ServerIron ADX Server Load Balancing Guide
Release 12.0.00
June 15, 2009

Table of Contents Previous Next Print


Server Load Balancing > VIP Route Health Injection

VIP Route Health Injection
VIP Route Health Injection (RHI) allows the ServerIron ADX to advertise the availability of a VIP address (instead of a real host) throughout the network. Multiple ServerIrons with identical VIP addresses and services can exist throughout the network. This feature allows the ServerIron ADX VIP to be used in lieu of the same VIP on other ServerIrons if the VIP is no longer healthy on those devices. A VIP can also provide the services because it is logically closer to the client systems than the other ServerIrons.
Specifically, you can configure an ServerIron ADX to check the health of a VIP configured on the ServerIron ADX and inject a VIP route into the network to force a preferred route to the VIP. VIP RHI checks the VIP health and reports one of the following:
VIP is healthy. If the VIP is healthy, the ServerIron ADX injects a VIP host route into its IP route table for the VIP. The ServerIron ADX then advertises the route to other routers using an IGP routing protocol, such as OSPF or RIP.
VIP is not healthy. The ServerIron ADX removes the IP host route to the VIP from its IP route table. As a result, the route ages out and is no longer used by upstream routers. The upstream routers instead use another route to the same VIP.
Routers receiving client traffic for the VIP select the best route to the VIP. As a result, clients enjoy fast response time regardless of their location because their gateway routers use the best path to the VIP. RHI also prevents client traffic from being routed to a VIP that is unavailable.
VIP Route health injection advertises the host route to the VIP instead of a network route to the VIP's subnet. This approach ensures that the clients' gateway routers receive a route to the IP address only if that VIP is available.
NOTE: Disabling the real ports of all real servers using server disable-all-real causes the respective virtual port's RHI state to become "Not Healthy", and the VIP host route will not be advertised. See show server virtual-name-or-ip. In contrast, when you disable the virtual port of virtual server, the RHI state of a virtual port will not become "Not Healthy", and the ServerIron ADX will keep advertising the VIP host route.
Injecting and Deleting VIP Route Based on VIP Health
The route for a VIP is injected when the VIP was previously unhealthy and is now deemed to be healthy. Similarly, the route for the VIP is withdrawn if it was previously healthy and is now down.
The health of a VIP is based on the health of its VIP ports. The health of a VIP port is based on the health of the real server ports bound to that VIP port.
You can configure any of the traditional health checks supported for the real servers. When a real server port fails the health check, the ServerIron ADX will check if the real server port is bound to a VIP port whose VIP has the RHI feature enabled. If this is the case, the ServerIron ADX will determine how many real server ports bound to the VIP port are healthy. If the amount is below the threshold (if percentage threshold is configured) or if none of the other real server ports are healthy (if percentage threshold is not configured), then the VIP port will be declared unhealthy. If you have configured the option where a VIP should be considered healthy if at least one VIP port is healthy, then the ServerIron ADX will check if there are any other healthy VIP ports. If there are none, it will delete the VIP route. If you have not configured this option (a VIP should be considered healthy only if all VIP ports are healthy), then the ServerIron ADX will delete the VIP route.
Similarly, when a real server port transitions from the failed to the active state, the ServerIron ADX will check if the real server port is bound to a VIP port whose VIP has the RHI feature enabled. If this is the case, ServerIron ADX will determine how many real server ports bound to the VIP port are healthy. If you have configured a percentage threshold, and if this number is above the threshold, then ServerIron ADX will declare this VIP port healthy. If you have not configured a threshold, then the ServerIron ADX will declare this VIP healthy. If you have configured the option where a VIP should be considered healthy if at least one VIP port is healthy and the VIP was previously unhealthy, then it will inject the VIP route. If you have not configured this option (a VIP should be considered healthy only if all VIP ports are healthy), then the ServerIron ADX will check if all other VIP ports are healthy. If they are, the ServerIron ADX will inject the VIP route.
Configuration Considerations
Before you enable RHI, consider the following three issues:
Static route redistribution — It is required to redistribute the host route for the VIP into OSPF. To enable redistribution of static routes, enter commands such as the following:
ServerIron(config)# router ospf
ServerIron(config-ospf-router)# area 0
ServerIron(config-ospf-router)# redistribution static
Syntax: [no] redistribution static
Virtual server constraints — Only a single virtual server with VIP RHI enabled should be associated with the subnet for an interface. For example, if you enable VIP RHI for a virtual server 1.1.1.101 and the associated interface has an IP address 1.1.1.106/24, do not enable VIP RHI on any other virtual server in the subnet prefix 1.1.1.0/24. User should not configure two VIPs in the same subnet prefix with VIP RHI enabled for these two virtual servers.
Disabling network route advertisement for an interface associated with VIP RHI — The ip dont-advertise command configures the ServerIron ADX to block advertisement of the network on the interface. If you do not block advertisement of the network, the ServerIron ADX will advertise a route to the network containing the VIP even if the VIP itself is unavailable. After you enter the ip dont-advertise command, the ServerIron ADX advertises only a host route to the VIP address. Thus, if the VIP is not healthy, the ServerIron ADX will remove the static host route for the VIP address and also not advertise a network route for the network containing the VIP address.
ServerIron(config)# interface ethernet 4/15
ServerIron(config-if-4/15)# ip address 10.1.1.99 255.255.255.0
ServerIron(config-if-4/15)# ip dont-advertise 10.1.1.99 255.255.255.0
Syntax: ip dont-advertise <ip-addr> <mask> I <ip-addr>/<mask-bits>
Enabling or Disabling VIP RHI
The ServerIron ADX can enable VIP RHI globally or at the VIP sublevel.
To enable VIP RHI feature globally for all VIPs, enter commands such as the following:
ServerIron(config)#server global-advertise-vip-route
Syntax: [no] server global-advertise-vip-route
To enable VIP RHI for an individual virtual server, enter commands such as the following:
ServerIron(config)# server virtual-name-or-ip vs1
ServerIron(config-vs-vs1# advertise-vip-route
Syntax: [no] advertise-vip-route
To disable VIP RHI for an individual virtual server, enter commands such as the following:
ServerIron(config)# server virtual-name-or-ip vs1
ServerIron(config-vs-vs1# disable-advertise-vip-route
ServerIron(config-vs-vs1)# end
Syntax: [no] disable-advertise-vip-route
This command is useful if you need to enable VIP RHI globally and disable it for a few virtual servers.
Defining the Health of a VIP Port
There are two options for defining VIP port health:
To define the percentage of bound real server ports that must be healthy to consider a VIP port healthy, enter commands such as the following:
ServerIron(config)# server rhi-active-bindings-threshold 20
Syntax: [no] server rhi-active-bindings-threshold <percent>
A valid range for <percent> is 1-100.
If the <percent> parameter is not set, the percentage is 0. In this case, the default method will be used to determine the health of the VIP port. For example, a VIP port will be considered healthy as long as there is at least one healthy real server port bound to it.
As another example, consider a virtual server 1.1.1.101 with port http configured. This port http of the virtual server is bound to port http of real server 1.1.1.15 and port http of real server 1.1.1.44. If you have not configured any active bindings threshold percentage, then port http of VIP 1.1.1.101 will be considered healthy as long as at least one of the two bound real server ports is healthy.
If you configure an active bindings threshold percentage of 100, then this setting requires all bound real server ports for the VIP port to be healthy, in order to consider the VIP port as healthy. If real server port http for real server 1.1.1.15 goes down, then VIP port http is no longer considered healthy because only 50% of the bound real server ports are healthy. The configuration in this example requires 100% of the bound real server ports to be up in order to consider the VIP port as healthy.
Defining the Health of a VIP
Multiple VIP ports may be configured for a VIP. There are two options provided for determining the health of a VIP:
To specify that a VIP should be considered healthy if at least one VIP port is healthy, enter commands such as the following:
ServerIron(config)# server rhi-one-vip-port-up
Syntax: [no] server rhi-one-vip-port-up
If this command is not configured, a VIP will be considered healthy only if all VIP ports are healthy.
NOTE: If a VIP port is not bound to any real server ports, it will not be used for deciding the health of the VIP.
If a VIP port is bound but you do not want to use it to determine the health of the VIP as described above, then configure the following for the VIP port:
ServerIronA(config)# server virtual-name-or-ip dns-p1
ServerIronA(config-vs-dns-p1)# port ftp rhi-dont-use-port
Syntax: [no] port <port> rhi-dont-use-port
As another example, assume port http and port ftp have been configured for virtual server vs1. You then bind port ftp of real server rs1 and port ftp of real server rs2 to port ftp of virtual server vs1. Similarly, you bind port http of real server rs1 and port http of real server rs2 to port http of virtual server vs1. If you need to base the health of the VIP vs1 only on the health of the VIP port http, then you can configure the following for the port ftp:
ServerIron(config)# server virtual-name-or-ip vs1
ServerIron(config-vs-dns-p1)# port ftp rhi-dont-use-port
As a result, only the health of port http of virtual server vs1 will be used to determine the health of virtual server vs1 and consequently to determine if the VIP route for vs1 should be injected or withdrawn.
Configuring the VIP RHI Route Mask Length
You can configure the subnet mask length that VIP RHI injects into the routing table.
To change the VIP RHI route mask length at a global level, enter a command such as the following:
ServerIron(config)# server global-vip-route-mask-length 28
Syntax: [no] server global-vip-route-mask-length <length>
The <length> parameter specifies the subnet mask length of VIP RHI injected route for all virtual servers
To change the VIP RHI route mask length for a specific virtual server, enter a command such as the following:
ServerIron(config)# server virt virt-2
ServerIron(config-vs-virt-2)#vip-route-subnet-mask-length 28
Syntax: [no] vip-route-subnet-mask-length <length>
The <length> parameter specifies the subnet mask length of VIP RHI injected route for this virtual server.
NOTE: The VIP-RHI mask length must be longer than the interface subnet mask length, and it must not overlap with other local hosts or servers.
VIP RHI and High Availability Topologies
Hot Standby topology - VIP RHI is only supported on the ServerIron Router (R) platform. A Hot Standby topology is not supported for the R code base. Therefore, VIP RHI is not applicable to Hot Standby topologies.
Symmetric and sym-active topologies - In both symmetric and sym-active topologies, only the owner of the VIP (the VIP in the ACTIVE state) will inject the route. In this topology, the ServerIron will withdraw the VIP route when a VIP transitions from Active to Standby state. Similarly, the ServerIron will inject the VIP route when a VIP transitions from Standby to Active, if the VIP is healthy at the time of the transition.
Optionally, one can enable ServerIron to inject VIP route inside routing process regardless of its VIP ownership status. Enter the following command if you want to enable both SrverIrons to inject VIP route regardless of its ownership.
ServerIron(config)# server rhi-inject-always
Syntax: [no] server rhi-inject-always
Displaying RHI Information
To view the RHI information for a VIP port, enter the following command:
Syntax: show server virtual-name-or-ip <name> <port>
 
To display the RHI information for a VIP, enter the following command:
ServerIron# show server virtual-name-or-ip
Virtual Servers Info
 
Name: dns-p1 State: Enabled IF UP IP:1.1.1.101: 1
Pred: least-conn ACL-Id: 0 TotalConn: 0
VIP RHI: Enabled VIP RHI state: healthy
 
Port State Sticky Concur Proxy DSR CurConn TotConn PeakConn
---- ----- ------ ------ ----- --- ------- ------- --------
 
default enabled NO NO NO NO 0 0 0
http enabled NO NO NO NO 0 0 0
Syntax: show server virtual-name-or-ip [<name>]
 
Displaying Route Type
When VIP RHI is enabled for a virtual server, the VIP host route type is shown as "S:Static". The reason for doing this is the ServerIron ADX can use redistribute static of routing protocols (OSPF and RIP) to advertise the VIP host route.
When the network route advertisement is disabled, the ServerIron ADX shows the route's type as "D(N)".
The following snap shot of show ip route was taken from a ServerIron ADX with VIP RHI enabled:
Tip: Some administrators may view this approach as a contradiction to the basic definition of a route type. The route type of a network that is owned by an ServerIron ADX (router) is usually shown as "D:connected" and a manually added static route type is to be shown as "S:Static".
Configuration Examples
Basic Configuration
Consider the example where VIP 10.1.1.10 is configured on three ServerIrons (A, B and C). The following is the step-by-step VIP RHI configuration for ServerIron ADX A.
1.
ServerIronA(config)# vlan 9
ServerIronA(config-vlan-9)# untagged ethernet 4/1 to 4/5
ServerIronA(config-vlan-9)# router-interface ve 9
ServerIronA(config-vlan-9)# exit
ServerIronA(config)# router ospf
ServerIronA(config-ospf-router)# area 0
ServerIronA(config-ospf-router)# redistribution static
ServerIronA(config-ospf-router)# exit
ServerIronA(config)# interface ve 9
ServerIronA(config-ve-9)# ip address 186.211.21.11 255.255.255.0
ServerIronA(config-ve-9)# ip ospf area 0
ServerIronA(config-ve-9)# exit
 
2.
ServerIronA(config)# interface ethernet 4/15
ServerIronA(config-if-4/15)# ip address 10.1.1.99 255.255.255.0
ServerIronA(config-if-4/15)# ip dont-advertise 10.1.1.99 255.255.255.0
ServerIronA(config-if-4/15)# exit
 
3.
ServerIronA#con t
ServerIronA(config)#server real rs1 10.1.1.20
ServerIronA(config-rs-rs1)#port http
ServerIronA(config-rs-rs1)#exit
ServerIronA(config)#server real rs2 10.1.1.30
ServerIronA(config-rs-rs2)#port http
ServerIronA(config-rs-rs2)#exit
 
4.
ServerIronA(config)#server virtual-name-or-ip vip-si-A 10.1.1.10
ServerIronA(config-vs-vip-si-A)#port http
ServerIronA(config-vs-vip-si-A)#bind http rs1 http rs2 http
ServerIronA(config-vs-vip-si-A)#advertise-vip-route
ServerIronA(config-vs-vip-si-A)#exit
 
The configuration is similar for ServerIron ADX B and C (with relevant interface IP addresses).
Both ServerIron ADX Sites Working in Primary Mode
Figure 2.22
Site 1 Configuration
ver 09.3.00b265TD4
!
module 1 bi-0-port-wsm2-management-module
module 2 bi-jc-8-port-gig-module
module 3 bi-jc-16-port-gig-copper-module
module 4 bi-jc-16-port-gig-copper-module
!
global-protocol-vlan
!
!
server predictor round-robin
server global-advertise-vip-route
server global-vip-route-mask-length 30
server rhi-active-bindings-threshold 80

server port 21
tcp
server port 80
tcp
server port 53
udp
server port 161
udp
server port 25
tcp
server port 443
tcp
server port 8601
tcp
!
!
server real rs1 20.20.1.40
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server real rs2 20.20.1.41
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server remote-name test 30.30.1.40
source-nat
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server real Web1 60.60.1.40
port 8601
!
server real Web2 60.60.1.41
port 8601
!
server real Web3 60.60.1.42
port 8601
!
server real Web4 60.60.1.43
port 8601
!
server real Web5 60.60.1.44
port 8601
!
server real Web6 60.60.1.45
port 8601
!
server real Web7 60.60.1.46
port 8601
!
server real Web8 60.60.1.47
port 8601
!
server real Web9 60.60.1.48
port 8601
!
server real Web10 60.60.1.49
port 8601
!
server real wr1 50.50.1.40
port http
port http url "HEAD /"
!
server real wr2 50.50.1.41
port http
port http url "HEAD /"
!
server real wr3 50.50.1.42
port http
port http url "HEAD /"
!
server real wr4 50.50.1.43
port http
port http url "HEAD /"
!
server real wr5 50.50.1.44
port http
port http url "HEAD /"
!
server real wr6 50.50.1.45
port http
port http url "HEAD /"
!
server real wr7 50.50.1.46
port http
port http url "HEAD /"
!
server real wr8 50.50.1.47
port http
port http url "HEAD /"
!
server real wr9 50.50.1.48
port http
port http url "HEAD /"
!
server real wr10 50.50.1.49
port http
port http url "HEAD /"
!
server remote-name rem1 80.80.1.40
port 8601
port ftp
port smtp
port ssl
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server remote-name rem2 80.80.1.41
port 8601
port ftp
port smtp
port ssl
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
!
server virtual-name-or-ip vip60 60.60.1.10
port http
bind http Web1 8601 Web2 8601 Web3 8601 Web4 8601
bind http Web5 8601 Web6 8601 Web7 8601 Web8 8601
bind http Web9 8601 Web10 8601
!
server virtual-name-or-ip vip50 50.50.1.10
port http
bind http wr1 http wr2 http wr3 http wr4 http
bind http wr5 http wr6 http wr7 http wr8 http
bind http wr9 http wr10 http
!
server virtual-name-or-ip vip70 70.70.1.10
port http
port smtp
port ftp
port dns
port snmp
port mms
port rtsp
bind http test http
bind smtp test smtp
bind ftp test ftp
bind dns test dns
bind snmp test snmp
bind mms test mms
bind rtsp test rtsp
!
server virtual-name-or-ip vip90 90.90.1.10
vip-route-subnet-mask-length 28
port dns
port snmp
port http
port ftp
bind dns rem1 dns rem2 dns
bind snmp rem1 snmp rem2 snmp
bind http rem1 8601 rem2 8601
bind ftp rem1 ftp rem2 ftp
!
server virtual-name-or-ip vip20 20.20.1.10
disable-advertise-vip-route
port http
port dns
port snmp
port ftp
bind http rs1 http rs2 http
bind dns rs1 dns rs2 dns
bind snmp rs1 snmp rs2 snmp
bind ftp rs1 ftp rs2 ftp
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 10 by port
untagged ethe 2/1 to 2/4
router-interface ve 1
!
vlan 20 by port
untagged ethe 4/1 to 4/16
router-interface ve 2
!
vlan 30 by port
tagged ethe 2/5
untagged ethe 2/8
router-interface ve 3
!
vlan 40 by port
tagged ethe 2/5
untagged ethe 2/6 to 2/7
router-interface ve 4
!
!
hostname Site1-SI
logging buffered 1000
mirror ethernet 4/12
!
server session-debug 100000
auto-cam-repaint
pram-write-retry
!
router ospf
area 0
metric-type type1
redistribution connected
redistribution static
!
interface loopback 1
ip address 100.100.100.100 255.255.255.255
ip ospf area 0
!
interface ethernet 2/1
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 2/2
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 2/5
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 3/12
ip address 70.70.1.120 255.255.255.0
ip dont-advertise 70.70.1.120 255.255.255.0
ip address 90.90.1.120 255.255.255.0
ip dont-advertise 90.90.1.120 255.255.255.0
!
interface ethernet 4/1
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 4/2
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 4/16
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ve 1
ip address 40.40.1.120 255.255.255.0
ip address 40.40.1.121 255.255.255.0 secondary
ip ospf area 0
!
interface ve 2
ip address 20.20.1.120 255.255.255.0
ip address 20.20.1.121 255.255.255.0 secondary
ip ospf area 0
!
interface ve 3
ip address 60.60.1.120 255.255.255.0
ip dont-advertise 60.60.1.120 255.255.255.0
ip address 60.60.1.121 255.255.255.0 secondary
ip dont-advertise 60.60.1.121 255.255.255.0
!
interface ve 4
ip address 50.50.1.120 255.255.255.0
ip dont-advertise 50.50.1.120 255.255.255.0
ip address 50.50.1.121 255.255.255.0 secondary
ip dont-advertise 50.50.1.121 255.255.255.0
!
!
end
Site 2 Configuration
ver 09.3.00b265TD4
 
module 1 bi-0-port-wsm2-management-module
module 2 bi-jc-8-port-gig-module
module 3 bi-jc-16-port-gig-copper-module
module 4 bi-jc-16-port-gig-copper-module
!
global-protocol-vlan
!
!
server predictor round-robin
server global-advertise-vip-route
server global-vip-route-mask-length 30
server rhi-active-bindings-threshold 80
 
server port 21
tcp
 
server port 80
tcp
 
server port 53
udp
 
server port 161
udp
 
server port 25
tcp
 
server port 443
tcp
 
server port 8601
tcp
!
!
!
server real rs1 120.120.1.40
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server real rs2 120.120.1.41
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server remote-name test 130.130.1.40
source-nat
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server real Web1 60.60.1.40
port 8601
!
server real Web2 60.60.1.41
port 8601
!
server real Web3 60.60.1.42
port 8601
!
server real Web4 60.60.1.43
port 8601
!
server real Web5 60.60.1.44
port 8601
!
server real Web6 60.60.1.45
port 8601
!
server real Web7 60.60.1.46
port 8601
!
server real Web8 60.60.1.47
port 8601
!
server real Web9 60.60.1.48
port 8601
!
server real Web10 60.60.1.49
port 8601
!
server real wr1 50.50.1.40
port http
port http url "HEAD /"
!
server real wr2 50.50.1.41
port http
port http url "HEAD /"
!
server real wr3 50.50.1.42
port http
port http url "HEAD /"
!
server real wr4 50.50.1.43
port http
port http url "HEAD /"
!
server real wr5 50.50.1.44
port http
port http url "HEAD /"
!
server real wr6 50.50.1.45
port http
port http url "HEAD /"
!
server real wr7 50.50.1.46
port http
port http url "HEAD /"
!
server real wr8 50.50.1.47
port http
port http url "HEAD /"
!
server real wr9 50.50.1.48
port http
port http url "HEAD /"
!
server real wr10 50.50.1.49
port http
port http url "HEAD /"
!
server remote-name rem1 180.180.1.40
port 8601
port ftp
port smtp
port ssl
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server remote-name rem2 180.180.1.41
port 8601
port ftp
port smtp
port ssl
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
!
server virtual-name-or-ip vip60 60.60.1.10
port http
bind http Web1 8601 Web2 8601 Web3 8601 Web4 8601
bind http Web5 8601 Web6 8601 Web7 8601 Web8 8601
bind http Web9 8601 Web10 8601
!
server virtual-name-or-ip vip50 50.50.1.10
port http
bind http wr1 http wr2 http wr3 http wr4 http
bind http wr5 http wr6 http wr7 http wr8 http
bind http wr9 http wr10 http
!
server virtual-name-or-ip vip70 70.70.1.10
port http
port smtp
port ftp
port dns
port snmp
port mms
port rtsp
bind http test http
bind smtp test smtp
bind ftp test ftp
bind dns test dns
bind snmp test snmp
bind mms test mms
bind rtsp test rtsp
!
server virtual-name-or-ip vip90 90.90.1.10
vip-route-subnet-mask-length 28
port dns
port snmp
port http
port ftp
bind dns rem1 dns rem2 dns
bind snmp rem1 snmp rem2 snmp
bind http rem1 8601 rem2 8601
bind ftp rem1 ftp rem2 ftp
!
server virtual-name-or-ip vip120 120.120.1.10
disable-advertise-vip-route
port http
port dns
port snmp
port ftp
bind http rs1 http rs2 http
bind dns rs1 dns rs2 dns
bind snmp rs1 snmp rs2 snmp
bind ftp rs1 ftp rs2 ftp
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 10 by port
untagged ethe 2/1 to 2/4
router-interface ve 1
!
vlan 20 by port
untagged ethe 4/1 to 4/16
router-interface ve 2
!
vlan 30 by port
tagged ethe 2/5
untagged ethe 2/8
router-interface ve 3
!
vlan 40 by port
tagged ethe 2/5
untagged ethe 2/6 to 2/7
router-interface ve 4
!
!
hostname Site2-SI
logging buffered 1000
mirror ethernet 4/12
!
server session-debug 100000
auto-cam-repaint
pram-write-retry
!
router ospf
area 0
metric-type type1
redistribution connected
redistribution static
!
interface loopback 1
ip address 100.100.100.101 255.255.255.255
ip ospf area 0
!
interface ethernet 2/1
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 2/2
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 2/5
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 3/12
ip address 70.70.1.120 255.255.255.0
ip dont-advertise 70.70.1.120 255.255.255.0
ip address 90.90.1.120 255.255.255.0
ip dont-advertise 90.90.1.120 255.255.255.0
!
interface ethernet 4/1
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 4/2
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 4/16
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ve 1
ip address 140.140.1.120 255.255.255.0
ip address 140.140.1.121 255.255.255.0 secondary
ip ospf area 0
!
interface ve 2
ip address 120.120.1.120 255.255.255.0
ip address 120.120.1.121 255.255.255.0 secondary
ip ospf area 0
!
interface ve 3
ip address 60.60.1.120 255.255.255.0
ip dont-advertise 60.60.1.120 255.255.255.0
ip address 60.60.1.121 255.255.255.0 secondary
ip dont-advertise 60.60.1.121 255.255.255.0
!
interface ve 4
ip address 50.50.1.120 255.255.255.0
ip dont-advertise 50.50.1.120 255.255.255.0
ip address 50.50.1.121 255.255.255.0 secondary
ip dont-advertise 50.50.1.121 255.255.255.0
!
end
Site-1 ServerIron ADX in Primary Mode and Site-2 in Backup Mode
Figure 2.23
Site 1 Configuration
The following configuration is only for virtual server vip60 (60.60.1.10).
!
ver 09.3.00b269TD4
!
module 1 bi-0-port-wsm2-management-module
module 2 bi-jc-8-port-gig-module
module 3 bi-jc-16-port-gig-copper-module
module 4 bi-jc-16-port-gig-copper-module
!
global-protocol-vlan
!
!
server predictor round-robin
server global-advertise-vip-route
server global-vip-route-mask-length 30
server rhi-active-bindings-threshold 80
 
server port 21
tcp
 
server port 80
tcp
 
server port 53
udp
 
server port 161
udp
 
server port 25
tcp
 
server port 443
tcp
 
server port 8601
tcp
!
!
server real rs1 20.20.1.40
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server real rs2 20.20.1.41
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server remote-name test 30.30.1.40
source-nat
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server real Web1 60.60.1.40
port 8601
!
server real Web2 60.60.1.41
port 8601
!
server real Web3 60.60.1.42
port 8601
!
server real Web4 60.60.1.43
port 8601
!
server real Web5 60.60.1.44
port 8601
!
server real Web6 60.60.1.45
port 8601
!
server real Web7 60.60.1.46
port 8601
!
server real Web8 60.60.1.47
port 8601
!
server real Web9 60.60.1.48
port 8601
!
server real Web10 60.60.1.49
port 8601
!
server real wr1 50.50.1.40
port http
port http url "HEAD /"
!
server real wr2 50.50.1.41
port http
port http url "HEAD /"
!
server real wr3 50.50.1.42
port http
port http url "HEAD /"
!
server real wr4 50.50.1.43
port http
port http url "HEAD /"
!
server real wr5 50.50.1.44
port http
port http url "HEAD /"
!
server real wr6 50.50.1.45
port http
port http url "HEAD /"
!
server real wr7 50.50.1.46
port http
port http url "HEAD /"
!
server real wr8 50.50.1.47
port http
port http url "HEAD /"
!
server real wr9 50.50.1.48
port http
port http url "HEAD /"
!
server real wr10 50.50.1.49
port http
port http url "HEAD /"
!
server remote-name rem1 80.80.1.40
port 8601
port ftp
port smtp
port ssl
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server remote-name rem2 80.80.1.41
port 8601
port ftp
port smtp
port ssl
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
!
server virtual-name-or-ip vip60 60.60.1.10
port http
bind http Web1 8601 Web2 8601 Web3 8601 Web4 8601
bind http Web5 8601 Web6 8601 Web7 8601 Web8 8601
bind http Web9 8601 Web10 8601
!
server virtual-name-or-ip vip50 50.50.1.10
port http
bind http wr1 http wr2 http wr3 http wr4 http
bind http wr5 http wr6 http wr7 http wr8 http
bind http wr9 http wr10 http
!
server virtual-name-or-ip vip70 70.70.1.10
port http
port smtp
port ftp
port dns
port snmp
port mms
port rtsp
bind http test http
bind smtp test smtp
bind ftp test ftp
bind dns test dns
bind snmp test snmp
bind mms test mms
bind rtsp test rtsp
!
server virtual-name-or-ip vip90 90.90.1.10
vip-route-subnet-mask-length 28
port dns
port snmp
port http
port ftp
bind dns rem1 dns rem2 dns
bind snmp rem1 snmp rem2 snmp
bind http rem1 8601 rem2 8601
bind ftp rem1 ftp rem2 ftp
!
server virtual-name-or-ip vip20 20.20.1.10
disable-advertise-vip-route
port http
port dns
port snmp
port ftp
bind http rs1 http rs2 http
bind dns rs1 dns rs2 dns
bind snmp rs1 snmp rs2 snmp
bind ftp rs1 ftp rs2 ftp
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 10 by port
untagged ethe 2/1 to 2/4
router-interface ve 1
!
vlan 20 by port
untagged ethe 4/1 to 4/16
router-interface ve 2
!
vlan 30 by port
tagged ethe 2/5
untagged ethe 2/8
router-interface ve 3
!
vlan 40 by port
tagged ethe 2/5
untagged ethe 2/6 to 2/7
router-interface ve 4
!
!
hostname Site1-SI
logging buffered 1000
mirror ethernet 4/12
!
server session-debug 100000
auto-cam-repaint
pram-write-retry
!
router ospf
area 0
metric-type type1
redistribution connected
redistribution static
!
interface loopback 1
ip address 100.100.100.100 255.255.255.255
ip ospf area 0
!
interface ethernet 2/1
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 2/2
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 2/5
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 3/12
ip address 70.70.1.120 255.255.255.0
ip dont-advertise 70.70.1.120 255.255.255.0
ip address 90.90.1.120 255.255.255.0
ip dont-advertise 90.90.1.120 255.255.255.0
!
interface ethernet 4/1
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 4/2
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 4/16
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ve 1
ip address 40.40.1.120 255.255.255.0
ip address 40.40.1.121 255.255.255.0 secondary
ip ospf area 0
!
interface ve 2
ip address 20.20.1.120 255.255.255.0
ip address 20.20.1.121 255.255.255.0 secondary
ip ospf area 0
!
interface ve 3
ip address 60.60.1.120 255.255.255.0
ip dont-advertise 60.60.1.120 255.255.255.0
ip address 60.60.1.121 255.255.255.0 secondary
ip dont-advertise 60.60.1.121 255.255.255.0
!
interface ve 4
ip address 50.50.1.120 255.255.255.0
ip dont-advertise 50.50.1.120 255.255.255.0
ip address 50.50.1.121 255.255.255.0 secondary
ip dont-advertise 50.50.1.121 255.255.255.0
!
end
Site 2 Configuration
!
ver 09.3.00b269TD4
!
module 1 bi-0-port-wsm2-management-module
module 2 bi-jc-8-port-gig-module
module 3 bi-jc-16-port-gig-copper-module
module 4 bi-jc-16-port-gig-copper-module
!
global-protocol-vlan
!
!
healthck Site1-chk icmp
dest-ip 40.40.1.120
 
healthck Site1-NOT boolean
not Site1-chk
 
healthck Web1-8601-chk tcp
dest-ip 60.60.1.40
port 8601
protocol http
protocol http url "HEAD /"
interval 20
retries 4
l7-check
 
healthck Web2-8601-chk tcp
dest-ip 60.60.1.41
port 8601
protocol http
protocol http url "HEAD /"
interval 20
retries 4
l7-check
 
healthck Web3-8601-chk tcp
dest-ip 60.60.1.42
port 8601
protocol http
protocol http url "HEAD /"
interval 20
retries 4
l7-check
 
healthck Web4-8601-chk tcp
dest-ip 60.60.1.43
port 8601
protocol http
protocol http url "HEAD /"
interval 20
retries 4
l7-check
 
healthck Web5-8601-chk tcp
dest-ip 60.60.1.44
port 8601
protocol http
protocol http url "HEAD /"
interval 20
retries 4
l7-check
 
healthck Web6-8601-chk tcp
dest-ip 60.60.1.45
port 8601
protocol http
protocol http url "HEAD /"
interval 20
retries 4
l7-check
 
healthck Web7-8601-chk tcp
dest-ip 60.60.1.46
port 8601
protocol http
protocol http url "HEAD /"
interval 20
retries 4
l7-check
 
healthck Web8-8601-chk tcp
dest-ip 60.60.1.47
port 8601
protocol http
protocol http url "HEAD /"
interval 20
retries 4
l7-check
 
healthck Web9-8601-chk tcp
dest-ip 60.60.1.48
port 8601
protocol http
protocol http url "HEAD /"
interval 20
retries 4
l7-check
 
healthck Web10-8601-chk tcp
dest-ip 60.60.1.49
port 8601
protocol http
protocol http url "HEAD /"
interval 20
retries 4
l7-check
 
healthck Web1-chk boolean
and Site1-NOT Web1-8601-chk
 
healthck Web2-chk boolean
and Site1-NOT Web2-8601-chk
 
healthck Web3-chk boolean
and Site1-NOT Web3-8601-chk
 
healthck Web4-chk boolean
and Site1-NOT Web4-8601-chk
 
healthck Web5-chk boolean
and Site1-NOT Web5-8601-chk
 
healthck Web6-chk boolean
and Site1-NOT Web6-8601-chk
 
healthck Web7-chk boolean
and Site1-NOT Web7-8601-chk
 
healthck Web8-chk boolean
and Site1-NOT Web8-8601-chk
 
healthck Web9-chk boolean
and Site1-NOT Web9-8601-chk
 
healthck Web10-chk boolean
and Site1-NOT Web10-8601-chk
!
server predictor round-robin
server global-advertise-vip-route
server global-vip-route-mask-length 30
server rhi-active-bindings-threshold 80
 
server port 21
tcp
server port 80
tcp
server port 53
udp
server port 161
udp
server port 25
tcp
server port 443
tcp
server port 8601
tcp
!
!
server real rs1 120.120.1.40
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server real rs2 120.120.1.41
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server remote-name test 130.130.1.40
source-nat
port http
port http url "HEAD /"
port ftp
port smtp
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server real Web1 60.60.1.40
port 8601
port 8601 healthck Web1-chk
!
server real Web2 60.60.1.41
port 8601
port 8601 healthck Web2-chk
!
server real Web3 60.60.1.42
port 8601
port 8601 healthck Web3-chk
!
server real Web4 60.60.1.43
port 8601
port 8601 healthck Web4-chk
!
server real Web5 60.60.1.44
port 8601
port 8601 healthck Web5-chk
!
server real Web6 60.60.1.45
port 8601
port 8601 healthck Web6-chk
!
server real Web7 60.60.1.46
port 8601
port 8601 healthck Web7-chk
!
server real Web8 60.60.1.47
port 8601
port 8601 healthck Web8-chk
!
server real Web9 60.60.1.48
port 8601
port 8601 healthck Web9-chk
!
server real Web10 60.60.1.49
port 8601
port 8601 healthck Web10-chk
!
server real wr1 50.50.1.40
port http
port http url "HEAD /"
!
server real wr2 50.50.1.41
port http
port http url "HEAD /"
!
server real wr3 50.50.1.42
port http
port http url "HEAD /"
!
server real wr4 50.50.1.43
port http
port http url "HEAD /"
!
server real wr5 50.50.1.44
port http
port http url "HEAD /"
!
server real wr6 50.50.1.45
port http
port http url "HEAD /"
!
server real wr7 50.50.1.46
port http
port http url "HEAD /"
!
server real wr8 50.50.1.47
port http
port http url "HEAD /"
!
server real wr9 50.50.1.48
port http
port http url "HEAD /"
!
server real wr10 50.50.1.49
port http
port http url "HEAD /"
!
server remote-name rem1 180.180.1.40
port 8601
port ftp
port smtp
port ssl
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
server remote-name rem2 180.180.1.41
port 8601
port ftp
port smtp
port ssl
port dns
port dns zone "satish.com"
port snmp
port mms
port rtsp
!
!
server virtual-name-or-ip vip60 60.60.1.10
port http
bind http Web1 8601 Web2 8601 Web3 8601 Web4 8601
bind http Web5 8601 Web6 8601 Web7 8601 Web8 8601
bind http Web9 8601 Web10 8601
!
server virtual-name-or-ip vip50 50.50.1.10
port http
bind http wr1 http wr2 http wr3 http wr4 http
bind http wr5 http wr6 http wr7 http wr8 http
bind http wr9 http wr10 http
!
server virtual-name-or-ip vip70 70.70.1.10
port http
port smtp
port ftp
port dns
port snmp
port mms
port rtsp
bind http test http
bind smtp test smtp
bind ftp test ftp
bind dns test dns
bind snmp test snmp
bind mms test mms
bind rtsp test rtsp
!
server virtual-name-or-ip vip90 90.90.1.10
vip-route-subnet-mask-length 28
port dns
port snmp
port http
port ftp
bind dns rem1 dns rem2 dns
bind snmp rem1 snmp rem2 snmp
bind http rem1 8601 rem2 8601
bind ftp rem1 ftp rem2 ftp
!
server virtual-name-or-ip vip120 120.120.1.10
disable-advertise-vip-route
port http
port dns
port snmp
port ftp
bind http rs1 http rs2 http
bind dns rs1 dns rs2 dns
bind snmp rs1 snmp rs2 snmp
bind ftp rs1 ftp rs2 ftp
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 10 by port
untagged ethe 2/1 to 2/4
router-interface ve 1
!
vlan 20 by port
untagged ethe 4/1 to 4/16
router-interface ve 2
!
vlan 30 by port
tagged ethe 2/5
untagged ethe 2/8
router-interface ve 3
!
vlan 40 by port
tagged ethe 2/5
untagged ethe 2/6 to 2/7
router-interface ve 4
!
!
hostname Site2-SI
logging buffered 1000
mirror ethernet 4/12
!
server session-debug 100000
auto-cam-repaint
pram-write-retry
!
router ospf
area 0
metric-type type1
redistribution connected
redistribution static
!
interface loopback 1
ip address 100.100.100.101 255.255.255.255
ip ospf area 0
!
interface ethernet 2/1
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 2/2
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 2/5
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 3/12
ip address 70.70.1.120 255.255.255.0
ip dont-advertise 70.70.1.120 255.255.255.0
ip address 90.90.1.120 255.255.255.0
ip dont-advertise 90.90.1.120 255.255.255.0
!
interface ethernet 4/1
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 4/2
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ethernet 4/16
mon ethe 4/12 input
mon ethe 4/12 output
!
interface ve 1
ip address 140.140.1.120 255.255.255.0
ip address 140.140.1.121 255.255.255.0 secondary
ip ospf area 0
!
interface ve 2
ip address 120.120.1.120 255.255.255.0
ip address 120.120.1.121 255.255.255.0 secondary
ip ospf area 0
!
interface ve 3
ip address 60.60.1.120 255.255.255.0
ip dont-advertise 60.60.1.120 255.255.255.0
ip address 60.60.1.121 255.255.255.0 secondary
ip dont-advertise 60.60.1.121 255.255.255.0
!
interface ve 4
ip address 50.50.1.120 255.255.255.0
ip dont-advertise 50.50.1.120 255.255.255.0
ip address 50.50.1.121 255.255.255.0 secondary
ip dont-advertise 50.50.1.121 255.255.255.0
!
end
Usage Guidelines
ServerIron ADX supports a maximum of 8192 ports.
NOTE: The ServerIron ADX system may not be able to perform Layer 7 or Layer 4 health checks for these many ports though. It will stop processing health checks once its exceeds its system capacity. If this occurs, you must explicitly disable health checks for several ports.
Table 2.11: The Number of Supported Real Servers, Virtual Servers and Ports on a ServerIron ADX 4000, ServerIron ADX 8000 and ServerIron ADX10000
 
Table 2.12: The Number of Supported Real Servers, Virtual Servers and Ports on a ServerIron ADX 1000
 
NOTE: The implicit default port under virtual and real servers are included in the port count.
ServerIron ADX supports a maximum of 20KB GET requests while performing Layer 7 switching.

Server Load Balancing > VIP Route Health Injection

Table of Contents Previous Next Print
Copyright © 2009 Brocade Communications Systems, Inc.