• No results found

How To Configure Virtual Host with Load Balancing and Health Checking

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "How To Configure Virtual Host with Load Balancing and Health Checking"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Applicable Version: 10.02.0 Build 473 onwards

Overview

This article describes how you can configure a Virtual Host in Cyberoam with Load Balancing and Health Checking. Load Balancing enables distribution of incoming traffic over multiple internal servers. Health Checking keeps a check on servers and sends a notification to the administrator whenever a server goes down or comes up.

Virtual host

Virtual host implementation is based on the Destination NAT concept.

Virtual Host maps services of a public IP Address to services of a host in a private network. In other words, it is a mapping of public IP address to an internal IP address. This virtual host is used as the Destination address to access internal or DMZ server.

A Virtual host can be a single IP address, an IP address range or a Cyberoam interface itself.

Cyberoam automatically responds to the ARP request received on the WAN zone for the external IP address of Virtual host.

Load Balancing Methods

When a Virtual host is mapped with multiple servers, the Administrator can load balance traffic passing through the Cyberoam to multiple servers. Cyberoam virtual host load balancing supports various load balancing methods and real server health monitoring.

The load balancing method defines how sessions are load balanced to multiple servers. Cyberoam supports the following load balancing methods:

Round Robin: In this method, requests are served in a sequential manner where the first request is forwarded to the first server, second request to the second server and so on. When a request is received, Cyberoam checks to see which was the last server that was assigned a request. It then assigns this new request to the next available server.

When to use: This method can be used when equal distribution of traffic is required and there is no need for session-persistance.

First Alive: In this method, all incoming requests are served by the first server (the first IP Address that is configured in the IP Range). This server is considered as the primary server and all others are considered as backup. Only when the first server fails, the requests are forwarded to the next server in line.

When to use: This method is used for failover scenarios.

Random: In this method, the requests are forwarded to the servers randomly. Although, Cyberoam makes sure that all configured servers receive equally distributed load. Hence, this method is also called uniform random distribution.

When to use: This method can be used when equal distribution of traffic is required and there is no need for session-persistance or order of distribution.

Balancing and Health Checking

(2)

Sticky IP: In this method, along with Round Robin distribution of traffic, Cyberoam forwards incoming traffic according to the Source IP Address. All traffic from a particular source is forwarded only to its mapped Server. This means that all requests for a given source IP are sent to the same application server instance.

When to use: This method is useful in cases where all requests or sessions are required to be processed by the same server. For example, Banking websites, E-Commerce websites.

Health Check

The Health Check feature monitors servers and sends a notification to the administrator when the status of any of the servers changes. This ensures that the requests are forwarded only to servers that are up and running. For Health Check, Cyberoam uses two methods: TCP Probe and ICMP Probe.

Scenario

Consider a hypothetical network, as shown in the diagram below, with Web Servers 1, 2 and 3 hosted in DMZ and are accessed from the Internet using a single Public IP address 204.88.128.93, i.e., Cyberoam WAN IP. In this article, we create a virtual host for the Web Servers to implement Load Balancing and Health Checking.

(3)

Configuration

The entire configuration is to be done from Web Admin Console using profile having read-write administrative rights over relevant features.

Step 1: Configure Virtual Host

Go to Firewall > Virtual Host > Virtual Host and click Add to create a virtual host with parameters given below.

Parameter Description

Parameter Value Description

Name WebServers Name to identify the Virtual Host.

External IP PortB – 204.88.128.93 The IP address through which Internet users access the internal server/host.

Mapped IP 192.168.1.10-

192.168.1.12

The IP Range of the internal servers/hosts.

Please note that Load Balancing and Health Check can only be configured on an IP Range.

Physical Zone DMZ

LAN, WAN, DMZ, VPN or custom zone of the mapped IP address(s). For example, if mapped IP address represents any internal server then it is the zone in which server resides physically.

Port Forwarding

Enable Port Forwarding Enabled

Click to enable service port forwarding. If Port Forwarding is enabled, following options are available.

Protocol TCP Select the protocol TCP or UDP that you

want the forwarded packets to use.

External Port Type Port Click to specify whether port mapping should be single or range of ports.

External Port 80 Specify public port number for which you want to configure port forwarding.

Mapped Port Type Port Click to specify whether port mapping should be single or range of ports.

(4)

Mapped Port 80

Specify mapped port number on the destination network to which the public port number is mapped.

Enable Load Balancing Enabled

Click to enable load balancing. This option is available if incoming traffic is to be distributed to more than one internal server

Method Round Robin

Select the method for load balancing from the available options.

Available Options:

 Round Robin

 First Alive

 Random

 Sticky IP

For details on each method, refer to the Load Balancing Methods section.

Enable Health Check

(For Failover) Enabled

Click to enable checking for failover. By default, this feature is enabled for First Alive Load Balancing method. For other methods, it is optional.

Health Check Method ICMP Probe

Select the method to check the health of the server from the available options: TCP Probe and ICMP Probe.

Interval 60 Specify the time interval in seconds after which the health will be monitored.

Timeout 2 Specify the time interval in seconds within

which the server must respond.

Retries 3

Specify the number of tries to probe the health of the server, after which the server will be declared unreachable

(5)

Step 2: Create Firewall Rule(s) to Allow Access to Web Servers from Other Zones

On clicking OK, the Add Firewall Rules For Virtual Host screen appears which enables you to create rules to allow access to the Web Servers from other zones.

 Enable Add Firewall Rule(s) For Virtual Host.

 Set rule parameters as desired. Here, we have created a rule which allows access to the Web Servers from WAN zone.

 Select Yes for Create Reflexive Rule.

(6)

The above configuration allows access to Web Servers from Internet and implements Load Balancing and Health Checking.

Step 3: Verify Firewall Rules

You can verify the Firewall Rules from Firewall > Rule > Rule, as shown below.

Document Version: 2.3 – 21 March, 2014

References

Download now ( PDF - 6 Page - 555.08 KB )

Related documents

Say Yes to Virtualization: Server virtualization helps businesses achieve considerable reductions in Total Cost of Ownership (TCO).

By sharing the resources of a single server across multiple environments, virtualization essentially allows one server do the job of multiple devices.. Virtual servers can

LOAD BALANCING IN WEB SERVER

Server load balancing makes multiple servers appear as a single server- a single virtual service- by transparently distributing user requests among the servers.. The

High Availability for Desktop Virtualization

In the Load Balancing Wizard for Citrix XenDesktop, do the following for the Load Balance DDC servers portion  Enter in the virtual IP address: 172.16.0.71  Verify the Port

B-10: Wireshark vs. The Cloud Thursday June 17, :45am -12:15pm

• Virtual Environments usually consolidate multiple servers on one or multiple virtualization hosts.. • Physical hardware runs an virtualization layer with virtual servers

Introduction to Virtualization & KVM

The physical server is called the host The virtual servers are called guests?. Hypervisor (Virtual

WatchGuard XCSv Setup Guide

To set up multiple XCSv virtual devices in a cluster, you must configure a dedicated virtual network switch on the virtual host system to ensure that no data can leak to other

FortiOS Handbook - Load Balancing VERSION 5.2.2

When configuring HTTP or HTTPS load balancing you can select HTTP host load balancing to load balances HTTP host connections across multiple real servers using the host’s HTTP header

Test Equipment Depot Washington Street Melrose, MA TestEquipmentDepot.com. Application Advisor

Lightweight software Traffic Agents are deployed throughout the network at different sites, on multiple VLANs, and servers (including multiple virtual servers, as desired) -