ServerIron ADX Server Load Balancing Guide
Release 12.0.00
June 15, 2009

Table of Contents Previous Next Print


Health Checks > Port Profiles and Attributes

Port Profiles and Attributes
A port profile is a set of attributes that globally define an application port. Once defined, the port has the same attributes on all the real and virtual servers that use the port. Port profiles are useful if you want to globally change the attributes of a port known to the ServerIron ADX (see the list in “Layer 7 Health Checks”) or you want to globally define a port that is not known to the ServerIron ADX. You also can specify or change port attributes locally, on the Real Server and Virtual Server configuration levels.
If you want to enable the keepalive health check for an application port, you must configure a port profile for the port.
Configuring a Port Profile
For an application port not known to the ServerIron ADX, the ServerIron ADX assumes that it is a UDP port. In addition, the ServerIron ADX does not perform keepalive health checks for it. You can configure a port profile for the port and specify whether the port is TCP or UDP and also set keepalive health check parameters for the port.
Even for ports known to the ServerIron ADX, you must configure a profile for the port to globally configure the port’s parameters and configure the keepalive health check. After you add the port by indicating whether it is a TCP or UDP port, the ServerIron ADX automatically enables the keepalive health check for the port.
NOTE: Enabling or disabling a keepalive health check does not affect the health check the ServerIron ADX sends when you bind a real server to a virtual server using the application port. The keepalive health check state also does not affect the health checks the ServerIron ADX sends if the server’s response time slows.

The keepalive interval and retry values for each type of TCP/UDP health check are global parameters. For example, if you change the number of retries for the HTTP health check (TCP port 80), the change applies to all instances of port 80 on all the real servers configured on the ServerIron ADX.
 
Global (entire ServerIron ADX)
As shown in this table, once a keepalive health check is enabled, to disable it you must do so both globally and locally. If you want to enable keepalive health checks only on specific real servers (locally), you can easily do so by making sure the health checks are disabled globally, then enabling them on individual real servers.
To enable or disable a keepalive health check globally, use one of the following methods. To enable or disable a keepalive health check locally, see “Enabling Layer 7 Health Check”.
NOTE: DNS, HTTP, and RADIUS health checks use additional parameters, which you can configure using separate commands. See “Changing HTTP Keepalive Method, Value, and Status Codes”, “Configuring DNS Health Check Method and Values”, or “Configuring RADIUS Health Check Values”.
NOTE: When health checks are enabled for the ports on the VIPs in a host range, the ServerIron ADX checks the health of the applications on the base IP address only. The ServerIron ADX assumes that the health of an application is the same for all the VIPs within the host range. For information about host ranges, see “Web Hosting with Unlimited Virtual IP Addresses”.
Adding a Port and Specifying Its Type
By adding a port, you also automatically enable periodic Layer 4 (and Layer 7, if applicable) keepalive health checks for the port. If you do not specify the port type (TCP or UDP), the ServerIron ADX assumes the port type is UDP.
To add a port and specify that it is a TCP port, enter commands such as the following:
ServerIron(config)# server port 8080
ServerIron(config-port-8080)# tcp
Syntax: server port <TCP/UDP-portnum>
Syntax: tcp | udp [keepalive [disable | enable]]
Changing a Port’s Keepalive Parameters
To change a port’s keepalive state, enter a command such as the following:
ServerIron(config-port-8080)# tcp keepalive disable
To change a port’s keepalive interval and retries, enter a command such as the following:
ServerIron(config-port-80)# tcp keepalive 15 5
Syntax: tcp | udp keepalive [<interval-in-seconds> <retries>]
You can specify from 2 – 120 seconds for the <interval-in-seconds> variable. You can specify from 1 – 5 for the <retries> variable.
Configuring Port Profile Attributes
Table 4.6 lists the port attributes you can configure at the port profile level.
This attribute applies only to ports for which the ServerIron ADX does not already know the type. For example, if a real server uses port 8080 for HTTP (a TCP port), you can globally identify 8080 as a TCP port. The ServerIron ADX assumes that ports for which it does not know the type are UDP ports.
NOTE: To display a list of the ports for the ServerIron ADX already knows the type, enter the server port ? command at the global CONFIG level.
The number of seconds between health checks and the number of times the ServerIron ADX re-attempts a health check to which the server does not respond.
Whether the ServerIron ADX’s health check for the port is enabled or disabled. Recurring Layer 4 and Layer 7 health checks are disabled by default. When you configure a port profile, the software automatically globally enables the health check for the application. You also can explicitly disable or re-enable the keepalive health check at this level.
NOTE: If you are configuring a port profile for a port that is known to the ServerIron ADX, the keepalive parameters affect Layer 7 health checks. For other ports, the keepalive parameters affect Layer 4 health checks.
By default, the ServerIron ADX bases the health of an application port on the port itself. You can specify a different application port for the health check. In this case, the ServerIron ADX bases the health of an application port on the health of the other port you specify.
NOTE: You cannot base the health of a port well-known to the ServerIron ADX on the health of another port, whether the port is well-known or not well-known.
By default, the ServerIron ADX performs independent health checks on an alias port and its master port. You can configure the ServerIron ADX to base the health of an alias port on the state of its master port.
The number of minutes a TCP or UDP session table entry can remain inactive before the ServerIron ADX times out the entry. This parameter is set globally for all TCP or UDP ports but you can override the global setting for an individual port by changing that port’s profile.
You can specify a TCP age from 2 – 60 minutes and a multiplier from 2 – 20. Thus, the maximum configurable TCP age for an individual port is 1200 minutes (20 hours).
NOTE: Since UDP is a connectionless protocol, the ServerIron ADX does not remove a UDP session from its session table until the session times out. TCP is a connection-based protocol. Thus, for TCP sessions, the ServerIron ADX removes the session as soon as the client or server closes the session.
NOTE: For DNS and RADIUS UDP load balancing, the age value does not follow the normal configuration and default value unless udp-normal-age is configured on the port. The default UDP age will always be 2 minutes unless udp-normal-age is configured.
NOTE: The ServerIron ADX immediately deletes a UDP DNS or RADIUS session table entry when the ServerIron ADX receives a reply for the application from a real server. If desired, you can configure the ServerIron ADX to age these ports like other UDP ports, using the UDP age timer. See “Enabling Normal UDP Aging for DNS and RADIUS”.
Session synchronization
In Symmetric SLB configurations, this attribute provides failover for individual sessions on the application port. Normally, existing sessions are not carried over from one ServerIron ADX to another during failover.
If you plan to use server response time as a load-balancing method, you can adjust the amount of preference the ServerIron ADX gives the most recent response time compared to the previous response time.
By default, a Layer 7 health check for a DNS port sends the query only to the real server (DNS server). If the DNS server does not reply with the IP address or zone name requested by the health check, the port fails the health check.
You can enable the real server to perform a recursive lookup for the IP address or zone requested by the health check of the well-known DNS port (53).
You also can change port attributes locally, on the Real Server and Virtual Server configuration levels. Port profiles simplify configuration by enabling you to characterize a port globally. For example, if many of your real servers use TCP port 80 (the well-known number for HTTP) and you want to change the keepalive interval for the port, you can do so globally. You do not need to change the value multiple times on each real server.
The ServerIron ADX knows the port types of a some well-known port numbers. If you are using a port number for which the ServerIron ADX does not know the port type, you can specify whether the port is TCP or UDP and configure its keepalive values globally. You do not need to define the port on every server.
NOTE: Unless a port is known to the ServerIron ADX to be a TCP port, the ServerIron ADX assumes the port is UDP. If you are using a port number that is not known to the ServerIron ADX and the port type is TCP, you must specify this either globally (using a port profile) or locally (when configuring the individual real servers and virtual servers). Otherwise, the ServerIron ADX will use a UDP health check to test the port and the port will fail the health check.
NOTE: If you bind an application port on a real server to the same port on a virtual server, the port on the real server inherits the attributes of the port on the virtual server.
Changing a Port’s Session Age
To change the age of session table entries for a port, enter a command such as the following:
ServerIron(config-port-80)# tcp 15
Syntax: server port <TCP/UDP-portnum>
Syntax: tcp | udp <session-age>
You can specify a value from 2 – 60 minutes for the <session-age> variable.
Displaying the Session Age of a TCP Port
To display the session age of a TCP port, enter a command such as the following. The TCP session ages are shown in bold type. Notice that the TCP session ages for ports 8082 and http (80) use multipliers.
Syntax: show server real <name> detail
Basing an Alias Port’s Health on the Health of its Master Port
By default, the ServerIron ADX performs health checks for alias ports independently of the master ports on which they are based. For example, if you configure alias port 8080 and base the port on port 80 (its master port), the ServerIron ADX checks the health of 80 and 8080 independently.
You can configure the ServerIron ADX to check the health of the master port only, and base the health of the alias ports on the master port.
You can base an alias port’s health on the health of one of the following TCP ports:
FTP – port 21 (ports 20 and 21 both are FTP ports but on the ServerIron ADX, the name “FTP” corresponds to port 21)
HTTP – port 80
IMAP4 – port 143
LDAP – port 389
MMS – port 1755
NNTP – port 119
PNM – port 7070
POP3 – port 110
RTSP – port 554
SMTP – port 25
SSL – port 443
TELNET – port 23
You cannot base an alias port’s health on the health of a UDP port or a port that is not well-known to the ServerIron ADX.
NOTE: The health checks for the alias ports must be enabled. Otherwise, the ServerIron ADX will not check the master port’s state, and the alias port will not go down when the master port goes down.
To configure an alias port’s health to be based on its master port’s health, edit the alias port’s profile by entering commands such as the following:
ServerIron(config)# server port 8080
ServerIron(config-port-8080)# tcp keepalive use-master-state
Syntax: [no] tcp keepalive use-master-state
The command is entered at the port profile level.
Overriding the Global TCP or UDP Age
The TCP and UDP ages specify how many minutes a TCP or UDP session can remain inactive before the ServerIron ADX closes the session and clears the session from its session table. You can set the TCP or UDP age from 2 – 60 minutes. The default TCP age is 30 minutes. The default UDP age is 5 minutes.
Since UDP is a connectionless protocol, the ServerIron ADX does not remove a UDP session from its session table until the session times out. TCP is a connection-based protocol. Thus, for TCP sessions, the ServerIron ADX removes the session as soon as the client or server closes the session.
NOTE: The ServerIron ADX immediately deletes a UDP DNS or RADIUS session table entry when the ServerIron ADX receives a reply for the application from a real server. If desired, you can configure the ServerIron ADX to age these ports like other UDP ports, using the UDP age timer. See “Enabling Normal UDP Aging for DNS and RADIUS”.

For DNS and RADIUS UDP load balancing, the age value does not follow the normal configuration and default value unless udp-normal-age is configured on the port. The default UDP age will always be 2 minutes unless udp-normal-age is configured.
To change the global default for all TCP or UDP ports, see “Configuring TCP Age” or “Configuring UDP Age”.
To override the default TCP age and set the age for TCP port 80 to 15 minutes, enter the following commands:
ServerIron(config)# server port 80
ServerIron(config-port-80)# tcp 15
Syntax: server port <TCP/UDP-portnum>
Syntax: tcp | udp <age>
The default TCP age is 30 minutes. The default UDP age is 5 minutes.
Enabling Session Synchronization
In Symmetric SLB configurations, if the active ServerIron ADX becomes unavailable, service for the VIPs that ServerIron ADX was load balancing is assumed by the backup ServerIron ADX. By default, open sessions on the ServerIron ADX that becomes unavailable are not carried over to the standby ServerIron ADX. Instead, the sessions end and must be re-established by the clients or servers.
You can configure session failover on an individual TCP or UDP port basis by enabling session synchronization \in the port’s profile.
To enable session synchronization for port 80, enter the following commands:
ServerIron(config)# server port 80
ServerIron(config-port-80)# session-sync
Syntax: [no] server port <tcp/udp-portnum>
Syntax: [no] session-sync
Changing the Smooth Factor on an Application Port
This smooth factor applies to ports that you plan to use with the server response time load-balancing metric. See “Changing the Load-Balancing Predictor Method” and “Configuring the Smooth Factor” for information about the server response time metric and how the smooth time works.
The ServerIron ADX calculates the server response time value for a real server by regularly collecting response time samples, then using a calculation to smooth the values of the samples and derive a single response time value for the real server. The ServerIron ADX collects the samples around once every 100 milliseconds (about 10 times a second). The sampling rate can vary slightly depending on the processing the ServerIron ADX is performing.
To change the smooth factor for an application port, enter a command such as the following:
ServerIron(config-port-80)# smooth-factor 50
Syntax: smooth-factor <num>
Enabling Recursive DNS Health Checks
By default, a Layer 7 health check for a DNS port sends the query only to the real server (DNS server). If the DNS server does not reply with the IP address or zone name requested by the health check, the port fails the health check.
You can enable the real server to perform a recursive lookup for the IP address or zone requested by the health check. In this case, if the real server does not have the requested address or zone, the server can pass the request on to a DNS server with higher authority. The real server can repeat this process until either a DNS server with higher authority successfully replies to the health check or the server with the highest authority is unable to successfully reply to the request.
To enable recursive DNS health checks globally at the port profile level for the DNS port, enter commands such as the following:
ServerIron(config)# server port dns
ServerIron(config-port-dns)# allow-recursive-search
Syntax: [no] allow-recursive-search
NOTE: This feature applies to Boolean health checks as well as standard (non-Boolean) health checks.
NOTE: You can enable this feature only on the well-known DNS port (53).
Basing a Port’s Health on the Health of Another Port
You can configure the ServerIron ADX to base the health of a port that is not well-known to the ServerIron ADX on the health of one of the following ports that are well-known to the ServerIron ADX:
To base a port’s health on the health of another port, enter a command such as the following:
ServerIron(config-port-1234)# tcp keepalive port 80
Syntax: tcp | udp keepalive port <TCP/UDP-portnum>
The command in this example configures the ServerIron ADX to base the health of port 1234 on the health of port 80 (HTTP). If the health of port 80 changes, the ServerIron ADX applies the change to port 1234.
NOTE: You cannot base the health of a port well-known to the ServerIron ADX on the health of another port, whether the port is well-known or not well-known.
Global Tracking of Alias Port Health
An alias port is required in a configuration where multiple VIPs are bound to the same real server port. When alias ports are used, ServerIron ADX by default does health check for both real server port and alias port. Use of alias ports also causes the ServerIron ADX to send health checks to the real server port and the alias port by default.
You can track alias port health globally through a single line command. The system will direct health checks only for the real ports.
ServerIron(config)# server use-master-port
Syntax: [no] server use-master-port
The command is entered at the Global configuration level.

Health Checks > Port Profiles and Attributes

Table of Contents Previous Next Print
Copyright © 2009 Brocade Communications Systems, Inc.