ServerIron ADX Server Load Balancing Guide
Release 12.0.00
June 15, 2009

Table of Contents Previous Next Print


Server Load Balancing > Minimizing Source-IP and Source-NAT-IP Requirements for Large Deployments

Minimizing Source-IP and Source-NAT-IP Requirements for Large Deployments
Overview
In previous implementations for earlier ServerIron ADX products, when source-ip or source-nat-ip is defined, the total number of 64K ports (of which some are reserved for internal use) per IP address are allocated and shared across all real servers. Each real server will only use portion of the entire port pool. As a net result, the number of connections that the system can handle is limited by the number of source-ip/source-nat-ip defined on the system multiply by maximum port pool per IP.
As global port pool is shared by all real servers, the supply of ports can be quickly exhausted. Defining of additional source-ip/source-nat-ip may not always be feasible. The release 10.2.01 enhances this functionality and effctively conserves IP addresses.
In this implementation, the port pool(s) are not shared globally but are allocated to each real server and each real server is able to use the entire pool by itself.
This feature is recommended for deployments with large numbers of real servers, which can lead to a shortage of ports and necessitate configuration of additional source IPs and source NAT IPs.
NOTE: This enhancement only applies to the server source-ip and server source-nat-ip. It is not applicable to source-ip and source-nat-ip addresses used for SSL.
NOTE: You need to write memory and reload after you configure this feature.
NOTE:  
If source-ip and source-nat-ip are configured for the same subnet, then the source-nat-ip is given a higher priority. In the router case, the interface IPs are programmed as source-ips on the BP. The IP that matches the default gateway is given preference in the router case. As a result, if you configure the source-nat-ip in a subnet different than the gateway remote servers that ared defined on the ServerIron ADX, then this source-nat-ip must not be used. You should take this into account during network design.
For example, if you want to keep using the same IP 4.4.4.101 as source-ip, but change old source-ip feature to new source-ip port-alloc-per-real. You need to perform the following steps in order:
1.
2.
3.
 
Configuration
To enable this feature, use the "port-alloc-per-real" keyword along with server source-ip or server source-nat-ip commands.
Enabling Port Allocation Per Real Server for Source IP
To enable port allocation per real server with server source-ip command, use the following command:
ServerIronADX(config)# server source-ip 209.157.22.28 255.255.255.0 209.157.22.1 port-alloc-per-real
Syntax: [no] server source-ip <ip-addr> <ip-mask> <default-gateway> [<for-ssl> | <port-alloc-per-real>]
Enabling Port Allocation Per Real Server for Source NAT IP
To enable port allocation per real server with server source-nat-ip command, use the following command:
ServerIronADX(config)# server source-nat-ip 10.10.10.5 255.255.255.0 0.0.0.0 port-range 2 portalloc-per-real
Syntax: [no] server source-nat-ip <ip-addr> <ip-mask> <default-gateway> port-range <1>|<2> [<for-ssl> | <port-alloc-per-real>]
NOTE: You should not enable/disable this functionality while the IP addresses are in use by the traffic flow. You must bring the traffic level to zero using this IP address or remove the command and redefine it.
You should not enable/disable this functionality while the IP addresses are in use by the traffic flow. You must bring the number of traffic flows utilizing this IP address to zero or remove the command and redefine it.
As an example, for changing from statement #1 to statement #2 below, either bring the traffic level to nil or negate the command first using "no server...." and then re-define it.
statement #1: server ... port-range 1
 
statement #2: server ... port-range 1 port-alloc-per-real
Logging Port Exhaustion Message
You can configure the Serveriron to log a message when a source IP or source NAT IP runs out of ports.
Syntax: [no] source-ip-log
Show and Debug Commands
show session all [<session index>]
show source-ip <source ip> [<real-server ip> | all]
EXAMPLE: 
NOTE: If show source-ip displays that the IP is a per-real-srcip, then you should use the show source-ip <source-ip><real-server IP> to view the port allocation and usage information since the ports allocation will be from the real server pool.
show server real <name> | <ip>
This command displays the source IPs for ports that have been allocated for this real server.
show session all
Use the show session command to determine if the sessions have been created correctly.
In the above example, 1.1.1.42 is the client and 1.1.1.99 is the VIP address. The IP 1.1.15 is the real server and 1.1.1.79 is the source-nat-ip.
NOTE: In the reverse session, the port 10242 has been allocated from the pool of real server 1.1.1.15.
You can verify this by using the show source-ip command as follows:
Output shows that of a total of 27648 ports, one port has been allocated and 27467 are still available.
source-ip-debug
NOTE: This command should only be used for debugging purposes as enabling it could impact performance.
You can configure the following command to enable debugging for source IP.
ServerIron(config)# source-ip-debug
Syntax: [no] source-ip-debug

Server Load Balancing > Minimizing Source-IP and Source-NAT-IP Requirements for Large Deployments

Table of Contents Previous Next Print
Copyright © 2009 Brocade Communications Systems, Inc.