ページ1に含まれる内容の要旨
Configure Load Balancer Redundancy on Allied Telesis
How To|
Routers and Switches
Introduction
In many Server Hosting environments, two requirements are important: maximising
throughput availability to each service, and minimising service downtime. This How To Note
contributes towards both these aims.
The Note is split into two parts. The first part illustrates both redundancy of servers and
redundancy of the load balancers themselves. The second part provides an optional
extension that en
ページ2に含まれる内容の要旨
The Note’s second example extends the first example by showing how to control server selection for SFTP (Secure File Transfer Protocol) traffic, while still providing server redundancy if the preferred server fails. For simplicity, these examples provide load balancing between two servers. You can easily expand the examples by adding more servers. What information will you find in this document? As outlined above, the Note first describes basic load balancer redundancy. To configure this, do
ページ3に含まれる内容の要旨
Example of Basic Redundancy Configure Load Balancer 1 1. Name the router Name this router LB-1. set system name=LB-1 2. Create the VLANs Create the three VLANs that this example uses: VLAN 2 for the public Internet side create vlan=vlan2 vid=2 VLAN 3 for the private LAN side create vlan=vlan3 vid=3 VLAN 4 for managing the load balancer redundancy create vlan=vlan4 vid=4 3. Add ports to the VLANs Add ports to the three VLANs. add vlan=2 port=1 add vlan=3 port=2-4 add vlan=4 port=5 4. Co
ページ4に含まれる内容の要旨
5. Configure the firewall Enable the firewall. enable firewall Create a firewall policy. create firewall policy=lb Set the firewall session timeouts for TCP, UDP and other packet types, in minutes. set firewall policy=lb tcptimeout=5 udptimeout=5 othertimeout=5 Add the public and private interfaces to the firewall policy. add firewall policy=lb int=vlan2 type=public add firewall policy=lb int=vlan3 type=private Add the redundancy management VLAN to the firewall policy as a private interface. add
ページ5に含まれる内容の要旨
7. Configure VRRP Configure VRRP for the private side interface. This step creates a virtual address for the private interface of both load balancing routers. Private servers use this address as their gateway to the Internet, instead of using the address of the private interface of either router. This means the servers’ gateway is independent of which router is the master load balancer. enable vrrp create vrrp=2 over=vlan3 ipaddress=192.168.1.202 When you configure your servers, enter the VRR
ページ6に含まれる内容の要旨
9. Configure triggers If one of the load balancers goes down, the firewall configuration needs to change. This example uses triggers to make this change automatically, by running a script when the state changes. See "Create the Scripts" on page 9 for instructions for making the scripts. Enable triggers. enable trigger Set the router to run the script master.scp if it becomes the master load balancer. This script adds firewall allow rules to support the resource pools. create trigger=2 module=
ページ7に含まれる内容の要旨
Configure Load Balancer 2 Load balancer 2 is identical to load balancer 1, except for its: name (which is just a convenience and does not affect how it functions) public interface’s IP address private interface’s IP address load balancer redundancy peer, which is load balancer 1 Because the two load balancers are so similar, the following instructions do not explain the steps—see the instructions for load balancer 1 for explanations. 1. Name the router set system name=LB-2 2. Create t
ページ8に含まれる内容の要旨
6. Disable the GUI and the HTTP server on port 80 Either: disable gui disable http server Or: set http server port=8080 7. Configure VRRP enable vrrp create vrrp=2 over=vlan3 ipaddress=192.168.1.202 8. Configure load balancing enable lb add lb respool=web selectmethod=roundrobin faillast=no add lb resource=web1 ip=192.168.1.1 port=80 respool=web add lb resource=web2 ip=192.168.1.2 port=80 respool=web add lb virtualbalancer=web publicip=172.214.1.2 publicport=80 respool=web enable lb virtualbal
ページ9に含まれる内容の要旨
Create the Scripts This section describes the scripts that the trigger facility runs when the master or slave load balancer changes. Create the same scripts on both load balancer 1 and load balancer 2. Create the scripts in a text editor on your PC. You can then open the router’s editor by using the command edit master.scp (or edit slave.scp) and copy and paste the text of the script into the editor. Use Ctrl+K+X to save the script and exit. Alternatively, you can copy your PC-created script
ページ10に含まれる内容の要旨
Extension: Controlling Server Selection Sometimes you may prefer your customers to access a certain server for certain traffic types. However, if that server fails, they still require redundancy to an alternate server. This section shows how to configure this. The example gives you control over server selection for SFTP (Secure File Transfer Protocol) traffic, while providing server redundancy if the preferred server fails. In this example, SFTP favours the first resource only (192.168.1.1).
ページ11に含まれる内容の要旨
Configure the Triggers: Extra Commands When the preferred server goes down or comes back up again, the load balancer needs to change to the appropriate resource. This example uses triggers to make this change automatically, by running a script when the server’s state changes. This section describes the extra trigger commands you need to add on both load balancer 1 and load balancer 2. See "Create New Scripts" on page 12 for instructions for making the scripts. As part of its healthcheck feat
ページ12に含まれる内容の要旨
Create New Scripts This section describes the scripts that the trigger facility runs when the preferred SFTP server goes down or comes back up again. The scripts enable and disable the second resource. Load the same scripts onto both load balancer 1 and load balancer 2. The load balancers send pings every 60 seconds to check the health of each resource. Therefore, the load balancer can take up to 60 seconds to detect that the server has gone down or come up again. ! Script for when the pref
ページ13に含まれる内容の要旨
Configuration Summary This section shows the full extended configurations and scripts, without comments. Commands: Load Balancer 1 set sys name=LB-1 create vlan=vlan2 vid=2 create vlan=vlan3 vid=3 create vlan=vlan4 vid=4 add vlan=2 port=1 add vlan=3 port=2-4 add vlan=4 port=5 enable ip add ip int=vlan2 ip=172.214.1.3 mask=255.255.255.0 add ip int=vlan4 ip=192.168.2.2 add ip int=vlan3 ip=192.168.1.200 enable firewall create firewall policy=lb set firewall policy=lb tcpt=5 set firewall policy=lb u
ページ14に含まれる内容の要旨
Commands: Load Balancer 2 set sys name=LB-2 create vlan=vlan2 vid=2 create vlan=vlan3 vid=3 create vlan=vlan4 vid=4 add vlan=2 port=1 add vlan=3 port=2-4 add vlan=4 port=5 enable ip add ip int=vlan2 ip=172.214.1.4 mask=255.255.255.0 add ip int=vlan4 ip=192.168.2.1 add ip int=vlan3 ip=192.168.1.201 enable firewall create firewall policy=lb set firewall policy=lb tcpt=5 set firewall policy=lb udpt=5 set firewall policy=lb othert=5 add firewall policy=lb int=vlan3 type=private add firewall policy=l
ページ15に含まれる内容の要旨
File: master.scp add firewall poli=lb int=vlan2-1 type=public add fire poli=lb ru=1 int=vlan2-1 action=allow prot=tcp po=80 add fire poli=lb ru=2 int=vlan2-1 action=allow prot=tcp po=22 set vrrp=2 prio=200 File: slave.scp delete firewall poli=lb int=vlan2-1 delete firewall poli=lb ru=1 delete firewall poli=lb ru=2 set vrrp=2 prio=100 File: sftp1down.scp ena lb res=sftp2 File: sftp1up.scp dis lb res=sftp2 immediately USA Headquarters | 19800 North Creek Parkway | Suite 200 | Bothell | WA 98011 |