SeProperties

Description

API


    PUT /api/seproperties
    GET /api/seproperties
    GET /api/seproperties

CLI


    configure serviceengineproperties
    show serviceengineproperties

Data

SeProperties

uuid

Type
string
Category
required
Description
Default
default

se_bootup_properties

Type
SeBootupProperties
Category
optional
Description

se_runtime_properties

Type
SeRuntimeProperties
Category
optional
Description

se_agent_properties

Type
SeAgentProperties
Category
optional
Description

SeBootupProperties

tcp_syncache_hashsize

Type
uint32
Category
optional
Description
Default
8192

log_agent_trace_enabled

Type
bool
Category
optional
Description
Default
True

log_agent_debug_enabled

Type
bool
Category
optional
Description
Default
False

se_emulated_cores

Type
uint32
Category
optional
Description
Default
0

se_tx_batch_size

Type
uint32
Category
optional
Description
Default
64

l7_conns_per_core

Type
uint32
Category
optional
Description
Default
16384

ssl_sess_cache_per_vs

Type
uint32
Category
optional
Description
Default
4096

l7_resvd_listen_conns_per_core

Type
uint32
Category
optional
Description
Default
256

ssl_sess_cache_timeout

Type
uint32
Category
optional
Description
Default
86400

se_lro

Type
uint32
Category
optional
Description
Default
1

se_rum_sampling_nav_percent

Type
uint32
Category
optional
Description
Default
1

se_rum_sampling_res_percent

Type
uint32
Category
optional
Description
Default
100

se_rum_sampling_nav_interval

Type
uint32
Category
optional
Description
Default
1

se_rum_sampling_res_interval

Type
uint32
Category
optional
Description
Default
2

se_dp_compression

Type
SeBootupCompressionProperties
Category
optional
Description

se_dpdk_pmd

Type
uint32
Category
optional
Description
Default
0

se_tunnel_mode

Type
uint32
Category
optional
Description
Default
0

se_use_dpdk

Type
uint32
Category
optional
Description
Default
0

se_log_buffer_chunk_count

Type
uint32
Category
optional
Description
Default
1024

se_log_buffer_applog_size

Type
uint32
Category
optional
Description
Default
4096

se_log_buffer_connlog_size

Type
uint32
Category
optional
Description
Default
1024

se_log_buffer_events_size

Type
uint32
Category
optional
Description
Default
512

se_ip_encap_ipc

Type
uint32
Category
optional
Description
Default
0

se_log_buffer_app_blocking_dequeue

Type
bool
Category
optional
Description
Default
False

se_log_buffer_conn_blocking_dequeue

Type
bool
Category
optional
Description
Default
False

se_log_buffer_events_blocking_dequeue

Type
bool
Category
optional
Description
Default
True

se_pcap_pkt_sz

Type
uint32
Category
optional
Description
Default
65536

se_pcap_pkt_count

Type
uint32
Category
optional
Description
Default
256

fair_queueing_enabled

Type
bool
Category
optional
Description
Default
True

docker_backend_portstart

Type
uint32
Category
optional
Description
Default
20480

docker_backend_portend

Type
uint32
Category
optional
Description
Default
30720

distribute_vnics

Type
bool
Category
optional
Description
Distributes vnic ownership among cores so multiple cores handle dispatcher duties.
Default
False

SeBootupCompressionProperties

buf_num

Type
int32
Category
optional
Description
Default
128

buf_size

Type
int32
Category
optional
Description
Default
4096

level_normal

Type
int32
Category
optional
Description
Default
1

level_aggressive

Type
int32
Category
optional
Description
Default
5

window_size

Type
int32
Category
optional
Description
Default
4096

hash_size

Type
int32
Category
optional
Description
Default
16384

SeRuntimeProperties

persistence_mem_max

Type
uint32
Category
optional
Description
Maximum memory in bytes allocated for persistence entries
Default
0

persistence_entries_low_watermark

Type
uint32
Category
optional
Description
Default
20000

upstream_keepalive

Type
bool
Category
optional
Description
Default
False

flow_table_max_entries_deprecated

Type
uint32
Category
optional
Description
Default
100000000

flow_table_new_syn_max_entries

Type
uint32
Category
optional
Description
Default
40000

tcp_syn_cache_max

Type
uint32
Category
optional
Description
Default
32768

se_packet_buffer_max

Type
uint32
Category
optional
Description
Default
0

se_malloc_thresh

Type
uint32
Category
optional
Description
Default
0

tcp_syncache_max_retransmit_default

Type
uint32
Category
optional
Description
Default
4

log_agent_file_sz_debug

Type
uint32
Category
optional
Description
Default
4

log_agent_file_sz_conn

Type
uint32
Category
optional
Description
Default
4

log_agent_file_sz_appl

Type
uint32
Category
optional
Description
Default
4

log_agent_file_sz_event

Type
uint32
Category
optional
Description
Default
4

log_agent_min_storage_per_vs

Type
uint32
Category
optional
Description
Default
10

log_agent_max_storage_ignore_percent

Type
float
Category
optional
Description
Default
10

log_agent_max_storage_excess_percent

Type
uint32
Category
optional
Description
Default
110

se_random_tcp_drops

Type
bool
Category
optional
Description
Default
False

log_agent_max_active_adf_files_per_vs

Type
uint32
Category
optional
Description
Default
100

log_agent_max_logmessage_proto_sz

Type
uint32
Category
optional
Description
Default
4096

se_dp_log_nf_enqueue_percent

Type
uint32
Category
optional
Description
Default
70

se_dp_log_udf_enqueue_percent

Type
uint32
Category
optional
Description
Default
90

log_agent_compress_logs

Type
bool
Category
optional
Description
Default
True

upstream_connpool_enable

Type
bool
Category
optional
Description
Default
True

upstream_connpool_strategy

Type
int32
Category
optional
Description
Default
-1

upstream_connpool_server_max_cache

Type
int32
Category
optional
Description
Default
-1

upstream_connpool_conn_max_reuse

Type
int32
Category
optional
Description
Default
-1

upstream_connpool_conn_idle_tmo

Type
int32
Category
optional
Description
Default
-1

upstream_connpool_core_max_cache

Type
int32
Category
optional
Description
Default
-1

upstream_connpool_cache_thresh

Type
int32
Category
optional
Description
Default
-1

upstream_connpool_conn_idle_thresh_tmo

Type
int32
Category
optional
Description
Default
-1

upstream_connpool_conn_life_tmo

Type
int32
Category
optional
Description
Default
-1

lb_fail_max_time

Type
int32
Category
optional
Description
Default
5

log_agent_sleep_interval

Type
uint32
Category
optional
Description
Default
10

ngx_free_connection_stack

Type
bool
Category
optional
Description
Default
False

se_mac_error_threshold_to_disable_promiscious

Type
uint32
Category
optional
Description
Default
1000

se_metrics_rt_interval

Type
uint32
Category
optional
Description
Default
1000

se_metrics_rt_enabled

Type
bool
Category
optional
Description
Default
True

app_headers

Type
AppHdr
Category
repeated
Description

connections_lossy_log_rate_limiter_threshold

Type
int32
Category
optional
Description
Rate limit on maximum adf lossy log to pushper second
Default
1000

connections_udfnf_log_rate_limiter_threshold

Type
int32
Category
optional
Description
Rate limit on maximum adf udf or nf log to pushper second
Default
1000

http_rum_console_log

Type
bool
Category
optional
Description
Default
False

http_rum_min_content_length

Type
uint32
Category
optional
Description
Default
64

se_dp_compression

Type
SeRuntimeCompressionProperties
Category
optional
Description

se_dp_hm_drops

Type
int32
Category
optional
Description
Default
0

spdy_fwd_proxy_parse_enable

Type
bool
Category
optional
Description
Default
True

mcache_enabled

Type
bool
Category
optional
Description
enables mcache - controls fetch/store/store_out

mcache_fetch_enabled

Type
bool
Category
optional
Description
enables mcache_fetch

mcache_store_in_enabled

Type
bool
Category
optional
Description
enables mcache_store

mcache_store_out_enabled

Type
bool
Category
optional
Description
enables mcache_store_out

mcache_max_cache_size

Type
uint64
Category
optional
Description
max cache size

mcache_store_in_min_size

Type
uint32
Category
optional
Description
min object size

mcache_store_in_max_size

Type
uint32
Category
optional
Description
max object size

mcache_store_se_max_size

Type
uint64
Category
optional
Description
Default
0

upstream_connect_timeout

Type
uint32
Category
optional
Description
Default
3600000

upstream_send_timeout

Type
uint32
Category
optional
Description
Default
3600000

upstream_read_timeout

Type
uint32
Category
optional
Description
Default
3600000

dp_hb_frequency

Type
uint32
Category
optional
Description
Default
100

dp_hb_timeout_count

Type
uint32
Category
optional
Description
Default
10

dupip_frequency

Type
uint32
Category
optional
Description
Default
0

dupip_timeout_count

Type
uint32
Category
optional
Description
Default
5

max_throughput

Type
uint32
Category
optional,readonly
Description
Default
10000

se_hb_persist_fudge_bits

Type
uint32
Category
optional
Description
Default
3

log_agent_unknown_vs_timer

Type
uint32
Category
optional
Description
Default
1800

global_mtu

Type
uint32
Category
optional
Description
Default
0

log_agent_export_wait_time

Type
uint32
Category
optional
Description
Default
100

log_agent_export_msg_buffer_size

Type
uint32
Category
optional
Description
Default
524288

log_agent_conn_send_buffer_size

Type
uint32
Category
optional
Description
Default
16384

log_agent_pause_interval

Type
uint32
Category
optional
Description
Default
0

log_agent_max_concurrent_rsync

Type
uint32
Category
optional
Description
Default
1024

downstream_send_timeout

Type
uint32
Category
optional
Description
Default
3600000

se_auth_ldap_cache_size

Type
uint32
Category
optional
Description
Default
100000

se_auth_ldap_conns_per_server

Type
uint32
Category
optional
Description
Default
1

se_auth_ldap_connect_timeout

Type
uint32
Category
optional
Description
Default
10000

se_auth_ldap_reconnect_timeout

Type
uint32
Category
optional
Description
Default
10000

se_auth_ldap_bind_timeout

Type
uint32
Category
optional
Description
Default
5000

se_auth_ldap_request_timeout

Type
uint32
Category
optional
Description
Default
10000

dos_profile

Type
DosThresholdProfile
Category
optional
Description

se_auth_ldap_servers_failover_only

Type
bool
Category
optional
Description
enables ldap servers into failover mode
Default
False

se_memory_poison

Type
bool
Category
optional
Description
enables poisoning of freed memory blocks
Default
True

dp_aggressive_hb_frequency

Type
uint32
Category
optional
Description
Heartbeat check interval between ServiceEngines
Default
100

dp_aggressive_hb_timeout_count

Type
uint32
Category
optional
Description
Number of failed heartbeats before reporting an error
Default
5

se_rate_limiters

Type
SeRateLimiters
Category
optional
Description
SE rate limiters

se_metrics_interval

Type
uint32
Category
optional
Description
Default
60000

service_port_ranges

Type
PortRange
Category
repeated
Description
Port ranges on which there may be virtual services (for configuring iptables)

se_handle_interface_routes

Type
bool
Category
optional
Description
Default
False

services_accessible_all_interfaces

Type
bool
Category
optional
Description
Make service ports accessible on all Host interfaces in addition to East/West VIP and/or bridge IP
Default
False

feproxy_vips_enable_proxy_arp

Type
bool
Category
optional
Description
Enable proxy ARP from Host interface for Front End proxies
Default
True

baremetal_dispatcher_handles_flows

Type
bool
Category
optional
Description
Control if dispatcher core also handles TCP flows in baremetal SE.
Default
False

log_agent_log_storage_min_sz

Type
uint32
Category
optional
Description
Minimum storage allocated for logs irrespective of memory and cores.
Default
1024

lbaction_num_requests_to_dispatch

Type
uint32
Category
optional
Description
Number of requests to dispatch from the request queue at a regular interval.
Default
4

lbaction_rq_per_request_max_retries

Type
uint32
Category
optional
Description
Maximum retries per request in the request queue.
Default
22

service_ip_subnets

Type
IpAddrPrefix
Category
repeated
Description
IP ranges on which there may be virtual services (for configuring iptables/routes)

se_dp_if_state_poll_interval

Type
uint32
Category
optional
Description
Number of jiffies between polling interface state.
Default
10

AppHdr

hdr_name

Type
string
Category
required
Description

hdr_match_case

Type
enum
Category
required
Description
Choices
SENSITIVE, INSENSITIVE

hdr_string_op

Type
enum
Category
required
Description
Choices
REGEX_MATCH, DOES_NOT_END_WITH, ENDS_WITH, CONTAINS, EQUALS, DOES_NOT_BEGIN_WITH, DOES_NOT_EQUAL, REGEX_DOES_NOT_MATCH, DOES_NOT_CONTAIN, BEGINS_WITH

SeRuntimeCompressionProperties

min_length

Type
int32
Category
optional
Description
Default
128

max_low_rtt

Type
int32
Category
optional
Description
Default
10

min_high_rtt

Type
int32
Category
optional
Description
Default
200

mobile_str

Type
string
Category
repeated
Description
String value(s) mobile

DosThresholdProfile

thresh_period

Type
int32
Category
required
Description
Timer value in seconds to collect DoS attack metrics based on threshold on the Service Engine for this Virtual Service.
Default
5

thresh_info

Type
DosThreshold
Category
repeated
Description
Attack type, min and max values for DoS attack detection.

DosThreshold

attack

Type
enum
Category
required
Description
Attack type.
Choices
DOS_REQ_IP_URI_RL_DROP_BAD, DOS_REQ_CIP_SCAN_BAD_RL_DROP, MALFORMED_FLOOD, POLICY_DROPS, IP_FRAG_INCOMPLETE, DOS_CONN_IP_RL_DROP, FAKE_SESSION, DOS_HTTP_ABORT, SMURF, IP_FRAG_TOOSMALL, ICMP_PING_FLOOD, DOS_REQ_CIP_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_URI_RL_DROP, LAND, UNKOWN_PROTOCOL, DOS_REQ_IP_RL_DROP_BAD, TCP_NON_SYN_FLOOD, ZERO_WINDOW_STRESS, IP_FRAG_FULL, DOS_REQ_RL_DROP, SMALL_WINDOW_STRESS, BAD_RST_FLOOD, DOS_APP_ERROR, DOS_SSL_ERROR, IP_FRAG_OVERRUN, PORT_SCAN, DOS_REQ_IP_RL_DROP, DOS_REQ_URI_RL_DROP_BAD, TCP_NON_SYN_FLOOD_OLD, DOS_REQ_URI_SCAN_BAD_RL_DROP, DOS_SLOW_URL, DOS_REQ_URI_RL_DROP, SYN_FLOOD, DOS_HTTP_ERROR, TEARDROP, DOS_REQ_URI_SCAN_UNKNOWN_RL_DROP, DOS_HTTP_TIMEOUT, DOS_CONN_RL_DROP

min_value

Type
int32
Category
required
Description
Minimum number of packets or connections or requests in a given interval of time to be deemed as attack.

max_value

Type
int32
Category
required
Description
Maximum number of packets or connections or requests in a given interval of time to be deemed as attack.

SeRateLimiters

icmp_rl

Type
uint32
Category
optional
Description
Rate limiter for ICMP requests in pps.
Default
100

icmp_rsp_rl

Type
uint32
Category
optional
Description
Rate limiter for ICMP response in pps.
Default
500

arp_rl

Type
uint32
Category
optional
Description
Rate limiter for ARP packets in pps.
Default
100

rst_rl

Type
uint32
Category
optional
Description
Rate limiter for number RST pkts sent in pps.
Default
100

flow_probe_rl

Type
uint32
Category
optional
Description
Rate limiter for number of flow probes in pps.
Default
250

default_rl

Type
uint32
Category
optional
Description
Default Rate limiter in pps.
Default
100

PortRange

start

Type
uint32
Category
required
Description
TCP/UDP port range start (inclusive).

end

Type
uint32
Category
required
Description
TCP/UDP port range end (inclusive).

IpAddrPrefix

ip_addr

Type
IpAddr
Category
required
Description

mask

Type
int32
Category
required
Description

IpAddr

addr

Type
string
Category
required
Description
IP address

type

Type
enum
Category
required
Description
Choices
V4, DNS

SeAgentProperties

debug_mode

Type
bool
Category
optional
Description
Default
False

controller_registration_timeout_sec

Type
uint32
Category
optional
Description
Default
10

controller_heartbeat_timeout_sec

Type
uint32
Category
optional
Description
Default
12

headless_timeout_sec

Type
uint32
Category
optional
Description
Default
0

controller_heartbeat_miss_limit

Type
uint32
Category
optional
Description
Default
6

dp_enq_interval_msec

Type
uint32
Category
optional
Description
Default
20

dp_deq_interval_msec

Type
uint32
Category
optional
Description
Default
20

dp_batch_size

Type
uint32
Category
optional
Description
Default
100

dp_max_wait_rsp_time_sec

Type
uint32
Category
optional
Description
Default
12

cpustats_interval

Type
uint32
Category
optional
Description
Default
5

controller_rpc_timeout

Type
uint32
Category
optional
Description
Default
10

controller_echo_rpc_timeout

Type
uint32
Category
optional
Description
Timeout used for se health check
Default
2000

controller_echo_miss_limit

Type
uint32
Category
optional
Description
Count of HB misses for se health check failure
Default
4

vnic_probe_interval

Type
uint32
Category
optional
Description
Probe vnic interval
Default
5

vnic_ip_delete_interval

Type
uint32
Category
optional
Description
wait interval before deleting IP
Default
5

ctrl_reg_pending_max_wait_time

Type
uint32
Category
optional
Description
Max time to wait for ctrl registration before assert
Default
150

dp_reg_pending_max_wait_time

Type
uint32
Category
optional
Description
Max time to wait for dp registration before assert
Default
75

vnic_dhcp_ip_check_interval

Type
uint32
Category
optional
Description
DHCP ip check interval
Default
6

vnic_dhcp_ip_max_retries

Type
uint32
Category
optional
Description
DHCP ip max retries
Default
10

dp_aggressive_enq_interval_msec

Type
uint32
Category
optional
Description
Default
1

dp_aggressive_deq_interval_msec

Type
uint32
Category
optional
Description
Default
1

sdb_scan_count

Type
uint32
Category
optional
Description
SDB scan count
Default
1000

sdb_pipeline_size

Type
uint32
Category
optional
Description
SDB pipeline size
Default
100

sdb_flush_interval

Type
uint32
Category
optional
Description
SDB pipeline flush interval
Default
100

controller_echo_rpc_aggressive_timeout

Type
uint32
Category
optional
Description
Aggressive Timeout used for se health check
Default
500

controller_echo_miss_aggressive_limit

Type
uint32
Category
optional
Description
Aggressive Count of HB misses for se health check failure
Default
2

ignore_docker_mac_change

Type
bool
Category
optional
Description
Default
True

References

Sub Objects