ltm global-settings connection
ltm global-settings connectionBIG-IP TMSH Manltm global-settings connection(1)
NAME
connection - Configures the global settings that pertain to connections
for the BIG-IP(r) and VIPRION(r) local traffic management systems.
MODULE
ltm global-settings
SYNTAX
Configure the connection component within the ltm global-settings
module using the syntax shown in the following sections.
MODIFY
modify connection
options:
adaptive-reaper-hiwater [integer]
adaptive-reaper-lowater [integer]
auto-last-hop [disabled | enabled]
default-vs-syn-challenge-threshold [infinite | integer]
global-flow-eviction-policy [name]
global-syn-challenge-threshold [infinite | integer]
syncookies-threshold [integer]
vlan-keyed-conn [disabled | enabled]
vlan-syn-cookie [disabled | enabled]
DISPLAY
list connection
list connection [option name]
show running-config connection
show running-config connection [option name]
options:
all-properties
non-default-properties
one-line
DESCRIPTION
You can use the connection component to modify how the system processes
connections.
EXAMPLES
modify connection auto-last-hop disabled
Specifies that the system does not automatically map the last hop
for pools.
list connection
Displays the global settings for how the system processes
connections.
OPTIONS
adaptive-reaper-hiwater
*IMPORTANT* This command has been deprecated (as of 11.6.0).
Please use ltm eviction-policy instead. Specifies, in a
percentage, the memory usage at which the system stops
establishing new connections. Once the system meets the reaper
high-water mark, the system does not establish new connections
until the memory usage drops below the reaper low-water mark. The
adaptive reaper settings help mitigate the effects of a denial-of-
service attack.
The available range is 85 - 100. The default value is 95. To
disable the adaptive reaper, set the high-water mark to 100.
adaptive-reaper-lowater
*IMPORTANT* This command has been deprecated (as of 11.6.0).
Please use ltm eviction-policy instead. Specifies, in percent,
the memory usage at which the system silently purges stale
connections, without sending reset packets (RST) to the client. If
the memory usage remains above the low-water mark after the purge,
then the system starts purging established connections closest to
their service timeout.
The available range is 70 - 100. The default value is 85. To
disable the adaptive reaper, set the low-water mark to 100.
auto-last-hop
Specifies that the system automatically maps the last hop for
pools. The default value is enabled.
default-vs-syn-challenge-threshold
Specifies the default value of per-virtual server SYN Cookie
activation threshold per chassis. The default value is infinite.
The valid range is 128 - 1024K or infinite (encoded as 0).
global-flow-eviction-policy
Specifies the flow eviction policy to use when approaching memory
usage limits. The settings in the policy determine the adaptive
reaper high and low water marks, and help determine which client
connections to terminate when memory limits have exceeded the
"low-water" threshold in the eviction policy. The settings help
mitigate the effects of a denial-of-service attack.
global-syn-challenge-threshold
Specifies the default value of the global SYN Cookie activation
threshold per TMM. The default value is 64K. The valid range is
2048 - 4096K or infinite (encoded as 0).
syncookies-threshold
This option is deprecated in version 13.0.0 and is replaced by
default-vs-syn-challenge-threshold. Specifies the number of new
or untrusted TCP connections that can be established before the
system activates the SYN Cookies authentication method for
subsequent TCP connections. The default value is 16384.
vlan-keyed-conn
Enables or disables VLAN-keyed connections. You use VLAN-keyed
connections when traffic for the same connection must pass through
the system several times, on multiple pairs of VLANs (or in
different VLAN groups). The default value is enabled.
vlan-syn-cookie
Enables or disables the hardware per-VLAN SYN cookie protection on
platforms with supported firmware. The default value is enabled.
SEE ALSO
list, ltm node, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2010, 2013, 2016. All rights
reserved.
BIG-IP 2016-09-06 ltm global-settings connection(1)