TERMINOLOGY:
- Primary – A primary server is used by the ServerIron ADX when load balancing client requests for an application.
- Backup – A backup server is used by the ServerIron ADX only if all the primary servers are unavailable for the requested application.
- Local – A local server is one that is connected to the ServerIron ADX at Layer 2. The ServerIron ADX uses local servers for regular load balancing.
- Remote – A remote server is one that is connected to the ServerIron ADX through one or more router hops. The ServerIron ADX uses remote servers only if all the local servers are unavailable.
- By default, Local Real Server is considered to be “Primary” and Remote Real Server is considered to be “Backup”.
- Local Real Server > Dedicated Servers
- Remote Real Server > Cloud Servers
LOCAL REAL SERVERS:
- Server definition starts with “server real” for Local Real Servers
server real web1 192.168.10.33 port http port http keepalive port http url "HEAD /" port http l4-check-only ! server real web2 192.168.10.34 port http port http keepalive port http url "HEAD /" port http l4-check-only !
REMOTE REAL SERVERS:
There are 3 Remote Real Servers. These are the Cloud Servers that are accessible via the RackConnected ASA FW.
- Server definition starts with “server remote-name” for Remote Real Servers
- source-nat is used for the Remote Real Servers
- If the number of connections to the Remote Real Servers are expected to be more than 65K, it is better to use separate SNAT IP. Use the “Brocade ADX Source NAT” Axios documentation
server remote-name web3.domain.com 10.180.4.235 source-nat port http port http keepalive port http url "HEAD /" port http l4-check-only server remote-name web4.domain.com 10.180.5.109 source-nat port http port http keepalive port http url "HEAD /" port http l4-check-only server remote-name web5.domain.com 10.180.5.99 source-nat port http port http keepalive port http url "HEAD /" port http l4-check-only !
VIRTUAL SERVER
server virtual VS-5.5.5.5.5 192.168.99.30 predictor least-conn port http sticky port http tcp-only port http lb-pri-servers port http reset-on-port-fail bind http web1 http web2 http bind http web5.domain.com http web4.domain.com http web3.domain.com http
By default, without “port http lb-pri-servers”, ALL the traffic will be sent ONLY to the “Local Real Servers”. Traffic will be sent to the “Remote Real Servers”, only if ALL the Local Real Servers fail. This is because the Local Real Server is considered to be “Primary Server” and Remote Real Server is considered to be “Backup Server”, by default.
port http lb-pri-servers
When we use the commands mentioned earlier ( port http lb-pri-servers ), all the real servers bound to the VS ( for port http ) will be considered to be “Primary” and traffic will be distributed across “Local” and “Remote” servers.
If we want one server to be “Backup” and all the other servers to be “Primary”, we would have to enter the command:
- backup
under the relevant “Real Server” (Local or Remote).
CSW POLICY – CLIENT IP INSERTION
Create CSW Rule:
csw-rule "HOST_Domain" header "host" pattern "."
OR
csw-rule "HOST_Domain" header "host" exists
Create CSW Policy:
csw-policy "CSW_CLIENT_IP" match "HOST_Domain" forward 1 match "HOST_Domain" rewrite request-insert client-ip default forward 1 default rewrite request-insert client-ip
We would have to use the separate “Match-Forward” rule followed by the “Default” rule since the “Default” rule on its own, without a “Match-Action” rule is not allowed by Brocade ADX.
Create Group ID for Real-Servers:
port http group-id 1 1
Apply CSW Policy to Virtual Server:
port http csw-policy "CSW_CLIENT_IP" port http csw
Example:
server virtual VS-5.5.5.5 192.168.99.30 predictor least-conn port http sticky port http tcp-only port http lb-pri-servers port http csw-policy "CSW_CLIENT_IP" port http csw bind http web1 http web2 http bind http web5.domain.com http web4.domain.com http web3.domain.com http
Reference:
http://community.brocade.com/docs/DOC-1526/diff?secondVersionNumber=4