Manual Chapter : 3-DNS Reference Guide v4.5.10: bigpipe Command Reference

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.5.14, 4.5.13, 4.5.12, 4.5.11, 4.5.10
Manual Chapter


C

 

bigpipe Command Reference



bigpipe commands

This chapter lists the various bigpipe commands that are available on the 3-DNS Controller, including syntax requirements and functional descriptions. Note that these commands are BIG-IP system commands that work with the 3-DNS Controller. These commands relate to the BIG-IP- based configuration, which the 3-DNS Controller inherits. Table C.1 outlines the conventions used in the command line syntax.

 

Item in text

Description

\

Continue to the next line without typing a line break.

< >

You enter text for the enclosed item. For example, if the command has <your name>, type in your name.

|

Separates alternate options for a command.

[ ]

Syntax inside the brackets is optional.

...

Indicates that you can type a series of items.

 

Note


You can use both bigpipe and b to start a bigpipe command.

 

The following table provides a concise listing of the individual bigpipe commands, along with the page reference where you can find the detailed description.

Command

Description

Page

-?

Displays online help for an individual bigpipe command.

C-3

config

Synchronizes the /config/bigip.conf between the two 3-DNS units in a redundant system.

C-4

failover

Sets the 3-DNS Controller as active or standby.

C-5

global

Sets global variable definitions.

C-6

-h and help

Displays online help for bigpipe command syntax.

C-9

interface

Sets options on individual interfaces.

C-10

load

Loads the BIG-IP system configuration and resets.

C-13

merge

Loads a saved BIG-IP system configuration without resetting the current configuration.

C-14

monitor

Defines a health check monitor.

C-15

reset

Clears the BIG-IP system configuration and counter values.

C-16

save

Writes the current BIG-IP System configuration to a file.

C-17

self

Assigns a self IP address for a VLAN or interface.

C-18

trunk

Aggregates links to form a trunk.

C-19

unit

Displays the unit number assigned to a particular 3-DNS Controller.

C-20

verify

Parses the command line and checks syntax without executing the specified command.

C-22

version

Displays the bigpipe utility version number.

C-23

vlan

Defines VLANs, VLAN mappings, and VLAN properties.

C-24

vlangroup

Defines VLAN groups.

C-26

 

-?

bigpipe <command> -?

 

For certain commands, displays online help, including complete syntax, description, and other related information. For example, to see online help for the bigpipe global command, type:

b global -?


config

b config save <file>

b config install <file>

 

The bigpipe config commands archive configuration files for backup purposes (config save) and installs saved files (config install).


Saving configuration files to an archive

The config save <file> command saves all configuration files to a single archive file, <file>.ucs, on the local unit, without copying it to the standby unit. By default, <file>.ucs is saved to the directory /user/local/ucs. An alternate location can be specified by expressing <file> as a relative or absolute path. For example:

b config save /user/local/config_backup/my_conf

This writes the file my_conf.ucs to the directory /user/local/config_backup.


Installing an archived configuration file

The config install <file> command reinstalls the archived configuration files saved as <file>.ucs to their working locations on the local unit.

If you use command line utilities to set configuration options, be sure to save the current configuration to the relevant files before you use the configuration synchronization feature. (Alternatively, if you want to test the memory version on the standby unit first, use bigpipe config sync running.) Use the following bigpipe command to save the current configuration:

b save

Note


A file named /usr/local/ucs/cs_backup.ucs is created prior to installing a UCS from a remote machine.

&1026727;

failover

b failover <standby | show | init>

 

This group of commands affects the fail-over status of the 3-DNS Controller. Note that the failover commands are only valid if you have a redundant system.

Run the following command to place a 3-DNS unit in standby mode:

b failover standby

Show the status of the 3-DNS unit with the following command:

b failover show

You can use the bigpipe failover init command to refresh the parameters of the fail-over mechanism with any new configuration data entered in the bigdb database.

b failover init


global

b global auto_lasthop enable | disable | show

b global ipforwarding enable | disable

b global open_3dns_ports enable | disable | show

b global open_corba_ports enable | disable | show

b global open_failover_ports enable | disable | show

b global open_ftp_ports enable|disable

b global open_rsh_ports enable | disable

b global open_snmp_ports enable | disable | show

b global open_ssh_port enable | disable

b global open_telnet_port enable | disable

b global verbose_log_level <level>

b global webadmin_port <port>

b global l2_aging_time <seconds>

 

auto_lasthop

When this variable is enabled, it automatically designates the lasthop router inside IP address as a lasthop route for replies to inbound traffic. If auto_lasthop is disabled, the lasthop router inside IP address must be specified as a lasthop pool. The default setting is enable.

ipforwarding

Enables IP forwarding for the 3-DNS Controller. IP forwarding exposes all of the node IP addresses to the external network, making them routable on that network. Note that this setting is only applicable if you are running the 3-DNS Controller in router mode. The default setting is disabled.

open_3dns_ports

This variable is required only when running one or more 3-DNS Controllers in the network. It does not apply to running the 3-DNS Controller module on a BIG-IP system.

open_corba_ports

This variable enables and disables the CORBA ports, which allow administrative CORBA connections. The default setting is disabled.

open_failover_ports

This variable enables or disables network failover (failover in a redundant system with no serial cable connection) when a VLAN has port lockdown enabled.

The following command enables network failover:

b global open_failover_ports enable

The following command disables network failover:

b global open_failover_ports disable

open_ftp_ports

This variable enables or disables ports for FTP access. The default setting is disable.

The following command closes FTP ports:

b global open_ftp_ports disable

open_rsh_ports

This variable enables or disables ports for RSH access. You may need to open RSH ports if you are configuring a non-crypto 3-DNS Controller, or if you want a crypto 3-DNS Controller to communicate with non-crypto systems in your network.

The default setting is disable.

The following command opens the RSH ports (512, 513, and 514) to allow RSH connections:

b global open_rsh_ports enable

The following command closes RSH ports:

b global open_rsh_ports disable

open_snmp_ports

This variable enables and disables the SNMP ports, which allow administrative SNMP connections. The default setting is disabled.

open_ssh_ports

This variable enables or disables ports for SSH access on 3-DNS Controllers that support encrypted communications. The default setting is enable.

The following command opens the SSH port (22) to allow encrypted administrative connections:

b global open_ssh_port enable

The following command closes the SSH port:

b global open_ssh_port disable

open_telnet_port

This variable enables or disables ports for Telnet access. The default setting is disable.

The following command sets this variable to open the Telnet port (23) to allow administrative Telnet connections. This is useful for non-crypto 3-DNS systems.

The following command opens the Telnet port:

b global open_telnet_port enable

The following command closes the Telnet port:

b global open_telnet_port disable

verbose_log_level

This variable sets logging levels for both TCP and UDP traffic. Each log level is identified by a level number used in place of the <level> parameter. To set this logging level, specify a number. The default setting is 0, representing no logging.

Setting log levels for both UDP and TCP traffic

The following command turns on port denial logging for both TCP and UDP traffic. This logs TCP and UDP port denials to the virtual server address and the 3-DNS Controller address.

b global verbose_log_level 15

The following command turns logging off altogether:

b global verbose_log_level 0

Setting log levels for only TCP traffic

The following command turns on only TCP port denial logging, which logs TCP port denials to the 3-DNS Controller address.

b global verbose_log_level 2

The following command turns on virtual TCP port denial logging, which logs TCP port denials to the virtual server address.

b global verbose_log_level 8

Setting log levels for only UDP traffic

The following command turns on only UDP port denial logging, which logs UDP port denials to the 3-DNS Controller address.

b global verbose_log_level 1

The following command turns on only virtual UDP port denial logging, which logs UDP port denials to the virtual server address.

b global verbose_log_level 4

webadmin_port

Specifies the port number used for administrative web access. The default port for web administration is port 443.

-h and -help

b [ -h | -help ]

b interface show

b interface [<interface_name>] show [verbose]

b interface <inteface_name> media show

b interface <inteface_name> duplex show

b interface <interface_name> media <media_type>

b interface <interface_name> duplex <full | half | auto>

b interface [<interface_name>] stats reset

b interface <interface_name> <enable | disable>

b interface <interface_name> renames <driver_name>

 

Displays the names of installed network interface cards and, for each interface, sets properties such as MAC address, media options, duplex mode, and status, resets interface statistics, enable or disable interfaces, and change driver name mappings.


Options

The <interface_name> variable is a name such as 3.1, where 3 is the physical slot number holding the network interface hardware and 1 is the physical port number on that interface on that hardware.

The show [verbose] option displays the current status, settings, and network statistics for the specified interface. The verbose argument provides more detailed information. If no interface is specified, this option displays information for all interfaces.

The media show option displays information about the media type for the specified interface.

The duplex show option displays the duplex mode of the specified interface.

The media <media_type> option is a valid media type for the specified interface. Examples include auto, 100baseTX, and 10baseT. Note that only certain combinations of media type and duplex mode are valid for any particular type of interface.

The duplex full | half | auto option sets the duplex mode of the specified interface.

The stats reset option resets the statistics for the specified interface.

The enable | disable option enables or disables the specified interface.

The renames <driver_name> option changes the mapping from the interface's driver name to its physical location name. The <driver_name> option is the network interface name in the form of driver and unit number, such as exp0 and bs1. Note that this is the old-style network interface name.

Displaying interface information

To display the status, settings, and statistics for all interfaces on the 3-DNS Controller, use the following command.

b interface show [verbose]

To display the status, settings, and statistics for a specific interface on the 3-DNS Controller, use the following command-line syntax.

b interface <interface_name> show [verbose]

Note that if the verbose argument is used, the output provides additional information on status. If the verbose argument is not used, the output focuses on statistics.

To display the media type for an interface, use the following command-line syntax,

b interface <interface_name> media show

To display the duplex mode for an interface, use the following command-line syntax.

b interface <interface_name> duplex show

Setting the media type

The media type may be set to the specific media type for the interface card or it may be set to auto for auto detection. If the media type is set is set to auto and the card does not support auto detection, the default type for that interface will be used, for example 1000BaseTX.

To set the media type, use the following command-line syntax.

b interface <interface_name> media <media_type>

Setting the duplex mode

Duplex mode may be set to full, half duplex, or auto. If the media type does not allow duplex mode to be set, this is indicated by an onscreen message. If media type is set to auto, or if setting duplex mode is not supported, the duplex setting will not be saved to the bigip.conf file.

To set the duplex mode, use the following command-line syntax.

b interface <interface_name> duplex <full | half | auto>

Resetting statistics

You can reset interface statistics for all interfaces or for a specific interface. To reset statistics for all interfaces, use the following command.

b interface stats reset

To reset statistics for a specific interface, use the following command-line syntax:

b interface <interface_name> stats reset

Enabling or disabling an interface

Enabling or disabling an interface allows you to control whether the interface receives and sends packets. If an interface begins to behave strangely, you disable and then enable the interface to effectively reset it.

To enable or disable an interface, use the following command-line syntax.

b interface <interface_name> enable | disable

Changing driver name mapping

You can change the mapping from an interface's driver name to its physical location name, using the following syntax.

b interface <interface name> renames <driver name>

load

b [verify] load [<filename>|-]

b [-log] load [<filename>|-]

 

 

Resets all of the system management settings, for example, self IP addresses and interfaces, and then loads, by default, the configuration settings from the /config/bigip.conf and /config/bigip_base.conf files.

For testing purposes, you can save a test configuration by renaming it to avoid confusion with the boot configuration file. To load a test configuration, use the load command with the <filename> parameter. For example, if you renamed your configuration file to /config/bigtest.conf, the command would be:

b load /config/bigtest.conf

The command checks the syntax and logic, reporting any errors that would be encountered if the command executed.

You can type b load - in place of a file name, to display the configuration on the standard output device.

b load -

Use the load command together with the verify command to validate the specified configuration file. For example, to check the syntax of the configuration file /config/altbigpip.conf, use the following command:

b verify load /config/altbigip.conf

The -log option will cause any error messages to be written to /var/log/bigip in addition to the terminal.


merge

b [-log] merge [<file_name>]

 

 

Use the merge command to load the base configuration information from <file_name> without resetting the current configuration.

monitor

b monitor show [all]

b monitor <name> show

b monitor <name> enable | disable

 

Defines a health monitor. A health monitor is a configuration object that defines how and at what intervals a node is pinged to determine if it is up or down.

Note


On a 3-DNS Controller, this bigpipe option is applicable only to the default gateway pool, and the default monitor is icmp.

 

Showing, disabling, and deleting monitors

There are monitor commands for showing, disabling, and deleting monitors.

To show monitors

You can display a selected monitor or all monitors using the bigpipe monitor show command:

b monitor <name> show

b monitor show all

To disable a monitor

All monitors are enabled by default. You can disable a selected monitor, which effectively removes the monitor from service. To disable a monitor, use the bigpipe monitor <name> disable command:

b monitor <name> disable

To re-enable a disabled monitor

Disabled monitors may be re-enabled as follows:

b monitor <name> enable


reset

b reset

 

Use the following syntax to clear the configuration values and counter values from memory:

b reset

Warning:
Use this command with caution. All network traffic stops when you run this command.

Typically, this command is used on a standby 3-DNS unit in a redundant system prior to loading a new /config/bigip.conf file that contains new timeout values.

For example, you can execute the following commands on a standby 3-DNS unit:

b reset

b load <filename>

This sequence of commands ensures that only the values set in the <filename> specified are in use.


save

b save [ <filename> | - ]

b base save [ <filename> | - ]

 

 

The bigpipe save and base save commands write the current base configuration and networking settings from memory to the configuration files named /config/bigip.conf and /config/bigip_base.conf. (The /config/bigip.conf file stores high-level configuration settings, such as the default gateway pool, and floating self IPs for redundant systems. The /config/bigip_base.conf file stores low-level configuration settings, such as VLANs, non-floating self IP addresses, and interface settings.)

You can type b save <filename>, or a hyphen character (-) in place of a file name, to display the configuration on the standard output device.

b [base] save -

If you are testing and integrating 3-DNS Controllers into a network, you may want to use multiple test configuration files. Use the following syntax to save the current configuration to a file name that you specify:

b [base] save <filename>

For example, the following command saves the current configuration from memory to an alternate configuration file named /config/bigip.conf2.

b save /config/bigip.conf2


self

b self <ip_addr> vlan <vlan_name | vlangroup_name> [netmask <ip_mask> [broadcast <broadcast_addr>]] [unit <id>] [floating <enable | disable>]

b self <ip_addr> vlan <vlan_name | vlangroup_name>

b self <ip_addr> floating enable | disable

b self <ip_addr> delete

b self <ip_addr> show

b self show

 

The self command defines a self IP address on a 3-DNS Controller. A self IP address is an IP address mapping to a VLAN or VLAN group and their associated interfaces on a 3-DNS Controller. One self IP address is assigned to each interface in the unit as part of the initial system configuration. During the initial system configuration, if you have a redundant system, you also create a floating (shared) self IP address.

Options

The <ip_addr> variable specifies an IP address to assign to the 3-DNS Controller.

The vlan <vlan_name | vlangroup_name> option specifies the VLAN or VLAN group to which the self IP address is being assigned.

The netmask <ip mask> option specifies an IP mask used to set the network of the self IP address.

The broadcast <broadcast_addr> option specifies the broadcast address.

The unit <id> option specifies an optional unit ID, 1 or 2. The default value is 1.

The floating option enables or disables a floating self IP address.

Creating self IP addresses

The following are examples of using the bigpipe self command to create self IP addresses:

b self 10.1.0.1 vlan external netmask 255.255.0.0

b self 10.2.0.1 vlan internal netmask 255.255.0.0

For a redundant configuration, the IP addresses that are shared by the two units are configured as floating IP addresses. For example:

b self 10.1.1.1 vlan external netmask 255.255.0.0 floating enable

b self 10.2.1.1 vlan internal netmask 255.255.0.0 floating enable


trunk

b trunk <controlling_if> define <if_list>

b trunk [<controlling_if>] show [verbose]

b trunk [<controlling_if>] stats reset

b trunk [<controlling_if>] delete

 

The trunk command aggregates links (individual physical interfaces) to form a trunk. Link aggregation increases the bandwidth of the individual NICs in an additive manner. Thus, four fast Ethernet links, if aggregated, create a single 400 Mb/s link. The other advantage of link aggregation is link failover. If one link in a trunk goes down, traffic is simply redistributed over the remaining links.

A trunk must have a controlling link, and acquires all the attributes of that controlling link from Layer 2 and above. Thus, the trunk automatically acquires the VLAN membership of the controlling link, but does not acquire its media type and speed. Outbound packets to the controlling link are load balanced across all of the known-good links in the trunk. Inbound packets from any link in the trunk are treated as if they came from the controlling link.

A maximum of eight links may be aggregated. For optimal performance, links should be aggregated in powers of two. Thus ideally, you will aggregate two, four, or eight links. Gigabit and fast Ethernet links cannot be placed in the same trunk.

Options

The <controlling link> variable specifies the name of the interface chosen to be the controlling link for the trunk. Any attributes of the controlling link at layer 2 and above, such as membership in a VLAN, apply to the trunk.

The <link> variable specifies an interface name, for example 3.1. (For more information on interface naming, refer to the 3-DNS Administrator Guide, Chapter 4, Post-Setup Tasks.)

The show option displays information and statistics for the trunk, on a single line.

The <verbose> option, used with the show option, displays the information and statistics for the trunk in wordier form.

The delete option deletes the specified interface.


unit

b unit show

b unit peer show

 

You can use the bigpipe unit command to display the unit number assigned to a particular 3-DNS Controller. For example, to display the unit number of the unit you are on, type the following command:

b unit show

To display the unit number of the other 3-DNS unit in a redundant system, type in the following command:

b unit peer show

Note


If you use this command on a redundant system in active/standby mode or on a standalone unit, the active unit shows as unit 1 and 2.

verbose

b verbose virtual_server_udp_port_denial

b verbose virtual_server_tcp_port_denial

b verbose bigip_udp_port_denial

b verbose bigip_tcp_port_denial

 

Used to modify the verbose log level. This command is an alternative to using the bigpipe global verbose_log_level command.

Table C.2 compares use of the bigpipe verbose command to use of the bigpipe global verbose_log_level command.

 

b verbose command

b global verbose command

b verbose bigip_udp_port_denial

Turns UDP port denial logging on. This logs UDP port denials to the 3-DNS system address.

b global verbose_log_level 1

 

 

b verbose bigip_tcp_port_denial

Turns TCP port denial logging on. This logs TCP port denials to the 3-DNS system address.

b global verbose_log_level 2

b verbose virtual_server_udp_port_denial

Turns virtual UDP port denial logging on. This logs UDP port denials to the virtual server address.

b global verbose_log_level 4

b verbose virtual_server_tcp_port_denial

Turns virtual TCP port denial logging on. This logs TCP port denials to the virtual server address.

b global verbose_log_level 8

b verbose bigip_udp_port_denial
b verbose bigip_tcp_port_denial
b verbose bigip_udp_port_denial
b verbose bigip_tcp_port_denial

Turns UDP and TCP port denial on for both virtual server and 3-DNS system addresses.

b global verbose_log_level 15

 

verify

b [log] verify <command...]

b verify load [<filename>|-]

 

The verify command parses the command line and checks syntax without executing the specified command. This distinguishes between valid and invalid commands

Use the verify command followed by a command that you want to validate. For example, to verify that the vlans external1 and external2 have been added to the VLAN group bridge, type the following command:

b verify vlangroup bridge vlans add external1 external2

The command checks the syntax and logic, and reports any errors that would be encountered if the command executed.

Use the verify command together with the load <filename> command to validate the specified configuration file. For example, to check the syntax of the configuration file /config/altbigpip.conf, use the following command:

b verify load /config/altbigip.conf


version

b version

 

Displays the version of the 3-DNS Controller operating system and the features that are enabled.

For example, for a 3-DNS Controller, the bigpipe version command displays the output shown in Figure C.1

Figure C.1 The version output display


Product Code:
3-DNS

Enabled Features:
BIG_IP Link Control 3-DNS (R)
Pools Failover
Health Check Filter
3-DNS Engine 3-DNS Multiple Pools
Statistics Journaling Network Proximity Table
IP Classifier Internet Weather Map
...
 

vlan

b vlan <vlan_name>

b vlan <vlan_name> rename <new_vlan_name>

b vlan <vlan_name> delete

b vlan <vlan_name> tag <tag_number>

b vlan <vlan_name> interfaces add [tagged] <if_list>

b vlan <vlan_name> interfaces delete <if_list | all>

b vlan <vlan_name> interfaces show

b vlan <vlan_name> port_lockdown <enable | disable>

b vlan <vlangroup_name> proxy_forward <enable | disable>

b vlan <vlan_name> failsafe <arm | disarm | show>

b vlan <vlan_name> timeout <seconds | show>

b vlan show

b vlan <vlan_name> show

b vlan <if_name> mac_masq <mac_addr | show>

b vlan <if_name> mac_masq 0:0:0:0:0

 

The vlan command defines VLANs, VLAN mappings, and VLAN properties. By default, each interface on a 3-DNS Controller is an untagged member of an interface-group VLAN. The lowest-numbered interface is assigned to the external VLAN, the interface on the main board is assigned to the admin VLAN, and all other interfaces are assigned to the internal VLAN.

Using the vlan command, you can create tagged and untagged VLANs, make and change assignments of VLANs to interfaces, and configure a range of VLAN attributes. This includes enabling/disabling of port lockdown, arming and disarming failsafe, and setting the failure timeout.


Options

The <vlan name> variable specifies a VLAN name, 1-15 characters in length.

The tag <tag number> option specifies a valid VLAN tag number, in the range 0-4095. Note that if 0 is specified as the tag number, the vlan command creates an empty VLAN.

The interfaces add [tagged] option specifies that the interfaces specified with the <if_list> argument are to be added to the specified VLAN, as either tagged or untagged interfaces.

The interfaces delete option deletes all interfaces for the specified VLAN.

The <if_list> variable specifies a list of interfaces to be added to a VLAN.

The interfaces show all option shows all interfaces for the specified VLAN.

The failsafe option allows you to arm, disarm, or show the failsafe mechanism for redundant systems.

The timeout <timeout> option specifies a timeout value for the failsafe mechanism.

The rename <new_vlan_name> option specifies the name to which you want to rename the specified VLAN.

The <if_name> variable specifies an interface name.

The mac_masq <MAC address> option specifies a MAC address, such as 0:a0:be:ef:1f:3a, that will be shared by both units in a redundant system.

The port_lockdown option enables or disables connections through the specified VLAN.


vlangroup

b vlangroup [<vlangroup name>] <show | list | delete>

b vlangroup <vlan name> tag <number>

b vlangroup [<vlangroup name>] tag [show]

b vlangroup [<vlangroup name>] interfaces [show]

b vlangroup <vlan name> vlans add <vlan if name list>

b vlangroup <vlangroup name> vlans delete <vlan if name list | all>

b vlangroup [<vlangroup name>] vlans [show]

b vlangroup <vlangroup name> port_lockdown <enable | disable | show>

b vlangroup <vlangroup name> proxy_forward <enable | disable>

b vlangroup [<vlangroup name>] proxy_forward [show]

b vlangroup <vlangroup name> failsafe <arm | disarm | show>

b vlangroup <vlangroup name> timeout <number>

b vlangroup <vlangroup name> mac_masq <MAC addr | show>

b vlangroup <vlangroup name> fdb <add | delete> <MAC addr> interface <if name>

b vlangroup [<vlangroup name>] fdb <show [static | dynamic]>

b vlangroup <vlan name> rename <vlan name>

 

The vlangroup command defines a VLAN group, which is a grouping of two or more VLANs belonging to the same IP network for the purpose of allowing L2 packet forwarding between those VLANs.

The VLANs between which the packets are to be passed must be on the same IP network, and they must be grouped using the vlangroup command. For example:

b vlangroup network11 { vlans add internal external }

A self IP address must be assigned to the VLAN group using the following command:

b self <ip_addr> vlan network11

L2 forwarding must be enabled for the VLAN group using the VLAN proxy_forward attribute. This attribute is enabled by default when the VLAN group is enabled.

Note that if a VLAN belongs to multiple VLAN groups, you can only delete the VLAN from one VLAN group at a time.

Options

The arguments available with the bigpipe vlangroup command are the same as those for the bigpipe vlan command. For a description of these options, see Options .