pem service-chain-endpoint
pem service-chain-endpoint(1) BIG-IP TMSH Manual pem service-chain-endpoint(1)
NAME
service-chain-endpoint - Configures service chain endpoints for the
Policy Enforcement Manager (PEM).
MODULE
pem
SYNTAX
Modify the service-chain-endpoint component within the pem module using
the syntax shown in the following sections.
CREATE/MODIFY
create service-chain-endpoint [name]
modify service-chain-endpoint [name]
options:
app-service [[string] | none]
service-endpoints [add | delete | modify | replace-all-with] {
[service endpoint name ... ] {
options:
app-service [[string] | none]
forwarding-endpoint
to-endpoint [forwarding endpoint name]
from-vlan [vlan name]
http-adapt-service
internal-virtual [internal virtual server | none]
icap-type [request | response | both | none]
order [integer]
service-option [optional | mandatory]
steering-policy [policy name | none]
}
}
edit service-chain-endpoint [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list service-chain-endpoint
list service-chain-endpoint [ [ [name] | [glob] | [regex] ] ... ]
show running-config service-chain-endpoint
show running-config service-chain-endpoint [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
DELETE
delete service-chain-endpoint [name]
Note: You must remove all references to a service-chain-endpoint before
you can delete the service-chain-endpoint.
DESCRIPTION
You can use the service-chain-endpoint component to configure service-
chain-endpoint definitions for the Policy Enforcement Manager (PEM).
Each service-chain-endpoint consists of one or more service-endpoints,
where a service-endpoint consists of a non-zero integer order, existing
from-vlan a valid fwd-endpoint or a http-adaptation-service endpoint.
When you configure a BIG-IP that has a service-chain-endpoint with
multiple service-endpoints, traffic will pass through different
endpoints choosen dynamically.
Note: You must create a valid forwarding-endpoint and a valid vlan
before you can create a service-endpoint. If you are enabling http-
adapt-service, you must create Request Adapt and Response Adapt
profiles and attach to the traffic virtual. Also create an internal-
virtual and enable icap profile. You must also give each service-
endpoint an order from 1 up to 2^32-1. The lower the service-endpoint
order is, the higher its precedence is (i.e., traffic will pass though
it before other higher order service-endpoints). Each service-endpoint
has a boolean (true/false) service-option that defines what would
happen if the service-endpoint is down. If service-option is
mandatory, the traffic flow is dropped if the service-endpoint is down.
If service-option is optional, the traffic flow will be bypassed to the
next available service-endpoint.
For more information about how to create a vlan, please refer to net
vlan. Also please refer to pem forwarding-endpoint for more
information about how to create a pem forwarding-endpoint.
EXAMPLES
create service-chain-endpoint chain1 service-endpoints add { ser_ep1 {
order 10 from-vlan vlan1 forwarding-endpoint { to-endpoint fw_ep1 }
service-option optional } ser_ep2 { order 5 from-vlan vlan2 http-adapt-
service {internal-virtual iv1} service-option mandatory } }
Creates a PEM service-chain-endpoint named chain1 that has two service-
endpoints: ser_ep1 and ser_ep2. The first ser_ep1 has an order of 10
and is optional and has forwarding-endpoint with to-endpoint fw_ep1,
type transparent and vlan1 as a from-vlan. The second ser_ep2 has an
order of 5 is mandatory and has http-adapt-service enabled with ivs1 as
internal-server and vlan2 as a from-vlan. Note that ser_ep2 will
precede ser_ep1 because the lower the service-endpoint order is, the
higher its precedence is.
delete service-chain-endpoint chain1
Deletes the service-chain-endpoint named chain1.
list service-chain-endpoint chain1
Displays the properties of the service-chain-endpoint named chain1.
OPTIONS
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
service-endpoints
Adds, deletes, or replaces a set of the service endpoints by
specifying a series of service-endpoint names. If any of these
names did not exist before, then new names will be created. Each
service-endpoint is identified by a vlan and a forwarding-
endpoint.
app-service
Specifies the name of the application service to which the
object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service
that owns the object, you cannot modify or delete the object.
Only the application service can modify or delete the object.
forwarding-endpoint
Specifies the forwarding endpoint attributes to be set. The
below attributes can be set:
to-endpoint
This is a default endpoint that will be chosen if
steering policy is not configured. You have to create a
valid PEM forwarding-endpoint before you can add to-
endpoint to a service-endpoint.
from-vlan
Specifies the vlan that the traffic will come from toward the
service-endpoint. Note: The vlan has to exist before you can
create a from-vlan field.
http-adapt-service
Specifies the option to set attributes for http adapt
services. Below are the attributes that can be set.
internal-virtual
This is the internal virtual on which icap is enabled.
You have to create the internal-virtual and assign icap
profile before adding here.
icap-type
Defines the ICAP adaptation type: request only
adaptation, request and response adaptation or both
types of adaptations combined.
order
Specifies the order of the service-endpoint among other
service-endpoints. The lower the service-endpoint's order is,
the more precedence it has (i.e., the traffic will go through
the lowest-ordered service-endpoint first, then through
higher order service-endpoint, ... etc.).
service-option
Specifies the behavior when a service-endpoint is not
available (i.e., is down). This option is limited when ICAP
is defined as the service-endpoint and will not apply if the
ICAP service is unavailable. You can configure the following
options:
mandatory
If the service-endpoint is down, the traffic flow is
dropped.
optional
If the service-endpoint is down, the traffic flow will
be bypassed to the next available service-endpoint.
steering-policy
If the steering policy is configured, the policy is evaluated
and if steering is enabled the flow will be steered to the
corresponding endpoint.
SEE ALSO
create, delete, edit, glob, list, modify, pem forwarding-endpoint, pem
interception-endpoint, pem listener, pem policy, pem profile diameter-
endpoint, pem profile spm, pem reporting format-script, pem subscriber,
pem subscribers, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2012. All rights reserved.
BIG-IP 2016-01-07 pem service-chain-endpoint(1)