User manual

ManualsBrandsD-Link ManualsNetworkingDFL-2560G Network Security UTM Firewall

411

412

413

414

415

416

417

418

419

420

10.4.5. Server Health Monitoring

SLB uses Server Health Monitoring to continuously check the condition of the servers in an SLB

configuration. SLB can monitor different OSI layers to check the condition of each server.

Regardless of the algorithms used, if a server is deemed to have failed, SLB will not open any more

connections to it until the server is restored to full functionality.

D-Link Server Load Balancing provides the following monitoring modes:

ICMP Ping

This works at OSI layer 3. SLB will ping the IP address of each individual

server in the server farm. This will detect any failed servers.

TCP Connection

This works at OSI layer 4. SLB attempts to connect to a specified port on

each server. For example, if a server is specified as running web services on

port 80, the SLB will send a TCP SYN request to that port. If SLB does not

receive a TCP SYN/ACK back, it will mark port 80 on that server as down.

SLB recognizes the conditions no response, normal response or closed port

response from servers.

10.4.6. SLB_SAT Rules

The key component in setting up SLB is the SLB_SAT rule in the IP rule set. The steps that should

be followed are:

1. Define an IP address object for each server for which SLB is to enabled.

2. Define an IP address group object which includes all these individual objects.

3. Define an SLB_SAT rule in the IP rule set which refers to this IP address group and where all

other SLB parameters are defined.

4. Define a further rule that duplicates the source/destination interface/network of the SLB_SAT

rule that permits the traffic through. This could be one rule or a combination of rules using the

actions:

• Allow

• NAT

Note: FwdFast rules should not be used with SLB

In order to function, SLB requires that the NetDefendOS state engine keeps track of

connections. FwdFast IP rules should not be used with SLB since packets that are

forwarded by these rules are under state engine control.

The table below shows the rules that would be defined for a typical scenario of a set of webservers

behind the NetDefend Firewall for which the load is being balanced. The Allow rule allows external

clients to access the webservers.

Rule Name Rule Type Src. Interface Src. Network Dest. Interface Dest. Network

WEB_SLB SLB_SAT any all-nets core ip_ext

WEB_SLB_ALW Allow any all-nets core ip_ext

If there are clients on the same network as the webservers that also need access to those webservers

then an NAT rule would also be used:

Rule Name Rule Type Src. Interface Src. Network Dest. Interface Dest. Network

WEB_SLB SLB_SAT any all-nets core ip_ext

WEB_SLB_NAT NAT lan lannet core ip_ext

10.4.6. SLB_SAT Rules Chapter 10. Traffic Management

418