The BIG/ip Controller hardware and software boot up with a configuration specified, in part, by the system control variables stored in the /etc/rc.sysctl file. Most of these variables are standard BSD UNIX system control variables, while some are used exclusively by the BIG/ip Controller. In most cases, a variable is just toggled off (0) or on (1), but some variables may also store specific values, such as a port number.
You can use three methods to set system control variables affecting the BIG/ip Controller:
sysctl <variable name>
sysctl -w <variable name>=<value>
To display the settings of all system control variables, use the following syntax:
To display the current setting for an individual variable, use the following command syntax:
sysctl <variable name>
Use the following syntax to write a value for a system control variable in /etc/rc.sysctl:
sysctl -w <variable name>=<value>
For example, the following command sets Transparent Node mode to on at boot:
sysctl -w bigip.bonfire_mode=1
To turn Transparent Node Mode off at boot, you would write the setting to /etc/rc.sysctl using the following command:
sysctl -w bigip.bonfire_mode=0
bigip.vipnoarp=1 Prevents the BIG/ip Controller from issuing ARP requests when rebooted. This is useful for configurations that contain 1,000 or more virtual servers. This setting also prevents you from configuring virtual servers as IP addresses on the BIG/ip Controller external interface.
bigip.vipnoarp=0 (Default) Issues ARP requests on reboot.
bigip.bonfire_mode=1 Sets the BIG/ip Controller to operate in Transparent Node mode, where it can perform load balancing on routers and router-like devices, such as transparent firewalls.
bigip.bonfire_mode=0 (Default) Transparent Node Mode is off.
bigip.bonfire_compatibility_mode=1 Turns off port translation on the BIG/ip Controller. This is useful if a node port is only being used to specify a service check port.
bigip.bonfire_compatibility_mode=0 (Default) Port translation is on.
bigip.fastest_max_idle_time=<seconds> Sets the number of seconds a node can be left idle by the fastest load balancing mode. This prevents the BIG/ip Controller from sending connections to a node that is responding slowly.
bigip.max_sticky_entries=2048 This is the maximum number of sticky entries allowed to accumulate on the BIG/ip Controller when using destination address affinity (sticky persistence). When the maximum value is reached, the BIG/ip Controller stops accumulating sticky entries. The default value for this entry is 2048.
net.inet.ip.forwarding=1 Exposes node IP addresses on the internal network, allowing clients to connect directly to nodes, and also allows nodes to initiate connections with computers external to the BIG/ip Controller. Typically, this setting is used only on systems that cannot use NATs (for example, a network that uses CORBA or the NT Domain).
net.inet.ip.forwarding=0 (Default) IP forwarding is off.
bigip.halt_reboot_timeout=2 This value is the number of seconds the BIG/ip Controller can stop during boot up before the watchdog card hard reboots the controller. The default value for this setting is 2 seconds.
net.inet.ip.sourcecheck=1 This setting enables the BIG/ip Controller to check the source IP address of incoming packets before it checks the packet for other information (for example, the virtual server).
Source checking tries to allocate a route back to the source of the packet, and if the route cannot be found, or if the route of the interface is on an interface different from the interface from which the packet was received, the packet is discarded. Each time a packet is discarded, the bad source interface counter is incremented.
net.inet.ip.sourcecheck=0 (Default) IP source checking is off.
bigip.webadmin_port=443 Specifies the port number used for administrative web access. (Default = 443)
bigip.persist_time_used_as_limit=1 (Default) Forces the persistent connection timer to reset on each packet for persistent sessions.
bigip.persist_time_used_as_limit=0 Resets timer only when the persistent connection is initiated.
For SSL persistence, the timer is always reset on each packet.
bigip.persist_on_any_vip=1 All simple persistent connections from the same client IP address are sent to the same node (matches the client IP address but not the virtual address or virtual port the client is using).
bigip.persist_on_any_vip=0 (default) Off
bigip.persist_on_any_port_same_vip=1 All simple persistent connections from a client IP address that go to the same virtual address also go to the same node. This matches the address the client is using.
bigip.persist_on_any_port_same_vip=0 (default) Off
bigip.open_3dns_lockdown_ports=0 (default) This variable is only required when running a 3DNS Controller. Set to 0 on the BIG/ip Controller when the 3DNS Controller is not present. (See the 3DNS Administrator Guide for more information.)
bigip.tcphps_mss_override=(<1460) Allows you to decrease the default maximum segment size (MSS) from 1460 to a smaller value. This is the value announced to clients by the TCP server proxy on the BIG/ip Controller in the SYN/ACK packet.
bigip.tcphps_mss_override=0 (Default) The BIG/ip Controller requests the MSS from the node when negotiating connections on the node's behalf.
bigip.open_telnet_port=1 Opens the telnet port (23) to allow administrative Telnet connections (useful for an international BIG/ip Controller, or for a US controller that needs to communicate with international 3DNS Controllers).
bigip.open_telnet_port=0 Opens the FTP port to allow administrative FTP connections (useful for international BIG/ip Controllers).
bigip.open_ftp_ports=1 Opens the FTP ports (20 and 21) to allow administrative FTP connections (useful for international BIG/ip Controllers).
bigip.open_ftp_ports=0 (default) FTP port does not allow administrative FTP connections
bigip.open_ssh_port=1 Opens the SSH port (22) to allow administrative connections (useful only for US BIG/ip Controllers).
bigip.open_ssh_port=0 (default) SSH port does not allow administrative connections.
bigip.open_rsh_ports=1 Opens the RSH ports (512, 513, and 514) to allow RSH connections (useful for international BIG/ip Controllers, or on US controllers that need to communicate with international 3DNS Controllers).
bigip.open_rsh_ports=0 RSH port does not allow RSH connections.
bigip.verbose_log_level=1 Turns port denial logging on.
bigip.verbose_log_level=0 Turns port denial logging off.