Académique Documents
Professionnel Documents
Culture Documents
- Alteon switch
- Alteon swich - Server Load Balancing - Server Load Balancing - Troubleshooting Guide
- Alteon switch
AAS 2216
AAS 3408
8ea 10/100/1000 Mbps ports 8ea Gigabit ports 2M concurrent sessions 16 Gbps backplane capacity
16ea 10/100 Mbps ports 2ea Gigabit ports 1M concurrent sessions 16 Gbps backplane capacity
WSM
4- 10/100 TX or Gig SX ports 80MB of Memory 512K concurrent sessions
Price
AAS 2208
8ea 10/100 Mbps ports 2ea Gigabit ports 600K concurrent sessions 16 Gbps backplane capacity
180e(AD3)
Eight 10/100/1000 Mbps ports One 1000BASE-SX port 2MB of memory per port 336K concurrent sessions 8 Gbps backplane capacity
Feature/Function
Management Module
Memory
Flash
RISC
Switch Ports
RISC
Fwd Engine
WebIC
RISC RISC
Fwd Engine
WebIC
...
RISC
Fwd Engine
WebIC
Memory
Memory
Memory
WebIC: network processing ASIC with hardware-assisted forwarding engine and dual RISC processors Up to 20 RISC processor per switch Optimized for processing-intensive session services Separate centralized switch management processors
Alteon nn nn
8 FE
2 GE
7 8 9 10 15 16 17 18
AAS 2216
(16FEx2GE)
1 2
16 FE
2 GE
7 8 9 10 15 16 17 18 23 24 25 26 27 28
AAS 2424
(24FEx4GE)
1 2
24 FE
4 GE
AAS 3408
(12GE)
1 2 3 4
3 4 5 6
5 6 7 8
10
11 12
4 GE
{
1-RU form factor
1 2
7 8
9 10
15 16
17 18
23 24
DB9 Console
25 26 27 28
LEDs: SFP
{
1-RU form factor
LEDs: SFP
1 23 4 3 4 5 6 5 6 7 8 9 10 11 12
Gigabit Ethernet
MP
DA_X SA_1
DA_X, SA_3, RIP_A
Server
Unattached port
Server
DA_X SA_3
Memory at all ports pooled and utilized at all times Session entries kept in memory local to designated CPUs Global session table kept for cookie persistent sessions All ports store all filtering/redirection policies
Application LB Global Server LB Application Health Checks
Firewall/IDS LB VPN LB WAN Links WAP Gateways
Web Site Cache SSL Appliance Streaming Media
Layer 2-4 Attributes VLAN Filtering Accept, Deny, NAT, Redirect
DPI
Layer 7 Deep Packet Inspection Ascii, Binary Pattern
DoS SSL VPN
Flow BWM
P2P Bogon
( IP , )
Bandwidth Management
- Application Switch
Layer 4-7 Application/Content Intelligence
OSI 7-Layer Model Protocol Example Device Example /IDS
L2-7
HTTP& URL,
Client
Request: www.abc.com
Internet
DNSwww.abc.com = y
www.abc.com = z
www.abc.com = x
Servers
L4 Server Load Balancing - Client URL DNS Ip address (L4 Virtual IP : VIP .) L4 Virtual Server
Internet
DNS
www.abc.com = VIP
Servers
R_IP 1 R_IP 2 R_IP 3 Real IP Addresses
Real Servers Internet Can have Public or Private IP Addresses Must run a TCP/UDP service Up to 1024 Real Servers can be configured (Version 10) Can have maximum connections and timeout values assigned Virtual IP Address (VIP) Groups Support of up to 256 Groups A Group can support 1024 Real Servers Requires a Health Check metric Requires a Load Balancing Metric
Internet
VMAC ,VIP,VPORT
RMAC,RIP,RPORT Group
Client ports
- Client processing switch port - session server
Internet
VIP RIP
Health Check
- Server ( http, tcp, ftp, icmp ...)
SERVERS
Server 192.168.1.1
Server processing
Src
Server
R mac C mac R ip C ip 80 2155
L4
R mac C mac R ip C ip 80 2155 V mac C mac V ip C ip 80 2155
Clients
V mac C mac V ip C ip 80 2155
yes
Service Mapping Table Frame IP SA and source UDP/TCP port matches a configured RIP:Rport? Translate RIP:Rport to VIP:Vport
MAC
Dst Src
IP
Dst Src
TCP
Dst
Filtering
R1_OK
R2_OK
R3_Fail
Minimum Missies
- Hash Algorithm - clients source IP address (32 bit) real server connection server - , Algorithm Cache Redirection
Respose Time
- Load Balancing - server session
Internet
Real IP
Internet 1 3 2
Servers
R_IP 1 R_IP 2 R_IP 3
Loopback if = VIP
Active
Standby
BLOCKING
Active
Hot Standby
Active
Active
Internet
/cfg/ip/if 1 (enter) mask 255.255.255.0 (enter) add 10.1.1.10 (enter) en (enter) // enalbe
Client
Realserver IP 10.1.1.11~13
3. /info/l3/ip (/info/ip)
>> Information# /info/ip Interface information: 1: 10.1.1.0 255.255.255.0 10.1.1.255, Default gateway information: metric strict 1: 10.1.1.1, vlan any, up vlan 1, up
Realserver IP 10.1.1.11~13
/cfg/slb/real 1/rip 10.1.1.11/en (enter) Current real server IP address: 0.0.0.0 New pending real server IP address: 10.1.1.11 /cfg/slb/real 2/rip 10.1.1.12/en (enter) /cfg/slb/real 3/rip 10.1.1.13/en (enter)
Client
Internet
Client
Health check
Internet
>> SLB port 1# /cfg/slb/port 2/server en (enter) Current server processing: disabled New server processing: enabled >> SLB port 2# /cfg/slb/port 3/server en (enter) >> SLB port 3# /cfg/slb/port 4/server en (enter)
Internet
Client
Real server state: 1: 10.1.1.11, 00:e0:00:8c:cd:18, vlan 1, port 2, health 4, up 2: 10.1.1.12, 00:e0:00:8c:cd:19, vlan 1, port 3, health 4, up 3: 10.1.1.13, 00:00:00:00:00:00, vlan 0, port 0, health 4, FAILED Virtual server state: 1: 10.1.1.100, 00:60:cf:4b:04:6e virtual ports: http: rport http, group 1, backup none real servers: 1: 10.1.1.11, backup none, 1 ms, up 2: 10.1.1.12, backup none, 2 ms, up 3: 10.1.1.13, backup none, 0 ms, FAILED Redirect filter state: Port state: 1: 0.0.0.0, client 2: 0.0.0.0, server 3: 0.0.0.0, server 4: 0.0.0.0, server 5: 0.0.0.0 6: 0.0.0.0
Internet
Client
? Firewall Virtual Private Network (VPN) Intrusion Detection System (IDS) Viruswall
1. Dirty side Redirection filter Clean Side of Network 2. 3. Clean side 4. Clean side 5. 6. IP Source / Destination .
Dirty Side of Network Internet
Application Switch
DNS Internet
Application Switch
Application Switch
LDAP
Internal Network
Application Switch
192.168.2.0/24
192.168.1.2/24
192.168.2.2/24 192.168.100.1/24
1
192.168.1.1/24
192.168.2.1/24
2
192.168.1.2/24
3
192.168.2.2/24
1
192.168.100.1/24
1
192.168.1.1/24
1
192.168.1.1/24
192.168.2.1/24
192.168.2.0/24
IF 10 : 192.168.1.2/24
IF 20 : 192.168.2.2/24 IF 1 :192.168.100.1/24
2
192.168.1.2/24
3
192.168.2.2/24
1
192.168.100.1/24
2
192.168.1.2/24
3 1
192.168.100.1/24
2
192.168.1.2/24
3 1
192.168.100.1/24