Gebruiksaanwijzing /service van het product 212777 van de fabrikant Nortel Networks
Ga naar pagina of 482
50 Great O ak s Boulevar d San Jose, Ca li fornia 951 19 408-360-5 500 M ain 408-360-55 01 Fax www .nortelnetworks.com W eb OS Switch Sof tware 10.0 Application Guide Part Number: 21 277 7, Revision A.
Web OS 1 0.0 Applic ation Gu ide 2 212777-A , F ebr uar y 2002 Copyrigh t 2002 N ortel Netw orks, I nc., 50 Great Oaks Bo ulevard, S an Jose, C aliforn ia 95119, USA.
212777-A , Februar y 2002 3 Content s Preface 21 Who Should Use This Guide 21 What You ’ ll Find i n This Guide 21 Typographi c Conventi ons 23 Contacti ng Us 24 Part 1: Basic Sw itching & Routi.
Web OS 1 0.0 Applic ation Gu ide 4 Contents 212777-A , Febr uary 200 2 VLANs and Spanni ng Tree Pr otocol 49 Bridge Pr otocol Data Units (BPDUs) 50 Multiple Spanning Trees 51 VLANs and Defau lt Gatewa.
Web OS 10.0 App lication G uide Contents 5 212777-A , Februar y 2002 OSPF Configurat io n Examples 83 Example 1: Simple OSPF Domain 84 Example 2: Virtual L inks 86 Example 3: Summarizing Ro utes 90 Ex.
Web OS 1 0.0 Applic ation Gu ide 6 Contents 212777-A , Febr uary 200 2 Load Balan cing Speci al Servic es 149 IP Se rver L oad B alan cing 149 FTP Server Load Balanci ng 150 Domain Name Ser ver (DNS) .
Web OS 10.0 App lication G uide Contents 7 212777-A , Februar y 2002 Chapter 8: Applicat ion Redi rection 203 Overview 204 Web Cache Redi rection Environment 204 Addition al Applicati on Redirecti on .
Web OS 1 0.0 Applic ation Gu ide 8 Contents 212777-A , Febr uary 200 2 Chapter 11: High Availabil ity 247 VRRP Overview 248 VRRP Components 248 VRRP Operation 251 Selecti ng the Mast er VRRP Router 25.
Web OS 10.0 App lication G uide Contents 9 212777-A , Februar y 2002 Part 3: Advanced Web Sw itching Chapter 12: Global Server Load Balancing 289 GSLB Overview 290 Bene fits 29 0 Comp atibil ity w ith.
Web OS 1 0.0 Applic ation Gu ide 10 Contents 212777-A , Febr uary 200 2 Chapter 15: Content Intel ligent Switching 371 Overview 372 Parsing Content 373 HTTP Header I nspection 374 Bufferi ng Content w.
Web OS 10.0 App lication G uide Contents 11 212777-A , Februar y 2002 Chapter 16: Persistence 421 Overview o f Persisten ce 422 Using Sour ce IP Addres s 422 Using Cookies 423 Using SSL Ses sion ID 42.
Web OS 1 0.0 Applic ation Gu ide 12 Contents 212777-A , Febr uary 200 2 Configur ing Bandwidth Manag ement 454 Addition al Configurat ion Example s 457 Prefer ential Servi ces Examples 460 Glossary 47.
212777-A , Februar y 2002 13 Figures Figure 1- 1: The Router Legacy Network 29 Figure 1- 2: Switch-Ba sed Routing Topology 30 Figure 1- 3: iBGP and eBGP 37 Figure 1- 4: BGP Failove r Configurati on Ex.
Web OS 1 0.0 Applic ation Gu ide 14 Figures 212777-A , Febr uary 200 2 Figure 6- 1: Traditi onal Versus SLB Ne twork Confi gurations 119 Figure 6- 2: Web Hosting Configurat ion Without SLB 121 Figure .
Web OS 10.0 App lication G uide Figures 15 212777-A , Februar y 2002 Figure 12 -1: DNS Resol ution with Global Server Load Balancing 291 Figure 12 -2: GSLB To pology Example 294 Figure 12 -3: HTTP and.
Web OS 1 0.0 Applic ation Gu ide 16 Figures 212777-A , Febr uary 200 2 Figure 17 -1: Ban dwidth Management: How It Works 442 Figure 17 -2: Bandwidth Rate Limits 444 Figure 17 -3: Virt ual Clocks and T.
212777-A , Februar y 2002 17 Ta b l e s Table 1- 1: Subnet Rout ing Example : IP Address Ass ignments 31 Table 1- 2: Subnet Rout ing Examp le: IP Inte rface Assi gnments 31 Table 1- 3: Subnet Rout ing.
Web OS 1 0.0 Applic ation Gu ide 18 Tables 212777-A , Febr uary 200 2 Table 12- 1: GSLB Example: Ca lifornia Re al Server IP Addresses 296 Table 12- 2: GSLB Example: Ca lifornia Al teon 180 Por t Usag.
212777-A , Februar y 2002 19 New Features The following table lists the new features in W eb OS 10.0 and the supported platforms: Feature Alteon W eb Switches AD3/180e Alteon We b Switches AD4/184 Vla.
Web OS 1 0.0 Applic ation Gu ide 20 New Features 212777-A , Febr uary 200 2 Hash on any HTT P header Y es Y es Increase su pport of 16 rport to vport No Y es Increased num ber of scrip ted healt h che.
212777-A , Februar y 2002 21 Preface This Application Guide describes how to configure and use the W eb OS software on the Alteon W eb switch e s. Fo r documentation on installin g the switches physically , see the H a rd w a re Installation Guide for your parti cular switc h model.
Web OS 1 0.0 Applic ation Guide 22 Preface 21277 7-A, Febr uary 2002 n Chap te r 5, “ Secure Switch Managem ent, ” describ es how to manag e the switch using sp e- cific IP addre sses, RADIUS authentication, Secure Shell (SSH), and Sec ure Copy (SCP).
Web O S 10. 0 Application Guide Preface 23 212777-A , Februar y 2002 T ypographic Conventions The following table descr ibes the typographic s tyles used in this book. Ta b l e 1 T ypo graph ic Conventio ns Ty p e f a c e o r Symbol Meaning E xample AaBbCc123 This type is used fo r name s of co mmands , files, and directories used within the text.
Web OS 1 0.0 Applic ation Guide 24 Preface 21277 7-A, Febr uary 2002 Cont ac ting Us For complete product su pport and sales informatio n, visit the Nortel Networ ks we bs ite at the following URL: http://www.nortelnetworks.com See the contact information on this s ite for regional support and sales phon e numbers and e-mail addresses.
212777-A , Februar y 2002 25 Part 1: Basic Switching & Routing This sect ion discu sses basic Layer 1 throug h Layer 3 swit ching and rou ting funct ions. In addi- tion to switching traffic at near line rates, the W eb switch can perform mul ti-protocol routing.
Web OS 1 0.0 Applic ation Gu ide 26 Basic Switching & Routin g 212777-A , Febr uary 200 2.
212777-A , Februar y 2002 27 C HAPTER 1 Basic IP Routing T his c ha p te r provides con figuratio n background and examples for using the Al teon W eb switch to perform IP routing functions.
Web OS 1 0.0 Applic ation Gu ide 28 Chapter 1: B asic IP Routing 212777-A , Febr uary 200 2 IP Rout in g Bene fits The Alteon W eb switch uses a combination of configurable IP switch interfaces and IP ro uting options.
Web OS 10.0 App lication G uide Chapter 1: Basic IP Routing 29 212777-A , Februar y 2002 For examp le, consider t he following topology mi gration: Figure 1- 1 The Router Legacy Network In this exampl e, a corporate campus has migrated from a router -centric topology to a faster , more powerful, switch-based topology .
Web OS 1 0.0 Applic ation Gu ide 30 Chapter 1: B asic IP Routing 212777-A , Febr uary 200 2 T a ke a closer lo ok at the Al teon W eb switch in the following conf igur atio n exam ple: Figure 1-2 Swit.
Web OS 10.0 App lication G uide Chapter 1: Basic IP Routing 31 212777-A , Februar y 2002 Example of Subn et Routing Prior to configu ring, you must b e connected to the switch Command Line Interface (CLI) as the administrator .
Web OS 1 0.0 Applic ation Gu ide 32 Chapter 1: B asic IP Routing 212777-A , Febr uary 200 2 IP interfaces are co nfigured using the following commands at the CLI: 3. Set each server and workstation’s default gateway to the appro pr iate switch IP interface (the one in the same subnet as the server or workstation).
Web OS 10.0 App lication G uide Chapter 1: Basic IP Routing 33 212777-A , Februar y 2002 Using VLANs to Se gregate Br oadcast Do mains In the previous example, devices that share a commo n IP network ar e all in the same b roadcast domain.
Web OS 1 0.0 Applic ation Gu ide 34 Chapter 1: B asic IP Routing 212777-A , Febr uary 200 2 Each time yo u add a port to a VLAN, you may get the following prompt: Enter y to set the default Port VLAN ID (PVID) for the port. 3. Add each IP interface to the appr opriate VLAN.
Web OS 10.0 App lication G uide Chapter 1: Basic IP Routing 35 212777-A , Februar y 2002 Defining IP Ad dress Ranges for the Local Route Cache A local route cache lets you us e switch resources more ef ficiently .
Web OS 1 0.0 Applic ation Gu ide 36 Chapter 1: B asic IP Routing 212777-A , Febr uary 200 2 Border Gateway Protocol (BGP) Border Gateway Protocol (B GP) is an Internet protocol that enables routers on.
Web OS 10.0 App lication G uide Chapter 1: Basic IP Routing 37 212777-A , Februar y 2002 Figure 1-3 iBGP and eBGP T ypicall y , an AS has one or more multiple bor der router s — peer routers that ex.
Web OS 1 0.0 Applic ation Gu ide 38 Chapter 1: B asic IP Routing 212777-A , Febr uary 200 2 As sh own in Figure 1 -4 , the switch is connected to ISP 1 and ISP 2. The customer neg otiates with both ISPs to allow th e W eb switch to use their p eer routers as default gateways.
Web OS 10.0 App lication G uide Chapter 1: Basic IP Routing 39 212777-A , Februar y 2002 2. Define the VLANs. For simplicity , both default gateways are configured in the same VLAN in this example. The gateways could be in the same VLAN or dif f eren t VLANs .
Web OS 1 0.0 Applic ation Gu ide 40 Chapter 1: B asic IP Routing 212777-A , Febr uary 200 2 5. Configure BG P peer router 1 and 2. Peer 1 is the primary g ateway router .
Web OS 10.0 App lication G uide Chapter 1: Basic IP Routing 41 212777-A , Februar y 2002 DHCP Rela y Dynamic Hos t Configurat ion Protoco l (DHCP) is a transport pr otocol that pr ovides a frame- work for au tomatically as signing IP address es and conf iguration info rmation to o ther IP hos ts or client s in a large TC P/IP network .
Web OS 1 0.0 Applic ation Gu ide 42 Chapter 1: B asic IP Routing 212777-A , Febr uary 200 2 respond as a a UDP Unicast message back to the s witch , with the default gateway and IP address for the client. The d estination IP address in th e server response repr esents the interface address on the switch that received the client request.
212777-A , Februar y 2002 43 C HAPTER 2 VLANs This ch apter de scribes ne twork de sign and top ology c onsidera tions for us ing V irt u al Lo c a l A r ea Ne two rk s ( VL ANs ) .
Web OS 1 0.0 Applic ation Guide 44 Chapter 2: VLANs 212777-A , Febr uary 200 2 VLAN ID Numbers W eb OS su pport s up to 246 VLA Ns per swit ch. Even tho ugh t he maxi mum n umber o f VLAN s supported at any given time is 246, each can be identified with any num ber between 1 and 4094.
Web O S 10. 0 Application Guide Chapter 2: VLANs 45 212777-A , Februar y 2002 VLANs and the IP Interfac es Carefully con sider how you create VLANs within the sw itch, so that communication with the switch Ma nagem e nt Proce s sor (M P ) rema ins poss ibl e.
Web OS 1 0.0 Applic ation Guide 46 Chapter 2: VLANs 212777-A , Febr uary 200 2 Example 1: Multip le VLANS with T agging Adap ter s Figure 2-1 Example 1 : Multi ple VLAN s with T aggi ng Gigabit A dapt.
Web O S 10. 0 Application Guide Chapter 2: VLANs 47 212777-A , Februar y 2002 N OTE – VLAN t agging is r equired on ly on ports th at are connected to other Alt eon W eb switches or on p orts that connect to tag-capable end-stations, such as servers with VLAN- taggi ng adapte rs.
Web OS 1 0.0 Applic ation Guide 48 Chapter 2: VLANs 212777-A , Febr uary 200 2 Example 2: Parallel Links with VLANs Figure 2-2 Example 2 : Par allel Link s with VLA Ns The following items des cribe th.
Web O S 10. 0 Application Guide Chapter 2: VLANs 49 212777-A , Februar y 2002 VLANs and S p anning T ree Protocol Spanning T ree Protocol (STP) detects and eliminates logical lo ops in a bridged o r switched network. STP forces redundant data paths into a standby (blocked ) state.
Web OS 1 0.0 Applic ation Guide 50 Chapter 2: VLANs 212777-A , Febr uary 200 2 Bridge Protocol Dat a Unit s (BPDUs) T o create a Spanning T r ee, the W eb switch generates a configuration Bridge Protocol Data Unit (BPDU), which it then forwards out of its por ts.
Web O S 10. 0 Application Guide Chapter 2: VLANs 51 212777-A , Februar y 2002 Multip le S p anni ng T rees W eb OS 10.0 supports up to 16 ins tances of Sp anning T rees or Spanning T ree groups. Each VLAN can be placed on a unique Spanning T ree group per s witch except for the default Span- ning T ree grou p (STG 1).
Web OS 1 0.0 Applic ation Guide 52 Chapter 2: VLANs 212777-A , Febr uary 200 2 Exam ple of a Fou r-Sw itch T opolo gy with a Single S pan ning T r ee In the four-switch topology example shown in Figur.
Web O S 10. 0 Application Guide Chapter 2: VLANs 53 212777-A , Februar y 2002 Exam ple of a Fou r-Swit ch T opolo gy with M ultiple S pan ning T rees If multiple Spanning T r ees are implemented and each VLAN is on a different Spanning T ree, elimination of logical loops wil l not isolate any VLAN.
Web OS 1 0.0 Applic ation Guide 54 Chapter 2: VLANs 212777-A , Febr uary 200 2 Switch- Centric S pannin g T ree Protocol In Figur e 2-5 on page 53 , VLAN 2 i s shared by W eb s witch A and B on ports 8 an d 1 respec- tively . W eb switch A identifies VLAN 2 in Sp anning T ree group 2 and W eb switch B identifies VLAN 2 in Spanning T ree group 1.
Web O S 10. 0 Application Guide Chapter 2: VLANs 55 212777-A , Februar y 2002 VLAN P articip ation in S panning T ree Grou ps The VLAN participation for each Spanning T ree grou p in Figu re 2- 5 on p.
Web OS 1 0.0 Applic ation Guide 56 Chapter 2: VLANs 212777-A , Febr uary 200 2 Config uring Mul tiple S panning T re e Groups This configuration shows h ow to config ure th e three ins tances of Spannin g T ree groups on the W eb switch e s A, B, C, an d D illustrated in Figure 2- 5 on page 53 .
Web O S 10. 0 Application Guide Chapter 2: VLANs 57 212777-A , Februar y 2002 3. Configure the following on W eb swi tch C: Add port 8 to VLAN 3 an d define Span ning T ree group 3 for VLAN 3. VLAN 3 is au tomatically remo ved from Spanni ng T ree group 1 and by d efault VLAN 2 remains i n Spanning T ree Group 1.
Web OS 1 0.0 Applic ation Guide 58 Chapter 2: VLANs 212777-A , Febr uary 200 2 VLANs and Default Gateways W eb OS allows you to assign different defau lt gateways for each VLAN. Y ou can ef fectively map multiple customers to sp ecific gateways on a single switch.
Web O S 10. 0 Application Guide Chapter 2: VLANs 59 212777-A , Februar y 2002 In the example sho wn in Figure 2-6 , if default gateways 5 or 6 fail, then traf fic is directed to default gat eway 1, wh ich is conf igured with IP address 10.
Web OS 1 0.0 Applic ation Guide 60 Chapter 2: VLANs 212777-A , Febr uary 200 2 Configuring the Local Network T o completely segregate VLAN traf fic to its own default gateway , you can co nfigure the local network addresses of the VLAN.
Web O S 10. 0 Application Guide Chapter 2: VLANs 61 212777-A , Februar y 2002 3. Configure the default ga teways. Config urin g def ault gatew ays 5 and 6 fo r V LAN s 2 and 3 respectively . Configu re def a ult gat e- way 1 fo r load balancin g session requ ests and as back up when defaul t gateways 5 and 6 fail.
Web OS 1 0.0 Applic ation Guide 62 Chapter 2: VLANs 212777-A , Febr uary 200 2 6. (Optional) Configur e the local networks to ensure that the VLANs use the configured default gate ways. 7. Apply and s ave your new conf ig uration chan ges. >> IP# frwd/local (Select the local network Me nu) >> IP Forwarding# add 10.
Web O S 10. 0 Application Guide Chapter 2: VLANs 63 212777-A , Februar y 2002 VLANs and Jumbo Frames T o reduce host frame proces sing overhead, Gigabit network adapters that can handle f rame sizes of 9K and higher (such as the 3COM PCI-X/PCI Gigabit adapters) and Alteon W eb switches, bot h ru nnin g ope rati ng W eb OS version 2.
Web OS 1 0.0 Applic ation Guide 64 Chapter 2: VLANs 212777-A , Febr uary 200 2 Figure 2-7 Jumbo Fr ame VLAN s Routing Jumbo Frames to Non -Jumbo Frame VLANs When IP routing is used to route t raff ic between VLAN s, the switch will f ragment Jumbo UDP datagrams when ro uting fro m a Jumbo fr ame VLAN to a non-Jumbo frame VLAN.
212777-A , Februar y 2002 65 C HAPTER 3 Port T runking T runk groups can provide super-bandwidth, multi-link connecti ons be tween Alteon W eb switches or other trunk -capable devices . A trunk gro up is a group of ports th at act together , combining their ban dwidth to create a sing le, lar ger virtual link.
Web OS 1 0.0 Applic ation Gu ide 66 Chapter 3: Por t Trunking 212777-A , Febr uary 200 2 St atistical Load Distribution Network traffic is statistically load balanced between the ports in a trunk group.
Web OS 10.0 App lication G uide Chapter 3: Port Trunk ing 67 212777-A , Februar y 2002 Port T run ki ng Example In the example below , three ports will be trunked between two Alteon W eb switches.
Web OS 1 0.0 Applic ation Gu ide 68 Chapter 3: Por t Trunking 212777-A , Febr uary 200 2 3. Repeat the pr ocess on W eb sw itch 2. T runk group 1 (o n W eb switch 1) is now conn ected to tr unk group 3 ( on W eb switch 2). N OTE – In this examp le, two Alteon W eb switc he s are us ed.
212777-A , Februar y 2002 69 C HAPTER 4 OSPF W eb OS 10.0 supports the Open Shor test Path F irst (OSP F) routing protocol. The W eb OS implementation conforms to the OSP F versi on 2 specif icatio n s detailed in Internet RFC 1583.
Web OS 1 0.0 Applic ation Guide 70 Chapter 4: OSPF 212777-A , Febr uary 200 2 T ypes of OSPF Areas An AS can be b roken into logi cal units kno wn as ar eas . In any AS with multiple ar eas, one area must be d esignated as area 0, k nown as the backbon e .
Web O S 10. 0 Application Guide Chapter 4: OSPF 71 212777-A , Februar y 2002 T ypes of OSPF Routing Devices As sh own in Figure 4 -2 , OSPF uses the fo llowing ty pes of routin g devices: n Internal Rou ter (IR) — a router that h as all of its interfaces within the same area.
Web OS 1 0.0 Applic ation Guide 72 Chapter 4: OSPF 212777-A , Febr uary 200 2 Neighbors and Adjacenci es In areas with two or more routing devices, neighbor s and adjacencies are for med. Neighb ors are routing devices that maintain information about each others ’ health.
Web O S 10. 0 Application Guide Chapter 4: OSPF 73 212777-A , Februar y 2002 The Shortest Path First T ree The routing d evices use a link-state algorithm (Dijkstra ’ s algorith m ) to calculate the shortest path to all known dest inations, based on the cumul ative cost required to reach the destination.
Web OS 1 0.0 Applic ation Guide 74 Chapter 4: OSPF 212777-A , Febr uary 200 2 OSPF Implement ation in W eb O S W eb OS 10.0 supports a single instance o f OSPF and up t o 1K routes on the networ k.
Web O S 10. 0 Application Guide Chapter 4: OSPF 75 212777-A , Februar y 2002 Defining Areas If you are configurin g multiple areas in your OSPF domain, one of the areas must be desig- nated as area 0 , known as the bac kbone . The backbone is the central OSPF area and is usually physically connected to all other areas .
Web OS 1 0.0 Applic ation Guide 76 Chapter 4: OSPF 212777-A , Febr uary 200 2 Using the A rea ID to Assign the OSPF Area Number The OSPF area number is defin ed in the areaid <IP addr ess> option. The octet format is used in or der to be compat ible with two dif ferent systems of notati on used by o ther OSPF net - work vendo rs.
Web O S 10. 0 Application Guide Chapter 4: OSPF 77 212777-A , Februar y 2002 Interface Cost The OSPF link-state algorithm (Dijkstra ’ s algorithm) p laces each routing d evice at the root of a tree and determines the cumulative cost required to reach each destination.
Web OS 1 0.0 Applic ation Guide 78 Chapter 4: OSPF 212777-A , Febr uary 200 2 Default Routes When an OSPF routing device encounters traf fic for a destination addres s it does not recog- nize, it forwards that traf f ic along th e default r oute .
Web O S 10. 0 Application Guide Chapter 4: OSPF 79 212777-A , Februar y 2002 V irtual Links Usually , all areas in an OSPF AS are physically connected to the backbo ne.
Web OS 1 0.0 Applic ation Guide 80 Chapter 4: OSPF 212777-A , Febr uary 200 2 Router ID Routing devi ces in OSPF areas are identified by a router ID. Th e router ID is expres sed in IP address form at. The IP address of the router ID is not required to be included in any I P inter- face range or in any OSPF area.
Web O S 10. 0 Application Guide Chapter 4: OSPF 81 212777-A , Februar y 2002 T o configure O SPF passwords on the W eb swit ches shown i n Figure 4- 4 use the following commands: 1. Enable OSPF authenticati on for Area 0 on W eb switc hes 1, 2, and 3 .
Web OS 1 0.0 Applic ation Guide 82 Chapter 4: OSPF 212777-A , Febr uary 200 2 Host Routes for Load Balancing W eb OS 10.0 implementation o f OSPF includes host routes.
Web O S 10. 0 Application Guide Chapter 4: OSPF 83 212777-A , Februar y 2002 OSPF Con figurati on Exampl es A summary of the basic steps for conf ig urin g OSPF on the W eb switch is listed here. Detailed instructions for each of the steps is covered in the follow ing sections: 1.
Web OS 1 0.0 Applic ation Guide 84 Chapter 4: OSPF 212777-A , Febr uary 200 2 Example 1: Simple O SPF Domain In this example, two OSPF areas are defined — one area is the backbone and the other is a stub area. A stub area do es not allow advertisements o f external routes, thus reducin g the s ize of th e database.
Web O S 10. 0 Application Guide Chapter 4: OSPF 85 212777-A , Februar y 2002 3. Define the backbone. The backbone is always configured as a transit area u sing areaid 0.0.0.0 . 4. Define the stu b area. 5. Attach the network interface to the backbone.
Web OS 1 0.0 Applic ation Guide 86 Chapter 4: OSPF 212777-A , Febr uary 200 2 Example 2: V irtual Links In the example sho wn in Figure 4-6 , area 2 is n ot physically connected to the backbone as is usually required. Instead, area 2 will be connected to the backbone via a virtual link through area 1.
Web O S 10. 0 Application Guide Chapter 4: OSPF 87 212777-A , Februar y 2002 4. Define the backbone. 5. Define the t ransit ar ea. The area that contains the virtual link must be configured as a trans it area. 6. Attach the network interface to the backbone.
Web OS 1 0.0 Applic ation Guide 88 Chapter 4: OSPF 212777-A , Febr uary 200 2 Config uring OS PF fo r a Virtual Link on Swi tc h #2 1. Configure IP interfaces on each network that will be attached t o OSPF areas. T wo IP interfaces are needed on Switch #2: one for the transit area network o n 10.
Web O S 10. 0 Application Guide Chapter 4: OSPF 89 212777-A , Februar y 2002 6. Define the stu b area. 7. Attach the network interface to the backbone.
Web OS 1 0.0 Applic ation Guide 90 Chapter 4: OSPF 212777-A , Febr uary 200 2 Example 3: Summarizing Routes By default, ABRs adve rtise all the network addresses from one area into ano ther area. Route summarization can be u sed for consolid ating advertised addresses an d reducing the perceived complexity of the network.
Web O S 10. 0 Application Guide Chapter 4: OSPF 91 212777-A , Februar y 2002 3. Define the backbone. 4. Define the stu b area. 5. Attach the network interface to the backbone.
Web OS 1 0.0 Applic ation Guide 92 Chapter 4: OSPF 212777-A , Febr uary 200 2 Example 4: Host Routes The W eb OS 10.0 implementation of OSPF includes host routes. Host routes are used for advertising netwo rk device IP addresses to external networks and allows fo r Server Load Bal- ancing (SLB) within OSPF .
Web O S 10. 0 Application Guide Chapter 4: OSPF 93 212777-A , Februar y 2002 Configuring OSPF for Host Routes on W eb Switch #1 1. Configure bas ic SLB parameters. W eb switch 1 is connected to two real servers. Each r eal server is given an IP address and is placed in the same real s erver group.
Web OS 1 0.0 Applic ation Guide 94 Chapter 4: OSPF 212777-A , Febr uary 200 2 5. Configure the backup virtual s erver . Alteon W eb switch # 1 will act as a backu p for virtual server 10.10.10.2 . Both virtual servers in this example are c onfigured with the same r eal server group and pr ovide identical services.
Web O S 10. 0 Application Guide Chapter 4: OSPF 95 212777-A , Februar y 2002 10. Attach the network interface to the backbone. 11 . Attach the network interface to the stub ar ea. 12. Configu re host r outes. One host ro ute is needed for each virtual server on W eb switch 1.
Web OS 1 0.0 Applic ation Guide 96 Chapter 4: OSPF 212777-A , Febr uary 200 2 Configuring OSPF for Host Routes on Web Switch 2 1. Configure bas ic SLB parameters. W eb switch 2 is connected to two real servers. Each r eal server is given an IP addr ess and is placed in the same real s erver group.
Web O S 10. 0 Application Guide Chapter 4: OSPF 97 212777-A , Februar y 2002 4. Enable O SPF on W eb swit ch #2. 5. Define the backbone. 6. Define the stu b area. 7. Attach the network interface to the backbone. 8. Attach the network interface to the stub area.
Web OS 1 0.0 Applic ation Guide 98 Chapter 4: OSPF 212777-A , Febr uary 200 2 9. Configure host routes. Host routes are configured just like those on W eb switch 1, excep t their costs are r eversed . Since vi rtual server 10. 10.10.2 is preferred for W eb switch 2, its ho st route h as been given a low cost.
212777-A , Februar y 2002 99 C HAPTER 5 Secure Switch Management This chapter discu sses the use of secure tunnels so that the data on the n etwork is encrypted and secured fo r messages between a remote ad ministrator and the switch.
Web OS 1 0.0 Applic ation Gu ide 100 Chapte r 5: Se cure Swit ch Man ageme nt 212777-A , Febr uary 200 2 Setting Allowable Source IP Address Ranges The allowabl e managem ent IP ad dress range is confi gured u sing the s ystem mnet and mmask options available on the Command Line Interfa ce (CLI) System Menu ( /cfg/sys ).
Web OS 10.0 App lication G uide Chapter 5: Secure Switch Manageme nt 101 212777-A , Februar y 2002 Secure Sw itch Ma nagemen t Secure swi tch managem ent is needed fo r environment s that perfor m significant m anagement functions acros s the Internet.
Web OS 1 0.0 Applic ation Gu ide 102 Chapte r 5: Se cure Swit ch Man ageme nt 212777-A , Febr uary 200 2 Requirement s The following com ponents are required for authorization and authentication: n A .
Web OS 10.0 App lication G uide Chapter 5: Secure Switch Manageme nt 103 212777-A , Februar y 2002 RADIUS Authentication and Authorization RADIUS is an access s erver authentication, authorization , and accounting pro tocol used to secure remo te access to networks and network s ervices against unauthorized access.
Web OS 1 0.0 Applic ation Gu ide 104 Chapte r 5: Se cure Swit ch Man ageme nt 212777-A , Febr uary 200 2 RADIUS Authentication Features in Web OS The following Radius Authentication features are supp orted in W eb OS: n Suppor ts RADIUS cli ent on the switch, b ased on t he protocol definition s in RFC 2138 and 2866.
Web OS 10.0 App lication G uide Chapter 5: Secure Switch Manageme nt 105 212777-A , Februar y 2002 Web Switch User Account s The user accounts listed in Ta b l e 5 - 1 can be defi ned in the RA DIUS server di ctionary file.
Web OS 1 0.0 Applic ation Gu ide 106 Chapte r 5: Se cure Swit ch Man ageme nt 212777-A , Febr uary 200 2 When the user logs in, the switch authenticates his/h er level of access by sending the RA DIUS access request, that is, the client authentication request, to the RADIUS authentication s erver .
Web OS 10.0 App lication G uide Chapter 5: Secure Switch Manageme nt 107 212777-A , Februar y 2002 Secure Shell and Secure Copy Although a remote network administrato r can manage t he configuration of an Alteon W eb switch via T elnet, this method does no t provid e a secur e connection.
Web OS 1 0.0 Applic ation Gu ide 108 Chapte r 5: Se cure Swit ch Man ageme nt 212777-A , Febr uary 200 2 N OTE – The re can be a maximu m number of fou r simultaneou s T elnet/SSH/SCP connectio ns at one time. The /cfg/sys/radius/t elnet command also applies to SSH/SCP connec- tions.
Web OS 10.0 App lication G uide Chapter 5: Secure Switch Manageme nt 109 212777-A , Februar y 2002 RSA Host and S erver Keys T o support the SSH server feature, two sets of RSA keys (ho st and server key s) are required. The host key i s 102 4 bits and i s used to identify t he W eb switch.
Web OS 1 0.0 Applic ation Gu ide 110 Chapte r 5: Se cure Swit ch Man ageme nt 212777-A , Febr uary 200 2 Radius Authentication SSH/SCP is integ rated with RADIUS authentication .
Web OS 10.0 App lication G uide Chapter 5: Secure Switch Manageme nt 111 212777-A , Februar y 2002 Configuri ng SSH/SCP SSH/SCP parameters can be configu red only via the co nsole port, using the CLI. The switch SSH daemon us es TCP port 2 2 only and is not configurab le.
Web OS 1 0.0 Applic ation Gu ide 112 Chapte r 5: Se cure Swit ch Man ageme nt 212777-A , Febr uary 200 2 T o save the current configuration to FLASH, use this command: Usually , there will be no need to generate man ually th e RSA host and server keys.
Web OS 10.0 App lication G uide Chapter 5: Secure Switch Manageme nt 113 212777-A , Februar y 2002 Port Mirroring Port mirror ing is implemented to enhan ce the security of you r network. For exam ple, an IDS server can b e connected to the monitor port to detect intruders attack ing the network.
Web OS 1 0.0 Applic ation Gu ide 114 Chapte r 5: Se cure Swit ch Man ageme nt 212777-A , Febr uary 200 2 N OTE – Po rt mirroring and bandwidth man agement cannot be en abled at the s ame time. T o configure por t mirrori ng for the exam ple shown i n Figure 5-2 , 1.
212777-A , Februar y 2002 115 Part 2: W eb Switching Fundamentals Internet traf fic consists of myr iad services and application s which use the Internet Protoco l (IP) for data delivery . IP , however, is not optimized for all the various applications.
Web OS 1 0.0 Applic ation Gu ide 116 Web Sw itching Fundame ntals 212777-A , Febr uary 200 2.
212777-A , Februar y 2002 117 C HAPTER 6 Server Load Balancing Server Load Balancing ( SLB) allows you t o configur e the Alteon W eb switch to balance user session traf fic among a pool of available server s that provide share d services.
Web OS 1 0.0 Applic ation Guide 118 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Underst anding Server Load Balancing SLB benef its your net work in a numb er of ways: n Increased eff.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 119 212777-A , Februar y 2002 How Server Load Balancing W orks In an av erag e ne twor k that e mploys mult ip le se rve rs w itho ut ser ver lo ad ba la ncin g , each se rver usually spe cializes in providing one or t wo unique service s.
Web OS 1 0.0 Applic ation Guide 120 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 The W eb swit ch, with SLB software, acts as a front-end to th e servers, interpreting user sess ion requests and distributing them among the available servers.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 121 212777-A , Februar y 2002 Implementing Ba sic Server Load Ba lancing Consider a situation where customer W eb sites are being hosted by a popular W eb hosting company and /or Internet Service Provider ( ISP).
Web OS 1 0.0 Applic ation Guide 122 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 All of the above issu es can be addr essed by ad ding an Alteon W eb switch wit h SLB soft ware. n Reliability is increas ed by providing multiple path s from the clients to the W eb switch and by accessing a pool o f servers with identical content.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 123 212777-A , Februar y 2002 n Some services require that a series of client requests go to the same real s erver so that ses- sion-specifi c state data can be retained between co nnections.
Web OS 1 0.0 Applic ation Guide 124 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Configuring Server Load Bala ncing This secti on descr ibes the step s for conf igurin g an SLB W eb host ing sol ution. In the foll owing procedure, many of the SLB options are left to their default values .
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 125 212777-A , Februar y 2002 2. Define an IP interface on the switch. The switch must have an IP route to all of t he real servers that receive W eb switch ing services. For SLB, the switch uses this path to determine the level of TCP/IP reach of the real servers.
Web OS 1 0.0 Applic ation Guide 126 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 5. Define a virtual server . All client re quests wil l be addressed to a virt ual server IP add ress on a virtual server defined on the switch . Clients acqu ire the virtual server IP address th rough normal DNS resolut ion.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 127 212777-A , Februar y 2002 The ports are con figured as follows: 7. Enable, apply , and verify the configuratio n. Examine the resulting information. If any settings are incorrect, make the appropriate changes.
Web OS 1 0.0 Applic ation Guide 128 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Additional Server Load Balancing Options In the previous section ( “ Configuring S erver Load Balancin g ” on page 12 4 ), many of th e SLB options are left to their default values.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 129 212777-A , Februar y 2002 Disabli ng and E na bling Rea l Ser v ers If you n eed to reboot a server , you must make sur e that new sessio ns are not sen t to the real server and that old sessions are n ot discarded.
Web OS 1 0.0 Applic ation Guide 130 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Health Checks for Real Servers Determining health fo r each real server is a n ecessary function for SLB. By default for TC P services, the switch checks health by open ing a TCP connection to each service port config- ured as part of each service.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 131 212777-A , Februar y 2002 Metrics fo r Real Se rver Groups Metrics are used for selecting which real server in a group will receive the next client connec- tion.
Web OS 1 0.0 Applic ation Guide 132 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Hash The hash metric uses I P address information in the client request to select a serv er . The spe- cific IP addr ess information used de pends on the application: n For Appli cation Redire ction, the cl ient destinati on IP address is used.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 133 212777-A , Februar y 2002 Response Time The response metric us es real server response time to assign sessions to servers. The response time between the s ervers and the switch is used as the weighting factor .
Web OS 1 0.0 Applic ation Guide 134 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Weights for Real Ser vers W eights can be assigned to each r eal server . These weights bias load balancing to giv e the fas t- est real servers a larger share of connections.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 135 212777-A , Februar y 2002 Backup/Ove rflow Servers A real serv er can bac kup othe r real servers and can handle overfl ow traf fic when the maxim um conne ction limit i s reached.
Web OS 1 0.0 Applic ation Guide 136 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Extending SLB T opologies For standard SLB, all client-to-se rver requests to a particular virtual server and all related server -to-cli ent respo nses must pass through the same W eb swit ch.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 137 212777-A , Februar y 2002 The following pr ocedure can be used for configuring proxy IP addr esses: 1. Disable server processing on af fected switch ports. When implementing pr oxies, switch por ts can be reconfigur ed to disable server p rocessing.
Web OS 1 0.0 Applic ation Guide 138 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 3. If the V irtual Matrix Architecture ( VMA) feature is enabled, add pro xy IP addresses for all other switch ports (except port 9). VMA is normally enabled on the switch.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 139 212777-A , Februar y 2002 Mapping Ports An Alteon W eb switch allo ws you to hide the identity of a port for security by mapping a vir- tual server p ort to a differen t real server port.
Web OS 1 0.0 Applic ation Guide 140 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Con side r th e fo llow ing n etwo rk: Figure 6-6 Basic Virtual Port to Re al Port Mappin g Configur ation In this exampl e, four real servers are used to support a single s ervice (HTTP).
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 141 212777-A , Februar y 2002 Load Balanci ng Metric For each serv ice, a real server is selected using the configured load balancin g metric ( hash , leastconns , minmisses , or roundrobin ).
Web OS 1 0.0 Applic ation Guide 142 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 4. T urn on multiple rport for Port 80. 5. Add the ports to which the W eb server listens.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 143 212777-A , Februar y 2002 The sequence of steps that are executed in this s cenario are shown in Figure 6-7 : Figure 6-7 Direct Server Return 1. A client request is forwarded to the W eb switch.
Web OS 1 0.0 Applic ation Guide 144 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Using Proxy IP A ddresses Proxy IP addresses are used primar ily to elim in ate SLB topology restrictions in co mplex net- works (see “ P roxy IP Addres ses ” on page 13 6 ).
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 145 212777-A , Februar y 2002 Monitoring Re al Server s T ypically , the mana gement network is used by network administrat ors to mo nitor real ser vers and services.
Web OS 1 0.0 Applic ation Guide 146 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Delayed Binding The delayed binding feat ure on the swi tch prevents SYN Denial-o f-Service (DoS) at tacks on the server . DoS occurs when the server or switch is den ied s erv icing the client becau se it is sa t- urated with invalid traffic.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 147 212777-A , Februar y 2002 Figure 6-10 Repe lling DoS SYN Attacks W ith Delay ed Bindi ng Once the W eb switch receives a valid AC.
Web OS 1 0.0 Applic ation Guide 148 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Configur ing Delayed Bind ing T o configure you r switch fo r delayed bin ding, use the f ollowing comma nd: N OTE – Enabl e delayed b inding wi thout confi guring any H TTP SLB pro cessing or p ersistent bind i ng ty p es.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 149 212777-A , Februar y 2002 Load Balancing S pecial Services This section discusses load balancing based o n special services, such.
Web OS 1 0.0 Applic ation Guide 150 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 FTP Server Load Balancing As defined in RF C 959 , FTP us es t wo connect io ns — one for control information and anot her for data. Each connection is unique.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 151 212777-A , Februar y 2002 Domain Name Server (DNS) Load Balancing In previ ous releases of W eb OS, DNS load balanci ng was base d on virtual server IP address and vir tual port (VPO R T) only .
Web OS 1 0.0 Applic ation Guide 152 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Precon fi gura tion T asks 1. Enable server load balancing. 2. Configure the fo ur real servers and their r eal IP addresses. 3. Configure group 1 for UDP and group 2 for TCP .
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 153 212777-A , Februar y 2002 Configuri ng UDP-based DNS Load Balanci ng 1. Configure and enable a v irtual server IP address 1 on t he switch. 2. Set up the DNS service for the virtual server , and add real server group 1.
Web OS 1 0.0 Applic ation Guide 154 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Configur ing TCP-based DNS Lo ad Balancin g 1. Configure and enable the virtual server IP addr ess 2 on the switch. 2. Set up the DNS service for virtual server , and select real server gr oup 2.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 155 212777-A , Februar y 2002 Real Time Streaming Protocol SLB Real T ime Streaming Protocol (R TSP) is an application-level protocol fo r control over the delivery of d ata with real-time properties as do cumented in RFC 2326 .
Web OS 1 0.0 Applic ation Guide 156 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Corporation, and Quicktime Streaming Server marketed by the Apple Inc. The R TSP stream setup se quence is d iffe rent for these two servers, and the switch handles each dif ferently .
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 157 212777-A , Februar y 2002 Confi gurin g RT SP Load Balanci ng Befor e configurin g your W eb swit ch for R TSP load balan cing, d.
Web OS 1 0.0 Applic ation Guide 158 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Wire less Application Protoc ol SLB W ireless Applicatio n Protocol (W AP) is an op en, global speci fication fo r a suite of pr otocols designed to allow wireless devices to communicate and interact with other devices.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 159 212777-A , Februar y 2002 TPCP is Alteon ’ s proprietary protocol that is used to establish communication between the RADIUS serv ers and the Al teon W eb switch. It is UDP-based and uses por ts 3121, 1812, and 1645.
Web OS 1 0.0 Applic ation Guide 160 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Using RADIUS Snooping Radius snoo ping allows the Alteon W eb switch to examine RADIUS accounting pack ets for client information.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 161 212777-A , Februar y 2002 Prec onfiguring W AP Server Load Ba lancin g n Configure W AP s erver load bal ancing on Alte on AD4 and Alt eon 184 platfo rms only . n Enable V irtual Matrix Architecture (VMA).
Web OS 1 0.0 Applic ation Guide 162 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 n If a session entry for a client cann ot be added because of r esource constraints, the s ubse- quent.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 163 212777-A , Februar y 2002 Intrusio n Detect ion System Ser ver Load Balancing Intrusion Detection System (IDS) is a type of security management system for computers and networks.
Web OS 1 0.0 Applic ation Guide 164 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 Load Balanci ng Metrics f or IDS The following metrics are supported in IDS load balancin g: n minmisses n roundrobin Disable delayed binding if y ou select th is metric.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 165 212777-A , Februar y 2002 2. Cr eate a gr oup and add IDS servers to the grou p.
Web OS 1 0.0 Applic ation Guide 166 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2 W AN Lin k Load Balan cin g W ide Area Networking (W AN) is a tele communicati ons network s ys tem spread across a broad geographic area.
Web O S 10. 0 Application Guide Chapter 6: Serve r Load Balanci ng 167 212777-A , Februar y 2002 T o con figure the switch for W AN link load balancing: 1. Define a real server with p r ox y disabled. 2. Add the real server to a real s erver group using the response metric.
Web OS 1 0.0 Applic ation Guide 168 Chapter 6 : Server Load Balanc ing 212777-A , Febr uary 200 2.
212777-A , Februar y 2002 169 C HAPTER 7 Filtering This chapter prov ides a conceptual overview of f ilters and includes configuration examples showing how filters can be used for network security and N etwork Address T ranslation ( NA T ). The following topics are discussed in this chapter: n “ Overview ” on pag e 17 0 .
Web OS 1 0.0 Applic ation Guide 170 Chapter 7 : Filtering 212777-A , Febr uary 200 2 Overv iew Alteon W eb switches are used to d eliver co ntent ef ficiently and secure your servers from unau - thorized intrusion, probing, and Denial-of-Service (D oS) attacks.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 171 212777-A , Februar y 2002 n proto : proto col number or name as shown in Ta b l e 7 - 1 n sport : TCP/UDP application or source por t as shown.
Web OS 1 0.0 Applic ation Guide 172 Chapter 7 : Filtering 212777-A , Febr uary 200 2 St acking Filters Stacking filters are assigned and enab led on a per-port basis. Each filter can be used by itself o r in combination with any other filter on any given switch port.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 173 212777-A , Februar y 2002 The Default Filter Before filtering can be enabled on any given port, a default filter should be configu red. This filter handles any traffic not covered by any other filter .
Web OS 1 0.0 Applic ation Guide 174 Chapter 7 : Filtering 212777-A , Febr uary 200 2 VLAN-based Filterin g Filters are applied per switch, per port, or per VLAN. VLAN-based filtering allows a singl e W eb switch to pr ovid e differentiated services for multiple custo mers, groups, or departments.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 175 212777-A , Februar y 2002 Configuri ng VLAN-based Filterin g 1. Configure filter 2 to allow local clients to bro wse the W eb and then assign VLAN 20 to the filter .
Web OS 1 0.0 Applic ation Guide 176 Chapter 7 : Filtering 212777-A , Febr uary 200 2 3. Configure Filter 7 to deny traffic and then assign VLAN 70 to the filter .
Web O S 10. 0 Application Guide Chapter 7: Filte ring 177 212777-A , Februar y 2002 Exampl e: A network ad ministrato r has noticed a signifi cant number of ICMP frames on one portion of the network and wants to determin e the specific sources o f the ICMP messages.
Web OS 1 0.0 Applic ation Guide 178 Chapter 7 : Filtering 212777-A , Febr uary 200 2 IP Address Ranges Y ou can specify a range of IP addresses for filtering both the source and/or destin ation IP address for traf fic.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 179 212777-A , Februar y 2002 TCP R ate Limiti ng W eb OS 10.0 al lows you to p revent a client or a group of clients from claiming all the TCP resources on the servers.
Web OS 1 0.0 Applic ation Guide 180 Chapter 7 : Filtering 212777-A , Febr uary 200 2 In Figur e 7-5 , the default filter 224 configured for Any is appl ied for all o ther connection requests.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 181 212777-A , Februar y 2002 3. Set the timewin parameter and calculate the to tal time window in seconds. The total time window is a multiple of fastage (for information on fastage , see the Con- figuration chapter in the W e b O S 10.
Web OS 1 0.0 Applic ation Guide 182 Chapter 7 : Filtering 212777-A , Febr uary 200 2 TCP Rate Lim it ing Fi l te r Base d on Sou rc e IP Addr ess This example sho ws how to define a filter that limits cli ents with IP add ress 30.30.30.x to 1 50 TCP connections per second.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 183 212777-A , Februar y 2002 TCP Rate Lim it in g Fil te r Base d on V irtual Server IP Addr ess This example defines a filter that limits clients to 100 TCP connections per s econd to a specific destination (VIP 10.
Web OS 1 0.0 Applic ation Guide 184 Chapter 7 : Filtering 212777-A , Febr uary 200 2 All clients are limited to 100 new TCP connections/second to the ser ver . If a client exceeds this rate, then the client is not allowed to make any new TCP con necti ons to the s erver for 40 mi n- utes .
Web O S 10. 0 Application Guide Chapter 7: Filte ring 185 212777-A , Februar y 2002 Filter-based Security This section provides an example of config urin g filters for providing the best security . It is generally recomm ended that you configu re filters to deny all traffic except for those services that you specifically wish to allow .
Web OS 1 0.0 Applic ation Guide 186 Chapter 7 : Filtering 212777-A , Febr uary 200 2 Configuring a Filter-Based Secur ity Solution Before you begin, you must be connect ed to the swit ch CLI as the admi nistrator . In this example, all filters are applied only to the switch po rt that co nnects to the Internet .
Web O S 10. 0 Application Guide Chapter 7: Filte ring 187 212777-A , Februar y 2002 3. Crea te a f ilte r th at w ill a llow ex t erna l HTTP r equest s to r each the W eb server . The filter must recognize and allow TCP traffic with the W eb server ’ s destination IP address and HTTP des tination por t: 4.
Web OS 1 0.0 Applic ation Guide 188 Chapter 7 : Filtering 212777-A , Febr uary 200 2 5. Create a filter that will allow local cli e nt s t o bro wse t he W eb. The fil ter must r ecognize a nd allo w TCP traf fic to rea ch the lo cal client destin ation IP addr esses if tr affic ori gin ates f rom a ny HTT P s ource p ort: 6.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 189 212777-A , Februar y 2002 For UDP: Similarl y , for TCP: >> Filter 5# ../filt 6 (Select the menu for Filter 6) >> Filter 6# sip any (Fro m any so urce IP address) >> Filter 6# dip 205.
Web OS 1 0.0 Applic ation Guide 190 Chapter 7 : Filtering 212777-A , Febr uary 200 2 8. Assign the filters to t he switch port that connects to the I nternet. W eb OS allows you to add and remove a contiguous block of filters with a single co mmand . 9.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 191 212777-A , Februar y 2002 Network Address T ranslation Network Address T ranslation (NA T) is an Internet standard that enables an Alteon W eb switch to use one set of IP addresses for internal traf fic and a s econd set of addresses for exter nal traf- fic.
Web OS 1 0.0 Applic ation Guide 192 Chapter 7 : Filtering 212777-A , Febr uary 200 2 In this exampl e, clients on the Internet require acces s to servers on th e private network: Figure 7-8 S tatic Ne.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 193 212777-A , Februar y 2002 Note the following importan t poin ts about this configu rati on: n W ith in each filter , the smask and dmask values are identical. n All parameters for both filters are identical except for the NA T direction.
Web OS 1 0.0 Applic ation Guide 194 Chapter 7 : Filtering 212777-A , Febr uary 200 2 Configur ing Dynamic NA T N OTE – The invert opti on in this example f ilter makes thi s specific configuratio n easier but is not a requ irement for dynamic NA T .
Web O S 10. 0 Application Guide Chapter 7: Filte ring 195 212777-A , Februar y 2002 FTP Clie nt NA T Alteon W eb swit ches provide NA T services to man y clients with private IP addresses. In W eb OS, an FTP en hancement provides the capability to perform true FTP NA T for dynamic NA T .
Web OS 1 0.0 Applic ation Guide 196 Chapter 7 : Filtering 212777-A , Febr uary 200 2 Configur ing Active FTP Clien t NA T N OTE – The pas sive mode does not n eed this feature. 1. Make sure that a proxy IP address is enabled on the filter port. 2. Make sure that a source NA T filter is set up for the port.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 197 212777-A , Februar y 2002 Matching TCP Flag s W eb OS supports packet f ilter ing b ased on any of the following TCP flags. Any filter may be set to match against more than one TCP flag at the sam e time .
Web OS 1 0.0 Applic ation Guide 198 Chapter 7 : Filtering 212777-A , Febr uary 200 2 In this network, the W eb servers inside the LAN must be able to transfer mail to any SMTP- based mail server ou t on the Internet. At the sam e time, you want to preven t access to the LAN from the Inter net, except for HTTP .
Web O S 10. 0 Application Guide Chapter 7: Filte ring 199 212777-A , Februar y 2002 2. A filter that allows SMTP traffic f rom the Internet t o pass through the switch onl y if the destination is one of the W eb servers, and the frame is an a cknowledgment (ACK) of a TCP sessi on.
Web OS 1 0.0 Applic ation Guide 200 Chapter 7 : Filtering 212777-A , Febr uary 200 2 5. A default filter is required to deny all other traf fic. 6. Apply the filters to the appr opriate switch ports.
Web O S 10. 0 Application Guide Chapter 7: Filte ring 201 212777-A , Februar y 2002 Matching ICMP Message T ypes Internet Control Mes sage Protocol (ICMP) is used for reporting TCP/IP processing errors. There are numerous types of ICMP messages, as shown in T able 7-6 .
Web OS 1 0.0 Applic ation Guide 202 Chapter 7 : Filtering 212777-A , Febr uary 200 2 The command to enable or disable ICMP message type filter ing is entered from the Advanced Filtering menu as follows : For any given filter , only one ICMP message type can be set at any one time.
212777-A , Februar y 2002 203 C HAPTER 8 Application Redirection Applica tion Redirect ion impr oves network bandwidth and prov ides uni que network s olutions.
Web OS 1 0.0 Applic ation Guide 204 Chapter 8 : Application Re direction 212777-A , Febr uary 200 2 Overv iew Most of the information downloaded from the Internet is no t unique, as clients will often access the W eb page many times for additional information or to explore other links.
Web O S 10. 0 Application Guide Chapter 8: Applicatio n Redirection 20 5 212777-A , Februar y 2002 The network need s a solution that addresses the following key concern s: n The solution mus t be readily scalable n The administrator should not need to reconfigure all the clients ’ browsers t o use proxy serve rs.
Web OS 1 0.0 Applic ation Guide 206 Chapter 8 : Application Re direction 212777-A , Febr uary 200 2 Web Cache Conf igurat ion Exam ple The following is required prior to config uratio n : n Y ou must co nnect to the W eb switch Command Line I nterface (CLI) as the administr ator .
Web O S 10. 0 Application Guide Chapter 8: Applicatio n Redirection 20 7 212777-A , Februar y 2002 2. Install transpar ent W eb cache softwar e on all thr ee W eb cache servers.
Web OS 1 0.0 Applic ation Guide 208 Chapter 8 : Application Re direction 212777-A , Febr uary 200 2 6. Set the r eal server gr oup metric to minmisses . This setting helps minimize W eb cache misses in the ev ent real servers fail or are taken out of service: 7.
Web O S 10. 0 Application Guide Chapter 8: Applicatio n Redirection 20 9 212777-A , Februar y 2002 9. Create a d efault filter . In this case, the default filter will allow all noncached traffic to proceed normally: N OTE – When the proto paramet er is no t tcp or ud p, th e n sport and dport are ignored.
Web OS 1 0.0 Applic ation Guide 210 Chapter 8 : Application Re direction 212777-A , Febr uary 200 2 13. Save yo ur new confi gurat ion ch anges. 14. Check the SLB information. Check that all SLB parameters are working according to expectation. If necessary , make any appropriate configu ration changes and the n check the information again .
Web O S 10. 0 Application Guide Chapter 8: Applicatio n Redirection 21 1 212777-A , Februar y 2002 RTSP W e b Cache Redirection W eb OS 10.0 supports W eb Cache R edirection (WCR) for Re al T i me Streamin g Protocol (R TSP). R TSP WCR is similar to HTTP WCR in configuration and in concept.
Web OS 1 0.0 Applic ation Guide 212 Chapter 8 : Application Re direction 212777-A , Febr uary 200 2 3. Configure a n R TSP redir ection filter to cache data and balance the loa d among the cache servers. 4. Configure a default allow filter to facilitate traffic.
Web O S 10. 0 Application Guide Chapter 8: Applicatio n Redirection 21 3 212777-A , Februar y 2002 IP Proxy Addresses for NA T T ransparent proxies provide the benefi ts lis ted below when used with application red irection. Application redirection is automatically enabled when a filter with the redir action is ap plied on a po rt.
Web OS 1 0.0 Applic ation Guide 214 Chapter 8 : Application Re direction 212777-A , Febr uary 200 2 The following com mands can be used to config ure the additional unique p roxy IP addresse s: N OTE – Port 9 d oes not require a pr oxy IP address with VMA enabled.
Web O S 10. 0 Application Guide Chapter 8: Applicatio n Redirection 21 5 212777-A , Februar y 2002 Excluding Noncacheable Sites Some W eb sites provide content that is not well suited for redirection to cache servers.
Web OS 1 0.0 Applic ation Guide 216 Chapter 8 : Application Re direction 212777-A , Febr uary 200 2.
212777-A , Februar y 2002 217 C HAPTER 9 V irtual Matrix Architecture V irtual Matrix Architecture (VMA) is a hy brid architecture that takes full ad vantag e of the dis- tributed processing capabilit y in Alteo n W eb swit ches.
Web OS 1 0.0 Applic ation Gu ide 218 Chapter 9 : Virtual Matrix Architecture 212777-A , Febr uary 200 2 Frames ingressing a port that has been config ured with a proxy IP add ress and the proxy option e nabled ( /cfg/slb/port x/proxy ena ) can be p rocessed usi ng a proxy IP address by any swi tch port.
212777-A , Februar y 2002 219 C HAPTER 10 Health Checking Content intelligent W eb switches allow W eb masters to cust omize ser v er health checks to ver- ify content accessibility in large W eb sites.
Web OS 1 0.0 Applic ation Gu ide 220 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 “ FTP Server Health Checks ” on page 234 . This section describes how the F ile Trans- fer Protocol (FTP) s erver is used to perfor m health checks and ex plains how to con- figure the switch to per form FTP health checks.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 221 212777-A , Februar y 2002 Real Ser ver Health C hecks Alteon W eb swit ches running Server Load Balancin g (SLB) mo nit or th e servers in th e real server gr oup and the load-balan ced application(s) ru nning on them.
Web OS 1 0.0 Applic ation Gu ide 222 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 DSR Health Checks Direct Server Return (DSR) health checks are used to ver ify the existence of a s erver -prov ided service where the server replies directly ba ck to the client without respon ding through the vir - tual server IP address.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 223 212777-A , Februar y 2002 Link Health Checks Link health check is performed at the Layer 1 (physical) level. The server is con sidered to be up when the link (co nnection ) is pr esent and the s erver is considered to b e do wn when the link is absent.
Web OS 1 0.0 Applic ation Gu ide 224 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 TCP Health Checks TCP health checks are u seful in verifying user -specific TCP applications that cannot be scrip ted.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 225 212777-A , Februar y 2002 Script-Based Health Checks The “ send/exp ect ” script-based health ch ecks dynamically verify ap plication and content availability using s cripts. These scripts ex ecute a sequence of tests to v erify application and content availability .
Web OS 1 0.0 Applic ation Gu ide 226 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 Script Format The general fo rmat for health-check scripts is s hown below: N OTE – If y ou are doing HTTP 1.1 p ipelining, you need to individually open an d close each respon se in the s cript.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 227 212777-A , Februar y 2002 Scripting Guidelines n Use generic result cod es that are standard and d efined by the RFC, as applicable. This helps ensure th at if the customer changes server software, the ser vers won ’ t start failing unexpectedly .
Web OS 1 0.0 Applic ation Gu ide 228 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 Script Exam ple 2: GSL B URL Healt h Chec k In earlier W eb OS releases, each rem ote Global Server Load Balancing site ’ s virtual se rver IP address was r equired to be a real serv er of the local switch.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 229 212777-A , Februar y 2002 Script-based health checking is intelli gent in that it will only send the appro priate requests to the relevant servers. In the example above, the first GET statement will only be sent to Real Server 1 and Real Server 2.
Web OS 1 0.0 Applic ation Gu ide 230 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 Application-Sp ecific He alth Chec ks Application-specific health check s include the following application.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 231 212777-A , Februar y 2002 HTTP Health Checks HTTP-based health checks can include the hostnam e for HOST: headers. The HOST: head er and health c heck URL are constructed from the following comp onents: If the HOST: header is required, an HTTP/1.
Web OS 1 0.0 Applic ation Gu ide 232 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 Health check is per formed using: GET /index.html HTTP/1.1 Host: jansus Exampl e 4: hname = (none) dname = (none) content = index.html Health check is per formed using: GET /index.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 233 212777-A , Februar y 2002 UDP-Based DNS Health Checks W eb OS 10.0 supports UDP-based health checks alon g with TCP health checks, and per forms load-balan cing based on TCP and UDP pro tocols.
Web OS 1 0.0 Applic ation Gu ide 234 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 FTP Server Health Checks The Internet File T ransfer Protoco l (FTP) provides facilities for trans ferrin g files to and f rom remote computer systems. Usually the user transfer ring a file needs authority to lo gin and access files on the remote system.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 235 212777-A , Februar y 2002 POP3 Server Health Check s The Post Office Pro tocol - V ersion 3 (POP3) i s intended to permit a works tation to dy nami- cally access a maildrop on a server host.
Web OS 1 0.0 Applic ation Gu ide 236 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 SMTP Server Health Checks Simple Mail T ransfer Protocol is a pr otocol to transfer e-mail messag es between servers reli- ably and ef ficiently . This pr otocol traditionally operates over TCP , port 25 and is docu mented in RFC 821.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 237 212777-A , Februar y 2002 IMAP Serve r Health Checks Internet Message Acces s Protocol (IMAP) is a mail server proto col used between a client sys- tem and a mail server that allows a user to retrieve and manipulate mail messages.
Web OS 1 0.0 Applic ation Gu ide 238 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 NNTP Server Health Checks Net News T ransfer P rotocol (NNT P) is a TCP /IP protoco l based upo n text st rings se nt bidirec- tionally over 7 bit ASCII TCP channels, and listens to port 1 1 9.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 239 212777-A , Februar y 2002 RADIUS Server Health Checks The Remote Authentication Dial-In User Service (RADIUS) protocol is used to authenticate dial-up users to Remo te Access Servers (RASs ) and the client applicati on they will use d uring the dial-up connection.
Web OS 1 0.0 Applic ation Gu ide 240 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 Configuring the Switch for RADIUS Secret a nd Password RADIUS is stateless and uses UDP as its tran sport protocol.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 241 212777-A , Februar y 2002 WSP Cont ent Healt h Checks W ireless Session Protocol content health checks can be configured in two modes: connection- less and co nnection-or iented. Con nectionless WSP runs on U DP/IP prot ocol, port 920 0.
Web OS 1 0.0 Applic ation Gu ide 242 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 4. Enter the WSP port. 5. Set the offset v alue. 6. Because W AP gateways ar e UDP-based and operate on a UDP port , configure UDP ser- vice in the virtual server menu.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 243 212777-A , Februar y 2002 Configu r in g t he Swi tch for WTLS H ealth Che cks 1. Select the gro up with the W AP gateway . 2. Use the sndcnt command to enter the content t o be sent to the WSP gateway .
Web OS 1 0.0 Applic ation Gu ide 244 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 Configuring the Switch for LDAP Health Checks Configure the switch to v erify if the LDAP s erver is alive. 1. Select the health check menu for the real s erver group.
Web OS 10.0 App lication G uide Chapter 10 : Health Che cking 245 212777-A , Februar y 2002 ARP Health Checks Address Resolu tio n Protocol (ARP) is th e TCP/ IP protocol that resid es within the Internet layer . ARP resolves a phys ical addres s fro m an I P addres s.
Web OS 1 0.0 Applic ation Gu ide 246 Chapter 1 0: Health Checking 212777-A , Febr uary 200 2 Failure T ypes Service Failure If a certain number of connection requests f or a particu lar ser vice fail, the session switch places the service into the ser vice failed state.
212777-A , Februar y 2002 247 C HAPTER 11 High A vailability Alteon W eb switches support h igh-availability n etwork topolo gies through an enhanced i mple- mentation o f the V irtua l Router Redun dancy Protoco l (VRRP). The following topics are discussed in this chapter: n “ VRRP Overview ” on page 248 .
Web OS 1 0.0 Applic ation Guide 248 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 VRRP Overview In a high-availability network topology , no de vice can create a single point- of-failure for the network o r force a sing le point-of- failure to any other part of t he network.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 249 212777-A , Februar y 2002 Virtual Route r MAC Addr ess The VRID is used to build the virtual r outer MAC Addr ess . Th e five highes t-order octets of t he virtual router MAC Addres s are the stan dard MAC prefi x (00-00-5E-0 0-01) defined in RFC 2338.
Web OS 1 0.0 Applic ation Guide 250 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 The Alteon W eb switches in Figure 1 1- 1 hav e been configured as VRRP routers.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 251 212777-A , Februar y 2002 VRRP Operation The host sh own i n F igure 1 1- 1 is configured with the virtual interface ro uter ’ s IP address as its default gateway . The master for wards packets destined to remote subnets and responds to ARP requests.
Web OS 1 0.0 Applic ation Guide 252 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 Active-S t andby Failover The previ ous text de scribed the us e of a group of VRRP rout ers to form a single virtu al inter- face router .
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 253 212777-A , Februar y 2002 Failover Methods W ith service availability becoming a major concern on the Interne t, service providers are increasingly deploy ing Internet traff ic control devices, such as W eb switches, in red undant configurations.
Web OS 1 0.0 Applic ation Guide 254 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 Active-S t andby Redundancy In an active-s tandby configuration, shown in Figu re 1 1-4 , two W e b sw itches are used. Both switches support active traf fic but are configured so that they do not simultaneously s upport the same service.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 255 212777-A , Februar y 2002 Active-Active Redundancy In an active-active co nfiguration, two W eb switches pr ovide redundancy f or each other , with both active at the s ame time for the same services.
Web OS 1 0.0 Applic ation Guide 256 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 Hot-St andby Redundancy In a hot-standby conf iguration, Spanning T ree Protocol (STP) is not needed to elimi nate bridge loops. This speeds up f ailover when a switch fails.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 257 212777-A , Februar y 2002 Virtual Route r Group The virtual router group ties all of the virtual routers together as a sin gle entity and is central to the hot-s tand by config uration .
Web OS 1 0.0 Applic ation Guide 258 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 When the hotstan option ( /cfg/slb/port x/hotstan ) is enabled and all hot-st andb y port s h ave l i nk, the vi r tual rout er gr ou p's pr ior ity i s a utom a tica l ly in cre me nted by the “ track other virtu al r outer s ” value.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 259 212777-A , Februar y 2002 W eb OS Extensions to VRRP This section desc ribes the following VRRP enhancemen ts that are implemented i.
Web OS 1 0.0 Applic ation Guide 260 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 Sharing/Active-Acti ve Failover W e b OS s upp orts shar ing o f i n ter faces at bo th Lay er 3 a nd La yer 4 , as sh own i n Figure 11 -7 .
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 261 212777-A , Februar y 2002 When sharing is en abled, the mast er election process still o ccurs.
Web OS 1 0.0 Applic ation Guide 262 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 Each tracked par ameter has a user- configurable weight ass ociated with it.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 263 212777-A , Februar y 2002 High A vailability Configurations Alteon W eb swit ches offer flexibility in implementing redundant configu rati ons.
Web OS 1 0.0 Applic ation Guide 264 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 T o implement the active-standby ex ample, perform the followin g switch configuration: 1. Configure the appr opriate Layer 2 and Layer 3 parameters on both switches.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 265 212777-A , Februar y 2002 Active-Active VIR and VSR Configuratio n Figure 1 1-9 two Alteon W eb switches are used as VRRP routers in an active-active con figura- tion implementing a v irtual server router .
Web OS 1 0.0 Applic ation Guide 266 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 T o implement this example, configure the switches as follows: 1. Configure the appr opriate Layer 2 and Layer 3 parameters on both switches. This configuration includes any requ ired VLANs, IP interfaces, default gateways, and so on.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 267 212777-A , Februar y 2002 Active/Active Server Load Balancing Configuration In this exampl e, you set up fou r virtual servers each load balancing two server s providing one service (for example, HTTP) per virtua l server .
Web OS 1 0.0 Applic ation Guide 268 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 2. Define the VLANs. In this conf iguration , set up two VL ANs: One for the outs ide world (the por ts co.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 269 212777-A , Februar y 2002 T ask 2 : SLB Conf ig uratio n 1. Define the Real Servers. The real server IP addresses are defined and put into fo ur groups, d epending on the ser vice they are runn ing.
Web OS 1 0.0 Applic ation Guide 270 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 3. Define the virtual servers. After defining the virtual server IP addresses an d associating them with a real s erver group number , you must tell the switch which IP por ts/s ervices/sockets you want to load balan ce on each VIP .
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 271 212777-A , Februar y 2002 T ask 3: V irtual Router R edundan cy Configur ation 1. Configure virtual routers 2, 4, 6, and 8. These virtual routers will have the same IP addresses as the virtual server IP add ress.
Web OS 1 0.0 Applic ation Guide 272 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 3. Set the r enter priority for each virtual r outer . Since you want Switch 1 to be the mast er router , .
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 273 212777-A , Februar y 2002 T ask 4: Conf iguring Sw itch 2 Use the f ollowing procedur e to dump the conf iguration sc ript (text dum.
Web OS 1 0.0 Applic ation Guide 274 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 3. Scroll to the bottom of th e text file and del ete an ythin g past “ Script End. ” 4. Save the ch anges to the text file as “ Customer Name ” Swi tc h 2.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 275 212777-A , Februar y 2002 VRRP-Based Hot-S t a nd by Configu ration A hot-st andby configu ration allows all processes t o failover to a b ackup switch if any type of failure s hould occur .
Web OS 1 0.0 Applic ation Guide 276 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 By reducing comple xity to a s ing le subnet and not requi ri ng rou ting ( L3) , hot-st andby can be used.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 277 212777-A , Februar y 2002 V i rtual Router Deployment Consi derations Review the f ollowing iss ues described i n this section t o p.
Web OS 1 0.0 Applic ation Guide 278 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 Eliminating Loops with STP a nd VLANs VRRP active/active failo ver is significantly different from the hot-st andb y failo ver method supported in previo us releas es.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 279 212777-A , Februar y 2002 Using S pan ning T ree Pr otocol to Eliminat e Loops VRRP gen erally requires S panning T ree Protocol (S TP) to be enabl ed in order t o resolve brid ge lo ops t hat us ual ly occ ur in cros s-re dunda nt to polog ies, as sh own in Figure 11- 12 .
Web OS 1 0.0 Applic ation Guide 280 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 Assigning VRRP Virtual R outer ID During the software upgrade process, VRRP virtual r outer ID s will be automatically assig ned if failover is en abled on the switch.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 281 212777-A , Februar y 2002 If one ser ver attached to W eb switch 1 fails, th en W eb switch 1 ’ s prio rity w ill be redu ced by 6 to 123 . Since 123 is gr eater than 120 (W eb switch 2 ’ s priorit y), W eb switch 1 will rem ain the master .
Web OS 1 0.0 Applic ation Guide 282 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 Synchronizing Confi gurati ons As noted above, each VRRP-capab le switch is autonomo us. Switches in a virtua l router need not be identica lly configu red. As a result, confi gu rations ca nno t be synchronize d automati ca lly .
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 283 212777-A , Februar y 2002 S t ateful Failover of Layer 4 and Layer 7 Persistent Sessions W eb OS provides s tateful failover of content-intelli gent pers istent session state and Layer 7 persistent session s tate.
Web OS 1 0.0 Applic ation Guide 284 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 What Happens When a Switch Fails Assume that the us er performing an e-co mmerce transaction h as selected a number o f items and placed them in the shopping cart.
Web O S 10. 0 Application Guide Chapter 11: High Avail abili ty 285 212777-A , Februar y 2002 S tat eful Failover Co nfigurati on Exam ple After the V RRP setup, perf orm the foll owing additional steps to enab le stateful failo ver on the switches. On the Master Switch 1.
Web OS 1 0.0 Applic ation Guide 286 Chapter 1 1: High Availability 212777-A , Febr uary 200 2 V iewing St atistics on Persis tent Port Sess ions Y ou can view statistics on persisten t por t ses sions using the /stats/slb/ssl comm and. T o deter mine which switch is the master and wh ich is the backup , use the /info/vrrp command.
212777-A , Februar y 2002 287 Part 3: Advanced W eb Switching W eb OS can parse requ ests and classify flows using URLs, host tags, and coo kies so that each request can be is olated an d treated intelligently .
Web OS 1 0.0 Applic ation Gu ide 288 Advanc ed Web Switchin g 212777-A , Febr uary 200 2.
212777-A , Februar y 2002 289 C HAPTER 12 Global Server Load Balancing This chapt er provides information for configuri ng Global Server Load Ba lancing (GSLB) across multiple geographic sites.
Web OS 1 0.0 Applic ation Gu ide 290 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 GSLB Overview GSLB allows bala ncing ser ver traffic load across multiple physical sites.
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 29 1 212777-A , Februar y 2002 How GSLB W orks GSLB is based on t he Dom ain Name System (D NS) and proxi mity by sourc e IP address. In the exam ple in Figu re 12-1 , a client is using a browser to view the W eb site for t he Foo Corporati on at “ ww w .
Web OS 1 0.0 Applic ation Gu ide 292 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 4. The California W eb switch responds to the DNS r equest, listing the IP address with the current best service. Each switch with GSLB software is cap able of responding to the client ’ s name resolu tion request.
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 29 3 212777-A , Februar y 2002 Configuring GSLB Config uring GSLB is simp ly an exten sion of t he configurat ion proced ure for S LB. The proc ess is summarized as follows : n Use the administrator login to connect to th e switch you want to configure.
Web OS 1 0.0 Applic ation Gu ide 294 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 Exampl e GSL B T opology Consider the following example n etwork: Figure 12-2 GSLB T opology Ex ample In the following examples, many of the options are left to their default values.
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 29 5 212777-A , Februar y 2002 T ask 1 : Config ure th e Basics a t the Ca liforni a Site 1. If the Bro wser- Based Interface (BBI) is to be used for managing the Ca lifornia switch, change its service port.
Web OS 1 0.0 Applic ation Gu ide 296 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 T ask 2 : Con figure t h e Califor nia S wit ch for S tan dard SL B 1. Assign an IP addr ess to each of the r eal servers in the local California server pool.
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 29 7 212777-A , Februar y 2002 4. On the California switch, define a virtual server . All client requests will be addr essed to a virtual server IP address defined o n the swit ch.
Web OS 1 0.0 Applic ation Gu ide 298 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 T ask 3 : Con figure t h e Califor nia S ite for GS LB 1. On the California switch, define each r emote site. When you start config uring at the California site, Calif ornia is local and Denver is remote.
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 29 9 212777-A , Februar y 2002 3. On the California switch, define the domain name and host name for each service hosted on each virtual server . In this exampl e, the domain name for th e Foo Corporation is “ fooco rp.
Web OS 1 0.0 Applic ation Gu ide 300 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 2. On the Denver switch, define an IP interface. 3. On the Denver switch, define the defa ult gateway . 4. Configure the loca l DNS server to recog nize the local GSLB switch as the authoritative name server for the hosted services.
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 30 1 212777-A , Februar y 2002 3. On the Denver switch, define a r eal server gr oup. 4. On the Denver switch, define a virtual server . 5. On the Denver switch, define the type of L ayer 4 processing ea ch port mu st support.
Web OS 1 0.0 Applic ation Gu ide 302 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 T ask 6: Configure the Denver Site fo r GSLB Following the same procedure d escribed f or Californi a (see “ T ask 3: Conf igur e the Ca lifo rnia Site for GSLB ” on p age 2 98 ), configure the Denver site as follows: 1.
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 30 3 212777-A , Februar y 2002 For example : N OTE – T ake care to note where each configured value or iginates or this step can result in impr o per c onfi g urat i on.
Web OS 1 0.0 Applic ation Gu ide 304 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 IP Proxy for Non -HTTP Redi rect s T ypically , client req u est s for HTTP ap p lic ati o ns ar e au t om at i ca lly re di rect ed to the lo c atio n with the best resp onse and least load for t he re quested con te nt .
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 30 5 212777-A , Februar y 2002 T able 12-5 ex plains the packet -flow process in detail. In this example, the init ial DNS request from the client reach es Site 2, but Site 2 has no available services.
Web OS 1 0.0 Applic ation Gu ide 306 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 The following pr ocedure explains the three-way h andshake between the two sites and th e cli- ent for a no n-HTTP application (POP3).
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 30 7 212777-A , Februar y 2002 Configuring Proxy IP Addresses Refer to the examp le starting on p age 294 and Figure 12-4 , t.
Web OS 1 0.0 Applic ation Gu ide 308 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 V erifying GSLB Op eration n Use y our b rowser to re quest the con figur ed ser vice ( www.foocorp.com in the previous example ). n Examine the /info/slb inf ormation on each switch.
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 30 9 212777-A , Februar y 2002 Figure 12 -5 illustrates GSLB p roximity tables.
Web OS 1 0.0 Applic ation Gu ide 310 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 Client A, with a source IP address of 205 .17 8.13.10 , initiates a request that is s ent to th e local DNS server . The local DNS server is configured to forward requests to the DNS server at Site 4.
Web OS 10.0 App lication G uide Chapter 12: Gl obal Server Load Bala ncing 31 1 212777-A , Februar y 2002 Use the following comman ds to configure a prox imity table on the W eb switch at Site 4: N OTE – For each client subnet, add only one static entry .
Web OS 1 0.0 Applic ation Gu ide 312 Chapter 1 2: Global Server Load Balancin g 212777-A , Febr uary 200 2 Using Border Gateway Pro tocol for GSLB Border Gateway Protocol ( BGP )-based GSLB utilizes the In ter net ’ s routing prot ocols to local- ize content delivery to the most efficien t and consistent site.
212777-A , Februar y 2002 313 C HAPTER 13 Firewall Load Balancing Firewall Load Balancing ( FWLB ) with Alteon W eb switches allows multip le active firewalls to operate in parallel.
Web OS 1 0.0 Applic ation Gu ide 314 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 Firewa ll Ov ervie w Firewall devices have beco me indispens able for protect ing network resources f rom unautho- rized access. Prior to FWLB, h owever , firewalls could become cr itical bottlenecks or single points-of-failu re for your netwo rk.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 315 212777-A , Februar y 2002 Alteon W eb switches su pport the f ollowing methods of F WLB: n Basic FWLB for simple networks This method uses a combination of s tatic routes and redirectio n filters and is usually emplo yed i n smal l e r net work s.
Web OS 1 0.0 Applic ation Gu ide 316 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 Basi c FWLB The basic FWLB method uses a combination of s tatic routes and redirection filters to allow multiple active firewalls to o perate in parallel.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 317 212777-A , Februar y 2002 Basic FWLB Implement ation In this exampl e, traffic is load balanced among the available firewalls . Figure 13-3 Basic FWLB Pr ocess 1. The client requests data.
Web OS 1 0.0 Applic ation Gu ide 318 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 4. The firewa lls decide if they should allow the packets and, if so, forwa rds them to a virtual server on the clean-side W eb switch. Client requests are f orwarded or discarded acco rding to rules conf igured for each firewall.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 319 212777-A , Februar y 2002 Configuring Basic FWLB The steps for configuring basic FWLB are provid ed below .
Web OS 1 0.0 Applic ation Gu ide 320 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 3. Configure the clean-s ide IP interface as if they wer e real servers on the dirty side. Later in this procedure, you ’ ll configure o ne clean-side IP interface on a dif ferent subnet for each firewall path being load balanced.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 321 212777-A , Februar y 2002 8. Create a filter to allow local subnet traffic on the dirty side of the fir ewalls to rea ch the firewall interfaces . 9. Create t he FWLB redir ection filter .
Web OS 1 0.0 Applic ation Gu ide 322 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 Config ur e the Clea n-Side Web Switch 1. Define the clean-side IP interfaces. Create one clean-side I P interface on a diff erent subnet for each firewall being load balanced.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 323 212777-A , Februar y 2002 4. Set the health check type for the real server group to ICMP . 5. Set the load-balancing metric for the r eal server gr oup to hash . N OTE – The clean- side W eb switch must use the same metric as defined on the dirty side.
Web OS 1 0.0 Applic ation Gu ide 324 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 10. Place the real serv ers into a re al server gro up. 11 . Configure ports 4 and 5, which are connected to the real servers , for server pr ocessing.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 325 212777-A , Februar y 2002 15. Add the filters to the in gres s ports for the outbound packets. Redirection filters are needed on all the ingr ess p orts on the clean-side W eb switch.
Web OS 1 0.0 Applic ation Gu ide 326 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 Four-Subnet F WLB The four -subnet FWLB m eth od is o ften deployed in lar ge networks t hat r e quire high-avail abi l - ity solutions.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 327 212777-A , Februar y 2002 As sh own in Figure 13- 5 , the network is divided into four sections : n Subnet 1 includes all equipment between the exterior routers and dirty-side W eb switches.
Web OS 1 0.0 Applic ation Gu ide 328 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 1. Incoming traffic converg es on the primary dirty-side W eb switch. External traf fic arrives through redundant routers . A set of interconnected sw itches ensures that both rou ters have a path to each d irty-side W eb switch.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 329 212777-A , Februar y 2002 Configuring Fou r-Subnet FWLB An example network for four-subnet FWLB is il lustrated in Figure 13-7 .
Web OS 1 0.0 Applic ation Gu ide 330 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 Config ure the Router s The routers must be configured with a static route to the destination services being accessed by the external clients.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 331 212777-A , Februar y 2002 Configure Co nn ectivity for the Primary Dirty-Si de Web Switch 1. Configure VLANs on the primary dirty-side W e b swit ch . T wo VLANs are required. VLAN 1 includ es port 1, for the Intern et connection.
Web OS 1 0.0 Applic ation Gu ide 332 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 4. Configure s tatic routes on t he primary dirty-side W eb switch.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 333 212777-A , Februar y 2002 Config ure Connec t ivity f or the Seco ndary Dirty-Sid e Web Swi tch Except f or th e IP inter fa ce s, th is con fi gur ati o n is iden ti cal to the primary di rt y-side W eb switc h.
Web OS 1 0.0 Applic ation Gu ide 334 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 Config ur e Conn ec tivity f or the P rim ary Clea n-Side Web Sw it ch 1. Configure VLANs on the prim ary clean-side W e b sw itch. T wo VLANs are required.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 335 212777-A , Februar y 2002 4. Configure s tatic routes on the primary clean-side W eb switch.
Web OS 1 0.0 Applic ation Gu ide 336 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 2. Configure I P interfaces on the secondary clean-side W eb switch. 3. T urn STP off for the secondary clean-side W eb switch. 4. Configure s tatic routes on the secondary clean-side W eb switch.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 337 212777-A , Februar y 2002 V erify Proper C onnectivity T o verify proper configur atio n up to this point, use the ping option to test netwo rk conn ect iv- ity .
Web OS 1 0.0 Applic ation Gu ide 338 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 Complete the Co nfiguration o f the Primary Dirty-Si de Web Switch 1. Create a n FWLB real server group on the primary dirty-side W eb switch. A real server group is used as the tar get for th e FWLB redirection filter .
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 339 212777-A , Februar y 2002 2. Create t he FWLB filters. Three filters are required on the port attaching to the routers: n Filter 10 prevents local traf fic from being redirected.
Web OS 1 0.0 Applic ation Gu ide 340 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 3. Configure VRRP on the primary dirty-side W eb switch. VRRP in this example re quir es two virtual routers – one for the subnet attached to the router s, and one fo r the subnet attached to the firewalls.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 341 212777-A , Februar y 2002 Complete the Co nfiguratio n o f the Primary Clean-Sid e Web Switch 1. Create a n FWLB real server group on the primary clean-side W eb switch. A real server group is used as the target for the FWLB redirection filter .
Web OS 1 0.0 Applic ation Gu ide 342 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 2. Create a n SLB real server group on the primary clean-s ide W eb switch, to which traffic will be load-bala nced. The external clients intend to connect to HTTP services at a publicly advertised IP addr ess.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 343 212777-A , Februar y 2002 3. Create t he FWLB filters on the primary clean-side W eb switch. Three filters are required on the port attaching to the real servers: n Filter 10 prevents local traf fic from being redirected.
Web OS 1 0.0 Applic ation Gu ide 344 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 4. Configure VRRP on the primary clean-side W eb sw itch. VRRP in th is example r equires two v irtual routers to be conf igured – one for th e subnet attached to the real serv ers, and one for the subnet attached to the fir ewalls.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 345 212777-A , Februar y 2002 5. Configure the peer on t he primary clean-side W eb switch. 6. Apply and s ave your config uration chang e s . 7. Synchronize primary an d secondary dirt y- side W eb swit ches.
Web OS 1 0.0 Applic ation Gu ide 346 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 Advanced FWLB Co ncept s Free-Metric FWLB Free-metric FWLB allows to you us e load-balancing metrics other than hash , s uch as leastconns , roundrobin , minmiss , response , and bandwidth for more versatile FWLB.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 347 212777-A , Februar y 2002 3. On the dirty-side W eb switch, set the FWLB metric. Any of the fo llowing load-balancing metrics can be used: hash , l eastconns , roun- drobin , minmiss , response , an d bandwidth .
Web OS 1 0.0 Applic ation Gu ide 348 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 T o use free-metric FWLB in this network, th e following configuration chang es are necessary . 1. On the clean-side W eb switches, enable RTS o n the ports attached to the firewalls (port 3) and on the interswitch port (port 9).
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 349 212777-A , Februar y 2002 Adding a Dem ilit arized Zon e (DMZ) Implementing a DMZ in conjunction with firewall lo ad balancing enables the W eb swit ch to do the traffic filtering, off-loading this task from the firewall.
Web OS 1 0.0 Applic ation Gu ide 350 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 Y ou could ad d the filters requ ired for the DMZ (to each W eb switch) as follows: 1. On the dirty-side W eb switch, cr eate the filter to allow HTTP traffic to r each the DMZ W eb servers.
Web OS 10.0 App lication G uide Chapter 13: Firewall Load Balanci ng 351 212777-A , Februar y 2002 Firewall Health Che cks Basic FWLB health checkin g is automatic. No special configu ration is necessary unless you wish to tune the health ch ecking parameters.
Web OS 1 0.0 Applic ation Gu ide 352 Chapter 1 3: Firewall Load Balancing 212777-A , Febr uary 200 2 Using HTTP Health Checks For thos e firewalls t hat do not permi t ICMP ping s to pass t hrough, W eb swit ches can be con - figu r ed to pe rfo rm HTT P hea lth ch ecks, as des cribe d bel ow .
212777-A , Februar y 2002 353 C HAPTER 14 V irtual Private Network Load Balancing The VPN (V irtual Private Network) load balanci ng feature in W eb OS 10.
Web OS 1 0.0 Applic ation Gu ide 354 Chapter 1 4: Virtual Private Network Load Balancing 21277 7-A, Febr uary 2002 Overv iew V irtual Private Networ ks A VPN is a connection that has the appearance and advan tages of a dedicated link, but it occurs over a s har ed n etwork.
Web OS 10.0 App lication G uide Chapter 14: Virtual Private Network Load Balancing 355 212777-A , Februar y 2002 Figure 14-1 Basic Ne twork Frame Flow and Operation The basic steps th at occur at the switches when a request arrives from the I nternet are desc ribed bel ow : 1.
Web OS 1 0.0 Applic ation Gu ide 356 Chapter 1 4: Virtual Private Network Load Balancing 21277 7-A, Febr uary 2002 VPN Load-Balancing Configuration Requirement s n Configure the switch wi th fir ewall lo ad balancing. For more informatio n, see “ Firewall Load Balancing ” on page 313 .
Web OS 10.0 App lication G uide Chapter 14: Virtual Private Network Load Balancing 357 212777-A , Februar y 2002 Configure the First Clean-Side Sw itch (CA) 1. Tu r n o f f B O O T P. 2. Define and enable VLAN 2 for po rts 7, and 8. 3. T urn off S panning T ree Pr otocol (STP).
Web OS 1 0.0 Applic ation Gu ide 358 Chapter 1 4: Virtual Private Network Load Balancing 21277 7-A, Febr uary 2002 One static route is requ ired for each VPN device be ing load balanced. 6. Configure VRRP for virtual r o uters 1 and 2. >> # /cfg/ip/route >> IP Static Route# add 10.
Web OS 10.0 App lication G uide Chapter 14: Virtual Private Network Load Balancing 359 212777-A , Februar y 2002 7. Enable Server Load Balancing (SLB) on the first clea n switch. 8. Configure r eal servers for health checking VPN devices. 9. Config ure r eal server gr oup 1, and add r eal servers 1 , 2, 3, and 4 to the gr oup.
Web OS 1 0.0 Applic ation Gu ide 360 Chapter 1 4: Virtual Private Network Load Balancing 21277 7-A, Febr uary 2002 Config ur e the Se cond Cl ea n-Sid e Switch (CB ) 1. T urn of f bootp. 2. Define and enable VLAN 2 for ports 7 and 8. 3. T urn off S panning T ree Pr otocol.
Web OS 10.0 App lication G uide Chapter 14: Virtual Private Network Load Balancing 361 212777-A , Februar y 2002 6. Configure V irtual Router Redun dan cy Protocol (VRRP) for virtual r outers 1 and 2. 7. Enab le SLB. 8. Configure r eal servers for health checking VPN devices.
Web OS 1 0.0 Applic ation Gu ide 362 Chapter 1 4: Virtual Private Network Load Balancing 21277 7-A, Febr uary 2002 11 . En ab le fil ter processing on the serv er po rts so that the response from the r e a l server will be looked up in VPN session table.
Web OS 10.0 App lication G uide Chapter 14: Virtual Private Network Load Balancing 363 212777-A , Februar y 2002 6. Configure VRRP for virtual r outers 1 and 2. 7. Enab le SLB. 8. Configure r eal servers for health-checking VPN devices. 9. Enable t he real s erver gr oup.
Web OS 1 0.0 Applic ation Gu ide 364 Chapter 1 4: Virtual Private Network Load Balancing 21277 7-A, Febr uary 2002 10. Configure the filters to allow lo cal subnet traffic on the dirty side of the VPN device t o reach the VPN device interfa ces. 11 . Create a filter to allow the m anagem ent firewall (Policy S erver) to reach th e VPN firewall .
Web OS 10.0 App lication G uide Chapter 14: Virtual Private Network Load Balancing 365 212777-A , Februar y 2002 Configure the Se cond Dirty-Side WebSwitch (DB) 1. Tu r n o f f B O O T P. 2. Define and enable VLAN 2 for ports 7 and 8. 3. Tu r n o f f S T P.
Web OS 1 0.0 Applic ation Gu ide 366 Chapter 1 4: Virtual Private Network Load Balancing 21277 7-A, Febr uary 2002 6. Configure VRRP for virtual r o uters 1 and 2. 7. Enab le SLB. 8. Configure r eal servers for health checking VPN devices. 9. Enable the r eal server gr oup, and place r eal servers 1-4 into the r eal server group.
Web OS 10.0 App lication G uide Chapter 14: Virtual Private Network Load Balancing 367 212777-A , Februar y 2002 10. Configure the filters to allow lo cal subnet traffic on the dirty side of the VPN device t o reach the VPN device interfa ces. 11 . Create the r edirection filter and enable fir ewall load balancing.
Web OS 1 0.0 Applic ation Gu ide 368 Chapter 1 4: Virtual Private Network Load Balancing 21277 7-A, Febr uary 2002 T est Co nfigur ations and Ge ne ral T opology The switches should b e able to health check each other , and all switches should see fo ur real servers up.
Web OS 10.0 App lication G uide Chapter 14: Virtual Private Network Load Balancing 369 212777-A , Februar y 2002 T est the VPN 1. Launch the SecuRemote client on the dirty side of the network. 2. Add a new site. 3. Enter the p olicy server IP a ddress : 192.
Web OS 1 0.0 Applic ation Gu ide 370 Chapter 1 4: Virtual Private Network Load Balancing 21277 7-A, Febr uary 2002 7. Y ou will see a message verifying that you were authenticated. 8. Browse to t he W e b sit e. If there are other services running on other servers in the intern al network, you s hould also be able to reach those services.
212777-A , Februar y 2002 371 C HAPTER 15 Content Intelligent Switching This chapter discusses advanced load balancing so lu tio ns utilizing Layer 7 content switching.
Web OS 1 0.0 Applic ation Gu ide 372 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Overv iew Alteon W eb switches performs conten t intelligent switching by processing numerou.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 373 212777-A , Februar y 2002 Parsi ng Co ntent Examining sess ion content places heavier demand s upon the W eb switch than examining TCP/IP headers f or the following reason s: n Content is non- deterministic.
Web OS 1 0.0 Applic ation Gu ide 374 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 HTTP Header Inspecti on Content intelligent sw itch ing is performed by inspecting HTTP headers. HTTP headers include additional information abo ut requests and responses.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 375 212777-A , Februar y 2002 Content I ntelligent Server Load Balancing W eb OS allows you t o load balance H TTP requests .
Web OS 1 0.0 Applic ation Gu ide 376 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Figure 15-2 URL- Base d Serve r Load Ba lancing Confi guring UR L-Based Se rver Lo ad Bala ncing T o con figu re UR L-ba s ed SLB , per for m the f o llo w ing st eps : 1.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 377 212777-A , Februar y 2002 2. Define the string(s) to be us ed f or URL load balancing. n add : Add s tring or a pa th. n rem : Remo ve s t ring or a path . A default string “ any ” indicates that the particular server can handle all URL or W eb-cache requests.
Web OS 1 0.0 Applic ation Gu ide 378 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 3. Apply and s ave your config uration chang e s . 4. Identif y the defined st ring IDs. For easy configur ation and identification, each defined string has an ID attached, as sho wn in the following example: Number of entries: si x 5.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 379 212777-A , Februar y 2002 7. Enab le SLB on th e switc h . 8. Enable DAM on the switch or configur e a proxy IP addr ess on the client port.
Web OS 1 0.0 Applic ation Gu ide 380 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 V irtual Hosting W eb OS allows individuals and com panies to have a pres ence on the Internet in the form of a dedicated W eb site address. For ex ample, you can have a “ www .
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 381 212777-A , Februar y 2002 Virtual Hosting Configu ration Overvi ew The sequence of events for configuring virtual hosting based on HTTP Host: headers is desc ribed bel ow : 1.
Web OS 1 0.0 Applic ation Gu ide 382 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Confi guring t he “Host” H eader f or V irtua l Hosting T o support virtual hos ti ng, confi g ure the s witch for Hos t header -based load balanci ng wi th the followi ng procedure: 1.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 383 212777-A , Februar y 2002 Cookie-Based Preferential Load Balancing Cookies can be u sed to provide preferen tial services for custo mers, ensuring that certain users are of fered better access to r esources than other users when site resources are scarce.
Web OS 1 0.0 Applic ation Gu ide 384 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Configu ring Co okie-Based Preferen tial Load Balancin g T o configure cook ie-based prefer ential load bal ancing, perform the following procedure.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 385 212777-A , Februar y 2002 Examp le : n Real Server 1: “ Gold ” h andles gold req uests. n Real Server 2: “ Silver ” ha ndles silver request. n Real Server 3: “ Bronze ” h andles bronze request.
Web OS 1 0.0 Applic ation Gu ide 386 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Brow ser-Smart L oa d Balanc ing HTTP requests can be directed to differen t servers based on b rowser type by inspecting the “ User -Agent ” header .
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 387 212777-A , Februar y 2002 URL Hashing for Server Load Balancing By default, hash ing algorithms use the IP source address and/or IP destination address (depending on the application area) to determine content location.
Web OS 1 0.0 Applic ation Gu ide 388 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 T o configure U RL hashing, perform the foll owing procedu re: 1.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 389 212777-A , Februar y 2002 Header Hash Load Balancing W eb OS allows you t o hash on any selected HTTP header . T o configure the W eb switch for load balan cing based on header hash, perf orm the follo wing procedure: 1.
Web OS 1 0.0 Applic ation Gu ide 390 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 DNS Loa d Balancing The Internet name r egistry has become s o lar g e that a single s erver cann ot keep tr ack o f all th e entries. This is resolved by splitt ing the registry and saving it on dif ferent servers.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 391 212777-A , Februar y 2002 T o configure the s witch for DNS lo ad balancing, perform the fo llowing proced ure: 1.
Web OS 1 0.0 Applic ation Gu ide 392 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Number of entries: fiv e 7. Add the defined string IDs to the real server using the following co mmand: N OTE – If you do n' t add a defined st r in g (or add the defin ed st rin g “ any ” ) the server will han- dle any request.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 393 212777-A , Februar y 2002 T o configure R TSP load balanci ng using pattern matchi ng, follow this procedure: 1. Add the URL string. n Y ou can remove the URL st ring by perfo rming the fol lowing: n Y ou can rename the URL str ing by perfor ming the fo llowing: 2.
Web OS 1 0.0 Applic ation Gu ide 394 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Content Intelligent W e b Cache Redirection W eb OS allows you to r edi rect W eb cac he re quests based o n d if f erent H TTP header information, such as “ Host: ” head er o r “ User-Age nt ” for browser -smart load balancing.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 395 212777-A , Februar y 2002 URL-Based Web Cache Redirection URL p ars i ng fo r W eb Cache Redirection operat es in a man ner si mil ar to URL- base d ser ver load balancing except that in WCR a virtual serv er on the sw itch is the target of all IP/HTTP requests .
Web OS 1 0.0 Applic ation Gu ide 396 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 The switch is preconfigured with a list of 13 noncacheable items that you can add to, delete, or modify .
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 397 212777-A , Februar y 2002 Networ k Address T ranslation Options URL-based W CR support s three types of Network Ad dress T ranslation ( NA T): No NA T , Half N A T, a n d F u l l N A T.
Web OS 1 0.0 Applic ation Gu ide 398 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 3. Configure the para meters and file extensions that bypass WCR. The switch is precon figured with a list of 13 n oncacheable items: n Dynamic content files : Common gateway interface files (.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 399 212777-A , Februar y 2002 4. Define the string(s) to be used for W eb cache SLB. Refer to the parameters listed below: n add : Add a s tring or a path. n rem : Remo ve s t ring or a path .
Web OS 1 0.0 Applic ation Gu ide 400 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 5. Apply and s ave your config uration chang e s . 6. Identif y the defined st ring IDs. For easy configur ation and identification, each defined string has an ID attached, as sho wn in the following example: Number of entries: si x 7.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 401 212777-A , Februar y 2002 9. Configure a filter to support ba sic WCR. The filter must be able to inter cept all TCP traffic for the HTTP destination port and must redi- rect it to the p roper port in the real s erver group: 10.
Web OS 1 0.0 Applic ation Gu ide 402 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 12. Create a default f ilter for noncached traffic on the switch. N OTE – When the proto parameter is not tcp or udp , then sport an d dport are ig nored.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 403 212777-A , Februar y 2002 HTTP Header-Based W eb Cache Redirection T o configure t he switch for WC R based on the “ Host: ” header , use the follo wing procedure: 1. Configure basic SLB .
Web OS 1 0.0 Applic ation Gu ide 404 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 7. Configure the r eal server(s) to handle the appropriate load balance s tring(s). Add the defined string IDs to the real servers: where ID is the iden tification number of the de fined string.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 405 212777-A , Februar y 2002 Browser-Based W eb Cache Redirection Browser -based W eb cache redirectio n uses the User-agent: header . T o configure br owser- base d WCR , perf orm t he fo llow i ng pro ced ure.
Web OS 1 0.0 Applic ation Gu ide 406 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 7. Add the defined string IDs to configure the r eal server(s) to handle the appropriate load balance string(s). where ID is the iden tification number of the de fined string.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 407 212777-A , Februar y 2002 2. T urn on URL parsing for the filter . 3. Enable hash to dir ect a cacheable URL r equest to a specific cache server . By default, the host head er field is used to calculate the has h key and URL hashing is disab led.
Web OS 1 0.0 Applic ation Gu ide 408 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Figure 15-6 URL H ashi ng fo r WCR Exampl e 2: Hashi ng on the H ost Header Field Onl y In this example, UR L hashing is disabled.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 409 212777-A , Februar y 2002 Layer 7 RTSP Stream ing Cache Redirection This section explains Layer 7 suppo rt for R TSP Streaming C ache Redirection. For concep tual information on R TSP Stream ing Cache Redirection, see “ R TSP W eb Cache R edirection ” on page 21 1 .
Web OS 1 0.0 Applic ation Gu ide 410 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Exclusionary S tring Matching fo r Real Servers URL-based SL B and WCR can match or exclude up to 128 st rings . Examp l es of st r ings are as follows: n “ /produ ct, ” matches URLs that starts with /product.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 411 212777-A , Februar y 2002 For info rmation on h ow to configure your network f or server load balancing, s ee Cha pter 6, “ Server Load Balancing . ” 2. Add the load balancing strings (for exam ple test , /images , and /product ) to th e real server .
Web OS 1 0.0 Applic ation Gu ide 412 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Regular Expression Matchin g Regular expr essions ar e used to descri be patterns for string matc hing. They enable you to match the exact strin g, such as URLs, host n ames, or IP addresses .
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 413 212777-A , Februar y 2002 n Size of the regular expres sion structure after compilation cannot exceed 43 bytes for load balancing strings and 23 by tes for W eb Cache Redi rection.
Web OS 1 0.0 Applic ation Gu ide 414 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Content Precedence Lookup The Laye r 7 Precedence Lookup fe ature in W eb OS al lows you t o give prec edence to one Layer 7 parameter over another and selectivel y decide whi ch paramete r should be analyz ed first.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 415 212777-A , Februar y 2002 Requirement s n Enable Direct Access Mode ( DAM), or configure pro xy IP address if DAM is disabled.
Web OS 1 0.0 Applic ation Gu ide 416 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Assigning Multipl e Strings Figure 15 -8 shows an example of a company pro viding content for two lar g e customers: Cus- tomers A and B. Customer A uses www.
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 417 212777-A , Februar y 2002 When a client requ est is received with www.a.com in the Host Header and .jpg in the URL, the request will be load balanced between Server 1 and Server 2.
Web OS 1 0.0 Applic ation Gu ide 418 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2 Config ur ing a L ay e r 7 Deny Fil ter 1. Befor e you can configure L ayer 7 deny filter , .
Web OS 10.0 App lication G uide Chapter 15: Cont ent Intelligen t Switching 419 212777-A , Februar y 2002 7. Enable the Layer 7 deny option. 8. Assi gn the U RL st ring ID fr om St e p 4 to the filter . 9. Apply and s ave the configura t ion. 10. Apply the filter to the client port.
Web OS 1 0.0 Applic ation Gu ide 420 Chapter 1 5: Content Intellige nt Switching 212777-A , Febr uary 200 2.
212777-A , Februar y 2002 421 C HAPTER 16 Persistence The W eb OS persistence feature ensures that all con nections from a specific client session reach the same r eal server , even when Server Load Balancing (SLB) is used. The following topi cs are addressed in this chap ter: n “ Overview of Persistence ” o n page 422 .
Web OS 1 0.0 Applic ation Gu ide 422 Chapter 1 6: Persistence 212777-A , Febr uary 200 2 Overvi ew of Persistenc e In a typical SLB environment, traff ic comes from various client networks across the Internet to the virtual serv er IP address on the W eb switch.
Web OS 10.0 App lication G uide Chapte r 16: Persistence 423 212777-A , Februar y 2002 Using Cookies Cookie s are strings passed via HTTP f rom servers to browsers . Based on th e mode of oper a- tion, cookies are inse rted by either the W eb switch or the s erver .
Web OS 1 0.0 Applic ation Gu ide 424 Chapter 1 6: Persistence 212777-A , Febr uary 200 2 Cookie-Bas ed Persistence Cookies are a mech anism for maintaining state between clients and servers.
Web OS 10.0 App lication G uide Chapte r 16: Persistence 425 212777-A , Februar y 2002 The following topics discussing cookie-based persistence are detailed in this sectio n : n “ Permanent and T em.
Web OS 1 0.0 Applic ation Gu ide 426 Chapter 1 6: Persistence 212777-A , Febr uary 200 2 Cookie Properties Cookie s are configur ed on the W eb switch by defining t he following properties: n Cooki e .
Web OS 10.0 App lication G uide Chapte r 16: Persistence 427 212777-A , Februar y 2002 Cookie Modes of Operation W eb OS suppo rts the followi ng modes of operation fo r cookie-based session persistence: insert , passive , and r ewr ite mode.
Web OS 1 0.0 Applic ation Gu ide 428 Chapter 1 6: Persistence 212777-A , Febr uary 200 2 Passive Cookie Mode In Passive Cookie mod e, when the client first makes a request, the switch selects the serv er based on the load -balancing metric. The real ser ver embeds a cookie in its response to the cli- ent.
Web OS 10.0 App lication G uide Chapte r 16: Persistence 429 212777-A , Februar y 2002 Rewrite Coo kie Mode In rewrite cookie mode, the W eb switch generates the cookie value on behalf of the ser ver, eliminating the need f or the server to generate coo kies for each client.
Web OS 1 0.0 Applic ation Gu ide 430 Chapter 1 6: Persistence 212777-A , Febr uary 200 2 Configuring Cookie-Based Persistence 1. Befor e you can configur e cookie-based persistence, you need to configur e the switch for basic SLB. This includes the following tasks: n Assign an IP address to each of the re al servers in the server pool.
Web OS 10.0 App lication G uide Chapte r 16: Persistence 431 212777-A , Februar y 2002 4. Select the appropriate lo ad-balancing metric for the rea l server group. n If embedding an IP address in th e cookie, select roundrobin or leastconns as the metric.
Web OS 1 0.0 Applic ation Gu ide 432 Chapter 1 6: Persistence 212777-A , Febr uary 200 2 n Set multiple response count This parameter is set for pass ive mo de onl y .
Web OS 10.0 App lication G uide Chapte r 16: Persistence 433 212777-A , Februar y 2002 Exam ple 1: Sett ing the Cookie Locat ion In this example, the clie nt request has two diffe rent cookies l abeled “ UID. ” One exists in the HTTP header and the other appears in the URI: GET /product/switch/UID=12345678;ck=1234 .
Web OS 1 0.0 Applic ation Gu ide 434 Chapter 1 6: Persistence 212777-A , Febr uary 200 2 Exampl e 2: Par sing the C ookie This example shows thr ee configurations where the switch uses the hashing key or wild cards to determi ne which part of the cookie valu e should be used for determin ing the real serv er .
Web OS 10.0 App lication G uide Chapte r 16: Persistence 435 212777-A , Februar y 2002 Exampl e 4: Usin g Rewri te Cookie Mode n Rewrite server cookie with the encrypted real server IP address: In coo.
Web OS 1 0.0 Applic ation Gu ide 436 Chapter 1 6: Persistence 212777-A , Febr uary 200 2 Server-Side Multi- Response Cookie Search Cookie-based p ersistence requires the switch to search the HTTP response p acket from the server and, if a per sistence cookie is found, sets up a persistence connection between the server and the client.
Web OS 10.0 App lication G uide Chapte r 16: Persistence 437 212777-A , Februar y 2002 SSL Session ID-Based Persistence SSL is a set of protocols built on top of TCP/IP that allow s an application server and client to communicate over an encrypted HTTP session, pro viding authentication, non-repudiation, and security .
Web OS 1 0.0 Applic ation Gu ide 438 Chapter 1 6: Persistence 212777-A , Febr uary 200 2 Figure 16 -5 illustrates persis tence based on SSL session ID as follows: 1. An SSL Hello ha ndshake occurs bet ween Client 1 and Serv er 1 v ia the W eb sw itch .
Web OS 10.0 App lication G uide Chapte r 16: Persistence 439 212777-A , Februar y 2002 Confi gurin g SSL Sess ion ID- Based Pe rsist ence T o configure session I D-based persistence for a real server , perform the following steps: 1.
Web OS 1 0.0 Applic ation Gu ide 440 Chapter 1 6: Persistence 212777-A , Febr uary 200 2.
212777-A , Februar y 2002 441 C HAPTER 17 Bandwid th Management Bandwidth Management ( BWM) enables W eb site managers to allocate a certain porti on of the available bandwidth fo r specific users or applications.
Web OS 1 0.0 Applic ation Gu ide 442 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 Overv iew T o manage bandwidth, create one or more bandwidth man agement contr acts. The switch us es these contracts to limit indiv idual traffic flows.
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 443 212777-A , Februar y 2002 n When V irtual Matrix Architecture (VMA) is not enab led, bandwidth classif ication is done on th e in.
Web OS 1 0.0 Applic ation Gu ide 444 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 Bandwid th Policies Bandwidth policies are ba ndwidth limitati ons define d for any se t of frames, specify ing the guaranteed ban dwidth rate s.
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 445 212777-A , Februar y 2002 Rate Limit s A bandwidth policy specifies three lim its , listed and described in T able 17-1 : Bandwid th Poli cy Configuration Each bandwidth policy , comprised of the r eserved, soft, and har d limits, is assigned an ind ex.
Web OS 1 0.0 Applic ation Gu ide 446 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 Dat a Pacing The m echanism u sed to keep the individu al traf fic flows under control is calle d data pa cing . It is based on th e co nc ep t of a vir t u al cl oc k and theoreti cal dep ar t ure times (TDT ).
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 447 212777-A , Februar y 2002 Classification Crit eria The frames associated with a particular BWM contract are specified, using the parame ters listed below .
Web OS 1 0.0 Applic ation Gu ide 448 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 Combinat ions Combinations of classifications are limited to gr ouping items together in to a contract.
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 449 212777-A , Februar y 2002 Frame Discard When packets in a contract queu e have not y et been sent and the buf fer si ze set for the queue is full, any new frames attempting to be placed in the queue will be discarded.
Web OS 1 0.0 Applic ation Gu ide 450 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 Figure 17-4 URL- Based B andwidth Ma nagement Figure 17-5 URL- Based B andwidth Manag ement wi th Web.
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 451 212777-A , Februar y 2002 HTTP Header-Based Bandwi d th Manag ement HTTP header -based BWM allows W eb site managers to allocate bandwidth b ased on header value. Thus , they can allocate bandwidth bas ed on browser type, co okie value, and so f orth.
Web OS 1 0.0 Applic ation Gu ide 452 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 Bandwid th S t atistics and Hist ory Statistics are maintained in order to allow W eb switch o wners to bill for bandwidth usage. Sta- tistics for frequency and count are configu rable.
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 453 212777-A , Februar y 2002 Packet Coloring (T OS bit s) for Burst Limit Whenever the soft limit is exceeded, option al packet colo.
Web OS 1 0.0 Applic ation Gu ide 454 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 Configu ri ng Band wid t h Manage men t The follo wing procedure p rovides gener al instr uctions for co nfiguring BW M on the switch . Specific configuration examples begin on page 457 .
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 455 212777-A , Februar y 2002 5. (Optional) Set the T OS byte value, between 0-255, for the policy underlimit and over- limit. There are two par ameters for specifying the T OS bits: underlimit ( utos ) and overlimit ( otos ).
Web OS 1 0.0 Applic ation Gu ide 456 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 9. (Optional) Enable T OS overwriting for the BWM contract. 10. Set the bandwidth policy for this contract. Each bandwi dth management contract must be assigned a ban dwidth poli cy .
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 457 212777-A , Februar y 2002 Additional Co nfiguration Examples Examples are prov ided for the follo wing Bandwidth Management app l.
Web OS 1 0.0 Applic ation Gu ide 458 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 3. On the switch, select a BWM contract and name the contract. Each contract must have a un ique number f rom 1 to 256. 4. Set the bandwidth policy for this co ntract.
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 459 212777-A , Februar y 2002 11 . Assign the BWM contracts to differ ent switch ports. Physical switch ports are used to classify which frames are manag ed by each contract — that is, one BWM contract will be applied to all frames from a specific port.
Web OS 1 0.0 Applic ation Gu ide 460 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 Preferential Services Examples BWM can be used to p rovide preferential treatment to certain traffic, based on source IP blocks, app lications, U RL paths, or cookies.
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 461 212777-A , Februar y 2002 5. Set the bandwidth policy for this contract. Each BWM con tract must be ass igned a bandwidt h policy . 6. Enable this BWM contract. 7. Select the second band width policy .
Web OS 1 0.0 Applic ation Gu ide 462 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 12. Create a virtual server that will be used to classify the frames for contract 1 and assign the V irtual server IP address f or this server . Then, assign the BWM contract to t he vir- tual server .
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 463 212777-A , Februar y 2002 URL-Ba sed Ba ndwid th Mana gement Example In this example, you will assign ban dwidth bas e d on URL paths . For URL-based server load balancing, a us er has to first define str ings to monitor .
Web OS 1 0.0 Applic ation Gu ide 464 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 3. Configure a real server to handle the URL request. T o add a defined s tring: where URL pat h ID is the ident ification numb er of the defi ned string as di splayed when yo u enter the cur command.
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 465 212777-A , Februar y 2002 5. T urn on URL-based server load balancing on the virtual server .
Web OS 1 0.0 Applic ation Gu ide 466 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 2. Allocate bandwidth for each string. T o do t his, assign a BWM contract to each defined string. 3. Configure a real server to handle the cookie. T o add a defined s tring: where URL path ID is t he identification nu mber of the def ined string .
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 467 212777-A , Februar y 2002 Scenario 2: In this scenario, the W eb site has m ultiple virtual server IP addresses, and the same user classification o r multiple sites use the same s tring name.
Web OS 1 0.0 Applic ation Gu ide 468 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2 Security M anagemen t Exampl e BWM can be used to preven t Denial of Service (DoS) attacks by a flood.
Web OS 10.0 App lication G uide Chapter 17: Ba ndwidth Manag ement 469 212777-A , Februar y 2002 6. Set the bandwidth policy for the contract . Each BWM con tract must be ass igned a bandwidt h policy .
Web OS 1 0.0 Applic ation Gu ide 470 Chapter 1 7: Bandwidth Ma nagement 212777-A , Febr uary 200 2.
212777-A , Februar y 2002 471 Glossary DIP (Destination IP Addr ess) The de stination IP addr ess o f a frame. Dport (Desti nation Port) The destinatio n port (ap plica tion soc ket: for exa mple , ht.
Web OS 1 0.0 Applic ation Gu ide 472 Glos sary 212777-A , Febr uary 200 2 SIP (Source IP Addr ess) The so urce IP address of a frame . SPort (Source Port) The source p ort (applicat io n so cket: for examp l e, HTTP-80/HTT PS- 44 3/DNS-53) .
Web OS 10.0 App lication G uide Glossa ry 473 212777-A , Februar y 2002 VRRP (Virtual Router Redundancy Protocol) A protoc ol that ac ts very simi l arly to Ci sco ’ s propri etary HS RP ad dress sha ring pr otocol . The rea son for bo th of these p rotoc ols is so de vices ha ve a next hop or de fault gat eway that is always avail able.
Web OS 1 0.0 Applic ation Gu ide 474 Glos sary 212777-A , Febr uary 200 2.
212777-A , Februar y 2002 475 Index Symbols [ ] ............................ ................. ................. ......... 23 Numerics 80 (p ort) ...... ....................... ............................ .. 295 802.1Q VLAN t agging .................
Web OS 1 0.0 Applic ation Gu ide 476 Index 212777-A, F ebruary 2002 config uring cookie-based persistence ... ................. ..........430 FTP Server Load Balancing ................ ..150, 151 multi-response coo kie search .... ................. ..
Web OS 10.0 App lication G uide Index 477 212777-A , Februar y 2002 G gateway. See default gatew a y. Gigabit adap te rs jumb o fram es .......................... ................. .... 63 Global SLB configuration tutorial ...................... .. 294 to 30 3 Distribu ted S ite State Protoc ol .
Web OS 1 0.0 Applic ation Gu ide 478 Index 212777-A, F ebruary 2002 IP routing .................... ................. ................. ....123 cross -su bnet exam ple ........ ................. ............28 defa ult gatew ay co nfi gurat ion ......
Web OS 10.0 App lication G uide Index 479 212777-A , Februar y 2002 N name servers, Global S LB configuration examp le .2 9 1 Network Address Translation (NAT) ...... ............. 208 configuration e xa mp le .................... .. 191 to 19 3 filter example .
Web OS 1 0.0 Applic ation Gu ide 480 Index 212777-A, F ebruary 2002 real servers .................. ................. ................. ....122 backup/o verf low s erve rs .... ................. ..........135 configuration e xa mp le .................
Web OS 10.0 App lication G uide Index 481 212777-A , Februar y 2002 service ports ........................ ................. ..... 128, 171 setting multi ple resp on se count .............. ............. 43 2 shared servi ces .................... ....
Web OS 1 0.0 Applic ation Gu ide 482 Index 212777-A, F ebruary 2002 VLANs broa dca st dom ai ns .......................33, 4 3, 45, 48 defa ult PVI D ............... ................. ................ . 44 example showing multiple VLANs ..............
Een belangrijk punt na aankoop van elk apparaat Nortel Networks 212777 (of zelfs voordat je het koopt) is om de handleiding te lezen. Dit moeten wij doen vanwege een paar simpele redenen:
Als u nog geen Nortel Networks 212777 heb gekocht dan nu is een goed moment om kennis te maken met de basisgegevens van het product. Eerst kijk dan naar de eerste pagina\'s van de handleiding, die je hierboven vindt. Je moet daar de belangrijkste technische gegevens Nortel Networks 212777 vinden. Op dit manier kan je controleren of het apparaat aan jouw behoeften voldoet. Op de volgende pagina's van de handleiding Nortel Networks 212777 leer je over alle kenmerken van het product en krijg je informatie over de werking. De informatie die je over Nortel Networks 212777 krijgt, zal je zeker helpen om een besluit over de aankoop te nemen.
In een situatie waarin je al een beziter van Nortel Networks 212777 bent, maar toch heb je de instructies niet gelezen, moet je het doen voor de hierboven beschreven redenen. Je zult dan weten of je goed de alle beschikbare functies heb gebruikt, en of je fouten heb gemaakt die het leven van de Nortel Networks 212777 kunnen verkorten.
Maar de belangrijkste taak van de handleiding is om de gebruiker bij het oplossen van problemen te helpen met Nortel Networks 212777 . Bijna altijd, zal je daar het vinden Troubleshooting met de meest voorkomende storingen en defecten #MANUAl# samen met de instructies over hun opplosinge. Zelfs als je zelf niet kan om het probleem op te lossen, zal de instructie je de weg wijzen naar verdere andere procedure, bijv. door contact met de klantenservice of het dichtstbijzijnde servicecentrum.