Secure GSLB

1

Configuring secure-communication on the controller

On the GSLB controller, to enable the secure protocol instead of the standard one, enter commands such as the following:

SLB-Ctrl-ServerIronADX(config)# gslb site sfo SLB-Ctrl-ServerIronADX(config-gslb-site-sfo)# si slb-1 100.1.1.3 secure-communication

Syntax: si <si-name><si-ip-address>secure-communication

The GSLB site ServerIron ADX will automatically understand the secure protocol. There is no CLI command required to enable the feature on the site.

If you want the GSLB site ServerIron ADX to accept only the secure protocol and reject the standard GSLB connection request, then enter the following command on the site ServerIron ADX.

SLB-Site-ServerIronADX(config)# gslb auth-encrypt-communication secure-only

Syntax: gslb auth-encrypt-communication secure-only

Generating RSA key pair

Before authentication can proceed, each ServerIron ADX that is secure GSLB enabled must generate a static RSA public/private key pair for itself. The private key is used to prove the identity of the local device. It never leaves the system. In comparison, the public key is sent to the remote peer. The peer then uses that key to decrypt data.

The private key and public key compensate each other.

Private(Public(A)) = A and

Public(Private(A)) = A

You can refer to either operation as encryption and the other decryption. Many engineers refer to the public key operation as encryption, and call the private key operation decryption.

Use the crypto key generate rsa command on both the controller and site ServerIron ADXs to generate a random RSA public/private key pair. This key pair needs to be generated on each ServerIron ADX involved in the secure GSLB communication. Since the keys on each box are generated together, they are always in agreement.

Syntax: [no] crypto key generate rsa

Example

The following GSLB controller example assumes a minimum working GSLB configuration is already set up (refer to page 64).

SLB-Ctrl-ServerIronADX(config)# ip dns domain-name foo.com SLB-Ctrl-ServerIronADX(config)# crypto key generate rsa Generating rsa

keypair..................................................................done!

rsapublic_key"10243516320480114350385337927420684604699847215100737339140179784 0463596710017038795521320990076735951547998548950700124427622983729636247496044 8810297880244822925958194700326493941745541854086588315530748050102379348032059 7889011743490357195498301864347794398342179943239191530516416905654211931607212 87517491 chassis@foo.com"

rsa private_key "*************************"

ServerIron ADX Global Server Load Balancing Guide

59

53-1002437-01

 

Page 70 Page 72
Page 71
Image 71
Brocade Communications Systems 12.4.00 manual Configuring secure-communication on the controller, Generating RSA key pair
Page 70 Page 72
Top Page Image Contents