ltm global-settings traffic-control
ltm global-settings traffic-coBIG-IP1TMSltmaglobal-settings traffic-control(1)
NAME
traffic-control - Configures the global settings that pertain to
traffic control for the BIG-IP(r) and VIPRION(r) local traffic
management systems.
MODULE
ltm global-settings
SYNTAX
Configure the traffic-control component within the ltm global-settings
module using the syntax shown in the following sections.
MODIFY
modify traffic-control
options:
accept-ip-options [disabled | enabled]
accept-ip-source-route [disabled | enabled]
allow-ip-source-route [ disabled | enabled]
continue-matching [ disabled | enabled]
max-icmp-rate [integer value: 0 ~ 2147483647]
max-reject-rate [ integer value: 1 ~ 1000]
max-reject-rate-timeout [ integer value: 0 ~ 300]
min-path-mtu [ integer value: 68 ~ 1500]
path-mtu-discovery [disabled | enabled]
port-find-linear [ integer value: 0 ~ 61439]
port-find-random [ integer value: 0 ~ 1024]
port-find-threshold-warning [disabled | enabled]
port-find-threshold-trigger [integer value: 1 ~ 12]
port-find-threshold-timeout [integer value: 0 ~ 300]
reject-unmatched [ disabled | enabled]
DISPLAY
list traffic-control
list traffic-control [option name]
show running-config traffic-control
show running-config traffic-control [option name]
options:
all-properties
non-default-properties
one-line
DESCRIPTION
You can use the traffic-control component to modify how the system
processes local traffic.
EXAMPLES
modify traffic-control accept-ip-options enabled
Specifies that the system accepts IPv4 packets with IP options.
list traffic-control
Displays the local traffic control global settings.
OPTIONS
accept-ip-options
Specifies whether the system accepts IPv4 packets with IP options.
The default value is disabled.
accept-ip-source-route
Specifies whether the system accepts IPv4 packets with IP source
route options that are destined for Traffic Management Microkernel
(TMM). The default value is disabled.
To enable this option, you must also enable the accept-ip-options
option.
allow-ip-source-route
Specifies whether the system allows IPv4 packets with IP source
route options enabled to be routed through Traffic Management
Microkernel (TMM). The default value is disabled.
To enable this option, you must also enable the accept-ip-options
option.
continue-matching
Specifies whether the system matches against a less-specific
virtual server when the more-specific one is disabled. When
continue-matching is disabled, the default value, the system drops
connections that request a disabled virtual server. In this case,
the system rejects or drops packets depending on the value of the
reject-unmatched option.
max-icmp-rate
Specifies the maximum rate per second at which the system issues
Internet Control Message Protocol (ICMP) errors. The default value
is 100 errors per second. The range is from 0 (zero) to 2147483647
errors per second. This option is useful for preventing ICMP-
message storms.
max-reject-rate
Specifies the maximum rate per second at which the system issues
reject packets (TCP RST or ICMP port unreach). The default value
is 250 per second. The range is from 1 to 1000 per second.
max-reject-rate-timeout
Specifies the time in seconds which the system ignores icmp port
unreach and tcp rst ratelimits on becoming active after a
failover. The default value is 30 seconds. The range is from 0 to
300 seconds.
min-path-mtu
Specifies the minimum packet size that can traverse the path
without suffering fragmentation, also known as path Maximum
Transmission Unit(MTU). The default value is 296. The range is
from 68 to 1500.
path-mtu-discovery
Specifies, when enabled, that the system discovers the maximum
transmission unit (MTU) that it can send over a path, without
fragmenting TCP packets. The default value is enabled.
port-find-linear
Specifies the maximum of ports to linearly search for outbound
connections. The default value is 16. The range is from 0 to
61439.
port-find-random
Specifies the maximum of ports to randomly search for outbound
connections. The default value is 16. The range is from 0 to 1024.
port-find-threshold-warning
Specifies if the ephemeral port-exhaustion threshold warning is to
be monitored. The default is enabled.
port-find-threshold-trigger
Specifies the threshold warning's trigger which is the value of
random port attempts when attempting to find an unused outbound
port for a connection. The default is 8. The valid range is 1 -
12.
port-find-threshold-timeout
Specifies the threshold warning's timeout. This is the time in
seconds since the last trigger value was hit and will drop the
tuple if not hit. The default is 30 (1/2 minute) with range from 0
- 300.
reject-unmatched
Specifies, when enabled, that the system returns a TCP RESET or
ICMP_UNREACH packet if no virtual servers on the system match the
destination address of the incoming packet. When this option is
disabled, the system silently drops the unmatched packet. The
default value is enabled.
SEE ALSO
list, ltm node, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2013, 2015-2016. All rights
reserved.
BIG-IP 2016-0ltm4global-settings traffic-control(1)