ltm global-settings connection

ltm global-settings connectionBIG-IP TMSH Manltm global-settings connection(1)



NAME
       connection - Configures the global settings that pertain to connections
       for the BIG-IP(r) and VIPRION(r) local traffic management systems.

MODULE
       ltm global-settings

SYNTAX
       Configure the connection component within the ltm global-settings
       module using the syntax shown in the following sections.

   MODIFY
	modify connection
	  options:
	    adaptive-reaper-hiwater [integer]
	    adaptive-reaper-lowater [integer]
	    auto-last-hop [disabled | enabled]
	    default-vs-syn-challenge-threshold [infinite | integer]
	    global-flow-eviction-policy [name]
	    global-syn-challenge-threshold [infinite | integer]
	    syncookies-threshold [integer]
	    vlan-keyed-conn [disabled | enabled]
	    vlan-syn-cookie [disabled | enabled]

   DISPLAY
	list connection
	list connection [option name]
	show running-config connection
	show running-config connection [option name]
	  options:
	    all-properties
	    non-default-properties
	    one-line

DESCRIPTION
       You can use the connection component to modify how the system processes
       connections.

EXAMPLES
       modify connection auto-last-hop disabled
	    Specifies that the system does not automatically map the last hop
	    for pools.

       list connection
	    Displays the global settings for how the system processes
	    connections.

OPTIONS
       adaptive-reaper-hiwater
	    *IMPORTANT* This command has been deprecated (as of 11.6.0).
	    Please use ltm eviction-policy instead.  Specifies, in a
	    percentage, the memory usage at which the system stops
	    establishing new connections. Once the system meets the reaper
	    high-water mark, the system does not establish new connections
	    until the memory usage drops below the reaper low-water mark. The
	    adaptive reaper settings help mitigate the effects of a denial-of-
	    service attack.

	    The available range is 85 - 100. The default value is 95. To
	    disable the adaptive reaper, set the high-water mark to 100.

       adaptive-reaper-lowater
	    *IMPORTANT* This command has been deprecated (as of 11.6.0).
	    Please use ltm eviction-policy instead.  Specifies, in percent,
	    the memory usage at which the system silently purges stale
	    connections, without sending reset packets (RST) to the client. If
	    the memory usage remains above the low-water mark after the purge,
	    then the system starts purging established connections closest to
	    their service timeout.

	    The available range is 70 - 100. The default value is 85. To
	    disable the adaptive reaper, set the low-water mark to 100.

       auto-last-hop
	    Specifies that the system automatically maps the last hop for
	    pools. The default value is enabled.

       default-vs-syn-challenge-threshold
	    Specifies the default value of per-virtual server SYN Cookie
	    activation threshold per chassis. The default value is infinite.
	    The valid range is 128 - 1024K or infinite (encoded as 0).

       global-flow-eviction-policy
	    Specifies the flow eviction policy to use when approaching memory
	    usage limits. The settings in the policy determine the adaptive
	    reaper high and low water marks, and help determine which client
	    connections to terminate when memory limits have exceeded the
	    "low-water" threshold in the eviction policy. The settings help
	    mitigate the effects of a denial-of-service attack.

       global-syn-challenge-threshold
	    Specifies the default value of the global SYN Cookie activation
	    threshold per TMM. The default value is 64K. The valid range is
	    2048 - 4096K or infinite (encoded as 0).

       syncookies-threshold
	    This option is deprecated in version 13.0.0 and is replaced by
	    default-vs-syn-challenge-threshold.  Specifies the number of new
	    or untrusted TCP connections that can be established before the
	    system activates the SYN Cookies authentication method for
	    subsequent TCP connections. The default value is 16384.

       vlan-keyed-conn
	    Enables or disables VLAN-keyed connections. You use VLAN-keyed
	    connections when traffic for the same connection must pass through
	    the system several times, on multiple pairs of VLANs (or in
	    different VLAN groups). The default value is enabled.

       vlan-syn-cookie
	    Enables or disables the hardware per-VLAN SYN cookie protection on
	    platforms with supported firmware.	The default value is enabled.

SEE ALSO
       list, ltm node, modify, show, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2009-2010, 2013, 2016. All rights
       reserved.



BIG-IP				  2016-09-06 ltm global-settings connection(1)