Table of Contents
Advertisement
•
Sticky persistence — a binding is determined by matching the source and destination IP
addresses only. This allows all requests from a client to the same virtual address to be directed
to the same load balancing server. For example, both HTTP and HTTPS requests from the client
address 134.141.176.10 to the virtual destination address 207.135.89.16 would be directed to the
same load balancing server (for example, the server with IP address 10.1.1.1).
Sticky Persistence Configuration Considerations
Sticky persistence functionality provides less security but the most flexible capability for users to
load balance all services through a virtual IP address. In addition, this functionality provides better
resource usage by the LSNAT router, as well as better performance for the same clients trying to
reach the same real servers across different services through a virtual server.
For example, with sticky persistence, HTTP, HTTPS, TELNET and SSH requests from a client
(200.1.1.1) to the virtual server address (192.168.1.2) would all be directed to the same real server.
The client always goes to the same real server for all the services provided by that server, and it
would only require the use one binding hardware resource (instead of one per service per client).
In order to use sticky persistence, the following configuration criteria are required:
•
Sticky persistence must be configured for the server farm group (with the sticky command) as
well as for the virtual server (with the persistence level command).
•
The real servers in this server farm are to be used for all services. The servers are not allowed to
be used with other server farms to support other virtual server services. There is one exception
to this rule, described in the next bullet item.
•
Sticky means all TCP ports or all UDP ports on the virtual server are supported, but not both.
You can create two virtual servers with different IP addresses (one for TCP protocols and one
for UDP protocols/ports) and use the same real servers (with different serverfarm names). That
way all TCP and UDP ports are supported by the same set of real servers.
•
Port 0 in the virtual server has to be used to support this service and is reserved for this purpose.
•
The service FTP configuration is not needed for this type of persistence. (See the virtual
command,
Section
Configuring Direct Access to Real Servers
When the LSNAT router has been configured with load balancing server farm groups, with real
servers and virtual servers configured and "in service," the real servers are protected from direct
client access for all services. Load sharing clients can only access specific services on the real
servers by means of the virtual servers configured to provide those services.
Configuring Load Sharing Network Address Translation (LSNAT)
12.2.8.15.)
IP Configuration Command Set
Matrix NSA Series Configuration Guide
12-69
Advertisement
Chapters
Table of Contents
