Radware Alteon Application Manual page 314

Alteon Application Switch Operating System Application Guide
Load Balancing Special Services
In addition to enabling IDS at the port level, a filter must be configured to create a session entry
for non-SLB frames ingressing the port. IDS load balancing requires a session entry to be
created to store the information regarding which IDS server to send to.
9. Create an allow filter and configure the filter with the idshash metric.
>> # /cfg/slb/filt 2048
>> Filter 2048# sip any
>> Filter 2048# dip any
>> Filter 2048# action allow
>> Filter 2048# ena
>> Filter 2048# adv/idshash both
The IDS hash metric is set to hash on both the source and destination IP addresses. Hashing on
both source and destination IP address ensures that the returning traffic goes to the same IDS
server. If the port is configured for client processing only, then Alteon hashes on the source IP
address. By default, the IDS hash metric hashes on the source IP address only.
10. Apply the allow filter to ports 25, 26, and 27. The allow filter must be applied on all ports that
require Layer 4 traffic to be routed to the IDS servers.
>> Filter 2048# /cfg/slb/port 25
>> SLB Port 25# add 2048
>> SLB Port 25# filt ena
>> SLB Port 25# /cfg/slb/port 26
>> SLB Port 26# add 2048
>> SLB Port 26# filt ena
>> SLB Port 26# /cfg/slb/port 27
>> SLB Port 27# add 2048
>> SLB Port 27# filt ena
All ingressing traffic at these ports that match any of the filters configured for that port are load
balanced to the IDS groups. The allow filter is used at the end of the filter list to ensure that all
traffic matches a filter. A deny all filter can also be used as the final filter instead of an allow all
filter.
11. Apply and save your changes.
>> SLB Port 25# apply
>> SLB Port 25# save
12. Configure Alteon 2 to load balance the real servers as described in
Configuration Basics, page
— Configure the IP interfaces on Alteon
— Configure the SLB real servers and add the real servers to the group
— Configure the virtual IP address
— Configure the SLB metric
— Enable SLB
A copy of Layer 4 traffic from clients A, B, and C and from the real servers are directed to the IDS
servers and load balanced between IDS servers 6 and 7.
314
171.
(Select the menu for Filter 2048)
(From any source IP address)
(To any destination IP address)
(Allow matching traffic to pass)
(Enable the filter)
(Set the hash metric parameter)
(Select the client port)
(Apply the filter to the client port)
(Enable the filter)
(Select port 26)
(Apply the filter to port 26)
(Enable the filter)
(Select port 27)
(Apply the filter to port 27)
(Enable the filter)
Server Load Balancing
Document ID: RDWR-ALOS-V2900_AG1302