Vous êtes sur la page 1sur 6

How To – Configure Virtual Host with Load

Balancing and Health Checking


How To – Configure Virtual Host with Load Balancing and Health Checking

Applicable Version: 10.02.0 Build 473 onwards

Overview
This article describes how you can configure a Virtual Host in Cyberoam with Load Balancing and
Health Checking. Load Balancing enables distribution of incoming traffic over multiple internal
servers. Health Checking keeps a check on servers and sends a notification to the administrator
whenever a server goes down or comes up.

Virtual host
Virtual host implementation is based on the Destination NAT concept.

Virtual Host maps services of a public IP Address to services of a host in a private network. In other
words, it is a mapping of public IP address to an internal IP address. This virtual host is used as the
Destination address to access internal or DMZ server.

A Virtual host can be a single IP address, an IP address range or a Cyberoam interface itself.
Cyberoam automatically responds to the ARP request received on the WAN zone for the external IP
address of Virtual host.

Load Balancing Methods


When a Virtual host is mapped with multiple servers, the Administrator can load balance traffic
passing through the Cyberoam to multiple servers. Cyberoam virtual host load balancing supports
various load balancing methods and real server health monitoring.

The load balancing method defines how sessions are load balanced to multiple servers. Cyberoam
supports the following load balancing methods:

Round Robin: In this method, requests are served in a sequential manner where the first request is
forwarded to the first server, second request to the second server and so on. When a request is
received, Cyberoam checks to see which was the last server that was assigned a request. It then
assigns this new request to the next available server.

When to use: This method can be used when equal distribution of traffic is required and there is no
need for session-persistance.

First Alive: In this method, all incoming requests are served by the first server (the first IP Address
that is configured in the IP Range). This server is considered as the primary server and all others are
considered as backup. Only when the first server fails, the requests are forwarded to the next server
in line.

When to use: This method is used for failover scenarios.

Random: In this method, the requests are forwarded to the servers randomly. Although, Cyberoam
makes sure that all configured servers receive equally distributed load. Hence, this method is also
called uniform random distribution.

When to use: This method can be used when equal distribution of traffic is required and there is no
need for session-persistance or order of distribution.
How To – Configure Virtual Host with Load Balancing and Health Checking

Sticky IP: In this method, along with Round Robin distribution of traffic, Cyberoam forwards incoming
traffic according to the Source IP Address. All traffic from a particular source is forwarded only to its
mapped Server. This means that all requests for a given source IP are sent to the same application
server instance.

When to use: This method is useful in cases where all requests or sessions are required to be
processed by the same server. For example, Banking websites, E-Commerce websites.

Health Check
The Health Check feature monitors servers and sends a notification to the administrator when the
status of any of the servers changes. This ensures that the requests are forwarded only to servers
that are up and running. For Health Check, Cyberoam uses two methods: TCP Probe and ICMP
Probe.

Scenario
Consider a hypothetical network, as shown in the diagram below, with Web Servers 1, 2 and 3 hosted
in DMZ and are accessed from the Internet using a single Public IP address 204.88.128.93, i.e.,
Cyberoam WAN IP. In this article, we create a virtual host for the Web Servers to implement Load
Balancing and Health Checking.
How To – Configure Virtual Host with Load Balancing and Health Checking

Configuration
The entire configuration is to be done from Web Admin Console using profile having read-write
administrative rights over relevant features.

Step 1: Configure Virtual Host


Go to Firewall > Virtual Host > Virtual Host and click Add to create a virtual host with parameters
given below.

Parameter Description

Parameter Value Description


Name WebServers Name to identify the Virtual Host.
The IP address through which Internet
External IP PortB – 204.88.128.93
users access the internal server/host.
The IP Range of the internal servers/hosts.
192.168.1.10- Please note that Load Balancing and
Mapped IP
192.168.1.12 Health Check can only be configured on an
IP Range.
LAN, WAN, DMZ, VPN or custom zone of
the mapped IP address(s). For example, if
Physical Zone DMZ mapped IP address represents any internal
server then it is the zone in which server
resides physically.
Port Forwarding
Click to enable service port forwarding. If
Enable Port Forwarding Enabled Port Forwarding is enabled, following
options are available.
Select the protocol TCP or UDP that you
Protocol TCP
want the forwarded packets to use.
Click to specify whether port mapping
External Port Type Port
should be single or range of ports.
Specify public port number for which you
External Port 80
want to configure port forwarding.
Click to specify whether port mapping
Mapped Port Type Port
should be single or range of ports.
How To – Configure Virtual Host with Load Balancing and Health Checking

Specify mapped port number on the


Mapped Port 80 destination network to which the public port
number is mapped.
Click to enable load balancing. This option
Enable Load Balancing Enabled is available if incoming traffic is to be
distributed to more than one internal server
Select the method for load balancing from
the available options.
Available Options:
 Round Robin
 First Alive
Method Round Robin
 Random
 Sticky IP

For details on each method, refer to the


Load Balancing Methods section.
Click to enable checking for failover. By
Enable Health Check default, this feature is enabled for First
Enabled
(For Failover) Alive Load Balancing method. For other
methods, it is optional.
Select the method to check the health of
Health Check Method ICMP Probe the server from the available options: TCP
Probe and ICMP Probe.
Specify the time interval in seconds after
Interval 60
which the health will be monitored.
Specify the time interval in seconds within
Timeout 2
which the server must respond.
Specify the number of tries to probe the
Retries 3 health of the server, after which the server
will be declared unreachable
How To – Configure Virtual Host with Load Balancing and Health Checking

Step 2: Create Firewall Rule(s) to Allow Access to Web Servers from Other Zones
On clicking OK, the Add Firewall Rules For Virtual Host screen appears which enables you to
create rules to allow access to the Web Servers from other zones.

 Enable Add Firewall Rule(s) For Virtual Host.


 Set rule parameters as desired. Here, we have created a rule which allows access to the Web
Servers from WAN zone.
 Select Yes for Create Reflexive Rule.
How To – Configure Virtual Host with Load Balancing and Health Checking

The above configuration allows access to Web Servers from Internet and implements Load Balancing
and Health Checking.

Step 3: Verify Firewall Rules


You can verify the Firewall Rules from Firewall > Rule > Rule, as shown below.

Document Version: 2.3 – 21 March, 2014

Vous aimerez peut-être aussi