Policy-Based Server Load Balancing (PBSLB) is the ServerIron ADX’s ability to direct requests to a server group, based on the source IP address of the request.
When policy-based SLB is enabled for a port on a virtual server, the ServerIron ADX examines the source IP address of each new connection sent to the VIP on the port. The ServerIron ADX looks up the source IP address of the request in an internal policy list. The policy list is a table that associates IP addresses with real server groups. If an entry for the IP address is found in the policy list, then the ServerIron ADX forwards the request to the associated real server group. If no entry for the IP address is found, the ServerIron ADX directs the request to a server group specified as the "default" server group.
Figure 2.24 shows a sample policy-based SLB configuration.
The policy list contains two entries: one associating IP address 10.10.10.1 with real server group 1, and another associating network address 20.20.0.0/16 with real server group 2. In addition, real server group 3 is specified as the default server group.
A policy list can be created in two ways depending on the number of policies being defined:
Syntax: server pbslb add <ip-addr> [<network-mask>] [<server-group-id>]
The <ip-addr> can be a complete host address, or a network address followed by IP mask bits.
ServerIron(config)# server pbslb add 10.10.10.1 1
ServerIron(config)# server pbslb add 20.20.0.0/16 2
For the example shown in “Policy-based SLB configuration”, the policies would be defined as shown in the following:
ServerIron(config)# server pbslb tftp 192.168.9.210 policy-list.txt 5
The <retry-count> variable specifies the number of times that the ServerIron ADX retries the download if the first attempt is not successful.
ServerIron(config)# server pbslb /usb1/policy-list.txt 5
ServerIron# copy usb1 usb0 policy-list.txt policy-list.txt
After using the copy usb1 usb0 command to copy the file to the interal USB flash drive, you can use the following command to download the policy list from the Internal USB flash drive:
ServerIron(config)# server pbslb /usb0/policy-list.txt
ServerIron ADX supports seamless download (or no blocking of VIP traffic while a policy list is being downloaded) only when the number of PBSLB entires do not exceed 1,000,000. For up to 1,000,000 PBSLB entries, a ServerIron ADX maintains two separate tables in memory: one for the existing list, and one for the new list that is being downloaded. Once the new list is completely downloaded, it is swapped with the existing list. This allows for the new policy list to take effect immediately without affecting the VIP traffic during the download.
For policy list files that contain more than 1,000,000 entries, all VIP traffic will be blocked during the download and will resume only after the policy list file is completely downloaded. In order to be able to send VIP traffic to the default server group instead of blocking it during download, enable the server pbslb send-to-default-group-during-download feature.
ServerIron(config)# server pbslb default-group-id 4
A default group can contain one or more real servers. If there is more than one real server in a default group, requests are load balanced across all the servers in the group. To assign real servers to the default group, enter commands such as the following:
ServerIron(config)# server real-name rs1 207.95.7.14
Specifying the Maximum Number of Entries
By default, a policy-based SLB configuration can have up to 25,000 entries. You can optionally specify the maximum number of entries allowed for a policy-based SLB configuration.
ServerIron(config)# server pbslb max-entries 40000
The maximum number of PBSLB entries that ServerIron ADX supports is 10,000,000.
Deleting an Entry from the Policy List
ServerIron(config)# server pbslb delete 10.10.10.1
Syntax: server pbslb delete <ip-addr>
ServerIron(config)# server pbslb delete all
The whole IP table of PBSLB has been deleted.
Syntax: server pbslb delete all
Copying a Policy List to a File on TFTP Server
To copy the currently loaded policy list from the ServerIron ADX to a file on a TFTP server, enter a command such as the following:
ServerIron# copy pbslb-running-config tftp 192.168.9.210 policy-list.txt
Syntax: copy pbslb-running-config tftp <tftp-server-ip-addr> <filename>
By default, the policy list is not saved to flash memory when you enter write memory. To write the policy list to flash memory, enter the following command:
ServerIron(config)# server pbslb enable-config-gen
The next time the ServerIron ADX is booted, the policy list will appear in the running-config.
Syntax: server pbslb enable-config-gen
NOTE: The ServerIron ADX is unable to copy a policy list with more than 1,000 entries to Flash.
When a new connection is sent to a VIP where policy-based SLB is enabled, if no entry for the source IP address is found in the policy list, the ServerIron ADX directs the request to a server group specified as the "default" server group.
ServerIron(config)# server pbslb default-group-id 3
Syntax: server pbslb default-group-id <group-id>
A real server group can contain one or more real servers. If there is more than one real server in a server group, requests are load balanced across all the servers in the group. To assign real servers to server groups, you establish the IP address of each real server and specify the server group(s) to which it belongs.
ServerIron(config)# server real-name rs1 207.95.7.1
ServerIron(config-rs-rs1)# port http group-id 1 1
ServerIron(config-rs-rs1)# exit
Syntax: [no] server real <real-server-name> <ip-addr>
Syntax: [no] port <port> group-id <server-group-id-pairs>
In this example, the server real command defines a real server called rs1 with an IP address of 207.95.7.1.
The port http group-id command indicates the server group(s) to which the real server belongs. The server group is expressed as a pair of numbers, indicating a range of real server group IDs. The first number is the lowest-numbered server group ID, and the second is the highest-numbered server group ID. For example, if a real server belongs only to the server group with ID = 1, the last two numbers in the port http group-id command would be 1 1. (Note the space between the two numbers.) If a real server belongs to server groups 1 – 10, the last two numbers in the command would be 1 10. Valid numbers for server group IDs are 0 – 1023.
To include a real server in groups that are not consecutively numbered, you can enter up to four server group ID pairs. For example, to include a real server in groups 1 – 5 and 11 – 15, you would enter the following command:
ServerIron(config-rs-rs1)# port http group-id 1 5 11 15
ServerIron(config-rs-rs1)# port http group-id 1 5
ServerIron(config-rs-rs1)# port http group-id 11 15
The configuration for the remaining real servers in Figure 2.24 is shown below. These commands place real server rs2 in server group ID = 1 (along with real server rs1), real server rs3 in server group ID = 2, and real servers rs4 and rs5 in server group ID = 3.
ServerIron(config)# server real rs2 207.95.7.2
ServerIron(config-rs-rs2)# port http group-id 1 1
ServerIron(config-rs-rs2)# exit
ServerIron(config)# server real rs3 207.95.7.3
ServerIron(config-rs-rs3)# port http group-id 2 2
ServerIron(config-rs-rs3)# exit
ServerIron(config)# server real rs4 207.95.7.4
ServerIron(config-rs-rs4)# port http group-id 3 3
ServerIron(config-rs-rs4)# exit
ServerIron(config)# server real rs5 207.95.7.5
ServerIron(config-rs-rs5)# port http group-id 3 3
ServerIron(config-rs-rs5)# exit
ServerIron(config)# server virtual-name-or-ip mysite 209.157.22.63
ServerIron(config-vs-mysite)# port http
ServerIron(config-vs-mysite)# port http sw-l4-pbslb
ServerIron(config-vs-mysite)# bind http rs1 http rs2 http rs3 http rs4 http rs5 http
Syntax: [no] port <port> sw-l4-pbslb
By default, when a PBSLB server group configuration changes, the client sessions with that group remain open. For example, if a client has sessions associated with Group A and Group A’s configuration changes moving the clients’ to Group B, the sessions with Group A are still open. You can change this behavior by enabling the scan-session-table-after-config-change feature. With this feature enabled, old connections are deleted and a new connection is set up with a new group whenever a PBSLB server's configuration changes.
Syntax: [no] server pbslb scan-session-table-after-config-change
Use the no form of the command to disable this feature. The feature is disabled by default.
Syntax: show pbslb <ip-address>
The show pbslb command displays the entry in the policy list that corresponds to the specified IP address. If no entry is found for the specified IP address, no output is displayed.
The show pbslb all command displays 20 entries in the policy list, starting from the point specified with the <index> parameter. In the example, 20 entries in the policy list are displayed, starting from the 100th entry.
When a policy list file is downloaded to the ServerIron ADX, messages to indicate download progress are printed on the console. By default, when a policy list file is downloaded through a telnet or ssh session to the ServerIron ADX, these messages do not appear on the telnet or ssh session. In order to be able to monitor the download progress, you need to enable packet trace using the following command:
ServerIronADX# ptrace term
debug output is now sent to this terminal
ServerIron(config)# server pbslb tftp 10.1.1.1
pbslb/pbslb2M.txt 1 Download of pbslb config from TFTP server is initiated.
.SLB-telnet@ServerIron(config)#.............................................
...............................Download of pbslb config from TFTP server is done.
TFTP file size = 27718556, Entry count = 1000000, Parse error = 0, Table
full error 1000000 Resetting pbslb trie Processing PBSLB entries
.......................................PBSLB processing done
BP sync msg = 200, BP Sync fail = 0
Duplicates = 0, Alloc err = 0, Full err = 0, Unknown err = 0
Copyright © 2009 Brocade Communications Systems, Inc.
