C

BIG/ip System Control Variables

• Setting BIG/ip system control variables

Setting BIG/ip system control variables

The BIG/ip Controller hardware and software boot up with a configuration specified, in part, by the system control variables stored in the /etc/rc.sysctl file. Most of these variables are standard BSD UNIX system control variables, while some are used exclusively by the BIG/ip Controller. In most cases, a variable is just toggled off (0) or on (1), but some variables may also store specific values, such as a port number.

You can use three methods to set system control variables affecting the BIG/ip Controller:

• The F5 Configuration utility
  Navigate to a system control variable and edit it in the browser with the F5 Configuration utility.
• sysctl command
  Write system control variable values directly to /etc/rc.sysctl using this command line utility.
• vi or pico
  Use a text editor, such as vi or pico, to edit /etc/rc.sysctl directly.

sysctl

sysctl -a
sysctl <variable name>
sysctl -w <variable name>=<value>

Displaying current system control variable settings

To display the settings of all system control variables, use the following syntax:

sysctl -a

To display the current setting for an individual variable, use the following command syntax:

sysctl <variable name>

Setting a system control variable

Use the following syntax to write a value for a system control variable in /etc/rc.sysctl:

sysctl -w <variable name>=<value>

For example, the following command sets Transparent Node mode to on at boot:

sysctl -w bigip.bonfire_mode=1

To turn Transparent Node Mode off at boot, you would write the setting to /etc/rc.sysctl using the following command:

sysctl -w bigip.bonfire_mode=0

bigip.vipnoarp

Description

bigip.vipnoarp=1 Prevents the BIG/ip Controller from issuing ARP requests when rebooted. This is useful for configurations that contain 1,000 or more virtual servers. This setting also prevents you from configuring virtual servers as IP addresses on the BIG/ip Controller external interface.

bigip.vipnoarp=0 (Default) Issues ARP requests on reboot.

bigip.bonfire_mode

Description

bigip.bonfire_mode=1 Sets the BIG/ip Controller to operate in Transparent Node mode, where it can perform load balancing on routers and router-like devices, such as transparent firewalls.

bigip.bonfire_mode=0 (Default) Transparent Node Mode is off.

bigip.bonfire_compatibility_mode

Description

bigip.bonfire_compatibility_mode=1 Turns off port translation on the BIG/ip Controller. This is useful if a node port is only being used to specify a service check port.

bigip.bonfire_compatibility_mode=0 (Default) Port translation is on.

bigip.fastest_max_idle_time

Description

bigip.fastest_max_idle_time=<seconds> Sets the number of seconds a node can be left idle by the fastest load balancing mode. This prevents the BIG/ip Controller from sending connections to a node that is responding slowly.

bigip.max_sticky_entries

Description

bigip.max_sticky_entries=2048 This is the maximum number of sticky entries allowed to accumulate on the BIG/ip Controller when using destination address affinity (sticky persistence). When the maximum value is reached, the BIG/ip Controller stops accumulating sticky entries. The default value for this entry is 2048.

net.inet.ip.forwarding

Description

net.inet.ip.forwarding=1 Exposes node IP addresses on the internal network, allowing clients to connect directly to nodes, and also allows nodes to initiate connections with computers external to the BIG/ip Controller. Typically, this setting is used only on systems that cannot use NATs (for example, a network that uses CORBA or the NT Domain).

net.inet.ip.forwarding=0 (Default) IP forwarding is off.

bigip.halt_reboot_timeout

Description

bigip.halt_reboot_timeout=2 This value is the number of seconds the BIG/ip Controller can stop during boot up before the watchdog card hard reboots the controller. The default value for this setting is 2 seconds.

net.inet.ip.sourcecheck

Description

net.inet.ip.sourcecheck=1 This setting enables the BIG/ip Controller to check the source IP address of incoming packets before it checks the packet for other information (for example, the virtual server).

Source checking tries to allocate a route back to the source of the packet, and if the route cannot be found, or if the route of the interface is on an interface different from the interface from which the packet was received, the packet is discarded. Each time a packet is discarded, the bad source interface counter is incremented.

net.inet.ip.sourcecheck=0 (Default) IP source checking is off.

bigip.webadmin_port

Description

bigip.webadmin_port=443 Specifies the port number used for administrative web access. (Default = 443)

bigip.persist_time_used_as_limit

Description

bigip.persist_time_used_as_limit=1 (Default) Forces the persistent connection timer to reset on each packet for persistent sessions.

bigip.persist_time_used_as_limit=0 Resets timer only when the persistent connection is initiated.

For SSL persistence, the timer is always reset on each packet.

bigip.persist_on_any_vip

Description

bigip.persist_on_any_vip=1 All simple persistent connections from the same client IP address are sent to the same node (matches the client IP address but not the virtual address or virtual port the client is using).

bigip.persist_on_any_vip=0 (default) Off

bigip.persist_on_any_port_same_vip

Description

bigip.persist_on_any_port_same_vip=1 All simple persistent connections from a client IP address that go to the same virtual address also go to the same node. This matches the address the client is using.

bigip.persist_on_any_port_same_vip=0 (default) Off

bigip.open_3dns_lockdown_ports

Description

bigip.open_3dns_lockdown_ports=0 (default) This variable is only required when running a 3DNS Controller. Set to 0 on the BIG/ip Controller when the 3DNS Controller is not present. (See the 3DNS Administrator Guide for more information.)

bigip.tcphps_mss_override

Description

bigip.tcphps_mss_override=(<1460) Allows you to decrease the default maximum segment size (MSS) from 1460 to a smaller value. This is the value announced to clients by the TCP server proxy on the BIG/ip Controller in the SYN/ACK packet.

bigip.tcphps_mss_override=0 (Default) The BIG/ip Controller requests the MSS from the node when negotiating connections on the node's behalf.

bigip.open_telnet_port

Description

bigip.open_telnet_port=1 Opens the telnet port (23) to allow administrative Telnet connections (useful for an international BIG/ip Controller, or for a US controller that needs to communicate with international 3DNS Controllers).

bigip.open_telnet_port=0 Opens the FTP port to allow administrative FTP connections (useful for international BIG/ip Controllers).

bigip.open_ftp_ports

Description

bigip.open_ftp_ports=1 Opens the FTP ports (20 and 21) to allow administrative FTP connections (useful for international BIG/ip Controllers).

bigip.open_ftp_ports=0 (default) FTP port does not allow administrative FTP connections

bigip.open_ssh_port

Description

bigip.open_ssh_port=1 Opens the SSH port (22) to allow administrative connections (useful only for US BIG/ip Controllers).

bigip.open_ssh_port=0 (default) SSH port does not allow administrative connections.

bigip.open_rsh_ports

Description

bigip.open_rsh_ports=1 Opens the RSH ports (512, 513, and 514) to allow RSH connections (useful for international BIG/ip Controllers, or on US controllers that need to communicate with international 3DNS Controllers).

bigip.open_rsh_ports=0 RSH port does not allow RSH connections.

bigip.verbose_log_level

Description

bigip.verbose_log_level=1 Turns port denial logging on.

bigip.verbose_log_level=0 Turns port denial logging off.