Brocade Communications Systems 12.4.00 Configuring secure-communication on the controller, Generating RSA key pair

ServerIron ADX Global Server Load Balancing Guide 59

53-1002437-01

Secure GSLB 1

Configuring secure-communication on the controller

On the GSLB controller, to enable the secure protocol instead of the standard one, enter

commands such as the following:

SLB-Ctrl-ServerIronADX(config)# gslb site sfo

SLB-Ctrl-ServerIronADX(config-gslb-site-sfo)# si slb-1 100.1.1.3

secure-communication

Syntax: si <si-name> <si-ip-address> secure-communication

The GSLB site ServerIron ADX will automatically understand the secure protocol. There is no CLI

command required to enable the feature on the site.

If you want the GSLB site ServerIron ADX to accept only the secure protocol and reject the standard

GSLB connection request, then enter the following command on the site ServerIron ADX.

SLB-Site-ServerIronADX(config)# gslb auth-encrypt-communication secure-only

Syntax: gslb auth-encrypt-communication secure-only

Generating RSA key pair

Before authentication can proceed, each ServerIron ADX that is secure GSLB enabled must

generate a static RSA public/private key pair for itself. The private key is used to prove the identity

of the local device. It never leaves the system. In comparison, the public key is sent to the remote

peer. The peer then uses that key to decrypt data.

The private key and public key compensate each other.

Private(Public(A)) = A and

Public(Private(A)) = A

You can refer to either operation as encryption and the other decryption. Many engineers refer to

the public key operation as encryption, and call the private key operation decryption.

Use the crypto key generate rsa command on both the controller and site ServerIron ADXs to

generate a random RSA public/private key pair. This key pair needs to be generated on each

ServerIron ADX involved in the secure GSLB communication. Since the keys on each box are

generated together, they are always in agreement.

Syntax: [no] crypto key generate rsa

Example

The following GSLB controller example assumes a minimum working GSLB configuration is already

set up (refer to page 64).

SLB-Ctrl-ServerIronADX(config)# ip dns domain-name foo.com

SLB-Ctrl-ServerIronADX(config)# crypto key generate rsa

Generating rsa

keypair..................................................................done!

rsapublic_key"10243516320480114350385337927420684604699847215100737339140179784

0463596710017038795521320990076735951547998548950700124427622983729636247496044

8810297880244822925958194700326493941745541854086588315530748050102379348032059

7889011743490357195498301864347794398342179943239191530516416905654211931607212

87517491 chassis@foo.com"

rsa private_key "*************************"