ltm message-routing diameter profile session
ltm message-routing diameter profile session(1) BIG-IP TMSH Manual ltm message-routing diameter profile session(1)
NAME
session - Configures a Diameter Session profile.
MODULE
ltm message-routing diameter profile
SYNTAX
Configure the session component within the ltm message-routing diameter profile module using the syntax shown in the
following sections.
CREATE/MODIFY
create session [name]
modify session [name]
options:
acct-application-id [integer]
app-service [[string] | none]
array-acct-application-id [[list of integers] | none]
array-auth-application-id [[list of integers] | none]
array-retransmission-result-codes [[list of integers] | none]
auth-application-id [integer]
defaults-from [[name] | none]
description [string]
dest-host-rewrite [string]
dest-realm-rewrite [string]
disconnect-peer-action [disable | force-offline | none]
dynamic-route-insertion [disabled | enabled]
dynamic-route-lookup [disabled | enabled]
dynamic-route-timeout [integer]
discard-unroutable [disabled | enabled]
egress-critical-message-rate-limit [integer]
egress-major-message-rate-limit [integer]
handshake-timeout [integer]
host-ip-address [disabled | enabled]
ingress-critical-message-rate-limit [integer]
ingress-major-message-rate-limit [integer]
loop-detection [disabled | enabled]
max-message-size [integer]
max-retransmissions [integer]
max-watchdog-failures [integer]
origin-host [string]
origin-host-rewrite [string]
origin-realm [string]
origin-realm-rewrite [string]
egress-critical-message-rate-limit [integer]
persist-avp [string]
persist-timeout [integer]
persist-type [avp | custom | none]
product-name [string]
reset-on-timeout [disabled | enabled]
respond-unroutable [disabled | enabled]
retransmission-action [disabled | busy | unable | retransmit | retransmit-alternate]
retransmission-queue-limit-low [integer]
retransmission-queue-limit-high [integer]
retransmission-queue-max-bytes [integer]
retransmission-queue-max-messages [integer]
retransmission-timeout [integer]
route-unconfigured-peers [disabled | enabled]
vendor-id [integer]
vendor-specific-vendor-id [integer]
vendor-specific-acct-application-id [integer]
vendor-specific-auth-application-id [integer]
watchdog-timeout [integer]
edit session [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
reset-stats session
reset-stats session [ [ [name] | [glob] | [regex] ] ... ]
DISPLAY
list session
list session [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show running-config session
show running-config session [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show session
show session [ [ [name] | [glob] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
DELETE
delete session [name]
DESCRIPTION
You can use the session component to manage a Diameter session profile.
EXAMPLES
create session my_session_profile defaults-from session
Creates a Diameter session profile named my_session_profile using the system defaults.
create session my_session_profile { reset-on-timeout disabled }
Creates a Diameter profile named my_session_profile that will not reset the connection when watchdog failure exceed
maximum-watchdog-failures.
OPTIONS
acct-application-id
Specifies as an integer the Accounting identifier for specific application, as specified in RFC 6733. This value will
be appended at the end of array-acct-application-id in capabilities exchange messages if it doesn't already exist in
it.
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.
array-acct-application-id
Specifies as a whitespace separated list of integers the Accounting identifier(s) for specific application(s), as
specified in RFC 6733.
array-auth-application-id
Specifies as a whitespace separated list of integers the Authentication and Authorization identifier(s) for specific
application(s), as specified in RFC 6733.
array-retransmission-result-codes
Specifies as a whitespace separated list of integers that define result codes that if received in an answer message
will trigger retransmission.
auth-application-id
Specifies as an integer the Authentication and Authorization identifier for specific application, as specified in RFC
6733. This value will be appended at the end of array-auth-application-id in capabilities exchange messages if it
doesn't already exist in it.
defaults-from
Specifies the profile that you want to use as the parent profile. Your new profile inherits all of the settings and
values from the specified parent profile. The default value is diametersession.
description
User defined description.
dest-host-rewrite
Specifies the destination host AVP to which the specified value on the egress will be rewritten.
dest-realm-rewrite
Specifies the destination realm AVP to which the specified value on the egress will be rewritten.
discard-unroutable
When selected (enabled), messages that do not match any known route will be silently discarded. When disabled,
unroutable messages are routed back to the connection where they came from. The default value is enabled.
disconnect-peer-action
Specifies the state of peer based on Disconnect Peer Request received from peer. The default value is none. The
options are:
none Terminates connection on receiving DPR. Connection can be re-established between peer and BIGIP.
disable
A node continues to process persistent and active connections. It can accept new connections only if the
connections belong to an existing persistent session.
force-offline
A node allows existing connections to time out, but no new connections are allowed.
egress-critical-message-rate-limit
If the number of messages egressed to a peer (pool member) in a second exceeds the provided limit, a SNMP trap, The
number of messages sent to a peer is above the critical rate limit threshold, will be sent. If the number of messages
egressed to a peer (pool member) in a second drops below the provided limit, a SNMP trap, The number of messages sent
to a peer is back under the critical rate limit threshold, will be sent. A value of 0 will disable the SNMP trap. The
default value is 0.
egress-major-message-rate-limit
If the number of messages egressed to a peer (pool member) in a second exceeds the provided limit, a SNMP trap, The
number of messages sent to a peer is above the major rate limit threshold, will be sent. If the number of messages
egressed to a peer (pool member) in a second drops below the provided limit, a SNMP trap, The number of messages sent
to a peer is back under the major rate limit threshold, will be sent. A value of 0 will disable the SNMP trap. The
default value is 0.
dynamic-route-insertion
Specifies whether dynamic route insertion is enabled for this Diameter session profile. If enabled, routes will be
added to route incoming messages toward the connected peer, by its origin-host. The default value is disabled.
dynamic-route-lookup
Specifies whether dynamic route lookup is enabled for this Diameter session profile. If enabled, the destination-host
of messages received via this profile will be used to find a route added from connections with dynamic-route-insertion
enabled. The default value is disabled.
dynamic-route-timeout
Specifies how long after a connection is closed will the dynamic route be deleted from the route table. The default
value is 300
glob Displays the items that match the glob expression. See help glob for a description of glob expression syntax.
handshake-timeout
Specifies the number of seconds before the peer handshake times out. The default is 10 seconds.
host-ip-address
Specifies the value that will be used in the Host-IP-Address AVP sent in Capabilities-Exchange-Request and
Capabilities-Exchange-Answer messages. When unset (default), the Diameter router will use the virtual server's IP
address.
ingress-critical-message-rate-limit
If the number of messages received from a peer (pool member) in a second exceeds the provided limit, a SNMP trap, The
number of messages from a peer is above the critical rate limit threshold, will be sent. If the number of messages
received from a peer (pool member) in a second drops below the provided limit, a SNMP trap, The number of messages
from a peer is back under the critical rate limit threshold, will be sent. A value of 0 will disable the SNMP trap.
The default value is 0.
ingress-major-message-rate-limit
If the number of messages received from a peer (pool member) in a second exceeds the provided limit, a SNMP trap, The
number of messages from a peer is above the major rate limit threshold, will be sent. If the number of messages
received from a peer (pool member) in a second drops below the provided limit, a SNMP trap, The number of messages
from a peer is back under the major rate limit threshold, will be sent. A value of 0 will disable the SNMP trap. The
default value is 0.
loop-detection
Specifies whether loop detection will be performed on requests received by this session profile. The default value is
disabled. When set, the Diameter session profile will reject messages that it has already seen. See RFC 6733 section
6.1.3.
max-message-size
Specifies the maximum number of bytes acceptable in a Diameter message. The default value is 0 which indicates that
there is no message size restriction for this session. Note: Message size is also restricted by the database variable
"diameter.message.maxlen"; the smallest value is used as a maximum. Messages exceeding this size are silently
discarded.
max-retransmissions
Specifies the maximum number of retransmissions of a Diameter message. The default value is 0.
max-watchdog-failures
Specifies the maximum number of device watchdog failures that the traffic management system can receive before it
tears down the connection. After the system receives this number of device watchdog failures, it closes the
connection. The default value is 1.
origin-host
Specifies the identifier of the originating server in the form siteserver.f5.com. Must specify the origin-host.
origin-host-rewrite
Specifies the value to rewrite to the Origin-Host AVP on egress.
origin-realm
Specifies the Origin-Realm AVP data. Must specify the origin-realm.
origin-realm-rewrite
Specifies the value to rewrite to the Origin-Realm AVP on egress.
peer-delay-critical-limit
If the average peer delay exceeds the provided limit, a SNMP trap, PeerHealth exceeds critical, will be generated. If
the average peer delay drops below the provided limit, a SNMP trap, PeerHealth back under critical, will be generated.
A value of 0 will disable the SNMP trap. The default value is 0.
persist-avp
Specifies the Diameter AVP that is used for persistence. The format is avp[index] for a single AVP or
a[x]:b[y]:c[z]:d[w] for a grouped AVP. There may be at most 4 AVPs in a group. The AVP name is used as the session-
key; it may be an ASCII string or numeric ID in the range 1 to 4294967295 (AVP code can be specified instead of AVP
name). Note: The default value is "SESSION-ID[0]". A grouped-avp can be specified with the following syntax:
grouped-avp-name[index]:nested-avp1[index1]:nested-avp2[index2], where "nested-avp1" and "nested-avp2" are the AVPs in
the grouped AVP.
persist-timeout
Specifies the timeout value (in seconds) for persistence entries. The default value is 180. Note: Its recommended to
have the persist-timeout to be greater than transaction timeout, specified in the Diameter router configuration, as
the lesser of the two is used when creating the persist record on receiving of the first Diameter request message.
Upon receiving of the response for the first Diameter request message the persistence record is updated with the
persist-timeout value. For any subsequent responses received the persist timeout is updated for the persist record.
persist-type Specifies the type of the persistence. The options are:
avp Persist based on avp in the message.
custom
Persist based on a custom key set using iRule.
none Persistence is disabled.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at sign (@[regular
expression]) to indicate that the identifier is a regular expression. See help regex for a description of regular
expression syntax.
reset-on-timeout
When enabled, the system resets the connection when the number of watchdog failures exceeds the value of max-watchdog-
failures. The default value is enabled.
respond-unroutable
When selected (enabled), messages that do not match any known route will be transformed into an error answer message
and sent to the originator of the request. When disabled, unroutable request messages are routed back to the
connection where they came from. The default value is disabled.
retransmission-action
Specifies the action performed when retransmission has been triggered for a request message. The options are:
disabled
Retransmission is disabled. This is the default action.
busy An answer message is generated with a TOO_BUSY result code and returned to the originator of the request.
unable
An answer message is generated with a UNABLE_TO_DELIVER result code and returned to the originator of the
request.
retransmit
The request message will be retransmitted.
retransmit-alternate
The request message can be retransmitted to a different pool member.
retransmission-queue-limit-high
Specifies the high watermark for the retransmission queue (in percentage). If the retransmission queue exceeds this
limit the transport window will begin closing. A value of 0 will disable closing the transport window. Valid range
from 0 to 100. The default value is 90.
retransmission-queue-limit-low
Specifies the low watermark for the retransmission queue (in percentage). If the retransmission queue drops below this
limit the transport window will reopen. Valid range from 0 to 100. The default value is 60.
retransmission-queue-max-bytes
Specifies the maximum number of bytes that can be stored in a connections retransmission queue. A value of 0 will
disable this limit. The default value is 131072 bytes.
retransmission-queue-max-messages
Specifies the maximum number of messages that can be stored in a connections retransmission queue. A value of 0 will
disable this limit. The default value us 1024 messages.
retransmission-timeout
Specifies the timeout for retransmission of a Diameter request (in seconds). A value of 0 will disable the
retransmission timer. The default value is 10 seconds.
route-unconfigured-peers
When enabled, all connections will be allowed. When disabled, connections from peers whose IP addresses cannot be
found in a statically configured route will be rejected. The default value is enabled.
vendor-id
Specifies the vendor identification number assigned to your diameter server by the Internet Assigned Numbers Authority
(IANA). The default value is 3375.
vendor-specific-vendor-id
Specifies the vendor ID number that will be sent in Vendor-Specific-Application-ID AVPs. A value of 0 disables the
feature. If this value is set, exactly one of either vendor-specific-acct-app-id or vendor-specific-auth-app-id must
also be specified. The default value is 0.
vendor-specific-acct-app-id
Specifies the accounting application ID number that will be sent in Vendor-Specific-Application-ID AVPs. A value of 0
disables the feature. If this value is set, vendor-specific-vendor-id must be set and vendor-specific-auth-app-id
must be unset. The default value is 0.
vendor-specific-auth-app-id
Specifies the authentication/authorization application ID number that will be sent in Vendor-Specific-Application-ID
AVPs. A value of 0 disables the feature. If this value is set, vendor-specific-vendor-id must be set and vendor-
specific-acct-app-id must be unset. The default value is 0.
watchdog-timeout
Specifies the watchdog timeout in seconds. This setting specifies the number of seconds that a connection is idle
before the device watchdog request is sent. A value of 0 means BIG-IP will not send a device watchdog request to
either client or server side. The default value is 10 seconds.
SEE ALSO
create, delete, edit, glob, list, ltm virtual, modify, regex, reset-stats, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2013-2015. All rights reserved.
BIG-IP 2021-01-27 ltm message-routing diameter profile session(1)