Вы находитесь на странице: 1из 64
Alteon Switch 운영자 운영자 교육 교육
Alteon Switch 운영자 운영자 교육 교육
Alteon Switch 운영자 운영자 교육 교육

Alteon Switch

운영자운영자 교육교육

Alteon Switch 운영자 운영자 교육 교육
Alteon Switch 운영자 운영자 교육 교육
- Alteon switch - Alteon swich 제품군 - Server Load Balancing 이해 - Server Load

- Alteon switch

- Alteon switch - Alteon swich 제품군 - Server Load Balancing 이해 - Server Load Balancing
- Alteon switch - Alteon swich 제품군 - Server Load Balancing 이해 - Server Load Balancing

- Alteon swich 제품군

- Server Load Balancing 이해

- Server Load Balancing 운용과 설정

Alteon swich 제품군 - Server Load Balancing 이해 - Server Load Balancing 운용과 설정 - Troubleshooting
Alteon swich 제품군 - Server Load Balancing 이해 - Server Load Balancing 운용과 설정 - Troubleshooting

- Troubleshooting Guide

Alteon swich 제품군 - Server Load Balancing 이해 - Server Load Balancing 운용과 설정 - Troubleshooting
- Alteon switch 제품군 AAS 3408 • 8ea 10/100/1000 Mbps ports • 8ea Gigabit ports
- Alteon switch 제품군
AAS 3408
8ea 10/100/1000 Mbps ports
8ea Gigabit ports
2M concurrent sessions
16 Gbps backplane capacity
AAS 2216
16ea 10/100 Mbps ports
2ea Gigabit ports
1M concurrent sessions
16 Gbps backplane capacity
WSM
• 4- 10/100 TX or Gig SX ports
• 80MB of Memory
• 512K concurrent sessions
AAS 2424
24 10/100Mbps ports
4ea Gigabit ports
184(AD4)
2M concurrent sessions
• Nine 10/100/1000 Mbps ports
16 Gbps backplane capacity
• 4 MB of memory per port (1-8)
• 8 MB of memory on port 9
• 512K concurrent sessions
• 8 Gbps backplane capacity
AAS 2208
180e(AD3)
• 8ea 10/100 Mbps ports
• 2ea Gigabit ports
Eight 10/100/1000 Mbps ports
• 600K concurrent sessions
One 1000BASE-SX port
• 16 Gbps backplane capacity
2MB of memory per port
336K concurrent sessions
8 Gbps backplane capacity
Feature/Function
Price
• 2MB of memory per port • 336K concurrent sessions • 8 Gbps backplane capacity Feature/Function
- Alteon Web switches Selectable 8 x 10/100 or 1000SX Ethernet ports 1- 100 or

- Alteon Web switches

- Alteon Web switches Selectable 8 x 10/100 or 1000SX Ethernet ports 1- 100 or Gigabit

Selectable 8 x 10/100 or 1000SX Ethernet ports

1- 100 or Gigabit Ethernet uplink on Port 9

Ethernet ports 1- 100 or Gigabit Ethernet uplink on Port 9 6 LEDs/port - Data -
Ethernet ports 1- 100 or Gigabit Ethernet uplink on Port 9 6 LEDs/port - Data -

6 LEDs/port

1- 100 or Gigabit Ethernet uplink on Port 9 6 LEDs/port - Data - Link -

- Data

- Link

- Active

Alteon 184
Alteon 184
or Gigabit Ethernet uplink on Port 9 6 LEDs/port - Data - Link - Active Alteon

AC and DC power available

Console port

or Gigabit Ethernet uplink on Port 9 6 LEDs/port - Data - Link - Active Alteon
RISC Fwd Engine RISC WebIC Memory
RISC
Fwd
Engine
RISC
WebIC
Memory
RISC Fwd Engine RISC WebIC Memory - Alteon Web switches RISC RISC Management Module Memory Flash

- Alteon Web switches

RISC RISC Management Module Memory Flash 8 Gbps Switch Backplane
RISC
RISC
Management
Module
Memory
Flash
8 Gbps
Switch Backplane
RISC Fwd RISC Fwd Engine RISC RISC WebIC Memory Memory
RISC
Fwd
RISC
Fwd
Engine
RISC
RISC
WebIC
Memory
Memory
Fwd RISC Fwd Engine RISC RISC WebIC Memory Memory Engine WebIC Switch Ports • WebIC: network
Engine WebIC
Engine
WebIC
Fwd Engine RISC RISC WebIC Memory Memory Engine WebIC Switch Ports • WebIC: network processing ASIC

Switch

Ports

RISC RISC WebIC Memory Memory Engine WebIC Switch Ports • WebIC: network processing ASIC with hardware-assisted

WebIC: network processing ASIC with hardware-assisted forwarding engine and dual RISC processors

Up to 20 RISC processor per switch

Optimized for processing-intensive session services

Separate centralized switch management processors

per switch • Optimized for processing-intensive session services • Separate centralized switch management processors
-Passport 8600 Routing Switch with Alteon Web Switching Module • Complete Layer 2-7 switching solution

-Passport 8600 Routing Switch with Alteon Web Switching Module

8600 Routing Switch with Alteon Web Switching Module • Complete Layer 2-7 switching solution Passport 8600

Complete Layer 2-7 switching solution

Passport 8600 L2-7 Intelligent Routing Switch

solution Passport 8600 L2-7 Intelligent Routing Switch • Comprised of Alteon Web Switching Module for the
solution Passport 8600 L2-7 Intelligent Routing Switch • Comprised of Alteon Web Switching Module for the
solution Passport 8600 L2-7 Intelligent Routing Switch • Comprised of Alteon Web Switching Module for the

Comprised of Alteon Web Switching Module for the Passport 8600

Integrated platform provides a higher level of intelligent networking for LAN/WAN/MAN and data center requirements

networking for LAN/WAN/MAN and data center requirements • Lower total cost of ownership with integration and

Lower total cost of ownership with integration and device consolidation

L2-7
L2-7

Alteon Web Switching Module (WSM)

• Lower total cost of ownership with integration and device consolidation L2-7 Alteon Web Switching Module
- Alteon Application Switch Nomenclature nn nn Alteon Application Switch Series Number 2 = Fast

- Alteon Application Switch Nomenclature

- Alteon Application Switch Nomenclature nn nn Alteon Application Switch Series Number 2 = Fast Ethernet
- Alteon Application Switch Nomenclature nn nn Alteon Application Switch Series Number 2 = Fast Ethernet
- Alteon Application Switch Nomenclature nn nn Alteon Application Switch Series Number 2 = Fast Ethernet
- Alteon Application Switch Nomenclature nn nn Alteon Application Switch Series Number 2 = Fast Ethernet
nn nn
nn
nn

Alteon Application Switch

Series Number

2 = Fast Ethernet 3 = Gigabit Ethernet

Gigabit Uplink Ports

Port Density

nn Alteon Application Switch Series Number 2 = Fast Ethernet 3 = Gigabit Ethernet Gigabit Uplink

Alteon

nn Alteon Application Switch Series Number 2 = Fast Ethernet 3 = Gigabit Ethernet Gigabit Uplink
1 7 9 10 2 8 8 FE 2 GE 1 7 9 15 2
1
7
9
10
2
8
8 FE
2 GE
1
7
9
15
2
8
10
16
17
18
16
FE
2 GE
1 7 9 15 17 23 25 26 27 28 2 8 10 16 18
1
7
9 15
17
23
25
26
27
28
2
8
10 16
18
24
24
FE
4 GE
4 1000TX or GBIC Choice
1
2
3
4
3
4
5
6
5
6
7
8
9
10
11
12
4
1000TX Only
4 GE
4
1000TX or GBIC Choice

- 4가지 모델의 Alteon Application Switch

AAS 2208

(8FEx2GE)

4 가지 모델의 Alteon Application Switch AAS 2208 (8FEx2GE) AAS 2216 (16FEx2GE) AAS 2424 (24FEx4GE) AAS

AAS 2216

(16FEx2GE)

4 가지 모델의 Alteon Application Switch AAS 2208 (8FEx2GE) AAS 2216 (16FEx2GE) AAS 2424 (24FEx4GE) AAS

AAS 2424

(24FEx4GE)

4 가지 모델의 Alteon Application Switch AAS 2208 (8FEx2GE) AAS 2216 (16FEx2GE) AAS 2424 (24FEx4GE) AAS

AAS 3408

(12GE)

4 가지 모델의 Alteon Application Switch AAS 2208 (8FEx2GE) AAS 2216 (16FEx2GE) AAS 2424 (24FEx4GE) AAS
4 가지 모델의 Alteon Application Switch AAS 2208 (8FEx2GE) AAS 2216 (16FEx2GE) AAS 2424 (24FEx4GE) AAS
- Alteon Application Switch 2424 RJ45 Auto 10/100 Fast Ethernet Ports SFP GBICs: 1000Base-SX Or

- Alteon Application Switch 2424

RJ45 Auto 10/100 Fast Ethernet Ports

Application Switch 2424 RJ45 Auto 10/100 Fast Ethernet Ports SFP GBICs: 1000Base-SX Or 1000Base-LX with LC

SFP GBICs: 1000Base-SX Or 1000Base-LX with LC Connectors

1 7 2 9 8 15 17 23 18 24 25 26 27 28 LED:
1
7
2
9
8
15
17
23
18
24
25
26 27 28
LED: Fan
LEDs: SFP
10 16
10
16
15 17 23 18 24 25 26 27 28 LED: Fan LEDs: SFP 10 16 LED:

LED: Power

LEDs on Port

{

DB9

Console

24 25 26 27 28 LED: Fan LEDs: SFP 10 16 LED: Power LEDs on Port

1-RU

form factor

RJ45

Management

Port

24 25 26 27 28 LED: Fan LEDs: SFP 10 16 LED: Power LEDs on Port
- Alteon Application Switch 3408 DB9 SFP GBICs: 1000Base-SX Or 1000Base-LX with LC Connectors Console
- Alteon Application Switch 3408
DB9
SFP GBICs: 1000Base-SX
Or 1000Base-LX with LC Connectors
Console
LEDs: SFP
{
1
2
3
4
3
4
5
6
5
6
7
8
1-RU
Optional
Copper or Optical
9
10
11
form factor
12
RJ45 Auto
LED: Power
LED: Fan
10/100/1000
RJ45 Management
Port
Ethernet Ports
Optical 9 10 11 form factor 12 RJ45 Auto LED: Power LED: Fan 10/100/1000 RJ45 Management
- Alteon Application Switch Inside MP • Gigabit Ethernet Gigabit Ethernet • VMA VMA MP

- Alteon Application Switch Inside

MP
MP
• Gigabit Ethernet Gigabit Ethernet • VMA VMA MP MP M M M M M
Gigabit Ethernet
Gigabit Ethernet
VMA
VMA
MP
MP
M M
M
M
M
M
M
M
M
M
SP1
SP1
SP1
SP2
SP2
SP2
SP3
SP3
SP3
SP4
SP4
SP4
M
M
M
M
M
M
M
M
Gigabit
Gigabit
or
or
Fast E
Fast E
thernet
thernet
SP
Gigabit or or Fast E Fast E thernet thernet SP • Architecture allows for flexibility in

Architecture allows for flexibility in future software feature/ application development

• •

On AD/180 series, Management Processor and Management Port are synonymous

On Alteon 2000/3000 series, MP refers to Management Processor and NOT Management Port

Health checking, start-up, configurations

On, AD/180 series Switch Processor and Switch Port are synonymous

On, Alteon 2000/3000 series SP refers to Switch Processor which is not the same as a Switch Port

Layer 2 7 processing

M

128-MB each of fast SDRAM (SP)

Total switch memory = 640-MB

Switch Port Layer 2 – 7 processing M • 128-MB each of fast SDRAM (SP) •
- Alteon Application Switch VMA Client Virtual Matrix Architecture (VMA) CPU CPU CPU CPU CPU

- Alteon Application Switch VMA

Client

- Alteon Application Switch VMA Client Virtual Matrix Architecture (VMA) CPU CPU CPU CPU CPU CPU

Virtual Matrix Architecture (VMA)

CPU CPU CPU CPU CPU CPU CPU CPU DA_X, SA_3, RIP_A DA_X, SA_1, RIP_A DA_Y,
CPU
CPU
CPU
CPU
CPU
CPU
CPU
CPU
DA_X, SA_3, RIP_A
DA_X, SA_1, RIP_A
DA_Y, SA_2, RIP_B
DA_X, SA_1, RIP_A
Unattached
Server
port
SA_2, RIP_B DA_X, SA_1, RIP_A Unattached Server port DA_X SA_1 DA_Y SA_2 DA_X SA_1 Server DA_X
SA_2, RIP_B DA_X, SA_1, RIP_A Unattached Server port DA_X SA_1 DA_Y SA_2 DA_X SA_1 Server DA_X
SA_2, RIP_B DA_X, SA_1, RIP_A Unattached Server port DA_X SA_1 DA_Y SA_2 DA_X SA_1 Server DA_X

DA_X

SA_1

DA_X SA_1
DA_Y SA_2
DA_Y
SA_2

DA_X

SA_1

DA_X SA_1

Server

DA_X SA_3
DA_X
SA_3

Performance of distributed architecture with centralized architectures resource utilization

CPUs at all ports actively share L4-7 processing load

Each ingress packet hashed to one of 8 ports for L4-7 processing

Hashing algorithm ensures even distribution of Internet traffic

Packets in same session always hashed to the same CPU

Memory at all ports pooled and utilized at all times

Session entries kept in memory local to designated CPUs

Global session table kept for cookie persistent sessions

All ports store all filtering/redirection policies

CPUs – Global session table kept for cookie persistent sessions – All ports store all filtering/redirection
구분 3408(E) 2424(E) 2424-SSL(E) 2216(E) 2208(E) Total Ports 12 28 28 18 10 10/100 Ethernet
구분
3408(E)
2424(E)
2424-SSL(E)
2216(E)
2208(E)
Total Ports
12
28
28
18
10
10/100 Ethernet Ports
4+4**
24
24
16
8
Gigabit Ethernet Ports
4+4**
4
4
2
2
IP Routing Interfaces
256
256
256
256
256
Virtual Server Support
1,024
1,024
1,024
1024
1024
Real Server Support
1,024
1,024
1,024
1024
1024
Policy Filters
2,048
2,048
2,048
2,048
2,048
Concurrent Sessions
2M(4M)
2M(4M)
2M(4M)
1M(2M)
600K91M)
Layer 7 Performance
(sessions/second)
>51K *
>51K *
>51K *
30K *
15K*
Layer 4 Performance
(sessions/second)
>110K.*
>110K.*
>110K.*
40K *
20K *
Integrated SSL
Acceleration (tps.)**
Base:300
No
No
No
No
Max:1000
Integrated SSL VPN
No
No
Yes
No
No
Height (inches/RU)
1.75/1
1.75/1
1.75/1
1.75/1
1.75/1

- Alteon Application Switch 성능

VPN No No Yes No No Height (inches/RU) 1.75/1 1.75/1 1.75/1 1.75/1 1.75/1 - Alteon Application
- Alteon Application Switch 활용 VPN 네트워크 장비 가속화 애플리케이션 고급 필터링 리디렉션

- Alteon Application Switch 활용

VPN
VPN

네트워크 장비 가속화

애플리케이션 고급 필터링 리디렉션 Layer 2-4 Attributes
애플리케이션
고급 필터링
리디렉션
Layer 2-4 Attributes
고급 필터링 리디렉션 Layer 2-4 Attributes 서버 로드밸런싱 DPI Layer 7 Deep Packet Inspection

서버

로드밸런싱

리디렉션 Layer 2-4 Attributes 서버 로드밸런싱 DPI Layer 7 Deep Packet Inspection 기능 Firewall/IDS LB

DPI

Layer 7 Deep Packet Inspection 기능

Firewall/IDS LB Web Site VLAN Filtering 양방향 VPN LB 각종 Cache Accept, Deny, NAT, Redirect
Firewall/IDS LB
Web Site
VLAN Filtering
양방향 VPN LB
각종 Cache
Accept, Deny, NAT,
Redirect
WAN Links
SSL Appliance
패턴 그룹핑 기능
WAP Gateways
Streaming Media
패턴 그룹핑 기능 WAP Gateways Streaming Media 트래픽 관리 Flow기반 BWM 노텔 P2P 패턴 보안
트래픽 관리 Flow기반 BWM
트래픽 관리
Flow기반 BWM
노텔 P2P 패턴
노텔 P2P 패턴

보안 패턴 업데이트

Bandwidth Management 하우리 바이러스 패턴

Bogon 필터 리스트

하우리 바이러스 패턴 Bogon 필터 리스트 Ascii, Binary Pattern 제공 관리 기능 공격 상세

Ascii, Binary Pattern 제공

관리 기능

공격 상세 로깅(송수신 IP 및 포트, 공격명)

사용자별 세션 내역 트래킹

트래픽 통계 기능

사용자별 세션 내역 트래킹 트래픽 통계 기능 Application LB Global Server LB Application Health Checks

Application LB

Global Server LB

Application Health Checks

보안 서비스

기본 DoS 방지 기능

응용프로그램 과용

SSL VPN 기능

Server LB Application Health Checks 보안 서비스 기본 DoS 방지 기능 응용프로그램 과용 SSL VPN 기능
Protocol Device Example Example 이더넷 스위치와 같은 L2 장비
Protocol
Device Example
Example
이더넷 스위치와 같은
L2 장비

- Application Switch 기반

Layer 4-7 Application/Content Intelligence

OSI 7-Layer Model

Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
HTTP& 서버/IDS URL, 패턴 SSL 스위치 TCP IP 라우터와 같은 L3 장비 Ethernet
HTTP&
서버/IDS
URL, 패턴
SSL
스위치
TCP
IP
라우터와 같은
L3 장비
Ethernet

지능적인 L2-7 장비

애플리케이션

패턴 SSL 스위치 TCP IP 라우터와 같은 L3 장비 Ethernet 지능적인 L2-7 장비 애플리케이션
- SLB ( Server Load Balancing) Server load Balancing 의 이해 • 기존 Server Load

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) Server load Balancing 의 이해 • 기존 Server Load Balancing

Server load Balancing의 이해

기존 Server Load Balancing 방법 - DNS Roundrobin을 이용한 Server Load Balancing

Client Request: Internet
Client
Request:
Internet
Server Load Balancing Client Request: Internet www.abc.com z DN S X y www.abc.com = x www.abc.com
Server Load Balancing Client Request: Internet www.abc.com z DN S X y www.abc.com = x www.abc.com

z

Load Balancing Client Request: Internet www.abc.com z DN S X y www.abc.com = x www.abc.com =

DNS

X y
X
y

Servers

Client Request: Internet www.abc.com z DN S X y www.abc.com = x www.abc.com = y www.abc.com
- SLB ( Server Load Balancing) Client Request: www.abc.com Internet DNS Health Checking R_IP 1

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) Client Request: www.abc.com Internet DNS Health Checking R_IP 1 L4

Client

- SLB ( Server Load Balancing) Client Request: www.abc.com Internet DNS Health Checking R_IP 1 L4

Request:

Internet
Internet

DNS

Health

Checking

Client Request: www.abc.com Internet DNS Health Checking R_IP 1 L4 를 통한 Server Load Balancing -
Client Request: www.abc.com Internet DNS Health Checking R_IP 1 L4 를 통한 Server Load Balancing -

R_IP 1

L4를 통한 Server Load Balancing - Client가 웹브라우저 상에서 URL을 입력하여 DNS로 하여금 얻어지는 Ip address(L4에서는 Virtual IP :

얻어지는 Ip address 값 (L4 에서는 Virtual IP : VIP 이라고 말한다 .) 을 통하여 L4

VIP 이라고 말한다.) 을 통하여 L4Virtual Server로 접속하게 된다. - Virtual Server로 접속하게된 http requestVipmapping되어있는 실제 서버들(real server)Group 으로 matching시켜주게 된다. - Server group으로 Matching 시키는 기법은 L4가 가지있는 여러 가지 분산 알고에 의해 작동하게 되는사이트의 격에 알맞선택하여 주면 된다.

Virtual IP Address R_IP 3
Virtual IP Address
R_IP 3
Servers
Servers

R_IP 2

Real IP Addresses

게 선택 하여 주면 된다 . www.abc.com = VIP Virtual IP Address R_IP 3 Servers R_IP
- Alteon Application Switch WebOS Traffic Flow • At each Ingress Port if Layer 4

- Alteon Application Switch

- Alteon Application Switch WebOS Traffic Flow • At each Ingress Port if Layer 4 parameters
- Alteon Application Switch WebOS Traffic Flow • At each Ingress Port if Layer 4 parameters

WebOS Traffic Flow

At each Ingress Port if Layer 4 parameters are configured traffic flow follows these 3 processes:

Server

Translates RIP to VIP, RPort to VPort and RMAC to VMAC

Filter

Client

Fires Filters and performs associated action

– • Client – Fires Filters and performs associated action Translates VIP to RIP, VPort to
– • Client – Fires Filters and performs associated action Translates VIP to RIP, VPort to

Translates VIP to RIP, VPort to Rport and VMAC to RMAC

– • Client – Fires Filters and performs associated action Translates VIP to RIP, VPort to
- SLB ( Server Load Balancing) Client Internet – Also called Virtual Server – -

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) Client Internet – Also called Virtual Server – - Terminology

Client

Internet
Internet
– Also called Virtual Server –
Also called Virtual Server

-Terminology

Virtual IP Address (VIP)

– – – –

Each VIP must have at least one service

Each VIP can support 8 Services

Real Servers

Can have Public or Private IP Addresses

Must run a TCP/UDP service

Up to 1024 Real Servers can be configured (Version 10)

Virtual IP Address (VIP) Real server IP Address (RIP) Group
Virtual IP Address (VIP)
Real server IP Address (RIP)
Group
– • Groups – – – –
Groups

Can have maximum connections and timeout values assigned

Support of up to 256 Groups

A Group can support 1024 Real Servers

Requires a Health Check metric

Requires a Load Balancing Metric

of up to 256 Groups A Group can support 1024 Real Servers Requires a Health Check
- SLB ( Server Load Balancing) -Terminology • VIP, VMAC, Vport – virtual server :

- SLB ( Server Load Balancing)

-Terminology • VIP, VMAC, Vport – virtual server :
-Terminology
VIP, VMAC, Vport
virtual server :
-Terminology • VIP, VMAC, Vport – virtual server : Client CIP,CMAC,CPORT Internet • • – •

Client

CIP,CMAC,CPORT

Internet
Internet
• • – • • – Client :
– Client :

IP address, MAC address, TCP/UDP port

RIP, RMAC, Rport

real server :

IP address, MAC address, TCP/UDP port

CIP, CMAC, Cport

• IP address, MAC address, TCP/UDP port VMAC ,VIP,VPORT • PIP, PMAC, Pport – proxy
IP address, MAC address, TCP/UDP port
VMAC ,VIP,VPORT
PIP, PMAC, Pport
proxy :
IP address, MAC address, TCP/UDP port
Session
TCP connection, UDP session, IP flow
RMAC,RIP,RPORT
Group
• IP address, MAC address, TCP/UDP port • Session – TCP connection, UDP session, IP flow
- SLB ( Server Load Balancing) Client -Terminology • Client ports Internet Client ports Server

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) Client -Terminology • Client ports Internet Client ports Server ports

Client

-Terminology • Client ports
-Terminology
• Client ports
Internet Client ports Server ports SERVERS
Internet
Client ports
Server ports
SERVERS

- Client processing을 적용할 수 있는 switch port - 각각의 sessionserver로 할당 VIPRIP로 변환

•

Server ports

•

- Server processing을 적용할 수 있는 switch port RIPVIP로 변환

Health Check

Health Check

- Server의 이상유무를 수시로 점검하는 기능

)

( http, tcp, ftp, icmp

로 변환 Health Check Health Check - Server 의 이상유무를 수시로 점검하는 기능 ) ( http,
- SLB ( Server Load Balancing) • Client / Server processing – Changes DIP from

- SLB ( Server Load Balancing)

Client / Server processing

SLB ( Server Load Balancing) • Client / Server processing – Changes DIP from VIP to

Changes DIP from VIP to Real server IP and vice-versa

Client processing also creates session binding entry based on client SIP and Sport

creates session binding entry based on client SIP and Sport SIP 200.20.20.1 DIP 100.10.10.1 DMAC =

SIP 200.20.20.1 DIP 100.10.10.1 DMAC = V-MAC

SIP 200.20.20.1 DIP 192.168.1.1 DMAC = R-MAC

VIP 100.10.10.1 Client processing Server processing SIP 100.10.10.1 DIP 200.20.20.1 DMAC = C-MAC
VIP 100.10.10.1
Client processing
Server processing
SIP 100.10.10.1
DIP 200.20.20.1
DMAC = C-MAC
processing SIP 100.10.10.1 DIP 200.20.20.1 DMAC = C-MAC SIP 192.168.1.1 DIP 200.20.20.1 DMAC = DGW-MAC Server
processing SIP 100.10.10.1 DIP 200.20.20.1 DMAC = C-MAC SIP 192.168.1.1 DIP 200.20.20.1 DMAC = DGW-MAC Server

SIP 192.168.1.1 DIP 200.20.20.1 DMAC = DGW-MAC

Server

192.168.1.1

SIP 100.10.10.1 DIP 200.20.20.1 DMAC = C-MAC SIP 192.168.1.1 DIP 200.20.20.1 DMAC = DGW-MAC Server 192.168.1.1
SIP 100.10.10.1 DIP 200.20.20.1 DMAC = C-MAC SIP 192.168.1.1 DIP 200.20.20.1 DMAC = DGW-MAC Server 192.168.1.1
Clients
Clients

- SLB ( Server Load Balancing)

구 분
구 분

Client Processing

- VIP (Virtual IP address)RIP (Real IP address)변환하는 작업

no Client port? yes
no
Client port?
yes
Session Table Existing session entry? no yes 1. 2. egress port
Session Table
Existing session entry?
no
yes
1.
2.
egress port
L4 Server Src C mac C mac C mac C mac MAC Dst v mac
L4
Server
Src
C
mac
C
mac
C mac
C
mac
MAC
Dst
v
mac
v
mac
R mac
R
mac
Src
C
ip
C
ip
C ip
C
ip
IP
Dst
V
ip
V
ip
R ip
R
ip
Src
2155
2155
2155
2155
Dst
80 80
80 80
TCP
TCP

Translate VMAC:VIP:Vport

to RMAC:RIP:Rport

Forward to real server

Translate VMAC:VIP:Vport to RMAC:RIP:Rport Forward to real server

1. Select Server

2. Place Entry in

Session Table

Translate VMAC:VIP:Vport to RMAC:RIP:Rport Forward to real server 1. Select Server 2. Place Entry in Session
- SLB ( Server Load Balancing) • Server Processing - RIP (Real IP address) 를

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Server Processing - RIP (Real IP address) 를 VIP

Server Processing

- RIP (Real IP address)VIP (Virtual IP address)변환하는 작업

구분 Server L4 Clients Server port? Src R mac R mac V mac V mac
구분
Server
L4
Clients
Server port?
Src
R
mac
R
mac
V mac
V
mac
yes
MAC
Dst
C
mac
C
mac
C mac
C
mac
Service Mapping Table
Src
R
ip
R
ip
V ip
V
ip
Frame IP SA and
IP
Dst
C
ip
C
ip
C ip
C
ip
source UDP/TCP port
matches a configured
Src
80
80
80
80
RIP:Rport?
TCP
Dst
2155
2155
2155
2155
Translate RIP:Rport
to VIP:Vport
Filtering
Src 80 80 80 80 RIP:Rport? TCP Dst 2155 2155 2155 2155 Translate RIP:Rport to VIP:Vport
- SLB ( Server Load Balancing) • Health Check • Health check types - ICMP

- SLB ( Server Load Balancing)

Health Check

• Health check types - ICMP -
Health check types
-
ICMP
-

TCP - 3 way handshake (Service port)

- - - • - Retry counts - Restroe counts - etc R1_OK R2_OK R3_Fail
-
-
-
-
Retry counts
-
Restroe counts
-
etc
R1_OK
R2_OK
R3_Fail

Content - HTTP

Application specific Radius, SSL, POP, DNS etc.

Scripted send sequence, expected response

Health check parameters (realserver)

- Interval ( default 2sec)

DNS etc. Scripted – send sequence, expected response Health check parameters (realserver) - Interval ( default
- SLB ( Server Load Balancing) • Load Balancing Metrics • Load Based: – Round

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Load Balancing Metrics • Load Based: – Round Robin

Load Balancing Metrics

Load Based:

Round Robin / Weighted Round Robin

Least Connections / Weighted Least Connections

Response Time

Bandwidth

Weighted Least Connections – Response Time – Bandwidth • Persistent IP Based – Hash – Minimum

Persistent IP Based

Hash

Minimum Misses

Bandwidth • Persistent IP Based – Hash – Minimum Misses – SSL ID – Cookie Option
Bandwidth • Persistent IP Based – Hash – Minimum Misses – SSL ID – Cookie Option

SSL ID

Cookie

Option : Weights , Maxcon

Bandwidth • Persistent IP Based – Hash – Minimum Misses – SSL ID – Cookie Option
- SLB ( Server Load Balancing) >> Load Balancing Metrics << • Round Robin Load

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) >> Load Balancing Metrics << • Round Robin Load Balancing

>> Load Balancing Metrics << Round Robin Load Balancing

- Real serversession을 순차적을 맺어주는 방식

server 로 session 을 순차적을 맺어주는 방식 - weight ( 가중치 ), Maximum connection 적용 가능

- weight (가중치), Maximum connection 적용 가능

LeastConns Load Balancing

- real serveropen 세션 수를 고려한 다, 가장 적은 수의 open

수를 고려한 다 음 , 가장 적은 수의 open session 을 가 진 real server 로
수를 고려한 다 음 , 가장 적은 수의 open session 을 가 진 real server 로

session을 가real serversession을 맺어 주는 방식.

- real server이 서로 상이한 resourceconnection에 부

간과 데이터 이 서로 다경에용할 수 있다.

와 connection 에 부 수 되 는 시 간과 데이터 양 이 서로 다 른 환
- SLB ( Server Load Balancing) >> Load Balancing Metrics << • Hash - Clients

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) >> Load Balancing Metrics << • Hash - Clients 와

>> Load Balancing Metrics << Hash

- ClientsServer 간에 립된 session속해서 유지해 주는 방식특정 client특정 server만 접속하게 된.

client 는 특정 server 로 만 접 속하 게 된 다 . • Minimum Missies -
client 는 특정 server 로 만 접 속하 게 된 다 . • Minimum Missies -

Minimum Missies

- Hash Algorithm과 거의 유

- 이 방식은 clients source IP address (32 bit) real server수로 나눈 나머값으connectionserver 결정

나머 지 값으 로 connection 할 server 결정 - 역 시 clients source IP address (32

- clients source IP address (32 bit) real server수로 나눈 나머값으connectionserver 결정

- 그러나, AlgorithmCache Redirection주로 용하도록 권

할 server 결정 - 그러나 , 이 Algorithm 은 Cache Redirection 에 주로 사 용하 도록
- SLB ( Server Load Balancing) >> Load Balancing Metrics << • Bandwith - 대

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) >> Load Balancing Metrics << • Bandwith - 대 역

>> Load Balancing Metrics <<

Bandwith

- 의 사용Load Balancing

- 대 역 폭 의 사용 량 에 따 라 Load Balancing

- 게 사용되는 serversession 연결

적 게 사용되는 server 로 먼 저 session 연결 • Respose Time - 응답 속 도에
적 게 사용되는 server 로 먼 저 session 연결 • Respose Time - 응답 속 도에

Respose Time

- 응답 도에 따Load Balancing

- 응답 빠른 server먼저 session 연결

Time - 응답 속 도에 따 라 Load Balancing - 응답 속 도 가 빠른 server
- SLB ( Server Load Balancing) • DAM( Direct Access Mode) Client • When Server

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • DAM( Direct Access Mode) Client • When Server Processing

DAM( Direct Access Mode)

- SLB ( Server Load Balancing) • DAM( Direct Access Mode) Client • When Server Processing

Client

When Server Processing is run the switch assumes flows with a IP SA of a RIP are using a load balanced service and the IP SA is always translated from RIP to VIP without checking the session table

are using a load balanced service and the IP SA is always translated from RIP to

This allows packets to enter one switch and leave on another and still be translated from RIP to VIP e.g. Active - Active

Internet • • • Real IP
Internet
Real IP
to VIP e.g. Active - Active Internet • • • Real IP No Direct Access to

No Direct Access to the RIP is possible

The RIP to VIP translation is not done automatically,

it requires that the Session Table is checked first

RIP is possible The RIP to VIP translation is not done automatically, it requires that the
- SLB ( Server Load Balancing) • DSR ( Direct Sever Return) Client Internet 1

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • DSR ( Direct Sever Return) Client Internet 1 3

DSR ( Direct Sever Return)

ClientSLB ( Server Load Balancing) • DSR ( Direct Sever Return) Internet 1 3 • To

Internet 1 3
Internet
1
3
• DSR ( Direct Sever Return) Client Internet 1 3 • To configure DSR Alteon switch

To configure DSR Alteon switch

/cfg/slb/real 1/submac en /cfg/slb/virt 1/ser http/nonat en

switch / cfg/slb/real 1/submac en /cfg/slb/virt 1/ser http/nonat en 2 Servers R_IP 3 R_IP 1 R_IP
2 Servers R_IP 3
2
Servers
R_IP 3

R_IP 1

R_IP 2

Loopback if = VIP

switch / cfg/slb/real 1/submac en /cfg/slb/virt 1/ser http/nonat en 2 Servers R_IP 3 R_IP 1 R_IP
- SLB ( Server Load Balancing) • High Availablity with VRRP VRRP (Virtual Router Redundancy

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • High Availablity with VRRP VRRP (Virtual Router Redundancy Protocol)

High Availablity with VRRP VRRP (Virtual Router Redundancy Protocol)

- rfc 2338

VRRP VRRP (Virtual Router Redundancy Protocol) - rfc 2338 - VRRP uses IP multicast to communicate

- VRRP uses IP multicast to communicate on 224.0.0.18

- Use of a multicast MAC address ( 00-00-5E-00-01-02 for VRID = 2 )

- Alteon extensions to VRRP support Layer4 redunancy with virtual server routers(VSR) shared Mode

2 ARP for Default 4 Gateway 2 3 2 1 Multicast Updates M 1 B
2 ARP for Default
4
Gateway
2
3
2
1 Multicast Updates
M
1
B
shared Mode 2 ARP for Default 4 Gateway 2 3 2 1 Multicast Updates M 1

Master Answers ARPserver routers(VSR) shared Mode 2 ARP for Default 4 Gateway 2 3 2 1 Multicast Updates

Path For Trafficserver routers(VSR) shared Mode 2 ARP for Default 4 Gateway 2 3 2 1 Multicast Updates

shared Mode 2 ARP for Default 4 Gateway 2 3 2 1 Multicast Updates M 1
- SLB ( Server Load Balancing) • High Availablity with VRRP Active – standby -

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • High Availablity with VRRP Active – standby - All

High Availablity with VRRP Active standby

- All switches actively perform load balancing and/or routing functions, but for different virtual services and/or interfaces

perform load balancing and/or routing functions, but for different virtual services and/or interfaces Standby Active
Standby
Standby
Active
Active
perform load balancing and/or routing functions, but for different virtual services and/or interfaces Standby Active
- SLB ( Server Load Balancing) • High Availablity with VRRP Active – Hot standby

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • High Availablity with VRRP Active – Hot standby -

High Availablity with VRRP Active Hot standby

- One master with one or more backups. Only master processes layer 4 traffic - STP is not needed to eliminate bridge loops.

backups. Only master processes layer 4 traffic - STP is not needed to eliminate bridge loops.

BLOCKING

Hot Standby
Hot Standby
Active
Active
backups. Only master processes layer 4 traffic - STP is not needed to eliminate bridge loops.
- SLB ( Server Load Balancing) • High Availablity with VRRP Active – Active -

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • High Availablity with VRRP Active – Active - All

High Availablity with VRRP Active Active

- All switches can actively forward traffic for the same virtual services and/or interface

– Active - All switches can actively forward traffic for the same virtual services and/or interface
Active Active
Active
Active
– Active - All switches can actively forward traffic for the same virtual services and/or interface
- SLB ( Server Load Balancing) • Basic configration and operation - CLI (Command Line

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Basic configration and operation - CLI (Command Line Interface

Basic configration and operation - CLI (Command Line Interface )

[Main Menu]

info

stats

cfg

oper

boot

maint

diff

apply

save

revert

exit

info stats cfg oper boot maint diff apply save revert exit - Information Menu - Statistics

- Information Menu - Statistics Menu - Configuration Menu - Operations Command Menu - Boot Options Menu - Maintenance Menu - Show pending config changes [global command] - Apply pending config changes [global command] - Save updated config to FLASH [global command] - Revert pending or applied changes [global command] - Exit [global command, always available]

to FLASH [global command] - Revert pending or applied changes [global command] - Exit [global command,
to FLASH [global command] - Revert pending or applied changes [global command] - Exit [global command,
to FLASH [global command] - Revert pending or applied changes [global command] - Exit [global command,
- SLB ( Server Load Balancing) • Basic configration and operation Administration Interfaces - CLI

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Basic configration and operation Administration Interfaces - CLI (Command

Basic configration and operation Administration Interfaces

- CLI (Command Line Interface) : consloe (DB9) , telnet /cfg/sys/tnet enalbe

- BBI (Browser Base Interface)

telnet /cfg/sys/tnet enalbe - BBI (Browser Base Interface) /cfg/sys/http enalbe , /cfg/sys/wport <port> - SNMP

/cfg/sys/http enalbe

, /cfg/sys/wport <port>

Base Interface) /cfg/sys/http enalbe , /cfg/sys/wport <port> - SNMP : EMS /cfg/sys/snmp , /cfg/snmp - RMON
Base Interface) /cfg/sys/http enalbe , /cfg/sys/wport <port> - SNMP : EMS /cfg/sys/snmp , /cfg/snmp - RMON

- SNMP : EMS /cfg/sys/snmp , /cfg/snmp

- RMON

Base Interface) /cfg/sys/http enalbe , /cfg/sys/wport <port> - SNMP : EMS /cfg/sys/snmp , /cfg/snmp - RMON
- SLB ( Server Load Balancing) • Basic configration and operation - BBI (Browser Base

- SLB ( Server Load Balancing)

• Basic configration and operation - BBI (Browser Base Interface)
• Basic configration and operation
- BBI (Browser Base Interface)
- SLB ( Server Load Balancing) • Basic configration and operation - BBI (Browser Base Interface)
- SLB ( Server Load Balancing) • Basic configration and operation - BBI (Browser Base Interface)
- SLB ( Server Load Balancing) • Basic configration and operation - EMS ( Alteon

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Basic configration and operation - EMS ( Alteon Element

Basic configration and operation - EMS ( Alteon Element Management System)

An Intuitive, Graphical Configuration Tool

Java based

An Intuitive, Graphical Configuration Tool – Java based • Client/Server Application – Stand-alone client –

Client/Server Application

Stand-alone

client

Unix/Windows

Application – Stand-alone client – Unix/Windows support • Platform-Less Operation – Optional usage in

support

Platform-Less Operation

Optional usage in HP OpenView environment

Stand-alone client – Unix/Windows support • Platform-Less Operation – Optional usage in HP OpenView environment
- SLB ( Server Load Balancing) • Basic configration and operation - EMS ( Alteon

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Basic configration and operation - EMS ( Alteon Element

Basic configration and operation - EMS ( Alteon Element Management System)

Real Time Statistical Information Graphing

Real Time Statistical Information Graphing
Basic configration and operation - EMS ( Alteon Element Management System) Real Time Statistical Information Graphing
Basic configration and operation - EMS ( Alteon Element Management System) Real Time Statistical Information Graphing
Basic configration and operation - EMS ( Alteon Element Management System) Real Time Statistical Information Graphing
1.Connect switch - SLB ( Server Load Balancing) • Basic configration and operation Step1 L2,L3,system

1.Connect switch

- SLB ( Server Load Balancing)

1.Connect switch - SLB ( Server Load Balancing) • Basic configration and operation Step1 L2,L3,system configration

Basic configration and operation

Server Load Balancing) • Basic configration and operation Step1 L2,L3,system configration gateway 10.1.1.1/24 VIP

Step1

L2,L3,system configration

gateway 10.1.1.1/24 VIP 10.1.1.100 sevice http 1
gateway 10.1.1.1/24
VIP 10.1.1.100
sevice http
1
L4`IP 10.1.1.10/24 2 3 4 Realserver IP 10.1.1.11~13
L4`IP 10.1.1.10/24
2
3
4
Realserver IP 10.1.1.11~13
1 L4`IP 10.1.1.10/24 2 3 4 Realserver IP 10.1.1.11~13 Enter password : admin (default ) Internet

Enter password : admin (default)

Internet
Internet

Client

2.Set IP address of switch

/cfg/ip/if 1

(enter)

mask 255.255.255.0 (enter) add 10.1.1.10 (enter)

en (enter)

// enalbe

3.Set gateway ip address

/cfg/ip/gw 1 (enter) add 10.1.1.1 en (enter)

4.Set telnet , http access

/cfg/sys/tnet en (enter) /cfg/sys/http en (enter)

apply (enter)

save (enter)

en (enter) 4.Set telnet , http access /cfg/sys/tnet en (enter) /cfg/sys/http en (enter) apply (enter) save
- SLB ( Server Load Balancing) • Basic configration and operation Step2 L2,L3 monitor and
- SLB ( Server Load Balancing)
• Basic configration and operation
Step2
L2,L3 monitor and information
1. /info/link
>>Main# /info/link
------------------------------------------------------------------
Port
Speed
Duplex
Flow Ctrl
Link
-----
-----
-------- --TX-----RX--
------
1
100
full
yes
yes
up
gateway 10.1.1.1/24
2
100
full
yes
yes
up
3
100
full
yes
yes
up
4
100*
full*
no*
no*
up
Internet
5 10/100
any
yes
yes
down
6 10/100
any
yes
yes
down
health check ( icmp )
7 10/100
any
yes
yes
down
* = value set by configuration; not autonegotiated.
2. Port speed setting(manual)
1
L4`IP 10.1.1.10/24
/cfg/port 24/fast/speed 100/mode full/auto off
Current port 24 speed setting: 10/100
Pending new speed setting:
100
2
3
Current port 24 mode setting:
any
4
Pending new mode setting:
full duplex
Client
Current port 24 autonegotiation:
on
Pending new autonegotiation:
off
3. /info/l3/ip (/info/ip)
>> Information# /info/ip
Interface information:
1: 10.1.1.0
255.255.255.0
10.1.1.255,
vlan 1, up
Default gateway information: metric strict
1: 10.1.1.1,
vlan any, up
Realserver IP 10.1.1.11~13
vlan 1, up Default gateway information: metric strict 1: 10.1.1.1, vlan any, up Realserver IP 10.1.1.11~13
/cfg/slb/on - SLB ( Server Load Balancing) 1.SLB ON • Basic configration and operation Step3

/cfg/slb/on

- SLB ( Server Load Balancing)

1.SLB ON
1.SLB ON

Basic configration and operation

Balancing) 1.SLB ON • Basic configration and operation Step3 L4 SLB configration VIP 10.1.1.100 sevice http

Step3

L4 SLB configration

VIP 10.1.1.100 sevice http 1
VIP 10.1.1.100
sevice http
1
Internet
Internet

2.Real server configration

/cfg/slb/real 1/rip 10.1.1.11/en Current real server IP address:

(enter)

0.0.0.0

New pending real server IP address: 10.1.1.11

(enter)

(enter)

/cfg/slb/real 2/rip 10.1.1.12/en /cfg/slb/real 3/rip 10.1.1.13/en

L4`IP 10.1.1.10/24 2 3 4 Group 1
L4`IP 10.1.1.10/24
2
3
4
Group 1
3/rip 10.1.1.13/en L4`IP 10.1.1.10/24 2 3 4 Group 1 Realserver IP 10.1.1.11~13 Client 3.Group, health check

Realserver IP 10.1.1.11~13

10.1.1.10/24 2 3 4 Group 1 Realserver IP 10.1.1.11~13 Client 3.Group, health check configraion /cfg/slb/gr 1/add

Client

3.Group, health check configraion

/cfg/slb/gr 1/add 1/add 2/add 3

(enter)

Health check

Real server 1 added to real server group 1. Real server 2 added to real server group 1. Real server 3 added to real server group 1. /cfg/slb/gr 1/health http

Current health check type:

tcp

New pending health check type: http

4.Group load balancing Metric configration

/cfg/slb/gr 1/metric leastconns | roundrobin | minmisses|hash

type: http 4.Group load balancing Metric configration /cfg/slb/gr 1/metric leastconns | roundrobin | minmisses|hash …
- SLB ( Server Load Balancing) • Basic configration and operation Step3 L4 SLB configration

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Basic configration and operation Step3 L4 SLB configration 5.

Basic configration and operation

Server Load Balancing) • Basic configration and operation Step3 L4 SLB configration 5. VIP, Service port,

Step3

L4 SLB configration

5. VIP, Service port, group configration

gateway 10.1.1.1/24 VIP 10.1.1.100 sevice http
gateway 10.1.1.1/24
VIP 10.1.1.100
sevice http

>> Main# /cfg/slb/virt 1/vip 10.1.1.100/en

Internet
Internet

Current virtual server IP address:

0.0.0.0

New pending virtual server IP address: 10.1.1.100 Current status: disabled

enabled

New status:

>> Main# /cfg/slb/virt 1/service http

Group 1
Group 1
1 L4`IP 10.1.1.10/24 2 3 4
1
L4`IP 10.1.1.10/24
2
3
4

Realserver IP 10.1.1.11~13

------------------------------------------------------------

------------------------------------------------------------ Client [Virtual Server 1 http Service Menu] group - Set

Client

[Virtual Server 1 http Service Menu]

group

- Set real server group number

rport

- Set real port

hname

- Set hostname

.

.

.

.

Health check

>> Virtual Server 1 http Service# gr 1

Current real server group:

1

New pending real server group: 1

Health check >> Virtual Server 1 http Service# gr 1 Current real server group: 1 New
- SLB ( Server Load Balancing) • Basic configration and operation Step3 L4 SLB configration

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Basic configration and operation Step3 L4 SLB configration 6

Basic configration and operation

Server Load Balancing) • Basic configration and operation Step3 L4 SLB configration 6 .Client ,Server process

Step3

L4 SLB configration

6 .Client ,Server process configration

(enter)

configration 6 .Client ,Server process configration (enter) >> Main# /cfg/slb/port 1/client en Internet Client

>> Main# /cfg/slb/port 1/client en

Internet
Internet

Client

gateway 10.1.1.1/24
gateway 10.1.1.1/24
Client side port 1 L4`IP 10.1.1.10/24 2 3 4 Group 1
Client side port
1
L4`IP 10.1.1.10/24
2
3
4
Group 1

Realserver IP 10.1.1.11~13

Current client processing: disabled

enabled

New client processing:

>> SLB port 1# /cfg/slb/port 2/server en (enter) Current server processing: disabled

enabled

New server processing:

>> SLB port 2# /cfg/slb/port 3/server en (enter) >> SLB port 3# /cfg/slb/port 4/server en (enter)

Server side port

SLB port 2# /cfg/slb/port 3/server en (enter) >> SLB port 3# /cfg/slb/port 4/server en (enter) Server
- SLB ( Server Load Balancing) • Basic configration and operation Step4 L4 SLB monitor

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Basic configration and operation Step4 L4 SLB monitor and

Basic configration and operation

Server Load Balancing) • Basic configration and operation Step4 L4 SLB monitor and operation 1.VIP, Realserver

Step4

L4 SLB monitor and operation

1.VIP, Realserver heath check monitor

Internet
Internet

Client

gateway 10.1.1.1/24 VIP 10.1.1.100 sevice http 1
gateway 10.1.1.1/24
VIP 10.1.1.100
sevice http
1
L4`IP 10.1.1.10/24 2 3 4 Group 1
L4`IP 10.1.1.10/24
2
3
4
Group 1
1: 10.1.1.100, Port state:
1: 10.1.1.100,
Port state:

virtual ports:

Main# /iinfo/slb/du

Real server state:

1: 10.1.1.11, 00:e0:00:8c:cd:18, vlan 1, port 2, health 4, up 2: 10.1.1.12, 00:e0:00:8c:cd:19, vlan 1, port 3, health 4, up 3: 10.1.1.13, 00:00:00:00:00:00, vlan 0, port 0, health 4, FAILED Virtual server state:

00:60:cf:4b:04:6e

http: rport http, group 1, backup none real servers:

1: 10.1.1.11, backup none, 1 ms, up 2: 10.1.1.12, backup none, 2 ms, up 3: 10.1.1.13, backup none, 0 ms, FAILED Redirect filter state:

1: 0.0.0.0, client

2: 0.0.0.0, server 3: 0.0.0.0, server 4: 0.0.0.0, server 5: 0.0.0.0 6: 0.0.0.0

Realserver IP 10.1.1.11~13

0.0.0.0, client 2: 0.0.0.0, server 3: 0.0.0.0, server 4: 0.0.0.0, server 5: 0.0.0.0 6: 0.0.0.0 Realserver
- SLB ( Server Load Balancing) 2.Group LB monitor • Basic configration and operation Step4

- SLB ( Server Load Balancing)

2.Group LB monitor
2.Group LB monitor

Basic configration and operation

2.Group LB monitor • Basic configration and operation Step4 L4 SLB monitor and operation Internet Client

Step4

L4 SLB monitor and operation

Internet
Internet

Client

gateway 10.1.1.1/24 VIP 10.1.1.100 sevice http 1 10.1.1.11 1 2 10.1.1.12
gateway 10.1.1.1/24
VIP 10.1.1.100
sevice http
1 10.1.1.11
1
2 10.1.1.12
L4`IP 10.1.1.10/24 2 3 4 Group 1
L4`IP 10.1.1.10/24
2
3
4
Group 1
1 2 10.1.1.12 L4`IP 10.1.1.10/24 2 3 4 Group 1 >>Main# /stat/slb/gr 1

>>Main# /stat/slb/gr 1

------------------------------------------------------------------

Real server group 1 stats:

Current

Total

Highest

Octets

Real IP address Sessions Sessions Sessions

---- --------------------------- -------- ----- -------- ---------------

0

0

0

58320

0

1

1

75884

---- --------------------------- -------- ---------- ---------- ---------------

0

1

1

134204

3. Session talbe monitor

>> Main # /info/slb/se/du

4,1025: 10.1.1.1 1322 --> 10.1.1.12 80 age 10 E

Realserver IP 10.1.1.11~13

monitor >> Main # /info/slb/se/du 4,1025: 10.1.1.1 1322 --> 10.1.1.12 80 age 10 E Realserver IP
- SLB ( Server Load Balancing) • Basic configration and operation Step4 L4 SLB monitor
- SLB ( Server Load Balancing)
• Basic configration and operation
Step4
L4 SLB monitor and operation
4. Session talbe monitor
>> Main # /info/slb/sess/help
The fields, (1)-(13), associated with a session, as identified in the
example below are described in the following.
3, 01: 1.1.1.1 4586, 2.2.2.1 http -> 3567 3.3.3.1 http age 6 f:10 ELNPSRtUW c:#
(1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13)
3, 01: 1.1.1.1 4586, 2.2.2.1 http ->
(1) (2) (3) (4) (5) (6)
1.1.1.2 3567 3.3.3.1 http age 6 f:10 ELNPSRtUW c:#
(7a)
(7)
(8)
(9) (10) (11) (12) (13)
------------------------------------------------------------------
(1) SP number: This field indicates which SP created the session.
(2) Ingress port: This field shows the physical port# of the client traffic that entered to the switch.
(3) Source IP address: This field contains the source IP address from client IP packet.
(4) Source port: This field identifies the TCP/UDP source port from client packet.
(5) Destination IP address:This is the destination IP address from client TCP/UDP packet.
For load balancing, this address is the virtual IP address.
For filtering redirect, this address is the destination server's address.
(6) Destination port: This field identifies the TCP/UDP destination port from client packet.
(8) Real server IP address:
(9) Server port:
(10) Age: This is the session timeout value. If no packet is received within
the value specified, the session is freed.
(10) Age: This is the session timeout value. If no packet is received within the value
- SLB ( Server Load Balancing) • Troubleshooting command Tip - link and Layer 2,3

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Troubleshooting command Tip - link and Layer 2,3 Issuse

Troubleshooting command Tip - link and Layer 2,3 Issuse check the LED

command Tip - link and Layer 2,3 Issuse check the LED check the calbe check link

check the calbe check link negotiation (/info/link , /cfg/port # /fastcheck the port stats ( /stats/port # .) check the FDB, ARP tables /info/l2/fdb/dump ( /info/fdb/dump) /info/l3/arp/dump ( /info/arp/dump) check the interface and gateway

( /info/fdb/dump) /info/l3/arp/dump ( /info/arp/dump) check the interface and gateway /info/l3/ip ( /info/ip) )
( /info/fdb/dump) /info/l3/arp/dump ( /info/arp/dump) check the interface and gateway /info/l3/ip ( /info/ip) )

/info/l3/ip

( /info/ip)

( /info/fdb/dump) /info/l3/arp/dump ( /info/arp/dump) check the interface and gateway /info/l3/ip ( /info/ip) )

)

- SLB ( Server Load Balancing) • Troubleshooting command Tip - Layer 4 Issuse Cannot

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Troubleshooting command Tip - Layer 4 Issuse Cannot connect

Troubleshooting command Tip - Layer 4 Issuse Cannot connect VIP service port and ping VIP check the client , server process at the ports check the realserver heath checking ( /info/slb/du )

ports check the realserver heath checking ( /info/slb/du ) Cannot connect realserver IP service port check
ports check the realserver heath checking ( /info/slb/du ) Cannot connect realserver IP service port check
ports check the realserver heath checking ( /info/slb/du ) Cannot connect realserver IP service port check

Cannot connect realserver IP service port check the Direct Access Mode(DAM) configration ( /cfg/slb/adv/dire )

) Cannot connect realserver IP service port check the Direct Access Mode(DAM) configration ( /cfg/slb/adv/dire )
- SLB ( Server Load Balancing) • Troubleshooting command Tip - Layer 4 Issuse Load

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Troubleshooting command Tip - Layer 4 Issuse Load Balancing

Troubleshooting command Tip - Layer 4 Issuse Load Balancing state

(

command Tip - Layer 4 Issuse Load Balancing state ( /stats/slb/gr # , /stats/slb/virt # )

/stats/slb/gr # , /stats/slb/virt # )

Realserver operation disalbe

(

)
)
# , /stats/slb/virt # ) Realserver operation disalbe ( ) /oper/slb/dis <realserver number> ) Switch slb

/oper/slb/dis <realserver number> )

Switch slb configraion

(

/cfg/slb/cu

# ) Realserver operation disalbe ( ) /oper/slb/dis <realserver number> ) Switch slb configraion ( /cfg/slb/cu
- SLB ( Server Load Balancing) • Troubleshooting command Tip Alteon technical support files (

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing) • Troubleshooting command Tip Alteon technical support files ( /maint/tsdump

Troubleshooting command Tip

Alteon technical support files ( /maint/tsdump ……scripts)

( Server Load Balancing) • Troubleshooting command Tip Alteon technical support files ( /maint/tsdump …… scripts)
( Server Load Balancing) • Troubleshooting command Tip Alteon technical support files ( /maint/tsdump …… scripts)
( Server Load Balancing) • Troubleshooting command Tip Alteon technical support files ( /maint/tsdump …… scripts)
Internal Network Internet
Internal
Network
Internet
Internal Network Internet - 보안 가속 애플리케이션 스위치를 적용한 파 이어 월 로드밸런싱

- 보안 가속

Internal Network Internet - 보안 가속 애플리케이션 스위치를 적용한 파 이어 월 로드밸런싱
Internal Network Internet - 보안 가속 애플리케이션 스위치를 적용한 파 이어 월 로드밸런싱

애플리케이션 스위치를 적용한 이어로드밸런싱 디자인

보안 가속이?

하는 보안시스템에 애플리케이션 스위 치를 접목켜 효율적인 고가용성 보안 서비스를 제공하는

Application

Switch

Firewall

보안 가속 응용

Firewall 로드밸런싱

Virtual Private Network (VPN) 로드밸런싱

Intrusion Detection System (IDS) 로드밸런싱

– Intrusion Detection System (IDS) 로드밸런싱 – Viruswall 로드밸런싱 Application Switch •
– Intrusion Detection System (IDS) 로드밸런싱 – Viruswall 로드밸런싱 Application Switch •

Viruswall 로드밸런싱

Application

Switch

장점

단일 장애 인트 제거를 통한 무지 서비스

기존 플랫폼 및 용을 통한 서비스

병렬로 구성된 여러 개의 보안 장비 용을 통한 고성능 서비스 제공

서비스 확 장 – 병렬 로 구성 된 여러 개 의 보안 장비 활 용을 통한
- FWLB ( Firewall Load Balancing) “Clean” Side 내부 네트 웍 1. “ Dirty ”
- FWLB ( Firewall Load Balancing) “Clean” Side 내부 네트 웍 1. “ Dirty ”

- FWLB ( Firewall Load Balancing)

“Clean” Side
“Clean” Side

내부 네트

Firewall Load Balancing) “Clean” Side 내부 네트 웍 1. “ Dirty ” side 의 Redirection filter
Firewall Load Balancing) “Clean” Side 내부 네트 웍 1. “ Dirty ” side 의 Redirection filter

1. Dirtyside Redirection filter를 통해 유입된 트래픽을 세션스트림으로 구분

Server Load

Balancing

세션 별 스트 림으 로 구분 Server Load Balancing of Network 2. 스트 림 을 각

of Network

2. 스트을 각 이어전달

3. 이어월에스트Cleanside 의 애플리케이션 스위치로 전달

4. Cleanside 스위치는 서버 로드밸런싱을 수

Application Switch

서버 로드밸런싱을 수 행 Application Switch 5. 서버의 응답 은 동일 한 과정 을 거쳐
서버 로드밸런싱을 수 행 Application Switch 5. 서버의 응답 은 동일 한 과정 을 거쳐

5. 서버의 응답동일과정거쳐 클라이트 로 전달

6. 동일IP Source / Destination 조합을 가트 래픽은 상 같은 이어을 통해 전송되게끔 이어이 세션전체 스트시할수있게된.

Firewall Load Balancing

림 을 감 시할수있 게된 다 . Firewall Load Balancing Application Switch Internet “ Dirty ”
림 을 감 시할수있 게된 다 . Firewall Load Balancing Application Switch Internet “ Dirty ”
림 을 감 시할수있 게된 다 . Firewall Load Balancing Application Switch Internet “ Dirty ”

Application Switch

Internet
Internet

DirtySide

of Network

림 을 감 시할수있 게된 다 . Firewall Load Balancing Application Switch Internet “ Dirty ”
Branch Offices With VPN VPN Load Balancing VPN Servers Application Switch
Branch Offices
With VPN
VPN Load
Balancing
VPN Servers
Application
Switch

VPN Load Balancing

VPN Servers Application Switch VPN Load Balancing - • VPN 장비의 보안 특 성상 내부망으
VPN Servers Application Switch VPN Load Balancing - • VPN 장비의 보안 특 성상 내부망으

-

VPN 장비의 보안 성상 내부망으로의 유입 및 트래픽 은 상 같은 VPN장비를 이용하도록 구성 한다.

애플리케이션 스위치는 어VPN장비를 통해 세션이 는지를 세션 블에

세션 상 같은 VPN장비가 내부용자와 외부 사용자 특정 세션의 트래픽을 관리할수있도 록 한다.

애플리케이션 스위치를 통한 VPN Load Balancing

VPN 서비스의 장성 보장

VPN Load Balancing – VPN 서비스의 확 장성 보장 – 클 라이 언 트 및 원
VPN Load Balancing – VPN 서비스의 확 장성 보장 – 클 라이 언 트 및 원

라이및 원지 장비의 운 관리

Internet
Internet

DNS

Application

Switch

Internal Network
Internal
Network

치 하VPN장비처럼 IP어 다 수의 VPN장비로 로드 밸런싱

외부 스위치 : IKE(UDP 500), IPSEC 세션의 Persistency 유지

내부 스위치 : 내부에세션의 적VPN장비 선택

LDAP

Persistency 유지 – 내부 스위치 : 내부에 서 생 성 된 세션의 적 합 한 VPN
IDS Load Balancing Secured Servers - – 침 입 탐 지 시스 템 (IDS) 은
IDS Load Balancing Secured Servers - – 침 입 탐 지 시스 템 (IDS) 은

IDS Load Balancing

IDS Load Balancing Secured Servers - – 침 입 탐 지 시스 템 (IDS) 은 보안

Secured Servers

-

지 시스(IDS)은 보안 서비스있어 드시 필나 대부분 성능이 현실임

IDS 로드밸런싱은 성능 상을 위해 다수의 IDS하를 분하는 서비스

IDS확장성 향상

IDS의 가용향상

다수의 IDS 로 부 하를 분 산 하는 서비스 • IDS 의 확장성 향상 • IDS

애플리케이션 스위치는 IDS전달된 프레임의 세션 을 기로서 상 같은 IDS프레임전송

항 상 같은 IDS 로 프레임 을 전송 한 다 * IDS = Intrusion Detection System

* IDS = Intrusion Detection System

을 전송 한 다 * IDS = Intrusion Detection System Application Switch Application IDS Servers Internet

Application

을 전송 한 다 * IDS = Intrusion Detection System Application Switch Application IDS Servers Internet
Switch
Switch
을 전송 한 다 * IDS = Intrusion Detection System Application Switch Application IDS Servers Internet

Application

을 전송 한 다 * IDS = Intrusion Detection System Application Switch Application IDS Servers Internet
을 전송 한 다 * IDS = Intrusion Detection System Application Switch Application IDS Servers Internet

IDS Servers

Internet
Internet
을 전송 한 다 * IDS = Intrusion Detection System Application Switch Application IDS Servers Internet

Switch

을 전송 한 다 * IDS = Intrusion Detection System Application Switch Application IDS Servers Internet
1.Connect switch
1.Connect switch

- FWLB (Firewall Load Balancing)

1.Connect switch - FWLB (Firewall Load Balancing) L2,L3,system configration(up) IF 1: 192.168.10.1/24 • Basic

L2,L3,system configration(up)

IF 1: 192.168.10.1/24

L2,L3,system configration(up) IF 1: 192.168.10.1/24 • Basic configration and operation(Bride firewall Mode)

Basic configration and operation(Bride firewall Mode)

• Basic configration and operation(Bride firewall Mode) Step1 IF 20 : 192.168.2.1/24 Enter password : admin

Step1

Basic configration and operation(Bride firewall Mode) Step1 IF 20 : 192.168.2.1/24 Enter password : admin (default

IF 20 : 192.168.2.1/24

Enter password : admin (default)

IF 10 : 192.168.1.1/24

2.Set IP address of switch

/cfg/ip/if 1

(enter)

mask 255.255.255.0 (enter) add 192.168.10.1 (enter)

en (enter)

// enalbe

/cfg/ip/if 10

(enter)

mask 255.255.255.0 (enter) add 192.168.1.1 (enter)

en (enter)

// enalbe

/cfg/ip/if 20

(enter)

mask 255.255.255.0 (enter) add 192.168.2.1 (enter)

en (enter)

// enalbe

Firewall #1 192.168.100.1/24
Firewall #1
192.168.100.1/24
192.168.2.0/24 Firewall #2
192.168.2.0/24
Firewall #2

192.168.1.0/24

192.168.1.2/24

192.168.2.2/24

(enter) // enalbe Firewall #1 192.168.100.1/24 192.168.2.0/24 Firewall #2 192.168.1.0/24 192.168.1.2/24 192.168.2.2/24
3.Vlan config
3.Vlan config

- FWLB (Firewall Load Balancing)

3.Vlan config - FWLB (Firewall Load Balancing) L2,L3,system configration(up) 192.168.10.1/24 1 2 3 • Basic

L2,L3,system configration(up)

192.168.10.1/24

1 2 3
1
2
3

Basic configration and operation(Bride firewall Mode)

3 • Basic configration and operation(Bride firewall Mode) Step1 192.168.2.1/24 /cfg/ip/if 1/vlan 1 /cfg/ip/if

Step1

Basic configration and operation(Bride firewall Mode) Step1 192.168.2.1/24 /cfg/ip/if 1/vlan 1 /cfg/ip/if 10/vlan

192.168.2.1/24

/cfg/ip/if 1/vlan

1

/cfg/ip/if 10/vlan

10

/cfg/ip/if 20/vlan

20

/cfg/ vlan 10/en/add 2 /cfg/ vlan 20/en/add 3

192.168.1.1/24

2

Firewall #1 1 192.168.100.1/24
Firewall #1
1
192.168.100.1/24
192.168.2.0/24 Firewall #2 3
192.168.2.0/24
Firewall #2
3

192.168.1.0/24

4.STP OFF

/cfg/stp/off

192.168.1.2/24

192.168.2.2/24

#1 1 192.168.100.1/24 192.168.2.0/24 Firewall #2 3 192.168.1.0/24 4.STP OFF /cfg/stp/off 192.168.1.2/24 192.168.2.2/24
1. SLB On
1.
SLB On

- FWLB (Firewall Load Balancing)

1. SLB On - FWLB (Firewall Load Balancing) L4 configration(up) • Basic configration and operation(Bride firewall

L4 configration(up)

Basic configration and operation(Bride firewall Mode)

• Basic configration and operation(Bride firewall Mode) Step2 192.168.2.1/24 192.168.2.2/24 1 2 3 192.168.10.1/24

Step2

192.168.2.1/24 192.168.2.2/24
192.168.2.1/24
192.168.2.2/24
1 2 3
1
2
3

192.168.10.1/24

/cfg/slb/on

2. Realserver and group

192.168.1.1/24

Firewall #1 192.168.1.2/24 Real server 1
Firewall #1
192.168.1.2/24
Real server 1

/cfg/slb/real 1/rip 192.168.1.2/en

/cfg/slb/real 2/rip 192.168.2.2/en

/cfg/slb/gr 1/add 1/add 2

/cfg/slb/gr 1/health icmp

/cfg/slb/gr 1/metric hash

Firewall #2
Firewall #2

Real server 2

192.168.2.2/en /cfg/slb/gr 1/add 1/add 2 /cfg/slb/gr 1/health icmp /cfg/slb/gr 1/metric hash Firewall #2 Real server 2
- FWLB (Firewall Load Balancing) L4 configration(up) • Basic configration and operation(Bride firewall Mode) Step2

- FWLB (Firewall Load Balancing)

- FWLB (Firewall Load Balancing) L4 configration(up) • Basic configration and operation(Bride firewall Mode) Step2 3.

L4 configration(up)

Basic configration and operation(Bride firewall Mode)

• Basic configration and operation(Bride firewall Mode) Step2 3. Allow Filter config /cfg/slb/fil 10/en/dip

Step2

3. Allow Filter config

/cfg/slb/fil 10/en/dip 192.168.10.0 /dmask 255.255.255.0

/cfg/slb/fil 20/en/dip 192.168.1.0 /dmask 255.255.255.0

/cfg/slb/fil 30/en/dip 192.168.2.0 /dmask 255.255.255.0

4.Redir Filter config

/cfg/slb/fil 100/en/ac re/gr 1

/cfg/slb/port 1/filter en/ /cfg/slb/port 1/add 10/add 20/add 30 /add 100

192.168.2.1/24 192.168.2.2/24
192.168.2.1/24
192.168.2.2/24
1
1

192.168.10.1/24

192.168.1.1/24

2 3 Firewall #1 192.168.1.2/24 Real server 1
2
3
Firewall #1
192.168.1.2/24
Real server 1
Firewall #2
Firewall #2

Real server 2

192.168.2.2/24 1 192.168.10.1/24 192.168.1.1/24 2 3 Firewall #1 192.168.1.2/24 Real server 1 Firewall #2 Real server
1.Connect switch
1.Connect switch

- FWLB (Firewall Load Balancing)

1.Connect switch - FWLB (Firewall Load Balancing) • Basic configration and operation(Bride firewall Mode) Step1

Basic configration and operation(Bride firewall Mode)

• Basic configration and operation(Bride firewall Mode) Step1 L2,L3,system configration(down) 192.168.10.1/24

Step1

L2,L3,system configration(down)

192.168.10.1/24

Mode) Step1 L2,L3,system configration(down) 192.168.10.1/24 192.168.2.1/24 Enter password : admin (default )

192.168.2.1/24

configration(down) 192.168.10.1/24 192.168.2.1/24 Enter password : admin (default ) 192.168.1.1/24 2.Set IP

Enter password : admin (default)

192.168.1.1/24

2.Set IP address of switch

/cfg/ip/if 1

(enter)

mask 255.255.255.0 (enter) add 192.168.100.1 (enter)

en (enter)

// enalbe

/cfg/ip/if 10

(enter)

mask 255.255.255.0 (enter) add 192.168.1.2(enter)

en (enter)

// enalbe

/cfg/ip/if 20

(enter)

mask 255.255.255.0 (enter) add 192.168.2.2 (enter)

en (enter)

// enalbe

Firewall #1 IF 1 :192.168.100.1/24
Firewall #1
IF 1 :192.168.100.1/24
192.168.2.0/24 Firewall #2
192.168.2.0/24
Firewall #2

192.168.1.0/24

IF 10 : 192.168.1.2/24

IF 20 : 192.168.2.2/24

#1 IF 1 :192.168.100.1/24 192.168.2.0/24 Firewall #2 192.168.1.0/24 IF 10 : 192.168.1.2/24 IF 20 : 192.168.2.2/24
3.Vlan config
3.Vlan config

- FWLB (Firewall Load Balancing)

3.Vlan config - FWLB (Firewall Load Balancing) • Basic configration and operation(Bride firewall Mode) Step1

Basic configration and operation(Bride firewall Mode)

• Basic configration and operation(Bride firewall Mode) Step1 L2,L3,system configration(down) 192.168.10.1/24

Step1

L2,L3,system configration(down)

192.168.10.1/24

Mode) Step1 L2,L3,system configration(down) 192.168.10.1/24 192.168.2.1/24 /cfg/ip/if 1/vlan 1 /cfg/ip/if 10/vlan

192.168.2.1/24

configration(down) 192.168.10.1/24 192.168.2.1/24 /cfg/ip/if 1/vlan 1 /cfg/ip/if 10/vlan 10

/cfg/ip/if 1/vlan

1

/cfg/ip/if 10/vlan

10

/cfg/ip/if 20/vlan

20

/cfg/ vlan 10/en/add 2 /cfg/ vlan 20/en/add 3

192.168.1.1/24

2

Firewall #1 1 192.168.100.1/24
Firewall #1
1
192.168.100.1/24
192.168.2.0/24 Firewall #2 3
192.168.2.0/24
Firewall #2
3

192.168.1.0/24

4.STP OFF

/cfg/stp/off

192.168.1.2/24

192.168.2.2/24

#1 1 192.168.100.1/24 192.168.2.0/24 Firewall #2 3 192.168.1.0/24 4.STP OFF /cfg/stp/off 192.168.1.2/24 192.168.2.2/24
1. SLB On
1.
SLB On

- FWLB (Firewall Load Balancing)

1. SLB On - FWLB (Firewall Load Balancing) L4 configration(down) • Basic configration and operation(Bride firewall

L4 configration(down)

Basic configration and operation(Bride firewall Mode)

• Basic configration and operation(Bride firewall Mode) Step2 Real server 2 192.168.2.1/24 Firewall #2 /cfg/slb/on

Step2

Real server 2 192.168.2.1/24 Firewall #2
Real server 2
192.168.2.1/24
Firewall #2

/cfg/slb/on

2. Realserver and group

Real server 1

192.168.1.1/24 Firewall #1 2 3 192.168.1.2/24 1 192.168.100.1/24
192.168.1.1/24
Firewall #1
2
3
192.168.1.2/24
1
192.168.100.1/24

/cfg/slb/real 1/rip 192.168.1.1/en

/cfg/slb/real 2/rip 192.168.2.1/en

/cfg/slb/gr 1/add 1/add 2

/cfg/slb/gr 1/health icmp

/cfg/slb/gr 1/metric hash

192.168.2.2/24

2/rip 192.168.2.1/en /cfg/slb/gr 1/add 1/add 2 /cfg/slb/gr 1/health icmp /cfg/slb/gr 1/metric hash 192.168.2.2/24
- FWLB (Firewall Load Balancing) L4 configration(down) • Basic configration and operation(Bride firewall Mode) Step2

- FWLB (Firewall Load Balancing)

- FWLB (Firewall Load Balancing) L4 configration(down) • Basic configration and operation(Bride firewall Mode) Step2 3.

L4 configration(down)

Basic configration and operation(Bride firewall Mode)

• Basic configration and operation(Bride firewall Mode) Step2 3. Allow Filter config /cfg/slb/fil 10/en/dip

Step2

3. Allow Filter config

/cfg/slb/fil 10/en/dip 192.168.10.0 /dmask 255.255.255.0

/cfg/slb/fil 20/en/dip 192.168.1.0 /dmask 255.255.255.0

/cfg/slb/fil 30/en/dip 192.168.2.0 /dmask 255.255.255.0

4.Redir Filter config

/cfg/slb/fil 100/en/ac re/gr 1

/cfg/slb/port 1/filter en/ /cfg/slb/port 1/add 10/add 20/add 30 /add 100

Real server 2 192.168.2.1/24 Firewall #2
Real server 2
192.168.2.1/24
Firewall #2

Real server 1

192.168.1.1/24 Firewall #1 2 3 192.168.1.2/24 1 192.168.100.1/24
192.168.1.1/24
Firewall #1
2
3
192.168.1.2/24
1
192.168.100.1/24

192.168.2.2/24

R e a l s e r v e r 1 192.168.1.1/24 Firewall #1 2 3