Académique Documents
Professionnel Documents
Culture Documents
Overview
This article describes how you can configure a Virtual Host in Cyberoam with Load Balancing and
Health Checking. Load Balancing enables distribution of incoming traffic over multiple internal
servers. Health Checking keeps a check on servers and sends a notification to the administrator
whenever a server goes down or comes up.
Virtual host
Virtual host implementation is based on the Destination NAT concept.
Virtual Host maps services of a public IP Address to services of a host in a private network. In other
words, it is a mapping of public IP address to an internal IP address. This virtual host is used as the
Destination address to access internal or DMZ server.
A Virtual host can be a single IP address, an IP address range or a Cyberoam interface itself.
Cyberoam automatically responds to the ARP request received on the WAN zone for the external IP
address of Virtual host.
The load balancing method defines how sessions are load balanced to multiple servers. Cyberoam
supports the following load balancing methods:
Round Robin: In this method, requests are served in a sequential manner where the first request is
forwarded to the first server, second request to the second server and so on. When a request is
received, Cyberoam checks to see which was the last server that was assigned a request. It then
assigns this new request to the next available server.
When to use: This method can be used when equal distribution of traffic is required and there is no
need for session-persistance.
First Alive: In this method, all incoming requests are served by the first server (the first IP Address
that is configured in the IP Range). This server is considered as the primary server and all others are
considered as backup. Only when the first server fails, the requests are forwarded to the next server
in line.
Random: In this method, the requests are forwarded to the servers randomly. Although, Cyberoam
makes sure that all configured servers receive equally distributed load. Hence, this method is also
called uniform random distribution.
When to use: This method can be used when equal distribution of traffic is required and there is no
need for session-persistance or order of distribution.
How To – Configure Virtual Host with Load Balancing and Health Checking
Sticky IP: In this method, along with Round Robin distribution of traffic, Cyberoam forwards incoming
traffic according to the Source IP Address. All traffic from a particular source is forwarded only to its
mapped Server. This means that all requests for a given source IP are sent to the same application
server instance.
When to use: This method is useful in cases where all requests or sessions are required to be
processed by the same server. For example, Banking websites, E-Commerce websites.
Health Check
The Health Check feature monitors servers and sends a notification to the administrator when the
status of any of the servers changes. This ensures that the requests are forwarded only to servers
that are up and running. For Health Check, Cyberoam uses two methods: TCP Probe and ICMP
Probe.
Scenario
Consider a hypothetical network, as shown in the diagram below, with Web Servers 1, 2 and 3 hosted
in DMZ and are accessed from the Internet using a single Public IP address 204.88.128.93, i.e.,
Cyberoam WAN IP. In this article, we create a virtual host for the Web Servers to implement Load
Balancing and Health Checking.
How To – Configure Virtual Host with Load Balancing and Health Checking
Configuration
The entire configuration is to be done from Web Admin Console using profile having read-write
administrative rights over relevant features.
Parameter Description
Step 2: Create Firewall Rule(s) to Allow Access to Web Servers from Other Zones
On clicking OK, the Add Firewall Rules For Virtual Host screen appears which enables you to
create rules to allow access to the Web Servers from other zones.
The above configuration allows access to Web Servers from Internet and implements Load Balancing
and Health Checking.