ltm profile pcp
ltm profile pcp(1) BIG-IP TMSH Manual ltm profile pcp(1)
NAME
pcp - Configures a PCP profile.
MODULE
ltm profile
SYNTAX
CREATE/MODIFY
create pcp [name]
modify pcp [name]
options:
announce-after-failover [ enabled | disabled ]
announce-multicast [integer]
app-service [[string] | none]
defaults-from [ [name] | none]
description [string]
map-filter-limit [integer]
map-limit-per-client [integer]
map-recycle-delay [integer]
max-mapping-lifetime [integer]
min-mapping-lifetime [integer]
rule [[rule_name] | none]
third-party-allowed-subnets
[add | delete | replace-all-with] {
[ip address/prefix length] ...
}
third-party-option [ enabled | disabled ]
edit pcp [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list pcp
list pcp [ [ [name] | [glob] | [regex] ] ... ]
show running-config pcp
show running-config pcp
[ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
show pcp
show pcp [ [ [name] | [glob] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
DELETE
delete pcp [name]
DESCRIPTION
You can use the pcp component to specify Port Control Protocol
attributes for a profile that can be used in an LSN pool.
EXAMPLES
create pcp my_pcp_profile defaults-from pcp
Creates a custom PCP profile named my_pcp_profile that inherits its
settings from the system default pcp profile.
list pcp all-properties
Displays all properties for all PCP profiles.
OPTIONS
app-service
Specifies the name of the application service to which the profile
belongs. The default value is none.
Note: If the strict-updates option is enabled on the application
service that owns the object, you cannot modify or delete the
profile. Only the application service can modify or delete the
profile.
defaults-from
Specifies the profile that you want to use as the parent profile.
Your new profile inherits all settings and values from the parent
profile specified. The default value is pcp, a profile that is
shipped in the software.
description
User defined description.
announce-after-failover
Specifies that the BIG-IP software should send an unsolicited
ANNOUNCE response to all PCP clients when there is a failover. The
unsolicited ANNOUNCE response goes over a link-local multi-cast
address, and it contains a new EPOCH time. This signals to the PCP
clients that they should renew all of their active mappings.
announce-multicast
Whenever the BIG-IP system reboots, or if there is any possibility
that the system lost its PCP-mapping state, it sends an
unsolicited ANNOUNCE response to all of its PCP clients. It sends
the response over a link-local multi-cast address, and it contains
a new EPOCH time. The PCP clients react by renewing all of their
active IP mappings. To compensate for possible packet loss (since
the multi-cast address is link-local), you can use this property
to set the number of multi-cast re-sends. Default is 10 re-sends.
map-filter-limit
A PCP client can request a "filter" for a mapping entry, where the
filter limits the number of external endpoints that can use the IP
map. The filter request contains the particular IP address and
port for the endpoint (or subnet of endpoints), as well as a
prefix length. Enter the maximum number of filters (allowed
subnets) that clients are allowed to set for each PCP mapping.
Default is 1.
map-limit-per-client
Specifies the maximum number of PCP mappings per client. Default
is 65535 (unlimited).
Use run util lsndb to see the currently-active set of PCP mappings
on the system. See "util lsndb" for details on the LSN DB utility.
map-recycle-delay
After a IP mapping times out (that is, its lifetime expires),
there is a further delay before the public-side address and port
can be used by another PCP client. Use this property to set the
recycle delay. Default is 60 (seconds).
Use run util lsndb to see the currently-active set of PCP mappings
on the system. See "util lsndb" for details on the LSN DB utility.
max-mapping-lifetime
When a PCP client requests an IP mapping from a BIG IP system, it
also requests a "lifetime" for the mapping. The mapping expires at
the end of that lifetime. This property is the maximum number of
seconds allowed for a mapping lifetime. Default is 86400
(seconds), or 1 day.
Use run util lsndb to see the currently-active set of PCP mappings
on the system. See "util lsndb" for details on the LSN DB utility.
min-mapping-lifetime
Specifies the minimum number of seconds allowed for a mapping
lifetime. Default is 600 (seconds), or 10 minutes.
Use run util lsndb to see the currently-active set of PCP mappings
on the system. See "util lsndb" for details on the LSN DB utility.
regex
Displays the items that match the regular expression. The regular
expression must be preceded by an at sign (@[regular expression])
to indicate that the identifier is a regular expression. See help
regex (regex) for a description of regular expression syntax.
rule Specifies the iRule that is associated with this pcp profile. An
iRule can read packets and possibly filter them based on whatever
programming logic you design. For example, an iRule could reject
all PCP mapping requests using a specific port, or pass an
ANNOUNCE request through a specific port. An iRule gives you the
flexibility to filter, process, or log the PCP packets that fit
this profile.
Select an iRule from the menu of existing iRules. To create a new
one, use the create ltm rule command (see "ltm rule").
third-party-allowed-subnets
Specifies the PCP clients that can make MAP requests on behalf of
other clients. Enter a collection of IP prefixes (IPv4 or IPv6)
with their prefix lengths. If a PCP client outside of any of
these subnets attempts a PCP mapping, the BIG-IP software rejects
the mapping.
You can shorten any IPv6 addresses as defined in RFC 2373 (see
).
This list is only used if the third-party-option is also enabled.
If the list is empty and the third-party-option is enabled, any
PCP client can create mappings for third parties.
third-party-option
Allows PCP clients to make MAP requests on behalf of other
clients, using the THIRD_PARTY flag in the PCP request. You can
set this property to enabled or disabled. If you enable this
property, we recommend using the third-party-subnets option to
limit the the clients that can use the THIRD_PARTY flag; it is a
potential security risk. The default is disabled.
SEE ALSO
create, delete, edit, list, ltm lsn-pool, modify, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012-2013, 2016. All
rights reserved.
BIG-IP 2016-03-14 ltm profile pcp(1)