Appendix A: Schema Reference

This page is a reference for the objects you can use in your Declarations for AS3.

ADC

A declarative configuration for an ADC such as F5 BIG-IP

Properties:

Name (Type) Default Values Description
class (string)
ADC Indicates this JSON document is an ADC declaration
Common (object)
Special tenant Common holds objects other tenants can share
constants (object)
Declaration metadata and/or named values for (re-)use by declaration objects
controls (object)
Options to control configuration process
id (string)
Unique identifier for this declaration (max 255 printable chars with no spaces, quotation marks, angle brackets, nor backslashes)
label (string)
Optional friendly name for this declaration
remark (string)
Arbitrary (brief) text pertaining to this declaration (optional)
schemaVersion (string)
3.1.0, 3.0.0 Version of ADC Declaration schema this declaration is based on
scratch (string)
Holds some system data during declaration processing
updateMode (string) selective complete, selective When set to ‘selective’ (default) Tenants not referenced in declaration will not be modified. Otherwise (‘complete’) unreferenced Tenants will be removed

Application

Application declaration master schema

Properties:

Name (Type) Default Values Description
class (string)
Application
constants (reference)
enable (boolean) true
Application handles traffic only when enabled (default)
label (reference)
redirect80 (reference)
remark (reference)
serviceMain (reference)
template (string)
Each application type has certain required and default elements and selects appropriate setup of various ADC/Security features

Application_Shared

Special application Shared holds objects other applications can share

Properties:

Name (Type) Default Values Description
class (string)
Application
enable (boolean) true true If declared, Shared Application must be enabled
template (string)
shared Shared Application template is always generic

AS3

AS3 request body

Properties:

Name (Type) Default Values Description
action (string) deploy deploy, dry-run, patch, redeploy, retrieve, remove Indicates desired action: ‘deploy’ means deploy the included declaration to targetHost; ‘dry-run’ does NOT deploy the declaration but does do everything short of changing targetHost’s configuration; ‘patch’ modifies the declaration based on the provided set of commands and then deploys the updated declaration; ‘redeploy’ causes an old declaration from targetHost’s declaration history to be re-deployed (property redeployAge (default 0) selects the old declaration, and note redeployUpdateMode as well); ‘retrieve’ returns a copy of a previously-deployed declaration; ‘remove’ deletes the declaration or declaration component.
class (string)
AS3 Indicates the structure of this request
declaration (object)
Declaration to deploy to targetHost
historyLimit (number) 4
This value (default 4) limits the number of previously-deployed declarations saved on targetHost for review using GET and for use with POST action=redeploy and redeployAge=N. The limit includes the current and immediately-previous declarations so may not be less than two
logLevel (string) error emergency, alert, critical, error, warning, notice, info, debug Controls level of detail in logs using RFC 5424 severity levels (default is ‘error’). Portions of declaration may use different logLevels
persist (boolean) true
When true (default) make the whole working configuration persistent on targetHost after (and only if) this request deploys any changes. If false, leave the working configuration in memory only (from which it may be lost if targetHost restarts)
redeployAge (integer) 0
For action=redeploy (only), chooses which old declaration to deploy again. Value 0 (default) means re-deploy the most recent declaration (the one which set the current configuration of targetHost– useful to erase changes introduced by manual configuration). Value 1 means re-deploy the declaration prior to the most-recent one, etc. Note that whenever re-deploying an old declaration causes ADC configuration changes, that declaration becomes the current declaration (age 0) and the ages of all other declarations in the history increase (0 => 1, 1 => 2, u.s.w.)
redeployUpdateMode (string) original original, complete, selective Value ‘original’ (default) means re-deploy the chosen declaration using its original updateMode (which if not explicitly specified in that declaration will default to ‘selective’). Otherwise, forces the updateMode for re-deployment to ‘complete’ or ‘selective’ as specified. Remember, ‘selective’ updates do not affect Tenants not explicitly named. To simply roll-back the targetHost configuration to the state it had immediately after deploying some earlier declaration, put ‘complete’ here (that will remove Tenants created later than the redeployAge declaration). To use action=redeploy as a simple roll-back facility, always deploy (updateMode=)complete declarations.
resourceTimeout (integer) 5
Maximum delay allowed while communicating with URL resources (seconds, default 5)
retrieveAge (integer | string) 0
Use this property with action=retrieve. You can usually get a copy of the declaration most recently deployed to targetHost, and often copies of previously-deployed declarations are also available. Value 0 (default) means ‘the last-deployed declaration,’ value 1 means ‘the declaration previous to 0’ and so-forth. To get a list of available declarations, set value ‘list’
syncToGroup (string)  
Name (like /Common/my_dg) of config-sync group TO which targetHost configuration should be synchronized after (and only if) this request deploys any changes. When empty (default) this request will not affect config-sync at all. Leave undefined or empty whenever you use auto-sync or manage configuration synchronization separately
targetHost (string) localhost
Hostname or IP address of ADC to which request applies (default localhost)
targetPassphrase (string)
Passphrase for targetUsername account. This is generally not required to configure ‘localhost’ and is not required when you populate targetTokens
targetPort (integer) 0
TCP port number of management service on targetHost; default 0 means auto-discover
targetTimeout (integer) 150
Maximum delay allowed while communicating with targetHost device (seconds, default 150)
targetTokens (object)
One or more HTTP headers (each a property, like ‘X-F5-Auth-Token’: ‘MF6APSRUYKTMSDBEOOEWLCNSO2’) to be sent with queries to the targetHost management service as authentication/authorization tokens
targetUsername (string)
Username of principal authorized to modify configuration of targetHost (may not include the character ‘:’). NOTE: this is generally not required to configure ‘localhost’ because client authentication and authorization precede invocation of AS3. It is also not required for any targetHost if you populate targetTokens
trace (boolean) false
If true, a detailed trace of the configuration process will be created for subsequent analysis (default false). May be overridden on a per-Declaration and/or per-Tenant basis. Warning: trace files may contain sensitive configuration data

Certificate

PKI certificate with optional private-key and/or chain, optional OCSP stapler

Properties:

Name (Type) Default Values Description
certificate (reference)
X.509 public-key certificate
chainCA (reference)
Bundle of one or more CA certificates in trust-chain from root CA to certificate (optional)
class (string)
Certificate
label (reference)
passphrase (object)
If supplied, used to decrypt privateKey at runtime (optional)
pkcs12 (reference)
PKCS#12 (.p12/.pfx) blob containing both certificate and private key
privateKey (reference)
Private key matching certificate’s public key (optional)
remark (reference)
staplerOCSP (object)
AS3 pointer to OCSP Stapler declaration (optional)

Controls

Options to control configuration process

Properties:

Name (Type) Default Values Description
class (string) Controls Controls
fortune (boolean) false
If true, AS3 will activate Zoltar mode and read you your fortune
logLevel (string) error emergency, alert, critical, error, warning, notice, info, debug Controls the amount of detail in logs produced while configuring this Tenant (default is whole-declaration Controls/logLevel value)
trace (boolean) false
If true, a detailed trace of the configuration process for this Tenant will be created for subsequent analysis (default is whole-declaration Controls/trace value). Warning: trace files may contain sensitive configuration data

HTTP_Compress

HTTP Compression profile with configurable options

Properties:

Name (Type) Default Values Description
allowHTTP10 (boolean) false
If true, HTTP/1.0 responses may be compressed (default false)
bufferSize (integer) 4096
Maximum number of response octets to buffer before deciding whether to apply compression (default 4096)
class (string)
HTTP_Compress
contentTypeExcludes (array)
List of response Content-Type values which should not be compressed. Values are regular expressions that match Content-Type strings
contentTypeIncludes (array) text/, application/(xml|x-javascript)
List of response Content-Type values which should be compressed. Values are regular expressions that match Content-Type strings
cpuSaver (boolean) true
If true (default), system will reduce compression rate when CPU utilization exceeds cpuSaverHigh threshold and increase it when CPU utilization falls below cpuSaverLow threshold
cpuSaverHigh (integer) 90
CPU utilization percentage (default 90) above which compression should be moderated
cpuSaverLow (integer) 75
CPU utilization percentage (default 75) below which compression may be returned to normal
gzipLevel (integer) 1
Compression level (default 1); higher values produce greater compression but use more CPU cycles
gzipMemory (integer) 8
Compression memory allocation in kilobytes (default 8), should be a power of two
gzipWindowSize (integer) 16
Compression window size in kilobytes (default 16), should be a power of two
keepAcceptEncoding (boolean) false
If true, pool member may compress responses; if false (default) ADC will compress responses. Set to true when pool member stores/caches pre-compressed responses
label (reference)
minimumSize (integer) 1024
Responses of fewer octets than this (default 1024) will not be compressed
preferMethod (string) gzip gzip, deflate Select preferred compression method (default gzip, strongly recommended)
remark (reference)
selective (boolean) false
If true, a response will only be compressed when an iRule attached to the virtual server requests it (default is false, meaning responses which meet the criteria in this profile will be compressed)
uriExcludes (array)
List of request URI’s for which responses should not be compressed. Values are regular expressions that match request URI strings
uriIncludes (array)
List of request URI’s for which responses should be compressed. Values are regular expressions that match URI strings
varyHeader (boolean) true
If true (default), a Vary header will appear in compressed responses

HTTP_Profile

HTTP profile with configurable options

Properties:

Name (Type) Default Values Description
allowedResponseHeaders (array)
By default HTTP headers in responses from pool members are passed to clients unaltered. You may list names of allowed response headers here and any you do not list will be removed from responses
class (string)
HTTP_Profile
cookiePassphrase (object)
Used to create secret key for cookie encryption (when missing a system-generated key will be used)
encryptCookies (array)
List cookies to encrypt en-route to the client and decrypt en-route to a pool member
fallbackRedirect (string)
Domain name (or IP address) of service (if any) to which a request should be redirected when no pool member is responsive or selected pool member returns a fallbackStatusCode
fallbackStatusCodes (array)
When a pool member responds to a request with one of these HTTP status codes (for example, 500), redirect the client to the fallbackRedirect
hstsIncludeSubdomains (boolean) true
If true then HSTS headers (see hstsInsert) will tell clients to apply HSTS settings to the hostnames of this service and all their possible subdomains. Warning: an incorrect value here can make multiple websites unreachable, not just this service
hstsInsert (boolean) false
If true, insert HSTS (HTTP Strict Transport Security) headers into responses sent to clients (default false). Warning: misconfiguration of HSTS can make a website unreachable
hstsPeriod (integer) 7862400
If hstsInsert is true, this value tells each client how long (in seconds; default 7862400 equals 91 days) to wait before refreshing HSTS settings for this service. Warning: once a client receives erroneous HSTS settings it will ignore any attempt to correct them until this period has expired
hstsPreload (boolean) false
If true, include the domain for the web site this HTTP profile is associated with in the browser’s preload list. This forces the client to send packets over SSL/TLS.
insertHeader (object)
You may insert one header into each request before it is sent to a pool member. The header value may be a simple string or the result of an iRules TCL expression (for example, [IP::client_addr]). This is the most efficient way to insert a single header; to insert multiple headers use an iRule or a Endpoint policy
knownMethods (array) CONNECT, DELETE, GET, HEAD, LOCK, OPTIONS, POST, PROPFIND, PUT, TRACE, UNLOCK
List of HTTP request methods to be recognized as normal. Any method not in this list will provoke the ‘unknownMethodAction’ action
label (reference)
maxRequests (integer)
When more than this number of requests have been processed through a connection it will be closed. Default 0 means permit unlimited requests
multiplexTransformations (boolean) true
If true (default), request headers will be adjusted to work properly when the virtual server uses a Multiplex profile
otherXFF (array)
Names of request headers to treat as equivalent to X-Forwarded-For (see trustXFF)
pipelineAction (string) allow allow, reject, pass-through Default ‘allow’ means clients may pipeline HTTP/1.1 requests to pool members which support pipelining. Otherwise, ‘reject’ prevents pipelining, and ‘pass-through’ causes the connection to switch to pass-through mode when pipelining is detected
proxyType (string) reverse reverse, transparent, explicit Default value ‘reverse’ is usually appropriate. ‘transparent’ is used when virtual server will handle a mix of HTTP and non-HTTP traffic. ‘explicit’ is used when clients will ask ADC to proxy connections to arbitrary remote services
remark (reference)
requestChunking (string) preserve selective, preserve, rechunk Controls handling of HTTP payload chunking in requests from clients (default is ‘preserve’)
responseChunking (string) selective selective, preserve, unchunk, rechunk Controls handling of HTTP payload chunking in responses from pool members (default ‘selective’ adapts to most situations)
rewriteRedirects (string) none none, all, matching, addresses In selected Location-header values (default none) of redirect responses from pool members, change protocol HTTP to HTTPS before passing redirects to clients
serverHeaderValue (string) BigIP
Server header value to place in responses generated by the ADC itself (not obtained from a pool member)
trustXFF (boolean) false
If true, WAF (ASM) and AVR may trust X-Forwarded-For headers found in incoming requests and report statistics using client IP addresses appearing in them (default false). Use this feature only when you control upstream gateway(s)
unknownMethodAction (string) allow allow, reject, pass-through Default ‘allow’ means clients may make HTTP requests using unknown methods. Otherwise, ‘reject’ means to discard any unknown-method request and reject the client connection, and ‘pass-through’ causes the connection to switch to pass-through mode upon the first unknown-method request
viaHost (string)
Hostname to place in Via header when viaRequest or viaResponse is ‘append’
viaRequest (string) remove append, preserve, remove Controls treatment of Via: headers in requests from clients. When set to ‘append’ viaHost is required
viaResponse (string) remove append, preserve, remove Controls treatment of Via: headers in responses from pool members. When set to ‘append’ viaHost is required
whiteOutHeader (string)
You may name one request header to be whited-out of each request before it is sent to a pool member. To remove more than a single named header, use an iRule or a Endpoint policy. (Whiting-out a header leaves its name but replaces its value in the request with space characters (ASCII 0x20) to avoid changing the length of the headers.)
xForwardedFor (boolean) true
If true, insert an X-Forwarded-For header carrying the client IP address into each HTTP request sent to a pool member (default false)

iRule

An iRule

Properties:

Name (Type) Default Values Description
class (string)
iRule
expand (boolean) true
If true (default), expand backquoted variables in iRule
iRule (reference)
label (reference)
remark (reference)

L4_Profile

No description provided

Properties:

Name (Type) Default Values Description
class (string)
L4_Profile
clientTimeout (integer) 30
Number of seconds allowed for a client to transmit enough data to select a server when late binding is enabled. Value -1 means indefinite (not recommended)
idleTimeout (integer) 300
Number of seconds (default 300; may not be 0) connection may remain idle before it becomes eligible for deletion. Value -1 (not recommended) means infinite
label (reference)
looseClose (boolean) false
When true, system closes a loosely-initiated connection when the system receives the first FIN packet from either the client or the server (default false).
looseInitialization (boolean) false
When true, system initializes a connection when it receives any TCP packet, rather than requiring a SYN packet for connection initiation (default false).
maxSegmentSize (integer) 0
Sets MSS advertised to peer. Value 0 (default) will set MSS automatically in proportion to interface MTU. Default 0 is usually the best choice
remark (reference)
resetOnTimeout (boolean) true
If true (default), connections which time out will be reset (that is, an RST packet will be sent to the peer) before they are expunged
tcpCloseTimeout (integer) 5
Specifies an TCP close timeout in seconds. Value -1 means indefinite (not recommended)
tcpHandshakeTimeout (integer) 5
Specifies a TCP handshake timeout in seconds. The default value is 5 seconds. Value -1 means indefinite (not recommended)

Monitor

Declares a (possibly complex) monitor

Properties:

Name (Type) Default Values Description
class (string)
Monitor
interval (integer) 5
Poll interval (seconds)
label (reference)
monitorType (string)
external, http, https, icmp, sip, smtp, tcp, tcp-half-open, udp Each monitor type may be customized
remark (reference)
targetAddress (string)  
IP address monitor should probe; if empty (default) then pool member address
timeout (integer) 16
Time limit for node to respond (seconds)
timeUntilUp (integer) 0
Delay between successful probe and sending traffic to node (seconds)
upInterval (integer) 0
Poll interval when service is already up (seconds)

Monitor_HTTP

Additional Monitor class properties available when monitorType = http or https

Properties:

Name (Type) Default Values Description
adaptive (boolean) false
If true, use adaptive probe timing
adaptiveDivergenceMilliseconds (integer) 500
Probe fails if response latency exceeds mean by this many milliseconds
adaptiveDivergencePercentage (integer) 100
Probe fails if response latency exceeds mean by this percentage
adaptiveDivergenceType (string) relative absolute, relative Adaptive divergence, ‘absolute’ selects milliseconds, ‘relative’ (default) selects percentage
adaptiveLimitMilliseconds (integer) 1000
Probe fails if response latency exceeds this many milliseconds
adaptiveWindow (integer) 180
Time window over which latency is sampled (seconds)
dscp (integer) 0
Value for IP DSCP (ex-TOS) field (default 0)
passphrase (object)
Passphrase if any for query authentication
receive (string) HTTP/1.
Mark node up upon receipt of this (backquote-expanded) string
receiveDown (string)  
Mark node down upon receipt of this (backquote-expanded) string (optional; must be empty when ‘reverse’ is true)
reverse (boolean) false
If true, mark node down upon receipt of ‘receive’ string
send (string) HEAD / HTTP/1.0rnrn
Send this (backquote-expanded) string to query node
transparent (boolean) false
If true, treat pool member address as gateway to server (node) (default false)
username (string)
Username if any for query authentication

Monitor_HTTPS

Additional Monitor class properties available when monitorType = https

Properties:

Name (Type) Default Values Description
adaptive (boolean) false
If true, use adaptive probe timing
adaptiveDivergenceMilliseconds (integer) 500
Probe fails if response latency exceeds mean by this many milliseconds
adaptiveDivergencePercentage (integer) 100
Probe fails if response latency exceeds mean by this percentage
adaptiveDivergenceType (string) relative absolute, relative Adaptive divergence, ‘absolute’ selects milliseconds, ‘relative’ (default) selects percentage
adaptiveLimitMilliseconds (integer) 1000
Probe fails if response latency exceeds this many milliseconds
adaptiveWindow (integer) 180
Time window over which latency is sampled (seconds)
ciphers (string) DEFAULT
Ciphersuite selection string
clientCertificate (string)
AS3 pointer to client Certificate declaration, for TLS authentication (optional)

Monitor_ICMP

Additional Monitor class properties available when monitorType = icmp

Properties:

Name (Type) Default Values Description
adaptive (boolean) false
If true, use adaptive probe timing
adaptiveDivergenceMilliseconds (integer) 500
Probe fails if response latency exceeds mean by this many milliseconds
adaptiveDivergencePercentage (integer) 100
Probe fails if response latency exceeds mean by this percentage
adaptiveDivergenceType (string) relative absolute, relative Adaptive divergence, ‘absolute’ selects milliseconds, ‘relative’ (default) selects percentage
adaptiveLimitMilliseconds (integer) 1000
Probe fails if response latency exceeds this many milliseconds
adaptiveWindow (integer) 180
Time window over which latency is sampled (seconds)
transparent (boolean) false
If true, treat pool member address as gateway to server (node) (default false)

Monitor_Send_Recv

Additional Monitor class properties available when monitorType = tcp or udp

Properties:

Name (Type) Default Values Description
receive (string)
Mark node up upon receipt of this (backquote-expanded) string
receiveDown (string)  
Mark node down upon receipt of this (backquote-expanded) string (optional; must be empty when ‘reverse’ is true)
reverse (boolean) false
If true, mark node down upon receipt of ‘receive’ string
send (string)
Send this (backquote-expanded) string to node
transparent (boolean) false
If true, treat pool member address as gateway to server (node) (default false)

Monitor_SIP

Additional Monitor class properties available when monitorType = sip

Properties:

Name (Type) Default Values Description
ciphers (string) DEFAULT
Ciphersuite selection string
clientCertificate (string)
AS3 pointer to client Certificate declaration, for TLS authentication (optional)
codesDown (array)
List of status codes meaning service is down (0 matches any code)
codesUp (array)
List of additional (to all 1/2/3xx) status codes meaning service is up (0 matches any code)
headers (string)  
SIP headers to send in probes (if any)–separate by newlines (backquote-expanded)
protocol (string) udp sips, tcp, tls, udp SIP transport protocol
request (string)  
SIP request to send in probes (default empty)

Monitor_SMTP

Additional Monitor class properties available when monitorType = smtp

Properties:

Name (Type) Default Values Description
domain (string)  
Mail domain to check, if any (backquote-expanded)

Monitor_TCP_Half_Open

Additional Monitor class properties available when monitorType = tcp-half-open

Properties:

Name (Type) Default Values Description
transparent (boolean) false
If true, treat pool member address as gateway to server (node) (default false)

Persist

Declares a persistence method

Properties:

Name (Type) Default Values Description
class (string)
Persist
label (reference)
matchAcrossPools (boolean) false
matchAcrossVirtualAddresses (boolean) false
matchAcrossVirtualPorts (boolean) false
mirror (boolean) false
If true, try to maintain persistence even after HA failover of ADC (default false)
overrideConnectionLimit (boolean) false
If true, do not enforce pool member connection limit for persisted connections (default false)
persistenceMethod (string)
cookie, destination-address, hash, msrdp, sip-info, source-address, tls-session-id, universal Each basic persistence method may be customized
remark (reference)

Persist_Addr

No description provided

Properties:

Name (Type) Default Values Description
addressMask (string)
Optional mask selects portion of address used by simple persistence (if omitted all address bits are used)
duration (integer) 180
Lifetime of persistence record (seconds, default 180)
hashAlgorithm (string) default carp, default

Persist_Hash

No description provided

Properties:

Name (Type) Default Values Description
bufferLimit (integer) 0
Number of octets to buffer while pattern-matching
count (integer) 0
Number of octets in cookie value to hash; 0 (default) means all
duration (integer) 180
Lifetime of persistence record (seconds, default 180)
endPattern (string)  
Regular expression which matches end of data to hash; default “” averts matching
hashAlgorithm (string) default carp, default
iRule (object)
AS3 pointer to iRule if any (declared separately)
startAt (integer) 0
Index of first octet in packet to hash
startPattern (string)  
Regular expression which matches start of data to hash; default “” averts matching

Persist_MSRDP

No description provided

Properties:

Name (Type) Default Values Description
duration (integer) 300
Lifetime of persistence record (seconds, default 300)
sessionBroker (boolean) true
If true (default), client will be persisted to server chosen by session broker

Persist_SIP

No description provided

Properties:

Name (Type) Default Values Description
duration (integer) 180
Lifetime of persistence record (seconds, default 180)
header (string)
Suggested values include: Call-ID, To, From, SIP-ETag, and Subject

Persist_TLS_Session

No description provided

Properties:

Name (Type) Default Values Description
duration (integer) 300
Lifetime of persistence record (seconds, default 300)

Persist_UIE

No description provided

Properties:

Name (Type) Default Values Description
duration (integer) 180
Lifetime of persistence record (seconds, default 180)
iRule (object)
AS3 pointer to required iRule (declared separately)

Pool

Declares a service pool

Properties:

Name (Type) Default Values Description
class (string)
Pool
label (reference)
loadBalancingMode (string) round-robin dynamic-ratio-member, dynamic-ratio-node, fastest-app-response, fastest-node, least-connections-member, least-connections-node, least-sessions, observed-member, observed-node, predictive-member, predictive-node, ratio-least-connections-member, ratio-least-connections-node, ratio-member, ratio-node, ratio-session, round-robin, weighted-least-connections-member, weighted-least-connections-node Load-balancing mode
members (array)
minimumMembersActive (integer) 1
Pool is down when fewer than this many members are up
minimumMonitors (integer)
Member is down when fewer than minimum monitors report it healthy
monitors (array)
List of health monitors (each by name or AS3 pointer)
remark (reference)
reselectTries (integer) 0
Maximum number of attempts to find a responsive member for a connection
serviceDownAction (string) none drop, none, reselect, reset Specifies connection handling when member is non-responsive
slowRampTime (integer) 10
Connection rate to newly-active member is increased slowly during this interval (seconds)

Pool_Member

Declares a service-pool member

Properties:

Name (Type) Default Values Description
bigip (string)
If defined, pathname of existing BIG-IP node
connectionLimit (integer) 0
Maximum concurrent connections to member
dynamicRatio (integer) 1
enable (boolean) true
Maps to BIG-IP pool member state
minimumMonitors (integer)
Member is down when fewer than minimum monitors report it healthy
monitors (array)
List of monitors (each by name or AS3 pointer)
priorityGroup (integer) 0
rateLimit (integer) -1
Value zero prevents use of member
ratio (integer) 1
remark (reference)
servicePort (integer)
Service L4 port (optional port-discovery may override)

Service_Address

Service IP address definition (BIG-IP virtual-address)

Properties:

Name (Type) Default Values Description
arpEnabled (boolean) true
If true (default), ARP requests will be serviced on this address
class (string)
Service_Address
icmpEcho (string) enable enable, disable, selective If true (default), ICMP echo requests will be answered on this address
label (reference)
remark (reference)
virtualAddress (string)

Service_HTTP

HTTP virtual server

Properties:

Name (Type) Default Values Description
addressStatus (boolean) true
class (string)
Service_HTTP
enable (boolean) true
Virtual server handles traffic only when enabled (default)
fallbackPersistenceMethod (reference)
iRules (array)
List iRules for this virtual server (order is significant)
label (reference)
lastHop (string | object) default
Name of built-in last-hop method or AS3 pointer to last-hop pool (default ‘default’ means use system setting)
maxConnections (integer) 0
mirroring (string) none none, L4 Controls connection-mirroring for high-availability
persistenceMethods (array) cookie
Default ‘cookie’ is generally good
policyFirewallEnforced (reference)
policyFirewallStaged (reference)
policyIAM (object)
AS3 pointer to IAM (APM) policy declaration
policyWAF (object)
AS3 pointer to WAF (ASM) policy declaration
pool (object)
AS3 pointer to pool if any (declared separately)
profileHTTP (string | object) basic
HTTP profile; name of built-in or else AS3 pointer
profileHTTPAcceleration (string | object)
Web acceleration profile; name of built-in or else AS3 pointer
profileHTTPCompression (string | object)
HTTP compression profile; name of built-in or else AS3 pointer
profileMultiplex (string | object)
Multiplex (OneConnect) profile; name of built-in or else AS3 pointer
remark (reference)
snat (string | object) auto
Name of built-in SNAT method or AS3 pointer to SNAT pool. If ‘self’ virtual-server address will be used as SNAT address
translateClientPort (boolean) false
If true, hide client’s port number from server (default false)
translateServerAddress (boolean) true
If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateServerPort (boolean) true
If true (default), make server-side connection to server port (otherwise, connect to server on virtual-server port)
virtualAddresses (array)
Virtual server will listen to each IP address in list. To accept connections only from certain subnet(s), replace IP address with array [IP-address, accept-from-subnet]
virtualPort (integer) 80
Default 80 is well-known HTTP port

Service_HTTPS

HTTPS (HTTP+TLS) virtual server

Properties:

Name (Type) Default Values Description
addressStatus (boolean) true
class (string)
Service_HTTPS
enable (boolean) true
Virtual server handles traffic only when enabled (default)
fallbackPersistenceMethod (reference)
iRules (array)
List iRules for this virtual server (order is significant)
label (reference)
lastHop (string | object) default
Name of built-in last-hop method or AS3 pointer to last-hop pool (default ‘default’ means use system setting)
maxConnections (integer) 0
mirroring (string) none none, L4 Controls connection-mirroring for high-availability
persistenceMethods (array)
List of persistence methods (each by name or AS3 pointer). Element 0 is primary (default) persistence method
policyFirewallEnforced (reference)
policyFirewallStaged (reference)
pool (object)
AS3 pointer to pool if any (declared separately)
redirect80 (boolean) true
If true, HTTP traffic to any virtualAddress on port 80 will be redirected to virtualPort
remark (reference)
snat (string | object) auto
Name of built-in SNAT method or AS3 pointer to SNAT pool. If ‘self’ virtual-server address will be used as SNAT address
translateClientPort (boolean) false
If true, hide client’s port number from server (default false)
translateServerAddress (boolean) true
If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateServerPort (boolean) true
If true (default), make server-side connection to server port (otherwise, connect to server on virtual-server port)
virtualAddresses (array)
Virtual server will listen to each IP address in list. To accept connections only from certain subnet(s), replace IP address with array [IP-address, accept-from-subnet]
virtualPort (integer) 443
Default 443 is well-known HTTPS port

Service_L4

Declares a L4 (FastL4) virtual server

Properties:

Name (Type) Default Values Description
addressStatus (boolean) true
class (string)
Service_L4
enable (boolean) true
Virtual server handles traffic only when enabled (default)
fallbackPersistenceMethod (reference)
iRules (array)
List iRules for this virtual server (order is significant)
label (reference)
lastHop (string | object) default
Name of built-in last-hop method or AS3 pointer to last-hop pool (default ‘default’ means use system setting)
layer4 (string) tcp any, tcp, udp, 3pc, a/n, ah, argus, aris, ax.25, bbn-rcc, bna, br-sat-mon, cbt, cftp, chaos, compaq-peer, cphb, cpnx, crdup, crtp, dccp, dcn, ddp, ddx, dgp, dsr, egp, eigrp, emcon, encap, esp, etherip, fc, fire, ggp, gmtp, gre, hip, hmp, hopopt, i-nlsp, iatp, icmp, idpr, idpr-cmtp, idrp, ifmp, igmp, igp, il, ip, ipcomp, ipcv, ipencap, ipip, iplt, ippc, ipv6, ipv6-auth, ipv6-crypt, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ipx-in-ip, irtp, isis, iso-ip, iso-tp4, kryptolan, l2tp, larp, leaf-1, leaf-2, manet, merit-inp, mfe-nsp, micp, mobile, mpls-in-ip, mtp, mux, narp, netblt, nsfnet-igp, nvp, ospf, pgm, pim, pipe, pnni, prm, ptp, pup, pvp, qnx, rdp, rsvp, rsvp-e2e-ignore, rvd, sat-expak, sat-mon, scc-sp, scps, sctp, sdrp, secure-vmtp, shim6, skip, sm, smp, snp, sprite-rpc, sps, srp, sscopmce, st, stp, sun-nd, swipe, tcf, tlsp, tp++, trunk-1, trunk-2, ttp, udplite, uti, vines, visa, vmtp, vrrp, wb-expak, wb-mon, wesp, wsn, xnet, xns-idp, xtp The L4 protocol type for this virtual server
maxConnections (integer) 0
mirroring (string) none none, L4 Controls connection-mirroring for high-availability
persistenceMethods (array) source-address
Default ‘source-address’ is generally good
policyFirewallEnforced (reference)
policyFirewallStaged (reference)
pool (object)
AS3 pointer to pool if any (declared separately)
profileL4 (string | object) basic
L4 profile; name of built-in or else AS3 pointer
remark (reference)
snat (string | object) auto
Name of built-in SNAT method or AS3 pointer to SNAT pool. If ‘self’ virtual-server address will be used as SNAT address
translateClientPort (boolean) false
If true, hide client’s port number from server (default false)
translateServerAddress (boolean) true
If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateServerPort (boolean) true
If true (default), make server-side connection to server port (otherwise, connect to server on virtual-server port)
virtualAddresses (array)
Virtual server will listen to each IP address in list. To accept connections only from certain subnet(s), replace IP address with array [IP-address, accept-from-subnet]
virtualPort (integer)

Service_TCP

Declares a TCP virtual server (w/optional TLS)

Properties:

Name (Type) Default Values Description
addressStatus (boolean) true
class (string)
Service_TCP
clientTLS (object)
AS3 pointer to TLS Client declaration
enable (boolean) true
Virtual server handles traffic only when enabled (default)
fallbackPersistenceMethod (reference)
iRules (array)
List iRules for this virtual server (order is significant)
label (reference)
lastHop (string | object) default
Name of built-in last-hop method or AS3 pointer to last-hop pool (default ‘default’ means use system setting)
layer4 (string) tcp tcp For TCP virtual server, Layer 4 protocol must be TCP
maxConnections (integer) 0
mirroring (string) none none, L4 Controls connection-mirroring for high-availability
persistenceMethods (array) source-address
Default ‘source-address’ is generally good
policyEndpoint (object)
AS3 pointer to Endpoint policy declaration
policyFirewallEnforced (reference)
policyFirewallStaged (reference)
pool (object)
AS3 pointer to pool if any (declared separately)
profileTCP (string | object) normal
TCP profile; name of built-in or else AS3 pointer
remark (reference)
serverTLS (object)
AS3 pointer to TLS Server declaration
snat (string | object) auto
Name of built-in SNAT method or AS3 pointer to SNAT pool. If ‘self’ virtual-server address will be used as SNAT address
translateClientPort (boolean) false
If true, hide client’s port number from server (default false)
translateServerAddress (boolean) true
If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateServerPort (boolean) true
If true (default), make server-side connection to server port (otherwise, connect to server on virtual-server port)
virtualAddresses (array)
Virtual server will listen to each IP address in list. To accept connections only from certain subnet(s), replace IP address with array [IP-address, accept-from-subnet]
virtualPort (integer)

Service_UDP

Declares a UDP virtual server (w/optional (D)TLS)

Properties:

Name (Type) Default Values Description
addressStatus (boolean) true
class (string)
Service_UDP
clientTLS (object)
AS3 pointer to TLS Client declaration
enable (boolean) true
Virtual server handles traffic only when enabled (default)
fallbackPersistenceMethod (reference)
iRules (array)
List iRules for this virtual server (order is significant)
label (reference)
lastHop (string | object) default
Name of built-in last-hop method or AS3 pointer to last-hop pool (default ‘default’ means use system setting)
layer4 (string) udp udp For UDP virtual server, Layer 4 protocol must be UDP
maxConnections (integer) 0
mirroring (string) none none, L4 Controls connection-mirroring for high-availability
persistenceMethods (array) source-address
Default ‘source-address’ is generally good
policyEndpoint (object)
AS3 pointer to Endpoint policy declaration
policyFirewallEnforced (reference)
policyFirewallStaged (reference)
pool (object)
AS3 pointer to pool if any (declared separately)
profileUDP (string) normal
UDP profile; name of built-in or else AS3 pointer
remark (reference)
serverTLS (object)
AS3 pointer to TLS Server declaration
snat (string | object) auto
Name of built-in SNAT method or AS3 pointer to SNAT pool. If ‘self’ virtual-server address will be used as SNAT address
translateClientPort (boolean) false
If true, hide client’s port number from server (default false)
translateServerAddress (boolean) true
If true (default), make server-side connection to server address (otherwise, treat server as gateway to virtual-server address)
translateServerPort (boolean) true
If true (default), make server-side connection to server port (otherwise, connect to server on virtual-server port)
virtualAddresses (array)
Virtual server will listen to each IP address in list. To accept connections only from certain subnet(s), replace IP address with array [IP-address, accept-from-subnet]
virtualPort (integer)

SNAT_Pool

Declares a list of SNAT addresses

Properties:

Name (Type) Default Values Description
class (string)
SNAT_Pool
label (reference)
remark (reference)
snatAddresses (array)
List of SNAT addresses– may include both IPv4 and IPv6

TCP_Profile

No description provided

Properties:

Name (Type) Default Values Description
abc (boolean) true
If true (default), congestion window will be adjusted per rfc3465
ackOnPush (boolean) true
If true (default), segments with PSH flag set will be acknowledged immediately
autoProxyBufferSize (boolean) true
If true (default), proxy buffer size will be adjusted automatically to optimize throughput
autoReceiveWindowSize (boolean) true
If true (default), receive window size will be adjusted automatically to optimize throughput
autoSendBufferSize (boolean) true
If true (default), send buffer size will be adjusted automatically to optimize throughput
class (string)
TCP_Profile
closeWaitTimeout (integer) 5
Number of seconds (default 5) connection will remain in LAST-ACK state before exiting. Value -1 means indefinite, limited by maximum retransmission timeout
congestionControl (string) woodside cdg, chd, cubic, high-speed, illinois, new-reno, none, reno, scalable, vegas, westwood, woodside Selects TCP congestion-control algorithm (default ‘woodside’)
congestionMetricsCache (boolean) true
If true (default), congestion metrics may be cached to inform the congestion control algorithm
congestionMetricsCacheTimeout (integer) 0
Number of seconds for which entries in the congestion metrics cache are valid (default 0 means use system default)
deferredAccept (boolean) false
If true, ADC will defer allocating resources to a connection until some payload data has arrived from the client (default false). This may help minimize the impact of certain DoS attacks but adds undesirable latency under normal conditions. Note: ‘deferredAccept’ is incompatible with server-speaks-first application protocols
delayedAcks (boolean) true
If true (default), multiple adjacent ACK responses may be coalesced
delayWindowControl (boolean) false
If true, queueing delay as well as packet loss will be used to estimate congestion (default false)
dsack (boolean) false
If true, rfc2883 duplicate selective-acknowledgements extension will be used (default false). Do not enable this option unless you are certain all peers support D-SACK
earlyRetransmit (boolean) true
If true (default), rfc5827 Early Retransmit recovery may be used
ecn (boolean) true
If true (default), explicit congestion notification (ECN) flags (CWR, ECE) may be sent to peers
enhancedLossRecovery (boolean) true
If true (default), Selective ACK data will be used to increase throughput
fastOpen (boolean) true
If true (default), the TCP Fast Open protocol extension may be used to reduce latency by sending payload data with initial SYN
fastOpenCookieExpiration (integer) 21600
Sets maximum lifetime in seconds (default 21600 = six hours) of TCP Fast Open cookies
finWait2Timeout (integer) 300
Number of seconds (default 300) connection will remain in LAST-ACK state before closing. Value -1 means indefinite, limited by maximum retransmission timeout
finWaitTimeout (integer) 5
Number of seconds (default 5) connection will remain in FIN-WAIT-1 or closing state before exiting. Value -1 means indefinite, limited by maximum retransmission timeout
idleTimeout (integer) 300
Number of seconds (default 300; may not be 0) connection may remain idle before it becomes eligible for deletion. Value -1 (not recommended) means infinite
initCwnd (integer) 16
Sets the initial congestion-window size (default 16) in multiples of MSS (not in octets)
initRwnd (integer) 16
Sets the initial receive-window size (default 16) in multiples of MSS (not in octets)
ipDfMode (string) pmtu clear, pmtu, preserve, set Controls DF (Don’t Fragment) flag in outgoing packets. Value ‘pmtu’ (default) sets DF based on IP PMTU value. Value ‘preserve’ copies DF from received packets. Value ‘set’ forces DF true in all outgoing packets. Value ‘clear’ forces DF false in all outgoing packets
ipTosToClient (integer | string) 0
Specifies the IP DSCP/TOS value in packets sent to clients (default 0). Numeric values in this property are decimal representations of eight-bit numbers, of which the leftmost six bits are the DSCP per rfc2474 (and the rightmost two bits are used for congestion signaling when ‘ecn’ is true). You may have to calculate the value of this property by multiplying a DSCP code, such as CS5+EF = 46, by four to obtain the proper ‘ipTosToClient’ value, such as 184. Value ‘pass-through’ sets DSCP from the initial server-side value. Value ‘mimic’ copies DSCP from the most-recently received server-side packet (allowing DSCP to vary during the life of a connection)
keepAliveInterval (integer) 1800
Number of seconds (default 1800) between keep-alive probes
label (reference)
limitedTransmit (boolean) true
When true (default), rfc3042 limited transmit recovery scheme may be used
linkQosToClient (integer | string) 0
Specifies the Layer-2 QOS code in packets sent to clients (default 0). Ethernet-type networks recognize codes from 0 to 7. Value ‘pass-through’ sets QOS from the initial server-side value
maxRetrans (integer) 8
Sets maximum number of times a segment may be retransmitted (default 8)
maxSegmentSize (integer) 0
Sets MSS advertised to peer. Value 0 (default) will set MSS automatically in proportion to interface MTU. Default 0 is usually the best choice
md5Signature (boolean) false
If true, TCP headers will be signed using MD5 per rfc2385 (default false)
md5SignaturePassphrase (object)
Passphrase from which key for MD5 signatures (MACs) will be derived when ‘md5signature’ is true
minimumRto (integer) 1000
Minimum retransmission timeout in milliseconds (default 1000)
mptcp (string) disable disable, enable, passthrough Value ‘disable’ (default) excludes use of Multipath TCP (MPTCP) through virtual server. Value ‘enable’ means virtual server will accept and participate in MPTCP connections. Value ‘passthrough’ means MPTCP packets may pass through virtual server
mptcpCsum (boolean) false
If true, MPTCP checksums will be calculated (default false)
mptcpCsumVerify (boolean) false
If true, MPTCP checksums will be verified (default false)
mptcpFallback (string) reset accept, active-accept, reset, retransmit Selects action on fallback from MPTCP to ordinary TCP
mptcpFastJoin (boolean) false
If true, data may be sent with MP_JOIN SYN packet, reducing connection latency (default false)
mptcpIdleTimeout (integer) 300
Number of seconds (default 300) connection may remain idle before it becomes eligible for deletion
mptcpJoinMax (integer) 5
Limit on number of subflows which may be joined to MPTCP connection (default 5)
mptcpMakeAfterBreak (boolean) false
If true, additional subflows may be added during ‘mptcpTimeout’ period even if ADC is not currently handling an active connection (default false)
mptcpNoJoinDssAck (boolean) false
If true, no DSS option will sent with MP_JOIN ACK packet (default false)
mptcpRetransmitMin (integer) 1000
Minimum value in milliseconds (default 1000) of MPTCP retransmission timer
mptcpRtoMax (integer) 5
Maximum number of retransmission timeouts which may occur before a subflow is declared dead
mptcpSubflowMax (integer) 6
Maximum number of subflows per connection (default 6)
mptcpTimeout (integer) 3600
Number of seconds (default 3600) after which MPTCP session with no active flow may be expunged
nagle (string) auto disable, enable, auto Value ‘enable’ means to use Nagle’s algorithm to minimize the transmission of short TCP segments (note: Nagle’s algorithm yields undesirable results with many application protocols). Value ‘auto’ (default) means the ADC will choose automatically whether to enable Nagle’s algorithm. Value ‘disable’ averts application of Nagle’s algorithm
pktLossIgnoreBurst (integer) 0
Modulates use of congestion control when multiple packets are lost. Value 0 (default) means to perform congestion control if any packets are lost. Higher values increase tolerance for lost packets before signaling congestion
pktLossIgnoreRate (integer) 0
Sets threshold of packet loss rate (lost-packets/million-packets) above which congestion control is performed. Value 0 (default) means to perform congestion control if any packets are lost. Higher values increase tolerance for lost packets before signaling congestion
proxyBufferHigh (integer) 262144
Receive window will be closed when number of octets in proxy buffer rises above this value
proxyBufferLow (integer) 196608
Receive window will be opened when number of octets in proxy buffer falls below this value
proxyMSS (boolean) true
If true (default), the MSS value advertised on the server side will match that negotiated with the client, if permitted by MTU and other constraints
proxyOptions (boolean) false
If true, TCP options such as timestamp advertised on the server side will match those negotiated with client (default false)
pushFlag (string) auto auto, default, none, one Controls when ADC sets PSH flag in outbound TCP segments. Limiting the sending of segments with PSH improves performance. Value ‘auto’ (recommended) sets PSH according to a system algorithm optimal in most cases. Value ‘default’ (not recommended) sets the PUSH flag in every segment which happens to empty the send buffer. Value ‘none’ prevents use of the PSH flag, and ‘one’ means PSH is set only when FIN is, at the end of a connection
ratePace (boolean) true
If true (default), system will automatically pace rate of data transmission to optimize throughput
ratePaceMaxRate (integer) 0
Limit maximum data-transmission rate in octets/second to this value when ‘ratePace’ is true. Default 0 means choose maximum rate automatically
receiveWindowSize (integer) 131072
Maximum size of receive window (octets, default 131072)
remark (reference)
resetOnTimeout (boolean) true
If true (default), connections which time out will be reset (that is, an RST packet will be sent to the peer) before they are expunged. Value false is not recommended
retransmitThreshold (integer) 3
 
selectiveAcks (boolean) true
If true (default), rfc2018 Selective Acknowledgements will be negotiated with peers
selectiveNack (boolean) false
If true, Selective Negative Acknowledgements will be negotiated with peers (default false)
sendBufferSize (integer) 262144
Maximum size of send buffer (octets, default 262144)
slowStart (boolean) true
If true (default), initial window size will be adjusted per rfc3390. This generally makes connections start more quickly, NOT more slowly
synCookieEnable (boolean) true
If true (default), SYN cookies may be used to avert connection-table overflow (for example, from DoS attacks)
synCookieWhitelist (boolean) false
If true, after a client responds successfully to a SYN cookie challenge, additional connection requests from that client will be accepted without challenge for 30 seconds (default false)
synMaxRetrans (integer) 3
Maximum number of times SYN is retransmitted when no SYN+ACK is received (default 3)
synRtoBase (integer) 3000
Number of milliseconds (default 3000) to which SYN retransmission timer is set initially. The timer is adjusted after each retransmission to implement binary-exponential-backoff
tailLossProbe (boolean) true
If true (default), Tail Loss Probe scheme will be used to reduce retransmission timeouts
tcpOptions (array)
Selects which TCP Option values will be captured for reference by iRules
timestamps (boolean) true
If true (default and recommended), rfc1323 timestamps will be enabled
timeWaitRecycle (boolean) true
If true (default), connection resources will be reused immediately when a SYN is received during the TIME-WAIT period
timeWaitTimeout (integer) 2000
Number of milliseconds (default 2,000) connection will remain in TIME-WAIT state before closing. Value -1 means indefinite
ttlIPv4 (integer) 255
TTL to be set in outgoing IPv4 packets
ttlIPv6 (integer) 64
TTL to be set in outgoing IPv6 packets
ttlMode (string) proxy decrement, preserve, proxy, set Controls IP TTL in outgoing packets. Value ‘set’ forces TTL to value of property ‘ttlIPv4’ or ‘ttlIPv6’ as appropriate. Value ‘proxy’ (default) forces TTL to the default value for IPv4 or IPv6 as appropriate. Value ‘preserve’ copies TTL from received packet. Value ‘decrement’ sets TTL to one less than received packet’s TTL
verifiedAccept (boolean) false
If true, a server-side connection must be established before a corresponding client-side connection is accepted (default false). Value ‘true’ is incompatible with iRules
zeroWindowTimeout (integer) 20000
Number of milliseconds (default 20,000) connection will persist with window-size of zero (effective timeout is value rounded up to the nearest multiple of 5000). Value -1 means indefinite

Tenant

Declares a Tenant

Properties:

Name (Type) Default Values Description
class (string)
Tenant
constants (reference)
controls (reference)
defaultRouteDomain (integer) 0
Selects the default route domain for IP traffic to and from this Tenant’s application resources (note: affects declared IP addresses which do not include a %RD route-domain specifier). You must choose an existing route domain–this option cannot create one. Route domain 0 (default) is always available
enable (boolean) true
Tenant handles traffic only when enabled (default)
label (reference)
remark (reference)
Shared (reference)
verifiers (object)
Data (in ‘key’:’value’ properties) used to verify automated tests. Ordinary declarations do not need this

TLS_Client

TLS client parameters (connections leaving ADC)

Properties:

Name (Type) Default Values Description
ciphers (string) DEFAULT
Ciphersuite selection string
class (string)
TLS_Client
clientCertificate (string)
AS3 pointer to client Certificate declaration (optional)
ignoreExpired (boolean) false
If false (default) drop connection if server certificate has expired
ignoreUntrusted (boolean) false
If false (default) drop connection if server certificate is untrusted
label (reference)
remark (reference)
sendSNI (string) none
FQDN to send in SNI (optional)
serverName (string) none
FQDN which server certificate must match (optional)
sessionTickets (boolean) false
If false (default) do not use rfc5077 session tickets
trustCA (string)
CA’s trusted to validate server certificate; ‘generic’ (default) or else AS3 pointer to declaration of CA Bundle
validateCertificate (boolean) false
If false (default) accept any cert from server, else validate server cert against trusted CA bundle

TLS_Server

TLS server parameters (connections arriving to ADC)

Properties:

Name (Type) Default Values Description
authenticationFrequency (string) one-time one-time, every-time Client certificate authentication frequency
authenticationInviteCA (object)
AS3 pointer to declaration of CA Bundle used to invite client certificates
authenticationMode (string) ignore ignore, request, require Client certificate authentication mode
authenticationTrustCA (object)
AS3 pointer to declaration of CA Bundle used to validate client certificates
certificates (array)
Primary and (optional) additional certificates (order is significant, element 0 is primary cert)
ciphers (string) DEFAULT
Ciphersuite selection string
class (string)
TLS_Server
label (reference)
remark (reference)
requireSNI (boolean) false
When client sends no or unknown SNI and Require SNI is false (default) primary certificate will be used, otherwise client will be rejected

UDP_Profile

No description provided

Properties:

Name (Type) Default Values Description
allowNoPayload (boolean) false
When true, forward UDP datagrams with empty payloads (default false)
bufferMaxBytes (integer) 655350
Limit to number of octets which may be buffered for a UDP flow (default 655350)
bufferMaxPackets (integer) 0
Limit to number of packets which may be buffered for a UDP flow (default 0)
class (string)
UDP_Profile
datagramLoadBalancing (boolean) false
When true, process UDP datagrams independently, without recognizing flows (default false)
idleTimeout (integer) 60
Number of seconds (default 60) flow may remain idle before it becomes eligible for deletion. Value 0 allows system to recover per-flow resources whenever convenient (always safe with UDP). Value -1 means indefinite (not recommended)
ipDfMode (string) pmtu clear, pmtu, preserve, set Controls DF (Don’t Fragment) flag in outgoing datagrams. Value ‘pmtu’ (default) sets DF based on IP PMTU value. Value ‘preserve’ copies DF from received datagram. Value ‘set’ forces DF true in all outgoing datagrams. Value ‘clear’ forces DF false in all outgoing datagrams
ipTosToClient (integer | string) 0
Specifies the IP TOS/DSCP value in packets sent to clients (default 0). Numeric values in this property are decimal representations of eight-bit numbers, of which the leftmost six bits are the DSCP code per rfc2474 (and the rightmost two bits are reserved). You may have to calculate the value of this property by multiplying a DSCP code, such as CS5+EF = 46, by four, to obtain the ‘ipTosToClient’ value, such as 184. Value ‘pass-through’ sets DSCP from the initial server-side value. Value ‘mimic’ copies DSCP from the most-recently received server-side packet (allowing DSCP to vary during the life of a connection)
label (reference)
linkQosToClient (integer | string) 0
Specifies the Layer-2 QOS value in packets sent to clients (default 0). Ethernet-type networks recognize numeric codes from 0 to 7. Value ‘pass-through’ sets QOS from the initial server-side value
proxyMSS (boolean) false
When true, MSS advertised on the server side will match that negotiated with the client, if permitted by MTU and other constraints (default false)
remark (reference)
ttlIPv4 (integer) 255
TTL to be set in outgoing IPv4 datagrams
ttlIPv6 (integer) 64
TTL to be set in outgoing IPv6 datagrams
ttlMode (string) proxy decrement, preserve, proxy, set Controls IP TTL in outgoing datagrams. Value ‘set’ forces TTL to value of property ‘ttlIPv4’ or ‘ttlIPv6’ as appropriate. Value ‘proxy’ forces TTL to the default value for IPv4 or IPv6 as appropriate. Value ‘preserve’ copies TTL from received datagram. Value ‘decrement’ sets TTL to one less than received datagrams’s TTL
useChecksum (boolean) false
When true, system will validate UDP checksums for IPv4 datagrams (default false). Checksums are always validated for IPv6