• LinkProof Lab 2 – Creating a Farm and adding NHRs (using WBM)
Lab Goals:
• Configure the next hop routers
• Enable Smart NAT
• Review various parameters and settings available for devices
Step by Step:
Creating a basic NHR Farm:
1. First browse to your LinkProof and put in your user name and password to get to the main menu.
2. The first step to working with NHRs is to create the farm, use the following command to create a basic farm:
LinkProof Farms Farm Table, click Create and fill in the following:
a. Farm Name b.
= mainfarm NAT Mode = Enable
c. Persistency Mode
d. Click Set to save the changes.
= Client Table
3. When adding a new ISP/NHR you need some basic information before you can add it to the LinkProof.
a. The IP and Subnet of the ISP, the LinkProof must have an interface in the same subnet as the ISP (we created these interfaces in Lab 1).
b. The best practice is to make sure all interfaces that will be used in the configuration are up. Use the command “net l2-interface” to verify all interfaces have link.
4. To add the NHRs to the farms created above with default parameters do the following:
LinkProof Servers Logical Routers Table, click Create.
a. Farm Name
d. Click Set to save the information, then Create the second ISP = 1.1.1.100
h. Click Set to save and you should have two routers in the table.
= 2.2.2.200
5. Once you add the two ISP you should see in the CLI that they are up, the LinkProof is by default doing an ICMP health check to verify connectivity. We will change these parameters in a later lab.
25-07-2008 20:53:13 INFO Server mainfarm ISP1 up 25-07-2008 20:53:14 INFO Server mainfarm ISP2 up
At this point the LinkProof will load balance any traffic that passes through requiring routing to the default gateway. However to establish connectivity you must configure Dynamic NAT for outbound traffic (Dynamic NAT is the same as Hide NAT or PAT).
Note: Dynamic NAT is a layer 4 NAT therefore if the traffic is not TCP or UDP it will have issues with the NAT.
6. For each ISP use a single new IP address that is on the same Subnet as the ISP for this lab we will use the following two IP address for each team (where # is the team number).
ISP1 = 1.1.1.10#
ISP2 = 2.2.2.10#
Use the following command to add the NAT entries to the LP.
LinkProof Smart NAT Dynamic NAT Table, click Create ISP1
a. From Local IP b.
= 0.0.0.1 To Local IP
c.
= 255.255.255.254 Server IP = 1.1.1.100
d. Dynamic NAT IP
e. Click Set to save the changes and click Create for the second entry.
= 1.1.1.10# 0.0.0.1 255.255.255.254 2.2.2.200 2.2.2.111 Regular
You can always get a summary of all the NAT addresses in use with:
LinkProof Smart NAT NAT Parameter Summary
7. Make certain that your Virtual Appliance gateways are set to the internal interface of the LinkProof (See Pre-configuration)
8. Open browser sessions from your Virtual Appliance Session to external hosts, if available and you should be able to connect.
9. View the connection table on the LinkProof CLI to see the active connections lp client table
You should see something like the following:
Figure 19 – Client Table
Changing the Dispatch Method:
10. The default dispatch method for the LinkProof is cyclic, this means that each session will be dispatched to the next router based on where the last session was sent. To test the different modes we will set the client aging time to a very low number (20 seconds) to age out from the table faster.
LinkProof Farms Farm Table, click on mainfarm Change Client Aging Time to 20 and click Set.
11. Now find a simple website that opens few connections for example:
http://www.igga.org, in the client table notice what NHR was selected. Wait to age out of the client table (20 seconds) and then refresh the browser you should be directed to the second ISP.
12. Change the dispatch method to Least Amount of traffic:
LinkProof Farms Farm Table, click on mainfarm
Change Dispatch Method to Least Amount of Traffic and click Set.
13. Test the new method by browsing to some websites and observe what happens in the client table.
(Hint the majority of connections should end up on ISP1)
14. Change the Dispatch Method to Fewest Number of Users. Test this new method as above and observe the client table.
Viewing and Saving the Configuration File:
15. At this point it will be a good idea to save the basic configuration created above.
To view the configuration in CLI type in:
system config immediate
16. Although this configuration can be copied to a text file and saved, it can be hard to work with until you have more understanding of the CLI, to save the
configuration from web based management.
File Configuration File Receive from Device
Keep the Configuration Type as Regular and hit the Set button to save the configuration to the desktop. You can re-name the configuration file if you like.
End of Lab 2 Please continue with Lab 3.
• LinkProof Chapter 2 Review
How many devices (total) can the LinkProof load balance?
How Many ISPs can the LinkProof load balance (Routers with Proximity)
What load balancing methods are available on the LinkProof?
What is SmartNAT?
What types of SmartNAT are available on the LinkProof?
Chapter 3 – Device Management for LinkProof
The LinkProof has a number of features that allow administrators to control and adjust traffic to routers with minimum impact on services. Administrators can introduce routers into the load balancing cluster smoothly; a new router can be added with only few simple entries using ConfigWare or the CLI; and routers can be brought down gracefully for maintenance or upgrades with a single configuration change.
• LinkProof Lab 3a – Device Management for LinkProof (using WBM) Lab Goals:
• Modify various settings designed to help manage routers
• Configure Aging By Application
• Use Connectivity Checks and Enable Health Monitoring (Lab 3b) Step-by-step:
Admin Status and Operation Mode:
To view the effects of changing the operation mode to shutdown (no new sessions sent to the active NHR all existing sessions remain) we will set one of the NHRs to backup.
1) Change the second ISP to backup:
LinkProof Servers Logical Routers Table, click on the link next to ISP 2.
Change OperMode to Backup, and click Set to save.
2) Change the Farm global aging time to 45 seconds:
LinkProof Farms Farm Table, click on mainfarm Change Client Aging Time to 45 and click Set to save.
3) Browse to the internet and make sure you have client table entries all going to ISP1:
lp client table
4) Set the first ISP to shutdown mode:
LinkProof Servers Physical Servers Table, click on ISP1.
Change the Admin Status
Wait to see a trap in the CLI that the ISP is ready for shutdown (you may not get the trap if there is no traffic on ISP1.
to Shutdown, click Set to save.
5) Change both ISP1 and ISP2 back to their normal modes:
ISP 2 set back to Regular and ISP 1 set back to Enabled.
LinkProof Servers Physical Servers Table, click on ISP1.
Change the Admin Status
LinkProof Servers Logical Routers Table, click on the link next to ISP 2.
to Enable, click Set to save.
Change OperMode to Regular, and click Set to save.
Recovery Time:
To avoid the situation where an ISP will flap (come into service and fail quickly after) its advisable to set the Recovery Time, the amount of time the LinkProof will wait after the ISP passes a health check before sending it traffic. Its important to note this timer can only be used if the ISP actually failed. If you disabled and re-enabled the ISP it would ignore this timer.
6) Setting the Recovery Time on the ISPs to 60 seconds:
LinkProof Servers Physical Servers Table, click on ISP1.
Change the Recovery Time
LinkProof Servers Physical Servers Table, click on ISP2.
to 60, click Set to save.
Change the Recovery Time to 60, click Set to save.
Aging By Port:
7) This table allows you to define different aging times for different applications. You may wish to age some times of traffic out of the client table sooner than the global aging time of one hour; or you may wish to have the device retain traffic types in the table for a longer period of time.
8) Define an aging time of 15 seconds for HTTP and 5 seconds for DNS:
Anything that is not defined specifically in this table will use the Farm Client Aging Time
LinkProof Global Configuration Client Table Aging By Application Port, click Create
.
HTTP:
Application Port = 80 Aging Time
Click Set to Save, click Create for the DNS = 15
DNS
Application Port = 53 Aging Time = 5
9) Using the Virtual Appliance, ping an address (ICMP) and open browser sessions and check the client table to determine how long entries for DNS and HTTP are retained, the ICMP should stay for a long time after both DNS and HTTP age out.
10) Restore the configuration from Lab 2.
Using Web based Management:
i) File Configuration File Send to Device, browse to where you saved the file and then click Set. A small pop-up window will appear, prompting you to reboot. If a pop-up blocker keeps the window from opening, then go to DeviceReset Device and click the Set button.
• LinkProof Lab 3b – Connectivity checks and Health Monitoring (using WBM)
Lab Goals:
Configure Full Path Health Monitoring.
Health Monitoring Mandatory Checks Health Monitoring Non-Mandatory Checks
Connectivity Checks Lab:
Configure your LinkProof to use Health Monitoring checks to verify the availability of the Next-Hop-Routers.
Step-by-Step:
6) Change a few of the settings for connectivity checks:
a) Change the Connectivity Check Interval b) Change the
from 10 to 5. This setting instructs the LinkProof to check each NHR once every 5 seconds.
Connectivity Check Retries
LinkProof Farms Farm Table, click on mainfarm.
from 5 to 3. This setting means that a NHR can fail three consecutive health checks before the LinkProof will confirm that it is unavailable and will no longer load-balance traffic to it.
Change Connectivity Check Interval
7) To test the full path we will configure each of the ISPs to ping an address beyond their external side in this case we will use 192.168.150.100 for both routers.
LinkProof Servers Full Path Health Monitor Table, click on Create.
a) Farm Name
f) Server Name g)
= ISP2 Check Address
h) Click Set to save and you should have the following table:
= 192.168.150.100
8) Ask your instructor to unplug the external connection (Or disable it) from one of the Routers.
9) Type in “lp servers router-servers get” in the CLI and repeat a few times until one of the routers shows “not in service”-- or click on the Green Refresh button in the top right of the Web Based Management screen until one of the routers shows “not in service”
10) Plug the connections for the router back in before continuing to the next lab.