JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Administration: IP Services     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


Part I TCP/IP Administration

1.  Planning the Network Deployment

2.  Considerations When Using IPv6 Addresses

3.  Configuring an IPv4 Network

4.  Enabling IPv6 on the Network

5.  Administering a TCP/IP Network

6.  Configuring IP Tunnels

7.  Troubleshooting Network Problems

8.  IPv4 Reference

9.  IPv6 Reference


10.  About DHCP (Overview)

11.  Administering the ISC DHCP Service

12.  Configuring and Administering the DHCP Client

13.  DHCP Commands and Files (Reference)

Part III IP Security

14.  IP Security Architecture (Overview)

15.  Configuring IPsec (Tasks)

16.  IP Security Architecture (Reference)

17.  Internet Key Exchange (Overview)

18.  Configuring IKE (Tasks)

19.  Internet Key Exchange (Reference)

20.  IP Filter in Oracle Solaris (Overview)

21.  IP Filter (Tasks)

Part IV Networking Performance

22.  Integrated Load Balancer Overview

23.  Configuration of Integrated Load Balancer (Tasks)

Installing the Integrated Load Balancer

Enabling and Disabling ILB

How to Enable ILB

How to Disable ILB

Configuring ILB

DSR, Full-NAT, and Half-NAT Topologies

Half-NAT Load-Balancing Topology

Full-NAT Load-Balancing Topology

ILB High-Availability Configuration (Active-Passive Mode Only)

ILB HA Configuration Using the DSR Topology

How to Configure ILB to Achieve High-Availability by Using the DSR Topology

ILB High-Availability Configuration by Using the Half-NAT Topology

How to Configure ILB to Achieve High-Availability by Using the Half-NAT Topology

Setting Up User Authorization for ILB Configuration Subcommands

Administering ILB Server Groups

How to Create a Server Group

How to Delete a Server Group

Displaying a Server Group

Administering Back-End Servers in ILB

How to Add a Back-End Server to a Server Group

How to Remove a Back-End Server From a Server Group

How to Re-enable or Disable a Back-End Server

Administering Health Checks in ILB

Creating a Health Check

User-Supplied Test Details

Deleting a Health Check

Listing Health Checks

Displaying Health Check Results

Administering ILB Rules

How to Create a Rule

Deleting a Rule

Listing Rules

Displaying ILB Statistics

Obtaining Statistical Information Using the show-statistics Subcommand

Displaying the NAT Connection Table

Displaying the Session Persistence Mapping Table

Using Import and Export Subcommands

24.  Virtual Router Redundancy Protocol (Overview)

25.  VRRP Configuration (Tasks)

26.  Implementing Congestion Control

Part V IP Quality of Service (IPQoS)

27.  Introducing IPQoS (Overview)

28.  Planning for an IPQoS-Enabled Network (Tasks)

29.  Creating the IPQoS Configuration File (Tasks)

30.  Starting and Maintaining IPQoS (Tasks)

31.  Using Flow Accounting and Statistics Gathering (Tasks)

32.  IPQoS in Detail (Reference)



Administering ILB Rules

You can use ilbadm to create, delete, and list the load-balancing rules. For definition of a load-balancing rule and the parameters needed to create a rule, see ILB Terminology.

How to Create a Rule

  1. Create a server group that includes the appropriate back-end servers.
    # ilbadm create-servergroup -s server=, sg1
  2. If you want to associate server health checks with a rule, create a health check object.
    # ilbadm create-healthcheck -h hc-test=tcp,hc-timeout=2,hc-count=3,hc-interval=10 hc1
  3. Identify the VIP, port, and optional protocol that are to be associated with the rule.
  4. Select the operation you want to use (DSR, full-NAT or half-NAT). If NAT is selected, you must specify the IP address range that is to be used as the proxy-src address.
  5. Select the load-balancing algorithm that is to be used.
  6. Select other optional features (see the ilbadm(1M) man page for details).
  7. Select a rule name.
  8. Create and enable the rule.
    # ilbadm create-rule -e -i vip=,port=5000-5009,protocol=tcp\ -m lbalg=rr,type=NAT,proxy-src=,persist=/24 -h hc-name=hc1 -o servergroup=sg1 rule1

Example 23-6 Creating a Full-NAT Rule With a Health Check Session Persistence

This example creates a health check called hc1, and a server group called sg1 (consisting of two servers, each with a range of ports). The last command creates and enables a rule called rule1 of full-NAT mode and associates the rule to the server group and the health check. Note that the creation of the server group and health check must precede the creation of the rule.

ilbadm create-healthcheck -h hc-test=tcp,hc-timeout=2,hc-count=3,hc-interval=10 hc1
ilbadm create-servergroup -s server=, sg1
ilbadm create-rule -e -i vip=,port=5000-5009,protocol=tcp \ -m lbalg=rr,type=NAT,proxy-src=,persist=/24 -h hc-name=hc1 -o servergroup=sg1 rule1

When creating a NAT/half NAT rule, it is recommended to specify the value for connection-drain timeout. The default value of conn-drain timeout is 0, meaning it will keep waiting until a connection is gracefully shut down.

Deleting a Rule

To delete a rule, use the delete-rule subcommand. If you want to remove all rules, use the -a option. The following example deletes the rule called rule1:

# ilbadm delete-rule rule1

Listing Rules

To list the configuration details of a rule, use the list-rule subcommand. If no rule name is specified, information is provided for all rules.

# ilbadm show-rule
Rulename (+ = enabled)
rule-http +
rule-xyz +