ServerIron TrafficWorks Server Load Balancing Guide

Transcription

1 ServerIron TrafficWorks Server Load Balancing Guide ServerIron 4G Series ServerIronGT C Series ServerIronGT E Series ServerIron 350 & 350-PLUS ServerIron 350 & 350-PLUS ServerIron 450 & 450-PLUS Release Date: April 7, 2008 Publication Date: April 7, 2008 Version Great America Parkway Santa Clara, CA Tel

2 Copyright 2007 Foundry Networks, Inc. All rights reserved. No part of this work may be reproduced in any form or by any means graphic, electronic or mechanical, including photocopying, recording, taping or storage in an information retrieval system without prior written permission of the copyright owner. The trademarks, logos and service marks ("Marks") displayed herein are the property of Foundry or other third parties. You are not permitted to use these Marks without the prior written consent of Foundry or such appropriate third party. Foundry Networks, BigIron, FastIron, IronView, JetCore, NetIron, ServerIron, TurboIron, IronWare, EdgeIron, the Iron family of marks and the Foundry Logo are trademarks or registered trademarks of Foundry Networks, Inc. in the United States and other countries. F-Secure is a trademark of F-Secure Corporation. All other trademarks mentioned in this document are the property of their respective owners.

3 Contents CHAPTER 1 ABOUT THIS GUIDE INTRODUCTION AUDIENCE CONVENTIONS RELATED DOCUMENTATION REPORTING DOCUMENTATION ERRORS HOW TO GET HELP WEB ACCESS ACCESS TELEPHONE ACCESS CHAPTER 2 NEW FEATURES AND ENHANCEMENTS SOFTWARE DEPENDENCIES FOR HARDWARE PLATFORMS FEATURES AND ENHANCEMENTS FOR RELEASE FEATURES AND ENHANCEMENTS FOR RELEASE FEATURES AND ENHANCEMENTS FOR RELEASE B FEATURES AND ENHANCEMENTS FOR RELEASE A FEATURES AND ENHANCEMENTS FOR RELEASE FEATURES AND ENHANCEMENTS FOR RELEASE FEATURES AND ENHANCEMENTS FOR RELEASE CHAPTER 3 SERVER LOAD BALANCING VALUE OF SLB HOW SLB WORKS SLOW-START MECHANISM LOAD-BALANCING PREDICTOR April 7, Foundry Networks, Inc. i

4 Server Load Balancing Guide LEAST CONNECTIONS ROUND ROBIN WEIGHTED SERVER RESPONSE TIME ONLY LEAST CONNECTION AND SERVER RESPONSE TIME WEIGHTS LEAST LOCAL CONNECTIONS LEAST LOCAL SESSIONS DYNAMIC WEIGHTED PREDICTOR CONFIGURABLE APPLICATION GROUPING STICKY CONNECTIONS CONFIGURABLE TCP/UDP APPLICATION GROUPS CONCURRENT CONNECTIONS STICKY VIPS UNLIMITED VIPS GEOGRAPHICALLY-DISTRIBUTED SERVERS SYMMETRIC SLB LINK-LEVEL REDUNDANCY SWITCHBACK MANY-TO-ONE TCP/UDP PORT BINDING BINDING SAME REAL PORTS TO MULTIPLE VIP PORTS HTTP REDIRECT TRANSPARENT VIP AND STATELESS APPLICATION PORTS WINDOWS TERMINAL SERVER WITH L7 PERSISTENCE UNDERSTANDING WINDOWS TERMINAL SERVER CONFIGURING WINDOWS TERMINAL SERVER TFTP LOAD BALANCING MULTINETTING USING NAT CONFIGURING SLB CONFIGURATION GUIDELINES DEFINING THE REAL SERVERS AND ADDING THE APPLICATION PORTS CLONING REAL SERVERS DEFINING THE VIRTUAL SERVER (VIP) BINDING VIRTUAL AND REAL SERVERS GLOBAL SLB SETTINGS FAST-PATH SLB PROCESSING CONFIGURATION CONSIDERATIONS ENABLING FAST-PATH PROCESSING FOR STATELESS SLB GLOBALLY CHANGING THE LOAD-BALANCING METHOD CONFIGURING THE ENHANCED WEIGHTED PREDICTOR ASSIGNING WEIGHTS TO THE REAL SERVERS ENABLING THE WEIGHTED PREDICTOR ENABLING THE ENHANCED WEIGHTED PREDICTOR COMPARISON OF CONNECTION ASSIGNMENTS CONFIGURING DYNAMIC WEIGHTED PREDICTOR CONFIGURE REAL SERVER WITH SNMP QUERY REQUIREMENTS CONFIGURATION EXAMPLE CONFIGURE A VIRTUAL SERVER WITH DYNAMIC WEIGHTED PREDICTOR DYNAMIC-WEIGHTED DIRECT DYNAMIC-WEIGHTED REVERSE ii 2007 Foundry Networks, Inc. April 7, 2008

5 DELETION OF UDP DATA SESSION ALONG WITH TCP CONTROL SESSION FOR RTSP IDENTIFYING THE PORTS ATTACHED TO A ROUTER LIMITING THE MAXIMUM NUMBER OF TCP SYN REQUESTS CONFIGURING THE WARNING AND SHUTDOWN THRESHOLDS CONFIGURING WARNING AND SHUTDOWN THRESHOLDS FOR ALL REAL SERVERS CONFIGURING WARNING AND SHUTDOWN THRESHOLDS FOR AN INDIVIDUAL REAL SERVER VIEWING THRESHOLD MESSAGES IN THE SYSLOG SENDING ICMP PORT UNREACHABLE OR DESTINATION UNREACHABLE MESSAGES SENDING A TCP RST TO A CLIENT THAT REQUESTS UNAVAILABLE APPLICATIONS SENDING A TCP RST WHEN TCP SESSION ENTRY AGES OUT DISABLING TCP RST MESSAGE WHEN A REAL SERVER GOES DOWN DURING AN OPEN SESSION DISABLING TCP RST MESSAGE ON MAXIMUM CONNECTIONS ADDING A SOURCE IP ADDRESS ENABLING USE OF THE CLIENT MAC ADDRESS ENABLING SOURCE NAT GLOBALLY ENABLING REVERSE NAT DYNAMIC NAT FOR REAL SERVERS USING VIRTUAL SERVER ADDRESS DECREMENT COUNTERS IN DELETION QUEUE OVERVIEW OF DECREMENT COUNTERS IN DELETION QUEUE ENABLING DECREMENT SESSION COUNTERS IN DELETION QUEUE ENABLING FORCE-DELETE SETTING THE STICKY AGE SETTING STICKY WITHOUT COOKIE ALLOWING STICKY PORTS ENABLING TRANSPARENT VIP CONFIGURING TCP FAST AGING DECREMENTING THE CURRENT CONNECTION COUNTER FOLLOWING A SERVER RST DISABLING VIPS ENABLING SYN ACK THRESHOLD ENABLING SYNCHRONIZATION LINK FOR SYMMETRIC SLB ENABLING NO-GRACEFUL-SHUTDOWN ENABLING BACKUP TRUNK PORT REPLACING THE SOURCE MAC ADDRESS OF THE PACKET REAL SERVER SETTINGS CHANGING A REAL SERVER S IP ADDRESS ADDING A DESCRIPTION CONFIGURING A LOCAL OR REMOTE REAL SERVER CONFIGURING A LOCAL REAL SERVER CONFIGURING A REMOTE REAL SERVER CONFIGURING PRIMARY AND BACKUP SERVERS DESIGNATING A REAL SERVER AS A BACKUP ENABLING A VIP TO USE THE PRIMARY AND BACKUP SERVERS CONFIGURATION EXAMPLE DESIGNATING A REAL SERVER PORT AS A BACKUP DISABLING A REAL SERVER ADDING APPLICATION PORTS TO A REAL SERVER CONFIGURING A HOST RANGE April 7, Foundry Networks, Inc. iii

6 Server Load Balancing Guide CONFIGURING HOST-RANGE MAPS DEFINING THE MAXIMUM NUMBER OF SESSIONS CONFIGURING LOCAL MAX-CONN CONFIGURING LOCAL MAX-CONN FOR A REAL SERVER CONFIGURING LOCAL MAX-CONN FOR A REAL SERVER PORT SETTING THE TRAFFIC RATE THRESHOLD SETTING WARNING AND SHUTDOWN THRESHOLDS FOR A SERVER VIEWING THRESHOLD MESSAGES IN THE SYSLOG DISABLING LAYER 3 HEALTH CHECK ON A REAL SERVER ENABLING SOURCE NAT ON A REAL SERVER CONFIGURING THE WEIGHT FOR REAL SERVER SETTING A REAL SERVER S WEIGHT BASED ON RESPONSE TIME REAL SERVER PORTS DISALBING OR RE-ENABLING APPLICATION PORTS GLOBALLY DISABLING APPLICATION PORTS DISABLING SLB TO A SERVER WHEN AN APPLICATION IS DOWN UNBINDING ALL APPLICATION PORTS FROM VIRTUAL SERVERS REBINING AN APPLICATION PORT TO A VIRTUAL SERVER ENABLING OR DISABLING THE KEEPALIVE HEALTH CHECK CONFIGURING THE CONNECTION RATE LAYER 7 HEALTH CHECK PARAMETERS VIP SETTINGS ADDING APPLICATION PORTS AND BINDINGS CONFIGURING PRIMARY AND BACKUP SERVERS ENABLING A VIP TO USE THE PRIMARY AND BACKUP SERVERS CONFIGURING A HOST RANGE ENABLING HTTP REDIRECT ON A VIRTUAL SERVER CHANGING THE LOAD BALANCING METHOD ON A VIRTUAL SERVER SETTING SYMMETRIC SLB PRIORITY TRACKING THE PRIMARY PORT CONFIGURING A TRACK PORT GROUP TRACK GROUP HEALTH CHECK FOR REAL SERVERS SAMPLE CONFIGURATION ENABLING TRACK PORTS IN A TRACK GROUP TO UNBIND IDENTIFYING VIP PORT AS TCP ONLY OR UDP ONLY ENABLING SERVER CLUSTER SUPPORT ENABLING FAST AGING FOR UDP SESSIONS ENABLING NORMAL UDP AGING FOR DNS AND RADIUS ENABLING TRANSPARENT VIP SETTING TCP AND UDP AGES FOR VIPS PER SERVER BASED REAL SERVER BACKUP OVERVIEW OF PER SERVER BASED REAL SERVER BACKUP CURRENT BACKUP SCHEME PER SERVER BASED BACKUP SCHEME COMMAND LINE INTERFACE SERVER BACKUP ASSOCIATION SERVER PORT BACKUP ASSOCIATION DISPLAY THE BACKUP BINDINGS iv 2007 Foundry Networks, Inc. April 7, 2008

7 VIRTUAL SERVER PORTS DISABLING OR RE-ENABLING AN APPLICATION PORT GLOBALLY DISABLING REAL AND VIRTUAL PORTS CONFIGURING STICKY PORTS CONFIGURING STICKINESS BASED ON CLIENT S SUBET INCREASE STICKY-AGE PER VIP LONGER THAN 60 MINUTES ENABLING A CONCURRENT PORT CONFIGURING THE SMOOTH FACTOR CONFIGURING A STATELESS PORT CONFIGURING VIRTUAL SOURCE DISABLING PORT TRANSLATION ENABLING THE SERVERIRON TO USE THE ALIAS PORT S STATE STICKY CONNECTION RETURN FROM BACKUP SERVER TO PRIMARY PERFORMING SLB BASED ON ALIAS PORT STATE IP LOAD BALANCING BACKGROUND OVERVIEW HASHING MECHANISM IP LOAD BALANCING VS REGULAR LOAD BALANCING FEATURE INTEROPERABILITY HIGH AVAILABILITY MINIMUM REQUIRED CONFIGURATION LOAD BALANCING SPECIFIC IP PROTOCOLS DISPLAYING LOAD BALANCING AND HASH DISTRIBUTION STATISTICS BINDING A REAL SERVER PORT TO MULTIPLE VIPS CONFIGURING HARDWARE FORWARDING OF PASS-THROUGH TRAFFIC SSL ACCELERATORS SLB CONFIGURATION TCS CONFIGURATION GROUP STICKY: L4 SLB TO SERVER GROUP ENABLING GROUP STICKY CONFIGURATION EXAMPLE ENABLING GROUP STICKY FAILOVER HASH-BASED SLB WITH SERVER PERSISTENCE PERSISTENT HASH TABLE CLEAR VS REASSIGN MECHANISMS ENABLING PERSISTENT HASHING ENABLING THE CLEAR-ON-CHANGE MECHANISM ENABLING THE REASSIGN-ON-CHANGE MECHANISM CONFIGURING THE REASSIGN THRESHOLD AND DURATION REASSIGNMENT SEQUENCE AND EXAMPLE KEEPING THE PERSISTENT HASH TABLE UNCHANGED REAL SERVER FAILURE DISPLAYING PERSISTENT HASH TABLE ENTRY AND STATISTICS CLEARING THE HIT COUNT FOR THE PERSISTENT HASH TABLE CLEARING THE PERSISTENT HASH TABLE ENABLING DEBUGGING FOR PERSISTENT HASH April 7, Foundry Networks, Inc. v

8 Server Load Balancing Guide REASSIGNING A PERSISTENT HASH TABLE ENTRY VIP ROUTE HEALTH INJECTION OVERVIEW INJECTING AND DELETING VIP ROUTE BASED ON VIP HEALTH VIP RHI AND HIGH AVAILABILITY TOPOLOGIES CONFIGURATION CONSIDERATIONS ENABLING OR DISABLING VIP RHI DEFINING THE HEALTH OF A VIP PORT DEFINING THE HEALTH OF A VIP CONFIGURING THE VIP RHI ROUTE MASK LENGTH DISPLAYING RHI INFORMATION DISPLAYING ROUTE TYPE CONFIGURATION EXAMPLES BASIC CONFIGURATION BOTH SERVERIRON SITES WORKING IN PRIMARY MODE SITE-1 SERVERIRON IN PRIMARY MODE AND SITE-2 IN BACKUP MODE REAL SERVER SHUTDOWN POLICY-BASED SLB CONFIGURING A POLICY LIST SIMPLIFIED FORMAT FOR THE POLICY LIST FILE SPECIFYING THE MAXIMUM NUMBER OF ENTRIES NO LIMIT TO THE SIZE OF THE POLICY LIST FILE DELETING AN ENTRY FROM THE POLICY LIST DELETING AN ENTIRE PBSLB LIST DYNAMICALLY DOWNLOADING A POLICY LIST DOWNLOADING A POLICY LIST USING TFTP COPYING A POLICY LIST TO A FILE ON TFTP SERVER WRITING THE POLICY LIST TO FLASH MEMORY SPECIFYING A DEFAULT SERVER GROUP ASSIGNING REAL SERVERS TO SERVER GROUPS ENABLING PBSLB FOR A PORT ON A VIRTUAL SERVER DELETING EXISTING PBSLB SESSIONS DISPLAYING PBSLB ENTRIES VIP TRAFFIC NO LONGER BLOCKED DURING POLICY FILE DOWNLOAD PACKET TRACE INCREASE IN THE SIZE OF PBSLB LIST (SPAM LIST) PBSLB POOL FAILSAFE GROUP OVERVIEW OF PBSLB POOL FAILSAFE GROUP EXPECTED BEHAVIOR OF PBSLB FAILSAFE GROUP COMMAND LINE INTERFACE CREATE A PBSLB FAILSAFE GROUP ENABLE PBSLB ON A VIP PORT SHOW COMMMANDS AUTO DOWNLOAD OF PBSLB LIST CONFIGURING PBSLB DOWNLOAD-INTERVAL CONFIGURING PBSLB TIME-OF-DAY PBSLB SYSLOG MESSAGES BANDWIDTH METRIC FOR SLB vi 2007 Foundry Networks, Inc. April 7, 2008

9 EXAMPLE ENABING THE BANDWIDTH METRIC PREDICTOR CHANGING THE SIZE OF THE BANDWIDTH SAMPLING WINDOW CHANGING THE SIZE GLOBALLY CHANGING THE SIZE FOR A VIRTUAL SERVER ENABLING METRIC ALGORITHMS RE-ENABLING THE SUM ALGORITHM ENABLING THE WEIGHTED SERVER SUM ALGORITHM ENABLING THE WEIGHTED-INTERVAL SUM ALGORITHM DISPLAYING BANDWIDTH USAGE STATISTICS DISPLAYING BANDWIDTH USAGE DISPLAYING BANDWIDTH USAGE COUNTS CLEARING OCTET COUNTS IN THE BANDWIDTH OCTET LIST POLICY-BASED ROUTING FOR REVERSE SLB TRAFFIC DSR SETTING DSR NORMAL AGE REVERSE SESSION REMOTE FAILOVER SERVERS FOR SWITCHBACK HEALTH CHECKS WITH SWITCHBACK SYN-DEFENSE WITH SWITCHBACK PLACING A SESSION IN TIMEOUT QUEUE SWITCHBACK CONFIGURATION EXAMPLE CONFIGURING SERVERIRON A CONFIGURING SERVERIRON B CONFIGURING THE LOOPBACK ADDRESS ON A REAL SERVER DISPLAYING SERVER INFORMATION DISPLAYING GLOBAL LAYER 4 SERVERIRON CONFIGURATION DISPLAYING REAL SERVER CONFIGURATION STATISTICS DISPLAYING VIRTUAL SERVERS CONFIGURATION STATISTICS DISPLAYING INFORMATION ABOUT VIRTUAL SERVER S BOUND PORTS DISPLAYING A LIST OF FAILED SERVERS DISPLAYING A LIST OF FAILED PORTS DISPLAYING PORT-BINDING INFORMATION DISPLAYING PACKET TRAFFIC STATISTICS DISPLAYING CONFIGURATION INFORMATION SHOW AGGREGATE HEALTH OF TRACKED PORTS AUTO REPEAT OF SHOW COMMAND OUTPUT DISPLAYING VIP OWNER IN HA SETUP CLEARING ALL SESSION TABLE ENTRIES CLEARING THE CONNECTIONS COUNTER SLB CONFIGURATION EXAMPLES WEB HOSTING WITH ONE VIRTUAL SERVER MAPPED TO MULTIPLE REAL SERVERS WEB HOSTING WITH MULTIPLE VIRTUAL SERVERS MAPPED TO ONE REAL SERVER MANY-TO-ONE TCP/UDP PORT BINDING CONFIGURATION RULES CONFIGURATION EXAMPLE WEB HOSTING WITH UNLIMITED VIRTUAL IP ADDRESSES SLB INTRANET CONFIGURATION WITH HTTP, TELNET HOSTING ACROSS MULTIPLE VIRTUAL SERVERS AND MULTIPLE REAL SERVERS April 7, Foundry Networks, Inc. vii

10 Server Load Balancing Guide TCP/UDP APPLICATION GROUPS WEB HOSTING WITH SERVERIRON AND REAL SERVERS IN DIFFERENT SUBNETS WEB HOSTING WITH GEOGRAPHICALLY-DISTRIBUTED SERVERS USING HTTP REDIRECT WITH GEOGRAPHICALLY-DISTRIBUTED SERVERS USING REVERSE PROXY SLB BASIC EXAMPLE E-COMMERCE EXAMPLE LOAD BALANCING STREAMING MEDIA FILES LAYER 3 SLB BASIC SLB WITH ONE VLAN AND ONE VIRTUAL ROUTING INTERFACE BASIC SLB WITH MULTIPLE SUBNETS AND MULTIPLE VIRTUAL ROUTING INTERFACES IPSEC AND VPN LOAD BALANCING CONFIGURING IPSEC AND VPN LOAD BALANCING CONFIGURATION EXAMPLE ACTIVE-ACTIVE INSIDE SOURCE NAT WITH SLB AND VRRPE SI A CONFIGURATION SI B CONFIGURATION SERVER OPT-ENABLE-ROUTE-RECALCULATION CHAPTER 4 STATELESS SERVER LOAD BALANCING STATELESS TCP/UDP PORTS HOW THE SERVERIRON SELECTS A REAL SERVER FOR A STATELESS PORT CONFIGURING A STATELESS APPLICATION PORT DISABLING THE STATELESS SLB HASHING ALGORITHM FOR UDP PORTS CONFIGURING A PORT TO BE BOTH STATELESS AND STATEFUL STATELESS HEALTH CHECKING CONFIGURING STATELESS HEALTH CHECKS CONFIGURING A STATELESS HEALTH CHECK GROUP SETTING A SERVERIRON S STATELESS HEALTH CHECK PRIORITY CHAPTER 5 HEALTH CHECKS HEALTH CHECKS OVERVIEW ENHANCED SERVER BRINGUP APPLICATION PORTS LAYER 3 HEALTH CHECKS ARP REQUEST IP PING LAYER 4 HEALTH CHECKS TCP UDP LAYER 7 HEALTH CHECKS DNS FTP HTTP (STATUS CODE) HTTP (CONTENT VERIFICATION) SCRIPTED (CONTENT VERIFICATION FOR UNKNOWN PORTS) viii 2007 Foundry Networks, Inc. April 7, 2008

11 IMAP LDAP MMS NNTP PNM POP RADIUS RTSP SMTP SSL (COMPLETE) SSL (SIMPLE) TELNET DISTRIBUTED HEALTH CHECKS HEALTH CHECKING FOR REAL SERVERS IN OTHER SUBNETS FASTCACHE SERVER AND APPLICATION PORT STATES SERVER STATES APPLICATION PORT STATES DISPLAYING REAL SERVER STATE INFORMATION DISPLAYING VIRTUAL SERVER STATE INFORMATION BEST PATH TO A REMOTE SERVER LAYER 3 HEALTH CHECK DISABLING LAYER 3 HEALTH CHECK MODIFYING THE PING INTERVAL AND PING RETRIES SETTING THE PERIODIC ARP INTERVAL SERVER PERIODIC-ARP ENHANCEMENT DISPLAYING DEBUGGING INFORMATION ABOUT PERIODIC ARPS LAYER 4 HEALTH CHECK DISABLING OR RE-ENABLING LAYER 4 HEALTH CHECK PERFORMING LAYER 4 UDP KEEPALIVE HEALTH CHECKS FOR THE DNS PORT HEALTH CHECKS FOR FIREWALL PATHS CHANGING THE MAXIMUM NUMBER OF LAYER 3 PATH HEALTH-CHECK RETRIES ENABLING LAYER 4 PATH HEALTH CHECKS FOR FWLB PORT PROFILES AND ATTRIBUTES CONFIGURING A PORT PROFILE ADDING A PORT AND SPECIFYING ITS TYPE CHANGING A PORT S KEEPALIVE PARAMETERS CONFIGURING PORT PROFILE ATTRIBUTES CHANGING A PORT S SESSION AGE DISPLAYING THE SESSION AGE OF A TCP PORT BASING A PORT S HEALTH ON THE HEALTH OF ANOTHER PORT BASING AN ALIAS PORT S HEALTH ON THE HEALTH OF ITS MASTER PORT OVERRIDING THE GLOBAL TCP OR UDP AGE ENABLING SESSION SYNCHRONIZATION CHANGING THE SMOOTH FACTOR ON AN APPLICATION PORT ENABLING RECURSIVE DNS HEALTH CHECKS REASSIGN THRESHOLD PREVENTING STATE FLAPPING ENABLING THE HEALTH CHECKING PROCEDURE IN RELEASES BEFORE SSL HEALTH CHECKS April 7, Foundry Networks, Inc. ix

12 Server Load Balancing Guide CONFIGURING SSL HEALTH CHECKS ERROR MESSAGES LAYER 7 HEALTH CHECKS ENABLING LAYER 7 HEALTH CHECK CHANGING HTTP KEEPALIVE METHOD, VALUE, AND STATUS CODES CONFIGURING HTTP CONTENT MATCHING LISTS DISPLAYING HTTP MATCH LISTS BINDING THE MATCHING LIST TO THE REAL SERVERS CONFIGURING SCRIPTED HEALTH CHECKS CONFIGURING A PORT PROFILE CONFIGURING A MATCHING LIST BINDING THE MATCHING LIST TO THE REAL SERVER USING A SCRIPTED HEALTH CHECK IN A HEALTH-CHECK POLICY CONFIGURING A HEALTH CHECK POLICY SCRIPTED HEALTHCHECK ENHANCEMENT ON REAL SERVERS BINARY SCRIPTED HEALTH CHECK SCRIPTED HEALTH CHECK FOR UDP PORTS OVERVIEW OF SCRIPTED HEALTH CHECK FOR UDP PORTS COMMAND LINE INTERFACE CONFIGURING SERVER PORT HEALTH CHECK POLICY CONFIGURING THE PORT POLICY BINDING THE POLICY CONFIGURING DNS HEALTH CHECK METHOD AND VALUES CONFIGURING RADIUS HEALTH CHECK VALUES CHANGING THE LDAP VERSION LAYER 7 HEALTH CHECK FOR AN UNKNOWN PORT CONFIGURING AN UNKNOWN TCP PORT TO USE LAYER 7 TCP HEALTH CHECKS CONFIGURING AN UNKNOWN UDP PORT TO USE A LAYER 7 HEALTH CHECK HEALTH CHECK OF MULTIPLE WEB SITES ON THE SAME REAL SERVER BOOLEAN HEALTH-CHECK POLICIES HEALTH-CHECK STATE HEALTH-CHECK POLICY CONFIGURING ELEMENT-ACTION EXPRESSIONS CONFIGURING A HEALTH-CHECK POLICY ATTACHING A HEALTH-CHECK POLICY TO AN APPLICATION PORT ON A SERVER GLOBALLY DISABLING ALL HEALTH-CHECK POLICIES DISPLAYING HEALTH CHECK POLICIES AND THEIR STATUS DISPLAYING HEALTH CHECK POLICY STATISTICS CLEARING HEALTH CHECK POLICY STATISTICS HEALTH CHECK POLICY FOR VIP PORT OVERVIEW OF HEALTH CHECK POLICY FOR VIP PORT COMMAND LINE INTERFACE MINIMUM HEALTHY REAL SERVERS UNDER VIP PORT OVERVIEW OF MINIMUM HEALTHY REAL SERVERS COMMAND LINE INTERFACE SERVER PORT BRING UP ENHANCEMENT OVERVIEW OF SERVER PORT BRINGUP COMMAND LINE INTERFACE x 2007 Foundry Networks, Inc. April 7, 2008

13 DISPLAYING SYSLOG ENTRIES SESSION TABLE PARAMETERS CONFIGURING THE MAXIMUM NUMBER OF ACTIVE SESSIONS CONFIGURING FAST SESSION AGING DISPLAYING INFORMATION ABOUT FAST AGING CLEARING STATISTICS COUNTERS FOR FAST SESSION AGING CLEARING STATISTICS COUNTERS FOR SESSIONS THAT AGED OUT RANDOMLY CONFIGURING TCP AGE CONFIGURING UDP AGE SETTING THE CLOCK SCALE SYSLOG FOR SESSION TABLE ENTRIES ENABLING TCP/UDP SESSION LOGGING SLOW-START MECHANISM OVERVIEW PORT SLOW-START MECHANISM DEFAULT PORT SLOW-START MECHANISM SETTING UP A USER-CONFIGURED PORT SLOW-START MECHANISM APPLYING A USER-CONFIGURED SLOW-START MECHANISM TO MULTIPLE PORTS GLOBALLY DISABLING OR RE-ENABLING THE SLOW-START MECHANISM LDAP OVER SSL CONFIGURING NON-BOOLEAN LDAP HEALTH CHECKS SCRIPTED HEALTH CHECK ENHANCEMENT FOR BOOLEAN ENHANCEMENT DESCRIPTION CONFIGURATION EXAMPLE DEBUGGING AND TROUBLESHOOTING FIN CLOSE FOR SERVER HEALTH CHECK CHAPTER 6 LAYER 7 SWITCHING SECTION 1: ADVANCED LAYER 7 SWITCHING FEATURES ENABLING CSW SPECIFYING SCAN DEPTH DEFINING CSW RULES CONFIGURING AN HTTP METHOD RULE CONFIGURING AN HTTP VERSION RULE URL RULES HTTP HEADER RULES XML TAG RULES CONFIGURING THE NESTED RULES DEFINING CSW POLICIES CREATING A POLICY CONFIGURING THE FORWARD ACTION CONFIGURING THE PERSIST ACTION CONFIGURING THE REPLY-ERROR ACTION CONFIGURING THE REDIRECT ACTION CONFIGURING THE LOG ACTION CONFIGURING THE CONTENT-REWRITE ACTION A UNDERSTANDING HTTP URL REWRITE B HTTP URL REWRITE FEATURES April 7, Foundry Networks, Inc. xi

14 Server Load Balancing Guide C CSW TOPOLOGY D. CONFIGURING HTTP URL REWRITE DA CONFIGURING HTTP URL REWRITE EXAMPLE DA.A.1 CREATE A POLICY WITH HTTP URL REWRITE D.A.A.2 CONFIGURE REAL AND VIRTUAL SERVERS D.A.A.3 ENABLE CONTENT SWITCHING D.A.A.4 HTTP URL REWRITE CONFIGURATION SUMMARY D.B CONFIGURING HTTP URL REWRITE ACTIONS D.B.1 CONFIGURING REWRITE REQUEST-DELETE D.B.2 CONFIGURING REWRITE REQUEST-INSERT D.B.3 CONFIGURING REWRITE REQUEST-REPLACE E HTTP URL REWRITE COMMAND REFERENCE REWRITE REQUEST-DELETE REWRITE REQUEST-INSERT REWRITE REQUEST-REPLACE F. EXPLANATION OF OFFSETS G. DISPLAYING THE STATISTICS FOR ALL HTTP CONTENT REWRITES USAGE GUIDELINES CASE-INSENSITIVE MATCH FOR CONTENT SWITCHING WILDCARDS IN CSW RULES FOR URL PREFIXES DISPLAYING CSW INFORMATION DISPLAYING HEADER INFORMATION DISPLAYING CSW RULE INFORMATION DISPLAYING CSW POLICY INFORMATION ENABLING HTTP REDIRECT HTTP STATUS CODES HTTP REWRITE ON SERVER RESPONSE HTTP RESPONSE-HEADER REWRITE CONFIGURING HTTP HEADER RESPONSE REWRITE STEP 1: CREATE A CSW RULE SPECIFYING THE HEADER RESPONSE CODES STEP 2: CREATE A CSW RULE SPECIFYING THE STRING TO BE MODIFIED STEP 3: CREATE A CSW POLICY STEP 4: BIND CSW-POLICY TO THE VIRTUAL-SERVER PORT HTTP RESPONSE-BODY REWRITE: CONFIGURING HTTP BODY RESPONSE REWRITE STEP 1: CREATE A CSW RULE IDENTIFYING REQUESTS WHOSE RESPONSES HAVE TO BE MODIFIED 6-38 STEP 2: CREATE A CSW RULE SPECIFYING THE STRING TO BE MODIFIED STEP 3: CREATE A CSW POLICY STEP 4: BIND CSW-POLICY TO THE VIRTUAL-SERVER PORT SPECIFY CONTENT-TYPE TO ENABLE THIS FEATURE (OPTIONAL) SHOW COMMANDS DEBUG COMMANDS CONFIGURATION EXAMPLE USING MULTIPLE COOKIES UNDER VIRTUAL SERVER PORT CONFIGURING MULTIPLE UNIQUE COOKIE INSERTION WITH COOKIE PATH CONFIGURE COOKIE INSERTION WHEN A PARTICULAR CSW RULE IS HIT CONFIGURE COOKIE INSERTION IN DEFAULT MODE (WHEN NO CSW RULE IS HIT) SPECIFICATIONS CONFIGURATION GUIDELINES EXAMPLE xii 2007 Foundry Networks, Inc. April 7, 2008

15 SERVER AND SERVER PORT PERSISTENCE WITH CSW NESTED RULES CONFIGURING SERVER AND SERVER PORT PERSISTENCE WITH CSW NESTED RULES CONFIGURING PERSIST ON THE NESTED RULE CONFIGURING PERSIST ON THE REAL PORT USAGE EXAMPLE SECTION 2: LEGACY LAYER 7 SWITCHING FEATURES LAYER 7 SWITCHING METHODS URL SWITCHING SETTING UP BASIC URL SWITCHING CONFIGURING THE URL SWITCHING POLICIES CONFIGURING THE REAL SERVERS SETTING UP THE VIRTUAL SERVER CONFIGURATION EXAMPLE: TWO WEB SITES USING ONE VIP DEFINING THE URL SWITCHING POLICIES SETTING UP THE VIRTUAL SERVER SAMPLE URLS DIRECTING HTTP REQUESTS TO SPECIFIC TCP PORTS DEFINING THE URL SWITCHING POLICIES CONFIGURING THE REAL SERVERS SETTING UP THE VIRTUAL SERVER PREFIX-SUFFIX MATCHING METHOD SYNTAX CHANGE FOR URL SWITCHING POLICIES DISPLAYING URL SWITCHING POLICY INFORMATION DISPLAYING URL SWITCHING POLICY INFORMATION SETTING UP COOKIE SWITCHING CONFIGURING THE REAL SERVERS ENABLING COOKIE SWITCHING ON A VIRTUAL SERVER CONFIGURING COOKIE INSERTION A CONFIGURING THE SERVER TO SEND A SET-COOKIE HEADER CONFIGURING THE SERVERS ENABLING COOKIE SWITCHING ON THE VIRTUAL SERVER ENABLING COOKIE INSERTION SETTING THE COOKIE DOMAIN SETTING THE COOKIE PATH SETTING THE COOKIE AGE ENABLING COOKIE DELETION ENABLING COOKIE DAMAGE ALLOCATING ADDITIONAL MEMORY TO COOKIE HANDLING DISPLAYING COOKIE STATISTICS AND INFORMATION SETTING UP CONCURRENT URL SWITCHING AND COOKIE SWITCHING CONFIGURING THE URL SWITCHING POLICIES PREFIX-SUFFIX MATCHING METHOD IN A URL SWITCHING POLICY SYNTAX CHANGE FOR URL SWITCHING POLICIES CONFIGURING SERVER GROUPS AND SERVER IDS CONFIGURING THE SERVER TO SET A COOKIE ENABLING CONCURRENT URL AND COOKIE SWITCHING ON THE VIRTUAL SERVER HTTP HEADER INSERTION INSERTING THE ORIGINAL SOURCE IP ADDRESS INTO HTTP REQUESTS CLIENT IP INSERTION IN USER CONFIGURABLE HEADERS HTTP HEADER HASHING April 7, Foundry Networks, Inc. xiii

16 Server Load Balancing Guide ENABLING COOKIE HASHING CLEARING COOKIE HASHING BUCKET ALLOCATIONS AND STATISTICS ENABLING SELECTIVE COOKIE HASHING ENABLING URL STRING HASHING ENABLING URL SEGMENT HASHING SETTING UP THE SERVER GROUPS ENABLING URL SEGMENT HASHING ON A VIRTUAL SERVER DISPLAYING HASH BUCKET ASSIGNMENTS AND THE NUMBER OF HITS SECTION 3: ADVANCED L7 AND LEGACY L7 "COMMON FEATURES" CHANGING THE MAXIMUM NUMBER OF CONCURRENT L7 SWITCHING CONNECTIONS DROPPING HTTP REQUESTS DROPPING THE REQUESTS AFTER EXCEEDING THE MAXIMUM NUMBER OF CONNECTIONS DROPPING THE REQUESTS WHEN SERVERS ARE UNAVAILABLE CLEANING UP ALL HASHING BUCKETS L7 CONTENT BUFFERING OPTIONS CHANGING THE TCP WINDOW SIZE PREVENTING THE SERVERIRON FROM SENDING AN ACK TO THE CLIENT DISPLAYING L7 SWITCHING STATISTICS HTTP STATUS CODES SECTION 4: HTTP 1.1 SUPPORT FOR ADVANCED AND LEGACY L7 SWITCHING DEFAULT SETTINGS PREVENTING THE SERVERIRON FROM DOWNGRADING THE HTTP VERSION TO HTTP 1.1 SUPPORT SUPPORT FOR PIPELINING REQUESTS SUPPORT FOR EXISTING LAYER 7 FEATURES ENABLING THE KEEPALIVE MODE ENABLING THE TCP OFFLOAD MODE CLEARING ALL KEEPALIVE CONNECTIONS DISPLAYING SESSION INFORMATION DISPLAYING MORE CHARACTERS FOR SERVER FIELD ON "SHOW SERVER ALL" COMMAND OUTPUT DISPLAYING TRANSACTIONS AND CONNECTIONS SETTING UP SSL SESSION ID SWITCHING CONFIGURATION EXAMPLE CONFIGURING THE REAL SERVERS FOR SSL CONFIGURING THE VIRTUAL SERVER FOR SSL SESSION ID SWITCHING ADJUSTING THE AGE TIMER ADJUSTING THE MAXIMUM NUMBER OF SESSION_ID-TO-REAL-SERVER ASSOCIATIONS CHAPTER 7 HIGH AVAILABILITY OVERVIEW OF HIGH AVAILABILITY HOT STANDBY SLB HOT STANDBY PROTOCOL OPERATIONS STANDARD HOT STANDBY VIP AND SERVERS IN DIFFERENT SUBNETS SOURCE-NAT IN HOT STANDBY SEAMLESS FAILOVER IN HOT STANDBY WHEN SOURCE-NAT ENABLED xiv 2007 Foundry Networks, Inc. April 7, 2008

17 CONFIGURING A BACKUP GROUP ID SETTING THE BACKUP TIMER ENABLING BACKUP PREFERENCE CONFIGURING A SERVERIRON TO REMAIN IN STANDBY STATE CONFIGURING THE FORWARDING OF SYNCHING MESSAGES REAL/VIRTUAL SERVER CONFIGURATION EXAMPLE SYMMETRIC SLB MINIMUM REQUIRED CONFIGURATION FAILOVER CONDITIONS ENABLING SESSION SYNCHRONIZATION ON A PORT SYMMETRIC SLB IN A IPSEC/IKE CONFIGURATION ACTIVE SERVERIRON STANDBY SERVERIRON CONFIGURING THE INTERVAL AND WAIT TIME FOR SSLB DISCOVERY PACKETS CONFIGURING DYNAMIC PRIORITY COMMANDS ON SERVERIRON A COMMANDS ON SERVERIRON B DISPLAYING DYNAMIC PRIORITY INFORMATION CONFIGURING DELAY REACTIVATION DISPLAYING SSLB INFORMATION VIP FAILOVER FOLLOWING A LINK FAILURE CONFIGURING VIP FAILOVER IN VRRP EXTENDED WITH SYMMETRIC SLB CONFIGURING VLAN OPTION FOR ACTIVE-ACTIVE LINKS ALLOWING PASS-THROUGH TRAFFIC TO A VIP FAST SESSION SYNCHRONIZATION WITH VRRP CONFIGURING THE OWNER CONFIGURING A BACKUP VRRP-E TRACK PORT INCREASE TRACKING TRUNK PORTS WITH VRRP-E CONFIGURING TRACKING TRUNK PORTS WITH VRRP-E SAMPLE CONFIGURATION SAMPLE CONFIGURATION SI-A SI-B SYM-ACTIVE SLB DIFFERENCE BETWEEN SYM-ACTIVE VS SYMMETRIC SLB MINIMUM REQUIRED CONFIGURATION LAYER 3 SYM-ACTIVE COMMANDS FOR ROUTER NI COMMANDS FOR SERVERIRON COMMANDS FOR ROUTER NI COMMANDS FOR SERVERIRON SYM-ACTIVE IN AN IPSEC/IKE LOAD BALANCING CONFIGURATION SERVERIRON A SERVERIRON B MULTIPLE HIGH AVAILABILITY SLB PAIRS IN THE SAME VLAN HOT STANDBY TOPOLOGY CONFIGURING A BACKUP-GROUP ID April 7, Foundry Networks, Inc. xv

18 Server Load Balancing Guide SYMMETRIC TOPOLOGY CONFIGURING A SYMMETRIC GROUP ID VRRP AND VRRPE ENABLING VRRP AND BINDING A VIP GROUP TO A VIRTUAL ROUTER ID xvi 2007 Foundry Networks, Inc. April 7, 2008

19 Chapter 1 About this Guide Introduction This guide describes the features of provides configuration procedures for Foundry ServerIron devices. This chapter contains the following information: Audience on page 1-1 Conventions on page 1-1 Related Documentation on page 1-2 How to Get Help on page 1-2 Audience This guide is intended for network engineers with a basic knowledge of switching, routing, and application traffic management. Conventions This guide uses the following typographical conventions to describe information: Italic Bold Bold Highlights the title of another publication or emphasizes a word or phrase. Indicates code that is entered exactly as shown. Indicates a command or keyword that can be entered exactly as is. NOTE: A note emphasizes an important fact or calls your attention to a dependency. WARNING: A warning calls your attention to a possible hazard that can cause injury or death. CAUTION: A caution calls your attention to a possible hazard that can damage equipment. April 7, 2008 Foundry Networks, Inc. 1-1

20 Server Load Balancing Guide Related Documentation For more information, refer to the following Foundry Networks ServerIron documentation: Release Notes for ServerIron Switch and Router Software TrafficWorks provides a list of new features and enhancements, upgrade procedures, and bug fixes. ServerIron TrafficWorks Graphical User Interface provides details on the graphical user interface for the ServerIron family of application delivery controllers. ServerIron TrafficWorks Server Load Balancing Guide describes basic Server Load Balancing configurations for the ServerIron product family. It covers the following features: Server Load Balancing, Stateless Server Load Balancing, Health Checks, Layer 7 Content Switching, and High Availability ServerIron TrafficWorks Advanced Server Load Balancing Guide discusses Advanced Server Load Balancing concepts for the ServerIron product family. It covers the following features: are SIP Server Load Balancing, Transparent Cache Switching, IDS Server Load Balancing, HTTP Compression, and Total Content Analysis ServerIron TrafficWorks Global Server Load Balancing Guide explains how one can achieve site level redundancy and data center site failure protection using Global Server Load Balancing feature of ServerIron ServerIron TrafficWorks Security Guide describes Security features of ServerIron product family. It covers the following features: are Secure Socket Layer (SSL) Acceleration, Web Application Firewall, Deep Packet Scan, Access Control List, and Network Address Translation ServerIron TrafficWorks Administration Guide discusses different administrative configurations for the ServerIron product family. ServerIron TrafficWorks Switching and Routing Guide describes switching and routing configurations on the ServerIron product family Foundry ServerIron Hardware Installation Guide provides the physical characteristics, power consumption, and performance capabilities of the ServerIron chassis switch families, and explains how to set up and install the switches and their modules. Foundry ServerIron Firewall Load Balancing Guide provides detailed feature descriptions, procedures, and application examples for Firewall Load Balancing. Foundry Management Information Base Reference presents the Simple Network Management Protocol (SNMP) Management Information Base (MIB) objects that are supported on Foundry devices. NOTE: For the latest edition of this document, which contains the most up-to-date information, see Product Manuals at kp.foundrynet.com. Reporting Documentation Errors If you find errors in this document, please report the error by going to kp.foundrynet.com. After you login in, click Cases > Create a New Ticket. Make sure you specify the document title in the ticket description. How to Get Help Foundry Networks technical support will ensure that the fast and easy access that you have come to expect from your Foundry Networks products will be maintained. Web Access Foundry Networks, Inc. April 7, 2008

21 About this Guide Access Technical requests can also be sent to the following address: Telephone Access TURBOCALL ( ) United States Outside the United States April 7, 2008 Foundry Networks, Inc. 1-3

22 Server Load Balancing Guide 1-4 Foundry Networks, Inc. April 7, 2008

23 Chapter 2 New Features and Enhancements This chapter lists new ServerIron features by release, and directs you to their descriptions in the documentation. This chapter contains information about the following releases: Software Dependencies for Hardware Platforms on page 2-1 Features and Enhancements for Release on page 2-2 Features and Enhancements for Release on page 2-4 Features and Enhancements for Release b on page 2-5 Features and Enhancements for Release a on page 2-6 Features and Enhancements for Release on page 2-7 Features and Enhancements for Release on page 2-8 Features and Enhancements for Release on page 2-10 Software Dependencies for Hardware Platforms The ServerIron WSM7 management module requires software release l or later. 3-slot chassis (GT-C series or SI 350) is supported from software release g onwards. ServerIron 4G series is supported from release a onwards. The software enhancements/features available on chassis based systems with release a are available on 4G family from software release onwards. April 7, Foundry Networks, Inc. 2-1

24 Server Load Balancing Guide Features and Enhancements for Release The following new features and enhancements are available with ServerIron software release : Enhanced Web Graphical User Interface ServerIron Release adds an enhanced Web Graphical User Interface (GUI) to configure and maintain real servers, virtual server servers, and content switching features. This feature is documented in the ServerIron TrafficWorks Graphical User Interface Guide. Role Based Management ServerIron Release allows users to create different administrative domains and enable user-based access privileges on ServerIron. This feature is documented in the Role Based Management chapter of the ServerIron TrafficWorks Administration Guide. Stateful UDP Based SIP Server Load Balancing ServerIron Release enhances the current SIP feature by making it stateful and by adding intelligence for handling varying caller-id situations. This feature is documented in the SIP chapter of the ServerIron TrafficWorks Advanced Server Load Balancing Guide. SIP Security ServerIron Release allows the ServerIron to identify incorrect SIP headers, undefined application ports, and non-supported SIP methods, and then logs and/or drops the appropriate packets. This feature is documented in the SIP chapter of the ServerIron TrafficWorks Advanced Server Load Balancing Guide. Source PAT for SSL Service Modules ServerIron Release enhances the existing functionality to use source ports instead of source IP address to properly identify SSL terminated response traffic and thereby eliminate the requirement of source- NAT with SSL service modules. This feature is documented in the SSL chapter of the ServerIron TrafficWorks Security Guide. Identifying VIP Port as TCP Only or UDP Only ServerIron Release allows ServerIron to explicitly identify an application port to be "TCP only" or "UDP only". This feature is documented in the SLB chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Prioritizing Management Traffic ServerIron Release enhances the ServerIron TrafficWorks software to give priority to management traffic, such as telnet and SSH, over other web traffic to facilitate uninterrupted access to the ServerIron switches even under heavy load conditions. This feature is documented in the Network Security chapter of the ServerIron TrafficWorks Security Guide. Health Check Policy for VIP Port ServerIron Release enhances the ServerIron TrafficWorks software to allow more granular health check definitions. This feature is documented in the Health Check chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Minimum Healthy Real Servers under VIP Port ServerIron Release enhances the ServerIron TrafficWorks software to allow the user to specify Foundry Networks, Inc. April 7, 2008

25 New Features and Enhancements "minimum number of healthy real servers" under virtual server definition. This feature is documented in the Health Check chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Server Port Bring Up Enhancement ServerIron Release allows the user to configure retries for bringup, so that ServerIron will bringup a port only after the configured number of retries have passed. This feature is documented in the Health Check chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Scripted Health Check for UDP Ports ServerIron Release enhances the TrafficWorks software to perform customizable scripted health checks for UDP protocol. This feature is documented in the Health Check chapter of the ServerIron TrafficWorks Server Load Balancing Guide. GSLB Domain-Level Affinity ServerIron Release enhances the TrafficWorks software to perform GSLB IP Affinity at Host Level. This feature is documented in the ServerIron TrafficWorks Global Server Load Balancing Guide. PBSLB Pool Failsafe Group ServerIron Release enhances the Policy Based Server Load Balancing (PBSLB) functionality and allows ServerIron to direct traffic away from a given server pool to a "default pool" in case all the servers in server pool become unavailable. This feature is documented in the SLB chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Increase Sticky-age per VIP longer than 60 minutes ServerIron Release allows ServerIron to specify longer sticky age values (up to 24 hours) per VIP port. This feature is documented in the SLB chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Support for RIP Timers ServerIron Release enhances the current functionality by providing support for RIP timers, such as update, aging, and garbage collection. This feature is documented in the Routing chapter of the ServerIron TrafficWorks Switching and Routing Guide. Increase SSL Certificate Count to 512 ServerIron Release increases the maximum number of SSL certificates that ServerIron supports. This feature is documented in the SSL chapter of the ServerIron TrafficWorks Security Guide. Per Server Based Real Server Backup ServerIron Release enhances the existing ServerIron functionality to allow backup server definition on a per server basis. This feature is documented in the SLB chapter of the ServerIron TrafficWorks Server Load Balancing Guide. April 7, Foundry Networks, Inc. 2-3

26 Server Load Balancing Guide Features and Enhancements for Release The following new features and enhancements are available with ServerIron software release : Policy Based Caching Enhancement This feature enhances policy based caching to allow configuration of a separate set of filters for each cachegroup. This feature is documented in the Transparent Cache Switching chapter of the ServerIron TrafficWorks Advanced Server Load Balancing Guide. Weighted Distribution of Sites with Hash-Based Persistence This feature allows the user to maintain persistence and to determine what percentage of the traffic goes to a particular domain IP address. This feature is documented in the ServerIron TrafficWorks Global Server Load Balancing Guide. GSLB Hash Based Site Persistence with Configurable Subnet Mask Length This feature allows specification of subnet mask while doing GSLB site persistence. The GSLB controller will take into account both source IP address and the subnet mask length before determining the site IP address. This feature is documented in the ServerIron TrafficWorks Global Server Load Balancing Guide. Track Group Health Check for Real Servers This feature allows tracking of multiple application ports under real server definition. If the health of one of the application ports fail, the aggregated health wii be marked as fail. This feature is documented in the SLB chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Binary Scripted Health Check This feature allows ServerIron to send binary data (carray format) after doing 3-way TCP handshake with the backend server. This feature is documented in the Health Checks chapter of the ServerIron TrafficWorks Server Load Balancing Guide. HTTP Rewrite on Server Response This feature allows ServerIron to do content rewrite on the server response packets for greater flexibility. The content rewrite engine engine allows rewrite on both http headers and http data. This feature is documented in the Layer 7 Switching chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Using Multiple Cookies Under Virtual Server Port This feature adds support for multiple cookies. Based on a URL or any content information contained in a HTTP request, this feature allows ServerIron to introduce client user agent a unique cookie with different attributes, such as domain, path, expiration time, etc. This feature is documented in the Layer 7 Switching chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Server and Server Port Persistence with CSW Nested Rules This feature is to be used with the persistence on the group or server id. This is useful when the customer has multiple ports configured on the same group or server, and wants to direct the request to the particular port instead of load balancing among all the ports. This feature is documented in the Layer 7 Switching chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Displaying More Characters for Server Field on "Show Server All" Command Output This enhancement provides user a configurable option to display long server names by masking other Foundry Networks, Inc. April 7, 2008

27 New Features and Enhancements columns such as "Next" column. This feature is documented in the Layer 7 Switching chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Features and Enhancements for Release b The following new features and enhancements are available with ServerIron software release b: DST Change Notice for Networks Using US Time Zones A new command is required. This feature is documented in the ServerIron TrafficWorks Administration Guide. Web Application Firewall This feature enables the ServerIron to analyze incoming client requests for violations in web security policy. This feature is documented in the Web Aplication Firewall chapter of the ServerIron TrafficWorks Security Guide. HTTP Compression This feature allows the ServerIron to compress HTTP response data to the clients if the client browser is capable of decompressing it. This feature is documented in the HTTP Compression chapter of the ServerIron TrafficWorks Advanced Server Load Balancing Guide. Dynamic Weighted Predictor This feature enables ServerIron to make load balancing decisions using real time server resource usage information, such as CPU utilization and memory consumption. This feature is documented in the Server Load Balancing chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Dynamic NAT for Real Servers Using Virtual Server Address This feature enhances dynamic NAT functionality by enabling the ServerIron to use virtual server address as dynamic NAT address for real servers. This feature is documented in the Server Load Balancing chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Deletion of UDP Data Session Along With TCP Control Session For RTSP This feature enables the ServerIron to track both control and data sessions for RTSP even if they are carried over separate transport layer protocols. This feature is documented in the Server Load Balancing chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Tracking Trunk Ports with VRRP-E This feature enables the ServerIron to track the failure of individual ports within trunk link and associate it with VRRP-E. This feature is documented in the High Availability chapter of the ServerIron TrafficWorks Server Load Balancing Guide. SSL Debug and Troubleshooting Commands This enhancement enables ServerIron to insert the client certificate or several fields from the client certificate into the HTTP header for backend communication with the real servers. This feature is documented in the SSL chapter of the ServerIron TrafficWorks Security Guide. April 7, Foundry Networks, Inc. 2-5

28 Server Load Balancing Guide Track Port and Track Group Support for SSL Terminated Traffic This release adds track-port and track-group support for SSL terminated traffic. This feature is documented in the SSL chapter of the ServerIron TrafficWorks Security Guide. Enhanced VIP Group Support This release helps grouping of several virtual server addresses and associating them with the VRRP-E tracking mechanism. This feature is documented in the High Availability chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Increase in the Size of PBSLB List (SPAM List) The SPAM mitigation feature supported up to 5 Million IP prefix entries. This release increases this capability for up to 7 Million entries. This feature is documented in the Server Load Balancing chapter of the ServerIron TrafficWorks Server Load Balancing Guide. SNMP MIB Enhancement for GSLB Site The release adds an SNMP MIB for show gslb site. This feature is documented in the Foundry MIB Guide. Features and Enhancements for Release a The following new features and enhancements are available with ServerIron software release a: SSL Support Secure Socket Layer (SSL) support is added in this realease. This feature is documented in the SSL chapter of the ServerIron TrafficWorks Server Load Balancing Guide. ServerIron 4G Series Two new stackable switches: ServerIron 4G and ServerIron 4G-SSL are added in this realease. This feature is documented in the ServerIron Hardware Install Guide. FIN close for server health check You now have the option to use FIN instead of RESET to close TCP connections. This feature is documented in the Health Check chapter of the ServerIron TrafficWorks Server Load Balancing Guide. SSHv2 support SSHv2 is now supported on ServerIron products This feature is documented in the the ServerIron TrafficWorks Administration Guide. Auto repeat of Show Command output You can now assign a repeat function to any show command for periodic informational displays. Auto Repeat of Show Command Output. This feature is documented in the SLB chapter of the ServerIron TrafficWorks Server Load Balancing Guide. Binding same real ports to multiple VIP ports You can now bind more than one VIP to the same application service on real servers that are listening on different ports. This feature is documented in the SLB chapter of the ServerIron TrafficWorks Server Load Balancing Guide Foundry Networks, Inc. April 7, 2008