BIG-IP - General Configuration



 ◆ BIG-IP - General Configuration

 BIG-IPデバイス全体の動作に影響を与える設定は「General Configuration」で行います。設定場所は、
 「System」⇒「Configuration」⇒「Local Traffic」⇒「General」 。以下はデフォルト値となります。

 

 基本的にこれらの値はデフォルト値が推奨ですが、通信要件に応じて設定変更するようにしましょう。
 ただしAuto Last Hopについては無効化した方がいい(無効化にすべき)ネットワーク構成もあるので
 その場合通信要件に応じ、この大本で無効化にするかVirtual Serverごとに個別で無効化にしましょう。
 各項目の内容は以下の解説通りです。


Properties 説明
Auto Last Hop


 Specifies, when checked (enabled),
 that the system automatically maps the last hop for pools.

Maintenance Mode


 Specifies, when checked (enabled), that the unit is in maintenance mode.
 In maintenance mode, the system stops accepting new connections
 and slowly completes the processing of existing connections.

VLAN-Keyed Connections


 Check this setting to enable VLAN-keyed connections. VLAN-keyed connection
 are used when traffic for the same connection must pass through the system
 several times, on multiple pairs of VLANs (or in different VLAN groups).

Path MTU Discovery


 Specifies, when checked (enabled), that the system discovers the maximum
 transmission unit (MTU) that it can send over a path without fragmenting TCP packets.

Reject Unmatced Packets


 Specifies that the BIG-IP system sends a TCP RST packet in response to a non-SYN
 packet that matches a virtual server address and port or self IP address and port,
 but does not match an established connection. The BIG-IP system also sends a
 TCP RST packet in response to a packet matching a virtual server address or self
 IP address but specifying an invalid port.

 The TCP RST packet is sent on the client-side of the connection, and the source
 IP address of the reset is the relevant BIG-IP LTM object address or self IP address
 for which the packet was destined. If you disable this setting, the system silently
 drops unmatched packets.

Reaper High-water Mark


 Specifies, in percent, the memory usage at which the system silently purges stale
 connections, without sending reset packets (RST) to the client. If the memory usage
 remains above the low-water mark after the purge, then the system starts purging
 established connections closest to their service timeout. To disable the adaptive reaper,
 set the high-water mark to 100.

Reaper Low-water Mark


 Specifies, in percent, the memory usage at which the system starts establishing
 new connections. Once the system meets the reaper high-water mark, the system
 does not establish new connections until the memory usage drops below the reaper
 low-water mark. To disable the adaptive reaper, set the low-water mark to 100.
 Note: This setting helps to mitigate the effects of a denial-of-service attack.

SYN Check Activation Threshold


 Specifies the number of new or untrusted TCP connections that can be established
 before the system activates the SYN Cookies authentication method for subsequent
 TCP connections.

Layer 2 Cache Aging Time


 Specifies, in seconds, the amount of time that records remain in the L2 forwarding table,
 when the MAC address of the record is no longer detected on the network.

Share Single MAC Address


 Specifies, when checked (enabled), that all VLANs share a single MAC address.
 If you use the default value (unchecked), the BIG-IP gives each VLAN the MAC address
 of the VLANslowest-numbered interface. Use this setting when configuring an
 active/standby redundant system.

SNAT Packet Forwarding


 Specifies the type of traffic for which the system attempts to forward
 (instead of reject) Any-IP packets, when the traffic originates from a member of a SNAT.
 There are two possible values:

 TCP and UDP Only: Specifies that the system forwards, for TCP and UDP traffic only,
 Any-IP packets originating from a SNAT member.

 All Traffic: Specifies that the system forwards, for all traffic types,
 Any-IP packets originating from a SNAT member.



 ◆ 参考:1スクリーンあたりの表示数の変更

 1スクリーンあたりの表示行はデフォルトで10行
 と少なく一覧表示として見にくいので、一般的に
 30〜50くらいに変更する方が多いです。この設定
 は同期されないので、2台ともに変更が必要です。

 



BIG-IP Basic Configuration 2

Copyright (C) 2002-2021 ネットワークエンジニアとして All Rights Reserved.