Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
111112113114115116117118119120
Chapter 2 Troubleshooting Active Network Management How Server Load Balancing Works
Advanced Technical Reference Guide 4.1 June 2000 107
Troubleshooting Load Balancing
How Server Load Balancing Works
Load Balancing allows several servers in one network to share and distribute the load among themselves while
being protected by VPN-1/FireWall-1. This reduces the load to any one server and helps the security engineer
manage network traffic from VPN-1/FireWall-1.
The following explanation summarizes how load balancing works. It is based on the explanation in the VPN-
1/FireWall-1 Administration Guide.
HTTP Method
6. A client initiates an service request (for example, an HTTP session) to the logical server.
7. VPN-1/FireWall-1 determines which physical server will be the server for this session, on the basis of the
load balancing algorithm.
8. VPN-1/FireWall-1 redirects the connection to the load balancing daemon (lhttpd).
9. lhppd direct the communication to the proper physical server, and notifies the client that subsequent
connections should be directed to the IP address of a server, rather than the IP address of the logical server.
10. The remainder of the session is conducted without the intervention of the load-balancing daemon.
Non-HTTP (Other) Method
1. A client initiates a service request (for example, an FTP session) to the logical server.
2. VPN-1/FireWall-1 determines which physical server will be the server for this session, on the basis of the
load balancing algorithm.
3. VPN-1/FireWall-1 statically translates the destination IP of incoming packets.
4. The reply packet is routed back through the gateway and translated back to its original state.
Load Balancing Components
Load Balancing involves three components. One way of troubleshooting load balancing is to look at each
component separately
Connect Control Module:
Sits in the VPN/FireWall kernel module (See “Debugging the Connect Control Module” on page 109)
Load Balancing daemon (lhttpd):
Is the user mode process that handles HTTP requests, when the load balancing method is set to HTTP (see
HTTP Method, on page 107 and “Debugging the Load Balancing daemon lhttpd” on page 112)
Load Balancing algorithm:
One of five (see “Debugging the Server-Load Load balancing algorithm” on page 112, and the VPN-
1/FireWall-1 Administration Guide)
License requirement for Load Balancing
To use Load Balancing, the VPN-1/FireWall-1 license must contain the connect string. (Use the printlic
command to view the license)