ADC Software Reference Guide - Juniper Networks · ADC Software Reference Guide Software Version 1.4R0.0 Document ID: RDWR-RSLB-V1.4R0.0_RG0711 July, 2011

ADC Software Reference Guide

Software Version 1.4R0.0

Document ID: RDWR-RSLB-V1.4R0.0_RG0711July, 2011


2 Document ID: RDWR-RSLB-V1.4R0.0_RG0711

Document ID: RDWR-RSLB-V1.4R0.0_RG0711 3

Important NoticesThe following important notices are presented in English, French, and German.

Important NoticesThis guide is delivered subject to the following conditions and restrictions: Copyright Radware Ltd. 2006–2011. All rights reserved. The copyright and all other intellectual property rights and trade secrets included in this guide are owned by Radware Ltd.The guide is provided to Radware customers for the sole purpose of obtaining information with respect to the installation and use of the Radware products described in this document, and may not be used for any other purpose. The information contained in this guide is proprietary to Radware and must be kept in strict confidence. It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without the prior written consent of Radware.

Notice importanteCe guide est sujet aux conditions et restrictions suivantes : Copyright Radware Ltd. 2006–2011. Tous droits réservés.Le copyright ainsi que tout autre droit lié à la propriété intellectuelle et aux secrets industriels contenus dans ce guide sont la propriété de Radware Ltd.Ce guide d'informations est fourni à nos clients dans le cadre de l'installation et de l'usage des produits de Radware décrits dans ce document et ne pourra être utilisé dans un but autre que celui pour lequel il a été conçu.Les informations répertoriées dans ce document restent la propriété de Radware et doivent être conservées de manière confidentielle.Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce manuel sans avoir obtenu le consentement préalable écrit de Radware.

Wichtige AnmerkungDieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschränkungen ausgeliefert: Copyright Radware Ltd. 2006–2011. Alle Rechte vorbehalten.Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und Geschäftsgeheimnisse sind Eigentum von Radware Ltd.Dieses Handbuch wird Kunden von Radware mit dem ausschließlichen Zweck ausgehändigt, Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von Radware bereitzustellen. Es darf für keinen anderen Zweck verwendet werden. Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und müssen streng vertraulich behandelt werden. Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung von Radware zu kopieren, vervielfältigen, reproduzieren oder offen zu legen.



Copyright Notices The following copyright notices are presented in English, French, and German.

Copyright NoticesThis product contains work derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm.RSA Data Security, Inc. makes no representations concerning either the merchantability of the MD5 Message-Digest Algorithm or the suitability of the MD5 Message-Digest Algorithm for any particular purpose. It is provided “as is” without expressed or implied warranty of any kind.This product contains code developed by the OpenSSL Project.This product includes software developed by the OpenSSL Project. For use in the OpenSSL Toolkit. (http://www.openssl.org/).Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.This product contains the Rijndael cipher The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public domain and distributed with the following license: @version 3.0 (December 2000)Optimized ANSI C code for the Rijndael cipher (now AES)@author Vincent Rijmen <[email protected]>@author Antoon Bosselaers <[email protected]>@author Paulo Barreto <[email protected]>The OnDemand Switch may use software components licensed under the GNU General Public License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license can be viewed at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.htmlThis code is hereby placed in the public domain.This product contains code developed by the OpenBSD ProjectCopyright (c) 1983, 1990, 1992, 1993, 1995The Regents of the University of California. All rights reserved.Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

This product includes software developed by Markus FriedlThis product includes software developed by Theo de RaadtThis product includes software developed by Niels ProvosThis product includes software developed by Dug SongThis product includes software developed by Aaron CampbellThis product includes software developed by Damien MillerThis product includes software developed by Kevin Steves

http://www.gnu.org/licenses/old-licenses/gpl-2.0.html



This product includes software developed by Daniel KourilThis product includes software developed by Wesley GriffinThis product includes software developed by Per AllanssonThis product includes software developed by Nils NordmanThis product includes software developed by Simon WilkinsonRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

ALL THE SOFTWARE MENTIONED ABOVE IS PROVIDED BY THE AUTHOR “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Notice traitant du copyrightCe produit renferme des codes développés dans le cadre du projet OpenSSL.Ce produit inclut un logiciel développé dans le cadre du projet OpenSSL. Pour un usage dans la boîte à outils OpenSSL (http://www.openssl.org/).Copyright (c) 1998-2005 Le projet OpenSSL. Tous droits réservés. Ce produit inclut la catégorie de chiffre Rijndael. L'implémentation de Rijindael par Vincent Rijmen, Antoon Bosselaers et Paulo Barreto est du domaine public et distribuée sous les termes de la licence suivante :@version 3.0 (Décembre 2000)Code ANSI C code pour Rijndael (actuellement AES)@author Vincent Rijmen <[email protected]>@author Antoon Bosselaers <[email protected]>@author Paulo Barreto <[email protected]>.Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets à source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande auprès de Radware. Une copie de la licence est répertoriée sur:http://www.gnu.org/licenses/old-licenses/gpl-2.0.htmlCe code est également placé dans le domaine public.Ce produit renferme des codes développés dans le cadre du projet OpenSSL.Copyright (c) 1983, 1990, 1992, 1993, 1995Les membres du conseil de l'Université de Californie. Tous droits réservés.




La distribution et l'usage sous une forme source et binaire, avec ou sans modifications, est autorisée pour autant que les conditions suivantes soient remplies :

1. La distribution d'un code source doit inclure la notice de copyright mentionnée ci-dessus, cette liste de conditions et l'avis de non-responsabilité suivant.

2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout autre matériel fourni la notice de copyright mentionnée ci-dessus, cette liste de conditions et l'avis de non-responsabilité suivant.

3. Le nom de l'université, ainsi que le nom des contributeurs ne seront en aucun cas utilisés pour approuver ou promouvoir un produit dérivé de ce programme sans l'obtention préalable d'une autorisation écrite.

Ce produit inclut un logiciel développé par Markus Friedl Ce produit inclut un logiciel développé par Theo de Raadt Ce produit inclut un logiciel développé par Niels Provos Ce produit inclut un logiciel développé par Dug SongCe produit inclut un logiciel développé par Aaron Campbell Ce produit inclut un logiciel développé par Damien Miller Ce produit inclut un logiciel développé par Kevin Steves Ce produit inclut un logiciel développé par Daniel Kouril Ce produit inclut un logiciel développé par Wesley Griffin Ce produit inclut un logiciel développé par Per Allansson Ce produit inclut un logiciel développé par Nils NordmanCe produit inclut un logiciel développé par Simon Wilkinson.La distribution et l'usage sous une forme source et binaire, avec ou sans modifications, est autorisée pour autant que les conditions suivantes soient remplies :

1. La distribution d'un code source doit inclure la notice de copyright mentionnée ci-dessus, cette liste de conditions et l'avis de non-responsabilité suivant.

2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout autre matériel fourni la notice de copyright mentionnée ci-dessus, cette liste de conditions et l'avis de non-responsabilité suivant.

LE LOGICIEL MENTIONNÉ CI-DESSUS EST FOURNI TEL QUEL PAR LE DÉVELOPPEUR ET TOUTE GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS S'Y LIMITER, TOUTE GARANTIE IMPLICITE DE QUALITÉ MARCHANDE ET D'ADÉQUATION À UN USAGE PARTICULIER EST EXCLUE.EN AUCUN CAS L'AUTEUR NE POURRA ÊTRE TENU RESPONSABLE DES DOMMAGES DIRECTS, INDIRECTS, ACCESSOIRES, SPÉCIAUX, EXEMPLAIRES OU CONSÉCUTIFS (Y COMPRIS, MAIS SANS S'Y LIMITER, L'ACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE D'USAGE, DE DONNÉES OU DE PROFITS OU L'INTERRUPTION DES AFFAIRES), QUELLE QU'EN SOIT LA CAUSE ET LA THÉORIE DE RESPONSABILITÉ, QU'IL S'AGISSE D'UN CONTRAT, DE RESPONSABILITÉ STRICTE OU D'UN ACTE DOMMAGEABLE (Y COMPRIS LA NÉGLIGENCE OU AUTRE), DÉCOULANT DE QUELLE QUE FAÇON QUE CE SOIT DE L'USAGE DE CE LOGICIEL, MÊME S'IL A ÉTÉ AVERTI DE LA POSSIBILITÉ D'UN TEL DOMMAGE.

CopyrightvermerkeDieses Produkt enthält einen vom OpenSSL-Projekt entwickelten CodeDieses Produkt enthält vom OpenSSL-Projekt entwickelte Software. Zur Verwendung im OpenSSL Toolkit. (http://www.openssl.org/).Copyright (c) 1998-2005 The OpenSSL Project. Alle Rechte vorbehalten. Dieses Produkt enthält die Rijndael cipherDie Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist öffentlich zugänglich und wird unter folgender Lizenz vertrieben:@version 3.0 (December 2000)



Optimierter ANSI C Code für den Rijndael cipher (jetzt AES)@author Vincent Rijmen <[email protected]>@author Antoon Bosselaers <[email protected]>@author Paulo Barreto <[email protected]>Der OnDemand Switch verwendet möglicherweise Software, die im Rahmen der DNU Allgemeine Öffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschließlich LinuxBios und Filo Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhältlich. Eine Kopie dieser Lizenz kann eingesehen werden unter:http://www.gnu.org/licenses/old-licenses/gpl-2.0.htmlDieser Code wird hiermit allgemein zugänglich gemacht.Dieses Produkt enthält einen vom OpenBSD-Projekt entwickelten CodeCopyright (c) 1983, 1990, 1992, 1993, 1995The Regents of the University of California. Alle Rechte vorbehalten.Die Verbreitung und Verwendung in Quell- und binärem Format, mit oder ohne Veränderungen, sind unter folgenden Bedingungen erlaubt:

1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss beibehalten.

2. Die Verbreitung in binärem Format muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere Materialien, die mit verteilt werden, reproduzieren.

3. Weder der Name der Universität noch die Namen der Beitragenden dürfen ohne ausdrückliche vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete Produkte zu empfehlen oder zu bewerben.

Dieses Produkt enthält von Markus Friedl entwickelte Software Dieses Produkt enthält von Theo de Raadt entwickelte Software Dieses Produkt enthält von Niels Provos entwickelte Software Dieses Produkt enthält von Dug Song entwickelte Software Dieses Produkt enthält von Aaron Campbell entwickelte Software Dieses Produkt enthält von Damien Miller entwickelte Software Dieses Produkt enthält von Kevin Steves entwickelte Software Dieses Produkt enthält von Daniel Kouril entwickelte Software Dieses Produkt enthält von Wesley Griffin entwickelte Software Dieses Produkt enthält von Per Allansson entwickelte Software Dieses Produkt enthält von Nils Nordman entwickelte SoftwareDieses Produkt enthält von Simon Wilkinson entwickelte SoftwareDie Verbreitung und Verwendung in Quell- und binärem Format, mit oder ohne Veränderungen, sind unter folgenden Bedingungen erlaubt:

1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss beibehalten.

2. Die Verbreitung in binärem Format muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere Materialien, die mit verteilt werden, reproduzieren.

SÄMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND ("AS IS") BEREITGESTELLT. JEGLICHE AUSDRÜCKLICHEN ODER IMPLIZITEN GARANTIEN, EINSCHLIESSLICH, DOCH NICHT BESCHRÄNKT AUF DIE IMPLIZIERTEN GARANTIEN DER MARKTGÄNGIGKEIT UND DER ANWENDBARKEIT FÜR EINEN BESTIMMTEN ZWECK, SIND AUSGESCHLOSSEN.UNTER KEINEN UMSTÄNDEN HAFTET DER AUTOR FÜR DIREKTE ODER INDIREKTE SCHÄDEN, FÜR BEI VERTRAGSERFÜLLUNG ENTSTANDENE SCHÄDEN, FÜR BESONDERE SCHÄDEN, FÜR SCHADENSERSATZ MIT STRAFCHARAKTER, ODER FÜR FOLGESCHÄDEN EINSCHLIESSLICH, DOCH NICHT BESCHRÄNKT AUF, ERWERB VON ERSATZGÜTERN ODER ERSATZLEISTUNGEN; VERLUST AN NUTZUNG, DATEN ODER GEWINN; ODER GESCHÄFTSUNTERBRECHUNGEN) GLEICH, WIE SIE ENTSTANDEN SIND, UND FÜR JEGLICHE ART VON HAFTUNG, SEI ES VERTRÄGE,




GEFÄHRDUNGSHAFTUNG, ODER DELIKTISCHE HAFTUNG (EINSCHLIESSLICH FAHRLÄSSIGKEIT ODER ANDERE), DIE IN JEGLICHER FORM FOLGE DER BENUTZUNG DIESER SOFTWARE IST, SELBST WENN AUF DIE MÖGLICHKEIT EINES SOLCHEN SCHADENS HINGEWIESEN WURDE.

Document ConventionsThe following describes the conventions and symbols that this guide uses:

Item Description Description (French) Beschreibung (German)

Example

An example scenario Un scénario d'exemple Ein Beispielszenarium

Caution:

Possible damage to equipment, software, or data

Endommagement possible de l'équipement, des données ou du logiciel

Mögliche Schäden an Gerät, Software oder Daten

Note:

Additional information Informations complémentaires

Zusätzliche Informationen

To

A statement and instructions

Références et instructions

Eine Erklärung und Anweisungen

Tip:

A suggestion or workaround

Une suggestion ou solution

Ein Vorschlag oder eine Umgehung

Warning:

Possible physical harm to the operator

Blessure possible de l'opérateur

Verletzungsgefahr des Bedieners


Table of ContentsImportant Notices .......................................................................................................... 3

Copyright Notices .......................................................................................................... 4

Document Conventions ................................................................................................. 8

Part 1 – Preface ....................................................................................................... 15

Who Should Use This Guide ....................................................................................... 15

What You Will Find In This Guide ................................................................................ 15

Related Documentation ............................................................................................... 15

Part 2 – Configuration Commands........................................................................ 17

Chapter 1 – adc Configuration Commands ................................................................. 19adc ....................................................................................................................................... 19file ........................................................................................................................................ 19flag ....................................................................................................................................... 20internal-unit-range ................................................................................................................ 20no-remote-trace ................................................................................................................... 21traceoptions ......................................................................................................................... 21

Chapter 2 – adc-instance Configuration Commands .................................................. 23adc-instance ........................................................................................................................ 24address ................................................................................................................................ 25broken-handshake-timeout .................................................................................................. 25checksum-validation ............................................................................................................ 25clear-on-tcp-reset ................................................................................................................. 25couple-wap-radius ............................................................................................................... 25cpu-threshold ....................................................................................................................... 26failed-server-loyalty .............................................................................................................. 26family ................................................................................................................................... 26force-full-failback .................................................................................................................. 26group-updates-interval ......................................................................................................... 27health-check-source ............................................................................................................ 27instance-unit ........................................................................................................................ 27no-connections-sync ............................................................................................................ 28tcp-close-timeout ................................................................................................................. 28tcp-port ................................................................................................................................. 28unit ....................................................................................................................................... 29workload-manager ............................................................................................................... 29

Chapter 3 – content-match Configuration Commands ................................................ 31and-higher ............................................................................................................................ 31and-lower ............................................................................................................................. 31binary-pattern ....................................................................................................................... 32binary-value ......................................................................................................................... 32


Table of Contents


content-match ..................................................................................................................... 32case-sensitive ..................................................................................................................... 33depth ................................................................................................................................... 33http-error-message .............................................................................................................. 33http-header .......................................................................................................................... 34no-regular-expression ......................................................................................................... 34offset ................................................................................................................................... 34string ................................................................................................................................... 34text-pattern .......................................................................................................................... 35text-search .......................................................................................................................... 35url-string .............................................................................................................................. 36

Chapter 4 – custom-health-check Configuration Commands ..................................... 37binary-expect ....................................................................................................................... 37binary-send ......................................................................................................................... 38cmd ..................................................................................................................................... 39custom-health-check ........................................................................................................... 39expect .................................................................................................................................. 39open .................................................................................................................................... 40script .................................................................................................................................... 40send .................................................................................................................................... 41tcp-commands ..................................................................................................................... 41udp-commands ................................................................................................................... 41

Chapter 5 – filters Configuration Commands ............................................................ 43accept .................................................................................................................................. 44client-nat .............................................................................................................................. 44connection-timeout .............................................................................................................. 44content-strings ..................................................................................................................... 44content-term ........................................................................................................................ 45destination-address ............................................................................................................. 45destination-nat ..................................................................................................................... 45destination-port ................................................................................................................... 45discard ................................................................................................................................. 46exclude-by-content .............................................................................................................. 46filters .................................................................................................................................... 47first-request-only ................................................................................................................. 47from ..................................................................................................................................... 48go-to .................................................................................................................................... 48group ................................................................................................................................... 48http-redirect ......................................................................................................................... 49load-balance ........................................................................................................................ 49load-balancing-hash ............................................................................................................ 49log ....................................................................................................................................... 50match-content ..................................................................................................................... 50no-cache-request ................................................................................................................ 50non-get-request ................................................................................................................... 51per-packet-load-balancing ................................................................................................... 51


Table of Contents


persistency ........................................................................................................................... 51protocol ................................................................................................................................ 52request-with-cookie .............................................................................................................. 52select-by-content ................................................................................................................. 52server-listening-port ............................................................................................................. 53source-address .................................................................................................................... 53source-port ........................................................................................................................... 53sync-connections ................................................................................................................. 54tcp-flags ............................................................................................................................... 54term ...................................................................................................................................... 54then ...................................................................................................................................... 54web-cache-redirection ......................................................................................................... 55

Chapter 6 – groups Configuration Commands ........................................................... 57always-up ............................................................................................................................. 58availability-threshold ............................................................................................................ 58backup-group ....................................................................................................................... 58backup-real-server ............................................................................................................... 58direct-server-return .............................................................................................................. 59dns ....................................................................................................................................... 59dnstcp .................................................................................................................................. 59ftp ......................................................................................................................................... 59group-health-formula ........................................................................................................... 59group-unit ............................................................................................................................. 60groups .................................................................................................................................. 60health-check ........................................................................................................................ 60http ....................................................................................................................................... 61imap ..................................................................................................................................... 61ldap ...................................................................................................................................... 61load-balancing-method ........................................................................................................ 62nntp ...................................................................................................................................... 62ping ...................................................................................................................................... 63pop3 ..................................................................................................................................... 63radius ................................................................................................................................... 63rtsp ....................................................................................................................................... 64script .................................................................................................................................... 64server-warm-up-time ............................................................................................................ 64sip ........................................................................................................................................ 64smtp ..................................................................................................................................... 65snmp .................................................................................................................................... 65ssl-hello ................................................................................................................................ 65tcp ........................................................................................................................................ 66tftp ........................................................................................................................................ 66wap ...................................................................................................................................... 66work-load-manager .............................................................................................................. 66wsp ...................................................................................................................................... 67wtls ....................................................................................................................................... 67


Table of Contents


wtp ....................................................................................................................................... 67wts ....................................................................................................................................... 68

Chapter 7 – real-server Configuration Commands .................................................... 69address ............................................................................................................................... 69allow-ldap-write ................................................................................................................... 70avoid-http-strings ................................................................................................................. 70backup-real-server .............................................................................................................. 70buddy-server ....................................................................................................................... 71buddy-service-port .............................................................................................................. 71client-nat .............................................................................................................................. 71connection-timeout .............................................................................................................. 71content-strings ..................................................................................................................... 72description ........................................................................................................................... 72do-not-preempt .................................................................................................................... 72failure-retries ....................................................................................................................... 73group ................................................................................................................................... 73health-check ........................................................................................................................ 73interval ................................................................................................................................. 73listening-ports ...................................................................................................................... 74max-connections ................................................................................................................. 74real-servers ......................................................................................................................... 75recovery-retries ................................................................................................................... 75use-when-overflow .............................................................................................................. 76weight .................................................................................................................................. 76

Chapter 8 – router-interfaces Configuration Commands ........................................... 77client-facing ......................................................................................................................... 77family ................................................................................................................................... 77ms-interfaces ....................................................................................................................... 78nat-address ......................................................................................................................... 78nat-address-range ............................................................................................................... 78router-interfaces .................................................................................................................. 79server-facing ....................................................................................................................... 79unit ...................................................................................................................................... 80

Chapter 9 – virtual-server and virtual-service Configuration Commands .................. 81add-x-forwarded-for ............................................................................................................. 82address ............................................................................................................................... 82allow-write-servers .............................................................................................................. 82close-unknown-ports ........................................................................................................... 82connection-pooling .............................................................................................................. 82cookie-name ........................................................................................................................ 83description ........................................................................................................................... 83dns-virtual-service ............................................................................................................... 83domain-name ...................................................................................................................... 84efficient-memory-use ........................................................................................................... 84fast-load-balancing .............................................................................................................. 84ftp-virtual-service ................................................................................................................. 84


Table of Contents


group .................................................................................................................................... 85groups .................................................................................................................................. 85hostname ............................................................................................................................. 86http-parsing-depth ................................................................................................................ 86http-virtual-service ............................................................................................................... 87insert .................................................................................................................................... 87inspect ................................................................................................................................. 88ldap-virtual-service ............................................................................................................... 89persistency ........................................................................................................................... 89persistency cookie ............................................................................................................... 91persistent-timeout ................................................................................................................ 91plain-virtual-service .............................................................................................................. 92port ....................................................................................................................................... 92protocol ................................................................................................................................ 93radius-authentication ........................................................................................................... 93radius-legacy-ports .............................................................................................................. 93rewrite .................................................................................................................................. 94rtsp-virtual-service ............................................................................................................... 94select-by-content ................................................................................................................. 95server-listening-port ............................................................................................................. 97service-timeout .................................................................................................................... 98sip-virtual-service ................................................................................................................. 98source-port-in-hash .............................................................................................................. 99ssl-virtual-service ................................................................................................................. 99syn-protection ................................................................................................................... 100sync-connections .............................................................................................................. 100tftp-virtual-service ............................................................................................................. 101virtual-server ..................................................................................................................... 102wap-virtual-service ............................................................................................................ 103wts-virtual-service ............................................................................................................. 103

Part 3 – Operational Commands.......................................................................... 105

Chapter 10 – adc-instance Operational Commands ............................................... 107show extensions adc status .............................................................................................. 107show extensions adc cpu .................................................................................................. 108show extensions adc license-info ..................................................................................... 109show extensions adc nat .................................................................................................. 110show extensions adc workload-manager .......................................................................... 111clear extensions adc statistics .......................................................................................... 111

Chapter 11 – connection-table Operational Commands ......................................... 113show extensions adc connection-table ............................................................................. 113clear extensions adc connection-entry ............................................................................. 116clear extensions adc connection-table .............................................................................. 117clear extensions adc persistency-entry ............................................................................. 117clear extensions adc persistency-table ............................................................................. 118

Chapter 12 – content-match Operational Commands ............................................. 121


Table of Contents


show extensions adc strings-statistics .............................................................................. 121

Chapter 13 – filters Operational Commands ........................................................... 123show extensions adc filters term ....................................................................................... 123show extensions adc filters load-balance .......................................................................... 123show extensions adc filters maintenance .......................................................................... 124

Chapter 14 – group Operational Commands ........................................................... 125show extensions adc group ............................................................................................... 125

Chapter 15 – internal and maintenance Operational Commands ........................... 127show extensions adc internal ............................................................................................ 127request extensions adc maintenance dump-and-restart ................................................... 130request extensions adc maintenance information ............................................................. 130

Chapter 16 – real-server Operational Commands ................................................... 133show extensions adc real-server ....................................................................................... 133request extensions adc disable ......................................................................................... 135request extensions adc enable ......................................................................................... 135

Chapter 17 – virtual-server and services Operational Commands .......................... 137show extensions adc virtual-server ................................................................................... 137show extensions adc dns .................................................................................................. 139show extensions adc ftp .................................................................................................... 140show extensions adc http .................................................................................................. 142show extensions adc ldap ................................................................................................. 144show extensions adc plain-virtual-service ......................................................................... 145show extensions adc rtsp .................................................................................................. 146show extensions adc sip ................................................................................................... 148show extensions adc ssl ................................................................................................... 150show extensions adc tftp ................................................................................................... 151show extensions adc wap ................................................................................................. 152show extensions adc wts .................................................................................................. 154

Index....................................................................................................................... 157


Preface


Part 1 – Preface

Juniper Networks® Application Delivery Controller (ADC) for the MX Series 3D Universal Edge Router offers advanced router-integrated ADC functions that enables service providers and enterprises to efficiently scale service capacity and increase service performance. Routers are already ubiquitously deployed throughout the network: at the network edge, in the network core, and in the data center. Integrating the advanced ADC with the carrier-grade MX3D router promotes network consolidation and reduces the number of network elements that providers must rack, power, cool, maintain, and upgrade. Furthermore, the ADC software, which is optionally licensed, improves service resiliency by monitoring server and application health and by automatically bypassing failures.This guide describes the commands used by the ADC software.

Who Should Use This GuideThis guide is intended for network installers and system administrators engaged in configuring and maintaining a network. The administrator should be familiar with Ethernet concepts, IP addressing, and SNMP configuration parameters.

What You Will Find In This GuideThe guide is divided into separate parts and chapters. Each chapter contains an alphabetical list of the ADC software commands and statements.

Related Documentation• ADC Software Release Notes• ADC Software User Guide• ADC Software Troubleshooting Guide

ADC Software Reference Guide Preface



Configuration Commands


Part 2 – Configuration Commands

This part includes the command-line interface (CLI) commands available for the configuration of the ADC Software. It is subdivided into chapters and each command in each section is alphabetized for easy use.Configuration Commands includes the following chapters:• adc Configuration Commands• adc-instance Configuration Commands• content-match Configuration Commands• custom-health-check Configuration Commands• filters Configuration Commands• groups Configuration Commands• real-server Configuration Commands• router-interfaces Configuration Commands• virtual-server and virtual-service Configuration Commands

ADC Software Reference Guide Configuration Commands




Chapter 1 – adc Configuration CommandsThis chapter includes the command-line interface (CLI) commands available for configuring the main ADC.This chapter includes the following commands, organized alphabetically:• adc• file• flag• internal-unit-range• no-remote-trace• traceoptions

adc

file

Syntax adc {internal-unit-range from start-number to end-number;adc-instance adc-name {

...}traceoptions {

...}

}

Hierarchy Level [edit extensions]

Release Information Command introduced in ADC software for Junos OS Release 1.4R0.0.

Description Specifies the Application Delivery Controller (ADC) software extension name.

Options The remaining statements are explained separately.

Related Documentation

See also “Configuring a Juniper Network Device for SLB” in the ADC Software Users Guide.

Syntax file name <size size-value> <files number> <match match-value> <no-world-readable | world-readable>;

Hierarchy Level [edit extensions adc traceoptions]

Release information Command introduced in ADC software for Junos OS Release 1.4R0.0.



flag

internal-unit-range

Description Specifies the name of the file to receive the output of the tracing operation.

Options name—The name of the trace file into which the trace information is logged.files number—(Optional) Sets the maximum number of trace files. When a trace file reaches its maximum size, it is renamed with a “.0” extension, then a “.1” extension, and so on, until the maximum number of trace files is reached. Then the oldest trace file is overwritten. If you specify a maximum number of trace files, you must also specify a maximum size.

Range: 2 through 1000Default: 3

match match-value—(Optional) Enter the expression to use for the lines being logged.size size-value—(Optional) Sets the maximum trace file size. If you specify a maximum size, you must also specify a maximum number of trace files.


no-world-readable—(Optional) Do not allow any user access to read the log file. This option is mutually exclusive with the world-readable option.world-readable—(Optional) Allows any user access to read the log file. This option is mutually exclusive with the no-world-readable option.

Syntax flag all | configuration | connection | dfw | kcom | license | mibs | normal;



Description Specifies the tracing operation to perform. To specify more than one tracing operation, include multiple flag statements.

Options all—Trace everything.configuration—Trace configuration events.connection—Trace connection events.dfw—Trace SSD and DFW related events.kcom—Trace kernal communication events.license—Trace license events.mibs—Trace MIB events.normal—Trace normal events. Without this flag, only unusual and abnormal events are traced.

Syntax internal-unit-range from start-number to end-number;

Hierarchy Level [edit extensions adc]




no-remote-trace

traceoptions

Description Used for Direct Server Return configurations.Enter the number for the first internal unit that will be used with this load-balancing instance, then enter the number for the last internal unit that will be used with this load-balancing instance. Valid entries for each portion of the range are 1 to 16,385.

Options from start-number—Subunit range start.Range: 1 through 16385

to end-number—Subunit range end. The to value must be larger than the from value.

Range: 1 through 16385

Syntax no-remote-trace;



Description (Optional) Disables remote tracing.

Syntax traceoptions {file name <size size-value> <files number> <match match-value>

<no-world-<readable | world-readable>;flag all | configuration | connection | dfw | kcom | license | mibs |

normal;no-remote-trace;

}



Description Specifies the ADC trace options.






Chapter 2 – adc-instance Configuration CommandsThis chapter includes the command-line interface (CLI) commands available for configuring specific ADC instances.This chapter includes the following commands, organized alphabetically:• adc-instance• address• broken-handshake-timeout• checksum-validation• clear-on-tcp-reset• couple-wap-radius• cpu-threshold• failed-server-loyalty• family• force-full-failback• group-updates-interval• health-check-source• instance-unit• no-connections-sync• tcp-close-timeout• tcp-port• unit• workload-manager



adc-instance

Syntax adc-instance adc-name {broken-handshake-timeout timeout;checksum-validation;clear-on-tcp-reset;content-match {

...}couple-wap-radius;cpu-threshold threshold-number;custom-health-check {

...}failed-server-loyalty;filters {

...}force-full-failback;groups {

...}group-updates-interval interval-time;health-check-source {

...}instance-unit number;no-connections-sync;real-servers {

...}router-interfaces {

...}tcp-close-timeout timeout;virtual-server name {

...}workload-manager name {

...}

}



Description Specifies the ADC instance configuration.

Options adc-name—Name of the ADC instance to create or edit.The remaining statements are explained separately.


adc on page 19 (adc Configuration Commands)



address

broken-handshake-timeout

checksum-validation

clear-on-tcp-reset

couple-wap-radius

Syntax address ip-address;

Hierarchy Level [edit extensions adc adc-instance adc-name health-check-source unit unit-number family family-name],[edit extensions adc adc-instance adc-name workload-manager name]


Description Specifies the source IP address.

Options ip-address—Configures the IP address.

Syntax broken-handshake-timeout timeout;

Hierarchy Level [edit extensions adc adc-instance adc-name]


Description Specifies the timeout for incomplete delayed bind connection (10 to 60 seconds).

Options timeout—The amount of time, in seconds.Range: 10 through 60Default: 30

Syntax checksum-validation;



Description Uses TCP checksum validation for SYN-protected traffic.

Syntax clear-on-tcp-reset;



Description Immediately clears connections that were closed by a TCP reset from the connection-table.

Syntax couple-wap-radius;



Description Specifies that when any RADIUS or WAP service health check fails, all the RADIUS or WAP groups fail.



cpu-threshold

failed-server-loyalty

family

force-full-failback

Syntax cpu-threshold threshold-number;



Description Specifies the CPU threshold used for alerts (1 to 100). When the CPU load exceeds the configured number, a trap and system log message are sent.

Options threshold-number—Enter a value for the CPU use threshold.Range: 1 through 100Default: 85

Syntax failed-server-loyalty;



Description Keeps existing sessions bound to a failed server. When this command is set, state information about existing sessions to a failed server is maintained and traffic associated with existing sessions continues to be sent to the server.

Syntax family {family-name {

address ip-address;}

Hierarchy Level [edit extensions adc adc-instance adc-name health-check-source unit unit-number]


Description Specifies the family of addresses.

Options family-name—Enter a family address. This must be set to INET.Value: Only INET (IPv4 protocol) addresses are allowed.

The remaining statements are explained separately.

Syntax force-full-failback;




group-updates-interval

health-check-source

instance-unit


Description Moves all connections to the main server if a failback instance occurs.When the master real server resumes service, all connections associated to the backup server are immediately moved to the main server. By default (when this parameter is not set), when the master real server resumes service, new connections are sent to the master server but existing connections are bound to the backup server until they are closed or timed out.

Syntax group-updates-interval interval-time;



Description Defines the frequency of updating real server information when using response time or bandwidth load-balancing methods.

Options interval-time—Enter the update frequency time in seconds.Range: 1 through 256Default: 60

Syntax health-check-source {unit unit-number {

family {family-name {

address ip-address;}

}}

}



Description Specifies the source IP address used for health checks sent to real servers. A health-check source address must be set for each unit on which real servers are configured, in order to allow sending health checks to the servers.


Syntax instance-unit unit-number;



Description Specifies the default logical interface number for the adc-instance (0 to 16385).

Note: To allow for more granular configurations, units can be defined for a group of servers or specifically for a real server.



no-connections-sync

tcp-close-timeout

tcp-port

Output unit-number—Enter the default interface number.Range: 0 through 16385Default: 0


group-unit on page 60 (groups Configuration Commands)address on page 69 (real-server Configuration Commands)

Syntax no-connections-sync;



Description Sets the ADC software not to synchronize connection information to a backup RMS interface (virtual services and filters).


sync-connections on page 54 (filters Configuration Commands)sync-connections on page 100 (virtual-server and virtual-service Configuration Commands)

Syntax tcp-close-timeout timeout;



Description Specifies the amount of time after the TCP closes before the connection is removed from the connection table (21-8 seconds).

Options timeout—The time in seconds after a TCP sesion closes (for example, with FIN) until it is removed from the connection table. The value you enter here is the “to the power of” amount from a base of 2 seconds. For example, if you enter “2”, the result will be a 4 second timeout (2 seconds base to the power of 2, or 2 x 2 = 4).

Range: 1 through 8; this corresponds to a result of: 2, 4, 8, 16, 32, 64, 128, and 256 seconds.Default: 1 (2 seconds)


sync-connections on page 54 (filters Configuration Commands)sync-connections on page 100 (virtual-server and virtual-service Configuration Commands)

Syntax tcp-port port;

Hierarchy Level [edit extensions adc adc-instance adc-name workload-manager name]


Description Configures the TCP port number to use for the workload manager.

Options port—Enter the port number to use.



unit

workload-manager

Syntax unit unit-number {family {

family-name {address ip-address;

}}

}

Hierarchy Level [edit extensions adc adc-instance adc-name health-check-source]


Description Selects the number of the unit to edit.

Options unit-number—Enter the number of the unit to edit. A health-check source address must be set for each unit on which real servers are configured, in order to allow sending health checks to the servers.The remaining statements are explained separately.

Syntax workload-manager name {address ip-address;tcp-port port;

}



Description Configures the workload-manager per adc-instance; its internal identifying name, its IP address and TCP port. The workload manager uses the Server/Application State Protocol (SASP) to monitor server resources and provide additional input for load balancing decisions.When servers of a group are managed by a workload manager, you can associate this workload manager to the group.

Options name—Enter the name of the workload manager.


groups on page 60 (groups Configuration Commands)work-load-manager on page 66 (groups Configuration Commands)





Chapter 3 – content-match Configuration CommandsThis chapter includes the command-line interface (CLI) commands available for configuring items to match specific content as defined by the user.This chapter includes the following commands, organized alphabetically:• and-higher• and-lower• binary-pattern• binary-value• content-match• case-sensitive• depth• http-error-message• http-header• no-regular-expression• offset• string• text-pattern• text-search• url-string

and-higher

and-lower

Syntax and-higher;

Hierarchy Level [edit extensions adc adc-instance adc-name content-match string string-name binary-pattern binary-value]


Description Sets the ADC software to search for values equal to or higher than the value entered.

Syntax and-lower;

Hierarchy Level [edit extensions adc adc-instance adc-name content-match string string-name binary-pattern binary-value]


Description Sets the ADC software to search for values equal to or lower than the value entered.



binary-pattern

binary-value

content-match

Syntax binary-pattern {binary-value {

value;and-higher;and-lower;

}offset offset-value;depth depth-value;

}

Hierarchy Level [edit extensions adc adc-instance adc-name content-match string string-name]


Description Specifies the binary-pattern search option for content-matching.


Syntax binary-value {value;and-higher;and-lower;

}

Hierarchy Level [edit extensions adc adc-instance adc-name content-match string string-name binary-pattern]


Description Specifies the value for which the ADC software should search in a binary-pattern search.

Options value—A binary value.The remaining statements are explained separately.

Syntax content-match {case-sensitive;custom-http-methods [method method];http-error-message text;string string-name {

[ binary-pattern | text-pattern | text-search ];}

}



Description Sets strings used for content-based load balancing.



case-sensitive

depth

http-error-message



adc-instance on page 24 (adc-instance Configuration Commands)content-strings on page 44 (filters Configuration Commands)exclude-by-content on page 46 (filters Configuration Commands)http-redirect on page 49 (filters Configuration Commands)content-strings on page 72 (real-server Configuration Commands)

Syntax case-sensitive;

Hierarchy Level [edit extensions adc adc-instance adc-name content-match]


Description Uses case-sensitive text search matching.

Syntax depth number;

Hierarchy Level [edit extensions adc adc-instance adc-name content-match string (content-match) string-name binary-value],[edit extensions adc adc-instance adc-name content-match string (content-match) string-name text-pattern]


Description Specifies the number of bytes in the IP packet that should be examined from either the beginning of the packet or from the offset value.

Default: 0 (beginning of the packet)

Syntax http-error-message text;

Hierarchy Level [edit extensions adc adc-instance adc-name content-match]


Description Specifies the custom message sent to HTTP users when there is no available server.The error message is sent when the device responds with the “HTTP/1.0 503 – service unavailable” message. If an HTTP error message exists, it is appended to the response just before the 503 error message. The default is not to append anything to the 503 error message.

Options text—Enter a custom message to send to HTTP users when a server is not available.

Length: 31 chars (maximum)



http-header

no-regular-expression

offset

stringThe command “string” is executed from different areas of the command hierarchy. Select one of the following options depending on which area of the hierarchy you are using:• string (content-match)• string (text-search)

string (content-match)

Syntax http-header header-name [value header-value];

Hierarchy Level [edit extensions adc adc-instance adc-name content-match string string-name text-search]


Description Sets the HTTP header name and value.

Options header-name—Sets the HTTP header name.header-value—Sets the HTTP-header value.

Syntax no-regular-expression;



Description Specifies the ADC software does not evaluate the string as a regular expression, even when it contains regular expression characters. This is required when variables are used in the matched content, such as $HOST or $URL.

Syntax offset number;

Hierarchy Level [edit extensions adc adc-instance adc-name content-match offset string-name binary-pattern],[edit extensions adc adc-instance adc-name content-match string string-name text-pattern]


Description Specifies the byte count from the start of the string from which to start a search operation.

Default: 0 (beginning of the string)

Syntax string string-name {[ binary-pattern | text-pattern | text-search ]

}




string (text-search)

text-pattern

text-search


Description Sets the name of the string used for content-based load balancing. The search can use one of: binary-pattern, text-pattern, or text-search.

Options string-name—Enter the name of the string to use for the content-based load balancing.The remaining statements are explained separately.

Syntax string ascii;

Hierarchy Level [edit extensions adc adc-instance adc-name content-match string string-name text-pattern]


Description Sets the name of the string used for content-based load balancing. The search can use one of: binary-pattern, text-pattern, or text-search.

Options string-name—Enter the name of the string to use for the content-based load balancing.The remaining statements are explained separately.

Syntax text-pattern {string ascii;offset offset-value;depth depth-value;

}



Description Specifies the text-pattern search option for content matching.


Syntax text-search {http-header header-name [ value header-value ];url-string url;no-regular-expression;

}



Description Specifies the text-based search option for content matching.




url-string

Syntax url-string url;



Description Specifies the host and path for HTTP or Real-Time Streaming Protocol (RTSP), hostname for DNS. Regular expressions are supported.

Options url—Sets the host and path for HTTP or RTSP or the hostname for DNS. Regular expressions are supported.



Chapter 4 – custom-health-check Configuration CommandsThis chapter includes the command-line interface (CLI) commands available for configuring custom health checks for the ADC instance.This chapter the following commands, organized alphabetically:• binary-expect• binary-send• cmd• custom-health-check• expect• open• script• send• tcp-commands• udp-commands

binary-expect

Syntax binary-expect hexadecimal-value <depth number> <offset number> <wait interval>;

Hierarchy Level [edit extensions adc adc-instance adc-name custom-health-check script script-name tcp-commands name cmd cmd-id],[edit extensions adc adc-instance adc-name custom-health-check script script-name udp-commands name cmd cmd-id]


Description Used in the cmd parameter line of a script to specify the binary content to expect from the server response packet in hexadecimal format.



binary-send

Options hexadecimal-value—Specifies the content to expect from the server response packet using hexadecimal format.depth number—Specifies the number of bytes in the IP packet that should be examined. If no offset value is specified, depth is specified from the beginning of the packet.

Default: The default value is the length of the content.offset number—Specifies the offset from the beginning of the binary data area to start matching the content specified in the binary-expect command. The offset command is supported for both UDP- and TCP-based health checks. If you require an offset, specify the offset command after a binary-expect command.

Default: 0wait interval—Specifies a wait interval before the expected response is returned. The wait interval begins when the send string is sent from the ADC software. If the expected response is received within the interval, the wait step passes. Otherwise, the health check fails. The wait interval is expressed in units of milliseconds. When the wait interval is not specified, the script waits according to the real server configured interval.



See “Script-Based Health Checks” in the ADC Software Users Guide for examples of scripts using the cmd parameter.tcp-commands on page 41 (custom-health-check Configuration Commands)udp-commands on page 41 (custom-health-check Configuration Commands)

Syntax binary-send hexidecimal-value;



Description Used in the cmd parameter line of a script to specify binary content in hexadecimal format.

Options hexidecimal-value—Specifies the binary content to send using raw hexadecimal format for the request packet.





cmd

custom-health-check

expect

Syntax cmd cmd-id <open | send | binary-send | expect | binary-expect >;

Hierarchy Level [edit extensions adc adc-instance adc-name custom-health-check script script-name tcp-commands name],[edit extensions adc adc-instance adc-name custom-health-check script script-name udp-commands name]


Description Specifies the command ID for the commands to be used. Multiple command lines are usually required in order to specify a full script.

Options cmd-id—Enter the command ID.



Syntax custom-health-check {script script-name {

tcp-commands tcp-name {cmd cmd-id <open | send | binary-send | expect | binary-expect >;

}udp-commands udp-name {

cmd cmd-id <open | send | binary-send | expect | binary-expect >;}

}}



Description Specifies the customized health-check option based on scripts.



adc-instance on page 24 (adc-instance Configuration Commands)

Syntax expect text <wait interval>;



Description Used in the cmd parameter line of a script to specify the content to expect in raw hexadecimal format.



open

script

Options text—Specifies the content to expect using raw hexadecimal format.wait interval—Specifies a wait interval before the expected response is returned. The wait interval begins when the send string is sent from the ADC software. If the expected response is received within the interval, the wait step passes. Otherwise, the health check fails. The wait interval is expressed in units of milliseconds. When the wait interval is not specified, the script waits according to the real server configured interval.




Syntax open port;



Description Used in the cmd parameter line of a script to open a specific real-server port.

Options port—Specifies which destination real-server UDP port to use; for example, open 9201.



Syntax script script-name {tcp-commands tcp-name {cmd cmd-id <open | send | binary-send | expect | binary-expect>;

udp-commands udp-name {cmd cmd-id <open | send | binary-send | expect | binary-expect>;

}}

Hierarchy Level [edit extensions adc adc-instance adc-name custom-health-check]


Description Specifies the name of the script to use in a custom health check. A script is made up of one or more TCP or UDP command containers. A script can contain any number of these containers, up to the allowable number of characters that a script supports.



send

tcp-commands

udp-commands

Options script-name—Sets the name of the script to use for health-checking the server.The remaining statements are explained separately.


health-check on page 60 (groups Configuration Commands)

Syntax send text;



Description Used in the cmd parameter line of a script to send designated content in hexadecimal format.

Options text—Specifies the send content in raw hexidecimal format.



Syntax tcp-commands tcp-name {cmd cmd-id <open | send | binary-send | expect | binary-expect >;

Hierarchy Level [edit extensions adc adc-instance adc-name custom-health-check script script-name]


Description Specifies the TCP commands for the script used for custom health checks. It is a container for one or more commands.

Options tcp-name—The name of the TCP command set to edit or add.The remaining statements are explained separately.


script on page 40 (custom-health-check Configuration Commands)

Syntax udp-commands udp-name {cmd cmd-id <open | send | binary-send | expect | binary-expect>;

Hierarchy Level [edit extensions adc adc-instance adc-name custom-health-check script script-name]




Description Specifies the UDP commands for the script used for custom health checks. It is a container for one or more commands.

Options udp-name—The name of the UDP command to edit or add.The remaining statements are explained separately.





Chapter 5 – filters Configuration CommandsThis chapter includes the command-line interface (CLI) commands available for configuring the filters used by the ADC software.This chapter the following commands, organized alphabetically:• accept• client-nat• connection-timeout• content-strings• content-term• destination-address• destination-nat• destination-port• discard• exclude-by-content• filters• first-request-only• from• go-to• group• http-redirect• load-balance• load-balancing-hash• log• match-content• no-cache-request• non-get-request• per-packet-load-balancing• persistency• protocol• request-with-cookie• select-by-content• server-listening-port• source-address• source-port• sync-connections• tcp-flags• term• then• web-cache-redirection



accept

client-nat

connection-timeout

content-strings

Syntax accept;

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name then]


Description Accepts the packet. The packet is processed according to its destination: either handled by the ADC software virtual services or by the router and sent to its destination.

Syntax client-nat;

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name then load-balance]


Description Uses client-IP address translation.

Note: The client-nat address is taken from the Multiservices-DPC PIC configuration. If no NAT address is present, traffic will drop.


nat-address on page 78 (router-interfaces Configuration Commands)nat-address-range on page 78 (router-interfaces Configuration Commands)

Syntax connection-timeout minutes;



Description Sets the timeout amount, in minutes, for inactive connections.

Options minutes—Timeout amount for inactive connection.Range: 1 through 32768Default: 4

Syntax content-strings [string-name string-name];

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name then content-term match-content]


Description Defines content match criteria.

Options string-name—Enter the content strings to match against.


string on page 34 (content-match Configuration Commands)



content-term

destination-address

destination-nat

destination-port

Syntax content-term {match-content {

content-strings [string-name string-name];first-request-only;

}then {

discard;http-redirect {

from;log;

}}



Description Matches content by selected action. Non-matched traffic is matched against further non-content terms.



See also “Regular Expression Matching” in the ADC Software User Guide.

Syntax destination-address prefix/prefix-length;

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name from]


Description Matches the IP destination address prefix; for example, 1.1.1.1/24.

Options prefix/prefix-length—Specify the address prefix and prefix length. Default: If you omit the prefix-length, it defaults to /32.

Syntax destination-nat;



Description Translates the destination address to the real server address. When this flag is not set, only the destination MAC is changed (from the virtual address MAC to the MAC of the cache server). The destination IP address remains unchanged.

Syntax destination-port port to port;





discard

exclude-by-content

Description Matches the TCP/UDP destination port.

Options port—Enter one port or the first of a range of ports.Range: 0 through 65534Default: 0 (destination port is not part of the search criteria)

to port—(Optional) Enter the last of a range of ports. This port must be higher than the first port entered.


Syntax discard;

Hierarchy Level [edit extensions adc adc-instance adc\name filters term name then],[edit extensions adc adc-instance adc-name filters term name then content-term then]


Description Discards the packet.

Syntax exclude-by-content [string-name string-name];



Description Defines content that is accepted and not sent to the server. Client requests that include this content are sent directly through to the original destination. Other client requests are load-balanced among the servers in the group.

Options string-name—Enter the content strings to match against.


content-match on page 32 (content-match Configuration Commands)



filters

first-request-only

Syntax filters {term term-name {

from {...

}then {

log;per-packet-load-balancing;[accept | content-term | discard | go-to | http-redirect | load-

balance]}

}web-cache-redirection {

...}

}



Description Sets the traffic filters, primarily used for transparent redirection. Traffic coming from client-facing interfaces is matched against filters. Servers must be connected to server-facing interfaces. The order of the filter term matching process is according to the order the terms appear in the configuration. You can move terms around by using Juniper Networks CLI commands.




Syntax first-request-only;

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name then content-term match-content]


Description Used to check the first HTTP request only. When set, the search will not match subsequent requests.



from

go-to

group

Syntax from {destination-address prefix/prefix-length;destination-port {

from-port [to to-port];}protocol;source-address prefix/prefix-length;source-port {

from-port [to to-port];}tcp-flags;

}

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name]


Description Defines match criteria for this filter term. When a connection is matching the from criteria, the action, as defined in the then clause of that filter, is performed.

Syntax go-to term;



Description Specifies that when a match occurs, the software should skip to the designated term.

Options term—Enter the name of the term. This is the term that will be skipped to if a match occurs.

Note: The target term must appear further down the list than the currently evaluated term.

Syntax group name;



Description Specifies the real server group. Transparent redirection is used by default.


groups on page 60 (groups Configuration Commands)



http-redirect

load-balance

load-balancing-hash

Syntax http-redirect {match-string to destination-string;

}

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name then],[edit extensions adc adc-instance adc-name filters term name then content-term then]


Description Specifies the HTTP redirection strings.

Note: Multiple pairs of match-string to destination-string can be defined.

Options match-string—Enter a content-match string. When matched, HTTP redirection to the destination-string is sent.to destination-string—Enter a content-match string. When the match-string appears in a client request, an HTTP redirection to the destination-string is sent to the client.Range: Content-match strings



Syntax load-balance {group name;connection-timeout minutes;server-listening-port port;load-balancing-hash <destination-ip-and-port | source-ip | source-ip- and-port | destination-ip | source-and-destination | by-http-header <host | user-agent | user-define string length string-length>;

select-by-content;client-nat;persistency client-ip;destination-nat;sync-connections;exclude-by-content [string-name string-name];

}



Description Load balances traffic to a group of real servers.


Syntax load-balancing-hash <destination-ip-and-port | source-ip | source-ip-and-port | destination-ip | source-and-destination | by-http-header <host | user-agent | user-define string length string-length>;




log

match-content

no-cache-request


Description Specifies the server selection hash criteria. The selection implies the persistency type.

Options by-http-header—Hash based on HTTP header parameters.• host—Hash based on the HTTP host header.• user-agent—Hash based on the HTTP header User-agent.• user-define string—User-defined string header.• length string-length—User-defined string length.

Range: 1 through 255destination-ip—Hash based on destination IP address.destination-ip-and-port—Hash based on destination IP address and port.source-and-destination—Hash based on both source and destination.source-ip—Hash based on source IP address.source-ip-and-port—Hash based on source IP address and port.

Syntax log;

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name then content-term then]


Description Logs the packet to the system logs (syslog).

Syntax match-content {content-strings [string-name string-name];first-request-only;

}

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name then content-term]


Description Defines content match criteria.




Syntax no-cache-request <match-url | pass-through>;

Hierarchy Level [edit extensions adc adc-instance adc-name filters web-cache-redirection]




non-get-request

per-packet-load-balancing

persistency

Description Determines the behavior for requests that contain Cache-Control: no-cache in HTTP/1.1 header, or Pragma: no-cache in HTTP/1.0 header.It controls whether client requests with no-cache indication are sent to the destination server or use the filter configuration to determine behavior.

Options match-url—The URI in no-cache requests is compared against the filter configuration to determine behavior.pass-through—All no-cache requests are sent to the destination server; such requests do not go through filter processing.

Default: pass-through

Syntax non-get-request <match-url | pass-through>;



Description Determines the behavior for non-GET requests. It controls whether client non-GET requests are sent to the destination server or use the filter configuration to determine behavior.

Options match-url—The URI in non-GET requests is compared against the filter configuration to determine behavior.pass-through—All non-GET requests are sent to the destination server; such requests do not go through filter processing.

Default: pass-through

Syntax per-packet-load-balancing;

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name],[edit extensions adc adc-instance adc-name virtual-server name dns-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name plain-virtual-service name]


Description Enables per-packet load balancing. This type of load balancing does not use the connection table.

Syntax persistency client-ip;



Description Sets the server’s persistency criteria.

Options client-ip—Set session persistence based on using the source IP address as the key identifier for the connection.



protocol

request-with-cookie

select-by-contentThe command “select-by-content” is executed from different areas of the command hierarchy. Select one of the following options depending on which area of the hierarchy you are using:• select-by-content (web-cache-redirection)• select-by-content (load-balance)

select-by-content (web-cache-redirection)

Syntax protocol value;



Description Matches the IP protocol type.

Options value—(Optional) TCP or UDP. To match both protocols, do not set a value for this command.

Values: TCP or UDPDefault: No value (both protocols are used)

Syntax request-with-cookie <match-url | pass-through>;



Description Determines the behavior for client requests that include cookies. It controls whether client requests that include cookies are sent to the destination server or use the filter configuration to determine behavior.

Options match-url—The URI in requests with cookies is compared against the filter configuration to determine behavior.pass-through—All requests with cookies are sent to the destination server; such requests do not go through filter processing.

Default: match-url

Syntax select-by-content url-hash length;



Description Sets hashing based on the URL to a select cache server.

Options url-hash length—Specifies the length of the URL to hash into the cache server.




select-by-content (load-balance)

server-listening-port

source-address

source-port

Syntax select-by-content;



Description Sets content-based load balancing. When set, server selection is based on the content-strings as defined in the real-server configuration.


content-strings on page 72 (real-server Configuration Commands)

Syntax server-listening-port port;



Description Changes the destination port of traffic to a specific port.

Options port—Enter the server listening port.Range: 0 through 65534

Syntax source-address prefix/prefix-length;



Description Matches the IP destination address prefix; for example, 1.1.1.1/24.

Options prefix/prefix-length—Specify the address prefix and prefix length. Default: If you omit the prefix-length, it defaults to /32.

Syntax source-port port to port;



Description Matches the TCP/UDP source port.

Options port—Enter one port or the first of a range of ports.Range: 0 through 65534Default: 0 (destination port is not part of the search criteria)

to port—(Optional) Enter the last of a range of ports. This port must be higher than the first port entered.




sync-connections

tcp-flags

term

thenThe command “then” is executed from different areas of the command hierarchy. Select one of the following options depending on which area of the hierarchy you are using:• then (term)• then (content-term)

Syntax sync-connections;



Description Synchronizes filter connections to the backup RMS interfaces.

Syntax tcp-flags flags;



Description Matches using TCP flags, using either symbolic or hexadecimal format.

Options flags—Specify the TCP flags to use for matching, in symbolic or hexadecimal format. To specify multiple flags, use logical operators.

bit-name—fin, syn, rst, push, ack, urgentlogical operators—& (logical AND)

Syntax term term-name {from {

...}then {

log;per-packet-load-balancing;[accept | content-term | discard | go-to | http-redirect | load-balance]

}}

Hierarchy Level [edit extensions adc adc-instance adc-name filters]


Description Sets a filter term.

Options term-name—Enter a name that identifies the term. The name must be unique across all ADC instances.The remaining statements are explained separately.



then (term)

then (content-term)

web-cache-redirection

Syntax then {log;per-packet-load-balancing;[accept | content-term | discard | go-to | http-redirect | load-balance]

}}



Description Specifies the action to take if the “from” criteria is matched.


Syntax then {discard;http-redirect {

match-string to destination-string;log;

}

Hierarchy Level [edit extensions adc adc-instance adc-name filters term name then content-term]


Description Matches content by select action. Non-matched traffic accepted.


Syntax web-cache-redirection {no-cache-request <match-url | pass-through>;non-get-request <match-url | pass-through>;request-with-cookie <match-url | pass-through>select-by-content url-hash length;

}

Hierarchy Level [edit extensions adc adc-instance adc-name filters]


Description Sets the Web cache redirection parameters.






Chapter 6 – groups Configuration CommandsThis chapter includes the command-line interface (CLI) commands available for configuring the groups in your ADC instance.This chapter the following commands, organized alphabetically:• always-up• availability-threshold• backup-group• backup-real-server• direct-server-return• dns• dnstcp• ftp• group-health-formula• group-unit• groups• health-check• http• imap• ldap• load-balancing-method• nntp• ping• pop3• radius• rtsp• script• server-warm-up-time• sip• smtp• snmp• ssl-hello• tcp• tftp• wap• work-load-manager• wsp• wtls• wtp• wts



always-up

availability-threshold

backup-group

backup-real-server

Syntax always-up;

Hierarchy Level [edit extensions adc adc-instance adc-name groups group-name health-check]


Description Sets the health-check type not to check the servers, as they are always up.

Syntax availability-threshold number;

Hierarchy Level [edit extensions adc adc-instance adc-name groups group-name]


Description Specifies the minimum available servers threshold for alerts. If the number of available servers in this group drops below the threshold number, an alert is triggered.

Options number—Enter the minimum number of available servers in this group to trigger an alert.

Range: 1 through 15

Syntax backup-group name [ secondary-group name ];



Description Specifies the backup real server group for the ADC instance. This group comes online and takes over for the original group if a failure event occurs.

Note: Only one backup-group or backup-real-server can be set, not both.

Options name—Name of the group to back up the original group if a failure occurs.secondary-group name— Name of the group to be used as a secondary backup group in case the primary backup fails.

Syntax backup-real-server name;



Description Specifies the backup server for the ADC instance. This server comes online and takes over for the original server if a failure event occurs.

Note: Only one backup-group or backup-real-server can be set, not both.



direct-server-return

dns

dnstcp

ftp

group-health-formula

Options name—Name of the real server to back up the original real server if a failure occurs.


backup-real-server on page 70 (real-server Configuration Commands)

Syntax direct-server-return;



Description Sets return traffic to go directly to the client.

Syntax dns hostname;



Description Sets DNS health-check parameters.

Options hostname—Enter the DNS health-check hostname.

Syntax dnstcp hostname;



Description Sets DNS TCP health-check parameters.

Options hostname—Enter the DNS TCP health-check hostname.

Syntax ftp filename;



Description Sets FTP health-check parameters.

Options filename—Enter the FTP health-check filename.

Syntax group-health-formula expression;





group-unit

groups

health-check

Description Uses the real server’s health to determine the entire group’s health.

Options expression—Specifies a Boolean expression of server names in this group.


For more on Boolean expressions, see “Server-Based Group Health” in the ADC Software Users Guide.

Syntax group-unit number;



Description Specifies the logical interface number for this group.

Options number—Enter the logical interface number for the group.Range: 0 through 16385

Syntax groups {group-name {

availability-threshold number; backup-real-server name | backup-group name [secondary-group name];

direct-server-return;group-health-formula expression;group-unit number;health-check <always-up | dns | dnstcp | ftp | http | imap | ldap | nntp | ping | pop3 | radius | rtsp | script | sip | smtp | snmp |

ssl-hello | tcp | tftp | wap | wts>;load-balancing-method <least-connection | round-robin | response-time | bandwidth | hash>;

real-servers [name name ...];server-warm-up-time seconds;work-load-manager name;

}}



Description Specifies the real server groups for the ADC instance.



adc-instance on page 24 (adc-instance Configuration Commands)group on page 73 (real-server Configuration Commands)

Syntax health-check <always-up | dns | dnstcp | ftp | http | imap | ldap | nntp | ping | pop3 | radius | rtsp | script | sip | smtp | snmp | ssl-hello | tcp | tftp | wap | wts>





http

imap

ldap

Description Specifies the health-check method to use for servers in this group.



health-check on page 73, (real-server Configuration Commands)

Syntax http url [use-head-method];



Description Sets HTTP health-check parameters.

Options url—Sets the URL to use in the HTTP health check.use-head-method—When this is set, the HTTP Head method retrieves HTTP headers only.

Syntax imap {user-name name;password password;

}



Description Sets IMAP health-check parameters.

Options password password—Sets a plain-text password, which is auto-encrypted.

Length: 128 charactersuser-name name—Sets the health check username.

Syntax ldap {dn-string string;user-name name;password password;version2;

}





load-balancing-method

nntp

Description Sets LDAP health-check parameters.

Options dn-string—Sets the LDAP distinguished name string for the health check.password password—Sets a plain-text password, which is auto-encrypted.

Length: 128 charactersuser-name name—Sets the health check username.version2—Sets the LDAP health check to use LDAP version 2 (LDAPv2), instead of the default LDAP version 3 (LDAPv3).

Syntax load-balancing-method <least-connection | round-robin | response-time | bandwidth | hash>;



Description Specifies the method used for real server selection.

Options least-connections—With the least-connections load-balancing method, the number of connections currently open on each real server is measured in real time. The server with the fewest current connections is considered to be the best choice for the next client connection request.round-robin—With the round-robin load-balancing method, new connections are issued to each server in turn; that is, the first real server in the group gets the first connection, the second real server gets the next connection, followed by the third real server, and so on. When all the real servers in this group have received at least one connection, the issuing process starts over with the first real server.response-time—The response-time load-balancing method uses real-server response time to assign sessions to servers. The response time between the servers and the load-balancing module is used as the weighting factor.bandwidth—The bandwidth load-balancing method uses real-server octet counts to assign sessions to a server.hash—The hash load-balancing method uses IP address information in the client request to select a server.

Default: hash

Syntax nntp newsgroup-name;



Description Sets NNTP health-check parameters.

Options newsgroup-name—Enter the newsgroup name for the NNTP health check.



ping

pop3

radius

Syntax ping;



Description Sets the PING health-check.

Syntax pop3 {user-name name;password password;

}



Description Sets POP3 health-check parameters.

Options password password—Sets a plain-text password, which is auto-encrypted.

Length: 128 charactersuser-name name—Sets the health check username.

Syntax radius {accounting;authentication;secret secret;user-name name;password password;

}



Description Sets RADIUS health-check parameters.

Options accounting—Sends a RADIUS accounting request.authenication—Sends a RADIUS authentication request.password password—Sets a plain-text password, which is auto-encrypted.

Length: 128 characterssecret secret—RADIUS secret.user-name name—Sets the health check username.



rtsp

script

server-warm-up-time

sip

Syntax rtsp filename;



Description Sets the group health check to RTSP, and specifies the filename to be checked.

Options filename—Enter the filename.

Syntax script name;



Description Sets script-based health-check parameters.

Options name—Enter the name for the customized health-check script to use.



Syntax server-warm-up-time time;



Description Specifies the time, in seconds, to gradually send connections to the server.

Options time—Enter the time.

Syntax sip {options;user-name name;domain-name domain;

}



Description Sets SIP health-check parameters.

Options domain-name domain—Specifies the domain name used for the SIP ping health checks.options—Use SIP options instead of the default SIP ping.user-name name—Enter the username.



smtp

snmp

ssl-hello

Syntax smtp user-name;



Description Sets the SMTP health check for this group and specifies the username to use.

Options user-name—Enter the username.

Syntax snmp {oid oid-number;community value;adjust-number-weight number;<success-indicator value | failure-indicator value>

}



Description Sets the SNMP health check for this group and specifies the health-check parameters.

Options adjust-server-weight number—Updates the real server weights dynamically based on the SNMP health-check response.community value—Sets the SNMP group that the SNMP devices belong to.failure-indicator value—Specifies a value indicating a server failure. The health check fails if the response packet contains the value specified in the failure-indicator parameter.oid—Sets the SNMP Object Identifier (OID) to query that is being sent to real-servers in the group.success-indicator—Specifies a value indicating a healthy server. The health check succeeds if the response packet contains the value specified in the success-indicator parameter.

Syntax ssl-hello <version2>;



Description Sets Secure Sockets Layer (SSL) hello health-check parameters.

Options versions2—Select this parameter to use SSL version 2 (SSLv2) for the SSL health check.



tcp

tftp

wap

work-load-manager

Syntax tcp;



Description Sets TCP health-check fro this group. The TCP port is taken from the server configuration or from the real-server configuration (listening ports).


real-servers on page 75 (real-server Configuration Commands)

Syntax tftp filename;



Description Sets TFTP health check for this group and specifies the filename to use.

Options filename—Enter the filename for the TFTP health check.

Syntax wap < wsp | wtp | wtls >;



Description Sets WAP health-check parameters.


Syntax work-load-manager name;



Description Specifies the name of the workload manager.

Options name—Enter the name of the workload manager.





wsp

wtls

wtp

Syntax wsp {offset offset;receive hex-string;send hex-string;

}

Hierarchy Level [edit extensions adc adc-instance adc-name groups group-name health-check wap]


Description Sets WAP Wireless Session Protocol (WSP) health-check parameters. The WSP is used within the WAP suite to manage sessions between wireless devices and WAP content servers or gateways.

Options offset—Sets the number of bytes from the beginning of the UDP data area at which the comparison begins to match with the expected receive content.receive—Specifies the content the ADC software should expect from the WAP gateway.send—Specifies the content provided to the WAP gateway.

Syntax wtls;



Description Sets the WAP Wireless Transport Layer Security health-check parameter.

Syntax wtp {connect-content string;send hex-string;receive hex-string;offset offset;

}



Description Sets the WAP Wireless Transaction Protocol health-check parameters.

Options connect-content—Sends the Connect PDU to the WAP gateway. This lets you customize the headers in the connect-content message. send hex-string—Specifies the content provided to the WAP gateway.receive—Specifies the content the ADC software should expect from the WAP gateway.offset—Sets the number of bytes from the beginning of the UDP data area at which the comparison begins to match with the expected receive content.



wts

Syntax wts [ user-name name ]



Description Sets Windows Terminal Server (WTS) health-check parameters.

Options user-name name—Enter the username.



Chapter 7 – real-server Configuration CommandsThis chapter includes the command-line interface (CLI) commands available for configuring the real servers used with the ADC.This chapter the following commands, organized alphabetically:• address• allow-ldap-write• avoid-http-strings• backup-real-server• buddy-server• buddy-service-port• client-nat• connection-timeout• content-strings• description• do-not-preempt• failure-retries• group• health-check• interval• listening-ports• max-connections• real-servers• recovery-retries• use-when-overflow• weight

address

Syntax address server-ip [unit number];

Hierarchy Level [edit extensions adc adc-instance adc-name real-servers name]


Description Sets the real-server IP address and routing instance.

Note: In order to check the health of the real server, a health-check source address with the same unit must be set for this ADC instance.

Options server-ip—Enter the server IP address.unit number—Enter the server’s unit number.


health-check-source on page 27 (adc-instance Configuration Commands)



allow-ldap-write

avoid-http-strings

backup-real-server

Syntax allow-ldap-write;



Description Allows this real server to handle LDAP write requests.


allow-write-servers on page 82 (virtual-server and virtual-service Configuration Commands)ldap-virtual-service on page 89 (virtual-server and virtual-service Configuration Commands)

Syntax avoid-http-strings;



Description Does not send HTTP traffic with content strings to the real server.This command is used in conjunction with the content-strings command. When the content-strings command is set and this command is used, the server will not handle requests that contain the URLs set in the content-strings command.

Note: If you configure a content-string “all” and set this command, the server will not handle any requests. This effectively disables the server from being used in services where select-by-comment is used.


string on page 34 (content-match Configuration Commands)select-by-content on page 52 (filters Configuration Commands)content-strings on page 72 (real-server Configuration Commands)select-by-content on page 95 (virtual-server and virtual-service Configuration Commands)

Syntax backup-real-server name {use-when-overflow;do-not-preempt;

}



Description Defines the backup real server.

Options name—Enter the name of the real server to use as a backup to the original real server.The remaining statements are explained separately.



buddy-server

buddy-service-port

client-nat

connection-timeout

Syntax buddy-server server-name {group name;buddy-service-port port;

}



Description Defines servers that are essential for the healthy operation of this real server. The original real server is only considered healthy if the buddy it is associated with is also healthy.

Options server-name—Enter the name of the server to tie to the original server’s health. This “buddy” server can be in the same real-server group or in a separate group.The remaining statements are explained separately.

Syntax buddy-service-port port;

Hierarchy Level [edit extensions adc adc-instance adc-name real-servers name buddy-server server-name]


Description Sets the buddy service port number.

Options port—Enter the service port number.Range: 10 through 65534

Syntax client-nat;



Description Uses client IP address translation for this server.


nat-address on page 78 (router-interfaces Configuration Commands)nat-address-range on page 78 (router-interfaces Configuration Commands)

Syntax connection-timeout minutes;





content-strings

description

do-not-preempt

Description Sets the number of minutes that inactive connections to the server remain open.

Options minutes—Select the even number of minutes the inactive sessions will remain open.


Syntax content-strings [string-name string-name];



Description Associates content strings with this server.

Options string-name—Enter one or more string names.


string on page 34 (content-match Configuration Commands)select-by-content on page 52 (filters Configuration Commands)avoid-http-strings on page 70 (real-server Configuration Commands)select-by-content on page 95 (virtual-server and virtual-service Configuration Commands)

Syntax description text;

Hierarchy Level [edit extensions adc adc-instance adc-name real-servers name],[edit extensions adc adc-instance adc-name virtual-server name]


Description Allows a short text description of the server.

Options text—Enter a short descriptive text for this server. Typically, this explains the server’s use or function.

Syntax do-not-preempt;

Hierarchy Level [edit extensions adc adc-instance adc-name real-servers name backup-real-server name]


Description Allows the backup real server to continue processing even when the primary server is alive. During this process, the primary server is operationally disabled and becomes active only if the backup server goes down.


See “Backup Preemption” in the ADC Software User Guide.



failure-retries

group

health-check

interval

Syntax failure-retries number;

Hierarchy Level [edit extensions adc adc-instance adc-name real-servers name health-check]


Description Sets the number of health-check retries to perform before determining server failure.

Options number—Enter the number of retries to perform before marking a server as failed.


Syntax group name;

Hierarchy Level [edit extensions adc adc-instance adc-name real-servers name buddy-server server-name]


Description (Mandatory, when buddy-server is set) Defines the server group associated with the buddy real server.

Options name—Enter the name of the server group to associate with the buddy server. It is required that the buddy real server is configured as part of the group (in the group configuration).


groups on page 60 (groups Configuration Commands)

Syntax health-check {failure-retries number;interval seconds;recovery-retries number;

}



Description Specifies the health check parameters for the real server.


Syntax interval seconds;





listening-ports

max-connections

Description Sets the interval between health checks, in seconds.

Options seconds—Enter the number of seconds between each health check on the server.

Note: A value of 0 (zero) disables health checks to this server.Range: 0 through 60Default: 2

Syntax listening-ports [ports ports ...];



Description Explicitly specifies the real server service ports.

Options ports—Enter one or more service ports. For example, to set up a real server for a web application you might use:

listening-ports [8080 8081];

Syntax max-connections number;



Description Specifies the maximum number of connections for this real server. If this parameter is not set, the maximum number of connections to the real server is unlimited.

Options number—Enter the maximum number of connections that this real server allows.




real-servers

recovery-retries

Syntax real-servers {name {

address server-ip [unit number];allow-ldap-write;avoid-http-strings;backup-real-server name {

...}buddy-server server-name {

...}client-nat;connection-timeout minutes;content-strings [string-name string-name];description text;health-check {

...}listening-ports [ports ports ...];max-connections number;weight server-weight;

}}



Description Configures the real servers to which traffic is load balanced. Real servers are then aggregated into groups of identical servers. Virtual services and filter terms use these groups of real servers.

Options name—Enter the name of the real server to add or edit.The remaining statements are explained separately.


adc-instance on page 24 (adc-instance Configuration Commands)groups on page 60 (groups Configuration Commands)

Syntax recovery-retries number;



Description Sets the number of recovery retries to attempt to determine server recovery.

Options number—Enter the number of retries to perform in an attempt to determine server recovery.




use-when-overflow

weight

Syntax use-when-overflow;

Hierarchy Level [edit extensions adc adc-instance adc-name real-servers name backup-real-server name]


Description Allows the backup server to handle overflow traffic when the maximum connection limit is reached by the primary server in addition to backing up the server in case of failure.


See “Backup Servers and Overflow Configuration” in the ADC Software User Guide.

Syntax weight server-weight;



Description Sets the weighting value that this real server will be given in the load-balancing algorithms. Higher weighting values force the server to receive more connections than the other servers configured in the same real-server group. By default, each real server is given a weight setting of 1. A weight setting of 10 would assign the server roughly 10 times the number of connections as a server with a weight of 1.

Options server-weight—Enter the weight for the real-server.Range: 1 through 48Default: 1



Chapter 8 – router-interfaces Configuration CommandsThis chapter includes the command-line interface (CLI) commands available for configuring the router interfaces used by the ADC.This chapter the following commands, organized alphabetically:• client-facing• family• ms-interfaces• nat-address• nat-address-range• router-interfaces• server-facing• unit

client-facing

family

Syntax client-facing [ interface interface];

Hierarchy Level [edit extensions adc adc-instance name router-interfaces]


Description Specifies the device interfaces where client traffic is received. Traffic arriving on these interfaces is handled by the ADC software and destined to be routed to the virtual IP addresses and filter-destination addresses configured in the instance.At least one client-facing interface must be specified for each adc-instance. A client-facing interface can be shared between instances

Options interface—Enter the client-processing interface name.

Syntax family family-name {nat-address nat-ip;nat-address-range from nat-ip to nat-ip;

}

Hierarchy Level [edit extensions adc adc-instance name router-interfaces ms-interfaces name unit number]


Description Specifies the family of addresses.

Options family-name—Enter a family address. This must be set to INET.Value: Only INET (IPv4 protocol) addresses are allowed.




ms-interfaces

nat-address

nat-address-range

Syntax ms-interfaces {name {

unit number {family family-name {

nat-address nat-ip;nat-address-range from nat-ip to nat-ip;

}}

}}



Description Specifies the physical multiservices interfaces of a device that are used to run the ADC instance application. The more multiservices interfaces used for an ADC instance, the more capacity and processing power the instance has. At least one multiservices interface must be specified for each ADC instance, and up to eight interfaces can run the same instance.A multiservices interface is associated exclusively to a single load-balancing instance (it cannot be shared between instances).

Multiservices interfaces are the physical interface (IFD); for example: ms-1/0/0.

Options name—Enter an interface name to add or edit.The remaining statements are explained separately.

Syntax nat-address nat-ip;

Hierarchy Level [edit extensions adc adc-instance name router-interfaces ms-interfaces name unit number family family-name]


Description Sets the NAT address to use for traffic sent over the interface to the real servers.

Options nat-ip—Enter the IP address to use.


client-nat on page 44 (filters Configuration Commands)client-nat on page 71 (real-server Configuration Commands)

Syntax nat-address-range from nat-ip to nat-ip;

Hierarchy Level [edit extensions adc adc-instance name router-interfaces ms-interfaces name unit number family family-name]


Description Sets a range of NAT addresses to use for traffic sent over the interface to the real servers.



router-interfaces

server-facing

Options from nat-ip—Enter the first IP address to useto nat-ip—Enter the last IP address to use.


client-nat on page 44 (filters Configuration Commands)client-nat on page 71 (real-server Configuration Commands)

Syntax router-interfaces {client-facing [ interface interface ];ms-interfaces

name {unit number {

family family-name {nat-address nat-ip;nat-address-range from nat-ip to nat-ip;

}}

}}server-facing [ interface interface ];

}

Hierarchy Level [edit extensions adc adc-instance name]


Description Configures the router-interfaces for a specific adc-instance.




Syntax server-facing [ interface interface];



Description Specifies the device interfaces where servers are connected, usually through switches or routers. Traffic to the servers is routed to these interfaces.At least one server-facing interface must be specified for each ADC instance. A server facing interface can be shared between instances.The same device interface can be used as a client-facing interface in one (or more) ADC instances, and as a server-facing interface in other instances.

Options interface—Enter the server-processing interface name.



unit

Syntax unit number {family family-name {

nat-address nat-ip;nat-address-range from nat-ip to nat-ip;

}}

Hierarchy Level [edit extensions adc adc-instance name router-interfaces ms-interfaces name]


Description Specifies the logical interface.

Options number—Enter the subunit number to use.Range: 0 through 16385




Chapter 9 – virtual-server and virtual-service Configuration CommandsThis section includes the command-line interface (CLI) commands available for configuring virtual servers and virtual services for an ADC instance.This chapter the following commands, organized alphabetically:• add-x-forwarded-for• address• allow-write-servers• close-unknown-ports• connection-pooling• cookie-name• description• dns-virtual-service• domain-name• efficient-memory-use• fast-load-balancing• ftp-virtual-service• group• groups• hostname• http-parsing-depth• http-virtual-service• insert• inspect• ldap-virtual-service• persistency• persistency cookie• persistent-timeout• plain-virtual-service• port• protocol• radius-authentication• radius-legacy-ports• rewrite• rtsp-virtual-service• select-by-content• server-listening-port• service-timeout• sip-virtual-service• source-port-in-hash• ssl-virtual-service• syn-protection



• sync-connections• tftp-virtual-service• virtual-server• wap-virtual-service• wts-virtual-service

add-x-forwarded-for

address

allow-write-servers

close-unknown-ports

connection-pooling

Syntax add-x-forwarded-for;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name http-virtual-service name]


Description Inserts an x-forwarded-for header to client requests.

Syntax address virtual-server-address;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name]


Description Sets the IP address for the virtual server.

Options virtual-server-address—Enter the IP address for the virtual server.

Syntax allow-write-servers;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name ldap-virtual-service name]


Description Sends LDAP write-requests to dedicated servers.


allow-ldap-write on page 70 (real-server Configuration Commands)

Syntax close-unknown-ports;



Description Sets a TCP reset for traffic to ports not used by the virtual server.

Syntax connection-pooling;




cookie-name

description

dns-virtual-service


Description Allows HTTP connection pooling for the virtual service.

Syntax cookie-name name;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name http-virtual-service name persistency cookie]


Description Sets the name of the cookie to use for persistence.


See “HTTP Persistency” in the ADC Software User Guide.

Syntax description text;



Description Allows a short text description of the server.

Options text—Enter a short descriptive text for this server. Typically, this is explains the server’s use or function.

Syntax dns-virtual-service name {fast-load-balancing;group name;sync-connections;per-packet-load-balancing;protocol value;select-by-content;server-listening-port port;service-timeout seconds;syn-protection;

}



Description Configures a DNS virtual service.

Options name—Enter the name for the DNS virtual service.The remaining statements are explained separately.


dns on page 59 (groups Configuration Commands)



domain-name

efficient-memory-use

fast-load-balancing

ftp-virtual-service

Syntax domain-name dns-name;



Description Sets the domain name for the cookie.

Options dns-name—Enter the a domain name for the cookie.

Syntax efficient-memory-use;



Description Allows the virtual service to use an HTTP GET only after a full handshake. The default behavior provides faster client-response time but higher memory use. When setting the efficient-memory-use parameter, memory use is lower but client-response time is slower. It is recommended to use this configuration only when there are known memory issues.

Syntax fast-load-balancing;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name dns-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ldap-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name plain-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ssl-virtual-service name]


Description Sets the connection table for use with requests only for this virtual service.

Syntax ftp-virtual-service name {group name;sync-connections;persistent-timeout minutes;server-listening-port port;service-timeout seconds;syn-protection;

}





group

groups

Description Configures a FTP virtual service.

Options name—Enter the name for the FTP virtual service.The remaining statements are explained separately.


ftp on page 59 (groups Configuration Commands)

Syntax group name;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name dns-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ftp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name http-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ldap-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name plain-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name rtsp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name sip-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ssl-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name tftp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name wts-virtual-service name]


Description Associates a real-server group to use with this virtual service.

Options name—(Mandatory) Enter the name of the real-server group to use with this virtual service.


groups on page 60 (groups Configuration Commands)health-check on page 60 (groups Configuration Commands)

Syntax groups {wsp-group name;wtp-group name;wtls-group name;radius-group name;

}

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name wap-virtual-service name]




hostname

http-parsing-depth

Description Specifies real-server groups to use for the WAP and RADIUS protocols with this virtual service. At least one WAP protocol must have a group specified.

Options radius-group name—Designates a group of real servers under the RADIUS group.wsp-group name—Designates a group of real servers under the WSP group.wtp-group name—Designates a group of real servers under the WTP group.wtls-group name—Designates a group of real servers under the WTLS group.

Syntax hostname name;



Description Specifies the HTTP hostname, which is used for health checks.

Options name—Enter the HTTP hostname.

Syntax http-parsing-depth depth;



Description Sets the search depth in HTTP requests for content strings. When this parameter is not set, the search depth is unlimited.

Options depth—Enter the maximum depth for the search.Range: 1 through 18200


select-by-content (load-balance) on page 53 (filters Configuration Commands)



http-virtual-service

insert

Syntax http-virtual-service name {add-x-forwarded-for;connection-pooling;efficient-memory-use;fast-load-balancing;group name;hostname name;http-parsing-depth depth;sync-connections;persistency [client-ip [cross-services] cookie];persistent-timeout minutes;port port;select-by-content {

...}server-listening-port port;service-timeout seconds;source-port-in-hash;syn-protection;

}



Description Configures a HTTP virtual service.

Options name—Enter the name for the HTTP virtual service.The remaining statements are explained separately.


http on page 61 (groups Configuration Commands)

Syntax insert {expiration <date | duration >;domain-name name;path path;secure;when-cookie-missing <select-server | keep-server>;

}





inspect

Description Inserts cookie-to-server replies for server persistency.

Options expiration—Sets the cookie expiration date or duration.date—Enter a specific date and time at which the cookie expires.Format: yyyy-mm-dd[.hh:mm]duration—Enter a relative time in days, hours, and minutes after the creation of the cookie at which the cookie expires.Format: days [:hours [:min]]

domain-name name—Sets the domain name for the cookie.path path—Sets the path to define the scope of the cookie. The cookie is sent only for URL requests that are a subset of the path.

Default: “/”secure—Sets the secure flag. When set, the client is required to use a secure connection to obtain content associated with the cookie.when-cookie-missing—Determines how to handle subsequent requests with no cookie in a TCP session where a server was already selected.

select-server—Select a new server for new requests with no cookie.keep-server—Continue using the same server for requests in this connection.Default: keep-server

Syntax inspect {cookie-value-offset cookie-offset; cookie-value-length cookie-length;look-in-uri;response-count number;

}



Description Inspects the cookie in client requests for server persistency.

Options cookie-value-length cookie-length—Enter the number of bytes to extractRange: 1 through 64

cookie-value-offset cookie-offset—Enter the offset value to use.Range: 1 through 64

look-in-uri—Specifies that the cookie should appear in the URI and not in the HTTP header.response-count number—Allows the ADC software to search through multiple HTTP responses from the server. Enter the number of responses to search.

Range: 1 through 16



ldap-virtual-service

persistencyThe command “persistency” is executed from different areas of the command hierarchy. Select one of the following options depending on which area of the hierarchy you are using:• persistency (http-virtual-service)• persistency (ssl-virtual-service)• persistency (wap-virtual-service)• persistency (wts-virtual-service)

persistency (http-virtual-service)

Syntax ldap-virtual-service name {allow-write-servers;fast-load-balancing;group name;sync-connections;server-listening-port port;service-timeout seconds;syn-protection;

}



Description Configures a LDAP virtual service.

Options name—Enter the name for the LDAP virtual service.The remaining statements are explained separately.


ldap on page 61 (groups Configuration Commands)

Syntax persistency [ client-ip [cross-services] cookie];



Description Uses the client-IP address to maintain persistence between the service and the client for both HTTP and Secure Socket Layer (SSL or HTTPS) sessions only.

Options client-ip—Maintains persistence for the same service across multiple sessions from the same client, or maintains persistence between different services (for HTTP and HTTPS traffic only) from the same client to map to the same server.cross-services—Maintains persistence for different services to the same real server. It can be used when client IP-based persistence is not dependent on the load-balancing method.cookie—See persistency cookie on page 91.





persistency (ssl-virtual-service)

persistency (wap-virtual-service)

persistency (wts-virtual-service)

Syntax persistency [ client-ip [cross-services] | ssl-id];

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name ssl-virtual-service name]



Options client-ip—Maintains persistence for the same service across multiple sessions from the same client, or maintains persistence between different services (for HTTP and HTTPS traffic only) from the same client to map to the same server.cross-services—Maintains persistence for different services to the same real server. It can be used when client IP-based persistence is not dependent on the load-balancing method.ssl-id—Maintains persistence using SSL session IDs.


See “Secure Sockets Layer SLB” in the ADC Software User Guide.

Syntax persistency wap-radius;




Options wap-radius—Maintains WAP RADIUS persistence on the filter by binding both WAP and RADIUS sessions to the same server.


See “WAP SLB with RADIUS/WAP Persistence” in the ADC Software User Guide.

Syntax persistency [ session-directory | user-hash ];

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name wts-virtual-service name]



Options session-directory—Use sesssion-directory to manage user assignments on the server.user-hash—Use when WTS session-directory is not used.


See “HTTP Persistency” in the ADC Software User Guide.See “Configuring Windows Terminal Server Load Balancing” in the ADC Software User Guide.



persistency cookie

persistent-timeout

Syntax persistency cookie {cookie-name name;<insert | rewrite | inspect>

}



Description Maintains persistence between the real server and the client by establishing an identifiable token on the client.



persistency on page 89 (virtual-server and virtual-service Configuration Commands)See “HTTP Persistency” in the ADC Software User Guide.

Syntax persistent-timeout minutes;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name ftp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name http-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name rtsp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name sip-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ssl-virtual-service name]


Description Sets the amount of time that persistency information is kept, even if no new relevant connections are detected, in minutes. If this command is not set, the service-timeout value is used.

Options minutes—Timeout for inactive connection.Range: 0 through 32768Default: 0 (service connection-timeout is used)



plain-virtual-service

port

Syntax plain-virtual-service name {fast-load-balancing;group name;sync-connections;per-packet-load-balancing;port port-number;protocol value;server-listening-port port;service-timeout seconds;syn-protection;

}



Description Configures a plain virtual service.

Options name—Enter the name for the plain virtual service.The remaining statements are explained separately.

Syntax port port-number;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name http-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name plain-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name rtsp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ssl-virtual-service name]


Description Sets the application port for the virtual service

Options port-number—Enter the application port to use.Range: 10 through 65534Default: The following is a list of the default ports used by various virtual services:DNS—53 (not modifiable)FTP—21 (not modifiable)HTTP—80LDAP—389 (not modifiable)RTSP—554SIP—5060 (not modifiable)TFTP—69 (not modifiable)WTS—3389 (not modifiable)



protocol

radius-authentication

radius-legacy-ports

Syntax protocol value;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name dns-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name plain-virtual-service name]


Description Matches the IP protocol type.

Options value—TCP or UDP. To match both protocols, do not set a value for this command.

Values: TCP or UDPDefault: The following is a list of the default protocols used by various virtual services:DNS—UDPFTP—TCP (not modifiable)LDAP—TCP (not modifiable)Plain—TCPSIP—UDP (not modifiable)SSL—TCP (not modifiable)TFTP—UDP (not modifiable)WTS—UDP (not modifiable)

Syntax radius-authentication;



Description Configures the virtual service to load-balance RADIUS authentication in addition to RADIUS accounting.

Syntax radius-legacy-ports;



Description Sets the virtual service to use RADIUS legacy ports (port 1645 for authentication, and port 1646 for accounting).



rewrite

rtsp-virtual-service

Syntax rewrite {look-in-uri;response-count number;when-cookie-missing <select-server | keep-server>;

}



Description Rewrites the cookie in server replies for server persistency

Options look-in-uri—Specifies that the cookie should appear in the URI and not in the HTTP headerresponse-count number—Allows the ADC software to search through multiple HTTP responses from the server. Enter the number of responses to search.

Range: 1 through 16when-cookie-missing—Determines how to handle subsequent requests with no cookie in a TCP session where a server was already selected.

select-server—Select a new server for new requests with no cookie.keep-server—Continue using the same server for requests in this connection.Default: keep-server



Syntax rtsp-virtual-service name {group name;sync-connections;persistent-timeout minutes;port port-number;protocol value;select-by-content;server-listening-port port;service-timeout seconds;source-port-in-hash;syn-protection;

}



Description Configures an RTSP virtual service.

Options name—Enter the name for the RTSP virtual service.The remaining statements are explained separately.


rtsp on page 64 (groups Configuration Commands)



select-by-contentThe command “select-by-content” is executed from different areas of the command hierarchy. Select one of the following options depending on which area of the hierarchy you are using:• select-by-content (dns-virtual-service)• select-by-content (http-virtual-service)• select-by-content (rtsp-virtual-service)

select-by-content (dns-virtual-service)

select-by-content (http-virtual-service)

Syntax select-by-content;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name dns-virtual-service name]


Description Sets content-based load balancing for the DNS virtual service. Distinguishes users by the requested hostname and allows use of different servers according to the requested hostname.


content-strings, page 72 (real-server Configuration Commands)

Syntax select-by-content {first-content-tem {

<virtual-hosting | browser | cookie | header | url>; }and | or;second-content-term {

same as above}

}



Description Sets HTTP content-based server selection. Content-intelligent HTTP load balancing supports up to two methods for an HTTP virtual service with a logical AND or OR between them. The first method is set by the first-content-term container. Optionally, you can set the second-content-term container to define a second matching criteria. If you do set the second container, you must also define the relationship between the two content terms using AND or OR.



select-by-content (rtsp-virtual-service)

Options virtual-hosting—Sets a single virtual-server IP address to host multiple websites per customer, each with their own hostname.browser—Redirects HTTP requests based on browser type by inspecting the “User-Agent” header.cookie—Distinguishes users by cookie values, allowing the use of different servers according to the cookie value. When using cookie-based server selection, the following configuration options are available:

cookie-name—(Mandatory) Sets the name of the cookie to use for server selection.cookie-value-length—(Mandatory) Sets the number of bytes to extract.Range: 1 through 64cookie-value-offset—(Mandatory) Sets the starting point of the cookie value.Range: 1 through 64look-in-uri—Specifies that the cookie should appear in the URI and not in the HTTP header.

header—Distinguishes users by HTTP header values, allowing use of different servers according to the header values. When using header-based server selection, the following configuration options are available:

header-name—(Mandatory) Sets the name of the HTTP header to use for server selection.hash-length—(Optional) Uses hash on HTTP header values for server selection, and defines the number of bytes to use for the hash.Range: 1 through 255

url—Redirects requests going to the same page of an origin server to the same real server or cache server. When using url-based server selection, the following configuration options are available:

hash-length—(Optional) Uses hash on URL values for server selection, and defines the number of bytes to use for the hash.Range: 1 through 255

and | or—Operators used to combine the first-content-term with the second-content-term. When and is used, both terms must be present in order to redirect the request. When or is used, either term must be present in order to redirect the request.



Syntax select-by-content [hash-url | url];

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name rtsp-virtual-service name]


Description Sets content-based load balancing for the virtual service.



server-listening-port

Options url—Select the server according to content-strings associated to the servers.hash-url—Select the server according to the hash of the url string, ensuring URL-to-server persistency. When this mode is used, there is no need to associate strings to servers using the content-strings parameter.



Syntax server-listening-port port;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name dns-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ftp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name http-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ldap-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name plain-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name rtsp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ssl-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name wts-virtual-service name]


Description Changes the destination port of client requests before traffic is forwarded to the server. It reflects the real-server listening port for the virtual service connection.

Options port—Enter the real-server listening port.Range: 0 through 65534Default: Do not change the destination port; use instead the service port



service-timeout

sip-virtual-service

Syntax service-timeout number;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name dns-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ftp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name http-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ldap-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name plain-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name rtsp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name sip-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ssl-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name tftp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name wap-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name wts-virtual-service name]


Description Sets the amount of time, in seconds, that idle connections should remain in the connection table before being removed.

Options number—Timeout amount for inactive connection, in seconds.Range: 0 through 32768

Syntax sip-virtual-service name {group name;sync-connections;persistent-timeout minutes;service-timeout seconds;

}



Description Configures a SIP virtual service.

Options name—Enter the name for the SIP virtual service.The remaining statements are explained separately.


sip on page 64 (groups Configuration Commands)



source-port-in-hash

ssl-virtual-service

Syntax source-port-in-hash;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name http-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name plain-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name rtsp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ssl-virtual-service name]


Description Sets client-based persistency when the load-balancing method is set to hash.

Syntax ssl-virtual-service name {fast-load-balancing;group name;sync-connections;persistency [ client-ip [cross-services] | ssl-id ];persistent-timeout minutes;port port-number;server-listening-port port;service-timeout seconds;syn-protection;

}



Description Configures a SSL virtual service.

Options name—Enter the name for the SSL virtual service.The remaining statements are explained separately.


ssl-hello on page 65 (groups Configuration Commands)



syn-protection

sync-connections

Syntax syn-protection;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name dns-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ftp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name http-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ldap-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name plain-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name rtsp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ssl-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name wts-virtual-service name]


Description Prevents denial-of-service (DoS) attacks on the virtual service.

Note: SYN protection is only available for TCP services.

Syntax sync-connections;

Hierarchy Level [edit extensions adc adc-instance adc-name virtual-server name dns-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ftp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name http-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ldap-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name plain-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name rtsp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name sip-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name ssl-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name tftp-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name wap-virtual-service name],[edit extensions adc adc-instance adc-name virtual-server name wts-virtual-service name]



tftp-virtual-service


Description Sets the mirroring of all connection data related to the virtual service.

Syntax tftp-virtual-service name {group name;sync-connections;service-timeout seconds;

}



Description Configures a TFTP virtual service.

Options name—Enter the name for the TFTP virtual service.The remaining statements are explained separately.


tftp on page 66 (groups Configuration Commands)



virtual-server

Syntax virtual-server name {address virtual-server-address;close-unknown-ports;description text;domain-name dns-name;dns-virtual-service {

...}ftp-virtual-service {

...}http-virtual-service {

...}ldap-virtual-service {

...}plain-virtual-service {

...}rtsp-virtual-service {

...}sip-virtual-service {

...}ssl-virtual-service {

...}tftp-virtual-service {

...}wap-virtual-service {

...}wts-virtual-service {

...}

}



Description Configures a virtual IP address that accepts client requests and services provided to clients when accessing this IP address.

Options name—Enter the name of the virtual server to add or edit.The remaining statements are explained separately.





wap-virtual-service

wts-virtual-service

Syntax wap-virtual-service name {groups {

...}sync-connections;persistency wap-radius;radius-authentication;radius-legacy-ports;service-timeout seconds;

}



Description Configures a WAP virtual service.

Options name—Enter the name for the WAP virtual service.The remaining statements are explained separately.


radius, page 63 (groups Configuration Commands)wap, page 66 (groups Configuration Commands)

Syntax wts-virtual-service name {group name;sync-connections;persistency [session-directory | user-hash ];server-listening-port port;service-timeout seconds;syn-protection;

}



Description Configures a WTS virtual service.

Options name—Enter the name for the WTS virtual service.The remaining statements are explained separately.


wts on page 68 (groups Configuration Commands)




Operational Commands


Part 3 – Operational Commands

This part includes the command-line interface (CLI) commands available for use in Operational mode. These commands are used to view various aspects of the configuration. There are three main operational commands used: show, clear, and request. The show command displays the current settings of the command in question. The clear command deletes information for the command in question. The request command is used to perform various system-level requests. Additional commands may be referenced.The part is subdivided into chapters and each command in each chapter is alphabetized for easy use.Operational Commands includes the following chapters:• adc-instance Operational Commands• connection-table Operational Commands• content-match Operational Commands• filters Operational Commands• group Operational Commands• internal and maintenance Operational Commands• real-server Operational Commands• virtual-server and services Operational Commands

ADC Software Reference Guide Operational Commands




Chapter 10 – adc-instance Operational CommandsThe following command-line interfaces (CLI) commands help you with information concerning the ADC instances.• show extensions adc status• show extensions adc cpu• show extensions adc license-info• show extensions adc nat• show extensions adc workload-manager• clear extensions adc statistics

show extensions adc status

Syntax show extensions adc status

<detail>


Description Shows the current status of the ADC extension.

Options detail—Display a more detailed output.

List of Outputs show extensions adc statusshow extensions adc status detail

Sample Output



show extensions adc cpu

show extensions adc statususer@host> show extensions adc status

ADC daemon status : UpUp Since Sat Mar 31 17:20:39 2012adc instance lb1:Interface Status Control Daemon #Data Daemons up #Disconns License----------+--------+----------------+-----------------+-----------+-------ms-1/0/0 Up Up 21 0 Licensed

show extensions adc status detailuser@host> show extensions adc status detail

ADC daemon status : UpUp Since Thu Apr 5 14:35:46 2012ADC daemon to SDK Services daemon (SSD) connection:

current status: Upnumber of disconnections: 0

ADC daemon to Dynamic Firewall Filters Daemon (DFWD) connection:current status: Downnumber of disconnections: 0

Interface status:Interfaces running adc: ms-0/1/0, ms-1/0/0Interfaces that appear in the configuration: ms-1/0/0

adc instance lb1:Interface Status Control Daemon #Data Daemons up #Disconnections License---------+------+---------------+-----------------+----------------+------ms-1/0/0 Up Up 21 0 Licensed

Unattached:Interface Status-------------+---------------ms-0/1/0 Down

Syntax show extensions adc cpu

<interface>


Description Shows the current status of the CPU associated with the ADC software.

Options interface—(Optional) Display CPU information for specific service-interfaces.

List of Outputs show extensions adc cpushow extensions adc cpu interface

Sample Output



show extensions adc license-info

show extensions adc cpuuser@host> show extensions adc cpu

CPU Utilization for interface ms-1/0/0CP average for last 64 seconds: 63DP average for last 64 seconds: 56, max: 57, min: 56

show extensions adc cpu interfaceuser@host> show extensions adc cpu ms-1/0/0

CPU Utilization for interface ms-1/0/0DP average for last 64 seconds: 56DP max for last 64 seconds: 57DP min for last 64 seconds: 56

cpu threshold: 85Alert is triggered when at least half DPs cross this threshold.

1 second 4seconds 64seconds

CP 62 63 63DP 1 57 57 57DP 2 56 56 56DP 3 57 57 57DP 4 56 57 56DP 5 55 60 54DP 6 56 57 61DP 7 56 62 56DP 8 55 57 56DP 9 57 57 57DP10 56 56 56DP11 57 57 57DP12 56 57 56DP13 55 60 54DP14 56 57 61DP15 56 62 56DP16 55 57 56DP17 57 57 57DP18 56 56 56DP19 57 57 57DP20 56 57 56DP21 55 60 54

Syntax show extensions adc license-info


Description Shows the current status of the ADC licenses.



show extensions adc nat

Sample Output

show extensions adc license-infouser@host> show extensions adc license-info

2 PICs appear in the configuration

adc instance lb1:Interface Status License------------+----------+-----------ms-1/2/3 Up Licensedms-1/4/5 Up No License

Syntax show extensions adc nat

<nat-address unit unit>

<adc-instance adc-name>


Description Shows the current status of the ADC CPU.

Options nat-address—Specify the NAT address and unit.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.

List of Outputs show extensions adc natshow extensions adc adc nat adc-instance adc-name

Sample Output

show extensions adc natuser@host> show extensions adc nat 8.9.77.56 unit 1001

NAT IP 8.9.77.56.1001 is used with adc-instance lb1:

Interface NAT IP Unit Connection count Free ports ms-1/2/0 8.9.77.56 1001 899

show extensions adc adc nat adc-instance adc-nameuser@host> show extensions adc nat adc-instance lb1

NAT IP Summary Table for adc-instance lb1:

Interface NAT IP Unit Connection count Free ports ms-1/2/0 8.9.77.56 1001 899

44.55.66.77 5671 6,577

ms-1/3/0 8.9.77.57 1002 4,777 44.55.66.78 5672 0



show extensions adc workload-manager

clear extensions adc statistics

Syntax show extensions adc workload-manager name [adc-instance adc-name]


Description Shows the current status of the ADC CPU.

Options name—Enter the name of the workload manager to show.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.

Sample Output

show extensions adc workload-manager adc-instance adc-nameuser@host> show extensions adc workload-manager adc-instance lb1

Workload Manager Information for adc-instance lb1:

Name IP address Port StateWLM1 5.5.5.5 3860 ConnectedWLM2 5.5.5.6 3860 Not Connected

Syntax clear extensions adc statistics [adc-instance adc-name | all]


Description Removes the current adc-instance statistics. This resets the statistics to zero.

Options adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.all—Clear statistics from all ADC instances.

List of Outputs clear extensions adc statistics adc-instance adc-nameclear extensions adc statistics all

Sample Output

clear extensions adc statistics adc-instance adc-nameuser@host> clear extensions adc statistics adc-instance lb1

Statistics for adc-instance lb1 have been cleared

clear extensions adc statistics alluser@host> clear extensions adc statistics all

Statistics for all adc-instances have been cleared





Chapter 11 – connection-table Operational CommandsThe following command-line interfaces (CLI) commands help you with information concerning the connection table data.• show extensions adc connection-table• clear extensions adc connection-entry• clear extensions adc connection-table• clear extensions adc persistency-entry• clear extensions adc persistency-table

show extensions adc connection-table

Syntax show extensions adc connection-table

<adc-instance adc-name>

<brief>

<count>

<destination destination-address port destination-port [adc-instance adc-name limit number]>

<extensive>

<flags-description [flag]>

<filter-term term adc-instance adc-name [limit number]>

<interface interface adc-instance adc-name [brief count limit number]>

<limit number>

<nat-address address>

<real-server name>

<source-address address>

<source-port port>

<with-flag>


Description Displays connection table entries.



Options adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.brief—Display brief output (default).count—Show count of entries.destination destination-address port destination-port—Display entries matching the destination address and port.extensive—Display a more detailed output.flags-description flag—Display explanations for flags used in the connection table extensive output. Enter a specific flag to get a description of only that flag.filter-term name—Display entries matching filter term.interface name—Display entries matching the service interface.limit—Sets the maximum number of entries to display.nat-address address—Display entries matching the NAT address and unit.real-server name—Display entries matching the real server name.source-address address—Display entries matching the source IP address.source-port port—Display entries matching the source port.with-flag—Display entries matching a connection-table flag.

List of Outputs show extensions adc connection-table briefshow extensions adc connection-table adc-instanceshow extensions adc connection-table countshow extensions adc connection-table destination destination-address port destination-port [adc-instance limit]show extensions adc connection-table extensive adc-instanceshow extensions adc connection-table flags-descriptionshow extensions adc connection-table filter-term term adc-instance [limit]

Sample Output

show extensions adc connection-table briefuser@host> show extensions adc connection-table brief

Connection table brief for lb1:

Service set Connection countv1 IP 6.2.2.50 6,899

dns-virtual-service dns1 5,788http-virtual-service http1 1,111

v2 IP 6.2.2.55 22,222dns-virtual-service dns2 22,222

Total 88,888

show extensions adc connection-table adc-instanceThe output for the show extensions adc connection-table adc-instance adc-name command is identical to that for the show extensions adc connection-table brief command. For sample output, see show extensions adc connection-table brief.



show extensions adc connection-table countuser@host> show extensions adc connection-table count

Connection table brief for lb1:

Interface Connection Countms-1/1/0 0

Total 0Note: Maximum Connection Table entries per interface is 688128

show extensions adc connection-table destination destination-address port destination-port [adc-instance limit]The output for the show extensions adc connection-table destination destination-address port destination-port [adc-instance limit] command is identical to that for the show extensions adc connection-table extensive adc-instance command. For sample output, see show extensions adc connection-table extensive adc-instance.

show extensions adc connection-table extensive adc-instanceuser@host> show extensions adc connection-table extensive adc-instance lb1

Connection table for adc-instance lb1:

Current number of connections: 2,252,678Displaying 30 rows (use limit command to change)For flags description use flag-descriptions command

Interface Prot source destination real age flags---------+---+---------------+----------------+-----------------+--+------ms-1/2/3 T 17.1.121.32:609 17.1.1.10:80 111.11.11.110:8080 45 XYms-3/4/1 T 27.1.1.15:80 17.1.121.32:609 222.22.22.222:8181 38 XuZ

NAT: 99.99.99.99.1001:8989ms-6/7/3 T 17.1.181.34:8320 17.1.1.10:80 212.12.12.222:9090 72 VW P:25ms-1/9/0 T 27.1.1.12:80 17.1.181.34:830 31.31.131.131:999 102 XXms-8/1/0 U 4.4.4.4:53 17.1.181.34:53 31.31.131.131:53 102 XX



clear extensions adc connection-entry

show extensions adc connection-table flags-descriptionuser@host> show extensions adc connection-table flags-description

E: Indicates connection is established, and will be aged out if no traffic is received within session timeout value.N: Indicates no NAT, which means the connection only translates the destination MAC when forwarding client traffic to the real server.P: Indicates the session is a persistent connection and is not to be aged out.S: Indicates the session is a persistent connection and the application is SSL session ID, or Cookie.Vr: Indicates the connection is a SIP REGISTER connection.Vs: Indicates the connection is a SIP SUBSCRIBE connection.Vi: Indicates the connection is a SIP INVITE connection.Vm: Indicates the connection is a SIP MESSAGE connection.Vd: Indicates the connection is a SIP NAT data connection. Sc: Indicates the connection is an opened server connection used in connection pooling.U: Indicates the connection is using Layer 7 information.W: Indicates the connection only translates the destination MAC when forwarding Layer 7 Web Cache Redirection traffic to the real server.

show extensions adc connection-table filter-term term adc-instance [limit]user@host> show extensions adc connection-table filter-term term1 adc-instance lb1

Connection table for adc-instance lb1 Showing only entries matching filter-term term1 Displaying 30 rows (use limit command to change)For flags description use flag-descriptions command

Interface Prot source destination real age flags ---------+---+---------------+----------------+-----------------+--+------ms-1/2/3 T 17.1.121.32:609 17.1.1.10:80 111.11.11.110:8080 45 XYms-3/4/1 T 27.1.1.15:80 17.1.121.32:609 222.22.22.222:8181 38 XuZ

NAT: 99.99.99.99.1001:8989ms-6/7/3 T 17.1.181.34:8320 17.1.1.10:80 212.12.12.222:9090 72 VW P:25ms-1/9/0 T 27.1.1.12:80 17.1.181.34:830 31.31.131.131:999 102 XXms-8/1/0 U 4.4.4.4:53 17.1.181.34:53 31.31.131.131:53 102 XX

Syntax clear extensions adc connection-entry adc-instance adc-name source-address address source-port port destination-address dst-address destination-port dst-port <tcp | udp>


Description Clears specified entries in the connection table.



clear extensions adc connection-table

clear extensions adc persistency-entry

Options source-address address—Filter by the source IP address.source-port port—Filter by the the source port.destination-address address—Filter by the the destination IP address.destination-port port—Filter by the destination port.tcp | udp—Clear either TCP or UDP entries.

Note: All parameters must be specified in order to indicate a single connection-table entry.

Sample Output

clear extensions adc connection-entry adc-instance adc-name source-address source-port destination-address destination-port tcp | udpuser@host> clear extensions adc connection-table adc-instance lb1 source-address 1.1.1.1 source-port 80 destination-address 10.2.2.0 destination-port 8080 TCP

This will clear all matching connection table entries of adc-instance lb1.Continue with clear [y|n] [n]?

- OR -

No matching connection was found in the connection table for adc-instance lb1.

Syntax clear extensions adc connection-table adc-instance adc-name


Description Clears the connection table of a load-balancing instance.

Sample Output

clear extensions adc connection-table adc-instanceuser@host> clear extensions adc connection-table adc-instance lb1

This will clear the entire connection table of adc-instance lb1. Continue with clear [y|n] [n]?

If yes, the following message displays on completion:

Connection table cleared

Syntax clear extensions adc persistency-entry <http-cookie value | ssl-session-id id-value | wap-client-address dot-address | hex-address> adc-instance adc-name


Description Clears the specified entries in the persistency table.



clear extensions adc persistency-table

Options http-cookie value—Clears an HTTP cookie persistency entry.ssl-session-id id-value—Clears an SSL session ID persistency entry.wap-client-address dot-address | hex-address—Clears a WAP client IP address persistency entry.adc-instance adc-name—Specifies the persistency table where the entries are to be cleared for the specific ADC instance.

List of Outputs clear extensions adc persistency-entry http-cookie adc-instanceclear extensions adc persistency-entry ssl-session-id adc-instanceclear extensions adc persistency-entry wap-client-address adc-instance

Sample Output

clear extensions adc persistency-entry http-cookie adc-instance user@host> clear extensions adc persistency-entry http-cookie id87654321 adc-instance lb1

A matching persistency entry was found and removed for adc-instance lb1

- OR -

No matching persistency entry was found for adc-instance lb1

clear extensions adc persistency-entry ssl-session-id adc-instance user@host> clear extensions adc persistency-entry ssl-session-id 23 adc-instance lb1


- OR -


clear extensions adc persistency-entry wap-client-address adc-instance user@host> clear extensions adc persistency-entry wap-client-address 10.2.5.10 adc-instance lb1


- OR -


Note: The wap-client-address parameter can be specified using either dotted address format or hexidecimal address format.

Syntax clear extensions adc persistency-table adc-instance adc-name


Description Clears the persistency table of a load-balancing instance.



Sample Output

clear extensions adc persistency-table adc-instanceuser@host> clear extensions adc persistency-table adc-instance lb1

This will clear the entire persistency table of adc-instance lb1. Continue with clear [y|n] [n]?

If yes, the following message displays on completion:

Persistency table cleared





Chapter 12 – content-match Operational CommandsThe following command-line interfaces (CLI) commands help you with information concerning content match strings.• show extensions adc strings-statistics

show extensions adc strings-statistics

Syntax show extensions adc strings-statistics string-name [adc-instance adc-name extensive]


Description Displays information for specific strings on a for an ADC instance.

Options adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.extensive—Display a more detailed output.

List of Outputs show extensions adc strings-statistics adc-instanceshow extensions adc strings-statistics adc-instance extensive

Sample Output

show extensions adc strings-statistics adc-instanceuser@host> show extensions adc strings-statistics adc-instance lb1

Strings Statistics for lb1:

String Name Hits-------------- -----------MyString 0String67 0

show extensions adc strings-statistics adc-instance extensiveuser@host> show extensions adc strings-statistics string67 adc-instance lb1 extensive

Per-Interface Strings Statistics for lb1: String name Interface Hits------------ -------------- -------- Mystring ms-1/0/1 0

ms-1/0/2 0 ms-1/0/3 0 Total 0

Str36 ms-1/0/1 0 ms-1/0/2 0 ms-1/0/3 0 Total 0





Chapter 13 – filters Operational CommandsThe following command-line interfaces (CLI) commands help you with information concerning filters.• show extensions adc filters term• show extensions adc filters load-balance• show extensions adc filters maintenance

show extensions adc filters term

show extensions adc filters load-balance

Syntax show extensions adc filters term name [adc-instance adc-name]


Description Displays filter term match statistics

Options name—Displays filter term match statistics for the specific term.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.

Sample Output

show extensions adc filters termuser@host> show extensions adc filters term

Term matches for adc-instance lb1:Filter term # Requests match ----------------------------------------+------------------------Term-name 748Term55 555

Syntax show extensions adc filters load-balance [adc-instance adc-name]


Description Displays filters load-balancing statistics.

Options adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.

Sample Output

show extensions adc filters load-balance user@host> show extensions adc filters load-balance

Total URL based web cache redirection stats for adc-instance lb1:Total cache server hits: 0Total origin server hits: 0Total straight to origin server hits: 0Total none-GETs hits: 0Total 'Cookie: ' hits: 0Total no-cache hits: 0Total RTSP cache server hits: 0Total RTSP origin server hits: 0Total HTTP redirection hits: 0



show extensions adc filters maintenance

Syntax show extensions adc filters maintenance [adc-instance adc-name]


Description Displays filter maintenance information.

Options adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.

Sample Output

show extensions adc filters maintenance user@host> show extensions adc filters maintenance

Layer 7 maintenance statistics for adc-instance lb1:Clients reset by switch on client side: 0Clients reset by switch on server side: 0Connection Splicing to support HTTP/1.1: 0Invalid HTTP methods: 0Aged delayed binding sessions: 0Half open connections: 0Total 3-way-handshake retries: 0Random early drops: 0Requests exceeded 18200 bytes: 0Invalid 3-way handshakes: 0Exceeded max frame size: 0Out of order packet drops: 0Out of order packets received: 0Current SEQ buffer entries: 0 Highest: 0Current Data buffer use: 0 Highest: 0Current DP buffer entries: 0 Highest: 0Total Nonzero SEQ Alloc: 0Total SEQ Buffer Allocs: 0 Total SEQ Frees: 0Total Data Buffer Allocs: 0 Total Data Frees: 0Alloc Fails - Seq buffers: 0 Alloc Fails - Ubufs: 0Max sessions per bucket: 0 Max frames per session: 0Max bytes buffered (sess): 0



Chapter 14 – group Operational CommandsThe following command-line interfaces (CLI) commands help you with information concerning groups.• show extensions adc group

show extensions adc group

Syntax show extensions adc group group-name

<hash client-ip>

[adc-instance adc-name extensive]


Description Displays server group related information.

Options adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.extensive—Display a more detailed output.hash client-ip—Display the real server selected by hash.

List of Outputs show extensions adc groupshow extensions adc group extensiveshow extensions adc group group-nameshow extensions adc group group-name extensiveshow extensions adc group group-name hash client-ip

Sample Output

show extensions adc groupuser@host> show extensions adc group

Groups statistics for adc instance lb1:

Group Total servers Active servers Connections---------+-------------+--------------+-------------g1 1 1 0g2 2 2 0

show extensions adc group extensiveuser@host> show extensions adc group extensive

Groups statistics for adc instance lb1:

Group Total servers Active Interface Connections---------+-------------+-------+----------+-------------g1 10 5 Total 906

ms-1/2/3 784 ms-5/6/7 44 ms-2/3/4 78

g2 2 2 Total 0



show extensions adc group group-nameuser@host> show extensions adc group g1

Group g1 Adc instance lb1:

Health check information:Health check type is ALWAYS UPProtocol: TCPPorts: 53

80

Servers:

s1 address 3.3.3.11, unit 0, Active(enabled & UP)

Services:Virtual server v1 dns-virtual-service dns1Virtual server v1 http-virtual-service http1

Connections: Current connections 0, Total connections 0, Highest connects 0

Real Server Status Cur Connections Total Highest------------+--------+-----------------+-------+---------s1 Active 0 0 0

show extensions adc group group-name extensiveuser@host> show extensions adc group g1 extensive

Group g1 adc-instance lb1:Servers:

s1 address 3.3.3.11, unit 0, Active(enabled & UP)When active use -

s1 address 4.4.4.11, unit 0, Active(enabled & UP)

Services: Virtual server v1 dns-virtual-service dns1Virtual server v1 http-virtual-service http1

Per-interface statistics table for group group-name:Interface Cur Connections Total Highest ------------+-------------------+------------+--------------ms-1/2/3 784 1,564 999ms-3/4/5 0 0 0Total 784 1,564 999

show extensions adc group group-name hash client-ipuser@host> show extensions adc group g1 hash 10.205.130.10

Client 10.205.130.10 binds to real-server r1 in group g1 instance lb1.

- OR -

Group g1 instance lb1 does not use hash based load balancing method.



Chapter 15 – internal and maintenance Operational CommandsThe following command-line interfaces (CLI) commands help you with information concerning general maintenance.• show extensions adc internal• request extensions adc maintenance dump-and-restart• request extensions adc maintenance information

show extensions adc internal

Syntax show extensions adc internal

<generated-configuration [adc-instance adc-name]>

<software-version>

<maintenance interface>


Description Displays internal information about the ADC software.

Options generated-configuration—Display generated configuration information.software-version—Displays the software version and build information.maintenance—Displays maintenance information per interface.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.

List of Outputs show extensions adc internal generated-configurationshow extensions adc internal software-versionshow extensions adc internal maintenance interface

Sample Output

show extensions adc internal generated-configurationuser@host> show extensions adc internal generated-configuration

Front End firewall Filter name: rdwr-fe-filtRelated interfaces: ge-0/2/2.0Adc instance kobis:

Active VIPs: 6.2.2.50 (routes added)6.2.3.55 (routes added)

Non-active VIPs: NoneRouting instance: rdwr-kobis-fe-riPacket counter: 0Total Bytes: 0

Back End Firewall Filter term name: rdwr-ms-100-termRelated interfaces: ge-0/3/0.0

ms-1/0/0.10000From server in adc instance: s1

s2 s3 s4Ports: 0-8191Routing instance: rdwr-ms-100-ri



show extensions adc internal software-versionuser@host> show extensions adc internal software-version

Software Build Information:Software Version: 1.1Build ID: 087Build time: FW_VERSION: #2 Mon Apr 11 11:48:48 IDT 2011



show extensions adc internal maintenance interfaceuser@host> show extensions adc internal maintenance ms-1/0/0

ADC Maintenance statistics:

Maximum sessions: 688128Current sessions: 04 second average: 0

64 second average: 0Terminated sessions: 0Allocation failures: 0UDP datagrams: 0No available real server: 0Backup server activations: 0No TCP control bits: 0Invalid reset packet drops: 0Out of State FIN Pkt drops: 0Cookies regenerated: 1Free cookie pool entries: 0Total IP fragment sessions: 0Current IP4 fragment sessions 0IP4 fragment discards: 0IP fragment table full: 0Current IPF buffer sessions: 0Highest IPF buffer sessions: 0IPF buffer alloc fails: 0IPF SP buffer alloc fails: 0Exceeded 50 OOO packets: 0IPF invalid lengths: 0IPF Null Payloads: 0Fragment Overlaps: 0Duplicate fragments: 0Current real service stats: 0Real service stats failures: 0Free Service pool entries: 8186Core Persist Free entries: 688128Core Persist Current entries: 0Core Persist Total entries: 0Core Persist Lookup Failed: 0Core Persist Delete Failed: 0Core Persist Hash Entry Chain: 0Total Jbuf processed per sec 0Total Letters proces per sec 0Total entries aged per sec 0Global pool Jbuf received: 0Local pool Jbuf allocated: 0Global pool Jbuf sent out: 0Local pool Jbuf sent out: 0Global pool Jbuf freed: 0Local pool Jbuf freed: 0



request extensions adc maintenance dump-and-restart

request extensions adc maintenance information

Syntax request extensions adc maintenance dump-and-restart [adc-instance adc-name | service-interface interface]


Description Manages support and troubleshooting information.

Options dump-and-restart—Dumps the state information and restarts the ADC instance or service interface.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.service-interface interface—Enter the name of the service-interface for which to display statistics.

List of Outputs request extensions adc maintenance dump-and-restart adc-instancerequest extensions adc maintenance dump-and-restart service-interface

Sample Output

request extensions adc maintenance dump-and-restart adc-instanceuser@host> request extensions adc maintenance dump-and-restart adc-instance lb1

This restarts the adc-instance lb1, all connections will be discarded.Continue with dump and restart [y|n] [n]? y

If yes, then the following displays:

The dump is written to adc-ctrl.core files at /var/tmp/adc-instance lb1 restart initiated. Use the adc status command to follow up.

request extensions adc maintenance dump-and-restart service-interface Tuser@host> request extensions adc maintenance dump-and-restart service-interface ms-1/0/0

his restarts the service interface lb1, all connections managed by this service interface will be discarded.Continue with dump and restart [y|n] [n]? y

If yes, then the following displays:

The dump is written to adc-ctrl.core files at /var/tmp/Service interface ms-1/0/0 restart initiated. Use the adc status command to follow up.

Syntax request extensions adc maintenance information


Description Displays the dump information for technical assistance.



Sample Output

request extensions adc maintenance informationuser@host> request extensions adc maintenance information

Note: This report generates a long output that is a collection of many other commands. This command is useful to use when there is a problem and you are asked to send troubleshooting data. In those cases, this command suffices and no other output is required.





Chapter 16 – real-server Operational CommandsThe following command-line interfaces (CLI) commands help you with information concerning real servers.• show extensions adc real-server• request extensions adc disable• request extensions adc enable

show extensions adc real-server

Syntax show extemsopms adc real-server

<real-server-name>

[adc-instance adc-name extensive]


Description Displays server-related information.

Options real-server-name—Enter the name of a real server in order to see statistics specific to that server.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.extensive—Display a more detailed output.

List of Outputs show extensions adc real-servershow extensions adc real-server real-server-nameshow extensions adc real-server adc-instance adc-nameshow extensions adc real-server extensive

Sample Output

show extensions adc real-serveruser@host> show extensions adc real-server

Real Server’s statistics for adc instance lb1:Real Server Address Status Cur Connections--------------+----------------+--------------+----------------r1 200.0.0.10 Active 0r2 200.0.0.11 Active 0r3 200.0.0.12 DOWN 0



show extensions adc real-server real-server-nameuser@host> show extensions adc real-server r1

Real-server r1 adc instance lb1:Address 200.0.0.10, unit 0, Active<enabled & UP>Listening ports:

port NoneGroup g1:

Virtual server v1 dns-virtual-service dns1, Server is UPReal-server r1 adc instance lb1 statistics:

Server failures: 0Last time real server up: Sat Apr 7 18:19:26 2012Health check:

Attempts: 0, Failures: 0, Response: 1Valid response time:

Last: 314520845 usecs, Average: 314520845 usecs, Longest: 314520845 usecs

Health check type: ALWAYS-UPLast SNMP HC response: NoneBuddy Health check failures: 0

Connections: Current: 0, Total: 0, Highest: 0Octets: 0Cookie pop out: 0Cookie unavailable: 0Cookie count: 0

show extensions adc real-server adc-instance adc-nameuser@host> show extensions adc real-server adc-instance lb1

Real Server’s statistics for adc instance lb1:Real Server Address Status Cur Connections-------------+----------------+--------------+----------------r1 200.0.0.10 Active 0r2 200.0.0.11 Active 0r3 200.0.0.12 DOWN 0

show extensions adc real-server extensiveuser@host> show extensions adc real-server extensive

Real Server’s statistics for adc instance lb1 :Real Server Address Status Interface Cur Connections-------------+----------------+--------------+------------+---------------r1 200.0.0.10 Active ms-1/0/0 0

Total 0r2 200.0.0.11 Active ms-1/0/0 0

Total 0r3 200.0.0.12 DOWN ms-1/0/0 0

Total 0



request extensions adc disable

request extensions adc enable

Syntax request extensions adc disable real-server

<real-server-name>

<allow-cookie>

<force>

<gracefully>


Description Does not send any new connections to the real servers.

Options real-server-name—Specifies the real server to disable.allow-cookie—Allow new connection according to cookie persistency.force—Immediately remove existing connections to this server.gracefully—Do not send any new connections to the server (default)

Syntax request extensions adc enable

<adc-instance adc-name | real-server server-instance>


Description Starts using real servers for application delivery. You must pick one of the two available options: adc-instance or real-server.

Options adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.real-server server-instance—Specifies a real server to enable.





Chapter 17 – virtual-server and services Operational CommandsThe following command-line interfaces (CLI) commands help you with information concerning virtual servers and virtual services.• show extensions adc virtual-server• show extensions adc dns• show extensions adc ftp• show extensions adc http• show extensions adc ldap• show extensions adc plain-virtual-service• show extensions adc rtsp• show extensions adc sip• show extensions adc ssl• show extensions adc tftp• show extensions adc wap• show extensions adc wts

show extensions adc virtual-server

Syntax show extensions adc virtual-server

<server-name [adc-instance adc-name extensive]>

<server-listening-ports ports>


Description Displays virtual server information.

Options server-name—Name of the virtual server to show.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.extensive—Display a more detailed output.server-listening-ports ports—Display statistics using the server listening port.

List of Outputs show extensions adc virtual-servershow extensions adc virtual-server virtual-server-nameshow extensions adc virtual-server adc-instance nameshow extensions adc virtual-server extensiveshow extensions adc virtual-server server-listening-ports

Sample Output

show extensions adc virtual-serveruser@host> show extensions adc virtual-server

Virtual servers’ statistics for adc instance name:Virtual Server Cur Connections Total Highest-----------------+----------------+-----------+-----------myDNS 784 1,564 999



show extensions adc virtual-server virtual-server-nameuser@host> show extensions adc virtual-server vs1

Virutal server vs1, Address 10.20.20.1adc instance lb1

Service Active Servers Cur Connections Total Highest------------+---------------+---------------+---------+----------myDNS 17 784 1,564 999myHTTP 3 0 0 0Total 3 784 1,564 999

show extensions adc virtual-server adc-instance nameuser@host> show extensions adc virtual-server adc-instance lb1

Virtual servers’ statistics for adc instance lb1:Virtual Server Cur Connections Total Highest-----------------+----------------+-----------+-----------v1 0 0 0

show extensions adc virtual-server extensiveuser@host> show extensions adc virtual-server extensive

Virtual servers' statistics for adc-instance lb1:Virtual Server Interface Cur Connections Total Highest--------------+-------------+------------------+--------+--------Virt1 ms-1/2/3 784

ms-5/6/7 44ms-2/3/4 78Total <sum>

VirtMy58 Total 0

show extensions adc virtual-server server-listening-portsuser@host> show extensions adc virtual-server server-listening-ports

Virtual server vs1 server-listening-ports statistics:

Current Total HighestReal IP address Sessions Sessions Sessions Octets ------+-----------------+----------+-----------+---------+-------- Name1 Port 8004 - 31 - -Name1 Port 8005 - 13 - -Name1 20.20.20.10 0 227 19 742766AAA2 Port 8004 - 124 - -AAA2 Port 8005 - 10 - -AAA2 20.20.20.11 1 421 22 906641---- ------------------- ---------- ----------- ---------- ---------

20.21.21.100 1 648 41 1649407



show extensions adc dns

Syntax show extensions adc dns

<statistics>

<virtual-service virtual-service-name [adc-instance adc-name extensive]>


Description Displays DNS virtual services information.

Options virtual-service virtual-server-name—Name of the virtual server to show.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.extensive—Display a more detailed output.

List of Outputs show extensions adc dns statisticsshow extensions adc dns virtual-serviceshow extensions adc dns virtual-service nameshow extensions adc dns virtual-service name extensive

Sample Output

show extensions adc dns statisticsuser@host> show extensions adc dns statistics

DNS Statistics for instance <name>: Total number of TCP DNS queries: 0Total number of UDP DNS queries: 0Total number of invalid DNS queries: 0Total number of multiple DNS queries: 0Total number of domain name parse errors: 0Total number of failed real server name matches: 0Total number of DNS parsing internal errors: 0

show extensions adc dns virtual-serviceuser@host> show extensions adc dns virtual-service

virtual services statistics for adc instance lb1:

Virtual Server Virtual Service Active Servers Cur Connections

--------------+---------------+--------------+---------------------

v1 dns1 1 0



show extensions adc ftp

show extensions adc dns virtual-service nameuser@host> show extensions adc dns virtual-service dns1

Virtual service dns1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:

Active Servers: 0 (up and enabled)Total Servers: 1

Connections: Current 0, Total 0, Highest 0Real Cur Connections Total Highest--------------+---------------+------------+-----------r1 0 1 0

show extensions adc dns virtual-service name extensiveuser@host> show extensions adc dns virtual-service dns1 extensive

Virtual service dns1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:


Per-interface statistics table for virtual Service dns1:Interface Cur Connections Total Highest--------------+---------------+------------+-----------ms-1/0/0 0 1 0Total 0 1 0

Syntax show extensions adc ftp

<statistics>



Description Displays DNS virtual services information.


List of Outputs show extensions adc ftp statisticsshow extensions adc ftp virtual-serviceshow extensions adc ftp virtual-service nameshow extensions adc ftp virtual-service name extensive

Sample Output



show extensions adc ftp statisticsuser@host> show extensions adc ftp statistics

FTP statistics for lb1:Total FTP Active (PORT): 0

Total new active FTP NAT Index: 0FTP Active FTP NAT ACK/SEQ diff: 0

Total FTP Parsing (PASV): 0Total new FTP SLB parsing Index: 0FTP SLB parsing ACK/SEQ diff: 0

show extensions adc ftp virtual-serviceuser@host> show extensions adc ftp virtual-service

virtual services statistics for adc instance lb1:

Virtual Server Virtual Service Active Servers Cur Connections

--------------+---------------+--------------+---------------------

v1 ftp1 1 0

show extensions adc ftp virtual-service nameuser@host> show extensions adc ftp virtual-service ftp1

Virtual service ftp1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



show extensions adc ftp virtual-service name extensiveuser@host> show extensions adc ftp virtual-service ftp1 extensive

irtual service ftp1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:


Per-interface statistics table for virtual Service dtp1:Interface Cur Connections Total Highest--------------+---------------+------------+-----------ms-1/0/0 0 1 0Total 0 1 0



show extensions adc http

Syntax show extensions adc http

<cookie-statistics virtual-server server-name>

<cookie-to-server value virtual-server server-name>

<select-by-content virtual-server server-name>



Description Displays HTTP virtual services informaiton.

Options cookie-statistics—Display virtual server cookie statistics.cookie-to-server value—Display real server according to HTTP cookie value.select-by-content—Display virtual server select-by-content information.virtual-server server-name—Name of the virtual server to show.virtual-service virtual-server-name—Name of the virtual server to show.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.extensive—Display a more detailed output.

List of Outputs show extensions adc http cookie-statistics virtual-server server-nameshow extensions adc http cookie-to-server value virtual-server server-nameshow extensions adc http select-by-content virtual-server server-nameshow extensions adc http virtual-serviceshow extensions adc http virtual-service virtual-service-nameshow extensions adc http virtual-service virtual-service-name extensive

Sample Output

show extensions adc http cookie-statistics virtual-server server-nameuser@host> show extensions adc http cookie-statistics virtual-server vs1

Persistency Cookie statistics:'Cookie' Hits: 1'Cookie' Misses: 1Cookie Inserts: 26Cookie Rewrites: 26Total 'Cookie' Sessions: 2------------------------------------------------------------------Persistent Cookie inspection statistics:

Current Total Highest Sessions Sessions Sessions

------------------------- -------- ---------- --------Cookie-based Connection entries 1 1 1Learned cookies 1 2 1



show extensions adc http cookie-to-server value virtual-server server-nameuser@host> show extensions adc http cookie-to-server 22 virtual-server vs1

virtual-service vs1 Cookie value 22 for service vs1 in instance lb1 is mapped to real server r1 address 102.1.1.10 with age of 35 minutes.

show extensions adc http select-by-content virtual-server server-nameuser@host> show extensions adc http select-by-content virtual-server vs1

HTTP select-by-content statistics:'text' Hits: 1'text' Misses: 1

Total 'text' Sessions: 2------------------------------------------------------------------

'text' can be: host, cookie, user-agnet or configured header-name (from configuration)

show extensions adc http virtual-serviceuser@host> show extensions adc http virtual-service

virtual services statistics for adc instance lb1:Virtual Server Virtual Service Active Servers Cur Connections--------------+---------------+--------------+---------------------v1 http1 1 0



show extensions adc ldap

show extensions adc http virtual-service virtual-service-nameuser@host> show extensions adc http virtual-service http1

Virtual service http1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



show extensions adc http virtual-service virtual-service-name extensiveuser@host> show extensions adc http virtual-service http1 extensive

Virtual service http1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



Syntax show extensions adc ldap virtual-service virtual-service-name [adc-instance adc-name extensive]


Description Displays LDAP virtual services information.


List of Outputs show extensions adc ldap virtual-serviceshow extensions adc ldap virtual-service virtual-service-nameshow extensions adc ldap virtual-service virtual-service-name extensive



show extensions adc plain-virtual-service

Sample Output

show extensions adc ldap virtual-serviceuser@host> show extensions adc ldap virtual-service

virtual services statistics for adc instance lb1:Virtual Server Virtual Service Active Servers Cur Connections--------------+---------------+--------------+---------------------v1 ldap1 1 0

show extensions adc ldap virtual-service virtual-service-nameuser@host> show extensions adc ldap virtual-service ldap1

Virtual service ldap1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



show extensions adc ldap virtual-service virtual-service-name extensiveuser@host> show extensions adc ldap virtual-service ldap1

Virtual service ldap1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



Syntax show extensions adc plain-virtual-service virtual-service-name [adc-instance adc-name extensive]


Description Displays plain virtual services information.




show extensions adc rtsp

List of Outputs show extensions adc plain-virtual-service virtual-service-nameshow extensions adc plain-virtual-service virtual-service-name extensive

Sample Output

show extensions adc plain-virtual-service virtual-service-nameuser@host> show extensions adc plain-virtual-service plain1

Virtual service plain-virtual-serviceadc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



show extensions adc plain-virtual-service virtual-service-name extensiveuser@host> show extensions adc plain-virtual-service plain1 extensive

Virtual service plain-virtual-serviceadc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



Syntax show extensions adc rtsp

<statistics>

<virtual-service virtual-service-name> [adc-instance adc-name extensive]


Description Displays RTSP virtual services information.




List of Outputs show extensions adc rtsp statisticsshow extensions adc rtsp virtual-serviceshow extensions adc rtsp virtual-service virtual-service-nameshow extensions adc rtsp virtual-service virtual-service-name extensive

Sample Output

show extensions adc rtsp statisticsuser@host> show extensions adc rtsp statistics

RTSP Statistics for lb1: Total number of active RTSP control connections: 0Total number of active UDP streams: 0Total number of switch redirects: 0Total connections denied due to RTSP connection limit: 0Total cases of Buffer allocation for multi-packet requests: 0Total cases of memory allocation failures: 0

show extensions adc rtsp virtual-serviceuser@host> show extensions adc rtsp virtual-service

virtual services statistics for adc instance lb1:Virtual Server Virtual Service Active Servers Cur Connections--------------+---------------+--------------+---------------------v1 rtsp1 1 0



show extensions adc sip

show extensions adc rtsp virtual-service virtual-service-nameuser@host> show extensions adc rtsp virtual-service rtsp1

Virtual service rtsp1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



show extensions adc rtsp virtual-service virtual-service-name extensiveuser@host> show extensions adc rtsp virtual-service rtsp1 extensive

Virtual service rtsp1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



Syntax show extensions adc sip

<statistics>



Description Displays SIP virtual services information.


List of Outputs show extensions adc sip statisticsshow extensions adc sip virtual-serviceshow extensions adc sip virtual-service virtual-service-nameshow extensions adc sip virtual-service virtual-service-name extensive

Sample Output



show extensions adc sip statisticsuser@host> show extensions adc sip statistics

SIP Statistics for adc-instance <name>:Total number of SIP Client Parse Errors: 0Total number of SIP Server Parse Errors: 0Total number of SIP Unknown Method packets: 0Total number of SIP Incomplete Messages: 0Total number of SIP Filter Parse Errors: 0Total number of packets with SIP SDP NAT: 0

show extensions adc sip virtual-serviceuser@host> show extensions adc sip virtual-service

virtual services statistics for adc instance lb1:Virtual Server Virtual Service Active Servers Cur Connections--------------+---------------+--------------+---------------------v1 sip1 1 0

show extensions adc sip virtual-service virtual-service-nameuser@host> show extensions adc sip virtual-service sip1

Virtual service sip1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



show extensions adc sip virtual-service virtual-service-name extensiveuser@host> show extensions adc sip virtual-service sip1

Virtual service sip1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:





show extensions adc ssl

Syntax show extensions adc ssl

<session-id-to-server session-id virtual-server server-name>

<statistics>



Description Displays SSL virtual services information.

Options session-id-to-server session-id—Displays the real server according to the SSL Session ID value.virtual-server server-name—Name of the virtual server to show.virtual-service virtual-server-name—Name of the virtual server to show.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.extensive—Display a more detailed output.

List of Outputs show extensions adc ssl session-id-to-server session-id virtual-server server-nameshow extensions adc ssl statisticsshow extensions adc ssl virtual-serviceshow extensions adc ssl virtual-service virtual-service-nameshow extensions adc ssl virtual-service virtual-service-name extensive

Sample Output

show extensions adc ssl session-id-to-server session-id virtual-server server-nameuser@host> show extensions adc ssl session-id-to-server virtual-server vs1

SSL Session ID <hex value> for service vs1 in instance lb1 is mapped to real server r1 address 10.130.10.1 with age of 22 minutes.

show extensions adc ssl statisticsuser@host> show extensions adc ssl statistics

SSL load balancing statistics for instance lb1:Session ID allocation fails: 0Total number of SSL ID reassignments: 0

Current Total Highest------------------------- -------- ---------- --------Unique Session IDs 0 0 0SSL connections 0 0 0Persistent Port Sessions 0 0 0



show extensions adc tftp

show extensions adc ssl virtual-serviceuser@host> show extensions adc ssl virtual-service

virtual services statistics for adc instance lb1:Virtual Server Virtual Service Active Servers Cur Connections--------------+---------------+--------------+---------------------v1 ssl1 1 0

show extensions adc ssl virtual-service virtual-service-nameuser@host> show extensions adc ssl virtual-service ssl1

Virtual service ssl1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



show extensions adc ssl virtual-service virtual-service-name extensiveuser@host> show extensions adc ssl virtual-service ssl1 extensive

Virtual service ssl1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



Syntax show extensions adc tftp virtual-service virtual-service-name [adc-instance adc-name extensive]


Description Displays TFTP virtual services information.


List of Outputs show extensions adc tftp virtual-service virtual-service-nameshow extensions adc tftp virtual-service virtual-service-name extensive



show extensions adc wap

Sample Output

show extensions adc tftp virtual-service virtual-service-nameuser@host> show extensions adc tftp virtual-service tftp1

Virtual service tft1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



show extensions adc tftp virtual-service virtual-service-name extensiveuser@host> show extensions adc tftp virtual-service tftp1 extensive

Virtual service tft1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



Syntax show extensions adc wap

<client-ip-to-server dot-address | hex-address virtual-server server-name>

<statistics>



Description Displays WAP virtual services information.

Options client-ip-to-server address—Display the real server according to the client IP address.virtual-server server-name—Enter the name of the virtual server to use.virtual-service virtual-server-name—Name of the virtual server to show.adc-instance adc-name—Enter the name of the adc-instance for which to display statistics.extensive—Display a more detailed output.



List of Outputs show extensions adc wap client-ip-to-servershow extensions adc wap statisticsshow extensions adc wap virtual-service virtual-service-nameshow extensions adc wap virtual-service virtual-service-name extensive

Sample Outpur

show extensions adc wap client-ip-to-serveruser@host> show extensions adc wap client-ip-to-server

Client address 120.10.50.1 for service vs1 in instance lb1 is mapped to real server r1 address 1.1.1.10 with age of 55 minutes.

show extensions adc wap statisticsuser@host> show extensions adc wap statistics

WAP Maintenance statistics:current sessions: 0allocation failures: 0incorrect VIPs: 0incorrect service ports: 0no available real server: 0requests to wrong DP: 0

RADIUS Snooping statistics:accounting requests: 0 accounting wrap requests: 0accounting start requests: 0 accounting update requests: 0accounting stop requests: 0 accounting bad requests: 0accounting requests -with Framed IP: 0 no Framed IP: 0add session requests: 0 delete session requests: 0requests failed due to DP dead: 0



show extensions adc wts

show extensions adc wap virtual-service virtual-service-nameuser@host> show extensions adc wap virtual-service wap1

Virtual service wap1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:


Connections: Current 0, Total 0, Highest 0Current connections to real-servers, by service port:Real Server radius-acc radius-auth wsp wtp wtls 9202 9203-------------+------------+------------+------+----+----------+-----Server45 784 564 999 123 502 122newServer 0 777 568 765 502 122

show extensions adc wap virtual-service virtual-service-name extensiveuser@host> show extensions adc wap virtual-service wap1

Virtual service wap1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



Syntax show extensions adc wts virtual-service virtual-service-name [adc-instance adc-name extensive]


Description Displays WTS virtual services information.


List of Outputs show extensions adc wts virtual-serviceshow extensions adc wts virtual-service virtual-service-nameshow extensions adc wts virtual-service virtual-service-name extensive

Sample Output



show extensions adc wts virtual-serviceuser@host> show extensions adc wts virtual-service

virtual services statistics for adc instance lb1:Virtual Server Virtual Service Active Servers Cur Connections--------------+---------------+--------------+---------------------v1 wts1 1 0

show extensions adc wts virtual-service virtual-service-nameuser@host> show extensions adc wts virtual-service wts1

Virtual service wts1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:



show extensions adc wts virtual-service virtual-service-name extensiveuser@host> show extensions adc wts virtual-service wts1 extensive

Virtual service wts1adc instance lb1, Virtual server v1, address 150.0.0.10UDP Port 53, server listening port 53Group g1:






Index

Aaccept 44adc 19

adc-instance 24internal-unit-range 20traceoptions 21

adc-instance 24broken-handshake-timeout 25checksum-validation 25clear extensions adc statistics 111clear-on-tcp-reset 25content-match 32couple-wap-radius 25cpu-threshold 26custom-health-check 39failed-server-loyalty 26filters 47force-full-failback 26groups 60group-updates-interval 27health-check-source 27instance-unit 27no-connections-sync 28real-servers 75router-interfaces 79show extensions adc cpu 108show extensions adc license-info 109show extensions adc nat 110show extensions adc status 107show extensions adc workload-manager 111tcp-close-timeout 28virtual-server 102

address 25, 69, 82add-x-forwarded-for 82allow-ldap-write 70allow-write-servers 82always-up 58and-higher 31and-lower 31availability-threshold 58avoid-http-strings 70

Bbackup-group 58backup-real-server 58, 70

do-not-preempt 72use-when-overflow 76

binary-expect 37binary-pattern 32

binary-value 32offset 34

binary-send 38

binary-value 32and-higher 31and-lower 31depth 33

broken-handshake-timeout 25buddy-server 71

buddy-service-port 71failure-retries 73group 73

buddy-service-port 71

Ccase-sensitive 33checksum-validation 25clear

extensions adc connection-entry 116extensions adc connection-table 117extensions adc persistency-entry 117extensions adc persistency-table 118extensions adc statistics 111

clear extensions adc connection-entry 116clear extensions adc connection-table 117clear extensions adc persistency-entry 117clear extensions adc persistency-table 118clear extensions adc statistics 111clear-on-tcp-reset 25client-facing 77client-nat 44, 71close-unknown-ports 82cmd 39

binary-expect 37binary-send 38

connection-pooling 82connection-timeout 44, 71content-match 32

case-sensitive 33http-error-message 33string 34, 35

content-strings 44, 72content-term 45

http-redirect 49then 55

content-termsmatch-content 50

cookie-name 83insert 87inspect 88rewrite 94

couple-wap-radius 25cpu-threshold 26custom-health-check 39

script 40


Ddepth 33description 72, 83destination-address 45destination-nat 45destination-port 45direct-server-return 59discard 46dns 59dnstcp 59dns-virtual-service 83

fast-load-balancing 84protocol 93

domain-name 84do-not-preempt 72

Eefficient-memory-use 84exclude-by-content 46

Ffailed-server-loyalty 26failure-retries 73family 26, 77

address 25nat-address 78nat-address-range 78

fast-load-balancing 84file 19filters 47

term 54web-cache-redirection 55

first-request-only 47flag 20force-full-failback 26from 48

destination-address 45destination-port 45protocol 52source-address 53source-port 53tcp-flags 54

ftp 59ftp-virtual-service 84

Ggo-to 48group 48, 73, 85group-health-formula 59groups 60, 85

availability-threshold 58backup-groups 58backup-real-server 58direct-server-return 59

group-health-formula 59group-unit 60health-check 60load-balancing-method 62server-warm-up-time 64work-load-manager 29, 66

group-unit 60group-updates-interval 27

Hhealth-check 60, 73

always-up 58dns 59dnstcp 59ftp 59http 61imap 61interval 73ldap 61nntp 62ping 63pop3 63radius 63recovery-retries 75rtsp 64script 64sip 64smtp 65snmp 65ssl-hello 65tcp 66tftp 66wap 66wts 68

health-check-source 27unit 29

hostname 86http 61http-error-message 33http-header 34http-parsing-depth 86http-redirect 49http-virtual-service 87

add-x-forwarded-for 82connection-pooling 82hostname 86http-parsing-depth 86persistency 89

Iimap 61insert 87

efficient-memory-use 84inspect 88instance-unit 27internal-unit-range 20


interval 73

Lldap 61ldap-virtual-service 89

fast-load-balancing 84listening-ports 74load-balance 49

client-nat 44exclude-by-content 46group 48load-balancing-hash 49persistency 51select-by-content 53server-listening-port 53sync-connections 54

load-balancing-hash 49load-balancing-method 62log 50

Mmatch-content 50

content-strings 44first-request-only 47

max-connections 74ms-interfaces 78

unit 80

Nnat-address 78nat-address-range 78nntp 62no-cache-request 50no-connections-sync 28non-get-request 51no-regular-expression 34no-remote-trace 21

Ooffset 34operational commands

clear extensions adc connection-entry 116clear extensions adc connection-table 117clear extensions adc persistency-entry 117clear extensions adc persistency-table 118clear extensions adc statistics 111request extensions adc disable 135request extensions adc enable 135request extensions adc maintenance 130show extensions adc connection-table 113show extensions adc cpu 108show extensions adc dns 139show extensions adc filters 123, 124

show extensions adc ftp 140show extensions adc group 125show extensions adc http 142show extensions adc internal 127show extensions adc ldap 144show extensions adc license-info 109show extensions adc nat 110show extensions adc plain-virtual-service

145show extensions adc real-server 133show extensions adc rtsp 146show extensions adc sip 148show extensions adc ssl 150show extensions adc status 107show extensions adc string-statistics 121show extensions adc tftp 151show extensions adc virtual-server 137show extensions adc wap 152show extensions adc workload-manager 111show extensions adc wts 154

Pper-packet-load-balancing 51persistency 51, 89

persistency cookie 91persistency cookie 91

cookie-name 83persistent-timeout 91ping 63plain-virtual-service 92

fast-load-balancing 84protocol 93

pop3 63port 92protocol 52, 93

Rradius 63radius-authentication 93radius-legacy-ports 93real-servers 75

address 69allow-ldap-write 70avoid-http-strings 70backup-real-server 70buddy-servers 71client-nat 71connection-timeout 71content-strings 72description 72health-check 73listening-ports 74max-connections 74weight 76

recovery-retries 75request


extensions adc disable 135extensions adc enable 135extensions adc maintenance 130

request extensions adc disable 135request extensions adc enable 135request extensions adc maintenance 130request-with-cookie 52rewrite 94router-interface

client-facing 77router-interfaces 79

ms-interfaces 78server-facing 79

rtsp 64rtsp-virtual-service 94

Sscript 40, 64

tcp-commands 41udp-commands 41

select-by-content 52, 53, 95server-facing 79server-listening-port 53, 97server-warm-up-time 64service-timeout 98show

extensions adc connection-table 113extensions adc cpu 108extensions adc dns 139extensions adc filters 123, 124extensions adc ftp 140extensions adc group 125extensions adc http 142extensions adc internal 127extensions adc ldap 144extensions adc nat 110extensions adc plain-virtual-service 145extensions adc real-server 133extensions adc rtsp 146extensions adc sip 148extensions adc ssl 150extensions adc status 107extensions adc strings-statistics 121extensions adc tftp 151extensions adc virtual-server 137extensions adc wap 152extensions adc workload-manager 111extensions adc wts 154extensions adc-info 109

show extensions ad ldap 144show extensions adc connection-table 113show extensions adc cpu 108show extensions adc dns 139show extensions adc filters 123, 124show extensions adc ftp 140show extensions adc group 125show extensions adc http 142show extensions adc internal 127

show extensions adc license-info 109show extensions adc nat 110show extensions adc plain-virtual-service 145show extensions adc real-server 133show extensions adc rtsp 146show extensions adc sip 148show extensions adc ssl 150show extensions adc status 107show extensions adc strings-statistics 121show extensions adc tftp 151show extensions adc virtual-server 137show extensions adc wap 152show extensions adc workload-manager 111show extensions adc wtc 154sip 64sip-virtual-service 98smtp 65snmp 65source-address 53source-port 53source-port-in-hash 99ssl-hello 65ssl-virtual-service 99

fast-load-balancing 84persistency 89

string 34, 35binary-pattern 32text-pattern 35text-search 35

sync-connections 54, 100syn-protection 100

Ttcp 66tcp-close-timeout 28tcp-commands 41

cmd 39tcp-flags 54tcp-port 28term 54

connection-timeout 44destination-nat 45from 48load-balance 49per-packet-load-balancing 51then 55

text-pattern 35depth 33offset 34

text-search 35http-header 34no-regular-expression 34url-string 36

tftp 66tftp-virtual-service 101then 55

accept 44content-term 45


discard 46go-to 48

traceoptions 21file 19flag 20no-remote-trace 21

Uudp-commands 41

cmd 39unit 29, 80

family 26, 77url-string 36use-when-overflow 76

Vvirtual-server 102

address 82close-unknown-ports 82dns-virtual-service 83domain-name 84ftp-virtual-service 84http-virtual-service 87ldap-virtual-service 89plain-virtual-service 92rtsp-virtual-service 94sip-virtual-service 98ssl-virtual-service 99tftp-virtual-service 101wap-virtual-service 103wts-virtual-service 103

virtual-serversdescription 83

virtual-servicesper-packet-load-balancing 51

persistent-timeout 91port 92select-by-content 95server-listening-port 97service-timeout 98source-port-in-hash 99sync-connections 100syn-protection 100

Wwap 66

wsp 67wtls 67wtp 67

wap-virtual-service 103allow-write-servers 82groups 85persistency 89radius-authentication 93radius-legacy-ports 93

web-cache-redirection 55no-cache-request 50non-get-request 51request-with-cookie 52select-by-content 52

weight 76work-load-manager 29, 66workload-manager

address 25tcp-port 28

wsp 67wtls 67wtp 67wts 68wts-virtual-service 103

persistency 89


Documents

ADC Software Reference Guide - Juniper Networks · ADC Software Reference Guide Software Version 1.4R0.0 Document ID: RDWR-RSLB-V1.4R0.0_RG0711 July, 2011