Alteon ¿Î¿ Þ º Ó 1

Alteon Switch
- Alteon switch
- Alteon swich - Server Load Balancing - Server Load Balancing - Troubleshooting Guide
- Alteon switch
AAS 2216

AAS 3408
8ea 10/100/1000 Mbps ports 8ea Gigabit ports 2M concurrent sessions 16 Gbps backplane capacity
16ea 10/100 Mbps ports 2ea Gigabit ports 1M concurrent sessions 16 Gbps backplane capacity
WSM
4- 10/100 TX or Gig SX ports 80MB of Memory 512K concurrent sessions
Price
AAS 2424 184(AD4)

Nine 10/100/1000 Mbps ports 4 MB of memory per port (1-8) 8 MB of memory on port 9 512K concurrent sessions 8 Gbps backplane capacity 24 10/100Mbps ports 4ea Gigabit ports 2M concurrent sessions 16 Gbps backplane capacity
AAS 2208
8ea 10/100 Mbps ports 2ea Gigabit ports 600K concurrent sessions 16 Gbps backplane capacity
180e(AD3)
Eight 10/100/1000 Mbps ports One 1000BASE-SX port 2MB of memory per port 336K concurrent sessions 8 Gbps backplane capacity
Feature/Function
- Alteon Web switches

Selectable 8 x 10/100 or 1000SX Ethernet ports 1- 100 or Gigabit Ethernet uplink on Port 9
AC and DC power available

- Data 6 LEDs/port - Link - Active
Alteon 184 Console port
- Alteon Web switches

RISC RISC
Management Module
Memory
Flash
8 Gbps Switch Backplane

RISC
RISC
Switch Ports
RISC
Fwd Engine
WebIC
RISC RISC
Fwd Engine
WebIC
...
RISC
Fwd Engine
WebIC
Memory
Memory
Memory
WebIC: network processing ASIC with hardware-assisted forwarding engine and dual RISC processors Up to 20 RISC processor per switch Optimized for processing-intensive session services Separate centralized switch management processors
-Passport 8600 Routing Switch with Alteon Web Switching Module

Complete Layer 2-7 switching solution Comprised of Alteon Web Switching Module for the Passport 8600 Integrated platform provides a higher level of intelligent networking for LAN/WAN/MAN and data center requirements Lower total cost of ownership with L2-7 integration and device consolidation
Passport 8600 L2-7 Intelligent Routing Switch
Alteon Web Switching Module (WSM)
- Alteon Application Switch Nomenclature

Alteon Application Switch Series Number
2 = Fast Ethernet 3 = Gigabit Ethernet
Gigabit Uplink Ports Port Density
Alteon nn nn
- 4 Alteon Application Switch

AAS 2208
(8FEx2GE)
2 8 1 7 9 10
8 FE
2 GE
7 8 9 10 15 16 17 18
AAS 2216
(16FEx2GE)
1 2
16 FE
2 GE
7 8 9 10 15 16 17 18 23 24 25 26 27 28
AAS 2424
(24FEx4GE)
1 2
24 FE
4 GE
AAS 3408
(12GE)
4 1000TX or GBIC Choice
1 2 3 4
3 4 5 6
5 6 7 8
10
11 12
4 1000TX Only 4 1000TX or GBIC Choice
4 GE
- Alteon Application Switch 2424

SFP GBICs: 1000Base-SX Or 1000Base-LX with LC Connectors
RJ45 Auto 10/100 Fast Ethernet Ports LEDs on Port
{
1-RU form factor
1 2
7 8
9 10
15 16
17 18
23 24
DB9 Console
25 26 27 28
RJ45 Management Port
LEDs: SFP
LED: Fan LED: Power
- Alteon Application Switch 3408

SFP GBICs: 1000Base-SX Or 1000Base-LX with LC Connectors DB9 Console
{
1-RU form factor
LEDs: SFP
1 23 4 3 4 5 6 5 6 7 8 9 10 11 12
Optional Copper or Optical
RJ45 Auto 10/100/1000 Ethernet Ports
LED: Power RJ45 Management LED: Fan Port
- Alteon Application Switch Inside

MP On AD/180 series, Management Processor and Management Port are synonymous On Alteon 2000/3000 series, MP refers to Management Processor and NOT Management Port Health checking, start-up, configurations SP On, AD/180 series Switch Processor and Switch Port are synonymous On, Alteon 2000/3000 series SP refers to Switch Processor which is not the same as a Switch Port Layer 2 7 processing M 128-MB each of fast SDRAM (SP) Total switch memory = 640-MB
Gigabit Ethernet
VMA SP1 M M SP2 SP3 M M SP4
MP
Gigabit or Fast Ethernet
Architecture allows for flexibility in future software feature/ application development
- Alteon Application Switch VMA

Virtual Matrix Architecture (VMA)
Client
CPU CPU CPU CPU CPU CPU CPU CPU
DA_X SA_1
DA_X, SA_3, RIP_A
DA_Y SA_2 DA_X SA_1
DA_X, SA_1, RIP_A
DA_Y, SA_2, RIP_B
DA_X, SA_1, RIP_A
Server
Unattached port
Server
DA_X SA_3
Performance of distributed architecture with centralized architectures resource utilization

CPUs at all ports actively share L4-7 processing load
Each ingress packet hashed to one of 8 ports for L4-7 processing Hashing algorithm ensures even distribution of Internet traffic Packets in same session always hashed to the same CPU
Memory at all ports pooled and utilized at all times Session entries kept in memory local to designated CPUs Global session table kept for cookie persistent sessions All ports store all filtering/redirection policies
- Alteon Application Switch

Total Ports 10/100 Ethernet Ports Gigabit Ethernet Ports IP Routing Interfaces Virtual Server Support Real Server Support Policy Filters Concurrent Sessions Layer 7 Performance (sessions/second) Layer 4 Performance (sessions/second) Integrated SSL Acceleration (tps.)** Integrated SSL VPN Height (inches/RU) 3408(E) 12 4+4** 4+4** 256 1,024 1,024 2,048 2M(4M) >51K * >110K.* No No 1.75/1 2424(E) 28 24 4 256 1,024 1,024 2,048 2M(4M) >51K * >110K.* No No 1.75/1 2424-SSL(E) 28 24 4 256 1,024 1,024 2,048 2M(4M) >51K * >110K.* Base:300 Max:1000 Yes 1.75/1 2216(E) 18 16 2 256 1024 1024 2,048 1M(2M) 30K * 40K * No No 1.75/1 2208(E) 10 8 2 256 1024 1024 2,048 600K91M) 15K* 20K * No No 1.75/1

VPN

Application LB Global Server LB Application Health Checks

Firewall/IDS LB VPN LB WAN Links WAP Gateways

Web Site Cache SSL Appliance Streaming Media

Layer 2-4 Attributes VLAN Filtering Accept, Deny, NAT, Redirect
DPI
Layer 7 Deep Packet Inspection Ascii, Binary Pattern

DoS SSL VPN

Flow BWM

P2P Bogon

( IP , )
Bandwidth Management
- Application Switch
Layer 4-7 Application/Content Intelligence
OSI 7-Layer Model Protocol Example Device Example /IDS
L2-7
Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1
HTTP& URL,
SSL TCP IP Ethernet

L2 L3
- SLB ( Server Load Balancing)

Server load Balancing
Server Load Balancing - DNS Roundrobin Server Load Balancing
Client
Request: www.abc.com
Internet
DNSwww.abc.com = y
www.abc.com = z
www.abc.com = x
Servers

Client
Request: www.abc.com
L4 Server Load Balancing - Client URL DNS Ip address (L4 Virtual IP : VIP .) L4 Virtual Server
Internet
DNS
www.abc.com = VIP
. - Virtual Server http request Vip mapping (real server) Group
Virtual IP Address Health Checking
matching . - Server group Matching L4
Servers
R_IP 1 R_IP 2 R_IP 3 Real IP Addresses

WebOS Traffic Flow
At each Ingress Port if Layer 4 parameters are configured traffic flow follows these 3 processes: Server Translates RIP to VIP, RPort to VPort and RMAC to VMAC Filter Fires Filters and performs associated action Client Translates VIP to RIP, VPort to Rport and VMAC to RMAC

Client -Terminology
Virtual IP Address (VIP) Also called Virtual Server Each VIP must have at least one service Each VIP can support 8 Services
Real Servers Internet Can have Public or Private IP Addresses Must run a TCP/UDP service Up to 1024 Real Servers can be configured (Version 10) Can have maximum connections and timeout values assigned Virtual IP Address (VIP) Groups Support of up to 256 Groups A Group can support 1024 Real Servers Requires a Health Check metric Requires a Load Balancing Metric
Real server IP Address (RIP) Group

-Terminology Client CIP,CMAC,CPORT
VIP, VMAC, Vport virtual server : IP address, MAC address, TCP/UDP port RIP, RMAC, Rport real server : IP address, MAC address, TCP/UDP port CIP, CMAC, Cport Client : IP address, MAC address, TCP/UDP port PIP, PMAC, Pport proxy : IP address, MAC address, TCP/UDP port Session TCP connection, UDP session, IP flow
Internet
VMAC ,VIP,VPORT
RMAC,RIP,RPORT Group

-Terminology Client
Client ports
- Client processing switch port - session server
Internet
VIP RIP
Server ports - Server processing switch port

Client ports Server ports Health Check RIP VIP
Health Check
- Server ( http, tcp, ftp, icmp ...)
SERVERS

Client / Server processing Changes DIP from VIP to Real server IP and vice-versa Client processing also creates session binding entry based on client SIP and Sport
SIP 200.20.20.1 DIP 100.10.10.1 DMAC = V-MAC VIP 100.10.10.1

Client processing
SIP 200.20.20.1 DIP 192.168.1.1 DMAC = R-MAC
Server 192.168.1.1
Server processing
SIP 100.10.10.1 DIP 200.20.20.1 DMAC = C-MAC
SIP 192.168.1.1 DIP 200.20.20.1 DMAC = DGW-MAC

Client Processing
- VIP (Virtual IP address) RIP (Real IP address)
Client port? no yes
Src MAC Dst Src v mac C ip V ip 2155 80 v mac C ip V ip 2155 80 R mac C ip R ip 2155 80 R mac C ip R ip 2155 80 Clients C mac L4 C mac C mac Server C mac
Session Table Existing session entry?
IP Dst Src TCP Dst
no 1. Select Server 2. Place Entry in Session Table
yes 1. Translate VMAC:VIP:Vport to RMAC:RIP:Rport 2. Forward to real server egress port

Server Processing
- RIP (Real IP address) VIP (Virtual IP address) Server port?
Src
Server
R mac C mac R ip C ip 80 2155
L4
R mac C mac R ip C ip 80 2155 V mac C mac V ip C ip 80 2155
Clients
V mac C mac V ip C ip 80 2155
yes
Service Mapping Table Frame IP SA and source UDP/TCP port matches a configured RIP:Rport? Translate RIP:Rport to VIP:Vport
MAC
Dst Src
IP
Dst Src
TCP
Dst
Filtering

Health Check
Health check types
- ICMP - TCP - 3 way handshake (Service port) - Content - HTTP - Application specific Radius, SSL, POP, DNS etc. - Scripted send sequence, expected response
Health check parameters (realserver)

- Interval ( default 2sec) - Retry counts - Restroe counts - etc
R1_OK
R2_OK
R3_Fail

Load Balancing Metrics
Load Based: Round Robin / Weighted Round Robin Least Connections / Weighted Least Connections Response Time Bandwidth Persistent IP Based Hash Minimum Misses SSL ID Cookie Option : Weights , Maxcon

>> Load Balancing Metrics << Round Robin Load Balancing
- Real server session - weight (), Maximum connection
LeastConns Load Balancing

- real server open , open session real server session . - real server resource connection .

>> Load Balancing Metrics << Hash
- Clients Server session client server . - clients source IP address (32 bit) real server connection server
Minimum Missies
- Hash Algorithm - clients source IP address (32 bit) real server connection server - , Algorithm Cache Redirection

>> Load Balancing Metrics << Bandwith
- Load Balancing - server session
Respose Time
- Load Balancing - server session

DAM( Direct Access Mode)
Client When Server Processing is run the switch assumes flows with a IP SA of a RIP are using a load balanced service and the IP SA is always translated from RIP to VIP without checking the session table This allows packets to enter one switch and leave on another and still be translated from RIP to VIP e.g. Active - Active No Direct Access to the RIP is possible The RIP to VIP translation is not done automatically, it requires that the Session Table is checked first
Internet
Real IP

DSR ( Direct Sever Return)
Client
To configure DSR Alteon switch /cfg/slb/real 1/submac en

/cfg/slb/virt 1/ser http/nonat en
Internet 1 3 2
Servers
R_IP 1 R_IP 2 R_IP 3
Loopback if = VIP

High Availablity with VRRP VRRP (Virtual Router Redundancy Protocol)
- rfc 2338 - VRRP uses IP multicast to communicate on 224.0.0.18 - Use of a multicast MAC address ( 00-00-5E-00-01-02 for VRID = 2 ) - Alteon extensions to VRRP support Layer4 redunancy with virtual server routers(VSR) shared Mode 4 3 2 3 Master Answers ARP M 4 Path For Traffic 1 Multicast Updates 1 B 2 ARP for Default Gateway

High Availablity with VRRP Active standby
- All switches actively perform load balancing and/or routing functions, but for different virtual services and/or interfaces
Active
Standby

High Availablity with VRRP Active Hot standby
- One master with one or more backups. Only master processes layer 4 traffic - STP is not needed to eliminate bridge loops.
BLOCKING
Active
Hot Standby

High Availablity with VRRP Active Active
- All switches can actively forward traffic for the
same virtual services and/or interface
Active
Active

Basic configration and operation - CLI (Command Line Interface )
[Main Menu] info - Information Menu stats - Statistics Menu cfg - Configuration Menu oper - Operations Command Menu boot - Boot Options Menu maint - Maintenance Menu diff - Show pending config changes [global command] apply - Apply pending config changes [global command] save - Save updated config to FLASH [global command] revert - Revert pending or applied changes [global command] exit - Exit [global command, always available]

Basic configration and operation Administration Interfaces - CLI (Command Line Interface) : consloe (DB9) , telnet /cfg/sys/tnet enalbe - BBI (Browser Base Interface) /cfg/sys/http enalbe , /cfg/sys/wport <port> - SNMP : EMS /cfg/sys/snmp , /cfg/snmp - RMON

Basic configration and operation - BBI (Browser Base Interface)

Basic configration and operation - EMS ( Alteon Element Management System)
An Intuitive, Graphical Configuration Tool Java based Client/Server Application Stand-alone client Unix/Windows support
Platform-Less Operation Optional usage in HP OpenView environment

Basic configration and operation - EMS ( Alteon Element Management System)
Real Time Statistical Information Graphing

Basic configration and operation Step1 L2,L3,system configration
1.Connect switch
Enter password : admin (default)
2.Set IP address of switch
Internet
gateway 10.1.1.1/24 VIP 10.1.1.100 sevice http 1 L4ÌP 10.1.1.10/24 2 3 4
/cfg/ip/if 1 (enter) mask 255.255.255.0 (enter) add 10.1.1.10 (enter) en (enter) // enalbe
3.Set gateway ip address

/cfg/ip/gw 1 (enter) add 10.1.1.1 en (enter)
Client
4.Set telnet , http access

/cfg/sys/tnet en (enter) /cfg/sys/http en (enter) apply (enter) save (enter)
Realserver IP 10.1.1.11~13

Basic configration and operation Step2 L2,L3 monitor and information
1. /info/link
>>Main# /info/link -----------------------------------------------------------------Port Speed Duplex Flow Ctrl Link ----- ----- -------- --TX-----RX-- -----1 100 full yes yes up 2 100 full yes yes up 3 100 full yes yes up 4 100* full* no* no* up 5 10/100 any yes yes down 6 10/100 any yes yes down 7 10/100 any yes yes down * = value set by configuration; not autonegotiated.
gateway 10.1.1.1/24 Internet

health check ( icmp )
1 L4ÌP 10.1.1.10/24 2 Client 3 4
2. Port speed setting(manual)

/cfg/port 24/fast/speed 100/mode full/auto off Current port 24 speed setting: 10/100 Pending new speed setting: 100 Current port 24 mode setting: any Pending new mode setting: full duplex Current port 24 autonegotiation: on Pending new autonegotiation: off
3. /info/l3/ip (/info/ip)
>> Information# /info/ip Interface information: 1: 10.1.1.0 255.255.255.0 10.1.1.255, Default gateway information: metric strict 1: 10.1.1.1, vlan any, up vlan 1, up
Realserver IP 10.1.1.11~13

Basic configration and operation Step3 L4 SLB configration
1.SLB ON /cfg/slb/on 2.Real server configration
Internet VIP 10.1.1.100 sevice http 1 L4ÌP 10.1.1.10/24 2 3 4 Health check
/cfg/slb/real 1/rip 10.1.1.11/en (enter) Current real server IP address: 0.0.0.0 New pending real server IP address: 10.1.1.11 /cfg/slb/real 2/rip 10.1.1.12/en (enter) /cfg/slb/real 3/rip 10.1.1.13/en (enter)
3.Group, health check configraion

/cfg/slb/gr 1/add 1/add 2/add 3 (enter) Real server 1 added to real server group 1. Real server 2 added to real server group 1. Real server 3 added to real server group 1. /cfg/slb/gr 1/health http Current health check type: tcp New pending health check type: http
Client
Group 1 Realserver IP 10.1.1.11~13
4.Group load balancing Metric configration

/cfg/slb/gr 1/metric leastconns | roundrobin | minmisses|hash

5. VIP, Service port, group configration
>> Main# /cfg/slb/virt 1/vip 10.1.1.100/en Current virtual server IP address: 0.0.0.0 New pending virtual server IP address: 10.1.1.100 Current status: disabled New status: enabled >> Main# /cfg/slb/virt 1/service http -----------------------------------------------------------[Virtual Server 1 http Service Menu] group - Set real server group number rport - Set real port hname - Set hostname .. .. >> Virtual Server 1 http Service# gr 1 Current real server group: 1 New pending real server group: 1
Internet
Client
Health check

6 .Client ,Server process configration
>> Main# /cfg/slb/port 1/client en (enter) Current client processing: disabled New client processing: enabled
Internet
gateway 10.1.1.1/24 Client side port 1 2 L4ÌP 10.1.1.10/24 3 4
>> SLB port 1# /cfg/slb/port 2/server en (enter) Current server processing: disabled New server processing: enabled >> SLB port 2# /cfg/slb/port 3/server en (enter) >> SLB port 3# /cfg/slb/port 4/server en (enter)
Client Server side port

Basic configration and operation Step4 L4 SLB monitor and operation
1.VIP, Realserver heath check monitor
Main# /iinfo/slb/du
Internet
Client
Real server state: 1: 10.1.1.11, 00:e0:00:8c:cd:18, vlan 1, port 2, health 4, up 2: 10.1.1.12, 00:e0:00:8c:cd:19, vlan 1, port 3, health 4, up 3: 10.1.1.13, 00:00:00:00:00:00, vlan 0, port 0, health 4, FAILED Virtual server state: 1: 10.1.1.100, 00:60:cf:4b:04:6e virtual ports: http: rport http, group 1, backup none real servers: 1: 10.1.1.11, backup none, 1 ms, up 2: 10.1.1.12, backup none, 2 ms, up 3: 10.1.1.13, backup none, 0 ms, FAILED Redirect filter state: Port state: 1: 0.0.0.0, client 2: 0.0.0.0, server 3: 0.0.0.0, server 4: 0.0.0.0, server 5: 0.0.0.0 6: 0.0.0.0

2.Group LB monitor
>>Main# /stat/slb/gr 1 -----------------------------------------------------------------Real server group 1 stats: Current Total Highest Octets Real IP address Sessions Sessions Sessions ---- --------------------------- -------- ----- -------- --------------1 10.1.1.11 0 0 0 58320 2 10.1.1.12 0 1 1 75884 ---- --------------------------- -------- ---------- -----------------------0 1 1 134204
Internet
Client
3. Session talbe monitor

>> Main # /info/slb/se/du 4,1025: 10.1.1.1 1322 --> 10.1.1.12 80 age 10 E

4. Session talbe monitor >> Main # /info/slb/sess/help
The fields, (1)-(13), associated with a session, as identified in the example below are described in the following. 3, 01: 1.1.1.1 4586, 2.2.2.1 http -> 3567 3.3.3.1 http age 6 f:10 ELNPSRtUW c:# (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) (11) (12) (13) 3, 01: 1.1.1.1 4586, 2.2.2.1 http -> (1) (2) (3) (4) (5) (6) 1.1.1.2 3567 3.3.3.1 http age 6 f:10 ELNPSRtUW c:# (7a) (7) (8) (9) (10) (11) (12) (13) -----------------------------------------------------------------(1) SP number: This field indicates which SP created the session. (2) Ingress port: This field shows the physical port# of the client traffic that entered to the switch. (3) Source IP address: This field contains the source IP address from client IP packet. (4) Source port: This field identifies the TCP/UDP source port from client packet. (5) Destination IP address:This is the destination IP address from client TCP/UDP packet. For load balancing, this address is the virtual IP address. For filtering redirect, this address is the destination server's address. (6) Destination port: This field identifies the TCP/UDP destination port from client packet. (8) Real server IP address: (9) Server port: (10) Age: This is the session timeout value. If no packet is received within the value specified, the session is freed.

Troubleshooting command Tip - link and Layer 2,3 Issuse check the LED check the calbe check link negotiation (/info/link , /cfg/port # /fast..) check the port stats ( /stats/port # .) check the FDB, ARP tables /info/l2/fdb/dump ( /info/fdb/dump) /info/l3/arp/dump ( /info/arp/dump) check the interface and gateway /info/l3/ip ( /info/ip)

Troubleshooting command Tip - Layer 4 Issuse Cannot connect VIP service port and ping VIP check the client , server process at the ports check the realserver heath checking ( /info/slb/du ) Cannot connect realserver IP service port check the Direct Access Mode(DAM) configration ( /cfg/slb/adv/dire )

Troubleshooting command Tip - Layer 4 Issuse Load Balancing state ( /stats/slb/gr # , /stats/slb/virt # ) Realserver operation disalbe ( /oper/slb/dis <realserver number> ) Switch slb configraion ( /cfg/slb/cu ..)

Troubleshooting command Tip Alteon technical support files ( /maint/tsdump scripts)
Internal Network Application Switch Firewall
? Firewall Virtual Private Network (VPN) Intrusion Detection System (IDS) Viruswall
Application Switch Internet
- FWLB ( Firewall Load Balancing)

1. Dirty side Redirection filter Clean Side of Network 2. 3. Clean side 4. Clean side 5. 6. IP Source / Destination .
Dirty Side of Network Internet
Server Load Balancing
Application Switch
Firewall Load Balancing Application Switch
- VPN Load Balancing

VPN VPN . VPN VPN . VPN Load Balancing VPN VPN IP VPN : IKE(UDP 500), IPSEC Persistency : VPN
Branch Offices With VPN VPN Load Balancing VPN Servers
DNS Internet
Application Switch
Application Switch
LDAP
Internal Network
- IDS Load Balancing

(IDS) IDS IDS IDS IDS IDS IDS IDS Servers Application Switch Internet * IDS = Intrusion Detection System Secured Servers
Application Switch
- FWLB (Firewall Load Balancing)

Basic configration and operation(Bride firewall Mode) Step1 L2,L3,system configration(up)
IF 1: 192.168.10.1/24 IF 10 : 192.168.1.1/24 1.Connect switch
IF 20 : 192.168.2.1/24 2.Set IP address of switch

/cfg/ip/if 1 (enter) mask 255.255.255.0 (enter) add 192.168.10.1 (enter) en (enter) // enalbe /cfg/ip/if 10 (enter) mask 255.255.255.0 (enter) add 192.168.1.1 (enter) en (enter) // enalbe /cfg/ip/if 20 (enter) mask 255.255.255.0 (enter) add 192.168.2.1 (enter) en (enter) // enalbe
192.168.1.0/24 Firewall #1 Firewall #2
192.168.2.0/24
192.168.1.2/24
192.168.2.2/24 192.168.100.1/24

Basic configration and operation(Bride firewall Mode) Step1 L2,L3,system configration(up)
192.168.10.1/24 3.Vlan config /cfg/ip/if 1/vlan 1 /cfg/ip/if 10/vlan 10 /cfg/ip/if 20/vlan 20 /cfg/ vlan 10/en/add 2 /cfg/ vlan 20/en/add 3 192.168.1.0/24 Firewall #1 Firewall #2 192.168.2.0/24 4.STP OFF /cfg/stp/off
1
192.168.1.1/24
192.168.2.1/24
2
192.168.1.2/24
3
192.168.2.2/24
1
192.168.100.1/24

Basic configration and operation(Bride firewall Mode) Step2 L4 configration(up)
192.168.10.1/24 1. SLB On /cfg/slb/on 192.168.2.1/24 2. Realserver and group /cfg/slb/real 1/rip 192.168.1.2/en /cfg/slb/real 2/rip 192.168.2.2/en /cfg/slb/gr 1/add 1/add 2 Firewall #1 Firewall #2 /cfg/slb/gr 1/health icmp /cfg/slb/gr 1/metric hash 192.168.1.2/24 Real server 1 192.168.2.2/24 Real server 2
1
192.168.1.1/24

Basic configration and operation(Bride firewall Mode) Step2 L4 configration(up)
192.168.10.1/24 3. Allow Filter config /cfg/slb/fil 10/en/dip 192.168.10.0 /dmask 255.255.255.0 /cfg/slb/fil 20/en/dip 192.168.1.0 /dmask 255.255.255.0 /cfg/slb/fil 30/en/dip 192.168.2.0 /dmask 255.255.255.0 Firewall #1 Firewall #2 4.Redir Filter config /cfg/slb/fil 100/en/ac re/gr 1 192.168.1.2/24 Real server 1 192.168.2.2/24 Real server 2 /cfg/slb/port 1/filter en/ /cfg/slb/port 1/add 10/add 20/add 30 /add 100
1
192.168.1.1/24
192.168.2.1/24

Basic configration and operation(Bride firewall Mode) Step1 L2,L3,system configration(down)
192.168.10.1/24 192.168.1.1/24 192.168.2.1/24 1.Connect switch
2.Set IP address of switch

/cfg/ip/if 1 (enter) mask 255.255.255.0 (enter) add 192.168.100.1 (enter) en (enter) // enalbe /cfg/ip/if 10 (enter) mask 255.255.255.0 (enter) add 192.168.1.2(enter) en (enter) // enalbe /cfg/ip/if 20 (enter) mask 255.255.255.0 (enter) add 192.168.2.2 (enter) en (enter) // enalbe
192.168.1.0/24 Firewall #1 Firewall #2
192.168.2.0/24
IF 10 : 192.168.1.2/24
IF 20 : 192.168.2.2/24 IF 1 :192.168.100.1/24

Basic configration and operation(Bride firewall Mode) Step1 L2,L3,system configration(down)
192.168.10.1/24 192.168.1.1/24 192.168.2.1/24 3.Vlan config /cfg/ip/if 1/vlan 1 /cfg/ip/if 10/vlan 10 /cfg/ip/if 20/vlan 20 /cfg/ vlan 10/en/add 2 /cfg/ vlan 20/en/add 3 192.168.1.0/24 Firewall #1 Firewall #2 192.168.2.0/24 4.STP OFF /cfg/stp/off
2
192.168.1.2/24
3
192.168.2.2/24
1
192.168.100.1/24

Basic configration and operation(Bride firewall Mode) Step2 L4 configration(down)
Real server 1 192.168.1.1/24 1. SLB On /cfg/slb/on Real server 2 192.168.2.1/24 2. Realserver and group /cfg/slb/real 1/rip 192.168.1.1/en /cfg/slb/real 2/rip 192.168.2.1/en /cfg/slb/gr 1/add 1/add 2 Firewall #1 Firewall #2 /cfg/slb/gr 1/health icmp /cfg/slb/gr 1/metric hash 192.168.2.2/24
2
192.168.1.2/24
3 1
192.168.100.1/24

Basic configration and operation(Bride firewall Mode) Step2 L4 configration(down)
3. Allow Filter config Real server 1 192.168.1.1/24 Real server 2 192.168.2.1/24 /cfg/slb/fil 10/en/dip 192.168.10.0 /dmask 255.255.255.0 /cfg/slb/fil 20/en/dip 192.168.1.0 /dmask 255.255.255.0 /cfg/slb/fil 30/en/dip 192.168.2.0 /dmask 255.255.255.0 Firewall #1 Firewall #2 4.Redir Filter config /cfg/slb/fil 100/en/ac re/gr 1 192.168.2.2/24 /cfg/slb/port 1/filter en/ /cfg/slb/port 1/add 10/add 20/add 30 /add 100
2
192.168.1.2/24
3 1
192.168.100.1/24

Alteon ¿Î¿ Þ º Ó 1

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Alteon ¿Î¿ Þ º Ó 1

Transféré par

Droits d'auteur :

Formats disponibles

Alteon Switch

AAS 2424 184(AD4)

- Alteon Web switches

AC and DC power available

Alteon 184 Console port

- Alteon Web switches

8 Gbps Switch Backplane

-Passport 8600 Routing Switch with Alteon Web Switching Module

Alteon Web Switching Module (WSM)

- Alteon Application Switch Nomenclature

2 = Fast Ethernet 3 = Gigabit Ethernet

Gigabit Uplink Ports Port Density

- 4 Alteon Application Switch

4 1000TX or GBIC Choice

4 1000TX Only 4 1000TX or GBIC Choice

- Alteon Application Switch 2424

RJ45 Auto 10/100 Fast Ethernet Ports LEDs on Port

RJ45 Management Port

LED: Fan LED: Power

- Alteon Application Switch 3408

Optional Copper or Optical

RJ45 Auto 10/100/1000 Ethernet Ports

LED: Power RJ45 Management LED: Fan Port

- Alteon Application Switch Inside

VMA SP1 M M SP2 SP3 M M SP4

Gigabit or Fast Ethernet

Architecture allows for flexibility in future software feature/ application development

- Alteon Application Switch VMA

DA_Y SA_2 DA_X SA_1

DA_X, SA_1, RIP_A

DA_Y, SA_2, RIP_B

DA_X, SA_1, RIP_A

Performance of distributed architecture with centralized architectures resource utilization

- Alteon Application Switch

- Alteon Application Switch

Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1

SSL TCP IP Ethernet

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing)

. - Virtual Server http request Vip mapping (real server) Group

Virtual IP Address Health Checking

matching . - Server group Matching L4

- Alteon Application Switch

- SLB ( Server Load Balancing)

Real server IP Address (RIP) Group

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing)

Server ports - Server processing switch port

- SLB ( Server Load Balancing)

SIP 200.20.20.1 DIP 100.10.10.1 DMAC = V-MAC VIP 100.10.10.1

SIP 200.20.20.1 DIP 192.168.1.1 DMAC = R-MAC

SIP 100.10.10.1 DIP 200.20.20.1 DMAC = C-MAC

SIP 192.168.1.1 DIP 200.20.20.1 DMAC = DGW-MAC

- SLB ( Server Load Balancing)

Session Table Existing session entry?

IP Dst Src TCP Dst

no 1. Select Server 2. Place Entry in Session Table

yes 1. Translate VMAC:VIP:Vport to RMAC:RIP:Rport 2. Forward to real server egress port

- SLB ( Server Load Balancing)

- SLB ( Server Load Balancing)

Health check parameters (realserver)

- SLB ( Server Load Balancing)