A P P E N D I X B |
Tutorial and Examples |
This appendix provides a tutorial for configuring the Sun Fire B10n content load balancing blade. It includes the following sections:
Use the following procedures to set up the networking configurations.
1. As admin in config mode, configure the IP address on interface 0:
puma(config){admin}# ip interface 0 192.50.50.134 mask 255.255.255.0 |
2. As admin in config mode, configure the IP address on interface 1:
puma(config){admin}# ip interface 1 192.50.50.135 mask 255.255.255.0 |
As admin in config mode, configure the default gateway:
puma(config){admin}# default gateway 192.50.50.200 |
As admin in config mode, configure the primary DNS server:
puma(config){admin}# dns server 192.50.50.100 primary |
As admin in config mode, configure the DNS suffix:
puma(config){admin}# dns suffix mycompany.com |
1. As admin in config mode, configure a Layer 4 service:
puma(config){admin}# service name svcL4 vip 199.99.9.1:80:tcp interface 0 |
2. Verify that the service is configured:
puma(config){admin}# show service svcL4 |
To Add Two blade servers to the Default Load Balancing Group for the Service |
1. As admin in config mode, configure the default server:
puma(config){admin}# service lb-group default svcL4 server 192.50.50.10:80:tcp:5:1 192.50.50.11:80:tcp:2:0 |
2. Set the standby server to active:
puma(config){admin}# modify service lb-group server svcL4:default server 192.50.50.11:80:tcp mode active |
3. Verify that the servers are configured in the service:
puma(config){admin}# show service-lb-group svcL4 default |
puma(config){admin}# enable service name svcL4 |
5. Configure the VIP 199.99.9.1 on the loopback interface of the blade servers 192.50.50.10 and 192.50.50.11.
1. As admin in config mode, add another server to the default load balancing group:
puma(config){admin}# service lb-group server svcL4:default server 192.50.50.12:80:tcp:1:1 |
2. Verify that the server was added:
puma(config){admin}# show service-lb-group svcL4 default |
3. Configure the VIP 199.99.9.1 on the loopback interface of the blade servers 192.50.50.12.
1. As admin in config mode, remove a server from the default group:
puma(config){admin}# remove service lb-group server svcL4:default server 192.50.50.10:80:tcp |
2. Verify that the server has been removed:
puma(config){admin}# show service-lb-group svcL4 |
1. As admin in config mode, add a Layer 4 rule to the system:
puma(config){admin}# ip-rule IP1 rule 192.50.50.200:3442 mask 255.255.255.240:0 |
2. Verify that the rule was added:
puma(config){admin}# show rule |
puma(config){admin}# service name svcL4-r vip 199.99.9.2:80:tcp interface 0 |
4. Verify that the service was created:
puma(config){admin}# show service svcL4-r |
5. Add two blade servers to the default load balancing group for the service:
puma(config){admin}# service lb-group default svcL4-r server 192.50.50.10:80:tcp:1:1 192.50.50.11:80:tcp:1:1 |
6. Configure the VIP 199.99.9.2 on the loopback interface of the blade servers 192.50.50.10 and 192.50.50.11.
7. Associate the Layer 4 service with a rule and a group of servers:
puma(config){admin}# service lb-group name IP-GRP service svcL4-r server 192.50.50.13:80:tcp:5:1 192.50.50.14:80:tcp:5:1 rule IP scheme wt-round-robin |
8. Configure VIP 199.99.9.2 on loopback interfaces of server 192.50.50.13 and 192.50.50.14.
9. Verify that the service is configured:
puma(config){admin}# show service svcL4-r |
puma(config){admin}# enable service name svcL4-r |
puma(config){admin}# build rules |
Note - Don't run traffic to this service yet, wait for the build to return with completion status. |
puma(config){admin}# show build status |
When the build is completed, the completion message is printed out. Once you receive the completion message, you are ready to run traffic.
You can now run traffic from clients to the Layer 4 service 199.99.9.2 and the load is balanced between the blade servers in the following fashion depending on the source IP address and Layer 4 port.
1. As admin in config mode, create a Layer 7 service:
puma(config){admin}# service name svcL7 vip 199.99.9.3:80:tcp interface 0 lb-layer 7 L7-proto http |
2. Add 2 servers to the default group
puma(config){admin}# service lb-group default svcL7 server 192.50.50.15:80:tcp:10:1 192.50.50.16:80:tcp:10:1 scheme wt-round-robin |
puma(config){admin}# enable service name svcL7 |
4. Configure the VIP 199.99.9.3 on the loopback interface of the blade servers 192.50.50.15 and 192.50.50.16.
1. As admin in config mode, add a Layer 7 rule to the system:
puma(config){admin}# http-rule HTML dynamic string *.html |
2. Verify that the rule was added:
puma(config){admin}# show rule |
puma(config){admin}# service name svcL7-r vip 199.99.9.4:80:tcp interface 0 lb-layer 7 L7-proto http |
4. Add two servers to the default group:
puma(config){admin}# service lb-group default svcL7 server 192.50.50.10:80:tcp:1:1 192.50.50.13:80:tcp:1:1 |
5. Associate the Layer 7 service with a rule and a group of servers:
puma(config){admin}# service lb-group name URL-GRP service svcL7-r server 192.50.50.11:80:tcp:5:1 192.50.50.12:80:tcp:5:1 rule HTML scheme wt-round-robin |
6. Verify that the service was configured:
puma(config){admin}# show service svcL7-r |
puma(config){admin}# enable service name svcL7-r |
8. Configure the VIP 199.99.9.4 on the loopback interface of the blade servers 192.50.50.10, 192.50.50.13, 192.50.50.11 and 192.50.50.12.
puma(config){admin}# build rules |
Note - Don't run traffic to this service yet, wait for the build to return with completion status. |
puma(config){admin}# show build status |
When the build is completed, the completion message is printed out. Now we are ready to run traffic.
You can now run traffic from client(s) to the Layer 7 service 199.99.9.4. The service is load balanced between the blade servers in the following fashion depending on the URL of the HTTP request:
11. Add a CGI rule to the system:
puma(config){admin}# http-rule CGI cgi string server=*1 |
12. Associate the Layer 7 service with the CGI rule and a group of servers:
puma(config){admin}# service lb-group name CGI-GRP service svcL7-r server 192.50.50.14:80:tcp:5:1 192.50.50.15:80:tcp:5:1 rule CGI scheme wt-round-robin |
13. Configure the VIP 199.99.9.4 on the loopback interface of the blade servers 192.50.50.14 & 192.50.50.15.
14. Add a Cookie rule to the system:
puma(config){admin}# http-rule COOKIE cookie string server=server1 |
15. Associate the Layer 7 service with the Cookie rule and a group of servers:
puma(config){admin}# service lb-group name CK-GRP service svcL7-r server 192.50.50.16:80:tcp:5:1 192.50.50.17:80:tcp:5:1 rule COOKIE scheme wt-round-robin |
16. Configure the VIP 199.99.9.4 on the loopback interface of the blade servers
Rules do not take effect until you issue a build rules command.
puma(config){admin}# build rules |
After the build returns with the completion message, you can run traffic to this service in the following manner:
GET /test.txt HTTP/1.0\r\n Host: 199.99.9.4\r\n User-Agent: xfd\r\n Cookie: server=server1\r\n\r\n |
1. As admin in config mode, add IP persistence to a service:
puma(config){admin}# service ip-persist svcL4-r mask 8 timeout 10 |
This adds IP persistence to the service where the source IP mask is specified as 8 bits and the inactivity timeout is specified as 10 minutes.
You can now run traffic from client 192.50.50.200, and depending on the rules, it is load balanced to a particular blade server, for example, server 192.50.50.13.
Any subsequent traffic from any client in the subnet 192.50.50.0 is sent back to the same server, that is, 192.50.50.13, without any load balancing. Thus the service is now "persistent" for the subnet 192.50.50.0. If no traffic is received from the 192.50.50.0 subnet for svcL4-r for 10 minutes, then the persistence expires. Now the first connection from a client in the 192.50.50.0 subnet, say 192.50.50.185, is load balanced again and it goes to server 192.50.50.11.
As admin in config mode, remove IP persistence from a service:
puma(config){admin}# no service ip-persist svcL4-r |
As admin in config mode, add port tracking to a service:
puma(config){admin}# service tracking svcL7-r track 0:443:tcp timeout 20 |
This example adds port tracking to the service where the tracking port is specified as 443 and the inactivity timeout is specified as 20 minutes.
Now when you run traffic from client 192.50.50.200, depending on the request, it is load balanced to a particular back end server, for example, server 192.50.50.13. Any subsequent traffic from the same client destined to the VIP 199.99.9.4 and port 443 is sent back to the same server, that is, 192.50.50.13, without any load balancing. Thus the traffic to port 443 now tracks the primary service. If no traffic is received from 192.50.50.200 for svcL7-r on port 443 for 20 minutes, then the tracking expires. Now the first connection from 192.50.50.200 to the VIP 199.99.9.4 and port 80 will be load balanced to say server 192.50.50.10 and any subsequent connections from the same client, destined to either 199.99.9.4:80 or 199.99.9.4:443 go back to the same server.
As admin in config mode, remove port tracking:
puma(config){admin}# remove service tracking svcL7-r track 0:443:tcp |
1. As admin in config mode, add an end point tracking to a service:
puma(config){admin}# service tracking svcL7-r track 199.99.9.5:8080:tcp timeout 30 |
This example adds end point tracking to the service where the tracking end point is specified with IP 199.99.9.5, port 8080 and protocol TCP, and the inactivity timeout is specified as 30 minutes.
2. Configure the end point VIP 199.99.9.5 on the loopback interface of all the blade servers.
Now when you run traffic from client 192.50.50.200, depending on the request, it is load balanced to a particular blade server, for example server 192.50.50.13. Any subsequent traffic from the same client destined to the vip 199.99.9.5 and port 8080 is sent back to the same server, that is, 192.50.50.13, without any load balancing. Thus the traffic to end point 199.99.9.5:8080:tcp now tracks the primary service. If no traffic is received from 192.50.50.200 for end point 199.99.9.5:8080:tcp for 30 minutes, then the tracking expires.
Now the first connection from 192.50.50.200 to the VIP 199.99.9.4 and port 80 will be load balanced to say server 192.50.50.10 and any subsequent connections from the same client, destined to either 199.99.9.4:80 or 199.99.9.5:8080 go back to the same server.
As admin in config mode, remove end point tracking:
puma(config){admin}# remove service tracking svcL7-r track 199.99.9.5:8080:tcp |
Port tracking and end point tracking can also be added to a service configured with IP persistence in which case the tracking will be valid for any client from the subnet (as specified by the persistence mask) instead of one particular client.
As admin in config mode, enter the following command:
puma(config){admin}# service cookie-persist svcL7-r cookie PERSIST offset 3 delim : |
The cookie is set by the server on the client using the header
Set-cookie: PERSIST=xyzc03232axyz;\r\n
The client when it makes the next request sends this cookie in the header
Cookie: PERSIST=xyzc032320axyz;\r\n
If the cookie persistence is set as shown above, then the content load balancing blade parses and finds the string 'c032320a' in the cookie. The name is PERSIST and the offset is 3. The offset specifies how many bytes into the value to look for to find the start of the cookie. If the cookie matches the server the request is sent to server 192.50.50.10.
Currently, the delimiter value is ignored. If this configuration is saved and retrieved, the delimiter value is always set to ':'.
As admin in config mode, enter the following command:
puma(config){admin}# remove service cookie-persist svcL7-r PERSIST |
The following restrictions apply to a UDP services:
Note - A UDP end point can be added for port/end-point tracking to a TCP service |
1. As admin in config mode, create a Layer 4 service:
puma(config){admin}# service name svcudp vip 199.99.9.1:90:udp interface 0 |
2. Verify that the service was created:
puma(config){admin}# show service svcudp |
3. Add two blade servers to the default load balancing group for the service:
puma(config){admin}# service lb-group default svcudp server 192.50.50.18:90:udp:1:1 192.50.50.19:90:udp:1:1 scheme static |
puma(config){admin}# enable service name svcudp |
You can now run UDP traffic from clients to the UDP service 199.99.9.1 on port 90 and it is load balanced between the two blade servers 192.50.50.18 and 192.50.50.19 in a static fashion. With the current implementation of the static load balancing algorithm, all UDP traffic from the same client IP will go to the same server, as long as the server is available. If the server becomes unavailable, then the new traffic goes to the next available server.
Note - It is possible to add Layer 4 IP rules to a UDP service just like any other Layer 4 service. |
FTP service configuration on the Sun Fire B10n content load balancing blade has the following restrictions:
When configuring an FTP service ensure the following:
1. As admin in config mode, create an FTP service:
puma(config){admin}# service name svcftp vip 199.99.9.1:21:tcp interface 0 lb-layer 4 L7-proto ftp |
2. Verify that the service was created:
puma(config){admin}# show service svcftp |
3. Add two blade servers to the default load balancing group for the service:
puma(config){admin}# service lb-group default svcftp server 192.50.50.14:21:tcp:1:1 192.50.50.15:21:tcp:1:1 scheme wt-round-robin |
4. Configure the VIP 199.99.9.1 should be configured on the loopback interface of the blade servers 192.50.50.14 and 192.50.50.15.
5. Add IP persistence with mask length 0:
puma(config){admin}# service ip-persist svcftp mask 0 timeout 10 |
puma(config){admin}# enable service name svcftp |
You can now run FTP client(s) from client machine(s) to the FTP service on 199.99.9.1 and the FTP sessions will be load balanced between the 2 blade servers 192.50.50.14 and 192.50.50.15 in a weighted round robin fashion (for different client IPs as client persistence is set).
Note - It is possible to add L4 (IP) rule(s) to an FTP service just like any other Layer 4 service. |
1. As admin in config mode, add an end point to a service:
puma(config){admin}# service point svcL4 point 199.99.9.30:80:tcp:0:0:0 |
This command adds an end point with VIP 199.99.9.30, port 80 and protocol TCP to the service svcL4. This end point inherits all properties of the service.
2. Configure the VIP for the new end point, that is, 199.99.9.30 in this case, on the loopback interface of all the blade servers included in the service (svcL4 in this case).
For this example, assume the following:
The Sun Fire B10n content load balancing blade and all servers for the service must be members for all three vlans mentioned above. The ports must be set up to forward traffic on these vlans tagged.
Refer to the Sun Fire B1600 Blade System Chassis Software Setup Guide for the mechanism to set up the switch.
First, the VLAN database must be edited to include the VLANs to be used in the service.
Then, the port membership rules are set using the interface switch port setup.
Note - By default, VLAN 1 is forwarded on the ports untagged. In this example, the client side VLAN is forwarded tagged. |
The server must also be a member of all VLANs mentioned above. The management VLAN is used to exchange configuration messages between the content load balancing blade and the blade server. VLAN is also used for server health monitoring.
The service VLAN is used for all data plane traffic between the content load balancing blade and the blade server.
The route from the server to the client network must use the client side VLAN. For security reasons, the server cannot bind any services to its IP address on this interface.
1. Configure the client side VLAN interface:
# ifconfig ce1000 plumb 10.10.10.10 netmask 255.255.255.0 up |
2. Configure the management VLAN interface:
# ifconfig ce2000 plumb 192.50.50.201 netmask 255.255.255.0 up |
3. Configure the service VLAN interface:
# ifconfig ce5000 plumb 110.10.10.10 netmask 255.255.255.0 up |
4. Configure the VIP on the loopback interface:
# ifconfig lo0:1 plumb 199.99.9.1 netmask 255.255.255.0 up |
The IP address on the service VLAN is never used in any traffic, however, a valid IP address must be configured.
5. Add all three interfaces to the load balanced interfaces:
# /opt/SUNWclb/bin/clbconfig add ce1000 # /opt/SUNWclb/bin/clbconfig add ce2000 # /opt/SUNWclb/bin/clbconfig add ce5000 |
6. Verify that the route to the default gateway uses interface ce1000.
# netstat -r |
The netstat -r command displays the routing table, including the default route.
# route add default 10.10.10.10 0 |
Remove any other default route shown by netstat -r. Note that there are other ways to set the default route to use this interface. See the Solaris Administration Guide.
Note - If the physical interface used were connected to SSC1, the virtual interfaces would be ce1001, ce2001, and ce5001, respectively. |
The interface number for VLAN n on physical interface i is determined by the following formula: 1000 * n + i
Hence, the interface name for VLAN 123 on physical interface ce0 is ce123000
First, set up a service as described in (relevant chapters). Assume that the name of the service is SVC1.
1. As admin, in config mode, set the service VLAN:
puma(config){admin}# management vlan 2 |
puma(config){admin}# enable vlan management |
3. Set the client side (default) VLAN:
puma(config){admin}# data vlan 1 |
4. Enable the client side VLAN:
puma(config){admin}# enable vlan data |
puma(config){admin}# service vlan SVC1 vlan 5 |
puma(config){admin}# enable service vlan SVC1 |
puma(config){admin}# enable service name SVC1 |
Copyright © 2003, Sun Microsystems, Inc. All rights reserved.