ltm profile pcp
ltm profile pcp(1) BIG-IP TMSH Manual ltm profile pcp(1)
NAME
pcp - Configures a PCP profile.
MODULE
ltm profile
SYNTAX
CREATE/MODIFY
create pcp [name]
modify pcp [name]
options:
announce-after-failover [ enabled | disabled ]
announce-multicast [integer]
app-service [[string] | none]
defaults-from [ [name] | none]
description [string]
map-filter-limit [integer]
map-limit-per-client [integer]
map-recycle-delay [integer]
max-mapping-lifetime [integer]
min-mapping-lifetime [integer]
rule [[rule_name] | none]
third-party-allowed-subnets
[add | delete | replace-all-with] {
[ip address/prefix length] ...
}
third-party-option [ enabled | disabled ]
edit pcp [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list pcp
list pcp [ [ [name] | [glob] | [regex] ] ... ]
show running-config pcp
show running-config pcp
[ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
show pcp
show pcp [ [ [name] | [glob] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
DELETE
delete pcp [name]
DESCRIPTION
You can use the pcp component to specify Port Control Protocol attributes for a profile that can be used in an LSN pool.
EXAMPLES
create pcp my_pcp_profile defaults-from pcp
Creates a custom PCP profile named my_pcp_profile that inherits its settings from the system default pcp profile.
list pcp all-properties
Displays all properties for all PCP profiles.
OPTIONS
app-service
Specifies the name of the application service to which the profile belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot modify or
delete the profile. Only the application service can modify or delete the profile.
defaults-from
Specifies the profile that you want to use as the parent profile. Your new profile inherits all settings and values
from the parent profile specified. The default value is pcp, a profile that is shipped in the software.
description
User defined description.
announce-after-failover
Specifies that the BIG-IP software should send an unsolicited ANNOUNCE response to all PCP clients when there is a
failover. The unsolicited ANNOUNCE response goes over a link-local multi-cast address, and it contains a new EPOCH
time. This signals to the PCP clients that they should renew all of their active mappings.
announce-multicast
Whenever the BIG-IP system reboots, or if there is any possibility that the system lost its PCP-mapping state, it
sends an unsolicited ANNOUNCE response to all of its PCP clients. It sends the response over a link-local multi-cast
address, and it contains a new EPOCH time. The PCP clients react by renewing all of their active IP mappings. To
compensate for possible packet loss (since the multi-cast address is link-local), you can use this property to set the
number of multi-cast re-sends. Default is 10 re-sends.
map-filter-limit
A PCP client can request a "filter" for a mapping entry, where the filter limits the number of external endpoints that
can use the IP map. The filter request contains the particular IP address and port for the endpoint (or subnet of
endpoints), as well as a prefix length. Enter the maximum number of filters (allowed subnets) that clients are allowed
to set for each PCP mapping. Default is 1.
map-limit-per-client
Specifies the maximum number of PCP mappings per client. Default is 65535 (unlimited).
Use run util lsndb to see the currently-active set of PCP mappings on the system. See "util lsndb" for details on the
LSN DB utility.
map-recycle-delay
After a IP mapping times out (that is, its lifetime expires), there is a further delay before the public-side address
and port can be used by another PCP client. Use this property to set the recycle delay. Default is 60 (seconds).
Use run util lsndb to see the currently-active set of PCP mappings on the system. See "util lsndb" for details on the
LSN DB utility.
max-mapping-lifetime
When a PCP client requests an IP mapping from a BIG IP system, it also requests a "lifetime" for the mapping. The
mapping expires at the end of that lifetime. This property is the maximum number of seconds allowed for a mapping
lifetime. Default is 86400 (seconds), or 1 day.
Use run util lsndb to see the currently-active set of PCP mappings on the system. See "util lsndb" for details on the
LSN DB utility.
min-mapping-lifetime
Specifies the minimum number of seconds allowed for a mapping lifetime. Default is 600 (seconds), or 10 minutes.
Use run util lsndb to see the currently-active set of PCP mappings on the system. See "util lsndb" for details on the
LSN DB utility.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at sign (@[regular
expression]) to indicate that the identifier is a regular expression. See help regex (regex) for a description of
regular expression syntax.
rule Specifies the iRule that is associated with this pcp profile. An iRule can read packets and possibly filter them based
on whatever programming logic you design. For example, an iRule could reject all PCP mapping requests using a
specific port, or pass an ANNOUNCE request through a specific port. An iRule gives you the flexibility to filter,
process, or log the PCP packets that fit this profile.
Select an iRule from the menu of existing iRules. To create a new one, use the create ltm rule command (see "ltm
rule").
third-party-allowed-subnets
Specifies the PCP clients that can make MAP requests on behalf of other clients. Enter a collection of IP prefixes
(IPv4 or IPv6) with their prefix lengths. If a PCP client outside of any of these subnets attempts a PCP mapping, the
BIG-IP software rejects the mapping.
You can shorten any IPv6 addresses as defined in RFC 2373 (see ).
This list is only used if the third-party-option is also enabled.
If the list is empty and the third-party-option is enabled, any PCP client can create mappings for third parties.
third-party-option
Allows PCP clients to make MAP requests on behalf of other clients, using the THIRD_PARTY flag in the PCP request. You
can set this property to enabled or disabled. If you enable this property, we recommend using the third-party-subnets
option to limit the the clients that can use the THIRD_PARTY flag; it is a potential security risk. The default is
disabled.
SEE ALSO
create, delete, edit, list, ltm lsn-pool, modify, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012-2013, 2016. All rights reserved.
BIG-IP 2016-03-14 ltm profile pcp(1)