background image

Configure Load Balancer Redundancy on Allied Telesis Routers and Switches

4

Enable the firewall.

enable firewall

Create a firewall policy.

create firewall policy=lb

Set the firewall session timeouts for TCP, UDP and other packet types, in minutes.

set firewall policy=lb tcptimeout=5 udptimeout=5 othertimeout=5

Add the public and private interfaces to the firewall policy.

add firewall policy=lb int=vlan2 type=public

add firewall policy=lb int=vlan3 type=private

Add the redundancy management VLAN to the firewall policy as a private interface.

add firewall policy=lb int=vlan4 type=private

You do not need to add firewall access rules at this step. This example uses triggered scripts 
to dynamically add access rules, depending on which load balancer is the master (see step 9).

You cannot use the router’s GUI or its HTTP server on port 80 when load balancing web 
traffic. Therefore, you need to either disable the GUI and server, by using the following 
commands:

disable gui

disable http server

or change the port that the server uses. For example, to change the port to 8080, use the 
following command:

set http server port=8080

You can then use the GUI by pointing your browser to the router's private address and the 
new port (in this example, 192.168.1.200:8080).

Note that this configuration uses some advanced settings that are not available through the 
GUI, so you cannot use the GUI to create this configuration. You also cannot use the firewall 
pages in the GUI to modify this configuration’s firewall settings, because the GUI does not 
recognise this firewall policy. However, you can use the GUI to monitor the router.

5.

Configure the firewall

6.

Disable the GUI and the HTTP server on port 80

Summary of Contents for Routers and Switches

Page 1: ...fic to maximise throughput to web servers It also provides redundancy if a web server goes down Redundancy between two load balancing routers In the unlikely event of a router going down a backup router takes over as master and continues the load balancing work for incoming web connections Load balancer redundancy and VRRP ensure that clients and servers access the same public and private addresse...

Page 2: ...ons to the basic configuration Configure Load Balancing Extra Commands on page 10 Configure the Triggers Extra Commands on page 11 Modify the Scripts on page 11 Create New Scripts on page 12 Finally the Note gives the complete extended configuration so you can verify your configuration Also you may find it easier to copy this configuration to your router instead of using the step by step configura...

Page 3: ...1 add vlan 3 port 2 4 add vlan 4 port 5 Enable IP enable ip Give the public VLAN a unique public address Note that public clients will not browse to this address they will browse to the virtual balancer s IP address instead see step 8 add ip int vlan2 ip 172 214 1 3 mask 255 255 255 0 Give the private VLAN a private address Note that the servers will not use this address as a gateway they will use...

Page 4: ...lancer is the master see step 9 You cannot use the router s GUI or its HTTP server on port 80 when load balancing web traffic Therefore you need to either disable the GUI and server by using the following commands disable gui disable http server or change the port that the server uses For example to change the port to 8080 use the following command set http server port 8080 You can then use the GU...

Page 5: ...s to the web resource pool In this example two resource servers share the web traffic add lb resource web1 ip 192 168 1 1 port 80 respool web add lb resource web2 ip 192 168 1 2 port 80 respool web Add and enable the Virtual Balancer for the web traffic that is to be balanced This step also defines the load balancer s virtual public address Public clients browse to this address instead of browsing...

Page 6: ...router to run the script master scp if it becomes the master load balancer This script adds firewall allow rules to support the resource pools create trigger 2 module loadbalancer event master script master scp Set the router to run the script slave scp if it becomes the slave load balancer This script removes redundant firewall allow rules create trigger 3 module loadbalancer event slave script s...

Page 7: ... for load balancer 1 for explanations set system name LB 2 create vlan vlan2 vid 2 create vlan vlan3 vid 3 create vlan vlan4 vid 4 add vlan 2 port 1 add vlan 3 port 2 4 add vlan 4 port 5 enable ip add ip int vlan2 ip 172 214 1 4 mask 255 255 255 0 add ip int vlan3 ip 192 168 1 201 add ip int vlan4 ip 192 168 2 1 enable firewall create firewall policy lb set firewall policy lb tcptimeout 5 udptimeo...

Page 8: ...eb add lb virtualbalancer web publicip 172 214 1 2 publicport 80 respool web enable lb virtualbalancer web set lb redundancy peerip 192 168 2 2 listenport 5000 redunip 172 214 1 2 publicint vlan2 redunmask 255 255 255 0 enable lb redundancy enable trigger create trigger 2 module loadbalancer event master script master scp create trigger 3 module loadbalancer event slave script slave scp create con...

Page 9: ...irtual interface vlan2 1 to the firewall policy as a public interface add firewall policy lb int vlan2 1 type public Add an allow rule for web traffic access Note that this rule does not map to a private address as expected on a NAT firewall It just opens the port The load balancer handles security and NAT redirection to the server add firewall policy lb rule 1 int vlan2 1 action allow protocol tc...

Page 10: ...w Scripts Configure Load Balancing Extra Commands This section describes the commands you need to add to step 8 on page 5 for load balancer 1 and page 8 for load balancer 2 These extra commands make load balancing act on SFTP traffic as well as web traffic Add a resource pool for SFTP add lb respool sftp selectmethod roundrobin faillast no Add both SFTP resources to the SFTP resource pool Note tha...

Page 11: ...ivate a script when one of these state changes occurs Set the router to run the script sftp1down scp if the first resource fails This script enables the second resource create trigger 4 module loadbalancer event resstate resource sftp1 lbstate closing script sftp1down scp Set the router to run the script sftp1up scp if the first resource becomes available again This script disables the second reso...

Page 12: ... load balancer 1 and load balancer 2 The load balancers send pings every 60 seconds to check the health of each resource Therefore the load balancer can take up to 60 seconds to detect that the server has gone down or come up again Enable resource 2 because resource 1 is Closing enable lb resource sftp2 Disable resource 2 because resource 1 is Up disable lb resource sftp2 immediately Script for wh...

Page 13: ...s http serv enable vrrp create vrrp 2 over vlan3 ipaddress 192 168 1 202 ena lb add lb resp web sel roundrobin fail no add lb resp sftp sel roundrobin fail no add lb res web1 ip 192 168 1 1 port 80 resp web add lb res web2 ip 192 168 1 2 port 80 resp web add lb res sftp1 ip 192 168 1 1 port 22 resp sftp add lb res sftp2 ip 192 168 1 2 port 22 resp sftp dis lb res sftp2 immediately add lb virt web ...

Page 14: ...ddress 192 168 1 202 ena lb add lb resp web sel roundrobin fail no add lb resp sftp sel roundrobin fail no add lb res web1 ip 192 168 1 1 port 80 resp web add lb res web2 ip 192 168 1 2 port 80 resp web add lb res sftp1 ip 192 168 1 1 port 22 resp sftp add lb res sftp2 ip 192 168 1 2 port 22 resp sftp dis lb res sftp2 immediately add lb virt web publici 172 214 1 2 publicp 80 resp web add lb virt ...

Page 15: ...ct to change without notice All company names logos and product designs that are trademarks or registered trademarks are the property of their respective owners C613 16088 00 REV A File master scp File slave scp File sftp1down scp File sftp1up scp add firewall poli lb int vlan2 1 type public add fire poli lb ru 1 int vlan2 1 action allow prot tcp po 80 add fire poli lb ru 2 int vlan2 1 action allo...

Reviews: