Equalizer Installation and Administration Guide Version 7.2.4 July 2008 Coyote Point Systems, Inc.
Copyright © 1997-2008 Coyote Point Systems, Inc. All Rights Reserved. Printed in the USA. Equalizer is a trademark of Coyote Point Systems Incorporated. All other brand or product names are trademarks or registered trademarks of their respective companies or organizations. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE.
Contents Preface........................................................................................................ xi In This Guide .............................................................................................. xi Typographical Conventions ....................................................................... xii Where to Go for More Help ........................................................................ xii 1 Overview............................................................
Starting to Configure Equalizer ............................................................22 Configuring the Network Parameters ...................................................23 Committing Changes to the Configuration Parameters .......................25 Setting the Time Zone .........................................................................25 Setting the Date and Time ...................................................................25 Changing Equalizer’s Console Password ...................
Failover Configurations First ........................................................... 52 Enabling Outbound NAT ............................................................................53 Enabling Passive FTP Connections .......................................................... 53 Managing Stale Connections .....................................................................53 Enabling Sticky Network Aggregation ........................................................
Performance Considerations for HTTPS Clusters ...............................86 Managing Servers ......................................................................................87 Server Software Configuration .............................................................87 Adding a Server to a Cluster ................................................................88 Deleting a Server .................................................................................
Setting Up an SNMP Management Station .......................................120 MIB Description .................................................................................120 8 Working with Match Rules ................................................................. 123 Why Match Rules? ................................................................................... 123 Match Rules Overview ....................................................................... 123 Match Rule Processing .........
Adjusting a Site’s Static Weight .........................................................159 Deleting a Site from a Geographic Cluster ........................................159 Envoy Configuration Worksheet ..............................................................160 A Using Server Agents..........................................................................161 Introducing Server Agents .......................................................................161 Agents and Load Balancing Policies .
Converting a Certificate from PEM to PKCS12 Format ........................... 184 Supported Cipher Suites ..........................................................................185 No Xcel and Xcel II Card ...................................................................185 Xcel I Card ......................................................................................... 186 E Troubleshooting .................................................................................
x Equalizer Installation and Administration Guide
Preface The Equalizer Installation and Administration Guide is intended for people who are installing, configuring, or administering Equalizer™ systems. In This Guide This guide contains the following chapters and appendices: • Chapter 1, Overview, contains detailed descriptions of Equalizer concepts and terminology. This chapter includes information to help you plan your Equalizer configuration.
Preface • Appendix F, License and Warranty, contains the complete License and Warranty information. • Appendix G, Additional Requirements, lists additional hardware related requirements for Equalizer installations. • The Glossary defines the technology-specific terms used throughout this book. • Use the Index to help find specific information in this guide.
1 Overview Introducing Equalizer This chapter provides an overview of Equalizer’s features and discusses some common configurations. Overview of Equalizer Equalizer™ is a high-performance content switch that features: • Intelligent load balancing based on multiple, user-configurable criteria. • Real-time server and cluster performance monitoring. • Server and cluster administration from a single interface.
Chapter 1: Overview When you configure the servers in a virtual cluster, you assign a static weight between 20 and 200 for each server. When you select one of the adaptive load-balancing algorithms, Equalizer uses the servers’ static weights as a starting point to determine the percentage of requests to route to each server. Each server handles a percentage of the total load based on its fraction of the total weights in the server cluster.
Introducing Equalizer gateways, and can even load-balance certain types of NFS server cluster that provide a singlesystem image. Equalizer does not support Active Content Verification for UDP clusters. Maintaining Persistent Sessions The persistence of session data is important when the client and server need to refer to data previously generated during the same session.
Chapter 1: Overview sticky record, Equalizer proceeds to check all of the other clusters that have the same IP address. If Equalizer still does not find a sticky record, it connects the user based on the incoming request. Layer 7 Load Balancing and Server Selection Equalizer’s support for Layer 7 content-sensitive load balancing (not available for the E250si) enables administrators to define rules for routing HTTP and HTTPS requests, depending on the content of the request.
Introducing Equalizer Geographic Load Balancing The optional Envoy add-on supports geographic load balancing, which enables requests to be automatically distributed across Equalizer sites in different physical locations. An Equalizer site is a cluster of servers under a single Equalizer’s control. A geographic cluster is a collection of sites that provide a common service, such as Web sites. The various sites in a geographic cluster can be hundreds or even thousands of miles apart.
Chapter 1: Overview geographic cluster to determine the site that is best able to process the request and then returns the address of the selected site. For example, the geographic cluster www.coyotepoint.com might have three sites (see Figure 2): one on the east coast of the U.S., one on the west coast of the U.S., and one in Europe. The servers at each site are connected to an Equalizer with the Envoy add-on installed.
Introducing Equalizer 2. The local name server queries the authoritative name server for coyotepoint.com (see Figure 4). Client’s Local DNS Client (California, USA) Envoy Site C (Europe) Internet Envoy Site B (West Coast USA) Figure 4 3. Authoritative DNS for coyotepoint.com Envoy Site A (East Coast USA) Client’s local DNS queries the authoritative name server for coyotepoint.
Chapter 1: Overview 4. The client’s DNS selects one of the Equalizers in the list and queries it. If the queried site doesn’t respond, the client tries each of the other sites. 5. Envoy returns the IP Address of the virtual cluster best able to handle the client’s request. For more information on geographic load balancing using Envoy, see “Administering Geographic Clusters” on page 149. Configuring the Equalizer Network Equalizer is a versatile traffic management solution.
Configuring the Equalizer Network response packets to clients. This port is only used for dual network (external and internal) configurations and single network configurations on dual-port models. It is not used for single network configurations on multi-server port models, see “Using Equalizer in a Single Network Environment” on page 11 for more information. Hosts or routers on the external network can have routes to the internal network that are gatewayed through Equalizer's external address.
Chapter 1: Overview Using Equalizer as a Gateway Between Networks The most common Equalizer configuration is to have Equalizer function as the gateway between two separate networks—the internal network where the servers reside and the external network on which clients and the Internet or an Intranet reside. Figure 7 shows this configuration in detail.
Configuring the Equalizer Network Using Equalizer in a Single Network Environment If you do not want to split your network into internal and external networks, you can configure Equalizer to use a single-network mode, effectively placing both the clients and servers on the same network. Figure 8 on page 11 shows this configuration in detail. Certain protocols that use dynamic port mapping or multiple TCP/UDP ports work best in a single network environment.
Chapter 1: Overview Most operating systems allow you to specify a host route (gateway) for packets destined for specific hosts. If you want your virtual clusters to accept connections from clients on the same network as the servers, you must configure the servers to route packets destined for these clients through Equalizer.
Configuring the Equalizer Network Internet Router Router Switch Switch Equalizers connected through server interface Equalizer (Primary) Equalizer (Backup) Servers that handle website B Servers that handle website A Figure 9 Sample failover configuration In the sample failover configuration, the is no single point of failure. If a router goes down, the other router takes over or if a link fails, requests are routed through another link.
Chapter 1: Overview Figure 10 shows a sample of the cabling of the Equalizers shown in Figure 9. To Switch (External Interface) To Switch (External Interface) For Failover To Servers (Server Interface) To Servers (Server Interface) Figure 10 Cabling example from the sample failover configuration The backup-unit Equalizer monitors all traffic to and from the primary unit; both Equalizers periodically exchange status messages over the local area network.
Configuring the Equalizer Network For example, an ISP hosting several hundred unique web sites replicated on three servers might not want to assign real IP addresses for all of them because each virtual cluster would consume four addresses: three on the back-end servers and one for the virtual cluster. In this case, the ISP might use 10.0.0.0 (the now-defunct Arpanet) as the internal network and assign virtual server addresses out of this network for the servers.
Chapter 1: Overview the same outbound NAT setting on both Equalizers. For more information, see “Setting Up a Failover Configuration” on page 47. Note – If outbound NAT is enabled, Equalizer processes each server response. If your servers do not need to initiate outbound connections, disable outbound NAT for improved performance.
Equalizer Configuration Worksheets Equalizer Administration Address: 199.145.85.2. (See Figure 7 on page 10.) 4. What network will be used as the internal network? This is the network on which the physical servers will reside. If you use separate external and internal networks, the internal network is connected to Equalizer’s server port. You should configure routers within your site’s network (the external network) to use Equalizer’s external port as the gateway to the internal network.
Chapter 1: Overview Special Configuration Worksheet for Using Reserved IP Addresses Equalizer supports placing servers on reserved, non-routable networks such as the class A network 10.0.0.0 and the class C network 192.168.2.0. In environments in which conservation of IP addresses is important, using reserved IP addresses can minimize the number of “real” IP addresses needed.
2 Installing Equalizer Before You Install Equalizer The first step in setting up Equalizer is to connect it to the local area network and a power source. Once you have installed Equalizer, you need to configure it as described in Chapter 3, “Configuring Equalizer Hardware”. Please review the warnings located in Appendix G , “Additional Requirements”, on page 197 for precautions you must take before installing your Equalizer hardware.
Chapter 2: Installing Equalizer 6. Connect Equalizer to an appropriate power source using the supplied power cord, which plugs into the 3-pin connector on the rear of the Equalizer enclosure. This system uses an autosensing power supply that can operate at 50Hz or 60Hz, 110-240 VAC input. 7. Turn on the power using the switch on the rear panel. Once you have installed and started Equalizer, follow the directions in Chapter 3, “Configuring Equalizer Hardware” to configure the hardware for your network.
3 Configuring Equalizer Hardware After you install the Equalizer hardware as shown in Chapter 2, “Installing Equalizer”, use the procedures in this chapter to perform basic hardware and network configuration.
Chapter 3: Configuring Equalizer Hardware If you use HyperTerminal, in addition to the settings shown above, select File > Properties > Settings from HyperTerminal’s menu, select VT100 in the Emulation drop-down box, and then Terminal Setup to enable these options: • keyboard application mode • cursor keypad mode Tera Term Pro version 2.3 is freely available at: http://hp.vector.co.jp/authors/VA002416/teraterm.
Performing Basic Equalizer Configuration can use Ctrl-n to select the next menu item or Ctrl-p to select the previous menu item. Press the Tab key to highlight one of the menu actions (such as Select or Cancel) displayed at the bottom of the window. Then press Enter to continue. Continue with “Configuring the Network Parameters” on page 23. Configuring the Network Parameters To configure the Hostname, Network Interfaces, Default Router, and DNS, use the following steps.
Chapter 3: Configuring Equalizer Hardware The interfaces shown in the screen above are examples only; the interfaces displayed for your system depend on your hardware configuration. 3. Press one or more arrow keys until you highlight External Ethernet interface; then press Enter. The Equalizer Configuration Utility displays the Network Configuration window (see Figure 14). Figure 14 24 Equalizer Configuration Utility: Network Configuration 4.
Performing Basic Equalizer Configuration the IP address and netmask for the external interface. Use the address and netmask from your configuration worksheet (see “Equalizer Configuration Worksheets” on page 16). For single network configurations using a switch-based Equalizer, leave the IP address for the external interface blank (or, on the Equalizer 450, type NONE) to disable the port. 9. When you’re finished, highlight OK. Then press Enter.
Chapter 3: Configuring Equalizer Hardware 1. In the Equalizer Configuration Menu window, select option 3, Time; then press Enter. 2. Specify the current date and time, based on a 24-hour clock, in the format MM/DD/YY HH:MM. 3. Highlight OK; then press Enter. Changing Equalizer’s Console Password The console password is the password for the eqadmin account, which automaticallly displays the Equalizer Configuration Utility when you log in. The factory-installed password for this account is equalizer.
Managing Remote Access to the Equalizer 1. In the Equalizer Configuration Menu window, select option 8, Upgrade, and press Enter. 2. Highlight OK; then press Enter. The upgrade utility prompts you to enter the upgrade URL (see Figure 15): Figure 15 Equalizer Configuration Utility: Upgrade URL Enter the URL provided to you by Coyote Point, select OK, and press Enter. The latest release of Equalizer software is always located at the following URL: ftp://ftp.coyotepoint.
Chapter 3: Configuring Equalizer Hardware 1. Log into the Equalizer hardware configuration utility using a terminal or terminal emulator (see “Setting Up a Terminal or Terminal Emulator for Equalizer” on page 21 and “Starting to Configure Equalizer” on page 22. 2. In the Equalizer Configuration Menu, select option 9, Manage ‘eqsupport’, and press Enter (see Figure 16). Equalizer displays the Equalizer CLI eqsupport account selection window. Figure 16 3.
Configuring a Second Equalizer As a Backup (Failover) When you run the Setup program to install, make sure that SSH (under “Net”), the Xorg Server and xterm (under “X11”) are selected for installation. To run, open a Cygwin window and enter ‘startx’; once the Xterm window opens, enter ‘ssh eqsupport@equalizer-ip’.
Chapter 3: Configuring Equalizer Hardware Envoy across firewalled networks, you also need to configure the firewalls to allow traffic between Envoy sites and between the Equalizer and clients. Configuring the Authoritative Name Server to Query Envoy To delegate authority to the Envoy sites, you must configure the authoritative name server(s) for the domains that are to be geographically load-balanced. You also must delegate each of the fullyqualified subdomains to be balanced.
Testing Your Basic Configuration Then follow these steps: 1. From the internal-network test machine, ping the physical IP address of each server. You should be able to successfully ping all of the servers from the test machine. 2. From the internal-network test machine, ping the server aliases on each of the servers. You should be able to successfully ping all of the servers from the test machine using their aliases. 3.
Chapter 3: Configuring Equalizer Hardware 32 Equalizer Installation and Administration Guide
4 Accessing Browser Controls Introducing the Equalizer Administration Interface You use Equalizer’s HTML-based administration interface for routine monitoring and administrative tasks.
Chapter 4: Accessing Browser Controls • 2. Firefox Version 2 or later From the browser, load the URL that corresponds to Equalizer's external address, using either the http or https protocols. If you are using a redundant pair of Equalizers, use the failover alias to ensure that the browser connects to the Equalizer that has the primary role. For example, if the external or failover address is 199.146.85.2, open the Equalizer Administration Interface by typing http://199.146.85.2 or https://199.146.85.
Accessing the Equalizer Administration Interface the currently configured clusters, servers, geographic clusters, and sites. Equalizer displays the status information and current parameters in the right frame. Figure 18 Equalizer’s Administration Interface Using the Main Menu Bar Use the menus in the main menu bar (see Figure 19) in the top frame and the local menus on the parameters pages to access Equalizer’s reporting options, modify the configuration, or view help information.
Chapter 4: Accessing Browser Controls Reboot: reboots the Equalizer. If you try to do this while you are logged in under view mode, Equalizer displays an error message. Log Out: exits the Equalizer Administration Interface. • View: provides access to the following global status information: Equalizer Status: displays the Equalizer software and hardware information, basic configuration, and recent statistics. Cluster Summary: displays summary information for all the configured clusters.
Accessing the Equalizer Administration Interface menu in the Server Parameters page enables you to change the server’s parameters, plot the server’s history, and delete the server.
Chapter 4: Accessing Browser Controls 38 Equalizer Installation and Administration Guide
5 Configuring Equalizer Operation You can modify Equalizer’s configuration through the Equalizer Administration Interface and perform the following actions, described in this chapter: • “Licensing Equalizer” on page 39 • “Modifying System Parameters” on page 43 • “Setting Up a Failover Configuration” on page 47 • “Modifying or Deleting a Failover Configuration” on page 50 • “Using Failover with Different Equalizer Models or Versions” on page 51 • “Upgrading Failover Configurations from Versions
Chapter 5: Configuring Equalizer Operation You’ll need to request a license if: • The left frame of the Equalizer Administrative Interface displays an unlicensed system error. • You add the Envoy Geographic Clustering product to Equalizer. Follow this procedure to view license information or to request a license. 1. Log into the Equalizer Administration Interface in Edit mode. 2.
Licensing Equalizer system ID The internal system identifier (the MAC address of your primary network card). [Note: in previous releases, the system ID was shown with a colon ( : ) separating each pair of numbers.] If you don’t need to license Equalizer, select Cancel to return to the modfiy system parameters screen. Otherwise, continue with the next step. 3. If your Equalizer is already registered with Coyote Point, skip this step. Otherwise, you must register your Equalizer before you can license it.
Chapter 5: Configuring Equalizer Operation 1. Follow Steps 1 through 3 of the procedure above. 2. Select the Offline License tab on the license status screen; the license status screen now appears as shown below: 3. Select create license request file and save the file to an appropriate location on your local system. 4. Select the support@coyotepoint.com link to open your browser’s mail client, or open your email client manually and specify this address in the To: field of a new mail message.
Modifying System Parameters Modifying System Parameters To view and modify the Equalizer’s system parameters, follow these steps: 1. Log into the Equalizer Administration Interface in Edit mode. 2. Select Equalizer > Global Configuration from the main menu bar; Equalizer displays the modify system parameters screen in the right frame; see Figure 22 on page 43, Figure 23 on page 45, and Figure 24 on page 46. 3. Change the appropriate fields. 4. Click the commit button.
Chapter 5: Configuring Equalizer Operation 44 • send buffer applies to L7 clusters and is the amount of memory in kilobytes reserved by each L7 proxy process to store outgoing data before it is placed on the network interface. • receive buffer applies to L7 clusters and is the amount of memory in kilobytes reserved by each L7 proxy process to store data that has been received on an interface before it is processed by an L7 proxy process.
Modifying System Parameters The modify system parameters screen displays the following flags that affects Equalizer’s operation: Figure 23 The modify system parameters screen (flags) • enable email enables and disables event triggered email on the Equalizer; see “Configuring Custom Event Handling” on page 114, in Chapter 7. • advanced enables display of advanced parameters and flags by default on all menus for this cluster (i.e.
Chapter 5: Configuring Equalizer Operation not be translated by Equalizer. Enabling this option tells Equalizer to drop any RST packets from servers that do not currently have a Layer 4 connection record that matches the RST packet; with this option disabled (the default) Equalizer will forward all RST packets. • abort server causes Equalizer to terminate server connections without waiting for the server to quiesce.
Setting Up a Failover Configuration Setting Up a Failover Configuration You can set up two Equalizers in a hot backup, or failover, configuration. In such a configuration, one of the systems handles incoming requests (the primary system), while the other (the backup system) waits for a failure to occur and automatically takes over if the Equalizer that is currently handling requests fails. The two Equalizers are called failover peers or siblings in such a configuration.
Chapter 5: Configuring Equalizer Operation that the system that is configured as the default backup will reboot; upon coming back up, it will enter backup mode. Note – Any switch, such as one from Cisco or Dell, that comes with Spanning Tree enabled by default can cause a communication problem in a failover configuration when one or both of the Equalizers are dual-port models.
Setting Up a Failover Configuration 4. Enter a unique name for the new peer in the peer name field. 5. Enter the internal and external addresses for this peer in the internal address and external address fields. In single network mode, you will see one address and corresponding network mask depending on the type of Equalizer. Equalizer models with an integrated switch use the internal address when in single network mode. All other models use the external address when in single network mode. 6.
Chapter 5: Configuring Equalizer Operation The receive timeout is the time in seconds that Equalizer allows to receive a response from its sibling before it times out. The connection timeout is the time in seconds allowed to establish a TCP connection with its sibling. When either of these timeouts occur, that counts as one of the strikeouts that occurs before the backup becomes the primary (three strikeouts must occur before the backup takes the primary role). The probe interval.
Using Failover with Different Equalizer Models or Versions Using Failover with Different Equalizer Models or Versions We recommend that you use the same model Equalizer (e.g., E350si, E450si, etc.) for both systems in a failover pair and that both Equalizers are running the same version of the software (e.g., 7.2.4).
Chapter 5: Configuring Equalizer Operation 4. Perform Steps 1 to 3 on the other Equalizer in the failover pair. Upgrading Failover Configurations from Versions prior to 7.2.1 The upgrade script contains facilities to migrate a version 7.1 format failover configuration (stored in /etc/eq.static) to the new format used in 7.2 and later systems. When the upgrade script runs, it will detect the presence of a valid configuration in the eq.static file.
Enabling Outbound NAT After Equalizer comes back up, you can create a failover configuration. Enabling Outbound NAT If you use a reserved network configuration and the servers on the non-routable network must be able to communicate with hosts on the Internet, you must configure Equalizer to perform outbound network address translation (NAT).
Chapter 5: Configuring Equalizer Operation If you change the stale timeout setting while partially established connections are currently in the queue, those connections will be affected by the new setting. Note – Reducing the stale connection timeout can be an effective way to counter the effects of SYN flood attacks on server resources. A stale connection timeout of 10 seconds would be an appropriate value for a site under SYN flood attack. To set the stale connection timeout, follow these steps: 1.
Configuring Support for Extended Characters 3. Enable sticky network aggregation by selecting a sticky netmask from the pull-down menu shown below. 4. Click the commit button. Figure 29 Enabling sticky network aggregation Note – If you are using two Equalizers in a failover configuration, you must set the sticky network aggregation mask identically for both Equalizers.
Chapter 5: Configuring Equalizer Operation enable support for 8-bit and multibyte characters in URIs, turn on the allow extended characters flag in the global parameters as shown in the procedure below. Caution – There are potential risks to enabling this option, because it allows Equalizer to pass requests that violate RFC2396; load-balanced servers may be running software that is incapable of handling such requests.
Configuring Static Routes 6. Select the commit button. Note – If you have lost or forgotten the Edit mode password, you can set it through the consolebased Equalizer Configuration Utility. For more information, refer to “Changing the Administration Interface Password” on page 26. Configuring Static Routes Static routes are commonly used to specify routes to IP addresses via gateways other than the default.
Chapter 5: Configuring Equalizer Operation The IP address for the host or subnet. Can be specified as a Classless Internet Domain Routing (CIDR) address to specify a netmask; for example: 192.168.1.0/24. The IP address of the gateway used to reach the host or subnet. Network Gateway 3. Click on the Add icon . The add static route screen appears: Figure 32 The add static route screen 4. Enter the parameters for the route, and select commit.
Managing System Time and NTP 4. Select delete to delete the route. You are returned to the static routes screen, from which the route has been removed. Managing System Time and NTP Through Equalizer’s Administrative Interface, you can: • set the time zone • set the system date and time • set up to three Network Time Protocol (NTP) servers, and enable or disable synchronization with these servers Setting the Time Zone 1. Select Equalizer > Global Configuration. 2.
Chapter 5: Configuring Equalizer Operation Setting the System Date and Time 1. Select Equalizer > Global Configuration. 2. Select menu > Manage System Time. The time configuration screen is displayed (Figure 33 on page 59) 3. Use the drop-down boxes at the top of the date and time field to manually set the date and time. 4. Select the commit & reboot button; then select OK to confirm and reboot Equalizer. Enabling or Disabling NTP 1. Select Equalizer > Global Configuration. 2.
Saving or Restoring Your Configuration 0.uk.pool.ntp.org 1.uk.pool.ntp.org 2.uk.pool.ntp.org Or, for the US, you would use: 0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org Be careful when using country based NTP pool servers, since some countries contain a very limited number of time servers. In these cases, it is best to use a mix of country and continent based pool servers.
Chapter 5: Configuring Equalizer Operation Backing Up Your Configuration To back up your current configuration to a file, follow these steps: 1. Log into the Equalizer Administration Interface in Edit mode. 2. Select Equalizer > Global Configuration from the main menu bar; then select menu > Backup/Restore Configuration from the modify system parameters screen. The backup/ restore screen (see Figure 34 on page 62) appears in the right frame. Figure 34 Backing up your Equalizer configuration 3.
Shutting Down Equalizer 5. Click restore to upload the configuration file. Equalizer automatically reboots to update the configuration. Note – Be very careful when restoring configurations. The saved IP information could cause conflicts on the network if the restored file comes from another Equalizer (for example, its backup). If this happens, use the console-based Equalizer Configuration Utility to re-configure the restored configuration’s IP addresses. See “Configuring Equalizer Hardware” on page 21.
Chapter 5: Configuring Equalizer Operation 64 Equalizer Installation and Administration Guide
6 Administering Virtual Clusters A virtual cluster is a collection of servers with a single network visible IP address. All client requests come into Equalizer through a cluster IP address, and are routed by Equalizer to the appropriate server in the cluster, according to the load balancing options set on the cluster.
Chapter 6: Administering Virtual Clusters Working with Virtual Clusters A virtual cluster acts as the network-visible front-end for a group of servers. Use the Equalizer Administration Interface to add, configure, or remove virtual clusters and the servers that belong to them. The figure below shows a conceptual diagram of an Equalizer with three clusters.
Working with Virtual Clusters Adding a Virtual Cluster To add a new virtual cluster, follow these steps: 1. Log into the Equalizer Administration Interface in edit mode. 2. Select Add > Virtual Cluster from the main menu bar. The add cluster screen appears in the right frame (see Figure 38). Another way to display this screen is to view the Equalizer status and select Add Virtual Cluster from the local menu. Figure 38 Adding a virtual cluster 3.
Chapter 6: Administering Virtual Clusters • HTTP, Equalizer passes web server requests and route requests to particular servers based on the content of the request and various load-balancing criteria. (This protocol supports Layer 7 load balancing.) • HTTPS, Equalizer passes secure web server requests and route requests to particular servers based on the content of the request and various load-balancing criteria. (This protocol supports Layer 7 load balancing.
Working with Virtual Clusters The port defined for a server in the cluster for which a port range is defined indicates the port on the server that starts the range of ports to be opened. See Step 6 on page 89, under “Adding a Server to a Cluster” Note – Old configuration files will still work—the port section for clusters will be interpreted as having a port range of start port being the same as end port.
Chapter 6: Administering Virtual Clusters routed to the same selected server for the entire session (while the cookie is valid -- see cookie age, below). • once only limits Equalizer to parsing headers (and executing match rules) for only the first request of any client making multiple requests across a single TCP connection. This option is on by default. If this option is turned off, then Equalizer will parse the headers of every client request.
Working with Virtual Clusters will only present the cookie to servers in the coyotepoint.com domain (for example, www.coyotepoint.com or my.coyotepoint.com). • cookie path presents the cookie only when the path component of the request URI has the same prefix as that of the specified path. For example, if the cookie path is /store/, the browser presents the cookie only if the request URI includes a path such as /store/mypage.html.
Chapter 6: Administering Virtual Clusters • probe_port is used to select one port on the Equalizer to be used to for all content probes of the system (such as ACV) as well as protocol-specific health checks. It works for both Layer 4 and Layer 7 clusters. In previous implementations, probing was always done on the server port. However with a port range (see Step 6 on page 68), it cannot be assumed that the first port in the range will have a service running on it.
Working with Virtual Clusters cluster that the request was received in HTTPS and unencrypted on Equalizer before being forwarded to the cluster; see “Specifying a Custom Header for HTTPS Clusters” on page 85 for more information. • cipher suite applies to HTTPS clusters and is used to restrict cipher suites for incoming HTTPS requests. If a client request comes into Equalizer that does not use a cipher in this list, the connection is refused.
Chapter 6: Administering Virtual Clusters • certify_client applies to HTTPS clusters and indicates whether the server asks the client for a client certificate when a client request is received. The connection will succeed even if the client does not provide a certificate; but, if one is provided by the client it will be validated. See Appendix D, ”HTTPS Cluster Certificates”.
Working with Virtual Clusters server, and so on. When Equalizer reaches the last server, it repeats the cycle. If a server in the cluster is down, Equalizer does not send requests to that server. This is the default method. The round robin method does not support Equalizer’s adaptive load balancing feature; so, Equalizer ignores the servers’ static weights and does not attempt to dynamically adjust server weights based on server performance.
Chapter 6: Administering Virtual Clusters • Weight Spread Coefficient regulates the speed of change to a server’s dynamic weight. The weight spread coefficient causes dynamic weight changes to happen more slowly as the difference between the dynamic weight and the static weight increases. • Optimization Threshold controls how frequently Equalizer adjusts dynamic weights.
Working with Virtual Clusters 3. Select menu > Change Cluster Parameters. Equalizer opens the modify cluster screen in the right frame. Figure 39 Changing load balancing options 4. Select a policy. 5. Choose a responsiveness. 6. Click the commit button.
Chapter 6: Administering Virtual Clusters under a heavy load. In this case, you might want to set the cluster’s load balancing response parameter to fast. Then Equalizer tries to optimize the performance of your servers more aggressively; this should improve the overall cluster performance. For more information about setting server weights, see “Adjusting a Server’s Static Weight” on page 90.
Working with Virtual Clusters 5. In the server agent port field, specify the port used to contact the server agent; the default port is 1510. Figure 40 Configuring a cluster to use server agents 6. If your agent needs to have a string sent to it before it will respond, click the advanced checkbox and then provide the string to be sent to the agent in the agent probe field. 7. Click the commit button.
Chapter 6: Administering Virtual Clusters Enabling Persistent Sessions Equalizer provides several methods by which sessions between clients and servers can be made persistent; that is, it is possible to route a series of requests from a particular client to the same server, rather than have the Equalizer load balance each request in the series -- potentially sending each request to a different server.
Working with Virtual Clusters 3. Select menu > Change Cluster Parameters. The modify cluster screen opens in the right frame. Figure 41 Setting the sticky time period 4. In the sticky time field, specify the sticky time period in seconds greater than zero. 5. To direct all requests from a particular client to the same server even if the connection is to a different virtual cluster, check the inter-cluster sticky checkbox.
Chapter 6: Administering Virtual Clusters Enabling the Once Only Flag for Persistent Connections Since HTTP 1.1, web browsers and servers have been able to negotiate persistent connections over which multiple HTTP transactions could take place, by specifying a keep-alive option in the request header. This is useful when several TCP connections are required in order to satisfy a single client request. For example, before HTTP 1.1, if a browser wished to retrieve the file index.html from the server www.
Working with Virtual Clusters for these headers in every request on the server end, you need to disable the once only flag for the cluster. The once only flag is enabled by default when adding an L7 cluster. In general, it is more efficient to enable once only, but in situations where match rule evaluation is very important, or where any of the above effects are undesirable, once only should be disabled.
Chapter 6: Administering Virtual Clusters Equalizer can perform the same exchange automatically and verify the server’s response by checking the returned data against an expected result. Specify an ACV probe string and an ACV response string to control the information that Equalizer uses to perform the verification. Equalizer uses the probe string to request data from each server. To verify the server’s content, Equalizer searches the returned data for the response string.
Working with Virtual Clusters verification to succeed, the specified string must appear in the first 1024 characters of the server’s response (including any headers). 6. Click the commit button.
Chapter 6: Administering Virtual Clusters • configure the Equalizer cluster to add the custom header to all requests before sending them on to the OWA server (this is explained below) Equalizer provides the ability to specify a custom header for HTTPS clusters. The following procedure shows you how to add a custom header to a new or existing HTTPS cluster definition, using the header required for an OWA server as an example. 1. Log into the Equalizer Administration Interface in Edit mode. 2.
Managing Servers • the injection of custom headers to relay to the server the fact that Equalizer terminated the HTTPS connection and performed SSL processing on the incoming request (see the previous section, above) • the "munging", or translation, of HTTP redirects to HTTPS redirects (see the description of the dont munge flag under “Adding a Virtual Cluster”, in Step 12 on page 71) One flag which frequently affects the behavior of these options is the once only flag.
Chapter 6: Administering Virtual Clusters You do not need to configure Equalizer as the gateway for the servers if you have disabled the IP spoof flag for the cluster.
Managing Servers 4. Enter server name, which is the server’s logical name, or accept Equalizer’s default. Each server in a cluster must have a unique name that begins with an alphabetical character, not a numeral (for example, Phoenix). 5. Enter ip which is the IP address of the server endpoint you are adding to the cluster. 6. Enter port, which is the port number of the service on the server machine.
Chapter 6: Administering Virtual Clusters For example, you might configure a server as a hot spare if you are using licensed software on your servers and the license allows you to run the software only on one node at a time. In this situation, you could configure the software on two servers in the cluster and then configure one of those servers as a hot spare.
Managing Servers assigned server weight for a server to the total of all the server weights that determines the amount of traffic sent to a server. For example, you might assign a server with 4 dual-core 64-bit processors operating at 3.40GHz a value of 100 and a server with 2 dual-core 64-bit processors operating at 1.86GHz a value of 50. The first server will initially receive approximately 66% (100 divided by 150) of the traffic.
Chapter 6: Administering Virtual Clusters 4. Enter the new weight in the weight field. 5. Click the commit button. Setting Static Weights for Homogenous Clusters If all the servers in a cluster have the same hardware and software configurations, you should set their static weights to the same value initially. We recommend that you use a static weight of 100 and set the load-balancing response parameter to medium.
Managing Servers Note that while a server is quiescing, it will still receive new requests if all of the other servers in the cluster are unavailable. This behavior prevents any new requests from being refused, but may lengthen the time needed to terminate all active persistent connections. Removing a Layer 7 Server from Service To remove a Layer 7 server from service, follow these steps: 1. In the left frame, click the name of the server to be quiesced. The server’s parameters appear in the right frame.
Chapter 6: Administering Virtual Clusters Setting Maximum Connections per Server A new feature has been added for the HTTP, HTTPS, and L4 TCP cluster types that allows you to set a hard upper limit on the number of active connections per server. When a server in the cluster reaches the maximum connections limit, requests will not be routed to that server until the number of active connections falls below the limit.
Setting Maximum Connections per Server a. Create a new virtual cluster: select Add > Virtual Cluster from the main menu bar. The add cluster screen appears in the right frame. b. Modify an existing virtual cluster: select the cluster name in the left frame, and then select menu > Change Cluster Parameters in the right frame. The modify cluster screen appears in the right frame. 3. If it is not already checked, select the advanced check box in the flags section of the screen in the right frame.
Chapter 6: Administering Virtual Clusters 3. If it is not already checked, select the advanced check box in the flags section of the screen in the right frame. The max_conn field is near the middle of the right-hand screen, as shown in the following figure: 4. Set max_conn to a positive integer between 0 and 65535. A zero (the default) indicates that the maximum connections limit set on the cluster applies to this server. 5.
Testing Virtual Cluster Configuration • Enable the hot spare flag. This specifies that any requests refused by all the other servers in the cluster because they reached their max_conn limit (or are down) will be forwarded to the hot spare server. • Enable the dont persist flag. We do not want connections made to the hot spare to persist.
Chapter 6: Administering Virtual Clusters 98 Equalizer Installation and Administration Guide
7 Monitoring Equalizer Operation System status information and performance statistics can be gathered and displayed from within the Equalizer Administrative Interface; higher-end Equalizers can also be monitored using standard Simple Network Management Protocol (SNMP) utilities: • To display the current Equalizer status (a summary of global parameters and usage statistics), see “Displaying Equalizer Status” on page 100.
Chapter 7: Monitoring Equalizer Operation Displaying Equalizer Status To display a summary of global parameters and usage statistics for your Equalizer: 1. Log into the Equalizer Administration Interface. 2. At the top of the column in the left frame, click the Equalizer entry (or select View > Equalizer status from the main menu in the right frame). The Equalizer status screen appears in the right frame.
Displaying the System Event Log • internal interface is the name of this interface. • external address is Equalizer’s external IP address. • internal address is Equalizer’s internal IP address. • passive FTP Translation indicates whether PASV FTP mode is enabled or disabled. • failover mode signifies whether this Equalizer is a primary or backup unit. • Envoy geographic load balancing denotes whether geographic load balancing is currently enabled.
Chapter 7: Monitoring Equalizer Operation Figure 47 Viewing the system event log 3. To change the number of lines displayed, select a value from the drop-down list. 4. To look at the logs for the Equalizer, a virtual cluster, or the operating system, select a log from the log type drop-down list. To export the contents of a log, you can copy text from the log viewer screen and paste it into another application (such as Windows Notepad); then, save the text to a file.
Displaying the Virtual Cluster Summary Displaying the Virtual Cluster Summary The Virtual Cluster Summary (see Figure 48) lists the currently configured virtual clusters and their associated servers as well as the weight and status of each server. To view the Virtual Cluster Summary, follow these steps: 1. Log into the Equalizer Administration Interface in either view or edit mode. 2. Select View > Cluster Summary from the main menu bar. The cluster summary screen appears in the right frame.
Chapter 7: Monitoring Equalizer Operation are the current, dynamically-adjusted values, not the static weights initially assigned by the administrator. • active: The number of current connections to the server. • processed: The total number of connections that have been processed by the server since the system was rebooted. • sticky (Layer 4 clusters only): The number of “sticky records” currently held by Equalizer.
Plotting Cluster Performance History 2. In the left frame, click the name of the cluster whose parameters you want to view. The cluster screen appears in the right frame. Figure 49 Viewing cluster information The cluster screen shows the selected load balancing policy, the load-balancing responsiveness setting, the persistence parameters, and the server agent parameters. For more information about how Equalizer uses these parameters, see “Adding a Virtual Cluster” on page 67.
Chapter 7: Monitoring Equalizer Operation 3. Select menu > Plot Cluster History in the cluster screen. The graphical history for the selected cluster appears. Figure 50 Viewing a cluster’s graphical history By default, the service time and active connections are plotted for the previous five minutes. To change the information plotted, select the categories and duration you want to plot and click the Plot button. The enable smoothing checkbox smooths out peaks and valleys in the graph.
Displaying Server Information be 100. Certain events (for example, rapid fluctuations in the load, rebooting servers, and restarting application daemons such as httpd) can cause spikes in the computed load for the cluster. • Service Time is the average service time of all of the servers in the cluster. The service time is the time it takes a server to start sending reply packets once it receives a client request.
Chapter 7: Monitoring Equalizer Operation 1. Log into the Equalizer Administration Interface in either view or edit mode. 2. In the left frame, click the name of the server whose parameters you want to view. The server’s parameters appear in the right frame. Figure 51 Viewing server information The dynamic weight is the current weight assigned by Equalizer to the server. The active connections and total connections show current connections statistics.
Plotting Server Performance History To zoom in on a portion of the graph, click the area in which you are interested. Figure 52 Viewing a server’s graphical history You can plot five values for a server: • Active Connections shows the number of active connections on the server. Equalizer “smooths” the connection count using a sliding-window smoothing algorithm before being plotted. If you have enabled the sticky timer, note that the number of active connections on a server will be higher.
Chapter 7: Monitoring Equalizer Operation • Computed Load is a measure of the performance of the server relative to the overall performance of the cluster. Equalizer tries to normalize the cluster-wide computed load value to 100. If the server’s computed load value is above 100, it is performing below the overall cluster performance. Equalizer derives a server’s computed load value from its service time, number of active connections, and server agent value (if configured).
Plotting Geographic Cluster Performance History 1. Log into the Equalizer Administration Interface in either view or edit mode. 2. In the left frame, click the name of the geographic cluster whose parameters you want to view. The Geographic Cluster Parameters screen appears in the right frame. This page contains the following information: • Geographic Cluster, which is the name of the cluster.
Chapter 7: Monitoring Equalizer Operation 3. Select Plot GeoCluster History from the local menu in the Geographic Cluster Parameters frame. The graphical history for the selected cluster appears in the right frame. By default, the site summary for the previous 30 minutes appears. 4. To change the information being plotted, select the categories and duration to be plotted; then click the Plot button. (To zoom in on a portion of the graph, click the area in which you are interested.
Plotting Site Performance History • Site Returned shows the number of clients directed to this site. You can compare this number with the values for other sites to determine the relative number of users sent to each site. If a value for one site is zero and the others are non-zero, consider why the zero site has no traffic. • Returned as Default indicates the number of clients directed to the default site.
Chapter 7: Monitoring Equalizer Operation log hours is the target number of hours of plot log data to retain. A zero in this field allots the numbers of hours based on the available memory. Note that the number of hours of log data retained is limited by the amount of memory and disk space. If you define a large number of clusters and servers, this will limit the amount of time over which log data can be retained.
Configuring Custom Event Handling 1. Log into the Equalizer Administration Interface in Edit mode. 2. Select Equalizer > Global Configuration from the main menu bar; then select menu > Events from the modify system parameters screen. The event configuration screen appears in the right frame. Figure 54 The event configuration screen 3. Check the use remote syslog checkbox. 4.
Chapter 7: Monitoring Equalizer Operation • Failure of a server agent • Restoration of a server agent • Failover in a high-availability Equalizer pair For example, to append a dated message to a log file whenever Equalizer detects a server failure, you could enter the following command: echo ‘date‘ “System Failure.” >> /tmp/mylog To specify a command to run, follow these steps: 1. Log into the Equalizer Administration Interface in Edit mode. 2.
Browsing Equalizer Configurations using SNMP 3. In the email event notification section, enter the sender of the email in the from field using the format required by your SMTP server. The address format to use depends on how your SMTP server is configured. For many servers, the user@domain (e.g.: admin@example.com) format will be acceptable. Some servers can be configured to require sender and recipient addresses that conform strictly to the RFC821 standard.
Chapter 7: Monitoring Equalizer Operation A management station is not provided with Equalizer and must be obtained from a third party supplier. The management station is often used primarily to browse through the MIB tree, and so is sometimes called a MIB browser. One such management station that is available in a free personal edition is the iReasoning MIB Browser, available from http://www.ireasoning.com.
Browsing Equalizer Configurations using SNMP Enabling the SNMP Agent The SNMP agent responds to outside SNMP requests, usually from an SNMP management station. To configure the SNMP agent, follow these steps from the Equalizer Administration Interface in Edit mode. 1. Choose Equalizer > Global Configuration from the main menu. 2. In the modify system parameters screen, select menu > SNMP. The SNMP settings screen appears in the right frame (see Figure 55). Figure 55 The SNMP settings screen. 3.
Chapter 7: Monitoring Equalizer Operation 6. Use the check boxes to enable the corresponding traps. The following table shows the traps that are enabled or disabled using the check boxes. Enable server up/down events This checkbox controls two traps, cpsSysEqServerDownEv and cpsSysEqServerUpEv. Equalizer triggers these traps when it detects either a server failure or a response from a failed server.
Browsing Equalizer Configurations using SNMP Siblings The main object that describes siblings is cpsSysEqSiblings. This describes any siblings for failover configurations. Configuration and Status The main object, cpsSysEqualizer, is the largest object in the MIB and contains many sub-objects.
Chapter 7: Monitoring Equalizer Operation 122 Equalizer Installation and Administration Guide
8 Working with Match Rules Why Match Rules? The ability to make load balancing decisions based on the content of a client request is what separates Layer 7 processing from the processing options available at Layer 4. For Layer 7 clusters, Match Rules provide fine-grained control over load balancing decisions based on the content of the client request. If you need to be able to route requests to the servers in a cluster based on the content of the request, Match Rules are the answer.
Chapter 8: Working with Match Rules Figure 56 Conceptual Example of Match Rule Processing Most client requests are a mix of requests for text and graphics. Layer 7 processing without Match Rules (top diagram in Figure 56) balances requests across all the available servers in the cluster, so that each server will see a mix of text and graphics requests. This means that all text and graphics must be available on each server.
General Match Expressions and Match Bodies If the match expression evaluates to false, then each subsequent match rule in the list of match rules for the virtual cluster is processed until a match occurs. All virtual clusters have a Default Match rule, which always evaluates to true and which will use the entire set of servers for load balancing. The Default Match rule is always processed last.
Chapter 8: Working with Match Rules With the addition of the logical OR (||) and logical AND (&&) operators, you can specify complex expressions, selecting precise attributes from the request, as in this: NOT happy() || (round() && happy()) Match expressions are read from left to right. Expressions contained within parentheses get evaluated before other parts of the expression. The previous expression would match anything that was not red or that was round and happy.
General Match Expressions and Match Bodies Match Bodies Match bodies specify the actions to take if the match expression selects the request. This is specified in the form of statements that provide values to variables used by the load balancer to process the request.
Chapter 8: Working with Match Rules Figure 57 on page 128 shows the match rule defined above as it would be displayed in the Administrative Interface. The Construct match expression section of the screen shows the expression that is evaluated against the incoming request. If the expression evaluates to true, the Select load balancing settings section specifies the servers that will be used to satisfy the incoming request, as well as the flags that will be set for the request.
Managing Match Rules The Default Match Rule All Layer 7 clusters created via the Equalizer Administration Interface start with a single match rule (named Default) that matches all requests and selects all servers. match Default { any() } then { servers = all; } The default rule specifies that all servers defined in the cluster should be used for load balancing the request, and that all flag settings for the request will be inherited from the cluster flag settings.
Chapter 8: Working with Match Rules 3. In the cluster screen, select menu > Add Match Rule. The create match rule screen appears in the right frame. Figure 59 4. Example Match Rule dialog box for a cluster with five servers Enter a name for the new rule in the match name field. All match names within a cluster must be unique. 5. Select the placement of the rule by choosing a rule from the immediately before list box.
Managing Match Rules structural editing operators. In any list of edit actions, selection refers to the green and red parts of the match expression and self refers to the red portion. Some of the structural editing operators include the function you are replacing (for example, replace with host AND any).
Chapter 8: Working with Match Rules 14. Check disable to indicate that this rule should not be processed. (This check box is often used to debug match rules, so that a match rule can be temporarily disabled during testing without deleting its definition.) 15. Click the commit button to save your new Match Rule definition. Modifying a Match Rule To edit a match rule, follow these steps: 1. Log into the Equalizer Administration Interface in edit mode. 2.
Match Functions Table 61: non-URI Match Functions non-URI Match Function Description any() This function always evaluates to true. client_ip(string) This function evaluates to true only if the IP address of the client machine making the connection matches the string argument. The string can be a simple IP address (e.g., “192.168.1.110”), or an IP address in Classless Inter-Domain Routing (CIDR) notation (e.g., “192.168.1.0/24”).
Chapter 8: Working with Match Rules Table 61: non-URI Match Functions non-URI Match Function Description header_substr(header, string) This function evaluates to true if the selected header is present and if the string-valued argument string is a sub-string of the associated header text. header_regex(header, string) This function evaluates to true if the selected header is present and if the string-valued argument string, interpreted as a regular expression, matches the associated header text.
Match Functions • Match functions for the optional component are not provided. The fragment portion of a URI is not transmitted by the browser to the server, but is instead retained by the client and applied after the reply from the server is received. The following table lists the URI matching functions that match text in the URI components shown in Figure 62.
Chapter 8: Working with Match Rules Table 63: URI-based Match Functions URI Match Function Description filename(string) This function evaluates to true if the string argument exactly matches the filename portion of the URI path. This portion includes only the text after the last trailing path component separator (/), as that is considered part of the directory (for example, “file.html” is the filename portion of “/foo/bar/file.html”).
Match Functions 2. Regular Expressions: Some match functions have prefix, suffix, substr, or regex variants. The regex variants interpret an argument as a regular expression to match against requests. Regular expressions can be very costly to compute, so use the prefix, suffix, or substr variants of functions (or Boolean combinations of prefix and suffix testing), rather than the regex function variants, for best performance.
Chapter 8: Working with Match Rules are available for HTTPS clusters. In addition, there are some additional match functions [ssl2(), ssl3(), and tls1()], that match against the protocol specified in an HTTPS request. Note – Given that HTTPS runs encrypted using SSL and TLS as the transport, in order to perform any Layer 7 processing, the Equalizer must terminate the SSL/TLS encrypted connection.
Example Match Rules Table 65: Match Rule Logical Operators and Constructs replace with any AND function Replaces the currently selected function or logical construct with the “any()” function logically AND’ed with the current selection. replace with any OR function Replaces the currently selected function with the “any()” function logically OR’ed with the current selection.
Chapter 8: Working with Match Rules 6. Replace the text in the arg0 text box with support. Select continue. 7. In the server field, select sv_support. The screen should now look like this: 8. Select the commit button to create the support rule. The home screen for the Administrative Interface is displayed. In the left-frame cluster list, Match support should now appear above Match Default for the cluster.
Example Match Rules In this example, we assume that we can determine this by examining the hostname used in incoming requests. Any request containing a hostname in the following format will not require a persistent connection: name.testexample.com We’ll assume that any request with a hostname having the format name.testexample.com will not require persistent connections. We’ll use the host_suffix() match rule function to match the hostname.
Chapter 8: Working with Match Rules 8. In the flags field, enable the advanced check box. In the list of flags that appears, disable the right-hand check box for the persist flag; then, disable the left-hand check box next to persist. The create match rule screen should now look like this: 9. Select the commit button to create the nopersist rule. The home screen for the Administrative Interface is displayed.
Example Match Rules serving particular content for different web sites. For this example, we assume that a cluster with five servers as shown below has already been defined Figure 66 Match Rule Example: Dedicated Image and Content Servers We want to maintain persistent connections for the web site servers, assuming that some of the websites may need to maintain sessions for applications such as shopping carts, email, etc.
Chapter 8: Working with Match Rules 144 6. In the Construct match expression field, select replace with filename_suffix from the dropdown list box, and then select continue. The screen should now appear as shown below: 7. Select the text in the arg0 text box and type jpg. Select continue.
Example Match Rules 8. In the drop-down box shown in the figure above, select replace with filename_suffix OR any, and then select continue. The Construct match expression field should now appear as shown below: 9. Click on the any() function so that it is highlighted in red. Then select replace with filename_suffix from the drop-down box and click continue. 10. Type jpeg into the arg0 text box and click continue. The Construct match expression field should now look like this: 11.
Chapter 8: Working with Match Rules When you are done, the Construct match expression field should now look like this: 12. In our example, we want all the images to be served from either sv_19 or sv_19457. Enable the check boxes for these two servers in the servers field. (Note that the check box for a server appears after the server name.) We don’t need to set any flags on this rule, so select the commit button to create the images rule. The home screen for the Administrative Interface is displayed.
Example Match Rules sessions can be maintained by the applications that run on these servers.) The create match rule screen should now look like this: 18. Select the commit button to create the content rule. The home screen for the Administrative Interface is displayed. In the left-frame cluster list, Match content should now appear above Match Default for the cluster.
Chapter 8: Working with Match Rules 148 Equalizer Installation and Administration Guide
9 Administering Geographic Clusters Geographic Load Balancing with Envoy The Envoy geographic load balancer, an optional software add-on for the Equalizer product line, supports geographic clustering and load balancing. Geographic clustering and load balancing enables requests to be automatically distributed across servers in different physical locations or on different networks. Envoy Overview Equalizer and its set of servers in a particular location forms a site (or Envoy site).
Chapter 9: Administering Geographic Clusters It does this by sending a geographic query protocol probe (GQP) to each site; the probe is received by a special Envoy agent running at each site in the cluster (the agent for a site is configured when you configure Envoy for the site). These probes contain information about the requesting client and the resource that is being resolved. Site A also queries its local Envoy agent (see Figure 68).
Geographic Load Balancing with Envoy Envoy site that sent the geographic probe (Site A). This provides more accurate client location information to Envoy in the case where a resource is available at more than one site. Envoy will choose the site that will best serve the client according to the latency information received. 3. The site that sent the geographic probe, Site A, returns the address of the best Envoy site to the requesting client’s local DNS (see Figure 70).
Chapter 9: Administering Geographic Clusters Licensing and Configuring Envoy Each site in an Envoy geocluster must have an Equalizer that is running Envoy, which must be licensed in order to run. Envoy software is pre-installed on each Equalizer and is enabled through the registration and licensing process. After you have licensed Envoy and completed Envoy and DNS configuration described in this section, you can set up geographic clusters and define the available sites for each cluster.
Licensing and Configuring Envoy east.coyotepoint.com 192.168.2.44 Internet west.coyotepoint.com 10.0.0.5 Authoritative DNS for www.coyotepoint.com www.coyotepoint.com IN A 192.168.2.44 www.coyotepoint.com IN A 10.0.0.5 Figure 72 Two-site DNS example An example of a DNS zone file for this configuration is shown below. In this example, the systems ns1 and ns2 are assumed to be the authoritative name servers (master and slave) for the coyotepoint.com domain. $TTL 86400 coyotepoint.com. IN SOA ns1.
Chapter 9: Administering Geographic Clusters In the example above, we left the domain parameters as zeros, since these vary widely between DNS installations. Please see the documentation for the version of DNS that you are using for more information on the zone file content and format. Using Envoy with Firewalled Networks Envoy sites communicate with each other using Coyote Point’s UDP-based Geographic Query Protocol (GQP). Similarly, Envoy sites communicate with clients using the DNS protocol.
Working with Geographic Clusters Working with Geographic Clusters This section shows you how to add or delete a geographic cluster and how to configure a geographic cluster’s load-balancing options. Configuring a geographic cluster and its sites is analogous to configuring a virtual cluster and its servers. Adding a Geographic Cluster To add a new geographic cluster, follow these steps: 1. Log into the Equalizer Administration Interface in edit mode. 2.
Chapter 9: Administering Geographic Clusters • round trip: This method weights the client’s network proximity more heavily than other criteria. This option only works if you enable Ping Triangulation. • adaptive: This method takes all available information into account when selecting a site. This setting is a reasonable default. • site load: This method weights the current load at each site more heavily than other criteria.
Working with Sites 6. Specify the MX exchanger, which is the fully qualified domain name to be returned if Equalizer receives a “mail exchanger” request for this geographic cluster. The mail exchanger is the host responsible for handling email sent to users in the domain. 7. Select a policy. The policy determines the algorithm that Equalizer will use to distribute requests among the sites in the cluster: • round trip, which weights the client’s network proximity more heavily than other criteria.
Chapter 9: Administering Geographic Clusters 3. Select Add Site from the local menu. The add site screen opens in the right frame (see Figure 75). Figure 75 Add site to geocluster screen 4. Enter the site name, which is a symbolic name that represents this site. For example, the east-coast site for www.coyotepoint.com might be eastCOAST. 5. Enter the ip, which is the IP address of the site. This is the address of an Equalizer cluster that is returned if the site is chosen. 6.
Working with Sites 12. Click the commit button. Equalizer can refuse an Add Site command for several reasons, including attempting to add: • A site with a name or IP address that is already configured • More sites than are supported by Equalizer • A default site when you have already configured a default site Adjusting a Site’s Static Weight Equalizer uses a site’s static weight as the starting point for determining what percentage of requests to route to that site.
Chapter 9: Administering Geographic Clusters Envoy Configuration Worksheet 160 Equalizer Installation and Administration Guide
A Using Server Agents Introducing Server Agents You can configure Equalizer's load balancing algorithms to accept direct feedback from servers that describe the current server load or availability of critical resources. This is done by writing a server agent and deploying it on your servers. The agent must listen on and be able to respond to TCP connections on a well-known port.
Appendix A: Using Server Agents There is also a pedantic agent flag that tells Equalizer to regard a server as down if there is no response from the server’s agent. This flag is set in the system parameters, and when it is enabled it applies to all clusters that have agents. See “Modifying System Parameters” on page 43. Writing Server Agents You can write custom agents as shell scripts, or in Perl, C, or other languages.
Writing Server Agents . #!/usr/bin/perl -w # serveragent.pl #-------------------#(c) Copyright 2007 Coyote Point Systems, Inc.
Appendix A: Using Server Agents This program is only an example because it doesn't make any useful calculations of what the server agent response should be. Such calculations need to be made by the customer depending on what the server agent program is monitoring.
B Using Reserved IP Addresses Equalizer supports placing servers on reserved, non-routable networks such as the class A network 10.0.0.0 and the class C network 192.168.2.0. In environments in which the conservation of IP addresses is important, using reserved IP addresses can minimize the number of “real” IP addresses needed.
Appendix B: Using Reserved IP Addresses If servers placed on a non-routable network need to communicate with hosts on the Internet for any reason (such as performing DNS resolution or sending email), you must configure Equalizer to perform outbound NAT (network address translation). When you have enabled outbound NAT, Equalizer translates connections originating from the servers on the reserved network so that external hosts will not see packets originating from non-routable addresses.
C Regular Expression Format Equalizer supports only IEEE Std 1003.2 (POSIX.2) regular expressions in Match Rules. There are many other variants and extensions of regular expressions, including those found in Perl, Java, various shell languages, and the traditional Unix grep family of utilities; these variants are not supported in Match Rules. Regular expressions can be difficult to create and debug, and can use significvant system resources to process.
Appendix C: Regular Expression Format • A regular expression enclosed in parentheses, which matches a match for the regular expression. • An empty set of parentheses, which matches the null string. • A bracket expression. • A period (.), which matches any single character. • A carat (^), which matches the null string at the beginning of a line. • A dollar sign ($), which matches the null string at the end of a line. • A backslash (\) followed by one of the following characters: ^.
Matching Expressions Within a bracket expression, the name of a character class enclosed in '[:' and ':]' stands for the list of all characters belonging to that class. There are two special cases of bracket expressions: the bracket expressions '[[:<:]]' and '[[:>:]]' match the null string at the beginning and end of a word respectively. A word is defined as a sequence of word characters that is neither preceded nor followed by word characters.
Appendix C: Regular Expression Format 170 Equalizer Installation and Administration Guide
D HTTPS Cluster Certificates The sections below tell you how to get your Layer 7 HTTPS clusters running with certificates. Please read these sections completely before beginning to work with certificates on Equalizer. While this document tells you all you need to know to use certificates with HTTPS clusters, it is not a primer on HTTPS, SSL, or certificates.
Appendix D: HTTPS Cluster Certificates Equalizer communicates with the clients via HTTPS; the traffic between Equalizer and the servers in an HTTPS cluster is HTTP (i.e., unencrypted). Compared to the typical scenario where each server is establishing direct HTTPS connections with clients, encrypting and decrypting packets, and serving content as well, SSL offloading improves the overall performance of the cluster.
Enabling HTTPS with a Server Certificate • server certificate • private key • chained root (intermediate) certificates (if any) Enabling HTTPS with a Server Certificate The following are the steps to follow to obtain and install a server certificate, and verify that it works. 1. Generate a Server Certificate Signing Request or a Self-Signed Server Certificate. To get a server certificate, do one of the following: 2. a.
Appendix D: HTTPS Cluster Certificates 1. Perform the procedure in the previous section (“Enabling HTTPS with a Server Certificate” on page 173) to enable HTTPS with a server side certificate. 2. Generate a Client Certificate Signing Request or a Self-Signed Client Certificate. In Step 1, you created a server certificate. Now, follow the same procedure to generate a client certificate; do one of the following: a.
Generating a CSR and Getting It Signed by a CA 6. Try connecting to the Cluster via HTTPS. From a client browser, open https://cluster, where cluster is the network node name or IP address of the HTTPS cluster. The browser may notify you that it is accepting a certificate from the server and ask for confirmation. Once you accept the certificate, the server should ask for a client certificate; your browser may ask you to choose one.
Appendix D: HTTPS Cluster Certificates For a client certificate, the Common Name in the client’s copy of the certificate is only compared to the Common Name in the copy of the client certificate on the server, so Common Name can be any value. 3. Visit the website of an SSL Certificate Authority (CA) to submit the cert.csr file to the CA. 4. Once the CA returns your signed certificate (usually in email), go to the section “Preparing a Signed CA Certificate for Installation” on page 177.
Preparing a Signed CA Certificate for Installation Preparing a Signed CA Certificate for Installation When you receive your signed certificate back from your CA, you’ll get one or more .pem files in return, or you’ll get one or more mail messages from the CA. The files or messages contain your signed certificate and any necessary intermediate certificates required by the CA’s chain of trust. If you get your certificates in the mail, save each one to an ASCII text file with a .pem extension.
Appendix D: HTTPS Cluster Certificates -----BEGIN CERTIFICATE----... -----END CERTIFICATE---------BEGIN RSA PRIVATE KEY----... -----END RSA PRIVATE KEY---------BEGIN CERTIFICATE----... -----END CERTIFICATE----Add more certificates here if needed in the chain... Make sure you save the file as a plain text file. 3. Install the file into Equalizer as instructed in the section “Installing a Server or Client Certificate for an HTTPS Cluster” on page 178.
Installing a Server or Client Certificate for an HTTPS Cluster 5. If your Equalizer has an Xcel SSL Accelerator Card installed, a check box labelled use secure key storage will appear at the top of the install SSL certificate screen. If you do not have an Xcel Card, then this option will not appear on the screen. Checking this box tells Equalizer to store your private key in write-only memory on the Xcel card so that no one can access it.
Appendix D: HTTPS Cluster Certificates certificate, its private key, and an intermediate certificate were uploaded to Equalizer, and the display shows details for both certificates. 9. If the certificate you just installed on Equalizer is a client certificate, you’ll also need to install the certificate on each client. This usually involves converting the PEM format certificate into PKCS12 format; see the section “Converting a Certificate from PEM to PKCS12 Format” on page 184.
Using Certificates with the Xcel SSL Accelerator Card If your Equalizer has an Xcel SSL Accelerator Card installed, a check box labelled use secure key storage will appear on the install SSL certificate screen, as shown below. Checking this box tells Equalizer to store your private key in write-only memory on the Xcel card so that no one can access it.
Appendix D: HTTPS Cluster Certificates • Uncheck the use secure key storage check box when adding the SSL certificate; the private key will be kept on the Equalizer instead of in SKS. • Clear SKS memory (using the procedure below); this removes all keys from SKS and will free up any space taken by keys that are no longer used. This assumes you have not already used all 128kb of space on the Xcel card.
Using IIS with Equalizer Components and turn on the check box next to Internet Information Services (IIS); click Next and follow the wizard’s instructions. 2. Select Control Panel > Administrative Tools > Internet Information Services. 3. For a cluster (server) certificate, navigate to the website for which the CSR is intended. For a client certificate, navigate to any website or the default. Right click on the website and select Properties. 4.
Appendix D: HTTPS Cluster Certificates F. Enter a file name, e.g. C:\clustercert.pfx; then click Next. G. Click Finish. H. Click Ok if the export was successful. I. The certificate is now ready to be uploaded to the cluster via the Equalizer Administration Interface; see “Installing a Server or Client Certificate for an HTTPS Cluster” on page 178.
Supported Cipher Suites Supported Cipher Suites The following tables show the cipher suites supported by Equalizer. See the discussion of the cipher suites parameter in “Advanced Cluster Fields and Flags” on page 71.
Appendix D: HTTPS Cluster Certificates Xcel I Card The following cipher suites are supported by the older generation Xcel I SSL Accelerator cards.
E Troubleshooting You usually can diagnose Equalizer installation and configuration problems using standard network troubleshooting techniques. This section identifies some common problems, the most likely causes, and the best solutions. For additional Troubleshooting information, as well as the most up to date documentation, supplements, and technical articles, please visit the Coyote Point Support website: http://www.coyotepoint.com/support.
Appendix E: Troubleshooting Equalizer is not active Is Equalizer functioning? Try to ping the administration address. If you do not get a response, “Equalizer Doesn’t Respond to Pings to the Admin Address” provides additional troubleshooting information. Primary and Backup Equalizer Are in a Conflict Over Primary Certain switches (often those from Cisco and Dell) have Spanning Tree enabled by default.
Equalizer Doesn’t Respond to Pings to the Admin Address Equalizer Doesn’t Respond to Pings to the Admin Address Equalizer is not powered on Check that power switch is on and the front panel LED is lit. Connect the keyboard and monitor, cycle the power, and watch the startup diagnostic messages. Equalizer isn't connected to your network Check the network wiring. Administration address not configured on the external interface This applies to dual network configurations.
Appendix E: Troubleshooting Why aren't my clusters working if the server status is "up"? There are several reasons this could be happening. Make sure that Equalizer is being used as the default gateway on all your servers, and that the server service or daemon is running. Sometimes additional host or network routes will need to be added to the clustered servers in single network. The traceroute (Unix) and tracert (Windows) commands area useful diagnostic tools.
Restoring Access to the Administrative Interface Restoring Access to the Administrative Interface If all access to the Administrative Interface is disabled, do the following to enable access again: 1. Log into Equalizer using the serial line or SSH as root. 2. Enter the following command exactly as shown: parse_config -a -H 1 -i /var/eq/eq.conf -E -I -F -p -s • -a: tells the program to affect the server, rather than just checking the config.
Appendix E: Troubleshooting 192 Equalizer Installation and Administration Guide
F License and Warranty SOFTWARE LICENSE PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SOFTWARE. BY USING THIS SOFTWARE YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS LICENSE. IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE, PROMPTLY RETURN THE UNUSED SOFTWARE, MANUAL, AND RELATED EQUIPMENT AND HARDWARE (WITH PROOF OF PAYMENT) TO THE PLACE OF PURCHASE FOR A FULL REFUND. Coyote Point Systems, Inc.
Appendix F: License and Warranty 19. In the event the sale is to a DOD agency, the U.S. Government's rights in software, supporting documentation, and technical data are governed by the restrictions in the Technical Data Commercial Items clause at DFARS 252.227-7015 and DFARS 227.7202. LIMITED WARRANTY This document includes Limited Warranty information for Coyote Point Systems products. For products purchased in the European Union, please refer to the European Union Amendment. General Terms.
During the Limited Warranty Period, Coyote Point Systems will repair or replace the defective component parts or the hardware product. All component parts or hardware products removed under this Limited Warranty become the property of Coyote Point Systems. Coyote Point Systems, at its discretion, may elect to provide you with a replacement unit of Coyote Point Systems' choosing that is at least equivalent to your Coyote Point Systems product in hardware performance.
Appendix F: License and Warranty Limitation of Liability IF YOUR COYOTE POINT SYSTEMS SOFTWARE OR HARDWARE PRODUCT FAILS TO WORK AS WARRANTED ABOVE, YOUR SOLE AND EXCLUSIVE REMEDY SHALL BE REPAIR OR REPLACEMENT (INCLUDING REFUND). COYOTE POINT SYSTEMS' MAXIMUM LIABILITY UNDER THIS LIMITED WARRANTY IS EXPRESSLY LIMITED TO THE LESSER OF THE PRICE YOU HAVE PAID FOR THE PRODUCT OR THE COST OF REPAIR OR REPLACEMENT OF ANY SOFTWARE OR HARDWARE COMPONENTS THAT MALFUNCTION IN CONDITIONS OF NORMAL USE.
G Additional Requirements Short-Circuit Protection Warning This product relies on the building's installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the phase conductors (all current-carrying conductors). Attention Pour ce qui est de la protection contre les courts-circuits (surtension), ce produit dépend de l'installation électrique du local.
Appendix G: Additional Requirements Chassis Warning—Rack-Mounting and Servicing Warning To prevent bodily injury when mounting or servicing this unit in a rack, you must take special precautions to ensure that the system remains stable. The following guidelines are provided to ensure your safety: • This unit should be mounted at the bottom of the rack if it is the only unit in the rack.
Specifications The power consumption information shown in the tables below was captured during the following operational stages of the product: • Rush-in current -- when the product is powered ON • No Load -- when the product is booted from OS but no resource-hungry process is running • 100% CPU -- when 100% processor load is emulated on the product The following data is captured during the test, at both 110V and 220V: • Watts -- total power consumed by product • PF/VA -- Power Factor in Volt-Amps
Appendix G: Additional Requirements Table 2: Power Consumption at 220V/50Hz Model 220V/50Hz Watts PF/VA V/KHz Amp E550si Rush-in 114.76 0.447 220 1.2 No Load 87.2 0.813 220 0.48 100% CPU 110.7 0.862 220 0.577 Rush-in 146.6 0.943 220 0.778 No Load 89.3 0.824 221 0.49 100% CPU 140.3 0.917 220 0.702 Rush-in 137.2 0.935 221 0.898 No Load 83.2 0.801 222 0.47 124.7 0.901 221.5 0.685 Rush-in 45.9 0.823 220 0.258 No Load 39.1 0.781 220 0.226 100% CPU 43.
Glossary This glossary defines some of the key terms used in this document. Some of the glossary definitions are based on RFC1208, “A Glossary of Networking Terms.”1 active content verification (ACV) Active Content Verification; an Equalizer mechanism for checking the validity of a server. ACV does not support UDP-based services. administration address The IP address assigned to Equalizer on the internal network. See internal network and IP address.
Glossary Class A An ISO/IEC 11801 standard for twisted pair cabling rated to 100 KHz; similar to Category 1 cabling. Use the Class A standard for voice and low frequency applications. According to the Microsoft Press Computer Dictionary, you can use Class A networks “for sites with few networks but numerous hosts.” See ISO/IEC. Class B An ISO/IEC 11801 standard for twisted pair cabling rated to 1 MHz; similar to Category 2 cabling. Use the Class B standard for medium bit rate applications. See ISO/IEC.
Envoy Equalizer add-in; software that supports geographic clustering and load balancing. See geographic cluster, geographic load balancing, and load balancing. See also intelligent load balancing. Equalizer Administration Interface An Equalizer window with which you can monitor Equalizer’s operation; view statistics; add, modify, or clusters; add, modify, and delete servers; and shut down a server or Equalizer through a Javascript-enabled browser.
Glossary ICMP See Internet Control Message Protocol. ICMP echo request The act of repeating a stream of characters (for example, echoing on the computer screen characters as a user types those characters). See ping. See also echo. ICMP triangulation Routing client requests to the closest site geographically based on triangulation, a method of calculating the location of a site using the known locations of two or more other sites.
latency The time over which a signal travels over a network, from the starting point to the endpoint. See ping. See also CMP echo request and echo. Layer 4 (L4) The transport layer; Layer 4 uses its rules and those of the previous three layers to control accuracy of message delivery and service.which controls accuracy of message delivery and service. See ISO/OSI model and Layer 7.
Glossary physical server A machine located on the internal network that provides services on specific IP addresses and ports. See server and virtual web server. See also authoritative name server, back-end server, name server, and proxy server. piece An atom followed by a single *, +, or ?, or by a bound. See atom, branch, and regular expression. ping A program used to test reachability of destinations by sending them an ICMP echo request and waiting for a reply. See echo and probe.
Secure Sockets Layer (SSL) A protocol, which uses public-key encryption, that enables secure communications between a client and Web server, typically for guarding financial transactions. server A computer or application that controls access to a network and its associated devices and applications. A server communicates with one or more clients as well as other servers. See authoritative name server, back-end server, name server, physical server, proxy server, and virtual web server.
Glossary switch A device, which is attached to a network and which controls the route over which data is sent. SYN/ACK Synchronize and acknowledge; a message that synchronizes a sequence of data information and acknowledges the reception of that information. syslog A system log file, in which information, warning, and error messages are stored in a file, sent to a system, or printed. TCP Transmission Control Protocol; the rules for the conversion of data messages into packets.
Index ! 125 "A Glossary of Networking Terms" 201 && 126 || 126 A abort server 46 accessing Equalizer Administration interface 33 active connections 75 Active Connections cluster value 107 Active Connections server value 109 Active Content Verification 2 Active Content Verification. See ACV.
Index Average Ping Time status 113 B back-end server 201 backing up configuration 62 backup 12 default 48 Equalizer 14, 201 failover 47 hot 12, 29, 47, 203 mode 14, 48, 50 server 89 unit 12, 29 backup Equalizer 12 backup unit 12, 101 beginning configuration 22 boot process 22 bound 167, 201 BPDU (bridge protocol data unit) 48 bracket expression 168, 201 branch 167, 201 bridge protocol data unit (BPDU) 48 browser Javascript-enabled 33 browser access restrictions 46 C cache 201 cache-time-to-live field 155,
Commit option 25 committing changes to configuration parameters 25 computed load 202 Computed Load server value 110 server value Computed Load 110 conditions, server 162 configuration backing up 62 backup 12 beginning 22 cluster 104 examples 16 failover 12, 15, 29, 47, 50 initial 22 network 87 network parameters 23 parameters, committing changes to 25 restoring saved 62 saving 61 server 29 single network 11 single-network 29 testing 30 two network 10 two-network 29, 30 understanding 8 configuration utility,
Index dialog boxes Add Geographic Cluster 155 Change Server Parameters 93 displaying cluster information 104 geographic cluster parameters 110 server information 107 site information 112 system log 101 virtual cluster summary 103 DNS 2, 5, 15, 22, 30, 101, 155, 156, 202 zone file 152 DNS Server field 22 DNS TTL 202 DNS TTL cluster-wide parameter 111 domain 5, 202 domain name 5, 202 fully-qualified 5 domain name server 24 domain name service 5 domain name, fully-qualified 155 don’t transfer 46 down 2, 14, 1
failover configuration 29 failover configuration screen 48 failover gateway alias 14 failover peer 47 failover sibling 47 false 125 fine-tuning site weight 156 firewall 30, 203 network 154 firewalled networks, using Envoy with 154 FQDN 155, 203 front panel 19 FTP 54, 203 control port 78 data connections 78 passive connections 53 passive mode 78 passive translation 53 services, providing 78 FTP cluster 203 FTP connection, passive 205 FTP PASV 53 FTP translation 45 Fully Qualified Domain Name (FQDN) 203 fully
Index ICMP probe 45 ICMP triangulation 150, 156, 157, 204 ICMP Triangulation checkbox 156, 157 ICMP Triangulation cluster-wide parameter 111 idle timeout 44 ignore case 45 initial configuration 22 installation and configuration problems 187 installing Envoy 152 latest Equalizer software 26 intelligent load balancing 204 inter-cluster stickiness 3, 80 interface 204 administration 33, 201 Equalizer Administration 33, 34, 48, 100, 203 external 8, 203 network 205 single-network 11 interfaces character-based 22
local name server 6 log hours 44, 114 logging into Equalizer console 22 logical AND 126 logical name 89 logical NOT operator 125 logical OR 126 login prompt 22 M machine external test 97 internal-network test 31 test 30 Management Information Base description 120 managing servers 87 match body 124, 127 match expressions 125 match rule 123, 132 adding to virtual cluster 129 defining 129 editing 132 match rule, default 125 matching expressions 169 maximum number of connections 72, 89 menus local 36 messages
Index O once only 82 operation modes 100 Optimization Threshold 76 optimization threshold 76 optimizing cluster performance 91, 159 geographic cluster performance 156 optimizing cluster performance 91 options load balancing 74 oscillations, dynamic weight 78 OSI network 205 outbound NAT 15 outbound NAT 53, 166 outbound NAT, enabling 53 Outlook Web Access (OWA) 85 P packet 29, 205 ARP 14 ICMP echo request 30 ICMP echo response 30 request 8, 206 response 9, 206 SYN 53 TCP/UDP 4 pages parameters 36 panel, fro
probe interval 44 probe port 72 probe timeout 44 Probes Missed site value 113 problems, solving 187 protocol 206 SSL 4 protocol stack 206 protocols HTTP 89 UDP-based Geographic Query 30 providing FTP services on virtual cluster 78 proxy server 206 Q quiesce 206 quiescing servers 92 R RADIUS 2, 206 receive buffer 44, 72 record sticky 3 redirection 206 redirection, port 78, 89 redirects drop 45 register (see license) 39 regular expression 126 regular expression (RE) 206 relative value, server static weight
Index authoritative name 5, 7, 29, 201 back-end 201 checking validity 83 cluster 207 conditions 162 configuration 29 displaying information about 107 domain name 24 endpoint 207 IP address 31 local name 6 maximum number of connections 72, 89 name 205 physical 206 proxy 206 resource availability 78 response time 75 shutting down 92 virtual web 208 weight 90, 207 weights 90 server address, virtual 208 server agent 78 configuring cluster to use 78 daemon 78 parameters 105 using 78 value 75 Server Agent cluste
site value Network Latency 113 Probes Missed 113 Resource Down 113 Resource Load 113 Site Chosen 113 Triangulation Errors 113 site weight fine-tuning 156 load balancing 156, 157 site-wide failure 5 SKS 180 SNMP. See Simple Network Management Protocol. software license 193 software, updating Equalizer 26 solving installation and configuration problems 187 Spanning Tree 48 spoof 54 spoofing 207 IP 88 ssh 31 SSL Acceleration parameter 101 SSL protocol 4 SSL. See Secure Sockets Layer.
Index time server response 75 setting 25 sticky 3 time and time zone 59 Time option 26 time period, sticky 78, 80 Time Zone option 25 time zone, setting 25 timeout, stale connection 53 timer, sticky 3, 207 traceroute 29, 31, 208 tracert 29 translation, address 201 Transmission Control Protocol. See TCP. Transmission Control Protocol/Internet Protocol. See TCP/ IP. transport layer. See Layer 4 (L4).
Equalizer Configuration Menu 23, 25 Network Configuration 24 Wireless Application Protocol (WAP) 208 wireless application protocol (WAP) 2 workload relative 113 worksheets configuration 16 writing custom agents 162 X x509 verify 71, 173, 179 XCEL card 101 XCEL SSL accelerator card 180 Z zone file 152 zooming in on graph 106, 109, 112, 113 Equalizer Installation and Administration Guide 221
Index 222 Equalizer Installation and Administration Guide
