic distribution rule deployed by NAT Server. As a result, load balancing fails to be performed. For more information about NAT Server, see Layer 3—IP Services Configuration Guide.

Examples

# Distribute traffic to the specified failover group.

<Sysname> system-view

[Sysname] loadbalance flow-redirect failover-group

loadbalance isp auto-update enable

Use loadbalance isp auto-update enable to enable ISP auto update.

Use undo loadbalance isp auto-update enable to disable ISP auto update.

Syntax

loadbalance isp auto-update enable

undo loadbalance isp auto-update enable

Default

ISP auto update is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

With ISP auto update enabled, the device regularly queries IP address information from the whois server according to the whois maintainer object of the ISP.

Examples

# Enable ISP auto update.

<Sysname> system-view

[Sysname] loadbalance isp auto-update enable

Related commands

loadbalance isp auto-update frequency

loadbalance isp auto-update whois-server

loadbalance isp auto-update frequency

Use loadbalance isp auto-update frequency to configure the ISP auto update frequency.

Use undo loadbalance isp auto-update frequency to restore the default.

Syntax

loadbalance isp auto-update frequency { per-day | per-week | per-month }

undo loadbalance isp auto-update frequency

Default

The ISP auto update is performed once per week.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

per-day: Updates ISP address information once per day.

per-week: Updates ISP address information once per week.

per-month: Updates ISP address information once per month.

Usage guidelines

Non-default vSystems do not support this command.

The specific update time is about 04:00:00 a.m. For the first auto update, the specific update time is 04:00:00 a.m on the next day.

Examples

# Configure the ISP auto update frequency as per day.

<Sysname> system-view

[Sysname] loadbalance isp auto-update frequency per-day

Related commands

loadbalance isp auto-update enable

loadbalance isp auto-update whois-server

Use loadbalance isp auto-update whois-server to specify the whois server to be queried for ISP auto update.

Use undo loadbalance isp auto-update whois-server to restore the default.

Syntax

loadbalance isp auto-update whois-server { domain domain-name | ip ip-address }

undo loadbalance isp auto-update whois-server

Default

No whois server is specified for ISP auto update.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

domain domain-name: Specify a whois server by its domain name, a case-insensitive, dot-separated string of 1 to 253 characters (for example, example.com). Each dot-separated part in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), and periods (.).

ip ip-address: Specify a whois server by its IPv4 address.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Specify the whois server with IP address 20.1.1.1 for ISP auto update.

<Sysname> system-view

[Sysname] loadbalance isp auto-update whois-server ip 20.1.1.1

loadbalance isp file

Use loadbalance isp file to import an ISP file.

Use undo loadbalance isp file to delete an ISP file.

Syntax

loadbalance isp file isp-file-name

undo loadbalance isp file

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

isp-file-name: Specifies the ISP file name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

Non-default vSystems do not support this command.

The system keeps the imported information intact when detecting the following problems:

· The file does not exist.

· The file name is invalid.

· File decryption occurs.

If the system quits the import operation because of IP address parsing failure, the system performs the following operations:

· Clears the most recently imported information.

· Saves the information imported this time.

You cannot delete the imported ISP and its IPv4 or IPv6 address. If the manually configured and imported ISP information overlaps, you can delete the manually configured ISP information.

To perform an active/standby MPU switchover, make sure the standby MPU has the same ISP file as the active MPU.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Import the ISP file isp2.

<Sysname> system-view

[Sysname] loadbalance isp file isp2

loadbalance isp name

Use loadbalance isp name to create an ISP and enter its view, or enter the view of an existing ISP.

Use undo loadbalance isp name to delete the specified ISP.

Syntax

loadbalance isp name isp-name

undo loadbalance isp name isp-name

Default

No ISPs exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

isp-name: Specifies the ISP name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Create ISP isp1, and enter ISP view.

<Sysname> system-view

[Sysname] loadbalance isp name isp1

[Sysname-lbisp-isp1]

loadbalance limit-policy

Use loadbalance limit-policy to create an LB connection limit policy and enter its view, or enter the view of an existing LB connection limit policy.

Use undo loadbalance limit-policy to delete an LB connection limit policy.

Syntax

loadbalance limit-policy policy-name

undo loadbalance limit-policy policy-name

Default

No LB connection limit policies exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

policy-name: Specifies the LB connection limit policy name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

Using an LB connection limit policy can limit the number of connections on the device. It helps prevent a large number of connections from consuming too many device system resources and server resources. In this way, internal network resources (hosts or servers) are protected, and device system resources can be used more appropriately.

Examples

# Create the LB connection limit policy llp, and enter LB connection limit policy view.

<Sysname> system-view

[Sysname] loadbalance limit-policy llp

[Sysname-lb-limit-policy-llp]

loadbalance link

Use loadbalance link to create an LB link and enter its view, or enter the view of an existing LB link.

Use undo loadbalance link to delete an LB link.

Syntax

loadbalance link link-name

undo loadbalance link link-name

Default

No LB links exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

link-name: Specifies the LB link name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

Each physical link connected to the external network corresponds to an LB link.

Examples

# Create the LB link lk1, and enter LB link view.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1]

loadbalance link-group

Use loadbalance link-group to create a link group and enter its view, or enter the view of an existing link group.

Use undo loadbalance link-group to delete a link group.

Syntax

loadbalance link-group link-group-name

undo loadbalance link-group link-group-name

Default

No link groups exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

link-group-name: Specifies the link group name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

You can add links that contain similar functions to a link group to facilitate management.

Examples

# Create the link group lg, and enter link group view.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg]

loadbalance local-dns-server parse-fail-record type

Use loadbalance local-dns-server parse-fail-record type to configure the types of DNS request parse failures to be recorded.

Use undo loadbalance local-dns-server parse-fail-record type to remove the configuration.

Syntax

loadbalance local-dns-server parse-fail-record type { a | aaaa | all-disable | all-enable | cname | mx | ns | ptr | soa | srv | txt }

undo loadbalance local-dns-server parse-fail-record type { a | aaaa | cname | mx | ns | ptr | soa | srv | txt }

Default

All types of DNS request parse failures are recorded.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

a: Specifies the A (host address) type.

aaaa: Specifies the AAAA type.

all-disable: Specifies no type.

all-enable: Specifies all types.

cname: Specifies the canonical name type.

mx: Specifies the mail exchanger type.

ns: Specifies the name server type.

ptr: Specifies the pointer type.

soa: Specifies the start of authority type.

srv: Specifies the service type.

txt: Specifies the text type.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Configure the A-type DNS request parse failures to be recorded.

<Sysname> system-view

[Sysname] loadbalance local-dns-server parse-fail-record type a

loadbalance local-dns-server parse-fail-record max-number

Use loadbalance local-dns-server parse-fail-record max-number to set the maximum number of DNS request parse failures to be recorded.

Use undo loadbalance local-dns-server parse-fail-record max-number to restore the default.

Syntax

loadbalance local-dns-server parse-fail-record max-number max-number

undo loadbalance local-dns-server parse-fail-record max-number

Default

The maximum number of DNS request parse failures to be recorded is 10000.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

max-number: Specifies the maximum number of DNS request parse failures to be recorded, in the range of 0 to 4294967295.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the maximum number of DNS request parse failures to be recorded to 600.

<Sysname> system-view

[Sysname] loadbalance local-dns-server parse-fail-record max-number 600

loadbalance local-dns-server schedule-test ip

Use loadbalance local-dns-server schedule-test ip to perform an IPv4 inbound link load balancing test for DNS resolution.

Syntax

In standalone mode:

loadbalance local-dns-server schedule-test ip [ vpn-instance vpn-instance-name ] destination destination-address [ destination-port destination-port ] source source-address source-port source-port type { { a | aaaa | cname | mx | ns | soa | srv | txt } domain domain-name | ptr ip address { ipv4-address | ipv6-address } } [ slot slot-number ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

context-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command is executed for the public network.

destination destination-address: Specifies the destination IPv4 address, the IPv4 address of the DNS listener.

destination-port destination-port: Specifies the destination port number in the range of 0 to 65535. The default is 53.

source source-address: Specifies the source IPv4 address.

source-port source-port: Specifies the source port number in the range of 0 to 65535.

type: Specifies a DNS request type.

a: Specifies the A (host address) type.

aaaa: Specifies the AAAA type.

cname: Specifies the canonical name type.

mx: Specifies the mail exchanger type.

ns: Specifies the name server type.

soa: Specifies the start of authority type.

srv: Specifies the service type.

txt: Specifies the text type.

domain domain-name: Specifies the domain name to be resolved, a case-insensitive, dot-separated string of 1 to 254 characters for an absolute domain name or 1 to 253 characters for a relative domain name. Each dot-separated label in the domain name can contain a maximum of 63 characters.

ptr: Specifies the pointer type, which is used to resolve an IP address into a domain name.

ip address { ipv4-address | ipv6-address }: Specifies the IP address to be resolved into a domain name.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command tests all cards. (In standalone mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Perform an IPv4 inbound link load balancing test on A-type DNS requests.

<Sysname> loadbalance local-dns-server schedule-test ip destination 7.7.7.7 destination-port 53 source 2.2.2.2 source-port 5 type a domain www.example.com

Slot 0:

Matched DNS listener: dl2

Matched zone: --

Matched DNS mapping: dm2

Matched virtual server pool: vsp2

Preferred scheduling algorithm: Round robin

Alternative scheduling algorithm: --

Fallback scheduling algorithm: --

Preferred algorithm failure cause: --

Alternative algorithm failure cause: --

Fallback algorithm failure cause: --

Selected virtual server: vs2

Response type: Send response

Failure cause: --

# Perform an IPv4 inbound link load balancing test on MX-type DNS requests.

<Sysname> loadbalance local-dns-server schedule-test ip destination 7.7.7.7 destination-port 53 source 2.2.2.2 source-port 5 type mx domain www.example.com

Slot 0:

Matched DNS listener: dl2

Matched zone: h3c.com

Response type: Send response

Failure cause: --

# Perform an IPv4 inbound link load balancing test on PTR-type DNS requests.

<Sysname> loadbalance local-dns-server schedule-test ip destination 7.7.7.7 destination-port 53 source 2.2.2.2 source-port 5 type ptr ip address 1.2.3.4

Slot 0:

Matched DNS listener: dl2

Matched zone: 1.2.3.0/24

Response type: Send response

Failure cause: --

Table 42 Command output

Field	Description
Matched zone	Matched DNS zone. · For a PTR-type DNS request, this field displays the IP address of the DNS reverse zone. · For a DNS request other than the PTR type, this field displays the domain name of the DNS forward zone.
Preferred scheduling algorithm	Preferred scheduling algorithm: · Round robin. · Random. · Least connection. · Topology. · Proximity. · Bandwidth. · Inbound bandwidth. · Outbound bandwidth. · Max bandwidth. · Max inbound bandwidth. · Max outbound bandwidth. · Hash address source IP. · Hash address destination IP. · Hash address source IP-port.
Alternative scheduling algorithm	Alternative scheduling algorithm: · Round robin. · Random. · Least connection. · Topology. · Proximity. · Bandwidth. · Inbound bandwidth. · Outbound bandwidth. · Max bandwidth. · Max inbound bandwidth. · Max outbound bandwidth. · Hash address source IP. · Hash address destination IP. · Hash address source IP-port.
Fallback scheduling algorithm	Backup scheduling algorithm: · Round robin. · Random. · Least connection. · Topology. · Proximity. · Bandwidth. · Inbound bandwidth. · Outbound bandwidth. · Max bandwidth. · Max inbound bandwidth. · Max outbound bandwidth. · Hash address source IP. · Hash address destination IP. · Hash address source IP-port.
Preferred algorithm failure cause	Preferred algorithm failure cause: · --—Scheduling succeeded. · No scheduling content. · Scheduling failed—The scheduling content exists, but scheduling failed. · No matched virtual server member.
Alternative algorithm failure cause	Alternative algorithm failure cause: · --—Scheduling succeeded. · No scheduling content. · Scheduling failed—The scheduling content exists, but scheduling failed. · No matched virtual server member.
Fallback algorithm failure cause	Backup algorithm failure cause: · --—Scheduling succeeded. · No scheduling content. · Scheduling failed—The scheduling content exists, but scheduling failed. · No matched virtual server member.
Response type	Response type for a DNS request: · Send response—Replies with a DNS response. · Send reject—Replies with a DNS reject. · No response—Does not respond to the DNS request.
Failure cause	Failure cause for DNS request parsing: · --—Parsing succeeded. · No matched DNS listener. · No matched DNS mapping. · No matched virtual server pool. · No matched DNS zone. · Failed to get buffer. · No matched record. · No enough memory resource. · Failed to parse domain. · Failed to find DNS listener by ID. · No scheduling content. · Scheduling failed—The scheduling content exists, but scheduling failed. · No matched virtual server member.

loadbalance local-dns-server schedule-test ipv6

Use loadbalance local-dns-server schedule-test ipv6 to perform an IPv6 inbound link load balancing test for DNS resolution.

Syntax

In standalone mode:

loadbalance local-dns-server schedule-test ipv6 [ vpn-instance vpn-instance-name ] destination destination-address [ destination-port destination-port ] source source-address source-port source-port type { { a | aaaa | cname | mx | ns | soa | srv | txt } domain domain-name | ptr ip address ipv4-address } [ slot slot-number ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

context-admin

Parameters

destination destination-address: Specifies the destination IPv6 address, the IPv6 address of the DNS listener.

destination-port destination-port: Specifies the destination port number in the range of 0 to 65535. The default is 53.

source source-address: Specifies the source IPv6 address.

source-port source-port: Specifies the source port number in the range of 0 to 65535.

type: Specifies a DNS request type.

a: Specifies the IPv4 host address type.

aaaa: Specifies the IPv6 host address type.

cname: Specifies the canonical name type.

mx: Specifies the mail exchanger type.

ns: Specifies the name server type.

soa: Specifies the start of authority type.

srv: Specifies the service type.

txt: Specifies the text type.

ptr: Specifies the pointer type, which is used to resolve an IP address to a domain name.

ip address { ipv4-address | ipv6-address }: Specifies the IP address to be resolved to a domain name.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command tests all cards. (In standalone mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Perform an IPv6 inbound link load balancing test on A-type DNS requests.

<Sysname> loadbalance local-dns-server schedule-test ipv6 destination 1::51 source 1::5 source-port 5 type a domain www.example.com

Slot 0:

Matched DNS listener: dl2

Matched zone: --

Matched DNS mapping: dm2

Matched virtual server pool: vsp2

Preferred scheduling algorithm: Round robin

Alternative scheduling algorithm: --

Fallback scheduling algorithm: --

Preferred algorithm failed cause: --

Alternative algorithm failed cause: --

Fallback algorithm failed cause: --

Selected virtual server: vsa1

Response type: Send response

Failure cause: --

# Perform an IPv6 inbound link load balancing test on MX-type DNS requests.

<Sysname> loadbalance local-dns-server schedule-test ipv6 destination 1::51 destination-port 953 source 1::5 source-port 5 type mx domain www.example.com

Slot 0:

Matched DNS listener: dl2

Matched zone: h3c.com

Response type: Send response

Failure cause: --

# Perform an IPv6 inbound link load balancing test on PTR-type DNS requests.

<Sysname> loadbalance local-dns-server schedule-test ipv6 destination 1::51 source 1::5 source-port 5 type ptr ip address 1.2.3.4

Slot 0:

Matched DNS listener: dl2

Matched zone: 1.2.3.0/24

Response type: Send response

Failure cause: --

Table 43 Command output

Field	Description
Matched zone	Matched DNS zone. · For a PTR-type DNS request, this field displays the IPv6 address of the DNS reverse zone. · For a DNS request other than the PTR type, this field displays the domain name of the DNS forward zone.
Preferred scheduling algorithm	Preferred scheduling algorithm: · Round robin. · Random. · Least connection. · Topology. · Proximity. · Bandwidth. · Inbound bandwidth. · Outbound bandwidth. · Max bandwidth. · Max inbound bandwidth. · Max outbound bandwidth. · Hash address source IP. · Hash address destination IP. · Hash address source IP-port.
Alternative scheduling algorithm	Alternative scheduling algorithm: · Round robin. · Random. · Least connection. · Topology. · Proximity. · Bandwidth. · Inbound bandwidth. · Outbound bandwidth. · Max bandwidth. · Max inbound bandwidth. · Max outbound bandwidth. · Hash address source IP. · Hash address destination IP. · Hash address source IP-port. · --—No alternative scheduling algorithm is configured.
Fallback scheduling algorithm	Backup scheduling algorithm: · Round robin. · Random. · Least connection. · Topology. · Proximity. · Bandwidth. · Inbound bandwidth. · Outbound bandwidth. · Max bandwidth. · Max inbound bandwidth. · Max outbound bandwidth. · Hash address source IP. · Hash address destination IP. · Hash address source IP-port. · --—No alternative scheduling algorithm is configured.
Preferred algorithm failure cause	Preferred algorithm failure cause: · --—Scheduling succeeded. · No scheduling content. · Scheduling failed—The scheduling content exists, but scheduling failed. · No matched virtual server member.
Alternative algorithm failure cause	Alternative algorithm failure cause: · --—Scheduling succeeded. · No scheduling content. · Scheduling failed—The scheduling content exists, but scheduling failed. · No matched virtual server member.
Fallback algorithm failure cause	Backup algorithm failure cause: · --—Scheduling succeeded. · No scheduling content. · Scheduling failed—The scheduling content exists, but scheduling failed. · No matched virtual server member.
Response type	Response type for a DNS request: · Send response—Replies with a DNS response. · Send reject—Replies with a DNS reject. · No response—Does not respond to the DNS request.
Failure cause	Failure cause for DNS request parsing: · --—Parsing succeeded. · No matched DNS listener. · No matched DNS mapping. · No matched virtual server pool. · No matched DNS zone. · Failed to get buffer. · Failed to get CONTEXT. · No matched record. · No enough memory resource. · Failed to parse domain. · Failed to find DNS listener by ID. · No scheduling content. · Scheduling failed—The scheduling content exists, but scheduling failed. · No matched virtual server member.

loadbalance log enable bandwidth-busy

Use loadbalance log enable bandwidth-busy to enable load balancing link busy state logging.

Use undo loadbalance log enable bandwidth-busy to disable load balancing link busy state logging.

Syntax

loadbalance log enable bandwidth-busy

undo loadbalance log enable bandwidth-busy

Default

Load balancing link busy state logging is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

Load balancing link busy state logging records busy states for all links.

Examples

# Enable load balancing link busy state logging.

<Sysname> system-view

[Sysname] loadbalance log enable bandwidth-busy

loadbalance log enable base

Use loadbalance log enable base to enable load balancing basic logging.

Use undo loadbalance log enable base to disable load balancing basic logging.

Syntax

loadbalance log enable base

undo loadbalance log enable base

Default

Load balancing basic logging is enabled.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

Load balancing basic logging generates logs for the following events:

· The state of a real server, real server group, link, or link group changes.

· The health monitoring result of a real server or link changes.

· The number of connections on a real server, virtual server, or link reaches or drops below the upper limit.

· The connection establishment rate on a real server, virtual server, or link reaches or drops below the upper limit.

· A primary/backup server farm switchover occurs between server farms specified for a virtual server.

· A primary/backup link group switchover occurs between link groups specified for a virtual server.

· A primary/backup server farm switchover occurs between server farms specified for an LB action.

· A primary/backup link group switchover occurs between link groups specified for an LB action.

Examples

# Enable load balancing basic logging.

<Sysname> system-view

[Sysname] loadbalance log enable base

loadbalance log enable link-flow

Use loadbalance log enable link-flow to enable load balancing link flow logging.

Use undo loadbalance log enable link-flow to disable load balancing link flow logging.

Syntax

loadbalance log enable link-flow

undo loadbalance log enable link-flow

Default

Load balancing link flow logging is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

Use this command to enable logging for flows forwarded through all links.

Examples

# Enable load balancing link flow logging.

<Sysname> system-view

[Sysname] loadbalance log enable link-flow

loadbalance log enable nat

Use loadbalance log enable nat to enable load balancing NAT logging.

Use undo loadbalance log enable nat to disable load balancing NAT logging.

Syntax

loadbalance log enable nat

undo loadbalance log enable nat

Default

Load balancing NAT logging is disabled.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

Load balancing NAT logging records NAT session information, including IP address and port translation information and access information.

Load balancing NAT logs are exported as flow logs. To export load balancing NAT logs, you must also configure flow log settings.

For more information about flow logs, see Network Management and Monitoring Configuration Guide.

Examples

# Enable load balancing NAT logging.

<Sysname> system-view

[Sysname] loadbalance log enable nat

loadbalance policy

Use loadbalance policy to create an LB policy and enter its view, or enter the view of an existing LB policy.

Use undo loadbalance policy to delete the specified LB policy.

Syntax

loadbalance policy policy-name [ type { dns | generic | http | link-generic | mysql | radius } ]

undo loadbalance policy policy-name

Default

No LB policies exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

policy-name: Specifies the LB policy name, a case-insensitive string of 1 to 63 characters.

type { dns | generic | http | link-generic | mysql | radius }: Specifies an LB policy type.

· dns: DNS load balancing policy. Non-default vSystems do not support this parameter.

· generic: Generic server load balancing policy.

· http: HTTP load balancing policy.

· link-generic: Link load balancing policy. Non-default vSystems do not support this parameter.

· mysql: MySQL load balancing policy.

· radius: RADIUS load balancing policy.

Usage guidelines

When you create an LB policy, you must specify the LB policy type. You can enter existing LB policy view without entering the type of the LB policy.

You can create generic, HTTP, MySQL, and RADIUS LB policies only if the device has licenses installed. For information about licensing, see license management in Fundamentals Configuration Guide.

Examples

# Create the LB policy lbp1 with the generic type, and enter LB policy view.

<Sysname> system-view

[Sysname] loadbalance policy lbp1 type generic

[Sysname-lbp-generic-lbp1]

loadbalance probe-template

Use loadbalance probe-template to create an LB probe template and enter its view, or enter the view of an existing LB probe template.

Use undo loadbalance probe-template to delete an LB probe template.

Syntax

loadbalance probe-template { external-monitor | http-passive | icmp | tcp-rst | tcp-zero-window } template-name

undo loadbalance probe-template { external-monitor | http-passive | icmp | tcp-rst | tcp-zero-window } template-name

Default

No LB probe templates exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

external-monitor: Specifies the custom-monitoring-type template. Non-default vSystems do not support this parameter.

http-passive: Specifies the HTTP-passive-type template.

icmp: Specifies the ICMP-type template. Non-default vSystems do not support this parameter.

tcp-rst: Specifies the TCP-RST template.

tcp-zero-window: Specifies the TCP zero-window template.

template-name: Specifies a template name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

A server farm, a server farm member, or a real server can use a custom-monitoring LB probe template to detect the health state of each real server.

A server farm can use an HTTP passive LB probe template to count the number of URL error times by monitoring the responses of HTTP requests to each real server.

The proximity feature can use an ICMP LB probe template to start ICMP tests and identify the reachability of hosts according to received ICMP responses.

A server farm can use a TCP-RST or TCP zero-window LB probe template to count the number of RST packets or zero-window packets sent by each server farm member.

Examples

# Create an LB probe template named icmptplt, and enter LB probe template view.

<Sysname> system-view

[Sysname] loadbalance probe-template icmp icmptplt

[Sysname-lbpt-icmp-icmptplt]

loadbalance process-limit

Use loadbalance process-limit to set the maximum number of processes allowed to be started for custom monitoring.

Use undo loadbalance process-limit to restore the default.

Syntax

loadbalance process-limit number

undo loadbalance process-limit

Default

A maximum of four processes can be started for custom monitoring.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

number: Specifies the maximum number of processes, in the range of 1 to 8.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the maximum number of processes allowed to be started for custom monitoring to 200.

<Sysname> system-view

[Sysname] loadbalance process-limit 200

Related commands

display loadbalance process-limit

loadbalance protection-policy

Use loadbalance protection-policy to create a protection policy and enter its view, or enter the view of an existing protection policy.

Use undo loadbalance protection-policy to delete a protection policy.

Syntax

loadbalance protection-policy policy-name [ type http ]

undo loadbalance protection-policy policy-name

Default

No protection policies exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

policy-name: Specifies a protection policy name, a case-insensitive string of 1 to 63 characters.

type http: Specifies the HTTP-type protection policy. When you create a protection policy, you must specify the policy type. You can enter the view of an existing protection policy without specifying the policy type.

Examples

# Create an HTTP protection policy named p1 and enter its view.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1 type http

[Sysname-lbpp-http-p1]

loadbalance proximity

Use loadbalance proximity to create proximity and enter its view, or enter the view of the existing proximity.

Use undo loadbalance proximity to delete proximity view and clear all configuration in proximity view.

Syntax

loadbalance proximity [ vpn-instance vpn-instance-name ]

undo loadbalance proximity [ vpn-instance vpn-instance-name ]

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Create and enter proximity view.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity]

loadbalance region

Use loadbalance region to create a region and enter its view, or enter the view of an existing region.

Use undo loadbalance region to delete a region.

Syntax

loadbalance region region-name

undo loadbalance region region-name

Default

No regions exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

region-name: Specifies the region name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

A region contains network segments corresponding to different ISPs.

Examples

# Create the region isp-ct, and enter region view.

<Sysname> system-view

[Sysname] loadbalance region isp-ct

[Sysname-lb-region-isp-ct]

loadbalance reload external-link file

Use loadbalance reload external-link file to load an external link rewrite file.

Use undo loadbalance reload external-link file to remove the configuration.

Syntax

loadbalance reload external-link file filename

undo loadbalance reload external-link file

Default

No external link rewrite file is used.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

filename: Specifies a file by its complete name, a case-insensitive string of 1 to 256 characters.

Usage guidelines

Non-default vSystems do not support this command.

If the file content has changed, you must reload the external link rewrite file to ensure it is effective.

Make sure the file format is supported by the client browser. As a best practice, use the JS script file.

By default, a distributed device loads the external link rewrite file from the active MPU.

Make sure the name of the external link rewrite file is different from the response file for HTTP requests.

Examples

# Load external link rewrite file /sub_lb_sw.js.

<Sysname> system-view

[Sysname] loadbalance reload external-link file /sub_lb_sw.js

Related commands

external-link inject-domain-suffix

external-link inject-uri

external-link proxy enable

external-link whitelist domain

loadbalance reverse-zone

Use loadbalance reverse-zone to create a DNS reverse zone and enter its view, or enter the view of an existing DNS reverse zone.

Use undo loadbalance reverse-zone to delete a DNS reverse zone.

Syntax

loadbalance reverse-zone { ip ipv4-address mask-length | ipv6 ipv6-address prefix-length }

undo loadbalance reverse-zone { ip ipv4-address mask-length | ipv6 ipv6-address prefix-length }

Default

No DNS reverse zones exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

ip ipv4-address mask-length: Specifies an IPv4 address and mask length for the DNS reverse zone. The value range for the mask-length argument is 0 to 32.

ipv6 ipv6-address prefix-length: Specifies an IPv6 address and prefix length for the DNS reverse zone. The value range for the prefix-length argument is 0 to 128.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Create a DNS reverse zone with IPv4 address 10.11.2.0/24, and enter DNS reverse zone view.

<Sysname> system-view

[Sysname] loadbalance reverse-zone ip 10.11.2.0 24

[Sysname-lb-rzone-10.11.2.0/24]

# Create a DNS reverse zone with IPv6 address 1001::0/64, and enter DNS reverse zone view.

<Sysname> system-view

[Sysname] loadbalance reverse-zone ipv6 1001::0 64

[Sysname-lb-rzone-1001::/64]

Related commands

display loadbalance reverse-zone

loadbalance session flow-redirect local

Use loadbalance session flow-redirect local to enable traffic processing on the security module that forwards return packets.

Use undo loadbalance session flow-redirect local to restore the default.

Syntax

loadbalance session flow-redirect local

undo loadbalance session flow-redirect local

Default

The device transparently transmits the return packets to the security module where the original packets are forwarded.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

After you execute the session flow-redirect enable command to enable session flow redirection, the packets and return packets of a data flow can be correctly processed when they are forwarded to different security modules. After this feature is enabled, the system immediately synchronizes the session information created for the packets to the security module where return packets are processed. If the original packets and return packets are forwarded to different security modules, the device transparently transmits the return packets to the security module where the original packets are forwarded. This command disables transparent transmission of return packets to the security module of the original packets if they are forwarded to different security modules. The return packets will be directly processed by the local security module. Without transparent packet transmission, you can save resource costs and improve device performance. For more information about session flow redirection, see session management in Security Configuration Guide.

For the session flow redirection feature to take effect, first disable traffic distribution rule deployment with the loadbalance flow-redirect disable command.

Do not execute this command for the Layer 7 server load balancing or ALG feature that requires processing both packets and return packets on the same security module.

Examples

# Enable traffic processing on the security module that forwards return packets.

<Sysname> system

[Sysname] loadbalance session flow-redirect local

Related commands

loadbalance flow-redirect disable

session flow-redirect enable (Security Command Reference)

loadbalance schedule-test ip

Use loadbalance schedule-test ip to perform an IPv4 load balancing test.

Syntax

In standalone mode:

loadbalance schedule-test ip [ vpn-instance vpn-instance-name ] { application http { message-file file-name | method { get | post } url url [ header header ]&<1-10> [ content content-value ] } | protocol { protocol-number | icmp | tcp | udp } } destination destination-address destination-port destination-port source source-address source-port source-port [ slot slot-number ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

context-admin

Parameters

application: Specifies an application to be tested.

http: Specifies the HTTP application.

message-file file-name: Specifies the file that contains HTTP packet contents. The file name is a case-insensitive string of 1 to 255 characters. The file size cannot exceed 5000 bytes.

method: Specifies an HTTP request method.

get: Specifies the GET method.

post: Specifies the POST method.

url url: Specifies a URL for the HTTP packet, a case-insensitive string of 1 to 255 characters. A URL can contain letters, digits, hyphens (-), underscores (_), and periods (.). The URL cannot contain consecutive periods.

[ header header ]&<1-10>: Specifies a space-separated list of up to 10 HTTP packet headers. A header is a case-sensitive string of 1 to 127 characters excluding question marks (?).

content content-value: Specifies the content of the HTTP packet body, a case-sensitive string of 1 to 255 characters excluding question marks (?).

protocol { protocol-number | icmp | tcp | udp }: Specifies a protocol by its number in the range of 0 to 255 or by its name. For ICMP (1), TCP (6), and UDP (17), you can enter the protocol number or protocol name.

destination destination-address: Specifies the destination IPv4 address.

destination-port destination-port: Specifies the destination port number in the range of 0 to 65535. This option is not supported by some protocols.

source source-address: Specifies the source IPv4 address.

source-port source-port: Specifies the source port number in the range of 0 to 65535. This option is not supported by some protocols.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command tests all cards. (In standalone mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Perform an IPv4 load balancing test for the TCP protocol.

<Sysname> loadbalance schedule-test ip protocol tcp destination 7.7.7.7 destination-port 4 source 2.2.2.2 source-port 5

Matched virtual server: vs2

Matched default server farm: sf

Forward type: Forwarding to real server

Selected real server: rs2

Scheduling algorithm: Predictor

# Perform an IPv4 load balancing test for the TCP protocol.

<Sysname> loadbalance schedule-test ip protocol tcp destination 7.7.7.7 destination-port 4 source 2.2.2.2 source-port 5

Matched virtual server: vs2

Matched default link group: lg

Forward type: Forwarding to link

Selected link: link2

Scheduling algorithm: Predictor

Table 44 Command output

Field	Description
Forward type	Forwarding mode: · The destination address is not supported. Load balancing is not performed. · Matching HTTP virtual server is not supported—An HTTP virtual server is matched. Load balancing is not supported. · Forward all—Forwards packets. · Forwarding to real server—Forwards packets to the real server. · Forwarding to link—Forwards packets to the link. · Drop—Drops packets. · Redirect—Redirects packets. · Waiting—Enqueues packets.
Drop reason	Packet drop reason: · Number of connections or bandwidth for the virtual server exceeded the limit. · No class matched and no valid default server farm/link group configured. · No valid real server/link in the server farm/link group. · Action is drop. · A sticky entry was matched but the number of connections or bandwidth for the real server/link exceeded the limit. · A class was matched but no valid server farm/link group exists in the action of the class. · The HTTP message is not valid. · The HTTP request line is not valid. · The HTTP header is not valid. · The chunk HTTP content is not valid. · The server farm is busy. · Queue overflow (which means the wait queue is full).
Scheduling algorithm	Scheduling algorithm used to select the real server or link: · Predictor—The real server or link is selected by using the scheduling algorithm. · Sticky method—The real server or link is selected by using the sticky method. · Proximity—The link is selected by using the proximity feature.

loadbalance schedule-test ipv6

Use loadbalance schedule-test ipv6 to perform an IPv6 load balancing test.

Syntax

In standalone mode:

loadbalance schedule-test ipv6 [ vpn-instance vpn-instance-name ] { application http { message-file file-name | method { get | post } url url [ header header ]&<1-10> [ content content-value ] } | protocol { protocol-number | icmpv6 | tcp | udp } } destination destination-address destination-port destination-port source source-address source-port source-port [ slot slot-number ]

In IRF mode:

Views

Any view

Predefined user roles

network-admin

context-admin

Parameters

application: Specifies an application to be tested.

http: Specifies the HTTP application.

message-file file-name: Specifies the file that contains HTTP packet contents. The file name is a case-insensitive string of 1 to 255 characters. The file size cannot exceed 5000 bytes.

method: Specifies an HTTP request method.

get: Specifies the GET method.

post: Specifies the POST method.

[ header header ]&<1-10>: Specifies a space-separated list of up to 10 HTTP packet headers. A header is a case-sensitive string of 1 to 127 characters excluding question marks (?).

content content-value: Specifies the content of the HTTP packet body, a case-sensitive string of 1 to 255 characters excluding question marks (?).

protocol { protocol-number | icmpv6 | tcp | udp }: Specifies a protocol by its number in the range of 0 to 255 or by its name. For ICMPv6 (58), TCP (6), and UDP (17), you can enter the protocol number or protocol name.

destination destination-address: Specifies the destination IPv6 address.

destination-port destination-port: Specifies the destination port number in the range of 0 to 65535. This option is not supported by some protocols.

source source-address: Specifies the source IPv6 address.

source-port source-port: Specifies the source port number in the range of 0 to 65535. This option is not supported by some protocols.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command tests all cards. (In standalone mode.)

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Schedule an IPv6 load balancing test for the ICMPv6 protocol.

<Sysname> loadbalance schedule-test ipv6 protocol icmpv6 destination 10::1 source 12::2

Matched virtual server: vs2

Matched default server farm: sf

Forward type: Forwarding to real server

Selected real server: rs2

Scheduling algorithm: Predictor

# Schedule an IPv6 load balancing test for the ICMPv6 protocol.

<Sysname> loadbalance schedule-test ipv6 protocol icmpv6 destination 10::1 source 12::2

Matched virtual server: vs2

Matched default link group: lg

Forward type: Forwarding to link

Selected link: link2

Scheduling algorithm: Predictor

Table 45 Command output

Field	Description
Forward type	Forwarding mode: · The destination address is not supported. Load balancing is not performed. · Matching HTTP virtual server is not supported—An HTTP virtual server is matched. Load balancing is not supported. · Forward all—Forwards packets. · Forwarding to real server/link—Forwards packets to the real server or link. · Drop—Drops packets. · Redirect—Redirects packets. · Waiting—Enqueues packets.
Drop reason	Packet drop reason: · Number of connections or bandwidth for the virtual server exceeded the limit. · No class matched and no valid default server farm/link group configured. · No valid real server/link in the server farm/link group. · Action is drop. · A sticky entry was matched but the number of connections or bandwidth for the real server/link exceeded the limit. · A class was matched but no valid server farm/link group exists in the action of the class. · The HTTP message is not valid. · The HTTP request line is not valid. · The HTTP header is not valid. · The chunk HTTP content is not valid. · The server farm is busy. · Queue overflow (which means the wait queue is full).
Scheduling algorithm	Scheduling algorithm used to select the real server or link: · Predictor—The real server or link is selected by using the scheduling algorithm. · Sticky method—The real server or link is selected by using the sticky method. · Proximity—The link is selected by using the proximity feature.

loadbalance snat-global-policy

Use loadbalance snat-global-policy to create a SNAT global policy and enter its view, or enter the view of an existing SNAT global policy.

Use undo loadbalance snat-global-policy to delete the specified SNAT global policy.

Syntax

loadbalance snat-global-policy policy-name

undo loadbalance snat-global-policy policy-name

Default

No SNAT global policies exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

policy-name: Specifies the SNAT global policy name, a case-insensitive string of 1 to 63 characters.

Examples

# Create the SNAT global policy sn1, and enter SNAT global policy view.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1]

Related commands

snat-mode

snat-pool (server farm view)

loadbalance snat-pool

Use loadbalance snat-pool to create a SNAT address pool and enter its view, or enter the view of an existing SNAT address pool.

Use undo loadbalance snat-pool to delete the specified SNAT address pool.

Syntax

loadbalance snat-pool pool-name [ type { address-split | failover-group | port-split } ]

undo loadbalance snat-pool pool-name

Default

No SNAT address pools exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

pool-name: Specifies the SNAT address pool name, a case-insensitive string of 1 to 63 characters.

type: Specifies a splitting method for the SNAT address pool. If you do not specify this keyword, the address-split method is used.

address-split: Specifies the address-based splitting method.

failover-group: Specifies the failover group-based splitting method.

port-split: Specifies the port-based splitting method.

Usage guidelines

When multiple service modules are installed on the device, address conflicts might occur among the service modules. To solve this problem, you can split a SNAT address pool by using the following methods:

· Address-based splitting—Evenly divides IP addresses in the address pool among failover groups. Each failover group uses a unique subset of the IP addresses in the address pool.

· Port-based splitting—Evenly divides port numbers in the address pool among failover groups. Each failover group uses the full set of the IP addresses in the address pool, with a different set of port numbers.

· Failover group-based splitting—Uses an IP address range in an address pool only for a specific failover group. When you configure an IP address range for an address pool, you can specify the failover group to use that IP address range.

For more information about failover groups, see Virtual Technologies Configuration Guide.

Examples

# Create the SNAT address pool lbsp, and enter SNAT address pool view.

<Sysname> system-view

[Sysname] loadbalance snat-pool lbsp

[Sysname-lbsnat-pool-lbsp]

loadbalance snat-pool reset

Use loadbalance snat-pool reset to reassign IP address ranges in a SNAT address pool to multiple security engines.

Syntax

loadbalance snat-pool pool-name reset

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

pool-name: Specifies the SNAT address pool name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

CAUTION:

This command might result in temporary traffic interruption. Make sure you understand the potential impact before executing this command.

Non-default vSystems do not support this command.

After you execute this command, the device reassigns IP address ranges in the specified SNAT address pool to multiple security engines to balance the loads and save resources.

As a best practice, execute this command after you create an SNAT address pool.

Examples

# Reassign IP address ranges in SNAT address pool sp1 to multiple security engines.

<Sysname> system-view

[Sysname] loadbalance snat-pool sp1 reset

loadbalance test pcre

Use loadbalance test pcre to perform a PCRE regular expression match test and display the match result.

Syntax

loadbalance test pcre value value { string string | file file-name } [ offset offset ] [ case-insensitive ]

Views

Any view

Predefined user roles

network-admin

context-admin

Parameters

value value: Specifies a PCRE regular expression, a case-sensitive string of 1 to 255 characters excluding question marks (?).

string string: Specifies the string to be tested, a case-sensitive string of 1 to 255 characters.

file file-name: Specifies the file to be tested by its name, a case-insensitive string of 1 to 255 characters. The file size cannot exceed 5000 bytes.

offset offset: Specifies the offset from the content to be tested, in the range of 0 to 255 bytes. The default is 0.

case-insensitive: Enables case-insensitivity matching. If you do not specify this keyword, case-sensitivity matching applies.

Usage guidelines

Non-default vSystems do not support this command.

If the specified string or file matches the PCRE regular expression multiple times, the device displays only the result of the first match.

For a string test, the device displays the match result in text strings. For a file test, the device displays the match result in both hexadecimal characters and text strings. Characters that cannot be displayed are represented as periods (.).

Examples

# Perform a PCRE regular expression match test for string ABCDAAaefg.

<Sysname> loadbalance test pcre value aaa string ABCDAAaefg case-insensitive

Matched string content: AAa

# Perform a PCRE regular expression match test for file 123.txt.

<Sysname> loadbalance test pcre value dzckgjlfdsfdsfsdnfsdkjgnf file 123.txt

Matched file content:

64 7a 63 6b 67 6a 6c 66 64 73 66 64 73 66 73 64 dzckgjlf dsfdsfsd

6e 66 73 64 6b 6a 67 6e 66 64 nfsdkjgn f

loadbalance test rewrite

Use loadbalance test rewrite to perform a regular-expression-based rewrite test and display the rewrite result.

Syntax

loadbalance test rewrite value value replace replace-string { string string | file file-name } [ offset offset ] [ case-insensitive ]

Views

Any view

Predefined user roles

network-admin

context-admin

Parameters

value value: Specifies a regular expression to match the content to be rewritten, a case-sensitive string of 1 to 255 characters excluding question marks (?). You can also specify the following character strings:

· %is—Source IP address.

· %ps—Source port number.

· %id—Destination IP address.

· %pd—Destination port number.

replace replace-string: Specifies the content after rewrite, a case-sensitive string of 1 to 255 characters.

string string: Specifies the string to be tested, a case-sensitive string of 1 to 255 characters.

file file-name: Specifies the file to be tested by its name, a case-insensitive string of 1 to 255 characters. The file size cannot exceed 5000 bytes.

offset offset: Specifies the offset from the content to be tested, in the range of 0 to 255 bytes. The default is 0.

case-insensitive: Enables case-insensitivity matching. If you do not specify this keyword, case-sensitivity matching applies.

Usage guidelines

Non-default vSystems do not support this command.

If the string or file to be tested matches the regular expression, the device replaces the matching content with the content after rewrite.

If the string or file matches the regular expression multiple times, the device displays only the rewrite result of the first match.

For a string test, the device displays the rewrite result in text strings. For a file test, the device displays the rewrite result in both hexadecimal characters and text strings. Characters that cannot be displayed are represented as periods (.).

Examples

# Perform a rewrite test for string ABCDAAaefg.

<Sysname> loadbalance test rewrite value %id replace ip:%id,port:%pd string ABCDAAaefg case-insensitive

Rewritten string content: ABCD172.0.0.1fg

# Perform a rewrite test for file 123.txt.

<Sysname> loadbalance test rewrite value dzckgjlfdsfdsfsdnfsdkjgnf replace ip:%id,port:%pd file 123.txt

Rewritten file content:

66 67 73 2d 61 47 76 61 73 64 64 73 61 67 76 62 fgs-aGva sddsagvb

64 6a 63 78 6b 6c 63 78 76 0d 0a 0d 0a 0d 0a 0d djcxklcx v.......

0a 69 70 3a 31 37 32 2e 30 2e 30 2e 31 2c 70 6f .ip:172. 0.0.1,po

72 74 3a 38 30 09 6a 6b 64 67 6e 66 64 6a 6b 67 rt:80.jk dgnfdjkg

6e 66 64 6b 6a 67 6e 66 64 6b 6e 67 76 73 64 66 nfdkjgnf dkngvsdf

6c 0d 0a 0d 0a 0d 0a 0d 0a 66 67 73 2b 61 67 76 l....... .fgs+agv

61 73 64 64 73 61 67 76 62 64 6a 63 78 6b 6c 63 asddsagv bdjcxklc

78 76 0d 0a 66 67 73 64 61 67 76 61 73 64 64 73 xv..fgsd agvasdds

61 67 76 62 64 6a 63 78 6b 6c 63 78 76 agvbdjcx klcxv

loadbalance virtual-server-pool

Use loadbalance virtual-server-pool to create a virtual server pool and enter its view, or enter the view of an existing virtual server pool.

Use undo loadbalance virtual-server-pool to delete a virtual server pool.

Syntax

loadbalance virtual-server-pool pool-name

undo loadbalance virtual-server-pool pool-name

Default

No virtual server pools exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

pool-name: Specifies the virtual server pool name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

You can add virtual servers with similar functions to a virtual server pool to facilitate management.

Examples

# Create the virtual server pool local-pool, and enter virtual server pool view.

<Sysname> system-view

[Sysname] loadbalance virtual-server-pool local-pool

[Sysname-lb-vspool-local-pool]

loadbalance zone

Use loadbalance zone to create a DNS forward zone and enter its view, or enter the view of an existing DNS forward zone.

Use undo loadbalance zone to delete a DNS forward zone.

Syntax

loadbalance zone domain-name

undo loadbalance zone domain-name

Default

No DNS forward zones exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

domain-name: Specifies a domain name for the DNS forward zone, a case-insensitive string of 1 to 253 characters. Each dot-separated part in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), and dots (.).

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Create a DNS forward zone with domain name example.com, and enter DNS forward zone view.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com]

Related commands

display loadbalance zone

match

Use match to specify the proximity probe method for packets.

Use undo match to restore the default.

Syntax

match [ match-id ] tcp { lb-probe lb-template | probe nqa-template }

undo match match-id

Default

No proximity probe method is specified.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

match-id: Specifies a proximity probe method by its ID in the range of 1 to 65535. If the rule does not exist, the command creates the proximity probe method. If the rule already exists, the command modifies the proximity probe method. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest available ID.

tcp: Specifies TCP packets.

lb-probe lb-template: Specifies an LB probe template by its name, a case-insensitive string of 1 to 32 characters.

probe nqa-template: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

Non-default vSystems do not support this command.

If the match command is configured, the specified proximity probe method applies. If no packets match the type in the match command or the match command is not configured, the default proximity probe method specified by using the match default command applies.

You can specify only one proximity probe method for each type of packets.

If both the match command and the match default command are configured, specify the same template type in the two commands as a best practice for both templates to take effect. If you specify different template types, the NQA template does not take effect.

Examples

# Create the ICMP-type NQA template t4, and specify the NQA template as the proximity probe method for TCP packets.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] loadbalance proximity

[Sysname-lb-proximity] match tcp probe t4

Related commands

match default

match acl

Use match class to create an ACL match rule or modify an existing ACL match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] acl [ ipv6 ] { acl-number | name acl-name }

undo match match-id

Default

No match rules exist.

Views

LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

ipv6: Specifies an IPv6 ACL. If you do not specify this keyword, the command creates an IPv4 ACL.

acl-number: Specifies the ACL number in the range of 2000 to 3999.

name acl-name: Specifies an ACL by its name, a case-insensitive string of 1 to 63 characters starting with a letter.

Usage guidelines

If the specified ACL does not exist, this rule is not matched.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an ACL match rule for the generic LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type generic

[Sysname-lbc-generic-lbc1] match acl 2000

match app-group

Use match app-group to create an application group match rule or modify an existing application group match rule.

Use undo match app-group to delete a match rule.

Syntax

match [ match-id ] app-group group-name

undo match match-id

Default

No match rules exist.

Views

Link-generic LB class view

Predefined user roles

network-admin

context-admin

Parameters

match-id: Specifies a match rule ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

app-group group-name: Specifies an application group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

If the specified application group does not exist, the rule does not take effect.

Examples

# Create an application group match rule for the link-generic LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type link-generic

[Sysname-lbc-link-generic-lbc1] match app-group http

Related commands

app-group (Security Command Reference)

match class

Use match class to create a match rule that references an LB class or modify an existing match rule that references an LB class.

Use undo match to delete a match rule.

Syntax

match [ match-id ] class class-name

undo match match-id

Default

An LB class does not have a match rule.

Views

LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

class-name: Specifies an LB class by its name, a case-insensitive string of 1 to 63 characters, to be referenced by the match rule. The current LB class cannot be referenced.

Usage guidelines

A match rule cannot reference an LB class that has already been referenced.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a match rule that references the LB class lbc2 for the generic LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type generic

[Sysname-lbc-generic-lbc1] match class lbc2

match content

Use match content to create an HTTP entity match rule or modify an existing HTTP entity match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] content content [ offset offset ]

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

content content: Specifies the HTTP entity regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

offset offset: Specifies the offset value of the HTTP entity based on the start of the HTTP packet, in the range of 0 to 1000 bytes. The default is 0.

Usage guidelines

If the entity of an HTTP packet after the offset value matches the specified regular expression, the packet matches the rule.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an HTTP entity match rule for the HTTP LB class lbc2: Specify the offset value as 10 and regular expression as abc.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match content abc.* offset 10

match cookie

Use match cookie to create an HTTP cookie match rule or modify an existing HTTP cookie match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] cookie cookie-name value value

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

cookie cookie-name: Specifies the name of the HTTP cookie, a case-sensitive string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127.

value value: Specifies the cookie value regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Usage guidelines

If an HTTP packet contains the specified cookie with the value matching the specified regular expression, the packet matches the rule.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an HTTP cookie match rule for the HTTP LB class lbc2: Specify the cookie name as JSession-id and cookie value regular expression as abc.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match cookie JSession-id value abc.*

match default

Use match default to specify the default proximity probe method.

Use undo match default to restore the default.

Syntax

match default { lb-probe lb-template | probe nqa-template }

undo match default

Default

The default proximity probe method is not specified.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

lb-probe lb-template: Specifies an LB probe template by its name, a case-insensitive string of 1 to 32 characters.

probe nqa-template: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

Non-default vSystems do not support this command.

If both the match command and the match default command are configured, you must specify the same template type (load balancing or NQA) in the two commands as a best practice for both templates to take effect. If you specify different template types, the NQA template does not take effect.

Examples

# Create the ICMP-type NQA template t4, and specify the NQA template as the default proximity probe method.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] loadbalance proximity

[Sysname-lb-proximity] match default probe t4

Related commands

loadbalance probe-template

match

nqa template (Network Management and Monitoring Command Reference)

match destination

Use match destination to create a destination IP address match rule or modify an existing destination IP address match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] destination { ip address ipv4-address [ mask-length | mask ] | ipv6 address ipv6-address [ prefix-length ] }

undo match match-id

Default

An LB class does not have a match rule.

Views

DNS/Link-generic LB class view

Predefined user roles

network-admin

context-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

ip address ipv4-address: Specifies an IPv4 address.

mask-length: Specifies a mask length in the range of 0 to 32. The default is 32.

mask: Specifies a subnet mask. The default is 255.255.255.255.

ipv6 address ipv6-address: Specifies an IPv6 address.

prefix-length: Specifies a prefix length in the range of 0 to 128. The default is 128.

Usage guidelines

Non-default vSystems do not support this command.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a match rule to match destination IPv4 address 1.1.1.1/32 for the DNS LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type dns

[Sysname-lbc-dns-lbc1] match destination ip address 1.1.1.1

# Create a match rule to match destination IPv4 address 1.1.1.1/32 for the link-generic LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type link-generic

[Sysname-lbc-link-generic-lbc2] match destination ip address 1.1.1.1

match destination domain-name

Use match destination domain-name to create a domain name match rule or modify an existing domain name match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] destination domain-name domain-name

undo match match-id

Default

An LB class does not have a match rule.

Views

Link-generic LB class view

Predefined user roles

network-admin

context-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

domain-name: Specifies a domain name, a case-insensitive string of 1 to 253 characters. Each dot-separated part in the domain name can contain a maximum of 63 characters. The domain name can contain letters, digits, hyphens (-), underscores (_), dots (.), and wildcards (asterisks and question marks).

Usage guidelines

Non-default vSystems do not support this command.

When you use wildcards (asterisks and question marks) in a domain name, follow these guidelines:

· The wildcards can substitute any characters except for dots (.).

· An asterisk (*) can substitute a character string.

· A question mark (?) can substitute a single character.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a domain name match rule for the link-generic LB class lbc1 to match domain name www.example.com.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type link-generic

[Sysname-lbc-link-generic-lbc1] match destination domain-name www.example.com

match domain-name

Use match domain-name to create a domain name match rule or modify an existing domain name match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] domain-name domain-name

undo match match-id

Default

An LB class does not have a match rule.

Views

DNS LB class view

Predefined user roles

network-admin

context-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

Usage guidelines

Non-default vSystems do not support this command.

When you use wildcards (asterisks and question marks) in a domain name, follow these guidelines:

· The wildcards can substitute any characters except for dots (.).

· An asterisk (*) can substitute a character string.

· A question mark (?) can substitute a single character.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a domain name match rule for DNS LB class lbc1 to match domain name www.example.com.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type dns

[Sysname-lbc-dns-lbc1] match domain-name www.example.com

match header

Use match header to create an HTTP header match rule or modify an existing HTTP header match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] header header-name value value

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

header header-name: Specifies the name of the HTTP packet header, a case-insensitive string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127.

value value: Specifies the header value regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Usage guidelines

If an HTTP packet contains the specified header with the value matching the specified regular expression, the packet matches the rule.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an HTTP header match rule for the HTTP LB class lbc2: Specify the HTTP packet header name as user-agent and header value regular expression as abcd.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match header user-agent value abcd

match interface

Use match interface to create an interface match rule or modify an existing interface match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] interface interface-type interface-number

undo match match-id

Default

An LB class does not have a match rule.

Views

Generic/HTTP/Link-generic LB class view

Predefined user roles

network-admin

context-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

interface interface-type interface-number: Specifies an interface by its type and number. The interface type can be Layer 3 Ethernet interface and Layer 3 aggregate interface.

Usage guidelines

Non-default vSystems do not support this command.

If the specified interface does not exist, the rule does not take effect.

Examples

# Create an interface match rule for the link-generic LB class lbc1 to match interface GigabitEthernet 1/0/0.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type link-generic

[Sysname-lbc-link-generic-lbc1] match interface gigabitethernet 1/0/0

match isp

Use match isp to create an ISP match rule or modify an existing ISP match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] isp isp-name

undo match match-id

Default

An LB class does not have a match rule.

Views

LB class view

Predefined user roles

network-admin

context-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

isp-name: Specifies an ISP name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

If the specified ISP does not exist or is not configured with an IP network segment, this rule is not matched.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an ISP match rule for the generic LB class lbc1. Specify the ISP name as isp1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type generic

[Sysname-lbc-generic-lbc1] match isp isp1

match method

Use match method to create an HTTP method match rule or modify an existing HTTP method match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] method { ext ext-type | rfc rfc-type }

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

ext ext-type: Specifies the extended type, a case-sensitive string of 1 to 63 characters excluding brackets ({ }, ( ),[ ], < >), at sign (@), comma (,), semicolon (;), colon (:), backslash (\), quotation mark ("), slash (/), question mark (?), equal sign (=), space character (SP), and horizontal tab (HT). The character string also excludes ASCII codes that are less than or equal to 31 and greater than or equal to 127.

rfc rfc-type: Specifies the RFC type to process the resources identified by the URI in HTTP request packets:

· CONNECT—Maintain the resources.

· DELETE—Delete the resources.

· GET—Request for the resources.

· HEAD—Request for the header of the response message of the resources.

· OPTIONS—Request to query the resources-related options and requirements supported by the server.

· POST—Add new data to the resources.

· PUT—Request the server to store the resource identified by the URI.

· TRACE—Request the server to return the request message it receives for test or diagnosis.

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a packet matching method match rule with extended type user for the HTTP LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match method ext user

# Create a packet matching method match rule with RFC type CONNECT for the HTTP LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match method rfc CONNECT

match payload

Use match payload to create a TCP payload match rule or modify an existing TCP payload match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] payload payload [ case-insensitive ] [ not ]

undo match match-id

Default

An LB class does not have a match rule.

Views

Generic LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

payload: Specifies the TCP payload regular expression, a case-sensitive string of 1 to 255 characters.

case-insensitive: Disables case sensitivity for matching character strings. If you do not specify this keyword, case sensitivity is enabled.

not: Negates the match rule. If you do not specify this keyword, the LB action is taken when the TCP payload regular expression is matched.

Usage guidelines

The device takes the corresponding LB action on TCP packets matching a TCP payload match rule. If you specify the not keyword for a TCP payload match rule, the device takes the corresponding LB action on TCP packets not matching the TCP payload match rule.

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a match rule to match the payload hello for generic LB class c1.

<Sysname> system-view

[Sysname] loadbalance class c1 type generic

[Sysname-lbc-generic-c1] match payload hello

match radius-attribute

Use match radius-attribute to create a RADIUS attribute match rule or modify an existing RADIUS attribute match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] radius-attribute { code attribute-code | user-name } value attribute-value

undo match match-id

Default

An LB class does not have a match rule.

Views

RADIUS LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

code attribute-code: Specifies the code of the RADIUS attribute type, in the range of 1 to 255.

user-name: Specifies the RADIUS attribute type as user-name (code 1).

value attribute-value: Specifies the RADIUS attribute regular expression, a case-sensitive string of 1 to 255 characters.

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a match rule to match usernames that contain aaa for RADIUS LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type radius

[Sysname-lbc-radius-lbc1] match radius-attribute user-name value aaa*

match source

Use match source to create a source IP address match rule or modify an existing source IP address match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] source { ip address ipv4-address [ mask-length | mask ] | ipv6 address ipv6-address [ prefix-length ] }

undo match match-id

Default

An LB class does not have a match rule.

Views

LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

source: Specifies the match rule type as source IP address.

ip address ipv4-address: Specifies an IPv4 address.

mask-length: Specifies a mask length in the range of 0 to 32. The default is 32.

mask: Specifies a subnet mask. The default is 255.255.255.255.

ipv6 address ipv6-address: Specifies an IPv6 address.

prefix-length: Specifies a prefix length in the range of 0 to 128. The default is 128.

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a match rule that matches source IP address 1.1.1.1/32 for the generic LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type generic

[Sysname-lbc-generic-lbc1] match source ip address 1.1.1.1

match sql

Use match sql to create a MySQL statement match rule or modify an existing MySQL statement match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] sql sql [ case-insensitive ] [ not ]

undo match match-id

Default

An LB class does not have a match rule.

Views

MySQL LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

sql: Specifies a regular expression used to match MySQL statements, a case-sensitive string of 1 to 255 characters.

case-insensitive: Disables case sensitivity for matching character strings. If you do not specify this keyword, case sensitivity is enabled.

not: Specifies that the LB action is taken when the MySQL statement regular expression is not matched. If you do not specify this keyword, the LB action is taken when the MySQL statement regular expression is matched.

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create a match rule that matches MySQL statement select for the MySQL LB class c1.

<Sysname> system-view

[Sysname] loadbalance class c1 type mysql

[Sysname-lbc-mysql-lbc1] match sql select

match url

Use match url to create an HTTP URL match rule or modify an existing HTTP URL match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] url url

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

url url: Specifies a URL regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an HTTP URL match rule with regular expression .*.html for the HTTP LB class lbc2.

<Sysname> system-view

[Sysname] loadbalance class lbc2 type http

[Sysname-lbc-http-lbc2] match url .*.html

match user

Use match user to create a user match rule or modify an existing user match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] [ identity-domain domain-name ] user user-name

undo match match-id

Default

An LB class does not have a match rule.

Views

Generic/HTTP/Link-generic LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

identity-domain domain-name: Matches the user in an identity domain. The domain-name argument represents the identity domain name, a case-insensitive string of 1 to 255 characters excluding question marks (?). If you do not specify this option, the system matches the user among users that do not belong to any identity domain.

user-name: Specifies a username, a case-sensitive string of 1 to 55 characters.

Usage guidelines

If the specified user does not exist, the rule does not take effect.

Examples

# Create a user match rule for the link-generic LB class lbc1 to match user u1 in identity domain domain1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type link-generic

[Sysname-lbc-link-generic-lbc1] match identity-domain domain1 user u1

Related commands

display loadbalance class

match user-group

Use match user-group to create a user group match rule or modify an existing user group match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] [ identity-domain domain-name ] user-group user-group-name

undo match match-id

Default

An LB class does not have a match rule.

Views

Generic/HTTP/Link-generic LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

identity-domain domain-name: Matches the user group in an identity domain. The domain-name argument represents the identity domain name, a case-insensitive string of 1 to 255 characters excluding question marks (?). If you do not specify this option, the system matches the user group among user groups that do not belong to any identity domain.

user-group-name: Specifies a user group by its name, a case-insensitive string of 1 to 200 characters.

Usage guidelines

If the specified user group does not exist, the rule does not take effect.

Examples

# Create a user group match rule for the link-generic LB class lbc1 to match user group lb-group in identity domain domain1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type link-generic

[Sysname-lbc-link-generic-lbc1] match identity-domain domain1 user-group lb-group

Related commands

display loadbalance class

match version

Use match version to create an HTTP version match rule or modify an existing HTTP version match rule.

Use undo match to delete a match rule.

Syntax

match [ match-id ] version { 1.0| 1.1 }

undo match match-id

Default

An LB class does not have a match rule.

Views

HTTP LB class view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

match-id: Specifies a match rule by its ID in the range of 1 to 65535. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

1.0: Specifies HTTP 1.0.

1.1: Specifies HTTP 1.1.

Usage guidelines

You can create a maximum of 65535 match rules for an LB class.

Examples

# Create an HTTP version match rule with HTTP 1.0 for the HTTP LB class lbc1.

<Sysname> system-view

[Sysname] loadbalance class lbc1 type http

[Sysname-lbc-dns-lbc1] match version 1.0

match-across-service enable

Use match-across-service enable to enable sticky entry matching across services.

Use undo match-across-service enable to disable sticky entry matching across services.

Syntax

match-across-service enable

undo match-across-service enable

Default

Sticky entry matching across services is disabled.

Views

Address-port sticky group view

RADIUS sticky group view

Predefined user roles

network-admin

context-admin

Usage guidelines

When the device fails to find matching a stikcy entry for traffic of a virtual server, this feature allows the device to match the sticky entries of other virtual servers with the same IP address as the current virtual server.

With this feature enabled, the device can distribute requests from the same client to different services of the same virtual server to the same server farm member.

Examples

# In address-port sticky group sg1, enable sticky entry matching across services.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] match-across-service enable

match-across-virtual-server enable

Use match-across-virtual-server enable to enable sticky entry matching across virtual servers.

Use undo match-across-virtual-server enable to disable sticky entry matching across virtual servers.

Syntax

match-across-virtual-server enable

undo match-across-virtual-server enable

Default

Sticky entry matching across virtual servers is disabled.

Views

Address-port sticky group view

RADIUS sticky group view

Predefined user roles

network-admin

context-admin

Usage guidelines

When the device fails to find matching a stikcy entry for traffic of a virtual server, this feature allows the device to match the sticky entries of other virtual servers.

With this feature enabled, the device can distribute requests from the same client to different virtual servers to the same server farm member.

Examples

# In address-port sticky group sg1, enable sticky entry matching across virtual servers.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] match-across-virtual-server enable

match-buffer-end

Use match-buffer-end to configure the buffering end string for TCP payload matching.

Use undo match-buffer-end to restore the default.

Syntax

match-buffer-end string

undo match-buffer-end

Default

No buffering end string is configured.

Views

TCP-application parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

string: Specifies a string that indicates the end of buffering, a case-insensitive string of 1 to 31 characters.

Usage guidelines

For the TCP payload match rule, the device buffers traffic from clients for TCP payload matching during the buffering period. The device stops buffering traffic when any of the following events occurs:

· The device receives the buffering end string from clients.

· The size of buffered data exceeds the specified buffering size.

· The buffered data matches the TCP payload match rule.

This command specifies the string that indicates the end of buffering for traffic received from clients.

Examples

# In TCP-application parameter profile p1, configure the buffering end string as over.

<Sysname> system-view

[Sysname] parameter-profile p1 type tcp-application

[Sysname-para-tcp-application-p1] match-buffer-end over

Related commands

match-buffer-size

match-buffer-time

match payload

match-buffer-size

Use match-buffer-size to set the maximum buffering size for TCP payload matching.

Use undo match-buffer-size to restore the default.

Syntax

match-buffer-size size

undo match-buffer-size

Default

The maximum buffering size is 4096 bytes.

Views

TCP-application parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

size: Specifies the maximum buffering size in the range of 1 to 4096 bytes.

Usage guidelines

· The device receives the buffering end string from clients.

· The size of buffered data exceeds the specified buffering size.

· The buffered data matches the TCP payload match rule.

This command specifies the maximum size of TCP data from clients that the device can buffer.

Examples

# In TCP-application parameter profile p1, set the maximum buffering size to 2048 bytes for TCP payload matching.

<Sysname> system-view

[Sysname] parameter-profile p1 type tcp-application

[Sysname-para-tcp-application-p1] match-buffer-size 2048

Related commands

match-buffer-end

match-buffer-time

match payload

match-buffer-time

Use match-buffer-time to set the buffering period for TCP payload matching.

Use undo match-buffer-time to restore the default.

Syntax

match-buffer-time time

undo match-buffer-time

Default

The buffering period for TCP payload matching is 3 seconds.

Views

TCP-application parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

time: Specifies the buffering period in the range of 1 to 5 seconds.

Usage guidelines

· The device receives the buffering end string from clients.

· The size of buffered data exceeds the specified buffering size.

· The buffered data matches the TCP payload match rule.

This command specifies the amount of time for the device to buffer TCP data sent by clients.

Examples

# In TCP-application parameter profile p1, set the buffering period for TCP payload matching to 3 seconds.

<Sysname> system-view

[Sysname] parameter-profile p1 type tcp-application

[Sysname-para-tcp-application-p1] match-buffer-time 3

Related commands

match-buffer-end

match-buffer-size

match payload

max-bandwidth

Use max-bandwidth to set the maximum expected bandwidth of an LB link.

Use undo max-bandwidth to restore the default.

Syntax

max-bandwidth [ inbound | outbound ] bandwidth-value kbps

undo max-bandwidth [ inbound | outbound ]

Default

The maximum expected bandwidth of an LB link is not limited.

Views

Link view

Predefined user roles

network-admin

context-admin

Parameters

inbound: Specifies the maximum inbound expected bandwidth.

outbound: Specifies the maximum outbound expected bandwidth.

bandwidth-value: Specifies the maximum expected bandwidth in the range of 0 to 4294967295. The value 0 means the bandwidth is not limited.

kbps: Specifies the bandwidth unit as kbps.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify the inbound or outbound keyword, the maximum expected bandwidth equals the inbound expected bandwidth plus the outbound expected bandwidth.

This command takes effect only on new sessions and does not take effect on existing sessions.

In addition to being used for link protection, the maximum expected bandwidth is used for remaining bandwidth calculation in the bandwidth algorithm, maximum bandwidth algorithm, and dynamic proximity algorithm.

Examples

# Set the maximum expected bandwidth of the LB link lk1 to 1 kbps.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] max-bandwidth 1 kbps

# Set the maximum inbound expected bandwidth of the LB link lk1 to 1 kbps.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] max-bandwidth inbound 1 kbps

# Set the maximum outbound expected bandwidth of the LB link lk1 to 1 kbps.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] max-bandwidth outbound 1 kbps

max-number

Use max-number to set the maximum number of proximity entries.

Use undo max-number to restore the default.

Syntax

max-number number

undo max-number

Default

The maximum number of proximity entries is 65535.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

number: Specifies the maximum number of proximity entries, in the range of 0 to 10000000. The value 0 indicates that the maximum number of proximity entries is not limited.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the maximum number of proximity entries to 100.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity] max-number 100

max-reuse

Use max-reuse to set the maximum number of times that a TCP connection can be reused.

Use undo max-reuse to restore the default.

Syntax

max-reuse reuse-number

undo max-reuse

Default

A TCP connection can be reused for a maximum of 1000 times.

Views

OneConnect parameter profile view

MySQL parameter profile view

Predefined user roles

network-admin

context-admin

Parameters

reuse-number: Specifies the maximum number of reuse times, in the range of 1 to 4294967295.

Usage guidelines

Non-default vSystems do not support this command.

After connection reuse is enabled, a TCP connection is not disconnected until the maximum number of reuse times is reached. After the TCP connection is disconnected, new connection requests trigger establishment of a new TCP connection.

Examples

# In OneConnect parameter profile ocp, set the maximum number of reuse times to 10000.

<Sysname> system-view

[Sysname] parameter-profile ocp type oneconnect

[Sysname-para-oneconnect-ocp] max-reuse 10000

memory-size

Use memory-size to set the memory size used for compression.

Use undo memory-size to restore the default.

Syntax

memory-size size

undo memory-size

Default

The memory size used for compression is 8 KB.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

size: Specifies the memory size in KB used for compression. The value can only be 1, 2, 4, 8, 16, 32, or 64.

Examples

# Create the HTTP-compression parameter profile pa1, and set the memory size used for compression to 32 KB.

<Sysname> system-view

[Sysname] parameter-profile pa1 type http-compress

[Sysname-para-http-compress-pa1] memory-size 32

min-ttl

Use min-ttl to set the minimum TTL.

Use undo min-ttl to restore the default.

Syntax

min-ttl ttl-value

undo min-ttl

Default

The minimum TTL is 3600 seconds.

Views

SOA view

Predefined user roles

network-admin

context-admin

Parameters

ttl-value: Specifies the minimum TTL in the range of 0 to 4294967295 seconds.

Usage guidelines

Non-default vSystems do not support this command.

The minimum TTL is the amount of time that resource records on the primary DNS server are cached on the secondary DNS server.

Examples

# Set the minimum TTL to 1 day for DNS forward zone example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] soa

[Sysname-lb-zone-example.com-soa] min-ttl 86400

Related commands

display loadbalance zone

monitor-interval

Use monitor-interval to set the monitoring time for an LB probe template.

Use undo monitor-interval to restore the default.

Syntax

monitor-interval interval-time

undo monitor-interval

Default

The monitoring time is 10 seconds for a TCP-RST or TCP zero-window LB probe template, 1 second for an HTTP passive LB probe template, and 5 seconds for a custom-monitoring LB probe template.

Views

HTTP passive LB probe template view

TCP-RST LB probe template view

TCP zero-window LB probe template view

Custom-monitoring LB probe template view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

interval-time: Specifies the monitoring time in the range of 5 to 255 seconds for a TCP-RST or TCP zero-window LB probe template, in the range of 1 to 5 seconds for an HTTP passive LB probe template, and in the range of 1 to 86400 seconds for a custom-monitoring LB probe template.

Usage guidelines

During the monitoring time, the system counts the number of RST packets or zero-window packets sent by each server farm member in a server farm.

During the monitoring time, the system monitors the responses of matching HTTP requests and counts the number of URL error times.

After a custom-monitoring LB probe template is specified, the system executes the custom script file during the monitoring time to detect the state of real servers.

Examples

# In TCP RST LB probe template rsttplt, set the monitoring time to 60 seconds.

<Sysname> system-view

[Sysname] loadbalance probe-template tcp-rst rsttplt

[Sysname-lbpt-tcp-rst-rsttplt] monitor-interval 60

Related commands

external-script

node

Use node to create a statistics node and enter its view, or enter the view of an existing statistics node.

Use undo node to delete the specified statistics node.

Syntax

node node-name

undo node node-name

Default

No statistics nodes exist.

Views

HTTP statistics parameter profile view

Predefined user roles

network-admin

context-admin

Parameters

node-name: Specifies the statistics node name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

You can configure a maximum of 256 statistics nodes in one HTTP statistics parameter profile.

Examples

# In HTTP statistics parameter profile http1, create statistics node node1 and enter statistics node view.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-statistics

[Sysname-para-http-statistics-http1] node node1

[Sysname-para-http-statistics-http1-node-node1]

override-limit enable

Use override-limit enable to ignore the limits for sessions that match sticky entries.

Use undo override-limit enable to remove the configuration.

Syntax

override-limit enable

undo override-limit enable

Default

The session limits apply to sessions that match sticky entries.

Views

Sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

Use this command to ignore the following limits for sessions that match sticky entries:

· Bandwidth and connection parameters on real servers or links.

· Bandwidth ratios and maximum expected bandwidths for real servers or links.

· LB connection limit policies on virtual servers.

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Ignore the limits for sessions that match sticky entries generated in the sticky group st.

<Sysname> system-view

[Sysname] sticky-group st type http-cookie

[Sysname-sticky-http-cookie-st] override-limit enable

packet-loss-rate weight

Use packet-loss-rate weight to set the packet loss ratio weight for proximity calculation.

Use undo packet-loss-rate weight to restore the default.

Syntax

packet-loss-rate weight packet-loss-rate-weight

undo packet-loss-rate weight

Default

The packet loss ratio weight for proximity calculation is 0.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

packet-loss-rate-weight: Specifies the packet loss ratio weight in the range of 0 to 255. The greater the weight value, the higher the weight.

Usage guidelines

Non-default vSystems do not support this command.

This command sets the weight of the packet loss ratio in calculating the link quality. The packet loss ratio is used to calculate the link quality only if the proximity feature is enabled or the link quality algorithm is configured. The proximity feature and the link quality algorithm are mutually exclusive.

Examples

# Set the packet loss ratio weight for proximity calculation to 200.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity] packet-loss-rate weight 200

Related commands

predictor (link group view)

proximity enable (link group view)

parameter

Use parameter to specify a parameter profile to be referenced by a virtual server.

Use undo parameter to restore the default.

Syntax

parameter { http | http-compression | http-statistics | ip | mysql | oneconnect | tcp | tcp-application } profile-name [ client-side | server-side ]

undo parameter { http | http-compression | http-statistics | ip | mysql | oneconnect | tcp | tcp-application } [ client-side | server-side ]

Default

No parameter profile is referenced by a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

{ http | http-compression | http-statistics | ip | mysql | oneconnect | tcp | tcp-application }: Specifies a parameter profile type, HTTP, HTTP-compression, HTTP statistics, IP, OneConnect, TCP, or TCP-application. The http and tcp keywords are supported by the virtual servers of the HTTP type. The http-compression, http-statistics, and oneconnect keywords are supported only by the virtual servers of the HTTP type. The mysql keyword is supported only by MySQL virtual servers. The tcp-application keyword is supported only by TCP virtual servers operating at Layer 7.

profile-name: Specifies a parameter profile by its name, a case-insensitive string of 1 to 63 characters.

client-side: Specifies a client-side parameter profile.

server-side: Specifies a server-side parameter profile.

Usage guidelines

The virtual server references the parameter profile to implement analysis, processing, and optimization for service traffic.

The virtual servers of the RADIUS type can only reference the IP parameter profile.

A client-side parameter profile optimizes and processes TCP connections between the client and the device. A server-side parameter profile optimizes and processes TCP connections between the device and the server. Only TCP parameter profiles support the client-side and server-side keywords.

Examples

# Specify the IP parameter profile pp2 to be referenced by the IP-type virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] parameter ip pp2

parameter-profile

Use parameter-profile to create a parameter profile and enter its view, or enter the view of an existing parameter profile.

Use undo parameter-profile to delete the specified parameter profile.

Syntax

parameter-profile profile-name [ type { http | http-compression | http-statistics | ip | mysql | oneconnect | tcp | tcp-application } ]

undo parameter-profile profile-name

Default

No parameter profiles exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

profile-name: Specifies a parameter profile name, a case-insensitive string of 1 to 63 characters.

type { http | http-compression | http-statistics | ip | mysql | oneconnect | tcp | tcp-application }: Specifies a parameter profile type, HTTP, HTTP-compression, HTTP statistics, IP, MySQL, OneConnect, TCP, or TCP-application. When you create a parameter profile, you must specify the parameter profile type. You can enter an existing parameter profile view without entering the parameter profile type. Non-default vSystems do not support the http-statistics parameter.

Usage guidelines

You can configure advanced parameters through the parameter profile. The virtual server references the parameter profile to implement analysis, processing, and optimization for service traffic.

You can create HTTP, HTTP-compression, MySQL, HTTP statistics, OneConnect, or TCP-application parameter profiles only if the device has licenses installed. For information about licensing, see license management in Fundamentals Configuration Guide.

Examples

# Create the IP parameter profile pp2, and enter parameter profile view.

<Sysname> system-view

[Sysname] parameter-profile pp2 type ip

[Sysname-para-ip-pp2]

payload (HTTP/UDP payload sticky group view)

Use payload to configure the HTTP or UDP payload sticky method.

Use undo payload to delete the HTTP or UDP payload sticky method.

Syntax

payload [ offset offset ] [ start start-string ] [ end end-string | length length ]

undo payload

Default

No sticky methods exist.

Views

HTTP/UDP payload sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

offset offset: Specifies the offset value of the HTTP or UDP payload based on the start of the HTTP or UDP packet, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the HTTP or UDP payload, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the HTTP or UDP payload, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the HTTP or UDP payload, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

Use this command to obtain the HTTP or UDP payload information used to generate sticky entries based on the offset, start-string, end-string, and length values. The start-string and end-string values are not included in the sticky entry information.

Examples

# Configure the HTTP payload sticky method for the HTTP payload sticky group sg5: Starting from the 10th byte of start of the HTTP packet, use the 20-byte HTTP payload to generate sticky entries.

<Sysname> system-view

[Sysname] sticky-group sg5 type payload

[Sysname-sticky-payload-sg5] payload offset 10 length 20

# Configure the UDP payload sticky method for the UDP payload sticky group sg6: Starting from the 28th byte of start of the UDP packet, use the 6-byte UDP payload to generate sticky entries.

<Sysname> system-view

[Sysname] sticky-group sg6 type payload

[Sysname-sticky-payload-sg6] payload offset 28 length 6

payload (UDP passive sticky group view)

Use payload to configure the UDP payload passive sticky method.

Use undo payload to delete the UDP payload passive sticky method.

Syntax

payload { get | match } [ offset offset ] [ start start-string ] [ end end-string | length length ]

undo payload { get | match }

Default

No UDP payload passive sticky methods exist.

Views

UDP passive sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

get: Obtains the specified string in the UDP response payload, which is used to generate a UDP payload passive sticky entry.

match: Obtains the specified string in the UDP request payload, which is used to match a UDP payload passive sticky entry.

offset offset: Specifies the offset value of the UDP payload based on the start of the UDP packet, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the UDP payload, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the UDP payload, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the UDP payload, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

Use the payload get command to obtain the UDP response payload information based on the offset, start-string, end-string, and length values. Use the payload match command to obtain the UDP request payload information based on those values.

The start-string and end-string values are not included in the sticky entry information.

Both the payload get and payload match commands are required for a UDP payload passive sticky method.

The device obtains the payload information of an incoming UDP request based on the payload match command and obtains the payload information of an incoming UDP response based on the payload get command. If the payload information of the UDP request matches the payload information of the UDP response, the device generates a sticky entry based on the payload information of the UDP response. Subsequent UDP requests that match the sticky entry are forwarded according to the sticky entry.

Examples

# Configure the UDP payload passive sticky method for the UDP passive sticky group sg5: Obtain the 20-byte UDP payload string starting with id in the UDP response. If the obtained string matches the 20-byte UDP payload string starting with id in the UDP request, the device generates a sticky entry based on the string obtained from the UDP response.

<Sysname> system-view

[Sysname] sticky-group sg5 type udp-passive

[Sysname-sticky-udp-passive-sg5] payload get start id length 20

[Sysname-sticky-udp-passive-sg5] payload match start id length 20

payload rewrite

Use payload rewrite to rewrite the TCP payload.

Use undo payload rewrite to remove the configuration.

Syntax

payload rewrite { both | request | response } value value replace replace-string

undo payload rewrite { both | request | response } value value

Default

The TCP payload is not rewritten.

Views

Generic LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

both: Specifies both the TCP request and response packets.

request: Specifies the TCP request packets.

response: Specifies the TCP response packets.

value value: Specifies the TCP packet header content to be rewritten, a case-sensitive string of 1 to 127 characters.

replace replace-string: Specifies the content after rewrite, a case-sensitive string of 1 to 127 characters. You can also specify the following replacement strings:

· %[variable]—Replaces the specified value with the variable associated with the server farm member. The variable is the variable name.

· %[1-9]—Replaces the specified value with the content in the corresponding parentheses of the specified value. For example, executing the payload rewrite value (Wel)(co)(me) replace %2 command will replace the string Welcome with co in the second pair of parentheses.

Usage guidelines

You can replace the specified value with the variable associated with the server farm member by specifying the replacement string %[variable]. For example, you can replace the string QMGR.S01 in the payload with QMGR.S0_1 by executing the following commands:

· variable var1 value _1 (in server farm member view).

· payload rewrite request value “QMGR.S01” replace QMGR.S01%[var1] (in generic LB action view).

Examples

# In generic LB action lba1, replace QMGR.S01 in the payload of TCP requests with QMGR.S01%[var1]. var1 is the name of the variable associated with the server farm member.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] payload rewrite request value QMGR.S01 replace QMGR.S01%[var1]

Related commands

variable

pool-size

Use pool-size to set the maximum number of connections allowed in the MySQL connection pool.

Use undo pool-size to restore the default.

Syntax

pool-size pool-size

undo pool-size

Default

The maximum number of connections allowed in the MySQL connection pool is 1024.

Views

MySQL parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

pool-size: Specifies the maximum number of connections allowed in the MySQL connection pool, in the range of 1 to 64000.

Usage guidelines

After MySQL data transfer is completed, the TCP connection is stored in a connection pool instead of being closed. For a new connection request, the device selects an available connection from the connection pool before attempting to open a new connection.

Examples

# Set the maximum number of connections allowed in the MySQL connection pool to 2000 for the MySQL parameter profile p1.

<Sysname> system-view

[Sysname] parameter-profile p1 type mysql

[Sysname-para-mysql-p1] pool-size 2000

port (DNS server view)

Use port to configure the port number of a DNS server.

Use undo port to restore the default.

Syntax

port port-number

undo port

Default

The port number of a DNS server is 0.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Parameters

port-number: Specifies a port number in the range of 0 to 65535. The value 0 means that the original port number is used.

Usage guidelines

Non-default vSystems do not support this command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the port number of DNS server ds1 as 5353.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1] port 5353

port (real server view)

Use port to configure the port number of a real server.

Use undo port to restore the default.

Syntax

port port-number

undo port

Default

The port number of a real server is 0. (The original port number is used.)

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

port-number: Specifies a port number in the range of 0 to 65535. 0 means the original port number is used.

Usage guidelines

This configuration takes effect only when you enable the NAT feature for the server farm.

Examples

# Specify the port number of the real server rs as 8080.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] port 8080

Related commands

transparent enable (server farm view)

port (transparent DNS proxy view)

Use port to configure the port number of a transparent DNS proxy.

Use undo port to restore the default.

Syntax

port port-number

undo port

Default

The port number of a transparent DNS proxy is 53.

Views

Transparent DNS proxy view

Predefined user roles

network-admin

context-admin

Parameters

port-number: Specifies a port number in the range of 1 to 65535.

Usage guidelines

Non-default vSystems do not support this command.

A transparent DNS proxy processes a DNS request only when the destination IP address and port number of the DNS request matches those of the transparent DNS proxy.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the port number of transparent DNS proxy dns-proxy1 as 5353.

<Sysname> system-view

[Sysname] loadbalance dns-proxy dns-proxy1

[Sysname-lb-dp-dns-proxy1] port 5353

Related commands

display loadbalance dns-proxy

port (virtual server view)

Use port to configure the port number of a virtual server.

Use undo port to restore the default.

Syntax

port { port-number [ to port-number ] } &<1-n>

undo port

Default

The port number is 0 (indicates any port) for the virtual server of the IP, RADIUS, TCP, or UDP type. The port number is 80 for the virtual server of the HTTP type. The port number is 5060 for the virtual server of the SIP type.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

port-number [ to port-number ] &<1-n>: Specifies a space-separated list of up to n port number items. Each port number item specifies a port number or a range of port numbers in the form of start-port-number to end-port-number. For IP, RADIUS, TCP, and UDP virtual servers, the value range for the port-number argument is 0 to 65535 (0 means any port) and the value range for n is 1 to 32. For HTTP and SIP virtual servers, the value range for the port-number argument is 1 to 65535 and the value of n can only be 1.

Usage guidelines

If the virtual server has referenced an SSL policy, you must configure a non-default port number (typically 443) for the virtual server.

Examples

# Specify the port number of the IP-type virtual server vs3 as 8080.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] port 8080

Related commands

ssl-server-policy

predictor (DNS server pool view)

Use predictor to specify a scheduling algorithm for a DNS server pool.

Use undo predictor to restore the default.

Syntax

predictor hash address { destination | source | source-ip-port } [ mask mask-length ] [ prefix prefix-length ]

predictor { random | round-robin | { bandwidth | max-bandwidth } [ inbound | outbound ] }

undo predictor

Default

The scheduling algorithm for a DNS server pool is weighted round robin.

Views

DNS server pool view

Predefined user roles

network-admin

context-admin

Parameters

hash address: Specifies the hash algorithm based on the IP address.

destination: Specifies the hash algorithm based on the destination IP address.

source: Specifies the hash algorithm based on the source IP address.

source-ip-port: Specifies the hash algorithm based on the source IP address and port number.

mask mask-length: Specifies the mask length of the IPv4 address used in the hash algorithm. The value range for the mask-length argument is 0 to 32. The default is 32.

prefix prefix-length: Specifies the prefix length of the IPv6 address used in the hash algorithm. The value range for the prefix-length argument is 0 to 128. The default is 128.

random: Specifies the random algorithm, which randomly assigns DNS requests to DNS servers.

round-robin: Specifies the weighted round robin algorithm, which assigns DNS requests to DNS servers based on the weights of the DNS servers. A higher weight indicates more DNS requests will be assigned. The weight value used in this algorithm is configured in DNS server pool member view.

bandwidth: Specifies the bandwidth algorithm, which assigns DNS requests to DNS servers based on the weight and remaining bandwidth of the DNS servers. The weight value used in this algorithm is configured in DNS server view.

max-bandwidth: Specifies the maximum bandwidth algorithm, which always assigns DNS requests to the DNS server corresponding to the idle link with the largest remaining bandwidth.

inbound: Selects a DNS server based on the inbound bandwidth.

outbound: Selects a DNS server based on the outbound bandwidth.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify the inbound or outbound keyword, the total bandwidth is used to select a DNS server.

In the bandwidth algorithm and maximum bandwidth algorithm, the remaining bandwidth is the maximum expected bandwidth minus the current bandwidth. If the maximum expected bandwidth is not configured, the remaining bandwidth is the maximum bandwidth of the link minus the current bandwidth.

Examples

# Specify the scheduling algorithm as random for DNS server pool dns-pool.

<Sysname> system-view

[Sysname] loadbalance dns-server-pool dns-pool

[Sysname-lb-dspool-dns-pool] predictor random

Related commands

max-bandwidth (link view)

rate-limit bandwidth (link view)

predictor (link group view)

Use predictor to specify a scheduling algorithm for a link group.

Use undo predictor to restore the default.

Syntax

Link-based:

predictor { least-connection | link-quality | { bandwidth | max-bandwidth } [ inbound | outbound ] }

undo predictor

Link group member-based:

predictor hash address { destination | source | source-ip-port } [ mask mask-length ] [ prefix prefix-length ]

predictor { least-connection member | random | round-robin }

undo predictor

Default

The scheduling algorithm for a link group is weighted round robin.

Views

Link group view

Predefined user roles

network-admin

context-admin

Parameters

hash address: Performs the hash algorithm based on IP address.

destination: Performs the hash algorithm based on destination IP address.

source: Performs the hash algorithm based on source IP address.

source-ip-port: Performs the hash algorithm based on source IP address and port number.

mask mask-length: Specifies the IPv4 address mask length, in the range of 0 to 32. The default is 32.

prefix prefix-length: Specifies the IPv6 address prefix length, in the range of 0 to 128. The default is 128.

least-connection: Specifies the link-based weighted least connection algorithm. This algorithm always assigns new connections to the link with the fewest number of weighted active connections (the total number of active connections in all link groups divided by weight). The weight value used in this algorithm is configured in link view.

least-connection member: Specifies the link group member-based weighted least connection algorithm. This algorithm always assigns new connections to the link with the fewest number of weighted active connections (the number of active connections in the specified link group divided by weight). The weight value used in this algorithm is configured in link group member view.

link-quality: Specifies the link quality algorithm. This algorithm assigns new connections to links based on the link quality. The higher the quality, the more new connections assigned to the link. The link quality is calculated by using the network delay, hop count of routes (TTL), and packet loss ratio.

random: Specifies the random algorithm, which randomly assigns new connections to links.

round-robin: Specifies the weighted round robin algorithm, which assigns new connections to links based on the weights of links. A higher weight indicates more new connections will be assigned. The weight value used in this algorithm is configured in link group member view.

bandwidth: Specifies the bandwidth algorithm, which assigns packets to links based on the product of the weight and remaining bandwidth of each link. The weight value used in this algorithm is configured in link view.

max-bandwidth: Specifies the maximum bandwidth algorithm, which always assigns packets to the idle link with the largest remaining bandwidth.

inbound: Selects a link based on the inbound bandwidth.

outbound: Selects a link based on the outbound bandwidth.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify the inbound or outbound keyword, the total bandwidth is used to select a link.

If you execute this command multiple times, the most recent configuration takes effect.

If you specify the link quality algorithm, you must also configure the following settings in proximity view:

· Proximity probe method.

· Network delay weight.

· TTL weight.

· Packet loss ratio weight.

The proximity probe method is used to probe the network delay, TTL, and packet loss ratio of the link. The weight values of network delay, TTL, and packet loss ratio are used for calculating the link quality.

For a link group, the link quality algorithm is mutually exclusive with the proximity feature. The most recent configuration overwrites the previous one.

Examples

# Specify the scheduling algorithm random for the link group lg.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] predictor random

Related commands

max-bandwidth (link view)

proximity enable (link group view)

rate-limit bandwidth (link view)

predictor (server farm view)

Use predictor to specify a scheduling algorithm for a server farm.

Use undo predictor to restore the default.

Syntax

Real server-based:

predictor { dync-round-robin | least-connection | least-time | { bandwidth | max-bandwidth } [ inbound | outbound ] }

undo predictor

Server farm member-based:

predictor hash [ carp ] address { destination | source | source-ip-port } [ mask mask-length ] [ prefix prefix-length ]

predictor hash [ carp ] http [ offset offset ] [ start start-string ] [ [ end end-string ] | [ length length ] ]

predictor { least-connection member | least-time member | random | round-robin | }

undo predictor

Default

The scheduling algorithm for a server farm is weighted round robin.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

hash address: Performs the hash algorithm based on IP address.

carp: Specifies the Cache Array Routing Protocol (CARP) hash algorithm. When the number of available real servers changes, this protocol makes all available real servers have the smallest load changes.

destination: Performs the hash algorithm based on destination IP address.

source: Performs the hash algorithm based on source IP address.

source-ip-port: Performs the hash algorithm based on source IP address and port number.

mask mask-length: Specifies the IPv4 address mask length, in the range of 0 to 32. The default is 32.

prefix prefix-length: Specifies the IPv6 address prefix length, in the range of 0 to 128. The default is 128.

http: Performs the hash algorithm based on the HTTP content.

offset offset: Specifies the offset value based on the start of the HTTP content, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the HTTP content, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the HTTP content, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the HTTP content, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

dync-round-robin: Specifies the dynamic round robin algorithm, which assigns new connections to real servers based on load weight values calculated by using the memory usage, CPU usage, and disk usage of the real servers. The smaller the load, the greater the weight value. A real server with a greater weight value is assigned more connections.

least-connection: Specifies the real server-based weighted least connection algorithm, which always assigns new connections to the real server with the fewest number of weighted active connections (the total number of active connections in all server farms divided by weight). The weight value used in this algorithm is configured in real server view.

least-connection member: Specifies the server farm member-based weighted least connection algorithm, which always assigns new connections to the server farm member with the fewest number of weighted active connections (the number of active connections in the specified server farm divided by weight). The weight value used in this algorithm is configured in server farm member view.

least-time: Specifies the least time algorithm, which assigns new connections to real servers based on load weight values calculated by using the response time of the real servers. The shorter the response time, the greater the weight value. A real server with a greater weight value is assigned more connections.

least-time member: Specifies the server farm member-based least time algorithm, which assigns new connections to server farm members based on load weight values calculated by using the response time of the server farm members. The shorter the response time, the greater the weight value. A server farm member with a greater weight value is assigned more connections.

random: Specifies the random algorithm, which randomly assigns new connections to real servers.

round-robin: Specifies the weighted round robin algorithm, which assigns new connections to real servers based on the weights of real servers. A higher weight indicates more new connections will be assigned. The weight value used in this algorithm is configured in server farm member view.

bandwidth: Specifies the bandwidth algorithm, which assigns packets to real servers based on the weight of the real servers and the bandwidth ratio. The weight value used in this algorithm is configured in real server view.

max-bandwidth: Specifies the maximum bandwidth algorithm, which always assigns packets to the idle real server with the largest remaining bandwidth.

inbound: Selects a real server based on the inbound bandwidth.

outbound: Selects a real server based on the outbound bandwidth.

Usage guidelines

The dynamic round robin algorithm can take effect only if you specify an SNMP-DCA NQA template. If no SNMP-DCA NQA template is specified, the non-weighted round robin algorithm is used. For more information about NQA templates, see NQA configuration in Network Management and Monitoring Configuration Guide.

If you do not specify the inbound or outbound keyword, the total bandwidth is used to select a real server.

Examples

# Specify the scheduling algorithm for the server farm sf as random.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] predictor random

Related commands

max-bandwidth (real server view)

rate-limit bandwidth (real server view)

predictor (virtual server pool view)

Use predictor to specify a scheduling algorithm for a virtual server pool.

Use undo predictor to restore the default.

Syntax

predictor { alternate | fallback | preferred } { least-connection | proximity | random | round-robin | topology | { bandwidth | max-bandwidth } [ inbound | outbound ] | hash address { source | source-ip-port | destination } [ mask mask-length | prefix prefix-length ] }

undo predictor { alternate | fallback }

Default

The scheduling algorithm for a virtual server pool is weighted round robin. No alternative or backup scheduling algorithm is specified.

Views

Virtual server pool view

Predefined user roles

network-admin

context-admin

Parameters

alternate: Specifies the alternative scheduling algorithm.

fallback: Specifies the backup scheduling algorithm.

preferred: Specifies the preferred scheduling algorithm.

least-connection: Specifies the weighted least connection algorithm. This algorithm always assigns DNS requests to the virtual server with the fewest number of weighted active connections (the number of active connections divided by weight).

proximity: Specifies the dynamic proximity algorithm, which assigns DNS requests to virtual servers based on dynamic proximity entries.

random: Specifies the random algorithm, which randomly assigns DNS requests to virtual servers.

round-robin: Specifies the weighted round robin algorithm, which assigns DNS requests to virtual servers based on the weights of the virtual servers. A higher weight indicates more DNS requests will be assigned.

topology: Specifies the static proximity algorithm, which assigns DNS requests to virtual servers based on static proximity entries.

bandwidth: Specifies the bandwidth algorithm, which assigns DNS requests to virtual servers based on the weight of the virtual servers and the remaining bandwidth.

max-bandwidth: Specifies the maximum bandwidth algorithm, which always assigns DNS requests to the virtual server corresponding to the idle link with the largest remaining bandwidth.

inbound: Selects a virtual server based on the inbound bandwidth.

outbound: Selects a virtual server based on the outbound bandwidth.

hash address: Specifies the hash algorithm based on the IP address.

source: Specifies the hash algorithm based on the source IP address.

source-ip-port: Specifies the hash algorithm based on the source IP address and port number.

destination: Specifies the hash algorithm based on the destination IP address.

mask mask-length: Specifies the mask length of the IPv4 address used in the hash algorithm. The value range for the mask-length argument is 0 to 32. The default is 32.

prefix prefix-length: Specifies the prefix length of the IPv6 address used in the hash algorithm. The value range for the prefix-length argument is 0 to 128. The default is 128.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify the inbound or outbound keyword, the total bandwidth is used to select a virtual server.

Examples

# Specify the preferred scheduling algorithm for the virtual server pool local-pool as random, and alternative scheduling algorithm as least-connection.

<Sysname> system-view

[Sysname] loadbalance virtual-server-pool local-pool

[Sysname-lb-vspool-local-pool] predictor preferred random

[Sysname-lb-vspool-local-pool] predictor alternate least-connection

Related commands

max-bandwidth (link view)

rate-limit bandwidth (link view)

prefer-method

Use prefer-method to specify the preferred compression algorithm.

Use undo prefer-method to restore the default.

Syntax

prefer-method { deflate | gzip }

undo prefer-method

Default

The preferred compression algorithm is gzip.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

deflate: Specifies the Deflate compression algorithm.

gzip: Specifies the default GNU zip compression algorithm.

Usage guidelines

If the client request supports the configured compression algorithm, the configured compression algorithm applies. If the client request does not support the configured compression algorithm, the compression algorithm contained in the request applies.

Examples

# Create the HTTP-compression parameter profile http1, and specify the preferred compression algorithm as deflate.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] prefer-method deflate

primary-nameserver

Use primary-nameserver to configure the host name for the primary DNS server.

Use undo primary-nameserver to restore the default.

Syntax

primary-nameserver host-name

undo primary-nameserver

Default

No host name is configured for the primary DNS server.

Views

SOA view

Predefined user roles

network-admin

context-admin

Parameters

host-name: Specifies the host name for the primary DNS server, a case-insensitive and dot-separated string of up to 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

The host name of the primary DNS server can be a relative domain name (does not end with a dot) or an absolute domain name (ends with a dot). For an absolute domain name, the host name is not automatically expanded and cannot exceed 254 characters. For a relative domain name, the current domain name is automatically appended to the host name. The host name plus the appended domain name cannot exceed 254 characters.

Examples

# Configure the host name for the primary DNS server as ns1.example.com for DNS forward zone example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] soa

[Sysname-lb-zone-example.com-soa] primary-nameserver ns1.example.com

Related commands

display loadbalance zone

priority (DNS server pool member view)

Use priority to set the priority of a DNS server pool member.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

The priority of a DNS server pool member is 4.

Views

DNS server pool member view

Predefined user roles

network-admin

context-admin

Parameters

priority: Specifies the priority value in the range of 1 to 8. A greater value means a higher priority.

Usage guidelines

Non-default vSystems do not support this command.

Typically, only the members with the highest priority in a DNS server pool participate in scheduling. If the number of such members is smaller than the required minimum number, more members are selected by priority in descending order. If the allowed maximum number is exceeded after members with a certain priority are added, only some of the members with that priority are added.

Use this command together with the selected-server command in DNS server pool view.

Examples

# Set the priority of DNS server pool member ds1 to 3.

<Sysname> system-view

[Sysname] loadbalance dns-server-pool dsp1

[Sysname-lb-dspool-dsp1] dns-server ds1 port 10

[Sysname-dspool-dsp1-#member#-ds1-port-10] priority 3

Related commands

selected-server (DNS server pool view)

priority (DNS server view)

Use priority to set the priority of a DNS server.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

The priority of a DNS server is 4.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Parameters

priority: Specifies the priority value in the range of 1 to 8. A greater value means a higher priority.

Usage guidelines

Non-default vSystems do not support this command.

Typically, only the DNS servers with the highest priority participate in scheduling. If the number of such DNS servers is smaller than the required minimum number, more DNS servers are selected by priority in descending order. If the allowed maximum number is exceeded after DNS servers with a certain priority are added, only some of the DNS servers with that priority are added.

Use this command together with the selected-server command in DNS server pool view.

Examples

# Set the priority of DNS server ds1 to 3.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1] priority 3

Related commands

selected-server (DNS server pool view)

priority (link group member view)

Use priority to set the priority of a link group member.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

The priority of a link group member is 4.

Views

Link group member view

Predefined user roles

network-admin

context-admin

Parameters

priority: Specifies the priority value in the range of 1 to 8. A greater value means a higher priority.

Usage guidelines

Non-default vSystems do not support this command.

Typically, only the members with the highest priority in a link group participate in scheduling. If the number of such members is smaller than the required minimum number, more members are selected by priority in descending order. If the allowed maximum number is exceeded after members with a certain priority are added, only some of the members with that priority are added.

Use this command together with the selected-server command.

Examples

# Set the priority of link group member lk1 to 3.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] link lk1

[Sysname-lb-lgroup-lg-#member#-lk1] priority 3

Related commands

selected- link

priority (link view)

Use priority to set the priority of a link.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

The priority of a link is 4.

Views

Link view

Predefined user roles

network-admin

context-admin

Parameters

priority: Specifies the priority value in the range of 1 to 8. A greater value means a higher priority.

Usage guidelines

Non-default vSystems do not support this command.

Typically only the links with the highest priority participate in scheduling. If the number of such links is smaller than the required minimum number, more links are selected by priority in descending order.

Examples

# Set the priority of the link lk1 to 3.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] priority 3

Related commands

selected-link

priority (real server view)

Use priority to set the priority of a real server.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

The priority of a real server is 4.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

priority: Specifies the priority value of the real server, in the range of 1 to 8. A greater value means a higher priority to be referenced.

Usage guidelines

Typically only the real servers with the highest priority participate in scheduling. If the number of such real servers is smaller than the required minimum number, more real servers are selected by priority in descending order.

Examples

# Set the priority of the real server rs to 3.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] priority 3

Related commands

selected-server

priority (server farm member view)

Use priority to set the priority of a server farm member.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

The priority of a server farm member is 4.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

priority: Specifies the priority value in the range of 1 to 8. A greater value means a higher priority.

Usage guidelines

Typically, only the members with the highest priority in a server farm participate in scheduling. If the number of such members is smaller than the required minimum number, more members are selected by priority in descending order. If the allowed maximum number is exceeded after members with a certain priority are added, only some of the members with that priority are added.

Use this command together with the selected-server command in server farm view.

Examples

# Set the priority of server farm member rs1 to 3.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] priority 3

Related commands

selected-server (server farm view)

priority (SNAT global policy view)

Use priority to set the priority of a SNAT global policy.

Use undo priority to restore the default.

Syntax

priority priority

undo priority

Default

The priority of a SNAT global policy is 0.

Views

SNAT global policy view

Predefined user roles

network-admin

context-admin

Parameters

priority: Specifies the priority value in the range of 0 to 65535. A greater value means a higher priority.

Usage guidelines

You can configure multiple SNAT global policies with different priorities. They are matched in descending order of priority values.

Examples

# Set the priority of SNAT global policy sn1 to 100.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] priority 100

probe (DNS server pool member view)

Use probe to specify a health monitoring method for a DNS server pool member.

Use undo probe to restore the default.

Syntax

probe template-name

undo probe template-name

Default

No health monitoring method is specified for a DNS server pool member.

Views

DNS server pool member view

Predefined user roles

network-admin

context-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

Non-default vSystems do not support this command.

Use the nqa template command to create an NQA template to be referenced by the health monitoring method. The DNS server pool uses the parameters defined in the NQA template to detect the availability of the pool members.

The health monitoring method configuration in DNS server pool member view takes precedence over the configuration in DNS server pool view.

The health monitoring result for a DNS server affects the availability of a DNS server pool member. The health monitoring result for a DNS server pool member does not affect the availability of a DNS server.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the DNS server pool member ds1 as t4.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] loadbalance dns-server-pool dsp1

[Sysname-lb-dspool-dsp1] dns-server ds1 port 10

[Sysname-lb-dspool-dsp1-#member#-ds1-port-10] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (DNS server pool member view)

probe (DNS server pool view)

Use probe to specify a health monitoring method for a DNS server pool.

Use undo probe to restore the default.

Syntax

probe template-name

undo probe template-name

Default

No health monitoring method is specified for a DNS server pool.

Views

DNS server pool view

Predefined user roles

network-admin

context-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

Non-default vSystems do not support this command.

The health monitoring method configuration in DNS server view takes precedence over the configuration in DNS server pool view.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the DNS server pool dns-pool as t4.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] loadbalance dns-server-pool dns-pool

[Sysname-lb-dspool-dns-pool] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (DNS server pool view)

probe (DNS server view)

Use probe to specify a health monitoring method for a DNS server.

Use undo probe to restore the default.

Syntax

probe template-name

undo probe template-name

Default

No health monitoring method is specified for a DNS server.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

Non-default vSystems do not support this command.

Use the nqa template command to create an NQA template to be referenced by the health monitoring method.

The health monitoring method configuration in DNS server view takes precedence over the configuration in DNS server pool view.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for DNS server ds1 as t4.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (DNS server view)

probe (link group member view)

Use probe to specify a health monitoring method for a link group member.

Use undo probe to restore the default.

Syntax

probe template-name

undo probe template-name

Default

No health monitoring method is specified for a link group member.

Views

Link group member view

Predefined user roles

network-admin

context-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

Non-default vSystems do not support this command.

Use the nqa template command to create an NQA template to be referenced by the health monitoring method. The link group uses the parameters defined in the NQA template to detect the availability of the link group members.

The health monitoring method configuration in link group member view takes precedence over the configuration in link group view.

The health monitoring result for a link affects the availability of a link group member. The health monitoring result for a link group member does not affect the availability of a link.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the link group member lk1 as t4.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] link lk1

[Sysname-lb-lgroup-lg-#member#-lk1] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (link group member view)

probe (link group view)

Use probe to specify a health monitoring method for a link group.

Use undo probe to restore the default.

Syntax

probe template-name

undo probe template-name

Default

No health monitoring method is specified for a link group.

Views

Link group view

Predefined user roles

network-admin

context-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

Non-default vSystems do not support this command.

The link group uses the parameters defined in the NQA template to detect the availability of links.

The health monitoring method configuration in link view takes precedence over the configuration in link group view.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the link group lg as t4.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (link group view)

probe (link view)

Use probe to specify a health monitoring method for an LB link.

Use undo probe to restore the default.

Syntax

probe template-name

undo probe template-name

Default

No health monitoring method is specified for an LB link.

Views

Link view

Predefined user roles

network-admin

context-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

Non-default vSystems do not support this command.

Use the nqa template command to create an NQA template to be referenced by the health monitoring method.

You can configure multiple health monitoring methods for an LB link. By default, health monitoring succeeds only when all the specified health monitoring methods succeed. You can use the success-criteria command to specify the health monitoring success criteria for the LB link.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the LB link lk1 as t4.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (link view)

probe (real server view)

Use probe to specify a health monitoring method for a real server.

Use undo probe to restore the default.

Syntax

probe template-name [ nqa-template-port ]

undo probe template-name

Default

No health monitoring method is specified for a real server.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

nqa-template-port: Uses the destination port number specified in the NQA template for detection. If you do not specify this keyword, the real server's port number is used for detection.

Usage guidelines

Use the nqa template command to create an NQA template to be referenced by the health monitoring method.

You can specify a health monitoring method by using one of the following methods:

· Configure the parameter globally for all members in a server farm in server farm view.

· Configure the parameter for a specific real server in real server view or server farm member view.

The health monitoring method configuration in real server view or server farm member view takes precedence over the configuration in server farm view. As a best practice, specify a health monitoring method preferentially in server farm view.

The health monitoring result for a real server affects the availability of a server farm member. The health monitoring result for a server farm member does not affect the availability of a real server.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the real server rs as t4.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] real-server rs

[Sysname-rserver-rs] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (real server view)

probe (server farm member view)

Use probe to specify a health monitoring method for a server farm member.

Use undo probe to restore the default.

Syntax

probe template-name [ nqa-template-port ]

undo probe template-name

Default

No health monitoring method is specified for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

nqa-template-port: Uses the destination port number specified in the NQA template for detection. If you do not specify this keyword, the server farm member's port number is used for detection.

Usage guidelines

Use the nqa template command to create an NQA template to be referenced by the health monitoring method. The server farm uses the parameters defined in the NQA template to detect the availability of the server farm members.

You can specify a health monitoring method by using one of the following methods:

· Configure the parameter globally for all members in a server farm in server farm view.

· Configure the parameter for a specific real server in real server view or server farm member view.

The health monitoring method configuration in server farm member view takes precedence over the configuration in server farm view. As a best practice, specify a health monitoring method preferentially in server farm view.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the server farm member rs1 as t4.

<Sysname> system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (server farm member view)

probe (server farm view)

Use probe to specify a health monitoring method for a server farm.

Use undo probe to delete a health monitoring method from a server farm.

Syntax

probe template-name [ nqa-template-port ]

undo probe template-name

Default

No health monitoring method is specified for a server farm.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

template-name: Specifies an NQA template by its name, a case-insensitive string of 1 to 32 characters.

nqa-template-port: Uses the destination port number specified in the NQA template for detection. If you do not specify this keyword, the real server's port number is used for detection.

Usage guidelines

Use the nqa template command to create an NQA template to be referenced by the health monitoring method.

You can specify a health monitoring method by using one of the following methods:

· Configure the parameter globally for all members in a server farm in server farm view.

· Configure the parameter for a specific real server in real server view or server farm member view.

The health monitoring method configuration in real server view takes precedence over the configuration in server farm view. As a best practice, specify a health monitoring method preferentially in server farm view.

Examples

# Create the ICMP-type NQA template t4, and specify the health monitoring method for the server farm sf as t4.

<Sysname>system-view

[Sysname] nqa template icmp t4

[Sysname-nqatplt-icmp-t4] quit

[Sysname] server-farm sf

[Sysname-sfarm-sf] probe t4

Related commands

nqa template (Network Management and Monitoring Command Reference)

success-criteria (server farm view)

probe-template (real server view)

Use probe-template to specify a custom-monitoring LB probe template for a real server.

Use undo probe-template to remove a custom-monitoring LB probe template from a real server.

Syntax

probe-template external-monitor template-name

undo probe-template external-monitor template-name

Default

No custom-monitoring LB probe template is specified for a real server.

Views

Real server view

Predefined user roles

network-admin

context-admin

Parameters

template-name: Specifies a custom-monitoring template by its name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

Non-default vSystems do not support this command.

This command can monitor a real sever by referencing a custom-monitoring LB probe template.

The monitoring result of a real server affects the availability of a server farm member, but the monitoring result of a server farm member does not affect the availability of a real server.

Examples

# Specify custom-monitoring LB probe template test_external for real server rs.

<Sysname>system-view

[Sysname] real-server rs

[Sysname-rserver-rs] probe-template external-monitor test_external

Related commands

loadbalance probe-template

probe-template (server farm member view)

Use probe-template to specify a custom-monitoring probe template for a server farm member.

Use undo probe-template to remove a custom-monitoring LB probe template from a server farm member.

Syntax

probe-template external-monitor template-name

undo probe-template external-monitor template-name

Default

No custom-monitoring probe template is specified for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

Parameters

template-name: Specifies a custom-monitoring template by its name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

Non-default vSystems do not support this command.

This command can monitor a sever farm member by referencing a custom-monitoring LB probe template.

You can configure this command for all server farm members in server farm view or for a single server farm member in server farm member view. If you configure this command in both server farm view and server farm member view, the configuration in server farm member view takes effect.

The monitoring result of a real server affects the availability of a server farm member, but the monitoring result of a server farm member does not affect the availability of a real server.

Examples

# Specify custom-monitoring LB probe template test_external for server farm member rs1.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] probe-template external-monitor test_external

Related commands

loadbalance probe-template

probe-template (server farm view)

Use probe-template to specify an LB probe template for a server farm.

Use undo probe-template to remove an LB probe template for a server farm.

Syntax

probe-template { external-monitor | http-passive | tcp-rst | tcp-zero-window } template-name

undo probe-template { external-monitor | http-passive | tcp-rst | tcp-zero-window }

Default

No LB probe template is specified for a server farm.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

external-monitor: Specifies a custom-monitoring LB probe template.

http-passive: Specifies an HTTP passive LB probe template.

tcp-rst: Specifies a TCP-RST LB probe template.

tcp-zero-window: Specifies a TCP zero-window LB probe template.

template-name: Specifies the template name, a case-insensitive string of 1 to 32 characters.

Usage guidelines

This command can monitor all real severs in a server farm.

A server farm can reference only one HTTP passive LB probe template, one TCP-RST LB probe template, and one TCP zero-window LB probe template at the same time.

You can specify multiple custom-monitoring LB probe templates for a server farm.

Examples

# Specify TCP-RST LB probe template r1 for server farm sf.

<Sysname>system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] probe-template tcp-rst r1

Related commands

loadbalance probe-template

probe log enable (real server view)

Use probe log enable to enable health monitoring logging for a real server.

Use undo probe log enable to disable health monitoring logging for a real server.

Syntax

probe log enable

undo probe log enable

Default

Health monitoring logging is enabled for a real server.

Views

Real server view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This feature generates logs when the health of a real server changes.

Examples

# Enable health monitoring logging for real server rs.

<Sysname>system-view

[Sysname] real-server rs

[Sysname-rserver-rs] probe log enable

probe log enable (server farm member view)

Use probe log enable to enable health monitoring logging for a server farm member.

Use undo probe log enable to disable health monitoring logging for a server farm member.

Syntax

probe log enable

undo probe log enable

Default

Health monitoring logging is enabled for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This feature generates logs when the health of a server farm member changes.

Examples

# Enable health monitoring logging for server farm member rs1.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] probe log enable

protect-action

Use protect-action to configure the protection action for an LB probe template.

Use undo protect-action to restore the default.

Syntax

protect-action { auto-shutdown | busy [ probe-interval interval ] [ probe-times times ] }

undo protect-action

Default

The protection action is to place a real server in busy state.

Views

TCP-RST LB probe template view

TCP zero-window LB probe template view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

auto-shutdown: Automatically shuts down a real server.

busy: Places a real server in busy state.

probe-interval interval: Specifies the interval for probing the real server in busy state, in the range of 5 to 3600 seconds. The default is 30 seconds.

probe-times times: Specifies the maximum number of times for probing the real server in busy state, in the range of 0 to 255. The default is 0, which means that the number of probe times is not limited.

Usage guidelines

For the busy action, after placing a real server in busy state, the device starts probing the real server at the specified probe intervals. If the number of RST or zero-window packets sent does not reach the threshold in a probe interval, the real server is placed back in normal state. If threshold violation persists when the maximum probe times is reached, the system automatically shuts down the real server.

A real server that is shut down or placed in busy state due to packet threshold violation will be restored to normal state immediately when the referenced LB probe template is deleted.

If a real server is shut down or placed in busy state due to packet threshold violation, you can restore the real server to normal state after a period of time (by executing the auto-shutdown recovery-time command) or immediately (by executing the recover-from-auto-shutdown (real server view) command).

Examples

# In TCP-RST LB probe template rsttplt, configure the protection action as busy, set the probe interval to 30 seconds, and set the probe times to 3.

<Sysname>system-view

[Sysname] loadbalance probe-template tcp-rst rsttplt

[Sysname-lbpt-tcp-rst-rsttplt] protect-action busy probe-interval 30 probe-times 3

Related commands

auto-shutdown recovery-time

recover-from-auto-shutdown (real server view)

protected-url

Use protected-url to configure the URLs to be protected.

Use undo protected-url to remove all protected URLs.

Syntax

protected-url url

undo protected-url

Default

No URLs are protected.

Views

Protection rule view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

url: Specifies a regular expression to match URLs, a case-sensitive string of 1 to 255 characters. The regular expression cannot contain question marks (?).

Usage guidelines

If the number of times that a user accesses a protected URL exceeds the request threshold during the protection period, the protection action is taken.

The device does not match the parameters in a URL and matches only the portion before the question mark (?).

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In protection rule 5, configure www.example.com/index.html as a protected URL.

<Sysname>system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] rule 5

[Sysname-lbpp-http-p1-rule-5] protected-url www.example.com/index.html

Related commands

cookie (protection policy view)

protection-action

protection-period

source-ip

protection-action

Use protection-action to configure a protection action.

Use undo protection-action to restore the default.

Syntax

protection-action { warning | { drop | verify { insert-header | js } } } *

undo protection-action

Default

No protection action is configured.

Views

HTTP protection policy view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

warning: Generates a log message.

drop: Drops requests.

verify: Performs client verification on subsequent requests.

insert-header: Performs cookie verification by inserting an HTTP header.

js: Performs cookie verification by inserting a JS script.

Usage guidelines

The protection action is taken when protection rules in a protection policy are matched. The device supports the following protection actions:

· Warning—Generates a log message and sends it to the information center.

· Drop—Drops requests.

· Verify client—Returns a response carrying a cookie value to the client. If a subsequent request carries the returned cookie value, it passes the verification. If a subsequent request does not carry a cookie value or carries a different cookie value, it fails to pass the verification and is dropped. This protection action is useful in scenarios where attackers cannot insert cookie values into attack packets. The device supports returning a cookie value by inserting an HTTP header or a JS script.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In HTTP protection policy p1, configure generating log messages and performing client verification by inserting an HTTP header as the protection actions.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1 type http

[Sysname-lbpp-http-p1] protection-action warning verify insert-header

protection-period

Use protection-period to set the protection period.

Use undo protection-period to restore the default.

Syntax

protection-period period

undo protection-period

Default

The protection period is 120 seconds.

Views

Protection rule view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

period: Specifies a protection period in the range of 1 to 900 seconds.

Usage guidelines

If the number of times that a user accesses a protected URL exceeds the request threshold during the protection period, the protection action is taken.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In protection rule 5, set the protection period to 5 seconds.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] rule 5

[Sysname-lbpp-http-p1-rule-5] protection-period 5

Related commands

protected-url

protection-action

protection-policy

Use protection-policy to specify a protection policy for a virtual server.

Use undo protection-policy to restore the default.

Syntax

protection-policy http policy-name

undo protection-policy http

Default

No protection policy is specified for a virtual server.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

policy-name: Specifies a protection policy by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

The protection policy specified for a virtual server protects the traffic matching the virtual server.

Examples

# Specify protection policy p1 for HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs]protection-policy http p1

Related commands

loadbalance protection-policy

proximity enable (link group view)

Use proximity enable to enable the proximity feature for a link group.

Use undo proximity enable to disable the proximity feature for a link group.

Syntax

proximity enable

undo proximity enable

Default

The proximity feature is disabled for a link group.

Views

Link group view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

The proximity feature takes precedence over the scheduling algorithm in selecting a link. If no link is selected according to the proximity feature, the scheduling algorithm is used.

For a link group, the proximity feature is mutually exclusive with the link quality algorithm. The most recent configuration overwrites the previous one.

Examples

# Enable the proximity feature for the link group lg.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] proximity enable

Related commands

predictor (link group view)

proximity enable (server farm view)

Use proximity enable to enable the proximity feature for a server farm.

Use undo proximity enable to disable the proximity feature for a server farm.

Syntax

proximity enable

undo proximity enable

Default

The proximity feature is disabled for a server farm.

Views

Server farm view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

The proximity feature takes precedence over the scheduling algorithm in selecting a real server. If no real server is selected according to the proximity feature, the scheduling algorithm is used.

Examples

# Enable the proximity feature for the server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] proximity enable

radius-attribute

Use radius-attribute to configure the RADIUS attribute sticky method.

Use undo radius-attribute to delete the RADIUS attribute sticky method.

Syntax

radius-attribute { code attribute-code | framed-ip-address | user-name }

undo radius-attribute

Default

No RADIUS sticky methods exist.

Views

RADIUS sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

code attribute-code: Specifies the code of the RADIUS attribute type, in the range of 1 to 255.

framed-ip-address: Specifies the RADIUS attribute type as framed-ip-address (code 8).

user-name: Specifies the RADIUS attribute type as user-name (code 1).

Usage guidelines

The RADIUS attribute sticky method takes effect only on RADIUS packets.

Examples

# Configure the RADIUS attribute sticky method for sticky group s1 by specifying the RADIUS attribute type as user-name.

<Sysname> system-view

[Sysname] sticky-group s1 type radius

[Sysname-sticky-radius-s1] radius-attribute user-name

rate-limit bandwidth (link view)

Use rate-limit bandwidth to set the maximum bandwidth of a link.

Use undo rate-limit bandwidth to restore the default.

Syntax

rate-limit bandwidth [ inbound | outbound ] bandwidth-value kbps

undo rate-limit bandwidth [ inbound | outbound ]

Default

The maximum bandwidth of a link is not limited.

Views

Link view

Predefined user roles

network-admin

context-admin

Parameters

inbound: Specifies the maximum inbound bandwidth.

outbound: Specifies the maximum outbound bandwidth.

bandwidth-value: Specifies the maximum bandwidth in the range of 0 to 4294967295. The value 0 means the bandwidth is not limited.

kbps: Specifies the bandwidth unit as kbps.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify the inbound or outbound keyword, the maximum bandwidth equals the inbound bandwidth plus the outbound bandwidth.

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum bandwidth of the link lk1 to 1 kbps.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] rate-limit bandwidth 1 kbps

# Set the maximum inbound bandwidth of the link lk1 to 1 kbps.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] rate-limit bandwidth inbound 1 kbps

# Set the maximum outbound bandwidth of the link lk1 to 1 kbps.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] rate-limit bandwidth outbound 1 kbps

rate-limit bandwidth (real server view)

Use rate-limit bandwidth to set the maximum bandwidth of a real server.

Use undo rate-limit bandwidth to restore the default.

Syntax

rate-limit bandwidth [ inbound | outbound ] bandwidth-value kbps

undo rate-limit bandwidth [ inbound | outbound ]

Default

The maximum bandwidth of a real server is not limited.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

inbound: Specifies the maximum inbound bandwidth.

outbound: Specifies the maximum outbound bandwidth.

bandwidth-value: Specifies the maximum bandwidth in the range of 0 to 4294967295. The value 0 means the bandwidth is not limited.

kbps: Specifies the bandwidth unit as kbps.

Usage guidelines

If you do not specify the inbound or outbound keyword, the maximum bandwidth equals the inbound bandwidth plus the outbound bandwidth.

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum bandwidth of the real server rs to 1 kbps.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] rate-limit bandwidth 1 kbps

# Set the maximum inbound bandwidth of the real server rs to 1 kbps.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] rate-limit bandwidth inbound 1 kbps

# Set the maximum outbound bandwidth of the real server rs to 1 kbps.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] rate-limit bandwidth outbound 1 kbps

rate-limit bandwidth (virtual server view)

Use rate-limit bandwidth to set the maximum bandwidth of a virtual server.

Use undo rate-limit bandwidth to restore the default.

Syntax

rate-limit bandwidth [ inbound | outbound ] bandwidth-value kbps

undo rate-limit bandwidth [ inbound | outbound ]

Default

The maximum bandwidth of a virtual server is not limited.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

inbound: Specifies the maximum inbound bandwidth.

outbound: Specifies the maximum outbound bandwidth.

bandwidth-value: Specifies the maximum bandwidth in the range of 0 to 4294967295. The value 0 means the bandwidth is not limited.

kbps: Specifies the bandwidth unit as kbps.

Usage guidelines

If you do not specify the inbound or outbound keyword, the maximum bandwidth equals the inbound bandwidth plus the outbound bandwidth.

Examples

# Set the maximum bandwidth of the IP-type virtual server vs3 to 1 kbps.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] rate-limit bandwidth 1 kbps

# Set the maximum inbound bandwidth of the IP-type virtual server vs3 to 1 kbps.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] rate-limit bandwidth inbound 1 kbps

# Set the maximum outbound bandwidth of the IP-type virtual server vs3 to 1 kbps.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] rate-limit bandwidth outbound 1 kbps

rate-limit connection (link group member view)

Use rate-limit connection to set the maximum number of connections per second of a link group member.

Use undo rate-limit connection to restore the default.

Syntax

rate-limit connection connection-number

undo rate-limit connection

Default

The maximum number of connections per second of a link group member is 0.

Views

Link group member view

Predefined user roles

network-admin

context-admin

Parameters

connection-number: Specifies the maximum number of connections per second in the range of 0 to 4294967295. 0 means the number is not limited.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the maximum number of connections per second of the link group member lk1 to 1000.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] link lk1

[Sysname-lb-lgroup-lg-#member#-lk1] rate-limit connection 1000

rate-limit connection (link view)

Use rate-limit connection to set the maximum number of connections per second of a link.

Use undo rate-limit connection to restore the default.

Syntax

rate-limit connection connection-number

undo rate-limit connection

Default

The maximum number of connections per second of a link is 0.

Views

Link view

Predefined user roles

network-admin

context-admin

Parameters

connection-number: Specifies the maximum number of connections per second in the range of 0 to 4294967295. 0 means the number is not limited.

Usage guidelines

Non-default vSystems do not support this command.

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum number of connections per second of the link lk1 to 10000.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] rate-limit connection 10000

rate-limit connection (real server view)

Use rate-limit connection to set the maximum number of connections per second of a real server.

Use undo rate-limit connection to restore the default.

Syntax

rate-limit connection connection-number

undo rate-limit connection

Default

The maximum number of connections per second of a real server is 0.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

connection-number: Specifies the maximum number of connections per second in the range of 0 to 4294967295. 0 means the number is not limited.

Usage guidelines

This command takes effect only on new sessions and does not take effect on existing sessions.

Examples

# Set the maximum number of connections per second of the real server rs to 10000.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] rate-limit connection 10000

rate-limit connection (server farm member view)

Use rate-limit connection to set the maximum number of connections per second of a server farm member.

Use undo rate-limit connection to restore the default.

Syntax

rate-limit connection connection-number

undo rate-limit connection

Default

The maximum number of connections per second of a server farm member is 0.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

connection-number: Specifies the maximum number of connections per second in the range of 0 to 4294967295. 0 means the number is not limited.

Examples

# Set the maximum number of connections per second of the server farm member rs1 to 1000.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] rate-limit connection 1000

rate-limit connection (virtual server view)

Use rate-limit connection to set the maximum number of connections per second of a virtual server.

Use undo rate-limit connection to restore the default.

Syntax

rate-limit connection connection-number

undo rate-limit connection

Default

The maximum number of connections per second of a virtual server is 0.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

connection-number: Specifies the maximum number of connections per second in the range of 0 to 4294967295. 0 means the number is not limited.

Examples

# Set the maximum number of connections per second of the IP-type virtual server vs3 to 10000.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] rate-limit connection 10000

rate-limit http-request (real server view)

Use rate-limit http-request to set the maximum number of HTTP requests per second for a real server.

Use undo rate-limit http-request to restore the default.

Syntax

rate-limit http-request request-number

undo rate-limit http-request

Default

The maximum number of HTTP requests per second is 0 for a real server.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

request-number: Specifies the maximum number of HTTP requests per second, in the range of 0 to 4294967295. 0 means the number is not limited.

Examples

# Set the maximum number of HTTP requests per second to 10000 for real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] rate-limit http-request 10000

rate-limit http-request (server farm member view)

Use rate-limit http-request to set the maximum number of HTTP requests per second for a server farm member.

Use undo rate-limit http-request to restore the default.

Syntax

rate-limit http-request request-number

undo rate-limit http-request

Default

The maximum number of HTTP requests per second is 0 for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

request-number: Specifies the maximum number of HTTP requests per second, in the range of 0 to 4294967295. 0 means the number is not limited.

Usage guidelines

The number of HTTP requests per second is used for determining whether a server farm member is busy. If the number of HTTP requests received by a server farm member per second exceeds the specified maximum value, the server farm member is considered busy.

Examples

# Set the maximum number of HTTP requests per second to 10000 for server farm member rs.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] rate-limit http-request 10000

readwrite-separation

Use readwrite-separation to enable read/write separation for the MySQL database.

Use undo readwrite-separation to disable read/write separation for the MySQL database.

Syntax

readwirte-separation read-server-farm read-server-farm-name [ read-sticky-group read-sticky-group-name ] write-server-farm write-sever-farm-name [ write-sticky-group write-sticky-group-name ]

undo readwrite-separation

Default

Read/write separation is disabled for the MySQL database.

Views

MySQL virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

read-server-farm read-server-farm-name: Specifies a read server farm by its name, a case-insensitive string of 1 to 63 characters.

read-sticky read-sticky-group-name: Specifies a sticky group for the read server farm by its name, a case-insensitive string of 1 to 63 characters.

write-server-farm write-server-farm-name: Specifies a write server farm by its name, a case-insensitive string of 1 to 63 characters.

write-sticky write-sticky-group-name: Specifies a sticky group for the write server farm by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Read/write separation allows read commands and write commands to be executed by the read server farm and write server farm, respectively, which helps reduce the impact of concurrent read/write requests on database performance.

Examples

# Enable read/write separation for the MySQL database of MySQL virtual server vs1.

<Sysname> system-view

[Sysname] virtual-server vs1 type mysql

[Sysname-vs-mysql-vs1] readwrite-separation read-server-farm rd write-server-farm wr

real-server (server farm view)

Use real-server to create a server farm member and enter its view, or enter the view of an existing server farm member.

Use undo real-server to delete a server farm member.

Syntax

real-server real-server-name port port-number

undo real-server real-server-name port port-number

Default

No server farm members exist.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

real-server-name: Specifies a server farm member by its name, a case-insensitive string of 1 to 63 characters.

port-number: Specifies the port number of the server farm member, in the range of 0 to 65535.

Usage guidelines

You can use one of the following methods to add a member to a server farm:

· Use the real-server command in server farm view. H3C recommends using this method.

· Use the server-farm command in real server view.

You cannot use both methods to add a member with the same real server name and port number to a server farm.

Examples

# Add server farm member rs1 and enter server farm member view.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80]

Related commands

server-farm (real server view)

real-server (system view)

Use real-server to create a real server and enter its view, or enter the view of an existing real server.

Use undo real-server to delete the specified real server.

Syntax

real-server real-server-name

undo real-server real-server-name

Default

No real servers exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

real-server-name: Specifies the real server name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can configure this command only if the device has licenses installed. For information about licensing, see license management in Fundamentals Configuration Guide.

Examples

# Create real server rs and enter real server view.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs]

rebalance per-request

Use rebalance per-request to enable load balancing for each HTTP request.

Use undo rebalance per-request to restore the default.

Syntax

rebalance per-request

undo rebalance per-request

Default

Load balancing applies to the first HTTP request of a connection. Other HTTP requests are processed in the same way.

Views

HTTP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Examples

# Enable load balancing for each HTTP request in the HTTP parameter profile pp1.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] rebalance per-request

record

Use record to configure a resource record of the specified type.

Use undo record to delete a resource record of the specified type.

Syntax

record { cname alias alias-name canonical canonical-name | mx [ host hostname ] exchanger exchanger-name preference preference | ns [ sub subname ] authority ns-name | srv [ service service-name ] host-offering-service hostname priority priority weight weight port port-number | txt [ sub subname ] describe-txt description } [ ttl ttl-value ]

undo record { cname alias alias-name canonical canonical-name | mx [ host hostname ] exchanger exchanger-name | ns [ sub subname ] authority ns-name } | srv [ service hostname ] host-offering-service hostname port port-number | txt [ sub subname ] describe-txt description

Default

No resource records exist.

Views

DNS forward zone view

Predefined user roles

network-admin

context-admin

Parameters

cname: Configures a canonical name (CNAME) resource record.

alias alias-name: Specifies an alias for a host name, a case-insensitive, dot-separated string that contains a maximum of 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters.

canonical canonical-name: Specifies the host name, a case-insensitive, dot-separated string that contains a maximum 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters.

mx: Configures a mail exchanger (MX) resource record.

host hostname: Specifies the host name for the MX resource record, a case-insensitive, dot-separated string that contains a maximum 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters.

exchanger exchanger-name: Specifies the host name of the mail server, a case-insensitive, dot-separated string that contains a maximum 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters.

preference preference: Specifies the preference for the MX resource record, in the range of 0 to 65535. The smaller the value, the higher the priority.

ns: Configure a name server (NS) resource record.

sub subname: Specifies a subname for the DNS forward zone, a case-insensitive, dot-separated string of 1 to 254 characters for an absolute domain name or 1 to 253 characters for a relative domain name. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters.

authority ns-name: Specifies the host name of the authoritative DNS server, a case-insensitive, dot-separated string that contains a maximum of 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters.

srv: Configures a service resource record.

service service-name: Specifies a service by its name, a case-insensitive, dot-separated string of 1 to 254 characters for an absolute domain name or 1 to 253 characters for a relative domain name. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters. In a service name (for example, _ftp._tcp.movie.edu), add an underscore before the application name and the protocol name to distinguish them from host domain names. If you do not specify a service name, the domain name of the DNS forward zone applies.

host-offering-service host-name: Specifies the name of the host that provides the service, a case-insensitive, dot-separated string of 1 to 254 characters for an absolute domain name or 1 to 253 characters for a relative domain name. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters.

priority priority: Specifies a priority value for the resource record in the range of 0 to 100. The smaller the priority value, the higher the priority.

weight weight-value: Specifies a weight value for the resource record in the range of 0 to 100.

port port-number: Specifies a port number in the range of 0 to 65535.

txt: Configures a text resource record.

describe-txt description: Specifies the description for the TXT resource record, a case-insensitive string of 1 to 255 characters.

ttl ttl-value: Specifies the TTL for resource records, in the range of 0 to 4294967295 seconds. The default is 3600.

Usage guidelines

Non-default vSystems do not support this command.

The host name specified in a resource record can be a relative domain name (does not end with a dot) or an absolute domain name (ends with a dot). For an absolute domain name, the host name is not automatically expanded and cannot exceed 254 characters. For a relative domain name, the current domain name is automatically appended to the host name. The relative domain name plus the appended domain name cannot exceed 254 characters.

If a service has multiple resource records, the device first attempts to connect to the record with the lowest priority. If multiple resource records have the same priority, the device first attempts to connect to the record with the highest weight.

The TTL setting in this command takes precedence over the TTL setting in DNS forward zone view.

You can configure multiple resource records for a DNS forward zone.

Examples

# Configure an MX resource record for DNS forward zone example.com: Specify the host name of the mail server as mail.example.com and the preference for the resource record as 10.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] record mx exchanger mail.example.com preference 10

# Configure a CNAME resource record for DNS forward zone example.com: Specify alias test.example.com for host name aaa.example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] record cname alias test.example.com canonical aaa.example.com

# Configure an NS resource record for DNS forward zone example.com: Specify the host name of the authoritative DNS server as ns1.example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] record ns authority ns1.example.com

# Configure a TXT resource record for DNS forward zone example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] record txt sub hotline describe-txt v=spf1 include:spf.abcmail.example.com.cn -all

# Configure an SRV resource record for DNS forward zone example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] record srv service _http._tcp.example.com. host-offering-service www.example.com priority 5 weight 10 port 80

Related commands

display loadbalance zone

record ptr

Use record ptr to configure a pointer record (PTR) resource record.

Use undo record ptr to delete a PTR resource record.

Syntax

record ptr { ip ipv4-address | ipv6 ipv6-address } domain-name [ ttl ttl-value ]

undo record ptr { ip ipv4-address | ipv6 ipv6-address } domain-name

Default

No PTR resource records exist.

Views

DNS reverse zone view

Predefined user roles

network-admin

context-admin

Parameters

ip ipv4-address: Specifies an IPv4 address.

ipv6 ipv6-address: Specifies an IPv6 address.

domain-name: Specifies a domain name, a case-insensitive, dot-separated string that contains a maximum of 253 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters.

ttl ttl-value: Specifies the TTL for resource records, in the range of 0 to 4294967295 seconds. The default is 3600.

Usage guidelines

Non-default vSystems do not support this command.

You can configure PTR resource records for IP addresses that require reverse DNS resolution.

The IP address specified in a PTR resource record must be within the IP address range of the DNS reverse zone.

You can configure multiple PTR resource records for a DNS reverse zone.

Examples

# Configure a PTR resource record for the DNS reverse zone with IPv4 address 10.1.1.0/24.

<Sysname> system-view

[Sysname] loadbalance reverse-zone ip 10.1.1.0 24

[Sysname-lb-rzone-10.1.1.0/24] record ptr ip 10.1.1.1 mail.example.com

Related commands

display loadbalance reverse-zone

recover-from-auto-shutdown (real server view)

Use recover-from-auto-shutdown to manually recover a real server in Auto shutdown state.

Syntax

recover-from-auto-shutdown

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

Use this command to manually recover a real server shut down by intelligent monitoring.

If health monitoring is not configured, a recovered real server is set to Unknown state.

If health monitoring is configured and succeeds, a recovered real server is set to Active state. If health monitoring fails, a recovered real server is set to Probe-failed state.

Examples

# Manually recover a real server in Auto shutdown state.

<Sysname>system-view

[Sysname] real-server rs

[Sysname-rserver-rs] recover-from-auto-shutdown

recover-from-auto-shutdown (server farm member view)

Use recover-from-auto-shutdown to manually recover a server farm member in Auto shutdown state.

Syntax

recover-from-auto-shutdown

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

Use this command to manually recover a server farm member shut down by intelligent monitoring.

If health monitoring is not configured, a recovered server farm member is set to Unknown state.

If health monitoring is configured and succeeds, a recovered server farm member is set to Active state. If health monitoring fails, a recovered server farm member is set to Probe-failed state.

Examples

# Manually recover a server farm member in Auto shutdown state.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] recover-from-auto-shutdown

redirect relocation (LB action view)

Use redirect relocation to enable the redirection feature and specify a redirection URL for an LB action.

Use undo redirect relocation to disable the redirection feature for an LB action.

Syntax

redirect relocation relocation

undo redirect relocation

Default

The redirection feature is disabled for an LB action.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

relocation: Specifies a redirection URL, a case-sensitive string of 1 to 255 characters. You can also specify the question mark (?) or the following character strings as the redirection URL (each character string can be used only once):

· %h: Specifies the host name and port number in the client request packet.

· %{host}: Specifies the IP address in the client request packet.

· %{port}: Specifies the port number in the client request packet.

· %p: Specifies the URL in the client request packet.

Usage guidelines

This command and the server-farm command are mutually exclusive. If you configure one command, the other command (if configured) is automatically cancelled.

This command redirects all HTTP request packets matching an LB action to the specified URL.

Examples

# Enable the redirection feature for the HTTP LB action lba1, and specify the redirection URL as https://%h%p.

<Sysname> system-view

[Sysname] loadbalance action lba1 type http

[Sysname-lba-http-lba1] redirect relocation https://%h%p

redirect relocation (virtual server view)

Use redirect relocation to enable the redirection feature and specify a redirection URL for a virtual server.

Use undo redirect relocation to disable the redirection feature for a virtual server.

Syntax

redirect relocation relocation

undo redirect relocation

Default

The redirection feature is disabled for a virtual server.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

relocation: Specifies a redirection URL, a case-sensitive string of 1 to 255 characters. The redirection feature redirects all request packets matching the virtual server to the URL. You can also specify the question mark (?) or the following character strings as the redirection URL (each character string can be used only once):

· %h: Specifies the host name and port number in the client request packet.

· %{host}: Specifies the IP address in the client request packet.

· %{port}: Specifies the port number in the client request packet.

· %p: Specifies the URL in the client request packet.

Examples

# Enable the redirection feature for the HTTP-type virtual server vs2, and specify the redirection URL as https://%h%p.

<Sysname> system-view

[Sysname] virtual-server vs2 type http

[Sysname-vs-http-vs2] redirect relocation https://%h%p

redirect return-code (LB action view)

Use redirect return-code to specify the status code in the redirection packets that the LB device returns to clients.

Use undo redirect return-code to restore the default.

Syntax

redirect return-code { 301 | 302 | 307 }

undo redirect return-code

Default

The status code in the redirection packets that the LB device returns to clients is 302.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

301: Deletes request resources permanently.

302: Deletes request resources temporarily.

307: Redirects requests to the URL in the location header temporarily.

Usage guidelines

This configuration takes effect only when the redirection feature is enabled for the HTTP LB action.

Examples

# Specify the status code in the redirection packets that the LB device returns to clients as 301 for the HTTP LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type http

[Sysname-lba-http-lba1] redirect return-code 301

Related commands

redirect relocation

redirect return-code (virtual server view)

Use redirect return-code to specify the status code in the redirection packets that the LB device returns to clients.

Use undo redirect return-code to restore the default.

Syntax

redirect return-code { 301 | 302 | 307 }

undo redirect return-code

Default

The status code in the redirection packets that the LB device returns to clients is 302.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

301: Deletes request resources permanently.

302: Deletes request resources temporarily.

307: Redirects requests to the URL in the location header temporarily.

Usage guidelines

This configuration takes effect only when the redirection feature is enabled for the virtual server.

Examples

# Specify the status code in the redirection packets that the LB device returns to clients as 301 for the HTTP-type virtual server vs2.

<Sysname> system-view

[Sysname] virtual-server vs2 type http

[Sysname-vs-http-vs2] redirect return-code 301

Related commands

redirect relocation

redundancy-group

Use redundancy-group to specify a redundancy group for a virtual server, to which traffic matching the virtual server is directed.

Use undo redundancy-group to restore the default.

Syntax

redundancy-group group-name

undo redundancy-group

Default

The traffic matching a virtual server is directed to all effective failover groups.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

Parameters

group-name: Specifies a redundancy group by its name, a case-sensitive string of 1 to 15 characters.

Usage guidelines

Non-default vSystems do not support this command.

If the specified redundancy group does not exist or does not contain effective failover groups, this command does not take effect.

The virtual server that has a specified redundancy group cannot be associated with the same server farm as any other virtual servers.

Examples

# Specify redundancy group aaa for TCP-type virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type tcp

[Sysname-vs-tcp-vs] redundancy-group aaa

refresh

Use refresh to set the refresh interval.

Use undo refresh to restore the default.

Syntax

refresh refresh-interval

undo refresh

Default

The refresh interval is 3600 seconds.

Views

SOA view

Predefined user roles

network-admin

context-admin

Parameters

refresh-interval: Specifies the refresh interval in the range of 300 to 2419200 seconds.

Usage guidelines

Non-default vSystems do not support this command.

The secondary DNS server obtains SOA resource records from the primary DNS server at the refresh interval. After obtaining SOA resource records, the secondary DNS server compares them with the local SOA resource records.

Examples

# Set the refresh interval to 4 hours for DNS forward zone example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] soa

[Sysname-lb-zone-example.com-soa] refresh 14400

Related commands

display loadbalance zone

reload http-response

Use reload http-response to reload a response file.

Syntax

reload http-response { file filename }

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

file filename: Specifies a file by its name, a case-insensitive string of 1 to 255 characters.

Usage guidelines

If a response file changes, you must reload the file to make it take effect.

For a distributed device, if you do not specify a response file to reload, the device reloads all response files from the active MPU.

Examples

# Reload response file subsys_intf.js.

<Sysname> system-view

[Sysname] reload http-response /index/subsys_intf.js

Related commands

fallback-action response raw-file

response

request-version all

Use request-version all to enable compression for responses to HTTP 1.0 requests.

Use undo request-version all to restore the default.

Syntax

request-version all

undo request-version all

Default

Compression is disabled for responses to HTTP 1.0 requests.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Examples

# Create the HTTP-compression parameter profile http1, and enable compression for responses to HTTP 1.0 requests.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] request-version all

reset loadbalance connections

Use reset loadbalance connections to clear application layer connections.

Syntax

reset loadbalance connections

Views

User view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

This command clears all application layer connections, including reused idle connections.

Examples

# Clear application layer connections.

<Sysname> reset loadbalance connection

reset loadbalance dns-cache

Use reset loadbalance dns-cache to clear DNS cache information.

Syntax

reset loadbalance dns-cache [ vpn-instance vpn-instance-name ] [ domain-name domain-name ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears DNS cache information for the public network.

domain-name domain-name: Specifies a domain name, a case-insensitive string of 1 to 253 characters. If you do not specify this option, the command clears DNS cache information for all domain names.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Clear DNS cache information for all domain names.

<Sysname> reset loadbalance dns-cache

reset loadbalance dns-listener statistics

Use reset loadbalance dns-listener statistics to clear DNS listener statistics.

Syntax

reset loadbalance dns-listener statistics [ dns-listener-name ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

dns-listener-name: Specifies a DNS listener by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command clears statistics for all DNS listeners.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Clear statistics for the DNS listener dl2.

<Sysname> reset loadbalance dns-listener statistics dl2

# Clear statistics for all DNS listeners.

<Sysname> reset loadbalance dns-listener statistics

Related commands

display loadbalance dns-listener statistics

reset loadbalance dns-map statistics

Use reset loadbalance dns-map statistics to clear DNS mapping statistics.

Syntax

reset loadbalance dns-map statistics [ dns-map-name ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

dns-map-name: Specifies a DNS mapping by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command clears statistics for all DNS mappings.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Clear statistics for the DNS mapping dm2.

<Sysname> reset loadbalance dns-map statistics dm2

# Clear statistics for all DNS mappings.

<Sysname> reset loadbalance dns-map statistics

Related commands

display loadbalance dns-map statistics

reset loadbalance dns-proxy statistics

Use reset loadbalance dns-proxy statistics to clear transparent DNS proxy statistics.

Syntax

reset loadbalance dns-proxy statistics [ dns-proxy-name ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

dns-proxy-name: Specifies a transparent DNS proxy by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command clears statistics for all DNS transparent proxies.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Clear statistics for transparent DNS proxy dns-proxy1.

<Sysname> reset loadbalance dns-proxy statistics dns-proxy1

Related commands

display loadbalance dns-proxy statistics

reset loadbalance dns-server statistics

Use reset loadbalance dns-server statistics to clear DNS server statistics or DNS server pool member statistics.

Syntax

reset loadbalance dns-server statistics [ dns-server-name ]

reset loadbalance dns-server statistics dns-server-pool dns-server-pool-name [ name dns-server-name port port-number ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

dns-server-name: Specifies a DNS server by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command clears statistics for all DNS servers.

dns-server-pool dns-server-pool-name: Clears statistics for members of a DNS server pool. The dns-server-pool-name argument specifies a DNS server pool by its name, a case-insensitive string of 1 to 63 characters.

dns-server dns-server-name port port-number: Clears statistics for a DNS server pool member. The dns-server-name argument specifies a DNS server pool member by its name, a case-insensitive string of 1 to 63 characters. The port-number argument specifies the port number of the DNS server pool member, in the range of 0 to 65535. If you do not specify this option, the command clears statistics for all members of a DNS server pool.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Clear statistics for DNS server ds1.

<Sysname> reset loadbalance dns-server statistics ds1

# Clear statistics for all members in DNS server pool dsp.

<Sysname> reset loadbalance dns-server statistics dns-server-pool dsp

Related commands

display loadbalance dns-server statistics

reset loadbalance hot-backup statistics

Use reset loadbalance hot-backup statistics to clear LB hot backup statistics.

Syntax

reset loadbalance hot-backup statistics

Views

User view

Predefined user roles

network-admin

context-admin

vsys-admin

Examples

# Clear LB hot backup statistics.

<Sysname> reset loadbalance hot-backup statistics

reset loadbalance link statistics

Use reset loadbalance link statistics to clear link statistics or link group member statistics.

Syntax

reset loadbalance link statistics [ link-name ]

reset loadbalance link statistics link-group link-group-name [ name link-name ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

link-name: Specifies a link by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command clears statistics about all links.

link-group link-group-name: Clears statistics for members of a link group. The link-group-name argument specifies a link group by its name, a case-insensitive string of 1 to 63 characters.

name link-name: Clears statistics for of a link group member. The link-name argument specifies a link group member by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command clears statistics for all members of a link group.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Clear statistics about all links.

<Sysname> reset loadbalance link statistics

# Clear statistics about all members in link group lg.

<Sysname> reset loadbalance link statistics link-group lg

reset loadbalance local-dns-server parse-fail-record

Use reset loadbalance local-dns-server parse-fail-record to clear DNS request parse failures.

Syntax

reset loadbalance local-dns-server parse-fail-record

Views

User view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Clear DNS request parse failures.

<Sysname> reset loadbalance local-dns-server parse-fail-record

reset loadbalance proximity

Use reset loadbalance proximity to clear proximity entry information.

Syntax

reset loadbalance proximity [ vpn-instance vpn-instance-name ] [ ip [ ipv4-address ] | ipv6 [ ipv6-address ] ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command clears proximity entry information for the public network.

ip [ ipv4-address ]: Clears IPv4 proximity entry information. If you specify the ipv4-address argument, this command clears information about the proximity entry corresponding to the IPv4 address. If you do not specify the ipv4-address argument, this command clears information about all IPv4 proximity entries.

ipv6 [ ipv6-address ]: Clears IPv6 proximity entry information. If you specify the ipv6-address argument, this command clears information about the proximity entry corresponding to the IPv6 address. If you do not specify the ipv6-address argument, this command clears information about all IPv6 proximity entries.

Usage guidelines

Non-default vSystems do not support this command.

If you do not specify the vpn-instance, ip, or ipv6 keyword, this command clears information about all IPv4 and IPv6 proximity entries for the public network.

Examples

# Clear information about all IPv6 proximity entries for the public network.

<Sysname> reset loadbalance proximity ipv6

reset real-server statistics

Use reset real-server statistics to clear real server statistics or server farm member statistics.

Syntax

reset real-server statistics [ real-server-name ]

reset real-server statistics server-farm server-farm-name [ name real-server-name port port-number ]

Views

User view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

real-server-name: Clears statistics of the specified real server. The real-server-name argument specifies a real server name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command clears statistics of all real servers.

server-farm server-farm-name: Clears statistics for members of a server farm. The server-farm-name argument specifies a server farm by its name, a case-insensitive string of 1 to 63 characters.

name real-server-name port port-number: Clears statistics for a server farm member. The real-server-name argument specifies a server farm member by its name, a case-insensitive string of 1 to 63 characters. The port-number argument specifies the port number of the server farm member, in the range of 0 to 65535. If you do not specify this option, the command clears statistics for all members of a server farm.

Examples

# Clear statistics of all real servers.

<Sysname> reset real-server statistics

# Clear statistics of all members in server farm sf.

<Sysname> reset real-server statistics server-farm sf

Related commands

display real-server statistics

reset sticky dns-proxy

Use reset sticky dns-proxy to clear sticky entry information for transparent DNS proxies.

Syntax

In standalone mode:

reset sticky dns-proxy [ dns-proxy-name dns-proxy-name ] [ class { class-name | default-class } | client-addr { ipv4-address | ipv6-address } | dns-server-addr { ipv4-address | ipv6-address } | dns-server-pool pool-name | dns-server-port port-number | key sticky-key ] * [ slot slot-number ]

In IRF mode:

Views

User view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

dns-proxy dns-proxy-name: Specifies a transparent DNS proxy by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command clears sticky entry information for all transparent DNS proxies.

class { class-name | default-class }: Specifies an LB class by its name, a case-insensitive string of 1 to 63 characters, or specifies the default LB class.

client-addr { ipv4-address | ipv6-address }: Specifies a client by its IPv4 or IPv6 address.

dns-server-addr { ipv4-address | ipv6-address }: Specifies a DNS server by its IPv4 or IPv6 address.

dns-server-pool pool-name: Specifies a DNS server pool by its name, a case-insensitive string of 1 to 63 characters.

dns-server-port port-number: Specifies a DNS server port number in the range of 0 to 65535.

key sticky-key: Specifies a key value, a case-sensitive string of 1 to 36 characters.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears sticky entry information for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears sticky entry information for all cards. (In IRF mode.)

Examples

# Clear sticky entry information for client address 3.0.0.1 of transparent DNS proxy dp.

<Sysname> reset sticky dns-proxy dns-proxy-name dp client-addr 3.0.0.1

reset sticky virtual-server

Use reset sticky virtual-server to clear sticky entry information for virtual servers.

Syntax

In standalone mode:

reset sticky virtual-server [ virtual-server-name virtual-server-name ] [ [ link { ip ipv4-address | ipv6 ipv6-address | interface { interface-type interface-number | interface-name } } | link-group link-group-name ] * | [ real-server-addr { ipv4-address | ipv6-address } | real-server-port port-number | server-farm server-farm-name | text text ] * ] [ class { class-name | default-class } | client-addr { ipv4-address | ipv6-address } | sticky-type { address-port | http-content | http-cookie | http-header | http-passive | payload | radius | sip | ssl | tcp-payload | udp-passive } [ key sticky-key ] ] * [ slot slot-number ]

In IRF mode:

Views

User view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

virtual-server virtual-server-name: Specifies a virtual server by its name, a case-insensitive string of 1 to 63 characters. If you do not specify this option, the command clears sticky entry information for all virtual servers.

link { ip ipv4-address | ipv6 ipv6-address | interface { interface-type interface-number | interface-name } }: Specifies a link by its IPv4 address, IPv6 address, or output interface.

link-group link-group-name: Specifies a link group by its name, a case-insensitive string of 1 to 63 characters.

real-server-addr { ipv4-address | ipv6-address }: Specifies a real server by its IPv4 or IPv6 address.

real-server-port port-number: Specifies a real server port number in the range of 0 to 65535.

server-farm server-farm-name: Specifies a server farm by its name, a case-insensitive string of 1 to 63 characters.

text text: Specifies a text string to match.

class { class-name | default-class }: Specifies an LB class by its name, a case-insensitive string of 1 to 63 characters, or specifies the default LB class.

client-addr { ipv4-address | ipv6-address }: Specifies a client by its IPv4 or IPv6 address.

sticky-type { address-port | http-content | http-cookie | http-header | http-passive | payload | radius | sip | ssl | tcp-payload | udp-passive }: Specifies a sticky group type.

key sticky-key: Specifies a key value, a case-sensitive string of 1 to 36 characters. If you do not specify key value, this command clears sticky entries for all key values.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears sticky entry information for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command clears sticky entry information for all cards. (In IRF mode.)

Examples

# Clear sticky entry information for client address 3.0.0.1 of virtual server vs.

<Sysname> reset sticky virtual-server virtual-server-name vs client-addr 3.0.0.1

reset virtual-server statistics

Use reset virtual-server statistics to clear virtual server statistics.

Syntax

reset virtual-server statistics [ virtual-server-name ]

Views

User view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

virtual-server-name: Clears statistics of the specified virtual server. The virtual-server-name argument specifies a virtual server name, a case-insensitive string of 1 to 63 characters. If you do not specify this argument, the command clears statistics of all virtual servers.

Examples

# Clear statistics of all virtual servers.

<Sysname> reset virtual-server statistics

Related commands

display virtual-server statistics

response

Use response to specify a response file for matching HTTP requests.

Use undo response to restore the default.

Syntax

response { url url file filename | workpath workpath zip-file zip-filename }

undo response { url url | workpath workpath }

Default

No response file is specified for HTTP requests.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

url url: Specifies the URL path used to match HTTP requests, a case-sensitive string of 1 to 255 characters. The specified URL path must start with a forward slash (/).

file filename: Specifies an uncompressed file by its name, a case-insensitive string of 1 to 255 characters.

workpath workpath: Specifies a working path to match the URL in HTTP requests, a case-sensitive string of 1 to 255 characters. The working path can be a single forward slash (/), or a string that starts with a forward slash and does not end with a forward slash.

zip-file zip-filename: Specifies a zip file by its name, a case-insensitive string of 1 to 255 characters. The relative path in the zip file is used to match the URL in HTTP requests.

Usage guidelines

If the URL path in a client request matches the specified URL path, the device responds to the request by using an uncompressed file.

If the URL path in a client request matches the specified working path plus a relative path in the zip file, the device responds to the request by using the file in the zip file. For example, if you configure the response workpath /index zip-file flash:/za/zb/test.zip command and a relative path /css/col.css exists in test.zip, the matching URL is /index/css/col.css and the response file is col.css.

URL-encoded URLs cannot be matched.

If you configure both an uncompressed file and a compressed file for the same URL path, the uncompressed file is used to respond to matching HTTP requests.

The path specified in the command must exist on each card of the device.

For the same HTTP LB action, only one uncompressed file can be used for a URL, and one uncompressed file can be used for multiple URLs.

If you specify multiple compressed files for one or more URL paths in the same HTTP LB action, the most recent configuration takes effect.

If you specify multiple uncompressed files for one URL path in the same HTTP LB action, the most recent configuration takes effect. One uncompressed file can be used for different URL paths.

Any two of the following commands are mutually exclusive:

· response

· server-farm (LB action view)

· redirect relocation (LB action view)

Examples

# Specify response file subsys.js for the HTTP requests with URL path /index/subsys/subsys_intf.js.

<Sysname> system-view

[Sysname] loadbalance action a_http type http

[Sysname-lba-http-a_http] response url /index/subsys/subsys_intf.js file subsys.js

Related commands

display loadbalance action

redirect relocation (LB action view)

server-farm (LB action view)

responsible-mail

Use responsible-mail to specify the email address of the administrator.

Use undo responsible-mail to restore the default.

Syntax

responsible-mail mail-address

undo responsible-mail

Default

No administrator's email address is specified.

Views

SOA view

Predefined user roles

network-admin

context-admin

Parameters

mail-address: Specifies the administrator's email address, a case-insensitive, dot-separated string that contains a maximum of 254 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.). Each dot-separated part can have a maximum of 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

The email address of the administrator can be a relative domain name (does not end with a dot) or an absolute domain name (ends with a dot). For an absolute domain name, the email address is not automatically expanded and cannot exceed 254 characters. For a relative domain name, the current domain name is automatically appended to the email address. The email address plus the appended domain name cannot exceed 254 characters.

Examples

# Specify the administrator's email address root.ns1.example.com for DNS forward zone example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] soa

[Sysname-lb-zone-example.com-soa] responsible-mail root.ns1.example.com

Related commands

display loadbalance zone

retry

Use retry to set the retry interval.

Use undo retry to restore the default.

Syntax

retry retry-interval

undo retry

Default

The retry interval is 600 seconds.

Views

SOA view

Predefined user roles

network-admin

context-admin

Parameters

retry-interval: Specifies the retry interval in the range of 500 to 1209600 seconds.

Usage guidelines

Non-default vSystems do not support this command.

The retry interval is the amount of time that the secondary DNS server waits after it fails to copy a DNS forward zone.

Examples

# Set the retry interval to 30 minutes for DNS forward zone example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] soa

[Sysname-lb-zone-example.com-soa] retry 1800

Related commands

display loadbalance zone

route-advertisement enable

Use route-advertisement enable to enable IP address advertisement for a virtual server.

Use undo route-advertisement enable to disable IP address advertisement for a virtual server.

Syntax

route-advertisement enable

undo route-advertisement enable

Default

IP address advertisement is disabled for a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

After this feature is configured, the device advertises the IP address of the virtual server to OSPF for route calculation. When the service of a data center switches to another data center, the traffic to the virtual server can also be switched to that data center. For information about OSPF, see Layer 3—IP Routing Configuration Guide.

Examples

# Enable IP address advertisement for the virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type ip

[Sysname-vs-ip-vs] route-advertisement enable

router interface

Use router interface to specify an outgoing interface for an LB link.

Use undo router interface to delete the outgoing interface for an LB link.

Syntax

router interface interface-type interface-number

undo router interface

Default

No outgoing interface is specified for an LB link.

Views

LB link view

Predefined user roles

network-admin

context-admin

Parameters

interface-type interface-number: Specifies an outgoing interface.

Usage guidelines

Non-default vSystems do not support this command.

In scenarios where IP addresses are obtained through PPPoE, use this command to dynamically obtain the outbound next hop IP address through the specified outgoing interface.

The specified outgoing interface must be an interface that can dynamically obtain IP addresses.

You can configure both this command and the router ip or router ipv6 command. The command configured later overwrites the command configured first.

If you configure this command after configuring the vpn-instance (link view) command, this command overwrites the vpn-instance (link view) command. After you configure this command, you cannot configure the vpn-instance (link view) command.

Examples

# Specify Dialer0 as the outgoing interface for the LB link cnc.

<Sysname> system-view

[Sysname] loadbalance link cnc

[Sysname-lb-link-cnc] router interface Dialer0

router ip

Use router ip to specify the outbound next hop for an LB link.

Use undo router ip to restore the default.

Syntax

router ip ipv4-address

undo router ip

Default

The outbound next hop is not specified for an LB link.

Views

LB link view

Predefined user roles

network-admin

context-admin

Parameters

ipv4-address: Specifies an IPv4 address, which cannot be a loopback address, multicast address, broadcast address, or an address in the format of 0.X.X.X.

Usage guidelines

Non-default vSystems do not support this command.

You can specify only one outbound next hop for an LB link.

Examples

# Specify the outbound next hop as 1.2.3.4 for the LB link lk1.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] router ip 1.2.3.4

router ipv6

Use router ipv6 to specify the outbound next hop for an LB link.

Use undo router ipv6 to restore the default.

Syntax

router ipv6 ipv6-address

undo router ipv6

Default

The outbound next hop is not specified for an LB link.

Views

LB link view

Predefined user roles

network-admin

context-admin

Parameters

ipv6-address: Specifies an IPv6 address, which cannot be an all-zero address, a multicast address, a loopback address, or a link-local address.

Usage guidelines

Non-default vSystems do not support this command.

You can specify only one outbound next hop for an LB link.

Examples

# Specify the outbound next hop as 8008::8 for the LB link lk1.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] router ipv6 8008::8

rst threshold

Use rst threshold to set the RST packet count threshold for a TCP-RST LB probe template.

Use undo rst threshold to restore the default.

Syntax

rst threshold number

undo rst threshold

Default

The RST packet count threshold is 1000000.

Views

TCP-RST LB probe template view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

number: Specifies the RST packet count threshold value, in the range of 1 to 4294967295.

Usage guidelines

When the number of RST packets sent by a real server reaches the threshold, the protection action specified in the protect-action command is taken.

Examples

# In TCP-RST LB probe template rsttplt, set the RST packet count threshold to 20.

<Sysname>system-view

[Sysname] loadbalance probe-template tcp-rst rsttplt

[Sysname-lbpt-tcp-rst-rsttplt] rst threshold 20

Related commands

protect-action

rtt weight

Use rtt weight to set the network delay weight for proximity calculation.

Use undo rtt weight to restore the default.

Syntax

rtt weight rtt-weight

undo rtt weight

Default

The network delay weight for proximity calculation is 100.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

rtt-weight: Specifies the network delay weight for proximity calculation, in the range of 0 to 255. A larger value indicates a higher weight.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the network delay weight for proximity calculation to 200.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity] rtt weight 200

rule (parameter profile view)

Use rule to configure a filtering rule for compression.

Use undo rule to restore the default.

Syntax

rule [ rule-id ] { deny | permit } { content-type | url } expression

undo rule rule-id

Default

No filtering rules are configured.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

rule-id: Specifies a rule by its ID in the range of 1 to 65535. If the rule does not exist, the command creates the rule. If the rule already exists, the command modifies the rule. If you do not specify this argument, the system automatically assigns an available rule ID with the smallest number.

deny: Does not compress matching packets.

permit: Compresses matching packets.

content-type: Matches content types in the content-type header of packets.

url: Matches URLs in packets.

expression: Specifies a regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Examples

# Create the HTTP-compression parameter profile http1, and configure the device to not compress the response packets containing the string image in URLs.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-compression

[Sysname-para-http-compression-http1] rule deny url image

rule (protection policy view)

Use rule to create a protection rule and enter its view, or enter the view of an existing protection rule.

Use undo rule to delete a protection rule.

Syntax

rule rule-id

undo rule rule-id

Default

No protection rules exist.

Views

HTTP protection policy view

Predefined user roles

network-admin

context-admin

Parameters

rule-id: Specifies a rule ID in the range of 1 to 65535.

Usage guidelines

Non-default vSystems do not support this command.

You can configure multiple protection rules in an HTTP protection policy. The device compares the URL in a packet with the URLs configured in the protection rules according to the order of the rule IDs. If a match is found and the configured protection threshold is exceeded, the device performs the associated protection action. If the URL in the packet does not match the URL configured in a specific protection rule, the device compares the URL with the next protection rule.

Examples

# In HTTP protection policy p1, create protection rule 5 and enter its view.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] rule 5

[Sysname-lbpp-http-p1-rule-5]

secondary-cookie delimiters

Use secondary-cookie delimiters to configure the delimiter that separates secondary cookies in URLs.

Use undo secondary-cookie delimiters to restore the default.

Syntax

secondary-cookie delimiters text

undo secondary-cookie delimiters

Default

The delimiter that separates secondary cookies in URLs can be slash (/), ampersand (&), number sign (#), or plus (+).

Views

HTTP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

text: Specifies the delimiter, a string of 1 to 4 characters including exclamation mark (!), quotation mark (',"), number sign (#), semicolon (;), brackets (( ),[ ], < >), question mark (?), backslash (\), caret (^), grave accent (`), vertical bar (|), colon (:), at sign (@), ampersand (&), dollar sign ($), plus (+), asterisk (*), comma (,), and slash (/). Each character in the string is considered as a delimiter.

Examples

# For the HTTP parameter profile pp1, configure the delimiter that separates secondary cookies in URLs as slash (/), at sign (@), number sign (#), or dollar sign ($).

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] secondary-cookie delimiters !@#$

secondary-cookie start

Use secondary-cookie start to configure the start delimiter for secondary cookies in URLs.

Use undo secondary-cookie start to restore the default.

Syntax

secondary-cookie start text

undo secondary-cookie start

Default

The start delimiter for secondary cookies in URLs is question mark (?).

Views

HTTP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

text: Specifies the delimiter, a string of 1 to 2 characters including exclamation mark (!), quotation mark ("), number sign (#), semicolon (;), brackets ([ ], < >), question mark (?), backslash (\), caret (^), grave accent (`), and vertical bar (|).

Examples

# For the HTTP parameter profile pp1, configure the start delimiter for secondary cookies in URLs as question mark (?) or exclamation mark (!).

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] secondary-cookie start ?!

selected-link

Use selected-link to specify the number of links to participate in scheduling.

Use undo selected-link to restore the default.

Syntax

selected-link min min-number max max-number

undo selected-link

Default

The links with the highest priority participate in scheduling.

Views

Link group view

Predefined user roles

network-admin

context-admin

Parameters

min min-number: Specifies the minimum number of links to participate in scheduling, in the range of 1 to 1000.

max max-number: Specifies the maximum number of links to participate in scheduling, in the range of 1 to 1000. The value of the max-number argument must be greater than or equal to the value of the min-number argument.

Usage guidelines

Non-default vSystems do not support this command.

If the number of links available to participate in scheduling exceeds the max-number setting, the max-number setting applies.

If the number of links available to participate in scheduling is smaller than the min-number setting, more links are selected by priority in descending order.

Examples

# Configure the minimum number and maximum number of links in the link group lg to participate in scheduling as 20 and 30, respectively.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] selected-link min 20 max 30

Related commands

predictor (link group view)

priority (link view)

selected-server (DNS server pool view)

Use selected-server to specify the number of DNS servers to participate in scheduling.

Use undo selected-server to restore the default.

Syntax

selected-server min min-number max max-number

undo selected-server

Default

The DNS servers with the highest priority participate in scheduling.

Views

DNS server pool view

Predefined user roles

network-admin

context-admin

Parameters

min min-number: Specifies the minimum number of DNS servers to participate in scheduling, in the range of 1 to 1000.

max max-number: Specifies the maximum number of DNS servers to participate in scheduling, in the range of 1 to 1000. The value of the max-number argument must be greater than or equal to the value of the min-number argument.

Usage guidelines

Non-default vSystems do not support this command.

If the number of DNS servers available to participate in scheduling exceeds the max-number setting, the max-number setting applies.

If the number of DNS servers available to participate in scheduling is less than the min-number setting, more DNS servers are selected by priority in descending order.

Examples

# Configure the minimum number and maximum number of DNS servers in DNS server pool dns-pool to participate in scheduling as 20 and 30, respectively.

<Sysname> system-view

[Sysname] loadbalance dns-server-pool dns-pool

[Sysname-lb-dspool-dns-pool] selected-server min 20 max 30

selected-server (server farm view)

Use selected-server to specify the number of real servers to participate in scheduling.

Use undo selected-server to restore the default.

Syntax

selected-server min min-number max max-number

undo selected-server

Default

The real servers with the highest priority participate in scheduling.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

min min-number: Specifies the minimum number of real servers to participate in scheduling, in the range of 1 to 1000.

max max-number: Specifies the maximum number of real servers to participate in scheduling, in the range of 1 to 1000. The value of the max-number argument must be greater than or equal to the value of the min-number argument.

Usage guidelines

If the number of real servers available to participate in scheduling exceeds the max-number setting, the max-number setting applies.

If the number of real servers available to participate in scheduling is less than the min-number setting, more real servers are selected by priority in descending order.

Examples

# Configure the minimum number and maximum number of real servers in the server farm sf to participate in scheduling as 20 and 30, respectively.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] selected-server min 20 max 30

Related commands

predictor (server farm view)

priority (real server view)

serial

Use serial to configure the serial number for a DNS forward zone.

Use undo serial to restore the default.

Syntax

serial number

undo serial

Default

The serial number for a DNS forward zone is 1.

Views

SOA view

Predefined user roles

network-admin

context-admin

Parameters

number: Specifies the serial number in the range of 1 to 4294967295.

Usage guidelines

Non-default vSystems do not support this command.

The serial number indicates the configuration order of a DNS forward zone. A newly configured DNS forward zone has a greater serial number than an old DNS forward zone.

The secondary DNS server periodically queries the serial numbers of DNS forward zones on the primary DNS server and compares them with local serial numbers.

Examples

# Configure the serial number as 123 for DNS forward zone example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] soa

[Sysname-lb-zone-example.com-soa] serial 123

Related commands

display loadbalance zone

server-connection reuse

Use server-connection reuse to enable connection reuse between the LB device and the server.

Use undo server-connection reuse to disable connection reuse between the LB device and the server.

Syntax

server-connection reuse

undo server-connection reuse

Default

Connection reuse between the LB device and the server is disabled.

Views

HTTP parameter profile view

MySQL parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

This command allows the LB device to establish connections to the server that can be reused by clients. Because multiple clients can use the same connection, the number of connections between the clients and the server is reduced.

Examples

# Enable connection reuse between the LB device and the server for the HTTP parameter profile pp1.

<Sysname> system-view

[Sysname] parameter-profile pp1 type http

[Sysname-para-http-pp1] server-connection reuse

server-farm (LB action view)

Use server-farm to specify the primary server farm.

Use undo server-farm to restore the default.

Syntax

server-farm server-farm-name [ backup backup-server-farm-name ] [ sticky sticky-name [ backup backup-sticky-name ] ]

undo server-farm

Default

No primary server farm is specified.

Views

LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

server-farm-name: Specifies a primary server farm name, a case-insensitive string of 1 to 63 characters.

backup backup-server-farm-name: Specifies a backup server farm name, a case-insensitive string of 1 to 63 characters.

sticky sticky-name: Specifies a primary sticky group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

This command is mutually exclusive with the forward all or redirect relocation command. If you configure one command, the other command (if configured) is automatically cancelled.

When the primary server farm is available (contains real servers), packets are forwarded through the primary server farm. When the primary server farm is not available, packets are forwarded through the backup server farm.

The device generates backup sticky entries for only the following sticky group combinations:

· RADIUS-type primary sticky group and port-address-type backup sticky group.

· HTTP cookie-type primary sticky group and port-address-type backup sticky group.

· HTTP cookie-type primary sticky group and HTTP passive-type backup sticky group.

Examples

# Specify the primary server farm sf, the backup server farm sfb, and the sticky group sg1 for the generic LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] server-farm sf backup sfb sticky sg1

Related commands

forward all

server-farm (real server view)

Use server-farm to specify the server farm for a real server.

Use undo server-farm to restore the default.

Syntax

server-farm server-farm-name

undo server-farm [ server-farm-name ]

Default

A real server does not belong to any server farm.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

server-farm-name: Specifies a server farm name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can specify a server farm that has not been created.

Examples

# Specify the server farm sf for the real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] server-farm sf

server-farm (system view)

Use server-farm to create a server farm and enter its view, or enter the view of an existing server farm.

Use undo server-farm to delete the specified server farm.

Syntax

server-farm server-farm-name

undo server-farm server-farm-name

Default

No server farms exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

server-farm-name: Specifies a server farm name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can add servers with common attributes to a server farm to facilitate management.

You can configure this command only if the device has licenses installed. For information about licensing, see license management in Fundamentals Configuration Guide.

Examples

# Create the server farm sf and enter server farm view.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf]

service enable (DNS listener view)

Use service enable to enable the DNS listener feature.

Use undo service enable to disable the DNS listener feature.

Syntax

service enable

undo service enable

Default

The DNS listener feature is disabled.

Views

DNS listener view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Enable the DNS listener feature for the DNS listener ct-listener.

<Sysname> system-view

[Sysname] loadbalance dns-listener ct-listener

[Sysname-lb-dl-ct-listener] service enable

service enable (DNS mapping view)

Use service enable to enable the DNS mapping feature.

Use undo service enable to disable the DNS mapping feature.

Syntax

service enable

undo service enable

Default

The DNS mapping feature is disabled.

Views

DNS mapping view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Enable the DNS mapping feature for the DNS mapping dm1.

<Sysname> system-view

[Sysname] loadbalance dns-map dm1

[Sysname-lb-dm-dm1] service enable

service enable (transparent DNS proxy view)

Use service enable to enable the transparent DNS proxy feature.

Use undo service enable to disable the transparent DNS proxy feature.

Syntax

service enable

undo service enable

Default

The transparent DNS proxy feature is disabled.

Views

Transparent DNS proxy view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Enable the transparent DNS proxy feature for transparent DNS proxy dns-proxy1.

<Sysname> system-view

[Sysname] loadbalance dns-proxy dns-proxy1

[Sysname-lb-dp-udp-dns-proxy1] service enable

service enable (virtual server view)

Use service enable to enable a virtual server.

Use undo service enable to disable a virtual server.

Syntax

service enable

undo service enable

Default

A virtual server is disabled.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Examples

# Enable the IP-type virtual server vs3.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] service enable

service object-group

Use service object-group to specify a service object group for address translation.

Use undo service object-group to restore the default.

Syntax

service object-group object-group-name

undo service object-group

Default

All packets matching virtual servers are translated.

Views

SNAT global policy view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

object-group-name: Specifies a service object group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you specify a service object group, the device performs SNAT on only packets with a matching service. For information about configuring a service object group, see object group configuration in Security Configuration Guide.

Examples

# Specify a service object group obj1 for SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] service object-group obj1

Related commands

object-group (Security Command Reference)

set ip tos (LB action view)

Use set ip tos to set the ToS field value of IP packets sent to the server.

Use undo set ip tos to restore the default.

Syntax

set ip tos tos-number

undo set ip tos

Default

The ToS field of IP packets sent to the server is not changed.

Views

LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

tos-number: Specifies the ToS field value in the range of 0 to 255.

Examples

# Set the ToS field value to 20 for IP packets sent to the server for the generic LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] set ip tos 20

set ip tos (parameter profile view)

Use set ip tos to set the ToS field value of IP packets sent to the client.

Use undo set ip tos to restore the default.

Syntax

set ip tos tos-number

undo set ip tos

Default

The ToS field of IP packets sent to the client is not changed.

Views

Parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

tos-number: Specifies the ToS field value in the range of 0 to 255.

Usage guidelines

This command is available in IP parameter profile view only.

Examples

# Set the ToS field value to 20 for IP packets sent to the client for the IP parameter profile pp2.

<Sysname> system-view

[Sysname] parameter-profile pp2 type ip

[Sysname-para-ip-pp2] set ip tos 20

shutdown (link group member view)

Use shutdown to shut down a link group member.

Use undo shutdown to activate a link group member.

Syntax

shutdown

undo shutdown

Default

A link group member is activated.

Views

Link group member view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Shut down the link group member lk1.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] link lk1

[Sysname-lb-lgroup-lg-#member#-lk1] shutdown

shutdown (link view)

Use shutdown to shut down a link.

Use undo shutdown to activate a link.

Syntax

shutdown

undo shutdown

Default

A link is activated.

Views

Link view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Shut down the link lk1.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] shutdown

shutdown (real server view)

Use shutdown to shut down a real server.

Use undo shutdown to activate a real server.

Syntax

shutdown

undo shutdown

Default

A real server is activated.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Examples

# Shut down the real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] shutdown

shutdown (server farm member view)

Use shutdown to shut down a server farm member.

Use undo shutdown to activate a server farm member.

Syntax

shutdown

undo shutdown

Default

A server farm member is activated.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Examples

# Shut down the server farm member rs1.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] shutdown

skip current-dns-proxy

Use skip current-dns-proxy to skip the current transparent DNS proxy.

Use undo skip current-dns-proxy to restore the default.

Syntax

skip current-dns-proxy

undo skip current-dns-proxy

Default

The forwarding mode is to discard packets.

Views

DNS LB action view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

This command enables DNS requests to skip the current transparent DNS proxy and match the next transparent DNS proxy or virtual server.

A DNS request can skip a maximum of five transparent DNS proxies and virtual servers.

This command is mutually exclusive with the dns-server-pool or forward all command. If you configure one command, the other command (if configured) is automatically cancelled.

Examples

# Skip the current transparent DNS proxy in DNS LB action lba1.

<Sysname> system-view

[Sysname] loadbalance action lba1 type dns

[Sysname-lba-dns-lba1] skip current-dns-proxy

slow-online (link group view)

Use slow-online to enable the slow online feature for a link group.

Use undo slow-online to disable the slow online feature for a link group.

Syntax

slow-online [ standby-time standby-time ramp-up-time ramp-up-time ]

undo slow-online

Default

The slow online feature is disabled for a link group.

Views

Link group view

Predefined user roles

network-admin

context-admin

Parameters

standby-time standby-time: Specifies the standby timer in the range of 0 to 600 seconds. The default is 5 seconds.

ramp-up-time ramp-up-time: Specifies the ramp-up timer in the range of 3 to 600 seconds. The default is 5 seconds.

Usage guidelines

Non-default vSystems do not support this command.

The links newly added to a link group might be unable to immediately process large numbers of services assigned by the LB device. To resolve this issue, enable the slow online feature for the link group. The feature uses the standby timer and ramp-up timer. When a link is added, the LB device does not assign any service to the link until the standby timer expires.

When the standby timer expires, the ramp-up timer starts. During the ramp-up time, the LB device increases the service amount according to the processing capability of the link, until the ramp-up timer expires.

Examples

# Enable the slow online feature for the link group lg.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] slow-online

slow-online (server farm view)

Use slow-online to enable the slow online feature for a server farm.

Use undo slow-online to disable the slow online feature for a server farm.

Syntax

slow-online [ standby-time standby-time ramp-up-time ramp-up-time ]

undo slow-online

Default

The slow online feature is disabled for a server farm.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

standby-time standby-time: Specifies the standby timer in the range of 0 to 600 seconds. The default is 5 seconds.

ramp-up-time ramp-up-time: Specifies the ramp-up timer in the range of 3 to 600 seconds. The default is 5 seconds.

Usage guidelines

The real servers newly added to a server farm might not be able to immediately process large numbers of services assigned by the LB device. To resolve this issue, enable the slow online feature for the server farm. The feature uses the standby timer and ramp-up timer. When a real server is added, the LB device does not assign any service to the real server until the standby timer expires.

When the standby timer expires, the ramp-up timer starts. During the ramp-up time, the LB device increases the service amount according to the processing capability of the real server, until the ramp-up timer expires.

Examples

# Enable the slow online feature for the server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] slow-online

slow-shutdown enable (link group member view)

Use slow-shutdown enable to enable the slow shutdown feature for a link group member.

Use undo slow-shutdown enable to disable the slow shutdown feature for a link group member.

Syntax

slow-shutdown enable

undo slow-shutdown enable

Default

The slow shutdown feature is disabled for a link group member.

Views

Link group member view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

The shutdown command immediately terminates existing connections of a link group member. The slow shutdown feature ages out the connections, and does not establish new connections.

To enable the slow shutdown feature for a link group member, you must execute the slow-shutdown enable command and then the shutdown command. If you execute the shutdown command and then the slow-shutdown enable command, the slow shutdown feature does not take effect and the link group member is shut down.

Examples

# Enable the slow shutdown feature for the link group member lk1.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] link lk1

[Sysname-lb-lgroup-lg-link-lk1] slow-shutdown enable

Related commands

shutdown (link group member view)

slow-shutdown enable (link view)

Use slow-shutdown enable to enable the slow shutdown feature for a link.

Use undo slow-shutdown enable to disable the slow shutdown feature for a link.

Syntax

slow-shutdown enable

undo slow-shutdown enable

Default

The slow shutdown feature is disabled for a link.

Views

Link view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

The shutdown command immediately terminates existing connections of a link. The slow shutdown feature ages out the connections, and does not establish new connections.

To enable the slow shutdown feature for a link, you must execute the slow-shutdown enable command and then the shutdown command. If you execute the shutdown command and then the slow-shutdown enable command, the slow shutdown feature does not take effect and the link is shut down.

Examples

# Enable the slow shutdown feature for the link lk1.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] slow-shutdown enable

Related commands

shutdown (link view)

slow-shutdown enable (real server view)

Use slow-shutdown enable to enable the slow shutdown feature for a real server.

Use undo slow-shutdown enable to disable the slow shutdown feature for a real server.

Syntax

slow-shutdown enable

undo slow-shutdown enable

Default

The slow shutdown feature is disabled for a real server.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

The shutdown command immediately terminates existing connections of a real server. The slow shutdown feature ages out the connections, and does not establish new connections.

To enable the slow shutdown feature for a real server, you must execute the slow-shutdown enable command and then the shutdown command. If you execute the shutdown command and then the slow-shutdown enable command, the slow shutdown feature does not take effect and the real server is shut down.

Examples

# Enable the slow shutdown feature for the real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] slow-shutdown enable

Related commands

shutdown (real server view)

slow-shutdown enable (server farm member view)

Use slow-shutdown enable to enable the slow shutdown feature for a server farm member.

Use undo slow-shutdown enable to disable the slow shutdown feature for a server farm member.

Syntax

slow-shutdown enable

undo slow-shutdown enable

Default

The slow shutdown feature is disabled for a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

The shutdown command immediately terminates existing connections of a server farm member. The slow shutdown feature ages out the connections, and does not establish new connections.

To enable the slow shutdown feature for a server farm member, you must execute the slow-shutdown enable command and then the shutdown command. If you execute the shutdown command and then the slow-shutdown enable command, the slow shutdown feature does not take effect and the server farm member is shut down.

Examples

# Enable the slow shutdown feature for the server farm member rs1.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] slow-shutdown enable

Related commands

shutdown (server farm member view)

snat enable

Use snat enable to enable a SNAT global policy.

Use undo snat enable to disable a SNAT global policy.

Syntax

snat enable

undo snat enable

Default

A SNAT global policy is disabled.

Views

SNAT global policy view

Predefined user roles

network-admin

context-admin

vsys-admin

Examples

# Enable SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] snat enable

snat-mode

Use snat-mode to specify a translation mode for a server farm.

Use undo snat-mode to restore the default.

Syntax

snat-mode { auto-map | tcp-option }

undo snat-mode

Default

No translation mode is specified for a server farm.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

auto-map: Specifies the automatic mapping mode.

tcp-option: Specifies the TCP option mode.

Usage guidelines

The device supports the following translation modes for a server farm:

· Automatic mapping—Translates the source IP address into the IP address of the interface connecting to the real servers.

· TCP option—Translates the source IP address into the IP address carried in the TCP option field of packets.

· SNAT address pool—Translates the source IP address into an IP address in the SNAT address pool specified by using the snat-pool (server farm view) command.

You can configured only one translation mode for a server farm. This command and the snat-pool (server farm view) command are mutually exclusive.

If SNAT is not configured for a server farm, the server farm uses SNAT global policies for address translation (if configured).

Examples

# Specify the automatic mapping translation mode for server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] snat-mode auto-map

Related commands

loadbalance snat-global-policy

snat-pool (server farm view)

snat-pool (link group view)

Use snat-pool to specify the SNAT address pool to be referenced by a link group.

Use undo snat-pool to restore the default.

Syntax

snat-pool pool-name

undo snat-pool

Default

No SNAT address pool is referenced by a link group.

Views

Link group view

Predefined user roles

network-admin

context-admin

Parameters

pool-name: Specifies the SNAT address pool name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

After a link group references a SNAT address pool, the LB device replaces the source address of packets it receives with an SNAT address before forwarding the packets.

Examples

# Specify the SNAT address pool lbsp to be referenced by the link group lg.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] snat-pool lbsp

snat-pool (server farm view)

Use snat-pool to specify the SNAT address pool to be referenced by a server farm.

Use undo snat-pool to restore the default.

Syntax

snat-pool pool-name

undo snat-pool

Default

No SNAT address pool is referenced by a server farm.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

pool-name: Specifies the SNAT address pool name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

After a server farm references a SNAT address pool, the LB device replaces the source address of packets it receives with an SNAT address before forwarding the packets.

Examples

# Specify the SNAT address pool lbsp to be referenced by the server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] snat-pool lbsp

snmp-agent trap enable loadbalance

Use snmp-agent trap enable loadbalance to enable SNMP notifications for load balancing.

Use undo snmp-agent trap enable loadbalance to disable SNMP notifications for load balancing.

Syntax

snmp-agent trap enable loadbalance

undo snmp-agent trap enable loadbalance

Default

All SNMP notifications are enabled for load balancing.

Views

System view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

To report critical load balancing events to an NMS, enable SNMP notifications for load balancing. For load balancing event notifications to be sent correctly, you must also configure SNMP as described in the network management and monitoring configuration guide for the device.

Examples

# Disable SNMP notifications for load balancing.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable loadbalance

soa

Use soa to create an SOA resource record and enter SOA view, or enter the view of an existing SOA resource record.

Use undo soa to delete the SOA resource record and all its setting.

Syntax

soa

undo soa

Default

No SOA resource record exists.

Views

DNS forward zone view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Create an SOA resource record for DNS forward zone example.com and enter SOA view.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] soa

[Sysname-lb-zone-example.com-soa]

Related commands

display loadbalance zone

source-ip

Use source-ip to configure a source-IP-based request threshold.

Use undo source-ip to restore the default.

Syntax

source-ip request-threshold threshold

undo source-ip

Default

The source-IP-based request threshold is not configured.

Views

Protection rule view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

request-threshold threshold: Specifies a request threshold in the range of 1 to 4294967295.

Usage guidelines

· Cookie—Requests with the same cookie value for a cookie (specified in the cookie command in protection rule view) belong to the same user.

· Source IP address—Requests with the same source IP address belong to the same user.

If you configure both a cookie-based request threshold and a source-IP-based request threshold, the protection action is taken when either threshold is exceeded.

Examples

# In protection rule 5, configure a source-IP-based request threshold of 2.

<Sysname> system-view

[Sysname] loadbalance protection-policy p1

[Sysname-lbpp-http-p1] rule 5

[Sysname-lbpp-http-p1-rule-5] source-ip request-threshold 2

Related commands

cookie (protection policy view)

protected-url

protection-action

protection-period

source-ip object-group (parameter profile view)

Use source-ip object-group to enable collection of HTTP traffic statistics by source IP address object group.

Use undo source-ip object-group to remove a source IP address object group for HTTP traffic statistics collection.

Syntax

source-ip object-group object-group-name

undo source-ip object-group object-group-name

Default

HTTP traffic statistics are collected on a per-IP address basis.

Views

HTTP statistics parameter profile view

Predefined user roles

network-admin

context-admin

Parameters

object-group-name: Specifies a source IP address object group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

If HTTP packets match the specified URL and source IP address object group, they are counted based on the source IP address object group. If HTTP packets match the specified URL but do not match the specified source IP address object group, they are counted based on the source IP address.

You can specify a maximum of 1024 source IP address object groups in one HTTP statistics parameter profile.

This command takes effect only on IP address objects configured by using the host, subnet, and range keywords in the network command. For information about configuring IP address objects, see object group configuration in Security Configuration Guide.

Examples

# In HTTP statistics parameter profile http1, enable collection of HTTP traffic statistics by source IP address object group cnc.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-statistics

[Sysname-para-http-statistics-http1] source-ip object-group cnc

Related commands

network (Security Command Reference)

object-group (Security Command Reference)

source-ip object-group (SNAT global policy view)

Use source-ip object-group to specify a source IP address object group for address translation.

Use undo source-ip object-group to restore the default.

Syntax

source-ip object-group object-group-name

undo source-ip object-group

Default

All packets are translated.

Views

SNAT global policy view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

object-group-name: Specifies a source IP address object group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

If you specify a source IP address object group, the device performs SNAT on only packets with a matching source IP address. For information about configuring an IP address object group, see object group configuration in Security Configuration Guide.

Examples

# Specify source IP address object group obj1 for SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] source-ip object-group obj1

Related commands

object-group (Security Command Reference)

src-addr-option

Use src-addr-option to configure the TCP option for SNAT.

Use undo src-addr-option to restore the default.

Syntax

src-addr-option option-number [ encode { binary | string } ]

undo src-addr-option

Default

No TCP option is configured for SNAT.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

option-number: Specifies a TCP option by its number. Valid numbers are 6, 7, 9 to 18, and 22 to 254.

encode { binary | string }: Specifies the bindary or string encoding mode. The default is the binary mode.

Usage guidelines

This command enables the device to parse the IP address in the TCP option by using the specified encoding mode. Then, the device translates the source IP address according to the configured translation mode.

This command takes effect only in a TCP parameter profile that is referenced as a client-side parameter profile by a virtual server.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# In TCP parameter profile pp3, specify TCP option 28 with binary encoding mode for SNAT.

<Sysname> system-view

[Sysname] parameter-profile pp3 type tcp

[Sysname-para-tcp-pp3] src-addr-option 28 encode binary

ssl session-id

Use ssl session-id to configure an SSL sticky method based on SSL session ID.

Use undo ssl session-id to restore the default.

Syntax

ssl session-id

undo ssl session-id

Default

No sticky methods exist.

Views

SSL sticky group view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

The SSL sticky method based on SSL session ID applies only to HTTPS request packets. This sticky method requires specifying an SSL server policy for the virtual server.

Examples

# Configure the SSL sticky method based on SSL session ID for the SSL sticky group sg6.

<Sysname> system-view

[Sysname] sticky-group sg6 type ssl

[Sysname-sticky-ssl-sg6] ssl session-id

ssl url rewrite

Use ssl url rewrite to rewrite the URL in the Location header of HTTP response packets sent by the server.

Use undo ssl url rewrite to remove the configuration.

Syntax

ssl url rewrite location location [ clearport clear-port ] [ sslport ssl-port ]

undo ssl url rewrite location location [ clearport clear-port ]

Default

The URL in the Location header of HTTP response packets sent by the server is not rewritten.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

location location: Specifies the Location header URL regular expression, a case-sensitive string of 1 to 255 characters.

clearport clear-port: Specifies the HTTP port number to be rewritten, in the range of 1 to 65535. The default is 80.

sslport ssl-port: Specifies the SSL port number after rewrite, in the range of 1 to 65535. The default is 443.

Usage guidelines

If the Location header of an HTTP response packet contains the location and clear-port values, the system rewrites HTTP in the URL to HTTPS and rewrites the clear-port value to the ssl-port value.

Examples

# For the HTTP LB action lba2, rewrite the URL http://www.ss.example.com:8080 in the Location header of HTTP response packets sent by the server to https://www.ss.example.com:443.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] ssl url rewrite location www.ss.example.com clearport 8080 sslport 443

ssl-client-policy (LB action view)

Use ssl-client-policy to specify an SSL client policy to encrypt traffic between the LB device (SSL client) and the SSL server.

Use undo ssl-client-policy to restore the default.

Syntax

ssl-client-policy policy-name

undo ssl-client-policy policy-name

Default

No SSL client policy is referenced.

Views

HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

policy-name: Specifies an SSL policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

You must disable and then enable a virtual server for a modified SSL policy to take effect.

The device does not support specifying an SSL client policy that uses the following cipher suites:

· exp_rsa_des_cbc_sha.

· exp_rsa_rc2_md5.

· exp_rsa_rc4_md5.

· rsa_des_cbc_sha.

Examples

# Specify the SSL client policy scp for the HTTP LB action lba2.

<Sysname> system-view

[Sysname] loadbalance action lba2 type http

[Sysname-lba-http-lba2] ssl-client-policy scp

ssl-client-policy (virtual server view)

Use ssl-client-policy to specify an SSL client policy for a virtual server to encrypt traffic between the LB device (SSL client) and the SSL server.

Use undo ssl-client-policy to restore the default.

Syntax

ssl-client-policy policy-name

undo ssl-client-policy policy-name

Default

A virtual server does not reference any SSL client policy.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

policy-name: Specifies an SSL policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

You must disable and then enable a virtual server for a modified SSL policy to take effect.

The device does not support specifying an SSL client policy that uses the following cipher suites:

· exp_rsa_des_cbc_sha.

· exp_rsa_rc2_md5.

· exp_rsa_rc4_md5.

· rsa_des_cbc_sha.

Examples

# Specify the SSL client policy scp for the HTTP virtual server vs2.

<Sysname> system-view

[Sysname] virtual-server vs2 type http

[Sysname-vs-http-vs2] ssl-client-policy scp

ssl-server-policy

Use ssl-server-policy to specify an SSL server policy for a virtual server to encrypt traffic between the LB device (SSL server) and the SSL client.

Use undo ssl-server-policy to remove an SSL server policy.

Syntax

ssl-server-policy policy-name [ sni server-name ]

undo ssl-server-policy policy-name [ policy-name sni ]

Default

A virtual server does not reference any SSL server policy.

Views

HTTP/TCP virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

policy-name: Specifies an SSL server policy by its name, a case-insensitive string of 1 to 31 characters.

sni server-name: Specifies an SSL server indication, a case-insensitive string of 1 to 253 characters.

Usage guidelines

You must disable and then enable a virtual server for a modified SSL policy to take effect.

The device does not support specifying an SSL server policy that uses the following cipher suites:

· exp_rsa_des_cbc_sha.

· exp_rsa_rc2_md5.

· exp_rsa_rc4_md5.

· rsa_des_cbc_sha.

If you execute this command multiple times without the sni server-name option, the most recent configuration takes effect.

You can specify multiple SSL server policies with SSL server indications, and each SSL server policy must have a different SSL server indication.

If you specify multiple SSL server policies, only the SSL server policy without an SSL server indication takes effect.

Examples

# Specify the SSL server policy ssp for the HTTP virtual server vs2.

<Sysname> system-view

[Sysname] virtual-server vs2 type http

[Sysname-vs-http-vs2] ssl-server-policy ssp

statistics-match url

Use statistics-match url to configure a URL match rule.

Use undo statistics-match url to delete a URL match rule.

Syntax

statistics-match [ rule-id ] url url

undo statistics-match rule-id

Default

No URL match rules exist.

Views

Statistics node view

Predefined user roles

network-admin

context-admin

Parameters

rule-id: Specifies the match rule ID in the range of 1 to 256. If you do not specify a match rule ID, the system assigns the smallest available rule ID to the match rule.

url: Specifies a URL regular expression, a case-sensitive string of 1 to 255 characters. The string cannot contain question marks (?).

Usage guidelines

Non-default vSystems do not support this command.

You can configure a maximum of 256 URL match rules for one statistics node.

Examples

# In statistics node bank, configure a string of .html to match URLs in HTTP packets.

<Sysname> system-view

[Sysname] parameter-profile http1 type http-statistics

[Sysname-para-http-statistics-http1] node bank

[Sysname-para-http-statistics-http1-node-bank] statistics-match url *.html

status-code

Use status-code to configure a response status code to check.

Use undo status-code to remove a response status code.

Syntax

status-code code

undo status-code code

Default

No response status code is configured for checking.

Views

HTTP passive LB probe template view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

code: Specifies a response status code, in the range of 100 to 599.

Usage guidelines

The device monitors the responses of HTTP requests with URLs specified in the check-url command. If the status code in an HTTP response is the same as the specified response status code, a URL error is recorded.

You can configure a maximum of 10 response status codes for one HTTP passive load balancing template.

Examples

# Configure response status code 404 in HTTP passive load balancing template tplt.

<Sysname> system-view

[Sysname] loadbalance probe-template http-passive tplt

[Sysname-lbpt-http-passive-tplt] status-code 404

Related commands

check-url

sticky

Use sticky to specify a sticky group for a virtual server.

Use undo sticky to restore the default.

Syntax

sticky sticky-name

undo sticky

Default

No sticky group is specified for a virtual server.

Views

HTTP virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

sticky-name: Specifies a sticky group by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

You can also specify a sticky group by using the default server-farm and server-farm (LB action view) commands. The sticky group specified by using the sticky command has the highest priority.

This command allows you to specify only HTTP cookie sticky groups.

Examples

# Specify the HTTP cookie sticky group test for HTTP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type http

[Sysname-vs-http-vs] sticky test

Related commands

default server-farm

server-farm (LB action view)

sticky-group

Use sticky-group to create a sticky group and enter its view, or enter the view of an existing sticky group.

Use undo sticky-group to delete the specified sticky group.

Syntax

sticky-group group-name [ type { address-port | http-content | http-cookie | http-header | http-passive | payload | radius| sip | ssl | tcp-payload | udp-passive } ]

undo sticky-group group-name

Default

No sticky groups exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

group-name: Specifies a sticky group name, a case-insensitive string of 1 to 63 characters.

type { address-port | http-content | http-cookie | http-header | http-passive | payload | radius | sip | ssl | tcp-payload | udp-passive }: Specifies the sticky group type, address and port, HTTP entity, HTTP cookie, HTTP header, HTTP passive, HTTP or UDP payload, RADIUS, SIP, SSL, TCP payload, or UDP passive. When you create a sticky group, you must specify the sticky group type. You can enter an existing sticky group view without entering the type of the sticky group.

Usage guidelines

A sticky group uses a specific sticky method to distribute similar sessions to the same real server or link. The sticky method applies to the first packet of a session. Subsequent packets of the session are distributed to the same real server or link.

You can configure only the address- and port-type sticky groups if the device does not have any licenses installed. To configure sticky groups of any other type, you must install licenses. For information about licensing, see license management in Fundamentals Configuration Guide.

Examples

# Create the address- and port-type sticky group sg1 and enter sticky group view.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1]

sticky-over-busy enable

Use sticky-over-busy enable to enable stickiness-over-busyness.

Use undo sticky-over-busy enable to disable stickiness-over-busyness.

Syntax

sticky-over-busy enable

undo sticky-over-busy enable

Default

Stickiness-over-busyness is disabled.

Views

Sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

This command enables the device to assign client requests to real servers based on sticky entries, regardless of whether the real servers are busy.

When stickiness-over-busyness is disabled, the device assigns client requests to only the real servers in normal state.

Examples

# In address- and port-type sticky group sg1, enable stickiness-over-busyness.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] sticky-over-busy enable

sticky-sync enable (transparent DNS proxy view)

Use sticky-sync enable to enable sticky entry synchronization for a transparent DNS proxy.

Use undo sticky-sync enable to disable sticky entry synchronization for a transparent DNS proxy.

Syntax

sticky-sync enable [ global ]

undo sticky-sync enable

Default

Sticky entry synchronization is disabled for a transparent DNS proxy.

Views

Transparent DNS proxy view

Predefined user roles

network-admin

context-admin

Parameters

global: Enables global synchronization.

Usage guidelines

Non-default vSystems do not support this command.

This command can back up sticky entry information to ensure service continuity during a master and backup switchover in hot backup mode.

In an IRF fabric, if you do not specify the global keyword when enabling sticky entry synchronization, sticky entries are synchronized between cards in the failover group. If you specify the global keyword, sticky entries are synchronized among all cards.

In a VRRP network, you must specify the global keyword for the sticky entry synchronization feature to take effect.

Examples

# Enable sticky entry synchronization for transparent DNS proxy dns_proxy1.

<Sysname>system-view

[Sysname] loadbalance dns-proxy dns_proxy1 type udp

[Sysname-lb-dp-udp-dns_proxy1] sticky-sync enable

sticky-sync enable (virtual server view)

Use sticky-sync enable to enable sticky entry synchronization for a virtual server.

Use undo sticky-sync enable to disable sticky entry synchronization for a virtual server.

Syntax

sticky-sync enable [ global ]

undo sticky-sync enable

Default

Sticky entry synchronization is disabled for a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

global: Enables global synchronization.

Usage guidelines

For successful sticky entry synchronization, if you want to specify a sticky group, enable sticky entry synchronization before specifying a sticky group on both LB devices. You can specify a sticky group by using the sticky sticky-name option when you specify a primary server farm (see the default server-farm command).

In a VRRP network, you must specify the global keyword for the sticky entry synchronization feature to take effect.

Examples

# Enable sticky entry synchronization for the IP-type virtual server vs3.

<Sysname>system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] sticky-sync enable

success-criteria (DNS server pool member view)

Use success-criteria to specify the health monitoring success criteria for a DNS server pool member.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

DNS server pool member view

Predefined user roles

network-admin

context-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

Non-default vSystems do not support this command.

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in DNS server pool member view takes precedence over the configuration in DNS server pool view.

Examples

# Configure the health monitoring success criteria for the DNS server pool member ds1 as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] loadbalance dns-server-pool dsp1

[Sysname-lb-dsp-dsp1] dns-server ds1 port 10

[Sysname-lb-dsp-dsp1-#member#-ds1-port-10] success-criteria at-least 2

success-criteria (DNS server pool view)

Use success-criteria to specify the health monitoring success criteria for a DNS server pool.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

DNS server pool view

Predefined user roles

network-admin

context-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

Non-default vSystems do not support this command.

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in DNS server view takes precedence over the configuration in DNS server pool view.

Examples

# Configure the health monitoring success criteria for the DNS server pool dns-pool as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] loadbalance dns-server-pool dns-pool

[Sysname-lb-dspool-dns-pool] success-criteria at-least 2

Related commands

success-criteria (DNS server view)

Use success-criteria to specify the health monitoring success criteria for a DNS server.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

Non-default vSystems do not support this command.

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in DNS server view takes precedence over the configuration in DNS server pool view.

Examples

# Configure the health monitoring success criteria for DNS server ds1 as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1] success-criteria at-least 2

Related commands

success-criteria (DNS server pool view)

success-criteria (link group member view)

Use success-criteria to specify the health monitoring success criteria for a link group member.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

Link group member view

Predefined user roles

network-admin

context-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

Non-default vSystems do not support this command.

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in link group member view takes precedence over the configuration in link group view.

The health monitoring result for a link affects the availability of a link group member. The health monitoring result for a link group member does not affect the availability of a link.

Examples

# Configure the health monitoring success criteria for the link group member lk1 as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] link lk1

[Sysname-lb-lgroup-lg-#member#-lk1] success-criteria at-least 2

success-criteria (link group view)

Use success-criteria to specify the health monitoring success criteria for a link group.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

Link group view

Predefined user roles

network-admin

context-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

Non-default vSystems do not support this command.

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in link view takes precedence over the configuration in link group view.

Examples

# Configure the health monitoring success criteria for the link group lg as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] success-criteria at-least 2

Related commands

success-criteria (link view)

Use success-criteria to specify the health monitoring success criteria for an LB link.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

LB link view

Predefined user roles

network-admin

context-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

Non-default vSystems do not support this command.

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

Examples

# Configure the health monitoring success criteria for the LB link lk1 as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] success-criteria at-least 2

Related commands

success-criteria (link group view)

success-criteria (real server view)

Use success-criteria to specify the health monitoring success criteria for a real server.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in real server view takes precedence over the configuration in server farm view.

Examples

# Configure the health monitoring success criteria for the real server rs as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] success-criteria at-least 2

success-criteria (server farm member view)

Use success-criteria to specify the health monitoring success criteria for a server farm member.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in server farm member view takes precedence over the configuration in server farm view.

Examples

# Configure the health monitoring success criteria for the server farm member rs1 as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] success-criteria at-least 2

success-criteria (server farm view)

Use success-criteria to specify the health monitoring success criteria for a server farm.

Use undo success-criteria to restore the default.

Syntax

success-criteria { all | at-least min-number }

undo success-criteria

Default

Health monitoring succeeds only when all the specified health monitoring methods succeed.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

all: Specifies the health monitoring success criteria as all successful health monitoring methods.

at-least min-number: Specifies the health monitoring success criteria as the specified minimum number of successful health monitoring methods, in the range of 1 to 4294967295.

Usage guidelines

If the min-number setting exceeds the number of existing health monitoring methods on the device, the number of existing health monitoring methods applies.

The health monitoring success criteria configuration in real server view takes precedence over the configuration in server farm view.

Examples

# Configure the health monitoring success criteria for the server farm sf as a minimum number of 2 successful health monitoring methods.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] success-criteria at-least 2

syn retransmission-timeout

Use syn retransmission-timeout to set the retransmission timeout time for SYN packets.

Use undo syn retransmission-timeout to restore the default.

Syntax

syn retransmission-timeout timeout-value

undo syn retransmission-timeout

Default

The retransmission timeout time for SYN packets is 10 seconds.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

timeout-value: Specifies the retransmission timeout time for SYN packets, in the range of 1 to 75 seconds.

Usage guidelines

This command sets the amount of time the device waits for a SYN ACK before closing a TCP connection.

Examples

# Set the retransmission timeout time for SYN packets to 5 seconds for TCP connections.

<Sysname> system-view

[Sysname] parameter-profile profile type tcp

[Sysname-para-tcp-profile] syn retransmission-timeout 5

Related commands

display parameter-profile

tcp connection idle-timeout

Use tcp connection idle-timeout to set the idle timeout for TCP connections.

Use undo tcp connection idle-timeout to restore the default.

Syntax

tcp connection idle-timeout value

undo tcp connection idle-timeout

Default

The idle timeout is 0 seconds for TCP connections, which means TCP connections never time out.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

value: Specifies the idle timeout in the range of 10 to 86400 seconds.

Usage guidelines

This command sets the idle timeout for TCP connections between the LB device and the clients and for TCP connections between the LB device and the servers. If no traffic is available on a TCP connection before the idle timeout expires, the LB device terminates the TCP connection.

Examples

# Set the idle timeout to 60 seconds for TCP connections.

<Sysname> system-view

[Sysname] parameter-profile pp1 type tcp

[Sysname-para-tcp-pp1] tcp connection idle-timeout 60

tcp mss

Use tcp mss to set the MSS for the LB device.

Use undo tcp mss to restore the default.

Syntax

tcp mss value

undo tcp mss

Default

The MSS is not set for the LB device.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

value: Specifies the MSS value in the range of 128 to 1460 bytes.

Usage guidelines

This command takes effect only when the HTTP virtual server has referenced a TCP parameter profile.

When the client establishes a TCP connection to the LB device, the client sends its own MSS value to the LB device. The LB device records the MSS value and sends the configured MSS value to the client. The client and the LB device use the smaller MSS value for communication.

When the LB device establishes a TCP connection to the server, the LB device sends the configured MSS value to the server. The server records the MSS value and sends its own MSS value to the LB device. The LB device and the server use the smaller MSS value for communication.

Examples

# Set the MSS to 1300 bytes for the LB device.

<Sysname> system-view

[Sysname] parameter-profile tcp type tcp

[Sysname-para-tcp-tcp] tcp mss 1300

tcp option insert

Use tcp option insert to insert the client IP address into a TCP option.

Use undo tcp option insert to remove the configuration.

Syntax

tcp option insert option-number src-addr [ encode { binary | string } ]

undo tcp option insert option-number

Default

The client IP address is not inserted into any TCP options.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

option-number: Specifies a TCP option by its number. Valid values are 6, 7, 9 to 18, and 22 to 254.

encode { binary | string }: Specifies the binary or string encoding mode. The default is binary mode.

Usage guidelines

This command inserts the client's actual IP address as the source IP address into the specified option in headers of TCP packets sent to the server.

This command takes effect only on TCP parameter profiles referenced by the following virtual servers:

· HTTP virtual servers.

· TCP virtual servers configured with SSL server policies.

· TCP virtual servers operating at Layer 7.

· MySQL virtual servers.

You can execute this command multiple times to insert the client IP address to a maximum of five TCP options.

If you execute this command multiple times for the same TCP option, the most recent configuration takes effect.

Examples

# In TCP parameter profile para2, insert the client IP address into TCP option 28.

<Sysname> system-view

[Sysname] parameter-profile para2 type tcp

[Sysname-para-tcp-para2] tcp option insert 28 src-addr

Related commands

parameter-profile

tcp option remove

Use tcp option remove to remove the specified TCP option from TCP packet headers.

Use undo tcp option remove to cancel the removal configuration.

Syntax

tcp option remove option-number

undo tcp option remove option-number

Default

No TCP option is removed from TCP packet headers.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

option-number: Specifies a TCP option by its number in the range of 3 to 254.

Usage guidelines

This command removes the specified TCP option from headers of TCP packets sent to the server.

You can execute this command multiple times to remove a maximum of five TCP options.

Examples

# In TCP parameter profile para2, remove TCP option 8 from TCP packet headers.

<Sysname> system-view

[Sysname] parameter-profile para2 type tcp

[Sysname-para-tcp-para2] tcp option remove 8

Related commands

parameter-profile

tcp window-size

Use tcp window-size to configure the maximum local window size for TCP connections.

Use undo tcp window-size to restore the default.

Syntax

tcp window-size size

undo tcp window-size

Default

The maximum local window size for TCP connections is 65535.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

size: Specifies the maximum local window size for TCP connections, in the range of 8192 to 65535.

Examples

# Set the maximum local window size for TCP connections to 8192 for the TCP parameter profile pp3.

<Sysname> system-view

[Sysname] parameter-profile pp3 type tcp

[Sysname-para-tcp-pp3] tcp window-size 8192

tcp-close

Use tcp-close to configure the method to close TCP connections.

Use undo tcp-close to restore the default.

Syntax

tcp-close { fin | rst }

undo tcp-close

Default

FIN packets are sent to close TCP connections.

Views

Generic/HTTP LB action view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

fin: Closes TCP connections by sending FIN packets.

rst: Closes TCP connections by sending RST packets.

Examples

# In generic LB action lba1, configure the rst method to close TCP connections.

<Sysname> system-view

[Sysname] loadbalance action lba1 type generic

[Sysname-lba-generic-lba1] tcp-close rst

tcp-payload

Use tcp-payload to configure the TCP payload sticky method.

Use undo tcp-payload to delete the TCP payload sticky method.

Syntax

tcp-payload [ offset offset ] [ start start-string ] [ end end-string | length length ]

undo tcp-payload

Default

No TCP payload sticky methods exist.

Views

TCP payload sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

offset offset: Specifies the offset value of the TCP payload based on the start of the TCP packet, in the range of 0 to 1000 bytes. The default is 0.

start start-string: Specifies the regular expression that marks the start of the TCP payload, a case-sensitive string of 1 to 127 characters starting from the offset value. The string cannot contain question marks (?).

end end-string: Specifies the regular expression that marks the end of the TCP payload, a case-sensitive string of 1 to 127 characters starting from the start-string value. The string cannot contain question marks (?).

length length: Specifies the length of the TCP payload, in the range of 0 to 1000 bytes. The default is 0, which indicates all lengths.

Usage guidelines

Use this command to obtain the TCP payload information used to generate sticky entries based on the offset, start-string, end-string, and length values. The start-string and end-string values are not included in the sticky entry information.

If you do not specify any parameters in this command, the sticky entry is generated based on the whole TCP packet.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the TCP payload sticky method for the TCP payload sticky group sg: Use the whole TCP packet to generate sticky entries.

<Sysname> system-view

[Sysname] sticky-group sg type tcp-payload

[Sysname-sticky-payload-sg] tcp-payload

timeout (LB probe template view)

Use timeout to set the timeout time for probe responses.

Use undo timeout to restore the default.

Syntax

timeout timeout-value

undo timeout

Default

The timeout time for probe responses is 3 seconds for ICMP probe packets and custom monitoring probe packets and is 5 seconds for HTTP passive probe packets.

Views

ICMP LB probe template view

HTTP passive LB probe template view

Custom-monitoring LB probe template view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

timeout-value: Specifies the timeout time for probe responses, in the range of 1 to 60 seconds for ICMP probe packets, 1 to 255 seconds for HTTP passive probe packets, and 1 to 86400 seconds for custom monitoring probe packets.

Usage guidelines

As a best practice, set the timeout time for probe responses to be smaller than the monitoring time (set by using the monitor-interval command).

After an HTTP passive LB probe template is referenced, the device monitors the responses of HTTP requests with URLs specified in the check-url command. If the response time for an HTTP request exceeds the specified timeout time, a URL error is recorded.

Examples

# Set the timeout time for probe responses to 5 seconds in the ICMP template icmptplt.

<Sysname> system-view

[Sysname] loadbalance probe-template icmp icmptplt

[Sysname-lbpt-icmp-icmptplt] timeout 5

Related commands

check-url

monitor-interval

timeout (proximity view)

Use timeout to set the timeout timer for proximity entries.

Use undo timeout to restore the default.

Syntax

timeout timeout-value

undo timeout

Default

The timeout timer for proximity entries is 60 seconds.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

timeout-value: Specifies the timeout timer in the range of 60 to 3600 seconds.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the timeout timer for proximity entries to 80 seconds.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity] timeout 80

timeout (sticky group view)

Use timeout to set the timeout timer for sticky entries.

Use undo timeout to restore the default.

Syntax

timeout { indefinite | timeout-value }

undo timeout

Default

The timeout timer for sticky entries is 86400 seconds for sticky groups of the HTTP cookie, HTTP passive, and UDP passive types and 60 seconds for sticky groups of other types.

Views

Sticky group view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

indefinite: Specifies an indefinite timeout timer for sticky entries so that the sticky entries never age out. Sticky groups of the HTTP cookie type, HTTP passive type, and UDP passive type do not support this keyword.

timeout-value: Specifies the timeout timer in the range of 0 to 31536000 seconds for sticky groups of the HTTP cookie type and in the range of 10 to 604800 seconds for sticky groups of other types.

Usage guidelines

For sticky groups of the HTTP cookie type, the following principles apply:

· If the sticky method is cookie insert or cookie rewrite, a timeout timer of 0 indicates session persistency.

· If the sticky method is cookie get, a timeout timer of 0 indicates the timeout time for the sticky entries is 0 seconds.

Examples

# Set the timeout timer for sticky entries to 100 seconds in the address- and port-type sticky group sg1.

<Sysname> system-view

[Sysname] sticky-group sg1 type address-port

[Sysname-sticky-address-port-sg1] timeout 100

time-wait timeout

Use time-wait timeout to set the TIME_WAIT state timeout time for TCP connections.

Use undo time-wait timeout to restore the default.

Syntax

time-wait timeout value

undo time-wait timeout

Default

The TIME_WAIT state timeout time is 2 seconds for TCP connections.

Views

TCP parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

value: Specifies the TIME_WAIT state timeout time in the range of 1 to 65535 seconds.

Usage guidelines

A TCP connection cannot be released until the TIME_WAIT timer expires. To release TCP connections faster and improve load balancing efficiency, use this command to set a shorter TIME_WAIT state timeout time.

Examples

# Set the TIME_WAIT state timeout time for TCP connections to 30 seconds in the TCP parameter profile pa1.

<Sysname> system-view

[Sysname] parameter-profile pa1 type tcp

[Sysname-para-tcp-pa1] time-wait timeout 30

topology region

Use topology region to configure a topology.

Use undo topology region to restore the default.

Syntax

topology region region-name { ip ipv4-address { mask-length | mask } | ipv6 ipv6-address prefix-length } [ priority priority ]

undo topology region region-name [ ip ipv4-address [ mask-length | mask ] | ipv6 ipv6-address [ prefix-length ] ]

Default

No topologies exist.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

region-name: Specifies a region by its name, a case-insensitive string of 1 to 63 characters.

ip ipv4-address: Specifies the IPv4 address of a virtual server.

mask-length: Specifies the mask length for the IPv4 address, in the range of 0 to 32. The default is 32.

mask: Specifies the mask for the IPv4 address. The default is 255.255.255.255.

ipv6 ipv6-address prefix-length: Specifies the IPv6 address of a virtual server.

prefix-length: Specifies the prefix length for the IPv6 address, in the range of 0 to 128. The default is 128.

priority priority: Specifies the priority of the topology, in the range of 1 to 255. The default weight is 100.

Usage guidelines

Non-default vSystems do not support this command.

A topology associates the region where the local DNS server resides with the IP address of a virtual server.

When the static proximity algorithm (topology) is specified for the virtual server pool by using the predictor command, you must configure a topology.

When a DNS request matches multiple topology records, the topology record with the highest priority is selected.

You can execute this command multiple times to configure multiple IP address ranges for a region.

If you only specify a region when deleting a topology, all topologies for the region are deleted.

Examples

# Configure a topology by associating the region region-ct with the IPv4 address 1.2.3.4.

<Sysname> system-view

[Sysname] topology region region-ct ip 1.2.3.4 24 priority 200

Related commands

loadbalance region

predictor (virtual server pool view)

translation-mode

Use translation-mode to configure a translation mode for a SNAT global policy.

Use undo translation-mode to restore the default.

Syntax

translation-mode { auto-map | snat-pool pool-name }

undo translation-mode

Default

No translation mode is configured for a SNAT global policy.

Views

SNAT global policy view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

auto-map: Specifies the automatic mapping mode.

snat-pool pool-name: Specifies the SNAT address pool mode. The pool-name argument specifies the SNAT address pool name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

The device supports the following translation modes in a SNAT global policy:

· Automatic mapping—Translates the source IP address into the IP address of the interface connecting to the real servers.

· SNAT address pool—Translates the source IP address into an IP address in the specified SNAT address pool.

If SNAT is not configured for a server farm, the server farm uses SNAT global policies for address translation.

Examples

# Specify SNAT address pool sp for address translation in SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] translation-mode snat-pool sp

transparent enable (link group view)

Use transparent enable to disable NAT for a link group.

Use undo transparent enable to enable NAT for a link group.

Syntax

transparent enable

undo transparent enable

Default

NAT is enabled for a link group.

Views

Link group view

Predefined user roles

network-admin

context-admin

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Disable NAT for the link group lg.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-sinalab] transparent enable

transparent enable (server farm view)

Use transparent enable to disable NAT for a server farm.

Use undo transparent enable to enable NAT for a server farm.

Syntax

transparent enable

undo transparent enable

Default

NAT is enabled for a server farm.

Views

Server farm view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

If the server farm is referenced by a virtual server of the HTTP type, the NAT feature takes effect even if it is disabled.

Examples

# Disable NAT for the server farm sf.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] transparent enable

ttl (DNS forward zone view)

Use ttl to set the TTL for resource records.

Use undo ttl to restore the default.

Syntax

ttl ttl-value

undo ttl

Default

The TTL for resource records is 3600 seconds.

Views

DNS forward zone view

Predefined user roles

network-admin

context-admin

Parameters

ttl-value: Specifies the TTL value in the range of 0 to 4294967295 seconds.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the TTL for resource records to 1 day for DNS forward zone example.com.

<Sysname> system-view

[Sysname] loadbalance zone example.com

[Sysname-lb-zone-example.com] ttl 86400

Related commands

display loadbalance zone

ttl (DNS mapping view)

Use ttl to set the TTL for DNS records.

Use undo ttl to restore the default.

Syntax

ttl ttl-value

undo ttl

Default

The TTL for DNS records is 3600 seconds.

Views

DNS mapping view

Predefined user roles

network-admin

context-admin

Parameters

ttl-value: Specifies the TTL value in the range of 0 to 4294967295 seconds.

Usage guidelines

Non-default vSystems do not support this command.

Use this command to set a proper TTL to cache DNS records for DNS responses.

· For the DNS client to get the updated DNS record when the LB policy or virtual server configuration changes, set a smaller TTL value, for example, 60 seconds.

· For stable, fast domain name resolution when the network is stable, set a larger TTL value, for example, 86400 seconds.

Examples

# Set the TTL for DNS records to 4000 seconds for the DNS mapping dm1.

<Sysname> system-view

[Sysname] loadbalance dns-map dm1

[Sysname-lb-dm-dm1] ttl 4000

Related commands

display loadbalance dns-map

ttl weight

Use ttl weight to set the TTL weight for proximity calculation.

Use undo ttl weight to restore the default.

Syntax

ttl weight ttl-weight

undo ttl weight

Default

The TTL weight for proximity calculation is 100.

Views

Proximity view

Predefined user roles

network-admin

context-admin

Parameters

ttl-weight: Specifies the TTL weight for proximity calculation, in the range of 0 to 255. A larger value indicates a higher weight.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the TTL weight for proximity calculation to 200.

<Sysname> system-view

[Sysname] loadbalance proximity

[Sysname-lb-proximity] ttl weight 200

udp per-packet

Use udp per-packet to enable per-packet load balancing for UDP traffic for a virtual server.

Use undo udp per-packet to disable per-packet load balancing for UDP traffic for a virtual server.

Syntax

udp per-packet

undo udp per-packet

Default

Per-packet load balancing for UDP traffic is disabled for a virtual server.

Views

UDP virtual server view

UDP-based SIP virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Usage guidelines

When per-packet load balancing for UDP traffic is disabled, the LB device distributes traffic matching the virtual server according to application type. Traffic of the same application type is distributed to one real server.

When per-packet load balancing for UDP traffic is enabled, the following results apply:

· The LB device distributes traffic matching the virtual server on a per-packet basis.

· The LB device does not collect statistics of connections on the virtual server or real server.

· If NAT is not enabled for the referenced server farm, the LB device does not collect statistics of packets sent by the virtual server or real server.

· The following configurations are still effective:

¡ Scheduling algorithm configured on the server farm referenced by the virtual server.

¡ Sticky method of the sticky group when the virtual server references the server farm.

Because packets of the same session have the same quintuple, the hash scheduling algorithm or the source IP address sticky method yields the same result for the packets. For example, if a server farm uses the hash scheduling algorithm or the source IP address sticky method, the LB device distributes UDP packets of the same session to one real server. In this case, the LB device cannot distribute UDP packets on a per-packet basis.

Examples

# Enable per-packet load balancing for UDP traffic for the UDP virtual server vs5.

<Sysname> system-view

[Sysname] virtual-server vs5 type udp

[Sysname-vs-udp-vs5] udp per-packet

username

Use username to specify the login username and password of the MySQL database.

Use undo username to remove the login username and password of the MySQL database.

Syntax

username username [ password { cipher | simple } string ]

undo username username

Default

The login username and password of the MySQL database is not specified.

Views

MySQL virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

username: Specifies the username, a case-sensitive string of 1 to 63 characters.

password: Specifies the password. If you do not specify the password, the password is null.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password string. Its plaintext form is a case-sensitive string of 1 to 127 characters. Its encrypted form is a case-sensitive string of 1 to 255 characters.

Usage guidelines

You can configure a maximum of 100 login users.

The specified login username and password must be the same as the actual login username and password of the MySQL database.

Examples

# Specify the username and password as root and 123456, respectively, for the MySQL virtual server vs1.

<Sysname> system-view

[Sysname] virtual-server vs1 type mysql

[Sysname-vs-mysql-vs1] username root password simple 123456

variable

Use variable to associate a variable with a server farm member.

Use undo variable to disassociate a variable from a server farm member.

Syntax

variable variable-name value value

undo variable variable-name

Default

No variable is associated with a server farm member.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

variable-name: Specifies a variable name, a case-sensitive string of 1 to 63 characters.

value value: Specifies the variable value, a case-sensitive string of 1 to 127 characters.

Examples

# Associate a variable with variable name var1 and variable value 1 with server farm member rs.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs port 5001

[Sysname-sfarm-sf-#member#-rs-port-5001] variable var1 value _1

Related commands

payload rewrite

version

Use version to configure the MySQL database version.

Use undo version to restore the default.

Syntax

version { 5.0 | 5.1 | 5.5 | 5.6 | 5.7 }

undo version

Default

The MySQL database version is 5.6.

Views

MySQL virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

{ 5.0 | 5.1 | 5.5 | 5.6 | 5.7 }: Specifies the MySQL database version number.

Usage guidelines

The LB device performs authentication for clients on behalf of the MySQL server and sends database initialization packets of the specified MySQL version to clients.

Examples

# Configure the MySQL database version as 5.7 for the MySQL virtual server vs1.

<Sysname> system-view

[Sysname] virtual-server vs1 type mysql

[Sysname-vs-mysql-vs1] version 5.7

virtual-ip

Use virtual-ip to add a virtual IPv4 address to a virtual server pool.

Use undo virtual-ip to delete a virtual IPv4 address from a virtual server pool.

Syntax

virtual-ip ipv4-address link link-name [ weight weight-value ]

undo virtual-ip ipv4-address

Default

No virtual IPv4 addresses are added to a virtual server pool.

Views

Virtual server pool view

Predefined user roles

network-admin

context-admin

Parameters

ipv4-address: Specifies a virtual IPv4 address.

link link-name: Specifies an LB link by its name, a case-insensitive string of 1 to 63 characters.

weight weight-value: Specifies the weight for the virtual IPv4 address, in the range of 1 to 255. The default weight is 100.

Usage guidelines

Non-default vSystems do not support this command.

In scenarios where server load balancing is not required, you can configure virtual IPv4 addresses instead of virtual servers to simplify configuration.

For the weighted round-robin scheduling algorithm, a virtual IPv4 address with a greater weight value are preferentially scheduled.

You can add multiple virtual IPv4 addresses to a virtual server pool, and a virtual IPv4 address can be associated with one link. If you execute this command multiple times for the same virtual IPv4 address, the most recent configuration takes effect.

Examples

# Add virtual IPv4 address 10.0.0.1 associated with LB link link1 to virtual server pool local-pool.

<Sysname> system-view

[Sysname] loadbalance virtual-server-pool local-pool

[Sysname-lb-vspool-local-pool] virtual-ip 10.0.0.1 link link1

Related commands

loadbalance link

loadbalance virtual-server-pool

virtual-ipv6

Use virtual-ipv6 to add a virtual IPv6 address to a virtual server pool.

Use undo virtual-ipv6 to delete a virtual IPv6 address from a virtual server pool.

Syntax

virtual-ipv6 ipv6-address link link-name [ weight weight-value ]

undo virtual-ipv6 ipv6-address

Default

No virtual IPv6 addresses are added to a virtual server pool.

Views

Virtual server pool view

Predefined user roles

network-admin

context-admin

Parameters

ipv6-address: Specifies a virtual IPv6 address.

link link-name: Specifies an LB link by its name, a case-insensitive string of 1 to 63 characters.

weight weight-value: Specifies the weight for the virtual IPv6 address, in the range of 1 to 255. The default weight is 100.

Usage guidelines

Non-default vSystems do not support this command.

In scenarios where server load balancing is not required, you can configure virtual IPv6 addresses instead of virtual servers to simplify configuration.

For the weighted round-robin scheduling algorithm, a virtual IPv6 address with a greater weight value are preferentially scheduled.

You can add multiple virtual IPv6 addresses to a virtual server pool, and a virtual IPv6 address can be associated with one link. If you execute this command multiple times for the same virtual IPv6 address, the most recent configuration takes effect.

Examples

# Add virtual IPv6 address 10::1 associated with LB link link1 to virtual server pool local-pool.

<Sysname> system-view

[Sysname] loadbalance virtual-server-pool local-pool

[Sysname-lb-vspool-local-pool] virtual-ipv6 10::1 link link1

Related commands

loadbalance link

loadbalance virtual-server-pool

virtual ip address

Use virtual ip address to configure an IPv4 address (VSIP) for a virtual server.

Use undo virtual ip address to restore the default.

Syntax

virtual ip address ipv4-address [ mask-length | mask ]

undo virtual ip address

Default

No IPv4 address is configured for a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

ipv4-address: Specifies an IPv4 address. It cannot be a loopback address, multicast address, broadcast address, or an address in the format of 0.X.X.X (with a mask length of 32).

mask-length: Specifies a mask length in the range of 0 to 32. The default is 32. This argument is not supported by virtual servers of the HTTP type.

mask: Specifies a subnet mask. The default is 255.255.255.255. This argument is not supported by virtual servers of the HTTP type.

Usage guidelines

If the IP address of an interface connected to a client is in the same network segment as the VSIP, you must specify an interface for sending gratuitous ARP or ND packets.

Examples

# Configure the IPv4 address for the IP-type virtual server vs3 as 1.1.1.1/24.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] virtual ip address 1.1.1.1 24

Related commands

arp-nd interface (virtual server view)

virtual ipv6 address

Use virtual ipv6 address to configure an IPv6 address (VSIP) for a virtual server.

Use undo virtual ipv6 address to restore the default.

Syntax

virtual ipv6 address ipv6-address [ prefix-length ]

undo virtual ipv6 address

Default

No IPv6 address is configured for a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

ipv6-address: Specifies an IPv6 address, which cannot be a loopback address, IPv6 multicast address, link-local address, or all-zero address (when the prefix length is not 0).

prefix-length: Specifies a prefix length in the range of 0 to 128. The default is 128. This argument is not supported by virtual servers of the HTTP type.

Usage guidelines

If the IPv6 address of an interface connected to a client is in the same network segment as the VSIP, you must specify an interface for sending gratuitous ARP or ND packets.

Examples

# Configure the IPv6 address for the IP-type virtual server vs3 as 1001::1/64.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] virtual ipv6 address 1001::1 64

Related commands

arp-nd interface (virtual server view)

virtual-server (system view)

Use virtual-server to create a virtual server and enter its view, or enter the view of an existing virtual server.

Use undo virtual-server to delete the specified virtual server.

Syntax

virtual-server virtual-server-name [ type { http | ip | link-ip | | mysql sip-tcp | sip-udp | radius | tcp | udp } ]

undo virtual-server virtual-server-name

Default

No virtual servers exist.

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

virtual-server-name: Specifies the virtual server name, a case-insensitive string of 1 to 63 characters.

type { http | ip | link-ip | mysql | sip-tcp | sip-udp | radius | tcp | udp }: Specifies the virtual server type as HTTP, IP, link-IP, MySQL, RADIUS, TCP-based SIP, UDP-based SIP, TCP, or UDP. When you create a virtual server, you must specify a virtual server type. You can enter an existing virtual server view without entering the type of the virtual server.

Usage guidelines

You can create HTTP, MySQL, RADIUS, SIP, TCP, or UDP virtual servers only if the device has licenses installed. For information about licensing, see license management in Fundamentals Configuration Guide.

Examples

# Create the virtual server vs3 with the IP type, and enter virtual server view.

<Sysname> system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3]

virtual-server (virtual server pool view)

Use virtual-server to add a virtual server to a virtual server pool.

Use undo virtual-server to delete a virtual server from a virtual server pool.

Syntax

virtual-server virtual-server-name link link-name [ weight weight-value ]

undo virtual-server virtual-server-name

Default

No virtual servers are added to a virtual server pool.

Views

Virtual server pool view

Predefined user roles

network-admin

context-admin

Parameters

virtual-server-name: Specifies a virtual server by its name, a case-insensitive string of 1 to 63 characters.

link link-name: Specifies an LB link by its name, a case-insensitive string of 1 to 63 characters.

weight weight-value: Specifies the weight for the virtual server, in the range of 1 to 255. The default weight is 100. For the weighted round robin algorithm, a greater value means a higher priority to be referenced. If you do not specify this option, the default weight 100 applies.

Usage guidelines

Non-default vSystems do not support this command.

You can add multiple virtual servers to a virtual server pool.

To ensure correct operation of inbound link load balancing when server load balancing is also enabled, do not specify the virtual server's IP address as the DNS listener's IP address.

The virtual server's IP address for inbound link load balancing must be a unicast address with a 32-bit mask length. The IP address cannot be an all-zero address.

Examples

# Add the virtual server vs1 associated with the LB link link1 to the virtual server pool local-pool.

<Sysname> system-view

[Sysname] loadbalance virtual-server-pool local-pool

[Sysname-lb-vspool-local-pool] virtual-server vs1 link link1

Related commands

loadbalance link

loadbalance virtual-server-pool

virtual-server-pool

Use virtual-server-pool to specify a virtual server pool for a DNS mapping.

Use undo virtual-server-pool to restore the default.

Syntax

virtual-server-pool pool-name

undo virtual-server-pool pool-name

Default

No virtual server pool is specified for a DNS mapping.

Views

DNS mapping view

Predefined user roles

network-admin

context-admin

Parameters

pool-name: Specifies the virtual server pool name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the virtual server pool pool1 for the DNS mapping dm1.

<Sysname> system-view

[Sysname] loadbalance dns-map dm1

[Sysname-lb-dm-dm1] virtual-server-pool pool1

vpn-instance (DNS listener view)

Use vpn-instance to specify a VPN instance for a DNS listener.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

A DNS listener belongs to the public network.

Views

DNS listener view

Predefined user roles

network-admin

context-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Specify VPN instance vpn1 for DNS listener ct-listener.

<Sysname> system-view

[Sysname] loadbalance dns-listener ct-listener

[Sysname-lb-dl-ct-listener] vpn-instance vpn1

Related commands

display loadbalance dns-listener

vpn-instance (DNS server view)

Use vpn-instance to specify a VPN instance for a DNS server.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

A DNS server belongs to the public network.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Specify VPN instance vpn1 for DNS server ds1.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-vs-http-vs] vpn-instance vpn1

Related commands

display loadbalance dns-server

vpn-instance (link view)

Use vpn-instance to specify a VPN instance for a link.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

A link belongs to the public network.

Views

Link view

Predefined user roles

network-admin

context-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

Non-default vSystems do not support this command.

Before executing this command, you must create the VPN instance by using the ip vpn-instance vpn-instance-name command. If the specified VPN instance has not been created, the link state will be unavailable.

Examples

# Specify VPN instance vpn1 for link lk1.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] vpn-instance vpn1

Related commands

ip vpn-instance (MPLS Command Reference)

vpn-instance (real server view)

Use vpn-instance to specify a VPN instance for a real server.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

A real server belongs to the public network if VPN instance inheritance is disabled.

A real server belongs to the VPN instance specified for its virtual server if VPN instance inheritance is enabled.

Views

Real server view

Predefined user roles

network-admin

context-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Specify VPN instance vpn1 for real server rs.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] vpn-instance vpn1

Related commands

inherit vpn-instance disable

vpn-instance (SNAT address pool view)

Use vpn-instance to specify a VPN instance for a SNAT address pool.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

A SNAT address pool belongs to the public network.

Views

SNAT address pool view

Predefined user roles

network-admin

context-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

Non-default vSystems do not support this command.

Use this command to isolate SNAT address pools if they overlap.

As a best practice, specify the VPN instance of the associated real server for a SNAT address pool.

Examples

# Specify VPN instance vpn1 for SNAT address pool sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] vpn-instance vpn1

vpn-instance (SNAT global policy view)

Use vpn-instance to specify a VPN instance for a SNAT global policy.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

A SNAT global policy belongs to the public network.

Views

SNAT global policy view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Examples

# Specify VPN instance vpn1 for SNAT global policy sn1.

<Sysname> system-view

[Sysname] loadbalance snat-global-policy sn1

[Sysname-lb-snat-gp-sn1] vpn-instance vpn1

vpn-instance (transparent DNS proxy view)

Use vpn-instance to specify a VPN instance for a transparent DNS proxy.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

A transparent DNS proxy belongs to the public network.

Views

Transparent DNS proxy view

Predefined user roles

network-admin

context-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Specify VPN instance vpn1 for transparent DNS proxy dns-proxy1.

<Sysname> system-view

[Sysname] loadbalance dns-proxy dns-proxy1

[Sysname-lb-dp-udp-dns-proxy1] vpn-instance vpn1

vpn-instance (virtual server view)

Use vpn-instance to specify a VPN instance for a virtual server.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

A virtual server belongs to the public network.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Specify VPN instance vpn1 for the IP-type virtual server vs3.

<Sysname>system-view

[Sysname] virtual-server vs3 type ip

[Sysname-vs-ip-vs3] vpn-instance vpn1

vrrp vrid

Use vrrp vrid to bind a VRRP group to a virtual server.

Use undo vrrp vrid to unbind a VRRP group from a virtual server.

Syntax

vrrp [ ipv6 ] vrid virtual-router-id interface interface-type interface-number

undo vrrp [ ipv6 ]

Default

No VRRP group is bound to a virtual server.

Views

Virtual server view

Predefined user roles

network-admin

context-admin

Parameters

ipv6: Specifies an IPv6 VRRP group. To use this command to bind an IPv4 VRRP group to a virtual server, do not specify this keyword.

virtual-router-id: Specifies a VRRP group by its virtual router ID in the range of 1 to 255.

interface-type interface-number: Specifies the interface on which the VRRP group was created.

Usage guidelines

Non-default vSystems do not support this command.

In an HA system, execute this command if you configure server load balancing on the primary device to make sure the return packets are processed on the same master device. For more information about HA, see RBM-based hot backup configuration in High Availability Configuration Guide.

Multiple virtual servers bound to different VRRP groups cannot use the same SNAT address pool.

A virtual server can be bound to a maximum of one IPv4 or IPv6 VRRP group. You can bind an IPv4 VRRP group to only an IPv4 virtual server, or bind an IPv6 VRRP group to only an IPv6 virtual server.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Bind VRRP group 1 to TCP virtual server vs.

<Sysname> system-view

[Sysname] virtual-server vs type tcp

[Sysname-vs-tcp-vs] vrrp vrid 1 interface gigabitethernet 1/0/1

Related commands

virtual-server

vrrp vrid (High Availability Command Reference)

weight (DNS server pool member view)

Use weight to set the weight of a DNS server pool member.

Use undo weight to restore the default.

Syntax

weight weight-value

undo weight

Default

The weight of a DNS server pool member is 100.

Views

DNS server pool member view

Predefined user roles

network-admin

context-admin

Parameters

weight-value: Specifies the weight in the range of 1 to 255. A greater value means a higher priority in scheduling.

Usage guidelines

Non-default vSystems do not support this command.

The weight configured in this command is used in the weighted round-robin algorithm.

Examples

# Set the weight of the DNS server pool member ds1 to 150.

<Sysname> system-view

[Sysname] loadbalance dns-server-pool dsp1

[Sysname-lb-dspool-dsp1] dns-server ds1 port 10

[Sysname-lb-dspool-dsp1-#member#-ds1-port-10] weight 150

weight (DNS server view)

Use weight to set the weight of a DNS server to be used by the weighted round robin algorithm and bandwidth algorithm.

Use undo weight to restore the default.

Syntax

weight weight-value

undo weight

Default

The weight of a DNS server is 100.

Views

DNS server view

Predefined user roles

network-admin

context-admin

Parameters

weight-value: Specifies the weight in the range of 1 to 255. A greater value means a higher priority in scheduling.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the weight of the DNS server ds1 to 150.

<Sysname> system-view

[Sysname] loadbalance dns-server ds1

[Sysname-lb-ds-ds1] weight 150

weight (link group member view)

Use weight to set the weight of a link group member.

Use undo weight to restore the default.

Syntax

weight weight-value

undo weight

Default

The weight of a link group member is 100.

Views

Link group member view

Predefined user roles

network-admin

context-admin

Parameters

weight-value: Specifies the weight in the range of 1 to 255. A greater value means a higher priority in scheduling.

Usage guidelines

Non-default vSystems do not support this command.

The weight configured in this command is used in the weighted least-connection algorithm and weighted round-robin algorithm.

Examples

# Set the weight of the link group member lk1 to 150.

<Sysname> system-view

[Sysname] loadbalance link-group lg

[Sysname-lb-lgroup-lg] link lk1

[Sysname-lb-lgroup-lg-#member#-lk1] weight 150

weight (link view)

Use weight to set the weight of a link to be used by the weighted round robin and weighted least connection algorithms.

Use undo weight to restore the default.

Syntax

weight weight-value

undo weight

Default

The weight of a link is 100.

Views

Link view

Predefined user roles

network-admin

context-admin

Parameters

weight-value: Specifies the weight in the range of 1 to 255. For the weighted round robin or weighted least connection algorithm, a greater value means a higher priority to be referenced.

Usage guidelines

Non-default vSystems do not support this command.

Examples

# Set the weight of the link lk1 to 150.

<Sysname> system-view

[Sysname] loadbalance link lk1

[Sysname-lb-link-lk1] weight 150

weight (real server view)

Use weight to set the weight of a real server to be used by the weighted round robin and weighted least connection algorithms.

Use undo weight to restore the default.

Syntax

weight weight-value

undo weight

Default

The weight of a real server is 100.

Views

Real server view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

weight-value: Specifies the weight in the range of 1 to 255. For the weighted round robin or weighted least connection algorithm, a greater value means a higher priority to be referenced.

Examples

# Set the weight of the real server rs to 150.

<Sysname> system-view

[Sysname] real-server rs

[Sysname-rserver-rs] weight 150

weight (server farm member view)

Use weight to set the weight of a server farm member.

Use undo weight to restore the default.

Syntax

weight weight-value

undo weight

Default

The weight of a server farm member is 100.

Views

Server farm member view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

weight-value: Specifies the weight in the range of 1 to 255. A greater value means a higher priority in scheduling.

Usage guidelines

The weight configured in this command is used in the weighted least-connection algorithm and weighted round-robin algorithm.

Examples

# Set the weight of the server farm member rs1 to 150.

<Sysname> system-view

[Sysname] server-farm sf

[Sysname-sfarm-sf] real-server rs1 port 80

[Sysname-sfarm-sf-#member#-rs1-port-80] weight 150

whois-mntner

Use whois-mntner to specify a whois maintainer object for an ISP.

Use undo whois-mntner to delete a whois maintainer object for an ISP.

Syntax

whois-mntner mntner-name

undo whois-mntner mntner-name

Default

No whois maintainer object is specified for an ISP.

Views

ISP view

Predefined user roles

network-admin

context-admin

Parameters

mntner-name: Specify a whois maintainer object by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

Non-default vSystems do not support this command.

This command specifies the geographical area where ISP address information is to be updated by the whois server.

You can specify a maximum of 10 whois maintainer objects for an ISP.

A whois maintainer object is globally unique.

Examples

# Specify whois maintainer object MAINT-CHINANET for ISP isp1.

<Sysname> system-view

[Sysname] loadbalance isp name isp1

[Sysname-lbisp-isp1] whois-mntner MAINT-CHINANET

window-size

Use window-size to set the window size used for compression.

Use undo window-size to restore the default.

Syntax

window-size size

undo window-size

Default

The window size used for compression is 16 KB.

Views

HTTP-compression parameter profile view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

size: Specifies the window size in KB used for compression. The value can only be 1, 2, 4, 8, 16, or 32.

Examples

# Create the HTTP-compression parameter profile pa1, and set the window size used for compression to 32 KB.

<Sysname> system-view

[Sysname] parameter-profile pa1 type http-compress

[Sysname-para-http-compression-pa1] window-size 32

zero-window threshold

Use zero-window threshold to set the percentage threshold of zero-window packets for a TCP zero-window LB probe template.

Use undo zero-window threshold to restore the default.

Syntax

zero-window threshold percentage

undo packet-zero-window

Default

The percentage threshold of zero-window packets is 40%.

Views

TCP zero-window LB probe template view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

percentage: Specifies the percentage threshold of zero-window packets, in the range of 1 to 100.

Usage guidelines

When the percentage of zero-window packets sent by a real server reaches the threshold, the protection action specified in the protect-action command is taken.

Examples

# In TCP zero-window LB probe template zerotplt, set the percentage threshold of zero-window packets to 20%.

<Sysname>system-view

[Sysname] loadbalance probe-template tcp-zero-window zerotplt

[Sysname-lbpt-tcp-zwnd-zerotplt] zero-window threshold 20

Related commands

protect-action

06-Load Balancing Command Reference

activate (server farm view)

bandwidth busy-protection enable (virtual server view)

bandwidth interface statistics enable

connection-limit max (virtual server view)

connection-sync enable (virtual server view)

content (HTTP content sticky group view)

cookie (sticky group view)

default server-farm

default-class action

display loadbalance action

display loadbalance link-group

display loadbalance virtual-server-pool

display sticky dns-proxy

fail-action (server farm view)

forward all

header (HTTP header sticky group view)

header modify per-request

inherit vpn-instance disable (real server view)

ip address (real server view)

ipv6 address (real server view)