protocol (Virtual Server View)
Function
The protocol command sets a protocol type for a virtual server.
The undo protocol command restores the protocol type of a virtual server to the default value.
Parameters
| Parameter | Description | Value |
|---|---|---|
| any | Indicates that all protocols are supported. | - |
| http | Indicates that the HTTP protocol is supported. | - |
| ssl | Indicates that the SSL protocol is supported. | - |
| tcp | Indicates that the TCP protocol is supported. | - |
| udp | Indicates that the UDP protocol is supported. | - |
| esp | Indicates that the ESP protocol is supported. | - |
| https | Indicates that the HTTPS protocol is supported. | - |
Usage Guidelines
By default, the virtual server supports all protocols (any).
To improve server security, you are advised to set the protocol type based on services.
The protocol for IPSec IKE negotiation is UDP, and that for data transmission is ESP. To establish IPSec tunnels for the same source, SLB must allocate the IKE negotiation and ESP data transmission sessions to the same node, which is ensured by the source IP address-based session persistence algorithm. When NAT traversal is enabled, the data transmission packets are encapsulated into UDP packets. Therefore, the virtual server protocol can be set to UDP. When NAT traversal is disabled, the same virtual server must support both UDP and ESP protocols. To simplify the configuration, you can directly configure protocol esp. SLB delivers two server-map entries for UDP and ESP to ensure that IPSec negotiation and data transmission follow the SLB processing flow, and a tunnel is established successfully.
