Main
Web OS
Contents
Part 1: Basic Switching & Routing
Page
Part 2: Web Switching Fundamentals
Page
Page
Page
Part 3: Advanced Web Switching
Page
Page
Page
Figures
Page
Page
Page
Tables
Page
New Features
The following table lists the new features in Web OS 10.0 and the supported platforms:
Page
Preface
Who Should Use This Guide
What Youll Find in This Guide
Part 1: Basic Switching & Routing
Part 2: Web Switching Fundamentals
Part 3: Advanced Web Switching
Typographic Conventions
Contacting Us
Page
Page
CHAPTER 1
Basic IP Routing
IP Routing Benefits
Routing Between IP Subnets
Page
Page
Example of Subnet Routing
Page
Using VLANs to Segregate Broadcast Domains
Page
Defining IP Address Ranges for the Local Route Cache
Border Gateway Protocol (BGP)
Internal Routing Versus External Routing
Forming BGP Peer Routers
BGP Failover Configuration
Page
Page
Page
DHCP Relay
DHCP Overview
DHCP Relay Agent Configuration
CHAPTER 2
VLANs
VLAN ID Numbers
VLAN Tagging
VLANs and the IP Interfaces
VLAN Topologies and Design Issues
Example 1: Multiple VLANS with Tagging Adapters
Page
WebOS 10.0 Application Guide
48 Chapter 2: VLANs 212777-A, February 2002
Example 2: Parallel Links with VLANs
Web Switch
Gigabit Ethernet Port 8 VLAN #32, VLAN #109
Gigabit Ethernet Port 7 VLAN #10, VLAN #22
VLANs and Spanning Tree Protocol
Bridge Protocol Data Units (BPDUs)
Determining the Path for Forwarding BPDUs
Multiple Spanning Trees
Why Do We Need Multiple Spanning Trees?
Example of a Four-Switch Topology with a Single Spanning Tree
Example of a Four-Switch Topology with Multiple Spanning Trees
Switch-Centric Spanning Tree Protocol
VLAN Participation in Spanning Tree Groups
Configuring Multiple Spanning Tree Groups
Page
VLANs and Default Gateways
Segregating VLAN Traffic
Internet
Page
Configuring the Local Network
Configuring Default Gateways per VLAN
Page
Page
VLANs and Jumbo Frames
Isolating Jumbo Frame Traffic using VLANs
Routing Jumbo Frames to Non-Jumbo Frame VLANs
CHAPTER 3
Port Trunking
Aggregate Port Trunk
Statistical Load Distribution
Built-In Fault Tolerance
Chapter 3: Port Trunking 67
Port Trunking Example
Trunk 1: Ports 2, 4, and 5 on Switch 1 Trunk 3: Ports 4, 6, and 9 on Switch 2
In the example below, three ports will be trunked between two Alteon Web switches.
Switch #2Switch #1
2 4 5 4 6 9
Page
CHAPTER 4
OSPF
OSPF Overview
Types of OSPF Areas
Backbone Area 0
Stub Area Not-So-Stubby Area (NSSA)
Transit Area
Types of OSPF Routing Devices
OSPF Autonomous System
Area 3
Area 2
Neighbors and Adjacencies
The Link-State Database
The Shortest Path First Tree
Internal Versus External Routing
OSPF Implementation in Web OS
Configurable Parameters
Defining Areas
Assigning the Area Index
Using the Area ID to Assign the OSPF Area Number
Attaching an Area to a Network
Interface Cost
Electing the Designated Router and Backup
Summarizing Routes
Default Routes
Virtual Links
Router ID
Authentication
Page
Host Routes for Load Balancing
OSPF Features Not Supported in This Release
OSPF Configuration Examples
Example 1: Simple OSPF Domain
Area 0
Area 1
Backbone Stub Area
Page
Example 2: Virtual Links
Configuring OSPF for a Virtual Link on Switch #1
Page
Configuring OSPF for a Virtual Link on Switch #2
Other Virtual Link Options
Example 3: Summarizing Routes
3. Define the backbone.
4. Define the stub area.
9. Apply and save the configuration changes.
8. Use the hide command to prevent a range of addresses from advertising to the backbone.
Example 4: Host Routes
Configuring OSPF for Host Routes on Web Switch #1
Page
Page
Configuring OSPF for Host Routes on Web Switch 2
3. Configure IP interfaces for each network that will be attached to OSPF areas.
>>
Page
Verifying OSPF Configuration
CHAPTER 5
Secure Switch Management
Setting Allowable Source IP Address Ranges
Secure Switch Management
Authentication and Authorization
Page
RADIUS Authentication and Authorization
RADIUS Authentication Features in Web OS
Web Switch User Accounts
Page
Secure Shell and Secure Copy
Encryption of Management Messages
SCP Services
RSA Host and Server Keys
Radius Authentication
SecurID Support
Configuring SSH/SCP
Some Supported Client Commands
Port Mirroring
Page
Page
Page
CHAPTER 6
Server Load Balancing
Understanding Server Load Balancing
Identifying Your Network Needs
How Server Load Balancing Works
Page
Implementing Basic Server Load Balancing
AB C
Network Topology Requirements
Page
Configuring Server Load Balancing
Page
Page
Page
Additional Server Load Balancing Options
Supported Services and Applications
Disabling and Enabling Real Servers
IP Address Ranges Using imask
Health Checks for Real Servers
Configuring Multiple Services
Metrics for Real Server Groups
Minimum Misses
Hash
Least Connections
Round Robin
Response Time
Bandwidth
Weights for Real Servers
Connection Time-outs for Real Servers
Maximum Connections for Real Servers
Backup/Overflow Servers
Extending SLB Topologies
Proxy IP Addresses
Page
Page
Mapping Ports
Mapping a Virtual Server Port to a Real Server Port
Mapping a Single Virtual Server Port to Multiple Real Server Ports
Page
Load Balancing Metric
Configuring Multiple Service Ports
Direct Server Interaction
Using Direct Server Return
Using Direct Access Mode
Internet
Assigning Multiple IP Addresses
Using Proxy IP Addresses
Mapping Ports
Monitoring Real Servers
Delayed Binding
Page
Configuring Delayed Binding
Detecting SYN Attacks
Load Balancing Special Services
IP Server Load Balancing
FTP Server Load Balancing
FTP Network Topology Restrictions
Configuring FTP Server Load Balancing
Domain Name Server (DNS) Load Balancing
Preconfiguration Tasks
Configuring UDP-based DNS Load Balancing
Configuring TCP-based DNS Load Balancing
Real Time Streaming Protocol SLB
How RTSP Server Load Balancing Works
RTSP Implementation
Configuring RTSP Load Balancing
Wireless Application Protocol SLB
Using RADIUS Static Session Entries
How WAP SLB Works Using Static Session Entries
Using RADIUS Snooping
How WAP SLB Works Using RADIUS Snooping
Preconfiguring WAP Server Load Balancing
Enabling Wireless Application Protocol SLB
Configuring RADIUS Snooping
Page
Intrusion Detection System Server Load Balancing
How Intrusion Detection Server Load Balancing Works
Load Balancing Metrics for IDS
Configuring IDS Server Load Balancing
Page
WAN Link Load Balancing
How WAN Link Load Balancing Works
Configuring WAN Link Load Balancing
Page
Page
CHAPTER 7
Filtering
Filtering Benefits
Filtering Criteria
nproto: protocol number or name as shown in Table 7- 1
Table 7-1 Well-Known Protocol Types
Table 7-2 Well-Known Application Ports
Stacking Filters
Overlapping Filters
The Default Filter
VLAN-based Filtering
Configuring VLAN-based Filtering
Optimizing Filter Performance
Filter Logs
Page
IP Address Ranges
Cache-Enabled versus Cache-Disabled Filters
TCP Rate Limiting
Configuring TCP Rate Limiting Filters
Basic TCP Rate Limiting Filter
Page
TCP Rate Limiting Filter Based on Source IP Address
TCP Rate Limiting Filter Based on Virtual Server IP Address
S1 S2
Tunable Hash for Filter Redirection
Filter-based Security
Configuring a Filter-Based Security Solution
Page
Page
For UDP:
Similarly, for TCP:
Page
Network Address Translation
Static NAT
In this example, clients on the Internet require access to servers on the private network:
1 2
Figure 7-8 Static Network Address Translation
Configuring Static NAT
Dynamic NAT
Configuring Dynamic NAT
FTP Client NAT
Configuring Active FTP Client NAT
Matching TCP Flags
Configuring the TCP Flag Filter
Page
Page
5. A default filter is required to deny all other traffic.
6. Apply the filters to the appropriate switch ports.
Matching ICMP Message Types
Page
CHAPTER 8
Application Redirection
Web Cache Redirection Environment
Additional Application Redirection Options
AB C
Web Cache Configuration Example
Page
Page
Page
Delayed Binding for Web Cache Redirection
RTSP Web Cache Redirection
RTSP Web Cache Redirection Example
Page
IP Proxy Addresses for NAT
Page
Excluding Noncacheable Sites
Page
CHAPTER 9
Virtual Matrix Architecture
Proxy IP Addresses and VMA
Page
CHAPTER 10
Health Checking
Page
Real Server Health Checks
DSR Health Checks
Configuring the Switch for DSR Health Checks
Link Health Checks
Configuring the Switch for Link Health Checks
TCP Health Checks
ICMP Health Checks
Script-Based Health Checks
Configuring the Switch for Script-Based Health Checks
Script Format
Scripting Guidelines
Script Configuration Examples
Script Example 1: A Basic Health Check
Script Example 2: GSLB URL Health Check
Verifying Script-Based Health Checks
Application-Specific Health Checks
HTTP Health Checks
Configuring the Switch for HTTP Health Checks
UDP-Based DNS Health Checks
Configuring the Switch for UDP-based Health Checks
FTP Server Health Checks
Configuring the Switch for FTP Health Checks
POP3 Server Health Checks
Configuring the Switch for POP3 Health Checks
SMTP Server Health Checks
Configuring the Switch for SMTP Health Checks
IMAP Server Health Checks
Configuring the Switch for IMAP Health Check
NNTP Server Health Checks
Configuring the Switch for NNTP Health Checks
RADIUS Server Health Checks
Configuring the Switch for RADIUS Server Content Health Checks
Configuring the Switch for RADIUS Secret and Password
HTTPS/SSL Server Health Checks
WAP Gateway Health Checks
WSP Content Health Checks
Configuring the Switch for WSP Content Health Checks
WTLS Health Checks
Configuring the Switch for WTLS Health Checks
LDAP Health Checks
Configuring the Switch for LDAP Health Checks
Determining the Version of LDAP
ARP Health Checks
Configuring the Switch for ARP Health Checks
Failure Types
Service Failure
Server Failure
CHAPTER 11
High Availability
VRRP Overview
VRRP Components
Virtual Interface Router
Virtual Router MAC Address
Owners and Renters
Master and Backup Virtual Router
Page
VRRP Operation
Selecting the Master VRRP Router
Active-Standby Failover
Failover Methods
AB
Active-Standby Redundancy
Active-Active Redundancy
Hot-Standby Redundancy
Virtual Router Group
Hot-Standby and Inter-Switch Port States
Synchronizing Configurations
Web OS Extensions to VRRP
Virtual Server Routers
Sharing/Active-Active Failover
Tracking VRRP Router Priority
Page
High Availability Configurations
Active-Standby Virtual Server Router Configuration
Page
Active-Active VIR and VSR Configuration
Page
Active/Active Server Load Balancing Configuration
Task 1: Background Configuration
Page
Task 2: SLB Configuration
Page
Task 3: Virtual Router Redundancy Configuration
Page
Task 4: Configuring Switch 2
Page
VRRP-Based Hot-Standby Configuration
Configuration Procedure
Virtual Router Deployment Considerations
Mixing Active-Standby and Active-Active Virtual Routers
Synchronizing Active/Active Failover
Eliminating Loops with STP and VLANs
Using Spanning Tree Protocol to Eliminate Loops
Using VLANs to Eliminate Loops
Assigning VRRP Virtual Router ID
Configuring the Switch for Tracking
Page
Synchronizing Configurations
Stateful Failover of Layer 4 and Layer 7 Persistent Sessions
What Happens When a Switch Fails
Stateful Failover Configuration Example
On the Master Switch
On the Backup Switch
Viewing Statistics on Persistent Port Sessions
Page
Page
CHAPTER 12
Global Server Load Balancing
GSLB Overview
Benefits
Compatibility with Other Web OS Features
How GSLB Works
Foo Corp. California Foo Corp. Denver
Client Site
Page
Configuring GSLB
Example GSLB Topology
GSLB Requirements
California Site Denver Site
200.200.200.X Network 174.14.70.X Network
A BC
Task 1: Configure the Basics at the California Site
Task 2: Configure the California Switch for Standard SLB
Page
Task 3: Configure the California Site for GSLB
Task 4: Configure the Basics at the Denver Site
Task 5: Configure the Denver Switch for Standard SLB
Page
Task 6: Configure the Denver Site for GSLB
Page
IP Proxy for Non-HTTP Redirects
Client Site
Internet
Site 2
Site 1
How IP Proxy Works
Internet
Figure 12-4 POP3 Request Fulfilled via IP Proxy
Table 12-5 HTTP Versus Non-HTTP Redirects
California Site #1 174.14.70.X Network
Page
Configuring Proxy IP Addresses
Verifying GSLB Operation
Configuring Client Site Preferences
Page
310 Chapter 12: Global Server Load Balancing 212777-A, February 2002
Internet
Client Site B
Site 3Site 2
Client Site A
Site 4Site 1
Page
Using Border Gateway Protocol for GSLB
CHAPTER 13
Firewall Load Balancing
Firewall Overview
Page
Basic FWLB
Basic FWLB Implementation
Page
Configuring Basic FWLB
Figure 13-4 Basic FWLB Example Network
Configure the Dirty-Side Web Switch
Page
Page
Configure the Clean-Side Web Switch
Page
Page
Page
Four-Subnet FWLB
Four-Subnet FWLB Implementation
Page
Configuring Four-Subnet FWLB
Configure the Routers
Configure the Firewalls
Configure Connectivity for the Primary Dirty-Side Web Switch
Page
Configure Connectivity for the Secondary Dirty-Side Web Switch
5. Apply and save your configuration.
2. Configure IP interfaces on the secondary dirty-side Web switch.
Configure Connectivity for the Primary Clean-Side Web Switch
3. Turn STP off for the primary clean-side Web switch.
2. Configure IP interfaces on the primary clean-side Web switch.
Configure Connectivity for the Secondary Clean-Side Web Switch
2. Configure IP interfaces on the secondary clean-side Web switch.
5. Apply and save your changes.
Verify Proper Connectivity
Configure VRRP Support on the Secondary Dirty-Side Web Switch
Configure VRRP Support on the Secondary Clean-Side Web Switch
Complete the Configuration of the Primary Dirty-Side Web Switch
Page
4. Configure the VRRP peer on the primary dirty-side Web switch.
Complete the Configuration of the Primary Clean-Side Web Switch
Page
Page
A third virtual router is required for the virtual server used for optional SLB.
Page
Advanced FWLB Concepts
Free-Metric FWLB
Free-Metric with Basic FWLB
Chapter 13: Firewall Load Balancing 347
Free-Metric with Four-Subnet FWLB
Figure 13-9 Four-Subnet FWLB Example Network
For this example, review the four-subnet example network.
>> # ../group 1 >> # metric <metric type>
Page
Adding a Demilitarized Zone (DMZ)
Page
Firewall Health Checks
Firewall Service Monitoring
Physical Link Monitoring
Using HTTP Health Checks
Page
Virtual Private Networks
How VPN Load Balancing Works
Page
VPN Load-Balancing Configuration
VPN Load-Balancing Configuration Example
Configure the First Clean-Side Switch (CA)
One static route is required for each VPN device being load balanced.
Page
Configure the Second Clean-Side Switch (CB)
6. Configure Virtual Router Redundancy Protocol (VRRP) for virtual routers 1 and 2.
8. Configure real servers for health checking VPN devices.
9. Enable the real server group. 10. Enable RTS on the necessary ports.
Configure the First Dirty-Side WebSwitch (DA)
8. Configure real servers for health-checking VPN devices.
9. Enable the real server group.
Page
Configure the Second Dirty-Side WebSwitch (DB)
8. Configure real servers for health checking VPN devices.
9. Enable the real server group, and place real servers 1-4 into the real server group.
Page
Test Configurations and General Topology
Test the VPN
Page
CHAPTER 15
Content Intelligent Switching
372 Chapter 15: Content Intelligent Switching 212777-A, February 2002
Internet
Figure 15-1 Content Intelligent Load Balancing Example
1.
3.
5.
2.
4.
Parsing Content
HTTP Header Inspection
Buffering Content with Multiple Frames
Content Intelligent Server Load Balancing
URL-Based Server Load Balancing
Configuring URL-Based Server Load Balancing
Example 1: String with the Forward Slash (/)
Example 2: String without the Forward Slash (/)
Example 3: String with the Forward Slash (/) Only
Page
Statistics for URL-Based Server Load Balancing
Virtual Hosting
Virtual Hosting Configuration Overview
Configuring the Host Header for Virtual Hosting
Cookie-Based Preferential Load Balancing
Configuring Cookie-Based Preferential Load Balancing
Page
Browser-Smart Load Balancing
URL Hashing for Server Load Balancing
Virtual Server Load Balancing of Nontransparent Caches
Configuring URL Hashing
$ $$
Page
Header Hash Load Balancing
DNS Load Balancing
Page
Layer 7 RTSP Load Balancing
Page
Content Intelligent Web Cache Redirection
URL-Based Web Cache Redirection
Page
Network Address Translation Options
Configuring URL-Based Web Cache Redirection
Page
Example 1: String Starting with the Forwardslash (/)
Example 2: String without the Forwardslash (/)
Example 3: String with the Forwardslash (/) Only
Page
Page
Viewing Statistics for URL-Based Web Cache Redirection
HTTP Header-Based Web Cache Redirection
Page
Browser-Based Web Cache Redirection
URL Hashing for Web Cache Redirection
Example 1: Hashing on the URL
Example 2: Hashing on the Host Header Field Only
Example 3: Hashing on the Source IP address
Layer 7 RTSP Streaming Cache Redirection
Exclusionary String Matching for Real Servers
Configuring for Exclusionary URL String Matching
Page
Regular Expression Matching
Standard Regular Expression Characters
Configuring Regular Expressions
Content Precedence Lookup
Using the or and and Operators
Assigning Multiple Strings
1 2 3 4 5
Layer 7 Deny Filter
Configuring a Layer 7 Deny Filter
Page
Page
CHAPTER 16
Persistence
Overview of Persistence
Using Source IP Address
Using Cookies
Using SSL Session ID
Cookie-Based Persistence
1
2
3
4
Permanent and Temporary Cookies
Cookie Formats
Cookie Properties
Client Browsers that Do Not Accept Cookies
Cookie Modes of Operation
Insert Cookie Mode
Passive Cookie Mode
Rewrite Cookie Mode
Configuring Cookie-Based Persistence
Page
Setting Expiration Timer for Insert Cookie
Example 1: Setting the Cookie Location
Example 2: Parsing the Cookie
Example 3: Using Passive Cookie Mode
Example 4: Using Rewrite Cookie Mode
Server-Side Multi-Response Cookie Search
Configuring Server-Side Multi-Response Cookie Search
SSL Session ID-Based Persistence
How SSL Session ID-Based Persistence Works
Internet
Configuring SSL Session ID-Based Persistence
Page
CHAPTER 17
Bandwidth Management
Page
Page
Bandwidth Policies
Rate Limits
Bandwidth Policy Configuration
Data Pacing
Queue 1 Queue 2 Queue 3 Queue 4 Time
Classification Criteria
Server Output Bandwidth Control
Application Bandwidth Control
Combinations
Precedence
Bandwidth Classification Configuration
Frame Discard
URL-Based Bandwidth Management
Page
HTTP Header-Based Bandwidth Management
Cookie-Based Bandwidth Management
Bandwidth Statistics and History
Statistics Maintained
Statistics and Management Information Bases
Packet Coloring (TOS bits) for Burst Limit
Operational Keys
Configuring Bandwidth Management
Page
Page
Additional Configuration Examples
User/Application Fairness Example
Page
Page
Preferential Services Examples
Web Site Preference Example
Page
Page
URL-Based Bandwidth Management Example
Page
Cookie-Based Bandwidth Management Example
Page
Page
Security Management Example
Page
Page
Glossary
Page
Page
Page
Index
Symbols
Numerics
A
B
D
E
F
G
H
I
J
L
M
N
O
P
Q
R
S
T
U
V
W
