F3215-HP Load Balancing Module Security Configuration Guide-6PW101
158
Managing sessions in the CLI
Session management task list
Task Remarks
Setting session aging times based on protocol state Optional.
Configuring session aging time based on application layer protocol type Optional.
Enabling checksum verification Optional.
Specifying persistent sessions Optional.
Configuring the operating mode for session management Optional.
Enabling session synchronization for stateful failover Optional.
Clearing sessions manually Optional.
These tasks are mutually independent and can be configured in any order.
Setting session aging times based on protocol state
If the application layer protocol of a session supports session aging time configuration, the session takes
the session aging time set based on the application layer protocol type as its aging time when it is in the
READY/ESTABLISH state. For more information about the configuration, see "Configuring session aging
time ba
sed on a
pplication layer protocol type."
If a session entry is not matched with any packets in a specified period of time, the entry will be aged out.
IMPORTANT:
For a lar
g
e amount of sessions (more than 800000), do not specify too short a
g
in
g
time. Otherwise, the
console might be slow in response.
To set the session aging times based on protocol state:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the aging time for sessions
of a specified protocol and in
a specified state.
session aging-time { accelerate |
fin | icmp-closed | icmp-open |
rawip-open | rawip-ready | syn |
tcp-est | udp-open | udp-ready }
time-value
This aging time setting is effective
to only the sessions that are being
established.
Configuring session aging time based on application layer protocol type
For sessions in the READY (with UDP) or ESTABLISH (with TCP) state, you can set the session aging times
according to the types of the application layer protocols to which the sessions belong.
IMPORTANT:
For a large amount of sessions (more than 800000), do not specify too short a
g
in
g
time. Otherwise, the
console might be slow in response.