Applies To:

Show Versions Show Versions

Manual Chapter: Configuration Guide for BIG-IP Local Traffic Management: Glossary
Manual Chapter
Table of Contents   |   << Previous Chapter


active unit

In a redundant system, the active unit is the system that currently load balances connections. If the active unit in the redundant system fails, the standby unit assumes control and begins to load balance connections. See also redundant system.


An archive is a backup copy of the BIG-IP system configuration data. This archive is in the form of a user configuration set, or UCS. See also user configuration set (UCS).

ARP (Address Resolution Protocol)

ARP is an industry-standard protocol that determines a host's Media Access Control (MAC) address based on its IP address.


Authentication is the process of verifying a user's identity when the user is attempting to log on to a system.

authentication iRule

An authentication iRule is a system-supplied or user-created iRule that is necessary for implementing a PAM authentication module on the BIG-IP system. See also iRule, PAM (Pluggable Authentication Module).

authentication module

An authentication module is a PAM module that you create to perform authentication or authorization of client traffic. See also PAM (Pluggable Authentication Module).

authentication profile

An authentication profile is a configuration tool that you use to implement a PAM authentication module. Types of authentication modules that you can implement with an authentication profile are: LDAP, RADIUS, TACACS+, SSL Client Certificate LDAP, and OCSP. See also PAM (Pluggable Authentication Module).


Authorization is the process of identifying the level of access that a logged-on user has been granted to system resources.


The bigtop utility is a statistical monitoring utility that ships on the BIG-IP system. This utility provides real-time statistical information.

BIND (Berkeley Internet Name Domain)

BIND is the most common implementation of the Domain Name System (DNS). BIND provides a system for matching domain names to IP addresses. For more information, refer to

BPDU (bridge protocol data unit)

A BPDU is a special packet that a spanning tree protocol sends between Layer 2 devices to determine redundant paths, and provide loop resolution. See also STP (Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol), and MSTP (Multiple Spanning Tree Protocol).


Bursting is an aspect of rate shaping and occurs when the rate of traffic flow exceeds the base rate defined.


A certificate is an online credential signed by a trusted certificate authority and used for SSL network traffic as a method of authentication.

certificate authority (CA)

A certificate authority is an external, trusted organization that issues a signed digital certificate to a requesting computer system for use as a credential to obtain authentication for SSL network traffic.

certificate revocation list (CRL)

See CRL (certificate revocation list).

certificate verification

Certificate verification is the part of an SSL handshake that verifies that a client's SSL credentials have been signed by a trusted certificate authority.


A chain is a series of filtering criteria used to restrict access to an IP address. The order of the criteria in the chain determines how the filter is applied, from the general criteria first, to the more detailed criteria at the end of the chain.


See HTTP chunking.


A cipher is an encryption/decryption algorithm that computer systems use when transmitting data using the SSL protocol.

client-side SSL profile

A client-side SSL profile is an SSL profile that controls the behavior of SSL traffic going from a client system to the BIG-IP system.

clone pool

This feature causes a pool to replicate all traffic coming into it and send that traffic to a duplicate pool.

configuration object

A configuration object is a user-created object that the BIG-IP system uses to implement a PAM authentication module. There is one type of configuration object for each type of authentication module that you create. See also PAM (Pluggable Authentication Module).

configuration synchronization

Configuration synchronization is the task of duplicating a BIG-IP system's configuration data onto its peer unit in a redundant system.

Configuration utility

The Configuration utility is the browser-based application that you use to configure the BIG-IP system.

connection persistence

Connection persistence is an optimization technique whereby a network connection is intentionally kept open for the purpose of reducing handshaking. See also HTTP transformation and OneConnect™.

connection pooling

Connection pooling is an optimization feature that pools server-side connections for re-use by other client requests. Connection pooling reduces the number of new connections that must be opened for server-side client requests.

content switching

Content switching is the ability to select a pool based on data contained within a packet.

cookie persistence

Cookie persistence is a mode of persistence where the BIG-IP system stores persistent connection information in a cookie.

CRL (certificate revocation list)

A CRL is a list that an authenticating system checks to see if the SSL certificate that the requesting system presents for authentication has been revoked.

custom profile

A custom profile is a profile that you create. A custom profile can inherit its default settings from a parent profile that you specify. See also parent profile and profile.

data group

A data group is a group of related elements, such as a set of IP addresses for AOL clients. When you specify a data group along with the matchclass command or the contains operator, you eliminate the need to list multiple values as arguments in an iRule expression.

default profile

A default profile is a profile that the BIG-IP system supplies with default setting values. You can use a default profile as is, or you can modify it. You can also specify it as a parent profile when you create a custom profile. You cannot create or delete a default profile. See also profile, custom profile.

default route

A default route is the route that the system uses when no other route specified in the routing table matches the destination address or network of the packet to be routed.

default VLAN

The BIG-IP system is configured with two default VLANs, one for each interface. One default VLAN is named internal and one is named external. See also VLAN (Virtual Local Area Network).

default wildcard virtual server

A default wildcard virtual server has an IP address and port number of or *:* or "any":"any". This virtual server accepts all traffic that does not match any other virtual server defined in the configuration.

destination address affinity persistence

Also known as sticky persistence, destination address affinity persistence supports TCP and UDP protocols, and directs session requests to the same server based solely on the destination IP address of a packet.

domain name

A domain name is a unique name that is associated with one or more IP addresses. Domain names are used in URLs to identify particular Web pages. For example, in the URL, the domain name is

Dynamic Ratio load balancing method

Dynamic Ratio method is like Ratio method (see Ratio method), except that ratio weights are based on continuous monitoring of the servers and are therefore continually changing. Dynamic Ratio load balancing can be implemented on RealNetworks® RealServer platforms, on Microsoft® Windows® platforms equipped with Windows Management Instrumentation (WMI), or on a server equipped with either the UC Davis SNMP agent or Windows 2000 Server SNMP agent.

dynamic route

A dynamic route is a route that an advanced routing protocol such as RIP adds dynamically to a routing table. See also static route.

EAV (Extended Application Verification)

EAV is a health check that verifies an application on a node by running that application remotely. EAV health check is only one of the three types of health checks available on a BIG-IP system. See also health check, health monitor, and external monitor.

ECV (Extended Content Verification)

ECV is a health check that allows you to determine if a node is up or down based on whether the node returns specific content. ECV health check is only one of the three types of health checks available on a BIG-IP system. See also health check.

external authentication

External authentication refers to the process of using a remote server to store data for the purpose of authenticating users or applications attempting to access the BIG-IP system.

external monitor

An external monitor is a user-supplied health monitor. See also health check, health monitor.

external VLAN

The external VLAN is a default VLAN on the BIG-IP system. In a basic configuration, this VLAN has the administration ports locked down. In a normal configuration, this is typically a VLAN on which external clients request connections to internal servers.


Failback is the process whereby an active unit relinquishes processing to a previously-failed unit that is now available.


Failover is the process whereby a standby unit in a redundant system takes over when a software failure or a hardware failure is detected on the active unit.

failover cable

The failover cable directly connects the two units together in a redundant system.

Fastest method

Fastest method is a load balancing method that passes a new connection based on the fastest response of all currently active nodes.

FDDI (Fiber Distributed Data Interface)

FDDI is a multi-mode protocol used for transmitting data on optical-fiber cables at speeds up to 100 Mbps.

floating self IP address

A floating self IP address is an additional self IP address for a VLAN that serves as a shared address by both units of a BIG-IP redundant system.

forwarding virtual server

A forwarding virtual server is a virtual server that has no pool members to load balance. The virtual server simply forwards the packet directly to the destination IP address specified in the client request. See also virtual server.

gateway pool

A gateway pool is a pool of routers that you can create to forward traffic. After creating a gateway pool, you can specify the pool as a gateway, within a TMM routing table entry.

hash persistence

Hash persistence allows you to create a persistence hash based on an existing iRule.

health check

A health check is a BIG-IP system feature that determines whether a node is up or down. Health checks are implemented through health monitors. See also health monitor, ECV (Extended Content Verification), EAV (Extended Application Verification), and external monitor.

health monitor

A health monitor checks a node to see if it is up and functioning for a given service. If the node fails the check, it is marked down. Different monitors exist for checking different services. See also health check, ECV (Extended Content Verification), EAV (Extended Application Verification), and external monitor.

host virtual server

A host virtual server is a virtual server that represents a specific site, such as an Internet web site or an FTP site, and it load balances traffic targeted to content servers that are members of a pool.

HTTP chunking

HTTP chunking refers to the HTTP/ 1.1 feature known as chunked encoding, which allows HTTP messages to be broken up into several parts. Chunking is most often used by servers when sending responses.

HTTP redirect

An HTTP redirect sends an HTTP 302 Object Found message to clients. You can configure a pool with an HTTP redirect to send clients to another node or virtual server if the members of the pool are marked down.

HTTP transformation

When the BIG-IP system performs an HTTP transformation, the system manipulates the Connection header of a server-side HTTP request, to ensure that the connection stays open. See also connection persistence.

ICMP (Internet Control Message Protocol)

ICMP is an Internet communications protocol used to determine information about routes to destination addresses.


i-mode® is a service created by NTT DoCoMo, Inc., that allows mobile phone users access to the Internet.

intelligent SNAT

An intelligent SNAT is a SNAT that is implemented by creating a SNAT pool and then writing an iRule that references the SNAT pool. See also SNAT (secure network address translation).


The physical port on a BIG-IP system is called an interface.

internal VLAN

The internal VLAN is a default VLAN on the BIG-IP system. In a basic configuration, this VLAN has the administration ports open. In a normal configuration, this is a network interface that handles connections from internal servers.


IPsec (Internet Security Protocol) is a communications protocol that provides security for the network layer of the Internet without imposing requirements on applications running above it.


An iRule is a user-written script that controls the behavior of a connection passing through the BIG-IP system. iRules™ are an F5 Networks feature and are frequently used to direct certain connections to a non-default load balancing pool. However, iRules can perform other tasks, such as implementing secure network address translation and enabling session persistence.

JAR file

A JAR file is a file in JavaTM Archive (JAR) file format that enables you to bundle multiple files into a single archive file. Typically, a JAR file contains the class files and auxiliary resources associated with applets and applications.


JDBC is a JavaTM technology. It is an application programming interface that provides database management system (DBMS) connectivity across a wide range of SQL databases, as well as access to other tabular data sources, such as spreadsheets or flat files.

Kilobytes/Second mode

The Kilobytes/Second mode is a dynamic load balancing method that distributes connections based on which available server currently processes the fewest kilobytes per second.

LACP (Link Aggregation Control Protocol)

LACP is an industry-standard protocol that aggregates links in a trunk, to increase bandwidth and provide for link failover.

last hop

A last hop is the final hop a connection takes to get to the BIG-IP system. You can allow the BIG-IP system to determine the last hop automatically to send packets back to the device from which they originated. You can also specify the last hop manually by making it a member of a last hop pool.

Layer 1 through Layer 7

Layers 1 through 7 refer to the seven layers of the Open System Interconnection (OSI) model. Thus, Layer 2 represents the data-link layer, Layer 3 represents the IP layer, and Layer 4 represents the transport layer (TCP and UDP). Layer 7 represents the application layer, handling traffic such as HTTP and SSL.

Layer 2 forwarding table

A Layer 2 forwarding table correlates MAC addresses of network devices to the BIG-IP system interfaces through which those devices are accessible. On a BIG-IP system, each VLAN has its own Layer 2 forwarding table.

LDAP (Lightweight Directory Access Protocol)

LDAP is an Internet protocol that email programs use to look up contact information from a server.

LDAP authentication module

An LDAP authentication module is a user-created module that you implement on a BIG-IP system to authenticate client traffic using a remote LDAP server.

LDAP client certificate SSL authentication module

An LDAP client certificate SSL authentication module is a user-created module that you implement on a BIG-IP system to authorize client traffic using SSL client credentials and a remote LDAP server.

Least Connections method

Least Connections method is a dynamic load balancing method that bases connection distribution on which server currently manages the fewest open connections.

link aggregation

Link aggregation is the process of combining multiple links in order to function as though it were a single link with higher bandwidth. Link aggregation occurs when you create a trunk. See also trunk and LACP (Link Aggregation Control Protocol).

Link Aggregation Control Protocol (LACP)

See LACP (Link Aggregation Control Protocol) .

load balancing method

A particular method of determining how to distribute connections across a load balancing pool.

load balancing pool

See pool.

load balancing virtual server

A load balancing virtual server is a virtual server that directs client traffic to a load balancing pool. This is the most basic type of virtual server. See also virtual server.

local traffic management

Local traffic management is the process of managing network traffic that comes into or goes out of a local area network (LAN), including an intranet. You can manage local traffic using BIG-IP® Local Traffic Manager.

loopback adapter

A loopback adapter is a software interface that is not associated with an actual network card. The nPath routing configuration requires you to configure loopback adapters on servers.

MAC (Media Access Control)

MAC is a protocol that defines the way workstations gain access to transmission media, and is most widely used in reference to LANs. For IEEE LANs, the MAC layer is the lower sublayer of the data link layer protocol.

MAC address

A MAC address is used to represent hardware devices on an Ethernet network.

management interface

The management interface is a special port on the BIG-IP system, used for managing administrative traffic. Named MGMT, the management interface does not forward user application traffic, such as traffic slated for load balancing. See also TMM switch interface.

management route

A management route is a route that forwards traffic through the special management (MGMT) interface.

MCPD service

The Master Control Program Daemon (MCPD) service manages the configuration data on a BIG-IP system.

minimum active members

The minimum active members is the number of members that must be active in a priority group in order for the BIG-IP system to send its requests to that group. If the number of active members falls below this number, requests are sent to the next highest priority group (the priority group with the next lowest priority number).


The BIG-IP system uses monitors to determine whether nodes are up or down. There are several different types of monitors and they use various methods to determine the status of a server or service. You can associate monitors with nodes, pools, and individual pool members. See also node, pool, and pool member.

monitor association

A monitor association is an association that a user makes between a health or performance monitor and a pool, pool member, or node.

monitor instance

You create a monitor instance when a health monitor is associated with a pool member or node. It is the monitor instance that actually performs the health check, not the monitor.

monitor template

A monitor template is an internal mechanism that the BIG-IP system uses to provide default values for a custom monitor when no pre-configured monitor exists.

MSRDP persistence

MSRDP persistence tracks sessions between clients and servers running the Microsoft® Remote Desktop Protocol (RDP) service.

MSTP (Multiple Spanning Tree Protocol)

Defined by IEEE, MSTP is an enhanced spanning tree protocol. Unlike STP and RSTP, MSTP is VLAN-aware and therefore incorporates the concept of MSTP regions. See also STP (Spanning Tree Protocol) and RSTP (Rapid Spanning Tree Protocol).

MSTP region

An MSTP region is a group of Layer 2 devices that have identical values for certain configuration settings. When devices constitute a region, the spanning tree algorithm takes VLANs into account when blocking and unblocking redundant paths.

name resolution

Name resolution is the process by which a name server matches a domain name request to an IP address, and sends the information to the client requesting the resolution.

NAT (Network Address Translation)

A NAT is an alias IP address that identifies a specific node managed by the BIG-IP system to the external network.

network virtual server

A network virtual server is a virtual server whose IP address has no bits set in the host portion of the IP address (that is, the host portion of its IP address is 0). There are two kinds of network virtual servers: those that direct client traffic based on a range of destination IP addresses, and those that direct client traffic based on specific destination IP addresses that the BIG-IP system does not recognize.


A node is the IP address associated with a device on the network. This IP address can be the real IP address of a network server, or it can be an alias IP address on a network server. Nodes are directly associated with pool members and monitors. See also pool member and monitor.

node alias

A node alias is a node address that the BIG-IP system uses to verify the status of multiple nodes. When the BIG-IP system uses a node alias to check node status, it pings the node alias. If the BIG-IP system receives a response to the ping, it marks all nodes associated with the node alias as up. If the BIG-IP system does not receive a response to the ping, it marks all nodes associated with the node alias as down.

node port

A node port is the port number or service name that is hosted by a specific node.

node status

Node status indicates whether a node is up and available to receive connections, or down and unavailable. The BIG-IP system uses the node ping and health check features to determine node status.

Observed method

Observed method is a dynamic load balancing method that bases connection distribution on a combination of two factors: the server that currently hosts the fewest connections and also has the fastest response time.

OCSP (Online Certificate Status Protocol)

OCSP is a protocol that authenticating systems can use to check on the revocation status of digitally-signed SSL certificates. The use of OCSP is an alternative to the use of a certificate revocation list (CRL).
See also CRL (certificate revocation list).

OCSP authentication module

An OCSP authentication module is a user-created module that you implement on a BIG-IP system to authenticate client traffic using a remote OCSP responder. The purpose of an OCSP authentication module is to check on the revocation status of a client SSL certificate.

OCSP responder

An OCSP responder is an external server used for communicating SSL certificate revocation status to an authentication server such as the BIG-IP system.

OCSP responder object

An OCSP responder object is a software application on the BIG-IP system that communicates with an OCSP responder, for the purpose of checking revocation status of a client or server SSL certificate.


The OneConnect feature optimizes the use of network connections by keeping server-side connections open and pooling them for re-use.

packet rate

The packet rate is the number of data packets per second processed by a server.

PAM (Pluggable Authentication Module)

A PAM module is a software module that a server application uses to authenticate client traffic. The modular design of a PAM module allows an organization to add, replace, or remove that authentication mechanism from a server application with minimal impact to that application. An example of a PAM module is an application that uses a remote Lightweight Directory Access Protocol (LDAP) server to authenticate client traffic. See also LDAP (Lightweight Directory Access Protocol).

parent profile

A parent profile is a profile that can propagate its values to another profile. A parent profile can be either a default profile or a custom profile. See also profile.

performance monitor

A performance monitor gathers statistics and checks the state of a target device.


See connection persistence or session persistence.

persistence profile

A persistence profile is a configuration tool for implementing a specific type of session persistence. An example of a persistence profile type is a cookie persistence profile.


Pipelining is a feature of HTTP/1.1 that allows clients to make requests even when prior requests have not yet received a response from the server.


A pool is a logical group of pool members. The BIG-IP system load balances requests to the pool members within a pool, based on the load balancing method and persistence method you choose when you configure the pool. See also node and pool member.

pool member

A pool member is one of the members of a load balancing pool. A pool member name indicates a node IP address and a service number. See also node.


A port can be represented by a number that is associated with a specific service supported by a host. Refer to the Services and Port Index for a list of port numbers and corresponding services.

port mirroring

Port mirroring is a feature that allows you to copy traffic from any port or set of ports to a single, separate port where a sniffing device is attached.

port-specific wildcard virtual server

A port-specific wildcard virtual server is a wildcard virtual server that uses a port number other than 0. See also wildcard virtual server.

pre-configured monitor

A pre-configured monitor is a system-supplied health or performance monitor. You can use a pre-configured monitor as is, but you cannot modify or delete one. See also monitor.

Predictive method

Predictive method is a dynamic load balancing method that bases connection distribution on a combination of two factors: the server that currently hosts the fewest connections, and also has the fastest response time. Predictive method also ranks server performance over time, and passes connections to servers which exhibit an improvement in performance rather than a decline.


A profile is a configuration tool containing settings for defining the behavior of network traffic. The BIG-IP system contains profiles for managing Fast L4, HTTP, TCP, FTP, SSL, and RTSP traffic, as well as for implementing persistence and application authentication.

profile setting

A profile setting is a configuration attribute within a profile that has a value associated with it. You can configure a profile setting to customize the way that the BIG-IP system manages a type of traffic.

profile type

A profile type is a category of profile that you use for a specific purpose. An example of a profile type is an HTTP profile, which you configure to manage HTTP network traffic.

protocol profile

A protocol profile is a profile that you create for controlling the behavior of Fast L4, TCP, UDP, OneConnect, and RTSP traffic.

Quality of Service (QoS) level

The Quality of Service (QoS) level is a means by which network equipment can identify and treat traffic differently based on an identifier. Essentially, the QoS level specified in a packet enforces a throughput policy for that packet.

RADIUS (Remote Authentication Dial-in User Service)

RADIUS is a service that performs remote user authentication and accounting. Its primary use is for Internet Service Providers, though it can also be used on any network that needs a centralized authentication and/or accounting service for its workstations.

RADIUS authentication module

A RADIUS authentication module is a user-created module that you implement on a BIG-IP system to authenticate client traffic using a remote RADIUS server.

RAM cache

A RAM cache is a cache of HTTP objects stored in the BIG-IP system's RAM that subsequent connections reuse to reduce the amount of load on the back-end servers.

rate class

You create a rate filter from the Configuration utility or command line utility. When you assign a rate class to a rate filter, a rate class determines the volume of traffic allowed through a rate filter. See also rate shaping.

rate shaping

Rate shaping is a type of extended IP filter. Rate shaping uses the same IP filter method but applies a rate class, which determines the volume of network traffic allowed. See also rate class.


A ratio is a parameter that assigns a weight to a virtual server for load balancing purposes.

Ratio method

The Ratio load balancing method distributes connections across an array of virtual servers in proportion to the ratio weights assigned to each individual virtual server.

redundant system

Redundant system refers to a pair of units that are configured for fail-over. In a redundant system, there are two units, one running as the active unit and one running as the standby unit. If the active unit fails, the standby unit takes over and manages connection requests.

reference link

A reference link is the lowest-numbered interface in a trunk and is used for link aggregation.

remote administrative IP address

A remote administrative IP address is an IP address from which a BIG-IP system allows shell connections, such as Telnet or SSH.

responder object

See OCSP responder object.

RFC 1918 addresses

An RFC 1918 address is an address that is within the range of private class addresses described in the IETF RFC 1918.

Round Robin method

Round Robin method is a static load balancing method that bases connection distribution on a set server order. Round Robin method sends a connection request to the next available server in the order.


A router is a Layer 3 networking device. If no VLANs are defined on the network, a router defines a broadcast domain.

RSTP (Rapid Spanning Tree Protocol)

Defined by IEEE, RSTP is an enhanced version of STP (Spanning Tree Protocol). RSTP provides faster spanning tree performance compared to STP. See also STP (Spanning Tree Protocol) and MSTP (Multiple Spanning Tree Protocol).

secure network address translation (SNAT)

See SNAT (secure network address translation).

self IP address

Self IP addresses are the IP addresses owned by the BIG-IP system that you use to access the internal and external VLANs.

server-side SSL profile

A server-side SSL profile is an SSL profile that controls SSL traffic going between a BIG-IP system and a destination server system.


Service refers to services such as TCP, UDP, HTTP, and FTP.

services profile

A services profile is a configuration tool on the BIG-IP system for managing either HTTP or FTP network traffic.

session persistence

A series of related connections received from the same client, having the same session ID. When persistence is enabled, a BIG-IP system sends all connections having the same session ID to the same node, instead of load balancing the connections. Session persistence is not to be confused with connection persistence.

Setup utility

The Setup utility walks you through the initial system configuration process. You can run the Setup utility from the Configuration utility start page.

simple persistence

See source address affinity persistence.

SIP persistence

SIP persistence is a type of persistence used for servers that receive Session Initiation Protocol (SIP) messages sent through UDP. SIP is a protocol that enables real-time messaging, voice, data, and video.

SNAT (Secure Network Address Translation)

A SNAT is a feature you can configure on the BIG-IP system. A SNAT defines a routable alias IP address that one or more nodes can use as a source IP address when making connections to hosts on the external network. See also standard SNAT and intelligent SNAT.

SNAT pool

A SNAT pool is a pool of translation addresses that you can map to one or more original IP addresses. Translation addresses in a SNAT pool are not self-IP addresses.

SNMP (Simple Network Management Protocol)

SNMP is the Internet standard protocol, defined in STD 15, RFC 1157, developed to manage nodes on an IP network.

source address affinity persistence

Also known as simple persistence, source address affinity persistence supports TCP and UDP protocols, and directs session requests to the same server based solely on the source IP address of a packet.

source processing

Source processing means that the interface rewrites the source of an incoming packet.

spanning tree

A spanning tree is a logical tree structure of Layer 2 devices on a network, created by a spanning tree protocol algorithm and used for resolving network loops.

spanning tree instance

A spanning tree instance is a specific, named spanning tree that a spanning tree protocol creates. See also spanning tree protocols.

spanning tree protocols

Spanning tree protocols are the IEEE-specified set of protocols known as Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP). The BIG-IP system includes support for all of these protocols. See also STP (Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol), and MSTP (Multiple Spanning Tree Protocol).

SSH (Secure Shell)

SSH is a protocol for secure remote login and other secure network services over a non-secure network.

SSL (Secure Sockets Layer)

SSL is a network communications protocol that uses public-key technology as a way to transmit data in a secure manner.

SSL persistence

SSL persistence is a type of persistence that tracks non-terminated SSL sessions, using the SSL session ID.

SSL profile

An SSL profile is a configuration tool that you use to terminate and initiate SSL connections from clients and servers.

standard SNAT

A standard SNAT is a SNAT that you implement by using the SNAT screens of the Configuration utility. See also SNAT and intelligent SNAT.

standby unit

A standby unit in a redundant system is a unit that is always prepared to become the active unit if the active unit fails.

state mirroring

State mirroring is a feature on the BIG-IP system that preserves connection and persistence information in a redundant system.

static route

A static route is a route that you must explicitly configure on a Layer 3 device in its routing table. See also dynamic route.

static self IP address

A static self IP address is a self IP address that is not shared between two units of a redundant system.

sticky persistence

See destination address affinity persistence.

STP (Spanning Tree Protocol)

Defined by IEEE, STP is a protocol that provides loop resolution in configurations where one or more external switches are connected in parallel with the BIG-IP system. See also RSTP (Rapid Spanning Tree Protocol) and MSTP (Multiple Spanning Tree Protocol).


A subdomain is a sub-section of a higher level domain in the Domain Name System (DNS). For example, .com is a high level domain, and is a subdomain within the .com domain.

TACACS (Terminal Access Controller Access Control System)

TACACS is an older authentication protocol common to UNIX systems. TACACS allows a remote access server to forward a user's login password to an authentication server.


TACACS+ is an authentication mechanism designed as a replacement for the older TACACS protocol. There is little similarity between the two protocols, however, and they are therefore not compatible.

TACACS+ authentication module

A TACACS+ authentication module is a user-created module that you implement on a BIG-IP system to authenticate client traffic using a remote TACACS+ server.

tagged interface

A tagged interface is an interface that you assign to a VLAN in a way that causes the system to add a VLAN tag into the header of any frame passing through that interface. Tagged interfaces are used when you want to assign a single interface to multiple VLANs. See also VLAN (virtual local area network).


Tcl (Tools Command Language) is an industry-standard scripting language. On the BIG-IP system, users use Tcl to write iRules.

TMM (Traffic Management Microkernel) service

The TMM service is the process running on the BIG-IP system that performs most traffic management for the product.

TMM switch interface

A TMM switch interface is an interface that the BIG-IP system uses to forward user application traffic such as HTTP or SSL traffic. Thus, when load balancing application traffic, the BIG-IP system uses TMM switch interfaces. See also management interface.

TMM switch route

A Traffic Management Microkernel (TMM) switch route is a route that forwards traffic through the TMM switch interfaces and not the management interface.

transparent node

A transparent node appears as a router to other network devices, including the BIG-IP system.


A trunk is a combination of two or more interfaces and cables configured as one link.

trusted CA file

A trusted CA file is a file containing a list of certificate authorities that an authenticating system can trust when processing client requests for authentication. A trusted CA file resides on the authenticating system and is used for authenticating SSL network traffic.

Type of Service (ToS) level

The Type of Service (ToS) level is another means, in addition to the Quality of Service (QoS) level, by which network equipment can identify and treat traffic differently based on an identifier.

Universal Inspection Engine (UIE)

The Universal Inspection Engine (UIE) is a feature that offers universal persistence and universal content switching, to enhance your load balancing capabilities. The UIE contains a set of rule variables and functions for building expressions that you can specify in pool definitions and rules.

universal persistence

Universal persistence gives you the ability to persist on any string found within a packet. Also, you can directly select the pool member to which you want to persist.

user configuration set (UCS)

A user configuration set is a backup file that you create for the BIG-IP system configuration data. When you create a UCS, the BIG-IP system assigns a .ucs extension to the filename. See also archive.

user role

A user role is a type and level of access that you assign to a BIG-IP system user account. By assigning user roles, you can control the extent to which BIG-IP system administrators can view or modify the BIG-IP system configuration.

virtual address

A virtual address is an IP address associated with one or more virtual servers managed by the BIG-IP system. See also virtual server.

virtual port

A virtual port is the port number or service name associated with one or more virtual servers managed by the BIG-IP system. A virtual port number should be the same TCP or UDP port number to which client programs expect to connect.

virtual server

Virtual servers are a specific combination of virtual address and virtual port, associated with a content site that is managed by a BIG-IP system or other type of host server.

VLAN (virtual local area network)

A VLAN is a logical grouping of interfaces connected to network devices. You can use a VLAN to logically group devices that are on different network segments. Devices within a VLAN use Layer 2 networking to communicate and define a broadcast domain.

VLAN group

A VLAN group is two or more VLANs that you put together into a VLAN group. A primary use of a VLAN group is to successfully route traffic when both the source and the destination hosts reside on the same network.

VLAN tag

An IEEE standard, a VLAN tag is an identification number inserted into the header of a frame that indicates the VLAN to which the destination device belongs. VLAN tags are used when a single interface forwards traffic for multiple VLANs.

WAP (Wireless Application Protocol)

WAP is an application environment and set of communication protocols for wireless devices designed to enable manufacturer-, vendor-, and technology-independent access to the Internet and advanced telephony services.

watchdog timer card

A watchdog timer card is a hardware device that monitors the BIG-IP system for hardware failure.

wildcard virtual server

A wildcard virtual server is a virtual server that uses an IP address of, * or "any". A wildcard virtual server accepts connection requests for destinations outside of the local network. Wildcard virtual servers are included only in Transparent Node Mode configurations.

WKS (well-known services)

Well-known services are protocols on ports 0 through 1023 that are widely used for certain types of data. Some examples of some well-known services (and their corresponding ports) are: HTTP (port 80), HTTPS (port 443), and FTP (port 20).

Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)