1LoadBalancingConceptsSection12SectionobjectivesUnderstandmainloadbalancinggoalsandconceptsConfigureAXL4SLBVirtualServerConfiguretwocommonL4SLBVirtualServeroptions(SourceIPPersistence+NAT)3LoadbalancinggoalsProvidehighavailabilityofservicesShareloadamongmultipleservers(loadbalancing)4Topology:One-armedL2(switched)mode(p.1of2)InternetAXSeriesAXSeriesAXSeriesSourceIPDestIP200.0.0.1100.0.0.10SourceIPDestIP100.0.0.50100.0.0.100DestIPSourceIP200.0.0.1100.0.0.10DestIPSourceIP100.0.0.50100.0.0.100100.0.0.0/24200.0.0.1VIP=100.0.0.10SNAT=100.0.0.50100.0.0.0/24100.0.0.[100-200]5Topology:One-armedL2(switched)mode(p.2of2)Benefits:NochangerequiredonclientsorserversEasytotestClientscanbeinservers’subnetPointstokeepinmind:ServersloseClientIPvisibility(canbepartlyremediedbyIPheaderinsertioninHTTP(X-ClientIP(customizable))RequiresSourceNATonSLBInternetAXSeries100.0.0.0/24200.0.0.1VIP=100.0.0.10SNAT=100.0.0.50100.0.0.0/24100.0.0.[100-200]6Topology:L3(routed)modewithSNAT(p.1of2)InternetAXSeriesAXSeriesAXSeriesSourceIPDestIP200.0.0.1100.0.0.10SourceIPDestIP100.0.1.50100.0.1.100DestIPSourceIP200.0.0.1100.0.0.10DestIPSourceIP100.0.1.50100.0.1.100100.0.0.0/24200.0.0.1VIP=100.0.0.10SNAT=100.0.1.50100.0.1.0/24100.0.1.[100-200]7Topology:L3(routed)modewithSNAT(p.2of2)Benefits:NochangerequiredonclientsorserversEasytotestPointstokeepinmind:ServersloseClientIPvisibility(canbepartlyremediedbyIPheaderinsertioninHTTP)RequiresSourceNATonSLBInternetAXSeries100.0.0.0/24200.0.0.1VIP=100.0.0.10SNAT=100.0.1.50100.0.1.0/24100.0.1.[100-200]8Topology:L3(routed)modew/oSNAT(p.1of2)AXSeriesAXSeriesSourceIPDestIP200.0.0.1100.0.0.10SourceIPDestIP200.0.0.1100.0.1.100DestIPSourceIP200.0.0.1100.0.0.10DestIPSourceIP200.0.0.1100.0.1.100InternetAXSeries100.0.0.0/24200.0.0.1VIP=100.0.0.10100.0.1.0/24100.0.1.[100-200]9Topology:L3(routed)modew/oSNAT(p.2of2)Benefits:NochangerequiredonclientsorserversProvidesadditionallayerofsecurityPointstokeepinmind:ConfigureSLBasdefaultgatewayonserversInternetAXSeries100.0.0.0/24200.0.0.1VIP=100.0.0.10100.0.1.0/24100.0.1.[100-200]10100.0.0.0/24Topology:DSRmode(p.1of2)InternetAXSeriesAXSeriesSourceIPDestIP200.0.0.1100.0.0.10SLBMACSourceIPDestIP200.0.0.1100.0.0.10ServerMACDestIPSourceIP200.0.0.1100.0.0.10200.0.0.1VIP=100.0.0.10100.0.0.0/24LoopbackIP=VIP=100.0.0.10100.0.0.[100-200]11Topology:DSRmode(p.2of2)Benefits:Highlyscalable(SLBprocessesonlyincomingtraffic)Pointstokeepinmind:Can’tuseanyAXlayer7features(aFleXcanstillbeappliedatvirtualportlevel)ConfigureVIPIPasloopbackonservers100.0.0.0/24InternetAXSeries200.0.0.1VIP=100.0.0.10100.0.0.0/24100.0.0.[100-200]LoopbackIP=VIP=100.0.0.1012ServerLoadBalancing(SLB)AXSLBconfigurationhasthreecoreelements:Servers,ServiceGroups,VirtualServers(VIPs)13SLB:ServerMinimumconfigurationNameIPaddress(canuseDNSname)PortsServerconfigurationWebUI:ConfigServiceSLBServerCLI:AX(config)#slbservername[…]ServerstatusandstatisticsWebUI:MonitorServiceSLBServerCLI:AX#showslbserver[…]14SLB:ServiceGroupMinimumconfigurationNameType(TCP/UDP)LBAlgorithmAtleastoneServer/Port15LoadbalancingalgorithmsServicegroup–load-balancingalgorithmsRound-RobinLeastConnectionServiceLeastConnectionWeightedRoundRobinWeightedLeastConnectionServiceWeightedLeastConnectionFastestResponsetimeLeastRequestRoundRobinStrictStateless(newinrelease2.4.2;seenotes)16HealthMonitorServiceavailabilityischeckedusinghealthmonitorsHealthmonitorscanbeappliedto:ServerServer:PortServiceGroupHealthmonitorscantestserveravailabilityOnlayer3:ping(icmp)Onlayer4:tcp,udpOnlayer7(application):http,https,ftp,smtp,pop3,snmp,dns,radius,ldap,rtsp,sip,ntpViamanuallycreatedscriptsMultipleL3/L4/L7testscanalsobecombinedinaBooleanexpression(and/or/not)17ApplyinghealthmonitorPhysicalserverhealthmonitorIfHMfails,thatserverisconsidereddownandservicegroupsconfiguredwiththatspecificserverstopusingitforloadbalancingNote:DefaultServerhealthmonitorisicmp.PhysicalserverporthealthmonitoringIfHMfails,thatserverportisconsidereddownandservicegroupsconfiguredwiththatspecificserver:portstopusingitforloadbalancingNote:DefaultTCPServerPortHealthMonitoristcphandshakeServicegrouphealthmonitorIfHMfailsforaspecificmember,theservicegroupstopsusingthismemberforloadbalancingNote:BydefaultthereisnohealthmonitorconfiguredonServiceGroup18SourceIPpersistenceWhentouseSourceIPpersistenceSourceIPpersistencemustbeusedwhenclientsmusthavetheirfutureconnections/trafficterminatedonthesameserver19SourceIPpersistencetemplateCreateSourceIPPersistenceTemplateNameType:Port(persistenceperVIP:Port)Server(persistenceperVIP)Service-Group(persistenceperURLorHost)Timeout:Howlonginactiveentriesaresaved(default=5minutes)Don'tHonorConnRules:IgnoreconnectionlimitsdefinedonServersandServerPortsandconnectnewclients'connectionstotheServer(default=disabled)Netmask:GranularityofClientIPaddresshashing(default=255.255.255.255forthemostgranularity)AssigntheSourceIPPersistenceTemplatetotheVirtualServerPort20NAT:SLBSourceNATtemplateCreateIPSourceNATPool:Name:NameofthetemplateStartIPaddress(canbetheAXinterfaceIP)EndIPaddress