Overrides the ServerIron’s default mechanism for checking the health of cache servers. Normally, the ServerIron uses cache responses forwarded back though the ServerIron as indications of a cache server’s health. However, in some topologies, the cache responses do not pass through the ServerIron.

EXAMPLE:

ServerIron(config-rs-realserver1)# asymmetric

Syntax: asymmetric

Possible values: N/A

Default value: Disabled

Designates a real server to be a backup server.

By default, the virtual server uses the locally attached real servers (added using the server real-name command) as the primary load-balancing servers and uses the remotely attached servers (added using the server remote-name command) as backups.

EXAMPLE:

ServerIron(config-rs-R3)# backup

Syntax: [no] backup

You also need to configure virtual servers to use the primary and backup servers you designate. See "port" .

Possible values: N/A

Default value: Primary if locally attached; backup if remotely attached

Assigns a bind-ID to each real server to be included in a host-range map. When you configure a host range map, you refer to the real servers by their bind-IDs.

EXAMPLE:

ServerIron(config)# server real rs1 10.10.10.30
ServerIron(config-rs-rs1)# bind-id 1

Syntax: [no] bind-id <number>

Possible values: Each real server in a host range map must have a unique bind-ID.

Default value: N/A

Configures a threshold for the traffic rate on a real server. When this threshold is reached, the real server is not assigned any new connections, although the real server will continue to handle previously assigned connections.

EXAMPLE:

ServerIron(config)# server real R 10.10.10.50
ServerIron(config-rs-R)# byte-rate-threshold 10000

Syntax: [no] byte-rate-threshold <bytes-per-second>

The ServerIron uses the number of bytes in all received and transmitted TCP and UDP packets in its calculation of the traffic rate.

Possible values: See above

Default value: Not configured

Clears statistics or clears entries from a cache or table. See the descriptions for the individual clear commands in "Privileged EXEC Commands" .

You can clear the total connections counter (tot-conn) in show commands for real and virtual servers. You can clear the counter for real servers only, virtual servers only, or both.

EXAMPLE:

To clear the total connections counter for both real and virtual servers, enter the following command:

ServerIron(config-rs-R)# clear server tot-conn real

Syntax: clear server tot-conn [real | virtual]

Possible values:

• real – clears the total connections counter for real servers only.

• virtual – clears the total connections counter for virtual servers only.

Default value: N/A

Makes a copy ("clone") of a real server’s configuration. When you clone a real server, you make a copy of the real server’s configuration information under a new name. The copy includes the port bindings to the virtual server.

EXAMPLE:

ServerIron(config)# server real rs1 1.2.3.4
ServerIron(config-rs-rs1)# clone-server rs2 5.6.7.8

The first command changes the CLI to the configuration level for the real server you want to copy. The second command creates a clone of real server rs1. The clone is named "rs2" and has IP address 5.6.7.8.

Syntax: clone-server <name> <ip-addr>

The <name> parameter specifies the name of the clone.

The <ip-addr> parameter specifies the IP address of the clone.

Possible values: See above

Default value: N/A

Adds a description to a real server, virtual server, firewall, or cache. The description appears in the output of show commands and in the running-config and startup-config files.

EXAMPLE:

ServerIron(config)# server real RS20 1.2.3.4
ServerIron(config-rs-RS20)# description "Real Server # 20"

Syntax: description <"text">

Possible values: N/A

Default value: N/A

Moves activity to the privileged EXEC level from any level of the CLI, with the exception of the user level.

EXAMPLE:

To move to the privileged level, enter the following from any level of the CLI.

ServerIron(config-rs-webland)# end

ServerIron#

Syntax: end

Possible values: N/A

Default value: N/A

Drops HTTP requests when all the real servers in a server group have reached their maximum number of connections.

EXAMPLE:

ServerIron(config)# server real-name server1 207.95.7.1
ServerIron(config-rs-server1)# exceed-max-drop
ServerIron(config-rs-server1)# exit

Syntax: exceed-max-drop

Possible values: N/A

Default value: N/A

Moves activity up one level from the current level. In this case, activity will be moved to the global level.

EXAMPLE:

ServerIron(config-rs-webland)# exit

ServerIron(config)#

Syntax: exit

Possible values: N/A

Default value: N/A

This command enables policy-based caching, which selectively caches web sites on specific cache servers. For example, an ISP can use a ServerIron configured for policy-based caching to redirect HTTP traffic to a series of web cache servers made by different vendors with different caching criteria.

To take advantage of policy-based caching, you also need to define IP access policy filters.

EXAMPLE:

ServerIron(config-rs-fixedcontent)# filter-match

Syntax: filter-match

Possible values: N/A

Default value: N/A

This command is used with the Layer 4 statistics monitoring function on the ServerIron. This command binds a history list to a real server. You can bind up to 8 history lists to a real server or port on a real server.

EXAMPLE:

To bind history list 1 to port 80 (HTTP) on real server aaa:

ServerIron(config)# server real aaa
ServerIron(config-rs-aaa)# port http history-group 1

Syntax: history-group <entry-numbers>

Possible values: You can bind up to 8 history lists to a real server or port on a real server

Default value: N/A

Creates a range of contiguous virtual IP addresses (VIPs) based on the VIP address of the virtual server. The ServerIron creates the range by creating the number of VIPs that you specify with this command. You do not specify a range; you specify the number of hosts in the range. The beginning address in the range is always the VIP.

EXAMPLE:

To define a range of 500 contiguous VIPs, enter the following commands:

ServerIron(config)# server real-name r1 10.4.4.4
ServerIron(config-rs-r1)# host-range 500
ServerIron(config-rs-r1)# exit
ServerIron(config)# server real-name r2 10.4.4.5
ServerIron(config-rs-r2)# host-range 500
ServerIron(config-rs-r2)# exit
ServerIron(config)# server virtual-name lotsofhosts 209.157.22.99
ServerIron(config-vs-lotsofhosts)# host-range 500
ServerIron(config-vs-lotsofhosts)# exit

Syntax: host-range <range>

Possible values: 0 – 4294967295

Default value: N/A

Changes a real server’s IP address.

You can change the IP address even when the real server is active. This capability is useful when you want to perform some maintenance on the real server (either the server itself or the server’s configuration on the ServerIron) or when the network topology has changed.

By default, when you change a server’s IP address, the ServerIron performs the change gracefully, as follows:

• Existing connections are allowed to continue on the old IP address until they terminate normally.

• New client requests are sent to the new IP address.

Optionally, you can force all existing connections to be reset instead of waiting for them to terminate normally. When you force the connections to be reset, the ServerIron immediately resets a connection when it receives client data for the connection.

EXAMPLE:

ServerIron(config)# server real rs1
ServerIron(config-rs-rs1)# ip-address 5.6.7.8

Syntax: [no] ip-address <ip-addr> [force-shutdown]

The <ip-addr> parameter specifies the real server’s new IP address.

The force-shutdown parameter immediately resets a client’s connection to the IP address when the ServerIron receives TCP data from the client. By default, the ServerIron allows existing connections to terminate normally following the address change.

Possible values: valid IP address

Default value: the address you specified when you configured the server

Allows you to specify the maximum number of sessions the ServerIron will maintain in its session table for a specific real server.

EXAMPLE:

ServerIron(config)# server real-name web2

ServerIron(config-rs-web2)# max-conn 1000

Syntax: max-conn <value>

Possible values: 1 – 1,000,000

Default value: 1,000,000

Configures Connection Rate Control (CRC) for a TCP application port on a real server, cache server, or firewall.

EXAMPLE:

ServerIron(config-rs-FW1)# max-tcp-conn-rate 1000

The command in this example specifies a maximum TCP connection rate of 1000 connections per second on firewall FW1.

Syntax: [no] max-tcp-conn-rate <num>

The <num> parameter specifies the maximum number of connections per second and can be a number from 1 – 65535. The default is 65535.

Possible values: 1 – 65535

Default value: 65535

Configures Connection Rate Control (CRC) for a UDP application port on a real server, cache server, or firewall.

EXAMPLE:

ServerIron(config-rs-FW1)# max-udp-conn-rate 800

The command in this example specifies a maximum UDP connection rate of 800 connections per second on firewall FW1.

Syntax: [no] max-udp-conn-rate <num>

The <num> parameter specifies the maximum number of connections per second and can be a number from 1 – 65535. The default is 65535.

Possible values: 1 – 65535

Default value: 65535

This command is used to disable other commands. To do so, place the word no before the command.

Disables the Layer 3 health check on an individual real server.

By default, when you add a real server configuration to the ServerIron, the ServerIron uses a Layer 3 health check (IP ping) to determine the server’s reachability. If the real server responds to the ping, the ServerIron changes the server’s state to ACTIVE and begins using the server for client requests. When you disable the Layer 3 health check, the ServerIron sends an ARP request for the default gateway and makes the server’s state ACTIVE as long as the ARP entry is present in the ServerIron’s ARP cache.

EXAMPLE:

ServerIron(config-rs-R1)# no-l3-check

Syntax: [no] no-l3-check

This command applies to local real servers and remote real servers.

Possible values: N/A

Default value: Disabled

Configures a second IP address for certain multihomed devices. This command can be used in some FWLB configurations where a pair of ServerIrons is configured as an active-standby pair and the firewalls are multihomed. In this type of configuration, the other-ip command identifies the IP address of the firewall interface connected to the other ServerIron in the pair.

Allows you to override global port attributes set in the port’s profile. In addition, this command allows you to configure application-specific health check parameters for HTTP, DNS, and RADIUS ports.

EXAMPLE:

To disable a port, enter commands such as the following:

ServerIron(config)# server real-name web2
ServerIron(config-rs-web2)# port http disable

Syntax: [no] port <port> [disable | enable]

EXAMPLE:

To locally enable a TCP/UDP health check, enter a command such as the following at the Real Server level of the CLI:

ServerIron(config-rs-jet)# port dns keepalive

Syntax: [no] port <port> [keepalive]

If you use the "no" parameter in front of the command, you are locally disabling the health check. The health checks are locally disabled by default.

The <port> parameter can have one of the following values:

• dns – the well-known name for port 53

  ---

  NOTE: If you are configuring Global SLB, you must use the proxy parameter following dns; for example, port dns proxy. For more information, see the "Configuring Global Server Load Balancing" chapter in the Foundry ServerIron Installation and Configuration Guide.

  ---

• ftp – the well-known name for port 21. (Ports 20 and 21 both are FTP ports but in the ServerIron, the name “ftp” corresponds to port 21.)

• http – the well-known name for port 80

• imap4 – the well-known name for port 143

• ldap – the well-known name for port 389

• mms – the well-known name for port 1755

• nntp – the well-known name for port 119

• ntp – the well-known name for port 123

• pnm – the well-known name for port 7070

• pop2 – the well-known name for port 109

• pop3 – the well-known name for port 110

• radius – the well-known name for udp port 1812

• smtp – the well-known name for port 25

• snmp – the well-known name for port 161

• ssl – the well-known name for port 443

• rtsp – the well-known name for port 554

• telnet – the well-known name for port 23

• tftp – the well-known name for port 69

• <number>

  ---

  NOTE: Specify the port number if the port is not one of the well-known names listed above.

  ---

EXAMPLE:

To configure the HTTP keepalive request to send a HEAD request for “sales.html”, enter the following commands:

ServerIron(config)# server real Jet 207.96.3.251

ServerIron(config-rs-jet)# port http url "/sales.html"

ServerIron(config-rs-jet)# exit

ServerIron(config)# server virtual NiceServer 207.96.4.250

ServerIron(config-vs-NiceServer)# port http

ServerIron(config-vs-NiceServer)# bind http Jet http

Syntax: port http url “[GET | HEAD] [/]<URL-page-name>”

GET or HEAD is an optional parameter that specifies the request type. By default, HTTP keepalive uses HEAD to retrieve the URL page. You can override the default and configure the ServerIron to use GET to retrieve the URL page.

The slash ( / ) is an optional parameter. If you do not set the GET or HEAD parameter, and the slash is not in the configured URL page, then ServerIron automatically inserts a slash before retrieving the URL page.

EXAMPLE:

To configure the domain name for address-based DNS health checking, enter the following command:

ServerIron(config-rs-jet)# port dns addr_query "abc.zone1.com"

Syntax: [no] port dns addr_query "<name>"

To configure the zone name for zone-based DNS health checking, enter the following command:

ServerIron(config-rs-jet)# port dns zone foundrynet.com

Syntax: [no] port dns zone <zone-name>

EXAMPLE:

To configure the parameters for a RADIUS health check, enter commands such as the following at the Real Server level of the CLI:

ServerIron(config-rs-jet)# port radius username willy

ServerIron(config-rs-jet)# port radius password wonka

ServerIron(config-rs-jet)# port radius key chklt

Syntax: [no] port radius username <string>

Syntax: [no] port radius password <string>

Syntax: [no] port radius key <string>

Possible values: See above

Default value: See above

EXAMPLE:

In a web switching configuration, to specify the server group(s) to which the real server belongs:

ServerIron(config-rs-jet)# port http group-id 1 5

Syntax: [no] port http group-id <server-group-id-pairs>

Possible values: The server group is expressed as a pair of numbers, indicating a range of real server group IDs. The first number is the lowest-numbered server group ID, and the second is the highest-numbered server group ID. For example, if a real server belongs only to the server group with ID = 1, the last two numbers in the port http group-id command would be 1 1. (Note the space between the two numbers.) If a real server belongs to server groups 1 – 10, the last two numbers in the command would be 1 10. To include a real server in groups that are not consecutively numbered, you can enter up to four server group ID pairs. Valid numbers for server group IDs are 0 – 1023.

Default value: N/A

EXAMPLE:

To disable the Layer 4 health check for an individual application on an individual firewall, enter a command such as the following at the firewall configuration level of the CLI:

ServerIron(config-rs-FW1)# port http no-health-check

The command in this example disables Layer 4 health checks for port HTTP on firewall FW1. When you add an application port to a firewall definition, the ServerIron automatically enables the Layer 4 health check for that port. You must disable the Layer 4 health check if the firewall is unable to act as a proxy for the application and respond to the health check. If the firewall does not respond to the health check, the ServerIron assumes that the port is unavailable and stops sending traffic for the port to the firewall.

Syntax: [no] no-health-check

EXAMPLE:

To limit the rate of new connections for a specific application port, enter commands such as the following:

ServerIron(config-rs-RS1)# port http
ServerIron(config-rs-RS1)# port http max-tcp-conn-rate 600

These commands add port HTTP (80) to the real server and limit the rate of new connections to the port to 600.

Syntax: port <TCP/UDP-portnum> max-tcp-conn-rate <num>

Syntax: port <TCP/UDP-portnum> max-udp-conn-rate <num>

The port <TCP/UDP-portnum> parameter specifies the application port.

The <num> parameter specifies the maximum number of connections per second.

Possible values: See above

Default value: Follows the global state of the Layer 4 path health check. See "fw-health-check tcp | udp" .

Disables all the application ports on a real server.

EXAMPLE:

ServerIron(config-rs-R1)# port disable-all

To re-enable all the application ports, enter the following command:

ServerIron(config-rs-R1)# no port disable-all

Syntax: [no] port disable-all

Possible values: N/A

Default value: Enabled

Unbinds all of a real server’s application ports from all virtual servers.

EXAMPLE:

To unbind a real server’s application ports, enter the following command at the configuration level for the server:

ServerIron(config-rs-R1)# port unbind-all

Syntax: port unbind-all

To re-bind an application port, you must use the bind command at the configuration level for the virtual server. For example, if server R1 has two application ports, 80 and 8080, enter the following commands to rebind the ports to virtual server VIP1. This example assumes that the VIP uses two real servers (R1 and R2) for the application ports.

ServerIron(config-vs-VIP1)# bind http R1 http R2 http
ServerIron(config-vs-VIP1)# bind 8080 R1 8080 R2 8080

Possible values: N/A

Default value: Bound to the virtual servers to which you bound them

This command returns you from any level of the CLI to the User EXEC mode.

EXAMPLE:

ServerIron(config-rs-test)# quit

ServerIron>

Syntax: quit

Possible values: N/A

Default value: N/A

Configures server response-time warning and shutdown thresholds for an individual server.

For information about response-time thresholds, see "server response-time" .

EXAMPLE:

ServerIron(config-rs-R1)# response-time 50 75

This command sets the warning threshold to 50 milliseconds and the shutdown threshold to 75 milliseconds, for this real server only.

Syntax: [no] response-time <warning-threshold> [<shutdown-threshold>]

The <warning-threshold> parameter specifies the average number of milliseconds within which an application port must respond to avoid a warning message. You can specify from 0 – 65535 milliseconds (65 seconds). There is no default. If you specify 0, the warning threshold is disabled.

The <shutdown-threshold> parameter specifies the average number of milliseconds within which an application port must respond to avoid being shut down. You can specify from 0 – 65535 milliseconds (65 seconds). There is no default. If you specify 0, the shutdown threshold is disabled.

If you want the ServerIron to generate a warning message but you do not want the ServerIron to shut down an application port, configure the warning threshold but not the shutdown threshold. Here is an example:

ServerIron(config-rs-R1)# response-time 100

To set the shutdown threshold without also setting a warning threshold, enter 0 for the warning threshold, as shown in the following example:

ServerIron(config-rs-R1)# response-time 0 300

Possible values: 0 – 65535 milliseconds (65 seconds)

Default value: not configured

Displays the real and virtual server configuration information on a remote site ServerIron in the GSLB ServerIron’s CLI. The command also displays the session and CPU information used by the GSLB policy. You can view detailed configuration information and statistics for the site ServerIron, from the GSLB ServerIron’s management console. For more information, see the "Configuring Global Server Load Balancing" chapter in the Foundry ServerIron Installation and Configuration Guide.

Displays a variety of configuration and statistical information about the ServerIron. To see a description of the show commands, see "Show Commands" .

Specifies which of the configured source IP addresses an individual local or remote real server uses as its source IP address.

EXAMPLE:

To specify that traffic from remote real server R1 use 193.77.7.7 as its source IP address:

ServerIron(config)# server remote R1 193.77.7.2
ServerIron(config-rs-R1)# source-ip 193.77.7.7

Syntax: [no] source-ip <ip-addr>

Possible values: The IP address must already be configured as a source IP address on the ServerIron (with the server source-ip command).

Default value: N/A

In an SLB configuration, configures the ServerIron to translate the source address of client requests the ServerIron forwards to real servers. The ServerIron changes the address to a source IP address you have configured on the ServerIron.

Add source IP addresses and enable source NAT if the ServerIron and real server are in different sub-nets. See the "Configuring Server Load Balancing" chapter in the Foundry ServerIron Installation and Configuration Guide.

EXAMPLE:

ServerIron(config-rs-june)# source-nat

Syntax: [no] source-nat

Possible values: N/A

Default value: Disabled

Enables the ServerIron to use learned MAC addresses for sending health checks to remote servers.

EXAMPLE:

ServerIron(config-rs-remote1)# use-learned-mac-address

Syntax: [no] use-learned-mac-address

Possible values: N/A

Default value: N/A

Allows you to assign a performance weight to each server or firewall. Servers or firewalls assigned a larger or higher weight receive a larger percentage of connections.

EXAMPLE:

To set the weight for a server to 5 from the default value of 1, enter the following command:

ServerIron(config)# server real web5
ServerIron(config-rs-web5)# weight 5

Syntax: weight <least-connections-weight> [<response-time-weight>]

The <least-connections-weight> parameter specifies the real server’s weight relative to other real servers in terms of the number of connections on the server. More precisely, this weight is based on the number of session table entries the ServerIron has for TCP or UDP sessions with the real server. You can specify a value from 0 – 65000. The default is 1. This parameter is required. However, if you want to use a weight value only for the Server Response Time but not for the number of connections, specify 0 for this parameter.

The <response-time-weight> parameter specifies the real server’s weight relative to other real servers in terms of the server’s response time to client requests sent to the server. You can specify a value from 0 – 65000. The default is 0 (disabled). This weight is applicable only when the server response time load-balancing method is enabled.

If you enter a value for <response-time-weight>, the ServerIron adds the two weight values together when selecting a real server. If you specify equal values for each parameter, the ServerIron treats the weights equally. The number of connections on the server is just as relevant as the server’s response time. However, if you set one parameter to a higher value than the other, the ServerIron places more emphasis (weight) on the parameter with the higher value. For example, if you specify a higher server response time weight than the weight for the number of connections, the ServerIron pays more attention to the server’s response time than to the number of connections it currently has when considering the real server for a new connection.

Possible values: See above

Default value: 0 for SLB; 1 for FWLB

Saves the running-time configuration into the startup-config file.

EXAMPLE:

ServerIron(config-rs-web5)# write memory

Syntax: write memory

Possible values: N/A

Default value: N/A

Displays the running-configuration of the ServerIron on the terminal screen.

EXAMPLE:

ServerIron(config-rs-web5)# write terminal

Syntax: write terminal

Possible values: N/A

Default value: N/A