JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
man pages section 1M: System Administration Commands     Oracle Solaris 11 Express 11/10
search filter icon
search icon

Document Information

Preface

Introduction

System Administration Commands - Part 1

6to4relay(1M)

accept(1M)

acct(1M)

acctadm(1M)

acctcms(1M)

acctcon1(1M)

acctcon(1M)

acctcon2(1M)

acctdisk(1M)

acctdusg(1M)

acctmerg(1M)

accton(1M)

acctprc1(1M)

acctprc(1M)

acctprc2(1M)

acctsh(1M)

acctwtmp(1M)

acpihpd(1M)

adbgen(1M)

add_allocatable(1M)

addbadsec(1M)

add_drv(1M)

add_install_client(1M)

add_to_install_server(1M)

afbconfig(1M)

apache(1M)

arp(1M)

atohexlabel(1M)

audit(1M)

auditconfig(1M)

auditd(1M)

auditrecord(1M)

auditreduce(1M)

auditstat(1M)

audit_warn(1M)

automount(1M)

automountd(1M)

autopush(1M)

bart(1M)

beadm(1M)

boot(1M)

bootadm(1M)

bootconfchk(1M)

bootparamd(1M)

busstat(1M)

cachefsd(1M)

cachefslog(1M)

cachefspack(1M)

cachefsstat(1M)

cachefswssize(1M)

captoinfo(1M)

catman(1M)

cfgadm(1M)

cfgadm_ac(1M)

cfgadm_cardbus(1M)

cfgadm_fp(1M)

cfgadm_ib(1M)

cfgadm_pci(1M)

cfgadm_sata(1M)

cfgadm_sbd(1M)

cfgadm_scsi(1M)

cfgadm_sdcard(1M)

cfgadm_shp(1M)

cfgadm_sysctrl(1M)

cfgadm_usb(1M)

cfsadmin(1M)

chargefee(1M)

chat(1M)

check(1M)

check-hostname(1M)

check-permissions(1M)

chk_encodings(1M)

chroot(1M)

cimworkshop(1M)

ckpacct(1M)

clear_locks(1M)

clinfo(1M)

closewtmp(1M)

clri(1M)

comsat(1M)

consadm(1m)

conv_lp(1M)

conv_lpd(1M)

coreadm(1M)

cpustat(1M)

cron(1M)

cryptoadm(1M)

cvcd(1M)

datadm(1M)

dcopy(1M)

dcs(1M)

dd(1M)

devattr(1M)

devfree(1M)

devfsadm(1M)

devfsadmd(1M)

device_allocate(1M)

device_remap(1M)

devinfo(1M)

devlinks(1M)

devnm(1M)

devprop(1M)

devreserv(1M)

df(1M)

dfmounts(1M)

dfmounts_nfs(1M)

dfshares(1M)

dfshares_nfs(1M)

df_ufs(1M)

dhcpagent(1M)

dhcpconfig(1M)

dhcpmgr(1M)

dhtadm(1M)

dig(1M)

directoryserver(1M)

disks(1M)

diskscan(1M)

dispadmin(1M)

dladm(1M)

dlmgmtd(1M)

dlstat(1M)

dmesg(1M)

dminfo(1M)

dns-sd(1M)

dnssec-dsfromkey(1M)

dnssec-keyfromlabel(1M)

dnssec-keygen(1M)

dnssec-makekeyset(1M)

dnssec-signkey(1M)

dnssec-signzone(1M)

dodisk(1M)

domainname(1M)

drd(1M)

drvconfig(1M)

dsbitmap(1M)

dscfg(1M)

dscfgadm(1M)

dscfglockd(1M)

dsstat(1M)

dsvclockd(1M)

dtrace(1M)

dumpadm(1M)

editmap(1M)

edquota(1M)

eeprom(1M)

efdaemon(1M)

embedded_su(1M)

etrn(1M)

fbconfig(1M)

fbconf_xorg(1M)

fcadm(1M)

fcinfo(1M)

fdetach(1M)

fdisk(1M)

ff(1M)

ffbconfig(1M)

ff_ufs(1M)

fingerd(1M)

fiocompress(1M)

flar(1M)

flarcreate(1M)

flowadm(1M)

flowstat(1M)

fmadm(1M)

fmd(1M)

fmdump(1M)

fmstat(1M)

fmthard(1M)

format(1M)

fpsd(1M)

fruadm(1M)

fsck(1M)

fsck_cachefs(1M)

fsck_pcfs(1M)

fsck_udfs(1M)

fsck_ufs(1M)

fsdb(1M)

fsdb_udfs(1M)

fsdb_ufs(1M)

fsirand(1M)

fssnap(1M)

fssnap_ufs(1M)

fsstat(1M)

fstyp(1M)

ftpaddhost(1M)

ftpconfig(1M)

ftpd(1M)

ftprestart(1M)

ftpshut(1M)

fuser(1M)

fwflash(1M)

fwtmp(1M)

getdev(1M)

getdevpolicy(1M)

getdgrp(1M)

getent(1M)

gettable(1M)

getty(1M)

getvol(1M)

GFXconfig(1M)

gkadmin(1M)

groupadd(1M)

groupdel(1M)

groupmod(1M)

growfs(1M)

grpck(1M)

gsscred(1M)

gssd(1M)

hald(1M)

hal-device(1M)

hal-fdi-validate(1M)

hal-find(1M)

hal-find-by-capability(1M)

hal-find-by-property(1M)

hal-get-property(1M)

hal-set-property(1M)

halt(1M)

hextoalabel(1M)

host(1M)

hostconfig(1M)

hotplug(1M)

hotplugd(1M)

htable(1M)

ickey(1M)

id(1M)

idmap(1M)

idmapd(1M)

idsconfig(1M)

ifconfig(1M)

if_mpadm(1M)

ifparse(1M)

iiadm(1M)

iicpbmp(1M)

iicpshd(1M)

ikeadm(1M)

ikecert(1M)

ilbadm(1M)

ilbd(1M)

imqadmin(1M)

imqbrokerd(1M)

imqcmd(1M)

imqdbmgr(1M)

imqkeytool(1M)

imqobjmgr(1M)

imqusermgr(1M)

in.chargend(1M)

in.comsat(1M)

in.daytimed(1M)

in.dhcpd(1M)

in.discardd(1M)

in.echod(1M)

inetadm(1M)

inetconv(1M)

inetd(1M)

in.fingerd(1M)

infocmp(1M)

in.ftpd(1M)

in.iked(1M)

init(1M)

init.sma(1M)

init.wbem(1M)

inityp2l(1M)

in.lpd(1M)

in.mpathd(1M)

in.named(1M)

in.ndpd(1M)

in.rarpd(1M)

in.rdisc(1M)

in.rexecd(1M)

in.ripngd(1M)

in.rlogind(1M)

in.routed(1M)

in.rshd(1M)

in.rwhod(1M)

install(1M)

installboot(1M)

installer(1M)

installf(1M)

installgrub(1M)

install_scripts(1M)

install-solaris(1M)

in.stdiscover(1M)

in.stlisten(1M)

in.talkd(1M)

in.telnetd(1M)

in.tftpd(1M)

in.timed(1M)

intrd(1M)

intrstat(1M)

in.uucpd(1M)

iostat(1M)

ipaddrsel(1M)

ipadm(1M)

ipf(1M)

ipfs(1M)

ipfstat(1M)

ipmgmtd(1M)

ipmon(1M)

ipmpstat(1M)

ipnat(1M)

ippool(1M)

ipqosconf(1M)

ipsecalgs(1M)

ipsecconf(1M)

ipseckey(1M)

iscsiadm(1M)

isns(1M)

isnsadm(1M)

itadm(1M)

itu(1M)

k5srvutil(1M)

kadb(1M)

kadmin(1M)

kadmind(1M)

kadmin.local(1M)

kcfd(1M)

kclient(1M)

kdb5_ldap_util(1M)

kdb5_util(1M)

kdcmgr(1M)

kernel(1M)

keyserv(1M)

killall(1M)

kmscfg(1M)

kprop(1M)

kpropd(1M)

kproplog(1M)

krb5kdc(1M)

ksslcfg(1M)

kstat(1M)

ktkt_warnd(1M)

labeld(1M)

labelit(1M)

labelit_hsfs(1M)

labelit_udfs(1M)

labelit_ufs(1M)

lastlogin(1M)

latencytop(1M)

ldapaddent(1M)

ldap_cachemgr(1M)

ldapclient(1M)

ldmad(1M)

link(1M)

listdgrp(1M)

listen(1M)

llc2_loop(1M)

lms(1M)

localeadm(1M)

localectr(1M)

locator(1M)

lockd(1M)

lockfs(1M)

lockstat(1M)

lofiadm(1M)

logadm(1M)

logins(1M)

lpadmin(1M)

lpfilter(1M)

lpforms(1M)

lpget(1M)

lpmove(1M)

lpsched(1M)

lpset(1M)

lpshut(1M)

lpsystem(1M)

lpusers(1M)

lu(1M)

luactivate(1M)

lucancel(1M)

lucompare(1M)

lucreate(1M)

lucurr(1M)

ludelete(1M)

ludesc(1M)

lufslist(1M)

lumake(1M)

lumount(1M)

lurename(1M)

lustatus(1M)

luumount(1M)

luupgrade(1M)

luxadm(1M)

m64config(1M)

mail.local(1M)

System Administration Commands - Part 2

System Administration Commands - Part 3

ilbadm

- establish and manipulate load balancing rules

Synopsis

ilbadm create-rule [-e] [-p] -i vip=value,port=value[,protocol=value]
     -m lbalg=value,type=value[,proxy-src=ip-range][,pmask=mask]
     [-h hc-name=value[,hc-port=value]]
     [-t [conn-drain=N][,nat-timeout=N],[persist-timeout=N]]
     -o servergroup=value name
ilbadm show-rule [-e|-d] [-f |[-p] -o key[,key ...]] [name ...]
ilbadm delete-rule -a | name ...
ilbadm enable-rule [name ...]
ilbadm disable-rule [name ...]
ilbadm show-statistics [-p] -o field[,field] [-thAdvi]
     [-r rulename] | [-s servername] [interval [count]]
ilbadm create-servergroup [-s server=hostspec[:portspec...]] groupname
ilbadm delete-servergroup groupname
ilbadm show-servergroup [-s|-f|[-p] -o field[,field]] [[-v] name]
ilbadm enable-server server ...
ilbadm disable-server server ...
ilbadm show-server [[-p] -o field[,field...]] [rulename...]
ilbadm add-server -s server=value[,value ... ] name
ilbadm remove-server -s server=value[,value ... ] name
ilbadm create-healthcheck [-n] -h hc-test=value
     [,hc-timeout=value][,hc-count=value][,hc-interval=value] hcname
ilbadm delete-healthcheck hcname
ilbadm show-healthcheck [hcname ...]
ilbadm show-hc-result [rule-name]
ilbadm show-nat [count]
ilbadm show-persist [count]
ilbadm export-config filename
ilbadm import-config [-p] filename

Description

The ilbadm command manipulates or displays information about Integrated Load Balancer (ILB) rules using the subcommands described below.

Rule names are case insensitive, but case is preserved as it is entered. Rule names are limited in length to 19 characters. Server names cannot exceed 14 characters.

All parseable output (invoked with the -p option) requires that the fields to be printed or displayed be specified with the -o option. Fields will be displayed in the same order they are encountered on the command line. Multiple fields are separated by the colon (:) character. If a colon or backslash (\) occurs in the displayed string itself, it will be preceeded by a backslash. No headers will be displayed for parseable output.

Server IDs are generated by the system when a server is added, using either the create-servergroup or the add-server subcommands.

Server IDs are guaranteed to be unique within the server group. A rule can be attached to only one server group, with the result that serverIDs are unique for rules as well. Note that since more than one rule can attach to the same server group, the server ID alone is not sufficient to indicate a rule.

To be able to distinguish server IDs from hostnames, server IDs are prefixed with a leading underscore (_).

As noted below, the server group and heathcheck entities must be defined before they can be used in the create-rule subcommand.

Sub-commands

Following are the ilbadm subcommands, along with their related options and operands. Note that subcommands have a normal and a short form; for example, create-rule and create-rl, saving you from having to type a few additional characters.

create-rule|create-rl [-e] [-p] -i incoming -m method_attributes -o outgoing_spec [-h healthcheck] [-t timers] name

Creates a rule name with a set of specified characteristics. incoming and method_attributes are both specified as a set of key=value pairs. If name already exists, the command will fail. If a given tuple (virtual IP address, port(s), and protocol) matches another rule, the command will also fail. create-rule has the following options that control the overall effect of the command:

-e

Enable the create-rule function. The default is that create-rule is disabled.

-p

Create the rule as persistent (sticky). The default is that the rule exists only for the current session.

Keys and values are introduced by one-letter identifiers. These identifiers and their related keys and acceptable values are as follows.

-i

Introduces the matching criteria for incoming packets.

vip

(Virtual) destination IP address

port[-port]

Port number or name, for example, telnet or dns. A port can be specified by port number or symbolic name (as in /etc/services). Port number ranges are also supported.

protocol

TCP (the default) or UDP (see /etc/services).

-m

Specifies the keys describing how to handle a packet.

lbalg

The default is roundrobin, or its short form, rr. Other alternatives are: hash-ip (short form: hip), hash-ip-port (short form: hipp), hash-ip-vip (short form: hipv).

type

Refers to topology of network. Can be DSR (or dsr or d), NAT (or n or nat), HALF-NAT (or h or half-nat).

proxy-src

Required for full NAT only. Specifies the IP address range to use as the proxy source address range. The range is limited to ten IP addresses.

pmask

Optional. Has an alias of: stickiness. Specifies that this rule is to be persistent. The argument is a prefix length in CIDR notation; that is, 0–32 for IPv4 and 0–128 for IPv6. Use the -p option to specify this keyword.

-o

Specifies destination(s) for packets that match the criteria specified by the -i “clause”. This identifier has one well-known argument:

servergroup

Specify a single server group as target. The server group must already have been created.

-h

The health check option has two arguments:

hc-name

Specifies the name of a predefined health check method

hc-port

Specifies the port(s) for the HC test program to check. The value can be keywords ALL or ANY, or a specific port number within the port range of the server group.

-t

Specifies customized timers, in seconds. A value of 0 means to use the system default value. The following are valid modifiers for -t:

conn-drain

If a server's type is NAT or HALF-TYPE, conn-drain is the timeout after which the server's connection state is deleted following the server's removal from a rule. This deletion occurs even if the server is not idle.

The default for TCP is that the connection state remains stable until the connection is gracefully shutdown. The default for UDP is that the connection state remains stable until the connection has been idle for the period nat-timeout.

nat-timeout

Applies only to NAT and half-NAT type connections. If such a connection is idle for the nat-timeout period, the connection state will be removed. The default is 120 for TCP and 60 UDP.

persist-timeout

When persistent mapping is enabled, if a numeric-only mapping has not been used for persist-timeout seconds, the mapping will be removed. The default is 60.

Note that server group and health check must be defined before they can be used in create-rule.

delete-rule|delete-rl -a name[...]

Remove all information pertaining to rule name. If name does not exist, command will fail. delete-rule has one option:

-a

Delete all rules. (name is ignored.)

enable-rule|enable-rl name[...]

Enables a named rule, or all rules, if no name is specified). Enabling rules that are already enabled has no effect.

disable-rule|disable-rl name[...]

Disables a named rule, or all rules, if no name is specified. Disabling rules that are already disabled has no effect.

show-statistics|show-stats [[-p] -o field[,...]] [-tv] [-A | -d] [[-i] -r rulename | -s servername] [interval [count]]

Displays statistics, the output of which is subject to the use of the options described below. The syntax and semantics of this subcommand are modeled on vmstat(1M).

-t

Prepend a timestamp with every sample.

-d

Display the delta over entire interval. The default is changes per second. Cannot be used with the -a option.

-A

Display absolute numbers. That is, numbers since module initialization, rule creation, and server addition. Cannot be used with the -d option.

-r rulename

Display statistics only for the specified rulename. In combination with the -i option, display a line for each server.

-s servername

Display statistics only for server. In combination with the -i option, display a line for each rule.

-i

Itemize the information displayed by the -r and -s options. These are the only options with which -i is valid. Does not work with the -v option.

-v

Display additional details for droppages. Note that, when the rule name is specified, drops are counted per rule and not per server. Does not work with the -i option.

-p

Display parseable format. Requires use of -o option.

-o field

Can be one or more from the list below. field can be uppercase or lowercase.

PKT_P

Packets processed.

BYTES_P

Bytes processed.

PKT_U

Unprocessed packets.

BYTES_U

Unprocessed bytes.

PKT_D

Packets dropped.

BYTES_D

Bytes dropped.

ICMP_P

ICMP echo requests processed.

ICMP_D

ICMP echo requests dropped.

ICMP2BIG_P

ICMP fragmentation needed; message processed.

ICMP2BIG_D

Fragmentation needed; message dropped.

NOMEMP_D

Packets dropped because of out-of-memory condition.

NOPORTP_D

Packets dropped in NAT mode because no source port was available.

Note that when a question mark (?) is displayed as a column entry, it indicates that the proper value cannot be determined, most often because a rule or server was added or deleted.

Note that headers are displayed once for each ten samples. The timestamp format follows the date(1) format for the C locale. Neither the addition nor removal of a rule is detected.

show-rule|show-rl [-d|-e] [-f| [-p] -o field[,...]] [name...]

Displays characteristics of the specified rules, or all, if no rule is specified. The subcommand has the following options:

-d

Display only disabled rules.

-e

Display only enabled rules.

-f

Display a full list.

-o field[,...]

Display output for field(s). Cannot be used with -f option.

-p

Display parsable output in the format described in “Description”. Requires the -o option.

Note that the -o (with or without -p) and -f options are mutually exclusive.

show-nat count

Displays NAT table information. If count is specified, displays count entries from the NAT table. If no count is specified, displays the entire NAT table.

count

No assumptions should be made about the relative positions of elements in consecutive runs of this command. For example, executing show-nat 10 twice is not guaranteed to display the same ten items twice, especially on a busy system.

Display format:

T: IP1 > IP2 >>> IP3 > IP4

These items are described as follows:

T

The transport protocol used in this entry.

IP1

The client's IP address and port.

IP2

The VIP and port.

IP3

If half NAT mode, the client's IP address and port. If full NAT mode, the NAT'ed client's IP address and port.

IP4

The backend server's IP address and port.

show-persist|show-pt count

Displays persistence table information. If count is specified, displays count entries from the table. If no count is specified, displays the entire persistence table.

No assumptions should be made about the relative positions of elements in consecutive runs of this command. For example, executing show-persist 10 twice is not guaranteed to display the same ten items twice, especially on a busy system.

Display format:

R: IP1 --> IP2

These items are described as follows:

R

The rule this persistence entry is tied to.

IP1

The client's IP address and port.

IP2

The backend server's IP address.

export-config|export-cf [filename]

Exports the current configuration in a format suitable for re-import using ilbadm import. If no filename is specified, the subcommand writes to stdout.

import-config|import-cf [-p] [filename]

Reads configuration contents of a file. By default, this overrides any existing configuration. If no filename is specified, the subcommand reads from stdin. This subcommand has the following option:

-p

Preserve existing configuration and do incremental import.

create-servergroup|create-sg [-s server=hostspec[:portspec...]] groupname

Creates a server group. Additional servers can be added later using the add-server subcommand. Server groups are the only entity that can be used during rule creation to indicate back-end servers. If the specified server group is associated with one or more rules, the server is enabled when it is added. This subcommand has the following option and operands:

-s server=hostspec[:portspec...]

Specifies a list of servers to be added to the server group.

hostspec is a hostname or IP address. IPv6 addresses must be enclosed in brackets ([]) to distinguish them from “:portspec

portspec is a service name or port number. If the port number is not specified, a number in the range 1–65535 is used.

disable-server|disable-srv server

Disable one or more server(s). That is, tell the kernel not to forward traffic to this server. disable-server applies to all rules that are attached to the server group this server is part of.

server is a server ID.

enable-server|enable-srv server...

Reenables disabled servers.

show-server|show-srv [[-p] -o field[,field...]] [rulename...]

Displays servers associated with named rules, or all servers if no rulename is specified. The subcommand has the following options.

-o field[,field...]

Display only the specified fields.

-p

Display fields in parsable format. Requires the -o option.

delete-servergroup|delete-sg groupname

Deletes a server group.

show-servergroup|show-sg [[-p] -o field[,...]] [name]

Lists a server group, or all server groups, if no name is specified. The subcommand has the following options:

-o field[,...]

Display output for field(s).

-p

Display parsable output in the format described in “Description”. Requires the -o option.

add-server|add-srv -s server=value[, value...] servergroup

Add specified server(s) to servergroup. See description of create-servergroup for definition of value.

-s

See create-servergroup.

Performing an add-server to a server group immediately after performing a remove-server on that server group might fail because of incomplete connection draining. Refer to the description of the remove-server subcommand for instructions on how to avoid this failure.

remove-server|remove-srv -s server=value[, value...] servergroup

Remove specified server(s) from servergroup.

-s

One or more of a server ID.

If a server is being used by a NAT/half-NAT rule, it is recommended that the server be disabled (using disable-server) before removal. By disabling a server, the server enters the connection-draining state. After all of the connections are drained, the server can then be removed by remove-server. If the conn-drain timeout value is set, the connection-draining state will be finished upon conclusion of the timeout period. Note that the default conn-drain timeout is 0, meaning it will keep waiting until a connection is gracefully shut down.

create-healthcheck|create-hc [-n] -h hc-test=value,hc-timeout=value, hc-count=num_value,hc-interval=value hcname

Sets up a health check object for rules to use. All servers associated with a rule are checked using the same test. A health check event of a server consists of one to hc-count number of hc-test executions. If an hc-test's result shows a server to be unresponsive, further hc-test checks are made, up to hc-count invocations, before a server is considered to be down.

-h

The hc-test is performed hc-count times until it succeeds or hc-timeout has expired. For a given rule, all servers are checked using the same test. The tests are as follows:

hc-test

PING, TCP, external method (script or binary). An external method should be specified with a full path name.

hc-timeout

Threshold at which a test is considered failed following interim failures of hc-test. If you kill an hc-test test, the result is considered a failure. The default value is five seconds.

hc-count

Maximum number of attempts to run hc-test before marking a server as down. The default value is three iterations.

hc-interval

Interval between invocations of hc-test. This value must be greater than hc-timeout times hc-count. The default value is 30 seconds.

The following arguments are passed to external methods:

$1

VIP (literal IPv4 or IPv6 address).

$2

Server IP (literal IPv4 or IPv6 address).

$3

Protocol (UDP, TCP as a string).

$4

The load balance mode, DSR, NAT, HALF_NAT.

$5

Numeric port.

$6

Maximum time (in seconds) the method should wait before returning failure. If the method runs for longer, it can be killed, and the test considered failed.

External methods should return 0 (or the round-trip time to the back end server, in microseconds) for success and -1 if the server is considered down.

Before higher layer health check(s), TCP, UDP, and external tests start, a default ping test is performed first. The higher layer test will not be performed if ping fails. You can turn off the default ping check for these high layer health checks by through use of -n.

-n

Disable default ping test for high layer health check tests.

delete-healthcheck|delete-hc hcname...

Delete the named health check object(s) (hcname). If the given health check object is associated with enabled rule(s), deletion of the object will fail.

show-healthcheck|show-hc [hcname...]

List the health check information for the specified health check (hcname). If no health check is specified, list information for all existing health checks.

show-hc-result|show-hc-res [rule-name]

List the health check result for the servers that are associated with rule-name. If rule-name is not given, the health check results for all servers are displayed.

Examples

Example 1 Configuring NAT Mode

The following commands create a rule with health check and timers set (port range shifting and session persistence).

# ilbadm create-healthcheck -h hc-test=tcp,hc-timeout=2,hc-count=3, \
     hc-interval=10 hc1
# ilbadm create-servergroup -s \
     server=60.0.0.10:6000-6009,60.0.0.11:7000-7009 sg1
# ilbadm create-rule -e -i vip=81.0.0.10,port=5000-5009,protocol=tcp \
-m lbalg=rr,type=NAT,proxy-src=60.0.0.101-60.0.0.104, \
     pmask=24 \
-h hc-name=hc1 \
-t conn-drain=180,nat-timeout=180,persist-timeout=180 \
-o servergroup=sg1 rule1

The following command creates a rule with the default timer values and without health check.

# ilbadm create-servergroup -s server=60.0.0.10 sg1
 # lbadm create-rule -e -i vip=81.0.0.10,port=5000 \
     -m lbalg=rr,type=NAT,proxy-src=60.0.0.105 \
     -o servergroup=sg1 rule1
# ilbadm add-server -e -s server=60.0.0.11sg1
# ilbadm enable-rule rule1

Example 2 Configuring Half-NAT Mode

The following command configures half-NAT mode and exemplifies port range collapsing.

# ilbadm create-servergroup sg1
# ilbadm create-rule -e -i vip=81.0.0.10,port=5000-5009 \
     -m lbalg=rr,type=h -o servergroup=sg1 rule1
# ilbadm add-server -s server=60.0.0.10:6000,60.0.0.11:7000 sg1

Example 3 Configuring DSR Mode and Preparing Two Sets of Rules

The following command establishes two sets of rules to enable load balancing between HTTP and FTP traffic. Note both types of traffic traverse interface 60.0.0.10.

# ilbadm create-servergroup -s servers=60.0.0.9,60.0.0.10 websg
# ilbadm create-servergroup -s servers=60.0.0.10,60.0.0.11 ftpgroup

# ilbadm create-rule -e -i vip=81.0.0.10,port=80 \
     -m lbalg=hash-ip-port,type=DSR \
     -o servergroup=websg webrule
# ilbadm create-rule -e -i vip=81.0.0.10,port=ftp \
     -m lbalg=hash-ip-port,type=DSR,pmask=24 \
     -o servergroup=ftpgroup ftprule
# ilbadm create-rule -e -p -i vip=81.0.0.10,port=ftp-data \
     -m lbalg=hash-ip-port,type=DSR,pmask=24 \
     -o servergroup=ftpgroup ftpdatarule

Example 4 Deleting Rule, Server Group, and Health Check

The following commands delete the rule, server group, and health check established in the first example.

# ilbadm ilbadm delete-rule -a
# ilbadm delete-servergroup sg1
# ilbadm delete-healthcheck hc1

Example 5 Display a List of Rules

The following command displays a list of rules.

# ilbadm show-rule
RULENAME            STATUS LBALG      TYPE    PROTOCOL VIP  PORT
r2                  E     hash-ip     NAT     TCP 45.0.0.10 81
r1                  E     hash-ip     NAT     TCP 45.0.0.10 80

# ilbadm show-rule -f
       RULENAME: rule1
         STATUS: E
           PORT: 80
       PROTOCOL: TCP
          LBALG: roundrobin
           TYPE: HALF-NAT
      PROXY-SRC: --
        PERSIST: --
        HC-NAME: hc1
        HC-PORT: ANY
     CONN-DRAIN: 0
    NAT-TIMEOUT: 120
PERSIST-TIMEOUT: 60
    SERVERGROUP: sg1
            VIP: 80.0.0.2
        SERVERS: _sg1.0,_sg1.1

Example 6 Exporting and Importing Rules

The following commands show how to export rules to and import rules from stdout, and to/from a file.

# ilbadm export-config

create-servergroup ftpgroup
add-server -s server=10.1.1.3:21 ftpgroup
add-server -s server=10.1.1.4:21 ftpgroup
create-servergroup webgroup_v6
add-server -s server=[2000::ff]:80 webgroup_v6
create-rule -e protocol=tcp,VIP=1.2.3.4,port=ftp \
        -m lbalg=roundrobin,type=DSR \
        -o servergroup=ftpgroup rule4
create-rule protocol=tcp,VIP=2003::1,port=ftp \
        -m lbalg=roundrobin,type=DSR \
        -o servergroup=ftpgroup6 rule3
create-rule -e protocol=tcp,VIP=2002::1,port=http \
        -m lbalg=roundrobin,type=DSR \
        -o serverrgroup=webgrp_v6 RULE-all

The following command exports rules to a file.

# ilbadm export-config /tmp/ilbrules

Following this command, /tmp/ilbrules contains the output displayed in the previous command.

The following command imports rules from a file.

# ilbadm import-config /tmp/ilbrules

This command replaces whatever rules were in place with the contents of /tmp/ilbrules.

The following command imports rules from stdin.

# cat /tmp/ilbrules | ilbadm import-config

The effect of this command is identical to the effect of the preceding command.

Example 7 Creating a Single Health Check

The following command creates a single health check.

# ilbadm create-healthcheck -h hc-timeout=3,hc-count=2,hc-interval=8,\
     hc-test=tcp hc1

Example 8 Listing All Healthchecks

The following command lists all extant health checks.

# ilbadm show-healthcheck
HCNAME        TIMEOUT COUNT   INTERVAL DEF_PING TEST
hc1           2       1       10       Y        tcp
hc2           2       1       10       N        /usr/local/bin/probe

Example 9 Deleting a Single Health Check

The following command deletes a single health check.

# ilbadm delete-healthcheck hc1

Example 10 Displaying Statistics

The following command displays statistics at an interval of one seconds, for three iterations.

# ilbadm show-stats -A 1 3
 PKT_P   BYTES_P   PKT_U   BYTES_U   PKT_D   BYTES_D
0       0         0       0         4       196
0       0         0       0         4       196
0       0         0       0         4       196

The following is the command you would use to display statistics in verbose mode at intervals of one second. Output is too wide to fit within the page boundary.

# ilbadm show-stats -v 1

The following command displays statistics for rule r1 at an interval of one second for three iterations.

# ilbadm show-stats -A -r r1 1 3
PKT_P   BYTES_P   PKT_U   BYTES_U   PKT_D   BYTES_D
0       0         0       0         4       196
0       0         0       0         4       196
0       0         0       0         4       196

The following command displays statistics for rule r1 for each of its servers, for an interval of one second and a count of 3.

# ilbadm show-stats -A -r r1 -i 1 3
SERVERNAME          PKT_P   BYTES_P
_sg1.0              0       0
_sg1.1              0       0
_sg1.2              0       0
_sg1.0              0       0
_sg1.1              0       0
_sg1.2              0       0
_sg1.0              0       0
_sg1.1              0       0
_sg1.2              0       0

The following command displays itemized statistics, with timestamps, for server _sg1.0, at an interval of one second and a count of 3.

# ilbadm show-stats -A -s _sg1.0 -it 1 3
RULENAME            PKT_P   BYTES_P   TIME
r1                  0       0         2009-07-20:16.10.20
r1                  0       0         2009-07-20:16.10.21
r1                  0       0         2009-07-20:16.10.22

The following command displays statistics with specific option fields, at an interval of one second and a count of 3.

# ilbadm show-stats -o BYTES_D,TIME 1 3
BYTES_D   TIME
196       2009-07-20:16.14.25
0         2009-07-20:16.14.26
0         2009-07-20:16.14.27

Example 11 Displaying Health Check Results

The following command displays the results of a health check.

# ilbadm show-hc-result rule1
RULENAME   HCNAME     SERVERID   STATUS   FAIL LAST     NEXT     RTT
rule1      hc1        _sg1.0     dead     6    04:45:17 04:45:30 698
rule1      hc1        _sg1.1     alive    0    04:45:11 04:45:25 260
rule1      hc1        _sg1.2     unreach  6    04:45:17 04:45:30 0

Example 12 Displaying the NAT Table

The following command displays the NAT table.

# ilbadm show-nat 5
UDP: 124.106.235.150.53688>85.0.0.1.1024>>>82.0.0.39.4127>82.0.0.56.1024
UDP: 71.159.95.31.61528> 85.0.0.1.1024>>> 82.0.0.39.4146> 82.0.0.55.1024
UDP: 9.213.106.54.19787> 85.0.0.1.1024>>> 82.0.0.40.4114> 82.0.0.55.1024
UDP: 118.148.25.17.26676> 85.0.0.1.1024>>>82.0.0.40.4112> 82.0.0.56.1024
UDP: 69.219.132.153.56132>85.0.0.1.1024>>>82.0.0.39.4134> 82.0.0.55.1024

In actual ilbadm output, spaces are interspersed for greater readability.

Example 13 Displaying the Persistence Table

The following command displays the persistence table.

# ilbadm show-persist 5
rule2: 124.106.235.150 --> 82.0.0.56
rule3: 71.159.95.31 --> 82.0.0.55
rule3: 9.213.106.54 --> 82.0.0.55
rule1: 118.148.25.17 --> 82.0.0.56
rule2: 69.219.132.153 --> 82.0.0.55

Example 14 Displaying Server Groups

The following command displays basic information about server groups.

# ilbadm show-servergroup
sg1: id:sg1.2 35.0.0.4:80
sg1: id:sg1.1 35.0.0.3:80
sg1: id:sg1.0 35.0.0.2:80
sg2: id:sg2.3 35.0.0.5:81
sg2: id:sg2.2 35.0.0.4:81
sg2: id:sg2.1 35.0.0.3:81
sg2: id:sg2.0 35.0.0.2:81

The following command displays all available information about server groups.

# ilbadm show-servergroup -o all
sgname         serverID            minport maxport IP_address
sg1            _sg1.0              --      --      1.1.1.1
sg2            _sg2.1              --      --      1.1.1.6
sg3            _sg3.0              9001  9001      1.1.1.1
sg3            _sg3.1              9001  9001      1.1.1.2
sg3            _sg3.2              9001  9001      1.1.1.3
sg3            _sg3.3              9001  9001      1.1.1.4
sg3            _sg3.4              9001  9001      1.1.1.5
sg3            _sg3.5              9001  9001      1.1.1.6
sg3            _sg3.6              9001  9001      1.1.1.11
sg3            _sg3.7              9001  9001      1.1.1.12
sg3            _sg3.8              9001  9001      1.1.1.13
sg3            _sg3.9              9001  9001      1.1.1.14
sg3            _sg3.10             9001  9001      1.1.1.15
sg3            _sg3.11             9001  9001      1.1.1.16
sg4            _sg4.0              9001  9006      1.1.1.1
sg4            _sg4.1              9001  9006      1.1.1.6

Example 15 List Servers Associated with a Rule

The following command lists the servers that are associated with a rule.

# ilbadm show-server r1
SERVERID            ADDRESS         PORT RULENAME     STATUS SERVERGROUP
_sg1.0              35.0.0.10       80   rule1        E      sg1
_sg1.1              35.0.0.11       80   rule1        E      sg1
_sg1.2              35.0.0.12       80   rule1        D      sg1

Attributes

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
SUNWilbu
Interface Stability
Committed

See Also

ilbd(1M), vmstat(1M), attributes(5)