HP Load Balancing Module

Size: px
Start display at page:

Download "HP Load Balancing Module"

Transcription

1 HP Load Balancing Module Load Balancing Configuration Guide Part number: Software version: Feature 3221 Document version: 6PW

2 Legal and notice information Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

3 Contents Configuring load balancing 1 Working mechanism of server load balancing 1 NAT-mode Layer 4 server load balancing 2 DR-mode Layer 4 server load balancing 3 Layer 7 server load balancing 5 Working mechanism of firewall load balancing 7 Configuring IPv4 server/firewall load balancing 8 Server load balancing configuration considerations 8 Recommended configuration procedure 9 Configuring public parameters 10 Configuring a health monitoring method 11 Creating a real service group 15 Creating a real service 20 Stopping service or enabling slow-offline 21 Creating a virtual service for Layer 4 server load balancing 22 Creating a virtual service for Layer 7 server load balancing 26 Displaying server load balancing statistics 32 Configuring IPv6 server/firewall load balancing 33 Configuration considerations 33 Recommended configuration procedure 33 Configuring public parameters 33 Configuring a health monitoring method 34 Creating a real service group 36 Creating a real service 39 Enabling slow-offline 41 Creating a virtual service 42 Displaying server load balancing statistics 44 Load balancing configuration examples 45 Layer 4 IPv4 server load balancing configuration example 45 Layer 7 IPv4 server load balancing configuration example 49 IPv4 firewall load balancing configuration example 55 Support and other resources 60 Contacting HP 60 Subscription service 60 Related information 60 Documents 60 Websites 60 Conventions 61 Index 63 i

4 Configuring load balancing Load balancing can be configured only in the Web interface. Load balancing (referred to as LB hereinafter) is a cluster technology to distribute specific services such as network services and network traffic among multiple network devices (for example servers and firewalls), enhancing service processing capability and ensuring high availability of services. LB delivers the following advantages: High performance LB distributes services to multiple network devices, enhancing the performance of the whole system. Scalability LB facilitates the addition of network devices in a cluster, meeting the ever-increasing service requirements for servers without decreasing service quality. Reliability Failure of a single or multiple devices will not result in service interruption, enhancing the reliability of the entire system. Manageability Administration is performed only on LB-enabled devices, and devices need only common configuration and maintenance. Transparency A cluster is like a device with high availability and performance, and users are not aware of and do not care the specific network structure. In addition, increasing or decreasing devices will not affect normal services. LB generally falls into the following types: Server load balancing Data centers generally adopt server load balancing for networking. Network services are distributed to multiple servers to enhance service processing capabilities of the data centers. Firewall load balancing In networks where firewall processing capabilities have become the bottleneck, firewall load balancing can be adopted to balance the network traffic among multiple firewalls to enhance the processing capabilities of firewalls. Working mechanism of server load balancing Server load balancing comprises Layer 4 server load balancing and Layer 7 server load balancing: Layer 4 server load balancing Supports IPv4 and IPv6, and is implemented based on streams. It distributes packets in the same stream to the same server. Layer 4 server load balancing cannot distribute HTTP-based Layer 7 services based on contents, restricting the application scope of load balancing services. It can be classified into Network Address Translation (NAT)-mode server load balancing and direct routing (DR)-mode server load balancing. Layer 7 server load balancing Supports only IPv4, and is implemented based on contents. It analyzes packet contents, such as HTTP and RTSP, distributes packets one by one based on the contents, and distributes connections to the specified server according to the predefined policies. Layer 7 server load balancing applies load balancing services to a large scope and only supports NAT mode. 1

5 NAT-mode Layer 4 server load balancing Figure 1 Network diagram NAT-mode Layer 4 server load balancing comprises the following elements: Cluster A cluster that provides specific services, including an LB module and multiple servers. LB module A device that distributes different service requests to multiple servers. Server A server that responds to and processes different service requests. VSIP Virtual Service IP address of the cluster, used for users to request services. Server IP IP address of a server, used for an LB module to distribute service requests. Figure 2 Work flow of NAT-mode Layer 4 server load balancing NAT-mode Layer 4 server load balancing operates in the following way: 1. The host sends a request, using the host IP as the source IP and VSIP as the destination IP. 2

6 2. Upon receiving the request, the LB module uses an algorithm to calculate to which server it distributes the request. 3. The LB module uses the Destination NAT (DNAT) technology to distribute the request, using the host IP as the source IP and Server IP as the destination IP. 4. The server receives and processes the request and then sends a response, using the server IP as the source IP, and the host IP as the destination IP. 5. The LB module receives the response, translates the source IP, and forwards the response, using VSIP as the source IP, and the host IP as the destination IP. The work flow shows that NAT is used in server load balancing, and NAT-mode server load balancing is thus called. DR-mode Layer 4 server load balancing Figure 3 Network diagram Cluster LB module Server A VSIP/IP A IP network VSIP General device Server B VSIP/IP B Server C VSIP/IP C DR mode is different from NAT mode in that NAT is not used in load balancing. This means that besides its local IP address, a server must have the VSIP configured. DR-mode Layer 4 server load balancing comprises the following elements: Cluster A cluster consists of an LB module, a general device, and multiple servers to provide specific services. LB module A device that distributes different service requests to multiple servers. General device A device that forwards data according to general forwarding rules. Server A server that responds to and processes different service requests. VSIP Virtual service IP address of the cluster, used for users to request services. Besides configuring the VSIP on the LB module, you need to configure it on servers. (Because the VSIP on the server cannot be contained in an ARP request and response, you can configure the VSIP on a loopback interface.) Server IP IP address of a server, used by the LB module to distribute requests. 3

7 Figure 4 Work flow of DR-mode Layer 4 server load balancing DR-mode Layer 4 server load balancing operates in the following way: 1. The host sends a request, using VSIP as the destination address. 2. Upon receiving the request, the general device forwards it to LB module. The VSIP cannot be contained in an ARP request and response, so the general device only forwards the request to the LB module. 3. Upon receiving the request, the LB module uses an algorithm to calculate to which server it distributes the request. 4. The LB module distributes the request. The LB module encapsulates VSIP as the destination IP address, and the server's MAC address (obtained through ARP) as the destination MAC address. In this way, the request can be forwarded normally to the server. 5. The server receives and processes the request, and then sends a response. The destination IP address of the response is the host IP. 6. After receiving the response, the general device forwards the response to the host. The response is addressed to the host rather than the LB module, so DR-mode server load balancing is called. 4

8 Layer 7 server load balancing Figure 5 Network diagram Layer 7 server load balancing comprises the following elements: Cluster A cluster consists of an LB module and multiple servers to provide specific services. LB module A device that distributes different service requests to multiple servers. Server A server that responds to and processes different service requests. Server group A real service group is a logical concept. Servers can be classified into different groups according to the common attributes of these servers. For example, servers can be classified into static storage server group and dynamic switching server group according to their functions; or they can be classified into music server group, video server group and picture server group according to the services they provide. VSIP Virtual service IP address of the cluster, used for users to request services. Server IP IP address of a server, used by the LB module to distribute requests. 5

9 Figure 6 Work flow of Layer 7 server load balancing Layer 7 server load balancing operates in the following way: Step 1 through 3 Host and the LB module establish a TCP connection. 4. Host sends a service request, using VSIP as the destination address. 5. Upon receiving the request, the LB module selects an appropriate server group for the request according to a real service group method, uses an algorithm to calculate to which server in the server group it distributes the request, and then caches the request. 6. The LB module sends an SYN packet to Server. The sequence number is the sequence number of the SYN packet sequence number sent by the host. 7. Server sends an SYN ACK packet, using the destination IP as Host IP. 8. After receiving the SYN ACK packet, the LB module responds with an ACK packet. 9. The LB module changes the destination IP and TCP sequence number of the request cached at step 5, and sends them to Server. 10. Server sends a response to the LB module, using the destination IP as Host IP. 11. The LB module changes the source IP and TCP sequence number in the response, and sends them to Host. 6

10 Working mechanism of firewall load balancing Firewall load balancing supports IPv4 and IPv6. Figure 7 Network diagram Firewall load balancing comprises the following elements: Cluster A cluster consists of LB modules and firewalls to provide network traffic load balancing. LB module A device that distributes traffic from the request sender to multiple firewalls. LB modules fall into level 1 LB modules and level 2 LB modules. In Figure 7, if traffic is from Host A to Host B, LB module A is level 1, and LB module B is level 2. If traffic is from Host B to Host A, LB module B is level 1, and LB module A is level 2. Firewall A firewall filters packets. Figure 8 Work flow of firewall load balancing Firewall load balancing operates in the following way: 1. LB module A receives the traffic from the source. 7

11 2. LB module A forwards the traffic to a firewall based on the destination IP address range and the pre-configured load balancing rules of the traffic. 3. The firewall forwards the traffic to LB module B. 4. As a level 2 LB module, LB module B records the firewall that forwards the traffic and then forwards the traffic to the destination. 5. LB module B receives the traffic sent from the destination. 6. LB module B forwards the traffic to the firewall recorded in step The firewall forwards the traffic to LB module A. 8. LB module A forwards the traffic back to the source. The load balanced firewalls between two LB modules perform network traffic load balancing, and thus network performance is increased. This load balancing mode is also called sandwich load balancing. Firewall load balancing can be used together with server load balancing, as shown in Figure 9. Figure 9 Network diagram Cluster A Firewall A Cluster B Server A IP A Host IP network LB module A VSIP LB module B Server B IP B Firewall B Server C IP C Cluster A adopts firewall load balancing, and Cluster B adopts NAT-mode server load balancing. This networking mode not only prevents firewalls from becoming the bottleneck in the network, but also enhances the performance and availability of multiple network services such as HTTP and FTP. Configuring IPv4 server/firewall load balancing IPv4 firewall load balancing and Layer 4 server load balancing are configured in the same way. This section describes how to configure Layer 4 server load balancing. Server load balancing configuration considerations The server load balancing module comprises a real service group consisting of real services and a virtual service, as shown in Figure 10. 8

12 Figure 10 Relationship between the components of the server load balancing module Real service group A group of real services. Real services Entities that process services in a cluster (such as servers in Figure 1, and Figure 3, and firewalls Figure 7. A real service group comprises multiple real services. Virtual service A logical entity that faces users. For Layer 4 server load balancing and firewall load balancing, a virtual service corresponds to one real service group. For Layer 7 server load balancing, a virtual service corresponds to multiple real service groups. Layer 4 server load balancing operates in the following way: 1. After a user sends a request to the virtual service of the LB module, if a persistence method is specified in the virtual service, and matched persistence entries exist, the request is distributed according to the persistence entries. Otherwise, the virtual service obtains the information of the related real service group, and then continues the following procedure. For more information about persistence methods, see Table Real services are matched against ACL rules specified in the real services one by one according to the weights of the real services. Requests allowed by the ACL are distributed to the corresponding real service; if requests are not allowed by the ACL or no matched real services exist, the following procedure is continued. 3. Distributes the request to a real service in the group based on the algorithm configured in the real service group. Layer 7 server load balancing operates in the following way: 1. After a user sends a request to the virtual service of the LB module, if a persistence method is specified in the virtual service, and matched persistence entries exist, the request is distributed according to the persistence entries. Otherwise, the virtual service selects a real service group according to the specified real service group method and obtains the information of the real service group, and then continues the following procedure. For introduction to persistence method and real service group method, see Table Distributes the request to a real service in the real service group based on the algorithm configured in the real service group. Recommended configuration procedure Step 1. Saving of the last hop information Remarks Saving of the last hop information must be enabled on a level 2 LB module in firewall load balancing. This task is optional in other cases. For more information, see "Configuring public parameters." 9

13 Step 2. Enabling unidirectional traffic detection 3. Configuring a health monitoring method Remarks Unidirectional traffic detection must be enabled on an LB module in DR server load balancing. This task is optional in other cases. To configure unidirectional traffic detection, navigate to Security > Session Table > Configuration. A health monitoring method must be configured if you adopt SSL health monitoring. This task is optional in other cases. 4. Creating a real service group Required. IMPORTANT: 5. Creating a real service Required. 6. Creating a virtual service Creating a virtual service for Layer 4 server load balancing Creating a virtual service for Layer 7 server load balancing 7. Displaying server load balancing statistics Required. Optional. The maximum number of real service groups, real services, and virtual services depends on the resource configuration of the virtual device. For more information, see System Management Configuration Guide. 8. Stopping service or enabling slow-offline Optional. To implement Layer 7 server load balancing, enable virtual fragment reassembly on the zone to which the interfaces that process LB packets belong. For more information, see Security Configuration Guide. To implement forced load balancing (see Table 4 for more information) of Layer 4 server load balancing, enable virtual fragment reassembly on the zone to which the interfaces that process LB packets belong. For more information, see Security Configuration Guide. Configuring public parameters 1. Select Load Balance > Public Setting from the navigation tree. The public parameter configuration page appears. Figure 11 Public parameter configuration 2. Set whether to enable the saving last hop information function. Enabling this function makes sure responses can be returned on the original path. This function must be enabled on level 2 LB modules in firewall load balancing. 3. Click Apply. 10

14 Configuring a health monitoring method Load balancing supports multiple health monitoring types. This section describes only the types supported by IPv4 server load balancing. ARP Monitors the availability of a server through ARP. DNS Monitors the availability of a DNS server through DNS. FTP Monitors the availability of an FTP server through FTP. HTTP Monitors the availability of an HTTP service through HTTP access. ICMP Monitors the reachability of a server by sending ICMP messages. IMAP Monitors the availability of an IMAP server through IMAP. POP3 Monitors the availability of a POP3 server through the POP3 application. RADIUS Monitors the availability of a RADIUS server through RADIUS authentication. RTSP Monitors the availability of an RTSP server through the RTSP application. SIP Monitors the availability of a SIP server through the SIP application. SMTP Monitors the availability of an SMTP server through SMTP. SNMP Monitors the availability of an SNMP server through SNMP. SSL Monitors the availability of an SSL server through an SSL connection. TCP Monitors the availability of an application port by establishing TCP connections. UDPNORMAL Monitors the availability of an application port by sending UDP packets. UDPNORMAL health monitoring does not require server response, so HP recommends that you use it together with the ICMP health monitoring type. The reachability of the server is determined through ICMP detection. To configure a health monitoring method: 1. Select Load Balance > Health Monitor from the navigation tree. The heath monitoring page appears. 11

15 Figure 12 Health monitoring 2. Click Add. The page for adding a health monitoring method appears. Figure 13 Adding a health monitoring method 3. Configure the parameters as described in Table Click Apply. 12

16 Table 1 Configuration items Item Name Health Monitoring Check Interval Timeout Retry Times Description Health monitoring method name. Health monitoring type. Interval at which health monitoring is performed. Timeout for a health monitoring operation. When the number of retry times is n, if health monitoring is performed for n times and the corresponding server or port is unavailable, the health monitoring is considered failed. Hostname Host IP Username Password File Name URL Response Content Real Service Domain Name Username Password Folder Username Password Domain name to be resolved in DNS health monitoring. The default hostname is A.ROOT-SERVER.NET. A DNS health monitoring is considered successful only when the specified host IP address is contained in the received DNS result packet (if the host IP address is specified), enhancing the precision of DNS health monitoring. Case-sensitive username and password used for logging in to an FTP server in FTP health monitoring. Name of the file to be downloaded from the FTP server in FTP health monitoring, which is case-sensitive. The file with this name must be put in the main directory of the login host. URL to be accessed in HTTP health monitoring. It must begin with "/", and is case-sensitive. For example, /test.html. Content of a user's response that HTTP health monitoring detects. If the response that the user returns contains the specified content, the HTTP health monitoring succeeds. Otherwise, the HTTP health monitoring fails. Domain name of the server or network device that is processing services. The domain name is filled into the HOST header of a request in HTTP health monitoring. If you do not configure this parameter, the IP address of the server is filled into the HOST header of the request. Username, password, and folder for logging in to the IMAP server in IMAP health monitoring. They are case sensitive. By default, the username is admin, the password is 123, and the folder is INBOX. Username and password for logging in to the POP3 server in POP3 health monitoring. They are case sensitive. By default, the username is admin, and the password is 123. The parameters are available only on the page for setting DNS health monitoring parameters. The parameters are available only on the page for setting FTP health monitoring parameters. The parameters are available only on the page for setting HTTP health monitoring parameters. The parameters are available only on the page for setting IMAP health monitoring parameters. The parameters are available only on the page for setting POP3 health monitoring parameters. 13

17 Item Username Password Authentication Server Shared Key RADIUS Packet Source IP Protocol Allowed Status Code Source Port Version Read-only Community Name Description Username and password for logging in to the RADIUS server in RADIUS health monitoring, case sensitive. The default username is admin, and there is no password. Shared key for RADIUS authentication packets in RADIUS health monitoring. The default authentication server shared key is Source IP address of RADIUS packets in RADIUS health monitoring. By default, no source IP address is specified, and the IP address of the interface that sends the RADIUS packets is the source IP address of the RADIUS packets. Transmission protocol used by SIP health monitoring. When the response message returned by the SIP server falls into the allowed status code range, the SIP health monitoring succeeds. Otherwise, the SIP health monitoring fails. If you select Any, the SIP health monitoring succeeds no matter what response message is returned by the SIP server. If you select Status Code List, you must further specify status codes. Source port that sends detection packets for SIP health monitoring. Version and read-only community name used in SNMP health monitoring. Read-only community name takes effect on SNMPv1 and SNMPv2c. By default, the version is v1, v2c, and v3, and the read-only community name is public. The parameters are available only on the page for setting RADIUS health monitoring parameters. The parameters are available only on the page for setting SIP health monitoring parameters. The parameters are available only on the page for setting SNMP health monitoring parameters. 14

18 Item Description Local certificate of an SSL client policy in SSL health monitoring, used for an SSL server to perform certificate-based authentication on the client. Client Certificate To apply a certificate, select Security > Certificate Management > Certificate. Ciphersuite IMPORTANT: If you adopt SSL health monitoring, you must configure the Client Certificate. Preferred cipher suites for an SSL server policy to support in SSL health monitoring: RSA_RC4_128_MD5 Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit RC4, and the MAC algorithm of MD5. RSA_RC4_128_SHA Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit RC4, and the MAC algorithm of SHA. RSA_DES_CBC_SHA Specifies the key exchange algorithm of RSA, the data encryption algorithm of DES_CBC, and the MAC algorithm of SHA. RSA_3DES_EDE_CBC_SHA Specifies the key exchange algorithm of RSA, the data encryption algorithm of 3DES_EDE_CBC, and the MAC algorithm of SHA. The parameters are available only on the page for setting SSL health monitoring parameters. Destination IP Destination IP address for health monitoring. If this parameter is not specified, the IP address of the real service is adopted. Destination port number for health monitoring. Destination Port IMPORTANT: ARP health monitoring and ICMP health monitoring do not support this parameter. If this parameter is 0 (not specified), the port number of the real service is used for heath monitoring (except RADIUS and SIP health monitoring). HP recommends that you specify a non-zero destination port number for health monitoring based on the network environment. For TCP and UDPNORMAL health monitoring, if both this parameter and the port number of the real service are 0, the health monitoring fails. Creating a real service group 1. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. The Real Service Group tab appears. Figure 14 Real service group 15

19 If you click the Number of Real Services link for a real service group, the Real Service tab appears, displaying information about the real services that belong to the real service group. 2. Click Add. The real service group configuration page appears. Figure 15 Adding a real service group 3. Configure the parameters as described in Table Click Apply. Table 2 Configuration items Item Real Service Group Name Description Set a real service group name, which uniquely identifies a real service group. 16

20 Item Scheduler Description Select an algorithm that a real service group uses to distribute services and traffic: Round Robin Assigns new connections to each real service in turn. Weighted Round Robin Assigns new connections to real services based on the weights of real services. A higher weight indicates more new connections will be assigned. Least Connections New connections are always assigned to the real service with the fewest number of active connections. Weighted Least Connections New connections are always assigned to the real service with the fewest number of weighted active connections (the number of active connections/weight). Random Assigns new connections to real services randomly. Weighted Random Assigns new connections randomly to real services based on their weights. A higher weight indicates more new connections will be assigned. Source Address Hashing Assigns a new connection to a specific real service based on the source address of the connection. This algorithm make sure new connections with the same source address can be assigned to the same real service. Source Address Port Hashing Assigns a new connection to a specific real service based on the source address and port of the connection. This algorithm makes sure new connections with the same source address and port can be assigned to the same real service. Destination Address Hashing Assigns a new connection to a specific real service based on the destination address of the connection. UDP Packet Load Hash Assigns a new connection to a specific real service based on the value of a specific field in the UDP packet payload. This algorithm can make sure that new connections with the same UDP packet payload can be assigned to the same real service. Local Priority Available real services with the same priority are assigned to a subgroup. The real services are selected by subgroup according to the specified minimum active real service number, and round robin scheduling is performed among the selected real services. Suppose a real service group has two real services with priority 10 and three real services with priority 5, and all real services are available. If the minimum active real service number is 2, only two real services with priority 10 participate in scheduling. If the minimum active real service number is 3, the real services with both priority 10 and 5 participate in scheduling. IMPORTANT: Destination address hashing is applicable to firewall load balancing mode and other algorithms are applicable to server load balancing. Select a health monitoring method that a real service group uses to monitor its real services. Health Monitoring Method IMPORTANT: The health monitoring method specified for the real service group takes effect for a real service that has the same health monitoring method specified. Otherwise, the health monitoring method specified for the real service takes effect. 17

21 Item Health Monitoring Success Criteria Offset Length Minimum Active Real Service Number Real Service Troubleshooting Description Specify the health monitoring success criteria. If you select All, health monitoring succeeds only when all the selected health monitoring methods succeed. If you select At Least and specify a value, health monitoring succeeds when the number of succeeded health monitoring methods reaches the specified value. If you select UDP Packet Load Hash as the algorithm, this field sets the payload for performing hash algorithm. The payload field is determined by offset and length. Offset refers to the relative position of the payload content with respect to the whole payload of a packet; length refers to the length of the payload content starting from the offset. You can specify up to 10 payload fields. Specify the minimum number of active real services to participate in scheduling when you select Local Priority for Scheduler. Select a method that the real service group uses to handle existing connections when it detects that a real service fails: Keep Connection Does not actively terminate the connection with the failed real service. Keeping or terminating the connection depends on the timeout mechanism of the protocol. Disconnection Actively terminates the connection with the failed real service. Redirection Redirects the connection to another available real service in the real service group. IMPORTANT: Redirection is applied to firewall load balancing mode and other methods are applied to server load balancing. 18

22 Item Description Identification of a real service group in Layer 7 server load balancing, that is, the common characteristics of all the real services in the real service group. Character The character configuration depends on the real service group method specified in the virtual service. The virtual service selects an appropriate real service group for different packets according to the real service group method and characters of the real services. If no character is specified, the real service group matches all packets. In case that other real service groups configured with characters do not match any packets, the packets match this real service group. If the real service group method is Accept-Encoding, configure the character as the compression mode that the client browser can accept, for example, gzip. If the real service group method is Accept-Language, configure the characters as the language code that the client browser supports and understands, for example, zh-cn. If the real service group method is Host, configure the character as the host name, for example, If the real service group method is Request-Method, configure the character as the method taken on the resources identified by Request-URI, for example, GET. If the real service group method is URL-File, configure the character as file type, for example, txt. If the real service group method is URL-Function, configure the character as the directory for obtaining resources, for example, /wcn/loadbalance. Configure the character as the root directory first. If the real service group method is User-Agent, configure the character as the client browser type, for example, Mozilla/5.0. If the real service group method is another field in the HTTP header, configure the character as the field in the HTTP header that a user is interested in. For example, if a user types a real service group match criterion Cookie, you need to configure the character as the value of the Cookie field. If the real service group method is RTSP URL, configure the character as the directory for obtaining resources, for example, /wcn/loadbalance. If the real service group method is DHCP Relay Agent IP, configure the character as the IP address of the DHCP Relay, for example, IMPORTANT: This configuration only takes effect on Layer 7 server load balancing. ACL Advanced Configuration Enable Slow-Online Standby Time Ramp-Up Time Apply an ACL to restrict clients' access to the real service group. When you add a server or a network device to a cluster, some servers or network devices cannot take on a large amount of services immediately, so you can enable the slow-online function. With slow-online enabled, after the server or network device goes online, the LB module will not assign services to it in the standby time. After the standby time is reached, the LB module will assign services to the server or network device gradually within the slow-online time. After the slow-online time is reached, the LB module will assign services to the server or network device normally. 19

23 Creating a real service 1. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. 2. Click the Real Service tab. The real service page appears. Figure 16 Real service To view the configurations and statistics of a real service, click the Real Service Name link of the real service. When a real service is available, and is neither enabled with slow-offline nor stopping service, its status is displayed as. When a real service is available, and is enabled with slow-offline, its status is displayed as. When a real service is unavailable or enabled with stopping service, its status is displayed as. 3. Click Add. The real service configuration page appears. Figure 17 Creating a real service 4. Configure the parameters as described in Table Click Apply. Table 3 Configuration items Item Real Service Name Description Set a real service name, which uniquely identifies a real service. 20

24 Item Real Service IP Port Weight Priority Connection Limit Real Service Group ACL Description Specify the IP address (IPv4 address) of a server or network device that processes services. Set a port number that is related to the following parameters: Health monitoring method for a real service group If this parameter is 0, the port number of the real service is used for heath monitoring (except RADIUS and SIP health monitoring). For TCP and UDPNORMAL health monitoring, if both this parameter and the port number of the real service are 0, the health monitoring fails. Forwarding mode for a virtual service If the forwarding mode is set to NAT, the port number is taken as the destination port of a packet after NAT translation, and the port number must be consistent with that of the server; if the forwarding mode is set to direct routing or firewall forwarding, the port number is used only for health monitoring. Set the weight to be used in the weighted round robin and weighted least connections algorithms. A smaller weight indicates that the real service is less scheduled. Specify the priority of the real service when the real service group adopts the local priority scheduling algorithm. The larger the value, the greater the priority. Set the maximum number of concurrent connections of the real service. Specify the real service group to which the real service belongs. ACL specified for a real service. To configure ACL rules, select Security > ACL. Advanced Configuration Health Monitoring Method Health Monitoring Success Criteria Select one of the following health monitoring methods: No Monitoring Same As Real Service Group Specified Use the health monitoring method specified by the real service to perform health monitoring. If you select this option, you must specify a health monitoring method for the real service (add one or more items in the Available Health Monitoring Methods field to the Selected Health Monitoring Methods field), and specify the health monitoring success criteria. When you select Specified for Health Monitoring Method, you must specify the health monitoring success criteria. If you select All, health monitoring succeeds only when all the selected health monitoring methods succeed. If you select At Least and specify a value, health monitoring succeeds when the number of succeeded health monitoring methods reaches the specified value. Stopping service or enabling slow-offline To remove the server or network device corresponding to a real service from a cluster, or temporarily stop a real service, you can stop the service or enable slow-offline: If you stop the service, the LB module does not assign any traffic to the real service. 21

25 If you enable slow-offline, the real service continues to process the traffic previously assigned to it, but the LB module does not assign any new service to the real service. Remove the server or network device from the cluster after the original services are processed to avoid service interruption. To stop service or enable slow-offline: 1. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. 2. Click Real Service. The real service page appears. 3. Click the icon of the target real service. The Modify Real Service page appears. 4. Click the Advanced Configuration expansion button. Figure 18 Modifying real service 5. Select the Enable Slow-Offline or Stop Service option. 6. Click Apply. If you select both the Enable Slow-Offline and Stop Service options for a real service, the LB module immediately stops assigning traffic to the real service, and the slow-offline function does not take effect. Creating a virtual service for Layer 4 server load balancing 1. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. 2. Click Virtual Service. The virtual service page appears. 22

26 Figure 19 Virtual service To view the configurations and statistics of a real service, click the Real Service Name link of the real service. To view the configuration information of a real service group, click the Real Service Group link of a virtual service. If you click the Number of Real Services link of a real service group, the page will go to the Real Service tab, which displays only information about the real services that belong to the virtual service group. 3. Click Add. The virtual service configuration page appears. 4. Select Four for LB Layer. The page for creating a virtual service appears. 23

27 Figure 20 Creating a virtual service for Layer 4 server load balancing 5. Configure the parameters as described in Table Click Apply. Table 4 Configuration items Item Virtual Service Name LB Layer VPN Instance Virtual Service IP Mask Protocol Description Set a virtual service name, which uniquely identifies a virtual service. Select the Four option. Select the VPN instance to which the virtual service belongs. Specify the VSIP of the cluster. In server load balancing, users request services with this IP address as the destination IP address. For firewall load balancing, you can configure only one VSIP. For NAT- and DR-mode server load balancing, you can configure multiple VSIPs. Specify the VSIP mask. For NAT- and DR-mode server load balancing, the mask length must be 32 bit. Select the protocol used by the cluster to provide services. 24

28 Item Description When you select UDP as the protocol, set whether to enable the mechanism of distributing services based on packets. Enable Forced LB Packet exchange for some UDP-based services, such as DNS, RADIUS, and so on, can be completed in one exchanging process, and in some specific scenarios, the quintuple of packets is the same. In this case, load balancing cannot be implemented on service packets based on the session-based load balancing mode. Therefore, forced load balancing needs to be enabled to implement load balancing of service packets according to the mechanism of distributing services based on packets. IMPORTANT: Forced load balancing of fragmented packets is implemented based on virtual fragment reassembly. Therefore, you must enable virtual fragment reassembly on the zone to which the interfaces that process LB packets belong. For more information, see Security Configuration Guide. Port Forwarding Mode Set the port number used by the cluster to provide services. Load balancing mode adopted: NAT NAT-mode server load balancing. Direct Routing DR-mode server load balancing. Firewall Firewall load balancing. IMPORTANT: For NAT-mode server load balancing, to implement NAT internal server on the LB module's interface attached to the user network, do not configure the VSIP as the external IP address of the internal server. Otherwise, the two functions may conflict with each other. Enable source address NAT translation, which changes the source address of a packet during load balancing. Enable SNAT This option can be set only when the forwarding mode is NAT. IMPORTANT: After you enable SNAT for the virtual service, do not configure NAT on the LB module's interface connecting the real server for traffic matching the virtual service. Otherwise, the two functions may conflict with each other. Configure an SNAT IP address pool. The option can be set when Enable SNAT is selected. Its default value is the virtual service IP address. SNAT IP Pool The start IP address and end IP address must be both configured or both empty, and the end IP address must be greater than the start IP address. IMPORTANT: The SNAT address pool cannot have overlapping address spaces with the address pool configured for dynamic NAT on the interface that connects the device to the real server. Otherwise, TCP packet checksum calculation error may occur. 25

29 Item Description Select a method for associating real services and connections that access the same virtual service. Persistence Method Using a persistence method can reduce times that LB module distributes traffic and services. If you do not select a persistence method, no real services or connections are associated. Source IP Connections that have the same source address will be associated with the same real service. In this mode, if the service port number is configured as any, then any connection with the same source address and protocol type indicates access of the same real service. Source Port Connections that have the same source port will be associated with the same real service. Destination Port Connections that have the same destination port will be associated with the same real service. Source IP + Port Connections that have the same source address and port will be associated with the same real service. Destination IP + Port Connections that have the same destination address and port will be associated with the same real service. Set the aging time of a persistence entry. Persistence Timeout When a persistence method is configured, persistence entries are generated according to the persistence method. If a persistence entry is not matched within the persistence timeout time, the persistence entry is deleted. This option is not available if you do not select a persistence method. Connection Limit Set the maximum number of concurrent connections of the virtual service. Reference a real service group for the virtual service. IMPORTANT: Real Service Group Enable Virtual Service HP recommends you not to reference a real service group with the scheduling algorithm Least Connections or Weighted Least Connections for the virtual service enabled with forced load balancing. Otherwise, load balancing may not operate normally. Whether to enable a virtual service after it is configured. This option is not available if you do not select a real service group. Creating a virtual service for Layer 7 server load balancing 1. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. 2. Click Virtual Service. The virtual service page appears. 3. Click Add. The virtual service configuration page appears. 4. Select Seven for LB Layer. The page for creating a virtual service appears. 26

30 Figure 21 Creating a virtual service for Layer 7 server load balancing 5. Configure the parameters as described in Table Click Apply. Table 5 Configuration items Item Virtual Service Name LB Layer VPN Instance Virtual Service IP Mask Protocol Description Set a virtual service name, which uniquely identifies a virtual service. Select the Seven option. Select the VPN instance to which the virtual service belongs. Specify the VSIP of the cluster. In server load balancing, users request services with this IP address as the destination IP address. You can configure multiple VSIPs. Specify the VSIP mask, which must be 32-bit long. Select the protocol used by the cluster to provide services. 27

31 Item Enable Forced LB Port Description When you select UDP as the protocol, set whether to enable the mechanism of distributing services based on packets. Packet exchange for some UDP-based services, such as DNS and RADIUS, can be completed in one exchanging process, and in some specific scenarios, the quintuple of packets is the same. In this case, load balancing cannot be implemented on service packets based on the session-based load balancing mode. Therefore, forced load balancing needs to be enabled to implement load balancing of service packets according to the mechanism of distributing services based on packets. IMPORTANT: Forced load balancing of fragmented packets is implemented based on virtual fragment reassembly. Therefore, you must enable virtual fragment reassembly on the zone to which the interfaces that process LB packets belong. For more information, see Security Configuration Guide. Port number of the services provided by the cluster. Enable source address NAT translation, which changes the source address of a packet during load balancing. Enable SNAT SNAT IP Pool IMPORTANT: After you enable SNAT for the virtual service, do not configure NAT on the LB module's interface connecting the real server for traffic matching the virtual service. Otherwise, the two functions may conflict with each other. Configure an SNAT IP address pool. The option can be set when Enable SNAT is selected. Its default value is the virtual service IP address. The start IP address and end IP address must be both configured or both empty, and the end IP address must be greater than the start IP address. IMPORTANT: The SNAT address pool cannot have overlapping address spaces with the address pool configured for dynamic NAT on the interface that connects the device to the real server. Otherwise, TCP packet checksum calculation error may occur. 28

32 Item Description Select a method for associating real services and connections that access the same virtual service. Persistence Method Using a persistence method can reduce the number of times for an LB module to distribute services and traffic. If you do not select any method, no association is performed. Cookie Insert If no Set-Cookie field with server information is carried in a response sent by the server, the LB module adds a Set-Cookie field including server information. Then the client will carry the Cookie field that contains the server information in the next request. LB module will match the Cookie information, and then select a corresponding real server to send the request to it. Cookie Get The response sent by the server carries the Set-Cookie information. The LB module gets the Cookie value in the response according to the user-configured Cookie ID. For the subsequent packets sent by the client, if the packets match the cached Cookie value, the LB module sends the packets to the corresponding real service. Cookie Rewrite If the response sent by the server carries the Set-Cookie field that contains the HP-SrvID=xxxxxxxx character string, the LB module replaces the "xxxxxxxx" character string in the Set-Cookie field with the server information. Then the client will carry the Cookie field that contains the server information in the next request, and the LB module will sends the request to the corresponding real service according to the server information in the Cookie field. Cookie Rewrite improves the Cookie Insert mode. SIP Keeps sessions according to the Call-ID in a SIP packet. SIP connection over TCP/UDP is supported. HTTP Header Keeps sessions according to the HTTP header information. SSL Keeps sessions according to the Session ID of the SSL protocol packets. RADIUS Keeps sessions according to the RADIUS attributes (Framed-IP-Address or User-Name). DHCP Keeps sessions according to the DHCP attributes (Transaction ID or Client Hardware Address). IMPORTANT: If you select TCP as the protocol, the Cookie Insert, Cookie Get, Cookie Rewrite, SIP, HTTP Header, and SSL persistence methods are supported. If you select UDP as the protocol, the RADIUS, SIP, and DHCP persistence methods are supported. If you select RTSP URL as the real service group method, set the persistence method to none. Otherwise, load balancing cannot work properly. If you adopt the Cookie Rewrite method, you need to configure HP-SrvID=xxxxxxxx on the server, and the length of xxxxxxxx depends on the aging time configured on the LB module. If the aging time is Session Age, the length of xxxxxxxx cannot be smaller than 8 bytes. If you manually set the aging time, the length of xxxxxxxx cannot be smaller than 47 bytes. Otherwise, Cookie Rewrite performance will be greatly reduced. Persistence Timeout Set the validation time of the inserted Cookie information when you select Cookie Insert or Cookie Rewrite as the persistence method. Optionally, you can select Session Age. If you select Session Age, the inserted Cookie information will become invalid after the current page is closed. 29

33 Item Cookie Info Check all HTTP Header Persistence Timeout Connection Limit Description If you select Cookie Get as the persistence method, set the information in the Cookies users are interested in, such as session-id, session-id-time (the time when a session was established) and user ID. If you select Cookie Get as the persistence method, select this option to get cookies from all responses. If this field is not selected, Set-Cookie information is gotten only from the first response in one connection. If you select Cookie Rewrite as the persistence method, select this option to rewrite the server information in all responses. If you do not select this option, server information is rewritten only in the first response in one connection. When you select HTTP Header as the persistence method, set the HTTP header to be used: Host Keeps sessions according to the Host field in the HTTP header. Request-Method Keeps sessions according to the request method in the HTTP header. URL Keeps sessions according to the URL in the HTTP header. Version Keeps sessions according to the version number in the HTTP header. Others Keeps sessions according to other fields in the HTTP header input by users. Set the aging time for persistence entries when you select Cookie Get, SIP, HTTP Header, or SSL as the persistence method. If you apply a persistence method, persistence entries will be generated according to the specified persistence method. If a persistence entry is not matched within the specified persistence timeout time, the entry will be deleted. Set the maximum number of concurrent connections of the virtual service. 30

34 Item Real Service Group Method Description Match criteria for packets accessing the same virtual service to match different real service groups. If you do not select a method, it indicates that only one real service group is referenced in the virtual service, and there is no need to match different packets to different real service groups. HTTP Content Matches real service groups according to the contents in the HTTP header. The contents include the following: Accept-Encoding Matches real service groups according to the compression mode supported by the client browser defined by the Accept-Encoding packet header. Accept-Language Matches real service groups according to the language code supported by the client browser defined by the Accept-Language packet header. Host Matches real service groups according to the host name carried in the Host packet header. Request-Method Matches real service groups according to the method used on the resources identified by the Request-URI. URL-File Matches real service groups according to resource file or file type. URL-Function Matches real service groups according to the resource obtaining path. User-Agent Matches real service groups according to the client browser type carried in the User-Agent header. Others Matches real service groups according to any field contained in other HTTP headers input by users. RTSP URL Matches real service groups according to the resource obtaining path (namely, the URL-Function of RTSP) of RTSP. DHCP Relay Agent IP Matches real service groups by using the IP address of the DHCP Relay agent. IMPORTANT: If you select TCP as the protocol, the HTTP Content and RTSP URL match criteria are supported. If you select UDP as the protocol, DHCP Relay Agent IP is supported. If you select SIP as the persistence method, set the real service group method to none. Otherwise, load balancing cannot be normally performed. If you select Cookie Insert, Cookie Get, or HTTP Header as the persistence method, do not set the real service group method to RTSP. Otherwise, load balancing cannot work properly. Real service group referenced by the virtual service. Real Service Group If you do not select a real service group method, you can configure only one real service group; if you select a real service group method, you can configure multiple real service groups. IMPORTANT: If you select RTSP URL as the real service group method, specify at least one real service group that matches all packets (namely, no character is specified in the real service group). Otherwise, load balancing cannot work properly. 31

35 Item Description Whether to enable adding of client source address information in HTTP headers. After you select HTTP Take Source IP, you must select By X-Forwarded-For Header or By User-Defined Header. Carry Source IP in HTTP Header Enable Virtual Service IMPORTANT: This configuration is meaningful only when the server provides services based on the client source address. When you select SIP as the persistence method, do not enable this configuration item. Otherwise, load balancing cannot work properly. When you select RTSP URL as the real service group method, do not enable this configuration item. Otherwise, load balancing cannot work properly. Whether to enable a virtual service after it is configured. This option is not available if you do not select a real service group. Displaying server load balancing statistics 1. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. 2. Click Statistics. Statistics of all the virtual services of server load balancing are displayed on the page, including total number of connections, average of active connections/peak of active connections, connection average rate/peak rate, number of forwarded/ignored packets in the inbound direction, and number of forwarded packets in the outbound direction. If you click the link of a virtual service name, the statistics of all the real services of the virtual service will be displayed on the lower part of the page, including total number of connections, average of active connections/peak of active connections, connection average rate/peak rate, packets received, and packets sent, as shown in Figure 22. Figure 22 Statistics 32

36 Configuring IPv6 server/firewall load balancing IPv6 firewall load balancing and server load balancing are configured in the same way. This section describes the configuration of server load balancing. Configuration considerations The configuration considerations of IPv6 server load balancing are similar to those of Layer 4 IPv4 server load balancing except that the former does not support ACL. For more information, see "Server load balancing configuration considerations." Recommended configuration procedure Step 1. Saving of the last hop information 2. Enabling unidirectional traffic detection 3. Configuring a health monitoring method Remarks Saving of the last hop information must be enabled on a level 2 LB module in firewall load balancing. This task is optional in other cases. For more information, see "Configuring public parameters." Unidirectional traffic detection must be enabled on an LB module in DR server load balancing. This task is optional in other cases. To configure unidirectional traffic detection, navigate to Security > Session Table > Configuration. Optional. 4. Creating a real service group Required. IMPORTANT: 5. Creating a real service Required. 6. Creating a virtual service Required. 7. Displaying server load balancing statistics Optional. 8. Enabling slow-offline Optional. The maximum number of real service groups, real services, and virtual services depends on the resource configuration of the virtual device. For more information, see System Management Configuration Guide. Configuring public parameters 1. Select Load Balance > Public Setting from the navigation tree. The public parameter configuration page appears. 33

37 Figure 23 Public parameter configuration 2. Set whether to enable the saving last hop information function. Enabling this function makes sure responses can be returned on the original path. This function must be enabled on level 2 LB modules in firewall load balancing. 3. Click Apply. Configuring a health monitoring method Load balancing supports multiple health monitoring types. This section describes only the types supported by IPv6 server load balancing. HTTP Monitors the availability of an HTTP service through HTTP access. ICMP Monitors the reachability of a server by sending ICMP messages. To configure a health monitoring method: 1. Select Load Balance > Health Monitor from the navigation tree. The heath monitoring page appears. 34

38 Figure 24 Health monitoring 2. Click Add. The page for adding a health monitoring method appears. Figure 25 Adding a health monitoring method 3. Configure the parameters as described in Table Click Apply. 35

39 Table 6 Configuration items Item Name Health Monitoring Check Interval Timeout Retry Times URL Description Health monitoring method name. Health monitoring type. Interval at which health monitoring is performed. Timeout for a health monitoring operation. When the number of retry times is n, if health monitoring is performed for n times and the corresponding server or port is unavailable, the health monitoring is considered failed. URL to access in HTTP health monitoring. It must begin with "/", and is case-sensitive. For example, /test.html. Response Content Real Service Domain Name Content of a user's response that HTTP health monitoring detects. If the response that the user returns contains the specified content, the HTTP health monitoring succeeds. Otherwise, the HTTP health monitoring fails. Domain name for the server or network device that is processing services. The domain name is filled into the HOST header of a request in HTTP health monitoring. If you do not configure this parameter, the IP address of the server is filled into the HOST header of the request. The parameters are available only on the page for setting HTTP health monitoring parameters. Destination IP Destination IP address for health monitoring, which must be an IPv4 address. If this parameter is not specified, the IP address of the real service is adopted. Destination port number for health monitoring. Destination Port IMPORTANT: This parameter is not supported by ICMP health monitoring. If this parameter is 0 (not specified), the port number of the real service is used for heath monitoring. HP recommends that you specify a non-zero destination port number for health monitoring based on the network environment. Creating a real service group 1. Select Load Balance > Server Load Balance > IPv6 from the navigation tree. The Real Service Group tab appears. Figure 26 Real service group 36

40 If you click the Number of Real Services link of a real service group, the page will go to the Real Service tab, which displays only the information about the real services that belong to the real service group. 2. Click Add. The real service group configuration page appears. Figure 27 Adding a real service group 3. Configure the parameters as described in Table Click Apply. Table 7 Configuration items Item Real Service Group Name Description Set a real service group name, which uniquely identifies a real service group. 37

41 Item Scheduler Description Select an algorithm that a real service group uses to distribute services and traffic: Round Robin Assigns new connections to each real service in turn. Weighted Round Robin Assigns new connections to real services based on the weights of real services. A higher weight indicates more new connections will be assigned. Least Connections New connections are always assigned to the real service with the fewest number of active connections. Weighted Least Connections New connections are always assigned to the real service with the fewest number of weighted active connections (the number of active connections/weight). Random Assigns new connections to real services randomly. Weighted Random Assigns new connections randomly to real services based on their weights; a higher weight indicates more new connections will be assigned. Source Address Hashing Assigns a new connection to a specific real service based on the source address of the connection. This algorithm makes sure new connections with the same source address can be assigned to the same real service. Source Address Port Hashing Assigns a new connection to a specific real service based on the source address and port of the connection. This algorithm makes sure new connections with the same source address and port can be assigned to the same real service. Destination Address Hashing Assigns a new connection to a specific real service based on the destination address of the connection. IMPORTANT: Destination address hashing is applicable to firewall load balancing mode and other algorithms are applicable to server load balancing. Select a health monitoring method that a real service group uses to monitor its real services. Health Monitoring Method Health Monitoring Success Criteria IMPORTANT: The health monitoring method specified for the real service group takes effect for a real service that has the same health monitoring method specified. Otherwise, the health monitoring method specified for the real service takes effect. Specify the health monitoring success criteria. If you select All, health monitoring succeeds only when all the selected health monitoring methods succeed. If you select At Least and specify a value, health monitoring succeeds when the number of succeeded health monitoring methods reaches the specified value. 38

42 Item Real Service Troubleshooting Description Select a method that the real service group uses to handle existing connections when it detects that a real service fails: Keep Connection Does not actively terminate the connection with the failed real service. Keeping or terminating the connection depends on the timeout mechanism of the protocol. Disconnection Actively terminates the connection with the failed real service. Redirection Redirects the connection to another available real service in the real service group. Advanced Configuration Enable Slow-Online Standby Time Ramp-Up Time IMPORTANT: At present, redirection is applied to firewall load balancing mode and other methods are applied to server load balancing. When you add a server or a network device to a cluster, because some servers or network devices cannot take on a large amount of services immediately, you can enable the slow-online function. With slow-online enabled, after the server or network device goes online, the LB module will not assign services to it in the standby time. After the standby time is reached, the LB module will assign services to the server or network device gradually within the slow-online time. After the slow-online time is reached, the LB module will assign services to the server or network device normally. Creating a real service 1. Select Load Balance > Server Load Balance > IPv6 from the navigation tree. 2. Click the Real Service tab. The real service page appears. Figure 28 Real service To view the configurations and statistics of a real service, click the Real Service Name link of the real service. When a real service is available, and is not enabled with slow-offline, its status is displayed as. When a real service is available, and is enabled with slow-offline, its status is displayed as. When a real service is unavailable, its status is displayed as. 3. Click Add. The real service configuration page appears. 39

43 Figure 29 Creating a real service 4. Configure the parameters as described in Table Click Apply. Table 8 Configuration items Item Real Service Name Real Service IP Port Weight Connection Limit Real Service Group Description Set a real service name, which uniquely identifies a real service. Specify the IP address (IPv6 address) of a server or network device that processes services. Set a port number that is related to the following parameters: Health monitoring method for a service group If the port number of a real service is not 0, the destination port number for health monitoring is the port number of the real service. If the port number of a real service is 0, the destination port number for health monitoring is the port number of the protocol used for each health monitoring mode. Forwarding mode for a virtual service If the forwarding mode is set to NAT, then the port number is taken as the destination port of a packet after NAT translation, and the port number must be consistent with that of the server; if the forwarding mode is set to direct routing or firewall forwarding, the port number is used only for health monitoring. Set the weight to be used in the weighted round robin and weighted least connections algorithms. A smaller weight indicates that the real service is less scheduled. Set the maximum number of concurrent connections of the real service. Specify the real service group to which the real service belongs. Advanced Configuratio n Health Monitoring Method Select one of the following health monitoring methods: No Monitoring Same As Real Service Group Specified Use the health monitoring method specified by the real service to perform health monitoring. If you select this option, you must specify a health monitoring method for the real service (add one or more items in the Available Health Monitoring Methods field to the Selected Health Monitoring Methods field), and specify the health monitoring success criteria. 40

44 Item Description Health Monitoring Success Criteria When you select Specified for Health Monitoring Method, you must specify the health monitoring success criteria. If you select All, health monitoring succeeds only when all the selected health monitoring methods succeed. If you select At Least and specify a value, health monitoring succeeds when the number of succeeded health monitoring methods reaches the specified value. Enabling slow-offline To remove the server or network device corresponding to a real service from a cluster, or temporarily stop a real service, you can enable slow-offline. After you enable slow-offline, the real service continues to process the traffic previously assigned to it, but the LB module does not assign any new service to the real service. Remove the server or network device from the cluster after the original services are processed to avoid service interruption. To enable slow-offline: 1. Select Load Balance > Server Load Balance > IPv6 from the navigation tree. 2. Click Real Service. The real service page appears. 3. Click the icon of the target real service. The Modify Real Service page appears. 4. Click the Advanced Configuration expansion button. Figure 30 Modifying real service 5. Select the Enable Slow-Offline option. 6. Click Apply. 41

45 Creating a virtual service 1. Select Load Balance > Server Load Balance > IPv6 from the navigation tree. 2. Click Virtual Service. The virtual service page appears. Figure 31 Virtual service To view the configurations and statistics of a real service, click the Real Service Name link of the real service. To view the configuration information of a real service group, click the Real Service Group link of a virtual service. If you click the Number of Real Services link of a real service group, the page will go to the Real Service tab, which displays only the information about the real services that belong to the virtual service group. 3. Click Add. The virtual service configuration page appears. 42

46 Figure 32 Creating a virtual service 4. Configure the parameters as described in Table Click Apply. Table 9 Configuration items Item Virtual Service Name VPN Instance Virtual Service IP Prefix Description Set a virtual service name, which uniquely identifies a virtual service. Select the VPN instance to which the virtual service belongs. Specify the VSIP (IPv6 address) and prefix length of the cluster, or the destination network segment of the packets to be load balanced. In server load balancing, users request services with this IP address as the destination IP address. IMPORTANT: If you select NAT or Direct Route as the forwarding mode, the prefix length must be 128. Protocol Port Forwarding Mode Enable SNAT Select the protocol used by the cluster to provide services. Set the port number used by the cluster to provide services. Load balancing mode adopted: NAT NAT-mode server load balancing. Direct Routing DR-mode server load balancing. Firewall Firewall load balancing. Enable source address NAT translation, which changes the source address of a packet during load balancing. This option can be set only when the forwarding mode is NAT. 43

47 Item Description Configure an SNAT IP address pool. The option can be set when Enable SNAT is selected. Its default value is the virtual service IP address. SNAT IP Pool The start IP address and end IP address must be both configured or both empty, and the end IP address must be greater than the start IP address. IMPORTANT: The SNAT address pool cannot have overlapping address spaces with the address pool configured for dynamic NAT on an interface of the device. Persistence Method Select a method for associating real services and connections that access the same virtual service. If you do not select a persistence method, no real services or connections are associated. Source IP Connections that have the same source address will be associated with the same real service. In this mode, if the service port number is configured as any, then any connection with the same source address and protocol type indicates access of the same real service. The source IP mode can reduce times that LB module distributes traffic and services. Set the aging time of a persistence entry. Persistence Timeout When a persistence method is configured, persistence entries are generated according to the persistence method. If a persistence entry is not matched within the persistence timeout time, the persistence entry is deleted. This option is not available if you do not select a persistence method. Connection Limit Real Service Group Enable Virtual Service Set the maximum number of concurrent connections of the virtual service. Reference a real service group for the virtual service. Whether to enable a virtual service after it is configured. This option is not available if you do not select a real service group. Displaying server load balancing statistics 1. Select Load Balance > Server Load Balance > IPv6 from the navigation tree. 2. Click Statistics. Statistics of all the virtual services of server load balancing are displayed on the page, including total number of connections, average of active connections/peak of active connections, connection average rate/peak rate, number of forwarded/ignored packets in the inbound direction, and number of forwarded packets in the outbound direction. 3. Click the link of a virtual service name. The statistics of all the real services of the virtual service are displayed on the lower part of the page, including total number of connections, average of active connections/peak of active connections, connection average rate/peak rate, packets received, and packets sent, as shown in Figure

48 Figure 33 Statistics Load balancing configuration examples Layer 4 IPv4 server load balancing configuration example Network requirements As shown in Figure 34, three servers Server A, Server B, and Server C can provide HTTP services. Server A has the highest hardware configuration, and Server B the second. Enable these three servers to provide HTTP services together, and all HTTP traffic is required to be filtered by the LB module. Cluster provides HTTP service. Layer 4 server load balancing should be applied. All traffic will pass the LB module: NAT-mode server load balancing (Responses in DR mode do not pass the LB module). The performance of the three servers is different and therefore weighted round robin algorithm is adopted. 45

49 Figure 34 Network diagram Cluster Server A :8080 IP network VSIP LB product Server B :8080 Server C :8080 Configuring the LB module Assume that the IP addresses of the interfaces on the LB module and the zone to which they belong have been configured. The following describes the configurations of load balancing in detail. 1. Create real service group HTTPGroup: a. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. The Real Service Group tab appears. b. Click Add. The Add Real Service Group page appears. c. Enter the real service group name HTTPGroup, and select the algorithm Weighted Round Robin, heath monitoring method icmp, and troubleshooting method Keep Connection. d. Click Apply. Figure 35 Creating a real service group 46

50 2. Create real service ServerA for Server A: a. Click the Real Service tab. b. Click Add. The Add Real Service page appears. c. Enter the real service name ServerA, IP address , port number 8080, and weight 150, and select the real service group HTTPGroup. d. Click Apply. Figure 36 Creating a real service 3. Create real service ServerB for Server B: a. Click Add on the Real Service tab. The Add Real Service page appears. b. Enter the real service name ServerB, IP address , port number 8080, and weight 120, and select the real service group HTTPGroup. c. Click Apply. 4. Create real service ServerC for Server C: a. Click Add on the Real Service tab. The Add Real Service page appears. b. Enter the real service name ServerC, IP address , port number 8080, and weight 100, and select the real service group HTTPGroup. c. Click Apply. 5. Create virtual service VS: a. Click Virtual Service. b. Click Add. The Add Virtual Service page appears. c. Enter the virtual service name VS. 47

51 d. Select Four for LB Layer. e. Click Add next to Virtual Service IP, enter the IP address of the virtual service , and click Apply. f. Select the mask 32 ( ) and protocol type TCP. g. Enter the port number 80. h. Select the forwarding mode NAT, real service group HTTPGroup, and the Enable Virtual Service option. i. Click Apply. Figure 37 Creating virtual service VS Verifying the configuration After the server runs properly for a period of time, you can display the statistics to verify the configuration of load balancing. 1. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. 2. Click the Statistics tab. 3. Click the virtual service name link of virtual service VS. You can see the statistics on the page. 48

52 Figure 38 Statistics Figure 38 shows that the total number of connections of Server A, Server B, and Server C is in a ratio of 15:12:10, which is the same as that of the configured weights. Therefore, the server load balancing function has taken effect. Layer 7 IPv4 server load balancing configuration example Network requirements As shown in Figure 39, four servers Server A, Server B, Server C, and Server D can provide HTTP services. Server A and Server B have the same performance, and Server C and Server D have the same performance. Enable these four servers to provide music services as music servers, and Server C and Server D provide news services as news servers. Cluster provides HTTP service and each server has different functions, and thus Layer 7 server load balancing should be applied. Server A and Server B operate as music servers, and Server C and Server D operate as news servers: assign servers with the same function to the same real service group, and perform real service group match according to resource obtaining path (URL-Function). The performance of the servers of the same function is the same and therefore round robin algorithm is adopted. 49

53 Figure 39 Network diagram Configuring the LB module Assume that the IP addresses of the interfaces on the LB module and the zone to which they belong have been configured and the corresponding zone is enabled with the virtual fragment reassembly function. The following describes the configurations of load balancing in detail. 1. Create real service group SongsGroup: a. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. The Real Service Group tab appears. b. Click Add. The Add Real Service Group page appears. c. Enter the real service group name SongsGroup, select the algorithm Round Robin, health monitoring method icmp, and troubleshooting method Keep Connection, and enter character /songs. d. Click Apply. 50

54 Figure 40 Creating a real service group 2. Create real service group NewsGroup: a. Click Add on the Real Service page. The Add Real Service Group page appears. b. Enter the real service group name NewsGroup, select the algorithm Round Robin, health monitoring method icmp, and troubleshooting method Keep Connection, and enter character /news. c. Click Apply. 3. Create real service ServerA for Server A: a. Click the Real Service tab, and click Add. The Add Real Service page appears. b. Enter the real service name ServerA, IP address , and port number 80. c. Select the real service group SongsGroup. d. Click Apply. 51

55 Figure 41 Creating a real service 4. Create real service ServerB for Server B: a. Click Add on the Real Service tab. The Add Real Service page appears. b. Enter the real service name ServerB, IP address , and port number 80, and select the real service group SongsGroup. c. Click Apply. 5. Create real service ServerC for Server C: a. Click Add on the Real Service tab. The Add Real Service page appears. b. Enter the real service name ServerC, IP address , and port number 80, and select the real service group NewsGroup. c. Click Apply. 6. Create real service ServerD for Server D: a. Click Add on the Real Service tab. The Add Real Service page appears. b. Enter the real service name ServerD, IP address , and port number 80, and select the real service group NewsGroup. c. Click Apply. 7. Create virtual service VS: a. Click Virtual Service, and click Add. The Add Virtual Service page appears. b. Enter the virtual service name VS, and select Seven for LB Layer. c. Click Add next to Virtual Service IP, enter the IP address of the virtual service , and click Apply. d. Select the mask 32 ( ) and protocol TCP, and enter the port number

56 e. Select URL-Function in HTTP Content as the Real Service Group Method. f. Select SongsGroup and NewsGroup in the Available Groups area, and then click the << button to add them to the selected real service groups. g. Select the Enable Virtual Service option. h. Click Apply. Figure 42 Creating virtual service VS Verifying the configuration Host request songs from the server group. After the server runs properly for a period of time, you can display the statistics to verify the configuration of load balancing. 1. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. 2. Click the Statistics tab. 3. Click the virtual service name link of virtual service VS. You can see the statistics on the page. 53

57 Figure 43 Statistics (I) 4. Click the icon to clear the statistics of virtual service vs. 5. Host request news from the server group. 6. After the server group runs for a period of time, click Refresh to display the statistics to verify the configuration of load balancing. 54

58 Figure 44 Statistics (II) The statistics show that when Host requests songs from the server group, there are connections only on Server A and Server B, and the total number of connections of Server A and Server B is in a ratio of 1:1; when Host requests news from the server group, there are connections only on Server C and Server D, and the total number of connections of Server C and Server D is in a ratio of 1:1. The statistics is the same as the pre-configured policies and algorithm. Therefore, the Layer 7 server load balancing function has taken effect. IPv4 firewall load balancing configuration example Network requirements As shown in Figure 45, two firewalls Firewall A and Firewall B each are connected to internal network and Internet through an LB module to balance load between the two networks to enhance network performance. Firewall load balancing is adopted. LB module A operates as the level 1 LB module, and LB module B the level 2 LB module. 55

59 Figure 45 Network diagram Configuring LB module A Assume that the IP addresses of the interfaces on LB module A and the zones to which they belong have been configured. 1. Create real service group FirewallGroup on LB module A: a. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. The Real Service Group tab appears. b. Click Add. The Add Real Service Group page appears. c. Enter the real service group name FirewallGroup, select the algorithm Destination IP Hashing, health monitoring method icmp, and troubleshooting method Redirection. d. Click Apply. Figure 46 Creating a real service group 2. Create real service FirewallA for Firewall A on LB module A: 56

60 a. Click the Real Service tab. b. Click Add. The Add Real Service page appears. c. Enter the real service name FirewallA and IP address , and select the real service group FirewallGroup. d. Click Apply. Figure 47 Creating a real service 3. Create real service FirewallB for Firewall B: a. Click Add on the Real Service tab. The Add Real Service page appears. b. Enter the real service name FirewallB and IP address , and select the real service group FirewallGroup. c. Click Apply. 4. Create virtual service VS on LB module A: a. Click Virtual Service. b. Click Add. The Add Virtual Service page appears. c. Enter the virtual service name VS, and select the Four option for the LB Layer. d. Click Add next to Virtual Service IP, enter the IP address of the virtual service , and click Apply. e. Select the mask 24 ( ) and protocol type Any. f. Enter the port number 0, and select the forwarding mode Firewall Forwarding. g. Select the real service group FirewallGroup, and select the Enable Virtual Service option. h. Click Apply. 57

61 Figure 48 Creating virtual service VS Configuring LB module B Assume that the IP addresses of the interfaces on LB module B and the zones to which they belong have been configured. 1. Select Load Balance > Public Setting from the navigation tree. The public parameter configuration page appears. 2. Select Keep Last-hop Information. 3. Click Apply. Figure 49 Saving the last hop information Verifying the configuration A period of time after the hosts in the internal network access the Interface, you can display the statistics on LB module A to verify load balancing configuration. To view the traffic from Network A to Network B on LB module A: 1. Select Load Balance > Server Load Balance > IPv4 from the navigation tree. 2. Click the Statistics tab. 58

62 3. Click the virtual service name link of virtual service VS. You can see the statistics on the page. Figure 50 Statistics on LB module A Figure 50 shows that the traffic from the internal network to Internet is balanced by Firewall A and Firewall B. 59

Load Balancing Technology White Paper

Load Balancing Technology White Paper Load Balancing Technology White Paper Keywords: Server, gateway, link, load balancing, SLB, LLB Abstract: This document describes the background, implementation, and operating mechanism of the load balancing

More information

HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls

HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls NAT Configuration Guide Part number:5998-2649 Document version: 6PW100-20110909 Legal and notice information Copyright 2011 Hewlett-Packard Development Company,

More information

HP 5120 SI Switch Series

HP 5120 SI Switch Series HP 5120 SI Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-1813 Software version: Release 1505 Document version: 6W102-20121111 Legal and notice information Copyright

More information

HP VPN Firewall Appliances

HP VPN Firewall Appliances HP VPN Firewall Appliances High Availability Configuration Guide Part number: 5998-4169 Software version: F1000-A-EI/F1000-S-EI (Feature 3726) F1000-E (Release 3177) F5000 (Feature 3211) F5000-S/F5000-C

More information

HP 830 Series PoE+ Unified Wired-WLAN Switch Switching Engine

HP 830 Series PoE+ Unified Wired-WLAN Switch Switching Engine HP 830 Series PoE+ Unified Wired-WLAN Switch Switching Engine Network Management and Monitoring Configuration Guide Part number: 5998-3936 Software version: 3308P26 Document version: 6W101-20130628 Legal

More information

HP High-End Firewalls

HP High-End Firewalls HP High-End Firewalls Access Control Configuration Guide Part number: 5998-2648 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719

More information

HP High-End Firewalls

HP High-End Firewalls HP High-End Firewalls NAT and ALG Command Reference Part number: 5998-2639 Software version: F1000-E/Firewall module: R3166 F5000-A5: R3206 Document version: 6PW101-20120706 Legal and notice information

More information

HP Load Balancing Module

HP Load Balancing Module HP Load Balancing Module High Availability Configuration Guide Part number: 5998-2687 Document version: 6PW101-20120217 Legal and notice information Copyright 2012 Hewlett-Packard Development Company,

More information

HP A5500 EI & A5500 SI Switch Series Network Management and Monitoring. Configuration Guide. Abstract

HP A5500 EI & A5500 SI Switch Series Network Management and Monitoring. Configuration Guide. Abstract HP A5500 EI & A5500 SI Switch Series Network Management and Monitoring Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the

More information

HP 5820X & 5800 Switch Series Network Management and Monitoring. Configuration Guide. Abstract

HP 5820X & 5800 Switch Series Network Management and Monitoring. Configuration Guide. Abstract HP 5820X & 5800 Switch Series Network Management and Monitoring Configuration Guide Abstract This document describes the software features for the HP 5820X & 5800 Series products and guides you through

More information

HP Load Balancing Module

HP Load Balancing Module HP Load Balancing Module Security Configuration Guide Part number: 5998-2686 Document version: 6PW101-20120217 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part

More information

HP 6125 Blade Switch Series

HP 6125 Blade Switch Series HP 6125 Blade Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-3162 Software version: Release 2103 Document version: 6W100-20120907 Legal and notice information Copyright

More information

HP Firewalls and UTM Devices

HP Firewalls and UTM Devices HP Firewalls and UTM Devices NAT and ALG Configuration Guide Part number: 5998-4166 Software version: F1000-A-EI: Feature 3722 F1000-S-EI: Feature 3722 F5000: Feature 3211 F1000-E: Feature 3174 Firewall

More information

HP 6125G & 6125G/XG Blade Switches

HP 6125G & 6125G/XG Blade Switches HP 6125G & 6125G/XG Blade Switches Network Management and Monitoring Configuration Guide Part number: 5998-3162b Software version: Release 2103 and later Document version: 6W103-20151020 Legal and notice

More information

HP Load Balancing Module

HP Load Balancing Module HP Load Balancing Module System Management Configuration Guide Part number: 5998-4216 Software version: Feature 3221 Document version: 6PW100-20130326 Legal and notice information Copyright 2013 Hewlett-Packard

More information

HP High-End Firewalls

HP High-End Firewalls HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2650 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719

More information

Configuring Health Monitoring

Configuring Health Monitoring CHAPTER1 This chapter describes how to configure health monitoring on the ACE to track the state of a server by sending out probes. Also referred to as out-of-band health monitoring, the ACE verifies the

More information

HP FlexFabric 5700 Switch Series

HP FlexFabric 5700 Switch Series HP FlexFabric 5700 Switch Series Security Command Reference Part number: 5998-6695 Software version: Release 2416 Document version: 6W100-20150130 Legal and notice information Copyright 2015 Hewlett-Packard

More information

HP High-End Firewalls

HP High-End Firewalls HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2630 Software version: F1000-E/Firewall module: R3166 F5000-A5: R3206 Document version: 6PW101-20120706 Legal and notice information

More information

HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls

HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls HP A-F1000-A-EI_A-F1000-S-EI VPN Firewalls VPN Configuration Guide Part number:5998-2652 Document version: 6PW100-20110909 Legal and notice information Copyright 2011 Hewlett-Packard Development Company,

More information

HP 5920 & 5900 Switch Series

HP 5920 & 5900 Switch Series HP 5920 & 5900 Switch Series OpenFlow Command Reference Part number: 5998-4679a Software version: Release 23xx Document version: 6W101-20150320 Legal and notice information Copyright 2015 Hewlett-Packard

More information

HP 5920 & 5900 Switch Series

HP 5920 & 5900 Switch Series HP 5920 & 5900 Switch Series Security Command Reference Part number: 5998-2887 Software version: Release2208 Document version: 6W100-20130228 Legal and notice information Copyright 2013 Hewlett-Packard

More information

BIG-IP Local Traffic Management: Basics. Version 12.1

BIG-IP Local Traffic Management: Basics. Version 12.1 BIG-IP Local Traffic Management: Basics Version 12.1 Table of Contents Table of Contents Introduction to Local Traffic Management...7 About local traffic management...7 About the network map...7 Viewing

More information

HP 5920 & 5900 Switch Series

HP 5920 & 5900 Switch Series HP 5920 & 5900 Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-2900 Software version: Release 2210 Document version: 6W100-20131105 Legal and notice information Copyright

More information

HP 6125 Blade Switch Series

HP 6125 Blade Switch Series HP 6125 Blade Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-3156 Software version: Release 2103 Document version: 6W100-20120907 Legal and notice information Copyright 2012

More information

HP 6125 Blade Switch Series

HP 6125 Blade Switch Series HP 6125 Blade Switch Series About the HP 6125 Blade s Part number: 5998-3152 Software version: Release 2103 Document version: 6W100-20120907 Legal and notice information Copyright 2012 Hewlett-Packard

More information

HP 3600 v2 Switch Series

HP 3600 v2 Switch Series HP 3600 v2 Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-2351 Software version: Release 2108P01 Document version: 6W100-20131130 Legal and notice information Copyright 2013

More information

About the HP 830 Series PoE+ Unified Wired-WLAN Switch and HP 10500/ G Unified Wired-WLAN Module

About the HP 830 Series PoE+ Unified Wired-WLAN Switch and HP 10500/ G Unified Wired-WLAN Module About the HP 830 Series Switch and HP 10500/7500 20G Unified Module s Part number: 5998-3903 Software version: 3308P29 (HP 830 Series Switch) 2308P29 (HP 10500/7500 20G Unified Module) Document version:

More information

Virtual Recovery Assistant user s guide

Virtual Recovery Assistant user s guide Virtual Recovery Assistant user s guide Part number: T2558-96323 Second edition: March 2009 Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company makes no warranty of any kind

More information

HP MSR Router Series. Network Management and Monitoring Configuration Guide(V7)

HP MSR Router Series. Network Management and Monitoring Configuration Guide(V7) HP MSR Router Series Network Management and Monitoring Configuration Guide(V7) Part number: 5998-7724b Software version: CMW710-R0304 Document version: 6PW104-20150914 Legal and notice information Copyright

More information

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1 PB478675 Product Overview The Cisco ACE Application Control Engine 4710 represents the next generation of application switches

More information

HP FlexFabric 5930 Switch Series

HP FlexFabric 5930 Switch Series HP FlexFabric 5930 Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-4571 Software version: Release 2406 & Release 2407P01 Document version: 6W101-20140404 Legal and notice information

More information

HP FlexFabric 5930 Switch Series

HP FlexFabric 5930 Switch Series HP FlexFabric 5930 Switch Series Layer 3 IP Services Command Reference Part number: 5998-4568 Software version: Release 2406 & Release 2407P01 Document version: 6W101-20140404 Legal and notice information

More information

About the Configuration Guides for HP Unified

About the Configuration Guides for HP Unified About the Configuration Guides for HP Unified Wired-W Products HP 830 Unified Wired-W PoE+ Switch Series HP 850 Unified Wired-W Appliance HP 870 Unified Wired-W Appliance HP 11900/10500/7500 20G Unified

More information

HP VSR1000 Virtual Services Router

HP VSR1000 Virtual Services Router HP VSR1000 Virtual Services Router Layer 2 - WAN Access Configuration Guide Part number: 5998-6023 Software version: VSR1000_HP-CMW710-R0202-X64 Document version: 6W100-20140418 Legal and notice information

More information

HP Unified Wired-WLAN Products

HP Unified Wired-WLAN Products HP Unified Wired-WLAN Products Security Command Reference HP 830 Unified Wired-WLAN PoE+ Switch Series HP 850 Unified Wired-WLAN Appliance HP 870 Unified Wired-WLAN Appliance HP 11900/10500/7500 20G Unified

More information

Configuring Virtual Servers

Configuring Virtual Servers 3 CHAPTER This section provides an overview of server load balancing and procedures for configuring virtual servers for load balancing on an ACE appliance. Note When you use the ACE CLI to configure named

More information

HP A5820X & A5800 Switch Series MPLS. Configuration Guide. Abstract

HP A5820X & A5800 Switch Series MPLS. Configuration Guide. Abstract HP A5820X & A5800 Switch Series MPLS Configuration Guide Abstract This document describes the software features for the HP 5820X & 5800 Series products and guides you through the software configuration

More information

HP 6125 Blade Switch Series

HP 6125 Blade Switch Series HP 6125 Blade Switch Series About the HP 6125 Blade Command s Part number: 5998-3163 Software version: Release 2103 Document version: 6W100-20120907 Legal and notice information Copyright 2012 Hewlett-Packard

More information

History Page. Barracuda NextGen Firewall F

History Page. Barracuda NextGen Firewall F The Firewall > History page is very useful for troubleshooting. It provides information for all traffic that has passed through the Barracuda NG Firewall. It also provides messages that state why traffic

More information

HP FlexFabric 7900 Switch Series

HP FlexFabric 7900 Switch Series HP FlexFabric 7900 Switch Series MCE Configuration Guide Part number: 5998-6188 Software version: Release 2117 and Release 2118 Document version: 6W100-20140805 Legal and notice information Copyright 2014

More information

BIG-IQ Centralized Management: ADC. Version 5.0

BIG-IQ Centralized Management: ADC. Version 5.0 BIG-IQ Centralized Management: ADC Version 5.0 Table of Contents Table of Contents BIG-IQ Application Delivery Controller: Overview...5 What is Application Delivery Controller?...5 Managing Device Resources...7

More information

HP 5920 & 5900 Switch Series

HP 5920 & 5900 Switch Series HP 5920 & 5900 Switch Series MCE Configuration Guide Part number: 5998-2896 Software version: Release2207 Document version: 6W100-20121130 Legal and notice information Copyright 2012 Hewlett-Packard Development

More information

HP FlexFabric 5930 Switch Series

HP FlexFabric 5930 Switch Series HP FlexFabric 5930 Switch Series MCE Configuration Guide Part number: 5998-4625 Software version: Release 2406 & Release 2407P01 Document version: 6W101-20140404 Legal and notice information Copyright

More information

HP Management Integration Framework 1.7

HP Management Integration Framework 1.7 HP Management Integration Framework 1.7 Administrator Guide Abstract This document describes the use of HP Management Integration Framework interfaces and is intended for administrators involved in the

More information

HP FlexFabric 5930 Switch Series

HP FlexFabric 5930 Switch Series HP FlexFabric 5930 Switch Series Network Management and Monitoring Configuration Guide Part number: 5998-7772b Software version: Release 241x Document version: 6W102-20171117 Legal and notice information

More information

Configuring Traffic Policies for Server Load Balancing

Configuring Traffic Policies for Server Load Balancing CHAPTER3 Configuring Traffic Policies for Server Load Balancing This chapter describes how to configure the ACE appliance to use classification (class) maps and policy maps to filter and match interesting

More information

HPE Intelligent Management Center

HPE Intelligent Management Center HPE Intelligent Management Center Service Health Manager Administrator Guide Abstract This guide provides introductory, configuration, and usage information for Service Health Manager (SHM). It is for

More information

HP 5120 SI Switch Series

HP 5120 SI Switch Series HP 5120 SI Switch Series Layer 2 - LAN Switching Configuration Guide Part number: 5998-1807 Software version: Release 1513 Document version: 6W100-20130830 Legal and notice information Copyright 2013 Hewlett-Packard

More information

Paper solution Subject: Computer Networks (TE Computer pattern) Marks : 30 Date: 5/2/2015

Paper solution Subject: Computer Networks (TE Computer pattern) Marks : 30 Date: 5/2/2015 Paper solution Subject: Computer Networks (TE Computer- 2012 pattern) Marks : 30 Date: 5/2/2015 Q1 a) What is difference between persistent and non persistent HTTP? Also Explain HTTP message format. [6]

More information

BIG-IP Access Policy Manager : Portal Access. Version 12.1

BIG-IP Access Policy Manager : Portal Access. Version 12.1 BIG-IP Access Policy Manager : Portal Access Version 12.1 Table of Contents Table of Contents Overview of Portal Access...7 Overview: What is portal access?...7 About portal access configuration elements...7

More information

HP 6125XLG Blade Switch

HP 6125XLG Blade Switch HP 6125XLG Blade Switch Network Management and Monitoring Configuration Guide Part number: 5998-5376a Software version: Release 240x Document version: 6W101-20150515 Legal and notice information Copyright

More information

HP Routing Switch Series

HP Routing Switch Series HP 12500 Routing Switch Series EVI Configuration Guide Part number: 5998-3419 Software version: 12500-CMW710-R7128 Document version: 6W710-20121130 Legal and notice information Copyright 2012 Hewlett-Packard

More information

About the HP MSR Router Series

About the HP MSR Router Series About the HP MSR Router Series Command (V7) Part number: 5998-7731b Software version: CMW710-R0304 Document version: 6PW104-20150914 Legal and notice information Copyright 2015 Hewlett-Packard Development

More information

Configuring Traffic Policies

Configuring Traffic Policies CHAPTER 11 Date: 4/23/09 Cisco Application Networking Manager helps you configure class maps and policy maps to provide a global level of classification for filtering traffic received by or passing through

More information

Firepower Threat Defense Cluster for the Firepower 4100/9300

Firepower Threat Defense Cluster for the Firepower 4100/9300 Firepower Threat Defense Cluster for the Firepower 4100/9300 Clustering lets you group multiple Firepower Threat Defense units together as a single logical device. Clustering is only supported for the

More information

HP MSR Router Series. EVI Configuration Guide(V7) Part number: b Software version: CMW710-R0304 Document version: 6PW

HP MSR Router Series. EVI Configuration Guide(V7) Part number: b Software version: CMW710-R0304 Document version: 6PW HP MSR Router Series EVI Configuration Guide(V7) Part number: 5998-7360b Software version: CMW710-R0304 Document version: 6PW104-20150914 Legal and notice information Copyright 2015 Hewlett-Packard Development

More information

HP A5830 Switch Series Layer 3 - IP Services. Configuration Guide. Abstract

HP A5830 Switch Series Layer 3 - IP Services. Configuration Guide. Abstract HP A5830 Switch Series Layer 3 - IP Services Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures.

More information

HP Intelligent Management Center Remote Site Management User Guide

HP Intelligent Management Center Remote Site Management User Guide HP Intelligent Management Center Remote Site Management User Guide Abstract This book provides overview and procedural information for Remote Site Management, an add-on service module to the Intelligent

More information

HP A6600 Routers Network Management and Monitoring. Command Reference. Abstract

HP A6600 Routers Network Management and Monitoring. Command Reference. Abstract HP A6600 Routers Network Management and Monitoring Command Reference Abstract This document describes the commands and command syntax options available for the HP A Series products. This document is intended

More information

Realms and Identity Policies

Realms and Identity Policies The following topics describe realms and identity policies: Introduction:, page 1 Creating a Realm, page 5 Creating an Identity Policy, page 11 Creating an Identity Rule, page 15 Managing Realms, page

More information

BIG-IP Access Policy Manager : Implementations. Version 12.1

BIG-IP Access Policy Manager : Implementations. Version 12.1 BIG-IP Access Policy Manager : Implementations Version 12.1 Table of Contents Table of Contents Web Access Management...11 Overview: Configuring APM for web access management...11 About ways to time out

More information

BIG-IP Access Policy Manager : Portal Access. Version 13.0

BIG-IP Access Policy Manager : Portal Access. Version 13.0 BIG-IP Access Policy Manager : Portal Access Version 13.0 Table of Contents Table of Contents Overview of Portal Access...7 Overview: What is portal access?...7 About portal access configuration elements...

More information

HP Intelligent Management Center

HP Intelligent Management Center HP Intelligent Management Center Application Manager Administrator Guide Abstract This guide provides instructions for using IMC Application Manager. It includes information on prerequisites, service monitor

More information

IPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in Table 1. Table 1 IPv4 ACL categories

IPv4 ACLs, identified by ACL numbers, fall into four categories, as shown in Table 1. Table 1 IPv4 ACL categories Table of Contents ACL Configuration 1 ACL Overview 1 IPv4 ACL Classification 1 IPv4 ACL Rule Order 1 Rule Numbering Step with IPv4 ACLs 3 Effective Time Period of an IPv4 ACL 3 IP Fragments Filtering with

More information

HP 5120 SI Switch Series

HP 5120 SI Switch Series HP 5120 SI Switch Series Layer 3 - IP Services Configuration Guide Part number: 5998-1807 Software version: Release 1513 Document version: 6W100-20130830 Legal and notice information Copyright 2013 Hewlett-Packard

More information

HP MSR Router Series. IPX Configuration Guide(V5) Part number: Software version: CMW520-R2513 Document version: 6PW

HP MSR Router Series. IPX Configuration Guide(V5) Part number: Software version: CMW520-R2513 Document version: 6PW HP MSR Router Series IPX Configuration Guide(V5) Part number: 5998-8183 Software version: CMW520-R2513 Document version: 6PW106-20150808 Legal and notice information Copyright 2015 Hewlett-Packard Development

More information

HP 5120 SI Switch Series

HP 5120 SI Switch Series HP 5120 SI Switch Series Security Configuration Guide Part number: 5998-1815 Software version: Release 1505 Document version: 6W102-20121111 Legal and notice information Copyright 2012 Hewlett-Packard

More information

User Guide TL-R470T+/TL-R480T REV9.0.2

User Guide TL-R470T+/TL-R480T REV9.0.2 User Guide TL-R470T+/TL-R480T+ 1910012468 REV9.0.2 September 2018 CONTENTS About This Guide Intended Readers... 1 Conventions... 1 More Information... 1 Accessing the Router Overview... 3 Web Interface

More information

HP Load Balancing Module

HP Load Balancing Module HP Load Balancing Module System Maintenance Configuration Guide Part number: 5998-4221 Software version: Feature 3221 Document version: 6PW100-20130326 Legal and notice information Copyright 2013 Hewlett-Packard

More information

HP 5120 EI Switch Series

HP 5120 EI Switch Series HP 5120 EI Switch Series Layer 3 - IP Routing Configuration Guide Part number: 5998-1793 Software version: Release 2220 Document version: 6W100-20130810 Legal and notice information Copyright 2013 Hewlett-Packard

More information

Configuring Real Servers and Server Farms

Configuring Real Servers and Server Farms 6 CHAPTER This section provides an overview of server load balancing and procedures for configuring real servers and server farms for load balancing on an ACE appliance. When you use the ACE CLI to configure

More information

vrealize Orchestrator Load Balancing

vrealize Orchestrator Load Balancing vrealize Orchestrator Load Balancing Configuration Guide Version 7.0.x T E C H N I C A L W H I T E P A P E R M A Y 2 0 1 6 V E R S I O N 1. 0 Table of Contents Introduction... 4 Load Balancing Concepts...

More information

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls

How to Configure a Remote Management Tunnel for Barracuda NG Firewalls How to Configure a Remote Management Tunnel for Barracuda NG Firewalls If the managed NG Firewall can not directly reach the NG Control Center it must connect via a remote management tunnel. The remote

More information

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT

How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT How to Configure Mobile VPN for Forcepoint NGFW TECHNICAL DOCUMENT Table of Contents TABLE OF CONTENTS 1 BACKGROUND 2 WINDOWS SERVER CONFIGURATION STEPS 2 CONFIGURING USER AUTHENTICATION 3 ACTIVE DIRECTORY

More information

HP 3100 v2 Switch Series

HP 3100 v2 Switch Series HP 3100 v2 Switch Series ACL and QoS Configuration Guide HP 3100-8 v2 SI Switch (JG221A) HP 3100-16 v2 SI Switch (JG222A) HP 3100-24 v2 SI Switch (JG223A) HP 3100-8 v2 EI Switch (JD318B) HP 3100-16 v2

More information

HPE FlexFabric 5940 Switch Series

HPE FlexFabric 5940 Switch Series HPE FlexFabric 5940 Switch Series Layer 3 IP Services Configuration Guide Part number: 5200-1022a Software version: Release 2508 and later verison Document version: 6W101-20161101 Copyright 2016 Hewlett

More information

AccessEnforcer Version 4.0 Features List

AccessEnforcer Version 4.0 Features List AccessEnforcer Version 4.0 Features List AccessEnforcer UTM Firewall is the simple way to secure and manage your small business network. You can choose from six hardware models, each designed to protect

More information

Device Management Basics

Device Management Basics The following topics describe how to manage devices in the Firepower System: The Device Management Page, on page 1 Remote Management Configuration, on page 2 Adding Devices to the Firepower Management

More information

HP 5130 EI Switch Series

HP 5130 EI Switch Series HP 5130 EI Switch Series ACL and QoS Configuration Guide Part number: 5998-5471a Software version: Release 31xx Document version: 6W100-20150731 Legal and notice information Copyright 2015 Hewlett-Packard

More information

How to Configure a Remote Management Tunnel for an F-Series Firewall

How to Configure a Remote Management Tunnel for an F-Series Firewall How to Configure a Remote Management Tunnel for an F-Series Firewall If the managed NextGen Firewall F-Series cannot directly reach the NextGen Control Center, it must connect via a remote management tunnel.

More information

This release of the product includes these new features that have been added since NGFW 5.5.

This release of the product includes these new features that have been added since NGFW 5.5. Release Notes Revision A McAfee Next Generation Firewall 5.7.6 Contents About this release New features Enhancements Known limitations Resolved issues System requirements Installation instructions Upgrade

More information

KYOCERA Net Admin User Guide

KYOCERA Net Admin User Guide KYOCERA Net Admin User Guide Legal Notes Unauthorized reproduction of all or part of this guide is prohibited. The information in this guide is subject to change without notice. We cannot be held liable

More information

How to Configure Authentication and Access Control (AAA)

How to Configure Authentication and Access Control (AAA) How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual

More information

Configuring Cache Services Using the Web Cache Communication Protocol

Configuring Cache Services Using the Web Cache Communication Protocol Configuring Cache Services Using the Web Cache Communication Protocol Finding Feature Information, page 1 Prerequisites for WCCP, page 1 Restrictions for WCCP, page 2 Information About WCCP, page 3 How

More information

HP 5920 & 5900 Switch Series

HP 5920 & 5900 Switch Series HP 5920 & 5900 Switch Series Network Management and Monitoring Command Reference Part number: 5998-2889 Software version: Release 2210 Document version: 6W100-20131105 Legal and notice information Copyright

More information

HP Intelligent Management Center Remote Site Manager

HP Intelligent Management Center Remote Site Manager HP Intelligent Management Center Remote Site Manager Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators who manage the IMC Remote

More information

Defining IPsec Networks and Customers

Defining IPsec Networks and Customers CHAPTER 4 Defining the IPsec Network Elements In this product, a VPN network is a unique group of targets; a target can be a member of only one network. Thus, a VPN network allows a provider to partition

More information

Oracle E-Business Suite 11i with Cisco ACE Series Application Control Engine Deployment Guide, Version 1.0

Oracle E-Business Suite 11i with Cisco ACE Series Application Control Engine Deployment Guide, Version 1.0 Design Guide Oracle E-Business Suite 11i with Cisco ACE Series Application Control Engine Deployment Guide, Version 1.0 This design guide describes how to deploy the Cisco Application Control Engine (Cisco

More information

Cisco Expressway with Jabber Guest

Cisco Expressway with Jabber Guest Cisco Expressway with Jabber Guest Deployment Guide First Published: Decemeber 2016 Cisco Expressway X8.9 Cisco Jabber Guest Server 10.6.9 (or later) Cisco Systems, Inc. www.cisco.com Contents Preface

More information

HP FlexFabric 5930 Switch Series

HP FlexFabric 5930 Switch Series HP FlexFabric 5930 Switch Series ACL and QoS Configuration Guide Part number: 5998-7761a Software version: Release 241x Document version: 6W102-20151210 Legal and notice information Copyright 2015 Hewlett-Packard

More information

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0

Configuration Guide TL-ER5120/TL-ER6020/TL-ER REV3.0.0 Configuration Guide TL-ER5120/TL-ER6020/TL-ER6120 1910012186 REV3.0.0 June 2017 CONTENTS About This Guide Intended Readers... 1 Conventions... 1 More Information... 1 Viewing Status Information... 2 System

More information

BIG-IP DNS: Monitors Reference. Version 12.1

BIG-IP DNS: Monitors Reference. Version 12.1 BIG-IP DNS: Monitors Reference Version 12.1 Table of Contents Table of Contents Monitors Concepts...5 Purpose of monitors...5 Benefits of monitors...5 Methods of monitoring...5 Comparison of monitoring

More information

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0 BIG-IP Access Policy Manager : Secure Web Gateway Version 13.0 Table of Contents Table of Contents BIG-IP APM Secure Web Gateway Overview...9 About APM Secure Web Gateway... 9 About APM benefits for web

More information

Table of Contents 1 AAA Overview AAA Configuration 2-1

Table of Contents 1 AAA Overview AAA Configuration 2-1 Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-3 Introduction to RADIUS 1-3

More information

Chapter 09 Network Protocols

Chapter 09 Network Protocols Chapter 09 Network Protocols Copyright 2011, Dr. Dharma P. Agrawal and Dr. Qing-An Zeng. All rights reserved. 1 Outline Protocol: Set of defined rules to allow communication between entities Open Systems

More information

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air - Virtual Private Cloud OnDemand Networking Guide vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

HPE Security ArcSight Connectors

HPE Security ArcSight Connectors HPE Security ArcSight Connectors SmartConnector for IP Flow (NetFlow/J-Flow) Configuration Guide October 17, 2017 SmartConnector for IP Flow (NetFlow/J-Flow) October 17, 2017 Copyright 2004 2017 Hewlett

More information

F5 BIG-IQ Centralized Management: Local Traffic & Network. Version 5.2

F5 BIG-IQ Centralized Management: Local Traffic & Network. Version 5.2 F5 BIG-IQ Centralized Management: Local Traffic & Network Version 5.2 Table of Contents Table of Contents BIG-IQ Local Traffic & Network: Overview... 5 What is Local Traffic & Network?... 5 Understanding

More information

User Identity Sources

User Identity Sources The following topics describe Firepower System user identity sources, which are sources for user awareness. These users can be controlled with identity and access control policies: About, on page 1 The

More information