1. Manuals
  2. Brands
  3. Avanu Manuals
  4. Network Hardware
  5. WebMux A400X
  6. User manual

Avanu WebMux A400X User Manual

Network traffic manager
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
WebMux
Network Traffic Manager

User Manual

(Models A400X, A400XD, A500X, A500XD, and A600X)
Version v11.0.00
(Revision February 2015)
www.avanu.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the WebMux A400X and is the answer not in the manual?

Questions and answers

Related Manuals for Avanu WebMux A400X

Summary of Contents for Avanu WebMux A400X

  • Page 1: User Manual

    WebMux ™ Network Traffic Manager User Manual (Models A400X, A400XD, A500X, A500XD, and A600X) Version v11.0.00 (Revision February 2015) www.avanu.com...

  • Page 2: Table Of Contents

    Table of Contents SECTION I - GENERAL INFORMATION ......................... 9   About AVANU®.................................. 9   WebMux User Manual..............................9   Audience ......................................9   Notice of Rights ....................................9   Notice of Liability.....................................9   Trademarks......................................9   Update Information ..................................10   Packing List..................................10  ...
  • Page 3 Configuring the Microsoft® Loopback Adapter ......................28   Linux® 2.4/2.6 Systems:................................29   SUSE® Enterprise Linux® 9: ..............................29   Hewlett Packard® HP/UX® 11.00 and 11i:........................30   FreeBSD®:...................................... 30   Oracle® Solaris®:..................................30   Apple® Servers: ................................... 30   SECTION IV - CONFIGURING THE WEBMUX....................
  • Page 4 WebMux Failover Ports:................................50   Least Significant Bits in Client IP Address to Ignore for Persistent Connections:........50   Act as IP Router:..................................51   Front Network Verification: ..............................51   Front Network Verification IP Address: ..........................51   Request for Updating MAC Table for Farms: ....................... 51   Persistence Timeout: .................................
  • Page 5 Download and Upload (Backup and Restore) ......................61   Set Clock......................................62   Login........................................63   Logout........................................ 63   Shutdown ......................................63   Reboot ....................................... 63   TCPdump......................................63   Help........................................64   About WebMux ..................................... 64   SECTION VI - Setting Up the WebMux ........................65  ...
  • Page 6 Generating a CSR ................................. 74   Importing Your Existing Private Key and Certificate ................... 76   Modify Farm..................................77   Farm IP Address and Port Number: ..........................77   Label:........................................78   Farm Scheduling Method: ............................... 78   SSL Termination: ..................................78   SSL Port:......................................
  • Page 7 Compress HTTP Traffic: ................................84   Add Gateway Farm............................... 84   IP Address:...................................... 85   Label:........................................85   IP Address:...................................... 86   Label:........................................86   Weight: ......................................86   Run State:......................................86   Modify Health Check ..............................87   URL for Custom Service Check:............................88   TCP Port for Custom Service Check: ..........................
  • Page 8   8    ...

  • Page 9: Section I - General Information

    SECTION I - GENERAL INFORMATION About AVANU® AVANU, Inc. is headquartered in San Jose, California and is a privately held product developer with manufacturing and production in the United States. The company’s products are used in mid-sized to Fortune 500 companies and are specific for the network infrastructure and data center environments.

  • Page 10: Update Information

    Update Information AVANU will always work to insure that the data contained in any WebMux documents are kept up to date. As such, please visit our website at www.avanu.com/documents to retrieve the latest version of our documents. All products and specifications are subject to change without notice.

  • Page 11: Section Ii - Webmux Main Components

    SECTION II - WEBMUX MAIN COMPONENTS Front View Switches and Indicator Lights Power This switch toggles power on and off. To power off, the switch must be pressed and held for 5 seconds. However, it is recommended that you do not regularly use this power switch to shut down the unit.

  • Page 12: Rear View

    ✍ It will take about a minute for the WebMux to completely reboot and begin reporting activity in the LCD display. This will not reset your settings. It is for restarts only. To perform a factory reset refer to Section IV for LCD instructions or Section VII for CLI reference.
  • Page 13 development. RS-232 port is available for serial console connections as well as for modem-dependent services, such as paging—where Internet-based services may be limited for security purposes. To connect to this port using a serial communications terminal, set the communications software for 115200 baud, 8 bit, Parity none, 1 stop bit. MGMT port is a Gigabit Ethernet LAN connection that enables management (GUI and command- line) to be limited to a separate port and network.

  • Page 14: Section Iii - Webmux Topology Overview

    SECTION III - WEBMUX TOPOLOGY OVERVIEW WebMux Topology Modes • Two-Armed NAT Mode • Two-Armed Transparent Mode • One- Armed Single Network Mode • One-Armed Out-of-Path Mode (IPv4 and IPv6 work in all those modes) Each mode has its advantages and disadvantages. Two-Armed NAT Mode The main purpose of the WebMux is to balance IP traffic amongst multiple web or other servers.
  • Page 15 For example, to configure a farm (or virtual farm) to serve www.avanu.com: • First, Server 1 and Server 2 would each need the website www.avanu.com configured on them and HTTP/HTTPS services started; and •...
  • Page 16 Two-Armed NAT Mode (Single WebMux) • One WebMux unit is required for this configuration • One WebMux interface (internet) connects to the router LAN. The other interface connects to the server LAN • The WebMux translates the router LAN IP addresses to private Class C addresses. In this example, the netmask is 255.555.255.0.
  • Page 17 • The Default Gateway for all the servers is 192.168.199. • Farm 2 IP address is 205.133.156.210. Servers 2 and 3 serve Farm 2 • Changes to the server: change the default gateway to 192.168.199.1, as well as the IP address to the 192.168.199.xxx subnet.

  • Page 18: Two-Armed Transparent Mode

    • Two WebMux units are required for this configuration. One will be the primary and the other will be the secondary. They connect together with an Ethernet cable (straight or crossover) or through a hub or switch. The primary’s Backup interface IP address is 192.168.255.253;...
  • Page 19 connected to the WebMux in the same way they would be for NAT mode: on the server LAN port. The “internet” port on the WebMux is connected towards the Firewall/Router. In this mode, the WebMux functions as an Ethernet bridge. Two-Armed Transparent Mode (Installation without IP Address Change) * STP = Spanning Tree Protocol In Two-Armed Transparent Mode, the servers need to be isolated from the rest of the...

  • Page 20: One-Armed Single Network Mode

    There are no configuration changes that need to be made on the servers, except for the way they are physically connected to the network. The diagram also gives an example of a redundant WebMux setup. In this case, it is absolutely required that the WebMux units are connected in between two switches.

  • Page 21: One-Armed Out-Of-Path Mode (Oop)

    In Single Network Mode, connections being load balanced and going to the real servers will appear to come from the WebMux itself. You will not need to make any changes on your servers since the servers will always reply back to the WebMux when sending back their reply.
  • Page 22 In most situations, incoming traffic is in small requests and return traffic from servers back to clients is large amounts of data (pictures or documents). Using Out-of-Path Mode will allow up to 100 times more traffic to be handled by the WebMux load balancer. The disadvantage for OOP/direct response is that the firewall protections built in to the WebMux will no longer function.
  • Page 23 The above diagram is an example about how to configure the WebMux in Out-of-Path Mode without changing the IP addresses of the web servers and other servers that already exist on the network. This is another option that can be used if changing the existing network topology of the servers causes problems.

  • Page 24: Details About Out-Of-Path Mode

    loopback adapter on servers can be found in the “How to Add a Loopback Adapter” section. In case the server is running Windows® 2003/2008, the route created when adding a loopback adapter cannot be deleted; please make sure the loopback adapter metric has a higher number. 2) If your service binds to any specific IP address, add the loopback adapter’s IP address to that service.

  • Page 25: High Availability And Configuration

    accessible from the outside but are accessible within the subnet, you might want to check and make sure that the default gateway was set up correctly. From firmware version 9.0.0, WebMux IPv6 supports all modes of operation. It can operate in Two- Armed NAT mode, Transparent mode, as well as One-Armed Single Network mode and OOP (Out- of-Path) mode.

  • Page 26: Nat Mode

    the “Server” interface only and you will always be able to access the secondary unit through that interface. If you log in to the secondary WebMux, you will notice that none of the farm configurations will show. Please note that farm configurations will show ONLY on the active unit. This is to ensure that there will not be duplicate IP addresses on your network.

  • Page 27: Single Network Mode

    a) Internet port cable physically disconnected or reports no link level connection, server port cable still connected (should failover to secondary) b) Server port cable physically disconnected or reports no link level connection, Internet port cable still connected (should failover to secondary) c) Front network verification enabled with one farm configured.

  • Page 28: Installing The Microsoft® Loopback Adapter

    Installing the Microsoft® Loopback Adapter Click Add Hardware -> Add a new device -> No, I want to select the hardware from a list, and select Microsoft® Loopback Adapter from the list and click OK. At the Microsoft® Loopback Adapter Card Setup screen hit OK to the default of 802.3 You should be prompted for the path to the NT setup files.

  • Page 29: Linux® 2.4/2.6 Systems

    "loopback" weakhostsend=enabled Obviously, first you will need to rename the specific adapters from the default of “Local Area Network Connection 1″ to either “net” or “loopback” respectively i.e. For Linux®, SUSE® Enterprise Linux®, Hewlett Packard® HP/UX®, FreeBSD®, Oracle® Solaris®, and Apple® Servers perform the following for: Linux®...

  • Page 30: Hewlett Packard® Hp/Ux® 11.00 And 11I

    Log in as root, and add this command to the bootup script: iptables -t nat -A PREROUTING -d <farm_ip> -j DNAT —to-dest <server_ip> Hewlett Packard® HP/UX® 11.00 and 11i: Please make sure PHNE_26771 and related patches applied first. Login as root, and this command to the bootup script: ifconfig lo0:1 farm_ip_address up FreeBSD®:...

  • Page 31: Section Iv - Configuring The Webmux

    For example, http://www.you.com is one virtual server farm; https://www.me.com is another farm, and ftp://ftp.avanu.com is the third farm. The first farm works on a set of servers on port 80, the second farm consists of another set of servers on port 443, and the third farm works on a set of servers on port 21.

  • Page 32: Hardware Setup - Collect Information

    The WebMux has four modes: Two-Armed NAT Mode, Two-Armed Transparent Mode, One-Armed Single Network Mode, and One-Armed Out-of-Path Mode. In NAT mode, the WebMux units are connected to both Router LAN and Server LAN. At least one WebMux is needed to define the Router LAN and the Server LAN.
  • Page 33 ✍ The IP addresses in the following examples are general examples and are not meant for literal use in an actual setup Turn on the WebMux. Turn the switch of the power supply on the back of the WebMux to the on position and push the power-on button in the front of the WebMux momentarily.
  • Page 34 Is this a Primary WebMux? If this is the Primary, answer Yes. If this is the Secondary WebMux, answer NO. Please note, you must still do the initial configuration on the secondary unit as well. If this is the only WebMux, answer YES.
  • Page 35 as the primary unit for this entry. This address floats between primary and secondary WebMux units. ✍ This is not true in Transparent, Single Network, or Out-of-Path modes. Doing so will create duplicate IPs. Enter Router LAN Network IP Address Mask: This is the network mask of the Router LAN network.
  • Page 36 This is the optional VLAN ID tag that will be used for the Router LAN (Internet) interface. You may enter values from 1 – 4067. The cursor position will only go from 0 to 9. To enter a value greater than a single digit, press the left arrow button to move the cursor to the next digit.
  • Page 37 If you entered a non-zero value for the VLAN IDs, you will see an additional screen: Bond rtr/svr NI? (“Bond router and server Network Interfaces”): This option will allow you to use the “Internet/rtr” port and “Server/svr” port as a single “bonded”...
  • Page 38 Common Configuration - For NAT, Transparent, Single Network, and Out-of-Path Mode Enter External Gateway: This is the common setup for NAT, Transparent, Single Network and Out-of-Path modes. This is an address on the firewall or router local interface. In NAT mode, the WebMux needs to know this to route the server replies back to the clients.
  • Page 39 This is the HTTPS port number for accessing Management Console in secure mode. The factory default port number is 35, and one could choose to use any unused port below 1024 or port number above 1024 for this. Using a port number above 1024 will require you to set up an “admin farm IP”.
  • Page 40 Pressing the “Down” button at the “Power off?” screen will bring you to the LCD Brightness screen. This screen will allow you adjust the brightness of the LCD backlight. The setting will default at 50. Valid values are from 0 to 100. The setting is activated when you press the check mark button.
  • Page 41 VLAN capabilities have these features, but since the switch configuration commands vary from brand to brand, we will only lay out the main configuration concepts and leave it up to you to refer to your switch user manual for specifics. In the following example, we will be configuring a WebMux in NAT Mode using the “Bond rtr/svr NI”...
  • Page 42 ID to those packets. Your “server” side VLAN ID is 200. You will need to configure ports 7, 8, 9, and 10 to “participate” or “include” VLAN 200 and make sure that you specify that it is UNTAGGED. Next you will need to make these ports “accept all frames” AND you must assign them the PVID of 200.

  • Page 43: Section V - Management Console

    SECTION V - Management Console After the Initial Configuration, you should be able to use a web browser to connect to the WebMux. The Web Administrative GUI does all of the WebMux management. The following sections explain how to use the management console screens. •...

  • Page 44: Login

    ✍ In order to use a browser to manage the WebMux, the browser must be set to accept all cookies. welcome to webmux1.avanu.com User ID: There are two preset user IDs: 1) superuser - Allows access to all screens and functions provided by the WebMux.

  • Page 45: Login

    The default passwords are: PASSWORD superuser superuser webmux webmux ✍ It is recommended to change the passwords periodically. No new user ID can be added. Login: After entering the correct password, click Login. ✍ For first time setup, please login as superuser and go to the Network Management under the Network menu.

  • Page 46: Save

    Hover the mouse pointer over the four main menus on the top (main, network, security, and miscellaneous) to navigate the different setup screens. Hover the mouse pointer over the “main” menu and click on “SSL keys” link to manage SSL keys, if SSL termination is desired;...
  • Page 47 IP address and server LAN gateway address to the server’s name resolution table will help resolve this problem. Please reference the Frequently Asked Questions section for more information.   47    ...

  • Page 48: Network Setup

    Network Setup After logging into management console as superuser, click on the network menu. You will come to this screen: IPv6 96-bit Address Prefix: To load balance in IPv6, you will set the option field of an IPv6 address prefix. The IPv4 addresses will be appended to this prefix.

  • Page 49: Email User Name

    Other protocols you can use are “msa” or “submission”, both will default to port 587. If only an IP address is entered, “smtps” is assumed and will default to port 465. Non-standard ports can be specified in the URL. Email User Name Enter the user name or login to authenticate on your email server.

  • Page 50: Webmux Http Control Port

    WebMux HTTP Control Port: Since the WebMux is load balancing incoming HTTP traffic, the HTTP port for the management console must be set to a different port. By default, the port is 24. You can change the port to any port that is not being load balanced, if so desired. The front push buttons can also change this.

  • Page 51: Act As Ip Router

    The WebMux will use this entry to determine how to load balance the traffic. It calculates based on two to the power of the entry as the number of IP addresses to combine. When too large a mask applied, it will defeat the load balancing function of the WebMux. Act as IP Router: If YES is selected, the WebMux will route IP packets both directions if you use any of the WebMux IPs as a gateway.

  • Page 52: Connection Timeout (Outbound)

    lost. However, by keeping a lot of connections in the WebMux memory, the maximum number of available connections for new clients will drop. Also, a large persistence timeout will cause uneven load balancing if the majority of the clients are returning clients. Connection Timeout (Outbound): The WebMux keeps track of outbound connections.

  • Page 53: Adding Static Routes

    the HTTP requests that will contain the original requesting client’s IP address. You can use this information for your server logging or if your application server requires it. Adding Static Routes You can add static routes to the WebMux using the Web GUI or through the Command Line Interface (CLI).

  • Page 54: Reconfigure

    Modifications to the routing table issued through the CLI are automatically saved after issuing the command. ✍ If you are running a backup WebMux unit, you need to make sure you also click the save button on the main console screen in order to propagate the changes made to the backup unit. Reconfigure The Reconfigure button will bring you to the initial network settings page.

  • Page 55: Security Settings

    Security Settings Allowed Remote Host IPs: The WebMux Web Management Administrative Console only allow logins from these IP addresses to establish a management session. You can allow access from more than one IP address by specifying all the allowed IP addresses separated by a “:” (except use “,” as divider for IPv6 addresses).

  • Page 56: Ldap Domain

    LDAP domain Enter the LDAP domain in this field. Connection Warning Threshold: The WebMux monitors the number of connections established. When the number of connections is greater than the value entered, the WebMux will page the designated numbers. For example, if a DoS attack is occurring, the number of connections to the site would be extremely high.

  • Page 57: Change Pin

    Click Confirm to execute the change. Click Cancel to return to the previous screen without changing the password. Change PIN To protect the WebMux from unauthorized changes from the front LCD panel, a PIN can be entered here to prevent saving any changes from the front LCD panel. By default, there is no PIN. You can unset the PIN by submitting blank fields.

  • Page 58: Client Whitelist For Tcp Attacks

    Client Whitelist for TCP Attacks: It may be necessary to allow certain IPs to make connections that may appear to be attacks. For example, if you have a third party company that regularly benchmarks your services for maximum load handling, you will need to allow that company uninterrupted access. You can use a specific IP address or specify a network range (i.e.

  • Page 59: Packet Rate

    Packet Rate: This will control the packets per second rate that will be allowed. Packet Threshold: Some attacks are done in bursts rather than large streams. While the packet rate parameter will control the maximum allowable steady rate of packets, the packet threshold detects the maximum allowable packet bursts.
  • Page 60   60    ...

  • Page 61: Miscellaneous Settings

    Miscellaneous Settings The miscellaneous screen will show the events logs by default. Show Events This button will display all the events since the WebMux unit’s last reboot. The event includes server failure or state change. Download and Upload (Backup and Restore) Download: This feature allows the saved (not necessarily the active) configuration to be saved at the Web Interface Administrative Browser workstation.

  • Page 62: Set Clock

    Choose ’File->Save As’ from the browser menu to save it as a text file. Changes can be made to this file and uploaded to the WebMux. DO NOT change the first comment line. Upload: Upload allows a configuration file that has been saved at the browser workstation to be uploaded to the WebMux.

  • Page 63: Login

    Enter the hour of the day. Use the 24 hour clock (military time). Minute: Enter the minute of the hour. Time Zone: Select the time or hour offset to the UTC (GMT) time. You can set the WebMux to your local time, if your time zone is selected here.

  • Page 64: Help

    This will stop the capture when the timeout period (in seconds) has been reached. Help This will take you to the www.avanu.com support pages. About WebMux This will take you to the “about” screen of the WebMux. Here you will see information about your WebMux unit, such as the firmware version, the model number, the serial number, etc.

  • Page 65: Section Vi - Setting Up The Webmux

    SECTION VI - Setting Up the WebMux Add Farm Back at the “main” screen of the Main Management console; click the “Add Farm” button to add a virtual site for the services you want to provide. The “add farm” screen will appear: Farm IP Address: This is the IP address of the new farm.

  • Page 66: Label

    Label: Since version 4.0.3, we introduced the “label” concept for the farms and servers. Once the label is specified, the WebMux will display the label for the farm on the column to the left of the corresponding IP addresses in the status screen. Although labels can be anything, it is better to have meaningful and unique label for each farm.

  • Page 67: Port Number

    denied for that virtual farm, the WebMux will mark that server dead. We have checked with Microsoft® IIS server and Apache® server sertups and they both follow the same rules. If you use the WebMux in NAT mode for your intranet, the farm IP address will be the original IP address of the web or application server.

  • Page 68: Service

    Service: The service selection determines the type of service running on the servers in the farm and how the WebMux will check the server health status. The service type selection will create a farm using the well-known port for that service type. If a port other than a well-known port for TCP or UDP service is to be used, then choose one of the “Generic”...

  • Page 69: Ssl Termination

    • Least connections • Least connections—persistent • Round robin • Round robin—persistent • Weighted least connections • Weighted least connections—persistent • Weighted round robin • Weighted round robin—persistent • Weighted fastest response • Weighted fastest response—persistent SSL Termination: Selecting an SSL key in this section will enable SSL termination for this farm. The HTTP service and POP3 service terminate to ports 443 and 995, respectively, and will allow you to choose any port for the clear traffic to the servers.

  • Page 70: Tag Ssl Terminated Http Requests

    Tag SSL Terminated HTTP Requests: Adding a tag to MIME header to distinguish the incoming traffic was encrypted. By default, there is no tag. Tag format: "X-WebMux-SSL-termination: true" Servers are HTTPS Servers, Re-encryption (Layer 7): This is only allowed on a farm doing SSL termination. Microsoft® Lync® and Exchange® servers may need this feature.

  • Page 71: Layer 7 Host Mime Header Perl Regex Match

    When a string is entered in this field, the cookie MIME header of the HTTP request is examined for a match. Only matching requests will continue through to be forwarded to the servers in this farm. Layer 7 Host MIME Header Perl Regex Match: When a string is entered in this field, the host MIME header of the HTTP request is examined for a match.

  • Page 72: Block Non-Ssl Access To Farm

    In the “Add Farm” screen, select “HTTP—hypertext transfer protocol (TCP)” in the “service” section. In the “SSL Termination” section, choose from any key other than “none” (see the SSL Keys section about importing your SSL keys). This will enable SSL termination on the HTTP farm. All the HTTPS incoming traffic will be sent terminated to farms on HTTP port (80).

  • Page 73: Ssl Keys

    SSL Keys This screen is where you can manage your SSL keys and certificates that are used for SSL termination. This is also where you can specify cipher restrictions. The WebMux supports SSL V2, SSL V3, and TLS V1 with RSA key length from 512, 1024, 2048, 4096, and 8192-bit.

  • Page 74: Generating A Csr

    You can view, copy and paste keys into the two windows. You should back up your private key and save in a secure place. Each private key and public key pair must match to be able to work properly. Generating a CSR If you plan to generate new keys, click on the drop down box above the private key window to select the “use newly generated”...
  • Page 75 After submitting the selection, you will see this next screen: Enter all the necessary information. Click on the “Confirm” button to complete the key generation. A certificate request will be generated. Be sure to copy and save this before you continue. When you are done saving the certificate request, you can click on the “Confirm”...

  • Page 76: Importing Your Existing Private Key And Certificate

    You can get OpenSSL for Windows® at: http://www.slproweb.com/products/Win32OpenSSL.html Contact the AVANU technical support department at techsupport@avanu.com for further assistance if problems should arise or for help with executing this process. ✍ The CA certificate field is only for client side SSL authentication. It is not for the...

  • Page 77: Modify Farm

    header and footer). Paste the text into the private key text box. From the dropdown selection to the right of the text box, select “use new private key pasted in”. Next, open your certificate PEM fil in a text editor. Copy the text starting with -----BEGIN CERTIFICATE----- all the way to -----END CERTIFICATE-----.

  • Page 78: Label

    Label: The label is displayed on the column to the left of the corresponding IP addresses in the main status screen. Although labels can be anything, it is better to have meaningful and unique label for each farm. The label field is also used as the host name in “HOST:” MIME header to when checking HTTP servers.

  • Page 79: Tag Ssl-Terminated Http Requests

    If you do not want to allow non-encrypted traffic connecting to the farm, select “Yes.” Tag SSL-terminated HTTP requests: If SSL termination is active for this farm, choosing “Yes” for this option will add an “X-WebMux- SSL-termination: true” MIME header in the decrypted HTTP request going to the real server. Compress HTTP traffic: Enable or disable HTTP compression.

  • Page 80: Label

    This is the IP address of the server to be added. Label: Since version 4.0.3, the WebMux allows adding a label to each server’s IP address. The purpose of labeling a server is only to help identify the server in the farm. It has nothing to do with the name resolution of the server.

  • Page 81: Modify Server

    Favorite Active - The server will be put into service immediately after it is added. If a Favorite Active server failed, once it is operational, the WebMux will automatically put it back to the Active state. Standby - The server will be put into STANDBY, or backup, mode after it is added. The WebMux will change a STANDBY server to ACTIVE when one or more ACTIVE servers fail.

  • Page 82: Add Map

    Active - The server will be put into service immediately after it is added. If there are servers in the farm in Standby, WebMux will activate a Standby server in its place if it goes out of service. When the original server comes back in service, it will stay Standby mode until manually setting its run state to Active again through the browser interface.

  • Page 83: Farm Ip And Port

    Farm IP and Port: This displays the current farm you are modifying. These fields are set in the “Add Farm” screen. Once set, they are not changeable. If they must be changed, delete the farm and then add a new one. IP Address: Add an IP address to the current farm configuration.

  • Page 84: Compress Http Traffic

    This will enable the WebMux to add an “X-WebMux-SSL-termination: true” MIME header in the decrypted HTTP request sent to the server. ✍ If your farm is already SSL terminated and you create an additional IP/ port combination using the main farm IP and specifying the same secure port (or “all”), the SSL termination by the WebMux will be bypassed and SSL will be done directly by the server.

  • Page 85: Ip Address

    IP Address: The main WebMux IP address will automatically be entered in this field. This address serves no other purpose than to be what the WebMux will use as its source IP when checking the health status of the gateway IP address. Label: You can enter a label for reference purposes.

  • Page 86: Ip Address

    IP Address: Enter the IP address of your gateway. Label: The label here is used only for reference purposes. Weight: This is for scheduling priority weight. Valid integer numbers are between 1 and 100. Run State: Active - The gateway will be put into service immediately after it is added. If there are gateways in the farm in Standby, the WebMux will activate a Standby gateway in its place if it goes out of service.

  • Page 87: Modify Health Check

    Back at the main status page of the web GUI, you will notice that the farm IP addresses are now shown in grey. Before creating a next hop gateway farm, the farm IPs were shown in blue with the ALIVE status, or red with the DEAD status. The farm IP status was an indication of the availability of the default external route of your WebMux.

  • Page 88: Url For Custom Service Check

    To modify the custom health check: URL for Custom Service Check: Sometimes the WebMux built-in server health check is not enough for special needs. When an ASP/JSP server’s output depends on the database server and the database server connection is down, one might want to reduce the incoming traffic to the server, suspend new traffic to the server, or totally redirect incoming traffic to a different server.
  • Page 89 else echo “NOT OK” echo “SSH daemon not running” The following is a list of valid CGI code responses: server/service is alive, no weight change NOT OK server/service is dead OVERLOAD set weight to 0, to quiesce (same as “WEIGHT=0”) QUIESCE set weight to 0, to quiesce (same as “WEIGHT=0”) WEIGHT=n...

  • Page 90: Tcp Port For Custom Service Check

    manual and the manual for your scripting language for more information about environment variables. If you select “Custom Defined + Generic TCP” service for a farm, the health checking process is a bit different. The health check script will pass for the following responses: server/service is alive, no weight change OVERLOAD set weight to 0, to quiesce (same as “WEIGHT=0”)

  • Page 91: Monitor Traffic History Chart

    Monitor Traffic History Chart To monitor the traffic history, WebMux keep some of its statistics information in the memory during running. Please note that this information will be lost once WebMux is rebooted.   91    ...

  • Page 92: Section Vii - Initial Setup Change Through Browser

    SECTION VII - Initial Setup Change Through Browser Access Web Interface: You may want to change the basic settings for the WebMux through the Web Administrative Browser Interface, for example, when the WebMux located in a hosting center across the country. If one has information about the WebMux current basic settings, one could change those parameters through the Administrative Browser.

  • Page 93: Access Cli Commands

    Click the mouse into a field or use the TAB key to move the cursor into a field to see the current values. The user may change it based on new information obtained from ISP or network engineers. Once you press on the submit button, the WebMux will save all the changes to its internal solid state storage and reboot itself with the new value.
  • Page 94 Once logged into the CLI, the following screen will be shown: Enter “help” for list of commands. Enter “cmd —help” give help for the command “cmd”. Enter “exit” or “logout” to end this session. Following are commands available in CLI: about - displays WebMux model, serial number, and firmware version information.
  • Page 95 ifconfig - display and configure a network interface(s) ip - TCP/IP interface configuration and routing utility ip - command for configuring network interfaces and network settings. ip6tables - allows you to create custom packet filtering for IPv6 addresses for the WebMux. The changes made here are not reboot persistent.

  • Page 96: Adding Commands To Webmux Startup Sequence

    traceroute - traceroute utility for network diagnostics. upgrade – superuser upgrade the firmware to a newer version. It cannot be used for downgrade vconfig - manipulate VLAN configurations Most commands can be found on UNIX®, for detailed usage, please refer to any UNIX® man pages.

  • Page 97: Tagged Vlan And Webmux

    sysinit: You entered 23 bytes. [done] $ sysinit sysinit: reading sysinit file: echo AAA >/dev/console sysinit: sysinit file contains 23 bytes. [done] For the purpose of the above example, the echo AAA will be saved in the sysinit table. If you want to add a new command, it is always a good idea to test them before adding to the sysinit table.

  • Page 98: Multiple Uplink/Vlan Support

    There are some specific considerations when configuring VLAN IDs in NAT, Transparent, or Out-of- Path Mode. In NAT mode, you have the option to have a VLAN ID for both the Router (Internet) LAN interface and the Server LAN interface. Even though the WebMux will allow for both sides to have the same VLAN ID, it is still recommended that you have a different VLAN ID for each to ensure complete network separation between both sides.
  • Page 99 external gateway address for routing is to be used, it must be supplied with -g or — gateway. Options: -A|—add NAME add new network configuration NAME -D|—delete NAME delete existing network configuration NAME -I|—install NAME install network described by network configuration NAME -R|— replace NAME like -A, except allows configuration to already exist -U|—uninstall...

  • Page 100: Important Considerations Pertaining Only To Additional Network Configurations

    The IP you specify will be the WebMux unit’s main IP on the additional network. To activate the configuration immediately without rebooting: nwconfig -I newISP If you need to assign VLAN ID for the additional network use the -v option: nwconfig -A newISP -i 192.168.14.21 -g 192.168.14.1 -v 200 In NAT mode, if you do not specify a gateway IP, the new network will be put on the Server LAN side.

  • Page 101: Transparent Mode Vlan

    using the same IP addresses on the secondary as with the primary. The IP address you create for you additional server network will be used as the server’s default gateway IP. Since only the active WebMux will have this IP enabled on its interface, you will not have a duplicate IP address between both units.
  • Page 102 The WebMux includes configuration wizards for quick deployment of the WebMux dispacht method and farm configurations. You can access the selection of configuration wizards by going to https://<management.IP>:35/wizards The configuration wizards are intended to be for first time setup and one time use. Once you have configured the WebMux via the configuration wizard, additional configuration modifications should be done via the WebMux management GUI.
  • Page 103   103    ...

  • Page 104: Section Viii - Sample Configurations And Worksheets

    SECTION VIII - Sample Configurations and Worksheets Initial Configuration Worksheets Configuration Before WebMux Installation EQUIPMENT IP ADDRESS Internet Router (or Firewall) Address Webserver(s) Default Gateway Web Site IP Addresses Configuration After WebMux Installation ENTRY QUESTION PRIMARY SECONDARY Host Name Domain Name NAT, Transparent, Single Network, or Out- of-Path Router LAN Information (NAT ONLY)

  • Page 105: Sample Configuration Worksheets

    Web Site IP Addresses 205.133.156.200 Configuration After WebMux Installation QUESTION ENTRY Host Name webmux Domain Name avanu.com NAT, Transparent, Single Network, or Out- of-Path Router LAN Information Router LAN WebMux Proxy IP Address 205.133.156.200 Router LAN Network IP Address Mask 255.255.255.0...

  • Page 106: Standalone Webmux Transparent Mode

    205.133.156.1 Web Site IP Addresses 205.133.156.200 Configuration After WebMux Installation QUESTION ENTRY Host Name webmux Domain Name avanu.com NAT, Transparent, Single Network or Out-of-Path Transparent Bridge Information Bridge IP Address 205.133.156.210 Bridge IP Network Mask 255.255.255.0 WebMux farm IP Address 205.133.156.200...
  • Page 107 Configuration After WebMux Installation QUESTION ENTRY Host Name webmux Domain Name avanu.com NAT, Transparent, Single Network or Out-of-Path Out-of-Path WebMux Server LAN Information Server LAN WebMux IP Address 10.1.2.254 (any) Server LAN WebMux IP Address Mask 255.255.0.0 Server LAN WebMux farm IP Address 10.1.1.200...

  • Page 108: Redundant Webmux Installation

    Configuration After WebMux Installation ENTRY QUESTION Primary Secondary Host Name webmux1 webmux2 Domain Name avanu.com avanu.com NAT, Transparent, Single Network, or Out- of-Path Router LAN Information Router LAN WebMux Proxy IP Address 205.133.156.200 205.133.156.200 Router LAN Network IP Address Mask 255.255.255.0 255.255.255.0...

  • Page 109: Section Ix - Frequently Asked Questions - Faqs

    SECTION IX - Frequently Asked Questions – FAQs I can’t log in with my browser. It always says you are not logged in. To use your browser to manage the WebMux, it must be set to accept all cookies. Because the cookie is set to expire in 8 hours, you also need to make sure your system clock set correctly using GMT.
  • Page 110 Your servers are trying to resolve the WebMux unit’s IP address to name so it could log them into log file. To avoid this problem, set the servers not resolve the IP addresses. You can also try adding all the IP address to the /etc/hosts file on your servers. For example, www.mydomain.com 1.2.3.4 // use your real IP address...
  • Page 111 Why didn’t the secondary WebMux take over when I powered down Primary WebMux? Possible reasons: 1) The two WebMux units are not running on the same version of firmware, or 2) The secondary WebMux not only monitors the primary WebMux, but a few other things as well.

  • Page 112: Section X - Limited Product Warranty And Support

    • Restocking fees may apply • Customer or point of purchase must contact AVANU to disclose reason for return prior to thirty-days (30) of receiving product • Upon approval, a RMA number will be issued by AVANU’s Customer Service for the return and must be visible on the outside shipping container •...
  • Page 113 Premium Annual Service Program (First year must be purchased with the WebMux product or within the first 30-days of purchase. AVANU has the right to request a proof of purchase document. Renewals must be before the expiration period coverage to prevent additional recertification cost;...
  • Page 114 The Limited Warranty is a specified, fixed period commencing on the date of purchase from AVANU. The date on the sales receipt is the date of purchase unless AVANU or your point of purchase informs you otherwise in writing.
  • Page 115 The Support provision covers product configuration and basic remote installation support up to the first sixty-days (60) from purchase date (AVANU has the right to request a proof of purchase document). Technical support applies to WebMux performance only and current version firmware updates.
  • Page 116 AVANU approval and an issued RMA number are required for all warranty repair, service, or sales returns. AVANU has the right to refuse any shipment without a RMA number. * AVANU has the right to offer promotional programs at any time where the Limited Product Warranty and Support coverage may differ.

This manual is also suitable for:

Webmux a400xdWebmux a600xWebmux a500xdWebmux a500x

Table of Contents