CONFIGURING APPLICATION DELIVERY PARTITIONS

A10 Thunder Series and AX Series

ACOS 4.1.0
16 February 2016
© 2016 A10 Networks, Inc. Confidential and Proprietary - All Rights Reserved
Information in this document is subject to change without notice.

Patent Protection
A10 Networks products are protected by patents in the U.S. and elsewhere. The following website is provided to satisfy the virtual pat-
ent marking provisions of various jurisdictions including the virtual patent marking provisions of the America Invents Act. A10 Net-
works' products, including all Thunder Series products, are protected by one or more of U.S. patents and patents pending listed at:

https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking.

Trademarks
The A10 logo, A10 Harmony, A10 Lightning, A10 Networks, A10 Thunder, aCloud, ACOS, Affinity, aFleX, aFlow, aGalaxy, aGAPI, aVCS, AX,
aXAPI, IDsentrie, IP-to-ID, SSL Insight, SSLi, Thunder, Thunder TPS, UASG, and vThunder are trademarks or registered trademarks of A10
Networks, Inc. in the United States and other countries. All other trademarks are property of their respective owners.

Confidentiality
This document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideas herein may
not be disclosed, copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written consent of
A10 Networks, Inc.

A10 Networks Inc. Software License and End User Agreement

Software for all A10 Networks products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Soft-
ware as confidential information.

Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA), provided later in
this document or available separately. Customer shall not:

1. reverse engineer, reverse compile, reverse de-assemble or otherwise translate the Software by any means

2. sublicense, rent or lease the Software.

Disclaimer
This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not
limited to fitness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information
contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product
specifications and features described in this publication are based on the latest information available; however, specifications are sub-
ject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current
information regarding its products or services. A10 Networks’ products and services are subject to A10 Networks’ standard terms and
conditions.

Environmental Considerations
Some electronic components may possibly contain dangerous substances. For information on specific component types, please con-
tact the manufacturer of that component. Always consult local authorities for regulations regarding proper disposal of electronic com-
ponents in your area.

Further Information
For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks loca-
tion, which can be found by visiting www.a10networks.com.
Table of Contents

Overview of Application Delivery Partitions .................................................................................................. 5

Understanding Application Delivery Partitions........................................................................................................5
Partition Benefits ....................................................................................................................................................................................... 6
Enabling SLB or CGN in a Partition ................................................................................................................................................. 7
Using the CLI to Configure the Partition Type .................................................................................................................................... 7
Using the GUI to Configure the Partition Type ................................................................................................................................... 7
New CGN Commands for CGN-Enabled Partitions .......................................................................................................................... 8
Types of Partitions ...............................................................................................................................................................9
Shared Partition ......................................................................................................................................................................................... 9
L3V Partitions ............................................................................................................................................................................................... 9
Number of Partitions Supported per ACOS Device.................................................................................................9
Working with Application Delivery Partitions........................................................................................................ 10
Administering L3V Partitions ...........................................................................................................................................................10
Configuring Admin Access to Partitions .............................................................................................................................................. 10
Additional Administrative Capabilities .................................................................................................................................................. 11
Configuring Partition Admin Accounts ................................................................................................................................................ 11
Managing Partitions ..............................................................................................................................................................................12
Switching To Another Partition ................................................................................................................................................................. 12
Deleting a Partition ........................................................................................................................................................................................... 12
Partition-Based Banners ......................................................................................................................................................................14
Managing Partition Configurations ........................................................................................................................... 14
Viewing the Partition Configuration ...........................................................................................................................................14
Saving the Partition Configuration ..............................................................................................................................................15
Synchronizing the Configuration .................................................................................................................................................16

Understanding L3V Partitions ............................................................................................................................17

Overview of L3V Partitions............................................................................................................................................ 17
L3V Partitions .............................................................................................................................................................................................17
L3V Partition Requirements ..............................................................................................................................................................19
L3V Partition Feature Support .........................................................................................................................................................19
Features That can be Configured at the Global Configuration Level Within an L3V Partition ........................... 19
Features that can be Configured at the Interface Configuration Level within an L3V Partition ....................... 20
L3V Partition Default SLB Templates ...........................................................................................................................................20
L3V Partition Limitations ....................................................................................................................................................................20
L3V Partition Configuration .......................................................................................................................................... 21
Summary of L3V Partition Configuration Steps ...................................................................................................................21
Understanding L3V Partition Profiles ..........................................................................................................................................21
Creating L3V Partitions ........................................................................................................................................................................22
Create an L3V Partition Using the GUI .................................................................................................................................................. 23

page 3 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Contents

Create an L3V Partition Using the CLI .................................................................................................................................................... 23

L3V Partition Configuration Examples ...................................................................................................................... 23
Example 1: Simple L3V Partition Configuration ...................................................................................................................24
Example 2: Configuring Partition-Specific Layer 3 Resources .....................................................................................26

Inter-Partition Routing ..........................................................................................................................................31

Inter-Partition Routing Overview ............................................................................................................................... 31
Configuring Inter-Partition Routing........................................................................................................................... 32
Configure Inter-Partition Routing in the Shared Partition ........................................................................................................ 32
Configure Inter-Partition Routing in the L3V Partitions .............................................................................................................. 33
Configure SLB within an L3V Partition .................................................................................................................................................. 35
Using port-overload with Inter-Partition Routing ................................................................................................ 36

ADP CLI Commands ...............................................................................................................................................37

ADP EXEC Commands..................................................................................................................................................... 37
active-partition .......................................................................................................................................................................................... 37
ADP Global Configuration Mode Commands ........................................................................................................ 38
application-type ....................................................................................................................................................................................... 38
partition ......................................................................................................................................................................................................... 38
partition-group .......................................................................................................................................................................................... 39
ADP Show Commands.................................................................................................................................................... 40
show active-partition ............................................................................................................................................................................ 40
show partition ............................................................................................................................................................................................ 41
show partition-config ........................................................................................................................................................................... 42
show partition-group ............................................................................................................................................................................ 42

Document No.: 410-ADP-001 - 2/16/2016 | page 4

Overview of Application Delivery Partitions

This chapter provides an overview of Application Delivery Partitions (ADPs).

The following topics are covered:

• Understanding Application Delivery Partitions

• Types of Partitions

• Number of Partitions Supported per ACOS Device

• Working with Application Delivery Partitions

• Managing Partition Configurations

Understanding Application Delivery Partitions

Every ACOS device has a shared partition; by default, your configuration is run in the shared partition. You can create addi-
tional Application Delivery Partitions (ADPs) to further segment your ACOS device to support multiple configurations
(Figure 1).

FIGURE 1 Application Delivery Partitions

Each partition may provide aggregated services that include networking, system, and application resources. Each partition
can be administered and monitored separately as independent entities (Figure 2).

page 5 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Understanding Application Delivery Partitions

FIGURE 2 Partition Resources

Partition Benefits
Partitioning allows the ACOS device to be logically segmented to support separate configurations for different customers.
This provides isolation of configuration components and also isolates administration of these components. For example,
separate companies or separate departments within an enterprise may prefer to have their content isolated from other
departments.

Figure 3 shows an example: a service provider hosts an ACOS device shared by two companies: CorpA.com and CorpB.com.
Each company has its own dedicated servers that they want to manage in entirety. The partition for CorpA.com contains
CorpA.com's SLB resources. Likewise, the partition for CorpB.com contains CorpB.com's SLB resources.

Document No.: 410-ADP-001 - 2/16/2016 | page 6

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Understanding Application Delivery Partitions

FIGURE 3 Example of Multiple Partitions

Admins assigned to the partition for CorpA.com can add, modify, delete and save only those resources contained in
CorpA.com's partition. Likewise, CorpB.com's admins can add, modify, delete and save only the resources in CorpB.com's par-
tition.

For more information about administrative roles, refer to “Configuring Admin Access to Partitions” on page 10.

Enabling SLB or CGN in a Partition

All ACOS devices, including physical devices like A10 Thunder Series and AX Series devices, and virtual devices like vThun-
ders, support both SLB and CGN running on the same device, but in separate partitions. A partition can only support either
SLB or CGN; one or the other must be explicitly enabled in that partition. Neither SLB nor CGN are enabled by default. When
one is enabled, the other one will automatically be blocked.

Using the CLI to Configure the Partition Type

To configure the partition type from the CLI, use the application-type parameter in the partition command. For exam-
ple, to create an L3V partition named “p1” and enable SLB in that partition:

ACOS(config)# partition p1 id 1 application-type adc

All CGN commands are blocked in partition p1. If you create the partition without using the application-type parameter,
then by default both SLB and CGN commands are available. Once an object for one application type is configured, the com-
mands for the other application type are disabled.

Using the GUI to Configure the Partition Type

This section describes how to use the GUI to configure the application type in a partition.

page 7 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Understanding Application Delivery Partitions

Configure the Application Type in the Shared Partition

In the shared partition, there is no mechanism in the GUI to explicitly define the application type. Once you configure an SLB
object, all CGN options will be blocked, or if you configure a CGN object then all SLB objects will be blocked.

Configure the Application Type in an L3V Partition

For L3V partitions, you can configure the application type when you create the partition.

1. From the “Partition” menu, select Create to create a new partition.

2. On the Create Partitions screen, you can specify the partition name, ID, and application type. In this example, CGN is
selected.

3. After the partition is created, use the “Partition” menu to switch to the new partition (“p1-cgn” in this example):

Note that the name of the partition in the menu bar is changed from “shared” to “p1_cgn.”

New CGN Commands for CGN-Enabled Partitions

In previous releases, some SLB commands were required in a CGN partition; this is updated in ACOS 4.x releases so that the
CGN modules have their own commands. Table 1 summarizes these commands.

TABLE 1 Commands to Enable SLB or CGN within a Partition

SLB Command CGN Command
slb server cgnv6 server
slb virtual-server cgnv6 dns64-virtualserver
slb service-group cgnv6 service-group
slb template policy cgnv6 template-policy
slb template dns cgnv6 template dns

Document No.: 410-ADP-001 - 2/16/2016 | page 8

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Types of Partitions

TABLE 1 Commands to Enable SLB or CGN within a Partition

SLB Command CGN Command
ip nat inside source static cgnv6 nat inside source static
ip nat range-list cgnv6 nat range-list

These new CGN commands make CGN self-sufficient within a partition. They parallel the SLB commands so that CGN is no
longer dependent on SLB constructs to exist before CGN can be enabled. This will help CGN and SLB to be enabled inde-
pendently of one another within a given partition.

Types of Partitions
This section contains the following:

• Shared Partition

• L3V Partitions

Shared Partition
Every ACOS device contains one shared partition; by default, this is the only partition on the device and cannot be deleted. If
you do not create any additional partitions on your device, all the configuration changes you make take place in the shared
partition. If you create additional L3V partitions, you must explicitly switch to that L3V partition for your configuration
changes to take effect in the desired partition.

L3V Partitions
Partitions that provide Layer 3-7 support are referred to as L3V partitions. Each L3V partition can contain either SLB or CGN
application resources, networking resources, and system resources. In essence, each L3V partition can operate as an inde-
pendent ACOS device. An L3V partition can be created, configured and deleted by a root admin and configured by a parti-
tion admin. The partition admin has access to configure all applications, network, and system resources within the partition.
For system and network resources, the partition admin will depend on the root admin for configuration help.

NOTE: Admin creation and partition creation can only be performed in the shared partition.

For details on L3V partitions and supported resources, refer to “Understanding L3V Partitions” on page 17.

Number of Partitions Supported per ACOS Device

See the Release Notes for a summary of the maximum number of supported L3 V partitions for each device.

page 9 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Working with Application Delivery Partitions

Working with Application Delivery Partitions

This section contains the following topics:

• Administering L3V Partitions

• Managing Partitions

• Managing Partitions

• Partition-Based Banners

Administering L3V Partitions

To administer an L3V partition, you must have the appropriate privilege level. Only a “root administrator” can assign privi-
leges to the partition admins. For details on configuring admin accounts and privileges, refer to “Configuring Partition Admin
Accounts” on page 11.

Once within an L3V partition, if you only have read access, you will not be able to enter the config mode. You can use show
commands only. For example:

ACOS[partition1]> enable
Password:
ACOS[partition1]#
ACOS[partition1]# config
Permission denied: Insufficient privilege

Other than a “root administrator” a partition admin is only able to make configuration changes inside the partition for which
they have privileges.

Configuring Admin Access to Partitions

Admins with Global Read/Write privileges (also known as “root admins”) can configure other admin accounts, including par-
tition admin accounts.

The following privilege levels are supported:

• Global privileges:

• read
• write
• Partition privileges:

• Partition-enable-disable
• Partition-read
• Partition-write

Document No.: 410-ADP-001 - 2/16/2016 | page 10

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Working with Application Delivery Partitions

Table 2 describes the privilege levels.

TABLE 2 Admin Privilege Levels and Partition Access

Privilege Level Access to Shared Partition Access to L3V Partition
Global read Read-only; unable to enter Global configura- Read-only; unable to enter Global configura-
tion mode. tion mode.
Global write Read-Write; has access to all resources. Read-Write; has access to all resources.
Partition-enable-disable No access No write privileges in the partition.
Access is restricted to the partition to which
the admin is assigned.
Partition-read No access Read-only; unable to enter Global configura-
tion mode in the partition.
All access is restricted to the partition to
which the admin is assigned.
Partition-write No access Read-write for all resources in the partition.
All access is restricted to the partition to
which the admin is assigned.

Additional Administrative Capabilities

The following information highlights what administrators can or cannot do within a private partition:

• System and networking resources can be configured only by admins with Global write privileges. An admin with such
privileges can configure all system and networking resources for all partitions.

• An L3V partition can be configured and accessed only by the admins who are assigned to it, and by admins with
Global read or Global write privileges.

• Admins assigned to an L3V partition can manage only the resources inside that partition.

Configuring Partition Admin Accounts

To configure admin accounts and assign them to partitions, use either of the following methods.

NOTE: To delete an admin account, see “Delete an Admin Account” in the Management Access
and Security Guide.

Configure a Partition Admin Account Using the GUI

To configure an admin account for an L3V partition, follow the instructions in “Use the GUI to Configure Admin Accounts” in
the Management Access and Security Guide.

Configure a Partition Admin Account Using the CLI

The following example creates a new admin named “exampleadmin” with the password of “a10”. This is the default password
if you choose not to specify a password here:

page 11 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Working with Application Delivery Partitions

ACOS(config)# admin exampleadmin password a10

ACOS(config-admin:exampleadmin)#

The following command grants Partition-write privileges to the “exampleadmin” user for partition companyA:

ACOS(config-admin:exampleadmin)# privilege partition-write companyA

Modify Admin User successful!
ACOS(config-admin:exampleadmin)#

Managing Partitions
This section contains the following:

• Switching To Another Partition

• Deleting a Partition

Switching To Another Partition

Admins with Read Write or Read Only privileges can select the partition to view. When an admin with one of these privilege
levels logs in, the view is set to the shared partition by default, which means all resources are visible.

To change the view to a private partition, use either of the following methods.

Switch Partitions Using the GUI

On the title bar, select the partition from the Partition drop-down list. You will be asked to confirm that you want to switch
partitions.

Switch Partitions Using the CLI

Use the active-partition command at the Privileged EXEC level of the CLI. For example, if you are in the shared partition
and you want to switch to companyA, use:

ACOS# active-partition companyA

Current active partition: companyA
ACOS[companyA]#

The name of the active partition is shown in the CLI prompt.

Deleting a Partition
Only an admin with Read Write privileges can delete a partition. When a partition is deleted, all resources within the partition
also are deleted.

Document No.: 410-ADP-001 - 2/16/2016 | page 12

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Working with Application Delivery Partitions

NOTE: When you delete a partition, resources associated with the partition are permanently
deleted. This includes SSL certificates and keys, and aFleX scripts. These resources are
deleted even if you reload or reboot without saving the configuration. In this case, the
partition configuration is restored but the resources are still gone.

Delete a Partition Using the GUI

1. Hover over System in the menu bar, then select Admin.

2. Select the Partitions tab.

3. For the partition you want to delete, select the Deactivate link in the Action column for that partition. When the parti-
tion is deactivated, the icon in the Status column should change to a red circle with an “X” in it.

4. After the partition is deactivated, click the checkbox next to the partition name, then click Delete.

Delete a Partition Using the CLI

To delete a partition, use the commands shown in the example below:

ACOS(config)# no partition companyA id 1

Remove this partition and keep configurations on the disk? (y/n)y
ACOS(config)# delete partition companyA id 1
The operation will delete this partition permanently from all profiles on disk.
This action is not recoverable. Continue? [yes/no]: yes

The no partition command unloads the partition but keeps the configuration on your system. To perform a hard delete
of the partition and associated configuration, you must also use the delete partition command.

Table 3 summarizes the CLI commands available to remove partitions or partition configurations.

page 13 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Managing Partition Configurations

TABLE 3 Working with L3V Partitions in the CLI

CLI Command Description
no partition Unload the specified partition from the running-configuration of the shared partition.
To also remove the configuration from the startup configuration, use the write memory
command after using the no partition command.
delete partition Remove the specified partition and its associated configuration from the disk.
The command is only valid on a partition that has already been unloaded with the no par-
tition command.
erase Erase the startup configuration file in the shared partition. Existing L3V partitions are pre-
served on the disk, and are loaded when the partition is configured again from the shared par-
tition.
See “erase” in the Command Line Interface Reference for more information.
system-reset Reset the device back to its original factory settings. All startup configurations and L3V parti-
tion configurations are removed.
See “system-reset” in the Command Line Interface Reference for more information.

Partition-Based Banners
Admins with the “write” or “write partition” access privilege level can configure the banner message displayed when the Priv-
ileged EXEC level of the CLI is accessed by a partition admin.

You may configure the default as a single or multiple lines. For details on configuring banners using the CLI or GUI, refer to
“Configuring Basic System Parameters” in the System Configuration and Administration Guide.

Managing Partition Configurations

This section contains the following:

• Viewing the Partition Configuration

• Saving the Partition Configuration

• Synchronizing the Configuration

Viewing the Partition Configuration

Admins with Partition-write or Partition-read privileges can view resources in any partition.

Admins assigned to a partition can view the resources in the shared partition and in their own private partition but not in any
other private partition.

To view the configuration for all partitions, use the show running-config partition command:

Document No.: 410-ADP-001 - 2/16/2016 | page 14

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Managing Partition Configurations

ACOS(config)# show running-config partition

!Section configuration: 96 bytes
!
partition p1-cgn id 1 application-type cgnv6
!
partition p2-slb id 2 application-type adc
!
!
end

You can specify a partition-name at the end of the command to view only the resources in the specified partition.

Saving the Partition Configuration

Admins with Global write privileges can save resources in any partition. Admins with Partition-write privileges can save only
the resources within their own partition.

To save the configuration on an ACOS device configured with private partitions, use either of the following methods:

• Save Partition Configuration Using the GUI

• Save Partition Configuration Using the CLI

Save Partition Configuration Using the GUI

To save the configuration in the GUI, click the Save icon on the title bar. The GUI automatically saves only the resources that
are in the current partition view. For example, if the partition view is set to the “companyA” private partition, only the
resources in that partition are saved.

Save Partition Configuration Using the CLI

To save the configuration for the current partition, use the write memory command:

If you have multiple partitions and want to save the configuration changes for all of them with a single command, use:

ACOS(config)# write memory all-partitions

CAUTION: Before saving all partitions or before a reload, reboot, or shutdown operation, a root
admin should notify all partition admins to save their configurations. Saving all partitions
without consent from the partition admins is not recommended.

The all-partitions and partition partition-name options are not applicable for admins with Partition-write privi-
leges. Partition admins can only save their respective partitions. For these admins, the command syntax is the same as in pre-
vious releases. The options are available only to admins with Global Write privileges.

A configuration can be saved to a different configuration profile name (rather than being written to “startup-config”), as sup-
ported in previous releases. In this case, the resources that are saved depend on the partition(s) to which the write memory
command is applied. Unless the resources in the shared partition are being saved, the configuration profile name used with

page 15 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Managing Partition Configurations

the write memory command must already exist. The command does not create new configuration profiles for L3V parti-
tions.

Synchronizing the Configuration

In VRRP-A high availability deployments, partition resources can only be synchronized using the ACOS Virtual Chassis System
(aVCS) feature.

For more information, see “Automated Configuration Synchronization” in Configuring ACOS Virtual Chassis Systems.

Document No.: 410-ADP-001 - 2/16/2016 | page 16

Understanding L3V Partitions

This chapter provides information about L3V partitions.

The following topics are covered:

• Overview of L3V Partitions

• L3V Partition Configuration

• L3V Partition Configuration Examples

Overview of L3V Partitions

This section contains the following topics:

• L3V Partitions

• L3V Partition Requirements

• L3V Partition Feature Support

• L3V Partition Default SLB Templates

• L3V Partition Limitations

L3V Partitions
L3V partitions provide a mechanism to segment a single ACOS device into multiple instances that behave independent of
each other. Layer 3 Virtualization (L3V) in each partition allows admins with the proper privileges to configure and view net-
work, SLB, and CGN resources.

Figure 4 show how an ACOS device can be carved into separate L3V partitions.

page 17 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Overview of L3V Partitions

FIGURE 4 L3V Partition Resources

L3V allows the ACOS device to split layer 2, 3, and 4-7 resources in multi-instance architecture enabling virtual segmentation
for multi-client organizations. Specifically, in a corporation or at a service provider where many clients use the same load bal-
ancer, an administrator can create multiple private partitions and then control access to each organization’s configuration or
space. Each organization then can authenticate their own partition and configure their own devices as if they were a com-
pletely, separate organization.

ACOS devices provide support for multiple L3V partitions, and the number of partitions they support are platform depen-
dent (see “Number of Partitions Supported per ACOS Device” on page 9 for more information).

Every configured device has one shared partition. By default, all partitions will have access to the shared partition unless the
administrator restricts access to the shared partition. For example, when a user logs into a device, the user will also have
access, although limited, to the shared partition. For instance, the limited access will include access to templates.

Nothing within partitions is shared, unless an administrator allows users to share interfaces. When creating partitions, an
administrator may allow users to share partitions or leave the shared partition blank. Users too can share interfaces, but are
not required to.

Each partition has its own ARP table, and its own IPv4 and IPv6 route tables. They are completely separate from the ARP and
IP route tables in other partitions.

After a network resource belongs to a partition, the resource does not appear in show command output except for the L3V
partition and the partition to which the interface belongs. Likewise, statistics for the resource are not included in the statistics
counters for other private partitions.

Untagged VLAN ports are exclusively owned by the shared or private partitions.

Tagged VLAN ports can be shared across all the partitions by tagging them explicitly with unique VLAN IDs per partition

The administrator may create partitions using CLI or GUI. For details on configuring partitions, refer to “L3V Partition Configu-
ration” on page 21.

Document No.: 410-ADP-001 - 2/16/2016 | page 18

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Overview of L3V Partitions

L3V Partition Requirements

Layer 3 resources must be unique within a given L3V partition. However, some types of Layer 3 resources can be the same in
multiple partitions, as long as they remain unique within a given partition:

• VE number

NOTE: VE numbers must be unique and must match the VLAN ID in an L3V partition. If a VLAN
ID already belongs to a shared or another L3V partition, do not re-use it.

• NAT pool

• Interface IP addresses

• IP addresses in source NAT pools

• Virtual server IP addresses (VIPs)

For example, multiple partitions can use a real server that has IP address 10.10.10.10, but a given partition can have only one
instance of the server.

Each L3V partition supports a maximum of 2 loopback interfaces, with IDs 1-2. Loopback interface IDs 0-10 are valid in the
shared partition.

L3V Partition Feature Support

This section contains the following:

• Features That can be Configured at the Global Configuration Level Within an L3V Partition

• Features that can be Configured at the Interface Configuration Level within an L3V Partition

Features That can be Configured at the Global Configuration Level Within an L3V Partition
• Hardware-based SYN cookies

• BGP instances per private partition

• Disable of Layer 3 forwarding between VLANs

• Source-IP connection-rate limiting

• DNS caching

• ICMP rate limiting

• Session filtering

• Global SLB options:

• SLB peak-connection statistics (extended-stats)

• SLB graceful shutdown

page 19 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Overview of L3V Partitions

• SSL Insight
• Default compression block size for SLB
• Transparent TCP template
• Source NAT gateway for Layer 3
• Source NAT on VIP
• Reset stale session
• Application templates:
• TCP
• Source-IP persistence
• Destination-IP persistence
(Also see “L3V Partition Default SLB Templates” on page 20.)

Features that can be Configured at the Interface Configuration Level within an L3V
Partition
• IPv6 router advertisement and discovery

• ICMP rate limiting

L3V Partition Default SLB Templates

Partition-specific default server and port templates are supported.

• Real server

• Real port

• Virtual server

• Virtual port

Changes to a default server or port template in an L3V partition do not affect the default server or port templates in the
shared partition or any other private partition. Likewise, changes to a default server or port template in the shared partition
do not affect the default server or port templates in private partitions.

NOTE: This behavior does not apply to feature templates such as HTTP, TCP, or source-IP per-
sistence templates.

L3V Partition Limitations

Firewall Load Balancing (FWLB) is not supported in L3V partitions; this feature can be configured only in the shared partition.

Document No.: 410-ADP-001 - 2/16/2016 | page 20

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
L3V Partition Configuration

Next Hop Load Distributor (NHLD) is supported in L3V partitions only if the feature is configured using a wildcard VIP.

L3V Partition Configuration

This section provides information for configuring an L3V partition:

• Summary of L3V Partition Configuration Steps

• Understanding L3V Partition Profiles

• Creating L3V Partitions

Summary of L3V Partition Configuration Steps

The basic steps are summarized below:

1. Create the partition.

Each L3V partition must be configured with a unique identifier; this unique identifier is bound to the partition for the
life of the partition. Only when the partition is deleted from the system can its partition ID can be re-used with the cre-
ation of a new partition.

2. Configure admin accounts and assign them to partition.

3. Configure any SLB or CGN shared resources that you want to make available.

Configuration of SLB or CGN resources within an L3V partition can be performed by an admin with Partition-write priv-
ileges who is assigned to the partition. For details on a privileges, refer to “Administering L3V Partitions” on page 10.

4. Configure network and system connectivity resources such as interfaces, VLANs, routing, and so on for L3V partitions.
You also will need to configure any additional admin accounts for the partition.

NOTE: This document shows how to set up partitions and assign admins to them. The partition
admins will be able to configure their own SLB or CGN, network, and system resources.

Understanding L3V Partition Profiles

Each L3V partition has its own startup-config. An L3V partition administrator can save the running-config to a profile, using
the write memory profile-name command. Multiple configurations can be saved in each partition using this method
(Figure 5); each configuration profile applies only to the L3V partition in which it was configured.

In Release 4.0, the startup-config profile in an L3V partitions is not tied to the profile used in shared partition; this means that
an L3V partition administrator can choose to use a configuration saved in a profile for that L3V partition that is independent
of the configuration in use by the shared partition.

page 21 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
L3V Partition Configuration

FIGURE 5 Partition IDs and Profiles

Profiles within an L3V partition can be dynamically loaded and unloaded. Using Figure 5 as an example, suppose the active
startup-config profile on partition p2 is “pf3,” and you want to change this so that profile “pf2” becomes the active startup-
config profile in partition p2:

1. Go to partition L3V_P2 and link the profile you want to be active (in this case, profile pf2) to the startup-config in that
partition:
ACOS(config)# active-partition L3V_P2
Current active partition: L3V_P2
ACOS[L3V_P2](config)# link startup-config pf2

2. Return to the shared partition.

ACOS[L3V_P2](config)# active-partition shared
ACOS(config)#

3. Unload the currently active profile in partition L3V_P2 (profile pf3):

ACOS(config)# no partition L3V_P2 id 2
Remove this partition and keep configurations on the disk? (y/n)y
ACOS(config)#

4. Use the partition command to load the new profile, which you linked to the startup-config in step 1.
ACOS(config)# partition L3V_P2 id 2

Creating L3V Partitions

To create an L3V partition, use either of the following methods.

• Create an L3V Partition Using the GUI

• Create an L3V Partition Using the CLI

Document No.: 410-ADP-001 - 2/16/2016 | page 22

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
L3V Partition Configuration Examples

Create an L3V Partition Using the GUI

To create an L3V partition using the GUI:

1. From the top menu bar, select Partition, then select Create.

In addition to the Create option, any existing L3V partitions are also shown.

2. On the Create Partitions screen, enter the partition name, partition ID, and application type. (For more information
about the application type, see “Enabling SLB or CGN in a Partition” on page 7.)

3. Click Create. The new partition appears in the partition list.

For more information about the fields in the GUI, refer to the GUI online help.

Create an L3V Partition Using the CLI

To create an L3V partition in the CLI, use the partition command. For example, to create a partition named “l3v-part-1” with a
partition ID of 3:

ACOS(config)# partition l3v-part-1 id 3

Each partition can be configured for either SLB or CGN applications, but not both. To specify, use the application-type
parameter:

ACOS(config)# partition l3v-part-1 id 3 application-type adc

For more information, see “Enabling SLB or CGN in a Partition” on page 7.

L3V Partition Configuration Examples

This section provides the following configuration examples:

• Example 1: Simple L3V Partition Configuration

• Example 2: Configuring Partition-Specific Layer 3 Resources

page 23 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
L3V Partition Configuration Examples

Example 1: Simple L3V Partition Configuration

The following example shows how to create an L3V partition:

1. Create an L3V partition:

ACOS(config)# partition l3v1 id 1

2. Create the admin and assign privileges:

ACOS(config)# admin admin-l3v1 password test
ACOS(config-admin:admin-l3v1)# privilege partition-write l3v1
Modify Admin User successful!
ACOS(config-admin:admin-l3v1)# access axapi web cli
ACOS(config-admin:admin-l3v1)# enable
ACOS(config-admin:admin-l3v1)# exit

3. Now that the admin has been successfully created, log in to the partition using admin account:
login as: admin-l3v1
Using keyboard-interactive authentication.
Password:
Last login: Thu Aug 30 19:47:08 2012 from 192.168.33.157

ACOS system is ready now.

[type ? for help]

ACOS-Active[l3v1]> enable
Password:
ACOS-Active[l3v1]# config
ACOS-Active[l3v1](config)#

4. Configure the desired network and system resources.

a. Configure a VLAN:
ACOS-Active[l3v1](config)# vlan 50
ACOS-Active[l3v1](config-vlan:50)# tagged ethernet 1
ACOS-Active[l3v1](config-vlan:60)# router-interface ve 50
ACOS-Active[l3v1](config-vlan:60)# exit
ACOS-Active[l3v1](config)# vlan 60
ACOS-Active[l3v1](config-vlan:60)# tagged ethernet 1
ACOS-Active[l3v1](config-vlan:60)# router-interface ve 60
ACOS-Active[l3v1](config-vlan:60)# exit

b. Configure VEs:
ACOS-Active[l3v1](config)# interface ve 50
ACOS-Active[l3v1](config-if:ve50)# ip address 50.50.50.1 /24
ACOS-Active[l3v1](config-if:ve50)# exit

Document No.: 410-ADP-001 - 2/16/2016 | page 24

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
L3V Partition Configuration Examples

ACOS-Active[l3v1](config)# interface ve 60
ACOS-Active[l3v1](config-if:ve60)# ip address 60.60.60.1 /24
ACOS-Active[l3v1](config-if:ve60)# exit

c. Configure a server:
ACOS-Active[l3v1](config)# slb server s1-l3v 60.60.60.20
ACOS-Active[l3v1](config-real server)# port 80 tcp
ACOS-Active[l3v1](config-real server-node port)# exit

d. Configure a service-group:
ACOS-Active[l3v1](config)# slb service-group s1-80 tcp
ACOS-Active[l3v1](config-slb svc group)# member s1-l3v 80

e. Configure a VIP:
ACOS-Active[l3v1](config)# slb virtual-server vip1 50.50.50.15
ACOS-Active[l3v1](config-slb vserver)# port 80 tcp
ACOS-Active[l3v1](config-slb vserver-vport)# service-group s1-80
ACOS-Active[l3v1](config-slb vserver-vport)# exit
ACOS-Active[l3v1](config-slb vserver)# exit

5. View your running configuration. Since you have created an L3V partition, you can see and configure Layer 3 network
resources, such as VLANs, VEs, and IP Addresses:
ACOS-Active[l3v1](config)# show running-config
!Current configuration: 596 bytes
!
!Configuration last updated at 20:03:00 PDT Thu Aug 30 2012
!
active-partition l3v1
vlan 50
tagged ethernet 1
router-interface ve 50
!
vlan 60
tagged ethernet 1
router-interface ve 60
!
!

interface ethernet 1
mtu 9216
!
interface ve 50
ip address 50.50.50.1 255.255.255.0
!
interface ve 60

page 25 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
L3V Partition Configuration Examples

ip address 60.60.60.1 255.255.255.0

!
slb server s1-l3v 60.60.60.20
port 80 tcp
!
slb service-group s1-80 tcp
member s1-l3v 80
!
slb virtual-server vip1 50.50.50.15
port 80 tcp
name _50.50.50.15_TCP_80
service-group s1-80

Example 2: Configuring Partition-Specific Layer 3 Resources

The following commands log onto the CLI and access partition dmz1:

login as: admin-dmz1

Welcome to ACOS
Using keyboard-interactive authentication.
Password:***
[type ? for help]
ACOS[dmz1]> enable
ACOS[dmz1]# configure
ACOS[dmz1](config)#

The following commands configure Layer 3 resources for the partition:

ACOS[dmz1](config)# vlan 100

ACOS[dmz1](config-vlan:100)# tagged ethernet 1
ACOS[dmz1](config-vlan:100)# untagged ethernet 2
ACOS[dmz1](config-vlan:100)# router-interface ve 100
ACOS[dmz1](config-vlan:100)# exit
ACOS[dmz1](config)# interface ve 100
ACOS[dmz1](config-if:ve100)# ip address 20.20.1.1 255.255.255.0
ACOS[dmz1](config-if:ve100)# exit
ACOS[dmz1](config)# ip route 0.0.0.0 /0 20.20.101.50

The following command saves the configuration.

ACOS[dmz1](config)# write memory

Building configuration...

Document No.: 410-ADP-001 - 2/16/2016 | page 26

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
L3V Partition Configuration Examples

[OK]

The following commands log onto the CLI and access partition dmz2:

login as: admin-dmz2

Welcome to ACOS
Using keyboard-interactive authentication.
Password:***
[type ? for help]
ACOS[dmz2]> enable
ACOS[dmz2]# configure
ACOS[dmz2](config)#

The following command displays the list of Ethernet interfaces. The interfaces that belong exclusively to partition dmz1 are
not included. Interface 1 is listed, since it is a tagged member of dmz1’s VLAN. However, interface 2 is not listed, since it is an
untagged member of dmz1’s VLAN. Likewise, dmz1’s VE is not listed.

ACOS[dmz2]# show interfaces brief

Port Link Dupl Speed Trunk Vlan MAC IP Address IPs Name
------------------------------------------------------------------------------------
mgmt Up Full 100 N/A N/A 001f.a001.d020 192.168.20.10/24 1
1 Up Full 1000 N/A Tag 001f.a002.0870 0.0.0.0/0 0
3 Disb None None None 1 001f.a002.0872 0.0.0.0/0 0
4 Disb None None None 1 001f.a002.0873 0.0.0.0/0 0
5 Disb None None None 1 001f.a002.0874 0.0.0.0/0 0
6 Disb None None None 1 001f.a002.0875 0.0.0.0/0 0
7 Disb None None None 1 001f.a002.0876 0.0.0.0/0 0
8 Disb None None None 1 001f.a002.0877 0.0.0.0/0 0
9 Disb None None None 1 001f.a002.78ec 0.0.0.0/0 0
10 Disb None None None 1 001f.a002.78ed 0.0.0.0/0 0
11 Disb None None None 1 001f.a002.78ee 0.0.0.0/0 0
12 Disb None None None 1 001f.a002.78ef 0.0.0.0/0 0

The following commands configure Layer 3 resources for partition dmz2, and list the interfaces:

ACOS[dmz2](config)# vlan 200

ACOS[dmz2](config-vlan:200)# tagged ethernet 1
ACOS[dmz2](config-vlan:200)# untagged ethernet 3
ACOS[dmz2](config-vlan:200)# router-interface ve 200
ACOS[dmz2](config-vlan:200)# exit
ACOS[dmz2](config)# interface ve 200
ACOS[dmz2](config-if:ve200)# ip address 20.20.2.1 255.255.255.0
ACOS[dmz2](config-if:ve200)# exit
ACOS[dmz2](config)# ip route 0.0.0.0 /0 20.20.102.50

page 27 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
L3V Partition Configuration Examples

ACOS[dmz2]# show interfaces brief

Port Link Dupl Speed Trunk Vlan MAC IP Address IPs Name
------------------------------------------------------------------------------------
mgmt Up Full 100 N/A N/A 001f.a001.d020 192.168.20.10/24 1
1 Up Full 1000 N/A Tag 001f.a002.0870 0.0.0.0/0 0
3 Up Full 1000 None 200 001f.a002.0871 0.0.0.0/0 0
4 Disb None None None 1 001f.a002.0873 0.0.0.0/0 0
5 Disb None None None 1 001f.a002.0874 0.0.0.0/0 0
6 Disb None None None 1 001f.a002.0875 0.0.0.0/0 0
7 Disb None None None 1 001f.a002.0876 0.0.0.0/0 0
8 Disb None None None 1 001f.a002.0877 0.0.0.0/0 0
9 Disb None None None 1 001f.a002.78ec 0.0.0.0/0 0
10 Disb None None None 1 001f.a002.78ed 0.0.0.0/0 0
11 Disb None None None 1 001f.a002.78ee 0.0.0.0/0 0
12 Disb None None None 1 001f.a002.78ef 0.0.0.0/0 0
ve1 Up N/A N/A N/A 200 001f.a002.0870 20.20.2.1/24 1

The following command saves the configuration.

ACOS[dmz2](config)# write memory

Building configuration...
[OK]

The following commands again log onto the CLI and access partition dmz1, and display the list of Ethernet interfaces. Ether-
net 3 is not listed since it now belongs exclusively to partition dmz2.

login as: admin-dmz1

Welcome to ACOS
Using keyboard-interactive authentication.
Password:***
[type ? for help]
ACOS[dmz1]> enable
ACOS[dmz1]# show interfaces brief
Port Link Dupl Speed Trunk Vlan MAC IP Address IPs Name
------------------------------------------------------------------------------------
mgmt Up Full 100 N/A N/A 001f.a001.d020 192.168.20.10/24 1
1 Up Full 1000 N/A Tag 001f.a002.0870 0.0.0.0/0 0
2 Up Full 1000 None 100 001f.a002.0871 0.0.0.0/0 0
4 Disb None None None 1 001f.a002.0873 0.0.0.0/0 0
5 Disb None None None 1 001f.a002.0874 0.0.0.0/0 0
6 Disb None None None 1 001f.a002.0875 0.0.0.0/0 0
7 Disb None None None 1 001f.a002.0876 0.0.0.0/0 0
8 Disb None None None 1 001f.a002.0877 0.0.0.0/0 0
9 Disb None None None 1 001f.a002.78ec 0.0.0.0/0 0

Document No.: 410-ADP-001 - 2/16/2016 | page 28

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
L3V Partition Configuration Examples

10 Disb None None None 1 001f.a002.78ed 0.0.0.0/0 0

11 Disb None None None 1 001f.a002.78ee 0.0.0.0/0 0
12 Disb None None None 1 001f.a002.78ef 0.0.0.0/0 0
ve1 Up N/A N/A N/A 100 001f.a002.0870 20.20.1.1/24 1

The following commands log onto the CLI with Read Write admin access, and display the list of Ethernet interfaces in the
shared partition. All physical Ethernet interfaces are listed, including those belonging to individual partitions. The VEs
belonging to other partitions are not listed.

login as: admin

Welcome to ACOS
Using keyboard-interactive authentication.
Password:***
[type ? for help]
ACOS> enable
ACOS# show interfaces brief
Port Link Dupl Speed Trunk Vlan MAC IP Address IPs Name
------------------------------------------------------------------------------------
mgmt Up Full 100 N/A N/A 001f.a001.d020 192.168.20.10/24 1
1 Up Full 1000 None Tag 001f.a002.0870 0.0.0.0/0 0
2 Up Full 1000 None 100 001f.a002.0871 0.0.0.0/0 0
3 Up Full 1000 None 200 001f.a002.0872 0.0.0.0/0 0
4 Disb None None None 1 001f.a002.0872 0.0.0.0/0 0
5 Disb None None None 1 001f.a002.0874 0.0.0.0/0 0
6 Disb None None None 1 001f.a002.0875 0.0.0.0/0 0
7 Disb None None None 1 001f.a002.0876 0.0.0.0/0 0
8 Disb None None None 1 001f.a002.0877 0.0.0.0/0 0
9 Disb None None None 1 001f.a002.78ec 0.0.0.0/0 0
10 Disb None None None 1 001f.a002.78ed 0.0.0.0/0 0
11 Disb None None None 1 001f.a002.78ee 0.0.0.0/0 0
12 Disb None None None 1 001f.a002.78ef 0.0.0.0/0 0

page 29 | Document No.: 410-ADP-001 - 2/16/2016

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
L3V Partition Configuration Examples

Document No.: 410-ADP-001 - 2/16/2016 | page 30

Inter-Partition Routing

This chapter describes how to configure inter-partition routing.

The following topics are covered:

• Inter-Partition Routing Overviewf

• Configuring Inter-Partition Routing

• Using port-overload with Inter-Partition Routing

Inter-Partition Routing Overview

ACOS enables you to configure static routes directly between an L3V partition and the shared partition. This capability is
meaningful in case you lease different partitions to various customers. Traffic can now be routed from the shared partition to
the VIP configured in an L3V partition and vice versa.

NOTE: Inter-partition routing is only provided for IPv4 addresses.

Below are some common reasons for enabling inter-partition routing capabilities:

• To allow traffic to be redirected upstream from an L3V partition.

• To allow the shared partition to route traffic downstream to the real servers via the L3V partitions.

• To allow incoming traffic destined for a L3V partition with SLB information to bypass the shared partition (since it
does not contain SLB configuration) and to be redirected to the L3V partition that is specified.

• To provide multiple L3V partitions, containing independent routing tables, with the ability to look up routing entries
in the shared partition’s routing table (by treating the shared partition as the next hop within the device.)

• To operate in conjunction with VRRP-A for route lookups in the Forwarding Information Base (FIB) tables.

This feature can be enabled successfully to route traffic between the shared and private partitions provided the following
requirements are met:

• Inter-partition routing is only provided for IPv4 addresses. Currently, no IPv6 address support is provided.

• L3V partitions do not have duplicate IP Addresses across all partitions. If duplicate addresses are discovered, they will
not be logged.

• If there are any overlapping real servers across partitions, NAT must be configured.

• Traffic must be received on the physical ingress port in the shared partition only.

• Static routes can forward traffic from the shared partition to VIP in an L3V partition.

page 31 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Configuring Inter-Partition Routing

Configuring Inter-Partition Routing

The current release supports use of the CLI to configure this feature.

ACOS(config)# interface ethernet 4

ACOS(config-if:ethernet:4)# ip slb-partition-redirect
ACOS(config-if:ethernet:4)# exit
ACOS(config)# ip route 10.2.4.0 /24 partition p69
ACOS(config)# active-partition p69
ACOS[p69](config)# ip route 0.0.0.0 /24 partition shared

The ip slb-partition-redirect command enables the support on the ingress Ethernet data port that will receive the
traffic addressed to the VIP in the private partition. Then, use the ip route command to add the static route whose destina-
tion is the network address configured in the private partition. Then, change the CLI session to the private partition (in this
example, p69, and configure a static default route back to the shared partition.

Configure Inter-Partition Routing in the Shared Partition

To enable inter-partition routing capabilities, there are two tasks that must be configured in the shared partition:

• Configure the specific route to the downstream real server via a private partition or to the VIPs in the private partition.

• Optionally, If you wish to enable forwarding of pass through (non-SLB) traffic, configure the ability to redirect traffic
arriving on an incoming interface to be redirected to a private partition, bypassing the shared partition.

Specific Route/VIPs—Shared Partition to L3V Partition

Configured on the shared partition at the interface configuration level, the ip route command helps configure the specific
route that will be used by the shared partition to communicate to the real server via an L3V partition or to the VIP in an L3V
partition.

Packets destined for the downstream real server will be forwarded using this route:

In the following example, the default route to reach the real server (10.15.0.0) from the shared partition will traverse via an
L3V partition (in this example, “partition a”). Packets destined for the downstream real server will be directed using this route:

ACOS(config)# ip route 10.15.0.0 /24 partition a

Verify your configuration using the show ip route command. In this output, you can see that the real server 10.15.0.0/24
is accessible “via partition a”:

ACOS(config)# show ip route

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

Document No.: 410-ADP-001 - 2/16/2016 | page 32

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Configuring Inter-Partition Routing

C 1.1.1.1/32 is directly connected, loopback 1

S 10.15.0.0/24 [1/0] via partition a
C 219.247.8.0/24 is directly connected, ethernet 8

You can also verify your configuration using the show ip fib command. In this command, you see that “partition a” is the
nexthop to the network address to which the VIP belongs, 10.15.0.0.

ACOS(config)# show ip fib

Prefix Next Hop Interface Distance
------------------------------------------------------------------------
1.1.1.1 /32 0.0.0.0 loopback1 0
10.15.0.0 /24 partition a loopback1 0
219.247.8.0 /24 0.0.0.0 ethernet8 0
Total Routes = 3

IP SLB Partition Redirect Configuration

The ip slb-partition-redirect command is issued in the shared partition at the interface configuration level for traf-
fic on the specified incoming interface. This traffic will be successfully redirected to the specified private partition that will
process the packets. This command is meaningful for downstream routing of traffic.

The configuration is applied to the specified physical interface, virtual interface, or trunk at the interface configuration level.

In the following example, the ip slb-partition-redirect command will apply to the virtual interface (ve21) in the
shared partition. The IP Address 10.11.0.1 /24 indicates the IP Address of the incoming virtual interface.

ACOS(config)# interface ve 21
ACOS(config-if:ve:21)# ip address 10.11.0.1 /24
ACOS(config-if:ve:21)# ip slb-partition-redirect

Verify your virtual interface configuration to see if you have successfully redirected traffic destined for the specified incoming
interface downstream:

ACOS# show running-config interface ve 21

interface ve 21
ip address 10.11.0.1 255.255.255.0
ip slb-partition-redirect

Configure Inter-Partition Routing in the L3V Partitions

To enable inter-partition routing capabilities, there is one mandatory task and another optional ones that must be config-
ured in the private partition:

• Configure the static default route to the shared partition.

• Optionally, configure SLB in the L3V partition, if you have not already done so.

page 33 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Configuring Inter-Partition Routing

NOTE: The current release does not provide support for outbound source NAT for pass through
traffic.

Default Route—L3V Partition to the Shared Partition

Configured on the L3V partition at the interface configuration level, the ip route command helps configure the static
route that will be used by the L3V partition to communicate with the shared partition.

Change the CLI session to the L3V partition, and configure a static default route back to the shared partition:

Packets destined upstream from the L3V partition will use the configured static route and will be sent out the specified out-
going interface:

Ensure that you have SLB running and VIPs configured in your L3V partition before you configure a static route to the VIP.
Configure the default route to the shared partition from the L3V partition:

ACOS[a](config)# ip route 0.0.0.0 /0 partition shared

Verify your configuration using the show ip route command. Look at the route that shows that 0.0.0.0/0 is accessible “via
partition shared”:

ACOS[a](config)# show ip route

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

Gateway of last resort is 127.1.0.0 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via partition shared

C 10.15.0.0/24 is directly connected, ve 22

Verify your configuration using the show ip fib command:

ACOS[a](config)# show ip fib

Prefix Next Hop Interface Distance
------------------------------------------------------------------------
0.0.0.0 /0 partition shared loopback1 0
10.15.0.0 /24 0.0.0.0 ve 22 0
Total Routes = 2

Verify your virtual interface configuration on ve22:

ACOS[a](config)# show running interface ve 22

interface ve 22

Document No.: 410-ADP-001 - 2/16/2016 | page 34

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Configuring Inter-Partition Routing

ip address 10.15.0.1 255.255.255.0

Configure SLB within an L3V Partition

To configure SLB in your L3V partition, use the following commands, configure the server, the associated port and protocol,
the SLB service group, and the members of the group, the SLB virtual server, the associated port and protocol, the IP Address
of the VIP, and service group for the virtual server.

ACOS[a](config)# slb server rs1 10.15.0.15

ACOS[a](config-real server)# port 80 tcp
ACOS[a](config-real server-node port)# exit
ACOS[a](config-real server)# exit
ACOS[a](config)# slb service-group sg1 tcp
ACOS[a](config-slb svc group)# member rs1 80
ACOS[a](config-slb svc group-member:80)# exit
ACOS[a](config-slb svc group)# exit
ACOS[a](config)# slb virtual-server vs1 10.15.0.101
ACOS[a](config-slb vserver)# port 80 http
ACOS[a](config-slb vserver-vport)# service-group sg1
ACOS[a](config-slb vserver-vport)# exit
ACOS[a](config-slb vserver)# exit
ACOS[a](config)# slb virtual-server vs2 10.15.0.102
ACOS[a](config-slb vserver)# port 80 tcp
ACOS[a](config-slb vserver-vport)# service-group sg1
ACOS[a](config-slb vserver-vport)#

Verify your partition SLB configuration using the show run | sec slb command and display the SLB configuration sec-
tion:

ACOS[a](config)# show run | sec slb

slb server rs1 10.15.0.15
port 80 tcp
slb service-group sg1 tcp
member rs1 80
slb virtual-server vs1 10.15.0.101
port 80 http
service-group sg1
slb virtual-server vs2 10.15.0.102
port 80 tcp
service-group sg1

Having configured the static route in the L3V partition and the shared partition, and having configured SLB redirect capabili-
ties on the shared partition, the inter-partition routing feature is now functional.

page 35 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
Using port-overload with Inter-Partition Routing

Using port-overload with Inter-Partition Routing

To use port-overload with inter-partition routing, you must configure port-overload in the shared partition (the same parti-
tion that contains the NAT pool). Additionally, Endpoint Independent Mapping (EIM) and Endpoint Independent Filtering
(EIF) must not be configured in the L3V partition.

• If port-ovearload is configured in the shared partition and EIM/EIF is configured in an L3V partition, EIM/EIF will take
effect for inter-partition traffic.

• If EIM/EIF is configured in the shared partition and port-overload is configured in an L3V partition, then neither EIM/
EOF nor port-overload will take effect for inter-partition traffic.

Document No.: 410-ADP-001 - 2/16/2016 | page 36

ADP CLI Commands

This chapter describes the commands used to configure Application Delivery Partitions (ADPs).

The following topics are covered:

• ADP EXEC Commands

• ADP Global Configuration Mode Commands

• ADP Show Commands

ADP EXEC Commands

This section describes the ADP commands that are available at the EXEC level of the CLI.

active-partition
Description Switch to a different Application Delivery Partition (ADP) on your ACOS device.

Syntax active-partition {partition-name | shared}

Parameter Description
partition-name Name of the RBA or L3V partition you want to switch to.
shared The shared partition.

Default See “Usage” below.

Mode Available at any CLI level

Usage Root admins or admins with Global read or Global write privileges can select the partition to
view. When an admin with one of these privilege levels logs in, the view is set to the shared
partition by default, which means all resources are visible.

Example The following command changes the view to private partition “companyA”:

ACOS# active-partition companyA

Currently active partition: companyA
ACOS[companyA]#

The name of the partition is shown in the CLI prompt.

page 37 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
ADP Global Configuration Mode Commands

ADP Global Configuration Mode Commands

This section describes the ADP commands available at the Global configuration level of the CLI:

• application-type

• partition

• partition-group

application-type
Description Configure the shared partition for either SLB or CGN applications.

Syntax [no] application-type {adc | cgnv6}

Default All CLI commands for the prompt level are accessible until either the adc or cgnv6 option is
specified. After that, commands from the other are no longer available.

Mode Global configuration mode.

partition
Description Configure an L3V private partition.

Syntax [no] partition partition-name id num

[application-type {adc | cgnv6}]

Parameter Description
partition-name Specifies the name of the private partition, 1-14 characters.
id num Assigns an ID to the partition. The partition ID ensures that a
partition’s configuration remains consistent across devices in
multi-device deployments (for example, VRRP-A or aVCS).
The partition ID can be 1-127.
application-type Specifies whether this L3V partition will be used to configure
{adc | cgnv6} SLB or CGN applications. Once one is specified, commands
and options from the other are not longer accessible in the
partition.
You can change the application type at any time as long as
you have not configured the partition specifically for SLB or
CGN. Once you do, you must remove all such configuration
before being allowed to change the application type.

Default The ACOS device has a shared partition but no L3V partitions by default.

Mode Global configuration mode

Document No.: 410-ADP-001 - 2/16/2016 | page 38

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
ADP Global Configuration Mode Commands

Usage To use this command, you must be logged in with an admin account that has Global write
privileges.

If you delete a partition, resources associated with the partition are permanently deleted.
This includes SSL certificates and keys, and aFleX scripts. These resources are deleted even if
you reload or reboot without saving the configuration. In this case, the partition
configuration is restored but the resources are still gone.

Example The following commands configure two partitions, “companyA” (used for SLB configuration)
and “companyB” (used for CGN configuration):

ACOS(config)# partition companyA id 1 application-type adc

ACOS(config)# partition companyB id 2 application-type cgnv6

To change the “companyB” partition so that it can be used for SLB configuration, issue the
same command and replace cgnv6 with adc:

ACOS(config)# partition companyB id 2 application-type adc

This is valid as long as you do not make any SLB-specific or CGN-specific configuration inside
the partition. Once you do, you must remove all such configuration before you will be
allowed to change the application type of the partition.

Example The following command removes the partition “companyA”:

ACOS(config)# no partition companyA id 1

Remove this partition and keep configurations on the disk? (y/n)y
ACOS(config)# delete partition companyA id 1

The no partition command unloads the partition but keeps the configuration on your
system. To perform a hard delete of the partition and associated configuration, you must also
use the delete partition command.

See “Deleting a Partition” on page 12 for more information.

partition-group
Description Create a named set of partitions.

Syntax [no] partition-group group-name

Replace group-name with the name of the group for the set of partitions.

page 39 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
ADP Show Commands

This command changes the CLI to the configuration level for the group, where the following
command is available.

Parameter Description
member partition-name Adds a partition to the group.
You can specify one partition name on the command
line. To add additional partitions re-enter the command
for each partition.

Default None.

Mode Global configuration mode

Example The following example creates a group called “slbgroup” and adds the L3V partition “compa-
nyA” as a member:

ACOS(config)# partition-group slbgroup

ACOS(config-config-partition-group:slbgroup)# member companyA

ADP Show Commands

This section describes the show commands related to ADP:

• show active-partition

• show partition

• show partition-config

• show partition-group

show active-partition
Description Show the active partition currently being managed by the CLI.

Syntax show active-partition

Mode All

Example The following command shows that the partition currently being managed by the CLI ses-
sion is the shared partition:

ACOS# show active-partition

Currently active partition: shared

Document No.: 410-ADP-001 - 2/16/2016 | page 40

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
ADP Show Commands

show partition
Description Show the L3V partitions configured on the ACOS device.

Syntax show partition [all | available-id | port-ownership]

Parameter Description
all View all partitions on the device, both active and inactive.
Without this option, only active partitions are displayed in the
output.
available-id View the IDs available for partition creation.
Since partition ID mapping remains with a partition for the life-
time of the partition, this option is useful to view which IDs
remain available on the system for the creation of a new partition.
port-ownership View the port ownership information for each partition on the
device. The output provides information about which ports are in
use by which partitions.

Mode All

Usage To use this command, you must be logged in with an admin account that has root, Global
read, or Global write privileges.

Example The following command all active partitions configured on an ACOS device:

ACOS(config)# show partition

Total Number of active partitions: 2
Total partitions allowed: 4
Partition Name Id App Type Admin Count
---------------------------------------------
companyA 3 ADC 0
companyB 4 CGNv6 0

The following table describes the fields in the command output.

Field Description
Total Number of active partitions Number of partitions configured and being used on the system.
Total partitions allowed Maximum number of partitions the ACOS device can have.
Partition Name Name of the L3V partition.
Id ID of the L3V partition.
App Type Application type configured for the partition.
For more information, see the application-type command.
Admin Count Number of admins configured for the partition.

page 41 | Document No.: 410-ADP-001 - 2/16/2016

 A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
ADP Show Commands

show partition-config
Description View the running-config for all partitions, or a specific L3V partition on the system.

This command replaces the show configuration command from previous releases.

Syntax show partition-config {all | shared | name}

Parameter Description
all View the running-config for all partitions on the system. This is the
default option if no specific partition is specified.
shared View the running-config for the shared partition only.
name View the running-config for the specified L3V partition only.

Mode All

Example The example below shows how to view the running-config for partition “companyB” (trun-
cated for brevity):

ACOS# show partition-config companyB

!Current configuration: 1605 bytes
!Configuration last updated at 12:16:37 IST Tue Sep 30 2014
!Configuration last saved at 11:34:33 IST Tue Sep 30 2014
!
active-partition companyB
!
ip access-list test
remark 123
!
!
ipv6 access-list test
remark 123
!
!
...

show partition-group
Description Show configured L3V partition groups.

Syntax show partition-group

Mode All

Example Below is an example output for this command:

Document No.: 410-ADP-001 - 2/16/2016 | page 42

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
ADP Show Commands

ACOS# show partition-group

partition-group slbgroup
member companyB
member companyA
!
ACOS#

page 43 | Document No.: 410-ADP-001 - 2/16/2016

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions
ADP Show Commands

Document No.: 410-ADP-001 - 2/16/2016 | page 44

A10 Thunder Series and AX Series—Configuring Application Delivery Partitions

page 45 | Document No.: 410-ADP-001 - 2/16/2016

4

Document No.: 410-ADP-001 | 2/16/2016