Equalizer Installation and Administration Guide

Transcription

1 Equalizer Istallatio ad Admiistratio Guide Versio Jauary 2007 Coyote Poit Systems, Ic. 675 North First Street Suite 975 Sa Jose, Califoria 95112

2 Copyright Coyote Poit Systems, Ic. All Rights Reserved. Prited i the USA. Equalizer is a trademark of Coyote Poit Systems Icorporated. All other brad or product ames are trademarks or registered trademarks of their respective compaies or orgaizatios. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. See Appedix E for complete Licese ad Warraty iformatio for this product.

3 Cotets Preface... ix I This Guide... ix Typographical Covetios... x 1 Overview...1 Itroducig Equalizer...1 Overview of Equalizer...1 Itelliget Load Balacig...1 Load Balacig UDP Services...2 Maitaiig Persistet Sessios...3 Layer 7 Load Balacig ad Server Selectio...4 Geographic Load Balacig...5 Cofigurig the Equalizer Network...8 Equalizer s Network Ports...8 Usig Equalizer as a Gateway Betwee Networks...10 Usig Equalizer i a Sigle Network Eviromet...11 Usig a Secod Equalizer as a Backup Uit...12 Usig Reserved IP Addresses...14 Equalizer Cofiguratio Worksheets...16 Stadard Cofiguratio Worksheet...16 Special Cofiguratio Worksheet for Usig Reserved IP Addresses Istallig Equalizer...19 Before You Istall Equalizer...19 Steppig Through the Hardware Istallatio Cofigurig Equalizer Hardware...21 Settig Up a Termial or Termial Emulator for Equalizer...21 Serial Coectio...21 Performig Basic Equalizer Cofiguratio...22 Startig to Cofigure Equalizer...22 Equalizer Istallatio ad Admiistratio Guide iii

4 Cofigurig the Network Parameters...23 Committig Chages to the Cofiguratio Parameters...25 Settig the Time Zoe...26 Settig the Date ad Time...26 Chagig Equalizer s Cosole Password...26 Chagig the Admiistratio Iterface Password...26 Upgradig Equalizer Software...27 Shuttig Dow Equalizer...27 Maagig Remote Access to the Equalizer...27 Maagig the Remote Access Accout...27 Usig the Remote Access Accout...28 Cofigurig a Secod Equalizer As a Backup...29 Cofigurig Routig o Servers...29 Cofigurig DNS ad Firewalls for Geographic Load Balacig...29 Cofigurig the Authoritative Name Server to Query Evoy...30 Usig Geographic Load Balacig with Firewalled Networks...30 Testig Your Basic Cofiguratio Accessig Browser Cotrols...33 Itroducig the Equalizer Admiistratio Iterface...33 Accessig the Equalizer Admiistratio Iterface...33 Loggig I...33 Navigatig Through the Iterface Cofigurig Equalizer Operatio...39 Licesig Your Equalizer...39 Modifyig System Parameters...40 Settig Up a Failover Cofiguratio...43 Modifyig or Deletig a Failover Cofiguratio...47 Usig Failover with Differet Equalizer Models...47 Upgradig Failover Cofiguratios from Versios prior to Chagig the Network Mode betwee Sigle ad Dual...49 Troubleshootig Chages betwee Network Modes without Deletig Failover Cofiguratios First...49 Eablig Outboud NAT...49 iv Equalizer Istallatio ad Admiistratio Guide

5 Eablig Passive FTP Coectios...50 Maagig Stale Coectios...50 Eablig Sticky Network Aggregatio...51 Cofigurig Custom Evet Hadlig...53 Forwardig Equalizer Log Iformatio...53 Specifyig a Commad to Ru Whe a Particular Evet Occurs Cofigurig Notificatio Whe a Particular Evet Occurs Disablig Notificatio Whe a Particular Evet Occurs...55 Cofigurig Support for Exteded Characters...55 Chagig the Admiistratio Passwords...55 Savig or Restorig Your Cofiguratio...56 Savig Your Cofiguratio...56 Backig Up Your Cofiguratio...57 Restorig a Saved Cofiguratio...57 Shuttig Dow Equalizer...58 Rebootig Equalizer Admiisterig Virtual Clusters...59 Workig with Virtual Clusters...59 Addig a Virtual Cluster...60 Advaced Cluster Fields ad Flags...63 Deletig a Virtual Cluster...65 Cofigurig a Cluster s Load-Balacig Optios...65 Providig FTP Services o a Virtual Cluster...69 Cofigurig a Cluster to Use Server Agets...69 Eablig Persistet Sessios...70 Usig Active Cotet Verificatio (ACV)...72 Usig Secure Server Certificates for HTTPS Clusters...74 Usig Secure Cliet Certificates for HTTPS Clusters Maagig Servers...77 Addig a Server to a Cluster...77 Deletig a Server...79 Adjustig a Server s Static Weight...79 Shuttig Dow a Server Gracefully...81 Testig Virtual Cluster Cofiguratio...82 Equalizer Istallatio ad Admiistratio Guide v

6 7 Moitorig Equalizer Operatio...83 Displayig Equalizer Iformatio...83 Displayig the System Evet Log...85 SNMP for Equalizer...87 Settig Up the SNMP Aget...87 MIB Descriptio...89 Displayig the Virtual Cluster Summary...90 Displayig Cluster Iformatio...91 Plottig Cluster Performace History...92 Displayig Server Iformatio...94 Plottig Server Performace History...94 Displayig Geographic Cluster Parameters...96 Plottig Geographic Cluster Performace History...97 Displayig Site Iformatio...98 Plottig Site Performace History Match Rules Overview of Match Rules Geeral Match Expressios ad Match Bodies Match Expressios Match Bodies Match Rule Example Costructig Match Rules Viewig the Default Match Rule Defiig a Match Rule Modifyig a Match Rule Removig a Match Rule Match Fuctios Commo Match Fuctios HTTP Protocol ad Request URI Match Fuctios HTTP Header Matchig Fuctios HTTPS Specific Match Fuctios Admiisterig Geographic Clusters Geographic Load Balacig with Evoy vi Equalizer Istallatio ad Admiistratio Guide

7 Eablig ad Cofigurig Evoy Eablig Evoy Cofigurig the Authoritative Name Server to Query Evoy Usig Evoy with Firewalled Networks Workig with Geographic Clusters Addig a Geographic Cluster Cofigurig a Geographic Cluster s Load-Balacig Optios Deletig a Geographic Cluster Workig with Sites Addig a Site to a Geographic Cluster Adjustig a Site s Static Weight Deletig a Site from a Geographic Cluster Evoy Cofiguratio Worksheet A Usig Server Agets Itroducig Server Agets Custom Server Agets B Usig Reserved IP Addresses C Regular Expressio Format Terms Learig About Atoms Creatig a Bracket Expressio Matchig Expressios D Troubleshootig Equalizer Does t Boot Cliets Time Out While Tryig to Cotact a Virtual Cluster Backup Equalizer Cotiues to Boot Ca t View Equalizer Admiistratio Pages Equalizer Admiistratio Page Takes a Log Time to Display Equalizer Does t Respod to Pigs to the Admi Address Browser Hags Whe Tryig to Coect Via FTP to a FTP Cluster Retur Packets from the Server Are t Routig Correctly Equalizer Istallatio ad Admiistratio Guide vii

8 Web Server Caot Tell Whether Icomig Requests Origiate Exterally or Iterally E Licese ad Warraty F Additioal Requiremets Short-Circuit Protectio Power Supply Cord Istallatio ito a Equipmet Rack Chassis Warig Rack-Moutig ad Servicig Battery Specificatios Glossary Idex viii Equalizer Istallatio ad Admiistratio Guide

9 Preface The Equalizer Istallatio ad Admiistratio Guide is iteded for people who are istallig, cofigurig, or admiisterig a Equalizer system. I This Guide This guide cotais the followig chapters ad appedices: Chapter 1, Overview, cotais detailed descriptios of Equalizer cocepts ad termiology. This chapter icludes iformatio to help you pla your Equalizer cofiguratio. If you are settig up Equalizer for the first time, be sure to read the Overview chapter before attemptig to istall ad cofigure your system. Chapter 2, Istallig Equalizer, provides comprehesive istructios for istallig Equalizer. Chapter 3, Cofigurig Equalizer Hardware, istructs you i settig up Equalizer to work with your etworks ad servers. Chapter 4, Accessig Browser Cotrols, discusses how to use Equalizer s HTML-based admiistratio iterface to check the curret Equalizer status ad to chage settigs withi Equalizer. Chapter 5, Cofigurig Equalizer Operatio, provides iformatio o modifyig Equalizer s cofiguratio through the Equalizer Admiistratio Iterface, icludig settig up a failover cofiguratio. Chapter 6, Moitorig Equalizer Operatio, describes how to view iformatio, statistics, ad graphical displays about Equalizer s operatio. Chapter 7, Admiisterig Virtual Clusters, tells you how to add ad remove virtual clusters ad servers, chagig load balacig optios, ad shuttig dow servers. Chapter 8, Match Rules, shows you to create match rules that distribute requests based o a request s attributes. Chapter 9, Admiisterig Geographic Clusters, shows you how to use the Evoy add-i to add ad remove geographic clusters ad sites ad chage geographic load balacig ad targetig optios. Appedix A, Usig Server Agets, describes how to develop custom server agets. Appedix B, Usig Reserved IP Addresses, describes how to cofigure Equalizer to distribute requests to servers assiged IP addresses o reserved, o-routable etworks. Appedix C, Regular Expressio Format, discusses Equalizer s regular expressios, compoets, formats, ad usage. Appedix D, Mii SedMail, describes ad documets the mii_sedmail program ad its flags. Equalizer Istallatio ad Admiistratio Guide ix

10 Preface Appedix E, Troubleshootig, helps you to diagose Equalizer istallatio ad cofiguratio problems. Appedix F, Licese ad Warraty, cotais the complete Licese ad Warraty iformatio. Appedix G, Additioal Requiremets, lists additioal hardware related requiremets for Equalizer istallatios. The Glossary defies the techology-specific terms used throughout this book. Use the Idex to help fid specific iformatio i this guide. Typographical Covetios The followig typographical covetios appear throughout this guide: Italics idicates the itroductio of ew terms, is used to emphasize text, ad idicates variables. Boldface text highlights field, key, or butto ames i istructios. Courier text deotes commads, file ames, directory ames, keywords, ad sytax from text. 1. Numbered lists show steps that you must complete i the umbered order. Bulleted lists idetify items that you should verify or procedures you should use to resolve particular problems. Note Highlights importat iformatio ad special cosideratios. Cautio Wars whe a actio could result i loss of data or damage to your equipmet. Emphasizes iformatio critical to Equalizer operatio. x Equalizer Istallatio ad Admiistratio Guide

11 1 Overview Itroducig Equalizer This chapter provides a overview of Equalizer s features ad discusses some commo cofiguratios. Overview of Equalizer Equalizer is a high-performace cotet switch that features: Itelliget load balacig based o multiple, user-cofigurable criteria. Real-time server ad cluster performace moitorig. Server ad cluster admiistratio from a sigle iterface. Sessio persistece usig cookies or IP addresses Hot-backup cofiguratios (requires a secod Equalizer) featurig o sigle poit of failure. Layer 7 cotet-sesitive routig. Geographic load balacig (requires the optioal Evoy add-i). This documet describes the features ad capabilities of the Equalizer uits available at the time this documet was prepared. For a curret list of products ad their features, please visit Coyote Poit s website at ( Itelliget Load Balacig Equalizer fuctios as a gateway to oe or more sets of servers kow as virtual clusters. Whe a cliet submits a request to a site that Equalizer maages, Equalizer idetifies the virtual cluster for which the request is iteded, determies the server i the cluster that will be best able to hadle the request, ad forwards the request to that server for processig. To route the request, Equalizer modifies the header of the request packet ad forwards the modified packet to the selected server. Whe operatig i Layer 7 (L7), Equalizer ca evaluate ad, i some cases, modify the cotets of both the request ad respose headers. To determie the best server to route a request to, Equalizer uses itelliget load balacig algorithms that take ito accout the cofiguratio optios set for the cluster ad servers, real-time server status iformatio, L7 rules, ad iformatio from the request itself. Load Balacig Cofiguratio Whe you cofigure your virtual cluster, you ca select oe of the followig load-balacig algorithms to cotrol how Equalizer balaces the load across your servers: roud robi, static weight, adaptive, fastest respose, least coectios, or server aget. Equalizer Istallatio ad Admiistratio Guide 1

12 Chapter 1:Overview Whe you cofigure the servers i a virtual cluster, you assig a static weight betwee 20 ad 200 for each server. Whe you select oe of the adaptive load-balacig algorithms, Equalizer uses the servers static weights as a startig poit to determie the percetage of requests to route to each server. Each server hadles a percetage of the total load based o its fractio of the total weights i the server cluster. Equalizer dyamically adjusts server weights accordig to real-time coditios to esure that Equalizer routes requests to the server that is best able to respod. A server with a weight of zero (0) is cosidered dow or uavailable: Equalizer does ot route ew requests to servers i this state. Real-Time Server Status Iformatio Equalizer ca gather real-time iformatio about a server s status usig Server Agets ad Active Cotet Verificatio (ACV). You ca istall a server aget o each server to provide Equalizer with periodic performace statistics. This eables Equalizer to adjust the dyamic weights of the servers i a cluster accordig to their actual performace characteristics. If the server is overloaded ad you have eabled adaptive load balacig, Equalizer respods by reducig the server s dyamic weight so that the server receives fewer requests. Coyote Poit provides APIs useful for creatig these agets. For more iformatio see Usig Server Agets o page 125. Equalizer s active cotet verificatio (ACV) provides a way to check the validity of a server s respose usig most etwork services that support a text-based request/respose protocol, such as HTTP. Whe you eable ACV for a cluster, Equalizer requests data from each server i the cluster (usig a ACV Probe strig) ad verifies the retured data (agaist a ACV Respose strig). If Equalizer receives o respose or the respose strig is ot i the respose, the verificatio fails ad Equalizer stops routig ew requests to that server. (Note that you caot use ACV with UDP-based services.) For more iformatio, see Usig Active Cotet Verificatio (ACV) o page 72. Network Address Traslatio ad Spoofig Equalizer s Network Address Traslatio (NAT) subsystem distributes icomig Layer 4 or Layer 7 (with spoofig) cliet requests amog the available servers. The NAT subsystem records the existece of the request, selects the best available server, rewrites the TCP/UDP ad IP headers of the request packet, ad the forwards the traslated packet to the selected server. Because the servers are cofigured to use Equalizer to gateway all packets, Equalizer performs the reverse traslatio as the server respose packets leave the cluster. Whe IP spoofig is eabled, the servers see their cliet s actual IP address. However ay respose must be gatewayed through the Equalizer because cliets will oly recogize the Equalizer s address they did ot commuicate directly with the server. (For more iformatio about cofigurig spoofig see Addig a Virtual Cluster o page 60.) Whe Equalizer receives a icomig packet that is ot destied for a virtual cluster address, Equalizer passes the packet through ualtered. Similarly, whe Equalizer receives a outgoig packet that is ot a respose to a existig virtual cluster coectio, Equalizer passes the packet through to the exteral etwork. Load Balacig UDP Services You ca cofigure Equalizer virtual clusters to provide load balacig ad server failure detectio for may UDP (User Datagram Protocol) based services. UDP load balacig is ideal for stateless protocols such as DNS ad RADIUS, ca load-balace WAP (Wireless Applicatio Protocol) 2 Equalizer Istallatio ad Admiistratio Guide

13 Itroducig Equalizer gateways, ad ca eve load-balace certai types of NFS server cluster that provide a siglesystem image. Equalizer does ot support Active Cotet Verificatio for UDP clusters. Maitaiig Persistet Sessios The persistece of sessio data is importat whe the cliet ad server eed to refer to data previously geerated durig the same sessio. For example, a web-based shoppig cart applicatio may deped o persistet sessio iformatio betwee the cliet ad server; that is, the details i the shoppig cart potetially eed to persist across may idividual TCP coectios before the data is o loger eeded ad the trasactio is complete. Equalizer supports two mechaisms for maitaiig persistet sessios: cookie-based ad IP-address-based persistece. Cookie-Based Persistece Equalizer ca use cookie-based persistece for HTTP ad HTTPS clusters that support Layer 7 load balacig. I cookie-based persistece, Equalizer stuffs a cookie ito the server s respose header o its way back to the cliet. This cookie uiquely idetifies the server to which the cliet was just coected. The cliet icludes (seds) the cookie i subsequet requests to the Equalizer. Equalizer uses the iformatio i the cookie to route the requests back to the same server. Equalizer ca direct requests from a particular cliet to the same server, eve if the coectio is to a differet virtual cluster. For example, if a user switches from a HTTP cluster to a HTTPS cluster, the persistet cookie will still be valid if the HTTPS cluster cotais a server with the same IP address. If the server with which a cliet has a persistet sessio is uavailable, Equalizer automatically selects a differet server. The, the cliet must establish a ew sessio; Equalizer stuffs a ew cookie i the ext respose. IP-Address Based Persistece For geeric TCP ad UDP clusters that support Layer 4 load balacig, Equalizer supports IPaddress based persistet sessios. With the sticky coectios feature eabled, Equalizer idetifies cliets by their IP addresses whe they coect to a cluster. Equalizer routes requests received from a particular cliet durig a specified period of time to the same server i the cluster. A sticky timer measures the amout of time that has passed sice there was a coectio from a particular IP address to a specific cluster. The sticky time period begis to expire as soo as there are o loger ay active coectios betwee the cliet ad the selected cluster. Equalizer resets the timer wheever a ew coectio occurs. If the cliet does ot establish ay ew coectios to the same cluster, the timer cotiues to ru util the sticky time period expires. At expiratio, Equalizer hadles ay ew coectio from that cliet like ay other icomig coectio ad routes to a available server based o the selected load-balacig criteria. To correctly hadle sticky coectios from ISPs that use multiple proxy servers to direct user coectios, Equalizer supports sticky etwork aggregatio with which oly the etwork portio of a cliet's IP address maitais a sticky coectio. Sticky etwork aggregatio directs the user to the same server o matter which proxy he or she coects through. You ca also cofigure Equalizer to esure that it directs requests from a particular cliet to the same server eve if the icomig coectio is to a differet virtual cluster. Whe you eable itercluster stickiess for a cluster, Equalizer checks the cluster for a sticky record as it receives each coectio request, just like it does for ordiary sticky coectios. If Equalizer does ot fid a Equalizer Istallatio ad Admiistratio Guide 3

14 Chapter 1:Overview sticky record, Equalizer proceeds to check all of the other clusters that have the same IP address. If Equalizer still does ot fid a sticky record, it coects the user based o the icomig request. Layer 7 Load Balacig ad Server Selectio Equalizer s support for Layer 7 cotet-sesitive load balacig (ot available for the E250si) eables admiistrators to defie rules for routig HTTP ad HTTPS requests, depedig o the cotet of the request. Layer 7 load balacig routes requests based o iformatio from the applicatio layer. This provides access to the actual data payloads of the TCP/UDP packets exchaged betwee a cliet ad server. For example, by examiig the payloads, a program ca base load-balacig decisios for HTTP requests o iformatio i cliet request headers ad methods, server respose headers, ad page data. Equalizer s Layer 7 load balacig allows admiistrators to defie rules i the admiistratio iterface for routig HTTP ad HTTPS requests accordig to the request cotet. These rules are called match rules. For example, you ca use Layer 7 rules to specify routig prefereces such as, sed all requests for graphics files to servers A, B ad E sed all requests for Perl scripts to servers C ad D sed all other requests to server Z This eables admiistrators to create extremely flexible cluster cofiguratios. Admiistrators ca use Layer 7 techology to implemet cliet-server persistece based o HTTP cookies. For HTTP requests, Layer 7 load balacig ca make decisios based o the followig: HTTP protocol versio Host ame Pathame of the request Fileame of the request Patter matches agaist arbitrary HTTP request headers Go to Match Fuctios o page 108 for a complete list of match fuctios. For HTTPS requests, load balacig decisios ca be based o the SSL protocol level the cliet uses to coect. 4 Equalizer Istallatio ad Admiistratio Guide

15 Itroducig Equalizer Geographic Load Balacig The optioal Evoy add-o supports geographic load balacig, which eables requests to be automatically distributed across Equalizer sites i differet physical locatios. A Equalizer site is a cluster of servers uder a sigle Equalizer s cotrol. A geographic cluster is a collectio of sites that provide a commo service, such as Web sites. The various sites i a geographic cluster ca be hudreds or eve thousads of miles apart. For example, a geographic cluster might cotai two sites, oe i the easter U.S. ad oe o the U.S. s west coast (Figure 1). Geographic load balacig ca dramatically improve reliability by esurig that your service remais available eve if a site-wide failure occurs. Equalizer ca also improve performace by routig requests to the locatio with the least etwork latecy. Evoy Site A Evoy Site B Iteret Figure 1 Geographic cluster with two sites Geographic Load Balacig Routig Evoy routes each icomig request to the site best able to hadle it. If a site is uavailable or overloaded, Evoy routes requests to the other sites i the geographic cluster. Whe you eable geographic load balacig, Evoy directs icomig cliet requests to oe of the sites i the geographic cluster based o the followig criteria: Availability: If a site is uavailable due to etwork outage, server failure, or ay other reaso, Equalizer stops directig requests to that site. Performace: Evoy tracks the load ad performace at each site ad uses this iformatio to determie the site that ca process the request most efficietly. Distace: Evoy otes the site that is closest to the cliet (i etwork terms) ad offers the least etwork latecy. Distributig the Geographic Load Evoy uses the Domai Name System (DNS) protocol 1 to perform its geographic load distributio. DNS traslates fully-qualified domai ames such as ito the IP addresses that idetify hosts o the Iteret. Evoy cofigures the authoritative ame server for the domai to query the Equalizers i the geographic cluster to resolve the domai ame. Whe Evoy receives a resolutio request, it uses the load-balacig algorithms cofigured for the geographic 1. For more iformatio about DNS, see Paul Albitz ad Cricket Liu, DNS ad BIND, 3rd ed. (OʹReilly & Associates, 1998). Equalizer Istallatio ad Admiistratio Guide 5

16 Chapter 1:Overview cluster to determie the site that is best able to process the request ad the returs the address of the selected site. For example, the geographic cluster might have three sites (see Figure 2): oe o the east coast of the U.S., oe o the west coast of the U.S., ad oe i Europe. The servers at each site are coected to a Equalizer with the Evoy add-o istalled. Evoy Site C (Europe) Iteret Evoy Site B (West Coast USA) Evoy Site A (East Coast USA) Figure 2 Three site geographic cluster cofiguratio Whe a cliet i Califoria attempts to coect to coyotepoit.com: 1. The cliet queries the its local ame server to resolve the domai ame (see Figure 3). Cliet s Local DNS Cliet (Califoria, USA) Evoy Site C (Europe) Iteret Evoy Site B (West Coast USA) Authoritative DNS for coyotepoit.com Evoy Site A (East Coast USA) Figure 3 Cliet queries its local DNS for coyotepoit.com 6 Equalizer Istallatio ad Admiistratio Guide

17 Itroducig Equalizer 2. The local ame server queries the authoritative ame server for coyotepoit.com (see Figure 4). Cliet s Local DNS Cliet (Califoria, USA) Evoy Site C (Europe) Iteret Evoy Site B (West Coast USA) Authoritative DNS for coyotepoit.com Evoy Site A (East Coast USA) Figure 4 Cliet s local DNS queries the authoritative ame server for coyotepoit.com 3. The authoritative ame server provides a list of Evoy-eabled Equalizers ad returs this list to the cliet s local DNS (see Figure 5). Cliet s Local DNS Cliet (Califoria, USA) Evoy Site C (Europe) Iteret Evoy Site B (West Coast USA) Authoritative DNS for coyotepoit.com Evoy Site A (East Coast USA) Figure 5 The authoritative ame server for coyotepoit.com returs a list of delegates Equalizer Istallatio ad Admiistratio Guide 7

18 Chapter 1:Overview 4. The cliet s DNS selects oe of the Equalizers i the list ad queries it. If the queried site does t respod, the cliet tries each of the other sites. 5. Evoy returs the IP Address of the virtual cluster best able to hadle the cliet s request. For more iformatio o geographic load balacig usig Evoy, see Admiisterig Geographic Clusters o page 113. Cofigurig the Equalizer Network Equalizer is a versatile traffic maagemet solutio. It works i a sigle or dual etwork mode. If you have a secod uit, you ca use it as a hot-backup uit. Equalizer also works with servers placed o a reserved, o-routable etwork ad allows for IP address aliasig. You ca use Equalizer i a umber of cofiguratios. Before you istall Equalizer, you eed to determie where it will fit ito your etwork ad how you will cofigure it. This sectio describes some cofiguratio choices. The followig sectio provides a worksheet to help you pla your cofiguratio. Equalizer s Network Ports All Equalizers have two types of etwork ports: exteral ad server. The exteral port is always a sigle port labeled Exteral or Ext. The server ports are labeled It o dual-port models or labeled with umbers o switch-based models. Depedig o the Equalizer switch-based model, there may be four or more of these ports. Serial Port Exteral Port Server Ports Figure 6 Equalizer E350si Equalizer s Exteral Port The exteral port is coected to the etwork to which the cliet machies ad possibly the Iteret or a Itraet are coected. This exteral etwork receives the cliet request packets that Equalizer distributes across the available servers. Equalizer also uses the exteral etwork to trasmit 8 Equalizer Istallatio ad Admiistratio Guide

19 Cofigurig the Equalizer Network respose packets to cliets. This port is oly used for dual etwork (exteral ad iteral) cofiguratios ad sigle etwork cofiguratios o dual-port models. It is ot used for sigle etwork cofiguratios o multi-server port models, see Usig Equalizer i a Sigle Network Eviromet o page 11 for more iformatio. Hosts or routers o the exteral etwork ca have routes to the iteral etwork that are gatewayed through Equalizer's exteral address. Equalizer s exteral address is also its admiistratio address, the IP address used to coect to Equalizer s browser-based admiistratio iterface. Note Whe usig dual-port Equalizers i sigle etwork mode, use the exteral port to coect to the etwork to which the cliet machies, Itraet, or Iteret are coected. Equalizer s Server Port Servers that process the icomig requests coect to the server ports: either directly or through a etwork device such as a switch. These physical servers provide services o specific IP addresses ad ports ad are orgaized ito clusters. Equalizer's load-balacig subsystem traslates cliet request packets ad the forwards them to the selected server. Whe a server machie seds a respose packet back to a cliet, Equalizer processes it ad forwards it to the appropriate cliet across the exteral etwork. Whe usig Equalizer with NAT i layer 4 or spoofig i layer 7, you must cofigure the servers routig tables so that Equalizer is the gateway for ay outboud packets that leave the iteral etwork. If the servers do ot use Equalizer s iteral address as the gateway whe they sed resposes to cliets, the reply packets will ot be traslated o their way to the cliet, causig the cliets to reject the reply packets because they do ot belog to a established coectio. (From the cliet side, it would look like the server was ot respodig.) If you are usig Equalizer without spoofig, you do ot eed to use Equalizer as a gateway. Whe usig Equalizer i sigle etwork mode, the cliet machies, Itraet, or Iteret must coect to oe of the server ports. I this istace oe of the server ports is the exteral port. Equalizer Istallatio ad Admiistratio Guide 9

20 Chapter 1:Overview Usig Equalizer as a Gateway Betwee Networks The most commo Equalizer cofiguratio is to have Equalizer fuctio as the gateway betwee two separate etworks the iteral etwork where the servers reside ad the exteral etwork o which cliets ad the Iteret or a Itraet reside. Figure 7 shows this cofiguratio i detail. Iteret Exteral Network Router/Firewall To Router (Exteral Iterface) Equalizer To Servers Iteral Network Servers Figure 7 Sample two etwork cofiguratio 10 Equalizer Istallatio ad Admiistratio Guide

21 Cofigurig the Equalizer Network Usig Equalizer i a Sigle Network Eviromet If you do ot wat to split your etwork ito iteral ad exteral etworks, you ca cofigure Equalizer to use a sigle-etwork mode, effectively placig both the cliets ad servers o the same etwork. Figure 8 o page 11 shows this cofiguratio i detail. Certai protocols that use dyamic port mappig or multiple TCP/UDP ports work best i a sigle etwork eviromet. For example, use a sigle etwork cofiguratio if you eed your servers o your iteral etwork to commuicate with a Widows file server or a machie ruig pcaywhere. You implemet sigle-etwork cofiguratios differetly depedig o the Equalizer model. For switch-based Equalizer models, coect oe of Equalizer's server ports to the etwork ad do ot use the exteral port. Servers coect to the other server ports as usual. You must cofigure servers, which must have valid etwork addresses o the exteral etwork, to use Equalizer's iteral address as the gateway for outboud packets. You do ot cofigure a IP address o the exteral port whe usig a sigle etwork cofiguratio. Cliet Iteret Router Widows File Server Equalizer To Router Exteral Iterface ot used i sigle etwork cofiguratio Servers loadbalaced by Equalizer Figure 8 Sample sigle etwork cofiguratio for a switch based Equalizer For dual-port Equalizer models, the reverse is true. You leave the server (INT) port discoected ad coect the exteral (EXT) port to a switch that maitais the coectios to the servers ad to the exteral etwork. Equalizer Istallatio ad Admiistratio Guide 11

22 Chapter 1:Overview Most operatig systems allow you to specify a host route (gateway) for packets destied for specific hosts. If you wat your virtual clusters to accept coectios from cliets o the same etwork as the servers, you must cofigure the servers to route packets destied for these cliets through Equalizer. The cliets o the local etwork must also be cofigured to use the Equalizer as their gateway; cliets that do ot have such routes cofigured coect to the server s IP address directly ad ot through a virtual cluster (that is, they are ot routed through Equalizer). Usig a Secod Equalizer as a Backup Uit You ca cofigure a secod Equalizer as a backup uit that will take over i case of failure. This is kow as a hot-backup cofiguratio. The two Equalizers are sibligs (or peers), the primary uit ad the backup uit. If the primary Equalizer stops fuctioig, the backup uit adopts the primary uit s IP addresses (clusters) ad begis servicig coectios. I a failover cofiguratio, the servers i a virtual cluster use a separate failover alias as their default gateway, rather tha the IP address of the cluster or exteral port o a particular Equalizer. The failover alias migrates betwee the primary ad backup uit as eeded, automatically esurig that the servers have a valid gateway i the evet of a failure. I a hot-backup cofiguratio, both the primary ad backup Equalizers are coected to the same etworks; the backup uit s cluster ad exteral ports must be coected to the same hubs or switches to which the primary Equalizer s ports are coected. Figure 9 o page 13 shows a sample failover cofiguratio. 12 Equalizer Istallatio ad Admiistratio Guide

23 Cofigurig the Equalizer Network Iteret Router Router Switch Switch Equalizer (Primary) Equalizers coected through server iterface Equalizer (Backup) Servers that hadle website B Servers that hadle website A Figure 9 Sample failover cofiguratio I the sample failover cofiguratio, the is o sigle poit of failure. If a router goes dow, the other router takes over or if a lik fails, requests are routed through aother lik. Equalizer Istallatio ad Admiistratio Guide 13

24 Chapter 1:Overview Figure 10 shows a sample of the cablig of the Equalizers show i Figure 9. To Switch (Exteral Iterface) To Switch (Exteral Iterface) To Servers (Server Iterface) For Failover To Servers (Server Iterface) Figure 10 Cablig example from the sample failover cofiguratio The backup-uit Equalizer moitors all traffic to ad from the primary uit; both Equalizers periodically exchage status messages over the local area etwork. The siblig Equalizers also exchage curret cofiguratio iformatio. Whe you update the cofiguratio o either machie, the cofiguratio o its siblig is automatically updated. Should either Equalizer fail to respod to a status message probe, the survivor begis a diagostic cycle ad attempts to cotact its siblig via the other etwork ports. If these attempts fail, the siblig is cosidered to be dow. Whe the backup Equalizer determies that its siblig is dow, it iitiates a failover process: 1. The backup Equalizer cofigures the virtual cluster aliases o the exteral port ad seds out gratuitous ARP packets that istruct ay exteral-etwork routers to replace ARP table etries that poit to the physical address of the failed Equalizer with the physical address of the backup uit. 2. The backup Equalizer cofigures a failover gateway alias o the port that is local to the servers. With o backup cofiguratio, the servers use the IP address of the cluster or exteral port as their default gateway. I a hot-backup eviromet, the gateway address ca migrate betwee the primary ad backup uit. This requires a additioal address. 3. The Equalizer kerel chages from BACKUP mode to PRIMARY mode. The PRIMARY-mode Equalizer performs gateway routig of packets betwee its cluster ad exteral ports, address traslatio, ad load balacig. Whe a failed uit is brought back olie, it begis to exchage status messages with its siblig. Oce both Equalizers have sychroized, the ewly-started uit assumes the backup role. Usig Reserved IP Addresses I eviromets i which coservig IP addresses is importat, usig reserved IP addresses ca miimize the umber of real IP addresses eeded. Equalizer supports placig servers o reserved, o-routable etworks such as the class A etwork ad the class C etwork Equalizer Istallatio ad Admiistratio Guide

25 Cofigurig the Equalizer Network For example, a ISP hostig several hudred uique web sites replicated o three servers might ot wat to assig real IP addresses for all of them because each virtual cluster would cosume four addresses: three o the back-ed servers ad oe for the virtual cluster. I this case, the ISP might use (the ow-defuct Arpaet) as the iteral etwork ad assig virtual server addresses out of this etwork for the servers. Figure 11 shows a reserved etwork cofiguratio i detail. Iteret Router ( ) Name Server Exteral Network Equalizer Exteral Address ( ) Iteral Address ( ) Iteral Network ( ) Servers Figure 11 Reserved iteral etwork cofiguratio If servers placed o a o-routable etwork eed to commuicate with hosts o the Iteret for ay reaso (such as performig DNS resolutio or sedig ), you eed to cofigure Equalizer to perform outboud NAT. Whe you eable outboud NAT, Equalizer traslates coectios origiatig from the servers o the reserved etwork so that exteral hosts will ot see packets origiatig from o-routable addresses. If you use a failover cofiguratio, you must eable Equalizer Istallatio ad Admiistratio Guide 15

26 Chapter 1:Overview outboud NAT o both Equalizers. For more iformatio, see Settig Up a Failover Cofiguratio o page 43. Note Due to the additioal overhead itroduced by eablig outboud NAT, use reserved iteral etworks with cautio. Equalizer Cofiguratio Worksheets This sectio icludes two cofiguratio worksheets: use the Stadard Cofiguratio Worksheet, below, to prepare to istall ad cofigure Equalizer use the Special Cofiguratio Worksheet for Usig Reserved IP Addresses o page 18 oly if you pla to use reserved IP addresses (rather tha real IP addresses) whe you set up Equalizer Stadard Cofiguratio Worksheet Before you istall ad cofigure Equalizer, write dow the aswers to all the followig questios: 1. What is your physical etwork layout? Will all your servers, Equalizer, ad your Iteret router reside o a sigle etwork? Or will you use a two-etwork cofiguratio ad split your etwork ito multiple subets? If you use two-etwork cofiguratio, Equalizer will fuctio as the gateway betwee them ad must be coected to both. If you do t have a subet or separate etwork available to devote to Equalizer s iteral etwork, you ca use a sigle-etwork topology. For iformatio about usig Equalizer with a sigle etwork, refer to Usig Equalizer i a Sigle Network Eviromet o page Which etwork will be used as the exteral etwork? Equalizer s exteral port is coected to this etwork, which is coected to the Iteret. Example 1: Sigle Network For the class C etwork with a default etmask of , the exteral etwork would be (See Figure 8 o page 11.) Example 2: Two Class C Networks If you use two class C etworks, ad , ad choose the first as the exteral etwork, the exteral etwork would be , with a etmask of (for example) (See Figure 7 o page 10.) 3. What is Equalizer s address o the exteral etwork? You ca assig ay suitable IP address o your exteral etwork as Equalizer s exteral ad admiistratio address. To admiister Equalizer, eter this address i your browser s URL field. Example 1: Sigle Network Equalizer Admiistratio Address: (See Figure 8 o page 11.) Example 2: Two Class C Networks 16 Equalizer Istallatio ad Admiistratio Guide

27 Equalizer Cofiguratio Worksheets Equalizer Admiistratio Address: (See Figure 7 o page 10.) 4. What etwork will be used as the iteral etwork? This is the etwork o which the physical servers will reside. If you use separate exteral ad iteral etworks, the iteral etwork is coected to Equalizer s server port. You should cofigure routers withi your site s etwork (the exteral etwork) to use Equalizer s exteral port as the gateway to the iteral etwork. Example 1: Sigle Network - Switch-based Equalizer (more tha two ports) Exteral port (labeled Ext): Not Used. (See Figure 8 o page 11.) Example 2: Sigle Network - Dual-port Equalizer Server port (labeled It): Not Used. (See Figure 8 o page 11.) 5. What is Equalizer's address o the iteral etwork? Typically, assig the lowest umbered address o the iteral etwork as Equalizer s address. Cofigure the back-ed servers to use this address as their default gateway. Example 1: Sigle Network Equalizer Iteral Network Address: Not applicable. (See Figure 8 o page 11.) Example 2: Two Class C Networks Equalizer Iteral Network Address: (See Figure 7 o page 10.) 6. How may physical server machies will you be cofigurig? What are their IP addresses o the iteral etwork? If you pla to use IP aliases o the server hosts (virtual hostig), decide the addresses that will be cofigured o each of the server machies. All server IP addresses ad aliases must be uique; you ca cofigure a particular server IP address or alias for oly oe server machie. 7. What virtual cluster addresses will you be cofigurig? Choose the IP addresses, protocols, ad ports you will assig to the virtual clusters you create usig Equalizer. These are the addresses o the exteral etwork that will be visible to cliets. For example, :HTTP is a virtual cluster o port 80, ad :FTP is a virtual cluster o port What is the address of your iteret router o the exteral etwork? Equalizer uses this gateway whe trasmittig packets to hosts that are ot o the iteral etwork. 9. What is the IP address of the ame server that Equalizer will use? If you cofigure a ame server, Equalizer displays virtual cluster ad server addresses by ame rather tha by IP address. If o ame server is available, set the ame server address to Where are your Name Servers? If you cofigure Equalizer to use Evoy, determie the DNS servers i your orgaizatio that you eed to cofigure to refer fully qualified domai lookups to your Equalizer machie(s). Equalizer Istallatio ad Admiistratio Guide 17

28 Chapter 1:Overview Special Cofiguratio Worksheet for Usig Reserved IP Addresses Equalizer supports placig servers o reserved, o-routable etworks such as the class A etwork ad the class C etwork I eviromets i which coservatio of IP addresses is importat, usig reserved IP addresses ca miimize the umber of real IP addresses eeded. However, due to the additioal overhead itroduced by eablig outboud NAT, approach usig reserved iteral addresses with cautio. For more iformatio about usig reserved IP addresses, see Appedix B. Before you istall ad cofigure Equalizer usig reserved IP addresses, write dow the aswers to both of the followig questios: 1. What is the reserved etwork to be used for the iteral etwork? Equalizer uses this set of addresses to forward coectios to the HTTP daemos ruig o the servers. Example: (etmask ) or (etmask ) 2. What is Equalizer's address o the iteral etwork? This is the address that the servers will use as their default gateway. This address must be o the reserved etwork (see above). Usually, the lowest address i the rage is used for Equalizer. Example: or Equalizer Istallatio ad Admiistratio Guide

29 2 Istallig Equalizer Before You Istall Equalizer The first step i settig up Equalizer is to coect it to the local area etwork ad a power source. Oce you have istalled Equalizer, you eed to cofigure it as described i Chapter 3, Cofigurig Equalizer Hardware. Please review the warigs located i Appedix F, Additioal Requiremets, o page 141 for precautios you must take before istallig your Equalizer hardware. Steppig Through the Hardware Istallatio To istall Equalizer, follow these steps: 1. Carefully remove the Equalizer rack-mout eclosure ad cables from the shippig cotaier. (Save the origial packagig i case you eed to ship the Equalizer for ay reaso, such as sedig it i for warraty service. The Equalizer chassis does ot cotai ay parts that you ca service. If you ope the chassis or attempt to make repairs, you may void your warraty. See Appedix E, Licese ad Warraty, o page 137.) 2. Place the Equalizer i its iteded positio i a EIA equipmet rack or o a flat surface. Please see Appedix F, Additioal Requiremets, o page 141, for a list of evirometal limits ad power requiremets for your Equalizer. 3. Usig the supplied serial cable, coect a serial termial or a workstatio ruig termial emulator software to the serial port o the frot pael of the Equalizer (see Figure 6 o page 8). 4. Coect Equalizer to the etwork with a quality category 5 etwork cable: a. To use Equalizer as a itermediary betwee a exteral ad iteral etwork, coect Equalizer to the exteral etwork usig the RJ-45 etwork coector marked Ext ad coect Equalizer to the iteral etwork usig oe or more of the umbered iteral etwork coectors. b. For a sigle-etwork topology with a switch-based Equalizer (more tha two ports), coect Equalizer to the exteral etwork usig oe of the umbered RJ-45 etwork coectors o the frot pael of the Equalizer ad coect Equalizer to the iteral etwork usig oe or more of the other umbered etwork coectors. c. For a sigle-etwork topology with a dual-port Equalizer, coect Equalizer usig the RJ-45 etwork coectors labeled Ext o the frot pael of the Equalizer to a switch coected to both the exteral etwork ad the iteral etwork. 5. Coect Equalizer to a appropriate power source usig the supplied power cord, which plugs ito the 3-pi coector o the rear of the Equalizer eclosure. This system uses a autosesig power supply that ca operate at 50Hz or 60Hz, VAC iput. 6. Tur o the power usig the switch o the rear pael. Equalizer Istallatio ad Admiistratio Guide 19

30 Chapter 2:Istallig Equalizer Oce you have istalled ad started Equalizer, follow the directios i Chapter 3, Cofigurig Equalizer Hardware to cofigure the hardware for your etwork. 20 Equalizer Istallatio ad Admiistratio Guide

31 3 Cofigurig Equalizer Hardware After you istall the Equalizer hardware as show i Chapter 2, Istallig Equalizer, use the procedures i this chapter to perform basic hardware ad etwork cofiguratio. This chapter cotais: Settig Up a Termial or Termial Emulator for Equalizer o page 21 Performig Basic Equalizer Cofiguratio o page 22 Maagig Remote Access to the Equalizer o page 27 Cofigurig DNS ad Firewalls for Geographic Load Balacig o page 29 Cofigurig Routig o Servers o page 29 Cofigurig a Secod Equalizer As a Backup o page 29 Testig Your Basic Cofiguratio o page 30 Settig Up a Termial or Termial Emulator for Equalizer After the istallatio of the Equalizer hardware, you eed to use a termial or termial emulator to complete the hardware cofiguratio. Serial Coectio This is the required coectio to use for the iitial cofiguratio of the Equalizer hardware with the eqadmi commad. Coect the serial port o the Equalizer (see Figure 6 o page 8) to the serial port o the termial or the PC ruig termial emulatio software. Cofigure your termial or termial emulator software to use the followig settigs: 9600 baud 8 data bits o parity oe stop bit VT100 emulatio igore hag-ups (if supported); this allows a sigle termial sessio to cotiue ruig eve if Equalizer restarts If you use the Widows built-i termial emulator, HyperTermial, you also eed to eable: keyboard applicatio mode cursor keypad mode Equalizer Istallatio ad Admiistratio Guide 21

32 Chapter 3:Cofigurig Equalizer Hardware Coyote Poit recommeds usig Tera Term to cofigure the Equalizer hardware. Tera Term is freely available at: Performig Basic Equalizer Cofiguratio Use the Equalizer Cofiguratio Utility (eqadmi) to specify the followig: Hostame: The DNS hostame that is assiged to Equalizer (optioal). Network Iterfaces: The IP addresses of Equalizer o the exteral ad iteral etworks ad the etmasks associated with these etworks. Default Router: The IP address of the router that Equalizer will use to forward outboud packets. The router is o the exteral etwork. DNS Server: The ame server Equalizer uses. Curret date, time, ad time zoe. Passwords for the Equalizer cosole ad admiistratio iterface. Startig to Cofigure Equalizer As Equalizer boots, the termial displays a series of device probe ad startup messages. Normally, you ca igore these diagostic messages. However, if you do ot cofigure the termial emulatio software to igore hag-ups, the termial sessio might exit twice durig the boot process. If this happes, restart the termial sessio. To begi cofiguratio, follow these steps: 1. Whe the boot process is complete, press Eter o the termial keyboard to display the logi prompt. 2. Whe the logi prompt appears, type eqadmi ad press Eter. 3. Whe the password prompt appears, eter the password that Coyote Poit gave you, ad press Eter. Oce you eter the password, Equalizer automatically lauches the Equalizer Cofiguratio Utility, which provides a character-based iterface for settig ad chagig Equalizer cofiguratio parameters. 4. If the termial display is ot readable or ot formatted properly, press Esc ad make sure that your termial emulator is set for VT100 emulatio. Start over at Step To select a meu item withi the cofiguratio utility, press oe or more arrow keys util you highlight the desired item. If the arrow keys do ot operate withi your termial emulator, you ca use Ctrl- to select the ext meu item or Ctrl-p to select the previous meu item. Press the Tab key to highlight oe of the meu actios (such as Select or Cacel) displayed at the bottom of the widow. The press Eter to cotiue. Cotiue with Cofigurig the Network Parameters o page Equalizer Istallatio ad Admiistratio Guide

33 Performig Basic Equalizer Cofiguratio Cofigurig the Network Parameters To cofigure the Hostame, Network Iterfaces, Default Router, ad DNS, use the followig steps. Eve if you are usig your Equalizer i a sigle etwork cofiguratio, you eed to eter iformatio for both the exteral ad iteral (server) iterfaces. Note The screes show i this sectio are take from a termial emulator sessio o a already cofigured Equalizer over a TCP/IP coectio, for clarity. Whe viewed over a serial coectio o a termial or termial emulator, the screes are draw usig ASCII (lie-drawig) graphics. 1. Oce you log ito Equalizer as show i the previous sectio, the system displays the Equalizer Cofiguratio Meu: Figure 12 Equalizer Cofiguratio Utility: Mai Meu 2. I the Equalizer Cofiguratio Meu widow, select optio 1, Iterfaces, ad press Eter. Equalizer displays the Cofigure etwork iterfaces widow (see Figure 13 o page 24). Equalizer Istallatio ad Admiistratio Guide 23

34 Chapter 3:Cofigurig Equalizer Hardware Figure 13 Equalizer Cofiguratio Utility: Sample Iterfaces The iterfaces show i the scree above are examples oly; the iterfaces displayed for your system deped o your hardware cofiguratio. 3. Press oe or more arrow keys util you highlight Exteral Etheret iterface; the press Eter. The Equalizer Cofiguratio Utility displays the Network Cofiguratio widow (see Figure 14 o page 24). Figure 14 Equalizer Cofiguratio Utility: Network Cofiguratio 24 Equalizer Istallatio ad Admiistratio Guide

35 Performig Basic Equalizer Cofiguratio 4. I the Host field (required), eter the ame for the Equalizer o your etwork. This ca be the system ode ame (such as eq-ext ), or the fully qualified domai ame (FQDN, such as eq-ext.customer.com ). If you supply the FQDN i the Host field, the Domai field will automatically be filled i usig the domai of the FQDN. 5. I the Domai field (required), eter the domai ame for the Equalizer. (For example, for the fully qualified domai ame, eq-ext.customer.com, you would eter customer.com i the Domai field. 6. I the Gateway field (required), eter the IP address of the router o the exteral etwork. This router is the gateway for all the packets Equalizer seds to the outside world through the exteral etwork. For example, if your exteral etwork router is located at IP address , eter i the Gateway field. 7. I the Name Server field, eter the IP address of the domai ame server that Equalizer will use. To idicate that o ame server is available, leave the field blak (or, o the Equalizer 450 oly, type NONE). 8. If you will be usig the exteral port (that is, usig either a dual-etwork cofiguratio for a switch-based Equalizer or ay cofiguratio o a two-port Equalizer) you eed to assig a IP address to the exteral iterface. I the IP address ad Netmask fields, respectively, specify the IP address ad etmask for the exteral iterface. Use the address ad etmask from your cofiguratio worksheet (see Equalizer Cofiguratio Worksheets o page 16). For sigle etwork cofiguratios usig a switch-based Equalizer, leave the IP address for the exteral iterface blak (or, o the Equalizer 450 oly, type NONE) to disable the port. 9. Whe you re fiished, highlight OK. The press Eter. Follow the ext two steps oly if you are usig a switch-based Equalizer or a two-port Equalizer i a dual-etwork mode. 10. To specify the iteral iterface parameters, select Iteral Etheret iterface. The press Eter. 11. Specify the IP Address ad Netmask. For example, if the iteral iterface will have the address , eter i the IP Address field. Leave the IP address field blak or type NONE to disable the server ports. The Netmask used will deped o how your etwork is cofigured. 12. Highlight OK. The press Eter. 13. Highlight Back. The press Eter to retur to the mai cofiguratio meu. For the ew settigs to take effect, you must commit these chages ad reboot Equalizer, as show i the followig sectio. Committig Chages to the Cofiguratio Parameters For the chages you make to the Network Cofiguratio as show i the previous sectio to take effect, you must commit the chages ad reboot Equalizer, as show i the followig steps: 1. I the Equalizer Cofiguratio Meu widow, select optio 6, Commit; the press Eter. The system commits your chages ad automatically reboots. 2. Whe the boot process is complete, do the followig to test your cofiguratio chages: Equalizer Istallatio ad Admiistratio Guide 25

36 Chapter 3:Cofigurig Equalizer Hardware pig the assiged iteral ad exteral iterface addresses from the Equalizer to check etwork coectivity pig the exteral address from a host o the exteral etwork pig the iteral address from a host i the iteral etwork if DNS is cofigured, pig a host o the Iteret (e.g., from the Equalizer to esure that DNS ad the Equalizer gateway are fuctioig properly Settig the Time Zoe To set the curret time zoe, follow these steps: 1. I the Equalizer Cofiguratio Meu widow, select optio 2, Time Zoe, ad press Eter. 2. Use the meus to specify your time zoe. 3. Highlight OK; the press Eter. Settig the Date ad Time To set the curret date ad time, follow these steps: 1. I the Equalizer Cofiguratio Meu widow, select optio 3, Time; the press Eter. 2. Specify the curret date ad time, based o a 24-hour clock, i the format MM/DD/YY HH:MM. 3. Highlight OK; the press Eter. Chagig Equalizer s Cosole Password Use the cosole password to access this cofiguratio utility. Your password ca iclude ay combiatio of pritable characters (except spaces). To chage Equalizer s cosole password, follow these steps: 1. I the Equalizer Cofiguratio Meu widow, select optio 5, Cosole. The press Eter. 2. Type the ew password. Whe prompted, eter the password agai to cofirm the chage. The ew password takes effect immediately. Chagig the Admiistratio Iterface Password The admiistratio iterface password is the edit mode password for the Web-based admiistratio iterface. Your password ca iclude ay combiatio of pritable characters (except spaces) ad ca be o more tha 20 characters i legth (ote that spaces are accepted by the iterface, but will ot work whe attemptig to log i). To chage the admiistratio password, follow these steps: 1. I the Equalizer Cofiguratio Meu widow, select optio 4, Password, ad press Eter. 2. Type the ew password. Whe prompted, eter the password agai to cofirm the chage. The ew password takes effect immediately. 26 Equalizer Istallatio ad Admiistratio Guide

37 Maagig Remote Access to the Equalizer Upgradig Equalizer Software After you have fiished settig up your Equalizer to access the Iteret, you ca use the Equalizer Cofiguratio Utility to istall the latest Equalizer software upgrade from Coyote Poit. Note Before you ca upgrade your Equalizer, you must first licese it See Licesig Your Equalizer o page 39 for more iformatio. 1. I the Equalizer Cofiguratio Meu widow, select optio 8, Upgrade, ad press Eter. 2. Highlight OK; the press Eter. The upgrade utility prompts you to eter the upgrade URL (see Figure 15 o page 27): Figure 15 Equalizer Cofiguratio Utility: Upgrade URL Eter the URL provided to you by Coyote Poit, select OK, ad press Eter. Equalizer dowloads the upgrade file ad rus the upgrade script. 3. Whe prompted, cofirm that you wat to upgrade the Equalizer software. The script the istalls the software upgrade. Upgrades may take as log as five miutes. After the upgrade is istalled, you will be prompted to reboot the system. Shuttig Dow Equalizer You ca shut dow Equalizer from the cofiguratio utility. Note that shuttig dow Equalizer does ot automatically commit chages made to the cofiguratio. To shut dow, follow these steps: 1. I the Equalizer Cofiguratio Meu widow, select optio 7, Shutdow; the press Eter. 2. After the shutdow process completes, power off the system. Maagig Remote Access to the Equalizer Remote access, whe eabled, provides a user accout which allows remote user access ito the system for diagostic purposes. Note By default, the password for the remote access accout is blak. If you ited to eable the accout, chage this accout s password as soo as possible. Maagig the Remote Access Accout To eable, disable, or chage the password for this accout, use the hardware cofiguratio utility as follows: Equalizer Istallatio ad Admiistratio Guide 27

38 Chapter 3:Cofigurig Equalizer Hardware 1. Log ito the Equalizer hardware cofiguratio utility usig a termial or termial emulator (see Settig Up a Termial or Termial Emulator for Equalizer o page 21 ad Startig to Cofigure Equalizer o page I the Equalizer Cofiguratio Meu, select optio 9, Maage eqsupport, ad press Eter (see Figure 16 o page 28). Equalizer displays the Equalizer CLI eqsupport accout selectio widow. Figure 16 Equalizer CLI eqsupport accout selectio 3. The followig selectios are available: a. To eable the remote access accout, use the arrow keys to highlight Eable ad press Eter. The accout is ow eabled. b. To disable the remote access accout, use the arrow keys to highlight Disable ad press Eter. The accout is ow disabled. c. To chage the password, use the arrow keys to highlight Password ad press Eter. Follow the prompts to chage the password. If you modify the password for the accout whe it is disabled, Equalizer will display a remider that the accout must be eabled before you ca use it. 4. Whe you are doe, highlight OK o the accout selectio widow ad press Eter to retur to the Equalizer Cofiguratio Meu. Usig the Remote Access Accout Use the Secure Shell Cliet (SSH) to log i with the remote access accout user ame (eqsupport) ad password. The accout must be eabled i order for this to work. For the best visual output, the followig are recommeded: The PuTTY termial emulator, freely available from A SSH cliet ruig from a Widows Commad widow; for example, OpeSSH, which is freely available from: A SSH cliet ruig from a Cygwi widow. Cygwi is a UNIX shell eviromet that icludes versios of telet ad SSH; it is freely available from: 28 Equalizer Istallatio ad Admiistratio Guide

39 Cofigurig a Secod Equalizer As a Backup Whe you ru the Setup program to istall, make sure that SSH (uder Net ), the Xorg Server ad xterm (uder X11 ) are selected for istallatio. To ru, ope a Cygwi widow ad eter startx ; the eter telet or ssh. Cofigurig a Secod Equalizer As a Backup You ca cofigure a secod Equalizer as a hot backup (or hot spare) so that if the Equalizer that curretly hadles requests (the primary uit) fails, the backup uit automatically takes over. Both the primary ad backup uits are cofigured to default to either primary or backup role. Whe a failed uit comes back olie, it assumes the backup role, eve if it is desigated the default primary. If you are goig to use a secod Equalizer, perform the basic cofiguratio ow as described i the previous sectio. Additioal cofiguratio for failover is performed through the Equalizer Admiistratio Iterface, as described i the sectio Settig Up a Failover Cofiguratio o page 43. Cofigurig Routig o Servers To use Equalizer, you must cofigure your servers so that Equalizer gateways the packets the servers sed to their cliets. If you do ot adjust the routig o your servers, a cliet may ot receive a respose whe it attempts to cotact a virtual cluster. The, the coectio will time out. Whe you cofigure the servers, the default route gateway depeds o your Equalizer cofiguratio: If you use a two-etwork cofiguratio, the gateway for the default route should be Equalizer s iteral address regardless of the Equalizer model. If you use a sigle-etwork cofiguratio o switch-based Equalizers, the gateway for the default route should be Equalizer s iteral address. If you use a sigle-etwork cofiguratio o dual-port Equalizers, the gateway for the default route should be Equalizer s exteral address. If you use a failover cofiguratio, set the default route to the failover alias. For more iformatio, see Settig Up a Failover Cofiguratio o page 43. The way that you cofigure a server depeds o the server s operatig system. To verify that you have cofigured a server s routig correctly, trace the route from the server to a destiatio address outside the iteral etwork to esure that Equalizer gets used as a gateway. O UNIX systems, use the traceroute utility; o Widows, use tracert. Cofigure each server from the system cosole, ot through a telet sessio. This will avoid ay discoects that might otherwise occur as you chage the etwork settigs o a server. Cofigurig DNS ad Firewalls for Geographic Load Balacig If you are cofigurig Equalizer to use Evoy for geographic load balacig, you eed to cofigure your authoritative domai ame server to delegate authority to the Evoy sites. If you will use Equalizer Istallatio ad Admiistratio Guide 29

40 Chapter 3:Cofigurig Equalizer Hardware Evoy across firewalled etworks, you also eed to cofigure the firewalls to allow traffic betwee Evoy sites ad betwee the Equalizer ad cliets. Cofigurig the Authoritative Name Server to Query Evoy To delegate authority to the Evoy sites, you must cofigure the authoritative ame server(s) for the domais that are to be geographically load-balaced. You also must delegate each of the fullyqualified subdomais to be balaced. For example, assume that you wat to balace across a geographical cluster with two Evoy sites, east.coyotepoit.com ad west.coyotepoit.com. I this case, you cofigure the ame servers that hadle the coyotepoit.com domai to delegate authority for to both east.coyotepoit.com ad west.coyotepoit.com. Whe a cliet asks to resolve the ame servers should retur ame server (NS) ad alias (A) records for both sites. Usig Geographic Load Balacig with Firewalled Networks Equalizer sites commuicate with each other usig Coyote Poit s UDP-based Geographic Query Protocol. Similarly, Equalizer sites commuicate with cliets usig the DNS protocol. If a etwork firewall protects oe or more of your sites, you must cofigure the firewall to permit Equalizer packets to pass through. To use geographic load balacig with firewalled etworks, you eed to cofigure the firewalls so that the followig occurs: Equalizer sites commuicate with each other o UDP ports 5300 ad The firewall must allow traffic o these ports to pass betwee Evoy sites. Equalizer sites ad cliets ca exchage packets o UDP port 53. The firewall must allow traffic o this port to flow freely betwee a Equalizer server ad ay Iteret cliets so that cliets tryig to resolve hostames via the Equalizer DNS server ca exchage packets with Equalizer sites. Equalizer sites ca sed ICMP echo request packets (i.e., a pig ) through the firewall ad receive ICMP echo respose packets from cliets outside the firewall. (Whe a cliet attempts a DNS resolutio, Equalizer sites sed a ICMP echo request packet to the cliet; the cliet might respod with a ICMP echo respose packet.) Testig Your Basic Cofiguratio Oce you have istalled ad cofigured Equalizer ad your servers, perform tests to verify that Equalizer is workig properly. To perform these tests, you eed the followig: A test machie o the iteral etwork (the same physical etwork as the servers; oe of the server machies ca be used for this purpose). If you have a two-etwork cofiguratio, a test machie o the exteral etwork. A cliet machie somewhere o the Iteret, to simulate a real-world cliet. This machie should be set up so that the oly way it ca commuicate with your servers or Equalizer is through your Iteret router. 30 Equalizer Istallatio ad Admiistratio Guide

41 Testig Your Basic Cofiguratio The follow these steps: 1. From the iteral-etwork test machie, pig the physical IP address of each server. You should be able to successfully pig all of the servers from the test machie. 2. From the iteral-etwork test machie, pig the server aliases o each of the servers. You should be able to successfully pig all of the servers from the test machie usig their aliases. 3. From the iteral test machie ad each of the servers, pig the Equalizer address that you use as the default gateway o your servers. (If you use a two-etwork topology, this will be Equalizer s iteral address or failover alias.) 4. From the iteral-etwork test machie, coect to the server aliases o service ports of ruig daemos (you may eed to cofigure telet or ssh services o Widows servers). You should be able to coect successfully to the server aliases. 5. If you use a two-etwork cofiguratio: From the exteral-etwork test machie, pig a physical server IP address usig pig -R to trace the route of the pig. The Equalizer IP address should appear i the list of iterfaces that the pig packet traverses. You ca also use the traceroute (UNIX) or tracert (Widows) tools to perform this test. For help i resolvig cofiguratio problems, see Appedix D, Troubleshootig. Equalizer Istallatio ad Admiistratio Guide 31

42 Chapter 3:Cofigurig Equalizer Hardware 32 Equalizer Istallatio ad Admiistratio Guide

43 4 Accessig Browser Cotrols Itroducig the Equalizer Admiistratio Iterface You use Equalizer s HTML-based admiistratio iterface for routie moitorig ad admiistrative tasks. Access the admiistratio iterface from a Javascript-eabled web browser to perform the followig actios: Moitor the status of Equalizer ad the cofigured clusters ad servers View cluster ad server performace statistics graphically Add virtual clusters Modify cluster parameters Delete clusters Add servers to a cluster Adjust server static weights Delete servers Shut dow a server gracefully Shut dow Equalizer Accessig the Equalizer Admiistratio Iterface You must access the Equalizer Admiistratio Iterface through a Javascript-eabled browser. The Equalizer Admiistratio Iterface supports the followig two user modes: View, which eables you to view, but ot edit, Equalizer cofiguratio ad status iformatio. For more iformatio about view mode, see Chapter 6, Moitorig Equalizer Operatio which starts o page 83. Edit, which eables you to view all the Equalizer cofiguratio ad status iformatio ad, most importat, edit the cofiguratio. For more iformatio about edit mode, read through Chapter 5, Cofigurig Equalizer Operatio which starts o page 39. Loggig I To access the admiistratio iterface ad log ito Equalizer, follow these steps: Equalizer Istallatio ad Admiistratio Guide 33

44 Chapter 4:Accessig Browser Cotrols 1. Lauch a Javascript-eabled web browser. 2. From the browser, load the URL that correspods to Equalizer's exteral address. For example, if the exteral address is , ope the Equalizer Admiistratio Iterface by typig i the appropriate locatio i the browser. If you are usig a redudat pair of Equalizers, use the failover alias to esure that the browser coects to the Equalizer that has the primary role. You ca also use to access the Equalizer Admiistratio Iterface. Equalizer displays the logi scree (see Figure 17): Figure 17 The logi scree 3. Eter the appropriate user ame ad password; the click the logi butto. To obtai the iitial user ame ad password combiatios for view ad edit access, see the password sheet that Coyote Poit provided separately. Note If you have lost or forgotte the edit mode password, you ca set it through the Equalizer Cofiguratio Utility. For more iformatio refer to Chagig the Admiistratio Iterface Password which starts o page Equalizer Istallatio ad Admiistratio Guide

45 Accessig the Equalizer Admiistratio Iterface Navigatig Through the Iterface The Equalizer Admiistratio Iterface (see Figure 18) provides two avigatio mechaisms: liks ad meus. You ca access status iformatio ad curret parameters of ay of the items i the hierarchical list i the left frame by clickig the ame of the item you wat to view. The hierarchical list cotais all the curretly cofigured clusters, servers, geographic clusters, ad sites. Equalizer displays the status iformatio ad curret parameters i the right frame. Figure 18 Equalizer s Admiistratio Iterface Usig the Mai Meu Bar Use the meus i the mai meu bar (see Figure 19) i the top frame ad the local meus o the parameters pages to access Equalizer s reportig optios, modify the cofiguratio, or view help iformatio. Figure 19 Mai meu bar Equalizer: provides the followig commads: Equalizer Istallatio ad Admiistratio Guide 35

46 Chapter 4:Accessig Browser Cotrols Global Cofiguratio: displays a submeu with six optios for modifyig (uder Edit mode) the Equalizer global parameters: Chage Passwords, Evets, Failover, Backup/ Restore Cofiguratio, Maage Liceses, ad System Parameters. Shut Dow Equalizer: starts a clea shutdow of the Equalizer system so you ca safely tur off the power. Note that this optio works oly whe you are logged i uder Edit mode. If you try to do this while you are logged i uder View mode, Equalizer displays a error message. Reboot: reboots the Equalizer. If you try to do this while you are logged i uder view mode, Equalizer displays a error message. Log Out: exits the Equalizer Admiistratio Iterface. View: provides access to the followig global status iformatio: Equalizer Status: displays the Equalizer software ad hardware iformatio, basic cofiguratio, ad recet statistics. Cluster Summary: displays summary iformatio for all the cofigured clusters. Evet Log: displays the Equalizer evet log. Whe you have fiished viewig the evet log, movig to aother locatio automatically closes the evet log. Add: provides the followig commads for addig clusters uder Edit mode: Virtual Cluster, to add a ew virtual cluster. Geographic Cluster, to add a ew geographic cluster to a site. This commad is oly displayed if Evoy is istalled. Help: provides access to the followig iformatio about usig Equalizer: View Guide: displays the PDF file that cotais the Equalizer Istallatio ad Admiistratio Guide (this book). Cotext Help: displays the relevat sectio i the PDF file correspodig to the curret activity i the right frame. About Equalizer: displays versio ad copyright iformatio for Equalizer. The ico displayed i the top right corer of the admiistratio iterface idicates the curret user mode: View or Edit. Whe you are logged i uder view mode, the cofiguratio fuctios, such as addig a server or modifyig a cluster s parameters, are ot available. 36 Equalizer Istallatio ad Admiistratio Guide

47 Accessig the Equalizer Admiistratio Iterface Accessig Local Meus You ca access local meus (see Figure 20) from the parameter screes that appear whe you click a item i the left frame. Typically, you ca fid local meus i the upper right corer of the page. To activate a local meu, roll over it with your mouse. With local meus, you ca view ad chage iformatio about the curretly-viewed item. For example, whe you are i edit mode, the local meu i the Server Parameters page eables you to chage the server s parameters, plot the server s history, or eve delete the server. Figure 20 The local meu o the Server Parameters page Equalizer Istallatio ad Admiistratio Guide 37

48 Chapter 4:Accessig Browser Cotrols 38 Equalizer Istallatio ad Admiistratio Guide

49 5 Cofigurig Equalizer Operatio You ca modify Equalizer s cofiguratio through the Equalizer Admiistratio Iterface ad perform the followig actios, described i this chapter: Licese your Equalizer Display ad modify Equalizer system parameters, icludig specific procedures that allow you to: Set up a failover cofiguratio with two Equalizers Eable outboud etwork address traslatio for reserved etworks Eable passive FTP coectios Cofigure stale coectio hadlig Eable sticky etwork aggregatio Cofigure custom evet hadlig Set the admiistratio passwords Savig ad restorig the Equalizer cofiguratio files Shuttig dow ad rebootig the Equalizer Note The procedures i this chapter assume that you have already set up your Equalizer hardware ad performed the iitial cofiguratio accordig to the istructios foud i Chapter 2, Istallig Equalizer ad Chapter 3, Cofigurig Equalizer Hardware. Licesig Your Equalizer You must register ad licese your Equalizer before performig ay other cofiguratio usig the Equalizer Admiistratio Iterface (described i Chapter 4, Accessig Browser Cotrols ). If your Equalizer is ulicesed, the Equalizer Admiistratio Iterface displays a warig i the left frame; you eed a licese to remove this warig ad eable your Equalizer s features. To get a licese: 1. If you have ot already doe so, set up your Equalizer hardware ad perform the iitial cofiguratio accordig to the istructios foud i Chapter 2, Istallig Equalizer ad Chapter 3, Cofigurig Equalizer Hardware. 2. Write dow the serial umber located o the back of the Equalizer uit. 3. Use the Equalizer Admiistratio Iterface to obtai your Equalizer s system ID; this is the same as the Media Access Cotrol (MAC) address of the Equalizer. Equalizer Istallatio ad Admiistratio Guide 39

50 Chapter 5:Cofigurig Equalizer Operatio Log ito Edit mode, select Equalizer > Global Cofiguratio from the mai meu bar, ad the select meu > Maage Liceses from the modify system parameters scree The licese status scree is displayed, which shows your Equalizer system ID. Figure 21 Licese status scree 4. Register your Equalizer usig the Coyote Poit Registratio Form o the Iteret. Usig ay browser, go to: Copy the system ID from the licese status scree (above) ad paste it ito the registratio form. The, type i the serial umber you wrote dow i Step 2. Follow the directios o the form to complete your registratio. 5. After you complete the registratio process, go back to the licese status scree you opeed i Step 3. Click the get licese butto to sed a request for a licese to Coyote Poit's licesig server, which validates your request ad returs a licese for your Equalizer to use. Note If you get a error that you caot coect to the licese server, make sure that your etwork is properly cofigured ad that Equalizer ca commuicate through ay firewalls. Equalizer seds licese requests through port 127 or 80. Oce the Equalizer is licesed, the Ulicesed Error warig disappears from the left frame ad all of your Equalizer's features are eabled. Modifyig System Parameters To view ad modify the Equalizer s system parameters, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the mai meu bar; Equalizer displays the modify system parameters scree i the right frame; see Figure 22 o page Chage the appropriate fields. 4. Click the commit butto. 40 Equalizer Istallatio ad Admiistratio Guide

51 Modifyig System Parameters Figure 22 The modify system parameters scree Equalizer Istallatio ad Admiistratio Guide 41

52 Chapter 5:Cofigurig Equalizer Operatio The modify system parameters scree displays iformatio that affects Equalizer s operatio: sequece is the Equalizer-assiged umber for the curret cofiguratio. This umber is used iterally by the Equalizer software ad caot be chaged by the user. sed buffer applies to L7 clusters ad is the amout of memory i kilobytes reserved by each L7 proxy process to store outgoig data before it is placed o the etwork iterface. receive buffer applies to L7 clusters ad is the amout of memory i kilobytes reserved by each L7 proxy process to store data that has bee received o a iterface before it is processed by a L7 proxy process. coect timeout applies to L7 clusters ad is the time i secods that Equalizer waits for a server to respod to a coectio request. cliet timeout applies to L7 clusters ad is the time i secods that Equalizer waits before closig a idle cliet coectio. server timeout applies to L7 clusters ad is the time i secods that Equalizer waits before closig a idle server coectio. probe iterval is the target time i secods betwee successive server health check probes. This value is solely a target, the moitorig process adjusts itself based o load. probe timeout is the time i secods that Equalizer waits for a probe respose. strikeout threshold is the umber of failures to respod to a probe (strikes) before a server is declared dow. log hours is the target umber of hours of plot log data to retai. A zero i this field allots the umbers of hours based o the available memory. plot clip applies a threshold to limit the effect of spikes i plot data. cycle time is time i secods for the master daemo to make oe pass through all of the clusters. This value should ot be modified uless recommeded by Coyote Poit Support. probe delay is the time i secod betwee successive probes of servers. You ca override this value for each cluster. idle timeout applies to L4 clusters ad is the time i secods before reclaimig idle Layer 4 coectio records. stale timeout the legth of time that a partially ope or closed coectio is maitaied; see Maagig Stale Coectios o page 50. sticky etmask eables sticky etwork aggregatio for a subet (all the coectios comig from a particular subet are directed to the same server i the cluster). See Eablig Sticky Network Aggregatio o page 51. commad, from, to, server, ad evet_flags eable evet hadlig o the Equalizer; see Cofigurig Custom Evet Hadlig o page 53 for more iformatio about these parameters. advaced eables display of advaced parameters ad flags by default o all meus for this cluster (i.e., ay scree that has a advaced check box will have the check box eabled, ad all advaced parameters ad flags are displayed whe the scree is opeed). eable outboud NAT is described uder Eablig Outboud NAT o page Equalizer Istallatio ad Admiistratio Guide

53 Settig Up a Failover Cofiguratio passive FTP traslatio is described uder Eablig Passive FTP Coectios o page 50. pedatic aget applies oly whe clusters use server agets. Whe you check this box, Equalizer will treat a server as dow whe it ca probe a server but receives o respose from the server s aget. See Appedix A, Usig Server Agets. ICMP probe eables probig servers usig a mix of L4, L7, ad ICMP echo probes. ICMP drop redirects tells Equalizer to drop (i.e., igore) icomig ICMP redirect messages. o plot disables the recordig of plottig data. igore case applies to L7 ad is the global settig to igore case i match expressios. You ca override this value per cluster ad per match rule. See Chapter 8, Match Rules. o outboud RST applies to L4 ad causes Equalizer to disable forwardig of utraslated TCP RST (reset) packets. abort server causes Equalizer to termiate server coectios without waitig for the server to quiesce. do t trasfer disables the trasfer of the Equalizer cofiguratio betwee failover peers (sibligs) whe a failure occurs. This is geerally used oly whe usig two differet Equalizer models/cofiguratios as failover peers (sibligs). See Usig Failover with Differet Equalizer Models o page 47. allow exteded chars is described uder Cofigurig Support for Exteded Characters o page 55. Settig Up a Failover Cofiguratio You ca set up two Equalizers i a hot backup, or failover, cofiguratio. I such a cofiguratio, oe of the systems hadles icomig requests, while the other waits for a failure to occur ad automatically takes over if the Equalizer that is curretly hadlig requests fails. The two Equalizers are called peers or sibligs i such a cofiguratio. To use a secod Equalizer as a hot backup, you eed to istall both Equalizers so their etwork iterfaces have correspodig cofiguratios (see Figure 9 o page 13): You must plug the exteral iterface of the backup uit ito the same hub or switch ito which the exteral iterface of the primary uit is plugged. You must plug the server (or iteral) iterface of the backup uit ito the same hub or switch ito which the server iterface of the primary uit is plugged. Note Be sure that you do ot create a loop betwee the exteral ad iteral iterfaces. For failover cofiguratio betwee two switch models, coect a cable from oe Equalizer s switch iterface to the others (see Figure 10 o page 14). You must desigate oe of the Equalizers as the preferred primary. Whe you boot both Equalizers at the same time, the preferred primary Equalizer is activated. If the primary Equalizer fails, the backup takes over. Whe you brig the failed uit back olie, it assumes the backup role util aother failure occurs or you reboot its siblig. Equalizer Istallatio ad Admiistratio Guide 43

54 Chapter 5:Cofigurig Equalizer Operatio Whe a Equalizer is brought olie, the Equalizer checks to make sure that the etwork iterfaces are lik active. If the appropriate iterfaces are ot active, the Equalizer sits i a loop waitig for them to become active (ad Equalizer seds commets to the cosole). Whe the appropriate iterfaces are active, the Equalizer tries to make cotact with its siblig. If they establish cotact, a egotiatio esues i which oe system becomes the primary uit ad the other becomes the backup uit. Geerally, the first system to start ruig the failover process becomes the primary uit (usually this is the default primary uit). If a Equalizer loses cotact with its siblig, it tries to determie the cause. If it caot idetify the cause, it will try to assume the primary role. It checks that o other system has cofigured the gateway IP address or virtual cluster addresses. Whe it passes these tests, the Equalizer assumes those IP addresses ad starts hadlig traffic. A partitio occurs whe both systems are uable to commuicate with each other ad both Equalizers eter primary mode. Whe this partitio is healed ad both uits regai commuicatio, the two systems resolve this dispute by choosig oe system to reboot itself. Geerally, this meas that the system that is cofigured as the default backup will reboot; upo comig back up, it will eter backup mode. Note Ay switch, such as oe from Cisco or Dell, that comes with Spaig Tree eabled by default ca cause a commuicatio problem i a failover cofiguratio whe oe or both of the Equalizers are dual-port models. This problem occurs at bootup because the switch disables its ports for roughly 30 secods to liste to BPDU (bridge protocol data uit) traffic. The 30-secod pause causes both Equalizers to attempt to become the primary uit; the default backup cotiually reboots. To repair this coditio, either disable Spaig Tree or eable PortFast for the ports coected to the Equalizers. This eables the ports to act as ormal hubs ad accept all traffic immediately. Sice differet Equalizer models have varyig cofiguratio parameters, it is recommeded that both of the failover peers are the same model Equalizer. See the sectio Usig Failover with Differet Equalizer Models o page 47 for more iformatio o settig up a failover pair with two differet Equalizer models. To set up a failover cofiguratio betwee two Equalizers of the same model, do the followig: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode o the failover peer that will assume the default primary role. Cofigurig ad rebootig the default primary Equalizer first esures that it assumes the primary role. 2. Select Equalizer > Global Cofiguratio from the mai meu bar; the select meu > Failover from the modify system parameters scree. The failover cofiguratio scree appears i the right frame. 44 Equalizer Istallatio ad Admiistratio Guide

55 Settig Up a Failover Cofiguratio 3. I the failover peers sectio (see Figure 23 o page 45), make sure that create ew is selected i the peer drop-dow. Figure 23 Failover peers sectio of the failover cofiguratio scree for a dual etwork cofiguratio 4. Eter the ame for the peer i the peer ame field. To cofigure failover, you will eed to create two peers, oe for each system i the pair ad repeat this cofiguratio o both Equalizers. 5. Eter the iteral ad exteral addresses for this peer i the iteral address ad exteral address fields. I sigle etwork mode, you will see oe address ad correspodig etwork mask depedig o the type of Equalizer. Equalizer models with a itegrated switch use the iteral address whe i sigle etwork mode. All other models use the exteral address whe i sigle etwork mode. 6. Check preferred primary if the peer is the preferred primary. 7. Click the add butto to add the peer. Clickig the add butto adds the peer ad disables the curret failover cofiguratio util you commit the chages. 8. Cofigure a secod peer by selectig create ew from the peer drop-dow Both the preferred primary peer ad the backup peer must be cofigured i this sectio (oly oe must be marked as the preferred primary). Each peer must have a uique ame. 9. Specify the address ad etmask for the failover aliases (see Figure 24 o page 46). The alias addresses are uique IP addresses assiged to the failover pair. The etmask ca be left blak ad it will default to the same as the associated iterface. The Equalizer that is ruig i primary mode assumes these aliases; the servers should use the iteral address (whe i dual etwork mode) or the sigle address (whe i sigle etwork mode) as their Equalizer Istallatio ad Admiistratio Guide 45

56 Chapter 5:Cofigurig Equalizer Operatio default gateway. If you are i dual etwork mode ad ruig Evoy, the exteral failover alias is used for DNS queries to Evoy. Figure 24 Failover aliases sectio of the failover cofiguratio scree for a dual etwork cofiguratio 10. You should accept the default failover timig parameters. These parameters affect how the peers try to heartbeat each other. The receive timeout is the time i secods that Equalizer allows to receive a respose from its siblig before it times out. The coectio timeout is the time i secods allowed to establish a TCP coectio with its siblig. Whe either of these timeouts occur, that couts as oe of the strikeouts that occurs before the backup becomes the primary. The last failover timig value is probe iterval. This is the umber of secods Equalizer waits betwee attempts to exchage status iformatio. Normally the default values are the best to use, however, if you otice the log files cotai too may false positives (messages that Equalizer has regaied cotact with its peer) you may wat to icrease the values. Figure 25 Failover timig sectio of the failover cofiguratio scree for a dual etwork cofiguratio 11. Click the commit & reboot butto. Errors are reported whe a failover cofiguratios is ot successfully committed. If successful, you will be prompted to reboot immediately. Click the cacel butto if you wat to wait to reboot the Equalizer. Note Both Equalizers must reboot i order for the failover cofiguratio to work. Also ote that selectig the commit & reboot butto o oe of the peers does ot cause the secod Equalizer (the peer that is ot the system beig cofigured) to reboot. 12. Repeat steps 1 through 11 o the default backup Equalizer peer, through its Admiistratio Iterface. Make sure that you do ot check the preferred primary check box o the backup Equalizer i Step 6. As the Equalizers reboot, observe the termial coectio. The cosole messages should idicate that each Equalizer has successfully assumed the primary or backup role. Check the evet logs 46 Equalizer Istallatio ad Admiistratio Guide

57 Modifyig or Deletig a Failover Cofiguratio (View > Evet Log i the Admiistrative Iterface) for each Equalizer to see that there are o related evets. make sure that Successfully assumed PRIMARY role appears i the log for the default primary system, ad that Successfully assumed BACKUP role appears i the evet log for the default backup system. Modifyig or Deletig a Failover Cofiguratio To make chages to a peer s address or to delete a peer, select it from the peer drop-dow. The buttos, modify ad delete, appear. You ca make chages ad click the modify butto. To delete a peer, click the delete butto. If you recofigure failover but do ot commit, the failover cofiguratio is disabled. If the system reboots while failover is disabled, it will start up i stadaloe mode. Note If both systems i a failover pair start i stadaloe mode, each will assumig the cluster aliases ad either will assume a failover alias, resultig i othig workig. To resolve this type of problem cofigure ad commit the failover pair o both Equalizers, ad reboot both. Usig either the modify or delete butto disables the curret failover util you commit the chages. Usig Failover with Differet Equalizer Models Whe pairig a switch-itegrated system (such as E350si or E450si) with a o-switch system (E350 or E450) i sigle etwork mode, you will eed to take special measures to prevet the systems from sharig their cofiguratios. While it is ot geerally recommeded to deploy two differet Equalizer types i a failover pair, it ca be doe. Some sites prefer, for example, to upgrade failover pairs oe at a time rather tha deployig ew models for both failover systems at the same time. Note Whe addig a ew model Equalizer to a mixed failover pair, make sure that the origial Equalizer is cofigured so that it does ot trasfer the cofiguratio iformatio (i other words, the dot trasfer flag is checked). Wheever the dot trasfer flag is eabled, you must maually perform ay chages to your Equalizer ad cluster cofiguratio (such as addig/removig clusters or servers, chagig system parameters, etc) o both Equalizers i the failover pair. To prevet Equalizers i a failover pair from trasferrig their cofiguratios durig a failover, perform the followig procedure o both systems: Equalizer Istallatio ad Admiistratio Guide 47

58 Chapter 5:Cofigurig Equalizer Operatio 1. Select Equalizer > Global Cofiguratio from the mai meu. 2. At the bottom of the modify system parameters scree, i the flags sectio, check the box labeled dot trasfer. Figure 26 Modify system parameters scree 3. Click the commit butto to save the parameters. 4. Perform Steps 1 to 3 o the other Equalizer i the failover pair. Oce you make this cofiguratio chage o both Equalizers, they will be ready to be cofigured for failover. Upgradig Failover Cofiguratios from Versios prior to The upgrade script cotais facilities to migrate a versio 7.1 style failover cofiguratio (stored i / etc/eq.static) to the ew style used i 7.2 ad later systems. Whe the upgrade script rus, it will detect the presece of a valid cofiguratio i the eq.static file. If it fids this file, the script prompts you whether to migrate the failover cofiguratio. If you respod y to the upgrade script s prompt, the cofiguratio file will be migrated to the upgrade partitio, ad the followig message displayed: IMPORTANT NOTE: cofiguratio file trasfers will be disabled whe system reboots. You may re-eable cofiguratio sharig by clearig the dot trasfer checkbox i the equalizer global parameters page. 48 Equalizer Istallatio ad Admiistratio Guide

59 Chagig the Network Mode betwee Sigle ad Dual If you are cofigurig failover betwee two differet types of Equalizers, where oe cotais a built-i switch ad the other does ot, cofiguratio file trasfers must remai disabled betwee the two systems. (See release otes) This idicates that whe the system reboots, the dot trasfer flag is set ad ay chages that are made to the cofiguratio of this system will ot be shared with the failover peer. You may clear the dot trasfer flag oce the system reboots, provided the failover pair is ot both operatig i sigle etwork mode ad a combiatio of a switch-itegrated system with a o-switch system. See Usig Failover with Differet Equalizer Models o page 47 for more iformatio. Chagig the Network Mode betwee Sigle ad Dual It is importat to delete the failover cofiguratio before chagig the etwork mode betwee sigle ad dual etwork o a Equalizer that is already cofigured for failover. If the etwork mode is chaged before the failover cofiguratio is deleted, the web browser iterface will become uusable because the cofiguratio parser geerates error messages statig that the failover cofiguratio does ot match the etwork mode. Troubleshootig Chages betwee Network Modes without Deletig Failover Cofiguratios First The followig maual procedure deletes the failover cofiguratio ad should oly be used if the etwork mode was chaged without first deletig the failover cofiguratio. You should follow this procedure with the assistace of a member of Coyote Poit s techical support team. 1. Log ito the Equalizer via SSH usig the eqsupport accout or as root via the serial port. 2. # mout w / (if usig the eqsupport accout, you must use su first) 3. Edit the file to remove the iterface staza ad save it. # ee /var/eq/eq.cof (vi may be used as well) 4. # shadow /var/eq/eq.cof 5. # shutdow -r ow This commad reboots Equalizer. After Equalizer comes back up, you ca create a failover cofiguratio. Eablig Outboud NAT If you use a reserved etwork cofiguratio ad the servers o the o-routable etwork must be able to commuicate with hosts o the Iteret, you must cofigure Equalizer to perform outboud etwork address traslatio (NAT). Whe outboud NAT is eabled, Equalizer traslates coectios origiatig from the servers o the reserved etwork so that exteral hosts wo t see packets origiatig from o-routable addresses. Note If you use outboud NAT i a failover cofiguratio, you should eable outboud NAT o both uits i case a failover actually occurs. To eable Equalizer to perform outboud NAT, follow these steps: Equalizer Istallatio ad Admiistratio Guide 49

60 Chapter 5:Cofigurig Equalizer Operatio 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. Select Equalizer > Global Cofiguratio from the Equalizer meu i the mai meu bar. The modify system parameters scree appears i the right frame (see Figure 22 o page 41). 3. Check the eable outboud NAT checkbox. 4. Click the commit butto. Eablig Passive FTP Coectios If your servers are o a etwork the outside world caot reach, cosider eablig Equalizer s passive FTP traslatio optio. This optio causes the Equalizer to rewrite outgoig FTP PASV cotrol messages from the servers so they cotai the IP address of the virtual cluster rather tha that of the server. To eable passive FTP traslatio, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the Equalizer meu i the mai meu bar. The modify system parameters scree appears i the right frame (see Figure 22 o page 41). 3. Check the passive FTP traslatio checkbox. 4. Click the commit butto. Maagig Stale Coectios The stale coectio timeout is the legth of time that a partially ope or closed coectio is maitaied. If a cliet fails to complete the TCP coectio termiatio hadshake sequece or seds a SYN packet but does ot respod to the server s SYN/ACK, Equalizer marks the coectio as icomplete. Equalizer reclaims coectios i the icomplete state whe the stale coectio timeout expires. Whe Equalizer reclaims a coectio, it seds a RST (reset) packet to the server, eablig the server to free ay resources associated with the coectio. Stale coectios apply to Layer 4 (L4) oly. If you chage the stale timeout settig while partially established coectios are curretly i the queue, those coectios will be affected by the ew settig. Note Reducig the stale coectio timeout ca be a effective way to couter the effects of SYN flood attacks o server resources. A stale coectio timeout of 10 secods would be a appropriate value for a site uder SYN flood attack. To set the stale coectio timeout, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the Equalizer meu i the mai meu bar. The modify system parameters scree appears i the right frame (see Figure 22 o page 41). 3. Eter a value, i secods, for stale timeout (default is 15 secods). 4. Click the commit butto. 50 Equalizer Istallatio ad Admiistratio Guide

61 Eablig Sticky Network Aggregatio Eablig Sticky Network Aggregatio Sticky etwork aggregatio eables Equalizer to correctly hadle sticky coectios from ISPs that use multiple proxy servers to direct user coectios. Whe you eable sticky etwork aggregatio, all the coectios comig from a particular etwork are directed to the same server. (Typically, all the servers i a proxy farm are o the same etwork.) Whe you eable sticky etwork aggregatio, Equalizer routes all the coectios from a particular etwork to the same server. The etmask value idicates which portio of the address Equalizer should use to idetify particular etworks. The mask correspods to the umber of bits i the etwork portio of the address: 8 bits correspods to a Class A etwork 16 bits correspods to a Class B etwork 24 bits correspods to a Class C etwork I previous versios of Equalizer, eablig sticky etwork aggregatio was the equivalet of settig the sticky etwork aggregatio mask to 24 bits (that is, Equalizer routed all coectios from the same class C etwork to the same server). Sticky etwork aggregatio is applicable oly for Layer 4 load balacig of geeric TCP ad UDP clusters. Note A potetial drawback of usig sticky etwork aggregatio is that all users coectig through a particular proxy farm might be directed to the same server. I practice, this has ot bee a problem. Equalizer s load-balacig algorithms direct other visitors to differet servers to keep the load balaced. Equalizer Istallatio ad Admiistratio Guide 51

62 Chapter 5:Cofigurig Equalizer Operatio To eable sticky etwork aggregatio, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the Equalizer meu i the mai meu bar. The modify system parameters scree appears i the right frame (see Figure 22 o page 41). 3. Eable sticky etwork aggregatio by selectig a sticky etmask from the pull-dow meu show below. Figure Click the commit butto. Eablig sticky etwork aggregatio Note If you are usig two Equalizers i a failover cofiguratio, you must set the sticky etwork aggregatio mask idetically for both Equalizers. 52 Equalizer Istallatio ad Admiistratio Guide

63 Cofigurig Custom Evet Hadlig Cofigurig Custom Evet Hadlig You ca cofigure Equalizer to perform certai actios whe a server fails or other critical evets occur. You ca forward Equalizer log iformatio to aother machie, ad specify a commad to ru or to be set whe a server evet occurs. Forwardig Equalizer Log Iformatio You ca forward Equalizer s System Evet Log (see Displayig the System Evet Log o page 85), to aother machie that is ruig a syslog daemo. To specify a syslog host to which you will forward the log, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the mai meu bar; the select meu > Evets from the modify system parameters scree. The evet cofiguratio scree appears i the right frame. Figure 28 The evet cofiguratio scree 3. Check the use remote syslog checkbox. 4. I the syslog host field, eter the hostame (ot the IP address) of the machie to which you wat to forward syslog messages. (Remember that the system you specify must be cofigured to be a syslog host; see the documetatio for the operatig system ruig o that system for more iformatio.) Equalizer Istallatio ad Admiistratio Guide 53

64 Chapter 5:Cofigurig Equalizer Operatio 5. Click the commit butto. Specifyig a Commad to Ru Whe a Particular Evet Occurs You ca cofigure Equalizer to ru a commad that you specify (such as sedig a or ruig a custom shell script) wheever server evets occur. The followig evets trigger the specified commad: Failure of a server Restoratio of a failed server Failure of a server aget Restoratio of a server aget Failover i a high-availability Equalizer pair For example, to apped a dated message to a log file wheever Equalizer detects a server failure, you could eter the followig commad: echo date System Failure. >> /tmp/mylog To specify a commad to ru, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the mai meu bar; the select meu > Evets from the modify system parameters scree. The evet cofiguratio scree appears i the right frame (see Figure 28 o page 53). 3. I the commad to ru o server evet field, eter the commad that you wat Equalizer to ru whe it detects a server evet. 4. Click the commit butto. Note Ay program that is specified i the commad ad that is to ru for a server evet must complete its work ad termiate withi oe or two secods to avoid iterruptig Equalizer s server failure detectio facility. Cofigurig Notificatio Whe a Particular Evet Occurs You cofigure otificatios wheever server evets occur through the evet cofiguratio scree. You eed to specify the recipiet ad SMTP server for this feature to work. Note This update meas that you o loger eed to use Mii SedMail to hadle your otificatios. To eable otificatio, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the mai meu bar; the select meu > Evets from the modify system parameters scree. The evet cofiguratio scree appears i the right frame (see Figure 28 o page 53). 3. Eter the seder of the i the from field usig the user@domai format. 54 Equalizer Istallatio ad Admiistratio Guide

65 Cofigurig Support for Exteded Characters If you do ot specify the seder, Equalizer will use the default address: You defie the hostame ad domai whe you cofigure the Equalizer hardware. 4. Eter the recipiet of the i the to field usig the user@domai format. 5. Eter the SMTP address used for forwardig usig either dot otatio ( ) or the hostame i the SMTP server field. The SMTP server must be listeig o port Make sure that the eable otificatio checkbox is checked. 7. Click the commit butto. (If the to or SMTP server fields are blak, or if you do ot check the eable otificatio check box, you will ot be able to commit the chages.) Disablig Notificatio Whe a Particular Evet Occurs To disable otificatio, follow Steps 1 ad 2 above, clear the eable otificatio checkbox, ad select commit. Cofigurig Support for Exteded Characters To eable or disable support for 8-bit ASCII ad multibyte UTF characters i URIs, select Equalizer > Global Cofiguratio. At the bottom of the global cofiguratio parameters scree, labelled modify system parameters, a series of check boxes labelled flags is preset. The last checkbox, labelled allow exteded chars, cotrols the activity of this feature. Whe checked, 8-bit octets will be allowed through the Equalizer; whe uchecked, Equalizer returs a 400 Bad Request error. This is the default behavior. To cofigure support for 8-bit ASCII ad multibyte UTF characters i URIs, follow these steps from a Equalizer Admiistratio Iterface i edit mode. 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the mai meu bar; the modify system parameters scree is displayed (see Figure 22 o page 41). 3. I the modify system parameters scree, select allow exteded chars. There are potetial risk to eablig this optio. Because eablig support for this optio allows the Equalizer to pass requests violatig RFC2396, load-balaced servers may be ruig software that is icapable of hadlig such requests. Whe eablig this optio, esure that your server software is capable of hadlig such packets ad will ot serve as a potetial weak poit i your etwork. Chagig the Admiistratio Passwords A admiistrator logged i uder Edit mode ca chage both the View password ad Edit password. If you are logged i uder Edit mode, you ca chage the View password without specifyig the curret password. To chage the view or edit a password (see Figure 29 o page 56), follow these steps: Equalizer Istallatio ad Admiistratio Guide 55

66 Chapter 5:Cofigurig Equalizer Operatio 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the mai meu bar; the select meu > Chage Passwords from the modify system parameters scree. Figure 29 Chage passwords scree 3. Select the password to be chaged: View Password or Edit Password. 4. For Edit password oly, eter the curret password i the curret password field. 5. Eter the ew password i the ew password field ad the cofirm it by eterig it agai i the cofirm password field. 6. Click the commit butto. Note If you have lost or forgotte the Edit mode password, you ca set it through the cosolebased Equalizer Cofiguratio Utility. For more iformatio, refer to Chagig the Admiistratio Iterface Password o page 26. Savig or Restorig Your Cofiguratio Equalizer eables you to save or back up a cofiguratio or restore a saved cofiguratio. Note Equalizer passwords are ot saved or restored, but IP cofiguratio, clusters, ad failover iformatio are saved. Savig Your Cofiguratio Use the Backup/Restore Cofiguratio commad to save your Equalizer cofiguratio to a file or to load a saved cofiguratio. Whe you save your cofiguratio, Equalizer wraps up the followig iformatio i a biary file: /var/eq/eq.cof, which cotais the cluster/server cofiguratios that appear i the left pae of the admiistrative iterface. /var/eq/evoy.cof, which is the Evoy cofiguratio (if Evoy is istalled); it cotais geographic cluster ad site iformatio from the left pae of the admiistrative iterface. /var/eq/liceses, which cotais licesig iformatio. 56 Equalizer Istallatio ad Admiistratio Guide

67 Savig or Restorig Your Cofiguratio Cofiguratio files from /etc (icludig hosts, master.passwd, tp.cof, passwd, rc.cof-eq, resolv.cof, syslog.cof) ad /etc/ssh (icludig ssh_cofig, sshd_cofig, ad host keys). Backig Up Your Cofiguratio To back up your curret cofiguratio to a file, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the mai meu bar; the select meu > Backup/Restore Cofiguratio from the modify system parameters scree. The backup/ restore scree (see Figure 30 o page 57) appears i the right frame. Figure 30 Backig up your Equalizer cofiguratio 3. Click the backup butto. 4. Whe prompted, specify the locatio where you wat to save the cofiguratio file; the click OK. Restorig a Saved Cofiguratio To restore a saved cofiguratio, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Global Cofiguratio from the mai meu bar; the select meu > Backup/Restore Cofiguratio from the modify system parameters scree. The backup/ restore scree (see Figure 30 o page 57) appears i the right frame. 3. Click the restore butto. Figure 31 Restorig a saved cofiguratio 4. Click Browse... to locate ad select the cofiguratio file that you wat to use to restore the Equalizer cofiguratio. Equalizer Istallatio ad Admiistratio Guide 57

68 Chapter 5:Cofigurig Equalizer Operatio 5. Click restore to upload the cofiguratio file. Equalizer automatically reboots to update the cofiguratio. Note Be very careful whe restorig cofiguratios. The saved IP iformatio could cause coflicts o the etwork if the restored file comes from aother Equalizer (for example, its backup). If this happes, use the cosole-based Equalizer Cofiguratio Utility to re-cofigure the restored cofiguratio s IP addresses. See Cofigurig Equalizer Hardware o page 21. Shuttig Dow Equalizer Before turig off Equalizer or discoectig the power, you should perform a clea shutdow. To shut dow Equalizer clealy, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. Select Equalizer > Shut Dow Equalizer from the Equalizer meu i the mai meu bar. A cofirmatio dialog box appears (see Figure 32 o page 58). Figure 32 The Shutdow cofirmatio dialog box 3. I the cofirmatio dialog box, click OK to cofirm that you really wat to shut dow Equalizer (or click Cacel to abort the shutdow request). If you click OK, Equalizer immediately iitiates the shutdow cycle. After waitig 30 secods, you ca safely power dow the Equalizer. Rebootig Equalizer You will oly eed to reboot the Equalizer after you have cofigured its failover. 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. Select Equalizer > Reboot from the Equalizer meu i the mai meu bar. A cofirmatio dialog box appears. 3. I the cofirmatio dialog box, click OK to cofirm that you really wat to reboot Equalizer. 58 Equalizer Istallatio ad Admiistratio Guide

69 6 Admiisterig Virtual Clusters Workig with Virtual Clusters A virtual cluster acts as the etwork-visible frot-ed for a group of servers. Use the Equalizer Admiistratio Iterface to add, cofigure, or remove virtual clusters ad the servers that belog to them. The figure below shows a coceptual diagram of a Equalizer with three clusters. Figure 33 A Equalizer with three defied clusters The parameters you specify whe settig up a virtual cluster determie how the Equalizer maages coectios betwee the Equalizer ad the servers i a cluster, ad how icomig requests are routed through the Equalizer to the cluster. Before begiig to defie a cluster, we recommed that you read this chapter i its etirety so that you ca: Select a IP address to use for the cluster ad for each server i the cluster. Determie the protocol (HTTP, HTTPS, Layer 4 TCP, or Layer 4 UDP) will be used to commuicate betwee the Equalizer ad the servers i the cluster. Determie the load balacig policy (roud robi, static weight, adaptive, fastest respose, least coectios, or server aget) that the Equalizer will use to decide how to route icomig requests to the servers i the cluster. Determie the resposiveess of the Equalizer to chagig loads; that is, how ofte ad to what degree does the Equalizer adjust the dyamic weights of the servers i the cluster. Determie the optioal settigs ad flags to be used (if ay) o the cluster ad its servers. Equalizer Istallatio ad Admiistratio Guide 59

70 Chapter 6: Admiisterig Virtual Clusters Addig a Virtual Cluster To add a ew virtual cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. Select Add > Virtual Cluster from the mai meu bar. The add cluster scree appears i the right frame (see Figure 34). Aother way to display this scree is to view the Equalizer status ad select Add Virtual Cluster from the local meu. Figure 34 Addig a virtual cluster 3. Eter the cluster ame, which is the logical ame for the cluster, or accept Equalizer s default. Each cluster must have a uique ame that begis with a alphabetical character (for example, CPImages). 4. Select oe of the followig protocol types for the cluster: HTTP, Equalizer passes web server requests ad route requests to particular servers based o the cotet of the request ad various load-balacig criteria. (This protocol supports Layer 7 load balacig.) 60 Equalizer Istallatio ad Admiistratio Guide

71 Workig with Virtual Clusters HTTPS, Equalizer passes secure web server requests ad route requests to particular servers based o the cotet of the request ad various load-balacig criteria. (This protocol supports Layer 7 load balacig.) L4 TCP, Equalizer passes TCP-based requests ad route requests based o cofigured load balacig criteria, the IP address, ad TCP port umber. Load balacig based o geeric coectio protocols ca be quite efficiet; however, routig decisios caot take ito accout the cotet of the request. (This protocol supports Layer 4 load balacig.) L4 UDP, Equalizer passes TCP-based requests ad route requests based o cofigured load balacig criteria, the IP address, ad UDP port umber. Load balacig based o the geeric coectio protocols ca be quite efficiet, but routig decisios caot take ito accout the cotet of the request. (This protocol supports Layer 4 load balacig.) Whe you first ope the add cluster scree, it displays the fields for the HTTP protocol, as show i Figure 34 o page 60. Whe you chage the protocol i the drop dow box, the available fields o the form chage to iclude the fields appropriate for the chose protocol. Note O the Equalizer E250si, Layer 7 cotet-based load balacig is ot supported; HTTP ad HTTPS are ot available choices for protocol. Load balacig of HTTP ad HTTPS packets o the E250si is accomplished through Layer 4 TCP load balacig. 5. Eter the ip address, which is the dotted decimal IP address of the cluster. The IP address of the cluster is the exteral address (for example, ) with which cliets coect to the cluster. 6. For HTTP ad HTTPS protocol clusters, eter the port: the umeric port umber o the Equalizer to be used for traffic betwee Equalizer ad the servers i the cluster. For HTTP clusters, the port defaults to 80. For HTTPS clusters, the port automatically defaults to 443. For L4UDP ad L4TCP protocol clusters, a port rage ca be defied usig the start_port ad ed_port fields. These are the ports o the Equalizer to be used to sed traffic to the servers i the cluster. Port rages allow Equalizer users to create a sigle cluster to cotrol the traffic for multiple, cotiguous ports. There are two typical uses for port rages: Specific applicatios that require a rage of ports. The eed to ope up access to servers behid the Equalizer for all ports. Eter the first port umber i the start_port field (which is required). Eter the ed port umber i the ed_port field. (If ed_port is ot visible, check the advaced flag.) Whe the ed_port field is left with a value of zero (the default), Equalizer disables the port rage feature ad uses the start_port as the server port. The start_port caot be higher tha ed_port whe ed_port is ozero. The port defied for a server i the cluster for which a port rage is defied idicates the port o the server that starts the rage of ports to be opeed. See Step 6 o page 78, uder Addig a Server to a Cluster Note Old cofiguratio files will still work the port sectio for clusters will be iterpreted as havig a port rage of start port beig the same as ed port. The port sectio will remai the same i the cofiguratio file util the cluster is chaged, at which poit start_port ad ed_port will be writte to the file. Equalizer Istallatio ad Admiistratio Guide 61

72 Chapter 6: Admiisterig Virtual Clusters 7. For all cluster protocols, choose the appropriate load-balacig policy to be used by this cluster. Choose from roud robi (default), static weight, adaptive, fastest respose, least coectios, or server aget. For more iformatio, refer to Cofigurig a Cluster s Load- Balacig Optios o page Eter values for: resposiveess sets the load-balacig respose settig for this cluster. For more iformatio, refer to Cofigurig a Cluster s Load-Balacig Optios o page 65. ACV probe is the active cotet verificatio probe strig. For more iformatio, refer to Usig Active Cotet Verificatio (ACV) o page 72. ACV respose is the active cotet verificatio respose strig. For more iformatio, refer to Usig Active Cotet Verificatio (ACV) o page 72. server aget port is the port used to cotact server agets. The default port is Set the flags: disable causes the cluster to be uavailable. Use this flag whe you are experimetig with a cluster s settigs ad you do ot wat the cluster to liste for requests. server aget has Equalizer use server agets gather performace statistics from the servers i the cluster. If you eable this optio, you must ru Server Aget daemos o each server i the cluster ad must specify a value i server aget port (default is port 1510). See the appedix, Usig Server Agets o page 125, for more iformatio about cofigurig server agets. igore case causes all of the cluster s match rules to use case isesitive comparisos whe this box is checked. You ca override this settig by chagig igore case for a specific match rule. 10. For HTTP ad HTTPS clusters, choose from the followig optios: spoof causes Equalizer to spoof the cliet IP address whe Equalizer routes a request to a server i a virtual cluster. This optio is checked by default. If you disable this optio, the server receivig the request will see the Equalizer s address as the cliet address because the TCP coectio to the cliet is termiated whe the request is routed. Whe this is eabled, Equalizer must be the default route. persist istructs Equalizer to use cookies to maitai a persistet sessio betwee a cliet ad a particular server. This optio is o by default. Equalizer stuffs a cookie ito the server s respose header o its way back to the cliet. This cookie uiquely idetifies the server to which the cliet was just coected. With persist eabled, Equalizer routes oly the first request from a cliet usig load balacig criteria. oce oly limits Equalizer to match oly the first request of ay cliet makig multiple requests across a TCP sessio. 11. For HTTP ad HTTPS clusters, if you eable persist, you may eed to adjust the followig: always icludes a cookie i the respose whether or ot the server actually set a cookie. If this is ot selected, Equalizer oly seds a persistece cookie whe the server seds a cookie of its ow. cookie age sets the time, i secods, over which the cliet browser maitais the cookie. After the specified umber of secods have elapsed, the browser ca delete the cookie ad ay subsequet cliet requests will be hadled by Equalizer s load-balacig algorithms. 62 Equalizer Istallatio ad Admiistratio Guide

73 Workig with Virtual Clusters cookie domai limits the preseted cookie oly to servers whose host ame is withi the specified domai. For example, if the cookie domai is coyotepoit.com, the browser will oly preset the cookie to servers i the coyotepoit.com domai (for example, or my.coyotepoit.com). cookie path presets the cookie oly whe the path compoet of the request URI has the same prefix as that of the specified path. For example, if the cookie path is /store/, the browser presets the cookie oly if the request URI icludes a path such as /store/mypage.html. 12. For HTTPS clusters, choose from the followig optios: x509 verify has Equalizer check that the certificate meets the X.509 stadard whe you upload a certificate. Certai self-siged or chaied certificates will ot pass this verificatio ad i that istace, you will wat to disable the test. To see this flag, check the advaced flag. dot muge forces Equalizer to pass resposes from the cluster s servers without rewritig them. I the typical Equalizer setup, you cofigure the servers i a HTTPS cluster to liste ad respod usig HTTP; Equalizer commuicates with the cliets usig SSL. If a server seds a HTTP redirect usig the Locatio: header, this URL most likely will ot iclude the https: protocol. Equalizer rewrites (muges) resposes from the server so that they are HTTPS. You ca direct Equalizer pass resposes from the server without rewritig them by eablig the dot muge flag. 13. For L4 TCP ad L4 UDP clusters, choose from the followig optios: sticky time is the umber of secods that Equalizer should remember coectios from cliets. If you do't eed sticky coectios, set this optio to 0. For more iformatio, refer to Eablig Sticky Coectios o page 71. itercluster sticky is a optio that whe eabled esures that Equalizer directs requests from a particular user to the same server, eve if the coectio is to a differet virtual cluster. For more iformatio, refer to Eablig Sticky Coectios o page 71. probe ssl (L4 TCP oly) causes Equalizer to use SSL whe it seds the ACV probe strig. For more iformatio, refer to Usig Active Cotet Verificatio (ACV) o page Click the commit butto to add the virtual cluster. Equalizer ca refuse a Add Cluster commad for several reasos, icludig: Attemptig to add a cluster address that is already cofigured or is cofigured as a server address Specifyig a ivalid cluster ames Specifyig a ivalid IP address or port umber Attemptig to add more clusters tha are supported by Equalizer Advaced Cluster Fields ad Flags Whe you check the advaced flag check box at the bottom of the add cluster or modify cluster screes, additioal fields are displayed. For most operatios the default values are acceptable. The modifiable fields are described below: Equalizer Istallatio ad Admiistratio Guide 63

74 Chapter 6: Admiisterig Virtual Clusters probe_port field works for both Layer 4 ad Layer 7 clusters. It is used to select oe port o the Equalizer to be used to for all cotet probes of the system (such as ACV) as well as protocol-specific health checks. I previous implemetatios, probig was always doe o the server port. However with a port rage (see Step 6 o page 61), it caot be assumed that the first port i the rage will have a service ruig o it. By default, the probe_port field is set to zero ad the Equalizer uses the start_port (for L4) or port (for L7) field value for the probe port. To chage the default behavior, set probe_port to a specific port umber. A probe_port value ca be set o the servers i the cluster as well; see Step 7 o page 78 uder Addig a Server to a Cluster. (Note that the server aget port remais a separate port that is used oly for server aget commuicatio; see Step 8 o page 62.) etmask is the etmask that applies to this cluster ad is used to defie a IP subet that is differet tha the IP subet defied for the exteral iterface. It is assumed that the customer has the proper routig i place for cliets to access multiple IP subets defied o the Equalizer. sed buffer applies to L7 clusters ad is the amout of memory i kilobytes reserved by each L7 proxy process to store outgoig data before it is placed o the etwork iterface. receive buffer applies to L7 clusters ad is the amout of memory i kilobytes reserved by each L7 proxy process to store data that has bee received o a iterface before it is processed by a L7 proxy process. request max applies to L7 clusters ad is the maximum umber of kilobytes allotted for HTTP request headers. respose max applies to L7 clusters ad is the maximum umber of kilobytes allotted for HTTP respose headers. cookie geeratio applies to L7 clusters ad is a value added to cookies whe the cookie scheme is 2 or greater. I order for cookies to be valid, cookie geeratio must match the equivalet umber embedded i the cookie. Coversely if you eed to ivalidate old cookies, icremet this umber. probe delay is the umber of secods betwee successive probes of the cluster s servers. coect timeout applies to L7 clusters ad is the time i secods that Equalizer waits for a server to respod to a coectio request. cliet timeout applies to L7 clusters ad is the time i secods that Equalizer waits before closig a idle cliet coectio. server timeout applies to L7 clusters ad is the time i secods that Equalizer waits before closig a idle server coectio. cipher suite applies to HTTPS clusters ad restricts the cipher suite offered by the server. Whe XCEL is detected, the Equalizer restricts the default cipher-suite to those accelerated by XCEL. If this is too restrictive, you ca clear out the cotets of this field. sub-daemo max applies to HTTPS clusters ad is the maximum umber of sub-daemos servicig the cluster. 64 Equalizer Istallatio ad Admiistratio Guide

75 Workig with Virtual Clusters sessio cache timeout applies to HTTPS clusters ad is umber of secods that Equalizer waits before disposig of a SSL sessio cache etry. sessio cache kbytes applies to HTTPS clusters ad maximum umber of kilobytes allotted to a SSL sessio cache. cliet certificate verificatio depth applies to HTTPS clusters ad idicates the depth to which certificate checkig is doe o the cliet certificate chai. The default of 2 idicates that the cliet certificate (level 0) ad two levels above it (levels 1 ad 2) are checked; ay certificates above level 2 i the chai are igored. x509 verify applies to HTTPS clusters ad specifies that the server will perform x.509 validatio o the certificate (or certificates) used to validate coectios. certify_cliet applies to HTTPS clusters ad idicates whether the server asks the cliet for a cliet certificate whe a cliet request is received. require certificate applies to HTTPS clusters ad idicates whether the server requires a cliet certificate whe a cliet request is received. verify oce applies to HTTPS clusters ad idicates that the server will verify certificates oly o the first cliet request, eve if SSL is reegotiated. ssl_uclea_shutdow applies to HTTPS clusters ad should be checked if you see errors (caot see pages) while tryig to maitai HTTPS persistet coectios over HTTP/1.1. This problem especially applies to coectios betwee Iteret Explorer ad Apache Servers ad usually occurs itermittetly. Deletig a Virtual Cluster You caot delete a cluster with servers assiged to it. So, before attemptig to delete the cluster, delete all servers from the cluster. For iformatio about removig servers from a cluster, refer to Deletig a Server o page 79. To delete a cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the ame of the cluster to be deleted. The cluster s parameters appear i the right frame. 3. Select Delete Cluster from the local meu. 4. Whe prompted, click OK to cofirm that you wat to remove the cluster permaetly. Cofigurig a Cluster s Load-Balacig Optios Cofigure load balacig policy ad respose settigs for each cluster idepedetly. Multiple clusters do ot eed to use the same load balacig cofiguratio eve if the same physical server machies host them. For example, if oe cluster o port 80 hadles HTML traffic ad oe o port 8000 serves images, you ca cofigure differet load balacig policies for each cluster. Whe you use adaptive load balacig (that is, you have ot set the cluster s load balacig policy to roud robi or static weight), you ca adjust Equalizer to optimize cluster performace. For more iformatio, see Adjustig a Server s Static Weight o page 79. Equalizer Istallatio ad Admiistratio Guide 65

76 Chapter 6: Admiisterig Virtual Clusters Equalizer s Load Balacig Policies Equalizer supports the followig load balacig policies, each of which is associated with a particular algorithm that Equalizer uses to determie how to distribute requests amog the servers i the cluster: roud robi load balacig distributes requests equally amog all the servers i the cluster. Equalizer dispatches the first icomig request to the first server, the secod to the secod server, ad so o. Whe Equalizer reaches the last server, it repeats the cycle. If a server i the cluster is dow, Equalizer does ot sed requests to that server. This is the default method. The roud robi method does ot support Equalizer s adaptive load balacig feature; so, Equalizer igores the servers static weights ad does ot attempt to dyamically adjust server weights based o server performace. static weight load balacig distributes requests amog the servers depedig o their static weights. A server with a higher static weight gets a higher percetage of the icomig requests. Thik of this method as a weighted roud robi implemetatio. Static weight load balacig does ot support Equalizer s adaptive load balacig feature; Equalizer does ot dyamically adjust server weights based o server performace. adaptive load balacig distributes the load accordig to the followig performace idicators for each server. Server respose time is the legth of time for the server to begi sedig reply packets after Equalizer seds a request. Active coectio cout shows the umber of coectios curretly active o the server. Server aget value is the value retured by the server aget daemo ruig o the server. fastest respose load balacig dispatches the highest percetage of requests to the server with the shortest respose time. Equalizer does this carefully: if Equalizer seds too may requests to a server, the result ca be a overloaded server with slower respose time. The Fastest Respose policy optimizes the cluster-wide respose time. Uder Fastest Respose, Equalizer checks the umber of active coectios ad server aget values (if cofigured); but both of these have less of a ifluece tha they do uder adaptive load balacig. Eve if a server s respose time is the fastest i the cluster but its active coectio cout ad server aget values are high, Equalizer might ot dispatch ew requests to that server. least coectios load balacig dispatches the highest percetage of requests to the server with the least umber of active coectios. I the same way as Fastest Respose, Equalizer tries to avoid overloadig the server so it checks the server s respose time ad server aget value. Least Coectios optimizes the balace of coectios to servers i the cluster. server aget load balacig dispatches the highest percetage of requests to the server with the lowest server aget value. I a similar way to Fastest Respose, Equalizer tries to avoid overloadig the server by checkig the umber of coectios ad respose time. This method oly works if server agets are eabled. For more iformatio about server agets, see Cofigurig a Cluster to Use Server Agets o page Equalizer Istallatio ad Admiistratio Guide

77 Workig with Virtual Clusters Equalizer s Load Balacig Respose Settigs The resposiveess settig cotrols how aggressively Equalizer adjusts the servers dyamic weights. Equalizer provides five respose settigs: Slowest, Slow, Medium, Fast, ad Fastest. The respose settig affects the dyamic weight spread, weight spread coefficiet, ad optimizatio threshold that Equalizer uses whe it performs adaptive load balacig: Dyamic Weight Spread idicates how far a server s dyamic weight ca vary (or spread) from its static weight. Weight Spread Coefficiet regulates the speed of chage to a server s dyamic weight. The weight spread coefficiet causes dyamic weight chages to happe more slowly as the differece betwee the dyamic weight ad the static weight icreases. Optimizatio Threshold cotrols how frequetly Equalizer adjusts dyamic weights. If Equalizer adjusts server weights too aggressively, oscillatios i server weights ca occur ad cluster-wide performace ca suffer. O the other had, if Equalizer does ot adjust weights ofte eough, server overloads might ot be compesated for quickly eough ad clusterwide performace ca suffer. Modifyig Equalizer s Load Balacig Optios To chage a cluster s load-balacig optios (see Figure 35), follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. I the left frame, click the ame of the cluster whose parameters to be chaged. Equalizer displays the cluster s parameters i the right frame. Equalizer Istallatio ad Admiistratio Guide 67

78 Chapter 6: Admiisterig Virtual Clusters 3. Select meu > Chage Cluster Parameters. Equalizer opes the modify cluster scree i the right frame. Figure 35 Chagig load balacig optios 4. Select a policy. 5. Choose a resposiveess. 6. Click the commit butto. Aggressive Load Balacig After you fie-tue the static weights of each server i the cluster, you might discover that Equalizer is ot adjustig the dyamic weights of the servers at all: the dyamic weights are very stable, eve uder a heavy load. I this case, you might wat to set the cluster s load balacig respose parameter to fast. The Equalizer tries to optimize the performace of your servers more aggressively; this should improve the overall cluster performace. For more iformatio about settig server weights, see Adjustig a Server s Static Weight o page 79. Dyamic Weight Oscillatios If you otice a particular server s dyamic weight oscillates (for example, the dyamic weight varies from far below 100 to far above 100 ad back agai), you might beefit by choosig slow 68 Equalizer Istallatio ad Admiistratio Guide

79 Workig with Virtual Clusters respose for the cluster. You should also ivestigate the reaso for this behavior; it is possible that the server applicatio is behavig erratically. Providig FTP Services o a Virtual Cluster Virtual clusters that provide service o the FTP cotrol port (port 21) must be layer 4 ad have special requiremets: FTP clusters occupy two virtual cluster slots, eve though oly oe appears. This permits Equalizers NAT subsystem to rewrite server-origiated FTP data coectios as they gateway to the exteral etwork. FTP data coectios always have a sticky time of oe secod. This is ecessary to support the passive mode FTP data coectio that most web browsers use. FTP virtual clusters do ot support port redirectio. For more iformatio about supportig passive mode FTP data coectios, refer to Eablig Passive FTP Coectios o page 50. Cofigurig a Cluster to Use Server Agets A server aget collects performace statistics from a server. If you cofigure a cluster to use server agets, Equalizer periodically cotacts the server aget daemo ruig o each server ad dowloads the server performace statistics. You ca also customize server agets to report o server resource availability; the Equalizer ca stop sedig requests to a server if a database or other vital resource is uavailable. Note Whe you cofigure a cluster to use server agets, each server i the cluster must ru a server aget daemo, so that the aget ca provide status iformatio to the Equalizer. If o aget is ruig o a server i a cluster cofigured to use the server aget load balacig policy, the the Equalizer will load balace without usig the aget retur value for that server (uless pedatic aget is set for the cluster, i which case Equalizer regards that server as dow). To cofigure a cluster to use server agets (see Figure 36), follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the ame of the cluster to be cofigured. The cluster s parameters appear i the right frame. 3. Select Chage Cluster Parameters from the local meu. The modify cluster scree opes i the right frame. 4. Check the server aget checkbox. Equalizer Istallatio ad Admiistratio Guide 69

80 Chapter 6: Admiisterig Virtual Clusters 5. I the server aget port field, specify the port used to cotact the server agets. Figure 36 Cofigurig a cluster to use server agets 6. Click the commit butto. For iformatio about writig your ow server agets ad usig agets to moitor server resource availability, see Usig Server Agets o page 125. Eablig Persistet Sessios For HTTP ad HTTPS clusters that support Layer 7 (L7) load balacig, you ca use cookies to maitai a persistet sessio betwee a cliet ad a particular server for the duratio of the sessio. For L4 TCP ad L4 UDP clusters, which oly support L4 load balacig, you ca use IP-address based sticky coectios to maitai persistet sessios. Whe you use cookie-based persistece (persist checkbox) for HTTP ad HTTPS clusters, Equalizer stuffs a cookie ito the server s respose header o its way back to the cliet. This cookie uiquely idetifies the server to which the cliet was coected ad is icluded automatically i subsequet requests from the cliet to the same cluster. Equalizer ca use the iformatio i the cookie to route the requests to the same server. If the server is uavailable, Equalizer automatically selects a differet server. 70 Equalizer Istallatio ad Admiistratio Guide

81 Workig with Virtual Clusters Eablig Sticky Coectios Equalizer uses sticky coectios to maitai persistet sessios for L4 TCP ad L4 UDP clusters. The sticky time period is the legth of time over which Equalizer esures that it directs ew coectios from a particular cliet to the same server. The timer for the sticky time period begis to expire as soo as there are o active coectios betwee the cliet ad the cluster. If Equalizer establishes a ew coectio to the cluster, Equalizer resets the timer for the sticky time period. Whe you eable sticky coectios, the memory ad CPU overhead for a coectio icrease. This overhead icreases as the sticky period icreases. You should use the shortest reasoable period for your applicatio ad avoid eablig sticky coectios for applicatios uless they eed it. For most clusters, a reasoable value for the sticky time period is 600 secods (that is,10 miutes). If your site is extremely busy, cosider usig a shorter sticky time period. Whe you eable iter-cluster stickiess, you ca esure that Equalizer directs requests from a particular cliet to the same server eve if the coectio is to a differet virtual cluster. Itercluster stickiess oly works for L4 clusters. Although L7 clusters automatically provide itercluster stickiess, iter-cluster stickiess will ot work betwee L4 ad L7 clusters. You must eable iter-cluster stickiess for all the clusters to be boud together. The clusters with eabled iter-cluster stickiess should cotai idetical sets of server IP addresses. For example: Cluster Server srv1@ Server srv2 Cluster Server srv1@ Server srv2 To eable sticky coectios (see Figure 37), follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the ame of the cluster to be cofigured. The cluster s parameters appear i the right frame. Equalizer Istallatio ad Admiistratio Guide 71

82 Chapter 6: Admiisterig Virtual Clusters 3. Select Chage Cluster Parameters from the local meu. The modify cluster scree opes i the right frame. Figure 37 Settig the sticky time period 4. I the sticky time field, specify the sticky time period i secods greater tha zero. 5. To direct all requests from a particular cliet to the same server eve if the coectio is to a differet virtual cluster, check the iter-cluster sticky checkbox. Note You ca tur o iter-cluster stickiess oly if you have eabled sticky coectios by specifyig a sticky time greater tha zero. 6. Click the commit butto. Usig Active Cotet Verificatio (ACV) Active Cotet Verificatio (ACV) is a mechaism for checkig the validity of a server. Whe you eable ACV for a cluster, Equalizer requests data from each server i the cluster ad verifies that the retured data cotais a character strig that idicates that the data is valid. You ca use ACV with most etwork services that support a text-based request/respose protocol, such as HTTP. However, you caot use ACV with UDP-based services. Cotrollig Server Verificatio Iformatio Specify a ACV probe strig ad a ACV respose strig to cotrol the iformatio that Equalizer uses to verify the servers. Equalizer uses the probe strig to request data from each server. To verify the server s cotet, Equalizer searches the retured data for the respose strig. By default, Equalizer expects to receive a respose withi 10 secods whe performig active cotet verificatio. If there is o respose or the respose strig does ot appear i the first 1024 characters 72 Equalizer Istallatio ad Admiistratio Guide

83 Workig with Virtual Clusters of the respose, the verificatio fails ad Equalizer stops routig ew requests to that server. However, if Equalizer uses cookie-based persistece for a HTTP or HTTPS cluster, Equalizer cotiues to route requests from cookie holders to the server util its weight goes to zero. For example, the HTTP protocol eables you to establish a coectio to a server, request a file, ad read the result. Figure 38 illustrates the coectio process whe a user requests a telet coectio to a HTTP server ad requests a HTML page. > telet 80 Coected to > GET /idex.html <HTML> <TITLE>Welcome to our Home Page</TITLE> </HTML> Coectio closed by foreig host. User requests coectio to server. Telet idicates coectio is established. User seds request for HTML page. Server respods with requested page. Telet idicates server coectio closed. Figure 38 Retrievig cotet from a server via telet. Equalizer ca perform the same exchage automatically ad verify the server s respose by checkig the retured data agaist a expected result. Specify a ACV probe strig ad a ACV respose strig to cotrol the iformatio that Equalizer uses to perform the verificatio. Equalizer uses the probe strig to request data from each server. To verify the server s cotet, Equalizer searches the retured data for the respose strig. For example, you ca use GET /idex.html as the ACV probe strig ad you ca set the respose strig to some text, such as Welcome i the example i Figure 38, which appears o the home page. Similarly, if you have a Web server with a PHP applicatio that accesses a database, you ca use ACV to esure that all the compoets of the applicatio are workig. You could set up a PHP page called test.php that accesses the database ad returs a page cotaiig ALL OK if there are o problems. The you would eter the followig values o the add cluster or modify cluster screes: If the page that is retured cotais the correct respose strig (i the first 1000 characters, icludig headers) the server is marked up ; if ALL OK were ot preset, the server is marked dow. The respose strig should be text that appears oly i a valid respose. This strig is casesesitive. A example of a poorly chose strig would be HTML, sice most web servers automatically geerate error pages that cotai valid HTML. Equalizer Istallatio ad Admiistratio Guide 73

84 Chapter 6: Admiisterig Virtual Clusters Eablig ACV To eable ACV, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. I the left frame, click the ame of the cluster to be cofigured. The cluster s parameters appear i the right frame. 3. Select Chage Cluster Parameters from the local meu. The modify cluster scree opes i the right frame. 4. I the ACV probe field, specify a o-empty strig. Equalizer seds this strig to each server i the cluster to request verifiable data. Note Whe you set up a L7 cluster ad add a probe strig, \r\ (that is, a carriage retur followed by a lie feed ) is automatically added to the ed of the strig. O the other had, whe you set up a L4 cluster ad add a probe strig, \r\ is ot automatically added to the ed of the strig. The reaso for this differet behavior is that L7 kows the protocol is HTTP/HTTPS but L4 does ot kow the protocol to be used for the probe. If required for a L4 cluster, these characters eed to be added maually. 5. I the ACV respose field, specify a case-sesitive strig that is ot empty. Equalizer uses this strig to verify the data with which the server respods to the ACV probe. For cotet verificatio to succeed, the specified strig must appear i the first 1024 characters of the server s respose (icludig ay headers). 6. Click the commit butto. Usig Secure Server Certificates for HTTPS Clusters For HTTPS clusters, Equalizer supports the use of secure server ad cliet certificates. Whe you istall the certificates o Equalizer, Equalizer hadles the ecessary autheticatio with cliets ad commuicates i clear text with the servers i the HTTPS cluster. For eve faster ecryptio ad decryptio, equip your Equalizer with a XCEL card. Equalizer supports server certificates from Trusted Root Certificate Authorities ad from certificate authorities (CAs) without their ow Trusted Root CA certificates. If a CA without its ow Trusted Root CA certificate issues your certificate, you may eed to istall two certificates: a server certificate ad a chaied root certificate for the CA. The chaied root certificate associates the server certificate with a Trusted Root CA certificate. Coyote Poit s web site has some iformatio about geeratig certificates. Istallig a Certificate for a HTTPS or SSL Cluster To support secure coectios to a HTTPS cluster, you must istall a secure server certificate issued by a certificate authority (CA) such as VeriSig or Thawte. Util you istall the certificate, the cluster is disabled ad its ame appears red i Equalizer. After istallig the certificate, the ame for a cluster turs gree. Certificates are associated with host ames ad ot IP addresses, therefore you do ot eed a separate certificate per server i a cluster. You will eed a separate certificate per cluster. You ca istall certificates i a PEM or PKCS12 format. To istall a certificate, follow these steps: 74 Equalizer Istallatio ad Admiistratio Guide

85 Workig with Virtual Clusters 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. I the left frame, click the ame of the HTTPS cluster for which you wat istall a certificate. The cluster s parameters appear i the right frame. If o certificate is istalled for the cluster, you will see a warig message above the parameters statig that you must istall a certificate to activate the cluster. 3. Look at the cluster s parameters. If x509 verify is checked, Equalizer will verify that the certificate is compliat with the X.509 stadard. Certai self-siged or chaied certificates will ot pass this verificatio. If you have trouble uploadig your certificate, you may eed to disable this field. 4. Select meu > Maage SSL Certificates. The istall SSL certificate scree appears i the right frame. Figure 39 The istall certificate scree 5. Make sure that the cluster radio butto is selected at the top of the scree, ad eter the full path ame of the certificate file (or click Browse to select the file through the Choose File dialog box). The certificate file should be a PEM-ecoded or PKCS12-ecoded composite Certificate ad Private Key. 6. If applicable, eter the password for the certificate. Whe you eter a password for a passwordprotected certificate, the certificate is protected oly if you have a XCEL card istalled o the Equalizer. Note Whe you upload a composite certificate, your private key is stored o the Equalizer. Keep i mid that users with access to the Equalizer will potetially have access to your private key. A optioal XCEL SSL accelerator card is available for the Equalizer that provides secure key storage as well as hardware-based SSL ecryptio ad decryptio. Whe you upload your private key to a Equalizer with the XCEL SSL accelerator istalled, the key is stored i writeoly memory that ca oly be accessed by the accelerator hardware. This prevets uauthorized access to your private key. 7. Click upload to upload ad istall the specified certificate. Istallig a Chaied Root or Itermediate Certificate If your certificate authority issued you a chaied root certificate, you must istall this to complete the istallatio process for HTTPS clusters. The chaied root certificate must be i a PEM format. To istall a certificate, follow these steps: Equalizer Istallatio ad Admiistratio Guide 75

86 Chapter 6: Admiisterig Virtual Clusters 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. I the left frame, click the ame of the HTTPS cluster for which you wat istall a certificate. The Cluster Parameters frame appears i the right frame. If o certificate is istalled for the cluster, you will see a warig message above the cluster parameters. The message states that you must istall a certificate to activate the cluster. 3. Select Maage SSL Certificates from the local meu i the Cluster Parameters frame. The Istall SSL Certificate scree appears i the right frame (see Figure 39 o page 75). 4. Make sure that the cluster radio butto is selected at the top of the scree, ad the eter the full path ame of the certificate file (or, click Browse to select the file through the Choose File dialog box). The certificate file should be a PEM-ecoded or PKCS12-ecoded Certificate Authority budle. 5. Click Upload to upload ad istall the specified certificate. Usig Certificates with the XCEL SSL Accelerator Card The Equalizer XCEL SSL accelerator card is a add-o for Equalizer that provides secure key storage as well as hardware-based SSL ecryptio ad decryptio. All private keys uploaded to a Equalizer with a istalled XCEL card get placed i write-oly memory that ca oly be accessed by the accelerator hardware. This prevets uauthorized access to your private keys. The XCEL card provides 128 kilobits of memory for private keys. This will hold up to 32 fourkilobit keys or 64 two-kilobit keys. If you istall the XCEL card i a productio Equalizer, you must delete ay HTTPS clusters ad add them i order to store the private keys o the card. Usig Certificates i Failover Cofiguratios I failover cofiguratios, you must istall the certificates o the primary ad backup Equalizers. Usig Secure Cliet Certificates for HTTPS Clusters While server certificates autheticate the server to the cliet, aother layer of protectio ca be provided by cliet certificates. Whe the cliet seds a request to the server, the server respods with the server certificate, ad requests a certificate from the cliet. The cliet respods with a certificate that the server the validates; if the validatio passes, the coectio is completed. To specify that the cluster will require a certificate from a cliet whe a cliet request is received, do the followig: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. I the left frame, click the ame of the HTTPS cluster for which you wat istall a certificate. The Cluster Parameters frame appears i the right frame. If o certificate is istalled for the cluster, you will see a warig message above the cluster parameters. The message states that you must istall a certificate to activate the cluster. 3. Select Maage SSL Certificates from the local meu i the Cluster Parameters frame. The Istall SSL Certificate scree appears i the right frame (see Figure 39 o page 75). 4. Make sure that the cliet radio butto is selected at the top of the scree, ad the eter the full path ame of the certificate file (or, click Browse to select the file through the Choose File 76 Equalizer Istallatio ad Admiistratio Guide

87 Maagig Servers dialog box). The certificate file should be a PEM-ecoded or PKCS12-ecoded Certificate Authority budle. 5. Click Upload to upload ad istall the specified certificate. 6. Istall the certificate o all cliet systems that will access the cluster, followig the istructios for the software to be used o the cliet. For example, if the cliet will be usig Iteret Explorer to access the cluster, follow the istructios provided i the IE Help system to istall the certificate. Maagig Servers I this sectio, you will lear how to work with servers: addig them, adjustig their static weight, shuttig them dow, ad deletig them. Addig a Server to a Cluster I geeral, you should cofigure your etwork topology so that Equalizer is the gateway for all traffic for its virtual clusters. Each server i a cluster uses Equalizer as the gateway for ay respose packets to cliets that cotacted the server through a virtual cluster address. However, you do ot eed to cofigure Equalizer as the gateway for the servers i L7 clusters if you have disabled IP spoofig for the cluster. To add a server (see Figure 40) to a virtual cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i Edit mode. 2. I the left frame, click the ame of the cluster to which you wat to add the server. The cluster s parameters appear i the right frame. 3. Select meu > Add Server. The add server scree opes i the right frame. (The figure below shows the scree with the advaced check box eabled.) Figure 40 Addig a server Equalizer Istallatio ad Admiistratio Guide 77

88 Chapter 6: Admiisterig Virtual Clusters 4. Eter server ame, which is the server s logical ame, or accept Equalizer s default. Each server i a cluster must have a uique ame that begis with a alphabetical character, ot a umeral (for example, Phoeix). 5. Eter ip which is the IP address of the server edpoit you are addig to the cluster. 6. Eter port, which is the port umber of the service o the server machie. Uless you wat to set up port redirectio, you ca usually accept the default value, which is the same as the port of the virtual cluster. Note Equalizer performs all the ecryptio ad decryptio for HTTPS clusters, so traffic betwee the Equalizer ad the servers i a HTTPS cluster uses the HTTP protocol. Whe you add servers to a HTTPS cluster, you should cofigure them o port 80. If a port rage has bee defied for the a server s cluster (see Step 6 o page 61, uder Addig a Virtual Cluster ), the the port field i the add server or modify server scree refers to the first port o which to start servicig the cluster start_port. For example: Cluster Port Rage Server Port Port Mappig (exteral to iteral) start_port = 80 ed_port = 90 start_port = 80 ed_port = to to to to to to 110 If there is o service ruig o oe or more ports i the port rage, Equalizer will still attempt to forward traffic to that port ad retur a error code to the cliet, just like what would happe if the cliet was coectig to the server directly. 7. Eable the advaced flag at the bottom of the scree to set a value for probe_port. The default is 0, which meas that the server will use the value i the port field (see above) as the probe_port. Chage this value if you wat to use aother port for health check robes form the Equalizer. (Note that the probe_port o the Equalizer is set i the cluster meus; see Advaced Cluster Fields ad Flags o page 63.) 8. Eter weight, which determies a startig poit (static weight) for the percetage of requests to route to each server. For iformatio about selectig a appropriate static weight, refer to Adjustig a Server s Static Weight o page Eable the hot spare check box if you pla to use this server as a backup server, i case the other servers i the cluster fail. Checkig hot spare forces Equalizer to direct icomig coectios to this server oly if all the other servers i the cluster are dow. You will ot cofigure most servers as hot spares. For example, you might cofigure a server as a hot spare if you are usig licesed software o your servers ad the licese allows you to ru the software oly o oe ode at a time. I this situatio, you could cofigure the software o two servers i the cluster ad the cofigure oe of those servers as a hot spare. Equalizer will use the secod server oly if the first goes dow, 78 Equalizer Istallatio ad Admiistratio Guide

89 Maagig Servers eablig you to make your applicatio available without violatig the licesig terms or havig to buy two software liceses. 10. Eable the quiesce check box to avoid sedig ew requests to the server. This is usually used i preparatio for shuttig dow a HTTP or HTTPS server. Please see Shuttig Dow a Server Gracefully o page Eable the advaced flag if you wat to set the dot probe check box; whe set, dot probe disables health check probes for the server. This is usually used to disable probe checks for a particular server without chagig the probe settigs for the server s cluster. 12. Click the commit butto. Equalizer ca refuse a Add Server commad for several reasos, icludig: Attemptig to add a server address that is already cofigured or is cofigured as a cluster address Specifyig a ivalid IP address or port umber Attemptig to add more servers tha are supported by Equalizer Deletig a Server To delete a server from a virtual cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the ame of the server to be removed. 3. Select Delete Server from the local meu. 4. Whe prompted, click OK to cofirm that you wat to remove the server from the cluster. If you attempt to delete a server with active coectios, a cofirmatio dialog box appears. Click Force to remove the server ayway. This actio removes the server ad deletes the active coectios ad the user sessios they represet. To cacel the deletio, click Cacel. Adjustig a Server s Static Weight Equalizer uses a server s static weight as the startig poit for determiig the percetage of requests to route to that server. Equalizer assigs servers with a higher static weight a higher percetage of the load. The relative values of server static weights are more importat tha the actual values. For example, if a cluster cotais two servers ad oe server has roughly twice the horsepower of the other, settig the static weights to 50 ad 100 is equivalet to settig the static weights to 100 ad 200. If Equalizer is performig adaptive load balacig (ALB), you should geerally use higher static weights. Whe you have eabled Equalizer s ALB feature (ad the load balacig policy is ot set to roud robi or static weight), usig higher static weights will produce fier-graied load balacig. Higher weights eable Equalizer to adjust server weights more gradually; icreasig the weight by 1 produces a smaller chage if the startig weight is 100 tha it does if the startig weight is 50. Dyamic server weights might vary from % of the statically assiged values. To optimize cluster performace, you might eed to adjust the static weights of the servers i the cluster based o their performace. Equalizer Istallatio ad Admiistratio Guide 79

90 Chapter 6: Admiisterig Virtual Clusters Reasoable values for server weights are geerally i the rage Whe you istall servers, set each server's static weight value i proportio to its horsepower. For example, you might assig a P3/900Mhz-based server a value of 100 ad a P3/500Mhz-based server a value of 90. All the static weights i a cluster do ot eed to add up to ay particular umber, but a total that is close to the value 100 is preferable. Note Equalizer stops dyamically adjustig server weights if the load o the cluster drops below a certai threshold. For example, if web traffic slows sigificatly at 4:00 AM PST, Equalizer will ot modify server weights util traffic icreases agai. Because a server s performace characteristics ca be very differet uder low ad high loads, Equalizer optimizes oly for the high-load case. Keep this i mid whe you cofigure ew Equalizer istallatios; to test Equalizer s ALB performace, you ll eed to simulate expected loads. To chage a server s static weight (see Figure 41), follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the ame of the server to be modified. The server s parameters appear i the right frame. 3. Select Chage Server Parameters from the local meu. The modify server scree opes i the right frame. Figure 41 Chagig a server s static weight 4. Eter the ew weight i the weight field. 5. Click the commit butto. Settig Static Weights for Homogeous Clusters If all the servers i a cluster have the same hardware ad software cofiguratios, you should set their static weights to the same value iitially. We recommed that you use a static weight of 100 ad set the load-balacig respose parameter to medium. As with ay ew cofiguratio, you will eed to moitor the performace of the servers uder load for two to three hours. If you observe that the servers differ i the load they ca hadle, adjust their static weights accordigly ad agai moitor their performace. You should adjust server weights by small icremets; for example, you might set the static weight of oe server to 110 ad the other 80 Equalizer Istallatio ad Admiistratio Guide

91 Maagig Servers to 90. Fie-tuig server weights to match each server s actual capability ca easily improve your cluster s respose time by 5 to 10%. Note Equalizer s ALB algorithm ca take miutes to fie-tue cluster performace whe you chage static weights. After you chage static weights, wait 30 miutes before you judge the cluster s ALB performace. Settig Static Weights for Mixed Clusters Equalizer eables you to build heterogeeous clusters usig servers of widely varyig capabilities. Adjust for the differeces by assigig static weights that correspod to the relative capabilities of the available servers. This eables you to get the most out of your existig hardware, so you ca use a older server side-by-side with a ew oe. After you assig relative static weights, moitor cluster performace for two to three hours uder load. You will probably fie-tue the weights ad optimize performace of your cluster two or three times. Cotiue moitorig the performace of your cluster ad servers ad watch for ay treds. For example, if you otice that Equalizer always adjusts the dyamic weights so that the weight of oe server is far below 100 ad the weight of aother is far above 100, the server whose dyamic weight is cosistetly beig reduced might have a problem. Shuttig Dow a Server Gracefully To avoid iterruptig user sessios, make sure that a server to be shut dow or deleted from a cluster o loger has ay active coectios. Whe a server s static weight is zero, Equalizer will ot sed ew requests to that server. Coectios that are already established cotiue to exist util the cliet ad server applicatio ed them or they time out because they are idle. To shut dow servers i a geeric TCP or UDP (L4) cluster, you ca set the server s weight to zero ad wait for the existig coectios to termiate. However, you eed to quiesce servers i HTTP ad HTTPS (L7) clusters to eable servers to fiish processig requests for cliets that have a persistet sessio with the server. Whe you quiesce a server, Equalizer does ot route ew coectios from ew cliets to the server, but will still sed requests from cliets with persistet sessio with the server to the server. Oce all the persistet sessios o the server have expired, you ca set the server s static weight to zero so; the Equalizer will ot sed additioal requests to the server. Removig a Layer 7 Server from Service To remove a Layer 7 server from service, follow these steps: 1. I the left frame, click the ame of the server to be quiesced. The server s parameters appear i the right frame. 2. Select Chage Server Parameters from the local meu. The modify server scree opes i the right frame. 3. Check the quiesce checkbox; the click commit to save your chages. 4. Oce all the server s persistet sessios have expired, use Chage Server Parameters to set the server s static weight to zero. Equalizer Istallatio ad Admiistratio Guide 81

92 Chapter 6: Admiisterig Virtual Clusters Removig a Layer 4 Server from Service To remove a Layer 4 server from service, follow these steps: 1. I the left frame, click the ame of the server to be removed. The server s parameters appear i the right frame. 2. Select Chage Server Parameters from the local meu The Chage Server Parameters dialog box opes i the right frame. 3. Set the server s weight to 0; the click commit to save your chages. This actio prevets Equalizer from routig ew coectios to the server. 4. Wait util there are o active coectios ad the server's idle time is greater tha the your applicatio s sessio lifetime before takig the server offlie. To check these values, click o the server i the left frame to show the server s statistics. Testig Virtual Cluster Cofiguratio 1. If you use a two-etwork cofiguratio: after you have cofigured a virtual cluster ad added servers, telet to each of the virtual clusters cofigured o the Equalizer from a system o the exteral etwork. Whe you telet to a virtual cluster from the exteral test machie, Equalizer should coect you to oe of the servers cofigured i the cluster. Repeatedly coect to the same virtual cluster usig several sessios to make sure that Equalizer routes the coectios to differet servers i the cluster. (Equalizer does ot ecessarily select the servers i a roud-robi fashio; it uses the algorithm defied for the cluster to determie the server that gets the ext coectio.) You also ca use a cliet tool such as a Web browser to perform this test. 2. From a cliet machie o the Iteret, coect to each virtual cluster usig a Web browser. For help i resolvig cofiguratio problems, see Appedix D, Troubleshootig. 82 Equalizer Istallatio ad Admiistratio Guide

93 7 Moitorig Equalizer Operatio The Equalizer Admiistratio Iterface provides several moitorig mechaisms that allow you to view the followig: Global cofiguratio iformatio ad coectio statistics for Equalizer A status summary of curretly cofigured clusters ad servers The Equalizer system evet log Cluster cofiguratio parameters Server cofiguratio parameters Graphical plots of the coectio history for idividual clusters ad servers Server iformatio ad log Displayig Equalizer Iformatio To display the global parameters, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i either View or Edit mode. 2. At the top of the colum i the left frame, click the Equalizer etry (or select View > Equalizer status from the mai meu i the right frame). The Equalizer status scree appears i the right frame. The Equalizer status scree (see Figure 42 o page 84) displays iformatio about Equalizer s operatio modes ad overall coectio statistics. Equalizer Istallatio ad Admiistratio Guide 83

94 Chapter 7:Moitorig Equalizer Operatio Figure 42 Equalizer status iformatio Equalizer versio shows the curret, ruig versio of the Equalizer software. system ID shows the uique idetifier for the Equalizer uit. platform shows the type of Equalizer exteral iterface is the ame of this iterface. iteral iterface is the ame of this iterface. exteral address is Equalizer s exteral IP address. iteral address is Equalizer s iteral IP address. stale coectio timeout idicates the umber of secods before a stale coectio is dropped. passive FTP Traslatio idicates whether PASV FTP mode is eabled or disabled. failover mode sigifies whether this Equalizer is a primary or backup uit. Evoy geographic load balacig deotes whether geographic load balacig is curretly eabled. This iformatio appears oly o the E350 ad E450 platforms. SSL acceleratio shows whether the optioal XCEL card is istalled, which eables SSL acceleratio. This iformatio appears oly o the E350 ad E450 platforms. L4 total coectios processed is the umber of Layer 4 (L4) coectios processed. L4 peak coectios processed shows the peak umber of L4 coectios processed per secod sice the Equalizer was last booted. 84 Equalizer Istallatio ad Admiistratio Guide

95 Displayig the System Evet Log L4 coectios timed-out displays the umber of L4 coectios that have timed out. If Evoy is eabled, the followig DNS status iformatio appears at the bottom of the Curret Status sectio: DNS requests received displays the total umber of DNS requests received. ivalid DNS requests received shows the umber of ivalid DNS requests received. Geocluster ot foud shows the umber of requests received for a geocluster that was ot foud. Users of the Equalizer E350/450 will also see this iformatio: L7 curret active coectios is the umber of active Layer 7 (L7) coectios. L7 total coectios processed shows the umber of L7 coectios processed. L7 peak coectios processed is the peak umber of L7 coectios processed per secod sice Equalizer was started. Displayig the System Evet Log The System Evet Log (see Figure 43) displays start-up ad server status messages. You ca view the last 20, 50, 100, 200, 500, or 1000 etries. To view the system evet log ad optioally chage the umber of etries o display, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i either view or edit mode. 2. Select Evet Log from the View meu i the mai meu bar. The log viewer scree appears i the right frame (see Figure 43 o page 86). Equalizer Istallatio ad Admiistratio Guide 85

96 Chapter 7:Moitorig Equalizer Operatio Figure 43 Viewig the system evet log 3. To chage the umber of lies displayed, select a value from the drop-dow list. 4. To look at the logs for the Equalizer, a virtual cluster, or the operatig system, select a log from the log type drop-dow list. To export the cotets of a log, you ca copy text from the log viewer scree ad paste it ito aother applicatio (such as Widows Notepad); the, save the text to a file. 86 Equalizer Istallatio ad Admiistratio Guide

97 SNMP for Equalizer SNMP for Equalizer Simple Network Maagemet Protocol (SNMP) is a ew feature for Equalizer Models E450si ad above. SNMP orgaizes iformatio about the Equalizer ad provides a stadard way to help gather that iformatio. With SNMP, you ca moitor the followig iformatio usig the Maagemet Iformatio Base (MIB) variables: Equalizer s failover siblig Static cofiguratio iformatio, such as: Device ame Iteral ad exteral IP addresses ad etmasks Default gateway Failover alias Dyamic cofiguratio iformatio, such as: Failover status NAT eabled L4 cofiguratio state L7 cofiguratio state Equalizer status L4 Statistics L7 Statistics Equalizer clusters Equalizer servers Equalizer evets SNMP for Equalizer has bee implemeted for SNMPv1 ad SNMPv2c. Settig Up the SNMP Aget The SNMP aget respods to outside SNMP requests. To cofigure the SNMP aget, follow these steps from a Equalizer Admiistratio Iterface i edit mode. 1. Choose Global Cofiguratio from the Equalizer meu. 2. I the modify system parameters scree, click meu ad the select SNMP. The SNMP settigs scree appears i the right frame (see Figure 44). Equalizer Istallatio ad Admiistratio Guide 87

98 Chapter 7:Moitorig Equalizer Operatio Figure 44 The SNMP settigs scree. 3. Eter values for the system descriptio, system locatio, system cotact, ad system ame. Descriptio is the user-assiged descriptio of the Equalizer. Locatio describes its physical locatio. Cotact is the ame of the perso resposible for this uit. Name is the admiistrative ame for the Equalizer. 4. Eter a value for the commuity strig. Ay SNMP maagemet cosole eeds to sed the correct commuity strig alog with all SNMP requests. If the set commuity strig is ot correct, Equalizer discards the request ad will ot respod. 5. Eter a address ad port i trap IP address:port. This specifies where trap messages should be set. Usually this is the address of the machie ruig the SNMP maagemet cosole applicatio. 6. Use the check boxes to eable the correspodig traps. The followig table shows the traps that are eabled or disabled usig the check boxes. Eable server up/dow evets This checkbox cotrols two traps, cpssyseqserverdowev ad cpssyseqserverupev. Equalizer triggers these traps whe it detects either a server failure or a respose from a failed server. For more iformatio about server statuses, please refer to the Equalizer Istallatio ad Admiistratio Guide. 88 Equalizer Istallatio ad Admiistratio Guide

99 SNMP for Equalizer Eable siblig evets Eable failover evets Eable partitio evets This checkbox cotrols two traps, cpssyseqsibligcotactlostev ad cpssyseqsibligcotactokayev. Equalizer triggers these traps wheever it is cofigured as part of a failover pair ad it either loses cotact or regais cotact with its siblig. For more iformatio about failover, please refer to the Equalizer Istallatio ad Admiistratio Guide. This checkbox cotrols oe trap, cpssyseqassumedprimaryroleev. Equalizer seds this trap wheever it assumes primary status. For more iformatio about failover, please refer to the Equalizer Istallatio ad Admiistratio Guide. This checkbox cotrols oe trap, cpssyseqpartitiodetectedev. Equalizer seds this trap wheever it is i failover mode ad detects that both Equalizers have assumed primary status. For more iformatio about failover, please refer to the Equalizer Istallatio ad Admiistratio Guide. 7. Click commit to save the chages. MIB Descriptio Equalizer s Maagemet Iformatio Base (MIB) cotais five major sectios. These sectios describe Equalizer s sibligs (failover), cofiguratio ad status, clusters, servers, ad evets. Each object i the MIB cotais a descriptio field that describes the object s purpose. The MIB files are located at: I the above, <Equalizer-ip> is the IP address of the Equalizer. Sibligs The mai object that describes sibligs is cpssyseqsibligs. This describes ay sibligs for cofiguratios such as failover. Cofiguratio ad Status The mai object, cpssysequalizer, is the largest object i the MIB ad cotais may sub-objects. These sub-objects iclude: eqstaticcfg - This group cotais the static cofiguratio iformatio such as the ame of the Equalizer, the software versio, iteral ad exteral IP addresses ad etmasks, default gateway, failover alias, etc. eqdyamiccfg - This group cosists of several sub-groups ad cotais o variables of its ow. The sub-groups are: eqglobaldyamiccfg - This group cotais a umber of global cofiguratio items icludig failover status, whether or ot outboud NAT is eabled, etc. eql4dyamiccfg - This group cotais cofiguratio variables specific to Layer 4 load balacig, the state of passive FTP, idle timeout, stale timeout, etc. eql7dyamiccfg - This group cotais cofiguratio variables specific to Layer 7 load balacig, icludig sed ad receive buffer sizes, the state of SSL ecryptio, etc. eqstatus - This group cosists of two sub-groups ad cotais o variables of it's ow. The subgroups are. Equalizer Istallatio ad Admiistratio Guide 89

100 Chapter 7:Moitorig Equalizer Operatio eql4status - This group cotais Layer 4 statistics such as umber of coectios processed, peak coectios, ad idle timeout cout. eql7status - This group cotais L7 statistics such as active coectios, peak coectios ad total umber of coectios. Clusters The mai object that describes clusters is cpssyseqclusters. This cosists of a set of tables describig the cofiguratio of, ad operatioal statistics for, all of the virtual clusters cofigured withi the system. Servers The mai object that describes servers is cpssyseqservers. This cosists of a set of tables describig the cofiguratio of, ad operatioal statistics for, all of the servers cofigured withi each virtual cluster withi the system. Evets The mai object that describes Equalizer evets is cpssyseqevets. This cotais variables that cotrol whether or ot traps are globally eabled ad eable flags for each of the idividual trap evets. Displayig the Virtual Cluster Summary The Virtual Cluster Summary (see Figure 45) lists the curretly cofigured virtual clusters ad their associated servers as well as the weight ad status of each server. To view the Virtual Cluster Summary, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i either view or edit mode. 2. Select View > Cluster Summary from the mai meu bar. The cluster summary scree appears i the right frame. Figure 45 Viewig cluster summary iformatio 90 Equalizer Istallatio ad Admiistratio Guide

101 Displayig Cluster Iformatio This summary displays the status at the time the page was loaded. To set this iformatio to automatically refresh, select a refresh iterval. The cluster summary idicates the followig server states: Servers show i gree are curretly active. Servers show i blue are quiescig, that is, hadlig curret coectios but ot acceptig ew oes. Servers show i yellow are cofigured as hot spares. Servers show i red are dow. Equalizer moitors the status of active servers by periodically probig the IP address ad Port specified by the server edpoit. If these probes fail the umber of times specified by the strikeout threshold system parameter (see page 42), it marks the server dow, gives the server a weight of zero, ad stops routig ew requests to that server. A server probe might fail eve if the server machie is up ad ruig. For istace, if the HTTP server daemo fails o a server machie, Equalizer will refuse coectios to that edpoit. Equalizer periodically queries servers that have goe dow to determie if they have become available agai. Whe a server comes back olie, Equalizer begis to route requests to the server, slowly icreasig the server s weight to its full capability. For each server, the summary displays the followig iformatio: weight: The server weights determie the relative proportio of coectio requests that Equalizer routes to each server. If you have eabled automatic load balacig, these weights are the curret, dyamically-adjusted values, ot the static weights iitially assiged by the admiistrator. active: The umber of coectios curretly beig processed by the server. processed: The total umber of coectios that have bee processed by the server sice the system was rebooted. Displayig Cluster Iformatio The cluster scree (see Figure 46) displays iformatio about a cluster s cofiguratio. To display the parameters for a cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i either view or edit mode. 2. I the left frame, click the ame of the cluster whose parameters you wat to view. The cluster scree appears i the right frame. Equalizer Istallatio ad Admiistratio Guide 91

102 Chapter 7:Moitorig Equalizer Operatio Figure 46 Viewig cluster iformatio The cluster scree shows the selected load balacig policy, the load-balacig resposiveess settig, the persistece parameters, ad the server aget parameters. For more iformatio about how Equalizer uses these parameters, see Addig a Virtual Cluster o page 60. Plottig Cluster Performace History The Plot Cluster History feature (see Figure 47) eables you to view a graphical represetatio of the performace history for ay cluster. To plot the performace history for a cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i either view or edit mode. 2. I the left frame, click the ame of the cluster whose history you wat to view. 3. Select Plot Cluster History from the local meu i the cluster scree. The graphical history for the selected cluster appears. 92 Equalizer Istallatio ad Admiistratio Guide

103 Plottig Cluster Performace History Figure 47 Viewig a cluster s graphical history By default, the service time ad active coectios are plotted for the previous five miutes. To chage the iformatio plotted, select the categories ad duratio you wat to plot ad click the Plot butto. To zoom i o a portio of the graph, click the target area. You ca plot five values for a cluster: Servers is the average computed load of all the servers i the cluster. Because server computed loads are ormalized by the cluster-wide average, the cluster-wide average should be 100. Certai evets (for example, rapid fluctuatios i the load, rebootig servers, ad restartig applicatio daemos such as httpd) ca cause spikes i the computed load for the cluster. Service Time is the average service time of all of the servers i the cluster. The service time is the time it takes a server to start sedig reply packets oce it receives a cliet request. The average service time is a reasoable idicatio of the overall performace of the cluster. Active Coectios is the total umber of active coectios o the servers i the cluster. Hit Rate is the umber of coectios served by the cluster each secod. This is a good idicatio of how may hits the site is gettig. Equalizer Istallatio ad Admiistratio Guide 93

104 Chapter 7:Moitorig Equalizer Operatio Server Aget is the average of the dyamic server aget values for all servers i the cluster. If you have ot cofigured server agets, this value defaults to 50 (that is, the value 50 is used by the load balacig algorithm). For more iformatio about these values, see the descriptios i Plottig Server Performace History o page 94. Displayig Server Iformatio The server scree (see Figure 48) provides iformatio about a particular server, icludig the followig: The server s ame ad the ame of the cluster to which the server belogs. The server s IP address ad port. The static weight the admiistrator assiged to the server. Other cofiguratio iformatio such as beig a hot spare or beig quiesced. To display a server s parameters, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i either view or edit mode. 2. I the left frame, click the ame of the server whose parameters you wat to view. The server s parameters appear i the right frame. Figure 48 Viewig server iformatio Plottig Server Performace History The Plot Server feature (see Figure 49) eables you to view a graphical represetatio of the performace history for ay server. To plot the a server s performace history, follow these steps: 94 Equalizer Istallatio ad Admiistratio Guide

105 Plottig Server Performace History 1. Log ito the Equalizer Admiistratio Iterface i either view or edit mode. 2. I the left frame, click the ame of the server whose history you wat to view. 3. Select Plot Server History from the local meu i the server scree. The graphical history for the selected server appears. By default, the active coectios, service time, computed load, ad dyamic weight are plotted for the previous 30 miutes. To chage the iformatio plotted, select the categories ad duratio you wat to plot ad click the Plot butto. To zoom i o a portio of the graph, click the area i which you are iterested. Figure 49 Viewig a server s graphical history You ca plot five values for a server: Active Coectios shows the umber of active coectios o the server. Equalizer smooths the coectio cout usig a slidig-widow smoothig algorithm before beig plotted. If you have eabled the sticky timer, ote that the umber of active coectios o a server will be higher. Service Time idicates the time it takes a server to start sedig reply packets oce it has received a cliet request. This value is very small for servers that are primarily servig static HTML pages typically millisecods. If the server is servig may active pages ad cgi-bis, this value will be much higher. The service time icreases whe the server is uder heavy load because cliet requests are queued util the server ca hadle them. Equalizer Istallatio ad Admiistratio Guide 95

106 Chapter 7:Moitorig Equalizer Operatio Computed Load is a measure of the performace of the server relative to the overall performace of the cluster. Equalizer tries to ormalize the cluster-wide computed load value to 100. If the server s computed load value is above 100, it is performig below the overall cluster performace. Equalizer derives a server s computed load value from its service time, umber of active coectios, ad server aget value (if cofigured). It is also takes ito accout the load balacig policy used by the cluster. Ideally, a server s computed load should be aroud 100, though values i the rage 85 to 115 are reasoable. If the server s computed load is higher tha 115, the server is ot performig well ad you may eed to add servers or upgrade to better servers. If you are usig adaptive load balacig, Equalizer lowers the server s dyamic weight to reduce the umber of coectios set to that server. If the server s computed load value is less tha 85, the server is performig very well ad Equalizer will attempt to improve cluster-wide performace by icreasig the server s dyamic weight to direct more traffic to it. Such adjustmets to the server s weight will i tur affect its computed load value. Dyamic Weight is the percetage of icomig traffic that Equalizer dispatches to this server. For example, if the cluster has three servers with dyamic weights of 100, 80, ad 120, the first server will get 100/( ) or 33.3% of the icomig traffic. If a server is dow, its dyamic weight is zero. If a server crashes ad reboots, the period that the server was dow shows up as a gap i the dyamic weight plot. If you are ot usig adaptive load balacig (for example, the load balacig policy is set to roud robi or static weight), Equalizer does ot use dyamic weights. For more iformatio about settig the load balacig policy ad adaptive load balacig, refer to Cofigurig a Cluster s Load-Balacig Optios o page 65. Server Aget is the value that the server aget daemo returs. Whe queried, the server aget returs a value i the rage -1 to 100. If you have ot cofigured the cluster to use the server aget or the server aget daemo is ot ruig o this server, the server aget value defaults to 50 (that is, a value of 50 is used by the load balacig algorithm). Server aget values above 60 to 70 idicate that the server is overloaded. If this persists ad you have eabled adaptive load balacig, Equalizer respods by reducig the server s dyamic weight so that fewer requests are routed to the server. Note If all your servers have server aget values above 70, you probably have more traffic tha your servers ca hadle efficietly. I this case, Equalizer ca help by itelligetly maagig the overload, but the log-term solutio is to upgrade the servers or add ew oes. Displayig Geographic Cluster Parameters If you have istalled Evoy for your Equalizer, you ca view iformatio about each of the geographic clusters that you have cofigured. For more iformatio about Evoy, refer to Chapter 8, Admiisterig Geographic Clusters o page 113. To view the cluster-wide parameters, follow these steps: 96 Equalizer Istallatio ad Admiistratio Guide

107 Plottig Geographic Cluster Performace History 1. Log ito the Equalizer Admiistratio Iterface i either view or edit mode. 2. I the left frame, click the ame of the geographic cluster whose parameters you wat to view. The Geographic Cluster Parameters scree appears i the right frame. This page cotais the followig iformatio: Geographic Cluster, which is the ame of the cluster. DNS TTL, which is the amout of time, i secods, that a ame server is allowed to cache the domai iformatio. MX Exchager, which is the fully-qualified domai ame that Equalizer will retur if Equalizer receives a mail exchager request for this geographic cluster. The mail exchager is the host resposible for hadlig set to users i the domai. Load Balacig Method idicates the load-balacig method: roud trip, adaptive, site load, or site weight. (For descriptios of these methods, refer to Cofigurig a Geographic Cluster s Load-Balacig Optios o page 119.) Load Balacig Respose shows the type of respose: slowest, slow, medium, fast, or fastest. This value cotrols how aggressively Equalizer adjusts the site s dyamic weights. (For more iformatio about the respose settigs, refer to Addig a Geographic Cluster o page 118.) ICMP Triagulatio shows whether you have eabled ICMP triagulatio, which routes cliet requests to the closest site geographically. Plottig Geographic Cluster Performace History If you have istalled Evoy for your Equalizer, you ca use the Plot Geographic Cluster feature to view a graphical represetatio of the performace history for the selected geographic cluster. You ca plot four values for a geographic cluster: Request Rate shows the umber of requests received for the cluster per miute. Active Requests displays the umber of requests that Equalizer is i the process of routig. Network Latecy displays the average triagulatio time whe at least oe site was able to respod. (This value does ot iclude cliets for which the default site was selected.) Site Summary shows the umber of requests directed to all sites i the cluster for the specified duratio. This plot appears by default whe the plot site page is opeed. Note You ca oly display the site summary separately; you caot plot the site summary o the same graph as the other values. To plot the performace history for a geographic cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i either view or edit mode. 2. I the left frame, click the ame of the geographic cluster whose history you wat to view. The Geographic Cluster Parameters appear i the right frame. Equalizer Istallatio ad Admiistratio Guide 97

108 Chapter 7:Moitorig Equalizer Operatio 3. Select Plot GeoCluster History from the local meu i the Geographic Cluster Parameters frame. The graphical history for the selected cluster appears i the right frame. By default, the site summary for the previous 30 miutes appears. 4. To chage the iformatio beig plotted, select the categories ad duratio to be plotted; the click the Plot butto. (To zoom i o a portio of the graph, click the area i which you are iterested.) Displayig Site Iformatio If you have istalled Evoy, you ca view cofiguratio ad status iformatio for particular sites i a geographic cluster. To view the iformatio for a particular site, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i either view or edit mode. 2. I the left frame, click the ame of the site whose iformatio you wat to view. The Site Parameters page appears i the right frame. The Site Parameters page displays the followig site parameters: Geographic Cluster is the ame of the geographic cluster to which this site belogs. Site is the ame of the target site. Site IP Address is the site s IP address. Static Weight shows the static weight assiged to the site. Default Site idicates whether the target site is the default site. Resource shows the IP address ad port of the resource beig moitored for this site. Aget s Address is the IP address of the Equalizer aget ruig o the site. Resource Keepalive shows the umber of secods betwee resource availability checks. If a resource fails its availability check, its site will ot be retured to cliets. Eve after a resource is declared dead, Equalizer performs availability checks to determie whe the resource is restored. I additio to the site parameters, the site s curret status appears as follows: Resource Load shows the load o the above resource that the Equalizer aget calculates. The load icorporates data o resource respose time, umber of active requests, ad loadbalacig variables. Aget Retries shows the umber of probes Equalizer re-set to its aget. Aget Misses shows the umber of Equalizer-to-aget probes that received o respose. Iterruptios i etwork coectivity betwee the Equalizer server ad site agets ad site failures ca result i missed probes. Triagulatio Time-outs idicates the umber of aget-to-cliet triagulatio probes that timed out before Equalizer received a respose. Resource Errors idicates the umber of Equalizer-to-aget probes that retured a resourceuavailable error. If the Evoy o the remote site determies that the requested resource is uavailable, it returs a resource uavailable error. 98 Equalizer Istallatio ad Admiistratio Guide

109 Plottig Site Performace History Site Retured shows the umber of cliets directed to this site. You ca compare this umber with the values for other sites to determie the relative umber of users set to each site. If a value for oe site is zero ad the others are o-zero, cosider why the zero site has o traffic. Retured as Default idicates the umber of cliets directed to the default site. Average Pig Time shows the average triagulatio time for all cliets successfully cotacted from this site. This represets all of the triagulatio probes whether or ot this site was selected to process the request. This value gives you a idea of the etwork latecy from this site to the user populatio. You ca compare this value with the same value for other sites. Plottig Site Performace History If you have istalled Evoy, the Plot Site feature eables you to view a graphical represetatio of the performace history for the selected site. To plot the performace history for a site, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i either view or edit mode. 2. I the left frame, click the ame of the site whose history you wat to view. The Site Parameters appear i the right frame. 3. Select Plot Site History from the local meu i the Site Parameters frame. The graphical history for the selected site appears i the right frame. By default, Equalizer plots the Request Rate ad Resource Dow values for the previous 30 miutes. To chage the iformatio plotted, select the categories ad duratio to be plotted; the click the Plot butto. (To zoom i o a portio of the graph, click the area i which you are iterested.) You ca plot the followig six values for a site: Probes Missed is the umber of requests i which a aget failed to reply to Equalizer s probes. Triagulatio Errors shows the umber of ICMP ECHO requests that the aget at this site set to cliets ad for which the aget received o respose. Resource Dow idicates that the target resource failed to respod durig the period plotted. Site Chose shows the umber of times that Equalizer retured this site i respose to a cliet query. Network Latecy shows the average etwork distace, i millisecods, betwee the aget at this site ad the cliets that made DNS requests. Resource Load is the relative workload of this site durig the plotted period. Equalizer Istallatio ad Admiistratio Guide 99

110 Chapter 7:Moitorig Equalizer Operatio 100 Equalizer Istallatio ad Admiistratio Guide

111 8 Match Rules Overview of Match Rules Layer 7 clusters require match rules i order to cotrol the processig of the data stream from the cliet. Match rules specify the actios to take based o Layer 7 protocol-specific attributes. The most useful actio, from a load balacig perspective, is the selectio of the set of servers to load balace the requests over. Equalizer s support for Layer 7 cotet-sesitive load balacig eables you to defie match rules for routig HTTP ad HTTPS requests. For each virtual cluster, you ca specify ay umber of match rules. The for each match rule, you specify the subset of servers that ca hadle requests that meet the rule criteria. Note Equalizer E250si does ot support match rules. A match rule provides for custom processig of requests withi coectios. Equalizer provides commo ad protocol-specific match fuctios that eable dyamic matchig based o the request s cotets. Protocol-specific match fuctios typically test for the presece of particular attributes i the curret request. For example, a Layer 7 HTTP virtual cluster ca specify matchig o specific pathame attributes to direct requests to subsets of servers so that all requests for images are set to the image servers. A match rule specifies match expressios that are combiatios of match fuctios with logical operators. This allows for matchig requests that have, for example, attribute A AND NOT attribute B.You ca costruct arbitrarily complex logical expressios i this maer. If the match expressio evaluates to true, the the data i the request has selected the match rule, ad the match body applies, ad o further attempts are made to match to subsequet expressios. The match body cotais statemets that affect the subsequet hadlig of the request. Oce the data i the request selects oe match expressio, o further matchig is performed for that request ad Equalizer makes a load balacig decisio. Note Certai Layer 7 protocols ca have multiple requests o the same TCP/IP coectio, i which case, the default mode of operatio is to match each idividual request o the stream, ot just the iitial oe. A flag, oce_oly, ca be set to match oly o the iitial request. If the match expressio evaluates to false, the Equalizer processes each subsequet match rule i the list of match rules for the virtual cluster util a match occurs. If o match occurs, the coectio from the cliet is dropped. However, virtual clusters created usig the Equalizer Admiistratio Iterface are always provided with a default match rule, which will always match ay request ad which will use the etire set of servers for load balacig uless it is modified. Each virtual cluster ca have ay umber of match rules, ad each match rule ca have arbitrarily complex match expressios. Keep i mid that Equalizer iterprets these expressios for every Layer 7 request processed, so it is a good idea to keep the expressios simple. Equalizer Istallatio ad Admiistratio Guide 101

112 Chapter 8: Match Rules Geeral Match Expressios ad Match Bodies A match rule cosists of a match expressio ad a match body, which idetifies the operatios to perform if the expressio is satisfied by the request. Match sytax is as follows: match ame { expressio } the { body } Each match has a ame, which is simply a label. The ame must follow the same restrictios as those for cluster ames ad server ames. All match ames withi a cluster must be uique. Match Expressios Match expressios affect the subsequet processig of the request stream usig URI, host, or other iformatio. Match expressios are made up of match fuctios, most of which are protocolspecific, joied by logical operators, optioally preceded by the egatio operator, with sets of begiig ad ed paretheses for groupig where required. This may soud complex, ad it ca be, but typical match expressios are simple; it is usually best from a performace perspective to keep them simple. The most simple match expressio is oe made up solely of a match fuctio. The truth value (true or false) of this expressio is the retured by the match fuctio. For example, a match fuctio commo to all Layer 7 protocols is the ay() fuctio, which always returs true, idepedet of the cotets of the request data. So, the most simple match expressio is: ay() which will always result i the match rule beig selected. Use the logical NOT operator, (sometimes), to ivert the sese of the truth value of the expressio. So, you ca use the NOT operator to logically ivert a match expressio, as follows: NOT expressio givig rise to the ext simplest example: NOT ay() which will always result i the match rule ot beig selected (which is ot all that useful i this example). With the additio of the logical OR ( ) ad logical AND (&&) operators, you ca specify complex expressios, selectig precise attributes from the request: NOT red() (roud() && happy()) Match expressios are read from left to right. Expressios cotaied withi paretheses get evaluated before other parts of the expressio. The previous expressio would match aythig that was ot red or that was roud ad happy. Ulike the previous example, match fuctios correspod to certai attributes i a request header. For example, a request URI for a web page might look like this: Get /somedir/somepage.html http/1.1 Accept: text/html, text/*, *.* Accept-Ecodig: gzip Host: User-Aget: Mozilla/4.7 [e] (Wi98; U) 102 Equalizer Istallatio ad Admiistratio Guide

113 Geeral Match Expressios ad Match Bodies Various fuctios retur true whe their argumets match certai compoets of the request URI. Usig the above request URI, for example, you could use several match fuctios: pathame returs true if its argumet matches /somedir/somepage.html, dirame returs true if its argumet matches / somedir/, ad fileame returs true if its argumet matches somepage.html. Some of the other fuctios ca evaluate the cotets of the host attribute i the request URI; host ( host-prefix (www), ad host_suffix (somesite.com). Some fuctio argumets ca take the form of a regular expressio 1. Note that you caot put regular expressios ito match expressios except as a argumet to a fuctio whose defiitio admits regular expressios. Note Matchig regular expressios (regex) is may times more processig-itesive tha matchig other built-i request attributes. So wheever possible, use the other predefied request attributes. Match Bodies Match bodies specify the actios to take if the match expressio selects the request. This is specified i the form of statemets that provide values to variables used by the load balacer to process the request. The most commo (ad most useful) match body selects the set of servers over which to apply the load balacig: servers = all; The servers assigmet statemet takes a comma-separated list of server ames, which specifies the set of servers to be used for load balacig all requests that match the expressio i the match rule. The reserved server ames all ad oe specify respectively the set of all servers i the virtual cluster ad oe of the servers i the virtual cluster. If you do ot assig servers, oe will be available for load balacig; as a result, the coectio to the cliet will be dropped. I geeral, you ca override most cluster-specific variables i a match body. (You ca override protocol-specific variables as well, but that does ot always make sese.) Oe useful example of overridig variables is as follows: servers = s0, s1, s2; flags =! oce_oly; which would load-balace across the specified servers (which first must be defied i the virtual cluster) ad also tur off the oce_oly flag for the duratio of processig of that coectio. 1. Regular expressios are specified accordig to IEEE Std ( POSIX.2 ). Equalizer Istallatio ad Admiistratio Guide 103

114 Chapter 8: Match Rules Match Rule Example A full example of a match rule is: match example { cliet_ip(" ") } the { servers = s2, s5; flags = oce_oly,! spoof; } I this example (the match rule is amed example ), the match fuctio, cliet_ip, has a argumet that matches all requests from IP address Servers s2 ad s5 are the oly oes used for load balacig of matchig requests. Additioally, this rule sets the oce_oly flag (that is, we perform processig oly o the iitial request o this coectio) ad clears the spoof flag (that is, whe the coectio is made to the server, the server sees a coectio to the Equalizer, ot to the cliet). Costructig Match Rules The Equalizer Admiistratio Iterface allows you to create ad modify match rules, without requirig a detailed kowledge of the cofiguratio laguage sytax. It helps to uderstad the geeral cocepts of match rules covered i Geeral Match Expressios ad Match Bodies o page 102. Viewig the Default Match Rule All Layer 7 clusters created via the Equalizer Admiistratio Iterface start with a sigle match rule (amed Default) that matches all requests ad selects all servers. match Default { ay() } the { servers = all; } The default rule simply specifies that all servers defied i the cluster should be used for load balacig the request. This rule must remai the last match rule i the ordered list of match rules for a cluster. You caot modify this match rule. 104 Equalizer Istallatio ad Admiistratio Guide

115 Costructig Match Rules The default rule ca be viewed by clickig i the left frame o match Default for ay Layer 7 cluster. (If you have ot created a Layer 7 cluster, see Workig with Virtual Clusters o page 59). Figure 50 shows a default match rule. Figure 50 A Default match rule show i the Match Rule dialog box This scree shows how match rules appear i the admiistratio tool. The first sectio cotais the match rule expressio. The secod sectio shows the set of servers used for load-balacig whe the expressio matches. Defiig a Match Rule To add a match rule to a virtual cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the ame of the Layer 7 cluster to which you wat to add the rule. Equalizer Istallatio ad Admiistratio Guide 105

116 Chapter 8: Match Rules 3. I the right frame, select Add Match Rule from the local meu. The create match rule scree appears i the right frame. Figure 51 The Match Rule dialog box i which you create a match rule 4. Eter a ame for the ew rule i the match ame field. All match ames withi a cluster must be uique. 5. Select the placemet of the rule by choosig a rule from the immediately before list box. The orderig of match rules is importat, as they are processed from first to last util oe of them evaluates to true, at which time the match body is processed. The iitial match expressio of a ew rule, NOT ay() is oe that will always evaluate to false meaig that this match rule will ever be selected. It is good practice to be cautious whe addig ew match rules to esure that all the traffic to a cluster does ot get mishadled. A ew match rule will ot be committed util you click commit. You ca cacel the etire process by clickig cacel. Note Note that the GUI displays the logical egatio operator as NOT, rather tha!. 6. To place or modify a match fuctio, click the appropriate part of the expressio. The part of the expressio that editor will directly affect is red ad the affiliated parts to the selectio are gree. Pay attetio to the colors of various parts of the match expressio, these colors show what will be affected. 7. From the drop-dow list below the match expressio, select the match fuctio with which you wat to build or edit the rule. (To lear more about match fuctios, refer to Match Fuctios o page 108.) 106 Equalizer Istallatio ad Admiistratio Guide

117 Costructig Match Rules The drop-dow list of edit actios are differet depedig o what you select i the expressio ad whether the cluster is HTTP or HTTPS. All lists have some commo match fuctios ad structural editig operators. I ay list of edit actios, selectio refers to the gree ad red parts of the match expressio ad self refers to the red portio. Some of the structural editig operators iclude the fuctio you are replacig (for example, replace with host AND ay). Whe modifyig the structure of a ay fuctio, it may be helpful to temporarily chage the fuctio to somethig more distict (so that you will ot have to iterpret the expressio, replace with ay AND ay ). 8. Click the cotiue butto, Equalizer shows the ew versio of the match expressio. Depedig o the ew fuctio, you may have to fill i iformatio i the arg0 ad arg1 text boxes. These fields supply argumets, as required, to the selected match fuctio. If there are ay sytax errors, a error scree appears whe you click the cotiue butto. This most likely occurs if there are missig argumets or sytax errors i the argumet strigs. If you click a differet part of the match expressio without clickig the cotiue butto first, you will lose ay chages sice you last clicked cotiue. 9. You costruct complicated Boolea expressios usig the structural editig operators. 10. To udo the latest chages, click the udo butto. 11. To add to or chage the match expressio, repeat steps 6 through 10. Equalizer cotiues to show your additios ad modificatios. 12. Select the servers used to load balacig matchig requests for this match rule. 13. Check advaced if you wat to override the iheritace of spoof, oce oly, or persist. To override, clear the correspodig iherit checkbox ad make the appropriate chage to the flag. 14. Whe you have fiished specifyig expressios for your match rule, click the commit butto. Modifyig a Match Rule To edit a match rule, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the ame of the match rule to be chaged. 3. I the right frame, click Meu ad select Edit Match Rule from the local meu. The modify match rule scree opes i the right frame. 4. Make the desired chages to the match expressio usig steps similar to the prior sectio, Defiig a Match Rule o page Make the desired chaged to the list of servers. 6. To save your chages, click the commit butto. Equalizer Istallatio ad Admiistratio Guide 107

118 Chapter 8: Match Rules Match Fuctios Removig a Match Rule To delete a match rule, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the ame of the match rule to be deleted. 3. I the right frame, click Meu ad select Delete This Match from the local meu. 4. Click OK to cofirm that you wat to permaetly remove the match rule. To build or edit a match expressio, click part of the expressio ad select a request attribute from a dyamic drop-dow list. The highlighted sectio of the expressio determies the cotets of the list. For istace, if the curret selectio is a match fuctio, you will view a list of items that ca replace the fuctio. This sectio lists Equalizer s match fuctios. Certai match fuctios have similar fuctios that solely apply to the prefix, suffix, substr, or regex. Prefix ad suffix are self-explaatory. Substr will match a argumet to a substrig of the etity. Regex iterprets a argumet as a regular expressio ad the tries to match. Regular expressios ca be very costly to compute, so it is best to use the prefix, suffix, or substr testig fuctios or Boolea combiatios of prefix ad suffix testig, rather tha the regular expressio fuctio. Commo Match Fuctios The commo match fuctios are defied below. ay() This fuctio always evaluates to true. cliet_ip(strig) This fuctio evaluates to true oly if the IP address of the cliet machie makig the coectio matches the strig-valued argumet. This fuctio ca be useful i restrictig match expressios to a particular cliet, which ca aid debuggig a ew match rule whe a cluster is i productio. Oly the test cliet will match, leavig other cliets to be hadled by other match rules. debug_msg(strig) This fuctio always evaluates to true. It writes the sigle strig valued argumet str to the debug log. It ca be useful for debuggig match expressios. igore_case() This fuctio evaluates to true regardless of the capitalizatio. observe_case() This fuctio evaluates to true for the correct capitalizatio. 108 Equalizer Istallatio ad Admiistratio Guide

119 Match Fuctios HTTP Protocol ad Request URI Match Fuctios This sectio icludes the fuctios that test for the attributes of the request protocol level (HTTP 0.9 or above) ad the request URI. Ay strig comparisos doe by ay of the fuctios is case isesitive, that is, the case of strigs is igored. http_09() This fuctio takes o argumets ad evaluates to true if the HTTP protocol used by the request appears to be HTTP 0.9. This is doe by iferece a explicit protocol level is abset after the request URI. host(strig) This fuctio evaluates to true if the hostame portio of the request matches the strig-valued argumet. I the case of HTTP 0.9, the host is a portio of the request URI. All other HTTP protocol versios require a Host header to specify the host, which would be compared to the strig. fileame(strig) This fuctio evaluates to true if the strig-valued argumet matches the fileame portio of the URI path. This portio does ot iclude the trailig pathame compoet separator, as that is cosidered part of the directory. pathame(strig) This fuctio evaluates to true if the strig-valued argumet matches the path compoet of the request URI. dirame(strig) This fuctio evaluates to true if the strig-valued argumet matches the directory portio of the path compoet of the request URI. Equalizer Istallatio ad Admiistratio Guide 109

120 Chapter 8: Match Rules HTTP Header Matchig Fuctios Certai HTTP request headers are searched for whe the request is beig processed. All match fuctios dealig with request headers take a iitial strig-valued argumet, which selects the header of iterest. If this header is ot preset i the request, the match fuctio evaluates to false. Otherwise, the text associated with the header is examied depedig o the particular fuctio. Although HTTP permits a header to spa multiple request lies, oe of the fuctios matches text o more tha oe lie. The list of supported headers follows: Table 52: Supported HTTP Headers for Matchig accept expect proxy-authorizatio accept-charset from rage accept-ecodig host referer accept-laguage if-match te authorizatio if-modified-sice trailer cache-cotrol if-oe-match trasfer-ecodig coectio if-rage upgrade cotet-legth if-umodified-sice user-aget cookie max-forwards via date pragma warig header_prefix(header, str) This fuctio evaluates to true if the selected header is preset ad if the strig-valued argumet str is a prefix of the associated header text. header_suffix(header, strig) This fuctio evaluates to true if the selected header is preset ad if the strig-valued argumet str is a suffix of the associated header text. header_substr(header, strig) This fuctio evaluates to true if the selected header is preset ad if the strig-valued argumet str is a sub-strig of the associated header text. header_regex(header, strig) This fuctio evaluates to true if the selected header is preset ad if the strig-valued argumet str, iterpreted as a regular expressio, matches the associated header text. Regular expressios ca be very costly to compute, so it is best to use the prefix, suffix or sub-strig testig fuctios, or Boolea combiatios of prefix, suffix ad sub-strig testig, rather tha the regular expressio fuctio. 110 Equalizer Istallatio ad Admiistratio Guide

121 Match Fuctios HTTPS Specific Match Fuctios Equalizer permits the costructio of virtual clusters ruig the HTTPS protocol. HTTPS is HTTP ruig over a ecrypted trasport, typically SSL versio 2.0 or 3.0 or TLS versio 1.0. All of the fuctios available for load balacig HTTP clusters are available for HTTPS. I additio, there are some additioal match fuctios. Note Give that HTTPS rus ecrypted usig SSL ad TLS as the trasport, i order for ay Layer 7 processig, the Equalizer must termiate the SSL/TLS ecrypted coectio. This ca have deleterious effects o performace, as the ecryptio ad decryptio process is extremely compute-itesive. A hardware accelerator is available which ca be added to the Equalizer platform to ameliorate this problem. ssl2() This fuctio evaluates to true if the cliet egotiated the ecrypted coectio usig SSL versio 2.0. ssl3() This fuctio evaluates to true if the cliet egotiated the ecrypted coectio usig SSL versio 3.0. tls1() This fuctio evaluates to true if the cliet egotiated the ecrypted coectio usig TLS versio 1.0. Equalizer Istallatio ad Admiistratio Guide 111

122 Chapter 8: Match Rules 112 Equalizer Istallatio ad Admiistratio Guide

123 9 Admiisterig Geographic Clusters Geographic Load Balacig with Evoy Coyote Poit s Evoy geographic load balacer, which is a optioal software add-o for the Equalizer product lie, supports geographic clusterig ad load balacig. Geographic clusterig ad load balacig eables requests to be automatically distributed across servers i differet physical locatios or o differet etworks. Equalizer ad its set of servers i a particular locatio forms a site (or Evoy site). A geographic cluster cotais multiple sites, ad Equalizer s geographic load balacig techology balaces icomig requests across those sites. Note To perform geographic load balacig, you eed to eable the Evoy add-o for your Equalizer system. Not all Equalizer systems allow you to do this. Check the Coyote Poit website to see a list of the Equalizer systems that support Evoy. Whe a cliet uses DNS to resolve the address of a domai ame, it performs a recursive search with a umber of ame servers to resolve that address. Evoy is the last ame server i this search. The ame server i the recursive chai immediately before Evoy returs a list of Evoy sites. The cliet seds requests, oe at a time, to each of the Evoy sites util it reaches a active site. If the Evoy site is active, Evoy performs the followig steps to determie the site i the geographic cluster that should hadle the request: 1. The selected Evoy (Site A i Figure 53) idetifies the geographic cluster that has bee cofigured with the requested domai ame i this case, Equalizer Istallatio ad Admiistratio Guide 113

124 Chapter 9:Admiisterig Geographic Clusters Cliet s Local DNS Cliet (Califoria, USA) DNS Evoy Site C (Europe) Iteret DNS Evoy Site B (West Coast USA) Authoritative DNS for coyotepoit.com Evoy Site A (East Coast USA) Figure 53 Sedig ame resolutio requests to a Equalizer i a geographic cluster 2. Evoy at Site A seds geographic query protocol probes (GQP) to agets ruig at each site i the cluster. These probes cotai iformatio about the requestig cliet ad the resource that is beig resolved. Site A also queries its local aget (see Figure 54). Cliet (Califoria, USA) Evoy Site C (Europe) Iteret GQP GQP GQP Evoy Site B (West Coast USA) Evoy Site A (East Coast USA) Figure 54 The selected Equalizer queries other Equalizers ad its ow servers i the geographic cluster 3. The aget checks the availability of the requested resource (see Figure 55). If the resource is uavailable at the aget's site, the aget seds a error message to Equalizer. 114 Equalizer Istallatio ad Admiistratio Guide

125 Geographic Load Balacig with Evoy If the resource is available ad ICMP triagulatio is eabled, the aget seds a ICMP echo request (pig) to the requestig cliet. Whe the echo reply arrives, the aget forwards the latecy iformatio to the Evoy that set the geographic probe (Site A). Cliet (Califoria, USA) GQP Evoy Site C (Europe) Iteret GQP Evoy Site B (West Coast USA) GQP Evoy Site A (East Coast USA) Figure 55 The selected Equalizer receives availability ad triagulatio (latecy) iformatio 4. The Equalizer that set the geographic probe returs the best Equalizer site to the cliet s local DNS (see Figure 56). Cliet s Local DNS Cliet (Califoria, USA) DNS Evoy Site C (Europe) Iteret DNS Evoy Site B (West Coast USA) Authoritative DNS for coyotepoit.com Evoy Site A (East Coast USA) Figure 56 The cliet s local DNS receives the best Equalizer site 5. The selected Equalizer uses the iformatio gathered from each site to determie the site that is best able to process the request for the cliet ad the forwards the request to that site (see Figure 57). Equalizer Istallatio ad Admiistratio Guide 115

126 Chapter 9:Admiisterig Geographic Clusters Cliet (Califoria, USA) HTTP Evoy Site C (Europe) HTTP Iteret Evoy Site B (West Coast USA) Evoy Site A (East Coast USA) Figure 57 Site B hadles the cliet s coectio Eablig ad Cofigurig Evoy Each site i a Evoy cofiguratio has a Evoy-eabled Equalizer ad ay umber of servers. Oce you ve completed the ormal Equalizer istallatio ad cofiguratio at each locatio, you ca eable Evoy ad cofigure your authoritative ame server to work with Evoy. After you have licesed your Equalizer ad Evoy ad completed Evoy ad DNS cofiguratio described i this sectio, you ca set up the geographic clusters ad defie the available sites for each cluster through the Equalizer Admiistratio Iterface. Eablig Evoy You must licese the Evoy software o each of the Equalizers that will be part of the geographic cluster. Evoy software is pre-istalled o each Equalizer ad is eabled through the registratio ad licesig process. To eable Evoy, follow these steps: 1. Follow the registratio procedure ad make sure that you eter the serial umber for your Evoy software. 2. Follow the istructios provided to licese your Equalizer. 3. Shut dow Equalizer ad reboot the machie. (For iformatio about how to safely shut dow Equalizer, see Shuttig Dow Equalizer i Equalizer Istallatio ad Admiistratio Guide.) 4. Cofirm that Evoy is eabled. Log ito the Equalizer Admiistratio Iterface i edit mode ad select Equalizer Status, from the View meu. Cofigurig the Authoritative Name Server to Query Evoy You must cofigure the authoritative ame server(s) for the domais that are to be geographically load balaced to delegate authority to the Evoy sites. You eed to delegate each of the fullyqualified subdomais to be balaced. 116 Equalizer Istallatio ad Admiistratio Guide

127 Eablig ad Cofigurig Evoy For example (see Figure 58), assume you must balace across a geographical cluster cotaiig two Evoy sites, east.coyotepoit.com (at ) ad west.coyotepoit.com (at ). I this case, you must cofigure the ame servers that will hadle the coyotepoit.com domai to delegate authority for to both east.coyotepoit.com ad west.coyotepoit.com. Whe queried to resolve coyotepoit.com s ame servers should retur ame server (NS) ad alias (A) records for both Evoy sites. east.coyotepoit.com west.coyotepoit.com Iteret Authoritative DNS for IN A IN A Figure 58 Two-site DNS example Usig Evoy with Firewalled Networks Evoy sites commuicate with each other usig Coyote Poit s UDP-based Geographic Query Protocol. Similarly, Evoy sites commuicate with cliets usig the DNS protocol. If you protect oe or more of your Evoy sites with a etwork firewall, you must cofigure the firewall to permit the Evoy packets to pass through. To use Evoy with firewalled etworks, you eed to cofigure the firewalls so that the followig actios occur: Evoy sites commuicate with each other o UDP ports 5300 ad The firewall must allow traffic o these ports to pass betwee Equalizer/Evoy sites. Evoy sites ad cliets ca exchage packets o UDP port 53. The firewall must allow traffic o this port to flow freely betwee a Evoy server ad ay Iteret cliets so that cliets Equalizer Istallatio ad Admiistratio Guide 117

128 Chapter 9:Admiisterig Geographic Clusters tryig to resolve hostames via the Evoy DNS server ca exchage packets with the Evoy sites. Evoy sites ca sed ICMP echo request packets out through the firewall ad receive ICMP echo respose packets from cliets outside the firewall. Whe a cliet attempts a DNS resolutio, Evoy sites sed a ICMP echo request (pig) packet to the cliet ad the cliet might respod with a ICMP echo respose packet. Workig with Geographic Clusters This sectio shows you how to add or delete a geographic cluster ad how to cofigure a geographic cluster s load-balacig optios. Cofigurig a geographic cluster ad its sites is similar to cofigurig a virtual cluster ad its servers. If you eed iformatio about how to access the admiistratio iterface, refer to Itroducig the Equalizer Admiistratio Iterface i Equalizer Istallatio ad Admiistratio Guide. Addig a Geographic Cluster To add a ew geographic cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. Select Geographic Cluster from the Add meu i the mai meu bar. The add geocluster scree appears i the right frame (see Figure 59). Figure 59 Add geocluster scree 3. Eter the geocluster ame, which is the fully-qualified domai ame (FQDN) of the geographic cluster (for example, The FQDN must iclude all ame compoets up to the top level (com, et, org, etc). Do ot iclude the trailig period. 4. Specify the resposiveess. This value cotrols how aggressively Equalizer adjusts the site s dyamic weights. Equalizer provides five respose settigs: Slowest, Slow, Medium, Fast, ad Fastest. Faster settigs eable Equalizer to adjust its load balacig criteria more frequetly ad permit a greater variace i the relative weights assiged to sites. Slower settigs cause site measuremets to be averaged over a loger period of time before Equalizer applies them to the cluster-wide load balacig; slower settigs also ted to igore spikes i cluster measuremets 118 Equalizer Istallatio ad Admiistratio Guide

129 Workig with Geographic Clusters caused by itermittet etwork glitches. We recommed that you select the Medium settig as a startig poit. 5. Eter the DNS cache ttl (cache time-to-live), which is the legth of time, i secods, that the cliet s DNS server should cache the resolved IP address. Loger times will result i icreased failover times i the evet of a site failure, but are more efficiet i terms of etwork resources. A reasoable value would be 120 (that is, 2 miutes). 6. Eter the MX exchager, which is the fully qualified domai ame to be retured if Equalizer receives a mail exchager request for this geographic cluster. The mail exchager is the host resposible for hadlig set to users i the domai. 7. Specify the policy: roud trip: This method weights the cliet s etwork proximity more heavily tha other criteria. This optio oly works if you eable Pig Triagulatio. adaptive: This method takes all available iformatio ito accout whe selectig a site. This settig is a reasoable default. site load: This method weights the curret load at each site more heavily tha other criteria. site weight: This method weights the user-defied static weight for each site more heavily tha other criteria. 8. Check or clear the ICMP triagulatio checkbox. Whe you check ICMP triagulatio, each Evoy site pigs the cliet ad collects latecy iformatio, which provides more accurate cliet locatio iformatio. If you do ot wat to allow Equalizer to pig cliets whe they make a request, clear the ICMP triagulatio checkbox. 9. Click the commit butto to add the geographic cluster. A etry for the ew geographic cluster appears i the left frame. Equalizer ca refuse a Add GeoCluster commad for several reasos, icludig: Attemptig to add a cluster for a FQDN that is already cofigured Attemptig to add more clusters tha are supported by Equalizer Cofigurig a Geographic Cluster s Load-Balacig Optios You ca chage the load balacig policy ad respose settigs for a geographic cluster from the geocluster scree. Cofigure these parameters idepedetly for each geographic cluster. (For more iformatio about the load balacig policy ad respose settigs, see Addig a Geographic Cluster o page 118.) You might wat to fie-tue the static weights of the geographic cluster s sites to optimize cluster performace. For more iformatio, see Adjustig a Site s Static Weight o page 122. To chage a geographic cluster s load-balacig optios, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the lik formed by the domai ame associated with the geographic cluster. The geocluster scree opes i the right frame. 3. Select Chage GeoCluster Parameters from the local meu. The modify geocluster scree appears i the right frame. Equalizer Istallatio ad Admiistratio Guide 119

130 Chapter 9:Admiisterig Geographic Clusters 4. Specify the resposiveess, which cotrols how aggressively Equalizer adjusts the site s dyamic weights: Slowest, Slow, Medium, Fast, ad Fastest. The faster settigs eable Equalizer to adjust its load balacig criteria more frequetly ad permit a greater variace i the relative weights assiged to sites. A slow settig causes site measuremets to be averaged over a loger period of time before Equalizer applies them to the cluster-wide load balacig ad ted to igore spikes i cluster measuremets caused by itermittet etwork glitches. 5. Specify the DNS cache ttl (cache time-to-live), which is the legth of time, i secods, that the cliet s DNS server should cache the resolved IP address. Loger times will result i icreased failover times i the evet of a site failure, but are more efficiet i terms of etwork resources. A reasoable value would be 120 (that is, 2 miutes). 6. Specify the MX exchager, which is the fully qualified domai ame to be retured if Equalizer receives a mail exchager request for this geographic cluster. The mail exchager is the host resposible for hadlig set to users i the domai. 7. Select a policy. The policy determies the algorithm that Equalizer will use to distribute requests amog the sites i the cluster: roud trip, which weights the cliet s etwork proximity more heavily tha other criteria. adaptive, which takes all available iformatio ito accout whe selectig a site. This settig is a reasoable default. site load, which weights the curret load at each site more heavily tha other criteria. site weight, which weights the user-defied static weight for each site more heavily tha other criteria. 8. Check or clear the ICMP triagulatio checkbox. Whe you check ICMP triagulatio, each Evoy site pigs the cliet ad collects latecy iformatio, which provides more accurate cliet locatio iformatio. If you do ot wat to allow Equalizer to pig cliets whe they make a request, clear the ICMP triagulatio checkbox. 9. Click the commit butto. Deletig a Geographic Cluster To delete a geographic cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the ame of the geographic cluster to be deleted. The geocluster scree appears i the right frame. 3. Select Delete this GeoCluster from the local meu i the geocluster scree. 4. Whe prompted, click OK to verify that you really wat to remove the cluster. Equalizer deletes the GeoCluster ad all its sites. Workig with Sites This sectio describes how to use Equalizer to add or delete a site from a geographic cluster ad how to adjust a site s static weight. 120 Equalizer Istallatio ad Admiistratio Guide

131 Workig with Sites Addig a Site to a Geographic Cluster To add a site to a existig geographic cluster, follow these steps: 1. Log ito the Equalizer Admiistratio Iterface i edit mode. 2. I the left frame, click the ame of the geographic cluster to which you wat to add the site. 3. Select Add Site from the local meu. The add site scree opes i the right frame (see Figure 60). Figure 60 Add site to geocluster scree 4. Eter the site ame, which is a symbolic ame that represets this site. For example, the east-coast site for might be eastcoast. 5. Eter the ip, which is the IP address of the site. This is the address of a Equalizer cluster that is retured if the site is chose. 6. Eter the aget, which is the IP address of the site moitorig aget. Usually, this is the exteral (or Evoy failover) address of the Equalizer at this site. 7. Eter the Static Weight value, which represets the site s capacity. (This value is similar to a server s static weight.) Valid values rage betwee 10 ad 200. Use the default of 100 if all sites are cofigured similarly; otherwise, adjust higher or lower for sites that have more or less capacity. 8. Check or clear the Default checkbox. You ca desigate oly oe site i a cluster as the default. Equalizer returs a peer site s IP address based o the selected load balacig algorithms. Choose the default site if the cliet s DNS server did ot respod to ICMP echo requests from ay site. This ca happe if a firewall blocks ICMP packets betwee the cliet s DNS ad the iteret. 9. Eter the ip i the resource cofiguratio sectio, which is the IP address of the resource that is moitored for this site. This must be the same address as a cofigured Equalizer cluster ad is Equalizer Istallatio ad Admiistratio Guide 121