ltm global-settings traffic-control
ltm global-settings traffic-control(1) BIG-IP TMSH Manual ltm global-settings traffic-control(1)
NAME
traffic-control - Configures the global settings that pertain to traffic control for the BIG-IP(r) and VIPRION(r) local
traffic management systems.
MODULE
ltm global-settings
SYNTAX
Configure the traffic-control component within the ltm global-settings module using the syntax shown in the following
sections.
MODIFY
modify traffic-control
options:
accept-ip-options [disabled | enabled]
accept-ip-source-route [disabled | enabled]
allow-ip-source-route [ disabled | enabled]
continue-matching [ disabled | enabled]
max-icmp-rate [integer value: 0 ~ 2147483647]
max-reject-rate [ integer value: 1 ~ 1000]
max-reject-rate-timeout [ integer value: 0 ~ 300]
min-path-mtu [ integer value: 68 ~ 1500]
path-mtu-discovery [disabled | enabled]
port-find-linear [ integer value: 0 ~ 61439]
port-find-random [ integer value: 0 ~ 1024]
port-find-threshold-warning [disabled | enabled]
port-find-threshold-trigger [integer value: 1 ~ 12]
port-find-threshold-timeout [integer value: 0 ~ 300]
reject-unmatched [ disabled | enabled]
DISPLAY
list traffic-control
list traffic-control [option name]
show running-config traffic-control
show running-config traffic-control [option name]
options:
all-properties
non-default-properties
one-line
DESCRIPTION
You can use the traffic-control component to modify how the system processes local traffic.
EXAMPLES
modify traffic-control accept-ip-options enabled
Specifies that the system accepts IPv4 packets with IP options.
list traffic-control
Displays the local traffic control global settings.
OPTIONS
accept-ip-options
Specifies whether the system accepts IPv4 packets with IP options. The default value is disabled.
accept-ip-source-route
Specifies whether the system accepts IPv4 packets with IP source route options that are destined for Traffic
Management Microkernel (TMM). The default value is disabled.
To enable this option, you must also enable the accept-ip-options option.
allow-ip-source-route
Specifies whether the system allows IPv4 packets with IP source route options enabled to be routed through Traffic
Management Microkernel (TMM). The default value is disabled.
To enable this option, you must also enable the accept-ip-options option.
continue-matching
Specifies whether the system matches against a less-specific virtual server when the more-specific one is disabled.
When continue-matching is disabled, the default value, the system drops connections that request a disabled virtual
server. In this case, the system rejects or drops packets depending on the value of the reject-unmatched option.
max-icmp-rate
Specifies the maximum rate per second at which the system issues Internet Control Message Protocol (ICMP) errors. The
default value is 100 errors per second. The range is from 0 (zero) to 2147483647 errors per second. This option is
useful for preventing ICMP-message storms.
max-reject-rate
Specifies the maximum rate per second at which the system issues reject packets (TCP RST or ICMP port unreach). The
default value is 250 per second. The range is from 1 to 1000 per second.
max-reject-rate-timeout
Specifies the time in seconds which the system ignores icmp port unreach and tcp rst ratelimits on becoming active
after a failover. The default value is 30 seconds. The range is from 0 to 300 seconds.
min-path-mtu
Specifies the minimum packet size that can traverse the path without suffering fragmentation, also known as path
Maximum Transmission Unit(MTU). The default value is 296. The range is from 68 to 1500.
path-mtu-discovery
Specifies, when enabled, that the system discovers the maximum transmission unit (MTU) that it can send over a path,
without fragmenting TCP packets. The default value is enabled.
port-find-linear
Specifies the maximum of ports to linearly search for outbound connections. The default value is 16. The range is from
0 to 61439.
port-find-random
Specifies the maximum of ports to randomly search for outbound connections. The default value is 16. The range is from
0 to 1024.
port-find-threshold-warning
Specifies if the ephemeral port-exhaustion threshold warning is to be monitored. The default is enabled.
port-find-threshold-trigger
Specifies the threshold warning's trigger which is the value of random port attempts when attempting to find an unused
outbound port for a connection. The default is 8. The valid range is 1 - 12.
port-find-threshold-timeout
Specifies the threshold warning's timeout. This is the time in seconds since the last trigger value was hit and will
drop the tuple if not hit. The default is 30 (1/2 minute) with range from 0 - 300.
reject-unmatched
Specifies, when enabled, that the system returns a TCP RESET or ICMP_UNREACH packet if no virtual servers on the
system match the destination address of the incoming packet. When this option is disabled, the system silently drops
the unmatched packet. The default value is enabled.
SEE ALSO
list, ltm node, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2013, 2015-2016. All rights reserved.
BIG-IP 2016-03-14 ltm global-settings traffic-control(1)