'\" te .\" Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. .TH ilbadm 1M "30 Jul 2010" "SunOS 5.11" "System Administration Commands" .SH NAME ilbadm \- establish and manipulate load balancing rules .SH SYNOPSIS .LP .nf \fBilbadm\fR create-rule [\fB-e\fR] [\fB-p\fR] \fB-i\fR vip=\fIvalue\fR,port=\fIvalue\fR[,protocol=\fIvalue\fR] \fB-m\fR lbalg=\fIvalue\fR,type=\fIvalue\fR[,proxy-src=\fIip-range\fR][,pmask=\fImask\fR] [\fB-h\fR hc-name=\fIvalue\fR[,hc-port=\fIvalue\fR]] [\fB-t\fR [conn-drain=\fIN\fR][,nat-timeout=\fIN\fR],[persist-timeout=\fIN\fR]] -o servergroup=\fIvalue\fR \fIname\fR .fi .LP .nf \fBilbadm\fR show-rule [\fB-e\fR|\fB-d\fR] [\fB-f\fR |[\fB-p\fR] \fB-o\fR \fIkey\fR[,\fIkey\fR ...]] [\fIname\fR ...] .fi .LP .nf \fBilbadm\fR delete-rule \fB-a\fR | \fIname\fR ... .fi .LP .nf \fBilbadm\fR enable-rule [\fIname\fR ...] .fi .LP .nf \fBilbadm\fR disable-rule [\fIname\fR ...] .fi .LP .nf \fBilbadm\fR show-statistics [\fB-p\fR] \fB-o\fR \fIfield\fR[,\fIfield\fR] [\fB-thAdvi\fR] [\fB-r\fR \fIrulename\fR] | [\fB-s\fR \fIservername\fR] [\fIinterval\fR [\fIcount\fR]] .fi .LP .nf \fBilbadm\fR create-servergroup [\fB-s\fR \fIserver\fR=\fIhostspec\fR[:\fIportspec\fR...]] \fIgroupname\fR .fi .LP .nf \fBilbadm\fR delete-servergroup \fIgroupname\fR .fi .LP .nf \fBilbadm\fR show-servergroup [\fB-s\fR|\fB-f\fR|[\fB-p\fR] \fB-o\fR \fIfield\fR[,\fIfield\fR]] [[\fB-v\fR] \fIname\fR] .fi .LP .nf \fBilbadm\fR enable-server \fIserver\fR ... .fi .LP .nf \fBilbadm\fR disable-server \fIserver\fR ... .fi .LP .nf \fBilbadm\fR show-server [[\fB-p\fR] \fB-o\fR \fIfield\fR[,\fIfield\fR...]] [\fIrulename\fR...] .fi .LP .nf \fBilbadm\fR add-server \fB-s\fR \fIserver\fR=\fIvalue\fR[,\fIvalue\fR ... ] \fIname\fR .fi .LP .nf \fBilbadm\fR remove-server \fB-s\fR \fIserver\fR=\fIvalue\fR[,\fIvalue\fR ... ] \fIname\fR .fi .LP .nf \fBilbadm\fR create-healthcheck [\fB-n\fR] \fB-h\fR hc-test=\fIvalue\fR [,hc-timeout=\fIvalue\fR][,hc-count=\fIvalue\fR][,hc-interval=\fIvalue\fR] \fIhcname\fR .fi .LP .nf \fBilbadm\fR delete-healthcheck \fIhcname\fR .fi .LP .nf \fBilbadm\fR show-healthcheck [\fIhcname\fR ...] .fi .LP .nf \fBilbadm\fR show-hc-result [\fIrule-name\fR] .fi .LP .nf \fBilbadm\fR show-nat [\fIcount\fR] .fi .LP .nf \fBilbadm\fR show-persist [\fIcount\fR] .fi .LP .nf \fBilbadm\fR export-config \fIfilename\fR .fi .LP .nf \fBilbadm\fR import-config [\fB-p\fR] \fIfilename\fR .fi .SH DESCRIPTION .sp .LP The \fBilbadm\fR command manipulates or displays information about Integrated Load Balancer (ILB) rules using the subcommands described below. .sp .LP Rule names are case insensitive, but case is preserved as it is entered. Rule names are limited in length to 19 characters. Server names cannot exceed 14 characters. .sp .LP All parseable output (invoked with the \fB-p\fR option) requires that the fields to be printed or displayed be specified with the \fB-o\fR option. Fields will be displayed in the same order they are encountered on the command line. Multiple fields are separated by the colon (\fB:\fR) character. If a colon or backslash (\fB\e\fR) occurs in the displayed string itself, it will be preceded by a backslash. No headers will be displayed for parseable output. .sp .LP Server IDs are generated by the system when a server is added, using either the \fBcreate-servergroup\fR or the \fBadd-server\fR subcommands. .sp .LP Server IDs are guaranteed to be unique within the server group. A rule can be attached to only one server group, with the result that serverIDs are unique for rules as well. Note that since more than one rule can attach to the same server group, the server ID alone is not sufficient to indicate a rule. .sp .LP To be able to distinguish server IDs from hostnames, server IDs are prefixed with a leading underscore (\fB_\fR). .sp .LP As noted below, the server group and heathcheck entities must be defined before they can be used in the \fBcreate-rule\fR subcommand. .SH SUB-COMMANDS .sp .LP Following are the \fBilbadm\fR subcommands, along with their related options and operands. Note that subcommands have a normal and a short form; for example, \fBcreate-rule\fR and \fBcreate-rl\fR, saving you from having to type a few additional characters. .sp .ne 2 .mk .na \fB\fBcreate-rule\fR|\fBcreate-rl\fR [\fB-e\fR] [\fB-p\fR] \fB-i\fR \fIincoming\fR \fB-m\fR \fImethod_attributes\fR \fB-o\fR \fIoutgoing_spec\fR [\fB-h\fR \fIhealthcheck\fR] [\fB-t\fR \fItimers\fR] \fIname\fR\fR .ad .sp .6 .RS 4n Creates a rule \fIname\fR with a set of specified characteristics. \fIincoming\fR and \fImethod_attributes\fR are both specified as a set of \fIkey\fR=\fIvalue\fR pairs. If \fIname\fR already exists, the command will fail. If a given tuple (virtual IP address, port(s), and protocol) matches another rule, the command will also fail. \fBcreate-rule\fR has the following options that control the overall effect of the command: .sp .ne 2 .mk .na \fB\fB-e\fR\fR .ad .RS 6n .rt Enable the \fBcreate-rule\fR function. The default is that \fBcreate-rule\fR is disabled. .RE .sp .ne 2 .mk .na \fB\fB-p\fR\fR .ad .RS 6n .rt Create the rule as persistent (sticky). The default is that the rule exists only for the current session. .RE Keys and values are introduced by one-letter identifiers. These identifiers and their related keys and acceptable values are as follows. .sp .ne 2 .mk .na \fB\fB-i\fR\fR .ad .sp .6 .RS 4n Introduces the matching criteria for incoming packets. .sp .ne 2 .mk .na \fB\fBvip\fR\fR .ad .sp .6 .RS 4n (Virtual) destination IP address .RE .sp .ne 2 .mk .na \fB\fBport\fR[-\fBport\fR]\fR .ad .sp .6 .RS 4n Port number or name, for example, \fBtelnet\fR or \fBdns\fR. A port can be specified by port number or symbolic name (as in \fB/etc/services\fR). Port number ranges are also supported. .RE .sp .ne 2 .mk .na \fB\fBprotocol\fR\fR .ad .sp .6 .RS 4n \fBTCP\fR (the default) or \fBUDP\fR (see \fB/etc/services\fR). .RE .RE .sp .ne 2 .mk .na \fB\fB-m\fR\fR .ad .sp .6 .RS 4n Specifies the keys describing how to handle a packet. .sp .ne 2 .mk .na \fB\fBlbalg\fR\fR .ad .sp .6 .RS 4n The default is \fBroundrobin\fR, or its short form, \fBrr\fR. Other alternatives are: \fBhash-ip\fR (short form: \fBhip\fR), \fBhash-ip-port\fR (short form: \fBhipp\fR), \fBhash-ip-vip\fR (short form: \fBhipv\fR). .RE .sp .ne 2 .mk .na \fB\fBtype\fR\fR .ad .sp .6 .RS 4n Refers to topology of network. Can be \fBDSR\fR (or \fBdsr\fR or \fBd\fR), \fBNAT\fR (or \fBn\fR or \fBnat\fR), \fBHALF-NAT\fR (or \fBh\fR or \fBhalf-nat\fR). .RE .sp .ne 2 .mk .na \fB\fBproxy-src\fR\fR .ad .sp .6 .RS 4n Required for full NAT only. Specifies the IP address range to use as the proxy source address range. The range is limited to ten IP addresses. .RE .sp .ne 2 .mk .na \fB\fBpmask\fR\fR .ad .sp .6 .RS 4n Optional. Has an alias of: \fBstickiness\fR. Specifies that this rule is to be persistent. The argument is a prefix length in CIDR notation; that is, 0-32 for IPv4 and 0-128 for IPv6. Use the \fB-p\fR option to specify this keyword. .RE .RE .sp .ne 2 .mk .na \fB\fB-o\fR\fR .ad .sp .6 .RS 4n Specifies destination(s) for packets that match the criteria specified by the \fB-i\fR "clause". This identifier has one well-known argument: .sp .ne 2 .mk .na \fB\fIservergroup\fR\fR .ad .RS 15n .rt Specify a single server group as target. The server group must already have been created. .RE .RE .sp .ne 2 .mk .na \fB\fB-h\fR\fR .ad .sp .6 .RS 4n The health check option has two arguments: .sp .ne 2 .mk .na \fB\fBhc-name\fR\fR .ad .sp .6 .RS 4n Specifies the name of a predefined health check method .RE .sp .ne 2 .mk .na \fB\fBhc-port\fR\fR .ad .sp .6 .RS 4n Specifies the port(s) for the HC test program to check. The value can be keywords \fBALL\fR or \fBANY\fR, or a specific port number within the port range of the server group. .RE .RE .sp .ne 2 .mk .na \fB\fB-t\fR\fR .ad .sp .6 .RS 4n Specifies customized timers, in seconds. A value of \fB0\fR means to use the system default value. The following are valid modifiers for \fB-t\fR: .sp .ne 2 .mk .na \fB\fBconn-drain\fR\fR .ad .sp .6 .RS 4n If a server's \fBtype\fR is \fBNAT\fR or \fBHALF-TYPE\fR, \fBconn-drain\fR is the timeout after which the server's connection state is deleted following the server's removal from a rule. This deletion occurs even if the server is not idle. .sp The default for TCP is that the connection state remains stable until the connection is gracefully shutdown. The default for UDP is that the connection state remains stable until the connection has been idle for the period \fBnat-timeout\fR. .RE .sp .ne 2 .mk .na \fB\fBnat-timeout\fR\fR .ad .sp .6 .RS 4n Applies only to NAT and half-NAT type connections. If such a connection is idle for the \fBnat-timeout\fR period, the connection state will be removed. The default is \fB120\fR for TCP and \fB60\fR UDP. .RE .sp .ne 2 .mk .na \fB\fBpersist-timeout\fR\fR .ad .sp .6 .RS 4n When persistent mapping is enabled, if a numeric-only mapping has not been used for \fBpersist-timeout\fR seconds, the mapping will be removed. The default is 60. .RE .RE Note that server group and health check must be defined before they can be used in \fBcreate-rule\fR. .RE .sp .ne 2 .mk .na \fB\fBdelete-rule\fR|\fBdelete-rl\fR \fB-a\fR \fIname\fR[...]\fR .ad .sp .6 .RS 4n Remove all information pertaining to rule \fIname\fR. If \fIname\fR does not exist, command will fail. \fBdelete-rule\fR has one option: .sp .ne 2 .mk .na \fB\fB-a\fR\fR .ad .sp .6 .RS 4n Delete all rules. (\fIname\fR is ignored.) .RE .RE .sp .ne 2 .mk .na \fB\fBenable-rule\fR|\fBenable-rl\fR \fIname\fR[...]\fR .ad .sp .6 .RS 4n Enables a named rule, or all rules, if no name is specified). Enabling rules that are already enabled has no effect. .RE .sp .ne 2 .mk .na \fB\fBdisable-rule\fR|\fBdisable-rl\fR \fIname\fR[...]\fR .ad .sp .6 .RS 4n Disables a named rule, or all rules, if no name is specified. Disabling rules that are already disabled has no effect. .RE .sp .ne 2 .mk .na \fB\fBshow-statistics\fR|\fBshow-stats\fR [[\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fB-tv\fR] [\fB-A\fR | \fB-d\fR] [[\fB-i\fR] \fB-r\fR \fIrulename\fR | \fB-s\fR \fIservername\fR] [\fIinterval\fR [\fIcount\fR]]\fR .ad .sp .6 .RS 4n Displays statistics, the output of which is subject to the use of the options described below. The syntax and semantics of this subcommand are modeled on \fBvmstat\fR(1M). .sp .ne 2 .mk .na \fB\fB-t\fR\fR .ad .sp .6 .RS 4n Prepend a timestamp with every sample. .RE .sp .ne 2 .mk .na \fB\fB-d\fR\fR .ad .sp .6 .RS 4n Display the delta over entire interval. The default is changes per second. Cannot be used with the \fB-a\fR option. .RE .sp .ne 2 .mk .na \fB\fB-A\fR\fR .ad .sp .6 .RS 4n Display absolute numbers. That is, numbers since module initialization, rule creation, and server addition. Cannot be used with the \fB-d\fR option. .RE .sp .ne 2 .mk .na \fB\fB-r\fR \fIrulename\fR\fR .ad .sp .6 .RS 4n Display statistics only for the specified \fIrulename\fR. In combination with the \fB-i\fR option, display a line for each server. .RE .sp .ne 2 .mk .na \fB\fB-s\fR \fIservername\fR\fR .ad .sp .6 .RS 4n Display statistics only for \fIserver\fR. In combination with the \fB-i\fR option, display a line for each rule. .RE .sp .ne 2 .mk .na \fB\fB-i\fR\fR .ad .sp .6 .RS 4n Itemize the information displayed by the \fB-r\fR and \fB-s\fR options. These are the only options with which \fB-i\fR is valid. Does not work with the \fB-v\fR option. .RE .sp .ne 2 .mk .na \fB\fB-v\fR\fR .ad .sp .6 .RS 4n Display additional details for droppages. Note that, when the rule name is specified, drops are counted per rule and not per server. Does not work with the \fB-i\fR option. .RE .sp .ne 2 .mk .na \fB\fB-p\fR\fR .ad .sp .6 .RS 4n Display parseable format. Requires use of \fB-o\fR option. .RE .sp .ne 2 .mk .na \fB\fB-o\fR \fIfield\fR\fR .ad .sp .6 .RS 4n Can be one or more from the list below. \fIfield\fR can be uppercase or lowercase. .sp .ne 2 .mk .na \fB\fBPKT_P\fR\fR .ad .RS 14n .rt Packets processed. .RE .sp .ne 2 .mk .na \fB\fBBYTES_P\fR\fR .ad .RS 14n .rt Bytes processed. .RE .sp .ne 2 .mk .na \fB\fBPKT_U\fR\fR .ad .RS 14n .rt Unprocessed packets. .RE .sp .ne 2 .mk .na \fB\fBBYTES_U\fR\fR .ad .RS 14n .rt Unprocessed bytes. .RE .sp .ne 2 .mk .na \fB\fBPKT_D\fR\fR .ad .RS 14n .rt Packets dropped. .RE .sp .ne 2 .mk .na \fB\fBBYTES_D\fR\fR .ad .RS 14n .rt Bytes dropped. .RE .sp .ne 2 .mk .na \fB\fBICMP_P\fR\fR .ad .RS 14n .rt ICMP echo requests processed. .RE .sp .ne 2 .mk .na \fB\fBICMP_D\fR\fR .ad .RS 14n .rt ICMP echo requests dropped. .RE .sp .ne 2 .mk .na \fB\fBICMP2BIG_P\fR\fR .ad .RS 14n .rt ICMP fragmentation needed; message processed. .RE .sp .ne 2 .mk .na \fB\fBICMP2BIG_D\fR\fR .ad .RS 14n .rt Fragmentation needed; message dropped. .RE .sp .ne 2 .mk .na \fB\fBNOMEMP_D\fR\fR .ad .RS 14n .rt Packets dropped because of out-of-memory condition. .RE .sp .ne 2 .mk .na \fB\fBNOPORTP_D\fR\fR .ad .RS 14n .rt Packets dropped in NAT mode because no source port was available. .RE Note that when a question mark (?) is displayed as a column entry, it indicates that the proper value cannot be determined, most often because a rule or server was added or deleted. .RE Note that headers are displayed once for each ten samples. The timestamp format follows the \fBdate\fR(1) format for the C locale. Neither the addition nor removal of a rule is detected. .RE .sp .ne 2 .mk .na \fB\fBshow-rule\fR|\fBshow-rl\fR [\fB-d\fR|\fB-e\fR] [\fB-f\fR| [\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fIname\fR...]\fR .ad .sp .6 .RS 4n Displays characteristics of the specified rules, or all, if no rule is specified. The subcommand has the following options: .sp .ne 2 .mk .na \fB\fB-d\fR\fR .ad .sp .6 .RS 4n Display only disabled rules. .RE .sp .ne 2 .mk .na \fB\fB-e\fR\fR .ad .sp .6 .RS 4n Display only enabled rules. .RE .sp .ne 2 .mk .na \fB\fB-f\fR\fR .ad .sp .6 .RS 4n Display a full list. .RE .sp .ne 2 .mk .na \fB\fB-o\fR \fIfield\fR[,...]\fR .ad .sp .6 .RS 4n Display output for \fIfield\fR(s). Cannot be used with \fB-f\fR option. .RE .sp .ne 2 .mk .na \fB\fB-p\fR\fR .ad .sp .6 .RS 4n Display parsable output in the format described in "Description". Requires the \fB-o\fR option. .RE Note that the \fB-o\fR (with or without \fB-p\fR) and \fB-f\fR options are mutually exclusive. .RE .sp .ne 2 .mk .na \fB\fBshow-nat\fR \fIcount\fR\fR .ad .sp .6 .RS 4n Displays NAT table information. If \fIcount\fR is specified, displays \fIcount\fR entries from the NAT table. If no count is specified, displays the entire NAT table. .sp \fIcount\fR .sp No assumptions should be made about the relative positions of elements in consecutive runs of this command. For example, executing \fBshow-nat 10\fR twice is not guaranteed to display the same ten items twice, especially on a busy system. .sp Display format: .sp .in +2 .nf T: IP1 > IP2 >>> IP3 > IP4 .fi .in -2 .sp These items are described as follows: .sp .ne 2 .mk .na \fB\fBT\fR\fR .ad .RS 7n .rt The transport protocol used in this entry. .RE .sp .ne 2 .mk .na \fB\fBIP1\fR\fR .ad .RS 7n .rt The client's IP address and port. .RE .sp .ne 2 .mk .na \fB\fBIP2\fR\fR .ad .RS 7n .rt The VIP and port. .RE .sp .ne 2 .mk .na \fB\fBIP3\fR\fR .ad .RS 7n .rt If half NAT mode, the client's IP address and port. If full NAT mode, the NAT'ed client's IP address and port. .RE .sp .ne 2 .mk .na \fB\fBIP4\fR\fR .ad .RS 7n .rt The backend server's IP address and port. .RE .RE .sp .ne 2 .mk .na \fB\fBshow-persist\fR|\fBshow-pt\fR \fIcount\fR\fR .ad .sp .6 .RS 4n Displays persistence table information. If \fIcount\fR is specified, displays \fIcount\fR entries from the table. If no count is specified, displays the entire persistence table. .sp No assumptions should be made about the relative positions of elements in consecutive runs of this command. For example, executing \fBshow-persist 10\fR twice is not guaranteed to display the same ten items twice, especially on a busy system. .sp Display format: .sp .in +2 .nf R: IP1 --> IP2 .fi .in -2 .sp These items are described as follows: .sp .ne 2 .mk .na \fB\fBR\fR\fR .ad .sp .6 .RS 4n The rule this persistence entry is tied to. .RE .sp .ne 2 .mk .na \fB\fBIP1\fR\fR .ad .sp .6 .RS 4n The client's IP address and port. .RE .sp .ne 2 .mk .na \fB\fBIP2\fR\fR .ad .sp .6 .RS 4n The backend server's IP address. .RE .RE .sp .ne 2 .mk .na \fB\fBexport-config\fR|\fBexport-cf\fR [\fIfilename\fR]\fR .ad .sp .6 .RS 4n Exports the current configuration in a format suitable for re-import using \fBilbadm import\fR. If no filename is specified, the subcommand writes to stdout. .RE .sp .ne 2 .mk .na \fB\fBimport-config\fR|\fBimport-cf\fR [\fB-p\fR] [\fIfilename\fR]\fR .ad .sp .6 .RS 4n Reads configuration contents of a file. By default, this overrides any existing configuration. If no filename is specified, the subcommand reads from stdin. This subcommand has the following option: .sp .ne 2 .mk .na \fB\fB-p\fR\fR .ad .sp .6 .RS 4n Preserve existing configuration and do incremental import. .RE .RE .sp .ne 2 .mk .na \fB\fBcreate-servergroup\fR|\fBcreate-sg\fR [\fB-s\fR \fIserver\fR=\fIhostspec\fR[:\fIportspec\fR...]] \fIgroupname\fR\fR .ad .sp .6 .RS 4n Creates a server group. Additional servers can be added later using the \fBadd-server\fR subcommand. Server groups are the only entity that can be used during rule creation to indicate back-end servers. If the specified server group is associated with one or more rules, the server is enabled when it is added. This subcommand has the following option and operands: .sp .ne 2 .mk .na \fB\fB-s\fR \fIserver\fR=\fIhostspec\fR[:\fIportspec\fR...]\fR .ad .sp .6 .RS 4n Specifies a list of servers to be added to the server group. .sp \fIhostspec\fR is a hostname or IP address. IPv6 addresses must be enclosed in brackets (\fB[]\fR) to distinguish them from ":\fIportspec\fR" .sp \fIportspec\fR is a service name or port number. If the port number is not specified, a number in the range 1-65535 is used. .RE .RE .sp .ne 2 .mk .na \fB\fBdisable-server\fR|\fBdisable-srv\fR \fIserver\fR\fR .ad .sp .6 .RS 4n Disable one or more server(s). That is, tell the kernel not to forward traffic to this server. \fBdisable-server\fR applies to all rules that are attached to the server group this server is part of. .sp \fIserver\fR is a server ID. .RE .sp .ne 2 .mk .na \fB\fBenable-server\fR|\fBenable-srv\fR \fIserver\fR...\fR .ad .sp .6 .RS 4n Reenables disabled servers. .RE .sp .ne 2 .mk .na \fB\fBshow-server\fR|\fBshow-srv\fR [[\fB-p\fR] \fB-o\fR \fIfield\fR[,\fIfield\fR...]] [\fIrulename\fR...]\fR .ad .sp .6 .RS 4n Displays servers associated with named rules, or all servers if no rulename is specified. The subcommand has the following options. .sp .ne 2 .mk .na \fB\fB-o\fR \fIfield\fR[,\fIfield\fR...]\fR .ad .sp .6 .RS 4n Display only the specified fields. .RE .sp .ne 2 .mk .na \fB\fB-p\fR\fR .ad .sp .6 .RS 4n Display fields in parsable format. Requires the \fB-o\fR option. .RE .RE .sp .ne 2 .mk .na \fB\fBdelete-servergroup\fR|\fBdelete-sg\fR \fIgroupname\fR\fR .ad .sp .6 .RS 4n Deletes a server group. .RE .sp .ne 2 .mk .na \fB\fBshow-servergroup\fR|\fBshow-sg\fR [[\fB-p\fR] \fB-o\fR \fIfield\fR[,...]] [\fIname\fR]\fR .ad .sp .6 .RS 4n Lists a server group, or all server groups, if no \fIname\fR is specified. The subcommand has the following options: .sp .ne 2 .mk .na \fB\fB-o\fR \fIfield\fR[,...]\fR .ad .sp .6 .RS 4n Display output for \fIfield\fR(s). .RE .sp .ne 2 .mk .na \fB\fB-p\fR\fR .ad .sp .6 .RS 4n Display parsable output in the format described in "Description". Requires the \fB-o\fR option. .RE .RE .sp .ne 2 .mk .na \fB\fBadd-server\fR|\fBadd-srv\fR \fB-s\fR \fIserver\fR=\fIvalue\fR[, \fIvalue\fR...] \fIservergroup\fR\fR .ad .sp .6 .RS 4n Add specified server(s) to \fIservergroup\fR. See description of \fBcreate-servergroup\fR for definition of \fIvalue\fR. .sp .ne 2 .mk .na \fB\fB-s\fR\fR .ad .sp .6 .RS 4n See \fBcreate-servergroup\fR. .RE Performing an \fBadd-server\fR to a server group immediately after performing a \fBremove-server\fR on that server group might fail because of incomplete connection draining. Refer to the description of the \fBremove-server\fR subcommand for instructions on how to avoid this failure. .RE .sp .ne 2 .mk .na \fB\fBremove-server\fR|\fBremove-srv\fR \fB-s\fR \fIserver\fR=\fIvalue\fR[, \fIvalue\fR...] \fIservergroup\fR\fR .ad .sp .6 .RS 4n Remove specified server(s) from \fIservergroup\fR. .sp .ne 2 .mk .na \fB\fB-s\fR\fR .ad .sp .6 .RS 4n One or more of a server ID. .RE If a server is being used by a NAT/half-NAT rule, it is recommended that the server be disabled (using \fBdisable-server\fR) before removal. By disabling a server, the server enters the connection-draining state. After all of the connections are drained, the server can then be removed by \fBremove-server\fR. If the \fBconn-drain\fR timeout value is set, the connection-draining state will be finished upon conclusion of the timeout period. Note that the default \fBconn-drain\fR timeout is 0, meaning it will keep waiting until a connection is gracefully shut down. .RE .sp .ne 2 .mk .na \fB\fBcreate-healthcheck\fR|\fBcreate-hc\fR [\fB-n\fR] \fB-h\fR hc-test=\fIvalue\fR,hc-timeout=\fIvalue\fR, hc-count=\fInum_value\fR,hc-interval=\fIvalue\fR \fIhcname\fR\fR .ad .sp .6 .RS 4n Sets up a health check object for rules to use. All servers associated with a rule are checked using the same test. A health check event of a server consists of one to \fBhc-count\fR number of \fBhc-test\fR executions. If an \fBhc-test\fR's result shows a server to be unresponsive, further \fBhc-test\fR checks are made, up to \fBhc-count\fR invocations, before a server is considered to be down. .sp .ne 2 .mk .na \fB\fB-h\fR\fR .ad .sp .6 .RS 4n The \fBhc-test\fR is performed \fBhc-count\fR times until it succeeds or \fBhc-timeout\fR has expired. For a given rule, all servers are checked using the same test. The tests are as follows: .sp .ne 2 .mk .na \fB\fBhc-test\fR\fR .ad .sp .6 .RS 4n \fBPING\fR, \fBTCP\fR, external method (script or binary). An external method should be specified with a full path name. .RE .sp .ne 2 .mk .na \fB\fBhc-timeout\fR\fR .ad .sp .6 .RS 4n Threshold at which a test is considered failed following interim failures of \fBhc-test\fR. If you kill an \fBhc-test\fR test, the result is considered a failure. The default value is five seconds. .RE .sp .ne 2 .mk .na \fB\fBhc-count\fR\fR .ad .sp .6 .RS 4n Maximum number of attempts to run \fBhc-test\fR before marking a server as down. The default value is three iterations. .RE .sp .ne 2 .mk .na \fB\fBhc-interval\fR\fR .ad .sp .6 .RS 4n Interval between invocations of \fBhc-test\fR. This value must be greater than \fBhc-timeout\fR times \fBhc-count\fR. The default value is 30 seconds. .RE The following arguments are passed to external methods: .sp .ne 2 .mk .na \fB\fB$1\fR\fR .ad .sp .6 .RS 4n VIP (literal IPv4 or IPv6 address). .RE .sp .ne 2 .mk .na \fB\fB$2\fR\fR .ad .sp .6 .RS 4n Server IP (literal IPv4 or IPv6 address). .RE .sp .ne 2 .mk .na \fB\fB$3\fR\fR .ad .sp .6 .RS 4n Protocol (\fBUDP\fR, \fBTCP\fR as a string). .RE .sp .ne 2 .mk .na \fB\fB$4\fR\fR .ad .sp .6 .RS 4n The load balance mode, \fBDSR\fR, \fBNAT\fR, \fBHALF_NAT\fR. .RE .sp .ne 2 .mk .na \fB\fB$5\fR\fR .ad .sp .6 .RS 4n Numeric port. .RE .sp .ne 2 .mk .na \fB\fB$6\fR\fR .ad .sp .6 .RS 4n Maximum time (in seconds) the method should wait before returning failure. If the method runs for longer, it can be killed, and the test considered failed. .RE External methods should return \fB0\fR (or the round-trip time to the back end server, in microseconds) for success and \fB-1\fR if the server is considered down. .sp Before higher layer health check(s), TCP, UDP, and external tests start, a default \fBping\fR test is performed first. The higher layer test will not be performed if \fBping\fR fails. You can turn off the default \fBping\fR check for these high layer health checks by through use of \fB-n\fR. .RE .sp .ne 2 .mk .na \fB\fB-n\fR\fR .ad .sp .6 .RS 4n Disable default \fBping\fR test for high layer health check tests. .RE .RE .sp .ne 2 .mk .na \fB\fBdelete-healthcheck\fR|\fBdelete-hc\fR \fIhcname\fR...\fR .ad .sp .6 .RS 4n Delete the named health check object(s) (\fIhcname\fR). If the given health check object is associated with enabled rule(s), deletion of the object will fail. .RE .sp .ne 2 .mk .na \fB\fBshow-healthcheck\fR|\fBshow-hc\fR [\fIhcname\fR...]\fR .ad .sp .6 .RS 4n List the health check information for the specified health check (\fIhcname\fR). If no health check is specified, list information for all existing health checks. .RE .sp .ne 2 .mk .na \fB\fBshow-hc-result\fR|\fBshow-hc-res\fR [\fIrule-name\fR]\fR .ad .sp .6 .RS 4n List the health check result for the servers that are associated with \fIrule-name\fR. If \fIrule-name\fR is not given, the health check results for all servers are displayed. .RE .SH EXAMPLES .LP \fBExample 1 \fRConfiguring NAT Mode .sp .LP The following commands create a rule with health check and timers set (port range shifting and session persistence). .sp .in +2 .nf # \fBilbadm create-healthcheck -h hc-test=tcp,hc-timeout=2,hc-count=3, \e\fR \fBhc-interval=10 hc1\fR # \fBilbadm create-servergroup -s \e\fR \fBserver=60.0.0.10:6000-6009,60.0.0.11:7000-7009 sg1\fR # \fBilbadm create-rule -e -i vip=81.0.0.10,port=5000-5009,protocol=tcp \e\fR \fB-m lbalg=rr,type=NAT,proxy-src=60.0.0.101-60.0.0.104, \e\fR \fBpmask=24 \e\fR \fB-h hc-name=hc1 \e\fR \fB-t conn-drain=180,nat-timeout=180,persist-timeout=180 \e\fR \fB-o servergroup=sg1 rule1\fR .fi .in -2 .sp .sp .LP The following command creates a rule with the default timer values and without health check. .sp .in +2 .nf # \fBilbadm create-servergroup -s server=60.0.0.10 sg1\fR # \fBlbadm create-rule -e -i vip=81.0.0.10,port=5000 \e\fR \fB-m lbalg=rr,type=NAT,proxy-src=60.0.0.105 \e\fR \fB-o servergroup=sg1 rule1\fR # \fBilbadm add-server -e -s server=60.0.0.11sg1\fR # \fBilbadm enable-rule rule1\fR .fi .in -2 .sp .LP \fBExample 2 \fRConfiguring Half-NAT Mode .sp .LP The following command configures half-NAT mode and exemplifies port range collapsing. .sp .in +2 .nf # \fBilbadm create-servergroup sg1\fR # \fBilbadm create-rule -e -i vip=81.0.0.10,port=5000-5009 \e\fR \fB-m lbalg=rr,type=h -o servergroup=sg1 rule1\fR # \fBilbadm add-server -s server=60.0.0.10:6000,60.0.0.11:7000 sg1\fR .fi .in -2 .sp .LP \fBExample 3 \fRConfiguring DSR Mode and Preparing Two Sets of Rules .sp .LP The following command establishes two sets of rules to enable load balancing between HTTP and FTP traffic. Note both types of traffic traverse interface \fB60.0.0.10\fR. .sp .in +2 .nf # \fBilbadm create-servergroup -s servers=60.0.0.9,60.0.0.10 websg\fR # \fBilbadm create-servergroup -s servers=60.0.0.10,60.0.0.11 ftpgroup\fR # \fBilbadm create-rule -e -i vip=81.0.0.10,port=80 \e\fR \fB-m lbalg=hash-ip-port,type=DSR \e\fR \fB-o servergroup=websg webrule\fR # \fBilbadm create-rule -e -i vip=81.0.0.10,port=ftp \e\fR \fB-m lbalg=hash-ip-port,type=DSR,pmask=24 \e\fR \fB-o servergroup=ftpgroup ftprule\fR # \fBilbadm create-rule -e -p -i vip=81.0.0.10,port=ftp-data \e\fR \fB-m lbalg=hash-ip-port,type=DSR,pmask=24 \e\fR \fB-o servergroup=ftpgroup ftpdatarule\fR .fi .in -2 .sp .LP \fBExample 4 \fRDeleting Rule, Server Group, and Health Check .sp .LP The following commands delete the rule, server group, and health check established in the first example. .sp .in +2 .nf # \fBilbadm ilbadm delete-rule -a\fR # \fBilbadm delete-servergroup sg1\fR # \fBilbadm delete-healthcheck hc1\fR .fi .in -2 .sp .LP \fBExample 5 \fRDisplay a List of Rules .sp .LP The following command displays a list of rules. .sp .in +2 .nf # \fBilbadm show-rule\fR RULENAME STATUS LBALG TYPE PROTOCOL VIP PORT r2 E hash-ip NAT TCP 45.0.0.10 81 r1 E hash-ip NAT TCP 45.0.0.10 80 # \fBilbadm show-rule -f\fR RULENAME: rule1 STATUS: E PORT: 80 PROTOCOL: TCP LBALG: roundrobin TYPE: HALF-NAT PROXY-SRC: -- PERSIST: -- HC-NAME: hc1 HC-PORT: ANY CONN-DRAIN: 0 NAT-TIMEOUT: 120 PERSIST-TIMEOUT: 60 SERVERGROUP: sg1 VIP: 80.0.0.2 SERVERS: _sg1.0,_sg1.1 .fi .in -2 .sp .LP \fBExample 6 \fRExporting and Importing Rules .sp .LP The following commands show how to export rules to and import rules from stdout, and to/from a file. .sp .in +2 .nf # \fBilbadm export-config\fR create-servergroup ftpgroup add-server -s server=10.1.1.3:21 ftpgroup add-server -s server=10.1.1.4:21 ftpgroup create-servergroup webgroup_v6 add-server -s server=[2000::ff]:80 webgroup_v6 create-rule -e protocol=tcp,VIP=1.2.3.4,port=ftp \e -m lbalg=roundrobin,type=DSR \e -o servergroup=ftpgroup rule4 create-rule protocol=tcp,VIP=2003::1,port=ftp \e -m lbalg=roundrobin,type=DSR \e -o servergroup=ftpgroup6 rule3 create-rule -e protocol=tcp,VIP=2002::1,port=http \e -m lbalg=roundrobin,type=DSR \e -o serverrgroup=webgrp_v6 RULE-all .fi .in -2 .sp .sp .LP The following command exports rules to a file. .sp .in +2 .nf # \fBilbadm export-config /tmp/ilbrules\fR .fi .in -2 .sp .sp .LP Following this command, \fB/tmp/ilbrules\fR contains the output displayed in the previous command. .sp .LP The following command imports rules from a file. .sp .in +2 .nf # \fBilbadm import-config /tmp/ilbrules\fR .fi .in -2 .sp .sp .LP This command replaces whatever rules were in place with the contents of \fB/tmp/ilbrules\fR. .sp .LP The following command imports rules from \fBstdin\fR. .sp .in +2 .nf # \fBcat /tmp/ilbrules | ilbadm import-config\fR .fi .in -2 .sp .sp .LP The effect of this command is identical to the effect of the preceding command. .LP \fBExample 7 \fRCreating a Single Health Check .sp .LP The following command creates a single health check. .sp .in +2 .nf # \fBilbadm create-healthcheck -h hc-timeout=3,hc-count=2,hc-interval=8,\e\fR \fBhc-test=tcp hc1\fR .fi .in -2 .sp .LP \fBExample 8 \fRListing All Healthchecks .sp .LP The following command lists all extant health checks. .sp .in +2 .nf # \fBilbadm show-healthcheck\fR HCNAME TIMEOUT COUNT INTERVAL DEF_PING TEST hc1 2 1 10 Y tcp hc2 2 1 10 N /usr/local/bin/probe .fi .in -2 .sp .LP \fBExample 9 \fRDeleting a Single Health Check .sp .LP The following command deletes a single health check. .sp .in +2 .nf # \fBilbadm delete-healthcheck hc1\fR .fi .in -2 .sp .LP \fBExample 10 \fRDisplaying Statistics .sp .LP The following command displays statistics at an interval of one seconds, for three iterations. .sp .in +2 .nf # \fBilbadm show-stats -A 1 3\fR PKT_P BYTES_P PKT_U BYTES_U PKT_D BYTES_D 0 0 0 0 4 196 0 0 0 0 4 196 0 0 0 0 4 196 .fi .in -2 .sp .sp .LP The following is the command you would use to display statistics in verbose mode at intervals of one second. Output is too wide to fit within the page boundary. .sp .in +2 .nf # \fBilbadm show-stats -v 1\fR .fi .in -2 .sp .sp .LP The following command displays statistics for rule \fBr1\fR at an interval of one second for three iterations. .sp .in +2 .nf # \fBilbadm show-stats -A -r r1 1 3\fR PKT_P BYTES_P PKT_U BYTES_U PKT_D BYTES_D 0 0 0 0 4 196 0 0 0 0 4 196 0 0 0 0 4 196 .fi .in -2 .sp .sp .LP The following command displays statistics for rule \fBr1\fR for each of its servers, for an interval of one second and a count of 3. .sp .in +2 .nf # \fBilbadm show-stats -A -r r1 -i 1 3\fR SERVERNAME PKT_P BYTES_P _sg1.0 0 0 _sg1.1 0 0 _sg1.2 0 0 _sg1.0 0 0 _sg1.1 0 0 _sg1.2 0 0 _sg1.0 0 0 _sg1.1 0 0 _sg1.2 0 0 .fi .in -2 .sp .sp .LP The following command displays itemized statistics, with timestamps, for server \fB_sg1.0\fR, at an interval of one second and a count of \fB3\fR. .sp .in +2 .nf # \fBilbadm show-stats -A -s _sg1.0 -it 1 3\fR RULENAME PKT_P BYTES_P TIME r1 0 0 2009-07-20:16.10.20 r1 0 0 2009-07-20:16.10.21 r1 0 0 2009-07-20:16.10.22 .fi .in -2 .sp .sp .LP The following command displays statistics with specific option fields, at an interval of one second and a count of \fB3\fR. .sp .in +2 .nf # \fBilbadm show-stats -o BYTES_D,TIME 1 3\fR BYTES_D TIME 196 2009-07-20:16.14.25 0 2009-07-20:16.14.26 0 2009-07-20:16.14.27 .fi .in -2 .sp .LP \fBExample 11 \fRDisplaying Health Check Results .sp .LP The following command displays the results of a health check. .sp .in +2 .nf # \fBilbadm show-hc-result rule1\fR RULENAME HCNAME SERVERID STATUS FAIL LAST NEXT RTT rule1 hc1 _sg1.0 dead 6 04:45:17 04:45:30 698 rule1 hc1 _sg1.1 alive 0 04:45:11 04:45:25 260 rule1 hc1 _sg1.2 unreach 6 04:45:17 04:45:30 0 .fi .in -2 .sp .LP \fBExample 12 \fRDisplaying the NAT Table .sp .LP The following command displays the NAT table. .sp .in +2 .nf # \fBilbadm show-nat 5\fR UDP: 124.106.235.150.53688>85.0.0.1.1024>>>82.0.0.39.4127>82.0.0.56.1024 UDP: 71.159.95.31.61528> 85.0.0.1.1024>>> 82.0.0.39.4146> 82.0.0.55.1024 UDP: 9.213.106.54.19787> 85.0.0.1.1024>>> 82.0.0.40.4114> 82.0.0.55.1024 UDP: 118.148.25.17.26676> 85.0.0.1.1024>>>82.0.0.40.4112> 82.0.0.56.1024 UDP: 69.219.132.153.56132>85.0.0.1.1024>>>82.0.0.39.4134> 82.0.0.55.1024 .fi .in -2 .sp .sp .LP In actual \fBilbadm\fR output, spaces are interspersed for greater readability. .LP \fBExample 13 \fRDisplaying the Persistence Table .sp .LP The following command displays the persistence table. .sp .in +2 .nf # \fBilbadm show-persist 5\fR rule2: 124.106.235.150 --> 82.0.0.56 rule3: 71.159.95.31 --> 82.0.0.55 rule3: 9.213.106.54 --> 82.0.0.55 rule1: 118.148.25.17 --> 82.0.0.56 rule2: 69.219.132.153 --> 82.0.0.55 .fi .in -2 .sp .LP \fBExample 14 \fRDisplaying Server Groups .sp .LP The following command displays basic information about server groups. .sp .in +2 .nf # \fBilbadm show-servergroup\fR sg1: id:sg1.2 35.0.0.4:80 sg1: id:sg1.1 35.0.0.3:80 sg1: id:sg1.0 35.0.0.2:80 sg2: id:sg2.3 35.0.0.5:81 sg2: id:sg2.2 35.0.0.4:81 sg2: id:sg2.1 35.0.0.3:81 sg2: id:sg2.0 35.0.0.2:81 .fi .in -2 .sp .sp .LP The following command displays all available information about server groups. .sp .in +2 .nf # \fBilbadm show-servergroup -o all\fR sgname serverID minport maxport IP_address sg1 _sg1.0 -- -- 1.1.1.1 sg2 _sg2.1 -- -- 1.1.1.6 sg3 _sg3.0 9001 9001 1.1.1.1 sg3 _sg3.1 9001 9001 1.1.1.2 sg3 _sg3.2 9001 9001 1.1.1.3 sg3 _sg3.3 9001 9001 1.1.1.4 sg3 _sg3.4 9001 9001 1.1.1.5 sg3 _sg3.5 9001 9001 1.1.1.6 sg3 _sg3.6 9001 9001 1.1.1.11 sg3 _sg3.7 9001 9001 1.1.1.12 sg3 _sg3.8 9001 9001 1.1.1.13 sg3 _sg3.9 9001 9001 1.1.1.14 sg3 _sg3.10 9001 9001 1.1.1.15 sg3 _sg3.11 9001 9001 1.1.1.16 sg4 _sg4.0 9001 9006 1.1.1.1 sg4 _sg4.1 9001 9006 1.1.1.6 .fi .in -2 .sp .LP \fBExample 15 \fRList Servers Associated with a Rule .sp .LP The following command lists the servers that are associated with a rule. .sp .in +2 .nf # \fBilbadm show-server r1\fR SERVERID ADDRESS PORT RULENAME STATUS SERVERGROUP _sg1.0 35.0.0.10 80 rule1 E sg1 _sg1.1 35.0.0.11 80 rule1 E sg1 _sg1.2 35.0.0.12 80 rule1 D sg1 .fi .in -2 .sp .SH ATTRIBUTES .sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp .sp .TS tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) . ATTRIBUTE TYPEATTRIBUTE VALUE _ Availabilityservice/network/load-balancer/ilb _ Interface StabilityCommitted .TE .SH SEE ALSO .sp .LP \fBilbd\fR(1M), \fBvmstat\fR(1M), \fBattributes\fR(5)