|
|
| ServerIron ADX Server Load Balancing Guide |
| Release 12.0.00 |
| June 15, 2009 |
|
|
|
Table of Contents
- About this Guide
- Server Load Balancing
- Value of SLB
- How SLB Works
- Configurable Application Grouping
- Geographically-Distributed Servers
- Symmetric SLB
- SwitchBack
- Many-To-One TCP/UDP Port Binding
- Binding Same Real Ports to Multiple VIP Ports
- Source NAT
- Port Ranges
- HTTP Redirect
- Transparent VIP and Stateless Application Ports
- Windows Terminal Server with L7 Persistence
- TFTP Load Balancing
- RTSP Server Load Balancing
- Multinetting Using NAT
- Configuring SLB
- Traffic Distribution Among BPs
- Including the Server Client Port In Hash Calculations
- Defining a Virtual Server (VIP)
- Binding Virtual and Real Servers
- Deleting a VIP
- Global Settings for SLB
- Configuration Considerations
- Enabling Fast-Path Processing for Stateless SLB
- Changing the Load-Balancing Predictor Method
- Configuring Dynamic Weighted Predictor
- Configure Real Server with SNMP Query Requirements
- Configuration Example
- Dynamic-Weighted Direct
- Dynamic-Weighted Reverse
- RTSP Server Load Balancing
- Deletion of UDP Data Session along with TCP Control Session for RTSP
- Identifying the Ports Attached to a Router
- Limiting the Maximum Number of TCP SYN Requests
- Configuring the Warning and Shutdown Thresholds
- Configuring Warning and Shutdown Thresholds for All Real Servers
- Configuring Warning and Shutdown Thresholds for an Individual Real Server
- Viewing Threshold Messages in the Syslog
- Sending ICMP Port Unreachable or Destination Unreachable Messages
- Sending a TCP RST to a Client That Requests Unavailable Applications
- Sending a TCP RST When TCP Session Entry Ages Out
- Disabling TCP RST Message When a Real Server Goes Down During an Open Session
- Disabling TCP RST Message on Maximum Connections
- Adding a Source IP Address
- Enabling Source NAT Globally
- Configuring Shared Source NAT IP Addresses within a VIP Group
- Source NAT to Packets from Specified Source IP Addresses
- Client Subnet Based Source NAT
- Configuring a Shared Source IP Address for NAT
- Minimizing Source-IP and Source-NAT-IP Requirements for Large Deployments
- Enabling Use of the Client MAC Address
- Decrement Counters in Deletion Queue
- Overview of Decrement Counters in Deletion Queue
- Enabling Decrement Session Counters in Deletion Queue
- Enabling Force-Delete
- Setting the Sticky Age
- Enabling Transparent VIP
- Configuring TCP Fast Aging
- Decrementing the Current Connection Counter Following a Server RST
- Disabling VIPs
- Enabling SYN ACK Threshold
- Enabling Synchronization Link for Symmetric SLB
- Enabling Backup Trunk Port
- Replacing the Source MAC Address of the Packet
- Real Server Settings
- Changing a Real Server’s IP Address
- Adding a Description
- Configuring a Local or Remote Real Server
- Configuring Primary and Backup Servers
- Disabling a Real Server
- Adding Application Ports to a Real Server
- Configuring a Host Range
- Defining the Maximum Number of Sessions
- Configuring Local Max-Conn
- Setting the Traffic Rate Threshold
- Setting Warning and Shutdown Thresholds for a Server
- Disabling Layer 3 Health Check on a Real Server
- Enabling Source NAT on a Real Server
- Configuring the Weight for Real Server
- Real Server Ports
- VIP Settings
- Adding Application Ports and Bindings
- Configuring Primary and Backup Servers
- Configuring a Host Range
- Enabling HTTP Redirect on a Virtual Server
- Setting Symmetric SLB Priority
- Tracking the Primary Port
- Configuring a Track Port Group
- Track Group Health Check for Real Servers
- Enabling Track Ports in a Track Group to Unbind
- Identifying VIP Port as TCP Only or UDP Only
- Enabling Server Cluster Support
- Enabling Fast Aging for UDP Sessions
- Enabling Normal UDP Aging for DNS and RADIUS
- Enabling Transparent VIP
- Setting TCP and UDP Ages for VIPs
- Per Server Based Real Server Backup
- Virtual Server Ports
- Disabling or Re-enabling an Application Port
- Globally Disabling Real and Virtual Ports
- Configuring Sticky Ports
- Configuring Stickiness Based on Client’s Subet
- Increase Sticky-age per VIP longer than 60 minutes
- Enabling a Concurrent Port
- Configuring the Smooth Factor
- Configuring a Stateless Port
- Configuring Virtual Source
- Disabling Port Translation
- Enabling the ServerIron ADX to Use the Alias Port’s State
- Sticky Connection Return from Backup Server to Primary
- Performing SLB Based on Alias Port State
- IP Load Balancing
- Binding a Real Server Port to Multiple VIPs
- Configuring Hardware Forwarding of Pass-Through Traffic
- SSL Accelerators
- Group Sticky: L4 SLB to Server Group
- Hash-Based SLB with Server Persistence
- Persistent Hash Table
- Clear vs Reassign Mechanisms
- Enabling Persistent Hashing
- Enabling the Clear-On-Change Mechanism
- Enabling the Reassign-On-Change Mechanism
- Keeping the Persistent Hash Table Unchanged
- Real Server Failure
- Displaying Persistent Hash Table Entry and Statistics
- Clearing the Hit Count for the Persistent Hash Table
- Clearing the Persistent Hash Table
- Enabling Debugging for Persistent Hash
- Reassigning a Persistent Hash Table Entry
- VIP Route Health Injection
- Injecting and Deleting VIP Route Based on VIP Health
- Enabling or Disabling VIP RHI
- Defining the Health of a VIP Port
- Defining the Health of a VIP
- Configuring the VIP RHI Route Mask Length
- VIP RHI and High Availability Topologies
- Displaying RHI Information
- Displaying Route Type
- Configuration Examples
- Usage Guidelines
- Real Server Shutdown
- Policy-Based SLB
- Configuring a Policy List
- Specifying the Maximum Number of Entries
- Deleting an Entry from the Policy List
- Deleting an Entire PBSLB List
- Copying a Policy List to a File on TFTP Server
- Writing the Policy List to Flash Memory
- Specifying a Default Server Group
- Assigning Real Servers to Server Groups
- Enabling PBSLB for a Port on a Virtual Server
- Deleting Existing PBSLB Sessions
- Displaying PBSLB Entries
- Packet Trace
- PBSLB Pool Failsafe Group
- Auto Download of PBSLB List
- Policy-Based Routing for Reverse SLB Traffic
- DSR
- Setting DSR Normal Age Reverse Session
- Remote Failover Servers for SwitchBack
- Health Checks with SwitchBack
- SYN-Defense with SwitchBack
- Placing a Session in Timeout Queue
- SwitchBack Configuration Example
- Displaying Server Information
- Displaying Global Layer 4 ServerIron ADX Configuration
- Displaying Real Server Configuration Statistics
- Displaying Virtual Servers Configuration Statistics
- Displaying a List of Failed Servers
- Displaying a List of Failed Ports
- Displaying Port-Binding Information
- Displaying Packet Traffic Statistics
- Displaying Configuration Information
- SLB Configuration Examples
- Web Hosting with One Virtual Server Mapped to Multiple Real Servers
- Web Hosting with Multiple Virtual Servers Mapped to One Real Server
- Many-To-One TCP/UDP Port Binding
- Web Hosting with Unlimited Virtual IP Addresses
- SLB Intranet Configuration with HTTP, TELNET Hosting across Multiple Virtual Servers and Multiple Real Servers
- TCP/UDP Application Groups
- Web Hosting with ServerIron ADX and Real Servers in Different Subnets
- Web Hosting with Geographically-Distributed Servers
- Using HTTP Redirect with Geographically-Distributed Servers
- Load Balancing Streaming Media Files
- Layer 3 SLB
- IPsec and VPN Load Balancing
- Active-Active Inside Source NAT with SLB and VRRP-E
- server opt-enable-route-recalculation
- Source-Port Based BP Distribution
- IPv6 Support for SLB
- Stateless Server Load Balancing
- Health Checks
- Health Checks Overview
- Server and Application Port States
- Best Path to a Remote Server
- Layer 3 Health Check
- Layer 4 Health Check
- Health Checks for Firewall Paths
- Port Profiles and Attributes
- Reassign Threshold
- SSL Health Checks
- Layer 7 Health Checks
- Enabling Layer 7 Health Check
- Changing HTTP Keepalive Method, Value, and Status Codes
- Configuring HTTP Content Matching Lists
- Displaying HTTP Match Lists
- Binding the Matching List to the Real Servers
- Configuring Scripted Health Checks
- Using a Scripted Health Check in a Health-Check Policy
- Scripted Healthcheck Enhancement on Real Servers
- Binary Scripted Health Check
- Scripted Health Check for UDP Ports
- Command Line Interface
- Configuring Server Port Health Check Policy
- Configuring DNS Health Check Method and Values
- Configuring RADIUS Health Check Values
- Dropping Failed RADIUS Health Checks
- Changing the LDAP Version
- Layer 7 Health Check for an Unknown Port
- Health Check of Multiple Web Sites on the Same Real Server
- Boolean Health-Check Policies
- Health Check Policy for VIP Port
- Minimum Healthy Real Servers under VIP Port
- Server Port Bring Up Enhancement
- Displaying Syslog Entries
- Session Table Parameters
- Slow-Start Mechanism
- LDAP Over SSL
- Scripted Health Check Enhancement for Boolean
- FIN Close for Server Health Check
- Layer 7 Content Switching
- SECTION 1: Advanced Layer 7 Switching Features
- 1.1.1 Enabling CSW
- 1.2 Defining CSW Rules
- 1.3 Defining CSW Policies
- A Understanding HTTP URL Rewrite
- B HTTP URL Rewrite Features
- C. CSW Topology
- D. Configuring HTTP URL Rewrite
- Da Configuring HTTP URL Rewrite Example
- D.b Configuring HTTP URL Rewrite Actions
- E HTTP URL Rewrite Command Reference
- rewrite request-delete
- rewrite request-insert
- rewrite request-replace
- F. Explanation of Offsets
- G. Displaying the Statistics for All HTTP Content Rewrites
- Usage Guidelines
- 1.3.2 Case-Insensitive Match for Content Switching
- 1.3.3 Wildcards in CSW Rules for URL Prefixes
- 1.3.1.4 Configuring the Redirect Action
- 1.3.1.5 Support for Large Get Requests
- 1.4 Displaying CSW Information
- 2.2 Enabling HTTP Redirect
- 3.8 HTTP Status Codes
- HTTP Rewrite on Server Response
- HTTP Response-Header Rewrite
- Configuring HTTP Header response rewrite
- HTTP Response-Body rewrite:
- Configuring HTTP body response rewrite
- Step 1: Create a CSW Rule identifying requests whose responses have to be modified
- Step 2: Create a CSW Rule specifying the string to be modified
- Step 3: Create a CSW Policy
- Step 4: Bind CSW-Policy to the virtual-server port
- Specify content-type to enable this feature (optional)
- Show Commands
- Debug Commands
- Configuration Example
- Using Multiple Cookies Under Virtual Server Port
- Server and Server Port Persistence with CSW Nested Rules
- SECTION 2: Other L7 Configurations
- 2.1 Changing the Maximum Number of Concurrent L7 Switching Connections
- 2.2 Dropping HTTP Requests
- 2.3 Cleaning up All Hashing Buckets
- 2.4 L7 Content Buffering Options
- 2.5 Changing the TCP Window Size
- 2.6 Preventing the ServerIron ADX From Sending an ACK to the Client
- 2.7 Displaying L7 Switching Statistics
- 2.8 HTTP Status Codes
- SECTION 3: HTTP 1.1 Support
- Displaying Session Information for All Sessions
- Setting up SSL Session ID Switching
- High Availability
- Hot Standby SLB
- Hot Standby Protocol Operations
- Configuring a Backup Group ID
- Setting the Backup Timer
- Enabling Backup Preference
- Configuring Failover Based on Active VIP Count
- Configuring a ServerIron to Remain in Standby State
- Configuring the Forwarding of Synching Messages
- Real/Virtual Server Configuration Example
- Symmetric SLB
- Minimum Required Configuration
- Failover Conditions
- Enabling Session Synchronization on a Port
- Symmetric SLB in a IPsec/IKE Configuration
- Configuring the Interval and Wait Time for SSLB Discovery Packets
- Configuring Dynamic Priority
- Configuring Delay Reactivation
- Displaying SSLB Information
- VIP Failover Following a Link Failure
- Configuring VIP Failover in VRRP Extended with Symmetric SLB
- Configuring VLAN Option for Active-Active Links
- Allowing Pass-Through Traffic to a VIP
- Fast Session Synchronization with VRRP
- VRRP-E Track Port Increase
- Tracking Trunk Ports with VRRP-E
- Sym-Active SLB
- Multiple High Availability SLB Pairs in the Same VLAN
- NAT in HA Environments
- IP NAT Session Synchronization in High-Availability Configurations
- Shareable Source NAT for High Availability
- IP NAT Session Synchronization in High-Availability Configurations
- Shareable Source NAT for High Availability
- Configuring Synchronization with HA
|
|
|
|