Brocade Virtual Traffic Manager: Configuration System Guide, v10.2
Contents
1. conf supplementarykeys This is a magic key section for suppementary keys It exists so that they get loaded BEFORE ordinary base keys Key Description There are no items to display for this configuration type conf users The conf users file defines login details for users with access to the software This is a single file containing details for all locally managed users of the software The asterisk in the keys represents the name of the user the key applies to for example the key to store the applet width for the admin user is user admin appletwidth Users are managed under the System gt Users section of the web UL In the SOAP API and CLI users are managed using functions in the Users section Brocade Virtual Traffic Manager Configuration System Guide 139 Configuration Sections conf users Key user applet_max_vs Description The maximum number of virtual server traffic bars to show in the applet e From products zxtm lb balancer cpp 279 e Value type unsigned integer e Default value 5 user group The user s Permission Group e From products zxtm lb balancer cpp 211 e Value type string e Default value lt none gt user old_password A salted MD5 hash of the user s nth most recent password This config key is used to track older passwords set by an user to implement password policy settings This key s value is updated by the software only The config k2. nodefail Node has failed noderesolvefailure Failed to resolve node address 40 Brocade Virtual Traffic Manager Configuration System Guide conf events Configuration Sections Event Tag Description noderesolvemultiple Node resolves to multiple IP addresses nodeworking Node is working again nostarttls Node doesn t provide STARTTLS support pooldied Pool has no back end nodes responding poolnonodes Pool configuration contains no valid backend nodes poolok Pool now has working nodes One or more nodes are now available for this pool starttlsinvalid Node returned invalid STARTTLS response Event tags for object type protection triggersummary Summary of recent service protection events Service protection has generated a summary of recent events The frequency of these messages is configured by log_time on each service protection class Event tags for object type rules aptimizedisabled Rule attempted to use Aptimizer but it is not enabled aptimizeuseunknownprofile Rule selected an unknown Aptimizer profile aptimizeuseunknownscope Rule selected an unknown Aptimizer scope datalocalstorefull data local set has run out of space datastorefull data set has run out of space data set operations will continue to fail until data remove or data reset is used forwardproxybadhost Rule selected an unresolvable host A rule selected a host which could not be
3. products zxtm lb virtualserver cpp 313 e Value type string e Default value lt none gt webcache enabled If set to Yes the traffic manager will attempt to cache web server responses e From products zxtm lb virtualserver cpp 270 e Value type Yes No e Default value No webcachelerrorpage_time Time period to cache error pages for e From products zxtm lb virtualserver cpp 300 e Value type seconds e Default value 30 webcache refresh_time If a cached page is about to expire within this time the traffic manager will start to forward some new requests on to the web servers A maximum of one request per second will be forwarded the remainder will continue to be served from the cache This prevents bursts of traffic to your web servers when an item expires from the cache Setting this value to 0 will stop the traffic manager updating the cache before it expires e From products zxtm lb virtualserver cpp 292 e Value type seconds e Default value 2 webcache time Maximum time period to cache web pages for e From products zxtm lb virtualserver cpp 277 e Value type seconds e Default value 600 write_on_connect If set to Yes the traffic manager will try to write data to a back end server before it has confirmation that the TCP connection has fully opened saving time Some operating systems allow this but others will return errors and so it is
4. products zxtm monitor monitor_tcp_transaction cpp 34 e Requires type is set to tcp_transaction e Value type string e Default value write_string The string to write down the TCP connection e From products zxtm monitor monitor_tcp_transaction cpp 44 e Requires type is set to tcp_transaction e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 69 Configuration Sections conf persistence conf persistence The conf persistence directory contains configuration files for persistence classes The name of a file is the name of the persistence class it defines Persistence classes can be configured under the Catalogs gt Persistence section of the Admin Server UI or by using functions under the Catalog Persistence section of the SOAP API and CLI Key Description delete Whether or not the session should be deleted when a session failure occurs Note setting a failure mode of choose a new node implicitly deletes the session e From products zxtm lb session cpp 104 e Value type Yes No e Default value Yes failuremode The action the pool should take if the session data is invalid or it cannot contact the node specified by the session e From products zxtm lb session cpp 94 e Value type enumeration e Default value newnode e Permitted values newnode Choose a new node to use url Redirect the
5. conf locations cfg The locations cfg file contains custom geolocation data This is a text file that must be managed manually comments in the file describe the data format Key Description There are no items to display for this configuration type conf monitors The conf monitors directory contains configuration files for backend node monitors The name of a file is the name of the monitor it defines Monitors can be configured under the Catalogs gt Monitors section of the Admin Server UI or by using functions under the Catalog Monitor section of the SOAP API and CLI Key Description back_off Should the monitor slowly increase the delay after it has failed e From products zxtm monitor monitor cpp 109 e Value type Yes No e Default value Yes can_edit_ssl Whether or not SSL configuration is available via the Admin Server UI for this monitor This is for use by monitors pre packaged with the software DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm monitor monitor cpp 94 e Value type Yes No e Default value Yes can_use_ssl Whether or not monitors of this type are capable of using SSL DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm monitor monitor cpp 78 e Value type Yes No e Default value No delay The minimum time between calls to a monitor e From products zxtm monitor monitor cpp 62 e Value type seconds
6. products zxtm lb settings cpp 1577 e Value type unsigned integer e Default value 2048 webcache min_size_accept_range If a page is stored in the cache the traffic manager will add the header Accept Ranges bytes to responses that are not chunked not compressed and exceed a certain size and do not have it yet This expert tunable specifies the minimum size a page has to have for the traffic manager to add the Accept Ranges header DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1655 e Value type unsigned integer e Default value 256 webcache normalize_query Enable normalization lexical ordering of the parameter assignments of the query string e From products zxtm lb settings cpp 1553 e Value type Yes No e Default value Yes webcache size The maximum size of the HTTP web page cache This is specified as either a percentage of system RAM 20 for example or an absolute size such as 200MB e From products zxtm lb settings cpp 1500 e Value type string e Default value 20 webcache url_store_keep_free Percentage of space to keep free in the URL store DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1678 e Value type unsigned integer e Default value 5 136 Brocade Virtual Traffic Manager Configuration System Guide conf sim Configuration Sections Key webcache url_store_ma
7. Configuration Sections typically have a file or directory entry under conf in this way When you add a new object of a particular type the Traffic Manager creates a new config text file with the same name and stores it under the corresponding sub directory For example it you create a new virtual server called myvirtualserver the Traffic Manager creates a new text file ZEUSHOME zxtm conf vservers myvirtualserver Each config file consists of lines of key value pairs separated by new line characters in the following format lt key gt lt value gt lt next value gt The key refers to some setting or feature and the value is the item or list of items applied to that key The key and value are separated by whitespace and where the value is actually a list each item is again separated by whitespace The key might be simple or compound Compound keys are used to group related settings together and consist of a common component and subsequent sub components separated by a Y character 6 Brocade Virtual Traffic Manager Configuration System Guide The Effect of Location Support when using Multi Site Cluster Management Introduction You can add comments into config files pre pended by the hash character The following is an example virtual server config file name on disk ZEUSHOME zxtm conf vservers Intranet that demonstrates all of the above features This is an example config file fo
8. The memory allocated for OCSP stapling was not large enough to store the responses for all configured certificates ocspstaplingrevoked An OCSP request for OCSP stapling reported that a certificate was revoked An OCSP request for a certificate to be used for OCSP stapling was successful but reported that the certificate was revoked The error log line contains the name of the certificate and the URL to which the request was made ocspstaplingunknown An OCSP request for OCSP stapling reported that a certificate was unknown An OCSP request for a certificate to be used for OCSP stapling was successful but reported that the certificate was unknown The error log line contains the name of the certificate and the URL to which the request was made ocspstaplingunrevoked An old but good OCSP response was returned for a revoked certificate An OCSP request for a certificate previously indicated that a certificate had been revoked but a recent response indicates that itis OK This may indicate an OCSP replay attack The error log line contains the name of the certificate and the URL to which the request was made restartrequired Software must be restarted to apply configuration changes running Software is running sslcrltoobig CRL does not fit in the configured amount of shared memory increase ssl crl_mem size and restart software timemovedback Time has been moved back This machin
9. log ssl_failures Should the virtual server log failures occurring on SSL secure negotiation e From products zxtm lb virtualserver cpp 519 e Value type Yes No e Default value No max_client_buffer The amount of memory in bytes that the virtual server should use to store data sent by the client Larger values will use more memory but will minimise the number of read and write system calls that the traffic manager must perform e From products zxtm lb virtualserver cpp 374 e Value type bytes e Default value 65536 Brocade Virtual Traffic Manager Configuration System Guide 151 Configuration Sections conf vservers Key max_server_buffer Description The amount of memory in bytes that the virtual server should use to store data returned by the server Larger values will use more memory but will minimise the number of read and write system calls that the traffic manager must perform e From products zxtm Ib virtualserver cpp 386 e Value type bytes e Default value 65536 max_transaction_duration The total amount of time a transaction can take counted from the first byte being received until the transaction is complete For HTTP this can mean all data has been written in both directions or the connection has been closed in most other cases it is the same as the connection being closed The default value of 0 means there is no maximum duration i e
10. products zxtm Ib settings cpp 352 e Value type seconds e Default value 30 notify max_attempts The number of times to attempt to send an alert email before giving up e From products zxtm lb settings cpp 363 e Value type unsigned integer e Default value 10 object_pool_size The size of the internal object cache This cache helps to speed up tcp handling DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1481 e Value type unsigned integer e Default value 100 ospfv2 area The OSPF area in which the traffic manager will operate May be entered in decimal or IPv4 address format e From products zxtm lb flipper_settings_keys cpp 163 e Value type string e Default value 0 0 0 1 ospfv2 area_type The type of OSPF area in which the traffic manager will operate This must be the same for all routers in the area as required by OSPF e From products zxtm lb flipper_settings_keys cpp 175 e Value type enumeration e Default value normal e Permitted values normal Normal area stub Stub area nssa Not So Stubby Area RFC3101 118 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key ospfv2 authentication_key_id_a Description OSPF v2 authentication key ID If set to 0 which is the default value the key is disabled e From products zxtm lb flippe
11. products zxtm flipper config cpp 370 e Requires mode is set to rhi e Value type unsigned integer e Default value 10 Brocade Virtual Traffic Manager Configuration System Guide 47 Configuration Sections conf groups Key Description rhi_ospfv2_metric_base The base OSPF v2 routing metric for this Traffic IP group This is the advertised routing cost for the active traffic manager in the cluster It can be used to set up inter cluster failover e From products zxtm flipper config cpp 332 e Requires mode is set to rhi e Value type unsigned integer e Default value 10 rhi_ospfv2_passive_metric_offset The OSPFv2 routing metric offset for this Traffic IP group This is the difference between the advertised routing cost for the active and passive traffic manager in the cluster e From products zxtm flipper config cpp 345 e Requires mode is set to rhi e Value type unsigned integer e Default value 10 rhi_protocols A list of protocols to be used for RHI Currently must be ospf or bgp or both The default if empty is ospf which means that it is not possible to specify no protocol e From products zxtm flipper config cpp 320 e Requires mode is set to rhi e Value type string e Default value ospf slaves A list of traffic managers that are in passive mode This means that in a fully working environment they will not have any traffic IP addresses as
12. The default gateway e From products zxtm lb config cpp 823 e Value type string e Default value lt none gt appliance gateway6 The default IPv6 gateway e From products zxtm Tb config cpp 832 e Value type string e Default value lt none gt appliance hostname Name hostname domainname of the appliance e From products zxtm lb config cpp 807 e Value type string e Default value lt none gt appliance hosts Static host name entries to be placed in the etc hosts file The asterisk in the key name is the host name the value is the IP address e From products zxtm lb config cpp 988 e Value type string e Default value lt none gt appliance if lautoneg Enable or disable auto negotiation for an interface the interface name is used in place of the asterisk e From products zxtm lb config cpp 741 e Value type Yes No e Default value lt none gt appliancelif bmode Trunking mode only 802 3ad is currently supported DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib config cpp 760 e Value type enumeration e Default value lt none gt e Permitted values 802 3ad IEEE 802 3ad balance alb Adaptive Load Balancing appliancelif bond Make this interface a member of the specified trunk DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 751 e Value type st
13. conf vservers Configuration Sections Key syslog ipendpoint Description The remote host and port default is 514 to send request log lines to e From products zxtm lb virtualserver cpp 1944 e Requires syslog enabled is set to Yes e Value type string e Default value lt none gt syslog msg_len_limit Maximum length in bytes of a message sent to the remote syslog Messages longer than this will be truncated before they are sent e From products zxtm lb virtualserver cpp 1956 e Requires syslog enabled is set to Yes e Value type unsigned integer e Default value 1024 timeout A connection should be closed if no additional data has been received for this period of time A value of 0 zero will disable this timeout Note that the default value may vary depending on the protocol selected e From products zxtm lb virtualserver cpp 469 e Value type seconds e Default value 300 transparent Whether or not bound sockets should be configured for transparent proxying e From products zxtm lb virtualserver cpp 2085 e Value type Yes No e Default value No udp_endpoint_persistence Whether or not UDP datagrams from the same IP and port are sent to the same node in the pool if there s an existing UDP transaction Although it s not always guaranteed as while making a decision to reuse the same node traffic manager can also apply other protocol spe
14. e From products zxtm lb settings cpp 2330 e Value type string e Default value 1MB ssllocsp_stapling minimum_refre sh_interval The minimum number of seconds to wait between OCSP requests for the same certificate DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2303 e Value type seconds e Default value 10 ssllocsp_stapling prefetch The number of seconds before an OCSP response is stale to make a new OCSP request DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2311 e Value type seconds e Default value 30 ssllocsp_stapling time_tolerance How many seconds to allow the current time to be outside the validity time of an OCSP response before considering it invalid e From products zxtm lb settings cpp 2270 e Value type seconds e Default value 30 ssl ocsp_stapling verify_response Whether the OCSP response signature should be verified before the OCSP response is cached e From products zxtm lb settings cpp 2261 e Value type Yes No e Default value No ssl prevent_timing_side_channel s Take performance degrading steps to prevent exposing timing side channels with SSL3 and TLS e From products zxtm lb settings cpp 2137 e Value type Yes No e Default value No ssl signature_algorithms The SSL signature algorithms preference list for SSL connect
15. DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib global_cfg_keys cpp 53 e Value type string e Default value lt none gt ec2 instanceid The EC2 instance ID of this EC2 virtual appliance should be set when the appliance is first booted Not required for non EC2 systems DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb global_cfg_keys cpp 42 e Value type string e Default value lt none gt ec2 trafficips public_enis List of MAC addresses of interfaces which the traffic manager can use to associate the EC2 elastic IPs Traffic IPs to the instance e From products zxtm lb global_cfg_keys cpp 97 e Value type list e Default value lt none gt ec2 vpcid The ID of the VPC the instance is in should be set when the appliance is first booted Not required for non VPC EC2 or non EC2 systems DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib global_cfg_keys cpp 65 e Value type string e Default value lt none gt externalip This is the optional external ip of the traffic manager which is used to circumvent natting when traffic managers in a cluster span different networks e From products zxtm Ib config cpp 1266 e Value type string e Default value lt none gt flipper bgp_router_id The BGP router id If set to empty then the IPv4 address used to communicate with the default IPv4 gateway is used instead
16. Specifying 0 0 0 0 will stop the traffic manager routing software from running the BGP protocol e From products zxtm flipper config cpp 628 e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 177 Configuration Sections conf zxtms Key flipper ospfv2_ip Description The traffic manager s permanent IPv4 address which the routing software will use for peering and transit traffic and as its OSPF router ID If set to empty then the address used to communicate with the default IPv4 gateway is used instead Specifying 0 0 0 0 will stop the traffic manager routing software from running the OSPF protocol e From products zxtm flipper config cpp 614 e Value type string e Default value lt none gt flipper ospfv2_neighbor_addrs The IP addresses of routers which are expected to be found as OSPFv2 neighbors of the traffic manager A warning will be reported if some of the expected routers are not peered and an error will be reported if none of the expected routers are peered An empty list disables monitoring The special value gateway is a placeholder for the default gateway e From products zxtm lb config cpp 494 e Value type list e Default value gateway flipper rhi_support This key does nothing DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 468 e Value type Yes
17. Yes appliance managebootloader Whether or not the software manages the system bootloader s password e From products zxtm lb config cpp 591 e Value type Yes No e Default value Yes appliance managecron Whether or not the software manages the system s cronjobs to ensure they are running as the correct user e From products zxtm Tb config cpp 584 e Value type Yes No e Default value Yes appliance manageec2conf Whether or not the software manages the EC2 config e From products zxtm Ib global_cfg_keys cpp 85 e Value type Yes No e Default value Yes appliance managegateway Whether or not the software manages the system s gateway configuration e From products zxtm lb config cpp 814 e Value type Yes No e Default value Yes appliance managehostname Whether or not the software manages the system s hostname e From products zxtm lb config cpp 798 e Value type Yes No e Default value Yes Brocade Virtual Traffic Manager Configuration System Guide 169 Configuration Sections conf zxtms Key appliance managehosts Description Whether or not the software manages the system s etc hosts file e From products zxtm lb config cpp 975 e Value type Yes No e Default value Yes appliance manageif Whether or not the software manages system s network interfaces e From products zxtm lb config cp
18. e Default value 1024 ssl ssI3_diffie_hellman_key_lengt h The length in bits of the Diffie Hellman key for ciphers that use Diffie Hellman key agreement e From products zxtm lb settings cpp 2173 e Value type enumeration e Default value 2048 e Permitted values 1024 1024 2048 2048 3072 3072 4096 4096 ssl ss 3_min_rehandshake_interv al If SSL3 TLS re handshakes are supported this defines the minimum time interval in milliseconds between handshakes on a single SSL3 TLS connection that is permitted To disable the minimum interval for handshakes the key should be set to the value 0 e From products zxtm lb settings cpp 2127 e Value type unsigned integer e Default value 1000 Brocade Virtual Traffic Manager Configuration System Guide 127 Configuration Sections conf settings cfg Key ssllsupport_ssl2 Description Whether or not SSL2 support is enabled e From products zxtm lb settings cpp 1997 e Requires fips enabled is set to Yes e Value type Yes No e Default value No ssl support_ssl3 Whether or not SSL3 support is enabled e From products zxtm Ib settings cpp 2006 e Requires fips enabled is set to Yes e Value type Yes No e Default value No ssl support_tls1 Whether or not TLS1 0 support is enabled e From products zxtm Ib settings cpp 2011 e Value type Yes No e Default value Yes ssl supp
19. e Default value 3 64 Brocade Virtual Traffic Manager Configuration System Guide conf monitors Configuration Sections Key editable_keys Description Which of the monitor s configuration keys may be edited via the Admin Server UL DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm monitor catalog_monitor_entry cpp 96 e Value type string e Default value lt none gt factory Whether or not this monitor is provided as part of the software release DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm monitor catalog_monitor_entry cpp 51 e Value type Yes No e Default value No failures The number of times in a row that a node must fail execution of the monitor before itis classed as unavailable e From products zxtm monitor monitor cpp 46 e Value type unsigned integer e Default value 3 health_only Should this monitor only report health ignore load e From products zxtm monitor monitor cpp 114 e Value type Yes No e Default value No machine The machine to monitor where relevant this should be in the form lt hostname gt lt port gt for ping monitors the lt port gt part must not be specified e From products zxtm monitor poolwide_monitor_entry cpp 43 e Requires scope is set to poolwide e Value type string e Default value lt none gt max_response_len The maximum amount of data to
20. e From products zxtm lb pool_config cpp 362 e Value type seconds e Default value 10 smtp send_starttls If we are encrypting traffic for an SMTP connection should we upgrade to SSL using STARTTLS e From products zxtm lb pool_config cpp 695 e Value type Yes No e Default value Yes 80 Brocade Virtual Traffic Manager Configuration System Guide conf pools Configuration Sections Key ssl_ciphers Description The SSL TLS ciphers to allow for connections to a back end node Leaving this empty will make the pool use the globally configured ciphers see configuration key ssl ss 3_ciphers in the Global Settings section of the System tab See there for how to specify SSL TLS ciphers e From products zxtm lb pool_config cpp 492 e Value type string e Default value lt none gt ssl_client_auth Whether or not a suitable certificate and private key from the SSL Client Certificates catalog be used if the back end server requests client authentication e From products zxtm lb pool_config cpp 676 e Value type Yes No e Default value No ssl_common_name_match A list of names against which the common name of the certificate is matched these names are used in addition to the node s hostname or IP address as specified in the config file or added by the autoscaler process e From products zxtm lb pool_config cpp 653 e Value type list e Defau
21. e Requires appliance shim mode is set to portal local case insensitive e Value type string e Default value lt none gt 172 Brocade Virtual Traffic Manager Configuration System Guide conf zxtms Configuration Sections Key Description appliance shim enabled Enable the Riverbed Cloud SteelHead discovery agent on this appliance e From products zxtm lb config cpp 1075 e Value type Yes No e Default value No appliance shim ips The IP addresses of the Riverbed Cloud SteelHeads to use as a space or comma separated list If using priority load balancing this should be in ascending order of priority highest priority last e From products zxtm Ib config cpp 1198 e Requires appliance shim mode is set to manual e Value type string e Default value lt none gt appliance shim load_balance The load balancing method for selecting a Riverbed Cloud SteelHead appliance e From products zxtm lb config cpp 1183 e Requires appliance shim mode is set to manual e Value type enumeration e Default value round_robin e Permitted values round_robin Round Robin priority Priority appliance shim log_ level The minimum severity that the discovery agent will record to its log e From products zxtm lb config cpp 1091 e Value type enumeration e Default value 5 e Permitted values 2 Critical 3 Serious 4 Warning 5 Notice 6 Info 7 Debug appli
22. e Value type seconds e Default value 60 Additional keys used when type is program or email verbose Enable or disable verbose logging for this action e From products zxtm eventd script_handler cpp 81 e Requires type is set to program or email e Value type Yes No e Default value No Additional keys used when type is soap Brocade Virtual Traffic Manager Configuration System Guide 11 Configuration Sections conf actions Key additional Description Additional information to send with the SOAP call e From products zxtm eventd soap_handler cpp 43 e Requires type is set to soap e Value type string e Default value lt none gt password The password for HTTP basic authentication e From products zxtm eventd soap_handler cpp 66 e Requires type is set to soap e Value type password e Default value lt none gt proxy The address of the server implementing the SOAP interface For example https example com e From products zxtm eventd soap_handler cpp 31 e Requires type is set to soap e Value type string e Default value lt none gt username Username for HTTP basic authentication Leave blank if you do not wish to use authentication e From products zxtm eventd soap_handler cpp 54 e Requires type is set to soap e Value type string e Default value lt none gt
23. pool Description Pool of a many to one overload type NAT rule e From products zxtm Ib nat_conf cpp 96 e Value type string e Default value lt none gt many_to_one_overload tip TIP Group of a many to one overload type NAT rule e From products zxtm Ib nat_conf cpp 105 e Value type string e Default value lt none gt many_to_one_port_locked pool Pool of a many to one port locked type NAT rule e From products zxtm lb nat_conf cpp 62 e Value type string e Default value lt none gt many_to_one_port_locked port Port number of a many to one port locked type NAT rule e From products zxtm Ib nat_conf cpp 78 e Value type unsigned integer e Default value lt none gt 14 Brocade Virtual Traffic Manager Configuration System Guide conf appliance nat cfg Configuration Sections Key many_to_one_port_locked prot ocol Description Protocol of a many to one port locked type NAT rule e From products zxtm Ib nat_conf cpp 70 e Value type enumeration e Default value lt none gt e Permitted values tcp TCP udp UDP udplite UDPLITE sctp SCTP icmp ICMP many_to_one_port_locked tip TIP Group of a many to one port locked type NAT rule e From products zxtm lb nat_conf cpp 87 e Value type string e Default value lt none gt one_to_one enable_inbound Enabling the inbound part of a one to one type N
24. 140 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections Key user trafficscript_editor Description Use the advanced TrafficScript editor when modifying rules This adds automatic line numbering syntax highlighting and indentation e From products zxtm lb balancer cpp 287 e Value type Yes No e Default value Yes user use_applet Enable the Admin Server UI traffic monitoring applet e From products zxtm lb balancer cpp 270 e Value type Yes No e Default value Yes conf vservers The conf vservers directory contains configuration files that define virtual servers The name of a file is the name of the virtual server it defines Virtual servers can be configured under the Services gt Virtual Servers section of the Admin Server Ul or by using functions under the VirtualServer section of the SOAP API and CLL Key add_cluster_ip Description Whether or not the virtual server should add an X Cluster Client Ip header to the request that contains the remote client s IP address e From products zxtm lb virtualserver cpp 563 e Value type Yes No e Default value Yes add_x_forwarded_for Whether or not the virtual server should append the remote client s IP address to the X Forwarded For header If the header does not exist it will be added e From products zxtm lb virtualserver cpp 574 e Val
25. This is used when recording unique URLs to provide request affinity where the same request is sent to the same node DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb pool_config cpp 261 e Value type unsigned integer e Default value 2047 76 Brocade Virtual Traffic Manager Configuration System Guide conf pools Configuration Sections Key load_balancing algorithm Description The load balancing algorithm that this pool uses e From products zxtm lb pool_config cpp 117 e Value type enumeration e Default value roundrobin e Permitted values roundrobin Round Robin wroundrobin Weighted Round Robin cells Perceptive connections Least Connections wconnections Weighted Least Connections responsetimes Fastest Response Time random Random Node load_balancing cells connection_ bias This indicates the value of existing connections to a back end As the value of this tunable increases balancing tends away from response times towards balancing by least number of connections to each back end DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb pool_config cpp 150 e Value type unsigned integer e Default value 15 load_balancing cells min_cells Minimum granularity of cells If the fair share number of cells for a single node drops below this value the cells array is re calculated A value of 20 gives 5 precision in the display of backend ser
26. Traffic IP Groups gt Networking Permitted values none ro or full Brocade Virtual Traffic Manager Configuration System Guide 55 Configuration Sections conf groups Key Virtual_Servers Description Virtual Servers Permitted values none ro or full Virtual_Servers Edit Virtual Servers gt Edit Permitted values none ro or full Virtual_Servers Edit A ptimizer_S ettings Virtual Servers gt Edit gt Aptimizer Permitted values none ro or full Virtual_Servers Edit Classes Virtual Servers gt Edit gt Classes Permitted values none ro or full Virtual_Servers Edit Request_Tra cing Virtual Servers gt Edit gt Connection Analytics Permitted values none ro or full Virtual_Servers Edit Connection_ Management Virtual Servers gt Edit gt Connection Management Permitted values none ro or full Virtual_Servers Edit Content_Ca ching Virtual Servers gt Edit gt Content Caching Permitted values none ro or full Virtual_Servers Edit Content_Co mpression Virtual Servers gt Edit gt Content Compression Permitted values none ro or full Virtual_Servers Edit DNS_Server Virtual Servers gt Edit gt DNS Server Permitted values none ro or full Virtual_Servers Edit Kerberos_Pr otocol_Transition Virtual Servers gt Edit gt Kerberos Protocol Transition Permitted values none ro or full
27. Yes appliance manageusers Whether or not the software manages system users If enabled then users in the software s admin group will be able to log into the system as a local admin user with root privileges and the local root user will have its password kept in sync with the software s admin user e From products zxtm lb config cpp 1035 e Value type Yes No e Default value Yes appliance managevpcconf Whether or not the software manages the EC2 VPC secondary IPs e From products zxtm lb global_cfg_keys cpp 78 e Value type Yes No e Default value Yes Brocade Virtual Traffic Manager Configuration System Guide 171 Configuration Sections conf zxtms Key appliance nameservers Description The IP addresses of the nameservers the appliance should use and place in etc resolv conf e From products zxtm lb config cpp 853 e Value type string e Default value lt none gt appliance ntpservers The NTP servers the appliance should use to synchronize its clock e From products zxtm lb config cpp 669 e Value type string e Default value 0 vyatta pool ntp org 1 vyatta pool ntp org 2 vyatta pool ntp org 3 vyatta pool ntp org appliance routes gw One of the keys used to specify a route The IP of the route destination is used in place of the asterisk and the value is the gateway IP to configure for the route See also appliance routes ma
28. Yes java lib Java library directory for additional jar files The Java runner will load classes from any jar files stored in this directory as well as the jar files and classes stored in traffic manager s catalog e From products zxtm lb settings cpp 2626 e Value type string e Default value lt none gt java max_conns Maximum number of simultaneous Java requests If there are more than this many requests then further requests will be queued until the earlier requests are completed This setting is per CPU so if your traffic manager is running on a machine with 4 CPU cores then each core can make this many requests at one time e From products zxtm lb settings cpp 2612 e Value type unsigned integer e Default value 256 java session_age Default time to keep a Java session e From products zxtm Ib settings cpp 2601 e Value type seconds e Default value 86400 kerberos timeout The period of time after which an outstanding Kerberos operation will be cancelled generating an error for dependent operations DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb kerberos_settings_keys cpp 36 e Value type seconds e Default value 20 kerberos verbose Whether or not a traffic manager should log all Kerberos related activity This is very verbose and should only be used for diagnostic purposes e From products zxtm lb kerberos_settings
29. cache SSL sessions to help speed up SSL handshakes when performing SSL decryption To turn off SSL session resumption set this key to the value 0 Each entry will allocate approximately 1 5kB of metadata e From products zxtm lb settings cpp 2210 e Value type unsigned integer e Default value 6151 ssl crl_mem size How much shared memory to allocate for loading Certificate Revocation Lists This should be at least 3 times the total size of all CRLs on disk This is specified as either a percentage of system RAM 1 for example or an absolute size such as 10MB e From products zxtm lb settings cpp 2348 e Value type string e Default value 5MB ssl disable_stitched_cbc_hmac Enable or disable use of stitched CBC HMAC mode ciphers DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2143 e Value type Yes No e Default value No ssl elliptic_curves The SSL elliptic curve preference list for SSL connections using TLS version 1 0 or higher unless overridden by virtual server or pool settings For information on supported curves see the online help e From products zxtm lb settings cpp 2079 e Value type string e Default value lt none gt 124 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key ssl honor_fallback_scsv Description Whether or not ssl decrypting Virtual
30. e From products zxtm lb config cpp 369 e Value type string e Default value snmp community The community string required for SNMPv1 and SNMPv2c commands If empty all SNMPv1 and SNMPv2c commands will be rejected e From products zxtm lb config cpp 303 e Value type string e Default value public snmp enabled Whether or not the SNMP command responder service should be enabled on this traffic manager e From products zxtm lb config cpp 274 e Value type Yes No e Default value No snmp hash_alg The hash algorithm for authenticated SNMPv3 communications e From products zxtm lb config cpp 335 e Requires snmp security_level is set to authNoPriv e Value type enumeration e Default value md5 e Permitted values md5 MD5 shal SHA 1 snmp port The port the SNMP command responder service should listen on The value default denotes port 161 if the software is running with root privileges and 1161 otherwise e From products zxtm lb config cpp 294 e Value type string e Default value default snmp priv_password The privacy password Required minimum length 8 bytes if snmp security_level includes privacy message encryption e From products zxtm lb config cpp 357 e Requires snmp security_level is set to authPriv e Value type password e Default value lt none gt 182 Brocade Virtual Traffic Manager Confi
31. e From products zxtm eventd log_handler cpp 40 e Requires type is set to log e Value type string e Default value lt none gt Additional keys used when type is program arg An argument to pass to the program For example to specify that the argument foo bar should be passed to the program executed by this action you would set a key arg foo to the value bar e From products zxtm eventd script_handler cpp 56 e Requires type is set to program e Value type string e Default value lt none gt describe A description for an argument provided to the program this is used only for display purposes in the Admin Server UI To give a description to the foo example for arg above you would set the description text as the value for the key description foo e From products zxtm eventd script_handler cpp 73 e Requires type is set to program e Value type string e Default value lt none gt program The program to run e From products zxtm eventd script_handler cpp 39 e Requires type is set to program e Value type string e Default value lt none gt Additional keys used when type is program email or soap timeout How long the action can run for before it is stopped automatically set to 0 to disable timeouts e From products zxtm eventd script_handler cpp 91 e Requires type is set to program email or soap
32. e Value type seconds e Default value 5 log time The minimum time between log messages for log intensive features such as SLM e From products zxtm lb settings cpp 1271 e Value type seconds e Default value 60 login_banner Banner text displayed on the Admin Server login page and before logging in to appliance SSH servers e From products zxtm lb settings cpp 618 e Value type string e Default value lt none gt login_delay The number of seconds before another login attempt can be made after a failed attempt e From products zxtm lb settings cpp 669 e Value type seconds e Default value 4 max_idle_ connections The maximum number of unused HTTP keepalive connections with back end nodes that the traffic manager should maintain for re use Setting this to 0 zero will cause the traffic manager to auto size this parameter based on the available number of file descriptors e From products zxtm lb settings cpp 1164 e Value type unsigned integer e Default value 0 max_login_attempts The number of sequential failed login attempts that will cause a user account to be suspended Setting this to O disables this feature To apply this to users who have never successfully logged in track_unknown_users must also be enabled e From products zxtm lb settings cpp 687 e Value type unsigned integer e Default value 0 116 Brocade Virt
33. transactions can take arbitrarily long if none of the other timeouts occur e From products zxtm Ib virtualserver cpp 499 e Value type seconds e Default value 0 mime default Auto correct MIME types if the server sends the default MIME type for files e From products zxtm lb virtualserver cpp 607 e Value type string e Default value text plain mime detect Auto detect MIME types if the server does not provide them e From products zxtm lb virtualserver cpp 595 e Value type Yes No e Default value No note A description for the virtual server e From products zxtm lb virtualserver cpp 154 e Value type string e Default value lt none gt pool The default pool to use for traffic e From products zxtm lb virtualserver cpp 190 e Value type string e Default value lt none gt port The port on which to listen for incoming connections e From products zxtm lb virtualserver cpp 131 e Value type unsigned integer e Default value lt none gt private_key The SSL private key e From products zxtm lb virtualserver cpp 1286 e Requires ssl_decrypt is set to Yes e Value type string e Default value lt none gt 152 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections Key Description protection The service protection class that should be us
34. 40 parent_timeout Timeout for connections to the AMP port DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 820 e Value type seconds e Default value 60 Brocade Virtual Traffic Manager Configuration System Guide 119 Configuration Sections conf settings cfg Key password_changes_per_day Description The maximum number of times a password can be changed in a 24 hour period Set to 0 to disable this restriction e From products zxtm lb settings cpp 2712 e Value type unsigned integer e Default value 0 password_reuse_after The number of times a password must have been changed before it can be reused Set to 0 to disable this restriction e From products zxtm lb settings cpp 2726 e Value type unsigned integer e Default value 0 periodic_log enabled Enable periodic logging DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 3084 e Value type Yes No e Default value Yes periodic_log interval Time interval in seconds for periodic logging DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 3092 e Value type unsigned integer e Default value 600 periodic_log max_archive_set_si Ze Maximum size in MBytes for the archive periodic logs When combined size of the archives exceeds this value the oldest archives will be deleted Set to 0
35. Additional keys used when type is syslog syslog_msg_len_limit Maximum length in bytes of a message sent to the remote syslog Messages longer than this will be truncated before they are sent e From products zxtm eventd syslog_handler cpp 40 e Requires type is set to syslog e Value type unsigned integer e Default value 1024 sysloghost The host and optional port to send syslog messages to if empty messages will be sent to localhost e From products zxtm eventd syslog_handler cpp 28 e Requires type is set to syslog e Value type string e Default value lt none gt Additional keys used when type is trap 12 Brocade Virtual Traffic Manager Configuration System Guide conf actions Configuration Sections Key community Description The community string to use when sending a Trap over SNMPv1 or a Notify over SNMPv2c e From products zxtm eventd trap_handler cpp 40 e Requires type is set to trap e Value type string e Default value lt none gt snmp auth_password The authentication password for sending a Notify over SNMPv3 Blank to send unauthenticated traps e From products zxtm eventd trap_handler cpp 88 e Requires type is set to trap e Value type password e Default value lt none gt snmp hash_alg The hash algorithm for SNMPv3 authentication e From products zxtm eventd trap_handler cpp 109 e Requi
36. Application Firewall XML Master port this port is used on all IP addresses e From products zxtm lb config cpp 1388 e Value type unsigned integer e Default value 0 adminServerPort The Application Firewall Administration Server port this portis only open on localhost e From products zxtm lb config cpp 1418 e Value type unsigned integer e Default value 0 adminSlaveXMLIP The Application Firewall slave XML IP e From products zxtm lb config cpp 1486 e Value type string e Default value 0 0 0 0 adminSlaveXMLPort The Application Firewall XML Slave port this port is used on all IP addresses e From products zxtm lb config cpp 1402 e Value type unsigned integer e Default value 0 aod magic fixed decider base port The base port from which the Application Firewall decider processes should run Ports will be used sequentially above this for each additional decider process that runs e From products zxtm lb config cpp 1341 e Value type unsigned integer e Default value 0 166 Brocade Virtual Traffic Manager Configuration System Guide conf zxtms Configuration Sections Key appliance enabled Description Whether or not appliance features are enabled DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 569 e Value type Yes No e Default value Yes appliance gateway
37. CPU s for other processes running on the host system e From products zxtm lb config cpp 120 e Value type unsigned integer e Default value 0 numberOfCPUs The number of Application Firewall decider process to run e From products zxtm lb config cpp 1324 e Value type unsigned integer e Default value 0 replicate_config_log_max The size in kb of the config replication log before it gets truncated A zero value implies no truncation takes place DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 1285 e Value type unsigned integer e Default value 5120 180 Brocade Virtual Traffic Manager Configuration System Guide conf zxtms Configuration Sections Key replicate_config_truncate_size Description The size in kb the config replication log will get truncated to DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 1293 e Value type unsigned integer e Default value 1 rest bindips A list of IP Addresses which the REST API will listen on for connections The list should contain IP addresses IPv4 or IPv6 or a single entry containing an asterisk This indicates that the REST API should listen on all IP Addresses e From products zxtm lb config cpp 213 e Value type list mn e Default value rest port The port on which the REST API should listen for requests e
38. LDAP e Value type string e Default value lt none gt Idap port The port to connect to the LDAP server on e From Zeus Authen LDAP pm 335 e Requires auth type is set to LDAP e Value type unsigned integer e Default value 389 Idap searchdn The bind DN Distinguished Name to use when searching the directory for a user s bind DN You can leave this blank if it is possible to perform the bind DN search using an anonymous bind e From Zeus Authen LDAP pm 403 e Requires auth type is set to LDAP e Value type string e Default value lt none gt Idap searchpass If binding to the LDAP server using ldap searchdn requires a password enter it here e From Zeus Authen LDAP pm 416 e Requires auth type is set to LDAP e Value type password e Default value lt none gt Idap server The IP or hostname of the LDAP server e From Zeus Authen LDAP pm 323 e Requires auth type is set to LDAP e Value type string e Default value lt none gt Idap timeout Connection timeout in seconds e From Zeus Authen LDAP pm 346 e Requires auth type is set to LDAP e Value type unsigned integer e Default value 30 Additional keys used when type is RADIUS 20 Brocade Virtual Traffic Manager Configuration System Guide conf auth Configuration Sections Key radius fallbackgroup Description If no group is found using the vendor and group identifiers or the group
39. MIME types can be used or a type can end in a to match multiple types e From products zxtm lb virtualserver cpp 1248 e Value type list e Default value text html text plain gzip maxsize Maximum document size to compress 0 means unlimited e From products zxtm lb virtualserver cpp 1217 e Value type bytes e Default value 10000000 gzip minsize Minimum document size to compress e From products zxtm lb virtualserver cpp 1209 e Value type bytes e Default value 1000 gzip nosize Compress documents with no given size e From products zxtm lb virtualserver cpp 1223 e Value type Yes No e Default value Yes 146 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections Key http2 connect_timeout Description The time in seconds to wait for a request on a new HTTP 2 connection If no request is received within this time the connection will be closed This setting overrides the connect_timeout setting If set to 0 zero the value of connect_timeout will be used instead e From products zxtm Ib virtualserver cpp 726 e Value type unsigned integer e Default value 0 http2 data_frame_size This setting controls the preferred frame size used when sending body data to the client If the client specifies a smaller maximum size than this setting the client s maximum size will be used Every da
40. Management on page 7 Purpose of this Guide This guide describes the configuration system structure of Brocade Virtual Traffic Manager Brocade intends this guide to be used by users wanting to manually manipulate the configuration system of the Traffic Manager and in particular users of the zconf command line utility The Traffic Manager is available in a variety of software and appliance configurations All configurations share the same core Traffic Manager software but different variants can provide different levels of functionality depending on the enabling license key Chapter 2 Configuration Sections lists each configuration section present in the core software irrespective of license key including a brief summary of its purpose and a table of any available configuration keys Each key is displayed with its description and a list of its attributes Such attributes include the key type and default value Consider the following restrictions on each key If no default value is given then a value MUST be specified for the key Some values are picked tuned at install so may not be the specified default file names must not contain certain illegal characters _ or any control characters Newlines cannot be used in key values Some keys have certain dependencies A requires attribute is displayed where this is the case This manual describes the configuration for version 10 2 Brocade Virtual
41. Yod a monitors The monitors that are present in a location e From products zxtm lb fqdn cpp 236 e Value type list e Default value lt none gt peer_health_timeout Peer reported monitor state timeout in seconds DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb fqdn cpp 264 e Value type unsigned integer e Default value 10 return_ips_on fail Return all or none of the IPs under complete failure e From products zxtm lb fqdn cpp 183 e Value type Yes No e Default value Yes rules Response rules to be applied in the context of the service in order comma separated e From products zxtm lb fqdn cpp 320 e Value type list e Default value lt none gt ttl The TTL for the DNS resource records handled by the GLB service e From products zxtm lb fqdn cpp 207 e Value type int e Default value 1 conf servlets The conf servlets directory contains configuration files for Java Extension servlets If there are any parameters configured for a Java servlet this configuration is stored in this directory in a file with the same name as the full name of the servlet Servlet parameters are configured by clicking on the servlet name in the Catalogs gt Java section of the Admin Server Ul of by using the various Properties functions in the Catalog JavaExtensions section of the SOAP API and CLI Key Description
42. are present in a location If the Global Load Balancer decides to direct a DNS query to this location then it will filter out all IPs that are not in this list e From products zxtm lb fqdn cpp 90 e Value type list e Default value lt none gt location_order The locations this service operates for and defines the order in which locations fail e From products zxtm lb fqdn cpp 132 e Value type list e Default value lt none gt log always_flush Write log data to disk immediately rather than buffering data DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb fqdn cpp 302 e Value type Yes No e Default value No log enabled Log connections to this GLB service e From products zxtm lb fqdn cpp 273 e Value type Yes No e Default value No log filename The filename the verbose query information should be logged to Appliances will ignore this e From products zxtm lb fqdn cpp 285 e Requires log enabled is set to Yes e Value type string e Default value zeushome zxtm log services g log 92 Brocade Virtual Traffic Manager Configuration System Guide conf servlets Configuration Sections Key log format Description The format of the log lines e From products zxtm lb fqdn cpp 296 e Requires log enabled is set to Yes e Value type string e Default value t s l q g Yon
43. cpp 881 e Value type Yes No e Default value Yes appliance ssh passwordallowed Whether or not the SSH server allows password based login e From products zxtm lb config cpp 899 e Value type Yes No e Default value Yes appliance ssh port The port that the SSH server should listen on e From products zxtm lb config cpp 890 e Value type unsigned integer e Default value 22 appliance sysctl description Comments for user specified sysctl keys DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 1229 e Value type string e Default value lt none gt appliance sysctl value User specified sysctl values for sysctl keys DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 1219 e Value type string e Default value lt none gt 174 Brocade Virtual Traffic Manager Configuration System Guide conf zxtms Configuration Sections Key appliance timezone Description The timezone the appliance should use This must be a path to a timezone file that exists under usr share zoneinfo e From products zxtm lb config cpp 651 e Value type string e Default value US Pacific appliance vlans The VLANs the software should raise A VLAN should be configured using the format lt dev gt lt vlanid gt where lt dev gt is the name of a network device that exists in the host system
44. eth0 100 for example e From products zxtm lb config cpp 1050 e Value type list e Default value lt none gt authenticationServerIP The Application Firewall Authentication Server IP e From products zxtm lb config cpp 1498 e Value type string e Default value 0 0 0 0 autodiscover product_id This key overrides the product ID used by traffic manager instances to discover each other when clustering Traffic managers will only discover each other if their product IDs are the same and their versions are compatible DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 261 e Value type string e Default value ZXTM bind_one If set to Yes all connections to a given IP will always be handled by the same software process DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 424 e Value type Yes No e Default value No cloud_platform Cloud platform where the traffic manager is running e From products zxtm lb config cpp 1239 e Value type string e Default value lt none gt control bindip The IP address that the software should bind to for internal administration communications See also controlport If the software is not part of a cluster the default is to use 127 0 0 1 and there should be no reason to touch this setting If the software is part of a cluster then the default is to listen on all raised I
45. eventd handleraction cpp 64 e Value type Yes No e Default value No type The action type e From products zxtm eventd handleraction cpp 46 e Value type enumeration e Default value lt none gt e Permitted values email E Mail log Log to File syslog Log to Syslog program Program trap SNMP Notify or Trap soap SOAP Callback Additional keys used when type is email from The e mail address from which messages will appear to originate e From products zxtm eventd email_handler cpp 33 e Requires type is set to email e Value type string e Default value vVTM hostname server The SMTP server to which messages should be sent This must be a valid IPv4 address or resolvable hostname with optional port e From products zxtm eventd email_handler cpp 62 e Requires type is set to email e Value type string Default value lt none gt to A list of e mail addresses to which messages will be sent From products zxtm eventd email_handler cpp 45 e Requires type is set to email e Value type string Default value lt none gt Additional keys used when type is log 10 Brocade Virtual Traffic Manager Configuration System Guide conf actions Configuration Sections Key file Description The full path of the file to log to The text zeushome will be replaced with the location where the software is installed
46. expected response time of the nodes in ms This time is used as a reference when deciding whether a node s response time is conforming All responses from all the nodes will be compared to this reference and the percentage of conforming responses is the base for decisions about scaling the pool up or down e From products zxtm lb pool_config cpp 871 e Requires autoscale enabled issetto yes e Value type unsigned integer e Default value 1000 autoscale scaledown_level The fraction in percent of conforming requests above which the pool size is decreased If the percentage of conforming requests exceeds this value the pool is scaled down e From products zxtm lb pool_config cpp 891 e Requires autoscale enabled issetto yes e Value type unsigned integer e Default value 95 autoscale scaleup_level The fraction in percent of conforming requests below which the pool size is increased If the percentage of conforming requests drops below this value the pool is scaled up e From products zxtm lb pool_config cpp 881 e Requires autoscale enabled issetto yes e Value type unsigned integer e Default value 40 autoscale securitygroupids List of security group IDs to associate to the new EC2 instance e From products zxtm Ib pool_config cpp 938 e Requires autoscale enabled issetto yes e Value type list e Default value lt none gt autoscale sizeid The identifier for
47. gt Join a cluster Permitted values none ro or full Wizard NewService Wizard gt Manage a new service Permitted values none ro or full Wizard ReactivateNode Wizard gt Reactivate a node Permitted values none ro or full Wizard RemoveNode Wizard gt Remove a node Permitted values none ro or full Wizard Restore Wizard gt Restore from a backup Permitted values none ro or full Wizard SSLDecryptService Wizard gt SSL Decrypt a service Permitted values none ro or full 60 Brocade Virtual Traffic Manager Configuration System Guide conf jars Configuration Sections conf jars The conf jars directory contains files for TrafficScript Java Extensions This includes items such as jar and class files that provide servlets and their dependencies as well as data files for general use by Java Extensions The files in this directory can be managed using the Catalogs gt Java section of the Admin Server Ul and the Catalog JavaExtension section of the SOAP API and CLI Key Description There are no items to display for this configuration type conf kerberos keytabs The conf kerberos keytabs directory contains Kerberos keytab files that contain credentials for Kerberos principals the traffic manager will use to perform Kerberos operations Kerberos keytabs can be managed under the Catalogs gt Kerberos gt Kerberos Keytabs section of the administra
48. in seconds to wait for the application firewall control script to complete operations such as starting and stopping the application firewall DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2769 e Value type int e Default value 300 afm_enabled Is the application firewall enabled e From products zxtm lb settings cpp 2740 e Value type Yes No e Default value No 96 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key afm_max_deciders Description Maximum configurable number of application firewall deciders The standard licence limit is 8 but this expert key is provided should a special licence permitting more than 8 deciders be provided DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2750 e Value type unsigned integer e Default value 8 afm_state_interval How often in seconds to gather the state of the application firewall in the cluster A value of O means to not gather application firewall information at all DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2761 e Value type seconds e Default value 10 allow_consecutive_chars Whether or not to allow the same character to appear consecutively in passwords e From products zxtm lb settings cpp 2699 e Value type Yes No e Def
49. lt hostname ip gt lt port gt pairs for Kerberos key distribution center KDC services to be explicitly used for the realm of the principal If no KDCs are explicitly configured DNS will be used to discover the KDC s to use e From products zxtm lb kpt_principal cpp 101 e Requires krb5conf is set to e Value type list e Default value lt none gt keytab The name of the Kerberos keytab file containing suitable credentials to authenticate as the specified Kerberos principal e From products zxtm lb kpt_principal cpp 119 e Value type string e Default value lt none gt krb5conf The name of an optional Kerberos configuration file krb5 conf e From products zxtm lb kpt_principal cpp 110 e Value type string e Default value lt none gt realm The Kerberos realm where the principal belongs e From products zxtm lb kpt_principal cpp 82 e Value type string e Default value lt none gt service The service name part of the Kerberos principal name the traffic manager should use to authenticate itself e From products zxtm lb kpt_principal cpp 72 e Value type string e Default value lt none gt conf licensekeys The conf licensekeys directory is where license key files for the software are stored License keys can be managed under the System gt Licenses section of the Admin Server UI or by using the System LicenseKeys section of the SOAP API or CLI 62 Br
50. nCipher NetHSM azure Microsoft Azure Key Vault ssld nworkers The maximum number of concurrent requests the traffic manager will offload to the accelerator device DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 1731 e Value type unsigned integer e Default value 128 ssld queuelen The maximum number of requests that will be queued to the accelerator device DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1742 e Value type unsigned integer e Default value 512 ssld timeout The length of time to wait for SSL hardware support to start before stopping it and retrying This depends on the behaviour of your vendor supplied library when the hardware is unavailable A value of 0 means wait forever DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1770 e Value type seconds e Default value 20 statd days Number of days to store historical traffic information if set to 0 the data will be kept indefinitely e From products zxtm Ib settings cpp 284 e Value type unsigned integer e Default value 90 statd rsync_enabled Enable or disable syncing of logs in the cluster DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 290 e Value type Yes No e Default value Yes Brocade Virtual Traffic Manager Configuration System Guide 131 Configuration Sec
51. protection conncount_size The amount of shared memory reserved for an inter process table of combined connection counts used by all Service Protection classes that have per_process_connection_count set to No The amount is specified as an absolute size eg 20MB e From products zxtm lb settings cpp 551 e Value type string e Default value 20MB ratelwarn_period For the global TPS limits normal and SSL and global BW limits how frequently to repeat warnings about hitting limits DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1148 e Value type seconds e Default value 3600 rate warn_time For the global TPS limits normal and SSL how many seconds they must queue connections before we print a warning about the rate being hit Set to 0 to disable any warning messages DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 1140 e Value type seconds e Default value 5 rate_class_limit The maximum number of Rate classes that can be created Approximately 100 bytes will be pre allocated per Rate class e From products zxtm lb settings cpp 377 e Value type unsigned integer e Default value 25000 recent_conns How many recently closed connections each traffic manager process should save These saved connections will be shown alongside currently active connections when viewing the Connections page You should se
52. read back from a server use 0 for unlimited e From products zxtm monitor monitor_simple cpp 35 e Value type bytes e Default value 2048 note A description of the montitor e From products zxtm monitor catalog_monitor_entry cpp 44 e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 65 Configuration Sections conf monitors Key scope Description A monitor can either monitor each node in the pool separately and disable an individual node if it fails or it can monitor a specific machine and disable the entire pool if that machine fails GLB location monitors must monitor a specific machine e From products zxtm monitor catalog_monitor_entry cpp 64 e Value type enumeration e Default value pernode e Permitted values pernode Node Monitor each node in the pool separately poolwide Pool GLB Monitor a specified machine timeout The maximum runtime for an individual instance of the monitor e From products zxtm monitor monitor cpp 54 e Value type seconds e Default value 3 type The internal monitor implementation of this monitor e From products zxtm monitor catalog_monitor_entry cpp 79 e Value type enumeration e Default value ping e Permitted values ping Ping monitor connect TCP Connect monitor http HTTP monitor tcp_transaction TCP transaction monitor program External pro
53. resolved to an IP address invalidemit Rule used event emit with an invalid custom event The event ID was empty or contained invalid characters norate Rule selected an unknown rate shaping class poolactivenodesunknown Rule references an unknown pool via pool activenodes pooluseunknown Rule selected an unknown pool ruleabort Rule aborted during execution rulebodycomperror Rule encountered invalid data while uncompressing response Rule could not decompress a compressed HTTP response body rulebufferlarge Rule has buffered more data than expected A rule is using more data than expected according to the configuration setting trafficscript memory_warning in the Global Settings page This is a warning only this connection will continue to be handled If many connections exceed the limit at the same time your traffic manager might slow down or run out of memory Consider re writing the rule to reduce its memory usage or changing the limit rulelogmsginfo Rule logged an info message using log info rulelogmsgserious Rule logged an error message using log error Brocade Virtual Traffic Manager Configuration System Guide 41 Configuration Sections conf events Event Tag Description rulelogmsgwarn Rule logged a warning message using log warn rulenopersistence Rule selected an unknown session persistence class ruleoverrun Rule exceeded execution time warning threshold rulesinvalidrequestbody Cl
54. respond to parent control requests If a child process zeus zxtm zeus eventd zeus autoscaler etc takes longer than this number of seconds to respond to a parent control command then the parent zeus zxtm process will assume this process is stuck in an unresponsive loop and will kill it log the termination event and wait for a new process of the same type to restart Set this to 0 to disable killing unresponsive child processes DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 865 e Value type seconds e Default value 60 chunk_size The default chunk size for reading writing requests e From products zxtm lb settings cpp 941 e Value type bytes e Default value 16384 client_first_opt Whether or not your traffic manager should make use of TCP optimisations to defer the processing of new client first connections until the client has sent some data e From products zxtm lb settings cpp 888 e Value type Yes No e Default value No cluster_identifier Cluster identifier Generally supplied by Services Director e From products zxtm lb settings cpp 195 e Value type string e Default value lt none gt 104 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key config storage_shared Description Whether the storage for the traffic managers configuration is shared between c
55. security file contains the security configuration of the software Settings in this classes can be configured under the System gt Security section of the Admin Server UI Key Description access Access to the admin server and REST API is restricted by usernames and passwords You can further restrict access to just trusted IP addresses CIDR IP subnets or DNS wildcards These access restrictions are also used when another traffic manager initially joins the cluster after joining the cluster these restrictions are no longer used Care must be taken when changing this setting as it can cause the administration server to become inaccessible Access to the admin UI will not be affected until it is restarted e From products zxtm lb security cpp 70 e Value type list e Default value lt none gt ssh_intrusion bantime The amount of time in seconds to ban an offending host for e From products zxtm lb security cpp 22 e Value type unsigned integer e Default value 600 ssh_intrusion blacklist The list of hosts to permanently ban identified by IP address or DNS hostname in a space separated list e From products zxtm lb security cpp 55 e Value type list e Default value lt none gt ssh_intrusion enabled Whether or not the SSH Intrusion Prevention tool is enabled e From products zxtm Ib security cpp 16 e Value type Yes No e Default value No Brocade Virtual Traffic Manag
56. settings cpp 728 e Value type Yes No e Default value No trafficscript array_elements The amount of storage that will be allocated to array elements in TrafficScript If more elements are required then the necessary memory will be allocated during the execution of the rule e From products zxtm Ib settings cpp 464 e Value type unsigned integer e Default value 100000 trafficscript data_local_size The maximum amount of memory available to store TrafficScript data local set information This can be specified as a percentage of system RAM 5 for example or an absolute size such as 200MB e From products zxtm lb settings cpp 533 e Value type string e Default value 5 132 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key trafficscript data_size Description The maximum amount of memory available to store TrafficScript data set information This can be specified as a percentage of system RAM 5 for example or an absolute size such as 200MB e From products zxtm Ib settings cpp 516 e Value type string e Default value 5 trafficscriptlexecution_time_war ning Raise an event if a TrafficScript rule runs for more than this number of milliseconds in a single invocation If you get such events repeatedly you may want to consider re working some of your TrafficScript rules A value of 0 means no warning
57. the size of the instances to create e From products zxtm lb pool_config cpp 748 e Requires autoscale enabled issetto yes e Value type string e Default value lt none gt autoscale subnetids List of subnet IDs where the new EC2 VPC instance s will be launched Instances will be evenly distributed among the subnets If the list is empty instances will be launched inside EC2 Classic e From products zxtm lb pool_config cpp 950 e Requires autoscale enabled issetto yes e Value type list e Default value lt none gt 74 Brocade Virtual Traffic Manager Configuration System Guide conf pools Configuration Sections Key bandwidth_class Description The Bandwidth Management Class this pool uses if any e From products zxtm lb pool_config cpp 101 e Value type string e Default value lt none gt disabled A list of nodes in the pool that are in the disabled state e From products zxtm lb pool_config cpp 55 e Value type list e Default value lt none gt dns_autoscale enabled When enabled the Traffic Manager will periodically resolve the hostnames in the hostnames list using a DNS query and use the results to automatically add remove or update the IP addresses of the nodes in the pool e From products zxtm lb pool_config cpp 978 e Value type Yes No e Default value No dns_autoscale hostnames A list of hostnames which will
58. to disable archive size limit DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 3128 e Value type unsigned integer e Default value 50 periodic_log max_log_set_size Maximum size in MBytes for the current set of periodic logs If this size is exceeded the current set will be archived Set to zero to disable archiving based on current set size DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 3109 e Value type unsigned integer e Default value 25 periodic_log max_num_archives Maximum number of archived log sets to keep When the number of archived periodic log sets exceeds this the oldest archives will be deleted DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 3118 e Value type unsigned integer e Default value 14 120 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key periodic_log run_count Description Number of periodic logs which should be archived together as a run DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 3100 e Value type unsigned integer e Default value 144 post_login_banner Banner text to be displayed on the appliance console after login e From products zxtm lb settings cpp 644 e Value type string e Default value lt none gt
59. user to a given URL close Close the connection using error_file on Virtual Servers gt Edit gt Connection Management note A description of the session persistence class e From products zxtm lb session cpp 55 e Value type string e Default value lt none gt type The type of session persistence to use e From products zxtm lb session cpp 73 e Value type enumeration e Default value ip e Permitted values ip IP based persistence universal Universal session persistence named Named Node session persistence sardine Transparent session affinity kipper Monitor application cookies j2ee J2EE session persistence asp ASP and ASP NET session persistence x zeus X Zeus Backend cookies ssl SSL Session ID persistence 70 Brocade Virtual Traffic Manager Configuration System Guide conf pools Configuration Sections Key Description url The redirect URL to send clients to if the session persistence is configured to redirect users when a node dies e From products zxtm lb session cpp 117 e Requires failuremode is set to url case insensitive e Value type string e Default value lt none gt Additional keys used when type is kipper cookie The cookie name to use for tracking session persistence e From products zxtm lb session cpp 82 e Requires type is set to kipper e Value type string e Default value lt none gt conf pools The conf p
60. virtualserver cpp 792 e Value type Yes No e Default value Yes http2 headers_index_whitelist A list of header names that can be compressed using indexing when the value of http2 headers_index_default is set to No e From products zxtm lb virtualserver cpp 813 e Value type list e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 147 Configuration Sections conf vservers Key http2 idle_timeout_no_streams Description The time in seconds to wait for a new HTTP 2 request on a previously used HTTP 2 connection that has no open HTTP 2 streams If an HTTP 2 request is not received within this time the connection will be closed A value of 0 zero will disable the timeout e From products zxtm lb virtualserver cpp 739 e Value type unsigned integer e Default value 120 http2 idle_timeout_open_streams The time in seconds to wait for data on an idle HTTP 2 connection which has open streams when no data has been sent recently e g for long polled requests If data is not sent within this time all open streams and the HTTP 2 connection will be closed A value of 0 zero will disable the timeout e From products zxtm Ib virtualserver cpp 753 e Value type unsigned integer e Default value 600 http2 max_concurrent_streams This setting controls the number of streams a client is permitted to open concurrently on a single con
61. 53 1003866 02 26 October 2015 Brocade Virtual Traffic Manager Configuration System Guide Supporting 10 2 BROCADE Copyright 2015 Brocade Communications Systems Inc All Rights Reserved ADX Brocade Brocade Assurance the B wing symbol DCX Fabric OS HyperEdge ICX MLX MyBrocade OpenScript The Effortless Network VCS VDX Vplane and Vyatta are registered trademarks and Fabric Vision and vADX are trademarks of Brocade Communications Systems Inc in the United States and or in other countries Other brands products or service names mentioned may be trademarks of others Notice This document is for informational purposes only and does not set forth any warranty expressed or implied concerning any equipment equipment feature or service offered or to be offered by Brocade Brocade reserves the right to make changes to this document at any time without notice and assumes no responsibility for its use This informational document describes features that may not be currently available Contact a Brocade sales office for information on feature and product availability Export of technical data contained in this document may require an export license from the United States government The authors and Brocade Communications Systems Inc assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss cost liability or damages arising from the information contained herein
62. 65 e Value type unsigned integer e Default value 0 note A description of the rate class e From products zxtm Ib rate cpp 130 e Value type string e Default value lt none gt queue_length The maximum number of items allowed in the queue for this rate class A value of O means there is no limit on the number of connections that can be queued DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb rate cpp 141 e Value type unsigned integer e Default value 0 conf rules The conf rules directory contains plain text and compiled TrafficScript rule files The name of a file is the name of the rule it defines Rules are managed under the Catalogs gt Rules section of the Admin Server UI or by using functions under the Catalog Rule section of the SOAP API and CLI Key Description There are no items to display for this configuration type 88 Brocade Virtual Traffic Manager Configuration System Guide conf scripts Configuration Sections conf scripts The conf scripts directory contains programs and scripts that may be run by monitors of the program type Monitor programs can be managed under the Catalogs gt Extra Files gt Monitor Programs section of the Admin Server UI or by using functions under the Catalog Monitor section of the SOAP API and CLI Key Description There are no items to display for this configuration type conf security The conf
63. AT rule e From products zxtm Ib nat_conf cpp 53 e Value type Yes No e Default value lt none gt one_to_one ip IP Address of a one to one type NAT rule e From products zxtm Ib nat_conf cpp 45 e Value type string e Default value lt none gt one_to_one tip TIP group of a one to one type NAT rule e From products zxtm Ib nat_conf cpp 36 e Value type string e Default value lt none gt port_mapping dport_first First port of the dest port range of a port mapping rule e From products zxtm lb nat_conf cpp 122 e Value type unsigned integer e Default value lt none gt port_mapping dport_last Last port of the dest port range of a port mapping rule e From products zxtm lb nat_conf cpp 130 e Value type unsigned integer e Default value lt none gt port_mapping virtual_server Target Virtual Server of a port mapping rule e From products zxtm lb nat_conf cpp 114 e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 15 Configuration Sections conf aptimizer profiles conf aptimizer profiles The conf aptimize directory contains configuration files for Aptimizer profiles Aptimizer profiles can be configured under the Catalogs gt Aptimizer gt Aptimizer Profiles section of the Admin Server Ul or by using functions under the Catalog Aptimizer Aptimizer
64. Autoscaling support has been disabled autoscalinglicenseenabled Autoscaling support has been enabled bwlimited License key bandwidth limit has been hit cachesizereduced Configured cache size exceeds license limit only using amount allowed by license expired License key has expired License key has expired expiresoon License key expires within 7 days lessmemallowed License allows less memory for caching license authorized License key authorized License key authorized license authorized ts License key authorized by authorization code License key authorized by authorization code license explicitlydisabled ts License key explicitly disabled from authorization code license graceperiodexpired Unable to authorize license key license graceperiodexpired ts Unable to authorize license key license rejected authorized License server rejected license key key remains authorized Brocade Virtual Traffic Manager Configuration System Guide 37 Configuration Sections conf events Event Tag license rejected authorized ts Description License key rejected from authorization code key remains authorized license rejected unauthorized License server rejected license key key is not authorized License server rejected license key key is not authorized license rejected unauthorized ts License key rejected from authorization code license timedout
65. Courier Code examples appear in Courier font amnesiac gt enable amnesiac configure terminal 5 Values that you specify appear in angle brackets interface lt ip address gt Optional keywords or variables appear in brackets ntp peer lt ip address gt version lt number gt Elements that are part of a required choice appear in braces lt interface name gt ascii lt string gt hex lt string gt The pipe symbol represents a choice to select one keyword or variable to the left or right of the symbol The keyword or variable can be either optional or required delete lt filename gt upload lt filename gt Documentation and Release Notes To obtain the most current version of all Brocade documentation go to the Riverbed Support site at https support riverbed com If you need more information see the Riverbed Knowledge Base for any known issues how to documents system requirements and common error messages You can browse titles or search for keywords and strings To access the Riverbed Knowledge Base log in to the Riverbed Support site at https support riverbed com Each software release includes release notes The release notes identify new features in the software as well as known and fixed problems To obtain the most current version of the release notes go to the Software and Documentation section of the Riverbed Support Web site at https support riverbed com Examine th
66. Fault Tolerance gt BGP Neighbors section of the Admin UL or by using functions under the BGPNeighbors section of the SOAP API and CLI Key address Description The IP address of the BGP neighbor e From products zxtm flipper config cpp 398 e Value type string e Default value lt none gt advertisement_interval The minimum interval between the sending of BGP routing updates to neighbors Note that as a result of jitter as defined for BGP the interval during which no advertisements are sent will be between 75 and 100 of this value e From products zxtm flipper config cpp 451 e Value type seconds e Default value 5 as_number The AS number for the BGP neighbor e From products zxtm flipper config cpp 411 e Value type unsigned integer e Default value 65534 authentication_password The password to be used for authentication of sessions with neighbors e From products zxtm flipper config cpp 463 e Value type string e Default value lt none gt holdtime The period after which the BGP session with the neighbor is deemed to have become idle and requires re establishment if the neighbor falls silent e From products zxtm flipper config cpp 437 e Value type seconds e Default value 90 keepalive The interval at which messages are sent to the BGP neighbor to keep the mutual BGP session established e From products zxtm flipper config c
67. From products zxtm lb config cpp 199 e Value type unsigned integer e Default value 9070 restServerPort The Application Firewall REST Internal API port this port should not be accessed directly e From products zxtm lb config cpp 1356 e Value type unsigned integer e Default value 0 securityworld The security world the traffic manager is in DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 1276 e Value type string e Default value lt none gt snmp allow Restrict which IP addresses can access the SNMP command responder service The value can be all localhost or a list of IP CIDR subnet masks For example 10 100 0 0 16 would allow connections from any IP address beginning with 10 100 e From products zxtm lb config cpp 383 e Value type list e Default value all snmp auth_password The authentication password Required minimum length 8 bytes if snmp security_level includes authentication e From products zxtm lb config cpp 326 e Requires snmp security_level is set to authNoPriv e Value type password e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 181 Configuration Sections conf zxtms Key snmp bindip Description The IP address the SNMP service should bind its listen port to The value asterisk means SNMP will listen on all IP addresses
68. Install New Permitted values none ro or full License_Keys Remove Licenses gt Remove Permitted values none ro or full Networking Networking Permitted values none ro or full Requires feature Appliance Networking NAT Networking gt NAT Permitted values none ro or full Requires feature Appliance Steelhead Riverbed SteelHead Permitted values none ro or full Security Security Permitted values none ro or full SNMP SNMP Permitted values none ro or full Sysctl Sysctl Permitted values none ro or full Requires feature Appliance DateTime Time Permitted values none ro or full Requires feature Appliance Traffic_Managers Traffic Managers Permitted values none ro or full Traffic_Managers AddRemove Traffic Managers gt AddRemove Permitted values none ro or full Traffic_Managers Upgrade Traffic Managers gt Upgrade Permitted values none ro or full Access_Management Users Permitted values none ro or full Access_Management Authenticat ionMethods Users gt Authenticators Permitted values none ro or full Access_Management Authenticat ionMethods Edit Users gt Authenticators gt Edit Permitted values none ro or full Access_Management Groups Users gt Groups Permitted values none ro or full Access_Management Grou
69. Manager Configuration System Guide 101 Configuration Sections conf settings cfg Key autoscaler verbose Description Whether or not detailed messages about the autoscaler s activity are written to the error log e From products zxtm autoscaler autoscaler cpp 273 e Value type Yes No e Default value No bandwidth full_speed_scale How many times extra bandwidth to give to connections that are determined to be full speed ie using up as much bandwidth as we give them A higher value means that slow connections won t reserve as much bandwidth and so slow down the connections that can go fast DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm b settings cpp 1039 e Value type unsigned integer e Default value 4 bandwidththistoric_weighting When sharing out bandwidth across the cluster this controls how fast we shift bandwidth limits A high number will mean that the per traffic manager limits move slowly towards the new values which should give smooth and slow changes across the cluster good if all machines get a constant flow of traffic A lower value means that bandwidth limits move quickly to the new distribution good if traffic is bursty to different machines DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1096 e Value type unsigned integer e Default value 10 bandwidth license_sharing For the global BW limits how t
70. No e Default value No flipper routing_sw_log_level The routing software log level Values are 0 emergency 1 alert 2 critical 3 error 4 warning 5 notification 6 informational 7 debug Messages with priority less or equal to the set level will be logged DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm flipper config cpp 647 e Value type unsigned integer e Default value 4 The group ID that the software s worker processes will run as For example on typical Linux installations this could be set to 65534 for the unprivileged nobody group e From products zxtm lb config cpp 152 e Value type string e Default value lt none gt iptables config_enabled Whether the Traffic Manager should configure the iptables built in chains to call Traffic Manager defined rules e g the IP transparency chain This should only be disabled in case of conflict with other software that manages iptables e g firewalls When disabled you will need to add rules manually to use these features see the user manual for details e From products zxtm lb config cpp 608 e Value type Yes No e Default value Yes 178 Brocade Virtual Traffic Manager Configuration System Guide conf zxtms Configuration Sections Key iptrans chain Description The iptables named chain to use for IP transparency rules DO NOT SET OR MODIFY THIS KEY MANUALLY e From pr
71. OT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 234 e Value type Yes No e Default value No controlport The port that the software should listen on for internal administration communications See also control bindip e From products zxtm lb config cpp 168 e Value type unsigned integer e Default value 9080 decisionServerPortBase The Application Firewall internal communication base port The Application Firewall will use ports sequentially above this for internal communication These ports are bound only to localhost e From products zxtm lb config cpp 1374 e Value type unsigned integer e Default value 10000 disk_serious The percentage level of disk usage that triggers a SERIOUS event log entry DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 556 e Value type unsigned integer e Default value 95 disk_warn The percentage level of disk usage that triggers a WARN event log entry DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 547 e Value type unsigned integer e Default value 85 176 Brocade Virtual Traffic Manager Configuration System Guide conf zxtms Configuration Sections Key ec2 availability_zone Description The availability zone of this EC2 instance should be set when the appliance is first booted Not required for non EC2 systems
72. Profiles section of the SOAP API and CLI Key background_after Description If Aptimizer can finish optimizing the resource within this time limit then serve the optimized content to the client otherwise complete the optimization in the background and return the original content to the client If set to 0 Aptimizer will always wait for the optimization to complete before sending a response to the client e From products zxtm lb wax cpp 63 e Value type unsigned integer e Default value 0 background_on_additional_reso urces If a web page contains resources that have not yet been optimized fetch and optimize those resources in the background and send a partially optimized web page to clients until all resources on that page are ready e From products zxtm lb wax cpp 75 e Value type Yes No e Default value No built_in If set to Yes this indicates that this configuration is built in provided as part of the software and cannot be deleted or edited e From products zxtm lb wax cpp 100 e Value type Yes No e Default value No config The configuration string for the Aptimize profile e From products zxtm lb wax cpp 86 e Value type string e Default value lt none gt 16 Brocade Virtual Traffic Manager Configuration System Guide conf aptimizer scopes Configuration Sections Key mode Description Set the Aptimizer mode to turn accelera
73. Ps in this case an alternative configuration is to listen on a single IP address This may be useful if you have a separate management network and wish to restrict control messages to it It is important to ensure that the controlallow in the conf settings cfg file is compatible with the IP configured here e From products zxtm lb config cpp 190 e Value type string men e Default value Brocade Virtual Traffic Manager Configuration System Guide 175 Configuration Sections conf zxtms Key control canupdate Description Whether or not this instance of the software can send configuration updates to other members of the cluster When not clustered this key is ignored When clustered the value can only be changed by another machine in the cluster that has control update set to Yes If set to No then it will not be possible to log into the admin server for this instance e From products zxtm lb config cpp 249 e Value type Yes No e Default value Yes control certificate The public part of the security certificate used to identify this traffic manager for the purposes of command and control messages DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 225 e Value type string e Default value lt none gt control verbose Whether or not the control port should be verbose about connection errors Enable for debugging control port problems DO N
74. Query returned IP addresses that are not configured in any location glbnewmaster A location has been set as active for a GLB service glbnolocations No valid location could be chosen for Global Load Balancing glbservicedied GLB Service has failed GLB Service has failed glbserviceok GLB Service has recovered GLB Service has recovered glbtoomanylocations There are too many Data Centers configured and the Global Load Balancing feature is not guaranteed to work reliably with more than 255 Data Centres Event tags for object type slm slmclasslimitexceeded SLM shared memory limit exceeded The number of SLM classes configured requires more shared memory than is currently reserved for them SLM classes will continue to work but with reduced accuracy For full accuracy please increase the configuration key slm_class_limit on the Global Settings page and restart your traffic manager slmfallenbelowserious SLM has fallen below serious threshold The percentage of requests meeting the monitor s criteria has fallen below the serious threshold slmfallenbelowwarn SLM has fallen below warning threshold A lower percentage of requests meet this monitor s criteria than desired and this was not the case at the previous check slmnodeinfo Node information when SLM is non conforming no SNMP trap A summary of the nodes that have contributed to the SLM failure when it falls below the serious threshold This event
75. Script error e From products zxtm lb settings cpp 488 e Value type unsigned integer e Default value 10000000 trafficscript regex_match_warn_ perc The percentage of trafficscript regex_match_limit at which TrafficScript reports a performance warning e From products zxtm Ib settings cpp 498 e Value type unsigned integer e Default value 5 Brocade Virtual Traffic Manager Configuration System Guide 133 Configuration Sections conf settings cfg Key trafficscript variable_pool_use Description Allow the pool use and pool select TrafficScript functions to accept variables instead of requiring literal strings Enabling this feature has the following effects e Your traffic manager may no longer be able to know whether a pool is in use e Errors for pools that aren t in use will not be hidden e Some settings displayed for a Pool may not be appropriate for the type of traffic being managed e Pool usage information on the pool edit pages and config summary may not be accurate e Monitors will run for all pools with this option disabled monitors will only run for Pools that are used e From products zxtm Ib settings cpp 439 e Value type Yes No e Default value No uipage_banner Banner text to be displayed on all Admin Server pages e From products zxtm lb settings cpp 656 e Value type string e Default value lt none gt universal_cache_si
76. Servers honor the Fallback SCSV to protect connections against downgrade attacks e From products zxtm lb settings cpp 2105 e Value type Yes No e Default value Yes ssllinsert_extra_fragment Whether or not SSL3 and TLS1 use one byte fragments as a BEAST countermeasure e From products zxtm lb settings cpp 2111 e Value type Yes No e Default value No ssl max_handshake_message_siz e The maximum size in bytes of SSL handshake messages that SSL connections will accept To accept any size of handshake message the key should be set to the value 0 e From products zxtm lb settings cpp 2195 e Value type bytes e Default value 10240 ssllobscure_alert_descriptions Whether SSL TLS alert descriptions should be obscured where reasonable when sent to a remote peer Alert descriptions are useful for diagnosing SSL TLS connection issues when connecting to a remote peer However those diagnostics may provide information that an attacker could use to compromise the system as a concrete example see Moeller B Security of CBC Ciphersuites in SSL TLS Problems and Countermeasures If not enabled alert descriptions that are known to facilitate compromise will still be obscured Otherwise if enabled alert descriptions that can be safely mapped to a more general one will be DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 2161 e Value type
77. TTP server when the server responds before all the client data has been sent DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1183 e Value type Yes No e Default value Yes 112 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key idle_connection_timeout Description How long an unused HTTP keepalive connection should be kept before it is discarded e From products zxtm Ib settings cpp 1174 e Value type seconds e Default value 10 internal_config_logging Whether or not messages pertaining to internal configuration files should be logged to the event log DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 602 e Value type Yes No e Default value No ioregister_timeout Timeout for unregistered I O events in milliseconds If the connection doesn t complete within this time then read events should be enabled so that we can spot the client closing the connection DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 836 e Value type unsigned integer e Default value 1000 ip_cache_size The maximum number of entries in the IP session cache This is used to provide session persistence based on the source IP address Approximately 100 bytes will be pre allocated per entry e From products zxtm Ib settings c
78. The events subscribed to by a particular event type configuration are identified by an object type and a set of event tags using keys of the form type lt object type gt event_tags lt tag list gt For example type vservers event_tags vsstart vsstop The events subscribed to can be further filtered to specific configuration objects using keys of the form type lt object type gt object_names lt object names gt The table below lists the object types and all the event tags that are available for them Key actions Description The actions triggered by events matching this event type See the type levent_tags and type object_names keys The value is a list of files to execute when a matching event occurs these files must be located within the conf actions directory Refer to the documentation for the conf actions configuration section for more information regarding how these files are executed e From products zxtm eventd eventhandler cpp 142 e Value type list e Default value lt none gt built_in If set to Yes this indicates that this configuration is built in provided as part of the software and cannot be deleted or edited e From products zxtm eventd eventhandler cpp 166 e Value type Yes No e Default value No Brocade Virtual Traffic Manager Configuration System Guide 29 Configuration Sections conf events log2mainlog Whether or not the triggering of this event t
79. There are no items to display for this configuration type Brocade Virtual Traffic Manager Configuration System Guide 93 Configuration Sections conf settings cfg conf settings cfg The conf settings cfg file contains general global settings that are used across a cluster These setting are managed under the System gt Global Settings section of the Admin Server UI or by using functions under the GlobalSettings section of the SOAP API and CLI Key accept_mutex Description Whether or not the software should put a lock around accept calls DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 894 e Value type Yes No e Default value No admin honor_fallback_scsv Whether or not the admin server the internal control port and the config daemon honor the Fallback SCSV to protect connections against downgrade attacks e From products zxtm Ib settings cpp 2396 e Value type Yes No e Default value Yes admin insert_extra_fragment Whether or not admin server SSL3 and TLS1 use one byte fragments as a BEAST countermeasure for admin server and internal connections e From products zxtm lb settings cpp 2472 e Value type Yes No e Default value No admin ss13_allow_rehandshake Whether or not SSL3 TLS re handshakes should be supported for admin server and internal connections e From products zxtm lb settings cpp 2464 e Value type e
80. Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key flipper routing_sw_watchdog_li mit Description The maximum number of times the routing software suite of processes will be started or restarted within the interval defined by the flipper routing_sw_watchdog_ interval setting If the routing software fails this many times within the interval it will be stopped and can only be restarted manually from the Diagnose page or by switching OSPF off and on again Zero means no limit DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 420 e Value type unsigned integer e Default value 3 flipper tentative_timeout How long the traffic manager should endure the OS s mis management of IP addresses in the tentative state DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 371 e Value type seconds e Default value 5 flipper tipv6_raise_deprecated Mark Traffic IPv6 addresses as deprecated to prevent their use during IPv6 source selection DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 386 e Value type Yes No e Default value Yes flipper unicast_port The unicast UDP port to use to exchange cluster heartbeat messages e From products zxtm lb flipper_settings_keys cpp 304 e Requires flipper heartbeat_method i
81. Traffic Manager Configuration System Guide 5 Introduction The Traffic Manager Configuration File System The Traffic Manager Configuration File System The Traffic Manager stores its configuration in a series of text files under a tree structure of directories one per object type As you make configuration changes through the UI or one of the product APIs the Traffic Manager s Admin Server management component maintains and updates the files and directories accordingly Important Unless instructed to do so by your support provider Brocade strongly recommends that you do not modify these files directly They are maintained automatically by the Admin Server and as such your changes can be lost or cause unpredictable behavior in your Traffic Manager deployment Always use the UI programming APIs or zconf utility to make changes The core Traffic Manager software reads the config when triggered by an observed update or on a pre defined chronological basis and applies the appropriate logic Additionally the Traffic Manager ensures synchronization between itself and all other Traffic Manager instances in a cluster and replicates out any changes that occur The following diagram demonstrates the directory structure under the root config directory ZEUSHOME zxtm conf actionprogs actions activitymonitor auth bandwidth vservers zxtms Each of the sections listed in Chapter 2
82. Virtual_Servers Edit Request_Lo gging Virtual Servers gt Edit gt Request Logging Permitted values none ro or full Virtual_Servers Edit Rules Virtual Servers gt Edit gt Rules Permitted values none ro or full Requires feature Rules Virtual_Servers Edit Rules Enabl eDisable Virtual Servers gt Edit gt Rules gt Enable Disable Permitted values none ro or full Requires feature Rules Virtual_Servers Edit Rules Move Virtual Servers gt Edit gt Rules gt Move Permitted values none ro or full Requires feature Rules Virtual_Servers Edit Rules Once Every Virtual Servers gt Edit gt Rules gt Once Every Permitted values none ro or full Requires feature Rules Virtual_Servers Edit Rules Remo ve Virtual Servers gt Edit gt Rules gt Remove Permitted values none ro or full Requires feature Rules 56 Brocade Virtual Traffic Manager Configuration System Guide conf groups Configuration Sections Key Virtual_Servers Edit GLB_Servic es Description Virtual Servers gt Edit gt Service Permitted values none ro or full Virtual_Servers Edit SSL_Decryp tion Virtual Servers gt Edit gt SSL Decryption Permitted values none ro or full Section Diagnosing Audit_Log Audit Log Permitted values none ro or full Audit_Log Audit_Archive Audit Log gt Audit Archive Permitte
83. Whether or not URLs and HTTP request headers that contain binary data after decoding should be rejected e From products zxtm lb protection cpp 299 e Value type Yes No e Default value No Brocade Virtual Traffic Manager Configuration System Guide 85 Configuration Sections conf protection Key http send_error_page Description This setting tells the traffic manager to send an HTTP error message if a connection fails the service protection tests instead of just dropping it Details of which HTTP response will be sent when particular tests fail can be found in the Help section for this page e From products zxtm b protection cpp 310 e Value type Yes No e Default value Yes linger_time After sending a HTTP error message to a client wait up to this time before closing the connection DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib protection cpp 317 e Value type seconds e Default value 3 log_time Log service protection messages at these intervals If set to 0 no messages will be logged and no alerts will be sent e From products zxtm lb protection cpp 84 e Value type seconds e Default value 60 max_10_connections Additional limit on maximum simultaneous connections from the top 10 busiest connecting IP addresses combined The value should be between 1 and 10 times the max_1_connections limit This limit is disabled if per
84. Yes No e Default value Yes ssllocsp_cache size The maximum number of cached client certificate OCSP results stored This cache is used to speed up OCSP checks against client certificates by caching results Approximately 1040 bytes are pre allocated per entry e From products zxtm lb settings cpp 2245 e Value type unsigned integer e Default value 2048 ssllocsp_stapling default_refresh _interval How long to wait before refreshing requests on behalf of the store of certificate status responses used by OCSP stapling if we don t have an up to date OCSP response e From products zxtm lb settings cpp 2282 e Value type seconds e Default value 60 ssl ocsp_stapling maximum_refr esh_interval Maximum time to wait before refreshing requests on behalf of the store of certificate status responses used by OCSP stapling 0 means no maximum e From products zxtm Ib settings cpp 2295 e Value type seconds e Default value 864000 Brocade Virtual Traffic Manager Configuration System Guide 125 Configuration Sections conf settings cfg Key ssllocsp_stapling mem_size Description How much shared memory to allocate for the store of certificate status responses for OCSP stapling This should be at least 2kB times the number of certificates configured to use OCSP stapling This is specified as either a percentage of system RAM 1 for example or an absolute size such as 10MB
85. _keys cpp 27 e Value type Yes No e Default value No 114 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key license_servers Description A list of license servers for FLA licensing A license server should be specified as a lt ip host gt lt port gt pair e From products zxtm lb settings cpp 566 e Value type list e Default value lt none gt listen_queue_size The listen queue size for managing incoming connections It may be necessary to increase the System s listen queue size if this value is altered If the value is set to O then the default system setting will be used e From products zxtm lb settings cpp 906 e Value type unsigned integer e Default value 0 load_change_limit The maximum change to load per second when monitored by ZGLB TODO FIX ME This limit does not apply to external setting of the load by a SOAP agent e From products zxtm lb settings cpp 1393 e Value type unsigned integer e Default value 800 load_dampening Load dampening factor Every second your traffic manager decreases the calculated load of all back end nodes For example a value of 80 would mean that a node will have its load reduced to 80 of what it was a second ago DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 272 e Value type unsigned integer e Default va
86. _process_connection_count is No or max_1_connections is 0 or min_connections is 0 e From products zxtm lb protection cpp 166 e Value type unsigned integer e Default value 200 max_1_connections Maximum simultaneous connections each connecting IP address is allowed Set to 0 to disable this limit e From products zxtm lb protection cpp 107 e Value type unsigned integer e Default value 30 max_connection_rate Maximum number of new connections each connecting IP address is allowed to make in the rate_timer interval Set to 0 to disable this limit If applied to an HTTP Virtual Server each request sent on a connection that is kept alive counts as a new connection The rate limit is per process each process within a Traffic Manager accepts new connections from the connecting IP address at this rate Each Traffic Manager typically has several processes one process per available CPU core e From products zxtm lb protection cpp 183 e Value type unsigned integer e Default value 0 86 Brocade Virtual Traffic Manager Configuration System Guide conf protection Configuration Sections Key min_connections Description Entry threshold for the max_10_connections limit the max_10_connections limit is not applied to connecting IP addresses with this many or fewer simultaneous connections Setting to 0 disables both the max_1_connections and max_10_connections limit
87. ablished sessions with all BGP neighbors bgpnoneighbors There are no valid BGP neighbors defined There are no valid BGP neighbors defined clockjump The system clock jumped forwards or backwards by more than one second clocknotmonotonic The monotonic system clock went backwards dropec2ipwarn Removing EC2 IP Address from all machines it is no longer a part of any Traffic IP Groups dropipinfo Dropping Traffic IP Address due to a configuration change or traffic manager recovery dropipwarn Dropping Traffic IP Address due to an error The Traffic IP address was dropped due to a network failure ec2flipperraiselocalworking Moving EC2 IP Address local machine is working ec2flipperraiseothersdead Moving EC2 IP Address other machines have failed ec2iperr Problem occurred when managing an EC2 IP address 32 Brocade Virtual Traffic Manager Configuration System Guide conf events Configuration Sections Event Tag Description ec2nopublicip Cannot raise Elastic IP on this machine until EC2 provides it with a public IP address An Elastic IP cannot currently be moved to this machine This is usually because it has recently had its Elastic IP moved to another box and EC2 has not yet returned its default public IP address ec2nosecondaryprivateip Cannot raise Elastic IP on this machine as no suitable secondary IP is available on the allowed network card s An Elastic IP cannot currently be moved to this m
88. achine This is usually because it doesn t have a secondary private address with either no EIP association assigned to network interface s or is used by a virtual server flipperbackendsworking Back end nodes are now working Back end nodes are now working flipperdadreraise Re raising Traffic IP Address Operating system did not fully raise the address This address is being re raised to circumvent the operating system s Duplicate Address Detection feature flipperfrontendsworking Frontend machines are now working The machines that your traffic manager is using to check network connectivity on the frontend usually the default gateway are now working flipperipexists Failed to raise Traffic IP Address the address exists elsewhere on your network and cannot be raised flipperraiselocalworking Raising Traffic IP Address local machine is working flipperraiseosdrop Raising Traffic IP Address Operating System had dropped this IP address Traffic IP Addresses are automatically managed by the traffic manager and their configuration should only be altered from the vTM Admin Server flipperraiseothersdead Raising Traffic IP Address other machines have failed The Traffic IP Address will be raised as a result of the the death of another machine or a config change flipperraiseremotedropped This Traffic Manager has re raised traffic IP addresses as the remote machine which was host
89. ain Permitted values none ro or full SSL Client_Certs Edit CopyCert SSL gt Client Certs gt Edit gt Copy Certificate Permitted values none ro or full SSL Client_Certs Edit Sign SSL gt Client Certs gt Edit gt Sign Permitted values none ro or full SSL Client_Certs Import SSL gt Client Certs gt Import Permitted values none ro or full SSL Client_Certs New SSL gt Client Certs gt New Permitted values none ro or full SSL IDNSSEC_Keys SSL gt DNSSEC Keys Permitted values none ro or full SSL ISSL_Certs SSL gt Server Certs Permitted values none ro or full SSL ISSL_Certs Edit SSL gt Server Certs gt Edit Permitted values none ro or full SSL SSL_Certs Edit Chain SSL gt Server Certs gt Edit gt Chain Permitted values none ro or full SSL ISSL_Certs Edit CopyCert SSL gt Server Certs gt Edit gt Copy Certificate Permitted values none ro or full SSLISSL_Certs Edit Sign SSL gt Server Certs gt Edit gt Sign Permitted values none ro or full 54 Brocade Virtual Traffic Manager Configuration System Guide conf groups Configuration Sections Key SSL SSL_Certs Import Description SSL gt Server Certs gt Import Permitted values none ro or full SSL ISSL_Certs New SSL gt Server Certs gt New Permitted values none ro or full S
90. alue DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1515 e Value type string e Default value 0 webcache disk Whether or not to use a disk backed typically SSD cache If set to Yes cached web pages will be stored in a file on disk This enables the traffic manager to use a cache that is larger than available RAM The webcachelsize setting should also be adjusted to select a suitable maximum size based on your disk space Note that the disk caching is optimized for use with SSD storage e From products zxtm lb settings cpp 1607 e Value type Yes No e Default value No webcache disk_dir If disk caching is enabled this sets the directory where the disk cache file will be stored The traffic manager will create a file called webcache data in this location Note that the disk caching is optimized for use with SSD storage e From products zxtm lb settings cpp 1622 e Value type string e Default value zeushome zxtm internal webcache max_byte_range_segm Maximum number of range segments allowed in a range request Requests ents containing more segments than this will get a 416 Requested Range Not Satisfiable response even if the page actually contains the requested ranges This setting is useful to protect against byte range related DoS attacks DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1634 e Value ty
91. ance shim mode The mode used to discover Riverbed Cloud SteelHeads in the local cloud or data center e From products zxtm lb config cpp 1105 e Value type enumeration e Default value portal e Permitted values portal Riverbed Portal local Local Portal manual Manual Brocade Virtual Traffic Manager Configuration System Guide 173 Configuration Sections conf zxtms Key appliance shim portal_url Description The hostname or IP address of the local portal to use e From products zxtm lb config cpp 1142 e Requires appliance shim mode is set to local e Value type string e Default value lt none gt appliance shim proxyhost The IP or hostname of the proxy server to use to connect to the portal Leave blank to not use a proxy server e From products zxtm lb config cpp 1155 e Requires appliance shim mode is set to portal local case insensitive e Value type string e Default value lt none gt appliance shim proxyport The port of the proxy server must be set if a proxy server has been configured e From products zxtm lb config cpp 1169 e Requires appliance shim mode is set to portal local amp amp VAL appliance shim proxyhost s case insensitive e Value type string e Default value lt none gt appliance ssh enabled Whether or not the SSH server is enabled on the appliance e From products zxtm lb config
92. as returned a response that could not be parsed Brocade Virtual Traffic Manager Configuration System Guide 31 Configuration Sections conf events Event Tag autoscalestatusupdateerror Description An API call made by the autoscaler process has reported an error autoscalingprocesstimedout A cloud API process has timed out usedcredsdeleted A Cloud Credentials object has been deleted but it was still in use The configuration file containing cloud credentials was removed but the credentials were still being used by one or more autoscaled pools Event tags for object type config confadd Configuration file added confdel Configuration file deleted confmod Configuration file modified confok Configuration file now OK Event tags for object type faulttolerance activatealldead Activating this machine automatically because it is the only working machine in its Traffic IP Groups activatedautomatically Machine has recovered and been activated automatically because it would cause no service disruption allmachinesok All machines are working All machines are working bgpneighborsdegraded Some of the BGP neighbors do not have established sessions bgpneighborsfailed None of the BGP neighbors have an established session None of the BGP neighbors have an established session bgpneighborsok There are established sessions with all BGP neighbors There are est
93. ault value Yes appliance bootloader_password The password used to protect the bootloader An empty string means there will be no protection e From products zxtm Ib settings cpp 738 e Value type password e Default value lt none gt appliance managencss Whether or not we should manage the nCipher Support Software automatically e From products zxtm Ib settings cpp 1931 e Value type Yes No e Default value Yes appliance ncss nethsm The IP address of the nCipher NetHSM to use e From products zxtm lb settings cpp 1942 e Value type string e Default value lt none gt appliance ncss nethsm_esn The ESN electronic serial number for the NetHSM e From products zxtm lb settings cpp 1953 e Value type string e Default value lt none gt appliance ncss nethsm_hash The key hash for the NetHSM e From products zxtm Ib settings cpp 1964 e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 97 Configuration Sections conf settings cfg Key appliance ncss rfs Description The IP address of the nCipher Remote File System to use e From products zxtm Ib settings cpp 1975 e Value type string e Default value lt none gt appliance return_path_routing_e nabled Whether or not the traffic manager will attempt to route response packets back to clients via the same rou
94. authorized Unable to contact license server license key remains authorized license timedout authorized ts Unable to run authorization code to completion key remains valid license timedout unauthorized Unable to contact license server license key is not authorized Unable to contact license server license key is not authorized license timedout unauthorized ts Unable to run authorization code to completion license unauthorized License key is not authorized License key is not authorized licenseclustertoobig Cluster size exceeds license key limit licensecorrupt License key is corrupt This key is invalid and cannot be used you should upload a valid key licensestate malformed Error detected in LicenseStateFile format licensestate write failed Unable to preserve license state The license state file could not be updated morememallowed License allows more memory for caching ssltpslimited License key SSL transactions per second limit has been hit tpslimited License key transactions per second limit has been hit unlicensed Started without a license usingdevlicense Using a development license Development licenses are severely limited and are not for production use usinglicense Using license key This license key currently determines the available features because it has more features than any other available keys Event tags for object type l
95. be used for DNS derived autoscaling e From products zxtm lb pool_config cpp 989 e Requires dns_autoscale enabled issetto yes e Value type list e Default value lt none gt dns_autoscale port The port number to use for each node when using DNS derived autoscaling e From products zxtm lb pool_config cpp 997 e Value type unsigned integer e Default value 80 draining A list of nodes in the pool that are in the draining state e From products zxtm lb pool_config cpp 45 e Value type list e Default value lt none gt failpool If all of the nodes in this pool have failed then requests can be diverted to another pool e From products zxtm lb pool_config cpp 65 e Value type string e Default value lt none gt fast_response A lower threshold in microseconds on the response times of the backend nodes as measured by the traffic manager All connections that get a response in a shorter time than this are considered equally fast DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb pool_config cpp 268 e Value type unsigned integer e Default value 5000 Brocade Virtual Traffic Manager Configuration System Guide 75 Configuration Sections conf pools Key favoured_bias Description The bias used when choosing between a random back end and a favoured one expressed as a percentage For example a value of 10 means that the favoured ba
96. cific filtering e g CallID matching for SIP packets in addition to IP and port matching e From products zxtm lb virtualserver cpp 1058 e Value type Yes No e Default value Yes udp_port_smp Whether or not UDP datagrams should be distributed across all traffic manager processes This setting is not recommended if the traffic manager will be handling connection based UDP protocols e From products zxtm lb virtualserver cpp 1041 e Value type Yes No e Default value No udp_response_datagrams_expect ed The virtual server should discard any UDP connection and reclaim resources when the node has responded with this number of datagrams For simple request response protocols this can be often set to 1 If set to 1 the connection will not be discarded until the udp_timeout is reached e From products zxtm lb virtualserver cpp 1031 e Value type int e Default value 1 Brocade Virtual Traffic Manager Configuration System Guide 163 Configuration Sections conf vservers Key udp_timeout Description The virtual server should discard any UDP connection and reclaim resources when no further UDP traffic has been seen within this time e From products zxtm lb virtualserver cpp 1015 e Value type seconds e Default value 7 webcache control_out The Cache Control header to add to every cached HTTP response no cache or max age 600 for example e From
97. ck end can have up to 10 more load than the random one for it to be selected DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb pool_config cpp 276 e Value type unsigned integer e Default value 5 ftp_support_rfc_2428 Whether or not the backend IPv4 nodes understand the EPRT and EPSV command from RFC 2428 It is always assumed that IPv6 nodes support these commands e From products zxtm lb pool_config cpp 461 e Value type Yes No e Default value No keepalive Whether or not the pool should maintain HTTP keepalive connections to the nodes e From products zxtm lb pool_config cpp 235 e Value type Yes No e Default value Yes keepalive non_idempotent Whether or not the pool should maintain HTTP keepalive connections to the nodes for non idempotent requests e From products zxtm lb pool_config cpp 244 e Value type Yes No e Default value No kerberos_protocol_transition pri ncipal The Kerberos principal the traffic manager should use when performing Kerberos Protocol Transition e From products zxtm lb pool_config cpp 1009 e Value type string e Default value lt none gt kerberos_protocol_transition targ et The Kerberos principal name of the service this pool targets e From products zxtm lb pool_config cpp 1017 e Value type string e Default value lt none gt lard_size The size of the LARD cache
98. cpp 1311 e Value type unsigned integer e Default value 0 Brocade Virtual Traffic Manager Configuration System Guide 179 Configuration Sections conf zxtms Key kmod_policy Description The policy for loading and unloading kernel modules DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 451 e Value type enumeration e Default value enabled e Permitted values enabled Load modules when required unload performance impacting modules when not required nounload Load modules when required no automatic unloading disabled Do not load or unload kernel modules location This is the location of the local traffic manager is in e From products zxtm lb config cpp 1252 e Value type string e Default value lt none gt nameip Replace Traffic Manager name with an IP address e From products zxtm lb config cpp 538 e Value type string e Default value lt none gt num_aptimizer_threads How many worker threads the Aptimizer process should create to optimise content By default one thread will be created for each CPU on the system e From products zxtm aptimizer config cpp 30 e Value type unsigned integer e Default value 0 num_children The number of worker processes the software will run By default one child process will be created for each CPU on the system You may wish to reduce this to effectively reserve
99. cred2 The second part of the credentials for the cloud user Typically this is some variation on the password concept e From products zxtm lb cloudcred_conf cpp 83 e Value type password e Default value lt none gt cred3 The third part of the credentials for the cloud user Typically this is some variation on the authentication token concept e From products zxtm lb cloudcred_conf cpp 95 e Value type password e Default value lt none gt script The script to call for communication with the cloud API e From products zxtm lb cloudcred_conf cpp 59 e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 27 Configuration Sections conf commkey status_reports_delta Whether the cloud API supports a delta mode for status calls DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb cloudcred_conf cpp 102 e Value type Yes No e Default value Yes update_interval The traffic manager will periodically check the status of the cloud through an API call This setting specifies the interval between such updates e From products zxtm lb cloudcred_conf cpp 38 e Value type unsigned integer e Default value 30 conf commkey The conf commkey file is for internal use only You should never manually alter this file There are no items to display for this configuration type conf c
100. ction of the System tab will be enforced e From products zxtm lb pool_config cpp 608 e Value type enumeration e Default value use_default e Permitted values use_default Use the global setting for TLSv1 1 enabled Enable TLSv1 1 disabled Disable TLSv1 1 ssl_support_tls1_2 Whether or not TLSv1 2 is enabled for this pool Choosing the global setting means the value of the configuration key ssl support_tls1_2 from the Global Settings section of the System tab will be enforced e From products zxtm lb pool_config cpp 626 e Value type enumeration e Default value use_default e Permitted values use_default Use the global setting for TLSv1 2 enabled Enable TLSv1 2 disabled Disable TLSv1 2 transparent Whether or not connections to the back ends appear to originate from the source client IP address e From products zxtm lb pool_config cpp 285 e Value type Yes No e Default value No Brocade Virtual Traffic Manager Configuration System Guide 83 Configuration Sections conf protection Key Description udp_accept_from The IP addresses and ports from which responses to UDP requests should be accepted If set to accept responses from a specific set of IP addresses you will need to enter a CIDR Mask such as 10 100 0 0 16 e From products zxtm Ib pool_config cpp 379 e Value type enumeration e Default value dest_only e Permitted values dest_only Only the IP address and
101. cts zxtm lb settings cpp 2908 e Value type unsigned integer e Default value 10 aptimizer resource_memory_limi t The maximum amount of memory the cache is allowed to have pinned Once it goes over that limit it starts releasing resource data in LRU order DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 2930 e Value type unsigned integer e Default value 256 aptimizer secret The secret key used to verify that URLs pointing to resources constructed by Aptimizer have not been altered DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 2816 e Value type string e Default value lt none gt 100 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key aptimizer watchdog_ interval Description The period of time in seconds after which a previous failure will no longer count towards the watchdog limit e From products zxtm lb settings cpp 2897 e Value type seconds e Default value 300 aptimizer watchdog_limit The maximum number of times the Aptimizer sub process will be started or restarted within the interval defined by the aptimizer watchdog_interval setting If the process fails this many times it must be restarted manually from the Diagnose page Zero means no limit e From products zxtm Ib settings cpp 2888 e Value type unsigned integer e D
102. d e From products zxtm lb pool_config cpp 558 e Value type enumeration e Default value use_default e Permitted values use_default Use the global setting for SSLv2 enabled Enable SSLv2 not recommended disabled Disable SSLv2 ssl_support_ssl3 Whether or not SSLv3 is enabled for this pool Choosing the global setting means the value of the configuration key ssl support_ssl3 from the Global Settings section of the System tab will be enforced e From products zxtm lb pool_config cpp 574 e Value type enumeration e Default value use_default e Permitted values use_default Use the global setting for SSLv3 enabled Enable SSLv3 disabled Disable SSLv3 82 Brocade Virtual Traffic Manager Configuration System Guide conf pools Configuration Sections Key Description ssl_support_tls1 Whether or not TLSv1 0 is enabled for this pool Choosing the global setting means the value of the configuration key ssl support_tls1 from the Global Settings section of the System tab will be enforced e From products zxtm Ib pool_config cpp 590 e Value type enumeration e Default value use_default e Permitted values use_default Use the global setting for TLSv1 0 enabled Enable TLSv1 0 disabled Disable TLSv1 0 ssl_support_tls1_1 Whether or not TLSv1 1 is enabled for this pool Choosing the global setting means the value of the configuration key ssl support_tls1_1 from the Global Settings se
103. d e From products zxtm lb authenticator cpp 95 e Value type string e Default value lt none gt Idap filter basedn The base distinguished name DN under which user records are located on the server e From products zxtm lb authenticator cpp 104 e Value type string e Default value lt none gt Idap ssl Whether or not to enable SSL encryption to the LDAP server e From products zxtm lb authenticator cpp 121 e Value type Yes No e Default value No Idap ssl cert The SSL certificate that the traffic manager should use to validate the remote server If no certificate is specified then no signature validation will be performed e From products zxtm lb authenticator cpp 144 e Value type string e Default value lt none gt Idap ssl type The type of LDAP SSL encryption to use e From products zxtm Ib authenticator cpp 132 e Value type enumeration e Default value Idaps e Permitted values Idaps LDAPS starttls Start TLS 24 Brocade Virtual Traffic Manager Configuration System Guide conf bandwidth Configuration Sections Key Description note A description of the authenticator e From products zxtm lb authenticator cpp 42 e Value type string e Default value lt none gt port The port on which the remote authenticator should be contacted e From products zxtm lb authenticator cpp 58 e Value type unsigned
104. d values none ro or full Diagnose Cluster Diagnosis Permitted values none ro or full Diagnose Replicate Cluster Diagnosis gt Replicate Permitted values none ro or full Event_Log Event Log Permitted values none ro or full Event_Log Clear Event Log gt Clear Permitted values none ro or full Event_Log Event_Archive Event Log gt Event Archive Permitted values none ro or full Routing Routing Permitted values none ro or full Support_Files Support Files Permitted values none ro or full Support Technical Support Permitted values none ro or full Support TSR Technical Support gt TSR Permitted values none ro or full Section Main Pages Help Help Permitted values none ro or full MainIndex Main Index Permitted values none ro or full Reboot Reboot Permitted values none ro or full Restart Restart Permitted values none ro or full Brocade Virtual Traffic Manager Configuration System Guide 57 Configuration Sections conf groups Key Shutdown Description Shutdown Permitted values none ro or full Section System Alerting Alerting Permitted values none ro or full Alerting Actions Alerting gt Actions Permitted values none ro or full Alerting Actions Edit Alerting gt Actions gt Edit Permitted val
105. dividual I O events in request and response traces Requires request tracing to be enabled e From products zxtm lb virtualserver cpp 439 e Requires request_tracing enabled is set to Yes e Value type Yes No e Default value No responserules Rules to be applied to responses in order comma separated e From products zxtm lb virtualserver cpp 242 e Value type list e Default value lt none gt 154 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections Key rtsp_streaming_portrange_high Description If non zero this controls the upper bound of the port range to use for streaming data connections e From products zxtm Ib virtualserver cpp 993 e Value type unsigned integer e Default value 0 rtsp_streaming_portrange_low If non zero this controls the lower bound of the port range to use for streaming data connections e From products zxtm lb virtualserver cpp 986 e Value type unsigned integer e Default value 0 rtsp_streaming_timeout If non zero data streams associated with RTSP connections will timeout if no data is transmitted for this many seconds e From products zxtm lb virtualserver cpp 1004 e Value type seconds e Default value 30 rules Rules to be applied to incoming requests in order comma separated e From products zxtm lb virtualserver cpp 233 e Value type li
106. e lt none gt 160 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections Key Description ssl_sites public_cert The SSL public certificate for a particular destination site IP The specific IP replaces the asterisk in the key name the value must be a valid certificate in the conf ssl server_keys directory The key can be specified multiple times to cover multiple IP addresses e From products zxtm lb virtualserver cpp 1322 e Requires ssl_decrypt is set to Yes e Value type string e Default value lt none gt ssl_support_ssl2 Whether or not SSLv2 is enabled for this virtual server Choosing the global setting means the value of configuration key ssl support_ssl2 from the Global Settings section of the System tab will be enforced e From products zxtm lb virtualserver cpp 1465 e Value type enumeration e Default value use_default e Permitted values use_default Use the global setting for SSLv2 enabled Enable SSLv2 not recommended disabled Disable SSLv2 ssl_support_ssl3 Whether or not SSLv3 is enabled for this virtual server Choosing the global setting means the value of configuration key ssl support_ssl3 from the Global Settings section of the System tab will be enforced e From products zxtm lb virtualserver cpp 1482 e Value type enumeration e Default value use_default e Permitted values use_default Use the global
107. e use_default e Permitted values use_default Use the global setting for TLSv1 2 enabled Enable TLSv1 2 disabled Disable TLSv1 2 ssl_trust_magic If the traffic manager is receiving traffic sent from another traffic manager then enabling this option will allow it to decode extra information on the true origin of the SSL connection This information is supplied by the first traffic manager e From products zxtm lb virtualserver cpp 1344 e Value type Yes No e Default value No ssl_use_ocsp Whether or not the traffic manager should use OCSP to check the revocation status of client certificates e From products zxtm lb virtualserver cpp 1682 e Value type Yes No e Default value No syslog enabled Whether or not to log connections to the virtual server to a remote syslog host e From products zxtm lb virtualserver cpp 1930 e Value type Yes No e Default value No syslog format The log format for the remote syslog This specifies the line of text that will be sent to the remote syslog when a connection to the traffic manager is completed Many parameters from the connection can be recorded using macros From products zxtm lb virtualserver cpp 1992 e Requires syslog enabled is set to Yes Value type string Default value h 1 Pu t Jr s b Referer i User agent i 162 Brocade Virtual Traffic Manager Configuration System Guide
108. e SSL3 TLS connection that is permitted To disable the minimum interval for handshakes the key should be set to the value 0 e From products zxtm lb settings cpp 2501 e Value type unsigned integer e Default value 1000 admin ssl_elliptic_curves The SSL elliptic curve preference list for admin and internal connections For information on supported curves see the online help e From products zxtm lb settings cpp 2448 e Value type string e Default value lt none gt admin ssl_max_handshake_mess The maximum size in bytes of SSL handshake messages that the admin server age_size and internal connections will accept To accept any size of handshake message the key should be set to the value 0 e From products zxtm lb settings cpp 2530 e Value type bytes e Default value 10240 admin ssl prevent timing _side c Take performance degrading steps to prevent exposing timing side channels hannels with SSL3 and TLS used by the admin server and internal connections e From products zxtm lb settings cpp 2484 e Value type Yes No e Default value No admin ssl_signature_algorithms The SSL signature algorithms preference list for admin and internal connections For information on supported algorithms see the online help e From products zxtm lb settings cpp 2431 e Value type string e Default value lt none gt admin support_ssl2 Whether or not SSL2 support
109. e is the name of the authenticator it defines Authenticators can be configured under the Catalogs gt Authenticators section of the Admin Server UI or by using functions under the Catalog Authenticators section of the SOAP API and CLI Key Description host The hostname or IP address of the remote authenticator e From products zxtm lb authenticator cpp 50 e Value type string e Default value lt none gt Idap attr A list of attributes to return from the search If blank no attributes will be returned If set to then all user attributes will be returned e From products zxtm lb authenticator cpp 114 e Value type list e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 23 Configuration Sections conf authenticators Key Idap bind dn Description The distinguished name DN of the bind user The traffic manager will connect to the LDAP server as this user when searching for user records e From products zxtm lb authenticator cpp 72 e Value type string e Default value lt none gt Idap bind password The password for the bind user e From products zxtm lb authenticator cpp 81 e Value type password e Default value lt none gt Idap filter The filter used to locate the LDAP record for the user being authenticated Any occurrences of u in the filter will be replaced by the name of the user being authenticate
110. e unsigned integer e Default value 1812 radius secret Secret key shared with the RADIUS server e From Zeus Authen RADIUS pm 287 e Requires auth type is set to RADIUS e Value type password e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 21 Configuration Sections conf auth Key Description radius server The IP or hostname of the RADIUS server e From Zeus Authen RADIUS pm 255 e Requires auth type is set to RADIUS e Value type string e Default value lt none gt radius timeout Connection timeout in seconds e From Zeus Authen RADIUS pm 276 e Requires auth type is set to RADIUS e Value type unsigned integer e Default value 30 Additional keys used when type is TACACSPlus tacacsplus authtype Authentication type to use e From Zeus Authen TACACSPlus pm 204 e Requires auth type is set to TACACSPlus e Value type enumeration e Default value PAP e Permitted values PAP PAP ASCII ASCII tacacsplus fallbackgroup If tacacsplus groupsvc is not defined above or no group value is provided for the user by the TACACS server the group specified here will be used If this is not specified users with no TACACS defined group will be denied access e From Zeus Authen TACACSPlus pm 239 e Requires auth type is set to TACACSPlus e Value type string e Default value lt none gt tacacsplus groupfield The TACACS service fie
111. e From products zxtm lb settings cpp 2978 e Value type Yes No e Default value No aptimizer enable_state_dump Whether or not the Aptimizer state will be dumped if aptimizer state dump is appended to an Aptimized URL DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2966 e Value type Yes No e Default value No aptimizer ipc_timeout The time after which connections between the traffic manager and Aptimizer processes will be closed should an optimization job take considerably longer than expected DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 2954 e Value type unsigned integer e Default value 120 aptimizer max_concurrent_jobs How many direct jobs can be in progress before optimization jobs start getting rejected by aptimizer DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 2990 e Value type unsigned integer e Default value 128 Brocade Virtual Traffic Manager Configuration System Guide 99 Configuration Sections conf settings cfg Key aptimizer max_dependent_fetch_ size Description The maximum size of a dependent resource that can undergo Aptimizer optimization Any content larger than this size will not be optimized Units of KB and MB can be used no postfix denotes bytes A value of 0 disables the limit e From products zxtm Ib settings cp
112. e gt Idap groupattr The LDAP attribute that gives a user s group If there are multiple entries for the attribute all will be extracted and they ll be lexicographically sorted then the first one to match a Permission Group name will be used e From Zeus Authen LDAP pm 460 e Requires auth type is set to LDAP e Value type string e Default value lt none gt Idap groupfield The sub field of the group attribute that gives a user s group For example if ldap groupattr is memberOf and this retrieves values of the form CN mygroup OU groups OU users DC mycompany DC local you would set groupfield to CN If there are multiple matching fields only the first matching field will be used e From Zeus Authen LDAP pm 476 e Requires auth type is set to LDAP e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 19 Configuration Sections conf auth Key Idap groupfilter Description If the user record returned by ldap filter does not contain the required group information you may specify an alternative group search filter here This will usually be required if you have Unix POSIX style user records If multiple records are returned the list of group names will be extracted from all of them The string u will be replaced by the username Example amp memberUid u objectClass posixGroup e From Zeus Authen LDAP pm 447 e Requires auth type is set to
113. e gt draining This is the list of locations for which this service is draining A location that is draining will never serve any of its service IP addresses for this domain This can be used to take a location off line e From products zxtm lb fqdn cpp 227 e Value type list e Default value lt none gt enabled Enable Disable our response manipulation of DNS e From products zxtm lb fqdn cpp 215 e Value type Yes No e Default value No Brocade Virtual Traffic Manager Configuration System Guide 91 Configuration Sections conf services Key geo_effect Description How much should the locality of visitors affect the choice of location used This value is a percentage 0 means that no locality information will be used and 100 means that locality will always control which location is used Values between the two extremes will act accordingly e From products zxtm lb fqdn cpp 196 e Value type unsigned integer e Default value 50 health_objects The objects that this service s health depends DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb fqdn cpp 246 e Value type list e Default value lt none gt last_resort_response The response to be sent in case there are no locations available e From products zxtm lb fqdn cpp 173 e Value type list e Default value lt none gt localips The IP addresses that
114. e has been deleted logfiledeleted A virtual server request log file was deleted appliances only maxclientbufferdrop Dropped connection request exceeded max_client_buffer limit The traffic manager is still reading the request but the amount of data read in is larger than max_client_buffer abandon the connection poolpersistencemismatch Pool uses a session persistence class that does not work with this virtual server s protocol privkeyok Private key now OK hardware available The private key for this virtual server is now available because some required hardware is available again respcompfail Error compressing HTTP response responsetoolarge Response headers from webserver too large The response headers from the webserver were bigger than max_server_buffer the request will be rejected with an error rtspstreamnoports No suitable ports available for streaming data connection Consider changing the tuneables streaming_portrange_low and streaming_portrange_high sipstreamnoports No suitable ports available for streaming data connection Consider changing the tuneables streaming_portrange_low and streaming_portrange_high ssldrop Request s received while SSL configuration invalid connection closed sslfail One or more SSL connections from clients failed recently One or more SSL connections from clients failed recently sslhandshakemsgsizelimit SSL handshake messages have exceeded the size p
115. e release notes before you begin the installation and configuration process Traffic Manager Manuals The Traffic Manager includes a comprehensive user manual that describes the Traffic Manager features in depth There are also getting started guides and a series of reference guides to cover additional functionality such as the TrafficScript rules language and product APIs You can download documentation for all supported versions of the Traffic Manager from the Riverbed Support Web site at https support riverbed com software index htm Traffic Manager Online Help Click the Help button on any page of the Admin UI to see detailed help information for that page You can also view contents and use index pages to navigate the online help 2 Brocade Virtual Traffic Manager Configuration System Guide Contacting Brocade Preface The Rules gt Edit page also has a link to TrafficScript Help a quick reference guide for the Traffic Manager functions Traffic Manager Information Online Product specifications can be found at http www riverbed com products solutions products application delivery stingray Visit the Brocade Splash community website for further documentation examples white papers and other resources http splash riverbed com Contacting Brocade This section describes how to contact departments within Brocade Technical support If you have problems installing using or replacing Brocade prod
116. e s clock has been set backwards by a significant amount your traffic manager should be restarted to prevent problems with timeouts fault tolerance and other areas 36 Brocade Virtual Traffic Manager Configuration System Guide conff events Configuration Sections Event Tag Description zxtmcpustarvation The number of simultaneously active connections has reached a level that the software cannot process in due time because of CPU starvation there is a high risk of connections timing out zxtmhighload The number of simultaneously active connections has reached a level that the software cannot process in due time there is a high risk of connections timing out zxtmswerror Internal software error Event tags for object type java javadied Java runner died javanotfound Cannot start Java runner program not found javastarted Java runner started javastartfail Java runner failed to start javastop Java support has stopped Java is now either unlicensed or disabled in Global Settings javaterminatefail Java runner failed to terminate The process handling Java extensions failed to terminate promptly Contact your support provider servleterror Servlet encountered an error Event tags for object type licensekeys analyticslicensedisabled Realtime Analytics support has been disabled analyticslicenseenabled Realtime Analytics support has been enabled autoscalinglicensedisabled
117. e source port to be used for active mode FTP data connections If 0 a random high port will be used otherwise the specified port will be used If a port below 1024 is required you must first explicitly permit use of low ports with the ftp_data_bind_low global setting e From products zxtm lb virtualserver cpp 976 e Value type unsigned integer e Default value 0 ftp_force_client_secure Whether or not the virtual server should require that incoming FTP data connections from the client originate from the same IP address as the corresponding client control connection e From products zxtm lb virtualserver cpp 934 e Value type Yes No e Default value Yes ftp_force_server_secure Whether or not the virtual server should require that incoming FTP data connections from the nodes originate from the same IP address as the node e From products zxtm lb virtualserver cpp 943 e Value type Yes No e Default value Yes ftp_portrange_high If non zero then this controls the upper bound of the port range to use for FTP data connections e From products zxtm lb virtualserver cpp 958 e Value type unsigned integer e Default value 0 ftp_portrange_low If non zero then this controls the lower bound of the port range to use for FTP data connections e From products zxtm lb virtualserver cpp 951 e Value type unsigned integer e Default value 0 glb_s
118. ection Configuring Config_Summary Config Summary Permitted values none ro or full Pools Pools Permitted values none ro or full Pools Edit Pools gt Edit Permitted values none ro or full Pools Edit Autoscaling Pools gt Edit gt Autoscaling Permitted values none ro or full Pools Edit Bandwidth Pools gt Edit gt Bandwidth Permitted values none ro or full Requires feature Bandwidth Pools Edit Connection_Managem ent Pools gt Edit gt Connection Management Permitted values none ro or full Pools Edit DNSAutoscaling Pools gt Edit gt DNS derived autoscaling Permitted values none ro or full Pools Edit Kerberos_Protocol_Tr ansition Pools gt Edit gt Kerberos Protocol Transition Permitted values none ro or full Pools Edit Load_Balancing Pools gt Edit gt Load Balancing Permitted values none ro or full Pools Edit Monitors Pools gt Edit gt Monitors Permitted values none ro or full Pools Edit Persistence Pools gt Edit gt Session Persistence Permitted values none ro or full Pools Edit SSL Pools gt Edit gt SSL Permitted values none ro or full Traffic_IP_Groups Traffic IP Groups Permitted values none ro or full Traffic_IP_Groups Edit Traffic IP Groups gt Edit Permitted values none ro or full Traffic _IP_Groups Networking
119. ed integer e Default value 1000 Brocade Virtual Traffic Manager Configuration System Guide 137 Configuration Sections conf ssl cas Key Description serious_threshold When the percentage of conforming responses drops below this level a serious error level message will be emitted e From products zxtm lb sim_config cpp 32 e Value type unsigned integer e Default value 0 warning_threshold When the percentage of conforming responses drops below this level a warning message will be emitted e From products zxtm lb sim_config cpp 42 e Value type unsigned integer e Default value 50 conf ssl cas The conf ssl cas directory contains SSL certificate authority certificates CAs and certificate revocation lists CRLs which can be used when validating server and client certificates CAs and CRLs can be managed under the Catalogs gt SSL gt CAs and CRLs section of the Admin Server Ul or by using functions under the Catalog SSL CertificateAuthorities section of the SOAP API and CLI Key Description There are no items to display for this configuration type conf ssl client_keys The conf ssl client_keys directory contains SSL public and private key files for use when connecting to backend nodes that require clients certificate authentication For each key managed by the software there will be two files the file names give the name of the SSL keypair followed by public or priva
120. ed preference list ssllelliptic_curves in the Global Settings section of the System tab See there for how to specify elliptic curves e From products zxtm lb virtualserver cpp 1447 e Value type string e Default value lt none gt ssl_headers Whether or not the virtual server should add HTTP headers to each request to show the SSL connection parameters e From products zxtm lb virtualserver cpp 1331 e Value type Yes No e Default value No ssl honor fallback_scsv Whether or not the Fallback SCSV sent by TLS clients is honored by this virtual server Choosing the global setting means the value of configuration key ssl honor_fallback_scsv from the Global Settings section of the System tab will be enforced e From products zxtm lb virtualserver cpp 1556 e Value type enumeration e Default value use_default e Permitted values use_default Use the global setting for Fallback SCSV enabled Enable Fallback SCSV disabled Disable Fallback SCSV ssl_max_key_size The maximum client certificate key size that the virtual server should accept DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb virtualserver cpp 1793 e Value type unsigned integer e Default value 2048 ssl_min_key_size The minimum client certificate key size that the virtual server should accept DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb virtualserver cp
121. ed to protect this server if any e From products zxtm lb virtualserver cpp 201 e Value type string e Default value lt none gt protocol The protocol that the virtual server is using e From products zxtm lb virtualserver cpp 180 e Value type enumeration e Default value http e Permitted values http HTTP ftp FTP imapv2 IMAPv2 imapv3 IMAPv3 imapv4 IMAPv4 pop3 POP3 smtp SMTP Idap LDAP telnet Telnet ssl SSL https SSL HTTPS imaps SSL IMAPS pop3s SSL POP3S Idaps SSL LDAPS udpstreaming UDP Streaming udp UDP dns DNS UDP dns_tcp DNS TCP sipudp SIP UDP siptcp SIP TCP rtsp RTSP server_first Generic server first client_first Generic client first stream Generic streaming proxy_close If set to Yes the traffic manager will send the client FIN to the back end server and wait for a server response instead of closing the connection immediately This is only necessary for protocols that require half close support to function correctly such as rsh If the traffic manager is responding to the request itself setting this key to Yes will cause the traffic manager to continue writing the response even after it has received a FIN from the client e From products zxtm lb virtualserver cpp 343 e Value type Yes No e Default value No Brocade Virtual Traffic Manager Configuration System Guide 153 Configuration Sections conf vservers Key pub
122. efault value 3 asp_cache_size The maximum number of entries in the ASP session cache This is used for storing session mappings for ASP session persistence Approximately 100 bytes will be pre allocated per entry e From products zxtm lb settings cpp 1470 e Value type unsigned integer e Default value 32768 auditlog mandatory_retention How long in days to enforce retention of audit log files the default is 5 years DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1288 e Value type unsigned integer e Default value 1826 auditlog via_eventd Whether to mirror the audit log to EventD e From products zxtm lb settings cpp 1308 e Value type Yes No e Default value No auditlog via_syslog Whether to output audit log message to the syslog e From products zxtm lb settings cpp 1298 e Value type Yes No e Default value No autodiscover enabled Whether or not to enable the traffic manager auto discovery port DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 594 e Value type Yes No e Default value Yes autoscaler slm_interval The interval at which the parent sends new SLM status to the autoscaler DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm autoscaler autoscaler cpp 258 e Value type seconds e Default value 10 Brocade Virtual Traffic
123. eference of the Traffic Manager configuration system Each section refers to a specific configuration type and lists all applicable configuration keys contained therein conf actionprogs The conf actionprogs directory contains programs and scripts that can be used by actions of the program type Action programs can be managed under the Catalogs gt Extra Files gt Action Programs section of the Admin Server UI or by using functions under the Alerting Action section of the SOAP API and CLI Key Description There are no items to display for this configuration type conf actions The conf actions directory contains configuration files for event handlers The name of a file is the name of the action it defines Actions can be configured under the System gt Alerting section of the Admin Server UI or by using functions under the Alerting Action section of the the SOAP API and CLI Brocade Virtual Traffic Manager Configuration System Guide 9 Configuration Sections conf actions Key note Description A description of the action e From products zxtm eventd handleraction cpp 55 e Value type string e Default value lt none gt overridelog Whether or not to override logging to the main event log if this action is triggered Note that this will only stop logging to the main event log other actions will still be triggered DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm
124. equires location regex is set to a regular expression e Value type string e Default value lt none gt location rewrite The action the virtual server should take if the Location header does not match the location regex regular expression e From products zxtm lb virtualserver cpp 832 e Value type enumeration e Default value 1 e Permitted values 0 Nothing 2 Rewrite the hostname to the request s Host header and rewrite the protocol and port if necessary 1 Do not rewrite the hostname Rewrite the protocol and port if the hostname matches the request s Host header log always_flush Write log data to disk immediately rather than buffering data DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb virtualserver cpp 1920 e Value type Yes No e Default value No log client_connection_failures Should the virtual server log failures occurring on connections to clients e From products zxtm lb virtualserver cpp 513 e Value type Yes No e Default value No log enabled Whether or not to log connections to the virtual server to a disk on the file system e From products zxtm Ib virtualserver cpp 1869 e Value type Yes No e Default value No 150 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections Key log filename Description The name of the file in which to store the reques
125. er Configuration System Guide 89 Configuration Sections conf services Key ssh_intrusion findtime Description The window of time in seconds the maximum number of connection attempts applies to More than maxretry failed attempts in this time span will trigger a ban e From products zxtm lb security cpp 37 e Value type unsigned integer e Default value 600 ssh_intrusion maxretry The number of failed connection attempts a host can make before being banned e From products zxtm lb security cpp 29 e Value type unsigned integer e Default value 6 ssh_intrusion whitelist The list of hosts to never ban identified by IP address DNS hostname or subnet mask in a space separated list e From products zxtm lb security cpp 46 e Value type list e Default value lt none gt conf services A global load balancing service is used by a virtual server to modify DNS requests in order load balance data across different GLB locations Key algorithm Description Defines the global load balancing algorithm to be used e From products zxtm lb fqdn cpp 122 e Value type enumeration e Default value hybrid e Permitted values load Load geo Geographic hybrid Adaptive roundrobin Round Robin weightedrandom Weighted Random chained Primary Backup all_monitors_needed Are all the monitors required to be working in a location to mark this
126. ermitted by configuration SSL handshake messages have exceeded the size permitted by configuration sslrehandshakemininterval SSL re handshake requests have exceeded the frequency permitted by configuration SSL re handshake requests have exceeded the frequency permitted by configuration vscacertexpired Certificate Authority certificate expired Certificate Authority certificate expired 44 Brocade Virtual Traffic Manager Configuration System Guide conf extra Configuration Sections Event Tag Description vscacerttoexpire Certificate Authority certificate will expire within seven days Certificate Authority certificate to expire vscrloutofdate CRL for a Certificate Authority is out of date vslogwritefail Failed to write log file for virtual server vssslcertexpired Public SSL certificate expired Public SSL certificate expired vssslcerttoexpire Public SSL certificate will expire within seven days Public SSL certificate to expire vsstart Virtual server started vsstop Virtual server stopped Event tags for object type zxtms versionmismatch Configuration update refused traffic manager version mismatch conf extra The conf extra directory contains miscellaneous user uploaded files These files can be used in TrafficScript code using the resource get function The files can be managed under the Catalogs gt Extra Files gt Miscellaneous Files section of the Admin Se
127. ers must explicitly agree to the displayed login_banner text before logging in to the Admin Server e From products zxtm lb settings cpp 632 e Value type Yes No e Default value No bgp as_number The number of the BGP AS in which the traffic manager will operate Must be entered in decimal e From products zxtm lb flipper_settings_keys cpp 192 e Value type unsigned integer e Default value 65534 Brocade Virtual Traffic Manager Configuration System Guide 103 Configuration Sections conf settings cfg Key Description bgp enabled Whether BGP Route Health Injection is enabled e From products zxtm lb flipper_settings_keys cpp 183 e Value type Yes No e Default value No child_control_command_timeout Timeout for waiting for child processes to respond to parent control requests If a child process zeus zxtm zeus eventd zeus autoscaler etc takes longer than this number of seconds to respond to a parent control command error messages will be logged for every multiple of this number of seconds for example if set to 10 seconds a log message will be logged every 10 seconds until the child responds or is automatically killed see the child_control_kill_timeout setting DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 850 e Value type seconds e Default value 10 child_control_kill_timeout Timeout for waiting for child processes to
128. ervices The associated GLB services for this DNS virtual server e From products zxtm lb virtualserver cpp 2010 e Value type list e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 145 Configuration Sections conf vservers Key gzip chunk Description Use HTTP chunking to deliver data to the client If this is turned off we won t use chunking when gzipping server data This would mean that the response couldn t be kept alive DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb virtualserver cpp 1231 e Value type Yes No e Default value Yes gzip compresslevel Compression level 1 9 1 low 9 high e From products zxtm lb virtualserver cpp 1201 e Value type unsigned integer e Default value 1 gzip enabled Compress web pages sent back by the server e From products zxtm lb virtualserver cpp 1193 e Value type Yes No e Default value No gzipletag_rewrite How the ETag header should be manipulated when compressing content e From products zxtm lb virtualserver cpp 1261 e Value type enumeration e Default value wrap e Permitted values ignore Leave the ETag unchanged delete Delete the ETag header weaken Change the ETag header to specify a weak match wrap Wrap the ETag and attempt to unwrap safe conditional requests gzip include_mime MIME types to compress Complete
129. ervices used to control access to the software The name of a file is the name of the authenticator it defines Authenticators can be configured under the System gt Users section of the Admin Server UL Key Description auth description A description of the authenticator e From Zeus Authen pm 85 e Value type string e Default value lt none gt auth enabled Whether or not this authenticator is enabled e From Zeus Authen pm 101 e Value type Yes No e Default value No auth type The type of the authenticator e From Zeus Authen pm 94 e Value type enumeration e Default value lt none gt e Permitted values LDAP LDAP RADIUS RADIUS TACACSPlus TACACS Additional keys used when type is LDAP Idap basedn The base DN Distinguished Name under which directory searches will be applied The entries for your users should all appear under this DN An example of a typical base DN is OU users DC mycompany DC local e From Zeus Authen LDAP pm 359 e Requires auth type is set to LDAP e Value type string e Default value lt none gt Idap binddn Template to construct the bind DN Distinguished Name from the username The string u will be replaced by the username Examples u mycompany local for Active Directory or cn u de mycompany dc local for both LDAP and Active Directory e From Zeus Authen LDAP pm 430 e Requires auth type is set to LDAP e Value type string e Default value
130. ey http_chunk_overhead_forwardin 8 Description Handling of HTTP chunk overhead When vIM receives data from a server or client that consists purely of protocol overhead contains no payload forwarding of such segments is delayed until useful payload data arrives setting lazy Changing this key to eager will make vTM incur the overhead of immediately passing such data on it should only be used with HTTP peers whose chunk handling requires it e From products zxtm lb virtualserver cpp 623 e Value type enumeration e Default value lazy e Permitted values lazy lazy eager eager issued_certs_never_expire When the virtual server verifies certificates signed by these certificate authorities it doesn t check the not after date i e they are considered valid even after their expiration date has passed but not if they have been revoked e From products zxtm lb virtualserver cpp 1656 e Requires ssl_decrypt is set to Yes e Value type list e Default value lt none gt keepalive Whether or not the virtual server should use keepalive connections with the remote clients e From products zxtm lb virtualserver cpp 553 e Value type Yes No e Default value Yes keepalive_timeout The length of time that the virtual server should keep an idle keepalive connection before discarding it A value of 0 zero will mean that the keepalives are never closed by the traffic
131. ey is of the form user lt username gt old_password lt n gt where lt username gt is the name of the user and lt n gt takes integer values starting from 0 and signifies the nth most recent password e From products zxtm Ib balancer cpp 248 e Value type password e Default value lt none gt user old_password_timestamp The timestamp of the nth most recent password This key is of the form user lt username gt old_password_timestamp lt n gt and stores the timestamp when the user lt username gt old_password lt n gt was recorded in the file See user lold_password config key description for more details e From products zxtm Ib balancer cpp 262 e Value type string e Default value lt none gt user password A salted MD5 hash of the user s password User records from older versions of the software may use a crypt style hash e From products zxtm Ib balancer cpp 222 e Value type password e Default value lt none gt user password timestamp Timestamp representing the time that the current password was created This is used internally by the software to track password expiry e From products zxtm lb balancer cpp 232 e Value type string e Default value lt none gt user Istatus The user s status e From products zxtm lb balancer cpp 298 e Value type enumeration e Default value 1 e Permitted values 1 Active 2 Suspended
132. false Placement Tenancy default e From products zxtm lb pool_config cpp 964 e Requires autoscale enabled issetto yes e Value type string e Default value lt none gt autoscale hysteresis The time period in seconds for which a change condition must persist before the change is actually instigated e From products zxtm lb pool_config cpp 791 e Value type unsigned integer e Default value 20 autoscale imageid The identifier for the image of the instances to create e From products zxtm lb pool_config cpp 757 e Requires autoscale enabled issetto yes e Value type string e Default value lt none gt 72 Brocade Virtual Traffic Manager Configuration System Guide conf pools Configuration Sections Key autoscale ipstouse Description Which type of IP addresses on the node to use Choose private IPs if the traffic manager is in the same cloud as the nodes otherwise choose public IPs e From products zxtm lb pool_config cpp 772 e Requires autoscale enabled issetto yes e Value type enumeration e Default value publicips e Permitted values publicips Public IP addresses privateips Private IP addresses autoscale lastnode_idletime The time in seconds for which the last node in an autoscaled pool must have been idle before it is destroyed This is only relevant if min_nodes is 0 e From products zxtm lb pool_config cpp 802 e Value type unsig
133. foo e From products zxtm monitor monitor_program cpp 59 e Requires type is set to program e Value type string e Default value lt none gt program The program to run This must be an executable file either within the conf scripts directory or specified as an absolute path to some other location on the filesystem e From products zxtm monitor monitor_program cpp 85 e Requires type is set to program e Value type string e Default value lt none gt protocol Which protocol the monitor checks DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm monitor monitor_program cpp 67 e Requires type is set to program e Value type enumeration e Default value tcp e Permitted values tcp TCP udp UDP both TCP and UDP Additional keys used when type is rtsp rtsp_body_regex The regular expression that the RTSP response body must match e From products zxtm monitor monitor_rtsp cpp 49 e Requires type is set to rtsp e Value type string e Default value lt none gt rtsp_path The path to use in the RTSP request some servers will return 500 Internal Server Error unless this is a valid media file e From products zxtm monitor monitor_rtsp cpp 59 e Requires type is set to rtsp e Value type string e Default value rtsp_status_regex The regular expression that the RTSP response status code must match e From produc
134. found is not valid the group specified here will be used e From Zeus Authen RADIUS pm 322 e Requires auth type is set to RADIUS e Value type string e Default value lt none gt radius groupattr The RADIUS identifier for the attribute that specifies an account s group May be left blank if radius fallbackgroup is specified e From Zeus Authen RADIUS pm 310 e Requires auth type is set to RADIUS e Value type unsigned integer e Default value 1 radius groupvendor The RADIUS identifier for the vendor of the RADIUS attribute that specifies an account s group Leave blank if using a standard attribute i e for Filter Id set radius groupattr to 11 e From Zeus Authen RADIUS pm 299 e Requires auth type is set to RADIUS e Value type unsigned integer e Default value 7146 radius nas identifier This value is sent to the RADIUS server e From Zeus Authen RADIUS pm 343 e Requires auth type is set to RADIUS e Value type string e Default value lt none gt radius nas ip address This value is sent to the RADIUS server if left blank the address of the interfaced used to connect to the server will be used e From Zeus Authen RADIUS pm 333 e Requires auth type is set to RADIUS e Value type string e Default value lt none gt radius port The port to connect to the RADIUS server on e From Zeus Authen RADIUS pm 266 e Requires auth type is set to RADIUS e Value typ
135. fter which configuration replication across the cluster will be cancelled if it has not completed e From products zxtm lb settings cpp 181 e Value type seconds e Default value 10 shared_pool_size The size of the shared memory pool used for shared storage across worker processes e g bandwidth shared data This is specified as either a percentage of system RAM 5 for example or an absolute size such as 10MB e From products zxtm lb settings cpp 1066 e Value type string e Default value 10MB slm_class_limit The maximum number of SLM classes that can be created Approximately 100 bytes will be pre allocated per SLM class e From products zxtm lb settings cpp 370 e Value type unsigned integer e Default value 1024 snmp_user_counters The number of user defined SNMP counters Approximately 100 bytes will be pre allocated at start up per user defined SNMP counter e From products zxtm lb settings cpp 327 e Value type unsigned integer e Default value 10 so_rbuff size The size of the operating system s read buffer A value of 0 zero means to use the OS default in normal circumstances this is what should be used e From products zxtm lb settings cpp 926 e Value type bytes e Default value 0 so_wbuff_size The size of the operating system s write buffer A value of 0 zero means to use the OS default in normal circumstances th
136. further autoscalinghitroof Maximum size reached by autoscaled pool cannot grow further autoscalinghysteresiscantgrow An autoscaled pool is waiting to grow An autoscaled pool should grow according to its response statistics but the hysteresis setting demands that the growth condition persist for a longer time before the pool actually creates a new node autoscalinghysteresiscantshrink An autoscaled pool is waiting to shrink An autoscaled pool should shrink according to its response statistics but the hysteresis setting demands that the shrink condition persist for a longer time before the pool actually creates a new node autoscalingpoolstatechange An autoscaled pool s state has changed autoscalingresuscitatepool An autoscaled pool has failed completely badcontentlen HTTP response contained an invalid Content Length header The HTTP response contained an invalid Content Length header The traffic manager will not be able to detect the end of the response and the response cannot make use of keep alives cannotshrinkemptypool Attempt to scale down a pool that only had pending nodes or none at all ehloinvalid Node returned invalid EHLO response nodedrainingtodelete Removed node is in use and will be drained Removed node is in use and will be drained nodedrainingtodeletetimeout Draining to delete period for node has expired Draining to delete period has timed out for node
137. g applies only to local users e From products zxtm lb balancer cpp 184 e Value type unsigned integer e Default value 0 timeout Inactive UI sessions will timeout after this number of seconds To disable inactivity timeouts for the group set this to 0 zero e From products zxtm lb balancer cpp 154 e Value type unsigned integer e Default value 30 Permission keys by section Section Activity Connections Connections Permitted values none ro or full Connections Details Connections gt Details Permitted values none ro or full Web_Cache Content Cache Permitted values none ro or full Web_Cache Clear Content Cache gt Clear Permitted values none ro or full Monitoring Current Activity Permitted values none ro or full Monitoring Edit Current Activity gt Edit Permitted values none ro or full Request_Logs Download Logs Permitted values none ro or full Draining Draining Nodes Permitted values none ro or full Statd Historical Activity Permitted values none ro or full Map Map Permitted values none ro or full Brocade Virtual Traffic Manager Configuration System Guide 49 Configuration Sections conf groups Key Log_Viewer Description View Logs Permitted values none ro or full Log_Viewer View View Logs gt View Permitted values n
138. gram monitor sip SIP monitor rtsp RTSP monitor udp_accept_all If this monitor uses UDP should it accept responses from any IP and port e From products zxtm monitor monitor cpp 102 e Value type Yes No e Default value No use_ssl Whether or not the monitor should connect using SSL e From products zxtm monitor monitor cpp 86 e Requires can_use_ssl is set to Yes e Value type Yes No e Default value No verbose Whether or not the monitor should emit verbose logging This is useful for diagnosing problems e From products zxtm monitor monitor cpp 70 e Value type Yes No e Default value No Additional keys used when type is http 66 Brocade Virtual Traffic Manager Configuration System Guide conf monitors Configuration Sections Key authentication Description The HTTP basic auth lt user gt lt password gt to use for the test HTTP request e From products zxtm monitor monitor_http cpp 66 e Requires type is set to http e Value type string e Default value lt none gt body_regex A regular expression that the HTTP response body must match If the response body content doesn t matter then set this to match anything e From products zxtm monitor monitor_http cpp 90 e Requires type is set to http e Value type string e Default value lt none gt host_header The host header to use in the te
139. guration System Guide conf zxtms Configuration Sections Key snmp security_level Description The security level for SNMPv3 communications e From products zxtm Ib config cpp 312 e Value type enumeration Default value noAuthNoPriv e Permitted values noAuthNoPriv No Authentication No Privacy authNoPriv Authentication only authPriv Authentication and Privacy snmp username The username required for SNMPv3 commands If empty all SNMPv3 commands will be rejected e From products zxtm lb config cpp 343 e Value type string e Default value lt none gt soap max_requests The maximum SOAP requests before the SOAP processes restarts Set to 0 to disable DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 518 e Value type unsigned integer e Default value 0 start_flipper Whether or not to start the flipper process DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 432 e Value type Yes No e Default value Yes start_sysd Whether or not to start the sysd process on software installations Appliance and EC2 will always run sysd regardless of this config key DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 441 e Value type Yes No e Default value Yes trafficip networks A configuration of networks keyed by interface used by flipper
140. he Alerting section of the UI e From products zxtm lb settings cpp 1261 e Value type enumeration e Default value 6 e Permitted values 1 ERR_FATAL 2 ERR_SERIOUS 5 ERR_WARN 6 ERR_INFO errlog The file to log event messages to e From products zxtm lb settings cpp 1234 e Value type string e Default value zeushome zxtm log errors fips enabled Enable FIPS Mode requires software restart e From products zxtm lb settings cpp 1986 e Value type Yes No e Default value No flipper arp_count The number of ARP packets a traffic manager should send when an IP address is raised e From products zxtm lb flipper_settings_keys cpp 334 e Value type unsigned integer e Default value 10 flipper arp_whohas Whether or not ARP packets sent out to announce an IP address should be sent with a who has message If set to No your traffic manager will send out ARP packets with an is at message This use of an is at message is non standard but was the default behaviour in earlier releases of vTM software DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 346 e Value type Yes No e Default value Yes flipper autofailback Whether or not traffic IPs automatically move back to machines that have recovered from a failure and have dropped their traffic IPs e From products zxtm lb flipper_set
141. he bandwidth allocation should be shared between consumers In pooled mode the allocation is shared between all consumers who can write as much data as they want until the pool of data is exhausted In quota mode bandwidth is divided between consumers who can write only as much as they are allocated Any unused bandwidth will be lost DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1119 e Value type enumeration e Default value pooled e Permitted values quota quota pooled pooled bandwidth max_spare_time Maximum spare bandwidth to build up A larger value means that if connections are slow for a while we can use more of the previous difference between limit and quota for future transfers However too large a time will mean that we allow large bursts of traffic that exceed the bandwidth limits Value is in milliseconds DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm b settings cpp 1085 e Value type unsigned integer e Default value 200 102 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key bandwidth min_write Description Minimum packet size when writing bandwidth Don t write smaller chunks of data than this size Writing tiny packets is inefficient and actually increases bandwidth usage because of the TCP and IP packet wrapper DO NOT SET OR MODIFY THIS KEY MANUALLY e Fro
142. hose from monitors to this pool appear to be working This should normally be enabled so that when a node is refusing connections responding too slowly or sending back invalid data it can mark that node as failed and stop sending requests to it If this is disabled you should ensure that suitable health monitors are configured to check your servers instead otherwise failed requests will not be detected and subsequently retried e From products zxtm lb pool_config cpp 91 e Value type Yes No e Default value Yes persistence The default Session Persistence class this pool uses if any e From products zxtm lb pool_config cpp 162 e Value type string e Default value lt none gt priority enabled Enable priority lists e From products zxtm lb pool_config cpp 430 e Value type Yes No e Default value No priority nodes Minimum number of highest priority active nodes e From products zxtm lb pool_config cpp 452 e Value type unsigned integer e Default value 1 priority values A list of node priorities higher values signify higher priority Priorities are specified using the format lt ip gt lt port gt lt priority gt if a priority is not specified for a node it is assumed to be 1 e From products zxtm Ib pool_config cpp 445 e Value type list e Default value lt none gt queue_timeout The maximum time to keep a connection queued in seconds
143. ient sent invalid HTTP request body Invalid request body data encountered by rule rulestreamerrorgetresponse Attempt to use http getResponse or http getResponseBody after http stream startResponse Attempt to use http getResponse or http getResponseBody after http stream startResponse rulestreamerrorinternal Internal error while processing HTTP stream rulestreamerrornotenough Rule did not supply enough data in HTTP stream Rule had specified a content length but then supplied less data than advertised Correct Content Length header in rule Java Extension or remove it altogether rulestreamerrornotfinished Attempt to initialize HTTP stream before previous stream had finished Either a rule called http stream startResponse twice or a rule failed to call http stream finishResponse and its connection was kept alive Check the use of the http stream TrafficScript functions in your rules rulestreamerrornotstarted Attempt to stream data or finish a stream before streaming had been initialized A rule called http stream writeResponse or http stream finishResponse before calling http stream startResponse Check the use of the http stream TrafficScript functions in your rules rulestreamerrorprocessfailure Data supplied to HTTP stream could not be processed The data provided by a rule for streaming could not be processed successfully Check the use of the http stream TrafficScr
144. ies no limit e From products zxtm lb pool_config cpp 205 e Value type unsigned integer e Default value 2 monitors A list of monitors assigned to this pool e From products zxtm lb pool_config cpp 77 e Value type list e Default value lt none gt 78 Brocade Virtual Traffic Manager Configuration System Guide conf pools Configuration Sections Key node_close_with_rst Description Whether or not connections to the back end nodes should be closed with a RST packet rather than a FIN packet This avoids the TIME_WAIT state which on rare occasions allows wandering duplicate packets to be safely ignored e From products zxtm lb pool_config cpp 332 e Value type Yes No e Default value No node_connclose Close all connections to a node once we detect that it has failed e From products zxtm lb pool_config cpp 312 e Value type Yes No e Default value No no de_connection_attempts The number of times the software will attempt to connect to the same back end node before marking it as failed This is only used when passive_monitoring is enabled e From products zxtm lb pool_config cpp 296 e Value type unsigned integer e Default value 3 node delete behavior Specify the deletion behavior for nodes in this pool e From products zxtm lb pool_config cpp 217 e Value type enumeration e Default value immediate e Permitted values im
145. iguration System Guide
146. ing them has dropped them flipperrecovered Machine is ready to raise Traffic IP addresses machinefail Remote machine has failed machineok Remote machine is now working Remote machine is now working machinerecovered Remote machine has recovered and can raise Traffic IP addresses machinetimeout Remote machine has timed out and been marked as failed multihostload The amount of load handled by the local machine destined for this Traffic IP has changed ospfneighborsdegraded Some of the monitored OSPF neighbors are not peered Some of the neighboring OSPF routers being monitored by flipper ospfv2_neighbor_addrs are not peered ospfneighborsfailed None of the monitored OSPF neighbors are peered None of the neighboring OSPF routers being monitored by flipper ospfv2_neighbor_addrs are peered Brocade Virtual Traffic Manager Configuration System Guide 33 Configuration Sections conf events Event Tag Description ospfneighborsok All monitored OSPF neighbors are peered The neighboring OSPF routers being monitored by flipper ospfv2_neighbor_addrs are all peered pingbackendfail Failed to ping back end nodes pingfrontendfail Failed to ping any of the machines used to check the front end connectivity pinggwfail Failed to ping default gateway pingsendfail Failed to send ping packets routingswfailed Routing software had a major failure and will be restarted The routing software stack
147. ings cpp 2643 e Value type unsigned integer e Default value 0 min_special_chars Minimum number of special non alphanumeric characters a password must contain Set to 0 to disable this restriction e From products zxtm lb settings cpp 2690 e Value type unsigned integer e Default value 0 min_uppercase_chars Minimum number of uppercase characters a password must contain Set to 0 to disable this restriction e From products zxtm lb settings cpp 2666 e Value type unsigned integer e Default value 0 Brocade Virtual Traffic Manager Configuration System Guide 117 Configuration Sections conf settings cfg Key monitor_memory_size Description The maximum number of nodes that can be monitored This is used to size the shared memory that keeps track of the state e From products zxtm lb settings cpp 1378 e Value type unsigned integer e Default value 4096 monitor_scripts_per_second The maximum number of scripts to run per second Setting this to 0 disables the limit DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm monitor settings cpp 75 e Value type unsigned integer e Default value 0 notify mail_interval The minimum length of time that must elapse between alert emails being sent Where multiple alerts occur inside this timeframe they will be retained and sent within a single email rather than separately e From
148. integer e Default value 389 conf bandwidth The conf bandwidth directory contains configuration files for bandwidth classes The name of a file is the name of the bandwidth class it defines Bandwidth classes can be configured under the Catalogs gt Bandwidth section of the Admin Server UI or by using functions under the Catalog Bandwidth section of the SOAP API and CLI Key Description maximum The maximum bandwidth to allocate to connections that are associated with this bandwidth class in kbits second e From products zxtm lb bandwidth cpp 149 e Value type unsigned integer e Default value 10000 note A description of this bandwidth class e From products zxtm lb bandwidth cpp 141 e Value type string e Default value lt none gt sharing The scope of the bandwidth class e From products zxtm lb bandwidth cpp 161 e Value type enumeration e Default value cluster e Permitted values connection Each connection can use the maximum rate machine Bandwidth is shared per traffic manager cluster Bandwidth is shared across all traffic managers Brocade Virtual Traffic Manager Configuration System Guide 25 Configuration Sections conf bgpneighbors conf bgpneighbors The conf bgpneighbors directory contains configuration files for BGP neighbors The name of a file is the name of the neighbor configuration that it defines BGP neighbors can be managed under the System gt
149. ion Sections Key ssld azure client_id Description The client identifier used when accessing the Microsoft Azure Key Vault e From products zxtm lb settings cpp 1857 e Value type string e Default value lt none gt ssld azure client_secret The client secret used when accessing the Microsoft Azure Key Vault e From products zxtm lb settings cpp 1867 e Value type password e Default value lt none gt ssld azure connect_timeout Timeout for establishing a connection to the Azure Key Vault REST API Using a value of 0 will use libcurl s built in timeout DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 1897 e Value type unsigned integer e Default value 10 ssld azurelidle_timeout Idle timeout for a connection to the Azure Key Vault REST API Using a value of 0 will deactivate the timeout DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1908 e Value type unsigned integer e Default value 30 ssld azure vault_url The URL for the REST API of the Microsoft Azure Key Vault e From products zxtm Ib settings cpp 1848 e Value type string e Default value lt none gt ssld azure verify_rest_api_cert Whether or not the Azure Key Vault REST API certificate should be verified e From products zxtm lb settings cpp 1876 e Value type Yes No e Default value Yes ssld bac
150. ions using TLS version 1 2 or higher unless overridden by virtual server or pool settings For information on supported algorithms see the online help e From products zxtm lb settings cpp 2060 e Value type string e Default value lt none gt 126 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key ssl ssl3_allow_rehandshake Description Whether or not SSL3 TLS re handshakes should be supported Enabling support for re handshakes can expose services to Man in the Middle attacks It is recommended that only safe handshakes be permitted or none at all e From products zxtm lb settings cpp 2095 e Value type enumeration e Default value safe e Permitted values always Always allow safe Allow safe re handshakes rfc5746 Only if client uses RFC 5746 Secure Renegotiation Extension never Never allow ssl ss 3_ ciphers The SSL ciphers to use For information on supported ciphers see the online help e From products zxtm Ib settings cpp 2040 e Value type string e Default value lt none gt ssl ss13_diffie_hellman_client_mi n_key_length The minimum length in bits of the Diffie Hellman key that the Traffic Manager will accept when connecting using Diffie Hellman key agreement as a client DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 2182 e Value type unsigned integer
151. ipt functions in your rules rulestreamerrortoomuch Rule supplied too much data in HTTP stream Rule had specified a content length but then supplied more data than advertised Correct Content Length header in rule Java Extension or remove it altogether rulexmlerr Rule encountered an XML error serviceruleabort GLB service rule aborted during execution servicerulelocdead GLB service rule specified a location that has either failed or been marked as draining in the service configuration servicerulelocnotconfigured GLB service rule specified a location that is not configured for the service servicerulelocunknown GLB service rule specified an unknown location Event tags for object type services glbactivedcmismatch Active datacentre mismatches among cluster members glbdeadlocmissingips A DNS Query returned IP addresses that are not configured for any location that is currently alive glbfailalter Failed to alter DNS packet for global load balancing The DNS packet could not be altered This usually occurs when the record is signed using DNSSEC and there is no private key configured to re sign it 42 Brocade Virtual Traffic Manager Configuration System Guide conf events Configuration Sections Event Tag Description glblogwritefail Failed to write log file for GLB service glbmanualfailback Manual failback triggered Manual failback triggered glbmissingips A DNS
152. irm an HTTP connection is transitioning to the WebSockets protocol If that such a response is detected the traffic manager will cease any protocol specific processing on the connection and just pass incoming data to the client server as appropriate e From products zxtm lb virtualserver cpp 636 e Value type Yes No e Default value Yes bandwidth_class The bandwidth management class that this server should use if any e From products zxtm lb virtualserver cpp 222 e Value type string e Default value lt none gt client_cas The certificate authorities that this virtual server should trust to validate client certificates If no certificate authorities are selected and client certificates are requested then all client certificates will be accepted e From products zxtm lb virtualserver cpp 1620 e Requires ssl_decrypt is set to Yes e Value type list e Default value lt none gt close_with_rst Whether or not connections from clients should be closed with a RST packet rather than a FIN packet This avoids the TIME_WAIT state which on rare occasions allows wandering duplicate packets to be safely ignored e From products zxtm lb virtualserver cpp 360 e Value type Yes No e Default value No completionrules Rules that are run at the end of a transaction in order comma separated e From products zxtm lb virtualserver cpp 252 e Value type l
153. is substitution Parameters 1 9 can be used to represent bracketed parts of the regular expression e From products zxtm Ib virtualserver cpp 906 e Requires cookie pathregex is set to a regular expression e Value type string e Default value lt none gt cookie secure Whether or not the traffic manager should modify the secure tag of any cookies set by a back end web server e From products zxtm lb virtualserver cpp 921 e Value type enumeration e Default value 0 e Permitted values 0 Do not modify the secure tag 1 Set the secure tag 2 Unset the secure tag Brocade Virtual Traffic Manager Configuration System Guide 143 Configuration Sections conf vservers Key dns edns_client_subnet Description Enable Disable use of EDNS client subnet option e From products zxtm lb virtualserver cpp 2077 e Value type Yes No e Default value Yes dns edns_udpsize EDNS UDP size advertised in responses e From products zxtm lb virtualserver cpp 2024 e Value type unsigned integer e Default value 4096 dns max_udpsize Maximum UDP answer size e From products zxtm lb virtualserver cpp 2032 e Value type unsigned integer e Default value 4096 dns rrset_order Response record ordering e From products zxtm lb virtualserver cpp 2063 e Value type enumeration e Default value fixed e Permitted values fixed Fi
154. is enabled for admin server and internal connections e From products zxtm lb settings cpp 2358 e Value type Yes No e Default value No Brocade Virtual Traffic Manager Configuration System Guide 95 Configuration Sections conf settings cfg Key admin support_ssl3 Description Whether or not SSL3 support is enabled for admin server and internal connections e From products zxtm lb settings cpp 2364 e Value type Yes No e Default value No admin support_tls1 Whether or not TLS1 0 support is enabled for admin server and internal connections e From products zxtm Ib settings cpp 2370 e Value type Yes No e Default value Yes admin support_tls1_1 Whether or not TLS1 1 support is enabled for admin server and internal connections e From products zxtm lb settings cpp 2377 e Value type Yes No e Default value Yes admin support_tls1_2 Whether or not TLS1 2 support is enabled for admin server and internal connections e From products zxtm Ib settings cpp 2384 e Value type Yes No e Default value Yes afm_cluster_timeout How long in seconds to wait for the application firewall control script to complete clustering operations for the application firewall DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2777 e Value type int e Default value 30 afm_control_timeout How long
155. is is what should be used e From products zxtm lb settings cpp 936 e Value type bytes e Default value 0 soap idle_minutes The number of minutes that the SOAP server should remain idle before exiting The SOAP server has a short startup delay the first time a SOAP request is made subsequent SOAP requests don t have this delay e From products zxtm lb settings cpp 340 e Value type unsigned integer e Default value 10 Brocade Virtual Traffic Manager Configuration System Guide 123 Configuration Sections conf settings cfg Key socket_opt Description Whether or not the traffic manager should use potential network socket optimisations If set to auto a decision will be made based on the host platform e From products zxtm lb settings cpp 878 e Value type enumeration e Default value auto e Permitted values auto auto Yes Yes No No ssl cache expiry How long the SSL session IDs for SSL decryption should be stored for e From products zxtm Ib settings cpp 2221 e Value type seconds e Default value 1800 ssllcache per_virtualserver Whether an SSL session created by a given virtual server can only be resumed by a connection to the same virtual server e From products zxtm lb settings cpp 2232 e Value type Yes No e Default value Yes ssl cache size How many entries the SSL session ID cache should hold This cache is used to
156. ist e Default value lt none gt 142 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections Key connect_timeout Description The time in seconds to wait for data from a new connection If no data is received within this time the connection will be closed A value of 0 zero will disable the timeout e From products zxtm Ib virtualserver cpp 455 e Value type seconds e Default value 10 cookie domain The way in which the traffic manager should rewrite the domain portion of any cookies set by a back end web server e From products zxtm lb virtualserver cpp 872 e Value type enumeration e Default value 0 e Permitted values 0 Do not rewrite the domain 1 Rewrite the domain to the host header of the request 2 Rewrite the domain to the named domain value cookie newdomain The domain to use when rewriting a cookie s domain to a named value e From products zxtm lb virtualserver cpp 884 e Requires cookie domain is set to 2 e Value type string e Default value lt none gt cookie pathregex If you wish to rewrite the path portion of any cookies set by a back end web server provide a regular expression to match the path e From products zxtm lb virtualserver cpp 894 e Value type string e Default value lt none gt cookie pathreplace If cookie path regular expression matches it will be replaced by th
157. itors Edit CopyMonitor Monitors gt Edit gt Copy Monitor Permitted values none ro or full Catalog Overview Permitted values none ro or full Persistence Persistence Permitted values none ro or full Persistence Edit Persistence gt Edit Permitted values none ro or full Persistence Edit CopyClass Persistence gt Edit gt Copy Class Permitted values none ro or full Service_Protection Protection Permitted values none ro or full Service_Protection Edit Protection gt Edit Permitted values none ro or full 52 Brocade Virtual Traffic Manager Configuration System Guide conf groups Configuration Sections Key Service_Protection Edit CopyCla ss Description Protection gt Edit gt Copy Class Permitted values none ro or full Rate Rate Permitted values none ro or full Requires feature Rules Rate Edit Rate gt Edit Permitted values none ro or full Requires feature Rules Rules Rules Permitted values none ro or full Requires feature Rules Rules GEdit Rules gt Build Permitted values none ro or full Requires feature Rules Rules GEdit AddAction Rules gt Build gt Add Action Permitted values none ro or full Requires feature Rules Rules GEdit AddCondition Rules gt Build gt Add Condition Permitted values none ro or full Requi
158. key value is the name of the traffic manager that should host the IP address If this is not specified for an IP address the address is automatically assigned to a machine e From products zxtm flipper config cpp 233 e Value type string e Default value lt none gt ipaddresses The IP addresses that belong to the Traffic IP group e From products zxtm flipper config cpp 179 e Value type list e Default value lt none gt keeptogether If set to Yes then all the traffic IPs will be raised on a single traffic manager By default they re distributed across all active traffic managers in the traffic IP group e From products zxtm flipper config cpp 246 e Value type Yes No e Default value No location The location in which the Traffic IP group is based e From products zxtm flipper config cpp 190 e Value type int e Default value 0 machines The traffic managers that can host the traffic IP group s IP addresses e From products zxtm flipper config cpp 159 e Value type list e Default value lt none gt 46 Brocade Virtual Traffic Manager Configuration System Guide conffflipper Configuration Sections Key Description mode The method used to distribute traffic IPs across machines in the cluster If multihosted is used then multicast must be set to an appropriate multicast IP address e From products zxtm flipper config cpp 277 e Value t
159. koff The delay before attempting to restart SSL hardware support if it has failed to start Two log lines will be generated for each retry DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1780 e Value type seconds e Default value 60 ssld driver A special key namespace for additional SSL configuration data DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1919 e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 129 Configuration Sections conf settings cfg Key ssld driver pkcs11_debug Description Print verbose information about the PKCS11 hardware security module to the event log e From products zxtm lb settings cpp 1839 e Value type Yes No e Default value No ssld driver pkcs11_lib The location of the PKCS 11 library for your SSL hardware if it is not ina standard location The traffic manager will search the standard locations by default e From products zxtm lb settings cpp 1794 e Value type string e Default value lt none gt ssld driver pkcs11_slot_desc The label of the SSL Hardware slot to use Only required if you have multiple HW accelerator slots e From products zxtm lb settings cpp 1830 e Value type string e Default value lt none gt ssld driver pkcs11_slot_type The type of SSL hard
160. l be scaled up and down under the datacenter root folder e From products zxtm lb pool_config cpp 907 e Requires autoscale enabled issetto yes e Value type string e Default value lt none gt autoscale datastore The name of the datastore to be used by the newly created virtual machine e From products zxtm lb pool_config cpp 917 e Requires autoscale enabled issetto yes e Value type string e Default value lt none gt autoscale enabled Are the nodes of this pool subject to autoscaling If yes nodes will be automatically added and removed from the pool by the chosen autoscaling mechanism e From products zxtm lb pool_config cpp 721 e Value type Yes No e Default value No autoscale external Whether or not autoscaling is being handled by an external system Set this value to Yesif all aspects of autoscaling are handled by an external system such as RightScale If set to No the traffic manager will determine when to scale the pool and will communicate with the cloud provider to create and destroy nodes as necessary e From products zxtm lb pool_config cpp 859 e Requires autoscale enabled issetto yes e Value type Yes No e Default value Yes autoscale extraargs Any extra arguments to the autoscaling API Each argument can be separated by comma E g in case of EC2 it can take extra parameters to the Amazon s RunInstance API say DisableApiTermination
161. lancing Permitted values none ro or full GLB_ Services Edit Locations GLB Services gt Edit gt Locations Permitted values none ro or full GLB_Services Edit Request_Logg ing GLB Services gt Edit gt Request Logging Permitted values none ro or full GLB_ Services Edit Rules GLB Services gt Edit gt Rules Permitted values none ro or full Brocade Virtual Traffic Manager Configuration System Guide 51 Configuration Sections conf groups Key Description Java Java Permitted values none ro or full Java Edit Java gt Edit Permitted values none ro or full Kerberos Kerberos Permitted values none ro or full Kerberos krb5confs Kerberos gt Kerberos Configuration Files Permitted values none ro or full Kerberos Kerberos_Keytabs Kerberos gt Kerberos Keytabs Permitted values none ro or full Kerberos Kerberos_Principals Kerberos gt Kerberos Principals Permitted values none ro or full Kerberos Kerberos_Principals Ed it Kerberos gt Kerberos Principals gt Edit Permitted values none ro or full Locations Locations Permitted values none ro or full Locations Edit Locations gt Edit Permitted values none ro or full Monitors Monitors Permitted values none ro or full Monitors Edit Monitors gt Edit Permitted values none ro or full Mon
162. ld that provides each user s group e From Zeus Authen TACACSPlus pm 225 e Requires auth type is set to TACACSPlus e Value type string e Default value permission group tacacsplus groupsve The TACACS service that provides each user s group field e From Zeus Authen TACACSPlus pm 214 e Requires auth type is set to TACACSPlus e Value type string e Default value zeus 22 Brocade Virtual Traffic Manager Configuration System Guide conf authenticators Configuration Sections Key Description tacacsplus port The port to connect to the TACACS server on e From Zeus Authen TACACSPlus pm 173 e Requires auth type is set to TACACSPlus e Value type unsigned integer e Default value 49 tacacsplus secret Secret key shared with the TACACS server e From Zeus Authen TACACSPlus pm 194 e Requires auth type is set to TACACSPlus e Value type password e Default value lt none gt tacacsplus server The IP or hostname of the TACACS server e From Zeus Authen TACACSPlus pm 162 e Requires auth type is set to TACACSPlus e Value type string e Default value lt none gt tacacsplus timeout Connection timeout in seconds e From Zeus Authen TACACSPlus pm 183 e Requires auth type is set to TACACSPlus e Value type unsigned integer e Default value 30 conf authenticators The conf authenticators directory contains configuration files for external authenticators The name of a fil
163. lgorithm should be used for TCP connections e From products zxtm lb virtualserver cpp 350 e Value type Yes No e Default value No ssl_ciphers The SSL TLS ciphers to allow for connections to this virtual server Leaving this empty will make the virtual server use the globally configured ciphers see configuration key ssl ss 3_ciphers in the Global Settings section of the System tab See there for how to specify SSL TLS ciphers e From products zxtm lb virtualserver cpp 1397 e Value type string e Default value lt none gt ssl_ client cert headers What HTTP headers the virtual server should add to each request to show the data in the client certificate e From products zxtm lb virtualserver cpp 1670 e Value type enumeration e Default value none e Permitted values none No data simple Certificate fields all Certificate fields and certificate text Brocade Virtual Traffic Manager Configuration System Guide 157 Configuration Sections conf vservers Key ssl_decrypt Description Whether or not the virtual server should decrypt incoming SSL traffic e From products zxtm lb virtualserver cpp 1276 e Value type Yes No e Default value No ssl_elliptic_curves The SSL elliptic curve preference list for SSL connections to this virtual server using TLS version 1 0 or higher Leaving this empty will make the virtual server use the globally configur
164. li id a ld sti Bate te 139 CO td 141 COTE ZUR COM oa 165 COMES ZO RAE A A ASA AA EA AA Tha ie DAA EL a ea boats 166 Brocade Virtual Traffic Manager Configuration System Guide Preface Read this preface for an overview of the information provided in this guide This preface includes the following sections About This Guide on page 1 Documentation and Release Notes on page 2 Contacting Brocade on page 3 About This Guide The Stingray Traffic Manager Configuration System Guide describes the Brocade Virtual Traffic Manager Traffic Manager configuration system This guide introduces you to the structure of the configuration system and is intended as a complete reference to all configuration items available in the Traffic Manager Brocade product names have changed At the time of publication the user interfaces of the products described in this guide may have not changed and the original names may be used in the text For the product naming key see http www riverbed com products Product_List Brocade Virtual Traffic Manager Configuration System Guide Preface Documentation and Release Notes Document Conventions This guide uses the following standard set of typographical conventions Convention Meaning italics Within text new terms and emphasized words appear in italic typeface boldface Within text CLI commands CLI parameters and REST API properties appear in bold typeface
165. lic_cert Description The SSL public certificate e From products zxtm lb virtualserver cpp 1296 e Requires ssl_decrypt is set to Yes e Value type string e Default value lt none gt recent_conns enabled Whether or not connections handled by this virtual server should be shown on the Activity gt Connections page e From products zxtm lb virtualserver cpp 408 e Value type Yes No e Default value Yes recent_conns save_all Whether or not all connections handled by this virtual server should be shown on the Connections page Individual connections can be selectively shown on the Connections page using the recentconns include TrafficScript function e From products zxtm lb virtualserver cpp 421 e Value type Yes No e Default value No request_client_cert Whether or not the virtual server should request an identifying certificate from each client e From products zxtm lb virtualserver cpp 1595 e Value type enumeration e Default value 0 e Permitted values 0 Do not request a client certificate 1 Request but do not require a client certificate 2 Require a client certificate request_tracing enabled Record a trace of major connection processing events for each request and response e From products zxtm lb virtualserver cpp 429 e Value type Yes No e Default value No request_tracing trace_io Include details of in
166. lied certificate e From products zxtm lb virtualserver cpp 1731 e Value type string e Default value lt none gt ssl_ocsp issuer lurl Which OCSP responders this virtual server should use to verify client certificates e From products zxtm lb virtualserver cpp 1721 e Value type string e Default value lt none gt ssl_ocsp_max_response_age The number of seconds for which an OCSP response is considered valid if it has not yet exceeded the time specified in the nextUpdate field If set to O zero then OCSP responses are considered valid until the time specified in their nextUpdate field e From products zxtm lb virtualserver cpp 1769 e Value type seconds e Default value 0 Brocade Virtual Traffic Manager Configuration System Guide 159 Configuration Sections conf vservers Key ssl_ocsp_stapling Description If OCSP URIs are present in certificates used by this virtual server then enabling this option will allow the traffic manager to provide OCSP responses for these certificates as part of the handshake if the client sends a TLS status_request extension in the ClientHello e From products zxtm lb virtualserver cpp 1376 e Value type Yes No e Default value No ssl_ocsp_time_tolerance The number of seconds outside the permitted range for which the thisUpdate and nextUpdate fields of an OCSP response are still considered valid e Fr
167. lient Header lines exceeding this length will be considered invalid The traffic manager buffers the header line before it can read any payload data in the chunk the limit exists to protect against malicious clients that send very long lines but never any payload data DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 581 e Value type unsigned integer e Default value 256 http2_no_cipher_blacklist_check Disable the cipher blacklist check in HTTP2 mainly intended for testing purposes DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1206 e Value type Yes No e Default value No http_copy_size If a HTTP request is smaller than this size then copy it to save memory A typical GET request is about 370 bytes plus the URL length DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1192 e Value type bytes e Default value 512 http_max_vary_fields Maximum number of fields that can be used to distinguish between two versions of a cacheable entity in a HTTP Vary header Responses containing more than this number of fields are not cached DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1200 e Value type unsigned integer e Default value 8 http_stream_early_response Whether or not the traffic manager should continue to stream remaining data to an H
168. lt none gt 18 Brocade Virtual Traffic Manager Configuration System Guide conf auth Configuration Sections Key Description Idap dnmethod The bind DN Distinguished Name for a user can either be searched for in the directory using the ldap basedn and Idap filter values or it can be constructed from the username e From Zeus Authen LDAP pm 390 e Requires auth type is set to LDAP e Value type enumeration e Default value lt none gt e Permitted values construct Construct search Search Idap fallbackgroup If Idap groupattr is not defined or returns no results for the user logging in the group named here will be used If not specified users will be denied access to the traffic manager if no groups matching a Permission Group can be found for them in the directory e From Zeus Authen LDAP pm 491 e Requires auth type is set to LDAP e Value type string e Default value lt none gt ldap filter A filter that can be used to extract a unique user record located under the base DN Distinguished Name The string u will be replaced by the username This filter is used to find a user s bind DN when ldap dnmethod is set to Search and to extract group information if ldap groupfilter is not specified Examples sAMAccountName u for Active Directory or uid u for some Unix LDAP schemas e From Zeus Authen LDAP pm 376 e Requires auth type is set to LDAP e Value type string e Default value lt non
169. lt value lt none gt ssl_elliptic_curves The SSL elliptic curve preference list for SSL connections from this pool using TLS version 1 0 or higher Leaving this empty will make the pool use the globally configured preference list ssl elliptic_curves in the Global Settings section of the System tab See there for how to specify SSL elliptic curves e From products zxtm lb pool_config cpp 542 e Value type string e Default value lt none gt ssl_encrypt Whether or not the pool should encrypt data before sending it to a back end node e From products zxtm lb pool_config cpp 471 e Value type Yes No e Default value No ssl_enhance SSL protocol enhancements allow your traffic manager to prefix each new SSL connection with information about the client This enables Brocade Web Servers to run multiple SSL sites and to discover the client s IP address Only enable this if you are using nodes for this pool which are Brocade Web Servers or Brocade Virtual Traffic Managers whose virtual servers have the ssl_trust_magic setting enabled e From products zxtm lb pool_config cpp 411 e Value type Yes No e Default value No ssl_send_close_alerts Whether or not to send an SSL TLS close alert when initiating a socket disconnection e From products zxtm lb pool_config cpp 686 e Value type Yes No e Default value Yes Brocade Virtual Traffic Manager Configuration Sys
170. lue etc resolv conf dns size Maximum number of entries in the DNS cache e From products zxtm lb settings cpp 965 e Value type unsigned integer e Default value 10867 dns timeout Timeout for receiving a response from a DNS server e From products zxtm lb settings cpp 993 e Value type seconds e Default value 12 dns_autoscale resolver The IP address and port number of the DNS server to use for DNS derived autoscaling in the form addr port This is intended for test and debug purposes and will override the configuration of the system resolver which is usually defined in etc resolv conf DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm autoscaler autoscaler cpp 251 e Value type string e Default value lt none gt 106 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key ec2 access_key_id Description Amazon EC2 Access Key ID e From products zxtm lb flipper_settings_keys cpp 31 e Value type string e Default value lt none gt ec2 action_timeout How long in seconds the traffic manager should wait while associating or disassociating an Elastic IP to the instance DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 94 e Value type seconds e Default value 10 ec2 metadata_server URL for the EC2 metadata ser
171. lue 80 load_minimum Minimum load value Monitors that report a load lower than this value in milliseconds will be considered equally fast DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1401 e Value type unsigned integer e Default value 50 locations_enabled Is MSM enabled DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2801 e Value type Yes No e Default value No log flushtime How long to wait before flushing the request log files for each virtual server e From products zxtm Ib settings cpp 1216 e Value type seconds e Default value 5 Brocade Virtual Traffic Manager Configuration System Guide 115 Configuration Sections conf settings cfg Key log rate Description The maximum number of connection errors logged per second when connection error reporting is enabled e From products zxtm lb settings cpp 1242 e Value type unsigned integer e Default value 50 log reopen How long to wait before re opening request log files this ensures that log files will be recreated in the case of log rotation e From products zxtm lb settings cpp 1226 e Value type seconds e Default value 30 log repeattime How long to prevent an object from repeating its previous log line DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1281
172. luster members DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 262 e Value type Yes No e Default value No config_check_time How often configuration files should be checked for modifications by a user or an external application DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 305 e Value type seconds e Default value 5 control canupdate default The default value of control canupdate for new cluster members If you have cluster members joining from less trusted locations such as cloud instances this can be set to No in order to make them effectively read only cluster members e From products zxtm Ib settings cpp 252 e Value type Yes No e Default value Yes controlallow The hosts that can contact the internal administration port on each traffic manager This should be a list containing IP addresses CIDR IP subnets and localhost or it can be set to all to allow any host to connect e From products zxtm lb settings cpp 235 e Value type string e Default value all dns checktime How often to check the DNS configuration for changes DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1021 e Value type seconds e Default value 30 dns hosts The location of the hosts file DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb
173. m products zxtm Ib settings cpp 1075 e Value type bytes e Default value 64 bandwidth pooled_min_write For the global BW limits using pooled bandwidth allocation sharing between consumers when the license limit is reached the allowance will be evenly distributed between the remaining consumers Each consumer will however be permitted to write at least this much data DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1129 e Value type unsigned integer e Default value 4096 bandwidth refill_time Time period in milliseconds between refreshing the bandwidth class quotas The more frequent the smoother the bandwidth will be although the smaller the writes we ll do which is less efficient Note that this also has a big effect on per connection limiting If a single connection can complete within this time then it effectively has no bandwidth limit at all DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1050 e Value type unsigned integer e Default value 100 bandwidth warn_time For the global BW limits how many seconds they must be running at maximum speed before we print a warning about the limit being hit Set to 0 to disable any warning messages DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 1106 e Value type seconds e Default value 30 banner_accept Whether or not us
174. manager e From products zxtm lb virtualserver cpp 481 e Value type seconds e Default value 10 kerberos_protocol_transition ena bled Whether or not the virtual server should use Kerberos Protocol Transition e From products zxtm Ib virtualserver cpp 1821 e Value type Yes No e Default value No kerberos_protocol_transition pri ncipal The Kerberos principal this virtual server should use to perform Kerberos Protocol Transition e From products zxtm Ib virtualserver cpp 1830 e Value type string e Default value lt none gt kerberos_protocol_transition targ et The Kerberos principal name of the service this virtual server targets e From products zxtm lb virtualserver cpp 1838 e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 149 Configuration Sections conf vservers Key location regex Description If the Location header matches this regular expression rewrite the header using the location replace pattern e From products zxtm lb virtualserver cpp 842 e Value type string e Default value lt none gt location replace If the Location header matches the location regex regular expression rewrite the header with this pattern parameters such as 1 9 can be used to match parts of the regular expression e From products zxtm Ib virtualserver cpp 855 e R
175. mediate All connections to the node are closed immediately drain Allow existing connections to the node to finish before deletion node_drain_to_delete_timeout The maximum time that a node will be allowed to remain in a draining state after it has been deleted A value of 0 means no maximum time e From products zxtm lb pool_config cpp 227 e Value type seconds e Default value 0 node fail time The amount of time in seconds that a traffic manager will wait before re trying a node that has been marked as failed by passive monitoring e From products zxtm lb pool_config cpp 303 e Value type seconds e Default value 60 node_so_nagle Whether or not Nagle s algorithm should be used for TCP connections to the back end nodes e From products zxtm lb pool_config cpp 322 e Value type Yes No e Default value Yes nodes A list of nodes in this pool A node should be specified as a lt ip gt lt port gt pair e From products zxtm lb pool_config cpp 22 e Value type list e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 79 Configuration Sections conf pools Key note Description A description of the pool e From products zxtm Ib pool_config cpp 31 e Value type string e Default value lt none gt passive_monitoring Whether or not the software should check that real requests i e not t
176. nc_time stateunexpected Received unexpected state data from another cluster member A session persistence state message was received when the traffic manager was not expecting it statewritefail Writing state data to another cluster member failed The traffic manager failed to write session persistence state to another cluster member zclustermoderr An error occurred when using the zcluster Multi Hosted IP kernel module Event tags for object type general appfirewallcontrolerror Application firewall control command failed 34 Brocade Virtual Traffic Manager Configuration System Guide conf events Configuration Sections Event Tag appfirewallcontrolrestarted Description Application firewall restarted Application firewall restarted appfirewallcontrolstarted Application firewall started Application firewall started appfirewallcontrolstopped Application firewall stopped Application firewall stopped appfirewallcontroltimeout Application firewall control command timed out appliance Appliance notification audit An audit log event has occured autherror An error occurred during user authentication autoscaleresolvefailure A hostname used for DNS derived Autoscaling doesn t resolve autoscalinglicenseerror Autoscaling not permitted by licence key childcommsfail There was an error communicating with a child proce
177. nce e From products zxtm Ib settings cpp 146 e Value type seconds e Default value 120 rest enabled Whether or not the REST service is enabled e From products zxtm Ib settings cpp 132 e Value type Yes No e Default value No rest max_http_header_len The maximum allowed length in bytes of a HTTP request s headers e From products zxtm Ib settings cpp 206 e Value type unsigned integer e Default value 4096 rest proxy_map The path to the symlinked resource Intermediate resources will be created All new resources will be hidden DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 217 e Value type string e Default value lt none gt rest repabstime Configuration changes will be replicated across the cluster after this period of time regardless of whether additional API requests are being made e From products zxtm Ib settings cpp 170 e Value type seconds e Default value 20 122 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key rest replulltime Description Configuration changes made via the REST API will be propagated across the cluster when no further API requests have been made for this period of time e From products zxtm lb settings cpp 158 e Value type seconds e Default value 5 rest reptimeout The period of time a
178. nection e From products zxtm lb virtualserver cpp 686 e Value type unsigned integer e Default value 200 http2 max_frame_size This setting controls the maximum HTTP 2 frame size clients are permitted to send to the traffic manager e From products zxtm lb virtualserver cpp 695 e Value type bytes e Default value 16384 http2 max_header_padding The maximum size in bytes of the random length padding to add to HTTP 2 header frames The padding a random number of zero bytes up to the maximum specified e From products zxtm Ib virtualserver cpp 765 e Value type bytes e Default value 0 http2 merge_cookie_headers Whether Cookie headers received from an HTTP 2 client should be merged into a single Cookie header using RFC6265 rules before forwarding to an HTTP 1 1 server Some web applications do not handle multiple Cookie headers correctly e From products zxtm Ib virtualserver cpp 775 e Value type Yes No e Default value Yes http2 stream_window_size This setting controls the flow control window for each HTTP 2 stream This will limit the memory used for buffering when the client is sending body data faster than the pool node is reading it e From products zxtm lb virtualserver cpp 677 e Value type bytes e Default value 65535 148 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections K
179. ned integer e Default value 3600 autoscale max_nodes The maximum number of nodes in this autoscaled pool e From products zxtm lb pool_config cpp 739 e Requires autoscale enabled issetto yes e Value type unsigned integer e Default value 4 autoscale min_nodes The minimum number of nodes in this autoscaled pool e From products zxtm lb pool_config cpp 730 e Requires autoscale enabled issetto yes e Value type unsigned integer e Default value 1 autoscale name The beginning of the name of nodes in the cloud that are part of this autoscaled pool e From products zxtm lb pool_config cpp 838 e Requires autoscale enabled issetto yes e Value type string e Default value lt none gt autoscale port The port number to use for each node in this autoscaled pool e From products zxtm lb pool_config cpp 847 e Requires autoscale enabled issetto yes e Value type unsigned integer e Default value 80 autoscale refractory The time period in seconds after the instigation of a re size during which no further changes will be made to the pool size e From products zxtm lb pool_config cpp 782 e Requires autoscale enabled issetto yes e Value type unsigned integer e Default value 180 Brocade Virtual Traffic Manager Configuration System Guide 73 Configuration Sections conf pools Key autoscale response_time Description The
180. nly supported when using 2 6 versions of the Linux kernel DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 294 e Value type int e Default value 2 flipper parent_timeout How long the traffic manager should wait for status updates from the traffic manager s parent process before assuming it has hung DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 238 e Value type seconds e Default value 60 flipper routing_daemon_status_p Interval at which the parent process polls the routing daemon to update its oll_interval status in AMP A setting of 0 disables polling DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 406 e Value type seconds e Default value 10 flipper routing_sw_run_ribd Whether the ribd routing daemon is to be run The routing software needs to be restarted for this change to take effect DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 439 e Value type Yes No e Default value No flipper routing sw_watchdog_in The period of time in seconds after which a failure will no longer count terval towards the watchdog limit DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 430 e Value type seconds e Default value 300 110 Brocade Virtual
181. not enabled by default DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb virtualserver cpp 324 e Value type Yes No e Default value No 164 Brocade Virtual Traffic Manager Configuration System Guide conf zeusafm conf Configuration Sections conf zeusafm conf The conf zeusafm conf file contains configuration files for the application firewall Some keys present in the zeusafm conf are not documented here Refer to the Brocade Virtual Web Application Firewall documentation for further details The configuration can be edited under the System gt Application Firewall section of the Administration Server or by using functions under the AFM section of the SOAP API and CLI Key clusterPwd Description The shared secret that all SAF cluster members use to communicate Must be set and be consistent across the cluster DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb afm cpp 104 e Value type string e Default value lt none gt decisionServerPort The port to which the Enforcer rule should send traffic so it can be distributed between the decider processes e From products zxtm lb afm cpp 93 e Value type unsigned integer e Default value 8100 restServerIP The Application Firewall REST Internal IP Address always set to localhost when the traffic manager s REST API is enabled otherwise blank DO NOT SET OR MODIFY THIS KEY MANUALLY e F
182. nt to the active state when it can be fully used autoscalednodecontested Two pools are trying to use the same instance Brocade Virtual Traffic Manager Configuration System Guide 39 Configuration Sections conf events Event Tag autoscaledpoolrefractory Description An autoscaled pool is now refractory An autoscaled pool s size has recently changed so no further changes are made until it has settled down autoscaledpooltoobig Over maximum size shrinking autoscaledpooltoosmall Minimum size undercut growing autoscaleinvalidargforcreatenode The imageid was empty when attempting to create a node in an autoscaled pool autoscaleinvalidargfordeletenode unique id was empty when attempting to destroy a node in an autoscaled pool autoscalepoolconfupdate A pool config file has been updated by the autoscaler process autoscalewrongimageid A node created by the autoscaler has the wrong imageid autoscalewrongname A node created by the autoscaler has a non matching name autoscalewrongsizeid A node created by the autoscaler has the wrong sizeid autoscalingchangeprocessfailure An API process that should have created or destroyed a node has failed to produce the expected result autoscalingdisabled Autoscaling for a pool has been disabled due to errors communicating with the cloud API autoscalinghitfloor Minimum size reached cannot shrink
183. nts EGAra Col AEE E E E E E E E E E E 1 About This Guides o leie a A A EE EA E A A AA ii 1 Document Conventions aesan n OE E O R E SE 2 Documentation and Release Notes iacissiccccscesssssoetspssssnenseperssousveesschendsneasioarscetynsaensanssecadcaceesndbensaasebeusenenedse 2 Traffic Manager Manuals sisian reinii a a R ES asi e rE anaana 2 Traffie Manager Online Help aii ts 2 Traffic Manager Information Online ccococonocicnnnnononinnononinnnnnnnonanancnonononanananononananananononan anar onononanananononons 3 Contacting Brocad msn iaa di ista 3 Chapter 1 IntroduUcCtiON comi a A aa Aaa aae 5 Putpese of this Guid ni a a 5 The Traffic Manager Configuration File SUS dt ti 6 The Effect of Location Support when using Multi Site Cluster Management 0 cc eee 7 Chapter 2 Configuration Sections ccccccsessen cee eeeeneeeeeeeeeeeeeeneeeceeeeeeseeceeeeeeeseeeeeeeseeaseeeeeeeeaeeeneeseseeaeees 9 CONE ACHON PEO Ss E es aS an Se ee rad 9 COTE ACH OLS tii di 9 conf pplance TMC guenen Rive wy ern Maven dnc bles Sa sua eee blade a a sneha suas ahaa 14 cont aptimizer profiles zahiin codes dali Aida es 16 CONE apimi Zer SCOPES ie biases 17 Cont atith AN S EAA 18 Cone AUN CAOS A ae Mad voll A A A Be Rad 23 cont DATA id AENT EEE ATEN A test ae ak Nod aie teak al ae tds 25 Ns A A IATE 26 cont clouderedentials ii ds 27 CONF COMME ojos pu AREER ales 28 CONE cUSO Mi es 28 Brocade Virtual Traffic Manager Configu
184. number of cache entries that will be retained by aptimizer before removing old entries to make room for new ones DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2941 e Value type unsigned integer e Default value 20000 98 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key aptimizer default_profile Description The Profile to use by default if no mappings are configured or if Aptimizer is licensed in Express mode DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 3038 e Value type string e Default value Express aptimizer default_scope The Scope to use by default if no mappings are configured or if Aptimizer is licensed in Express mode DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 3027 e Value type string e Default value Any hostname or path aptimizer dependent_fetch_time out How long to wait for dependent resource fetches default 30 seconds DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib settings cpp 2871 e Value type unsigned integer e Default value 30 aptimizer enable_edit_index Whether or not the Aptimizer index can be cleared if aptimizer clear index or compacted if aptimizer compact index is appended to an Aptimized URL DO NOT SET OR MODIFY THIS KEY MANUALLY
185. numeration e Default value rfc5746 e Permitted values always Always allow safe Allow safe re handshakes rfc5746 Only if client uses RFC 5746 Secure Renegotiation Extension never Never allow admin ssl3_ciphers The SSL ciphers to use for admin server and internal connections For information on supported ciphers see the online help e From products zxtm Ib settings cpp 2413 e Value type string e Default value SSL_RSA_WITH_AES 128 GCM_SHA256 SSL_RSA_WITH_AES 128 CB C_SHA256 SSL_RSA_WITH_AES 128 CBC_SHA SSL_RSA_WITH_AES 25 6_GCM_SHA384 SSL_RSA_WITH_AES 256_CBC_SHA256 SSL_RSA_WIT H_AES 256_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE DSS_WITH_AES 128 CBC_SHA SSL_DHE_DSS_WITH_AES 256 CBC 5S HA SSL_DHE_DSS_WITH_3DES EDE CBC SHA 94 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key Description admin ssl3_diffie hellman key_1 The length in bits of the Diffie Hellman key for ciphers that use Diffie Hellman ength key agreement for admin server and internal connections e From products zxtm lb settings cpp 2515 e Value type enumeration e Default value 2048 e Permitted values 1024 1024 2048 2048 3072 3072 4096 4096 admin ssl3_min_rehandshake_in If SSL3 TLS re handshakes are supported on the admin server this defines the terval minimum time interval in milliseconds between handshakes on a singl
186. ocade Virtual Traffic Manager Configuration System Guide conf locations Configuration Sections Key Description There are no items to display for this configuration type conf locations Configuration for locations Must be higher priority than global cfg Key Description based_on Used by the UI to store where we got the lat long coords from a preset value user entered etc e From products zxtm Ib location cpp 107 e Value type string e Default value none id The identifier of this location e From products zxtm lb location cpp 69 e Value type unsigned integer e Default value lt none gt latitude The latitude of this location e From products zxtm lb location cpp 77 e Value type double e Default value 0 0 longitude The longitude of this location e From products zxtm lb location cpp 85 e Value type double e Default value 0 0 note A note used to describe this location e From products zxtm lb location cpp 118 e Value type string e Default value lt none gt type Does this location contain traffic managers and configuration orisit a recipient of GLB requests e From products zxtm lb location cpp 95 e Value type enumeration e Default value config e Permitted values config Configuration glb GLB Brocade Virtual Traffic Manager Configuration System Guide 63 Configuration Sections conf locations cfg
187. ocations locationavailable Location is now available for GLB Service Location is now available for GLB Service locationdisabled Location has been disabled for GLB Service Location has been disabled for GLB Service locationdraining Location is being drained for GLB Service Location is being drained for GLB Service locationenabled Location has just been enabled for GLB Service Location has just been enabled for GLB Service locationfail Location has failed for GLB Service Location has failed for GLB Service 38 Brocade Virtual Traffic Manager Configuration System Guide conff events Configuration Sections Event Tag Description locationmonitorfail A monitor has detected a failure in this location locationmonitorok A monitor has indicated this location is now working locationnotdraining Location is not being drained for GLB Service Location is not being drained for GLB Service locationok Location is now healthy for GLB Service Location is now healthy for GLB Service locationsoapfail An external SOAP agent has detected a failure in this location An external SOAP agent has detected a failure in this location locationsoapok An external SOAP agent indicates this location is now working An external SOAP agent indicates this location is now working locationunavailable Location has become unavailable for GLB Service Location has become unavailable for GLB Service locempty Location no longer con
188. oducts zxtm lb config cpp 626 e Value type string e Default value STM_IPTrans iptrans fwmark The netfilter forwarding mark to use for IP transparency rules e From products zxtm lb config cpp 632 e Value type unsigned integer e Default value 320 iptrans iptables_enabled Whether IP transparency may be used via netfilter iptables This requires Linux 2 6 24 and the iptables socket extension For older Linux versions the Ztrans kernel module may be used instead e From products zxtm lb config cpp 616 e Value type Yes No e Default value Yes iptrans routing_table The special routing table ID to use for IP transparency rules e From products zxtm lb config cpp 639 e Value type unsigned integer e Default value 320 java port The port the Java Extension handler process should listen on This port will be bound for localhost communications only e From products zxtm lb config cpp 269 e Value type unsigned integer e Default value 9060 kerberos hostname The hostname to use in Kerberos principal names DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 1302 e Value type string e Default value lt none gt kerberos num_kpt_threads How many worker threads the Kerberos Protocol Transition helper process will use DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config
189. oftware should try to re raise tentative addresses before giving up and raising an error about the address DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 378 e Value type unsigned integer e Default value 3 flipper monitor_interval The frequency in milliseconds that each traffic manager machine should check and announce its connectivity e From products zxtm lb flipper_settings_keys cpp 214 e Value type unsigned integer e Default value 500 flipper monitor_timeout How long in seconds each traffic manager should wait for a response from its connectivity tests or from other traffic manager machines before registering a failure e From products zxtm lb flipper_settings_keys cpp 226 e Value type seconds e Default value 5 Brocade Virtual Traffic Manager Configuration System Guide 109 Configuration Sections conf settings cfg Key Description flipper multicast_address The multicast address and port to use to exchange cluster heartbeat messages e From products zxtm lb flipper_settings_keys cpp 280 e Requires flipper heartbeat_method is set to multicast e Value type string e Default value 239 100 1 1 9090 flipper multicast_version The multicast version to be use 1 2 or 3 for cluster heartbeat messages A value of 0 will let the operating system choose but note that Linux often gets this wrong This setting is o
190. om products zxtm lb virtualserver cpp 1781 e Value type seconds e Default value 30 ssl_ocsp_timeout The number of seconds after which OCSP requests will be timed out e From products zxtm lb virtualserver cpp 1691 e Value type seconds e Default value 10 ssl_prefer_sslv3 Deprecated Formerly allowed a preference for SSLv3 for performance reasons e From products zxtm lb virtualserver cpp 1361 e Value type Yes No e Default value No ssl_send_close_alerts Whether or not to send an SSL TLS close alert when the traffic manager is initiating an SSL socket disconnection e From products zxtm lb virtualserver cpp 1354 e Value type Yes No e Default value Yes ssl_signature_algorithms The SSL signature algorithms preference list for SSL connections to this virtual server using TLS version 1 2 or higher Leaving this empty will make the virtual server use the globally configured preference list ssl signature_algorithms in the Global Settings section of the System tab See there for how to specify TLS signature algorithms e From products zxtm lb virtualserver cpp 1423 e Value type string e Default value lt none gt ssl_sites private_key The SSL private key for a particular destination site IP e From products zxtm lb virtualserver cpp 1306 e Requires ssl_decrypt is set to Yes e Value type string e Default valu
191. one ro or full Section Advanced Management Appliance_Console Appliance Console Permitted values none or full Requires feature Appliance Custom Custom Configuration Sets Permitted values none ro or full SOAP_API SOAP Control API Permitted values none or full Requires feature SOAP Section Catalogs Aptimizer Aptimizer Permitted values none ro or full Aptimizer URL_Sets Aptimizer gt Application Scopes Permitted values none ro or full Aptimizer URL_Sets Edit Aptimizer gt Application Scopes gt Edit Permitted values none ro or full Aptimizer Aptimizer_Profiles Aptimizer gt Aptimizer Profiles Permitted values none ro or full Aptimizer Aptimizer_Profiles Ed it Aptimizer gt Aptimizer Profiles gt Edit Permitted values none ro or full Authenticators Authenticators Permitted values none ro or full Authenticators Edit Authenticators gt Edit Permitted values none ro or full Bandwidth Bandwidth Permitted values none ro or full Requires feature Bandwidth Bandwidth Edit Bandwidth gt Edit Permitted values none ro or full Requires feature Bandwidth Bandwidth Edit CopyClass Bandwidth gt Edit gt Copy Class Permitted values none ro or full Requires feature Bandwidth 50 Brocade Virtual Traffic Manager Configuration System Guide conf gr
192. ools directory contains configuration files for backend node pools The name of a file is the name of the pool it defines Pools can be configured under the Services gt Pools section of the Admin Server Ul or by using functions under the Pool section of the SOAP API and CLI Key Description autoscale addnode_delaytime The time in seconds from the creation of the node which the traffic manager should wait before adding the node to the autoscaled pool Set this to allow applications on the newly created node time to intialize before being sent traffic e From products zxtm Ilb pool_config cpp 816 e Requires autoscalelenabled issetto yes e Value type seconds e Default value 0 autoscale cloudcredentials The Cloud Credentials object containing authentication credentials to use in cloud API calls e From products zxtm lb pool_config cpp 828 e Requires autoscale enabled issetto yes e Value type string e Default value lt none gt autoscale cluster The ESX host or ESX cluster name to put the new virtual machine instances on e From products zxtm lb pool_config cpp 928 e Requires autoscalelenabled issetto yes e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 71 Configuration Sections conf pools Key autoscale datacenter Description The name of the logical datacenter on the vCenter server Virtual machines wil
193. or the computer programs that accompany it The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements To find out which open source software is included in Brocade products view the licensing terms applicable to the open source software and obtain a copy of the programming source code please visit http www brocade com en support support tools oscd html Brocade Communications Systems Incorporated Corporate and Latin American Headquarters Brocade Communications Systems Inc 130 Holger Way San Jose CA 95134 Tel 1 408 333 8000 Fax 1 408 333 8101 E mail infoObrocade com European Headquarters Brocade Communications Switzerland S rl Centre Swissair Tour B 4eme tage 29 Route de l A roport Case Postale 105 CH 1215 Gen ve 15 Switzerland Tel 41 22 799 5640 Fax 41 22 799 5641 E mail emea info brocade com Asia Pacific Headquarters Brocade Communications Systems China HK Ltd No 1 Guanghua Road Chao Yang District Units 2718 and 2818 Beijing 100020 China Tel 8610 6588 8888 Fax 8610 6588 9999 E mail china info brocade com Asia Pacific Headquarters Brocade Communications Systems Co Ltd Shenzhen WFOE Citic Plaza No 233 Tian He Road North Unit 1308 13th Floor Guangzhou China Tel 8620 3891 2000 Fax 8620 3891 2111 E mail china info brocade com Conte
194. ort_tls1 1 Whether or not TLS1 1 support is enabled e From products zxtm Ib settings cpp 2017 e Value type Yes No e Default value Yes ssl support_tls1 2 Whether or not TLS1 2 support is enabled e From products zxtm lb settings cpp 2022 e Value type Yes No e Default value Yes ssl_cache_size The maximum number of entries in the SSL session persistence cache This is used to provide session persistence based on the SSL session ID Approximately 200 bytes will be pre allocated per entry e From products zxtm lb settings cpp 1417 e Value type unsigned integer e Default value 32768 ssld accel Whether or not the SSL hardware is an accelerator faster than software By default the traffic manager will only use the SSL hardware if a key requires it i e the key is stored on secure hardware and the traffic manager only has a placeholder identifier key With this option enabled your traffic manager will instead try to use hardware for all SSL decrypts e From products zxtm lb settings cpp 1708 e Value type Yes No e Default value No ssld azure api_version The version of the Azure Key Vault REST API DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1886 e Value type string e Default value 2015 06 01 128 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configurat
195. oups Configuration Sections Key Description Cloud_Credentials Cloud Credentials Permitted values none ro or full Cloud_Credentials Edit Cloud Credentials gt Edit Permitted values none ro or full DNS_Server DNS Server Permitted values none ro or full DNS_Server Zonefiles DNS Server gt Zone Files Permitted values none ro or full DNS_Server Zones DNS Server gt Zones Permitted values none ro or full DNS_Server Zones Edit DNS Server gt Zones gt Edit Permitted values none ro or full Extra_Files Extra Files Permitted values none ro or full Extra_Files Action_Programs Extra Files gt Action Programs Permitted values none ro or full Extra_Files Miscellaneous_Files Extra Files gt Miscellaneous Permitted values none ro or full Extra_Files ExternProgMonitors Extra Files gt Monitor Programs Permitted values none ro or full GLB_ Services GLB Services Permitted values none ro or full GLB_ Services Edit GLB Services gt Edit Permitted values none ro or full GLB_Services Edit DNS_Settings GLB Services gt Edit gt DNS Settings Permitted values none ro or full GLB_ Services Edit DNSSEC GLB Services gt Edit gt DNSSEC Permitted values none ro or full GLB Services Edit Load_Balanci ng GLB Services gt Edit gt Load Ba
196. p 1101 e Value type unsigned integer e Default value 0 sip_streaming_timeout If non zero a UDP stream will timeout when no data has been seen within this time e From products zxtm lb virtualserver cpp 1117 e Value type seconds e Default value 60 156 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections Key sip_timeout_messages Description When timing out a SIP transaction send a timed out response to the client and in the case of an INVITE transaction a CANCEL request to the server e From products zxtm lb virtualserver cpp 1079 e Value type Yes No e Default value Yes sip_transaction_timeout The virtual server should discard a SIP transaction when no further messages have been seen within this time e From products zxtm lb virtualserver cpp 1069 e Value type seconds e Default value 30 slm The service level monitoring class that this server should use if any e From products zxtm lb virtualserver cpp 212 e Value type string e Default value lt none gt smtp expect_starttls Whether or not the traffic manager should expect the connection to start off in plain text and then upgrade to SSL using STARTTLS when handling SMTP traffic e From products zxtm lb virtualserver cpp 1567 e Value type Yes No e Default value Yes so_nagle Whether or not Nagle s a
197. p 1801 e Value type unsigned integer e Default value 512 ssl_ocsp issuer laia Whether or not the traffic manager should use AIA information contained in a client certificate to determine which OCSP responder to contact e From products zxtm lb virtualserver cpp 1710 e Value type Yes No e Default value lt none gt 158 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections Key ssl_ocsp issuer nonce Description Use the OCSP nonce extension which protects against OCSP replay attacks Some OCSP servers do not support nonces e From products zxtm lb virtualserver cpp 1744 e Value type enumeration e Default value lt none gt e Permitted values off No nonce check on Use nonce server does not have to reply with nonce strict Use nonce server must reply with nonce ssl_ocsp issuer required Should we do an OCSP check for this issuer and is it required or optional e From products zxtm lb virtualserver cpp 1702 e Value type enumeration e Default value lt none gt e Permitted values none None optional OCSP check optional strict OCSP check required ssl_ocsp issuer responder_cert The expected responder certificate e From products zxtm lb virtualserver cpp 1754 e Value type string e Default value lt none gt ssl_ocsp issuer signer If set the request will be signed with the supp
198. p 2859 e Value type string e Default value 2MB aptimizer max_original_content buffer_size The maximum size of unoptimized content buffered in the traffic manager for a single backend response that is undergoing Aptimizer optimization Responses larger than this will not be optimized Note that if the backend response is compressed then this setting pertains to the compressed size before Aptimizer decompresses it Units of KB and MB can be used no postfix denotes bytes Value range is 1 128MB e From products zxtm lb settings cpp 2844 e Value type string e Default value 2MB aptimizer queue_buffer_size The size in bytes of the operating system buffer which is used to send request URLs and data to Aptimizer and return optimized resources from Aptimizer A larger buffer will allow a greater number of simultaneous resources to be optimized particularly if a large number of requests are made at the same time for example an HTML page containing hundreds of images to optimize If this is set to zero the default operating system buffer size will be used DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 3016 e Value type unsigned integer e Default value 131072 aptimizer resource_lifetime The period of time in seconds that resource data is retained by aptimizer after it is no longer actively in use DO NOT SET OR MODIFY THIS KEY MANUALLY e From produ
199. p 731 e Value type Yes No e Default value Yes appliance manageip Whether or not the software manages the system s IP addresses e From products zxtm lb config cpp 676 e Value type Yes No e Default value Yes appliance manageipmi Whether or not the software manages the system s IPMI configuration e From products zxtm lb config cpp 1025 e Value type Yes No e Default value Yes appliance manageiptrans Whether or not the software manages the IP transparency e From products zxtm lb config cpp 598 e Value type Yes No e Default value Yes appliance managenat Whether or not the software manages the system s NAT configuration e From products zxtm lb config cpp 996 e Value type Yes No e Default value Yes appliance managentpservers Whether or not the software manages which NTP servers the system uses e From products zxtm lb config cpp 659 e Value type Yes No e Default value Yes appliance manageresolver Whether or not the software manages the system s name resolution i e the etc resolv conf file e From products zxtm lb config cpp 841 e Value type Yes No e Default value Yes appliance managereturnpath Whether or not the software manages return path routing If disabled the appliance won t modify iptables rules routes for this feature e From products zxtm lb config cp
200. p 966 e Value type Yes No e Default value Yes 170 Brocade Virtual Traffic Manager Configuration System Guide conf zxtms Configuration Sections Key appliance manageroute Description Whether or not the software manages the system s routing tables e From products zxtm lb config cpp 906 e Value type Yes No e Default value Yes appliance manageshim Whether or not the software manages the Riverbed Cloud SteelHead discovery agent if it is installed on the system e From products zxtm Ib config cpp 1066 e Value type Yes No e Default value Yes appliance managesnmp Whether or not the software manages a system net snmp service as a proxy to the internal SNMP service e From products zxtm lb config cpp 1018 e Value type Yes No e Default value Yes appliance managessh Whether or not the software manages the system s SSH server settings e From products zxtm lb config cpp 873 e Value type Yes No e Default value Yes appliance managesysctl Whether or not the software manages user specified sysctl keys DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 1209 e Value type Yes No e Default value Yes appliance managetimezone Whether or not the software manages the system s timezone setting e From products zxtm lb config cpp 576 e Value type Yes No e Default value
201. pe int e Default value 500 webcache max_file_ num Maximum number of entries in the cache Approximately 0 9 KB will be pre allocated per entry for metadata this is in addition to the memory reserved for the content cache and for storing the paths of the cached resources e From products zxtm lb settings cpp 1566 e Value type unsigned integer e Default value 10000 webcache max_file_size Largest size of a cacheable object in the cache This is specified as either a percentage of the total cache size 2 for example or an absolute size such as 20MB e From products zxtm lb settings cpp 1535 e Value type string e Default value 2 Brocade Virtual Traffic Manager Configuration System Guide 135 Configuration Sections conf settings cfg Key Description webcache max_handles Maximum number of webcache handles to allow per process This is a limit on the maximum number of cached objects being simultaneously served not a limit on the maximum that can be in the cache A value of 0 indicates that we should use the system per process limit on number of FDs DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1644 e Value type unsigned integer e Default value 0 webcache max_path_length The maximum length of the path including query string for the resource being cached If the path exceeds this length then it will not be added to the cache e From
202. port to which the request was sent dest_ip_only Only the IP address to which the request was sent but from any port ip_mask Only a specific set of IP addresses but from any port all Any IP address and any port udp_accept_from_mask The CIDR mask that matches IPs we want to receive responses from e From products zxtm lb pool_config cpp 392 e Requires udp_accept_from is set to ip_mask e Value type string e Default value lt none gt conf protection The conf protection directory contains configuration files for service protection classes The name of a file is the name of the protection class it defines Service protection classes can be configured under the Catalogs gt Protection section of the Admin Server UI or by using functions under the Catalog Protection section of the SOAP API and CLI Key Description allowed Always allow access to these IP addresses This overrides the connection limits for these machines but does not stop other restrictions such as HTTP validity checks e From products zxtm lb protection cpp 237 e Value type list e Default value lt none gt banned Disallow access to these IP addresses e From products zxtm lb protection cpp 219 e Value type list e Default value lt none gt 84 Brocade Virtual Traffic Manager Configuration System Guide conf protection Configuration Sections Key Description debug Whether or not to out
203. pp 1429 e Value type unsigned integer e Default value 32768 ip_check_time How often the local machine s IP addresses are checked for changes DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 312 e Value type seconds e Default value 5 j2ee_cache_size The maximum number of entries in the J2EE session cache This is used for storing session mappings for J2EE session persistence Approximately 100 bytes will be pre allocated per entry e From products zxtm lb settings cpp 1457 e Value type unsigned integer e Default value 32768 java classpath CLASSPATH to use when starting the Java runner e From products zxtm lb settings cpp 2584 e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 113 Configuration Sections conf settings cfg Key java command Description Java command to use when starting the Java runner including any additional options e From products zxtm lb settings cpp 2593 e Value type string e Default value java server javalenabled Whether or not Java support should be enabled If this is set to No then your traffic manager will not start any Java processes Java supportis only required if you are using the TrafficScript java run function e From products zxtm lb settings cpp 2576 e Value type Yes No e Default value
204. pp 424 e Value type seconds e Default value 30 machines The traffic managers that are to use this neighbor e From products zxtm flipper config cpp 484 e Value type list e Default value lt none gt 26 Brocade Virtual Traffic Manager Configuration System Guide conf cloudcredentials Configuration Sections conf cloudcredentials Configuration for cloud credentials used in cloud API calls Key Description api_server The vCenter server hostname or IP address e From products zxtm lb cloudcred_conf cpp 120 e Value type string e Default value lt none gt authurl The host to contact with the credentials in order to retrieve a new authentication token DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb cloudcred_conf cpp 112 e Value type string e Default value https auth api rackspacecloud com change_process_timeout The amount of time a change process can take at most The traffic manager creates and destroys nodes via API calls This setting specifies how long to wait for such calls to complete e From products zxtm lb cloudcred_conf cpp 48 e Value type unsigned integer e Default value 200 cred1 The first part of the credentials for the cloud user Typically this is some variation on the username concept e From products zxtm lb cloudcred_conf cpp 71 e Value type string e Default value lt none gt
205. ps Edi t Users gt Groups gt Edit Permitted values none ro or full Brocade Virtual Traffic Manager Configuration System Guide 59 Configuration Sections conf groups Key Access_Management LocalU sers Description Users gt Local Permitted values none ro or full Access_Management LocalU Edit sers Users gt Local gt Edit Permitted values none ro or full Access_Management LocalU EditOtherUsers sers Users gt Local gt Other Users Permitted values none ro or full Access_Management LocalU PasswordPolicy sers Users gt Local gt Password Policy Permitted values none ro or full Access_Management Suspended _Users Users gt Suspended Users Permitted values none ro or full Section Wizards Wizard AptimizeService Wizard gt Aptimize a web application Permitted values none ro or full Wizard Backup Wizard gt Backup my configuration Permitted values none ro or full Wizard DisableNode Wizard gt Disable a node Permitted values none ro or full Wizard DrainNode Wizard gt Drain a node Permitted values none ro or full Wizard EnableRule Wizard gt Enable Disable a rule Permitted values none ro or full Requires feature Rules Wizard FreeDiskSpace Wizard gt Free up some disk space Permitted values none ro or full Wizard ClusterJoin Wizard
206. put verbose logging e From products zxtm lb protection cpp 73 e Value type Yes No e Default value No enabled Enable or disable this service protection class e From products zxtm lb protection cpp 55 e Value type Yes No e Default value Yes http check_rfc2396 Whether or not requests with poorly formed URLs be should be rejected This tests URL compliance as defined in RFC2396 Note that enabling this may block some older non conforming web browsers e From products zxtm lb protection cpp 289 e Value type Yes No e Default value No http max_body_length Maximum permitted length of HTTP request body data set to 0 to disable the limit e From products zxtm lb protection cpp 269 e Value type bytes e Default value 0 http max_header_length Maximum permitted length of a single HTTP request header key and value set to 0 to disable the limit e From products zxtm lb protection cpp 249 e Value type bytes e Default value 0 http max_request_length Maximum permitted size of all the HTTP request headers set to 0 to disable the limit e From products zxtm Ib protection cpp 259 e Value type bytes e Default value 0 http max_url_length Maximum permitted URL length set to 0 to disable the limit e From products zxtm Ib protection cpp 279 e Value type bytes e Default value 0 http reject_binary
207. r URI or Route header e From products zxtm Ib virtualserver cpp 1138 e Value type Yes No e Default value Yes sip_max_connection_mem SIP clients can have several pending requests at one time To protect the traffic manager against DoS attacks this setting limits the amount of memory each client can use When the limit is reached new requests will be sent a 413 response If the value is set to 0 zero the memory limit is disabled e From products zxtm lb virtualserver cpp 1167 e Value type bytes e Default value 65536 sip_mode The mode that this SIP virtual server should operate in e From products zxtm lb virtualserver cpp 1093 e Value type enumeration e Default value pi e Permitted values Ib SIP Routing pi SIP Gateway fc Full Gateway sip_rewrite_uri Replace the Request URI of SIP requests with the address of the selected back end node e From products zxtm lb virtualserver cpp 1126 e Value type Yes No e Default value No sip_streaming_portrange_high If non zero this controls the upper bound of the port range to use for streaming data connections e From products zxtm lb virtualserver cpp 1108 e Value type unsigned integer e Default value 0 sip_streaming_portrange_low If non zero then this controls the lower bound of the port range to use for streaming data connections e From products zxtm lb virtualserver cp
208. r a virtual server named Intranet Address Enabled Yes Pool Intranet pool Port 80 Protection servprotl request_tracing enabled Yes request_tracing trace_io Yes responserules headeradjust test_rule rules slm slm class1 timeout 40 webcache enabled Yes The Effect of Location Support when using Multi Site Cluster Management You can configure the Traffic Manager to provide support for management of multiple distributed physical virtual or cloud based Traffic Manager clusters This is implemented in the configuration system by appending location names to the relevant keys in affected configuration files The Traffic Manager uses the at symbol followed by the location name so key foo would become fooUlocation For example a simple config key might be Enabled Yes By adding location support this key would become Enabled cambridge Yes Enabled sanfrancisco No This convention ensures that config keys set as specific to a particular location are ignored by other locations For further information regarding location support see the Multi site Cluster Management chapter of the Brocade Virtual Traffic Manager User s Guide Brocade Virtual Traffic Manager Configuration System Guide 7 Introduction The Effect of Location Support when using Multi Site Cluster Management 8 Brocade Virtual Traffic Manager Configuration System Guide CHAPTER 2 Configuration Sections This chapter provides a complete r
209. r_settings_keys cpp 110 e Value type unsigned integer e Default value 0 ospfv2 authentication_key_id_b OSPF v2 authentication key ID If set to 0 which is the default value the key is disabled e From products zxtm lb flipper_settings_keys cpp 129 e Value type unsigned integer e Default value 0 ospfv2 authentication_shared_se cret_a OSPFv2 authentication shared secret MD5 If set to blank which is the default value the key is disabled e From products zxtm lb flipper_settings_keys cpp 121 e Value type string e Default value lt none gt ospfv2 authentication_shared_se cret_b OSPFv2 authentication shared secret MD5 If set to blank which is the default value the key is disabled e From products zxtm lb flipper_settings_keys cpp 140 e Value type string e Default value lt none gt ospfv2 enabled Whether OSPFv2 Route Health Injection is enabled e From products zxtm lb flipper_settings_keys cpp 102 e Value type Yes No e Default value No ospfv2 hello_interval The interval at which OSPF hello packets are sent to the network e From products zxtm lb flipper_settings_keys cpp 147 e Value type seconds e Default value 10 ospfv2 router_dead_interval The number of seconds before declaring a silent router down e From products zxtm lb flipper_settings_keys cpp 154 e Value type seconds e Default value
210. ration System Guide i Contents cont dnsserver izonetiles en dsb dolecenaysceds aa a a Slaedtseest beebevenbtedn at ede 28 CONF Ansserver ZONES ccccceccesscsscsscessecssessscsscsscssecsecssecsscscesscscesscessessecsscssecasessscascassssecsecsacsscsssesesssessees 29 COMU dias 29 Event tags by object type vieron ds di it tirados 31 COEN A ON o a Aas Jat SERS Sas NI 45 con IPP paid Sia 45 ESE LOU OS AAA here iaaeapha iesGdias 48 COTAS A AA A itl ations 61 con Kerberos Kea Ds pt ENS 61 cont Kerberos Dacia 61 cont kerberos principals s icsccscsccstocessesstecsasisevwssvesnsssecevasesessbscaatasedsovadesscussdssssorcctededessistsevasetsesavesDevguteed 62 conf licensekey Sinnen aia aae dca glee lal betel Aca RAA RE 62 COTE ANOLE IERS SAAE AN A IAO ESS EONA 63 conf locations cl illa lao 64 CONE PTMOTMLOLS 55 ses ose E A AAA E AE AA AEAT 64 CONE persistentes acaso iinr li ola aE 70 COME POS A a ETE 71 CONE POCO ANI A Ad Ia ia iaa 84 COMENTA AAA A AAA E A AAA A AA AA o 88 COME A a do o il a IO 88 A EATE ESEE serach os LATE Oe easel eG ee a ae ane EE 89 A ne SEO Sy OVI ETE a TET Prev very COTE TEE I TERE PER OEE a 89 CONE SERVICES E teak A Ree es Rita anne ie 90 conf servl tsii a iaa 93 O 94 COM Mi e o lo dd A 137 COMES SAS NASA AA AA AAA A OTR EA 138 COTE SS CUE RE A A A A A AA A E 138 OHNE ssl A A LUA ck eA kl ead popes Da ao SEESE aae EA 138 contissi Server KEYS ais ira adi 139 cont supplements A 139 CONFUSED ains
211. res type is set to trap e Value type enumeration e Default value md5 e Permitted values md5 MD5 shal SHA 1 snmp priv_password The encryption password to encrypt a Notify message for SNMPv3 Requires that authentication also be configured Blank to send unencrypted traps e From products zxtm eventd trap_handler cpp 100 e Requires type is set to trap e Value type password e Default value lt none gt snmp username The SNMP username to use to send the Notify over SNMPv3 e From products zxtm eventd trap_handler cpp 77 e Requires type is set to trap e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 13 Configuration Sections conf appliance nat cfg Key snmp version Description The SNMP version to use to send the Trap Notify e From products zxtm eventd trap_handler cpp 67 e Requires type is set to trap e Value type enumeration e Default value snmpv1 e Permitted values snmpvl SNMPv1 snmpv2c SNMPv2c snmpv3 SNMPv3 traphost The hostname or IPv4 address and optional port number that should receive traps e From products zxtm eventd trap_handler cpp 57 e Requires type is set to trap e Value type string e Default value lt none gt conf appliance nat cfg The NAT configuration file stores rules controlling NAT on an appliance Key many_to_one_overload
212. res feature Rules Rules GEdit Convert Rules gt Build gt Convert Permitted values none ro or full Requires feature Rules Rules Edit Rules gt Edit Permitted values none ro or full Requires feature Rules Rules Edit CheckSyntax Rules gt Edit gt Check Syntax Permitted values none ro or full Requires feature Rules Rules Edit SaveAs Rules gt Edit gt Save As Permitted values none ro or full Requires feature Rules SLM SLM Permitted values none ro or full Requires feature SLM SLM Edit SLM gt Edit Permitted values none ro or full Requires feature SLM Brocade Virtual Traffic Manager Configuration System Guide 53 Configuration Sections conf groups Key Description SLM Edit CopyClass SLM gt Edit gt Copy Class Permitted values none ro or full Requires feature SLM SSL SSL Permitted values none ro or full SSLICAs SSL gt CAs and CRLs Permitted values none ro or full SSLICAs Edit SSL gt CAs and CRLs gt Edit Permitted values none ro or full SSL CAs Import SSL gt CAs and CRLs gt Import Permitted values none ro or full SSL Client_Certs SSL gt Client Certs Permitted values none ro or full SSL Client_Certs Edit SSL gt Client Certs gt Edit Permitted values none ro or full SSL Client_Certs Edit Chain SSL gt Client Certs gt Edit gt Ch
213. ring e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 167 Configuration Sections conf zxtms Key appliancelif duplex Description Enable or disable full duplex for an interface the interface name is used in place of the asterisk e From products zxtm lb config cpp 771 e Value type Yes No e Default value lt none gt appliance if mtu Set the maximum transmission unit MTU of the interface e From products zxtm lb config cpp 791 e Value type unsigned integer e Default value lt none gt appliancelif speed Set the speed of an interface the interface name is used in place of the asterisk e From products zxtm lb config cpp 782 e Value type enumeration e Default value lt none gt e Permitted values 10 10Mbs 100 100Mbs 1000 1Gbs appliance ip laddr Set the IP address for the interface the interface name is used in place of the asterisk e From products zxtm lb config cpp 688 e Value type string e Default value lt none gt appliance ip lisexternal Set whether or not an interface is externally or internally facing the interface name is used in place of the asterisk e From products zxtm lb config cpp 711 e Value type Yes No e Default value lt none gt appliancelip mask Set the IP mask netmask for an interface the interface name i
214. rom products zxtm lb afm cpp 69 e Value type string e Default value 127 0 0 1 restServerUseSSL If the Application Firewall should use SSL for its Internal REST server always set to No currently DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb afm cpp 78 e Value type Yes No e Default value No updaterPort The Application Firewall Updater Slave Port this port is used on all IP addresses e From products zxtm lb afm cpp 57 e Value type unsigned integer e Default value 8092 Brocade Virtual Traffic Manager Configuration System Guide 165 Configuration Sections conf zxtms conf zxtms The conf zxtms directory contains a configuration file for each traffic manager in your cluster The name of each file is the hostname of the traffic manager it represents These files contain host specific configuration data and on each installation of the software the conf global cfg file is sym linked to the host s own configuration in the conf zxtms directory The files may contain a variety of configuration options that are configured in various locations under the System section of the Admin Server UI and the System section of the SOAP API and CLI Key adminMasterXMLIP Description The Application Firewall master XML IP e From products zxtm lb config cpp 1474 e Value type string Default value 0 0 0 0 adminMasterXMLPort The
215. rver UI or by using functions under the Conf Extra section of the SOAP API and CLI Key Description There are no items to display for this configuration type conf flipper The conf flipper directory contains configuration files for traffic IP groups The name of a file is the name of the traffic IP group it defines Traffic IP groups can be managed under the Services gt Traffic IP Groups section of the Admin Server UI or by using functions under the Traffic PGroups section of the SOAP API and CLI gui_only regex errortext no error soap_ignore Brocade Virtual Traffic Manager Configuration System Guide 45 Configuration Sections conffflipper Key enabled Description If set to No the traffic IP group will be disabled and none of the traffic IP addresses will be raised e From products zxtm flipper config cpp 256 e Value type Yes No e Default value Yes hash_srcport Whether or not the source port should be taken into account when deciding which traffic manager should handle a request e From products zxtm flipper config cpp 307 e Requires mode is set to multihosted e Value type Yes No e Default value No ipaddress machine Assigns a traffic IP address to a specific traffic manager while the traffic manager is operating correctly it will host the address The IP address must be one from the ipaddresses list and takes the place of the in the key name the
216. s if per_process_connection_count is Yes If per_process_connection_count is No this setting is ignored e From products zxtm Ib protection cpp 146 e Value type unsigned integer e Default value 4 note A description of the service protection class e From products zxtm lb protection cpp 51 e Value type string e Default value lt none gt per_process_connection_count Whether simultaneous connection counting and limits are per process Each Traffic Manager typically has several processes one process per available CPU core If Yes a connecting IP address may make that many connections to each process within a Traffic Manager If No a connecting IP address may make that many connections to each Traffic Manager as a whole e From products zxtm lb protection cpp 125 e Value type Yes No e Default value Yes rate_timer How frequently the max_connection_rate is assessed For example a value of 1 second will impose a limit of max_connection_rate connections per second a value of 60 will impose a limit of max_connection_rate connections per minute The valid range is 1 99999 seconds e From products zxtm lb protection cpp 201 e Value type seconds e Default value 60 rule A TrafficScript rule that will be run on the connection after the service protection criteria have been evaluated This rule will be executed prior to normal rules configured for the virtual
217. s set to unicast e Value type unsigned integer e Default value 9090 flipper use_bindip Whether or not cluster heartbeat messages should only be sent and received over the management network e From products zxtm lb flipper_settings_keys cpp 356 e Value type Yes No e Default value No flipper verbose Whether or not a traffic manager should log all connectivity tests This is very verbose and should only be used for diagnostic purposes e From products zxtm lb flipper_settings_keys cpp 246 e Value type Yes No e Default value No ftp_data_bind_low Whether or not the traffic manager should permit use of FTP data connection source ports lower than 1024 If No the traffic manager can completely drop root privileges if Yes some or all privileges may be retained in order to bind to low ports e From products zxtm lb settings cpp 958 e Value type Yes No e Default value No Brocade Virtual Traffic Manager Configuration System Guide 111 Configuration Sections conf settings cfg Key gslb verbose Description Write a message to the logs for every DNS query that is load balanced showing the source IP address and the chosen datacenter e From products zxtm lb settings cpp 1359 e Value type Yes No e Default value No http max_chunk_header_length The maximum length the header line of an HTTP chunk can have in an upload from the c
218. s used in place of the asterisk e From products zxtm lb config cpp 700 e Value type string e Default value lt none gt appliance ip ipmi errlimit Number of consecutive unexpected errors allowed from ipmitool before reporting If set to 0 all unexpected errors are reported otherwise one is reported from each consecutive series of at least that many errors DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb config cpp 723 e Value type unsigned integer e Default value 10 168 Brocade Virtual Traffic Manager Configuration System Guide conf zxtms Configuration Sections Key appliance ipv4_forwarding Description Whether or not IPv4 forwarding is enabled e From products zxtm lb config cpp 1003 e Value type Yes No e Default value No appliance ipv6_forwarding Whether or not IPv6 forwarding is enabled e From products zxtm lb config cpp 1010 e Value type Yes No e Default value No appliance licence_agreed Whether or not the license agreement has been accepted This determines whether or not the Initial Configuration wizard is displayed e From products zxtm lb config cpp 1058 e Value type Yes No e Default value No appliance manageazureroutes Whether or not the software manages the Azure policy routing e From products zxtm Ib global_cfg_keys cpp 28 e Value type Yes No e Default value
219. s will be issued e From products zxtm lb settings cpp 418 e Value type unsigned integer e Default value 500 trafficscript max_instr The maximum number of instructions a TrafficScript rule will run A rule will be aborted if it runs more than this number of instructions without yielding preventing infinite loops e From products zxtm Ib settings cpp 452 e Value type unsigned integer e Default value 100000 trafficscript memory_warning Raise an event if a TrafficScript rule requires more than this amount of buffered network data If you get such events repeatedly you may want to consider re working some of your TrafficScript rules to use less memory or to stream the data that they process rather than storing it all in memory This setting also limits the amount of data that can be returned by request GetLine e From products zxtm Ib settings cpp 402 e Value type bytes e Default value 1048576 trafficscript regex_cache_size The maximum number of regular expressions to cache in TrafficScript Regular expressions will be compiled in order to speed up their use in the future e From products zxtm lb settings cpp 474 e Value type unsigned integer e Default value 57 trafficscript regex_match_limit The maximum number of ways TrafficScript will attempt to match a regular expression at each position in the subject string before it aborts the rule and reports a Traffic
220. server e From products zxtm lb protection cpp 96 e Value type string e Default value lt none gt testing Place the service protection class into testing mode Log when this class would have dropped a connection but allow all connections through e From products zxtm lb protection cpp 65 e Value type Yes No e Default value No Brocade Virtual Traffic Manager Configuration System Guide 87 Configuration Sections conf rate conf rate The conf rate directory contains configuration files for request rate shaping classes The name of a file is the name of the rate shaping class it defines Request rate shaping classes can be configured under the Catalogs gt Rate section of the Admin Server Ul or by using functions under the Catalog Rate section of the SOAP API and CLI Key max_rate_per_minute Description Requests that are associated with this rate class will be rate shaped to this many requests per minute set to 0 to disable the limit e From products zxtm lb rate cpp 152 e Value type unsigned integer e Default value 0 max_rate_per_second Although requests will be rate shaped to the max_rate_per_minute the traffic manager will also rate limit per second This smooths traffic so that a full minute s traffic will not be serviced in the first second of the minute set this to 0 to disable the per second limit e From products zxtm lb rate cpp 1
221. service as alive e From products zxtm lb fqdn cpp 255 e Value type Yes No e Default value Yes 90 Brocade Virtual Traffic Manager Configuration System Guide conf services Configuration Sections Key autofail Description Enable Disable automatic failback mode e From products zxtm lb fqdn cpp 141 e Value type Yes No e Default value No autorecovery The last location to fail will be available as soon as it recovers e From products zxtm lb fqdn cpp 150 e Value type Yes No e Default value Yes dc weight Assign weights for each location e From products zxtm lb fqdn cpp 328 e Value type unsigned integer e Default value lt none gt disable_on_ failure Locations recovering from a failure will become disabled e From products zxtm lb fqdn cpp 159 e Value type Yes No e Default value No dnssec The domain this private key authenticates e From products zxtm lb fqdn cpp 311 e Value type list e Default value lt none gt domains The domains shown here should be a list of Fully Qualified Domain Names that you would like to balance globally Responses from the back end DNS servers for queries that do not match this list will be forwarded to the client unmodified Note may be used as a wild card e From products zxtm lb fqdn cpp 107 e Value type list e Default value lt non
222. setting for SSLv3 enabled Enable SSLv3 disabled Disable SSLv3 ssl_support_tls1 Whether or not TLSv1 0 is enabled for this virtual server Choosing the global setting means the value of configuration key ssl support_tls1 from the Global Settings section of the System tab will be enforced e From products zxtm Ib virtualserver cpp 1499 e Value type enumeration e Default value use_default e Permitted values use_default Use the global setting for TLSv1 0 enabled Enable TLSv1 0 disabled Disable TLSv1 0 Brocade Virtual Traffic Manager Configuration System Guide 161 Configuration Sections conf vservers Key ssl_support_tls1_1 Description Whether or not TLSv1 1 is enabled for this virtual server Choosing the global setting means the value of configuration key ssl support_tls1 1 from the Global Settings section of the System tab will be enforced e From products zxtm lb virtualserver cpp 1518 e Value type enumeration e Default value use_default e Permitted values use_default Use the global setting for TLSv1 1 enabled Enable TLSv1 1 disabled Disable TLSv1 1 ssl_support_tls1_2 Whether or not TLSv1 2 is enabled for this virtual server Choosing the global setting means the value of configuration key ssl support_tls1 2 from the Global Settings section of the System tab will be enforced e From products zxtm lb virtualserver cpp 1537 e Value type enumeration e Default valu
223. settings cpp 1008 e Value type string e Default value etc hosts dns hostsfirst Whether or not to try reading the dns hosts file before calling gethostbyname This config key exists for testing purposes only DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1030 e Value type Yes No e Default value No Brocade Virtual Traffic Manager Configuration System Guide 105 Configuration Sections conf settings cfg Key dns max_ttl Description Maximum Time To Live expiry time for entries in the DNS cache e From products zxtm lb settings cpp 979 e Value type seconds e Default value 86400 dns maxasynctries How often to send DNS request packets before giving up DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1000 e Value type unsigned integer e Default value 2 dns min_ttl Minimum Time To Live expiry time for entries in the DNS cache e From products zxtm lb settings cpp 972 e Value type seconds e Default value 86400 dns negative_expiry Expiry time for failed lookups in the DNS cache e From products zxtm lb settings cpp 986 e Value type seconds e Default value 60 dns resolv The location of the resolv conf file DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1016 e Value type string e Default va
224. signed to them e From products zxtm flipper config cpp 216 e Value type list e Default value lt none gt conf groups Files in the conf groups directory define the permission groups configured for administrative access to the software The name of a file is the name of the group it defines Permission groups can be managed under the System gt Users section of the Admin Server UI Each group will contain a list of configuration keys with names that mostly correspond to pages in the Admin Server UI These may have values of either none ro read only this is the default or full Some permissions have sub permissions these are denoted by following the parent permission name with an exclamation mark followed by the sub permission name The built in admin group has a special permission key of all with the value full this cannot be altered for the admin group but can be used in other group configuration files to change the default permission level for the group 48 Brocade Virtual Traffic Manager Configuration System Guide conf groups Configuration Sections Key description Description A description for the group e From products zxtm lb balancer cpp 162 e Value type string e Default value lt none gt password_expire_time Members of this group must renew their passwords after this number of days To disable password expiry for the group set this to 0 zero Note that this settin
225. sk and appliance routes if e From products zxtm lb config cpp 940 e Value type string e Default value lt none gt appliance routes if One of the keys used to specify a route The IP of the route destination is used in place of the asterisk and the value is the network interface to configure for the route See also appliance routes mask and appliance routes gw e From products zxtm lb config cpp 957 e Value type string e Default value lt none gt appliance routes mask One of the keys used to specify a route The IP of the route destination is used in place of the asterisk and the value is the netmask to apply to the IP See also appliance routes gw and appliance routes if e From products zxtm lb config cpp 923 e Value type string e Default value lt none gt appliance searchdomains The search domains the appliance should use and place in etc resolv conf e From products zxtm lb config cpp 865 e Value type string e Default value lt none gt appliance shim clientid The client ID provided by the portal for this server e From products zxtm lb config cpp 1117 e Requires appliance shim mode is set to portal local case insensitive e Value type string e Default value lt none gt appliance shim clientkey The client key provided by the portal for this server e From products zxtm Ib config cpp 1129
226. ss A helper process did not properly acknowledge a control request confrepfailed Replication of configuration has failed confreptimeout Replication of configuration has timed out Replication of configuration has timed out dnszonecreaterecord The built in DNS server has failed to create a DNS record dnszoneparse The built in DNS server has failed to parse a DNS zone file dnszonevalidate The built in DNS server has failed to validate a DNS zone file ec2dataretrievalfailed Traffic manager failed to get the required data from Amazon servers Traffic manager failed to get the required data from Amazon servers ec2dataretrievalsuccessful Traffic manager has now successfully retrieved the required data from Amazon servers Traffic manager has now successfully retrieved the required data from Amazon servers fewfreefds Running out of free file descriptors There are few free file descriptors remaining this machine will soon become unable to establish new connections See the manual for information on tuning to correct this fipsfailinit FIPS 140 2 cryptographic module initialization failed A failure occurred when loading or during power up testing of the FIPS 140 2 cryptographic module fipsfailops FIPS 140 2 cryptographic module operations failed Unable to fully enable or retain the context for valid use of the FIPS 140 2 cryptographic module in the Traffic Manager geodataloadfail Failed
227. st e Default value lt none gt rules_on_connect Only applicable for Client First Generic Protocol Allows Virtual Traffic Manager to execute rules on a client connects without waiting for data from the client DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm Ib virtualserver cpp 259 e Value type Yes No e Default value No serverfirst_banner If specified the traffic manager will use the value as the banner to send for server first protocols such as POP SMTP and IMAP This allows rules to use the first part of the client data such as the username to select a pool e From products zxtm lb virtualserver cpp 1183 e Value type string e Default value lt none gt sip_dangerous_requests The action to take when a SIP request with body data arrives that should be routed to an external IP e From products zxtm lb virtualserver cpp 1152 e Value type enumeration e Default value node e Permitted values node Send the request to a back end node forbid Send a 403 Forbidden response to the client forward Forward the request to its target URI dangerous Brocade Virtual Traffic Manager Configuration System Guide 155 Configuration Sections conf vservers Key sip_follow_route Description Should the virtual server follow routing information contained in SIP requests If set to No requests will be routed to the chosen back end node regardless of thei
228. st HTTP request e From products zxtm monitor monitor_http cpp 41 e Requires type is set to http e Value type string e Default value lt none gt path The path to use in the test HTTP request This must be a string beginning with a forward slash e From products zxtm monitor monitor_http cpp 52 e Requires type is set to http e Value type string e Default value status_regex A regular expression that the HTTP status code must match If the status code doesn t matter then set this to match anything e From products zxtm monitor monitor_http cpp 78 e Requires type is set to http e Value type string e Default value 234 0 9 0 9 Additional keys used when type is program arg The arguments that will be passed to the program For example to specify the argument foo bar as part of the program s command line you set the key arg foo to the value bar e From products zxtm monitor monitor_program cpp 44 e Requires type is set to program e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 67 Configuration Sections conf monitors Key describe Description A description for the argument specified in place of the character For example to describe the argument in the example for arg you could specify the description as the value for the key describe
229. t logs The filename can contain macros which will be expanded by the traffic manager to generate the full filename e From products zxtm lb virtualserver cpp 1898 e Requires log enabled is set to Yes e Value type string e Default value zeushome zxtm log v log log format The log file format This specifies the line of text that will be written to the log file when a connection to the traffic manager is completed Many parameters from the connection can be recorded using macros e From products zxtm lb virtualserver cpp 1914 e Requires log enabled is set to Yes e Value type string e Default value h 1 u t Yr s Yb Referer i User agent i log save_all Whether to log all connections by default or log no connections by default Specific connections can be selected for addition to or exclusion from the log using the TrafficScript function requestlog include e From products zxtm lb virtualserver cpp 1881 e Value type Yes No e Default value Yes log server_connection_failures Should the virtual server log failures occurring on connections to nodes e From products zxtm lb virtualserver cpp 507 e Value type Yes No e Default value No log session_persistence_verbose Should the virtual server log session persistence events e From products zxtm lb virtualserver cpp 525 e Value type Yes No e Default value No
230. t this value to 0 in a benchmarking or performance critical environment e From products zxtm lb settings cpp 1325 e Value type unsigned integer e Default value 500 Brocade Virtual Traffic Manager Configuration System Guide 121 Configuration Sections conf settings cfg Key recent_conns_retain_time Description The amount of time for which snapshots will be retained on the Connections page e From products zxtm lb settings cpp 1335 e Value type seconds e Default value 60 recent_conns_snapshot_size The maximum number of connections each traffic manager process should show when viewing a snapshot on the Connections page This value includes both currently active connections and saved connections If set to 0 all active and saved connection will be displayed on the Connections page e From products zxtm lb settings cpp 1350 e Value type unsigned integer e Default value 500 replicate_timeout Configuration replication between traffic managers timeout DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 827 e Value type seconds e Default value 10 restlauth_timeout The length of time after a successful request that the authentication of a given username and password will be cached for an IP address A setting of 0 disables the cache forcing every REST request to be authenticated which will adversely affect performa
231. ta frame sent has at least a 9 byte header in addition to this frame size prepended to it e From products zxtm lb virtualserver cpp 710 e Value type bytes e Default value 4096 http2 enabled This setting allows the HTTP 2 protocol to be used by a HTTP virtual server Unless use of HTTP 2 is negotiated by the client the virtual server will fall back to HTTP 1 x automatically e From products zxtm lb virtualserver cpp 658 e Value type Yes No e Default value Yes http2 header_table_size This setting controls the amount of memory allowed for header compression on each HTTP 2 connection e From products zxtm lb virtualserver cpp 667 e Value type bytes e Default value 4096 http2 headers_index_blacklist A list of header names that should never be compressed using indexing e From products zxtm lb virtualserver cpp 801 e Value type list e Default value lt none gt http2 headers_index_default The HTTP 2 HPACK compression scheme allows for HTTP headers to be compressed using indexing Sensitive headers can be marked as never index which prevents them from being compressed using indexing When this setting is Yes only headers included in http2 headers_index_blacklist are marked as never index When this setting is No all headers will be marked as never index unless they are included in http2 headers_index_whitelist e From products zxtm lb
232. tains any machines locmovemachine Machine now in location Event tags for object type monitors monitorfail Monitor has detected a failure monitorok Monitor is working Event tags for object type pools apichangeprocesshanging API change process still running after refractory period is over autonodecreationcomplete The creation of a new node requested by an autoscaled pool is now complete autonodecreationstarted Creation of new node instigated autonodedestroyed A cloud API call to destroy a node has been started autonodedestructioncomplete The destruction of a node in an autoscaled pool is now complete autonodedisappeared A node in an autoscaled pool has disappeared from the cloud autonodeexisted IP address of newly created instance already existed in pool s node list The autoscaler has been informed about the completion of an instance creation in the cloud but unexpectedly a node with the same ip address already existed in the pool s node list autonodenopublicip Node has no public IP address We want the public IP but it is unset autonoderemoved A node in an DNS derived autoscaled pool has been removed autonodestatuschange The status of a node in an autoscaled pool has changed The status of a node in an autoscaled pool has changed This can be for instance a node moving from the pending state when it is still being created finalized in the cloud environme
233. te depending on which key is in the file Client keys keys can be managed under the Catalogs gt SSL gt Client Certs section of the Admin Server UI or by using functions under the Catalog SSL ClientCertificates section of the SOAP API and CLI Key Description There are no items to display for this configuration type conf sslldnssec_keys Config for DNSSEC private keys Contains the keys id and algorithm followed by a RSA key block Other key types can be converted using our cert tool 138 Brocade Virtual Traffic Manager Configuration System Guide conf ssl server_keys Configuration Sections Key Description There are no items to display for this configuration type conf ssl server_keys The conf ssl server_keys directory contains SSL public and private key files for use with virtual servers that have ssl_decrypt enabled For each key managed by the software there will be two files the file names give the name of the SSL keypair followed by public or private depending on which key is in the file If a keypair was generated by the software there will also be a corresponding request file which can be used to have your key signed by a CA Server keys can be managed under the Catalogs gt SSL gt Server Certs section of the Admin Server UI or by using functions under the Catalog SSL Certificates section of the SOAP API and CLI Key Description There are no items to display for this configuration type
234. te on which the corresponding request arrived Note that this applies only to the last hop of the route the behaviour of upstream routers cannot be altered by the traffic manager e From products zxtm Ib settings cpp 3053 e Value type Yes No e Default value No appliance returnpath ipv4 The MAC address to IPv4 address mapping of a router the software is connected to The asterisk in the key name is the MAC address the value is the IP address e From products zxtm lb settings cpp 3065 e Value type string e Default value lt none gt appliance returnpath ipv6 The MAC address to IPv6 address mapping of a router the software is connected to The asterisk in the key name is the MAC address the value is the IP address e From products zxtm lb settings cpp 3077 e Value type string e Default value lt none gt aptimizer bandwidth_limit How many Mb of data aptimizer is allowed to process in a second DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2827 e Value type unsigned integer e Default value 100 aptimizer cache_entry_lifetime The period of time in seconds that unaccessed cache entries will be retained by aptimizer DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 2919 e Value type unsigned integer e Default value 86400 aptimizer cache_entry_limit The maximum
235. tem Guide 81 Configuration Sections conf pools Key ssl_server_name Description Whether or not the software should use the TLS 1 0 server_name extension which may help the back end node provide the correct certificate Enabling this setting will force the use of at least TLS 1 0 e From products zxtm lb pool_config cpp 664 e Value type Yes No e Default value No ssl_signature_algorithms The SSL signature algorithms preference list for SSL connections from this pool using TLS version 1 2 or higher Leaving this empty will make the pool use the globally configured preference list ssl signature_algorithms in the Global Settings section of the System tab See there for how to specify SSL signature algorithms e From products zxtm lb pool_config cpp 518 e Value type string e Default value lt none gt ssl_strict_verify Whether or not strict certificate verification should be performed This will turn on checks to disallow server certificates that don t match the server name ora name in the ssl_common_name_match list are self signed expired revoked or have an unknown CA e From products zxtm lb pool_config cpp 638 e Value type Yes No e Default value No ssl_support_ssl2 Whether or not SSLv2 is enabled for this pool Choosing the global setting means the value of the configuration key ssl support_ssl2 from the Global Settings section of the System tab will be enforce
236. tings_keys cpp 204 e Value type Yes No e Default value Yes 108 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key flipper cache_arpfd Description Whether or not the traffic manager should cache the ARP socket for sending ARP packets faster DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb flipper_settings_keys cpp 364 e Value type Yes No e Default value Yes flipper frontend_check_addrs The IP addresses used to check front end connectivity The text gateway will be replaced with the default gateway on each system Set this to an empty string if the traffic manager is on an Intranet with no external connectivity e From products zxtm lb flipper_settings_keys cpp 325 e Value type list e Default value gateway flipper heartbeat_method The method traffic managers should use to exchange cluster heartbeat messages e From products zxtm lb flipper_settings_keys cpp 255 e Value type enumeration e Default value unicast e Permitted values multicast multicast unicast unicast flipperligmp_interval The interval between unsolicited periodic IGMP Membership Report messages for Multi Hosted Traffic IP Groups e From products zxtm lb flipper_settings_keys cpp 398 e Value type seconds e Default value 30 flipper max_tentative_failures The number of times the s
237. tion on or off e From products zxtm lb wax cpp 39 e Value type enumeration e Default value active e Permitted values idle Off Acceleration is disabled but requests for Aptimizer resources are served stealth Stealth Acceleration is controlled by a cookie active On Aptimizer acceleration is enabled show_info_bar Show the Aptimizer information bar on aptimized web pages This requires HTML optimization to be enabled in the Acceleration settings e From products zxtm lb wax cpp 49 e Value type Yes No e Default value No conf aptimizer scopes Priority should be higher than that of virtual servers Key canonical_hostname Description If the hostnames for this scope are aliases of each other the canonical hostname will be used for requests to the server e From products zxtm lb scope cpp 34 e Value type string e Default value lt none gt hostnames The hostnames to limit acceleration to e From products zxtm lb scope cpp 44 e Value type list e Default value lt none gt root The root path of the application defined by this application scope e From products zxtm lb scope cpp 23 e Value type string e Default value Brocade Virtual Traffic Manager Configuration System Guide 17 Configuration Sections conf auth conf auth The conf auth directory contains configuration files for remote authentication s
238. tions conf settings cfg Key statd write_interval Description The interval between writes of the statd logs and syncs in the cluster DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 296 e Value type unsigned integer e Default value 300 state_sync_time How often to propagate the session persistence and bandwidth information to other traffic managers in the same cluster Set this to 0 zero to disable propagation Note that a cluster using unicast heartbeat messages cannot turn off these messages e From products zxtm Ib settings cpp 2550 e Value type seconds e Default value 3 state_sync_timeout The maximum amount of time to wait when propagating session persistence and bandwidth information to other traffic managers in the same cluster Once this timeout is hit the transfer is aborted and a new connection created e From products zxtm Ib settings cpp 2562 e Value type seconds e Default value 6 tip_class_limit The maximum number of Traffic IP Groups that can be created e From products zxtm lb settings cpp 384 e Value type unsigned integer e Default value 10000 track _unknown_users Whether to remember past login attempts from usernames that are not known to exist should be set to No for an Admin Server accessible from the public Internet This does not affect the audit log e From products zxtm lb
239. tive interface or by using functions under the Catalog Kerberos Keytabs section of the SOAP API and CLI Key Description There are no items to display for this configuration type conf kerberos krb5confs The conf kerberos krb5confs directory contains krb5 conf configuration files for Kerberos principals the traffic manager can use to perform Kerberos operations These are provided to provide raw control of the kerberos library should it be neccessary to enable operations the standard configuration cannot achieve krb5 conf files can be managed under the Catalogs gt Kerberos gt Kerberos Configuration Files section of the administrative interface or by using functions under the Catalog Kerberos KRB5confs section of the SOAP API and CLI Key Description There are no items to display for this configuration type Brocade Virtual Traffic Manager Configuration System Guide 61 Configuration Sections conf kerberos principals conf kerberos principals The conf kerberos principals directory contains configuration files for Kerberos principals the traffic manager can use to perform Kerberos operations The name of a file is the name of the Kerberos principal it defines Kerberos principals can be configured under the Catalogs gt Kerberos Principals section of the administrative interface or by using functions under the Catalog Kerberos Principals section of the SOAP API and CLI Key Description kdcs A list of
240. to choose an interface to raise a Traffic IP on e From products zxtm flipper config cpp 658 e Value type list e Default value lt none gt uid The user ID that the software s worker processes will run as For example on typical Linux installations this could be set to 65534 for the unprivileged nobody user e From products zxtm lb config cpp 141 e Value type string e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 183 Configuration Sections conf zxtms Key updateControlCenterPort Description The Application Firewall Updater GUI Backend Port this port is used on localhost only e From products zxtm lb config cpp 1462 e Value type unsigned integer e Default value 0 updateExternControlCenterPort The Application Firewall Updater External Control Center Port this port is used on localhost only e From products zxtm lb config cpp 1447 e Value type unsigned integer e Default value 8091 updateGUIServerPort The Application Firewall Updater GUI Server Port this port is used on localhost only e From products zxtm lb config cpp 1433 e Value type unsigned integer e Default value 0 updaterIP The Application Firewall Updater IP e From products zxtm lb config cpp 1510 e Value type string e Default value 0 0 0 0 184 Brocade Virtual Traffic Manager Conf
241. to load geolocation data licensetoomanylocations A location has been disabled because you have exceeded the licence limit Brocade Virtual Traffic Manager Configuration System Guide 35 Configuration Sections conf events Event Tag Description logdiskfull Log disk partition full Log disk partition full logdiskoverload Log disk partition usage has exceeded threshold Log disk partition usage has exceeded threshold nameserveravailable DNS derived Autoscaling will resume updating as the DNS server is now responding DNS derived Autoscaling will resume updating as the DNS server is now responding nameserverunavailable DNS derived Autoscaling will not update as the DNS server is unavailable DNS derived Autoscaling will not update as the DNS server is unavailable numlocations exceeded Total number of locations exceeded the maximum limit numnodes exceeded Total number of nodes exceeded the maximum number of nodes that can be monitored numpools exceeded Total number of pools exceeded the maximum limit numtipg exceeded Total number of traffic IP group exceeded the maximum limit ocspstaplingfail OCSP request for OCSP stapling failed An OCSP request for a certificate to be used for OCSP stapling has failed The error log line contains the name of the certificate and the URL to which the request was made ocspstaplingnomem Insufficient memory for OCSP stapling
242. ts zxtm monitor monitor_rtsp cpp 40 e Requires type is set to rtsp e Value type string e Default value 234 0 9 0 9 68 Brocade Virtual Traffic Manager Configuration System Guide conf monitors Configuration Sections Key Description Additional keys used when type is sip sip_body_regex The regular expression that the SIP response body must match e From products zxtm monitor monitor_sip cpp 76 e Requires type is set to sip e Value type string e Default value lt none gt sip_status_regex The regular expression that the SIP response status code must match e From products zxtm monitor monitor_sip cpp 67 e Requires type is set to sip e Value type string e Default value 4 234 0 9 0 9 sip_transport Which transport protocol the SIP monitor will use to query the server e From products zxtm monitor monitor_sip cpp 84 e Requires type is set to sip e Value type enumeration e Default value udp e Permitted values udp UDP tcp TCP Additional keys used when type is tcp_transaction close_string An optional string to write to the server before closing the connection e From products zxtm monitor monitor_tcp_transaction cpp 56 e Requires type is set to tcp_transaction e Value type string e Default value lt none gt response_regex A regular expression to match against the response from the server e From
243. ual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key max_login_external Description Whether or not usernames blocked due to the max_login_attempts limit should also be blocked from authentication against external services such as LDAP and RADIUS e From products zxtm lb settings cpp 701 e Value type Yes No e Default value No max_login_suspension_time The number of minutes to suspend users who have exceeded the max_login_attempts limit e From products zxtm lb settings cpp 714 e Value type unsigned integer e Default value 15 maxfds The maximum number of file descriptors that your traffic manager will allocate e From products zxtm Ib settings cpp 916 e Value type unsigned integer e Default value 1048576 min_alpha_chars Minimum number of alphabetic characters a password must contain Set to 0 to disable this restriction e From products zxtm lb settings cpp 2654 e Value type unsigned integer e Default value 0 min_numeric_chars Minimum number of numeric characters a password must contain Set to 0 to disable this restriction e From products zxtm lb settings cpp 2678 e Value type unsigned integer e Default value 0 min_password_length Minimum number of characters a password must contain Set to 0 to disable this restriction e From products zxtm lb sett
244. ucts contact Riverbed Support or your channel partner who provides support To contact Riverbed Support opena trouble ticket by calling 1 888 BROCADE 1 888 276 2233 in the United States and Canada or 1 408 333 4300 outside the United States You can also go to https support riverbed com Professional services Brocade has a staff of professionals who can help you with installation provisioning network redesign project management custom designs consolidation project design and custom coded solutions To contact Riverbed Professional Services email ProfessionalServicesPartner brocade com or go to http www riverbed com services training Services Training html Documentation The Brocade Technical Publications team continually strives to improve the quality and usability of Brocade documentation Brocade appreciates any suggestions you might have about its online documentation or printed materials Send documentation comments to TechPubsMBObrocade com Brocade Virtual Traffic Manager Configuration System Guide 3 Preface Contacting Brocade 4 Brocade Virtual Traffic Manager Configuration System Guide cHapter1 Introduction This chapter provides an introduction to the Traffic Manager configuration system This chapter contains the following sections Purpose of this Guide on page 5 The Traffic Manager Configuration File System on page 6 m The Effect of Location Support when using Multi Site Cluster
245. ue type Yes No e Default value No add_x_forwarded_proto Whether or not the virtual server should add an X Forwarded Proto header to the request that contains the original protocol used by the client to connect to the traffic manager e From products zxtm lb virtualserver cpp 586 e Value type Yes No e Default value No address The addresses on which to listen for incoming connections e From products zxtm lb virtualserver cpp 145 e Value type list e Default value Brocade Virtual Traffic Manager Configuration System Guide 141 Configuration Sections conf vservers Key aptimizer enabled Description Whether the virtual server should aptimize web content e From products zxtm lb virtualserver cpp 1848 e Value type Yes No e Default value No aptimizer profile urls The application scopes for which to apply a particular acceleration profile e From products zxtm lb virtualserver cpp 1857 e Value type list e Default value lt none gt auto_upgrade_protocols A case insensitive list of HTTP Upgrade header values that will trigger the HTTP connection upgrade auto detection DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb virtualserver cpp 647 e Value type list e Default value websocket autodetect_upgrade_headers Whether the traffic manager should check for HTTP responses that conf
246. ues none ro or full Alerting Event_Types Alerting gt Event Types Permitted values none ro or full Alerting Event_Types Edit Alerting gt Event Types gt Edit Permitted values none ro or full AFM Application Firewall Permitted values none ro or full AFM Admin Application Firewall gt Administration Permitted values none or full Backup Backups Permitted values none ro or full Backup Config_Difference Backups gt Compare Permitted values none ro or full Backup Edit Backups gt Edit Permitted values none ro or full Backup Partial Backups gt Partial Permitted values none ro or full Fault_Tolerance Fault Tolerance Permitted values none ro or full Fault_Tolerance BGP_Neighbors Fault Tolerance gt BGP Neighbors Permitted values none ro or full Fault_Tolerance BGP_Neighbors Edit Fault Tolerance gt BGP Neighbors gt Edit Permitted values none ro or full Global_Settings Global Settings Permitted values none ro or full Global_Settings Restore_Defaults Global Settings gt Restore Defaults Permitted values none ro or full License_Keys Licenses Permitted values none ro or full 58 Brocade Virtual Traffic Manager Configuration System Guide conf groups Configuration Sections Key License_Keys InstallNew Description Licenses gt
247. used for Route Health Injection has had a major failure and will be restarted routingswfailurelimitreached Routing software has failed and reached its failure limit The maximum number of failures in a set period has been reached by the routing software stack used for Route Health Injection routingswoperational Routing software is now operational The routing software stack used for Route Health Injection has started routingswstartfailed Routing software failed to start The routing software stack used for Route Health Injection failed to start within the allowed time statebaddata Received an invalid response from another cluster member An incorrectly formatted session persistence state message was received for example version incompatibility between traffic managers statecomnfail Failed to connect to another cluster member for state sharing The traffic manager failed to establish the connection used for session persistence state sharing stateok Successfully connected to another cluster member for state sharing statereadfail Reading state data from another cluster member failed The traffic manager failed to read session persistence information from another traffic manager statetimeout Timeout while sending state data to another cluster member Another traffic manager in the cluster failed to respond to a session persistence state message within 2 state_sy
248. ustom Custom configuration sets store arbitrary named values These values can be read by SOAP or REST clients stringlist Named list of user specified strings e From products zxtm lb custom_conf cpp 37 e Value type list e Default value lt none gt conf dnsserver zonefiles The conf dnsserver zonefiles directory contains files that define DNS zones There are no items to display for this configuration type 28 Brocade Virtual Traffic Manager Configuration System Guide conf dnsserver zones Configuration Sections conf dnsserver zones The conf dnsserver zones file contains zone metadata Key origin Description The domain origin of this Zone e From products zxtm lb dns_config cpp 79 e Value type string e Default value lt none gt zonefile The Zone File encapsulated by this Zone e From products zxtm Ib dns_config cpp 91 e Value type string e Default value lt none gt conf events The conf events directory contains configuration files that tie actions to a set of events In the web UI this functionality is controlled using the System gt Alerting and System gt Alerting gt Event Types pages The configuration files in conf events represent the functionality configured on both these pages The name of the configuration files are the Event Type names as shown in the UI In the SOAP API and CLI this is managed in the Alerting EventType section
249. ventd eventhandler cpp 91 e Value type list e Default value lt none gt type object_names This key can be used to restrict the events that will trigger the configured actions to ones raised by objects with specific names filenames The asterisk in the key must be replaced by an object type matching one that has also been used in a type lt object type gt event_tags key The value is a list containing the names of objects of the type specified in the key If this key is not specified then the default value of asterisk is assumed which means to subscribe to events from all objects of the given type The following example sends email alert whenever the virtual server named Very Important starts or stops actions E Mail typelvserverslevent_tags vsstart vsstop type vservers object_names Very Important If this is in a file named conf events VSStartStop then on the System gt Alerting UI page a mapping will be shown associating the event type VSStartStop with the action E Mail See type levent_tags for additional information e From products zxtm eventd eventhandler cpp 123 e Value type list e Default value lt none gt Event tags by object type Event Tag Description Event tags for object type cloudcredentials apistatusprocesshanging A cloud API process querying changes to cloud instances is hanging autoscaleresponseparseerror An API call made by the autoscaler process h
250. ver http 169 254 169 254 latest meta data for example e From products zxtm lb flipper_settings_keys cpp 84 e Value type string e Default value lt none gt ec2 query_server URL for the Amazon EC2 endpoint https ec2 amazonaws com for example e From products zxtm lb flipper_settings_keys cpp 57 e Value type string e Default value lt none gt ec2 secret_access_key Amazon EC2 Secret Access Key e From products zxtm lb flipper_settings_keys cpp 43 e Value type password e Default value lt none gt ec2 verify_query_server_cert Whether to verify Amazon EC2 endpoint s certificate using CA s present in SSL Certificate Authorities Catalog e From products zxtm lb flipper_settings_keys cpp 69 e Value type Yes No e Default value No ec2 vpc_decluster_on_stop Whether to decluster the traffic manager running inside vpc when the instance stops DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 3135 e Value type Yes No e Default value No Brocade Virtual Traffic Manager Configuration System Guide 107 Configuration Sections conf settings cfg Key errlevel Description The minimum severity of events alerts that should be logged to disk ERR_INFO will log all events a higher severity setting will log fewer events More fine grained control can be achieved using events and actions in t
251. ver loads DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb pool_config cpp 143 e Value type unsigned integer e Default value 20 load_balancing responsetime per cent The percent that two response times must differ by before they are treated as different DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb pool_config cpp 137 e Value type unsigned integer e Default value 5 load_balancing weighting Weights for each node in the pool The actual values in isolation do not matter as long as they are valid integers the per node weightings are calculated on their relative values between the nodes The key should be specified once per node with the node identifier lt ip gt lt port gt replacing the in each instance e From products zxtm lb pool_config cpp 131 e Value type int e Default value lt none gt Brocade Virtual Traffic Manager Configuration System Guide 77 Configuration Sections conf pools Key max_connect_time Description How long the pool should wait for a connection to a node to be established before giving up and trying another node e From products zxtm lb pool_config cpp 172 e Value type seconds e Default value 4 max_connection_attempts The maximum number of nodes to which the traffic manager will attempt to send a request before returning an error to the client Requests that are non retryable
252. ware slot to use e From products zxtm lb settings cpp 1818 e Value type enumeration e Default value operator e Permitted values operator Operator Card Set softcard Soft Card module Module Protected ssld driver pkcs11_user_pin The User PIN for the PKCS token PKCS 11 devices only e From products zxtm lb settings cpp 1806 e Value type password e Default value lt none gt ssld failure_count The number of consecutive failures from the SSL hardware that will be tolerated before the traffic manager assumes its session with the device is invalid and tries to log in again This is necessary when the device reboots following a power failure e From products zxtm Ib settings cpp 1757 e Value type unsigned integer e Default value 5 ssld libdir Additional library search paths required by the device library DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1720 e Value type string e Default value lt none gt 130 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key Description ssld library The type of SSL hardware to use The drivers for the SSL hardware should be installed and accessible to the traffic manager software e From products zxtm lb settings cpp 1694 e Value type enumeration e Default value none e Permitted values none None pkcs11 PKCS 11 e g
253. will be attempted against only one node Zero signifies no limit e From products zxtm lb pool_config cpp 192 e Value type unsigned integer e Default value 0 max_connections_pernode The maximum number of concurrent connections allowed to each back end node in this pool per machine A value of 0 means unlimited connections e From products zxtm lb pool_config cpp 342 e Value type unsigned integer e Default value 0 max_idle_connections_pernode The maximum number of unused HTTP keepalive connections that should be maintained to an individual node Zero signifies no limit e From products zxtm lb pool_config cpp 253 e Value type unsigned integer e Default value 50 max_queue_size The maximum number of connections that can be queued due to connections limits A value of 0 means unlimited queue size e From products zxtm lb pool_config cpp 353 e Value type unsigned integer e Default value 0 max_reply_time How long the pool should wait for a response from the node before either discarding the request or trying another node retryable requests only e From products zxtm lb pool_config cpp 181 e Value type seconds e Default value 30 max_timed_out_connection_atte mpts The maximum number of connection attempts the traffic manager will make where the server fails to respond within the time limit defined by the max_reply_time setting Zero signif
254. will not trigger an SNMP trap slmrecoveredserious SLM has risen above the serious threshold The percentage of requests that meet this monitor s criteria has risen above the serious threshold The percentage was below the serious threshold at the previous check slmrecoveredwarn SLM has recovered The percentage of requests that meet this monitor s criteria has risen above the warning threshold The percentage was below the warning threshold at the previous check Event tags for object type sslhw sslhwfail SSL hardware support failed SSL hardware support has stopped with an error sslhwrestart SSL hardware support restarted sslhwstart SSL hardware support started Event tags for object type vservers Brocade Virtual Traffic Manager Configuration System Guide 43 Configuration Sections conf events Event Tag Description connerror A protocol error has occurred connfail A socket connection failure has occurred dnsaddzone The built in DNS server has successfully added a DNS zone dnserroraddzone The built in DNS server has failed to add a DNS zone dnserrordeletezone The built in DNS server has failed to delete a DNS zone dnssecexpired DNSSEC zone contains expired signatures DNSSEC zone contains expired signatures dnssecexpires DNSSEC zone contains signatures that are about to expire DNSSEC zone contains signatures that are about to expire dnszonedelete DNS zon
255. x_mallocs Description How many times to attempt to malloc space for a cache URL before giving up 0 means never give up DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1663 e Value type unsigned integer e Default value 256 webcache url_store_num_bins The number of bins to use for the URL store 0 means no binning DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 1671 e Value type unsigned integer e Default value 64 webcache verbose Add an X Cache Info header to every HTTP response showing whether the request and or the response was cacheable e From products zxtm lb settings cpp 1543 e Value type Yes No e Default value No conf slm The conf slm directory contains configuration files for service level monitoring SLM classes The name of a file is the name of the SLM class it defines SLM classes can be configured under the Catalogs gt SLM section of the Admin Server UI or by using functions under the Catalog SLM section of the SOAP API and CLI Key Description note A description for the SLM class e From products zxtm lb slm_config cpp 15 e Value type string e Default value lt none gt response_time Responses that arrive within this time limit expressed in milliseconds are treated as conforming e From products zxtm lb slm_config cpp 22 e Value type unsign
256. xed cyclic Cyclic dns verbose Whether or not the DNS Server should emit verbose logging This is useful for diagnosing problems e From products zxtm lb virtualserver cpp 2052 e Value type Yes No e Default value No dns zones The DNS zones e From products zxtm lb virtualserver cpp 2044 e Value type list e Default value lt none gt enabled Whether the virtual server is enabled e From products zxtm lb virtualserver cpp 122 e Value type Yes No e Default value No error_file Specify how the traffic manager should respond to the client when an internal or backend error is detected In addition to sending custom or default error pages the traffic manager can be instructed to close the connection without returning a response Custom error pages can be uploaded via the Extra Files catalog page e From products zxtm lb virtualserver cpp 544 e Value type string e Default value Default 144 Brocade Virtual Traffic Manager Configuration System Guide conf vservers Configuration Sections Key ftp ssl_data Description Use SSL on the data connection as well as the control connection if not enabled it is left to the client and server to negotiate this e From products zxtm lb virtualserver cpp 1578 e Requires ssl_decrypt is set to Yes e Value type Yes No e Default value Yes ftp_data_source_port Th
257. ype enumeration e Default value singlehosted e Permitted values singlehosted Raise each address on a single machine Single Hosted mode multihosted Raise each address on every machine in the group Multi Hosted mode IPv4 only rhi Use route health injection to route traffic to the active machine IPv4 only ec2elastic Use an EC2 Classic Elastic IP address ec2vpcelastic Use an EC2 VPC Elastic IP address ec2vpcprivate Use an EC2 VPC Private IP address multicast The multicast IP address used to duplicate traffic to all traffic managers in the group e From products zxtm flipper config cpp 294 e Requires mode is set to multihosted e Value type string e Default value lt none gt note A note used to describe this Traffic IP Group e From products zxtm flipper config cpp 138 e Value type string e Default value lt none gt rhi_bgp_metric_base The base BGP routing metric for this Traffic IP group This is the advertised routing cost for the active traffic manager in the cluster It can be used to set up inter cluster failover e From products zxtm flipper config cpp 357 e Requires mode is set to rhi e Value type unsigned integer e Default value 10 rhi_bgp_passive_metric_offset The BGP routing metric offset for this Traffic IP group This is the difference between the advertised routing cost for the active and passive traffic manager in the cluster e From
258. ype will be logged to the main event log DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm eventd eventhandler cpp 175 e Value type Yes No e Default value Yes note A description of this event type e From products zxtm eventd eventhandler cpp 153 e Value type string e Default value lt none gt 30 Brocade Virtual Traffic Manager Configuration System Guide conff events Configuration Sections Key Description typel levent_tags This key is used to specify the object types and event tags that will trigger the configured actions The object type is specified in place of the asterisk in the key name The key can be used multiple times in a configuration file to subscribe to events from multiple object types The value can be asterisk to subscribe to all events raised by the specified object type or can be a list of specific event tags refer to the table in the conf events section documentation for a list of all object types and event tags The following example sends an email alert when any virtual server starts or stops actions E Mail typelvserverslevent_tags vsstart vsstop type vservers lobject_names If this is in a file named conf events VSStartStop then on the System gt Alerting Ul page a mapping will be shown associating the event type VSStartStop with the action E Mail See type object_names for additional information e From products zxtm e
259. ze The maximum number of entries in the global universal session cache This is used for storing session mappings for universal session persistence Approximately 100 bytes will be pre allocated per entry e From products zxtm lb settings cpp 1443 e Value type unsigned integer e Default value 32768 usagetracking enabled Whether or not to report usage information Usage Tracking DO NOT SET OR MODIFY THIS KEY MANUALLY e From products zxtm lb settings cpp 587 e Value type Yes No e Default value Yes webcachelavg_path_length The estimated average length of the path including query string for resources being cached An amount of memory equal to this figure multiplied by max_file_num will be allocated for storing the paths for cache entries This setting can be increased if your web site makes extensive use of long URLs e From products zxtm Ib settings cpp 1591 e Value type unsigned integer e Default value 512 134 Brocade Virtual Traffic Manager Configuration System Guide conf settings cfg Configuration Sections Key Description webcache blocksize The size of the blocks of shared memory that are allocated for the content cache Every entry in the content cache will use at least this amount of memory You can specify the number of bytes kB or MB Unless you know that you are serving almost exclusively very small or very large files there is no reason to change this v
Download Pdf Manuals
Related Search