ServerIron ADX Server Load Balancing Guide
Release 12.0.00
June 15, 2009

Table of Contents Previous Next Print


Server Load Balancing > Policy-Based SLB

Policy-Based SLB
Policy-Based Server Load Balancing (PBSLB) is the ServerIron ADX’s ability to direct requests to a server group, based on the source IP address of the request.
When policy-based SLB is enabled for a port on a virtual server, the ServerIron ADX examines the source IP address of each new connection sent to the VIP on the port. The ServerIron ADX looks up the source IP address of the request in an internal policy list. The policy list is a table that associates IP addresses with real server groups. If an entry for the IP address is found in the policy list, then the ServerIron ADX forwards the request to the associated real server group. If no entry for the IP address is found, the ServerIron ADX directs the request to a server group specified as the "default" server group.
Figure 2.24 shows a sample policy-based SLB configuration.
Figure 2.24
The policy list contains two entries: one associating IP address 10.10.10.1 with real server group 1, and another associating network address 20.20.0.0/16 with real server group 2. In addition, real server group 3 is specified as the default server group.
In this example, policy-based SLB works as follows:
When a request from address 10.10.10.1 is received on the VIP, the ServerIron ADX forwards the request to one of the load-balanced servers in real server group 1.
When a request from a different address is received, since it does not have an entry in the policy list, it is forwarded to one of the load-balanced real servers in the default server group, which is specified as group 3.
Notes:
Since policy-based SLB is enabled on a per-VIP basis, some VIPs configured on the ServerIron ADX can have policy-based SLB enabled, while others do not.
Policy-based SLB can coexist with other ServerIron ADX features, including FWLB, NAT, and TCS.
Configuring a Policy List
A policy list can be created in two ways depending on the number of policies being defined:
Creating the Policy List Using the CLI
The following command can be used to add policies:
ServerIron(config)# server pbslb add 10.10.10.1 1
Syntax: server pbslb add <ip-addr> [<network-mask>] [<server-group-id>]
The <ip-addr> can be a complete host address, or a network address followed by IP mask bits.
The <server-group-id> variable is alphanumeric and refers to one of the real server groups configured on the ServerIron ADX.
For the example shown in “Policy-based SLB configuration”, the policies can be added as shown in the following:
ServerIron(config)# server pbslb add 10.10.10.1 1
ServerIron(config)# server pbslb add 20.20.0.0/16 2
Creating the Policy List File to Dynamically Download from a TFTP Server or a USB Flash
To dynamically download a policy list file from a TFTP server or USB flash it must be a flat ASCII test file that consists of one or more poiicy-based SLB entries configured in the following format:
<ip-addr> [<network-mask>] [<server-group-id>]
The <ip-addr> can be a complete host address, or a network address followed by IP mask bits.
The <server-group-id> variable is alphanumeric and refers to one of the real server groups configured on the ServerIron ADX.
For the example shown in “Policy-based SLB configuration”, the policies would be defined as shown in the following:
10.10.10.1 1
20.20.0.0/16 2
The policy list file created in the format defined above can be transferred to the ServerIron ADX from either a TFTP server or through a USB flash drive.
Dynamically Downloading a Policy List using TFTP
Once a policy list is created, as described in “Creating the Policy List File to Dynamically Download from a TFTP Server or a USB Flash”, the following command can be used to download the file from a TFTP server:
ServerIron(config)# server pbslb tftp 192.168.9.210 policy-list.txt 5
When you enter this command, the downloaded policy list file immediately replaces the entries in the ServerIron ADX’s policy-based SLB configuration.
Syntax: server pbslb tftp <tftp-server-ip-addr> <filename> <retry-count>
The <tftp-server-ip-addr> variable specifies the IP address of the TFTP server.
The <filename> variable specifies the name of the policy list file.
The <retry-count> variable specifies the number of times that the ServerIron ADX retries the download if the first attempt is not successful.
Dynamically Downloading a Policy List using an External USB Flash Drive
The following command can be used to download the policy list file from an external USB flash drive:
ServerIron(config)# server pbslb /usb1/policy-list.txt 5
NOTE: The filename must begin with /usb1/ when downloading from and external USB flash drive.
When you enter this command, the downloaded policy list file immediately replaces the entries in the ServerIron ADX’s policy-based SLB configuration.
Syntax: server pbslb <usb-filename>
The <usb-filename> variable specifies the name of the policy list file. It must begin with “/usb1/”.
Downloading a Policy List using the Internal USB Flash Drive
To be able to download a policy list file form the internal USB drive, you must first download the file from the external USB drive to the internal USB using the following command:
ServerIron# copy usb1 usb0 policy-list.txt policy-list.txt
Syntax: copy usb1 usb0 <source-filename> <destination-filename>
The <source-filename> variable specifies the name of the file that is being copied from the external USB flash drive to the internal USB flash drive..
The <destination-filename> variable specifies the name of the file once it is copied to the internal USB flash drive.
After using the copy usb1 usb0 command to copy the file to the interal USB flash drive, you can use the following command to download the policy list from the Internal USB flash drive:
ServerIron(config)# server pbslb /usb0/policy-list.txt
When you enter this command, the downloaded policy list file immediately replaces the entries in the ServerIron ADX’s policy-based SLB configuration.
Syntax: server pbslb <usb-filename>
The <usb-filename> variable specifies the name of the policy list file. It must begin with “/usb0/”.
Redirecting Traffic to the Default Group during Download
ServerIron ADX supports seamless download (or no blocking of VIP traffic while a policy list is being downloaded) only when the number of PBSLB entires do not exceed 1,000,000. For up to 1,000,000 PBSLB entries, a ServerIron ADX maintains two separate tables in memory: one for the existing list, and one for the new list that is being downloaded. Once the new list is completely downloaded, it is swapped with the existing list. This allows for the new policy list to take effect immediately without affecting the VIP traffic during the download.
NOTE: This only applies when the maximum number of PBSLB entries has not been increased to over 1,000,000 through use of the server pbslb max-entries command.
For policy list files that contain more than 1,000,000 entries, all VIP traffic will be blocked during the download and will resume only after the policy list file is completely downloaded. In order to be able to send VIP traffic to the default server group instead of blocking it during download, enable the server pbslb send-to-default-group-during-download feature.
There are three steps to turn on this feature.
1.
2.
3.
Create a PBSLB default group
To create a PBSLB default group, enter a command such as the following:
ServerIron(config)# server pbslb default-group-id 4
Syntax: [no] server pbslb default-group-id <group-id>
Assign real server ports to default group
A default group can contain one or more real servers. If there is more than one real server in a default group, requests are load balanced across all the servers in the group. To assign real servers to the default group, enter commands such as the following:
ServerIron(config)# server real-name rs1 207.95.7.14
ServerIron(config-rs-rs1)# port http group-id 4 4
ServerIron(config-rs-rs1)# exit
Enable pbslb send-to-default-group-during-download
To enable send-to-default-group-during-download, enter commands such as the following:
ServerIron(config)#server pbslb send-to-default-group-during-download
Syntax: [no] server pbslb send-to-default-group-during-download
NOTE: You would configure this command only if you have increased the maximum number of PBSLB entrie over the default number.
Specifying the Maximum Number of Entries
By default, a policy-based SLB configuration can have up to 25,000 entries. You can optionally specify the maximum number of entries allowed for a policy-based SLB configuration.
For example, to specify 40,000 as the maximum number of entries for policy-based SLB, enter the following command:
ServerIron(config)# server pbslb max-entries 40000
The maximum number of PBSLB entries that ServerIron ADX supports is 10,000,000.
After you enter this command and save the configuration, you must reload the software for the new maximum limit to take effect.
Deleting an Entry from the Policy List
To delete an entry from the policy list, enter a command such as the following:
ServerIron(config)# server pbslb delete 10.10.10.1
Syntax: server pbslb delete <ip-addr>
Deleting an Entire PBSLB List
To delete the entire list, enter a command such as the following:
NOTE: This command will delete all the entries in the PBSLB list. You can enter the show pbslb all 0 command to first display the contents of the list before deleting the entire list.
ServerIron(config)# server pbslb delete all
The whole IP table of PBSLB has been deleted.
Syntax: server pbslb delete all
Copying a Policy List to a File on TFTP Server
To copy the currently loaded policy list from the ServerIron ADX to a file on a TFTP server, enter a command such as the following:
ServerIron# copy pbslb-running-config tftp 192.168.9.210 policy-list.txt
Syntax: copy pbslb-running-config tftp <tftp-server-ip-addr> <filename>
The <tftp-server-ip-addr> is the IP address of the TFTP server, and <filename> is the name the policy list file will be saved as.
Writing the Policy List to Flash Memory
By default, the policy list is not saved to flash memory when you enter write memory. To write the policy list to flash memory, enter the following command:
ServerIron(config)# server pbslb enable-config-gen
The next time the ServerIron ADX is booted, the policy list will appear in the running-config.
Syntax: server pbslb enable-config-gen
NOTE: The ServerIron ADX is unable to copy a policy list with more than 1,000 entries to Flash.
Specifying a Default Server Group
When a new connection is sent to a VIP where policy-based SLB is enabled, if no entry for the source IP address is found in the policy list, the ServerIron ADX directs the request to a server group specified as the "default" server group.
To specify a server group as the default server group, enter a command such as the following:
ServerIron(config)# server pbslb default-group-id 3
Syntax: server pbslb default-group-id <group-id>
Assigning Real Servers to Server Groups
The policy list associates source IP addresses with real server group IDs. To configure policy-based SLB, you assign real servers to real server groups.
A real server group can contain one or more real servers. If there is more than one real server in a server group, requests are load balanced across all the servers in the group. To assign real servers to server groups, you establish the IP address of each real server and specify the server group(s) to which it belongs.
For example, to configure real server rs1 in Figure 2.24, enter commands such as the following:
ServerIron(config)# server real-name rs1 207.95.7.1
ServerIron(config-rs-rs1)# port http group-id 1 1
ServerIron(config-rs-rs1)# exit
Syntax: [no] server real <real-server-name> <ip-addr>
Syntax: [no] port <port> group-id <server-group-id-pairs>
In this example, the server real command defines a real server called rs1 with an IP address of 207.95.7.1.
The port http group-id command indicates the server group(s) to which the real server belongs. The server group is expressed as a pair of numbers, indicating a range of real server group IDs. The first number is the lowest-numbered server group ID, and the second is the highest-numbered server group ID. For example, if a real server belongs only to the server group with ID = 1, the last two numbers in the port http group-id command would be 1 1. (Note the space between the two numbers.) If a real server belongs to server groups 1 – 10, the last two numbers in the command would be 1 10. Valid numbers for server group IDs are 0 – 1023.
To include a real server in groups that are not consecutively numbered, you can enter up to four server group ID pairs. For example, to include a real server in groups 1 – 5 and 11 – 15, you would enter the following command:
ServerIron(config-rs-rs1)# port http group-id 1 5 11 15
You can also specify the server group ID pairs on separate lines; for example:
ServerIron(config-rs-rs1)# port http group-id 1 5
ServerIron(config-rs-rs1)# port http group-id 11 15
The configuration for the remaining real servers in Figure 2.24 is shown below. These commands place real server rs2 in server group ID = 1 (along with real server rs1), real server rs3 in server group ID = 2, and real servers rs4 and rs5 in server group ID = 3.
ServerIron(config)# server real rs2 207.95.7.2
ServerIron(config-rs-rs2)# port http group-id 1 1
ServerIron(config-rs-rs2)# exit
ServerIron(config)# server real rs3 207.95.7.3
ServerIron(config-rs-rs3)# port http group-id 2 2
ServerIron(config-rs-rs3)# exit
ServerIron(config)# server real rs4 207.95.7.4
ServerIron(config-rs-rs4)# port http group-id 3 3
ServerIron(config-rs-rs4)# exit
ServerIron(config)# server real rs5 207.95.7.5
ServerIron(config-rs-rs5)# port http group-id 3 3
ServerIron(config-rs-rs5)# exit
Enabling PBSLB for a Port on a Virtual Server
To enable policy-based SLB on a VIP for Figure 2.24, enter commands such as the following:
ServerIron(config)# server virtual-name-or-ip mysite 209.157.22.63
ServerIron(config-vs-mysite)# port http
ServerIron(config-vs-mysite)# port http sw-l4-pbslb
ServerIron(config-vs-mysite)# bind http rs1 http rs2 http rs3 http rs4 http rs5 http
Syntax: [no] port <port> sw-l4-pbslb
Deleting Existing PBSLB Sessions
By default, when a PBSLB server group configuration changes, the client sessions with that group remain open. For example, if a client has sessions associated with Group A and Group A’s configuration changes moving the clients’ to Group B, the sessions with Group A are still open. You can change this behavior by enabling the scan-session-table-after-config-change feature. With this feature enabled, old connections are deleted and a new connection is set up with a new group whenever a PBSLB server's configuration changes.
To enable this feature, enter the following command.
ServerIron(config)# server pbslb scan-session-table-after-config-change
Syntax: [no] server pbslb scan-session-table-after-config-change
Use the no form of the command to disable this feature. The feature is disabled by default.
Displaying PBSLB Entries
You can display one or more entries in the currently loaded policy list.
To display an individual policy list entry, enter a command such as the following:
ServerIron# show pbslb 192.168.9.210
Syntax: show pbslb <ip-address>
The show pbslb command displays the entry in the policy list that corresponds to the specified IP address. If no entry is found for the specified IP address, no output is displayed.
To display multiple entries in the policy list, enter a command such as the following:
ServerIron# show pbslb all 100
Syntax: show pbslb all <index>
The show pbslb all command displays 20 entries in the policy list, starting from the point specified with the <index> parameter. In the example, 20 entries in the policy list are displayed, starting from the 100th entry.
Packet Trace
When a policy list file is downloaded to the ServerIron ADX, messages to indicate download progress are printed on the console. By default, when a policy list file is downloaded through a telnet or ssh session to the ServerIron ADX, these messages do not appear on the telnet or ssh session. In order to be able to monitor the download progress, you need to enable packet trace using the following command:
ServerIronADX# ptrace term
debug output is now sent to this terminal
Syntax: ptrace term
ServerIron(config)# server pbslb tftp 10.1.1.1
pbslb/pbslb2M.txt 1 Download of pbslb config from TFTP server is initiated.
.SLB-telnet@ServerIron(config)#.............................................
...............................Download of pbslb config from TFTP server is done.
TFTP file size = 27718556, Entry count = 1000000, Parse error = 0, Table
full error 1000000 Resetting pbslb trie Processing PBSLB entries
.......................................PBSLB processing done
BP sync msg = 200, BP Sync fail = 0
Duplicates = 0, Alloc err = 0, Full err = 0, Unknown err = 0
 
Table 2.13: Error Messages
The number of messages that it took for the MP to synch the downloaded pbslb table to the BP (The download itself is staggered, so it is done in multiple passes).
The number of messages (mentioned above) that failed successful transmission. In the event of a failure, the message is sent again.
If BP sync fails, the MP will try to push down the PBSLB table to the BPs again after 100 ms. This process continues until the BP synch is completely successful. On the BP, the PBSLB trie is not populated until the download is totally successful.
The number of times the ServerIron ADX was unsuccessful in allocating memory for the PBSLB trie. The device tries to allocate the entire trie at once, so if there is an error, this counter can only show a value of 1.
The number of times the ServerIron ADX could not add a new PBSLB entry to the trie because the trie is already full. This value should indicate the number by which the downloaded pbslb trie size exceeds the value that the ServerIron ADX supports.
When the PBSLB list is downloaded, it is first populated into a flat table that does not have any heirarchy. After populating this table, the MP will construct the DP trie to actually store the PBSLB entries for later lookups. Even when the MP synchs the PBSLB info to the BPs, it is the flat table that is pushed down and not the DP trie.
Full error refers to those error cases where new entries cannot be added to the DP trie because the trie is already full. Table full error refers to those error cases where no more entries can be added to the flat table because the flat table is filled up.
Is used to catch miscallaneous unexpected errors. For example, if the download buffer of the PBSLB table from MP to BP is corrupted. Another example is when we try to add an entry to the trie and the entry cannot be added due to an unexpected error.

Server Load Balancing > Policy-Based SLB

Table of Contents Previous Next Print
Copyright © 2009 Brocade Communications Systems, Inc.