How it Works
Allied Telesis
Loading...
Routers and Switches
User Manual
15 pgs150.01 Kb0
Table of contents
Loading...

Allied Telesis Routers and Switches User Manual

How To|
Configure Load Balancer Redundancy on Allied Telesis Routers and Switches

Introduction

In many Server Hosting environments, two requirements are important: maximising throughput availability to each service, and minimising service downtime. This How To Note contributes towards both these aims.
The Note is split into two parts. The first part illustrates both redundancy of servers and redundancy of the load balancers themselves. The second part provides an optional extension that enables you to control server selection without losing redundancy. This is helpful when you prefer to have customers access a certain server, instead of balancing that traffic. However, if that server fails, the customers need to use the alternate server instead.

The examples

The network configuration for these examples is shown in the following figure.
public side private side
redundant
public
load balancer
VLAN 2
virtual address
172.214.1.2
client
The Note’s first example illustrates how to load balance web services, and includes:
Load balancing of incoming web traffic to maximise throughput to web servers. It also
provides redundancy if a web server goes down.
Load Balancer 1
public address
172.214.1.3
public address
172.214.1.4
Load Balancer 2
private address
192.168.1.200
redundancy management VLAN 4
192.168.2.2
redundancy management VLAN 4
192.168.2.1
private address
192.168.1.201
private VLAN 3 with VRRP virtual address
192.168.1.202
Web/SFTP server 1
192.168.1.1
Web/SFTP server 2
192.168.1.2
lb-redundancy.eps
C613-16088-00 REV A
Redundancy between two load balancing routers. In the unlikely event of a router going
down, a backup router takes over as master and continues the load balancing work for incoming web connections. Load balancer redundancy and VRRP ensure that clients and servers access the same public and private addresses no matter which router is the master.
A firewall to secure the LAN against attack. The firewall configuration changes
automatically if the backup router takes over the load balancing role.
www.alliedtelesis.com
The Note’s second example extends the first example by showing how to control server selection for SFTP (Secure File Transfer Protocol) traffic, while still providing server redundancy if the preferred server fails.
For simplicity, these examples provide load balancing between two servers. You can easily expand the examples by adding more servers.

What information will you find in this document?

As outlined above, the Note first describes basic load balancer redundancy. To configure this, do all the following steps:
"Configure Load Balancer 1" on page 3
"Configure Load Balancer 2" on page 7
"Create the Scripts" on page 9
Then the Note describes the optional extensions that let you control server selection. To configure this, make all the following additions to the basic configuration:
"Configure Load Balancing: Extra Commands" on page 10
"Configure the Triggers: Extra Commands" on page 11
"Modify the Scripts" on page 11
"Create New Scripts" on page 12
Finally, the Note gives the complete extended configuration so you can verify your configuration. Also, you may find it easier to copy this configuration to your router instead of using the step-by-step configuration.
"Commands: Load Balancer 1" on page 13
"Commands: Load Balancer 2" on page 14
"File: master.scp" on page 15
"File: slave.scp" on page 15
"File: sftp1down.scp" on page 15
"File: sftp1up.scp" on page 15

Which products and software version does it apply to?

We created this configuration using AR440S routers and Software Version 275-05. However, the configuration applies to the following products:
AR44xS and AR450S Series routers
AR750S, AR7x5 routers
Rapier i Series switches
AT-8800 Series switches
AT-9800 Series switches
It requires software version 275-05 or later (except version 276-01, which lacks the necessary trigger functionality).
Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 2

Example of Basic Redundancy

Configure Load Balancer 1

1. Name the router
Name this router LB-1.
set system name=LB-1
2. Create the VLANs
Create the three VLANs that this example uses:
VLAN 2 for the public Internet side
create vlan=vlan2 vid=2
VLAN 3 for the private LAN side
create vlan=vlan3 vid=3
VLAN 4 for managing the load balancer redundancy
create vlan=vlan4 vid=4
3. Add ports to the VLANs
Add ports to the three VLANs.
add vlan=2 port=1
add vlan=3 port=2-4
add vlan=4 port=5
4. Configure IP on the VLANs
Enable IP.
enable ip
Give the public VLAN a unique public address. Note that public clients will not browse to this address; they will browse to the virtual balancer’s IP address instead (see step 8).
add ip int=vlan2 ip=172.214.1.3 mask=255.255.255.0
Give the private VLAN a private address. Note that the servers will not use this address as a gateway; they will use the VRRP virtual address instead (see step 7).
add ip int=vlan3 ip=192.168.1.200
Give the redundancy management VLAN a private address.
add ip int=vlan4 ip=192.168.2.2
Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 3
5. Configure the firewall
Enable the firewall.
enable firewall
Create a firewall policy.
create firewall policy=lb
Set the firewall session timeouts for TCP, UDP and other packet types, in minutes.
set firewall policy=lb tcptimeout=5 udptimeout=5 othertimeout=5
Add the public and private interfaces to the firewall policy.
add firewall policy=lb int=vlan2 type=public
add firewall policy=lb int=vlan3 type=private
Add the redundancy management VLAN to the firewall policy as a private interface.
add firewall policy=lb int=vlan4 type=private
You do not need to add firewall access rules at this step. This example uses triggered scripts to dynamically add access rules, depending on which load balancer is the master (see step 9).
6. Disable the GUI and the HTTP server on port 80
You cannot use the router’s GUI or its HTTP server on port 80 when load balancing web traffic. Therefore, you need to either disable the GUI and server, by using the following commands:
disable gui
disable http server
or change the port that the server uses. For example, to change the port to 8080, use the following command:
set http server port=8080
You can then use the GUI by pointing your browser to the router's private address and the new port (in this example, 192.168.1.200:8080).
Note that this configuration uses some advanced settings that are not available through the GUI, so you cannot use the GUI to create this configuration. You also cannot use the firewall pages in the GUI to modify this configuration’s firewall settings, because the GUI does not recognise this firewall policy. However, you can use the GUI to monitor the router.
Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 4
7. Configure VRRP
Configure VRRP for the private side interface. This step creates a virtual address for the private interface of both load balancing routers. Private servers use this address as their gateway to the Internet, instead of using the address of the private interface of either router. This means the servers’ gateway is independent of which router is the master load balancer.
enable vrrp
create vrrp=2 over=vlan3 ipaddress=192.168.1.202
When you configure your servers, enter the VRRP address as their gateway address.
8. Configure load balancing
Enable load balancing.
enable lb
Add a resource pool for web traffic.
add lb respool=web selectmethod=roundrobin faillast=no
Add resources to the web resource pool. In this example, two resource servers share the web traffic.
add lb resource=web1 ip=192.168.1.1 port=80 respool=web
add lb resource=web2 ip=192.168.1.2 port=80 respool=web
Add and enable the Virtual Balancer for the web traffic that is to be balanced. This step also defines the load balancer’s virtual public address. Public clients browse to this address, instead of browsing to either routers’ public address. This means that the clients’ destination address is independent of which router is the master load balancer.
add lb virtualbalancer=web publicip=172.214.1.2 publicport=80
respool=web
enable lb virtualbalancer=web
Define the load balancing redundancy peer (Load Balancer 2 in the figure in "The
examples" on page 1).
set lb redundancy peerip=192.168.2.1 listenport=5000
redunip=172.214.1.2 publicint=vlan2 redunmask=255.255.255.0
enable lb redundancy
Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 5
Loading...
+ 10 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use