ltm global-settings connection
ltm global-settings connection(1) BIG-IP TMSH Manual ltm global-settings connection(1)
NAME
connection - Configures the global settings that pertain to connections for the BIG-IP(r) and VIPRION(r) local
traffic management systems.
MODULE
ltm global-settings
SYNTAX
Configure the connection component within the ltm global-settings module using the syntax shown in the
following sections.
MODIFY
modify connection
options:
adaptive-reaper-hiwater [integer]
adaptive-reaper-lowater [integer]
auto-last-hop [disabled | enabled]
default-vs-syn-challenge-threshold [infinite | integer]
global-flow-eviction-policy [name]
global-syn-challenge-threshold [infinite | integer]
syncookies-threshold [integer]
vlan-keyed-conn [disabled | enabled]
vlan-syn-cookie [disabled | enabled]
DISPLAY
list connection
list connection [option name]
show running-config connection
show running-config connection [option name]
options:
all-properties
non-default-properties
one-line
DESCRIPTION
You can use the connection component to modify how the system processes connections.
EXAMPLES
modify connection auto-last-hop disabled
Specifies that the system does not automatically map the last hop for pools.
list connection
Displays the global settings for how the system processes connections.
OPTIONS
adaptive-reaper-hiwater
*IMPORTANT* This command has been deprecated (as of 11.6.0). Please use ltm eviction-policy instead.
Specifies, in a percentage, the memory usage at which the system stops establishing new connections. Once
the system meets the reaper high-water mark, the system does not establish new connections until the
memory usage drops below the reaper low-water mark. The adaptive reaper settings help mitigate the
effects of a denial-of-service attack.
The available range is 85 - 100. The default value is 95. To disable the adaptive reaper, set the high-
water mark to 100.
adaptive-reaper-lowater
*IMPORTANT* This command has been deprecated (as of 11.6.0). Please use ltm eviction-policy instead.
Specifies, in percent, the memory usage at which the system silently purges stale connections, without
sending reset packets (RST) to the client. If the memory usage remains above the low-water mark after the
purge, then the system starts purging established connections closest to their service timeout.
The available range is 70 - 100. The default value is 85. To disable the adaptive reaper, set the low-
water mark to 100.
auto-last-hop
Specifies that the system automatically maps the last hop for pools. The default value is enabled.
default-vs-syn-challenge-threshold
Specifies the default value of per-virtual server SYN Cookie activation threshold per chassis. The
default value is infinite. The valid range is 128 - 1024K or infinite (encoded as 0).
global-flow-eviction-policy
Specifies the flow eviction policy to use when approaching memory usage limits. The settings in the
policy determine the adaptive reaper high and low water marks, and help determine which client
connections to terminate when memory limits have exceeded the "low-water" threshold in the eviction
policy. The settings help mitigate the effects of a denial-of-service attack.
global-syn-challenge-threshold
Specifies the default value of the global SYN Cookie activation threshold per TMM. The default value is
64K. The valid range is 2048 - 4096K or infinite (encoded as 0).
syncookies-threshold
This option is deprecated in version 13.0.0 and is replaced by default-vs-syn-challenge-threshold.
Specifies the number of new or untrusted TCP connections that can be established before the system
activates the SYN Cookies authentication method for subsequent TCP connections. The default value is
16384.
vlan-keyed-conn
Enables or disables VLAN-keyed connections. You use VLAN-keyed connections when traffic for the same
connection must pass through the system several times, on multiple pairs of VLANs (or in different VLAN
groups). The default value is enabled.
vlan-syn-cookie
Enables or disables the hardware per-VLAN SYN cookie protection on platforms with supported firmware.
The default value is enabled.
SEE ALSO
list, ltm node, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2010, 2013, 2016. All rights reserved.
BIG-IP 2016-09-06 ltm global-settings connection(1)