Manualshelf

Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series
631632633634635636637638639640
Configuring Load Sharing Network Address Translation (LSNAT)
19-2 LSNAT Configuration
•WhendifferentvirtualserverIPs(VIPs)sharethesamerealserverindifferentserverfarms,
thepersistencelevelmustbesetthesame.
•Ingeneral,inordertoeditordeleteavirtualserverorrealserver(serverfarm)configuration,
thedevicesmustbefirstconfigured“outofservice”(noinservice)
beforethechangeswillbe
allowed.
Session Persistence
LoadbalancingclientsconnecttoavirtualIPaddresswhich,inreality,isredirectedtooneof
severalphysicalserversinaloadbalancingserverfarmgroup.Inmanywebpagedisplay
applications,aclientmayhaveitsrequestsredirectedtoandservicedbydifferentserversinthe
group.Incertain
situations,however,itmaybecriticalthatalltrafficfortheclientbedirectedto
thesamephysicalserverforthedurationofthesession—thisistheconceptofsessionpersistence.
Whentherouterreceivesanewsessionrequestfromaclientforaspecificvirtualaddress,the
routercreates
abindingbetweentheclient(source)IPaddress/portsocketandthe(destination)IP
address/portsocketoftheloadbalancingserverselectedforthisclient.Subsequentpacketsfrom
clientsarecomparedtothelistofbindings.Ifthereisamatch,thepacketissenttothesameserver
previouslyselectedfor
thisclient.Ifthereisnotamatch,anewbindingiscreated.Howtherouter
determinesthebindingmatchforsessionpersistenceisconfiguredwiththepersistencelevel
commandwhenthevirtualserveriscreated.
Therearethreeconfigurablelevelsofsessionpersistence:
TCPpersistenceabindingis
determinedbythematchingthesourceIP/portaddressas
wellasthevirtualde stinationIP/portaddress.For example,requestsfromtheclientaddress
of134.141.176.10:1024tothevirtualdestinationaddress207.135.89.16:80isconsideredone
sessionandwouldbedirectedtothesameloadbalancingserver(forexample,theserverwith
IP
address10.1.1.1).Arequestfromadifferentsourcesocketfromthesameclientaddressto
thesamevirtualdestinationaddresswouldbe consideredanotherses si o n andmaybe
directedtoadifferentloadbalancingserver(forexample,theserverwithIPaddress10.1.1.2).
Thisisthedefaultlevelofsession
persistence.
SSLpersistenceabindingisdeterminedbymatchingthesourceIPaddressandthevirtual
destinationIP/portaddress.NotethatrequestsfromanysourcesocketwiththeclientIP
addressareconsideredpartofthesamesession.Forexample,requestsfromtheclientIP
addressof134.141.176.10:1024or134.141.176.10:1025
tothevirtualdestinationaddress
207.135.89.16:8 0wouldbeconsideredonesessionandwouldbedirectedtothesameload
balancingserver(forexample,theserverwithIPaddress10.1.1.1).
StickypersistenceabindingisdeterminedbymatchingthesourceanddestinationIP
addressesonly.Thisallowsallrequestsfrom
aclienttothesamevirtualaddresstobedirected
tothesameloadbalancingserver.Forexample,bothHTTPandHTTPSrequestsfromthe
clientaddress134.141.176.10tothevirtualdestinationaddress207.135.89.16wouldbe
directedtothesameloadbalancingserver(forexample,theserverwithIPaddress10.1.1.1).
Sticky Persistence Configuration Considerations
Stickypersistencefunctionalityprovideslesssecuritybutthemostflexiblecapabilityforusersto
loadbalanceallservicesthroughavirtualIPaddress.Inaddition,thisfunctionalityprovides
betterresourceusagebytheLSNATrouter,aswellasbetterperformanceforthesameclients
tryingtoreachthesamerealservers
acrossdifferentservicesthroughavirtualserver.
Forexample,withstickypersistence,HTTP,HTTPS,TELNETandSSHrequestsfromaclient
(200.1.1.1)tothevirtualserveraddress(192.168.1.2)wouldallbedirectedtothesamerealserver.
Theclientalwaysgoestothesamerealserverforalltheservices
providedbythatserver,andit