ltm global-settings traffic-control
ltm global-settings traffic-control(1) BIG-IP TMSH Manual ltm global-settings traffic-control(1)
NAME
traffic-control - Configures the global settings that pertain to traffic control for the BIG-IP(r) and
VIPRION(r) local traffic management systems.
MODULE
ltm global-settings
SYNTAX
Configure the traffic-control component within the ltm global-settings module using the syntax shown in the
following sections.
MODIFY
modify traffic-control
options:
accept-ip-options [disabled | enabled]
accept-ip-source-route [disabled | enabled]
allow-ip-source-route [ disabled | enabled]
continue-matching [ disabled | enabled]
max-icmp-rate [integer value: 0 ~ 2147483647]
max-reject-rate [ integer value: 1 ~ 1000]
max-reject-rate-timeout [ integer value: 0 ~ 300]
min-path-mtu [ integer value: 68 ~ 1500]
path-mtu-discovery [disabled | enabled]
port-find-linear [ integer value: 0 ~ 61439]
port-find-random [ integer value: 0 ~ 1024]
port-find-threshold-warning [disabled | enabled]
port-find-threshold-trigger [integer value: 1 ~ 12]
port-find-threshold-timeout [integer value: 0 ~ 300]
reject-unmatched [ disabled | enabled]
DISPLAY
list traffic-control
list traffic-control [option name]
show running-config traffic-control
show running-config traffic-control [option name]
options:
all-properties
non-default-properties
one-line
DESCRIPTION
You can use the traffic-control component to modify how the system processes local traffic.
EXAMPLES
modify traffic-control accept-ip-options enabled
Specifies that the system accepts IPv4 packets with IP options.
list traffic-control
Displays the local traffic control global settings.
OPTIONS
accept-ip-options
Specifies whether the system accepts IPv4 packets with IP options. The default value is disabled.
accept-ip-source-route
Specifies whether the system accepts IPv4 packets with IP source route options that are destined for
Traffic Management Microkernel (TMM). The default value is disabled.
To enable this option, you must also enable the accept-ip-options option.
allow-ip-source-route
Specifies whether the system allows IPv4 packets with IP source route options enabled to be routed
through Traffic Management Microkernel (TMM). The default value is disabled.
To enable this option, you must also enable the accept-ip-options option.
continue-matching
Specifies whether the system matches against a less-specific virtual server when the more-specific one is
disabled. When continue-matching is disabled, the default value, the system drops connections that
request a disabled virtual server. In this case, the system rejects or drops packets depending on the
value of the reject-unmatched option.
max-icmp-rate
Specifies the maximum rate per second at which the system issues Internet Control Message Protocol (ICMP)
errors. The default value is 100 errors per second. The range is from 0 (zero) to 2147483647 errors per
second. This option is useful for preventing ICMP-message storms.
max-reject-rate
Specifies the maximum rate per second at which the system issues reject packets (TCP RST or ICMP port
unreach). The default value is 250 per second. The range is from 1 to 1000 per second.
max-reject-rate-timeout
Specifies the time in seconds which the system ignores icmp port unreach and tcp rst ratelimits on
becoming active after a failover. The default value is 30 seconds. The range is from 0 to 300 seconds.
min-path-mtu
Specifies the minimum packet size that can traverse the path without suffering fragmentation, also known
as path Maximum Transmission Unit(MTU). The default value is 296. The range is from 68 to 1500.
path-mtu-discovery
Specifies, when enabled, that the system discovers the maximum transmission unit (MTU) that it can send
over a path, without fragmenting TCP packets. The default value is enabled.
port-find-linear
Specifies the maximum of ports to linearly search for outbound connections. The default value is 16. The
range is from 0 to 61439.
port-find-random
Specifies the maximum of ports to randomly search for outbound connections. The default value is 16. The
range is from 0 to 1024.
port-find-threshold-warning
Specifies if the ephemeral port-exhaustion threshold warning is to be monitored. The default is enabled.
port-find-threshold-trigger
Specifies the threshold warning's trigger which is the value of random port attempts when attempting to
find an unused outbound port for a connection. The default is 8. The valid range is 1 - 12.
port-find-threshold-timeout
Specifies the threshold warning's timeout. This is the time in seconds since the last trigger value was
hit and will drop the tuple if not hit. The default is 30 (1/2 minute) with range from 0 - 300.
reject-unmatched
Specifies, when enabled, that the system returns a TCP RESET or ICMP_UNREACH packet if no virtual servers
on the system match the destination address of the incoming packet. When this option is disabled, the
system silently drops the unmatched packet. The default value is enabled.
SEE ALSO
list, ltm node, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2013, 2015-2016. All rights reserved.
BIG-IP 2016-03-14 ltm global-settings traffic-control(1)