pem service-chain-endpoint
pem service-chain-endpoint(1) BIG-IP TMSH Manual pem service-chain-endpoint(1)
NAME
service-chain-endpoint - Configures service chain endpoints for the Policy Enforcement Manager (PEM).
MODULE
pem
SYNTAX
Modify the service-chain-endpoint component within the pem module using the syntax shown in the following
sections.
CREATE/MODIFY
create service-chain-endpoint [name]
modify service-chain-endpoint [name]
options:
app-service [[string] | none]
service-endpoints [add | delete | modify | replace-all-with] {
[service endpoint name ... ] {
options:
app-service [[string] | none]
forwarding-endpoint
to-endpoint [forwarding endpoint name]
from-vlan [vlan name]
http-adapt-service
internal-virtual [internal virtual server | none]
icap-type [request | response | both | none]
order [integer]
service-option [optional | mandatory]
steering-policy [policy name | none]
}
}
edit service-chain-endpoint [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list service-chain-endpoint
list service-chain-endpoint [ [ [name] | [glob] | [regex] ] ... ]
show running-config service-chain-endpoint
show running-config service-chain-endpoint [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
DELETE
delete service-chain-endpoint [name]
Note: You must remove all references to a service-chain-endpoint before you can delete the service-chain-
endpoint.
DESCRIPTION
You can use the service-chain-endpoint component to configure service-chain-endpoint definitions for the
Policy Enforcement Manager (PEM). Each service-chain-endpoint consists of one or more service-endpoints,
where a service-endpoint consists of a non-zero integer order, existing from-vlan a valid fwd-endpoint or a
http-adaptation-service endpoint. When you configure a BIG-IP that has a service-chain-endpoint with multiple
service-endpoints, traffic will pass through different endpoints choosen dynamically.
Note: You must create a valid forwarding-endpoint and a valid vlan before you can create a service-endpoint.
If you are enabling http-adapt-service, you must create Request Adapt and Response Adapt profiles and attach
to the traffic virtual. Also create an internal-virtual and enable icap profile. You must also give each
service-endpoint an order from 1 up to 2^32-1. The lower the service-endpoint order is, the higher its
precedence is (i.e., traffic will pass though it before other higher order service-endpoints). Each service-
endpoint has a boolean (true/false) service-option that defines what would happen if the service-endpoint is
down. If service-option is mandatory, the traffic flow is dropped if the service-endpoint is down. If
service-option is optional, the traffic flow will be bypassed to the next available service-endpoint.
For more information about how to create a vlan, please refer to net vlan. Also please refer to pem
forwarding-endpoint for more information about how to create a pem forwarding-endpoint.
EXAMPLES
create service-chain-endpoint chain1 service-endpoints add { ser_ep1 { order 10 from-vlan vlan1 forwarding-
endpoint { to-endpoint fw_ep1 } service-option optional } ser_ep2 { order 5 from-vlan vlan2 http-adapt-service
{internal-virtual iv1} service-option mandatory } }
Creates a PEM service-chain-endpoint named chain1 that has two service-endpoints: ser_ep1 and ser_ep2. The
first ser_ep1 has an order of 10 and is optional and has forwarding-endpoint with to-endpoint fw_ep1, type
transparent and vlan1 as a from-vlan. The second ser_ep2 has an order of 5 is mandatory and has http-adapt-
service enabled with ivs1 as internal-server and vlan2 as a from-vlan. Note that ser_ep2 will precede ser_ep1
because the lower the service-endpoint order is, the higher its precedence is.
delete service-chain-endpoint chain1
Deletes the service-chain-endpoint named chain1.
list service-chain-endpoint chain1
Displays the properties of the service-chain-endpoint named chain1.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
service-endpoints
Adds, deletes, or replaces a set of the service endpoints by specifying a series of service-endpoint
names. If any of these names did not exist before, then new names will be created. Each service-endpoint
is identified by a vlan and a forwarding-endpoint.
app-service
Specifies the name of the application service to which the object belongs. The default value is
none. Note: If the strict-updates option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application service can modify or delete the
object.
forwarding-endpoint
Specifies the forwarding endpoint attributes to be set. The below attributes can be set:
to-endpoint
This is a default endpoint that will be chosen if steering policy is not configured. You have
to create a valid PEM forwarding-endpoint before you can add to-endpoint to a service-endpoint.
from-vlan
Specifies the vlan that the traffic will come from toward the service-endpoint. Note: The vlan has
to exist before you can create a from-vlan field.
http-adapt-service
Specifies the option to set attributes for http adapt services. Below are the attributes that can be
set.
internal-virtual
This is the internal virtual on which icap is enabled. You have to create the internal-virtual
and assign icap profile before adding here.
icap-type
Defines the ICAP adaptation type: request only adaptation, request and response adaptation or
both types of adaptations combined.
order
Specifies the order of the service-endpoint among other service-endpoints. The lower the service-
endpoint's order is, the more precedence it has (i.e., the traffic will go through the lowest-
ordered service-endpoint first, then through higher order service-endpoint, ... etc.).
service-option
Specifies the behavior when a service-endpoint is not available (i.e., is down). This option is
limited when ICAP is defined as the service-endpoint and will not apply if the ICAP service is
unavailable. You can configure the following options:
mandatory
If the service-endpoint is down, the traffic flow is dropped.
optional
If the service-endpoint is down, the traffic flow will be bypassed to the next available
service-endpoint.
steering-policy
If the steering policy is configured, the policy is evaluated and if steering is enabled the flow
will be steered to the corresponding endpoint.
SEE ALSO
create, delete, edit, glob, list, modify, pem forwarding-endpoint, pem interception-endpoint, pem listener,
pem policy, pem profile diameter-endpoint, pem profile spm, pem reporting format-script, pem subscriber, pem
subscribers, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2012. All rights reserved.
BIG-IP 2016-01-07 pem service-chain-endpoint(1)