Applies To:

Show Versions Show Versions

Archived Manual Chapter: BIG-IP Reference guide v3.0: BIG/ip System Control Variables
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

This article has been archived, and is no longer maintained.




5

BIG/ip System Control Variables




Setting BIG/ip system control variables

The BIG/ip Controller hardware and software boot up with a configuration specified, in part, by the system control variables stored in the /etc/rc.sysctl file. Most of these variables are standard BSD UNIX system control variables, while some are used exclusively by the BIG/ip Controller. In most cases, a variable is just toggled off (0) or on (1), but some variables may also store specific values, such as a port number.

You can use three methods to set system control variables affecting the BIG/ip Controller:

  • The F5 Configuration utility
    Navigate to a system control variable and edit it in the browser with the F5 Configuration utility.
  • sysctl command
    Write system control variable values directly to /etc/rc.sysctl using this command line utility.
  • vi or pico
    Use a text editor, such as vi or pico, to edit /etc/rc.sysctl directly.


sysctl

  sysctl -a 
  sysctl <variable name>
  sysctl -w <variable name>=<value>

Displaying current system control variable settings

To display the settings of all system control variables, use the following syntax:

  sysctl -a

To display the current setting for an individual variable, use the following command syntax:

  sysctl <variable name>

Setting a system control variable

Use the following syntax to write a value for a system control variable in /etc/rc.sysctl:

  sysctl -w <variable name>=<value>

For example, the following command sets vipnoarp mode to on at boot:

  sysctl -w bigip.vipnoarp=1

To turn vipnoarp mode off at boot, you would write the setting to /etc/rc.sysctl using the following command:

  sysctl -w bigip.vipnoarp=0


bigip.vipnoarp

Description

bigip.vipnoarp=1 Prevents the BIG/ip Controller from issuing ARP requests when rebooted. This is useful for configurations that contain 1,000 or more virtual servers. This setting also prevents you from configuring virtual servers as IP addresses on the BIG/ip Controller external interface.

bigip.vipnoarp=0 The default setting for this variable is 0. The BIG/ip Controller issues ARP requests on reboot.



bigip.bonfire_mode

Description

bigip.bonfire_mode=1 Sets the BIG/ip Controller to operate in Transparent Node mode, where it can perform load balancing on routers and router-like devices, such as transparent firewalls.

bigip.bonfire_mode=0 (Default) Transparent Node Mode is off.

Note: With this version of the BIG/ip Controller, Transparent Node Mode is no longer necessary. You do not need to set this variable. This variable only exists for backward compatibility. You can define a virtual server with address translation turned on or off at any time. For more information about address translation, see the BIG/ip Administrator Guide.



bigip.bonfire_compatibility_mode

Description

bigip.bonfire_compatibility_mode=1 Turns off port translation on the BIG/ip Controller. This is useful if a node port is only being used to specify a service check port.

bigip.bonfire_compatibility_mode=0 (Default) Port translation is on.

Note: With this version of the BIG/ip Controller, Transparent Node Mode is no longer necessary. You do not need to set this variable. This variable only exists for backward compatibility. You can define a virtual server with port translation turned on or off at any time. For more information about port translation, see the BIG/ip Administrator Guide.



bigip.fastest_max_idle_time

Description

bigip.fastest_max_idle_time=<seconds> Sets the number of seconds a node can be left idle by the fastest load balancing mode. This forces the BIG/ip Controller to send fewer connections to a node that is responding slowly. This allows the BIG/ip Controller to periodically recalculate the response time of the slow node.



bigip.max_sticky_entries

Description

bigip.max_sticky_entries=2048 This is the maximum number of sticky entries allowed to accumulate on the BIG/ip Controller when using destination address affinity (sticky persistence). When the maximum value is reached, the BIG/ip Controller stops accumulating sticky entries. The default value for this entry is 2048.



net.inet.ip.forwarding

Description

net.inet.ip.forwarding=1 Exposes node IP addresses on the internal network, allowing clients to connect directly to nodes, and also allows nodes to initiate connections with computers external to the BIG/ip Controller. Typically, this setting is used only on systems that cannot use NATs (for example, a network that uses CORBA or the NT Domain).

net.inet.ip.forwarding=0 (Default) IP forwarding is off.



bigip.halt_reboot_timeout

Description

bigip.halt_reboot_timeout=2 This value is the number of seconds the BIG/ip Controller can stop during boot up before the watchdog card hard reboots the controller. The default value for this setting is 2 seconds.



net.inet.ip.sourcecheck

Description

net.inet.ip.sourcecheck=1 This setting enables the BIG/ip Controller to check the source IP address of incoming packets before it checks the packet for other information (for example, the virtual server).

Source checking tries to allocate a route back to the source of the packet, and if the route cannot be found, or if the route of the interface is on an interface different from the interface from which the packet was received, the packet is discarded. Each time a packet is discarded, the bad source interface counter is incremented.

net.inet.ip.sourcecheck=0 The default setting for this variable is IP source checking is 0 (off).



bigip.webadmin_port

Description

bigip.webadmin_port=443 Specifies the port number used for administrative web access. The default port for web administration is port 443.



bigip.persist_map_proxies

bigip.persist_map_proxies=1 The default setting for the map proxies for persistence variable is on. The AOL proxy addresses are hard-coded in this release. This enables you to use client IP address persistence with a simple persist mask, but forces all AOL clients to persist to the same server. All AOL clients will persist to the node that was picked for the first AOL client connection received.

The class B networks, 195.93 and 205.188, are mapped to 152.163 for persistence. For example, client 195.93.3.4 would map to 152.63.3.4 for persistence records only. This mapping is done prior to applying the persist mask. Use bigpipe vip persist dump to verify the mapping is working.

We recommend in addition to setting this sysctl variable, that you set a persist mask of 255.255.0.0 so that all the AOL addresses map to a common address. For example, Table 5.1 is an example of how setting this variable and a persist mask of 255.255.0.0, would map a sample set of client addresses.

Address mapping of sample clients

Sample Client Address Persist Address
152.44.12.3 195.93.0.0
152.2.99.7 195.93.0.0
170.11.19.22 195.93.0.0
202.67.34.11 195.93.0.0
205.188.11.2 195.93.0.0
208.33.23.4 208.33.0.0 (non AOL address is not mapped)

bigip.persist_map_proxies=0 Set this variable to 0 to turn this variable off.



bigip.persist_time_used_as_limit

Description

bigip.persist_time_used_as_limit=0 (Default) Forces the persistent connection timer to reset on each packet for persistent sessions.

bigip.persist_time_used_as_limit=1 Resets timer only when the persistent connection is initiated.

Note: For SSL persistence, the timer is always reset on each packet.



bigip.persist_on_any_vip

Description

bigip.persist_on_any_vip=1 All simple persistent connections from the same client IP address are sent to the same node (matches the client IP address but not the virtual address or virtual port the client is using).

bigip.persist_on_any_vip=0 The default setting for this variable is off.



bigip.persist_on_any_port_same_vip

Description

bigip.persist_on_any_port_same_vip=1 All simple persistent connections from a client IP address that go to the same virtual address also go to the same node (matches the client address and the virtual IP address but not the virtual port).

bigip.persist_on_any_port_same_vip=0 The default setting for this variable is off.



bigip.open_3dns_lockdown_ports

Description

bigip.open_3dns_lockdown_ports=0 (default) This variable is only required when running a 3DNS Controller. This variable is set to 0 on the BIG/ip Controller when the 3DNS Controller is not present in the network configuration. (See the 3DNS Administrator Guide for more information.)



bigip.tcphps_mss_override

Description

bigip.tcphps_mss_override=(<1460) Allows you to decrease the default maximum segment size (MSS) from 1460 to a smaller value. This is the value announced to clients by the TCP server proxy on the BIG/ip Controller in the SYN/ACK packet.

bigip.tcphps_mss_override=0 (Default) The BIG/ip Controller requests the MSS from the node when negotiating connections on the node's behalf.



bigip.open_telnet_port

Description

bigip.open_telnet_port=1 Opens the telnet port (23) to allow administrative Telnet connections (useful for an international BIG/ip Controller, or for a US controller that needs to communicate with international 3DNS Controllers).

bigip.open_telnet_port=0 Opens the telnet port to allow administrative Telnet connections (useful for international BIG/ip Controllers).



bigip.open_ftp_ports

Description

bigip.open_ftp_ports=1 Opens the FTP ports (20 and 21) to allow administrative FTP connections (useful for international BIG/ip Controllers).

bigip.open_ftp_ports=0 The default setting for this variable is 0. The FTP port does not allow administrative FTP connections.



bigip.open_ssh_port

Description

bigip.open_ssh_port=1 Opens the SSH port (22) to allow administrative connections (useful only for US BIG/ip Controllers).

bigip.open_ssh_port=0 The default setting for this variable is 0. The SSH port does not allow administrative connections.



bigip.open_rsh_ports

Description

bigip.open_rsh_ports=1 Opens the RSH ports (512, 513, and 514) to allow RSH connections (useful for international BIG/ip Controllers, or on US controllers that need to communicate with international 3DNS Controllers).

bigip.open_rsh_ports=0 The default setting for this variable is 0. The RSH port does not allow RSH connections.



bigip.verbose_log_level

Description

bigip.verbose_log_level=0 Turns port denial logging off. No messages are logged.

bigip.verbose_log_level=1 Turns UDP port denial logging on. This logs UDP port denials to the BIG/ip Controller address.

bigip.verbose_log_level=2 Turns TCP port denial logging on. This logs TCP port denials to the BIG/ip Controller address.

bigip.verbose_log_level=4 Turns virtual UDP port denial logging on. This logs UDP port denials to the virtual server address.

bigip.verbose_log_level=8 Turns virtual TCP port denial logging on. This logs TCP port denials to the virtual server address.

bigip.verbose_log_level=15 Turns TCP and UDP port denial logging on. This logs TCP and UDP port denials to the virtual server address and the BIG/ip Controller address. Setting this variable to 15 turns on logging levels 1, 2, 4, and 8.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)