Layer 4 TCP/UDP Load Balancing

This chapter describes Layer 4 load balancing of TCP and UDP traffic and how to configure it.

NOTE:                               The Layer 4 load balancing described in this chapter requires you to specify the protocol port numbers to be load balanced. To load balance traffic based solely on transport pro­tocol (TCP, UDP, or other), see IPv4 Load Balancing.

Overview

In addition to load balancing for well-known and widely used types of services such as HTTP, HTTPS, and FTP, ACOS devices also support Layer 4 load balancing for custom applications. If a service you need to load balance is not one of the well-known service types recognized by the ACOS device, you still can configure Layer 4 TCP or UDP load balancing for the ser­vice.

FIGURE 42    shows an example of a Layer 4 load balancing implementation.

FIGURE 42         Layer 4 SLB

AX-L4-SLB.jpg

 

Layer 4 load balancing balances traffic based on the transport protocol (TCP or UDP) and the protocol port number. The pay­load of the UDP or TCP packets is not examined.

In this example, a custom application is running on a server farm consisting of three real servers. Clients navigate to the VIP to use the custom application.

Service Groups

This example uses a single service group that contains all the real servers. The service group uses the default load balancing method (round robin).

Virtual Server

The custom application on the real servers is accessed at TCP port 1020 by clients through virtual IP address 192.168.55.55.

Templates

ACOS has default TCP and UDP templates. You can use the default template or configure another TCP or UDP template and use that one instead. If your Layer 4 load balancing configuration is for a TCP application and you do not bind a TCP template to the virtual port, the default TCP template is used. For a UDP application, the default UDP template is used unless you bind another UDP template to the virtual port.

Idle Timeouts

One of the parameters you can configure in TCP and UDP templates is the idle time. Depending on the requirements of your application, you can reduce or increase the amount of time the ACOS device allows a session to remain idle.

For UDP transaction-based applications, another parameter you can adjust is how quickly connections are terminated after a server reply is received. For example, if there are licensing costs associated with active sessions, you can minimize unneces­sary costs by quickly terminating idle sessions, and immediately terminating connections that are no longer needed.

NOTE:                               For more information about TCP template parameters, see the slb template tcp command in the Command Line Interface Reference.

For more information about UDP template parameters, see the slb template udp command in the Command Line Interface Reference.

Source-IP Persistence

Optionally, you also can configure a source-IP persistence template and bind it to the virtual port. The example in this chap­ter uses a source-IP persistence template that is configured to send all traffic from a given client IP address to the same real server. Without this custom template, different requests from a given client can be sent to different servers, based simply on the load balancing method.

NOTE:                               For more information about the source-IP persistence template parameters, see the slb template persist source-ip command in the Command Line Interface Reference.

Health Monitors

This example uses the default Layer 3 and Layer 4 health monitors. The Layer 3 monitor (Ping) and the applicable Layer 4 monitor (TCP or UDP) are enabled by default when you configure the real server and real service ports.

NOTE:                               You can create an external health monitor using a script and import the monitor onto the ACOS device. For information, see Health Monitoring.

Configuring Layer 4 Load Balancing

To configure Layer 4 load balancing:

1.     Configure the real servers. Add the custom application’s TCP or UDP port number, with the applicable service type (TCP or UDP).

2.     Configure a service group. Add the real servers, service port, and any custom templates to the group.

3.     If applicable, configure a custom TCP or UDP template.

4.     If applicable, configure a source-IP persistence template.

5.     Configure the virtual server. Bind the virtual service port on the virtual server to the service group and custom tem­plates, if configured.

Using the GUI

To configure the real servers

1.     Select ADC > SLB.

2.     Select the Servers tab from the menu bar.

3.     Click Create.

4.     Configure basic settings for the server, such as Name and IP address Type (IPv4 or IPv6).

5.     In the Port section, click Create.

6.     In the Port Number field, enter the protocol port number for the application.

7.     Click the Protocol drop-down menu and select the transport protocol for the application, TCP or UDP.

8.     Configure any other port settings, if needed, then click Create. The application port appears in the Port list.

9.     Click Create (or Update, if modifying an existing server). The real server appears in the real server table.

FIGURE 43         ADC > SLB > Server > Create (tcp-2)

4.0_L4-slb1.png

 

 

FIGURE 44         ADC > SLB > Server (showing configured new real servers)

4.0_L4-slb2.png

 

 

To configure the service group

1.     Select ADC > SLB.

2.     Select the Service Groups tab from the menu bar.

3.     Click Create.

4.     Enter a Name for the service group.

5.     Click the Protocol drop-down menu and select the transport protocol for the application, TCP or UDP.

6.     Click Create.

7.     In the Member section of the window, click the Create button. The Create Member page appears.

8.     Select the Choose Creation Type radio button: 

     Existing Server – if you wish to modify an existing server

     New Server – if you wish to create a new server for this service group (requires entering name and IP)

9.     Enter the protocol port number in the Port field.

10.  Click Create.

11.  Repeat step 7 through step 10 for each server and port.

12.  Click Update. The service group appears in the Service Groups table.

FIGURE 45         ADC > SLB > Service Group

4.0_L4-slb3.png

 

 

(Optional) To configure a custom TCP or UDP template

1.     Select ADC > Templates.

2.     Select the L4 Protocols tab from the menu bar.

3.     Click the Create button, and from the drop-down that appears, select TCP or UDP.
The Create TCP Template window appears.

4.     Enter a Name for the template.

5.     Edit template settings as needed for your application.

NOTE:                               For more information about TCP template parameters, see the slb template tcp command in the Command Line Interface Reference

For more information about UDP template parameters, see the slb template udp command in the Command Line Interface Reference.

6.     Click OK.

Configurable TCP Half-Open Timer

This feature is a user configurable TCP half-open timeout that is independent of the TCP idle-timeout. Previously, half-open connections were visible in the show session command output, but they were not configurable. The default timer for half-open connections was 60 seconds. Now the configurable half-open timeout values range between 1 and 60 seconds in one-second increments.

Using the GUI

The menu path to the TCP half-open timeout option is as follows: ADC > Templates > L4 Protocols > Create > TCP > Template Name. You can access the option both in a configured TCP or TCP-Proxy template.

FIGURE 46         

gui_create_tcp_template.PNG

ADC > Templates > L4 Protocols > + Create > TCP

Using the CLI

The following new option has been added to the TCP and TCP-proxy templates:

[no] half-open-idle-timeout seconds

This enables aging of half-open TCP sessions. A half-open TCP session is one in which the client receives a SYN-ACK, but does not reply with an ACK. You can set the timeout value to 1-60 seconds. The default value is 60.

To configure a source-IP persistence template

1.     Select ADC > Templates.

2.     Select the Persistence tab from the menu bar.

3.     Click Create and from the drop-down menu that appears, select Persist Source IP.

4.     Enter a name for the template.

5.     Edit template settings as needed for your application.

NOTE:                               For more information about source-IP persistence template parameters, see the slb template persist source-ip command in the Command Line Interface Reference.

For more information about UDP template parameters, see the slb template udp command in the Command Line Interface Reference.

6.     Click OK.

FIGURE 47         ADC > Templates > Persistence > Create > Persist Source IP

gui_create_persist_source_ip_template.png

 

 

To configure the virtual server

1.     Select ADC > SLB.

2.     Select Virtual Servers from the menu bar, if not already selected.

3.     Click Create. The Create Virtual Server page appears.

4.     Enter a name for the virtual server.

5.     For the Address Type radio button, select either IPv4 or IPv6.

6.     In the IP Address field, enter the virtual IP address to which clients will send requests.

7.     Configure other general settings as needed for your deployment.

8.     In the Virtual Port section, click Create. The Create Virtual Port window appears.

9.     Enter a name for the virtual port in the Name field.

10.  In the Protocol drop-down list, select the transport protocol for the application, TCP or UDP.

11.  Enter the application port number in the Port field.

12.  If you configured any custom templates, select them from the drop-down lists for each template type.

13.  Enter or select other values as needed.

14.  Click Create. The new virtual port appears in the table.

15.  Click Update. The virtual server appears in the virtual server table.

FIGURE 48         ADC > SLB > Virtual Server > Create

4.0_L4-slb5.jpg

 

FIGURE 49         ADC > SLB > Virtual Server > Create Virtual Port

4.0_L4-slb6.jpg

 

Using the CLI

The following commands configure the real servers:

ACOS(config)#slb server tcp-2 10.10.10.2

ACOS(config-real server)#port 1020 tcp

ACOS(config-real server-node port)#exit

ACOS(config-real server)#exit

ACOS(config)#slb server tcp-3 10.10.10.3

ACOS(config-real server)#port 1020 tcp

ACOS(config-real server-node port)#exit

ACOS(config-real server)#exit

ACOS(config)#slb server tcp-4 10.10.10.4

ACOS(config-real server)#port 1020 tcp

ACOS(config-real server-node port)#exit

ACOS(config-real server)#exit

The following commands configure the service group “tcp-sg” and adds the real servers as members:

ACOS(config)#slb service-group tcp-sg tcp

ACOS(config-slb svc group)#member tcp-2 1020

ACOS(config-slb svc group-member:1020)#member tcp-3 1020

ACOS(config-slb svc group-member:1020)#member tcp-4 1020

ACOS(config-slb svc group-member:1020)#exit

The following commands configure a source-IP persistence template:

ACOS(config)#slb template persist source-ip app1020persist

ACOS(config-source ip persistence template)#match-type server

ACOS(config-source ip persistence template)#exit

The following commands configure the virtual server:

ACOS(config)#slb virtual-server web-vip 192.168.55.55

ACOS(config-slb vserver)#port 1020 tcp

ACOS(config-slb vserver-vport)#service-group tcp-sg

ACOS(config-slb vserver-vport)#template persist source-ip app1020persist

 

Table of Contents

Index

Glossary

-Search-

Back