User ManualTable of ContentsContents3Figures13Tables17New Features19Preface21Who Should Use This Guide21What You’ll Find in This Guide21Part 1: Basic Switching & Routing21Part 2: Web Switching Fundamentals22Part 3: Advanced Web Switching22Typographic Conventions23Contacting Us24Part 1: Basic Switching & Routing25Basic IP Routing27IP Routing Benefits28Routing Between IP Subnets28Example of Subnet Routing31Using VLANs to Segregate Broadcast Domains33Defining IP Address Ranges for the Local Route Cache35Border Gateway Protocol (BGP)36Internal Routing Versus External Routing36Forming BGP Peer Routers37BGP Failover Configuration37DHCP Relay41DHCP Overview41DHCP Relay Agent Configuration42VLANs43VLAN ID Numbers44VLAN Tagging44VLANs and the IP Interfaces45VLAN Topologies and Design Issues45Example1: Multiple VLANS with Tagging Adapters46Example2: Parallel Links with VLANs48VLANs and Spanning Tree Protocol49Bridge Protocol Data Units (BPDUs)50Determining the Path for Forwarding BPDUs50Multiple Spanning Trees51Why Do We Need Multiple Spanning Trees?51Example of a Four-Switch Topology with a Single Spanning Tree52Switch-Centric Spanning Tree Protocol54VLAN Participation in Spanning Tree Groups55Configuring Multiple Spanning Tree Groups56VLANs and Default Gateways58Segregating VLAN Traffic58Configuring the Local Network60Configuring Default Gateways per VLAN60VLANs and Jumbo Frames63Isolating Jumbo Frame Traffic using VLANs63Routing Jumbo Frames to Non-Jumbo Frame VLANs64Port Trunking65Overview65Statistical Load Distribution66Built-In Fault Tolerance66Port Trunking Example67OSPF69OSPF Overview69Types of OSPF Areas70Types of OSPF Routing Devices71Neighbors and Adjacencies72The Link-State Database72The Shortest Path First Tree73Internal Versus External Routing73OSPF Implementation in WebOS74Configurable Parameters74Defining Areas75Assigning the Area Index75Using the Area ID to Assign the OSPF Area Number76Attaching an Area to a Network76Interface Cost77Electing the Designated Router and Backup77Summarizing Routes77Default Routes78Virtual Links79Router ID80Authentication80Host Routes for Load Balancing82OSPF Features Not Supported in This Release82OSPF Configuration Examples83Example 1: Simple OSPF Domain84Example 2: Virtual Links86Configuring OSPF for a Virtual Link on Switch #186Configuring OSPF for a Virtual Link on Switch #288Other Virtual Link Options89Example 3: Summarizing Routes90Example 4: Host Routes92Configuring OSPF for Host Routes on Web Switch #193Configuring OSPF for Host Routes on Web Switch 296Verifying OSPF Configuration98Secure Switch Management99Setting Allowable Source IP Address Ranges100Secure Switch Management101Authentication and Authorization101Requirements102RADIUS Authentication and Authorization103RADIUS Authentication Features in Web OS104Web Switch User Accounts105Secure Shell and Secure Copy107Encryption of Management Messages108SCP Services108RSA Host and Server Keys109Radius Authentication110SecurID Support110Configuring SSH/SCP111Some Supported Client Commands112Port Mirroring113Part 2: Web Switching Fundamentals115Server Load Balancing117Understanding Server Load Balancing118Identifying Your Network Needs118How Server Load Balancing Works119Implementing Basic Server Load Balancing121Network Topology Requirements122Configuring Server Load Balancing124Additional Server Load Balancing Options128Supported Services and Applications128Disabling and Enabling Real Servers129IP Address Ranges Using imask129Health Checks for Real Servers130Configuring Multiple Services130Metrics for Real Server Groups131Weights for Real Servers134Connection Time-outs for Real Servers134Maximum Connections for Real Servers134Backup/Overflow Servers135Extending SLB Topologies136Proxy IP Addresses136Mapping Ports139Mapping a Virtual Server Port to a Real Server Port139Mapping a Single Virtual Server Port to Multiple Real Server Ports139Direct Server Interaction142Using Direct Server Return142Using Direct Access Mode143Assigning Multiple IP Addresses143Using Proxy IP Addresses144Mapping Ports144Monitoring Real Servers145Delayed Binding146Configuring Delayed Binding148Detecting SYN Attacks148Load Balancing Special Services149IP Server Load Balancing149FTP Server Load Balancing150FTP Network Topology Restrictions150Configuring FTP Server Load Balancing150Domain Name Server (DNS) Load Balancing151Preconfiguration Tasks152Configuring UDP-based DNS Load Balancing153Configuring TCP-based DNS Load Balancing154Real Time Streaming Protocol SLB155How RTSP Server Load Balancing Works155RTSP Implementation156Configuring RTSP Load Balancing157Wireless Application Protocol SLB158Using RADIUS Static Session Entries158Using RADIUS Snooping160Preconfiguring WAP Server Load Balancing161Enabling Wireless Application Protocol SLB161Configuring RADIUS Snooping161Intrusion Detection System Server Load Balancing163How Intrusion Detection Server Load Balancing Works163Configuring IDS Server Load Balancing164WAN Link Load Balancing166How WAN Link Load Balancing Works166Configuring WAN Link Load Balancing166Filtering169Overview170Filtering Benefits170Filtering Criteria170Stacking Filters172Overlapping Filters172The Default Filter173VLAN-based Filtering174Configuring VLAN-based Filtering175Optimizing Filter Performance176Filter Logs176IP Address Ranges178Cache-Enabled versus Cache-Disabled Filters178TCP Rate Limiting179Configuring TCP Rate Limiting Filters180Basic TCP Rate Limiting Filter180TCP Rate Limiting Filter Based on Source IP Address182TCP Rate Limiting Filter Based on Virtual Server IP Address183Tunable Hash for Filter Redirection184Filter-based Security185Configuring a Filter-Based Security Solution186Network Address Translation191Static NAT191Configuring Static NAT192Dynamic NAT193Configuring Dynamic NAT194FTP Client NAT195Configuring Active FTP Client NAT196Matching TCP Flags197Configuring the TCP Flag Filter197Matching ICMP Message Types201Application Redirection203Overview204Web Cache Redirection Environment204Additional Application Redirection Options205Web Cache Configuration Example206Delayed Binding for Web Cache Redirection210RTSP Web Cache Redirection211RTSP Web Cache Redirection Example211IP Proxy Addresses for NAT213Excluding Noncacheable Sites215Virtual Matrix Architecture217Proxy IP Addresses and VMA217Health Checking219Real Server Health Checks221DSR Health Checks222Configuring the Switch for DSR Health Checks222Link Health Checks223Configuring the Switch for Link Health Checks223TCP Health Checks224ICMP Health Checks224Script-Based Health Checks225Configuring the Switch for Script-Based Health Checks225Script Format226Scripting Guidelines227Script Configuration Examples227Script Example 1: A Basic Health Check227Script Example 2: GSLB URL Health Check228Verifying Script-Based Health Checks229Application-Specific Health Checks230HTTP Health Checks231Configuring the Switch for HTTP Health Checks232UDP-Based DNS Health Checks233Configuring the Switch for UDP-based Health Checks233FTP Server Health Checks234Configuring the Switch for FTP Health Checks234POP3 Server Health Checks235Configuring the Switch for POP3 Health Checks235SMTP Server Health Checks236Configuring the Switch for SMTP Health Checks236IMAP Server Health Checks237Configuring the Switch for IMAP Health Check237NNTP Server Health Checks238Configuring the Switch for NNTP Health Checks238RADIUS Server Health Checks239Configuring the Switch for RADIUS Server Content Health Checks239Configuring the Switch for RADIUS Secret and Password240HTTPS/SSL Server Health Checks240WAP Gateway Health Checks240WSP Content Health Checks241Configuring the Switch for WSP Content Health Checks241WTLS Health Checks242Configuring the Switch for WTLS Health Checks243LDAP Health Checks243Configuring the Switch for LDAP Health Checks244Determining the Version of LDAP244ARP Health Checks245Configuring the Switch for ARP Health Checks245Failure Types246Service Failure246Server Failure246High Availability247VRRP Overview248VRRP Components248Virtual Interface Router248Virtual Router MAC Address249Owners and Renters249Master and Backup Virtual Router249VRRP Operation251Selecting the Master VRRP Router251Active-Standby Failover252Failover Methods253Active-Standby Redundancy254Active-Active Redundancy255Hot-Standby Redundancy256Virtual Router Group257Hot-Standby and Inter-Switch Port States257Synchronizing Configurations258WebOS Extensions to VRRP259Virtual Server Routers259Sharing/Active-Active Failover260Tracking VRRP Router Priority261High Availability Configurations263Active-Standby Virtual Server Router Configuration263Active-Active VIR and VSR Configuration265Active/Active Server Load Balancing Configuration267Task 1: Background Configuration267Task 2: SLB Configuration269Task 3: Virtual Router Redundancy Configuration271Task 4: Configuring Switch 2273VRRP-Based Hot-Standby Configuration275Configuration Procedure276Virtual Router Deployment Considerations277Mixing Active-Standby and Active-Active Virtual Routers277Synchronizing Active/Active Failover277Eliminating Loops with STP and VLANs278Using Spanning Tree Protocol to Eliminate Loops279Using VLANs to Eliminate Loops279Assigning VRRP Virtual Router ID280Configuring the Switch for Tracking280Synchronizing Configurations282Stateful Failover of Layer 4 and Layer 7 Persistent Sessions283What Happens When a Switch Fails284Stateful Failover Configuration Example285Viewing Statistics on Persistent Port Sessions286Part 3: Advanced Web Switching287Global Server Load Balancing289GSLB Overview290Benefits290Compatibility with Other Web OS Features290How GSLB Works291Configuring GSLB293Example GSLB Topology294GSLB Requirements294Task 1: Configure the Basics at the California Site295Task 2: Configure the California Switch for Standard SLB296Task 3: Configure the California Site for GSLB298Task 4: Configure the Basics at the Denver Site299Task 5: Configure the Denver Switch for Standard SLB300Task 6: Configure the Denver Site for GSLB302IP Proxy for Non-HTTP Redirects304How IP Proxy Works305Configuring Proxy IP Addresses307Verifying GSLB Operation308Configuring Client Site Preferences308Using Border Gateway Protocol for GSLB312Firewall Load Balancing313Firewall Overview314Basic FWLB316Basic FWLB Implementation317Configuring Basic FWLB319Configure the Dirty-Side Web Switch319Configure the Clean-Side Web Switch322Four-Subnet FWLB326Four-Subnet FWLB Implementation327Configuring Four-Subnet FWLB329Configure the Routers330Configure the Firewalls330Configure Connectivity for the Primary Dirty-Side Web Switch331Configure Connectivity for the Secondary Dirty-Side Web Switch333Configure Connectivity for the Primary Clean-Side Web Switch334Configure Connectivity for the Secondary Clean-Side Web Switch335Verify Proper Connectivity337Configure VRRP Support on the Secondary Dirty-Side Web Switch337Configure VRRP Support on the Secondary Clean-Side Web Switch337Complete the Configuration of the Primary Dirty-Side Web Switch338Complete the Configuration of the Primary Clean-Side Web Switch341Advanced FWLB Concepts346Free-Metric FWLB346Free-Metric with Basic FWLB346Free-Metric with Four-Subnet FWLB347Adding a Demilitarized Zone (DMZ)349Firewall Health Checks351Firewall Service Monitoring351Physical Link Monitoring351Using HTTP Health Checks352Virtual Private Network Load Balancing353Overview354Virtual Private Networks354How VPN Load Balancing Works354VPN Load-Balancing Configuration356Requirements356VPN Load-Balancing Configuration Example356Configure the First Clean-Side Switch (CA)357Configure the Second Clean-Side Switch (CB)360Configure the First Dirty-Side WebSwitch (DA)362Configure the Second Dirty-Side WebSwitch (DB)365Test Configurations and General Topology368Test the VPN369Content Intelligent Switching371Overview372Parsing Content373HTTP Header Inspection374Buffering Content with Multiple Frames374Content Intelligent Server Load Balancing375URL-Based Server Load Balancing375Configuring URL-Based Server Load Balancing376Statistics for URL-Based Server Load Balancing379Virtual Hosting380Virtual Hosting Configuration Overview381Configuring the “Host” Header for Virtual Hosting382Cookie-Based Preferential Load Balancing383Configuring Cookie-Based Preferential Load Balancing384Browser-Smart Load Balancing386URL Hashing for Server Load Balancing387Virtual Server Load Balancing of Nontransparent Caches387Configuring URL Hashing387Header Hash Load Balancing389DNS Load Balancing390Layer 7 RTSP Load Balancing392Content Intelligent Web Cache Redirection394URL-Based Web Cache Redirection395Network Address Translation Options397Configuring URL-Based Web Cache Redirection397Viewing Statistics for URL-Based Web Cache Redirection402HTTP Header-Based Web Cache Redirection403Browser-Based Web Cache Redirection405URL Hashing for Web Cache Redirection406Example 1: Hashing on the URL407Example 2: Hashing on the Host Header Field Only408Example 3: Hashing on the Source IP address408Layer 7 RTSP Streaming Cache Redirection409Exclusionary String Matching for Real Servers410Configuring for Exclusionary URL String Matching410Regular Expression Matching412Standard Regular Expression Characters412Configuring Regular Expressions413Content Precedence Lookup414Requirements415Using the or and and Operators415Assigning Multiple Strings416Layer 7 Deny Filter417Configuring a Layer 7 Deny Filter418Persistence421Overview of Persistence422Using Source IP Address422Using Cookies423Using SSL Session ID423Cookie-Based Persistence424Permanent and Temporary Cookies425Cookie Formats425Cookie Properties426Client Browsers that Do Not Accept Cookies426Cookie Modes of Operation427Insert Cookie Mode427Passive Cookie Mode428Rewrite Cookie Mode429Configuring Cookie-Based Persistence430Setting Expiration Timer for Insert Cookie432Example 1: Setting the Cookie Location433Example 2: Parsing the Cookie434Example 3: Using Passive Cookie Mode434Example 4: Using Rewrite Cookie Mode435Server-Side Multi-Response Cookie Search436Configuring Server-Side Multi-Response Cookie Search436SSL Session ID-Based Persistence437How SSL Session ID-Based Persistence Works437Configuring SSL Session ID-Based Persistence439Bandwidth Management441Overview442Bandwidth Policies444Rate Limits445Bandwidth Policy Configuration445Data Pacing446Classification Criteria447Server Output Bandwidth Control447Application Bandwidth Control447Combinations448Precedence448Bandwidth Classification Configuration448Frame Discard449URL-Based Bandwidth Management449HTTP Header-Based Bandwidth Management451Cookie-Based Bandwidth Management451Bandwidth Statistics and History452Statistics Maintained452Statistics and Management Information Bases452Packet Coloring (TOS bits) for Burst Limit453Operational Keys453Configuring Bandwidth Management454Additional Configuration Examples457User/Application Fairness Example457Preferential Services Examples460Web Site Preference Example460URL-Based Bandwidth Management Example463Cookie-Based Bandwidth Management Example465Security Management Example468Glossary471Index475Size: 4.88 MBPages: 482Language: EnglishOpen manual