A P P E N D I X B

This appendix provides a tutorial for configuring the Sun Fire B10n content load balancing blade. It includes the following sections:

puma(config){admin}# ip interface 0 192.50.50.134 mask 255.255.255.0

2. As admin in config mode, configure the IP address on interface 1:

puma(config){admin}# ip interface 1 192.50.50.135 mask 255.255.255.0

To Configure the Default Gateway

As admin in config mode, configure the default gateway:

puma(config){admin}# default gateway 192.50.50.200

To Configure the DNS Server

As admin in config mode, configure the primary DNS server:

puma(config){admin}# dns server 192.50.50.100 primary

To Configure DNS Suffix

As admin in config mode, configure the DNS suffix:

puma(config){admin}# dns suffix mycompany.com

Configuring a Basic Layer 4 Service Without Any Rules

To Create a Layer 4 Service

1. As admin in config mode, configure a Layer 4 service:

puma(config){admin}# service name svcL4 vip 199.99.9.1:80:tcp interface 0

2. Verify that the service is configured:

puma(config){admin}# show service svcL4

To Add Two blade servers to the Default Load Balancing Group for the Service

1. As admin in config mode, configure the default server:

puma(config){admin}# service lb-group default svcL4 server 192.50.50.10:80:tcp:5:1 192.50.50.11:80:tcp:2:0

2. Set the standby server to active:

puma(config){admin}# modify service lb-group server svcL4:default server 192.50.50.11:80:tcp mode active

3. Verify that the servers are configured in the service:

puma(config){admin}# show service-lb-group svcL4 default

4. Enable this service:

puma(config){admin}# enable service name svcL4

5. Configure the VIP 199.99.9.1 on the loopback interface of the blade servers 192.50.50.10 and 192.50.50.11.

Note - Now you can run traffic from clients to the Layer 4 service 199.99.9.1 and it is going to be load balanced between the 2 blade servers 192.50.50.10 and 192.50.50.11 in a round-robin (default load balancing scheme) fashion.

To Add Another Server to the Default Load Balancing Group

1. As admin in config mode, add another server to the default load balancing group:

puma(config){admin}# service lb-group server svcL4:default server 192.50.50.12:80:tcp:1:1

2. Verify that the server was added:

puma(config){admin}# show service-lb-group svcL4 default

3. Configure the VIP 199.99.9.1 on the loopback interface of the blade servers 192.50.50.12.

Note - Now you can run traffic from clients to the Layer 4 service 199.99.9.1 and it is going to be load balanced between the 3 blade servers 192.50.50.10, 192.50.50.11 and 192.50.50.12 in a round-robin (default load balancing scheme) fashion.

To Remove a Server From the Default Load Balancing Group

1. As admin in config mode, remove a server from the default group:

puma(config){admin}# remove service lb-group server svcL4:default server 192.50.50.10:80:tcp

2. Verify that the server has been removed:

puma(config){admin}# show service-lb-group svcL4

Configuring a Basic Layer 4 Service With Rules

To Configure a Layer 4 Service with Layer 4 (IP) Rule

1. As admin in config mode, add a Layer 4 rule to the system:

puma(config){admin}# ip-rule IP1 rule 192.50.50.200:3442 mask 255.255.255.240:0

2. Verify that the rule was added:

puma(config){admin}# show rule

3. Create a Layer 4 service:

puma(config){admin}# service name svcL4-r vip 199.99.9.2:80:tcp interface 0

4. Verify that the service was created:

puma(config){admin}# show service svcL4-r

5. Add two blade servers to the default load balancing group for the service:

puma(config){admin}# service lb-group default svcL4-r server 192.50.50.10:80:tcp:1:1 192.50.50.11:80:tcp:1:1

6. Configure the VIP 199.99.9.2 on the loopback interface of the blade servers 192.50.50.10 and 192.50.50.11.

7. Associate the Layer 4 service with a rule and a group of servers:

puma(config){admin}# service lb-group name IP-GRP service svcL4-r server 192.50.50.13:80:tcp:5:1 192.50.50.14:80:tcp:5:1 rule IP scheme wt-round-robin

8. Configure VIP 199.99.9.2 on loopback interfaces of server 192.50.50.13 and 192.50.50.14.

9. Verify that the service is configured:

puma(config){admin}# show service svcL4-r

10. Enable the service:

puma(config){admin}# enable service name svcL4-r

11. Build the rules:

puma(config){admin}# build rules

Note - Don't run traffic to this service yet, wait for the build to return with completion status.

12. Check the build status:

puma(config){admin}# show build status

When the build is completed, the completion message is printed out. Once you receive the completion message, you are ready to run traffic.

You can now run traffic from clients to the Layer 4 service 199.99.9.2 and the load is balanced between the blade servers in the following fashion depending on the source IP address and Layer 4 port.

A request from client IP 192.50.50.195 and any port is going to be load balanced between the servers 192.50.50.13 and 192.50.50.14 in a weighted round robin manner as it matches the L4 rule IP1 in the IP-GRP load balancing group for this service.

A request from client IP 192.50.50.180 and any port is going to be load balanced between the default servers 192.50.50.10 and 192.50.50.11 in a round robin fashion as it does not match the rule IP1 in the IP-GRP load balancing group for this service.

Configuring a Basic Layer 7 Service

To Configure a Basic Layer 7 Service Without Rules

1. As admin in config mode, create a Layer 7 service:

puma(config){admin}# service name svcL7 vip 199.99.9.3:80:tcp interface 0 lb-layer 7 L7-proto http

2. Add 2 servers to the default group

puma(config){admin}# service lb-group default svcL7 server 192.50.50.15:80:tcp:10:1 192.50.50.16:80:tcp:10:1 scheme wt-round-robin

3. Enable the service:

puma(config){admin}# enable service name svcL7

4. Configure the VIP 199.99.9.3 on the loopback interface of the blade servers 192.50.50.15 and 192.50.50.16.

Note - You can now run traffic from client(s) to the Layer 7 service 199.99.9.3. The service is load balanced between the two blade servers 192.50.50.15 and 192.50.50.16 in the default load balancing group in a weighted round-robin fashion.

To Configure a Layer 7 Service with Layer 7 Rules

1. As admin in config mode, add a Layer 7 rule to the system:

puma(config){admin}# http-rule HTML dynamic string *.html

2. Verify that the rule was added:

puma(config){admin}# show rule

3. Create a Layer 7 service:

puma(config){admin}# service name svcL7-r vip 199.99.9.4:80:tcp interface 0 lb-layer 7 L7-proto http

4. Add two servers to the default group:

puma(config){admin}# service lb-group default svcL7 server 192.50.50.10:80:tcp:1:1 192.50.50.13:80:tcp:1:1

5. Associate the Layer 7 service with a rule and a group of servers:

puma(config){admin}# service lb-group name URL-GRP service svcL7-r server 192.50.50.11:80:tcp:5:1 192.50.50.12:80:tcp:5:1 rule HTML scheme wt-round-robin

6. Verify that the service was configured:

puma(config){admin}# show service svcL7-r

7. Enable the service:

puma(config){admin}# enable service name svcL7-r

8. Configure the VIP 199.99.9.4 on the loopback interface of the blade servers 192.50.50.10, 192.50.50.13, 192.50.50.11 and 192.50.50.12.

9. Build the rules:

puma(config){admin}# build rules

Note - Don't run traffic to this service yet, wait for the build to return with completion status.

10. Check the build status:

puma(config){admin}# show build status

When the build is completed, the completion message is printed out. Now we are ready to run traffic.

You can now run traffic from client(s) to the Layer 7 service 199.99.9.4. The service is load balanced between the blade servers in the following fashion depending on the URL of the HTTP request:

The URL http://199.99.9.4/index.html is load balanced between the servers 192.50.50.11 and 192.50.50.12 in a weighted round robin manner as it matches the Layer 7 rule HTML in the URL-GRP load balancing group for this service.

The URL http://199.99.9.4/index.gif is load balanced between the servers 192.50.50.10 and 192.50.50.13 in the default group in a round-robin manner as it does not match the Layer 7 rule HTML in the URL-GRP load balancing group for this service.

11. Add a CGI rule to the system:

puma(config){admin}# http-rule CGI cgi string server=*1

12. Associate the Layer 7 service with the CGI rule and a group of servers:

puma(config){admin}# service lb-group name CGI-GRP service svcL7-r server 192.50.50.14:80:tcp:5:1 192.50.50.15:80:tcp:5:1 rule CGI scheme wt-round-robin

13. Configure the VIP 199.99.9.4 on the loopback interface of the blade servers 192.50.50.14 & 192.50.50.15.

14. Add a Cookie rule to the system:

puma(config){admin}# http-rule COOKIE cookie string server=server1

15. Associate the Layer 7 service with the Cookie rule and a group of servers:

puma(config){admin}# service lb-group name CK-GRP service svcL7-r server 192.50.50.16:80:tcp:5:1 192.50.50.17:80:tcp:5:1 rule COOKIE scheme wt-round-robin

16. Configure the VIP 199.99.9.4 on the loopback interface of the blade servers

Rules do not take effect until you issue a build rules command.

17. Build the rules:

puma(config){admin}# build rules

After the build returns with the completion message, you can run traffic to this service in the following manner:

The URL http://199.99.9.4/index.html is load balanced between the servers 192.50.50.11 and 192.50.50.12 as it matches the HTML rule in the URL-GRP load balancing group for this service.

The URL http://199.99.9.4/index.gif is load balanced between the servers 192.50.50.10 and 192.50.50.13 in the default group as it does not match any rule for this service.

The request http://199.99.9.4/index.txt?xxx=yyy&server=S1&aaa=b is load balanced between the servers 192.50.50.14 and 192.50.50.15 as it matches the CGI rule in the CGI-GRP load balancing group for this service.

The request with the following HTTP header is load balanced between the servers 192.50.50.16 and 192.50.50.17 as it matches the COOKIE rule in the CK-GRP load balancing group for this service:

GET /test.txt HTTP/1.0\r\n

Host: 199.99.9.4\r\n

User-Agent: xfd\r\n

Cookie: server=server1\r\n\r\n

To Configure a Service for IP Persistence

1. As admin in config mode, add IP persistence to a service:

puma(config){admin}# service ip-persist svcL4-r mask 8 timeout 10

This adds IP persistence to the service where the source IP mask is specified as 8 bits and the inactivity timeout is specified as 10 minutes.

You can now run traffic from client 192.50.50.200, and depending on the rules, it is load balanced to a particular blade server, for example, server 192.50.50.13.

Any subsequent traffic from any client in the subnet 192.50.50.0 is sent back to the same server, that is, 192.50.50.13, without any load balancing. Thus the service is now "persistent" for the subnet 192.50.50.0. If no traffic is received from the 192.50.50.0 subnet for svcL4-r for 10 minutes, then the persistence expires. Now the first connection from a client in the 192.50.50.0 subnet, say 192.50.50.185, is load balanced again and it goes to server 192.50.50.11.

To Remove IP Persistence From a Service

As admin in config mode, remove IP persistence from a service:

puma(config){admin}# no service ip-persist svcL4-r

To Configure a Service for Tracking

As admin in config mode, add port tracking to a service:

puma(config){admin}# service tracking svcL7-r track 0:443:tcp timeout 20

This example adds port tracking to the service where the tracking port is specified as 443 and the inactivity timeout is specified as 20 minutes.

Now when you run traffic from client 192.50.50.200, depending on the request, it is load balanced to a particular back end server, for example, server 192.50.50.13. Any subsequent traffic from the same client destined to the VIP 199.99.9.4 and port 443 is sent back to the same server, that is, 192.50.50.13, without any load balancing. Thus the traffic to port 443 now tracks the primary service. If no traffic is received from 192.50.50.200 for svcL7-r on port 443 for 20 minutes, then the tracking expires. Now the first connection from 192.50.50.200 to the VIP 199.99.9.4 and port 80 will be load balanced to say server 192.50.50.10 and any subsequent connections from the same client, destined to either 199.99.9.4:80 or 199.99.9.4:443 go back to the same server.

To Remove Port Tracking

As admin in config mode, remove port tracking:

puma(config){admin}# remove service tracking svcL7-r track 0:443:tcp

To Add an End Point Tracking to a Service

1. As admin in config mode, add an end point tracking to a service:

puma(config){admin}# service tracking svcL7-r track 199.99.9.5:8080:tcp timeout 30

This example adds end point tracking to the service where the tracking end point is specified with IP 199.99.9.5, port 8080 and protocol TCP, and the inactivity timeout is specified as 30 minutes.

2. Configure the end point VIP 199.99.9.5 on the loopback interface of all the blade servers.

Now when you run traffic from client 192.50.50.200, depending on the request, it is load balanced to a particular blade server, for example server 192.50.50.13. Any subsequent traffic from the same client destined to the vip 199.99.9.5 and port 8080 is sent back to the same server, that is, 192.50.50.13, without any load balancing. Thus the traffic to end point 199.99.9.5:8080:tcp now tracks the primary service. If no traffic is received from 192.50.50.200 for end point 199.99.9.5:8080:tcp for 30 minutes, then the tracking expires.

Now the first connection from 192.50.50.200 to the VIP 199.99.9.4 and port 80 will be load balanced to say server 192.50.50.10 and any subsequent connections from the same client, destined to either 199.99.9.4:80 or 199.99.9.5:8080 go back to the same server.

To Remove End Point Tracking

As admin in config mode, remove end point tracking:

puma(config){admin}# remove service tracking svcL7-r track 199.99.9.5:8080:tcp

Port tracking and end point tracking can also be added to a service configured with IP persistence in which case the tracking will be valid for any client from the subnet (as specified by the persistence mask) instead of one particular client.

To Configure a Service for Cookie-Based Persistence

As admin in config mode, enter the following command:

puma(config){admin}# service cookie-persist svcL7-r cookie PERSIST offset 3 delim :

The cookie is set by the server on the client using the header
Set-cookie: PERSIST=xyzc03232axyz;\r\n

The client when it makes the next request sends this cookie in the header
Cookie: PERSIST=xyzc032320axyz;\r\n

If the cookie persistence is set as shown above, then the content load balancing blade parses and finds the string 'c032320a' in the cookie. The name is PERSIST and the offset is 3. The offset specifies how many bytes into the value to look for to find the start of the cookie. If the cookie matches the server the request is sent to server 192.50.50.10.

Currently, the delimiter value is ignored. If this configuration is saved and retrieved, the delimiter value is always set to ':'.

To Remove Cookie Persistence from a Service

As admin in config mode, enter the following command:

puma(config){admin}# remove service cookie-persist svcL7-r PERSIST

To Configure a UDP Service

The following restrictions apply to a UDP services:

UDP services can only be load balanced at Layer 4.

Only the static load balancing scheme is supported.

Persistence and tracking are not supported for UDP services.

Note - A UDP end point can be added for port/end-point tracking to a TCP service

1. As admin in config mode, create a Layer 4 service:

puma(config){admin}# service name svcudp vip 199.99.9.1:90:udp interface 0

2. Verify that the service was created:

puma(config){admin}# show service svcudp

3. Add two blade servers to the default load balancing group for the service:

puma(config){admin}# service lb-group default svcudp server 192.50.50.18:90:udp:1:1 192.50.50.19:90:udp:1:1 scheme static

4. Enable this service:

puma(config){admin}# enable service name svcudp

You can now run UDP traffic from clients to the UDP service 199.99.9.1 on port 90 and it is load balanced between the two blade servers 192.50.50.18 and 192.50.50.19 in a static fashion. With the current implementation of the static load balancing algorithm, all UDP traffic from the same client IP will go to the same server, as long as the server is available. If the server becomes unavailable, then the new traffic goes to the next available server.

Note - It is possible to add Layer 4 IP rules to a UDP service just like any other Layer 4 service.

To Configure an FTP Service

FTP service configuration on the Sun Fire B10n content load balancing blade has the following restrictions:

An FTP service can only be layer-4 load balanced.

Assumption: The FTP server running on the blade server has the control port on 21 and data port on 20.

When configuring an FTP service ensure the following:

The VIP end-point added has port 21 (the FTP control port) and protocol TCP.

The load balancing layer is specified as Layer 4 and the Layer 7 protocol is specified as FTP.

Before enabling the FTP service, add persistence to it with mask length 0 (any other mask length can be specified if such a persistence is specifically desired).

1. As admin in config mode, create an FTP service:

puma(config){admin}# service name svcftp vip 199.99.9.1:21:tcp interface 0 lb-layer 4 L7-proto ftp

2. Verify that the service was created:

puma(config){admin}# show service svcftp

3. Add two blade servers to the default load balancing group for the service:

puma(config){admin}# service lb-group default svcftp server 192.50.50.14:21:tcp:1:1 192.50.50.15:21:tcp:1:1 scheme wt-round-robin

4. Configure the VIP 199.99.9.1 should be configured on the loopback interface of the blade servers 192.50.50.14 and 192.50.50.15.

5. Add IP persistence with mask length 0:

puma(config){admin}# service ip-persist svcftp mask 0 timeout 10

6. Enable this service:

puma(config){admin}# enable service name svcftp

You can now run FTP client(s) from client machine(s) to the FTP service on 199.99.9.1 and the FTP sessions will be load balanced between the 2 blade servers 192.50.50.14 and 192.50.50.15 in a weighted round robin fashion (for different client IPs as client persistence is set).

Note - It is possible to add L4 (IP) rule(s) to an FTP service just like any other Layer 4 service.

To Add an End Point to a Service to make it Multi-homed

1. As admin in config mode, add an end point to a service:

puma(config){admin}# service point svcL4 point 199.99.9.30:80:tcp:0:0:0

This command adds an end point with VIP 199.99.9.30, port 80 and protocol TCP to the service svcL4. This end point inherits all properties of the service.

2. Configure the VIP for the new end point, that is, 199.99.9.30 in this case, on the loopback interface of all the blade servers included in the service (svcL4 in this case).

Setting Up VLAN

For this example, assume the following:

The management VLAN tag is 2 (the default for Sun Fire B1600 blade system chassis)

The client-side VLAN tag is 1

The service VLAN is 5

Only the interface connected to SSC0 is used for this service.

The management subnet is 192.50.50.0, with a mask of 255.255.255.0

The IP address of the content load balancing blade is 192.50.50.10

The IP address of the server on the management VLAN is 192.50.50.201

The virtual IP address of the service is 199.99.9.1

Set Up on the Switch

The Sun Fire B10n content load balancing blade and all servers for the service must be members for all three vlans mentioned above. The ports must be set up to forward traffic on these vlans tagged.

Refer to the Sun Fire B1600 Blade System Chassis Software Setup Guide for the mechanism to set up the switch.

First, the VLAN database must be edited to include the VLANs to be used in the service.

Then, the port membership rules are set using the interface switch port setup.

Note - By default, VLAN 1 is forwarded on the ports untagged. In this example, the client side VLAN is forwarded tagged.

To Set Up VLAN on the Server

The server must also be a member of all VLANs mentioned above. The management VLAN is used to exchange configuration messages between the content load balancing blade and the blade server. VLAN is also used for server health monitoring.

The service VLAN is used for all data plane traffic between the content load balancing blade and the blade server.

The route from the server to the client network must use the client side VLAN. For security reasons, the server cannot bind any services to its IP address on this interface.

1. Configure the client side VLAN interface:

# ifconfig ce1000 plumb 10.10.10.10 netmask 255.255.255.0 up

2. Configure the management VLAN interface:

# ifconfig ce2000 plumb 192.50.50.201 netmask 255.255.255.0 up

3. Configure the service VLAN interface:

# ifconfig ce5000 plumb 110.10.10.10 netmask 255.255.255.0 up

4. Configure the VIP on the loopback interface:

# ifconfig lo0:1 plumb 199.99.9.1 netmask 255.255.255.0 up

The IP address on the service VLAN is never used in any traffic, however, a valid IP address must be configured.

5. Add all three interfaces to the load balanced interfaces:

# /opt/SUNWclb/bin/clbconfig add ce1000

# /opt/SUNWclb/bin/clbconfig add ce2000

# /opt/SUNWclb/bin/clbconfig add ce5000

6. Verify that the route to the default gateway uses interface ce1000.

# netstat -r

The netstat -r command displays the routing table, including the default route.

7. Set the default route:

# route add default 10.10.10.10 0

Remove any other default route shown by netstat -r. Note that there are other ways to set the default route to use this interface. See the Solaris Administration Guide.

Note - If the physical interface used were connected to SSC1, the virtual interfaces would be ce1001, ce2001, and ce5001, respectively.

The interface number for VLAN n on physical interface i is determined by the following formula: 1000 * n + i

Hence, the interface name for VLAN 123 on physical interface ce0 is ce123000

To Set Up VLAN on a Load Balancing Blade

First, set up a service as described in (relevant chapters). Assume that the name of the service is SVC1.

1. As admin, in config mode, set the service VLAN:

puma(config){admin}# management vlan 2

2. Enable the VLAN service:

puma(config){admin}# enable vlan management

3. Set the client side (default) VLAN:

puma(config){admin}# data vlan 1

4. Enable the client side VLAN:

puma(config){admin}# enable vlan data

5. Set the service VLAN:

puma(config){admin}# service vlan SVC1 vlan 5

6. Enable the service VLAN:

puma(config){admin}# enable service vlan SVC1