Manual Chapter : BIG-IP Reference Guide v4.5:Services

Applies To:

Show Versions Show Versions

BIG-IP versions 1.x - 4.x

  • 4.6.1, 4.6.0, 4.5 PTF-08, 4.5 PTF-07, 4.5 PTF-06, 4.5 PTF-05, 4.5 PTF-04, 4.5 PTF-03, 4.5 PTF-02, 4.5 PTF-01, 4.5.9, 4.5.0
Manual Chapter


9

Services


Introducing services

The BIG-IP system supports a variety of services that are standard Internet applications, such as HTTP, HTTPs, FTP, and POP3. Each service is known by its name and also by its well-known or reserved port number such as 80 or 443. (Specifically, a service is any valid service name in the /etc/services file or any valid port number between 0 and 65535.) The bigpipe service command allows you to enable and disable network traffic on services, and also to set connection limits and timeouts. You can use the service name or the port number for the <service> parameter. Note that the settings you define with this command control the service for all virtual servers that use it. By default, access to all services is disabled.

Tip


Virtual servers using the same service actually share a port on the BIG-IP system. Because this command is global, you need to open access to a service only once; you do not need to open access to a service for each instance of a virtual server that uses it.

Configuration options

You can set a number of attributes on a service, such as allowing access to a service and setting the number of conncurrent connections that a service will allow. You can set these services using the bigpipe service command.

Note


Any time you create a virtual server and define a service with the Configuration utility or the bigpipe command, network traffic is automatically enabled for that service.

Table 9.1 lists the attributes you can configure for a service.



 

Attributes

Description

Allow access to services

As a security measure, all services are locked down on the BIG-IP system. In order for the BIG-IP system to load balance traffic, you must enable access to the service on which the BIG-IP system will receive traffic.

Set connection limits

You can define a connection limit for a service so that a flood of connections does not overload the BIG-IP system.

Enable and disable TCP and UDP

You can enable or disable TCP and UDP for specific services.

Set idle connection timeouts

You can set the idle connection timeout to close idle connections.

Display service settings

You can issue a command to display the settings for any of the above options that you have configured.

 

Allowing access to services

Setting this attribute allows the specified service to accept network connections.


To allow access to services from the command line

Using the bigpipe service command, you can allow access to one or more services at a time.

b service <service>...<service> <protocol> [tcp|udp] enable

For example, in order to enable HTTP (service 80) and Telnet (service 23) services, you can type the following bigpipe service command:

b service 80 23 443 tcp enable


Setting connection limits on services

You can set the maximum number of concurrent connections allowed on a service. Note that you can configure this setting for one or more services.


To set connection limits on services

To set a limit on the number of connections that a node will accept, use the following command line syntax:

b service <service> [...<service>] limit <max conn>

To turn off a connection limit for one or more services, use the same command, setting the <max conn> parameter to 0 (zero) like this:

b service <service> [...<service>] limit 0


Enabling and disabling TCP and UDP for services


You can enable or disable TCP or UDP for specific services.

To enable or disable TCP for services

The default setting for all TCP services is enabled. Use the following syntax to disable TCP for one or more services:

b service <service> [...<service>] tcp disable

To re-enable TCP, use this syntax:

b service <service> [...<service>] tcp enable


To enable or disable UDP for services

The default setting for all UDP services is disabled. Use the following syntax to enable UDP for one or more services:

b service <service> [...<service>] udp enable

To disable UDP, use this syntax:

b service <service> [...<service>] udp disable


Setting the idle connection timeout

The idle connection timeout attribute specifies, for TCP or UDP services, the number of seconds that transpires before an idle connection is dropped.


To set the idle connection timeout for TCP traffic

To set the TCP timeout on one or more services, where the <seconds> parameter is the number of seconds before an idle connection is dropped, use the following syntax:

b service <service> [<service>...] timeout tcp <seconds>

For example, the following command sets the TCP timeout to 300 seconds for port 53:

b service 53 timeout tcp 300

To turn off TCP timeout for a service, use the above command, setting the <seconds> parameter to zero:

b service 53 timeout tcp 0


To set the idle connection timeout for UDP traffic

To set the UDP timeout on one or more services, where the <seconds> parameter is the number of seconds before an idle connection is dropped, use the following syntax:

b service <service> [<service>...] timeout udp <seconds>

For example, the following command sets the UDP timeout to 300 seconds for port 53:

b service 53 timeout udp 300

To turn off UDP timeout for a service, use the above command, setting the <seconds> parameter to zero:

b service 53 timeout udp 0


Displaying service settings

You can display the settings that you specified for the available service attributes. Thus, this display shows the maximum number of concurrent connections that each service allows, whether TCP or UDP is enabled on each service, and their idle connection timeout values.


To display service settings

Use the following command to display the settings for all services:

b service show

Use the following syntax to display the settings for a specific service or services:

b service <service> [...<service>] show

For example, the command b service http show displays the output shown in Figure 9.1 .

Figure 9.1 Sample output of the bigpipe service show command


SERVICE 80 http tcp enabled timeout 1005 udp disabled timeout 60
(cur, max, limit, tot, reaped) = (0, 0, 0, 0, 0)
(pckts,bits) in = (0, 0), out = (0, 0)