Applies To:
Show Versions
3-DNS Controller versions 1.x - 4.x
- 4.6.1, 4.6.0, 4.5 PTF-08, 4.5 PTF-07, 4.5 PTF-06, 4.5 PTF-05, 4.5 PTF-04, 4.5 PTF-03, 4.5 PTF-02, 4.5 PTF-01, 4.5.9, 4.5.0
B
bigpipe Command Reference
bigpipe commands
This chapter lists the various bigpipe commands that are available on the 3-DNS Controller, including syntax requirements and functional descriptions. Table B.1 outlines the conventions used in the command line syntax.
|
Item in text |
Description |
|---|---|
|
\ |
Continue to the next line without typing a line break. |
|
< > |
You enter text for the enclosed item. For example, if the command has <your name>, type in your name. |
|
| |
Separates alternate options for a command. |
|
[ ] |
Syntax inside the brackets is optional. |
|
... |
Indicates that you can type a series of items. |
You can use both bigpipe and b to start a bigpipe command.
The following table provides a concise listing of the individual bigpipe commands, along with the page reference where you can find the detailed description.
|
Command |
Description |
|
|---|---|---|
|
-? |
Displays online help for an individual bigpipe command. |
|
|
config |
Synchronizes the /config/bigip.conf between the two 3-DNS units in a redundant system. |
|
|
failover |
Sets the 3-DNS Controller as active or standby. |
|
|
global |
Sets global variable definitions. |
|
|
-h and help |
Displays online help for bigpipe command syntax. |
|
|
interface |
Sets options on individual interfaces. |
|
|
load |
Loads the 3-DNS configuration and resets. |
|
|
merge |
Loads a saved 3-DNS configuration without resetting the current configuration. |
|
|
monitor |
Defines a health check monitor. |
|
|
reset |
Clears the 3-DNS configuration and counter values. |
|
|
save |
Writes the current configuration to a file. |
|
|
self |
Assigns a self IP address for a VLAN or interface. |
|
|
trunk |
Aggregates links to form a trunk. |
|
|
unit |
Displays the unit number assigned to a particular 3-DNS Controller. |
|
|
verify |
Parses the command line and checks syntax without executing the specified command. |
|
|
version |
Displays the bigpipe utility version number. |
|
|
vlan |
Defines VLANs, VLAN mappings, and VLAN properties. |
|
|
vlangroup |
Defines VLAN groups. |
-?
|
bigpipe <command> -? |
For certain commands, displays online help, including complete syntax, description, and other related information. For example, to see online help for the bigpipe global command, type:
b global -?
config
|
b config save <file> b config install <file> |
The bigpipe config commands archive configuration files for backup purposes (config save) and installs saved files (config install).
Saving configuration files to an archive
The config save <file> command saves all configuration files to a single archive file, <file>.ucs, on the local system. By default, <file>.ucs is saved to the directory /user/local/ucs. An alternate location can be specified by expressing <file> as a relative or absolute path. For example:
b config save /user/local/config_backup/my_conf
This writes the file my_conf.ucs to the directory /user/local/config_backup.
Installing an archived configuration file
The config install <file> command reinstalls the archived configuration files saved as <file>.ucs to their working locations on the local system.
If you use command line utilities to set configuration options, be sure to save the current configuration to the relevant files before you use the configuration synchronization feature. (Alternatively, if you want to test the memory version on the standby unit first, use bigpipe config sync running.) Use the following bigpipe command to save the current configuration:
b save
A file named /usr/local/ucs/cs_backup.ucs is created prior to installing a UCS from a remote machine.
failover
|
b failover standby | show | init |
This group of commands affects the fail-over status of the 3-DNS Controller. Note that the failover commands are only valid if you have a redundant system.
Run the following command to place a 3-DNS unit in standby mode:
b failover standby
Show the status of the 3-DNS unit with the following command:
b failover show
You can use the bigpipe failover init command to refresh the parameters of the fail-over mechanism with any new configuration data entered in the BIG/db database.
b failover init
global
|
b global auto_lasthop enable | disable | show b global ipforwarding enable | disable b global open_3dns_ports enable | disable | show b global open_corba_ports enable | disable | sho b global open_snmp_ports enable | disable | show b global open_telnet_port enable | disable b global open_ftp_ports enable|disable b global open_ssh_port enable | disable b global open_rsh_ports enable | disable b global open_failover_ports enable | disable | show b global verbose_log_level <level> b global webadmin_port <port> b global l2_aging_time <seconds> |
auto_lasthop
When this variable is enabled, it automatically designates the lasthop router inside IP address as a lasthop route for replies to inbound traffic. If auto_lasthop is disabled, the lasthop router inside IP address must be specified as a lasthop pool. The default setting is enable.
ipforwarding
Enables IP forwarding for the 3-DNS Controller. IP forwarding exposes all of the node IP addresses to the external network, making them routable on that network. Note that this setting is only applicable if you are running the 3-DNS Controller in router mode. The default setting is disabled.
open_3dns_ports
This variable is required only when running one or more 3-DNS Controllers in the network. It does not apply to running the 3-DNS Controller module on a BIG-IP system.
open_corba_ports
This variable enables and disables the CORBA ports, which allow administrative CORBA connections. The default setting is disabled.
open_snmp_ports
This variable enables and disables the SNMP ports, which allow administrative SNMP connections. The default setting is disabled.
open_telnet_port
This variable enables or disables ports for Telnet access. The default setting is disable.
The following command sets this variable to open the Telnet port (23) to allow administrative Telnet connections. This is useful for non-crypto 3-DNS systems.
The following command opens the Telnet port:
b global open_telnet_port enable
The following command closes the Telnet port:
b global open_telnet_port disable
open_ftp_ports
This variable enables or disables ports for FTP access. The default setting is disable.
The following command closes FTP ports:
b global open_ftp_ports disable
open_ssh_ports
This variable enables or disables ports for SSH access on 3-DNS Controllers that support encrypted communications. The default setting is enable.
The following command opens the SSH port (22) to allow encrypted administrative connections:
b global open_ssh_port enable
The following command closes the SSH port:
b global open_ssh_port disable
open_rsh_ports
This variable enables or disables ports for RSH access. You may need to open RSH ports if you are configuring a non-crypto 3-DNS Controller, or if you want a crypto 3-DNS Controller to communicate with non-crypto systems in your network.
The default setting is disable.
The following command opens the RSH ports (512, 513, and 514) to allow RSH connections:
b global open_rsh_ports enable
The following command closes RSH ports:
b global open_rsh_ports disable
open_failover_ports
This variable enables or disables network failover (failover in a redundant system with no serial cable connection) when a VLAN has port lockdown enabled.
The following command enables network failover:
b global open_failover_ports enable
The following command disables network failover:
b global open_failover_ports disable
verbose_log_level
This variable sets logging levels for both TCP and UDP traffic. Each log level is identified by a level number used in place of the <level> parameter.
The following command turns on port denial logging for both TCP and UDP traffic. This logs TCP and UDP port denials to the virtual server address and the 3-DNS Controller address.
b global verbose_log_level 15
The following command turns logging off altogether:
b global verbose_log_level 0
Setting log levels only for TCP traffic
The following command turns on only TCP port denial logging, which logs TCP port denials to the 3-DNS Controller address.
b global verbose_log_level 2
The following command turns on virtual TCP port denial logging, which logs TCP port denials to the virtual server address.
b global verbose_log_level 8
Setting log levels for UDP traffic
The following command turns on only UDP port denial logging, which logs UDP port denials to the 3-DNS Controller address.
b global verbose_log_level 1
The following command turns on only virtual UDP port denial logging, which logs UDP port denials to the virtual server address.
b global verbose_log_level 4
webadmin_port
Specifies the port number used for administrative web access. The default port for web administration is port 443.
-h and -help
|
b [ -h | -help ] |
Displays the bigpipe command syntax or usage text for all current commands.
More detailed man pages are available for some individual bigpipe commands. To display detailed online help for the bigpipe command, type: man bigpipe.
interface
|
b interface <if_name> media <media_type>|show b interface <if_name> duplex full|half|auto|show b interface [<if_name>] show [verbose] b interface [<if_name>] stats reset |
Displays names of installed network interface cards and allows you to set properties for each network interface card.
Setting the media type
The media type may be set to the specific media type for the interface card, or it may be set to auto for auto detection. If the media type is set is set to auto and the card does not support auto detection, the default type for that interface will be used, for example 100baseTX.
Setting the duplex mode
Duplex mode may be set to full or half duplex. If the media type does not allow duplex mode to be set, this will be indicated by an onscreen message. If media type is set to auto, or if setting duplex mode is not supported, the duplex setting will not be saved to bigip.conf.
load
|
b [verify] load [<filename>|-] b [-log] load [<filename>|-] |
Resets all of the 3-DNS Controller settings and then loads, by default, the configuration settings from the /config/bigip.conf and /config/bigip_base.conf files.
For testing purposes, you can save a test configuration by renaming it to avoid confusion with the boot configuration file. To load a test configuration, use the load command with the <filename> parameter. For example, if you renamed your configuration file to /config/bigtest.conf, the command would be:
b load /config/bigtest.conf
The command checks the syntax and logic, reporting any errors that would be encountered if the command executed.
You can type b load - in place of a file name, to display the configuration on the standard output device.
b load -
Use the load command together with the verify command to validate the specified configuration file. For example, to check the syntax of the configuration file /config/altbigpipe.conf, use the following command:
b verify load /config/altbigip.conf
The -log option will cause any error messages to be written to /var/log/bigip in addition to the terminal.
merge
|
b [-log] merge [<file_name>] |
Use the merge command to load the 3-DNS configuration from <file_name> without resetting the current configuration.
monitor
|
b monitor show [all] b monitor <name> show b monitor <name> enable | disable |
Defines a health monitor. A health monitor is a configuration object that defines how and at what intervals a node is pinged to determine if it is up or down.
On a 3-DNS Controller, this bigpipe option is applicable only to the default gateway pool, and the default monitor is icmp.
Showing, disabling, and deleting monitors
There are monitor commands for showing, disabling, and deleting monitors.
To show monitors
You can display a selected monitor or all monitors using the bigpipe monitor show command:
b monitor <name> show
b monitor show all
To disable a monitor
All monitors are enabled by default. You can disable a selected monitor, which effectively removes the monitor from service. To disable a monitor, use the bigpipe monitor <name> disable command:
b monitor <name> disable
To re-enable a disabled monitor
Disabled monitors may be re-enabled as follows:
b monitor <name> enable
reset
|
b reset |
Use the following syntax to clear the configuration values and counter values from memory:
b reset
Use this command with caution. All network traffic stops when you run this command.
Typically, this command is used on a standby 3-DNS unit in a redundant system prior to loading a new /config/bigip.conf file that contains new service enable and timeout values.
For example, you can execute the following commands on a standby 3-DNS unit:
b reset
b load <filename>
This sequence of commands ensures that only the values set in the <filename> specified are in use.
save
|
b save [ <filename> | - ] b base save [ <filename> | - ] |
The bigpipe save and base save commands write the current 3-DNS configuration settings from memory to the configuration files named /config/bigip.conf and /config/bigip_base.conf. (The /config/bigip.conf file stores high-level configuration settings, such as pools, virtual servers, NATs, SNATs, and proxies. The /config/bigip_base.conf file stores low-level configuration settings, such as VLANs, non-floating self IP addresses, and interface settings.)
You can type b save <filename>, or a hyphen character (-) in place of a file name, to display the configuration on the standard output device.
b [base] save -
If you are testing and integrating 3-DNS Controllers into a network, you may want to use multiple test configuration files. Use the following syntax to save the current configuration to a file name that you specify:
b [base] save <filename>
For example, the following command saves the current configuration from memory to an alternate configuration file named /config/bigip.conf2.
b save /config/bigip.conf2
self
|
b self <addr> vlan <vlan_name> [ netmask <ip_mask> ][ broadcast <broadcast_addr>] [unit <id>] b self <addr> floating enable | disable b self <addr> delete b self <addr> show b self show |
The self command defines a self IP address on a 3-DNS Controller. A self IP address is an IP address mapping to a VLAN or VLAN group and their associated interfaces on a 3-DNS Controller. One self IP address is assigned to each interface in the unit as part of the initial system configuration. During the initial system configuration, if you have a redundant system, you also create a floating (shared) self IP address. Additional self IP addresses may be created for health checking, gateway failsafe, routing, or other purposes. These additional self IP addresses are created using the self command.
Any number of additional self IP addresses may be added to a VLAN to create aliases. Example:
b self 11.11.11.4 vlan external
b self 11.11.11.5 vlan external
b self 11.11.11.6 vlan external
b self 11.11.11.7 vlan external
Also, any one self IP address may have floating enabled to create a floating self IP address that is shared by both units of a 3-DNS Controller redundant system:
b self 11.11.11.8 floating enable
Assigning a self IP address to a VLAN automatically maps it to the VLAN's interfaces. Since all interfaces must be mapped to one and only one untagged VLAN, assigning a self IP address to an interface not mapped to an untagged VLAN produces an error message.
trunk
|
b trunk <controlling_if> define <if_list> b trunk [<controlling_if>] show [verbose] b trunk [<controlling_if>] stats reset |
The trunk command aggregates links (individual physical interfaces) to form a trunk. Link aggregation increases the bandwidth of the individual NICs in an additive manner. Thus, four fast Ethernet links, if aggregated, create a single 400 Mb/s link. The other advantage of link aggregation is link failover. If one link in a trunk goes down, traffic is simply redistributed over the remaining links.
A trunk must have a controlling link, and acquires all the attributes of that controlling link from Layer 2 and above. Thus, the trunk automatically acquires the VLAN membership of the controlling link, but does not acquire its media type and speed. Outbound packets to the controlling link are load balanced across all of the known-good links in the trunk. Inbound packets from any link in the trunk are treated as if they came from the controlling link.
A maximum of eight links may be aggregated. For optimal performance, links should be aggregated in powers of two. Thus ideally, you will aggregate two, four, or eight links. Gigabit and fast Ethernet links cannot be placed in the same trunk.
Creating a trunk
To create a trunk, use the following syntax:
b trunk <controlling_if> define <if_list>
Interfaces are specified using the s.p convention, where s is slot number and p is port number. An <if_list> is one or more such interfaces, with multiple interfaces separated by spaces or commas. A range may be specified as follows:
2.1-2.7
For more information on interface naming, refer to the 3-DNS Administrator Guide, Chapter 4, Post-Setup Tasks.
unit
|
b unit [show] b unit peer [show] |
The unit number on a 3-DNS Controller designates which virtual servers use a particular unit in an active-active redundant configuration. You can use the bigpipe unit command to display the unit number assigned to a particular 3-DNS Controller. For example, to display the unit number of the unit you are on, type the following command:
b unit show
To display the unit number of the other 3-DNS unitin a redundant system, type in the following command:
b unit peer show
If you use this command on a redundant system in active/standby mode, the active unit shows as unit 1 and 2, and the standby unit has no unit numbers.
The bigpipe unit peer show command is the best way to determine whether the respective state mirroring mechanisms are connected.
verify
|
b [log] verify <command...] verify load [<filename>|-] |
Parses the command line and checks syntax without executing the specified command. This distinguishes between valid and invalid commands
Use the verify command followed by a command that you want to validate. For example, to verify that the vlans external1 and external2 have been added to the VLAN group bridge, type the following command:
b verify vlangroup bridge vlans add external1 external2
The command checks the syntax and logic, and reports any errors that would be encountered if the command executed.
Use the verify command together with the load <filename> command to validate the specified configuration file. For example, to check the syntax of the configuration file /config/altbigpipe.conf, use the following command:
b verify load /config/altbigip.conf
version
|
b version |
Displays the version of the 3-DNS Controller operating system and the features that are enabled.
For example, for a 3-DNS Controller, the bigpipe version command displays the output shown in Figure B.1
Product Code: 3-DNS Enabled Features: BIG_IP Link Control 3-DNS (R) Pools Failover Health Check Filter 3-DNS Engine 3-DNS Multiple Pools Statistics Journaling Network Proximity Table IP Classifier Internet Weather Map ... |
vlan
|
b vlan <vlan_name> b vlan <name> rename <new_name> b vlan <vlan_name> delete b vlan <vlan_name> tag <tag_number> b vlan <vlan_name> interfaces add [tagged] <if_list> b vlan <vlan_name> interfaces delete <if_list> b vlan <vlan_name> interfaces delete all b vlan <vlan_name> interfaces show b vlan <vlan_name> port_lockdown enable | disable b vlan <vlangroup_name> proxy_forward enable | disable b vlan <vlan_name> failsafe arm|disarm|show b vlan <vlan_name> timeout <seconds>|show b vlan show b vlan <vlan_name> show b vlan <vlan_name> interfaces show b vlan <vlan_name> rename <new_vlan_name> b vlan <if_name> mac_masq <mac_addr> | show b vlan <if_name> mac_masq 0:0:0:0:0 |
The vlan command defines VLANs, VLAN mappings, and VLAN properties. By default, each interface on a 3-DNS Controller is an untagged member of an interface-group VLAN. The lowest-numbered interface is assigned to the external VLAN, the interface on the main board is assigned to the admin VLAN, and all other interfaces are assigned to the internal VLAN.
Using the vlan command, you can create tagged and untagged VLANs, make and change assignments of VLANs to interfaces, and configure a range of VLAN attributes. This includes enabling/disabling of port lockdown, arming and disarming failsafe, and setting the failure timeout. Table B.2 shows the VLAN configuration options.
|
Attributes |
Description |
|---|---|
|
Default VLAN configuration |
The Setup utility provides a default VLAN configuration. On a typical unit with two interfaces, you create an internal and external VLAN. |
|
VLAN |
Create, rename, or delete a VLAN. Typically, one VLAN is assigned to one interface. |
|
Tag VLANs |
You can tag VLANs and add multiple tagged VLANs to a single interface. |
|
VLAN security |
You can set port lockdown by VLAN. |
|
Set fail-safe timeouts |
You can set a failsafe timeout on a VLAN. You can use a failsafe timeout to trigger fail-over in a redundant system. |
|
Self IP addresses |
You can set self IP addresses for VLANs. |
|
MAC masquerade |
You can use this attribute to set up a media access control (MAC) address that is shared by redundant units. This allows you to use the 3-DNS units in a topology with secure hubs. |
Creating and assigning a VLAN
To create a VLAN, use the following syntax:
b vlan <name>
<name> is typically symbolic, as in:
b vlan vlan5
Typically you define a VLAN and specify the interfaces on the VLAN in the same command:
b vlan vlan5 interfaces add [tagged] <if_list>
Tagged VLANs
A new tagged VLAN is created using the bigpipe vlan tag command, specifying a tag number. For example:
b vlan my_vlan tag 1209
A tagged VLAN is mapped to an interface or interfaces (or an untagged VLAN is tagged and mapped an interface or interfaces) using the tagged flag. For example:
b vlan external interfaces add tagged 4.1 5.1 5.2
The effect of the command is to place a tag on interfaces 4.1.and 5.1, which in turn makes external a tagged VLAN. (However, it remains an untagged VLAN for interfaces which are part of it but not tagged.)
An interface can have more than one tag; it can be a member of more than one tagged VLAN.
b vlan external interfaces add tagged 4.1
b vlan internal interfaces add tagged 4.1
b vlan admin interfaces add tagged 4.1
This permits tagged VLANS to form a VLAN trunk on a single interface.
Enabling and disabling port lockdown
You can lock down a VLAN to prevent direct connection to the 3-DNS Controller through that VLAN using the following command:
b vlan <vlan_name> port_lockdown enable
Note that you do not want to enable port lockdown on a 3-DNS Controller on which you are only using a single VLAN.
Setting the fail-over timeout and arming the fail-safe
For redundant 3-DNS Controllers, failover (activation of the inactive system) occurs when loss of traffic is detected on a VLAN and traffic is not restored during the failover timeout period for that VLAN. You can enable a fail-safe mechanism to attempt to generate traffic when half the timeout has elapsed. If the attempt is successful, the failover is stopped.
Using the vlan command, you may set the timeout period and also arm or disarm the fail-safe.
To set the timeout, type the following command:
b vlan <vlan_name> timeout <timeout_in_seconds>
To arm the failsafe, use this command:
b vlan <vlan_name> failsafe arm
To disarm the failsafe, use this syntax:
b vlan <vlan_name> failsafe disarm
Setting the MAC masquerade address
Sharing the MAC masquerade address makes it possible to use 3-DNS Controllers in a network topology using secure hubs. The MAC address for a VLAN is the first interface to which the VLAN is mapped. You can view the VLAN-to-interface mapping using the following command:
b vlan show
You can view the media access control (MAC) address on a given unit using the following command:
b interface show
Use the following syntax to set the MAC masquerade address that will be shared by both 3-DNS units in the redundant system.
b vlan <vlan_name> mac_masq <MAC_addr>
You must specify a default route before using the mac_masq command. You specify the default route in the /etc/hosts and /etc/netstart files.
Find the MAC address on both the active and standby units and choose one that is similar but unique. A safe technique for choosing the shared MAC address follows:
Suppose you want to set up mac_masq on the external interfaces. Using the bigpipe interface show command on the active and standby units, you note that their MAC addresses are:
Active: 3.1 = 0:0:0:ac:4c:a2
Standby: 3.1 = 0:0:0:ad:4d:f3
In order to avoid packet collisions, you now must choose a unique MAC address. The safest way to do this is to select one of the addresses and logically OR the first byte with 0x40. This makes the MAC address a locally administered MAC address.
In this example, either 40:0:0:ac:4c:a2 or 40:0:0:ad:4d:f3 would be a suitable shared MAC address to use on both 3-DNS units in the redundant system.
The shared MAC address is used only when the 3-DNS Controller is in active mode. When the 3-DNS Controller is in standby mode, the original MAC address of the network card is used.
If you do not configure mac_masq on startup, or when transitioning from standby mode to active mode, the 3-DNS Controller sends gratuitous ARP requests to notify the default router and other machines on the local Ethernet segment that its MAC address has changed. See RFC 826 for more details on ARP.
You can use the same technique to configure a shared MAC address for each interface.
vlangroup
|
b vlangroup <vlangroup_name> { vlans add <vlan_list> } b vlan <vlangroup_name> proxy_forward enable | disable b vlangroup <vlangroup_name> delete |
The vlangroup command defines a VLAN group, which is a grouping of two or more VLANs belonging to the same IP network for the purpose of allowing L2 packet forwarding between those VLANs.
The VLANs between which the packets are to be passed must be on the same IP network, and they must be grouped using the vlangroup command. For example:
b vlangroup network11 { vlans add internal external }
A self IP address must be assigned to the VLAN group using the following command:
b self <ip_addr> vlan network11
L2 forwarding must be enabled for the VLAN group using the vlan proxy_forward attribute. This attribute is enabled by default when the VLAN group is enabled.
