- DL manuals
- KEMP Technologies
- Network Hardware
- LoadMaster 1500
- Installation And Configuration Manual
KEMP Technologies LoadMaster 1500 Installation And Configuration Manual
Summary of LoadMaster 1500
Page 1
1 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Loadmaster 1500 installation and configuration guide.
Page 2
2 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Kemp technologies, inc. Reserves all ownership rights for the loadmaster product line including software and documentation. The use of the loadmaster load balan...
Page 3
3 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Table of contents section i. Application guide ....................................................................................................8 a. Preface ........................................................................
Page 4
4 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. H. Layer 7 persistency ...................................................................................................................21 1. Ssl session id based persistency........................................................
Page 5
5 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 1. Api for agent based adaptive balancing ..................................................................................... 32 2. Http server configuration for cookie support .....................................................
Page 6
6 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 5.6. Enable/disable l7 persistency state failover ............................................................................. 43 5.7. Enable/disable l4 connection state failover ....................................................
Page 7
7 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 2.3. Real server assignment ........................................................................................................ 67 2.4. Add / modify real server ..................................................................
Page 8
8 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Section i. Application guide a. Preface 1. Foreword thank you for purchasing kemp’s loadmaster! We wish you much success with your kemp’s loadmaster appliance. 2. The loadmaster documentation the kemp’s loadmaster documentation c...
Page 9
9 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Scp: secure copy command of ssh snmp: simple network management protocol, a network protocol used to manage tcp/ip networks. This protocol provides functions that enable you to access the data object whose definitions are located...
Page 10
10 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. High availability of services and applications – since services are replicated across multiple machines within the farm, the loss of a single server does not result in a total loss of service for the customer – worst case, a dro...
Page 11
11 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Do i prefer a command line interface for provisioning my virtual services or do i require the use of the web based interface? [refer to the command line reference guide section iii, and the wui handbook] do i wish the loadmaster...
Page 12
12 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. A client requests "http://www.Kemptechnologies.Com". The url will be resolved into 66.220.13.66. The request will be routed to the loadmaster, which offers this ip address as an ip-alias of its network interface eth0. The loadma...
Page 13
13 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. - ssl session id - url - host header - passive cookie - active cookie (insert) - cookie hash - cookie hash source - query hash port following for persistency options ssl acceleration health check and availability icmp health che...
Page 14
14 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. C. Loadmaster network topologies 1. One-armed balancer if a one-armed configuration is selected then the following is true: only the eth0 ethernet interface will be used (for both in and outbound traffic) real servers and virtua...
Page 15
15 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Virtual services may be created on either eth0 or eth1. Up to eth7 on multi-armed configurations real servers may exist on either the eth0 or up to the eth5 network. However, placing real server on eth0 in a two-armed configurat...
Page 16
16 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Figure above: sample direct server return configuration this feature should be implemented only if the real servers need to respond to the clients directly, without going through the loadmaster. In this configuration the real se...
Page 17
17 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The use of s-nat in single-armed configurations is not recommended. The s-nat functionality may be disabled over the configuration menus and wui. 2. Default gateway and routes in simple configurations, where the loadmaster is in...
Page 18
18 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. E. Single/dual unit configurations 1. Single unit configuration the topology in standalone-mode looks like this: 2. High availability (ha) configuration the high availability feature of the loadmaster guarantees the availability...
Page 19
19 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The topology in high availability-mode looks like this: note: in ha mode, the real servers must have the shared ip address of the loadmaster farm-side interface configured as the default gateway. F. Balancing methods there are s...
Page 20
20 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 2. Weighted round robin this method balances out the weakness of the simple round robin: incoming requests are distributed across the cluster in a sequential manner, while taking account of a static “weighting” that can be pre-a...
Page 21
21 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. G. Layer 4 persistency 1. Source ip address based persistency the loadmaster can balance tcp or udp based traffic based on source and destination ip addresses. All packets are passed through to one of the real servers. It can al...
Page 22
22 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 3. Url host based persistency this unique feature of the loadmaster allows a single balanced site to support multiple addresses. Each address with the same host will then be routed to the same real server as long as the persiste...
Page 23
23 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. I. Ssl acceleration when this option is enabled. The loadmaster functions as an ssl endpoint and decrypts the content of the message. This allows the loadmaster to use the contents of the message to perform content switching and...
Page 24
24 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. A regular expression: the rule will match if the url contains a string, which matches the given regular expression. I.E. If a rule has a value “home/*.Gif”, then all requests for “/home/…./xxx.Gif” will match the rule. Any rule ...
Page 25
25 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. ⏐←→ ⏐← host part →⏐← start url end url → ⏐ ← query part →⏐ protocol ⏐← host + url →⏐ (ignored) definition this allows a user to select on a host when multiple virtual hosts are serviced by a single virtual service. Note: if no h...
Page 26
26 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. This case the loadmaster closes the connection by sending a tcp reset. If the server fails to respond within the configured response time for the configured number of times, it is assumed dead. 7 ftp the loadmaster opens a tcp c...
Page 27
27 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 7 dns the loadmaster sends source-of-authority (soa) request to the real server on the service port (port 53 udp). If the server successfully responds to the soa request, the loadmaster marks it as active. If the server fails to...
Page 28
28 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. One4net(12196) ipvs(12) ipvsrstable(2) rsentry(1) 12 } the data object defined in the loadmaster mibs is a superset to the counters displayed by the wui. Note: the data objects on the loadmaster are not writable, so that only ge...
Page 29
29 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Rfc 2573 snmp applications rfc 2574 user-based security model (usm) for version 3 of the simple network management protocol (snmpv3) rfc 2575 view-based access control model (vacm) for the simple network management protocol (snm...
Page 30
30 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Hint: to enable a syslogd process on a remote linux server to receive syslog messages from the loadmaster, the syslogd must be started with the “-r” flag. 2. How to get a license after boot, a login prompt appears; login as ‘bal...
Page 31
31 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 2.4. Upgrading the evaluation license to a full single or ha license 1. A service agreement upon purchase must be approved by kemp in order to obtain a full loadmaster ha license. 2. Using a null modem cable connect a pc using t...
Page 32
32 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 5. Interoperability between l4 / l7 virtual services when one switches a service from one persistency method to another, the absolute values of all vs / rs counters will be reset to zero. This may cause peaks in the service grap...
Page 33
33 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. This example code is a program that obtains the cpu load counter from windows 2000. It uses the performance data helper (pdh) api, and must be linked to the pdh.Lib. The pdh dynamic link library (dll) pdh.Dll must also be instal...
Page 34
34 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 3. Mib-tree a file describing the mibs (one4net.Mib.Desc) can be found on the cd. Ii. Installation and configuration guide a. Before getting started you only need to connect via com+ (console) port with a terminal emulation appl...
Page 35
35 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 1. The loadmaster appliance 1.1. Delivery content the delivery of each loadmaster contains the following components: a/c power cable a cd containing the loadmaster software and the manuals in digital form. Rack mounts for standa...
Page 36
36 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. License keys are linked to loadmaster hardware and are not transferable. Once a valid license key has been input, quick setup will be started. For more information on quick setup, please consult the “quick setup” section. C. Ini...
Page 37
37 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Upon rebooting the second machine, the configuration parameters will be overwritten by the values on the first machine. Hint: both real ip’s as well as the shared ip addresses may be "pinged" to test the loadmaster cluster. D. Q...
Page 38
38 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The format of the input is the same as used for eth0. If an address is given, then this must be on a different network to the address(s) on eth0. Hostname(s) the hostname of the loadmaster must now be set. A standard (or previou...
Page 39
39 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 1.1. Quick setup this allows the user to quickly configure the basic parameters of the loadmaster, these include the ethernet ip addresses and local gateways and name servers. See the section on “quick setup” in the initial conf...
Page 40
40 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. After a keyboard mapping has been selected, the user will be asked to check that the keyboard mapping is correct. If the keyboard mapping is not correct the [cancel] button should be pressed and a different mapping selected. 3.4...
Page 41
41 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Ethernet interfaces. I.E. The optional interfaces will be designated as eth0 and eth1. For more information on this topic please contact customer support. 4.2. Hostname configuration the hostname of the loadmaster can be changed...
Page 42
42 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 5.3. Syslogd configuration with this option, log messages may be sent to different hosts using the syslogd protocol. A different host may be specified for each of five different levels: notice this host will receive all messages...
Page 43
43 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Configure snmp trap sink2 this option allows the user to specify a list of hosts to which a snmpv2 trap will be sent when a trap is generated. 5.6. Enable/disable l7 persistency state failover note: this feature is only availabl...
Page 44
44 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Enable access control lists using this toggle option the packet filter/access control list can be activated / deactivated. Show acl this option lists the content of the current access control list. Add address to acl this option...
Page 45
45 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The “scp” - secure copy – transfer method may be selected. This is more secure than “ftp” but is normally only supported on unix servers. If this mode is selected, the transfer of ssl certificates can only be performed via the m...
Page 46
46 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 8. Reboot this option will reboot the loadmaster. All modifications to the configuration will be saved before the reboot. Note: when running on the active machine of a ha cluster, the configuration on the standby machine will al...
Page 47
47 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Farm side: eth1 ip address ________________________________________________________________________ netmask ________________________________________________________________________ shared ip address _____________________________...
Page 48
48 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. This command will disable the specified real server. I.E. No more traffic will be directed to the real server. This command will disable the real server on all virtual services where this real server is configured. 1.4. Enable_r...
Page 49
49 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The specified port will be used to access the real servers where adaptive checking is enabled. 2.4. Show displays the current adaptive checking parameters. 2.5. Url specifies a url, which will be fetched by the adaptive checking...
Page 50
50 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 3.7. Exit leave the health check command level, any changes to the health check parameters will be saved and the system will be configured accordingly. 4. Rules command level the following commands can be performed at the rules ...
Page 51
51 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. This specifies that the value of the rule should be matched at the end of the received url. 5.5. [no] regex+host this specifies that the value of the rule should be matched against the concatenated hostname and received url stri...
Page 52
52 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Specifies the ip address of the virtual service. 6.4. [no] cookie allows the specification of a cookie when using cookie based persistency methods. This command can only be used if the l7 option of the loadmaster has been enable...
Page 53
53 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. This command specifies which type of connection persistence should be used for a virtual service. In no persistency should be specified for the virtual service, the command should be specified. The following persistency types ca...
Page 54
54 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 6.20. Help prints out a list of commands at the virtual service command level. 6.21. End terminate the cli session. No changes made in the virtual service command level (or lower) will be saved. 6.22. Exit return the input to th...
Page 55
55 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Specifies the weighting for the real server. This can be used when using the various scheduling methods that utilize the weighting of a real server. 7.9. Help lists the commands at this level. 7.10. End terminate the cli session...
Page 56
56 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Iv. Web user interface (wui) configuration guide a. Glossary and abbreviations access code: an access code will be generated during the initial setup of the load master. You must contact your kemp technologies representative for...
Page 57
57 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. B. Fast track the following sections will take you through the steps required to create virtual services of increasing complexity. 1. How to login start your preferred internet browser and enter the url of the balancer that you ...
Page 58
58 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. For example, if you gave your customer “www.A-domain.Com” the ip address 172.16.1.11 then enter this as the vip address. The port number is usually 80 for http services. The protocol may be tcp or udp, but in the vast majority o...
Page 59
59 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The final action to be performed is adding real servers. To get to the real server parameters page, click the “add new...” button in the real server table. Here we specify the ip address of the real server we wish to add, the po...
Page 60
60 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. In our example, we will assume that the real servers are on a private 10.1.1.X network, and we will then enter real server 10.1.1.13. At this stage, we do not need to worry about the port, forwarding method and weight. Click “ad...
Page 61
61 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. To create a new content rule, click “create new...” to open the rule creation page. There are five parameters that can be set for a rule, but only “rule name”, “rule type” and “match string” are mandatory and for the purposes of...
Page 62
62 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The next step is to enable content switching for a virtual service. If you wish to create a new rule with content switching, follow the steps outlined in the previous section for creating a virtual service, specifying its vip, p...
Page 63
63 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Content switching has now been enabled for this virtual service. Click on the “virtual services' link at the top left of the screen to return to the “virtual services” page. 4. Create an ssl accelerated virtual service this sect...
Page 64
64 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. There are a couple of points to note about the consequences of enabling ssl acceleration: 1. It sets the port value of this virtual service's real servers to 80. 2. It sets the service check method to http and not https as would...
Page 65
65 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 1. Home an introduction page. 2. Virtual services a list of virtual services on the balancer, summarizing the properties of each and giving the options to modify or delete services, or create a new service. 2.1. Add virtual serv...
Page 66
66 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The pull-down list gives you the option to select the type of persistence. These are: ip-based persistence (src) the source ip address (of the requesting client) is used as the key for persistency in this case. The netmask deter...
Page 67
67 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Scheduling method this section allows you to select the method by which the balancer will select a real server, for this particular service. The scheduling methods are as follows: round robin round robin causes the balancer to a...
Page 68
68 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 2.5. Add rule this contains a summary list of rules assigned to the real server in question. Add a rule by selecting it from the pull-down list and clicking “add”, remove a rule by using the delete button. See chapter ie.1. 2.6....
Page 69
69 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 3.3. Connect & response timeouts the http request has two steps: contact the server, and then retrieve the file. A timeout can be specified for each step, i.E. How long to wait for a connection, how long to wait for a response. ...
Page 70
70 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 5. Balancer metrics the balancer metrics sections provide performance data relating to the balancer, and are updated every 15 seconds to provide near real-time information. This can be very useful when tuning the load balancing ...
Page 71
71 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 6.2.2. Reject/drop blocked packets when a connection request is received from a host, which is blocked using the acl, the request is normally ignored (dropped). The load master may however be configured to send back an icmp reje...