ltm message-routing diameter profile session
ltm message-routing diameter profile session(1) BIG-IP TMSH Manual ltm message-routing diameter profile session(1)
NAME
session - Configures a Diameter Session profile.
MODULE
ltm message-routing diameter profile
SYNTAX
Configure the session component within the ltm message-routing diameter profile module using the syntax shown
in the following sections.
CREATE/MODIFY
create session [name]
modify session [name]
options:
acct-application-id [integer]
app-service [[string] | none]
array-acct-application-id [[list of integers] | none]
array-auth-application-id [[list of integers] | none]
array-retransmission-result-codes [[list of integers] | none]
auth-application-id [integer]
defaults-from [[name] | none]
description [string]
dest-host-rewrite [string]
dest-realm-rewrite [string]
disconnect-peer-action [disable | force-offline | none]
dynamic-route-insertion [disabled | enabled]
dynamic-route-lookup [disabled | enabled]
dynamic-route-timeout [integer]
discard-unroutable [disabled | enabled]
egress-critical-message-rate-limit [integer]
egress-major-message-rate-limit [integer]
handshake-timeout [integer]
host-ip-address [disabled | enabled]
ingress-critical-message-rate-limit [integer]
ingress-major-message-rate-limit [integer]
loop-detection [disabled | enabled]
max-message-size [integer]
max-retransmissions [integer]
max-watchdog-failures [integer]
origin-host [string]
origin-host-rewrite [string]
origin-realm [string]
origin-realm-rewrite [string]
egress-critical-message-rate-limit [integer]
persist-avp [string]
persist-timeout [integer]
persist-type [avp | custom | none]
product-name [string]
reset-on-timeout [disabled | enabled]
respond-unroutable [disabled | enabled]
retransmission-action [disabled | busy | unable | retransmit | retransmit-alternate]
retransmission-queue-limit-low [integer]
retransmission-queue-limit-high [integer]
retransmission-queue-max-bytes [integer]
retransmission-queue-max-messages [integer]
retransmission-timeout [integer]
route-unconfigured-peers [disabled | enabled]
vendor-id [integer]
vendor-specific-vendor-id [integer]
vendor-specific-acct-application-id [integer]
vendor-specific-auth-application-id [integer]
watchdog-timeout [integer]
edit session [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
reset-stats session
reset-stats session [ [ [name] | [glob] | [regex] ] ... ]
DISPLAY
list session
list session [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show running-config session
show running-config session [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show session
show session [ [ [name] | [glob] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
DELETE
delete session [name]
DESCRIPTION
You can use the session component to manage a Diameter session profile.
EXAMPLES
create session my_session_profile defaults-from session
Creates a Diameter session profile named my_session_profile using the system defaults.
create session my_session_profile { reset-on-timeout disabled }
Creates a Diameter profile named my_session_profile that will not reset the connection when watchdog failure
exceed maximum-watchdog-failures.
OPTIONS
acct-application-id
Specifies as an integer the Accounting identifier for specific application, as specified in RFC 6733.
This value will be appended at the end of array-acct-application-id in capabilities exchange messages if
it doesn't already exist in it.
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
array-acct-application-id
Specifies as a whitespace separated list of integers the Accounting identifier(s) for specific
application(s), as specified in RFC 6733.
array-auth-application-id
Specifies as a whitespace separated list of integers the Authentication and Authorization identifier(s)
for specific application(s), as specified in RFC 6733.
array-retransmission-result-codes
Specifies as a whitespace separated list of integers that define result codes that if received in an
answer message will trigger retransmission.
auth-application-id
Specifies as an integer the Authentication and Authorization identifier for specific application, as
specified in RFC 6733. This value will be appended at the end of array-auth-application-id in
capabilities exchange messages if it doesn't already exist in it.
defaults-from
Specifies the profile that you want to use as the parent profile. Your new profile inherits all of the
settings and values from the specified parent profile. The default value is diametersession.
description
User defined description.
dest-host-rewrite
Specifies the destination host AVP to which the specified value on the egress will be rewritten.
dest-realm-rewrite
Specifies the destination realm AVP to which the specified value on the egress will be rewritten.
discard-unroutable
When selected (enabled), messages that do not match any known route will be silently discarded. When
disabled, unroutable messages are routed back to the connection where they came from. The default value
is enabled.
disconnect-peer-action
Specifies the state of peer based on Disconnect Peer Request received from peer. The default value is
none. The options are:
none Terminates connection on receiving DPR. Connection can be re-established between peer and BIGIP.
disable
A node continues to process persistent and active connections. It can accept new connections only if
the connections belong to an existing persistent session.
force-offline
A node allows existing connections to time out, but no new connections are allowed.
egress-critical-message-rate-limit
If the number of messages egressed to a peer (pool member) in a second exceeds the provided limit, a SNMP
trap, The number of messages sent to a peer is above the critical rate limit threshold, will be sent. If
the number of messages egressed to a peer (pool member) in a second drops below the provided limit, a
SNMP trap, The number of messages sent to a peer is back under the critical rate limit threshold, will be
sent. A value of 0 will disable the SNMP trap. The default value is 0.
egress-major-message-rate-limit
If the number of messages egressed to a peer (pool member) in a second exceeds the provided limit, a SNMP
trap, The number of messages sent to a peer is above the major rate limit threshold, will be sent. If
the number of messages egressed to a peer (pool member) in a second drops below the provided limit, a
SNMP trap, The number of messages sent to a peer is back under the major rate limit threshold, will be
sent. A value of 0 will disable the SNMP trap. The default value is 0.
dynamic-route-insertion
Specifies whether dynamic route insertion is enabled for this Diameter session profile. If enabled,
routes will be added to route incoming messages toward the connected peer, by its origin-host. The
default value is disabled.
dynamic-route-lookup
Specifies whether dynamic route lookup is enabled for this Diameter session profile. If enabled, the
destination-host of messages received via this profile will be used to find a route added from
connections with dynamic-route-insertion enabled. The default value is disabled.
dynamic-route-timeout
Specifies how long after a connection is closed will the dynamic route be deleted from the route table.
The default value is 300
glob Displays the items that match the glob expression. See help glob for a description of glob expression
syntax.
handshake-timeout
Specifies the number of seconds before the peer handshake times out. The default is 10 seconds.
host-ip-address
Specifies the value that will be used in the Host-IP-Address AVP sent in Capabilities-Exchange-Request
and Capabilities-Exchange-Answer messages. When unset (default), the Diameter router will use the
virtual server's IP address.
ingress-critical-message-rate-limit
If the number of messages received from a peer (pool member) in a second exceeds the provided limit, a
SNMP trap, The number of messages from a peer is above the critical rate limit threshold, will be sent.
If the number of messages received from a peer (pool member) in a second drops below the provided limit,
a SNMP trap, The number of messages from a peer is back under the critical rate limit threshold, will be
sent. A value of 0 will disable the SNMP trap. The default value is 0.
ingress-major-message-rate-limit
If the number of messages received from a peer (pool member) in a second exceeds the provided limit, a
SNMP trap, The number of messages from a peer is above the major rate limit threshold, will be sent. If
the number of messages received from a peer (pool member) in a second drops below the provided limit, a
SNMP trap, The number of messages from a peer is back under the major rate limit threshold, will be sent.
A value of 0 will disable the SNMP trap. The default value is 0.
loop-detection
Specifies whether loop detection will be performed on requests received by this session profile. The
default value is enabled. When set, the Diameter session profile will reject messages that it has
already seen. See RFC 6733 section 6.1.3.
max-message-size
Specifies the maximum number of bytes acceptable in a Diameter message. The default value is 0 which
indicates that there is no message size restriction for this session. Note: Message size is also
restricted by the database variable "diameter.message.maxlen"; the smallest value is used as a maximum.
Messages exceeding this size are silently discarded.
max-retransmissions
Specifies the maximum number of retransmissions of a Diameter message. The default value is 0.
max-watchdog-failures
Specifies the maximum number of device watchdog failures that the traffic management system can receive
before it tears down the connection. After the system receives this number of device watchdog failures,
it closes the connection. The default value is 1.
origin-host
Specifies the identifier of the originating server in the form siteserver.f5.com. Must specify the
origin-host.
origin-host-rewrite
Specifies the value to rewrite to the Origin-Host AVP on egress.
origin-realm
Specifies the Origin-Realm AVP data. Must specify the origin-realm.
origin-realm-rewrite
Specifies the value to rewrite to the Origin-Realm AVP on egress.
peer-delay-critical-limit
If the average peer delay exceeds the provided limit, a SNMP trap, PeerHealth exceeds critical, will be
generated. If the average peer delay drops below the provided limit, a SNMP trap, PeerHealth back under
critical, will be generated. A value of 0 will disable the SNMP trap. The default value is 0.
persist-avp
Specifies the Diameter AVP that is used for persistence. The format is avp[index] for a single AVP or
a[x]:b[y]:c[z]:d[w] for a grouped AVP. There may be at most 4 AVPs in a group. The AVP name is used as
the session-key; it may be an ASCII string or numeric ID in the range 1 to 4294967295 (AVP code can be
specified instead of AVP name). Note: The default value is "SESSION-ID[0]". A grouped-avp can be
specified with the following syntax: grouped-avp-name[index]:nested-avp1[index1]:nested-avp2[index2],
where "nested-avp1" and "nested-avp2" are the AVPs in the grouped AVP.
persist-timeout
Specifies the timeout value (in seconds) for persistence entries. The default value is 180. Note: Its
recommended to have the persist-timeout to be greater than transaction timeout, specified in the Diameter
router configuration, as the lesser of the two is used when creating the persist record on receiving of
the first Diameter request message. Upon receiving of the response for the first Diameter request message
the persistence record is updated with the persist-timeout value. For any subsequent responses received
the persist timeout is updated for the persist record.
persist-type Specifies the type of the persistence. The options are:
avp Persist based on avp in the message.
custom
Persist based on a custom key set using iRule.
none Persistence is disabled.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at
sign (@[regular expression]) to indicate that the identifier is a regular expression. See help regex for
a description of regular expression syntax.
reset-on-timeout
When enabled, the system resets the connection when the number of watchdog failures exceeds the value of
max-watchdog-failures. The default value is enabled.
respond-unroutable
When selected (enabled), messages that do not match any known route will be transformed into an error
answer message and sent to the originator of the request. When disabled, unroutable request messages are
routed back to the connection where they came from. The default value is disabled.
retransmission-action
Specifies the action performed when retransmission has been triggered for a request message. The options
are:
disabled
Retransmission is disabled. This is the default action.
busy An answer message is generated with a TOO_BUSY result code and returned to the originator of the
request.
unable
An answer message is generated with a UNABLE_TO_DELIVER result code and returned to the originator
of the request.
retransmit
The request message will be retransmitted.
retransmit-alternate
The request message can be retransmitted to a different pool member.
retransmission-queue-limit-high
Specifies the high watermark for the retransmission queue (in percentage). If the retransmission queue
exceeds this limit the transport window will begin closing. A value of 0 will disable closing the
transport window. Valid range from 0 to 100. The default value is 90.
retransmission-queue-limit-low
Specifies the low watermark for the retransmission queue (in percentage). If the retransmission queue
drops below this limit the transport window will reopen. Valid range from 0 to 100. The default value is
60.
retransmission-queue-max-bytes
Specifies the maximum number of bytes that can be stored in a connections retransmission queue. A value
of 0 will disable this limit. The default value is 131072 bytes.
retransmission-queue-max-messages
Specifies the maximum number of messages that can be stored in a connections retransmission queue. A
value of 0 will disable this limit. The default value us 1024 messages.
retransmission-timeout
Specifies the timeout for retransmission of a Diameter request (in seconds). A value of 0 will disable
the retransmission timer. The default value is 10 seconds.
route-unconfigured-peers
When enabled, all connections will be allowed. When disabled, connections from peers whose IP addresses
cannot be found in a statically configured route will be rejected. The default value is enabled.
vendor-id
Specifies the vendor identification number assigned to your diameter server by the Internet Assigned
Numbers Authority (IANA). The default value is 3375.
vendor-specific-vendor-id
Specifies the vendor ID number that will be sent in Vendor-Specific-Application-ID AVPs. A value of 0
disables the feature. If this value is set, exactly one of either vendor-specific-acct-app-id or vendor-
specific-auth-app-id must also be specified. The default value is 0.
vendor-specific-acct-app-id
Specifies the accounting application ID number that will be sent in Vendor-Specific-Application-ID AVPs.
A value of 0 disables the feature. If this value is set, vendor-specific-vendor-id must be set and
vendor-specific-auth-app-id must be unset. The default value is 0.
vendor-specific-auth-app-id
Specifies the authentication/authorization application ID number that will be sent in Vendor-Specific-
Application-ID AVPs. A value of 0 disables the feature. If this value is set, vendor-specific-vendor-id
must be set and vendor-specific-acct-app-id must be unset. The default value is 0.
watchdog-timeout
Specifies the watchdog timeout in seconds. This setting specifies the number of seconds that a connection
is idle before the device watchdog request is sent. A value of 0 means BIG-IP will not send a device
watchdog request to either client or server side. The default value is 10 seconds.
SEE ALSO
create, delete, edit, glob, list, ltm virtual, modify, regex, reset-stats, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2013-2015. All rights reserved.
BIG-IP 2020-01-23 ltm message-routing diameter profile session(1)