Table of Contents
Advertisement
would only require the use of one binding hardware resource (instead of one per service per
client).
In order to use sticky persistence, the following configuration criteria are required:
•
Sticky persistence must be configured for the server farm group (with the sticky command) as
well as for the virtual server (with the persistence level command).
•
The real servers in this server farm are to be used for all services. The servers are not allowed
to be used with other server farms to support other virtual server services. There is one
exception to this rule, described in the next bullet item.
•
Sticky means all TCP ports or all UDP ports on the virtual server are supported, but not both.
You can create two virtual servers with different IP addresses (one for TCP protocols and one
for UDP protocols/ports) and use the same real servers (with different serverfarm names).
That way all TCP and UDP ports are supported by the same set of real servers.
•
Port 0 in the virtual server has to be used to support this service and is reserved for this
purpose.
•
The service FTP configuration is not needed for this type of persistence. (See the virtual
command, "virtual" on page 19‐22.)
Configuring Direct Access to Real Servers
When the LSNAT router has been configured with load balancing server farm groups, with real
servers and virtual servers configured and "in service," the real servers are protected from direct
client access for all services. Load sharing clients can only access specific services on the real
servers by means of the virtual servers configured to provide those services.
If you also want to provide direct client access to real servers configured as part of a server farm
group, there are two mechanisms that can provide direct client access.
The first mechanism, configured within virtual server configuration mode with the allow
accessservers command, allows you to identify specific clients who can set up connections
directly to a real server's IP address, as well as continue to use the virtual server IP address.
The second mechanism, configured in Global configuration mode with the ip slb allowaccess_all
command, allows all clients to directly access all services provided by real servers, except for those
services configured to be accessed by means of a configured virtual server. The real servers are still
protected from direct client access for configured services only. For example, using this
mechanism, if you configured a load balancing server group containing "realserver1" and
"realserver2" to provide HTTP service through virtual server "vserver‐http," clients can only
access the HTTP service on those real servers by means of the "vserver‐http" virtual server.
However, clients can directly access "realserver1" and "realserver2" for any services other than
HTTP.
If you combine the two mechanisms, that is, configure ip slb allowaccess_all at the Global
configuration mode and also configure allow accessservers within a virtual server's configuration
mode, the clients identified with the allow accessservers command will have direct access to the
real servers for all services (including those provided by a virtual server) and be blocked from
using the virtual server. So for example, an "allowed" client can access "realserver1" and
"realserver2" directly for all services, including HTTP, but cannot access those servers for HTTP
by means of the "vserver‐http" virtual server.
Service Verification
UPD port service verification can be enabled on one or more load balancing servers. The firmware
accomplishes this by sending a UDP packet with "\r\n" (Carriage Return / Line Feed) as data to
Configuring Load Sharing Network Address Translation (LSNAT)
Enterasys Matrix DFE-Gold Series Configuration Guide 19-3
- Quick Links:
- Set Ip Address
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the Enterasys Matrix DFE-Gold Series and is the answer not in the manual?