The network configuration for these examples is shown in the following figure. Load Balancer 1. public address 172.214.1.3



Similar documents
This How To Note describes one possible basic VRRP configuration.

configure WAN load balancing

Chapter 37 Server Load Balancing

Configure WAN Load Balancing

Load Balancer. Introduction. A guide to Load Balancing.

What information will you find in this document?

Chapter 51 Server Load Balancing

Allow Public and Private Address Access to Servers at a Service Provider Client Site. What information will you find in this document?

How To Configure some basic firewall and VPN scenarios

Configure the Firewall VoIP Support Service (SIP ALG)

Apply Firewall Policies And Rules

What information will you find in this document?

How To Create A VPN Between An Allied Telesis Router And A Microsoft Windows XP 1 Client, Without Using NAT-T

AlliedWare TM OS How To. Create a VPN between an Allied Telesis Router and a Microsoft Windows XP 1 Client, Without Using NAT-T.

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

Configure A Secure Network Solution For Schools. What information will you find in this document?

What information will you find in this document?

AlliedWare TM OS How To. Create a VPN between an Allied Telesis Router and a Microsoft Windows 7 Client, with or without NAT-T.

How To Behind A Dynamically-Assigned Public IP Address

Configure Allied Telesis and Cisco routers to interoperate over L2TP

What information you will find in this document

Configure Policy-based Routing

Configure Common ISDN Access Concentration With The Firewall. How To. Introduction. What information will you find in this note?

Case Study Ministry of Agriculture, France

Which products and versions does it apply to?

Configure A Secure School Network Based On 802.1x

How To. Configure Microsoft Windows XP ** Virtual Private Network (VPN) client interoperability without NAT-T support.

Configure Microsoft Windows XP ** Virtual Private Network (VPN) client interoperability with NAT-T support

Configuring Allied Telesyn Equipment to Counter Nimda Attacks

Create a VPN between an Allied Telesis and a NetScreen Router

x900 Switch Access Requestor

AlliedWare TM OS How To. Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks. Introduction. Related How To Notes

AlliedWare TM OS How To. Create a VPN between an Allied Telesis Router and a Microsoft Windows XP 1 Client, over NAT-T.

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Create a VPN between an Allied Telesis and a SonicWALL Router, with NAT-T

Starting a Management Session

Solution Profile. Branch in a Box

Application Description

Load Balancing Trend Micro InterScan Web Gateway

Tested Solution: Network Configuration and Inventory Management using Upgrade Manager

AlliedWare Plus OS How To Use sflow in a Network

Christ s College, Canterbury New Zealand College network infrastructure updated with state-of-the-art Allied Telesis switching technology

Firewall Defaults and Some Basic Rules

Allied Telesis provide virtual customer networks

Lab Configuring Access Policies and DMZ Settings

Load Balancing Sophos Web Gateway. Deployment Guide

AlliedWare TM OS How To. Configure VPNs in a Corporate Network, with Optional Prioritisation of VoIP. Introduction. Contents

What information will you find in this document?

How to Configure URL Filtering Using the Firewall s HTTP Proxy

AlliedWare Plus OS How To Use Web-authentication

Load Balancing Bloxx Web Filter. Deployment Guide

How To. Configure E1 links. Introduction. What information will you find in this document?

Load Balancing McAfee Web Gateway. Deployment Guide

Load Balancing Smoothwall Secure Web Gateway

AlliedWare TM OS How To. Use the Allied Telesis GUI Wizard to Create a Site-to-Site VPN through a NAT Gateway Device

AlliedWare OS How To Create a VPN, (including dynamic DNS) between Apple products running Mac OS X and an Allied Telesis Router

Troubleshooting and Maintaining Cisco IP Networks Volume 1

AlliedTelesis AT-AR700 Series

Product VioCall Express Connect. VioCall Express Connect VoIP Solution for SMB/SME Market

Figure 41-1 IP Filter Rules

DSL-G604T Install Guides

Firewall Load Balancing

VCStack - Powerful Simplicity. Network Virtualization for Today's Business

Quick Note 026. Using the firewall of a Digi TransPort to redirect HTTP Traffic to a proxy server. Digi International Technical Support December 2011

AlliedWare Plus OS How To. Configure QoS to prioritize SSH, Multicast, and VoIP Traffic. Introduction

Firewall VPN Router. Quick Installation Guide M73-APO09-380

AT-S84 Version ( ) Management Software for the AT-9000/24 Gigabit Ethernet Switch Software Release Notes

Solution Profile. i-net Infrastructure

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Multi-Homing Dual WAN Firewall Router

Load Balancing Web Proxies Load Balancing Web Filters Load Balancing Web Gateways. Deployment Guide

Network Security Solutions Implementing Network Access Control (NAC)

How To Use An At9924 For A Long Distance Connection On A Powerline On A Ppltd Network (Powerline) On A Superfast Network (Networking) On An At 9924 (Powerplt) On The P

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Load Balancing Clearswift Secure Web Gateway

In fact, the three most common reasons for a network slow down are: congestion data corruption collisions

How To Configure Some Basic OSPF Routing Scenarios. Introduction. Technical Guide. List of terms

Knowledgebase Solution

AT-S41 Version Management Software for the AT-8326 and AT-8350 Series Fast Ethernet Switches. Software Release Notes

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

This is a guide to Network Load Balancing (NLB) clustering options with Allied Telesis managed layer 3 devices.

Technical Support Information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

SwiftBroadband and IP data connections

Case Study Goldsmiths. Chip and PIN technology jewel in the crown for Goldsmiths thanks to Allied Telesis and NewLife Data Communications

AlliedWare Operating System

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Guideline to Windows 2003 Network Load Balancing Clustering with Allied Telesyn Switches. What information will you find in this document?

Lab Diagramming Intranet Traffic Flows

Solutions Guide. Ethernet-based Network Virtualization for the Enterprise

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

Configure QoS on x900-24, x900-12, and SwitchBlade x908 Series Switches

How To Load Balance On A Cisco Cisco Cs3.X With A Csono Css 3.X And Csonos 3.5.X (Cisco Css) On A Powerline With A Powerpack (C

F5 Networks EXAM - 301b

Deploying ACLs to Manage Network Security

Firewall Firewall August, 2003

Network Security. Ensuring Information Availability. Security

AT-S63 Version Patch 5 Management Software for the AT-9400 Basic Layer 3 Gigabit Ethernet Switches Software Release Notes

I N S T A L L A T I O N M A N U A L

Transcription:

How To Configure Load Balancer Redundancy on Allied Telesis Routers and Switches Introduction In many Server Hosting environments, two requirements are important: maximising throughput availability to each service, and minimising service downtime. This How To Note contributes towards both these aims. The Note is split into two parts. The first part illustrates both redundancy of servers and redundancy of the load balancers themselves. The second part provides an optional extension that enables you to control server selection without losing redundancy. This is helpful when you prefer to have customers access a certain server, instead of balancing that traffic. However, if that server fails, the customers need to use the alternate server instead. The examples The network configuration for these examples is shown in the following figure. public side Load Balancer 1 private side public address 172.214.1.3 private address 192.168.1.200 client public VLAN 2 redundant load balancer virtual address 172.214.1.2 redundancy management VLAN 4 192.168.2.2 redundancy management VLAN 4 192.168.2.1 private VLAN 3 with VRRP virtual address 192.168.1.202 Web/SFTP server 1 192.168.1.1 public address 172.214.1.4 Load Balancer 2 private address 192.168.1.201 Web/SFTP server 2 192.168.1.2 lb-redundancy.eps The Note s first example illustrates how to load balance web services, and includes: Load balancing of incoming web traffic to maximise throughput to web servers. It also provides redundancy if a web server goes down. Redundancy between two load balancing routers. In the unlikely event of a router going down, a backup router takes over as master and continues the load balancing work for incoming web connections. Load balancer redundancy and VRRP ensure that clients and servers access the same public and private addresses no matter which router is the master. A firewall to secure the LAN against attack. The firewall configuration changes automatically if the backup router takes over the load balancing role. C613-16088-00 REV A www.alliedtelesis.com

The Note s second example extends the first example by showing how to control server selection for SFTP (Secure File Transfer Protocol) traffic, while still providing server redundancy if the preferred server fails. For simplicity, these examples provide load balancing between two servers. You can easily expand the examples by adding more servers. What information will you find in this document? As outlined above, the Note first describes basic load balancer redundancy. To configure this, do all the following steps: "Configure Load Balancer 1" on page 3 "Configure Load Balancer 2" on page 7 "Create the Scripts" on page 9 Then the Note describes the optional extensions that let you control server selection. To configure this, make all the following additions to the basic configuration: "Configure Load Balancing: Extra Commands" on page 10 "Configure the Triggers: Extra Commands" on page 11 "Modify the Scripts" on page 11 "Create New Scripts" on page 12 Finally, the Note gives the complete extended configuration so you can verify your configuration. Also, you may find it easier to copy this configuration to your router instead of using the step-by-step configuration. "Commands: Load Balancer 1" on page 13 "Commands: Load Balancer 2" on page 14 "File: master.scp" on page 15 "File: slave.scp" on page 15 "File: sftp1down.scp" on page 15 "File: sftp1up.scp" on page 15 Which products and software version does it apply to? We created this configuration using AR440S routers and Software Version 275-05. However, the configuration applies to the following products: AR44xS and AR450S Series routers AR750S, AR7x5 routers Rapier i Series switches AT-8800 Series switches AT-9800 Series switches It requires software version 275-05 or later (except version 276-01, which lacks the necessary trigger functionality). Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 2

Example of Basic Redundancy Configure Load Balancer 1 1. Name the router Name this router LB-1. set system name=lb-1 2. Create the VLANs Create the three VLANs that this example uses: VLAN 2 for the public Internet side create vlan=vlan2 vid=2 VLAN 3 for the private LAN side create vlan=vlan3 vid=3 VLAN 4 for managing the load balancer redundancy create vlan=vlan4 vid=4 3. Add ports to the VLANs Add ports to the three VLANs. add vlan=2 port=1 add vlan=3 port=2-4 add vlan=4 port=5 4. Configure IP on the VLANs Enable IP. enable ip Give the public VLAN a unique public address. Note that public clients will not browse to this address; they will browse to the virtual balancer s IP address instead (see step 8). add ip int=vlan2 ip=172.214.1.3 mask=255.255.255.0 Give the private VLAN a private address. Note that the servers will not use this address as a gateway; they will use the VRRP virtual address instead (see step 7). add ip int=vlan3 ip=192.168.1.200 Give the redundancy management VLAN a private address. add ip int=vlan4 ip=192.168.2.2 Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 3

5. Configure the firewall Enable the firewall. enable firewall Create a firewall policy. create firewall policy=lb Set the firewall session timeouts for TCP, UDP and other packet types, in minutes. set firewall policy=lb tcptimeout=5 udptimeout=5 othertimeout=5 Add the public and private interfaces to the firewall policy. add firewall policy=lb int=vlan2 type=public add firewall policy=lb int=vlan3 type=private Add the redundancy management VLAN to the firewall policy as a private interface. add firewall policy=lb int=vlan4 type=private You do not need to add firewall access rules at this step. This example uses triggered scripts to dynamically add access rules, depending on which load balancer is the master (see step 9). 6. Disable the GUI and the HTTP server on port 80 You cannot use the router s GUI or its HTTP server on port 80 when load balancing web traffic. Therefore, you need to either disable the GUI and server, by using the following commands: disable gui disable http server or change the port that the server uses. For example, to change the port to 8080, use the following command: set http server port=8080 You can then use the GUI by pointing your browser to the router's private address and the new port (in this example, 192.168.1.200:8080). Note that this configuration uses some advanced settings that are not available through the GUI, so you cannot use the GUI to create this configuration. You also cannot use the firewall pages in the GUI to modify this configuration s firewall settings, because the GUI does not recognise this firewall policy. However, you can use the GUI to monitor the router. Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 4

7. Configure VRRP Configure VRRP for the private side interface. This step creates a virtual address for the private interface of both load balancing routers. Private servers use this address as their gateway to the Internet, instead of using the address of the private interface of either router. This means the servers gateway is independent of which router is the master load balancer. enable vrrp create vrrp=2 over=vlan3 ipaddress=192.168.1.202 When you configure your servers, enter the VRRP address as their gateway address. 8. Configure load balancing Enable load balancing. enable lb Add a resource pool for web traffic. add lb respool=web selectmethod=roundrobin faillast=no Add resources to the web resource pool. In this example, two resource servers share the web traffic. add lb resource=web1 ip=192.168.1.1 port=80 respool=web add lb resource=web2 ip=192.168.1.2 port=80 respool=web Add and enable the Virtual Balancer for the web traffic that is to be balanced. This step also defines the load balancer s virtual public address. Public clients browse to this address, instead of browsing to either routers public address. This means that the clients destination address is independent of which router is the master load balancer. add lb virtualbalancer=web publicip=172.214.1.2 publicport=80 respool=web enable lb virtualbalancer=web Define the load balancing redundancy peer (Load Balancer 2 in the figure in "The examples" on page 1). set lb redundancy peerip=192.168.2.1 listenport=5000 redunip=172.214.1.2 publicint=vlan2 redunmask=255.255.255.0 enable lb redundancy Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 5

9. Configure triggers If one of the load balancers goes down, the firewall configuration needs to change. This example uses triggers to make this change automatically, by running a script when the state changes. See "Create the Scripts" on page 9 for instructions for making the scripts. Enable triggers. enable trigger Set the router to run the script master.scp if it becomes the master load balancer. This script adds firewall allow rules to support the resource pools. create trigger=2 module=loadbalancer event=master script=master.scp Set the router to run the script slave.scp if it becomes the slave load balancer. This script removes redundant firewall allow rules. create trigger=3 module=loadbalancer event=slave script=slave.scp 10. Save the configuration Save the configuration and set the router to use it when it restarts. create config=lb_redun.cfg set config=lb_redun.cfg Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 6

Configure Load Balancer 2 Load balancer 2 is identical to load balancer 1, except for its: name (which is just a convenience and does not affect how it functions) public interface s IP address private interface s IP address load balancer redundancy peer, which is load balancer 1 Because the two load balancers are so similar, the following instructions do not explain the steps see the instructions for load balancer 1 for explanations. 1. Name the router set system name=lb-2 2. Create the VLANs create vlan=vlan2 vid=2 create vlan=vlan3 vid=3 create vlan=vlan4 vid=4 3. Add ports to the VLANs add vlan=2 port=1 add vlan=3 port=2-4 add vlan=4 port=5 4. Configure IP on the VLANs enable ip add ip int=vlan2 ip=172.214.1.4 mask=255.255.255.0 add ip int=vlan3 ip=192.168.1.201 add ip int=vlan4 ip=192.168.2.1 5. Configure the firewall enable firewall create firewall policy=lb set firewall policy=lb tcptimeout=5 udptimeout=5 othertimeout=5 add firewall policy=lb int=vlan2 type=public add firewall policy=lb int=vlan3 type=private add firewall policy=lb int=vlan4 type=private Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 7

6. Disable the GUI and the HTTP server on port 80 Either: disable gui disable http server Or: set http server port=8080 7. Configure VRRP enable vrrp create vrrp=2 over=vlan3 ipaddress=192.168.1.202 8. Configure load balancing enable lb add lb respool=web selectmethod=roundrobin faillast=no add lb resource=web1 ip=192.168.1.1 port=80 respool=web add lb resource=web2 ip=192.168.1.2 port=80 respool=web add lb virtualbalancer=web publicip=172.214.1.2 publicport=80 respool=web enable lb virtualbalancer=web set lb redundancy peerip=192.168.2.2 listenport=5000 redunip=172.214.1.2 publicint=vlan2 redunmask=255.255.255.0 enable lb redundancy 9. Configure triggers enable trigger create trigger=2 module=loadbalancer event=master script=master.scp create trigger=3 module=loadbalancer event=slave script=slave.scp 10. Save the configuration create config=lb_redun.cfg set config=lb_redun.cfg Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 8

Create the Scripts This section describes the scripts that the trigger facility runs when the master or slave load balancer changes. Create the same scripts on both load balancer 1 and load balancer 2. Create the scripts in a text editor on your PC. You can then open the router s editor by using the command edit master.scp (or edit slave.scp) and copy and paste the text of the script into the editor. Use Ctrl+K+X to save the script and exit. Alternatively, you can copy your PC-created script to a TFTP server and use the router s load command to download the files from the server.! Script for when a load balancer becomes the master: master.scp # Add the load balancer virtual interface (vlan2-1) to the firewall policy # as a public interface. # add firewall policy=lb int=vlan2-1 type=public # Add an allow rule for web traffic access. Note that this rule does not map # to a private address, as expected on a NAT firewall. It just opens the port. # The load balancer handles security and NAT redirection to the server. # add firewall policy=lb rule=1 int=vlan2-1 action=allow protocol=tcp port=80 # Set the VRRP priority level to a value higher than the slave's priority. # set vrrp=2 priority=200! Script for when a load balancer becomes the slave: slave.scp # Remove the load balancer virtual interface (vlan2-1). # delete firewall policy=lb int=vlan2-1 # Remove the associated access rule. # delete firewall policy=lb rule=1 # Set the VRRP priority level to a value lower than the master's priority. # set vrrp=2 priority=100 Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 9

Extension: Controlling Server Selection Sometimes you may prefer your customers to access a certain server for certain traffic types. However, if that server fails, they still require redundancy to an alternate server. This section shows how to configure this. The example gives you control over server selection for SFTP (Secure File Transfer Protocol) traffic, while providing server redundancy if the preferred server fails. In this example, SFTP favours the first resource only (192.168.1.1). It only uses the second resource if the first resource fails. The load balancers use pings to monitor the health of each resource. When the primary resource fails, this triggers a script to enable the secondary resource. To provide this solution, you need to add the following steps: Configure Load Balancing: Extra Commands Configure the Triggers: Extra Commands Modify the Scripts Create New Scripts Configure Load Balancing: Extra Commands This section describes the commands you need to add to step 8 on page 5 for load balancer 1 and page 8 for load balancer 2. These extra commands make load balancing act on SFTP traffic as well as web traffic. Add a resource pool for SFTP. add lb respool=sftp selectmethod=roundrobin faillast=no Add both SFTP resources to the SFTP resource pool. Note that SFTP is FTP encapsulated by SSHv2 on port 22. add lb resource=sftp1 ip=192.168.1.1 port=22 respool=sftp add lb resource=sftp2 ip=192.168.1.2 port=22 respool=sftp Disable SFTP2. This forces the load balancer to use SFTP1, which is the desired behaviour because SFTP1 is the preferred server. Later in this configuration, we will create a trigger so that the load balancer changes to SFTP2 if SFTP1 goes down. disable lb resource=sftp2 immediately Add and enable the Virtual Balancer for SFTP traffic. add lb virtualbalancer=sftp publicip=172.214.1.2 publicport=22 respool=sftp affinity=no enable lb virtualbalancer=sftp Note that affinity is turned off. If resource 1 fails, this stops new connections from automatically trying to use the failed resource. Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 10

Configure the Triggers: Extra Commands When the preferred server goes down or comes back up again, the load balancer needs to change to the appropriate resource. This example uses triggers to make this change automatically, by running a script when the server s state changes. This section describes the extra trigger commands you need to add on both load balancer 1 and load balancer 2. See "Create New Scripts" on page 12 for instructions for making the scripts. As part of its healthcheck feature, the load balancer regularly sends pings to check the health of each server. If the server does not respond, the load balancer changes the resource state to Closing. If the server starts to respond to the pings again, the load balancer changes the resource state to Up. The following triggers activate a script when one of these state changes occurs. Set the router to run the script sftp1down.scp if the first resource fails. This script enables the second resource. create trigger=4 module=loadbalancer event=resstate resource=sftp1 lbstate=closing script=sftp1down.scp Set the router to run the script sftp1up.scp if the first resource becomes available again. This script disables the second resource. create trigger=5 module=loadbalancer event=resstate resource=sftp1 lbstate=up script=sftp1up.scp Modify the Scripts When the router is the master load balancer, it needs a rule to pass SFTP traffic through the firewall. Similarly, this rule needs to be deleted when the router becomes the slave. Add the following lines to the scripts on both load balancer 1 and load balancer 2. See "Create the Scripts" on page 9 for the original scripts.! master.scp # Add an allow rule for SFTP traffic access over the SSHv2 port 22. add firewall policy=lb rule=2 int=vlan2-1 action=allow protocol=tcp port=22! slave.scp # Remove the SFTP access rule. delete firewall policy=lb rule=2 Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 11

Create New Scripts This section describes the scripts that the trigger facility runs when the preferred SFTP server goes down or comes back up again. The scripts enable and disable the second resource. Load the same scripts onto both load balancer 1 and load balancer 2. The load balancers send pings every 60 seconds to check the health of each resource. Therefore, the load balancer can take up to 60 seconds to detect that the server has gone down or come up again.! Script for when the preferred server goes down: sftp1down.scp # Enable resource 2 because resource 1 is Closing. enable lb resource=sftp2! Script for when the preferred server comes back up: sftp1up.scp # Disable resource 2 because resource 1 is Up. disable lb resource=sftp2 immediately Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 12

Configuration Summary This section shows the full extended configurations and scripts, without comments. Commands: Load Balancer 1 set sys name=lb-1 create vlan=vlan2 vid=2 create vlan=vlan3 vid=3 create vlan=vlan4 vid=4 add vlan=2 port=1 add vlan=3 port=2-4 add vlan=4 port=5 enable ip add ip int=vlan2 ip=172.214.1.3 mask=255.255.255.0 add ip int=vlan4 ip=192.168.2.2 add ip int=vlan3 ip=192.168.1.200 enable firewall create firewall policy=lb set firewall policy=lb tcpt=5 set firewall policy=lb udpt=5 set firewall policy=lb othert=5 add firewall policy=lb int=vlan3 type=private add firewall policy=lb int=vlan2 type=public add firewall policy=lb int=vlan4 type=private dis gui dis http serv enable vrrp create vrrp=2 over=vlan3 ipaddress=192.168.1.202 ena lb add lb resp=web sel=roundrobin fail=no add lb resp=sftp sel=roundrobin fail=no add lb res=web1 ip=192.168.1.1 port=80 resp=web add lb res=web2 ip=192.168.1.2 port=80 resp=web add lb res=sftp1 ip=192.168.1.1 port=22 resp=sftp add lb res=sftp2 ip=192.168.1.2 port=22 resp=sftp dis lb res=sftp2 immediately add lb virt=web publici=172.214.1.2 publicp=80 resp=web add lb virt=sftp publici=172.214.1.2 publicp=22 resp=sftp aff=no ena lb virt=web ena lb virt=sftp set lb redund peer=192.168.2.1 list=5000 reduni=172.214.1.2 publ=vlan2 redunm=255.255.255.0 ena lb redund enable trigger cre trigger=2 module=loadbalancer event=master script=master.scp cre trigger=3 module=loadbalancer event=slave script=slave.scp cre trigger=4 module=lb event=resstate resource=sftp1 lbstate=closing script=sftp1down.scp cre trigger=5 module=lb event=resstate resource=sftp1 lbstate=up script=sftp1up.scp Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 13

Commands: Load Balancer 2 set sys name=lb-2 create vlan=vlan2 vid=2 create vlan=vlan3 vid=3 create vlan=vlan4 vid=4 add vlan=2 port=1 add vlan=3 port=2-4 add vlan=4 port=5 enable ip add ip int=vlan2 ip=172.214.1.4 mask=255.255.255.0 add ip int=vlan4 ip=192.168.2.1 add ip int=vlan3 ip=192.168.1.201 enable firewall create firewall policy=lb set firewall policy=lb tcpt=5 set firewall policy=lb udpt=5 set firewall policy=lb othert=5 add firewall policy=lb int=vlan3 type=private add firewall policy=lb int=vlan2 type=public add firewall policy=lb int=vlan4 type=private dis gui dis http serv enable vrrp create vrrp=2 over=vlan3 ipaddress=192.168.1.202 ena lb add lb resp=web sel=roundrobin fail=no add lb resp=sftp sel=roundrobin fail=no add lb res=web1 ip=192.168.1.1 port=80 resp=web add lb res=web2 ip=192.168.1.2 port=80 resp=web add lb res=sftp1 ip=192.168.1.1 port=22 resp=sftp add lb res=sftp2 ip=192.168.1.2 port=22 resp=sftp dis lb res=sftp2 immediately add lb virt=web publici=172.214.1.2 publicp=80 resp=web add lb virt=sftp publici=172.214.1.2 publicp=22 resp=sftp aff=no ena lb virt=web ena lb virt=sftp set lb redund peer=192.168.2.2 list=5000 reduni=172.214.1.2 publ=vlan2 redunm=255.255.255.0 ena lb redund enable trigger cre trigger=2 module=loadbalancer event=master script=master.scp cre trigger=3 module=loadbalancer event=slave script=slave.scp cre trigger=4 module=lb event=resstate resource=sftp1 lbstate=closing script=sftp1down.scp cre trigger=5 module=lb event=resstate resource=sftp1 lbstate=up script=sftp1up.scp Configure Load Balancer Redundancy on Allied Telesis Routers and Switches 14

File: master.scp add firewall poli=lb int=vlan2-1 type=public add fire poli=lb ru=1 int=vlan2-1 action=allow prot=tcp po=80 add fire poli=lb ru=2 int=vlan2-1 action=allow prot=tcp po=22 set vrrp=2 prio=200 File: slave.scp delete firewall poli=lb int=vlan2-1 delete firewall poli=lb ru=1 delete firewall poli=lb ru=2 set vrrp=2 prio=100 File: sftp1down.scp ena lb res=sftp2 File: sftp1up.scp dis lb res=sftp2 immediately USA Headquarters 19800 North Creek Parkway Suite 200 Bothell WA 98011 USA T: +1 800 424 4284 F: +1 425 481 3895 European Headquarters Via Motta 24 6830 Chiasso Switzerland T: +41 91 69769.00 F: +41 91 69769.11 Asia-Pacific Headquarters 11 Tai Seng Link Singapore 534182 T: +65 6383 3832 F: +65 6383 3830 www.alliedtelesis.com 2006 Allied Telesyn Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners. C613-16088-00 REV A

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information