JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: IP Services     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information


Part I TCP/IP Administration

1.  Planning an IPv4 Addressing Scheme (Tasks)

2.  Planning an IPv6 Addressing Scheme (Overview)

3.  Planning an IPv6 Network (Tasks)

4.  Configuring TCP/IP Network Services and IPv4 Addressing (Tasks)

5.  Enabling IPv6 on a Network (Tasks)

6.  Administering a TCP/IP Network (Tasks)

7.  Configuring IP Tunnels

8.  Troubleshooting Network Problems (Tasks)

9.  TCP/IP and IPv4 in Depth (Reference)

10.  IPv6 in Depth (Reference)


11.  About DHCP (Overview)

12.  Planning for DHCP Service (Tasks)

13.  Configuring the DHCP Service (Tasks)

14.  Administering DHCP (Tasks)

15.  Configuring and Administering the DHCP Client

16.  Troubleshooting DHCP (Reference)

17.  DHCP Commands and Files (Reference)

Part III IP Security

18.  IP Security Architecture (Overview)

19.  Configuring IPsec (Tasks)

20.  IP Security Architecture (Reference)

21.  Internet Key Exchange (Overview)

22.  Configuring IKE (Tasks)

23.  Internet Key Exchange (Reference)

24.  IP Filter in Oracle Solaris (Overview)

25.   IP Filter (Tasks)

Part IV Networking Performance

26.  Integrated Load Balancer Overview

27.  Configuration of Integrated Load Balancer Tasks

Installing the Integrated Load Balancer

Enabling and Disabling ILB

How to Enable ILB

How to Disable ILB

Configuring ILB

DSR, Full-NAT, and Half-NAT Topologies

Half-NAT Load-Balancing Topology

Full-NAT Load-Balancing Topology

ILB High-Availability Configuration (Active-Passive Mode Only)

ILB HA Configuration Using the DSR Topology

How to Configure ILB to Achieve High-Availability by Using the DSR Topology

ILB High-Availability Configuration by Using the Half-NAT Topology

How to Configure ILB to Achieve High-Availability by Using the Half-NAT Topology

Setting Up User Authorization for ILB Configuration Subcommands

Administering ILB Server Groups

How to Create a Server Group

How to Delete a Server Group

Displaying a Server Group

Administering Back-End Servers in ILB

How to Add a Back-End Server to a Server Group

How to Remove a Back-End Server From a Server Group

How to Re-enable or Disable a Back-End Server

Administering Health Checks in ILB

Creating a Health Check

User-Supplied Test Details

Deleting a Health Check

Listing Health Checks

Displaying Health Check Results

Administering ILB Rules

How to Create a Rule

Deleting a Rule

Listing Rules

Displaying ILB Statistics

Obtaining Statistical Information Using the show-statistics Subcommand

Displaying the NAT Connection Table

Displaying the Session Persistence Mapping Table

Using Import and Export Subcommands

28.  Virtual Router Redundancy Protocol (Overview)

29.  VRRP Configuration (Tasks)

30.  Implementing Congestion Control

Part V IP Quality of Service (IPQoS)

31.  Introducing IPQoS (Overview)

32.  Planning for an IPQoS-Enabled Network (Tasks)

33.  Creating the IPQoS Configuration File (Tasks)

34.  Starting and Maintaining IPQoS (Tasks)

35.  Using Flow Accounting and Statistics Gathering (Tasks)

36.  IPQoS in Detail (Reference)



Administering ILB Rules

You can use ilbadm to create, delete, and list the load-balancing rules. For definition of a load-balancing rule and the parameters needed to create a rule, see ILB Terminology.

How to Create a Rule

  1. Create a server group that includes the appropriate back-end servers.
    # ilbadm create-servergroup -s server=, sg1
  2. If you want to associate server health checks with a rule, create a health check object.
    # ilbadm create-healthcheck -h hc-test=tcp,hc-timeout=2,hc-count=3,hc-interval=10 hc1
  3. Identify the VIP, port, and optional protocol that are to be associated with the rule.
  4. Select the operation you want to use (DSR, full-NAT or half-NAT). If NAT is selected, you must specify the IP address range that is to be used as the proxy-src address.
  5. Select the load-balancing algorithm that is to be used.
  6. Select other optional features (see the ilbadm(1M) man page for details).
  7. Select a rule name.
  8. Create and enable the rule.
    # ilbadm create-rule -e -i vip=,port=5000-5009,protocol=tcp \ -m lbalg=rr,type=NAT,proxy-src=,persist=/24 -h hc-name=hc1 -o servergroup=sg1 rule1

Example 27-6 Creating a Full-NAT Rule With a Health Check Session Persistence

This example creates a health check called hc1, and a server group called sg1 (consisting of two servers, each with a range of ports). The last command creates and enables a rule called rule1 of full-NAT mode and associates the rule to the server group and the health check. Note that the creation of the server group and health check must precede the creation of the rule.

ilbadm create-healthcheck -h hc-test=tcp,hc-timeout=2,hc-count=3,hc-interval=10 hc1
ilbadm create-servergroup -s server=, sg1
ilbadm create-rule -e -i vip=,port=5000-5009,protocol=tcp \ -m lbalg=rr,type=NAT,proxy-src=,persist=/24 -h hc-name=hc1 -o servergroup=sg1 rule1

When creating a NAT/half NAT rule, it is recommended to specify the value for connection-drain timeout. The default value of conn-drain timeout is 0, meaning it will keep waiting until a connection is gracefully shut down.

Deleting a Rule

To delete a rule, use the delete-rule subcommand. If you want to remove all rules, use the -a option. The following example deletes the rule called rule1:

# ilbadm delete-rule rule1

Listing Rules

To list the configuration details of a rule, use the list-rule subcommand. If no rule name is specified, information is provided for all rules.

# ilbadm list-rule
Rulename (+ = enabled)
rule-http +
rule-xyz +