lxm --- ans lb config
#ANS2.2 Build 160.006 # Last modified by `save config`, Fri Oct 12 17:15:42 2018 set ans config -IPAddress 172.16.204.30 -netmask 255.255.255.0 set ans config -timezone "GMT+08:00-CST-Asia/Shanghai" enable ans feature WL SP LB CS CR SC CMP PQ SSL GSLB HDOSP push CF IC SSLVPN AAA OSPF RIP BGP REWRITE IPv6PT AppFw RESPONDER HTMLInjection AppFVision CloudETunnel ISIS CH AppQDE enable ans mode FR L3 Edge USNIP PMTUD set system parameter -natPcbForceFlushLimit 4294967295 -timeout 43200 set system user ansroot 1a6eb952949bcb4f8cecfd3dff3a4baa78191fb2392d14521 -encrypted set rsskeytype -rsstype ASYMMETRIC set lacp -sysPriority 32768 -mac 52:54:00:23:86:c0 set interface 0/1 -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -ifnum 0/1 set interface 1/1 -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -ifnum 1/1 set interface LO/1 -haMonitor OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype Loopback -ifnum LO/1 add ans ip6 fe80::5054:ff:fe23:86c0/64 -scope link-local -type ANSIP -vlan 1 -vServer DISABLED -mgmtAccess ENABLED -dynamicRouting ENABLED add ans ip 172.16.204.31 255.255.255.0 -vServer DISABLED -mgmtAccess ENABLED set ipsec parameter -lifetime 28800 add ipsec profile ans_ipsec_default_profile -ikeRetryInterval 60 set nd6RAvariables -vlan 1 bind nd6RAvariables -vlan 1 -ipv6Prefix :: set ipv6 -natprefix :: set snmp mib -contact "Admin (default)" set snmp alarm SYNFLOOD -timeout 1 set snmp alarm HA-VERSION-MISMATCH -time 86400 -timeout 86400 set snmp alarm HA-SYNC-FAILURE -time 86400 -timeout 86400 set snmp alarm HA-NO-HEARTBEATS -time 86400 -timeout 86400 set snmp alarm HA-BAD-SECONDARY-STATE -time 86400 -timeout 86400 set snmp alarm HA-PROP-FAILURE -timeout 86400 set snmp alarm IP-CONFLICT -timeout 86400 set snmp alarm APPFW-START-URL -timeout 1 set snmp alarm APPFW-DENY-URL -timeout 1 set snmp alarm APPFW-REFERER-HEADER -timeout 1 set snmp alarm APPFW-CSRF-TAG -timeout 1 set snmp alarm APPFW-COOKIE -timeout 1 set snmp alarm APPFW-FIELD-CONSISTENCY -timeout 1 set snmp alarm APPFW-BUFFER-OVERFLOW -timeout 1 set snmp alarm APPFW-FIELD-FORMAT -timeout 1 set snmp alarm APPFW-SAFE-COMMERCE -timeout 1 set snmp alarm APPFW-SAFE-OBJECT -timeout 1 set snmp alarm APPFW-POLICY-HIT -timeout 1 set snmp alarm APPFW-VIOLATIONS-TYPE -timeout 1 set snmp alarm APPFW-XSS -timeout 1 set snmp alarm APPFW-XML-XSS -timeout 1 set snmp alarm APPFW-SQL -timeout 1 set snmp alarm APPFW-XML-SQL -timeout 1 set snmp alarm APPFW-XML-ATTACHMENT -timeout 1 set snmp alarm APPFW-XML-DOS -timeout 1 set snmp alarm APPFW-XML-VALIDATION -timeout 1 set snmp alarm APPFW-XML-WSI -timeout 1 set snmp alarm APPFW-XML-SCHEMA-COMPILE -timeout 1 set snmp alarm APPFW-XML-SOAP-FAULT -timeout 1 set snmp alarm DNSKEY-EXPIRY -timeout 1 set snmp alarm HA-LICENSE-MISMATCH -timeout 86400 set snmp alarm CLUSTER-NODE-HEALTH -time 86400 -timeout 86400 set snmp alarm CLUSTER-NODE-QUORUM -time 86400 -timeout 86400 set snmp alarm CLUSTER-VERSION-MISMATCH -time 86400 -timeout 86400 set ans tcpProfile anstcp_default_tcp_lfp -mss 0 set ans tcpProfile anstcp_default_tcp_lnp -mss 0 set ans tcpProfile anstcp_default_tcp_lan -mss 0 set ans tcpProfile anstcp_default_tcp_lfp_thin_stream -mss 0 set ans tcpProfile anstcp_default_tcp_lnp_thin_stream -mss 0 set ans tcpProfile anstcp_default_tcp_lan_thin_stream -mss 0 set ans tcpProfile anstcp_default_tcp_interactive_stream -mss 0 set ans tcpProfile anstcp_internal_apps -mss 0 set ans tcpProfile anstcp_default_XA_XD_profile -mss 0 set ans tcpProfile anstcp_default_Mobile_profile -mss 0 add server srv_lxm_win1 172.16.204.50 add server srv_lxm_linux1 172.16.204.51 add server srv_lxm_linux2 172.16.204.52 add server srv_gxw_proxy1 172.16.204.56 add service svc_lxm_win1_portalyk srv_lxm_win1 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add service svc_lxm_win1_montorfile srv_lxm_win1 HTTP 8086 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add service svc_lxm_win1_login srv_lxm_win1 TCP 2013 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO add service svc_lxm_win1_file srv_lxm_win1 TCP 18001 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO add service svc_lxm_win1_card srv_lxm_win1 TCP 2055 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO add service svc_lxm_linux1_portalyk srv_lxm_linux1 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add service svc_lxm_linux1_montorfile srv_lxm_linux1 HTTP 8086 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add service svc_lxm_linux1_login srv_lxm_linux1 TCP 2013 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO add service svc_lxm_linux1_file srv_lxm_linux1 TCP 18001 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO add service svc_lxm_linux1_card srv_lxm_linux1 TCP 2055 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO add service svc_lxm_linux2_portalyk srv_lxm_linux2 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add service svc_lxm_linux2_montorfile srv_lxm_linux2 HTTP 8086 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add service svc_lxm_linux2_login srv_lxm_linux2 TCP 2013 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO add service svc_lxm_linux2_file srv_lxm_linux2 TCP 18001 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO add service svc_lxm_linux2_card srv_lxm_linux2 TCP 2055 -gslb NONE -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO add service svc_gxw_proxy_web_80 srv_gxw_proxy1 HTTP 80 -gslb NONE -maxClient 0 -healthMonitor NO -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add service svc_gxw_proxy_file_8086 srv_gxw_proxy1 HTTP 8086 -gslb NONE -maxClient 0 -healthMonitor NO -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP NO add service svc_gxw_proxy_file_18001 srv_gxw_proxy1 TCP 18001 -gslb NONE -maxClient 0 -healthMonitor NO -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -sp OFF -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO add ssl certKey hg-server-certificate -cert hg-server.cert -key hg-server.key bind cmp global ans_adv_nocmp_xml_ie -priority 8700 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ans_adv_nocmp_mozilla_47 -priority 8800 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ans_adv_cmp_mscss -priority 8900 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ans_adv_cmp_msapp -priority 9000 -gotoPriorityExpression END -type RES_DEFAULT bind cmp global ans_adv_cmp_content_type -priority 10000 -gotoPriorityExpression END -type RES_DEFAULT set lb parameter -sessionsThreshold 150000 add lb vserver lb_vsrv_lxm_login TCP 172.16.204.45 2013 -persistenceType NONE -cltTimeout 9000 add lb vserver lb_vsrv_lxm_card TCP 172.16.204.45 2055 -persistenceType NONE -cltTimeout 9000 add lb vserver lb_vsrv_gxw_proxy_web_80 HTTP 172.16.204.45 80 -persistenceType NONE -cltTimeout 180 add lb vserver lb_vsrv_gxw_proxy_file_8086 HTTP 172.16.204.45 8086 -persistenceType NONE -cltTimeout 180 add lb vserver lb_vsrv_gxw_proxy_file_18001 TCP 172.16.204.45 18001 -persistenceType NONE -cltTimeout 9000 set cache parameter -via "NS-CACHE-10.0: 40" set ans rpcNode 172.16.204.40 -password 8a7b474124957776a0cd31b862cbe4d72b5cbd59868a136d4bdeb56cf03b28 -encrypted -srcIP * add rewrite action rw_act_xforward_rep replace "HTTP.REQ.HEADER("X-Forwarded-For")" CLIENT.IP.SRC add rewrite action rw_act_xforward_add insert_http_header X-FORWARDED-FOR CLIENT.IP.SRC add rewrite policy rw_pol_xforward_rep "HTTP.REQ.HEADER("X-FORWARDEDFOR").EXISTS" rw_act_xforward_rep add rewrite policy rw_pol_xforward_add "HTTP.REQ.HEADER("X-FORWARDEDFOR").EXISTS.NOT" rw_act_xforward_add set responder param -undefAction NOOP set appfw settings -sessionCookieName NetQQY_ns_id bind lb vserver lb_vsrv_lxm_login svc_lxm_win1_login bind lb vserver lb_vsrv_lxm_login svc_lxm_linux1_login bind lb vserver lb_vsrv_lxm_login svc_lxm_linux2_login bind lb vserver lb_vsrv_lxm_card svc_lxm_win1_card bind lb vserver lb_vsrv_lxm_card svc_lxm_linux1_card bind lb vserver lb_vsrv_lxm_card svc_lxm_linux2_card bind lb vserver lb_vsrv_gxw_proxy_web_80 svc_gxw_proxy_web_80 bind lb vserver lb_vsrv_gxw_proxy_file_8086 svc_gxw_proxy_file_8086 bind lb vserver lb_vsrv_gxw_proxy_file_18001 svc_gxw_proxy_file_18001 bind lb vserver lb_vsrv_gxw_proxy_web_80 -policyName rw_pol_xforward_rep -priority 111 -gotoPriorityExpression NEXT -type REQUEST bind lb vserver lb_vsrv_gxw_proxy_web_80 -policyName rw_pol_xforward_add -priority 115 -gotoPriorityExpression NEXT -type REQUEST set ans diameter -identity high-galaxy.com -realm com add dns nsRec . a.root-servers.net -TTL 3600000 add dns nsRec . b.root-servers.net -TTL 3600000 add dns nsRec . c.root-servers.net -TTL 3600000 add dns nsRec . d.root-servers.net -TTL 3600000 add dns nsRec . e.root-servers.net -TTL 3600000 add dns nsRec . f.root-servers.net -TTL 3600000 add dns nsRec . g.root-servers.net -TTL 3600000 add dns nsRec . h.root-servers.net -TTL 3600000 add dns nsRec . i.root-servers.net -TTL 3600000 add dns nsRec . j.root-servers.net -TTL 3600000 add dns nsRec . k.root-servers.net -TTL 3600000 add dns nsRec . l.root-servers.net -TTL 3600000 add dns nsRec . m.root-servers.net -TTL 3600000 add dns addRec l.root-servers.net 199.7.83.42 -TTL 3600000 add dns addRec b.root-servers.net 192.228.79.201 -TTL 3600000 add dns addRec d.root-servers.net 128.8.10.90 -TTL 3600000 add dns addRec j.root-servers.net 192.58.128.30 -TTL 3600000 add dns addRec h.root-servers.net 128.63.2.53 -TTL 3600000 add dns addRec f.root-servers.net 192.5.5.241 -TTL 3600000 add dns addRec k.root-servers.net 193.0.14.129 -TTL 3600000 add dns addRec a.root-servers.net 198.41.0.4 -TTL 3600000 add dns addRec c.root-servers.net 192.33.4.12 -TTL 3600000 add dns addRec m.root-servers.net 202.12.27.33 -TTL 3600000 add dns addRec i.root-servers.net 192.36.148.17 -TTL 3600000 add dns addRec g.root-servers.net 192.112.36.4 -TTL 3600000 add dns addRec e.root-servers.net 192.203.230.10 -TTL 3600000 set lb monitor ldns-dns LDNS-DNS -query . -queryType Address add route 0.0.0.0 0.0.0.0 172.16.204.1 set ssl service hghttps-172.16.204.41-443 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl service hgrpcs-172.16.204.41-3088 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl service hghttps-::1l-443 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl service hgrpcs-::1l-3088 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl service hgkrpcs-127.0.0.1-3089 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl service hghttps-127.0.0.1-443 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED set ssl service hgrpcs-127.0.0.1-3088 -eRSA ENABLED -sessReuse DISABLED -tls11 DISABLED -tls12 DISABLED bind ssl service hghttps-172.16.204.41-443 -certkeyName hg-server-certificate bind ssl service hgrpcs-172.16.204.41-3088 -certkeyName hg-server-certificate bind ssl service hghttps-::1l-443 -certkeyName hg-server-certificate bind ssl service hgrpcs-::1l-3088 -certkeyName hg-server-certificate bind ssl service hgkrpcs-127.0.0.1-3089 -certkeyName hg-server-certificate bind ssl service hghttps-127.0.0.1-443 -certkeyName hg-server-certificate bind ssl service hgrpcs-127.0.0.1-3088 -certkeyName hg-server-certificate set ans encryptionParams -method AES256 -keyValue ff0e316156e6143adf9335f334b583950568f77bfcfa767947c0f752f0116838cb82b5552bf73107de31cf48a40e509506d112b8 -encrypted set inatparam -nat46v6Prefix ::/96 set ip6TunnelParam -srcIP :: set ptp -state ENABLE set ans param -timezone "GMT+08:00-CST-Asia/Shanghai"
============== End