User guide 0908

Transcription

User guide 0908

EXCELIANCE – ZAC des Metz 3 Rue du petit robinson – 78350 Jouy en Josas
Tél: 01.30.67.60.74 – Fax: 01.75.43.40.70 – email: [email protected] – www.exceliance.fr
1
Technical training
Administration
ALOHA Load Balancer
Application Level Optimization & High Availability
High availability & load balancing solution
for high performance Web servers & TCP applications
© Copyright Exceliance 2007-2009 -
- www.exceliance.fr
2
Sommaire
 This guide is intended to any IT staff who is
or will be in charge of setting up, configuring,
and maintaining an ALOHA LB system in
production.
 All basic functionnalities will be covered in
this guide that will allow any attendee to be
able to set up an ALOHA LB in a production
environment without help.
- www.exceliance.fr
3
Table of contents
Sommaire
I.
II.
III.
IV.
Introduction -------------------------------------------------------------------------------------------------------------------------- 7
a.
General facts ----------------------------------------------------------------------------------------------------------------- 7
b.
Definition --------------------------------------------------------------------------------------------------------------------- 8
c.
Problems ---------------------------------------------------------------------------------------------------------------------- 9
d.
Risks & consequences ----------------------------------------------------------------------------------------------------- 10
e.
Technical solution ---------------------------------------------------------------------------------------------------------- 11
f.
State of the Art ------------------------------------------------------------------------------------------------------------- 12
ALOHA L B characteristics-------------------------------------------------------------------------------------------------------- 13
a.
Versions --------------------------------------------------------------------------------------------------------------------- 13
b.
ALB 500 overview ---------------------------------------------------------------------------------------------------------- 14
c.
ALB 2K overview ----------------------------------------------------------------------------------------------------------- 15
d.
ALB 4K – 8K & 16K overview --------------------------------------------------------------------------------------------- 16
e.
Specifications --------------------------------------------------------------------------------------------------------------- 17
f.
Energy savings ------------------------------------------------------------------------------------------------------------- 18
Implementation cases ------------------------------------------------------------------------------------------------------------- 19
a.
In a DMZ ---------------------------------------------------------------------------------------------------------------------19
b.
Complementary to an existing L4 load balancer ------------------------------------------------------------------------ 20
c.
For intranet applications -------------------------------------------------------------------------------------------------- 21
d.
Multi-sites configuration -------------------------------------------------------------------------------------------------- 22
Graphical User Interface ---------------------------------------------------------------------------------------------------------- 23
a.
Factory settings ------------------------------------------------------------------------------------------------------------ 23
b.
Setup Wizard --------------------------------------------------------------------------------------------------------------- 24
c.
Configuration --------------------------------------------------------------------------------------------------------------- 25
d.
Services --------------------------------------------------------------------------------------------------------------------- 26
e.
Services details ------------------------------------------------------------------------------------------------------------- 27
f.
Address translation -------------------------------------------------------------------------------------------------------- 31
- www.exceliance.fr
4
Table of contents
Sommaire
V.
VI.
g.
IP access list (ACL) -------------------------------------------------------------------------------------------------------- 32
h.
Network Flow --------------------------------------------------------------------------------------------------------------- 33
i.
TCP load balacing ---------------------------------------------------------------------------------------------------------- 34
j.
Transaction securization protocol ---------------------------------------------------------------------------------------- 35
k.
Level 7 load balancing ----------------------------------------------------------------------------------------------------- 36
l.
Events logs ------------------------------------------------------------------------------------------------------------------ 37
m.
Statistics -------------------------------------------------------------------------------------------------------------------- 38
n.
Monitoring ------------------------------------------------------------------------------------------------------------------ 39
Quick setup (wizard) --------------------------------------------------------------------------------------------------------------- 40
a.
Schema --------------------------------------------------------------------------------------------------------------------- 40
b.
Starting the wizard -------------------------------------------------------------------------------------------------------- 41
c.
Network interfaces -------------------------------------------------------------------------------------------------------- 42
d.
Network interfaces aggregation ----------------------------------------------------------------------------------------- 43
e.
IP addressing -------------------------------------------------------------------------------------------------------------- 44
f.
IP routing ------------------------------------------------------------------------------------------------------------------ 45
g.
VRRP ------------------------------------------------------------------------------------------------------------------------ 46
h.
Admin access --------------------------------------------------------------------------------------------------------------- 47
i.
Load balancing ------------------------------------------------------------------------------------------------------------- 48
j.
Virtual server -------------------------------------------------------------------------------------------------------------- 49
k.
Configuration summary --------------------------------------------------------------------------------------------------- 51
l.
Configuration generation ------------------------------------------------------------------------------------------------- 52
Level 7 load balancing (HTTP, RDP, HTTPS, FTP) ------------------------------------------------------------------------------- 53
a.
Generated Configuration (monitoring) ---------------------------------------------------------------------------------- 53
b.
Generated Configuration (LB Layer7) ----------------------------------------------------------------------------------- 54
c.
Configuration – global section ------------------------------------------------------------------------------------------- 55
d.
Configuration – default settings ----------------------------------------------------------------------------------------- 56
- www.exceliance.fr
5
Table of contents
Sommaire
e.
Configuration – virtual servers ------------------------------------------------------------------------------------------- 57
f.
Configuration – real servers farm --------------------------------------------------------------------------------------- 59
g.
Adding virtual servers ----------------------------------------------------------------------------------------------------- 65
h.
Stopping virtual servers -------------------------------------------------------------------------------------------------- 70
i.
Adding real servers -------------------------------------------------------------------------------------------------------- 72
j.
Stopping real servers ------------------------------------------------------------------------------------------------------ 74
k.
Session persistence -------------------------------------------------------------------------------------------------------- 75
l.
Content switching --------------------------------------------------------------------------------------------------------- 78
m.
SSL setup ------------------------------------------------------------------------------------------------------------------- 80
VII. Level 4 load balancing (TCP) ------------------------------------------------------------------------------------------------------ 91
a.
Network flow --------------------------------------------------------------------------------------------------------------- 92
b.
Configuration (LB Layer 4) ----------------------------------------------------------------------------------------------- 95
c.
Directors configuration --------------------------------------------------------------------------------------------------- 96
VIII. ALOHA LB High availability ------------------------------------------------------------------------------------------------------ 104
a.
VRRP between two Aloha ----------------------------------------------------------------------------------------------- 104
b.
Configuration synchronization in cluster mode ----------------------------------------------------------------------- 107
IX.
Monitoring ------------------------------------------------------------------------------------------------------------------------- 109
X.
Statistics --------------------------------------------------------------------------------------------------------------------------- 111
XI.
Events logs ------------------------------------------------------------------------------------------------------------------------ 113
XII. Faq ---------------------------------------------------------------------------------------------------------------------------------- 114
a.
Configuration error control ---------------------------------------------------------------------------------------------- 114
b.
Configuration backup ---------------------------------------------------------------------------------------------------- 118
- www.exceliance.fr
6
Introduction
General facts
Sommaire

The ALOHA is a solution dedicated to application platforms (Web,
filtering relay, directories, CRM, ERP, thin client servers,…) high
availaibility and load balancing.

Proposed as an appliance, it is partly based on the L7 open source load
balancer HA Proxy and L4 LVS (Linux Virtual Server) both known for
their liability and performance. These two software are mainly used all
over the world in high performance and heavy constraints production
environments.

The ALOHA includes an enriched and optimised HA Proxy running on top
of a dedicated linux embedded operating system.
- www.exceliance.fr
7
Introduction
Definition
Sommaire
What is load balancing ?
Although one server power is always limited, a Web application should run on many servers to
support a constant growth of the number of users. This is what is called application scalability.
For intranet applications, scalability management is quite easy because the number of users is
already known and will rarely grow suddenly.
On the other hand, for Internet portals or e-commerce applications, the regular growth of the
number of users as the constant growth of high bandwidth links are both heavy loading factors.
In this case, IT managers need to find solutions to achieve scalability by balancing the load amongst
many servers, by using internal applications processes or/and by platform architecture
reorganization.
Load balacing allows to use many servers that will then provide the same services and will all do the
same job (although it is possible to dedicate some servers to specific as we will see later).
But, increasing the number of servers may also increase the risk of failure in the platform. This risk
must be seriously addressed.
Ability to guarantee the service availability is calles high availability.
This feature is frequently required in a load balacing environment which is the main reason why most
of the people are mixing these two concepts together.
- www.exceliance.fr
8
Introduction
Problems
Sommaire
Problems
 Performance
 Availability
 Security
 Application
bugs
 OpEX
- www.exceliance.fr
9
Introduction
Risks et consequences
Sommaire
RISKS
 Low performances
 Wait states, latency
 Connection problems
 Sessions loss
 Unavailability
 Information leaks
CONSEQUENCES
 Financial loss
 recurrent bad performance
 Load Peaks bad performance
 Unavailability time X number of
impacted users
 Bad company image
 Over expenses
 Business opportunities loss
 Legal issues
- www.exceliance.fr
10
Introduction
Technical solution
Sommaire
Solutions
 enforce
scalability
 Reduce
infrastructure
costs
 Management
simplification
 Application
protection
- www.exceliance.fr
11
Introduction
State of the Art
Sommaire
Access :
May be redundant using BGP protocol.
Multisite configuration possible via DNS.
Level 3-4 load balancer :
Scalable & Highly available infrastructure.
Front end Scalability :
Web Acceleration & security (costly L7
treatments) : SSL, cache, compression,…
SSL – proxy cache
Level 7 load balancer:
Scalable & highly available application.
Persistence, monitoring, troubleshooting,
logs, content switching…
Applications:
Runs on dedicated or shared servers.
Heavy applications need more servers
- www.exceliance.fr
12
Aloha characteristics
Versions
Sommaire
Aloha LB appliances are proposed in the following form factor :
 1U rack appliances with very low power consumption (10 to 57
Watts @ full load),
 Embedded appliance on SSD (bootable firmware on rack servers of
major vendors (IBM, HP, DELL, Supermicro,…),
 Virtual appliances (VMWARE™ image for ESX/VI).
- www.exceliance.fr
13
Aloha Caracteristics
ALB 500 Overview
Sommaire

Front panel :
12 3











4
Rear panel :
5
6
7
8
9
- www.exceliance.fr
1. CPU activity
2. Flash Activity
3. Network Activity
4. Factory reset
5. Serial port
6. Network Port
7. Network Port
8. Network Port
9. USB Ports
10. Main Power
10
14
ALB 2K Overview
Sommaire

1
2 3 4
Slot 1

10
Front panel :
5
6 7 8 9
Slot 2
Rear panel :
Hotplug Power 1











1. Serial Port
2. Network Port
3. Network Port
4. Network Port
5. Activity LED
6. Serial Port
7. Network Port
8. Network Port
9. Network Port
10. Power plug
11. Power plug
11 Hotplug Power 2
- www.exceliance.fr
15
ALB 4K – 8K – 16K Overview
Sommaire

1

Front panel :
5 6 7 8 91011 12
234
Rear panel :
13
14 15
- www.exceliance.fr















1. LCD
2. Not used
3. Not used
4. Not used
5. Not used
6. Console port
7. USB Ports
8. Network Port
9. Network Port
10. Network Port
11. Network Port
12. Activity LED
13. Serial Port
14. On/Off switch
15. Power plug
16
Specifications (french)
Sommaire
- www.exceliance.fr
17
Energy savings
Sommaire
Power
Consumption
Operational
(full load)
ALOHA 500
ALOHA 2K
ALOHA 4K
ALOHA 8K
ALOHA 16K
10 W
10-20 W
40 W
53 W
57 W
- www.exceliance.fr
18
Implementation cases
In a DMZ
Sommaire
- www.exceliance.fr
19
Complementary to an existing L4 load balancer
Sommaire
- www.exceliance.fr
20
For Intranet applications
Sommaire
- www.exceliance.fr
21
Multi-sites configuration
Sommaire
- www.exceliance.fr
22
GUI
Factory settings
Sommaire
http://192.168.0.200:4444
or
http://192.168.1.200:4444
http://192.168.0.200:4444
admin
admin
- www.exceliance.fr
23
GUI
Wizard
Sommaire
This tab allows to :
 Launch the step by step
configuration wizard.
 Be careful :
 Using this wizard, any
previous settings will be
replaced
 To avoid any error, stop
the wizard before the end
and restart the ALOHA.
- www.exceliance.fr
24
GUI
Configuration (Setup)
Sommaire
 Identify system (name,
version, firmware, id,…),
 Know licensing state,
 Import, export, save and
reset configuration.
 Show firmware revision.
 Install or delete a licence
file.
- www.exceliance.fr
25
GUI
Services
Sommaire
This tab allows to manage
services :
 View a service state and
start mode.
 Configure a service.
 Start a service.
 Stop a service.
 Restart a service.
 Reload a service.
 Apply a configuration.
 Cancel a configuration.
 Synchronize a
configuration (cluster
mode).
- www.exceliance.fr
26
GUI
Services details
Sommaire
Provide system configuration: host name, date,...
Log management and configuration (export to syslog server) service.
Instance for system events management
Instance for application events management
Instance for trafic events management
Instance for console events management
- www.exceliance.fr
27
GUI
Services details
Sommaire
Network interfaces and IP configuration management service.
Instance dedicated to interface 0
Instance dedicated to interface 1.
Instance dedicated to interface 2.
IP routing service management
Ports redirection & IP translation rules service.
- www.exceliance.fr
28
GUI
services details
Sommaire
IP ACL management service
Network flow classification management
L4 (TCP) load balancing management service
L7 load balancing management service in proxy mode
ALOHA high availability (cluster mode)
CLI secured access management
- www.exceliance.fr
29
GUI
Services details
Sommaire
Time synchronization management service (log time stamping)
SNMP monitoring management
ALOHA configuration synchronization (cluster)
SSL management
SNMP trap or email notification configuration
Web UI access configuration
- www.exceliance.fr
30
GUI
Address translation (NAT)
Sommaire
 Manage NAT rules,
 Push NAT rules to another
ALOHA in the cluster
(synchronize)
- www.exceliance.fr
31
GUI
IP Access lists (IP Acl)
Sommaire
 Manage IP ACLs.
 Push IP ACLs to another
ALOHA in the cluster
(synchronize).
- www.exceliance.fr
32
Graphical user interface
Network Flows
Sommaire
 Manage flow identification
rules which will be used in
L4 load balancing
configuration.
 Synchronize this
configuration to a peer
ALOHA.
- www.exceliance.fr
33
GUI
L4 load balancing (LB Layer4)
Sommaire
 Create L4 load balancing
configuration.
 This config may be pushed
(synchronized) to a peer
ALOHA.
- www.exceliance.fr
34
GUI
Transaction securization protocol (SSL)
Sommaire
 Configure SSL settings.
 Manage SSL certificates.
- www.exceliance.fr
35
GUI
Level 7 load balancing (LB Layer7)
Sommaire
 Manage L7 load balancing
configuration.
 Synchronize this config to
a peer ALOHA.
- www.exceliance.fr
36
GUI
Event logs (Logs)
Sommaire




- www.exceliance.fr
View system events.
View application logs.
Study trafic logs.
Get details on potential
misconfiguration errors
(console log).
37
GUI
Statistics (Stats)
Sommaire
 Visualize real time stats
about detailed load and
requests volume for each
front end and back ends.
- www.exceliance.fr
38
GUI
Monitoring
Sommaire
 View system activity.
 Get instant details on
servers states.
 Follow real time state of
servers.
 Verify activity level of L4
& L7 load balancing.
- www.exceliance.fr
39
Quick setup (Wizard)
Schema (example)
Sommaire
Datacenter
ALB-VA
192.168.0.155
Aloha
Master
WebSRV
192.168.0.201
192.168.0.254
WebSRV2
192.168.0.202
VirtualSRV
Users site
- www.exceliance.fr
40
Quicl setup (Wizard)
Starting the wizard
Sommaire
This step allows to :
 Start the wizard.
 This step only allow to go
to next step or to cancel
the wizard.
- www.exceliance.fr
41
Network interfaces
Sommaire
 Configure physical
network interfaces.
 Select interfaces speed
(10 / 100 / 1000 Mbit/s).
 Select negociation mode
(half duplex or full duplex).
 Describe each interface
(giving a name).
- www.exceliance.fr
42
Interfaces aggregation
Sommaire
 Aggregate network
interfaces (bonding).
- www.exceliance.fr
43
IP addresses
Sommaire
 Configure IP adresses for each
network interface (admin
adresse, internal addresses or
public addresses).
Be careful :
 When you use an ALOHA cluster
(2 ALOHA in active/passive
mode), the shared services IP
addresses will be presented by
VRRP service and will be
configured next step..
- www.exceliance.fr
44
IP routing
Sommaire
 Define IP routes to allow
the ALOHA to reach other
networks.
- www.exceliance.fr
45
VRRP (Virtual redundant router protocol)
Sommaire
 Ensure service high availability
mode between two ALOHA (cluster
mode).
 The VRRP IP address equals to the
service address which will be
presented by VRRP service.
 The VRRP ID is a number between
1 and 255 affected to every
machine in the cluster (this ID
must be unique on your network).
 Priority number (between 1 to 254)
indicates the node’s priority in the
cluster (higher priority takes traffic
first).
- www.exceliance.fr
46
Admin access
Sommaire
 Configure admin access
mpodes to the ALOHA.
 The ‘SSH’ section relates to
configuration access mode to
the CLI.
 The ‘Web interface’ section
allows you to control the
access mode to the Web
interface.
- www.exceliance.fr
47
Load balancing
Sommaire

Configure the load balancing operating
mode as well as virtual servers.

Activate IP address translation mode
(for multiple DMZ use or to keep
source client IP address when
configured in network cutting mode).

Activate port translation (if your
servers are using private non routable
IP addresses).

Activate ACLs (to restrict access to or
from some IP asdresses).

Create one or many virtual servers
(real servers group).
- www.exceliance.fr
48
Virtual server (1)
Sommaire
 Associate an IP
adresses/ports list behind
which is hosted a service on a
server farm.
 Manage load balancing
parameters for a particular
virtual server (LB mode,
method, cookie, time outs,…).
 Add additional server in the
virtual server.
 Configure healthchecks
parameters for real servers.
- www.exceliance.fr
49
Virtual server (2)
Sommaire
 Add new virtual servers.
 Edit virtual server
configuration.
 Delete virtual servers.
- www.exceliance.fr
50
Configuration summary
Sommaire
 View configuration
synthesis
 Apply you new
configuration
- www.exceliance.fr
51
Configuration generation
Sommaire
 Save and validate the
ALOHA configuration you
have made and apply it
after a reboot.
- www.exceliance.fr
52
Level 7 load balancing
Generated configuration (monitoring)
Sommaire
 The wizard helped you to
create a new
configuration. You may
see it in the ‘monitoring’
tab
- www.exceliance.fr
53
Generated Configuration (LB Layer7)
Sommaire
 The wizard has generated
a new commented
configuration which is
shown in the ‘LB layer 7’
tab.
- www.exceliance.fr
54
Configuration – global section
Sommaire
 This section is used for
« HA Proxy » integration
global parameters in the
ALOHA.

Le paramètre « chroot » autorise à changer la racine du processus une fois le programme
lancé, de sorte que ni le processus, ni l'un de ses descendants ne puissent remonter de
nouveau à la racine. Aussi, il est important d'utiliser un répertoire spécifique au service
pour cet usage, et de ne pas mutualiser un même répertoire pour plusieurs services de
nature différente. Pour rendre l'isolement plus robuste, il est conseillé d'utiliser un
répertoire vide, sans aucun droit, et de changer l'uid du processus de sorte qu'il ne puisse
rien faire dans ledit répertoire.

Le paramètre « user » permet de spécifier un nom d’utilisateur . Il est possible d’utiliser un
identifiant numérique (uid).

Le paramètre « group » permet de spécifier un nom de groupe. Il est possible d’utiliser un
identifiant numérique (gid).

Le paramètre « daemon » permet de mettre le processus en arrière plan.

Il s’agit du socket sur laquelle se connectent les différents outils de l’interface (ainsi que le
snmp) pour récupérer les compteurs.
- www.exceliance.fr
 Be careful :
 EXCELIANCE advise you
not to modify these
parameters as they could
greatly impact the ALOHA
configuration.
55
Configuration – default settings
Sommaire
 This section is used to
define default parameters
that will be used in the
next configuration
sections.

« option httpclose » activate/deactivate passive connection closing (a workaround to « keep alive »).

« option dontlognull » activate/deactivate logs for connections without requests.


« option redispatch » activate/deactivate session redistribution in the case a connection may have failed.
« option contstats » activates constant update of traffic statistics.

In the case of a connection failure to a server, it is possible to retry several times (either to another server when load balancing is
on). The maximum number of retries is defined by « retries » parameter.




« timeout
« timeout
« timeout
« timeout

« backlog » defines the number of connections with no « ACK » before triggering SYNFLOOD protection process.
connect» Defines the maximum wait time for a successful connection to a server.
http-request » Defines the maximum wait time to get a full HTTP request.
queue » Defines the maximum time to wait before freeing a connection.
tarpit » Defines the duration time during which « tarpited » connections will be maintained.
- www.exceliance.fr
56
Configuration – virtual servers
Sommaire
define the parameters for
the first virtual server
(front end).

« bind » Defines one or several listen IP adresses:ports for each virtual server.

« mode http » If set, defines instance operation mode in a pure HTTP mode.

« log global » Activates logs for this instance using global log parameters.

« option httplog » Activates detailed HTTP requests logs with session state and detailed counters.

« maxconn » defines the maximum number of concurrent connections which will be accepted by this front end. Au-delà de ce
nombre, les connexions en excès resteront dans la « backlog » du système. Over limit connections will be kept in the system
backlog and treated sequentially.

« timeout client » defines the maximum idle time for the client side (in milliseconds)

« default_backend » defines the backend to use when no « use_backend » specific rule have been defined.
- www.exceliance.fr
57
Schema update
Sommaire
Datacenter
ALB-VA
192.168.0.155
WebSRV4
192.168.0.204
WebSRV
192.168.0.201
WebSRV5
192.168.0.205
Aloha
Master
WebSRV2
192.168.0.202
192.168.0.254
VirtualSRV2
VirtualSRV
Users site
- www.exceliance.fr
58
Configuration – real servers farm
Sommaire
 This section relates to real
servers (back end) load
balancing parameters.

« balance » defines which load balancing algorythm will be used in the farm.

« roundrobin » will use each real server in a round robin way using server’s weight.
A
(Weight=1)
B
(W =1)
A
(W =1)
B
(W =1)
A
(W =2)
(W =2)
Identical weights
A
B
(W =1)
A
(W =2)
A
(W =2)
B
(W =1)
Different weights
- www.exceliance.fr
59
Sommaire

« leastconn » ALOHA will choose the server which manage the lowest number of connections
A
(Connections=10)
B
(C=5)
A
(New connection)
- www.exceliance.fr
B
n=6)
(Connections=10) (Connections=6)
60
Sommaire

« balance source » ALOHA will use a source client IP hash to always connect the client on the same real server.
PC1
IP=64.3.1.150
PC1
A
PC2
PC2
IP=86.30.5.12
B
- www.exceliance.fr
61
Sommaire

« balance uri » allows to redirect a connection to a real server based on the URI hash divided by the total weight of active servers.
http://www.serveur.com/recherche/catalog/?productId=8202b
A
http://www.serveur.com/recherche/profil/?memberId=0061h
B
- www.exceliance.fr
62
Sommaire


« cookie » allows to activate session persistence using a cookie.
« cookie insert » indicates that the cookie will be inserted in the response. (This session cookie will not be stored on the client hard
disk).
« cookie indirect » defines that the cookie will only be inserted after the server will have been elected by the load balancing.
« cookie nocache » recommended option when there is a proxy cache server on the data way between ALOHA and client

« option httpchk » use the specified HTTP request to proceed the healthcheck (HEAD for default HTTP header).

« option forwardfor » activates the use of the « x-forwarded-for » field in the requests to real servers (useful to keep source IP)

« fullconn » Advanced tuning parameter (threshold for dynamic limit) (by default equals to « maxconn » value ).

« timeout server » defines the maximum time ALOHA will wait a response from real servers (in millisecond).


- www.exceliance.fr
63
Sommaire

« server » real server declaration ( server <name> <address>[:port] [param*…])
 « name » internal name assigned to this real server (will appear in logs and interface).
 « address » server’s IPv4 address.
 « port » server’s TCP port to use.
 « cookie » defines a session cookie (cookie <name>)
 « weight » Used to define server’s weight (used by load balancing algorythms).
 « maxconn » maximum concurrent connections for this server. Exceding connections will be hold in the queue or redirected
to other servers.
 « check » Activates healthchecks.
 « inter » defines time interval between 2 checks (in milliseconds by default).
 « fall » defines the required number of failed checks to declare this server as unoperational (failover).
 « rise » defines the required number of successful checks to declare this server as operational again (failback).
- www.exceliance.fr
64
Adding virtual servers
Sommaire
To add a new front end :
Select the two
configuration sections
(frontend & backend) from
an existing virtual server.
Cut & paste your selection
Make your modifications
(IP, names, parameters,…).
- www.exceliance.fr
65
Sommaire
 Validate your configuration by clicking on the « OK » button.
- www.exceliance.fr
66
 Apply this configuration by clicking on the « apply » button.
- www.exceliance.fr
67
Sommaire
 Push this new configuration to the peer ALOHA (cluster mode) by
clicking on the « push » button (be sure to try before synchronizing).
- www.exceliance.fr
68
Sommaire
 The « Monitoring »
tab will then show
you your new virtual
server along with
the associated real
servers.
- www.exceliance.fr
69
Stopping virtual servers
Sommaire
In case of a virtual
server failure, an alert
will be raised :
At virtual server level
At real server level
- www.exceliance.fr
70
Schema update
Sommaire
Datacenter
ALB-VA
192.168.0.155
WebSRV4
192.168.0.204
WebSRV
192.168.0.201
WebSRV2
192.168.0.202
WebSRV5
192.168.0.205
Aloha
Master
WebSRV3
192.168.0.203
192.168.0.254
VirtualSRV2
VirtualSRV
Users site
- www.exceliance.fr
71
Adding a real server
Sommaire
To add a real server in a virtual
server farm, you may :
Select the line of an existing
real server,
Cut & paste this line,
Modify the values (name,
IP,…).
Validate your changes by
clicking « OK ».
Apply the configuration by
clicking « Apply ».
Test your config,
Then push your config to the
peer ALOHA when in cluster
mode.
- www.exceliance.fr
72
Adding a real server
Sommaire
 The « Monitoring »
tab will show you
your new real
server
« WebSRV3 » in the
virtual server farm
« VirtualSRV ».
- www.exceliance.fr
73
Stopping a real server
Sommaire
In case of a real server
failure or unavailability,
an alert will show :
At real server level.
At virtual server level.
74
- www.exceliance.fr
Session persistence (cookies)
Sommaire
 A session is defined as a
group of HTTP requests
between a client and a server
in a defined period of time.
 This concept allows to
associate a group of requests
then matching it to a single
client.
Aloha
 Cookie persistence is used to
maintain a link between all
the requests of a given
session.
- www.exceliance.fr
75
Session persistence (cookies)
Sommaire
 On the first request, the
ALOHA inserts a server ID
in a cookie sent to the
client.
 With this ID, the ALOHA
will then know which real
server to use for all the
Aloha
requests in this session.
- www.exceliance.fr
76
Schema update
Sommaire
StaticSRV1
192.168.0.206
ImageSRV
StaticSRV2
192.168.0.207
Datacenter
WebSRV
192.168.0.201
ALB-VA
192.168.0.155
WebSRV2
192.168.0.202
WebSRV4
192.168.0.204
Aloha
Master
WebSRV3
192.168.0.203
WebSRV5
192.168.0.205
192.168.0.254
VirtualSRV
VirtualSRV2
Users site
- www.exceliance.fr
77
Content switching
Sommaire
 Activating Content switching
feature requires to setup an
ACL ( here called « statics »)
for the frontend.
 Requets analysis will take
place at application level
based on criterias you define.
 In this example, we will
analyze URL content to find
some subdirectories names
like « images, css or js ».
 These criterias may be :
 File extensions : htm,
pdf, doc, jpg, gif…
 subdirectories : images,
css, js…
 Host names : extranet,
intranet…
 IP addresses, ports,
cookies, URL
parameters,…
- www.exceliance.fr
78
Content switching
Sommaire
The « monitoring »
tab will show you
your new static
servers created in a
new backend
(dedicated to static
images).
3/3
2/2
2/2
- www.exceliance.fr
79
SSL setup
Sommaire
 In the « SSL » tab, a notification
message tells you that the
« stunnel » is not running.
 You may then configure a
dedicated listen IP address:port
which will be binded to the SSL
certificate.
 To create your certificate (either
from scratch or to import an
existing key), click on the « New »
button.
- www.exceliance.fr
80
SSL setup
Sommaire
In this step, the wizard
allows you to :
Generate a private key
from scratch.
Or
Import (upload) an existing
private key file.
- www.exceliance.fr
81
SSL setup
Sommaire
 We complete the fields for
the certificate request.
Or
We upload an existing
certificate request.
- www.exceliance.fr
82
SSL setup
Sommaire
We may auto-sign the
request while waiting an
official certificate (Verisign,
Thawte,…),
Or
We upload an existing
trusted certificate.
- www.exceliance.fr
83
SSL setup
Sommaire
New certificate is then
created
It can be edited or deleted.
- www.exceliance.fr
84
SSL setup
Sommaire
While editing you may :
Change the certificate
(requires an update by
clicking on the « update »
button).
Sign a trusted certificate by
clicking on the « Re-Sign »
button.
- www.exceliance.fr
85
SSL setup
Sommaire
define SSL parameters
(stunnel service).
 These parameters should
not have to be modified.

« chroot » defines the directory where the stunnel process will run

« setuid » defines the user who will own the stunnnel daemon.

« setgid » defines the user group who will own the stunnel daemon

« pid » defines the « pid » file path.

« debug » defines debugging level (e.g. 2 for critical, 3 for errors,…).
- www.exceliance.fr
86
SSL setup
Sommaire
 This section is used to define
SSL configuration parameters.

« socket » specifies parameters for accept, local and remote sockets.

« TIMEOUTconnect » defines wait delay before connecting to a server

« TIMEOUTbusy » defines wait delay before receiving data.

« TIMEOUTidle » defines connection last time when idle

« TIMEOUTclose » defines wait delay before closing a connection
- www.exceliance.fr
87
SSL setup
Sommaire
 This section is used to define
SSL configuration parameters.

« client » indicates if SSL service will run in remote SSL mode (client) or server mode

« key » private key file path

« cert » certificate file path

« accept » defines on which IP address:port « HA Proxy » will accept connections

« connect » defines remote host name:port
- www.exceliance.fr
88
SSL setup
Sommaire
 An example of a
configured section
- www.exceliance.fr
89
SSL setup
Sommaire
After having configured the
SSL section, you must go to
the « LB Layer7 » tab to
modify the corresponding
virtual server (frontend
section).
You need to add the IP
address which will be used
by « stunnel » service (as
previously configured in the
SSL setup).
- www.exceliance.fr
90
Schema update
Sommaire
Datacenter
Director
ImagesSRV
SslRProxy1
192.168.0.101:443
StaticSRV1
192.168.0.206
SslRProxy2
192.168.0.102:443
StaticSRV2
192.168.0.207
WebSRV
192.168.0.201
WebSRV2
192.168.0.202
192.168.0.254
WebSRV3
192.168.0.203
Aloha
Master
ALB-VA
192.168.0.155
VirtualSRV
WebSRV4
192.168.0.204
WebSRV5
192.168.0.205
VirtualSRV2
Users site
- www.exceliance.fr
91
Network flows
Sommaire
 In the « Flows » tab, a
notification message tells
that the service is not
running.
 To start it, go to the
« Services » tab and start
it up in automatic mode.
- www.exceliance.fr
92
Network flows
Sommaire
 Now, you have to identify
the network flows that
will be treated
 The « Flow » keyword is
used to evaluate a flow
rule




Strategies :
« permit » indicates that the evaluated flow is immediately accepted.
« deny » indicates that the evaluated flow is immediately blocked.
« director »indicates that the evaluated flow will be marked with the director’s name who defines the applied load balancing rules.



Rules evaluation & ignorance:
« match » evaluates if a packet matches the conditions. If so, the defined strategy is applied then the following rule is evaluated
« ignore » evaluates if a packet matches the conditions. If so, strategy will not be applied but packet will be evaluated in the next
rule.
- www.exceliance.fr
93
Network flows
Sommaire
 Now, you define the rules
that will be used to treat
the matching flow








Conditions :
« proto » defines the type of IP protocol : tcp, udp or icmp.
« iface » defines the network incoming interface
« src » defines the source IP of the packet or its network mask
« dst » defines the destination IP adress or network mask for the packet
« srcport » defines the source ports of the packet
« dstport » defines the destination port of the packet
« icmptype » defines the ‘icmp’ code type of the packet.
- www.exceliance.fr
94
Configuration (LB Layer4)
Sommaire
 On the « LB Layer4 » tab, a
notification message tells that the
« LVS » service is not running.
 You may go to the « Services » tab
and activate it along with the
« Ipforward » service in automatic
mode (as shown on the left).
 To do this, click on the « setup »
buttin and replace the keyword ‘no
autostart’ by ‘autostart’ (just delete
‘no’).
 Submit your configuration by
clicking on « OK », then « Close ».
 Once on the original « services »
tab, click on the « apply » button of
these 2 services to apply your
changes.
 Now, you have to create a new «LB
L4 » configuration as explained
below.
- www.exceliance.fr
95
Directors configuration
Sommaire
 This section is dedicated
to the L4 directors load
balancing configuration.
« balance » defines which load balancing algorythm will be used.
« roundrobin » will use each real server in a round robin way using server’s weight.
A
(Weight =1)
B
(W =1)
A
(W =1)
B
(W =1)
A
(W =2)
(W =2)
Identical weights
A
B
(W =1)
A
(W =2)
A
(W =2)
B
(W =1)
Different weights
- www.exceliance.fr
96
Sommaire

« leastconn » ALOHA will choose the server who manage the lowest number of connections
A
(Connections=10)
A
B
(C=5)
(New connection)
- www.exceliance.fr
(C=10)
B
n=6)
(C=6)
97
Sommaire

« balance source »: ALOHA will use a source client IP hash to always connect the client on the same real server.
PC1
IP=64.3.1.150
PC1
A
PC2
PC2
IP=86.30.5.12
B
- www.exceliance.fr
98
Sommaire

« balance dest »: The director will always match the same server to the same client using a destination IP hash divided by the total
weight of all the active servers.
PC1
IP=64.3.1.150
PC1
A
PC2
PC2
IP=86.30.5.12
B
- www.exceliance.fr
99
Sommaire

« balance shortexpdelay »: Director will assign incoming traffic to the faster server (first to answer a request).
PC1
Delay : 10 ms
A
PC1
Delay : 900 ms
B
- www.exceliance.fr
100
Sommaire

« balance neverqueue » Director will assign incoming traffic to the first available server if any, if not, will use the shortest expected
delay algorythm.
A
PC1
PC2
Traitement en
cours…
Disponible
B
- www.exceliance.fr
101
Sommaire



« mode gateway » used by direct routing mode.
« mode nat » used when needing a destination network address translation
« mode tunnel » used for IP in IP encapsulation mode


« option persistence » defines if a director service will use persistence or not. One client requests will always be directed to the
same server as it was selected for the first request.
« option tcpcheck » allows to healthcheck a server opening a TCP connection on its real IP address.




« server » defines real servers IP addresses or IP adresses:ports pairs.
« weight » gives a weight to a real server (will be used by weighted algorythms)
« check » activates check on server’s status.
« sorry » defines a ‘sorry’ server who will be used if all the real servers become unavailable.
- www.exceliance.fr
102
Sommaire
Your directors
configuration will be
shown on the
« monitor » tab.
- www.exceliance.fr
103
High availability
VRRP between two ALOHA
Sommaire
Datacenter
Aloha
Master
Site de
production
VRRP
Aloha
Backup
Aloha
Backup
VRRP
Aloha
Master
Site des
utilisateurs
Datacenter
Users site
Aloha
Master
VRRP
Aloha
Backup
Users site
- www.exceliance.fr
104
High availability
Sommaire
To configure ALOHA high
availability with VRRP
you need to :
 Go to the « Services »
tab and edit the « vrrp »
service configuration by
clicking on the « setup »
button.
 Indicates which network
interfaces will be part of
the VRRP service.
- www.exceliance.fr
105
High availability
Sommaire
Then, you need to :
 Edit service « network
ethX » configuration
(where X is the interface
number(s) used in the
VRRP service) by
clicking on the
« setup » button.
 Then define VRRP
parameters
- www.exceliance.fr
106
High availability
Configuration synchronization
Sommaire
To configure the settings
synchronization between
2 ALOHA you need to :
 Go to the « Services »
tab and click on
the [advanced
mode] link (at the
bottom of the services
icons list).
 Edit parameters by
clicking on the « edit »
button.
- www.exceliance.fr
107
High availability
Configuration synchronization
Sommaire
You also need to :
 Define IP addresses and few
other settings.
 Click on the « OK » button
then the « Close » button.
 Validate by clicking on
« genkey », then « start » and
« getkey » button.
 Important :
 This procedure needs to be
done on the 2 ALOHA.
- www.exceliance.fr
108
Monitoring
Sommaire
Status :
 UP (green) : backend or frontend is
fully operational or real server
positively respond to healthchecks.
 UP (orange) : the server failed to
an healthcheck , its status may
switch to DOWN if more checks are
failing.
 DOWN (red) : server did not
respond to healthchecks or a
backend is unoperational because
all its real servers are down.
 DOWN (orange) : server was down
but now responds to healthchecks.
its status may switch to « UP » if
more checks are successful.
- www.exceliance.fr
109
Monitoring
Sommaire
 OPEN (green) : frontend is fully
operational.
 FULL (red) : frontend is saturated
(maxconn).
 no check (grey) : no healthcheck on
this server.
 Active/Backup: server is configured
as active or backup.
 Active x/y : number of operational
active servers / total of active
servers in the backend.
 Backup x/y : number of operational
backup servers / number of total
operational servers in the backend.
 Connections : instant amount of
connections.
 Queued : number of connections in
queue
- www.exceliance.fr
110
Statistics
Sommaire
 « Status cur » : current frontend or backend status.
 « Status change » : duration time since last status
change.
 « Queue cur » : number of sessions in wait queue.
 « Queue max » : maximum reached number of
sessions in queue
 « Queue limit » : set limit for the max number of
sessions in wait queue.
 « Connections cur » : current number of sessions.
 « Connections max » : maximum peak of
simultaneous sessions.
 « Connections limit » : set limit for simultaneous
sessions.
 « Connections cumul » : number of sessions counter.
 « Connections LoadB » : counter for load balanced
sessions (not attached to one server with
persistence).
 « Bytes In » : incoming bytes counter.
- www.exceliance.fr
111
Statistics
Sommaire
 « Bytes Out » : compteur du nombre d'octets sortants.
 « Denied Req » : compteur du nombre de requêtes
filtrées.
 « Denied Resp » : compteur du nombre de réponses
filtrées.
 « Errors Conn » : compteur du nombre d'erreurs de
connexions.
 « Errors Req » : compteur du nombre de requêtes
erronées.
 « Error Resp » : compteur du nombre de réponses
erronées.
 « Warnings retry » : compteur du nombre de ré-essais
de connexions.
 « Warnings redispatch » : nombre de sessions réaffectées suite à une impossibilité de connexion.
 « Servers active » : nombre de serveurs actifs opérationnels sur le nombre total de serveurs actifs.
 « Servers backup » : nombre de serveurs backups opérationnels sur le nombre total de serveurs backups.
 « Down check » : compteur du nombre d'échecs du test de vitalité.
 « Down count » : compteur du nombre de passages à l'état « down ».
 « Down time » : temps total passé dans l'état « down ».
- www.exceliance.fr
112
Events logs
Sommaire
System logs :

This log section shows logs about ALOHA system events (services
start/stop, processes and L4 load balancing events.
Level 7 load balancing events :


Most of the events are logged : starts, stops, servers status,
connections, errors.
Virtual and real servers start & stop actions are sent as
notifications, stop signals as ’warnings’ and servers or services
shutdown as ‘alerts’.
Level 7 traffic logs:


Basically, logged informations give details on client port, TCP/HTTP
state counters, precise sessions states at closing, details on load
balancing decisions and ability to capture arbitrary headers.
Standard connections are logged at ‘info’ level.
Console logs :

- www.exceliance.fr
CLI commands are shown as ‘info’, output as ‘notice’ and error
output as ‘warning’.
113
FAQ
Configuration error control
Sommaire
 After configuration
validation and in
case there is an error
, an error message
will appear as shown
beside.
 To get more details
on it, just click on
the ‘console log’ link.
- www.exceliance.fr
114
FAQ
Sommaire
 After having clicked
on the link, a console
log window appears
with focus on the
last events.
 Error type is
specified along with
the related line
number.
- www.exceliance.fr
115
FAQ
Sommaire
 Just go to the
indicated line
number,
 Make the proper
correction.
 You may find some
hints by clicking on
the ‘help’ link at the
right top of the
configuration section
- www.exceliance.fr
116
FAQ
Sommaire
 The help tells us that
a « _ » was missing
between the ‘use’
and’backend’
keywords.
 You may now
validate this
configuration.
- www.exceliance.fr
117
FAQ
Configuration backup
Sommaire
 It is important to
understand that when you
modify a configuration
and validate it, it is only
applied in memory and
not directly save in the
config file which is used at
startup.
 To do this, you must click
on the « Configuration not
saved » link then on the
« Save » button.
- www.exceliance.fr
118
Contact
Sommaire
Don’t hesitate to contact us :
by mail : [email protected]
By phone : +33.1.30.67.60.74
Our visit our website : www.exceliance.fr.
- www.exceliance.fr
119

User guide 0908

Transcription

Similar documents

Archive-September 2012 - The Official Website for Songwriter Lance

F-Root-ICANN55 Jeff Markup.key

Tūtū Times - Partners in Development Foundation

Aunty Mahealani workshop flyer

CAB 820 – The basic measuring unit for perfect

D90 Grinding Wheel Balancer

apfcu now offers tiered lending - Aloha Pacific Federal Credit Union

e-parentline - Sacred Hearts Academy

`Ölelo Ola o ka `äina Living Language of the Land

1525061, #1524972, and #1525012