Mapping Virtual IP Addresses and Real Ports

ACOS supports the ability to auto-create mappings between a VIP and a real port on a real server. ACOS examines the IP address in a client’s request, identifies the host portion, and then adds that number to the real port for a group of servers. In this way, the ACOS device can have many ports associated with a single VIP, and can deterministically control where incom­ing client requests are directed.

This feature is similar to Virtual Port Ranges, in that it also leverages the range CLI command option. The range option allows you to specify the number of real ports that can be auto-mapped at the real server level. However, despite the use of this common CLI option, the two features are different.

While the “VIP to Real Port Mapping” feature creates a range of real ports on a real server and is essentially used to map incoming requests to real ports on backend servers, the “Virtual Port Range” feature specifies a range of virtual ports within the VIP configuration and makes it faster and easier to configure large ranges of virtual ports within a virtual server configura­tion.

Deterministic Mapping

ACOS can be configured as a subnet VIP, with “0” for the host portion of the address*. For example, the VIP can be configured with an IP address such as 40.40.40.0 /24.

Configuring the ACOS device with a subnet VIP enables a single VIP to accept client requests from a large range of VIP addresses. Instead of requiring all client requests to go to 40.40.40.1, the host portion (last octet) can range from 0 – 254.

This feature creates a deterministic mapping between the host address in the client request and the real port on the back­end servers. This mapping is achieved through a simple algorithm that adds the last octet in the destination VIP to the base port on the real server.

The host portion that appears in the client’s request is added to the base port configured on the real servers. So, for example, if the client sends a packet to the VIP 10.10.10.3, then this last integer in the address (“3”) is added to the base port configured on the backend servers (for example, 16000). The client’s request will be mapped and forwarded to port “16000 + 3”, or real port 16003. This is shown in .

FIGURE 40VIP to real port mapping

AX-vip-to-rport-mapping.jpg

Additional examples of how the feature works

Example #1: A client request is sent to VIP 40.40.40.111 port 80, and it must be load balanced between three real servers hav­ing a port range from 16500–16550. (16500 is the base port in this example.) Each one of the real servers in the service group has the same range of real ports.

ACOS adds the last octet of the VIP address (“111” for the VIP in this example) to the base port number on the real server (16500) to arrive at 16500 + 111, or 16611.


Example #2: A client request is sent to the VIP at 216.69.188.4 port 80, and the packet must be load balanced between two real servers. Although each real server has a unique IP address, each server has the same range of ports. The base port is 16528 and the range is configured on the real server to be 254, so the range is from 16528–16782.

The last octet of the client’s destination address (“4” for this VIP) is added to the base port number on the real server (16528 + 4) to get a mapped real port of 16532.

Supported Virtual Port Types

This feature is supported on the following virtual port types:

     TCP

     HTTP

     HTTPS

Details:

     IPv6 is not supported

     The VIP’s prefix length must be less than 32.

     The host portion of the VIP address (last octet), can not be greater than the range value.

     If the client request has a large host portion (“100”), and the range configured on the real server is small (“5”), then there will be no mapping.

Configuration

Use either of the following methods for configuration.

Using the GUI

Although similar to the “vport range” feature, the “VIP to real port mapping” feature configures the range option at the real server level, instead of at the VIP level. The “vport range” feature configures a range of virtual ports, whereas the “VIP to real port mapping” feature configures a range of real ports.

Setting the Port Range for a Real Server

1.     Access the configuration page for the server ports:

a.     Hover over ADC in the navigation bar, and select SLB from the drop-down menu.

b.     Select Server on the menu bar.

c.     Click Create.

d.     Enter the name and IP address of the server, in the Name and Host fields, respectively.

e.     Click the Create button in the Port section.

2.     Configure the port range:

a.     Enter the base number for the range in the Port field.

b.     In the Range field, enter the range of real ports you want to create within the real server configuration. This value can range from 0-254.

c.     Click the green Create button.

3.     Click Update to complete the server configuration.

Adding the Real Servers to a Service Group

1.     Access the configuration page for the service group:

a.     Hover over ADC in the navigation bar, and select SLB from the drop-down menu.

b.     Select Service Group on the menu bar.

c.     Click the green Create button.

d.     Enter a name for the service group.

e.     Click the Create button in the Member section.

f.       Select the server from the Server drop-down list.

g.     Enter the base port number in the Port field.

h.     Click Create Member.

2.     Click Update to complete the service group configuration.

Enabling the VIP to Real Port Mapping within an SLB Virtual-port template

1.     Access the configuration page for a virtual-port template:

a.     Hover over ADC in the navigation bar, and select Templates from the drop-down menu.

b.     Select ADC on the menu bar.

c.     Click the green New Template button. A drop-down menu appears.

d.     Select Virtual Port. The Create Virtual Port Template dialog appears.

e.     Enter a name for the template.

f.       Select the Allow VIP To Real Port Mapping checkbox.

g.     Click Create.

2.     Click Update to complete the service group configuration.

Binding the Service Group and Template to the VIP

The virtual port template containing this option must be bound to the VIP, and the VIP itself must use a subnet for the last octet (e.g. 10.10.10.0 /24), or the feature will not work.

1.     Access the configuration page for the virtual service (virtual port):

a.     Hover over ADC in the navigation bar, and select SLB from the drop-down menu.

b.     Select Virtual Service on the menu bar.

c.     Click the green Create button.

d.     Enter a name for the virtual server. You can do either of the following:

     Create a new virtual server using the Virtual Server Name field.

     Click Use Existing Virtual Server and enter the existing virtual server’s name in the Server Name field.

e.     Enter the virtual port number in the Port field.

f.       Select the service group from the Service Group drop-down list.

2.     Bind the virtual-port template to the virtual port.:

a.     Click the bind link under Templates.

b.     Select Virtual Port from the drop-down list.

c.     Select the template from the Templates drop-down list.

d.     Click Bind.

3.     Click Update to complete the virtual service configuration.

Using the CLI

Although similar to the “vport range” feature, the “VIP to real port mapping” feature configures the range option at the real server level, instead of at the VIP level. The “vport range” feature configures a range of virtual ports, whereas the “VIP to real port mapping” feature configures a range of real ports.

The following commands create real servers “s1” at 5.5.5.1 (with a real port range of 10), real server “s2” at 5.5.5.2 (with a range of 25), and real server “s3” at 5.5.5.3 (which does not have a range configured and will not be used for this feature).

Include the range option for each real server that will be included in the service group, but only if you want that real server to be included in the mapping feature. The service group can be “mixed”. That is, some real servers within a service group can have the range option set, but it is not mandatory for all servers in a service group to be configured for “VIP to real port map­ping”.

ACOS(config)#slb server s1 5.5.5.1

ACOS(config-real server)#port 80 tcp range 10

ACOS(config-real server)#exit

ACOS(config)#slb server s2 5.5.5.2

ACOS(config-real server)#port 80 tcp range 25

ACOS(config-real server)#exit

ACOS(config)#slb server s3 5.5.5.3

ACOS(config-real server)#port 80 tcp

ACOS(config-real server)#exit

 

The following commands create service group “sg1” and bind the real servers to the service group:

ACOS(config)#slb service-group sg1 tcp

ACOS(config-slb svc group)#member s1 80

ACOS(config-slb svc group-member:80)#member s2 80

ACOS(config-slb svc group-member:80)#member s3 80

ACOS(config-slb svc group-member:80)#exit

 

The allow-vip-to-rport-map command enables the VIP to Real Port Mapping feature for a subnet VIP. The virtual port template containing this option must be bound to the VIP, and the VIP itself must use a subnet for the last octet (e.g. 10.10.10.0 /24), or the feature will not work.

ACOS(config-slb vserver-vport)#template virtual-port vport1

ACOS(config-slb vserver-vport)#allow-vip-to-rport-map

ACOS(config-slb vserver-vport)#exit

 

ACOS(config)#slb virtual-server vip3 10.10.10.0 /24

ACOS(config-slb vserver)#port 80 tcp

ACOS(config-slb vserver-vport)#service-group sg1

ACOS(config-slb vserver-vport)#template virtual-port vport1

ACOS(config-slb vserver-vport)#exit

 

ACOS(config-slb vserver)#port 90 http

ACOS(config-slb vserver-vport)#service-group sg1

ACOS(config-slb vserver-vport)#template virtual-port vport1

ACOS(config-slb vserver-vport)#exit

 

 

*.   The value of the last octet configured as the ACOS device’s VIP depends on the netmask length. The value can be “0”, but the following additional examples are equally valid:
20.20.20.0 /24
20.20.20.240 /28
20.20.0.0 /16
20.20.20.252 /30

 

Table of Contents

Index

Glossary

-Search-

Back