Commands for Persistence Modes, and NAT Modes. Extreme Networks Px Series, Px 1
Extreme Networks Px Px1 application switch provides a powerful platform for managing network traffic and load balancing. It offers features such as health checks, server grouping, virtual services, and more. This command reference guide provides detailed information on all the commands available in the ExtremeWarePx software, making it an essential resource for administrators managing these switches.
Advertisement
Advertisement
4
Commands for Persistence Modes, and
NAT Modes
This chapter describes commands for setting:
¥ Persistence modes
¥ NAT modes
ExtremeWarePx1 1.2 Command Reference Guide 145
Commands for Persistence Modes, and NAT Modes
configure gateway-mode add ipaddress
configure gateway-mode add ipaddress <IP address>
{vrid <VRID number>}
{vlan <vlan tag number>}
Description
Adds an IP address to be used in gateway mode on the application switch.
Syntax Description
IP address
VRID number vlan tag number
The IP address of the gateway.
The VRID of the VRRP class for the gateway; a number between 1 and 255.
The VLAN tag for the gateway.
Default
N/A.
Usage Guidelines
You must have administrator privileges to issue this command.
When you conÞgure half-NAT mode, you can also enable gateway mode for the application switch, and add at least one IP address. Specify an IP address that a serverÕs default gateway can forward to, as if the application switch were another router. The application switch can then switch the forwarded trafÞc to another router, even one on another VLAN.
You may optionally specify a virtual router ID (VRID) for the VRRP class for gateway, and a VLAN for the gateway.
If VRRP is enabled, each VRRP class must have at lease one gateway IP address. A given VRRP class
can have more than one gateway IP address. For more information about VRRP, see Chapter 5.
You must use the
command to commit the conÞguration changes made by this command.
Example
This example enables gateway mode and adds 10.10.10.1 as an IP address that a serverÕs default gateway can forward to.
SummitPx1::32 # enable gateway-mode
* SummitPx1::33 # configure gateway-mode add ipaddress 10.10.10.1
* SummitPx1::34 # build
History
This command was available in ExtremeWarePx 1.1.
146 ExtremeWarePx1 1.2 Command Reference Guide
Platform Availability
This command is available on the Px-series application switch. configure gateway-mode add ipaddress
ExtremeWarePx1 1.2 Command Reference Guide 147
Commands for Persistence Modes, and NAT Modes
configure gateway-mode delete ipaddress
configure gateway-mode delete ipaddress <IP address>
{vlan <vlan tag number>}
Description
Removes an IP address from used in gateway mode on the application switch.
Syntax Description
IP address vlan tag number
The IP address of the gateway.
The VLAN tag for the gateway.
Default
N/A.
Usage Guidelines
You must have administrator privileges to issue this command.
You must use the
command to commit the conÞguration changes made by this command.
Example
The following command removes 10.10.10.1 from used in gateway mode.
configure gateway-mode delete ipaddress 10.10.10.1
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch.
148 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
configure nat-mode full
configure nat-mode full
Description
ConÞgures full-NAT mode (full Network Address Translation) on the application switch.
Syntax Description
This command has no parameters.
Default
Full-NAT mode is the default behavior of the application switch.
Usage Guidelines
You must have administrator privileges to issue this command.
In full-NAT mode, the server load balancer translates both the source and destination IP addressesÑthose of the client and the serverÑbefore sending the request onto the user. For the point of view of the server fulÞlling the request, it appears as though the client making the request is actually the server load balancer.
Advantages of full-NAT mode are:
¥ No conÞguration is necessary on the layer 2/3 switch connected to the application switch.
¥ It can be deployed in any network architecture.
¥ Clients can be on the same subnet as the servers.
¥ It allows interoperation with any vendors switch, regardless of support for policy routing.
You must run in full-NAT mode if:
¥ Clients and servers are on the same layer 2 network segment.
¥ The switch connected to the application switch does not support layer 3 policy routing based on source IP address, port, and protocol.
¥ You do not have access to the layer 3 switch to conÞgure policy based routing.
You must use the
command to commit the conÞguration changes made by this command.
Example
If another NAT mode was in use previously, use the following command to set it back to full: configure nat-mode full
History
This command was available in ExtremeWarePx 1.1.
149 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
Platform Availability
This command is available on the Px-series application switch.
150 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
configure nat-mode server-only
configure nat-mode server-only
Description
ConÞgures half-NAT mode (server-only Network Address Translation) on the application switch.
Syntax Description
This command has no parameters.
Default
Full-NAT mode is the default behavior of the application switch.
Usage Guidelines
You must have administrator privileges to issue this command.
In half-NAT mode, the application switch only translates the server IP address when dispatching the client requests to the real server. Half-NAT mode results in the server believing that the request came from the client, instead of the application switch. Using half-NAT mode, the server sees the real IP address of the client.
Half-NAT mode must be conÞgured on both the application switch and the attached layer 3 switch.
Policy-based routing allows layer 3 switches to make next-hop forwarding decisions based on information other than simply the IP destination address of the request.
On an Extreme switch, use the following ExtremeWare commands to conÞgure the policy routes required for half-NAT: create source-flow <name> source-ip <server ip> source-port <server-port> protocol tcp destination any config source-flow <name> next-hop <SLB VIP>
These policy rules route all trafÞc from the load-balanced port on the server to the application switch. If other locally-attached networks need to use the facility provided by that port without using the load balancer, more speciÞc rules need to be written to steer trafÞc directly back to the correct routers.
Advantages of Half-NAT mode are:
¥ Allows the server logs on the real web site to reßect the IP address of the real client making a request, rather than a proxy address of the application switch.
¥ Allows the use of IP address based security methods such as Unix Netgroups. This is primarily a concern for enterprise data centers.
NOTE
Half-NAT mode cannot be used if clients and servers are on the same layer 3 network. Policy-based routing occurs at layer 3 and cannot be applied without crossing a layer 3 network boundary.
You must use the
command to commit the conÞguration changes made by this command.
151 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
Example
The following command conÞgures half-NAT mode on the application switch configure nat-mode server-only
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch.
152 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
configure proxy-ip
configure proxy-ip <IP address> {- <IP address>}
Description
Sets a proxy IP address or a range of proxy addresses.
Syntax Description
IP address A proxy IP address. Two IP addresses separated by a hyphen indicate a range of addresses; the command configures all addresses in the specified range as proxy IPs.
Default
N/A.
Usage Guidelines
You must have administrator privileges to issue this command.
To function properly in full-NAT mode, the application switch requires that proxy IP addresses be conÞgured. These proxy addresses are used as the source IP addresses for the outbound connection to the server. One proxy address must be conÞgured for each 63,000 sessions active at one time. For full system capacity, you must conÞgure 32 IP addresses.
Proxy-IP addresses do not need to be contiguous. You can use multiple commands to specify different ranges of IP addresses to use as proxy addresses. The only restriction is that all addresses must be on the same subnet as the main system IP address.
NOTE
Do not change the proxy IP while the application switch is running.
If VRRP is also enabled, you typically must specify a different proxy IP address for each of the VRRP peers. The one exception to this requirement is that if you are using automatic synchronization and you have conÞgured all VRRP classes to track failure of all other VRRP classes, then you may use the same
proxy IP address on the two switches. For additional information about VRRP, see Chapter 5.
You must use the
command to commit the conÞguration changes made by this command. You must boot the application switch for the new proxy IP information to take effect.
Example
The following command conÞgures 32 consecutive proxy IP addresses.
config proxy-ip 10.1.1.11 - 10.1.1.42
History
This command was available in ExtremeWarePx 1.1.
153 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
Platform Availability
This command is available on the Px-series application switch.
154 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
configure sticky client-ip timeout
configure sticky client-ip timeout
[(<hours> : <minutes> : <seconds>) |
infinity}]
Description
Sets the time after which client-IP entries are deleted from the stickiness table.
Syntax Description hours minutes seconds infinity
The number of hours in the timeout period; a two-digit number between 00 and 97.
The number of minutes in the timeout period; a two digit number between 00 and 59.
The number of seconds in the timeout period; a two digit number between 00 and 59.
Specifies that client-IP persistence should last forever.
Default
By default, entries are deleted from the stickiness table after 24 hours without use.
Usage Guidelines
You must have administrator privileges to issue this command.
The timer affects both layer 4 and layer 7. Valid values for the timeout period are in the range 00:00:05
(5 seconds) to 97:43:52. You can specify the keyword infinity to indicate that the stickiness should last forever.
You must use the
command to commit the conÞguration changes made by this command.
Example
This example sets the timeout period for client-IP entries to 2 days (48 hours).
SummitPx1::22 # config sticky client-ip timeout 48:00:00
* SummitPx1::23 # build
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch.
155 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
configure sticky cookie-id timeout
configure sticky cookie-id timeout
[(<hours> : <minutes> : <seconds>) |
infinity}]
Description
Sets the time after which cookie-ID entries are deleted from the stickiness table.
Syntax Description hours minutes seconds infinity
The number of hours in the timeout period; a two-digit number between 00 and 97.
The number of minutes in the timeout period; a two digit number between 00 and 59.
The number of seconds in the timeout period; a two digit number between 00 and 59.
Specifies that client-IP persistence should last forever.
Default
By default, entries are deleted from the stickiness table after 30 seconds without use.
Usage Guidelines
You must have administrator privileges to issue this command.
Valid values for the timeout period are in the range 00:00:05 (5 seconds) to 97:43:52. You can specify the keyword infinity to indicate that the stickiness should last forever.
You must use the
command to commit the conÞguration changes made by this command.
Example
This example sets the timeout period for cookie-ID entries to 1 hour.
SummitPx1::22 # config sticky cookie-id timeout 01:00:00
* SummitPx1::3 # build
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch.
156 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
configure sticky session-id timeout
configure sticky session-id timeout
[(<hours> : <minutes> : <seconds>) |
infinity}]
Description
Sets the time after which session-ID entries are deleted from the stickiness table.
Syntax Description hours minutes seconds infinity
The number of hours in the timeout period; a two-digit number between 00 and 97.
The number of minutes in the timeout period; a two digit number between 00 and 59.
The number of seconds in the timeout period; a two digit number between 00 and 59.
Specifies that client-IP persistence should last forever.
Default
By default, entries are deleted from the stickiness table after 30 seconds without use.
Usage Guidelines
You must have administrator privileges to issue this command.
Valid values for the timeout period are in the range 00:00:05 (5 seconds) to 97:43:52. You can specify the keyword infinity to indicate that the stickiness should last forever.
You must use the
command to commit the conÞguration changes made by this command.
Example
This example sets the timeout period for session-ID entries to 1 hour.
SummitPx1::22 # config sticky session-id timeout 01:00:00
* SummitPx1::3 # build
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch.
157 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
configure timeout established-connection
configure timeout established-connection <seconds>
Description
Sets the established-connection timeout period.
Syntax Description seconds The number of seconds in the established-connection timeout period; a number between 1 and 8000, inclusive.
Default
The default established-connection timeout is 30 seconds.
Usage Guidelines
You must have administrator privileges to issue this command.
This command sets the length of the established-connection timeout period. This timeout period is used for established TCP or UDP connections. Established connections that have no trafÞc for the speciÞed time period will be torn down by the application switch. For TCP connections, a new 3-way handshake is required to restart the connection. A restart of either a TCP or a UDP connection is subject to the load-balancing policy for the target service and may not be bound to the same server as the original connection.
You can use this command to adjust the established-connection timeout period for protocols that exhibit long periods of inactivity; doing so will prevent premature termination of such connections.
You must use the
command to commit the conÞguration changes made by this command.
Example
The following command sets the established-connection timeout to 1 minute (60 seconds).
configure timeout established-connection 60
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch.
158 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
configure timeout udp-flow-persistence
configure timeout udp-flow-persistence <seconds>
Description
Sets the UDP-ßow-persistence timer.
Syntax Description seconds The number of seconds after which an idle UDP flow should be recycled; a number between
1 and 8000, inclusive.
Default
The default value for this timer is 40 seconds.
Usage Guidelines
You must have administrator privileges to issue this command.
The Px-series application switch provides UDP persistence. A UDP ßow is recycled if it is idle for the time speciÞed by the UDP-ßow-persistence timer.
You must use the
command to commit the conÞguration changes made by this command.
Example
The following command sets the UDP-ßow-persistence timer to 1 minute (60 seconds).
configure timeout udp-flow-persistence 60
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch.
159 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
disable gateway-mode
disable gateway-mode
Description
Disables gateway mode on the application switch.
Syntax Description
This command has no parameters or options.
Default
Gateway mode is disabled by default.
Usage Guidelines
You must have administrator privileges to issue this command.
You must use the
command to commit the conÞguration changes made by this command.
Example
This example disables gateway mode.
SummitPx1::32 # disable gateway-mode
* SummitPx1::33 # build
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch.
160 ExtremeWarePx1 1.2 Command Reference Guide
disable sticky
disable sticky
[L4 client-ip |
L7 [all | client-ip | cookie-id | session-id]]
Description
Disables the speciÞed persistence (stickiness) mode.
Syntax Description
L4
L7 all client-ip cookie-id session-id
Specifies layer 4.
Specifies layer 7.
Specifies all persistence modes (client-IP, cookie-ID, and session-ID).
Specifies client-IP persistence mode.
Specifies cookie-ID persistence mode.
Specifies session-ID persistence mode.
Default
By default, no persistence is enabled.
Usage Guidelines
You must have administrator privileges to issue this command.
You must use the
command to commit the conÞguration changes made by this command.
Example
The following command disables layer 4 client-IP persistence mode: disable sticky L4 client-ip
The following command disables layer 7 session-ID persistence mode: disable sticky L7 session-id
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch. disable sticky
ExtremeWarePx1 1.2 Command Reference Guide 161
Commands for Persistence Modes, and NAT Modes
enable gateway-mode
enable gateway-mode
Description
Enables gateway mode on the application switch.
Syntax Description
This command has no parameters or options.
Default
Gateway mode is disabled by default.
Usage Guidelines
You must have administrator privileges to issue this command.
When you conÞgure half-NAT mode, you can also enable gateway mode for the application switch, and add at least one IP address (using the
configure gateway-mode add ipaddress command).
If VRRP is enabled, you must specify at least one gateway-mode IP address for each active VRRP class
before you enable gateway mode. An active VRRP class is one that contains at least one service. When
you add a gateway-mode IP address with the configure gateway-mode add ipaddress command, you
can specify the VRID of a VRRP class. A given VRRP class can have multiple gateway-mode IP addresses.
When gateway mode and VRRP are both enabled, you must also make sure every server responds to
VIPs in a single VRRP class. That is, all services that use a particular server must be in the same VRRP class.
For more information about VRRP, see Chapter 5.
You must use the
command to commit the conÞguration changes made by this command.
Example
This example enables gateway mode and adds 10.10.10.1 as an IP address that a serverÕs default gateway can forward to.
SummitPx1::32 # enable gateway-mode
* SummitPx1::33 # configure gateway-mode add ipaddress 10.10.10.1
* SummitPx1::34 # build
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch.
162 ExtremeWarePx1 1.2 Command Reference Guide
enable sticky
enable sticky
[L4 client-ip |
L7 [all | client-ip | cookie-id | session-id]]
Description
Enables the speciÞed persistence (stickiness) mode.
Syntax Description
L4
L7 all client-ip cookie-id session-id
Specifies layer 4.
Specifies layer 7.
Specifies all persistence modes (client-IP, cookie-ID, and session-ID).
Specifies client-IP persistence mode.
Specifies cookie-ID persistence mode.
Specifies session-ID persistence mode.
Default
By default, no persistence is enabled.
Usage Guidelines
You must have administrator privileges to issue this command.
You must use the
command to commit the conÞguration changes made by this command.
Example
The following command enables layer 4 client-IP persistence mode: enable sticky L4 client-ip
The following command enables layer 7 session-ID persistence mode: enable sticky L7 session-id
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch. enable sticky
ExtremeWarePx1 1.2 Command Reference Guide 163
Commands for Persistence Modes, and NAT Modes
unconfigure proxy-ip
unconfigure proxy-ip <IP address> {- <IP address>}
Description
Removes a proxy IP address or a range of proxy addresses.
Syntax Description
IP address A proxy IP address. Two IP addresses separated by a hyphen indicate a range of addresses; the command removes all addresses in the specified range.
Default
N/A.
Usage Guidelines
You must have administrator privileges to issue this command.
NOTE
Do not change the proxy-IP configuration while the application switch is running.
You must use the
command to commit the conÞguration changes made by this command. You must boot the application switch for the new proxy IP information to take effect.
Example
The following command unconÞgures a proxy IP address.
unconfig proxy-ip 10.1.1.12
History
This command was available in ExtremeWarePx 1.1.
Platform Availability
This command is available on the Px-series application switch.
164 ExtremeWarePx1 1.2 Command Reference Guide

Public link updated
The public link to your chat has been updated.
Advertisement
Key features
- Health Checks
- Server Grouping
- Virtual Services
- Load Balancing
- Traffic Management