1 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Loadmaster 1500 installation and configuration guide.
2 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Kemp technologies, inc. Reserves all ownership rights for the loadmaster product line including software and documentation. The use of the loadmaster load balan...
3 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Table of contents section i. Application guide ....................................................................................................8 a. Preface ........................................................................
4 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. H. Layer 7 persistency ...................................................................................................................21 1. Ssl session id based persistency........................................................
5 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 1. Api for agent based adaptive balancing ..................................................................................... 32 2. Http server configuration for cookie support .....................................................
6 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 5.6. Enable/disable l7 persistency state failover ............................................................................. 43 5.7. Enable/disable l4 connection state failover ....................................................
7 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 2.3. Real server assignment ........................................................................................................ 67 2.4. Add / modify real server ..................................................................
8 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Section i. Application guide a. Preface 1. Foreword thank you for purchasing kemp’s loadmaster! We wish you much success with your kemp’s loadmaster appliance. 2. The loadmaster documentation the kemp’s loadmaster documentation c...
9 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Scp: secure copy command of ssh snmp: simple network management protocol, a network protocol used to manage tcp/ip networks. This protocol provides functions that enable you to access the data object whose definitions are located...
10 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. High availability of services and applications – since services are replicated across multiple machines within the farm, the loss of a single server does not result in a total loss of service for the customer – worst case, a dro...
11 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Do i prefer a command line interface for provisioning my virtual services or do i require the use of the web based interface? [refer to the command line reference guide section iii, and the wui handbook] do i wish the loadmaster...
12 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. A client requests "http://www.Kemptechnologies.Com". The url will be resolved into 66.220.13.66. The request will be routed to the loadmaster, which offers this ip address as an ip-alias of its network interface eth0. The loadma...
13 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. - ssl session id - url - host header - passive cookie - active cookie (insert) - cookie hash - cookie hash source - query hash port following for persistency options ssl acceleration health check and availability icmp health che...
14 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. C. Loadmaster network topologies 1. One-armed balancer if a one-armed configuration is selected then the following is true: only the eth0 ethernet interface will be used (for both in and outbound traffic) real servers and virtua...
15 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Virtual services may be created on either eth0 or eth1. Up to eth7 on multi-armed configurations real servers may exist on either the eth0 or up to the eth5 network. However, placing real server on eth0 in a two-armed configurat...
16 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Figure above: sample direct server return configuration this feature should be implemented only if the real servers need to respond to the clients directly, without going through the loadmaster. In this configuration the real se...
17 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The use of s-nat in single-armed configurations is not recommended. The s-nat functionality may be disabled over the configuration menus and wui. 2. Default gateway and routes in simple configurations, where the loadmaster is in...
18 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. E. Single/dual unit configurations 1. Single unit configuration the topology in standalone-mode looks like this: 2. High availability (ha) configuration the high availability feature of the loadmaster guarantees the availability...
19 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The topology in high availability-mode looks like this: note: in ha mode, the real servers must have the shared ip address of the loadmaster farm-side interface configured as the default gateway. F. Balancing methods there are s...
20 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 2. Weighted round robin this method balances out the weakness of the simple round robin: incoming requests are distributed across the cluster in a sequential manner, while taking account of a static “weighting” that can be pre-a...
21 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. G. Layer 4 persistency 1. Source ip address based persistency the loadmaster can balance tcp or udp based traffic based on source and destination ip addresses. All packets are passed through to one of the real servers. It can al...
22 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 3. Url host based persistency this unique feature of the loadmaster allows a single balanced site to support multiple addresses. Each address with the same host will then be routed to the same real server as long as the persiste...
23 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. I. Ssl acceleration when this option is enabled. The loadmaster functions as an ssl endpoint and decrypts the content of the message. This allows the loadmaster to use the contents of the message to perform content switching and...
24 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. A regular expression: the rule will match if the url contains a string, which matches the given regular expression. I.E. If a rule has a value “home/*.Gif”, then all requests for “/home/…./xxx.Gif” will match the rule. Any rule ...
25 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. ⏐←→ ⏐← host part →⏐← start url end url → ⏐ ← query part →⏐ protocol ⏐← host + url →⏐ (ignored) definition this allows a user to select on a host when multiple virtual hosts are serviced by a single virtual service. Note: if no h...
26 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. This case the loadmaster closes the connection by sending a tcp reset. If the server fails to respond within the configured response time for the configured number of times, it is assumed dead. 7 ftp the loadmaster opens a tcp c...
27 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 7 dns the loadmaster sends source-of-authority (soa) request to the real server on the service port (port 53 udp). If the server successfully responds to the soa request, the loadmaster marks it as active. If the server fails to...
28 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. One4net(12196) ipvs(12) ipvsrstable(2) rsentry(1) 12 } the data object defined in the loadmaster mibs is a superset to the counters displayed by the wui. Note: the data objects on the loadmaster are not writable, so that only ge...
29 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Rfc 2573 snmp applications rfc 2574 user-based security model (usm) for version 3 of the simple network management protocol (snmpv3) rfc 2575 view-based access control model (vacm) for the simple network management protocol (snm...
30 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Hint: to enable a syslogd process on a remote linux server to receive syslog messages from the loadmaster, the syslogd must be started with the “-r” flag. 2. How to get a license after boot, a login prompt appears; login as ‘bal...
31 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 2.4. Upgrading the evaluation license to a full single or ha license 1. A service agreement upon purchase must be approved by kemp in order to obtain a full loadmaster ha license. 2. Using a null modem cable connect a pc using t...
32 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 5. Interoperability between l4 / l7 virtual services when one switches a service from one persistency method to another, the absolute values of all vs / rs counters will be reset to zero. This may cause peaks in the service grap...
33 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. This example code is a program that obtains the cpu load counter from windows 2000. It uses the performance data helper (pdh) api, and must be linked to the pdh.Lib. The pdh dynamic link library (dll) pdh.Dll must also be instal...
34 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 3. Mib-tree a file describing the mibs (one4net.Mib.Desc) can be found on the cd. Ii. Installation and configuration guide a. Before getting started you only need to connect via com+ (console) port with a terminal emulation appl...
35 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 1. The loadmaster appliance 1.1. Delivery content the delivery of each loadmaster contains the following components: a/c power cable a cd containing the loadmaster software and the manuals in digital form. Rack mounts for standa...
36 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. License keys are linked to loadmaster hardware and are not transferable. Once a valid license key has been input, quick setup will be started. For more information on quick setup, please consult the “quick setup” section. C. Ini...
37 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Upon rebooting the second machine, the configuration parameters will be overwritten by the values on the first machine. Hint: both real ip’s as well as the shared ip addresses may be "pinged" to test the loadmaster cluster. D. Q...
38 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The format of the input is the same as used for eth0. If an address is given, then this must be on a different network to the address(s) on eth0. Hostname(s) the hostname of the loadmaster must now be set. A standard (or previou...
39 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 1.1. Quick setup this allows the user to quickly configure the basic parameters of the loadmaster, these include the ethernet ip addresses and local gateways and name servers. See the section on “quick setup” in the initial conf...
40 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. After a keyboard mapping has been selected, the user will be asked to check that the keyboard mapping is correct. If the keyboard mapping is not correct the [cancel] button should be pressed and a different mapping selected. 3.4...
41 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Ethernet interfaces. I.E. The optional interfaces will be designated as eth0 and eth1. For more information on this topic please contact customer support. 4.2. Hostname configuration the hostname of the loadmaster can be changed...
42 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 5.3. Syslogd configuration with this option, log messages may be sent to different hosts using the syslogd protocol. A different host may be specified for each of five different levels: notice this host will receive all messages...
43 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Configure snmp trap sink2 this option allows the user to specify a list of hosts to which a snmpv2 trap will be sent when a trap is generated. 5.6. Enable/disable l7 persistency state failover note: this feature is only availabl...
44 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Enable access control lists using this toggle option the packet filter/access control list can be activated / deactivated. Show acl this option lists the content of the current access control list. Add address to acl this option...
45 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The “scp” - secure copy – transfer method may be selected. This is more secure than “ftp” but is normally only supported on unix servers. If this mode is selected, the transfer of ssl certificates can only be performed via the m...
46 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 8. Reboot this option will reboot the loadmaster. All modifications to the configuration will be saved before the reboot. Note: when running on the active machine of a ha cluster, the configuration on the standby machine will al...
47 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Farm side: eth1 ip address ________________________________________________________________________ netmask ________________________________________________________________________ shared ip address _____________________________...
48 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. This command will disable the specified real server. I.E. No more traffic will be directed to the real server. This command will disable the real server on all virtual services where this real server is configured. 1.4. Enable_r...
49 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The specified port will be used to access the real servers where adaptive checking is enabled. 2.4. Show displays the current adaptive checking parameters. 2.5. Url specifies a url, which will be fetched by the adaptive checking...
50 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 3.7. Exit leave the health check command level, any changes to the health check parameters will be saved and the system will be configured accordingly. 4. Rules command level the following commands can be performed at the rules ...
51 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. This specifies that the value of the rule should be matched at the end of the received url. 5.5. [no] regex+host this specifies that the value of the rule should be matched against the concatenated hostname and received url stri...
52 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Specifies the ip address of the virtual service. 6.4. [no] cookie allows the specification of a cookie when using cookie based persistency methods. This command can only be used if the l7 option of the loadmaster has been enable...
53 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. This command specifies which type of connection persistence should be used for a virtual service. In no persistency should be specified for the virtual service, the command should be specified. The following persistency types ca...
54 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 6.20. Help prints out a list of commands at the virtual service command level. 6.21. End terminate the cli session. No changes made in the virtual service command level (or lower) will be saved. 6.22. Exit return the input to th...
55 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Specifies the weighting for the real server. This can be used when using the various scheduling methods that utilize the weighting of a real server. 7.9. Help lists the commands at this level. 7.10. End terminate the cli session...
56 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Iv. Web user interface (wui) configuration guide a. Glossary and abbreviations access code: an access code will be generated during the initial setup of the load master. You must contact your kemp technologies representative for...
57 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. B. Fast track the following sections will take you through the steps required to create virtual services of increasing complexity. 1. How to login start your preferred internet browser and enter the url of the balancer that you ...
58 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. For example, if you gave your customer “www.A-domain.Com” the ip address 172.16.1.11 then enter this as the vip address. The port number is usually 80 for http services. The protocol may be tcp or udp, but in the vast majority o...
59 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The final action to be performed is adding real servers. To get to the real server parameters page, click the “add new...” button in the real server table. Here we specify the ip address of the real server we wish to add, the po...
60 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. In our example, we will assume that the real servers are on a private 10.1.1.X network, and we will then enter real server 10.1.1.13. At this stage, we do not need to worry about the port, forwarding method and weight. Click “ad...
61 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. To create a new content rule, click “create new...” to open the rule creation page. There are five parameters that can be set for a rule, but only “rule name”, “rule type” and “match string” are mandatory and for the purposes of...
62 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The next step is to enable content switching for a virtual service. If you wish to create a new rule with content switching, follow the steps outlined in the previous section for creating a virtual service, specifying its vip, p...
63 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Content switching has now been enabled for this virtual service. Click on the “virtual services' link at the top left of the screen to return to the “virtual services” page. 4. Create an ssl accelerated virtual service this sect...
64 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. There are a couple of points to note about the consequences of enabling ssl acceleration: 1. It sets the port value of this virtual service's real servers to 80. 2. It sets the service check method to http and not https as would...
65 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 1. Home an introduction page. 2. Virtual services a list of virtual services on the balancer, summarizing the properties of each and giving the options to modify or delete services, or create a new service. 2.1. Add virtual serv...
66 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. The pull-down list gives you the option to select the type of persistence. These are: ip-based persistence (src) the source ip address (of the requesting client) is used as the key for persistency in this case. The netmask deter...
67 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. Scheduling method this section allows you to select the method by which the balancer will select a real server, for this particular service. The scheduling methods are as follows: round robin round robin causes the balancer to a...
68 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 2.5. Add rule this contains a summary list of rules assigned to the real server in question. Add a rule by selecting it from the pull-down list and clicking “add”, remove a rule by using the delete button. See chapter ie.1. 2.6....
69 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 3.3. Connect & response timeouts the http request has two steps: contact the server, and then retrieve the file. A timeout can be specified for each step, i.E. How long to wait for a connection, how long to wait for a response. ...
70 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 5. Balancer metrics the balancer metrics sections provide performance data relating to the balancer, and are updated every 15 seconds to provide near real-time information. This can be very useful when tuning the load balancing ...
71 copyright © 2000 - 2005 kemp technologies, inc. All rights reserved. 6.2.2. Reject/drop blocked packets when a connection request is received from a host, which is blocked using the acl, the request is normally ignored (dropped). The load master may however be configured to send back an icmp reje...